1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
47
48#include <crypto/hash.h>
49#include <linux/types.h>
50#include <linux/kernel.h>
51#include <linux/ip.h>
52#include <linux/ipv6.h>
53#include <linux/net.h>
54#include <linux/inet.h>
55#include <linux/scatterlist.h>
56#include <linux/slab.h>
57#include <net/sock.h>
58
59#include <linux/skbuff.h>
60#include <linux/random.h>
61#include <net/sctp/sctp.h>
62#include <net/sctp/sm.h>
63
64static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc,
65 __u8 type, __u8 flags, int paylen,
66 gfp_t gfp);
67static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc,
68 __u8 flags, int paylen, gfp_t gfp);
69static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc,
70 __u8 type, __u8 flags, int paylen,
71 gfp_t gfp);
72static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
73 const struct sctp_association *asoc,
74 const struct sctp_chunk *init_chunk,
75 int *cookie_len,
76 const __u8 *raw_addrs, int addrs_len);
77static int sctp_process_param(struct sctp_association *asoc,
78 union sctp_params param,
79 const union sctp_addr *peer_addr,
80 gfp_t gfp);
81static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
82 const void *data);
83static void *sctp_addto_chunk_fixed(struct sctp_chunk *, int len,
84 const void *data);
85
86
87static void sctp_control_release_owner(struct sk_buff *skb)
88{
89
90}
91
92static void sctp_control_set_owner_w(struct sctp_chunk *chunk)
93{
94 struct sctp_association *asoc = chunk->asoc;
95 struct sk_buff *skb = chunk->skb;
96
97
98
99
100
101
102
103
104 skb->sk = asoc ? asoc->base.sk : NULL;
105 skb->destructor = sctp_control_release_owner;
106}
107
108
109int sctp_chunk_iif(const struct sctp_chunk *chunk)
110{
111 struct sk_buff *skb = chunk->skb;
112
113 return SCTP_INPUT_CB(skb)->af->skb_iif(skb);
114}
115
116
117
118
119
120
121static const struct sctp_paramhdr ecap_param = {
122 SCTP_PARAM_ECN_CAPABLE,
123 cpu_to_be16(sizeof(struct sctp_paramhdr)),
124};
125static const struct sctp_paramhdr prsctp_param = {
126 SCTP_PARAM_FWD_TSN_SUPPORT,
127 cpu_to_be16(sizeof(struct sctp_paramhdr)),
128};
129
130
131
132
133
134void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code,
135 size_t paylen)
136{
137 sctp_errhdr_t err;
138 __u16 len;
139
140
141 err.cause = cause_code;
142 len = sizeof(sctp_errhdr_t) + paylen;
143 err.length = htons(len);
144 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err);
145}
146
147
148
149
150
151
152static int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code,
153 size_t paylen)
154{
155 sctp_errhdr_t err;
156 __u16 len;
157
158
159 err.cause = cause_code;
160 len = sizeof(sctp_errhdr_t) + paylen;
161 err.length = htons(len);
162
163 if (skb_tailroom(chunk->skb) < len)
164 return -ENOSPC;
165 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk,
166 sizeof(sctp_errhdr_t),
167 &err);
168 return 0;
169}
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
215 const struct sctp_bind_addr *bp,
216 gfp_t gfp, int vparam_len)
217{
218 struct net *net = sock_net(asoc->base.sk);
219 struct sctp_endpoint *ep = asoc->ep;
220 struct sctp_inithdr init;
221 union sctp_params addrs;
222 size_t chunksize;
223 struct sctp_chunk *retval = NULL;
224 int num_types, addrs_len = 0;
225 struct sctp_sock *sp;
226 sctp_supported_addrs_param_t sat;
227 __be16 types[2];
228 sctp_adaptation_ind_param_t aiparam;
229 sctp_supported_ext_param_t ext_param;
230 int num_ext = 0;
231 __u8 extensions[4];
232 struct sctp_paramhdr *auth_chunks = NULL,
233 *auth_hmacs = NULL;
234
235
236
237
238
239
240 retval = NULL;
241
242
243 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp);
244
245 init.init_tag = htonl(asoc->c.my_vtag);
246 init.a_rwnd = htonl(asoc->rwnd);
247 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
248 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
249 init.initial_tsn = htonl(asoc->c.initial_tsn);
250
251
252 sp = sctp_sk(asoc->base.sk);
253 num_types = sp->pf->supported_addrs(sp, types);
254
255 chunksize = sizeof(init) + addrs_len;
256 chunksize += SCTP_PAD4(SCTP_SAT_LEN(num_types));
257 chunksize += sizeof(ecap_param);
258
259 if (asoc->prsctp_enable)
260 chunksize += sizeof(prsctp_param);
261
262
263
264
265
266
267 if (net->sctp.addip_enable) {
268 extensions[num_ext] = SCTP_CID_ASCONF;
269 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
270 num_ext += 2;
271 }
272
273 if (asoc->reconf_enable) {
274 extensions[num_ext] = SCTP_CID_RECONF;
275 num_ext += 1;
276 }
277
278 if (sp->adaptation_ind)
279 chunksize += sizeof(aiparam);
280
281 chunksize += vparam_len;
282
283
284 if (ep->auth_enable) {
285
286 chunksize += sizeof(asoc->c.auth_random);
287
288
289 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs;
290 if (auth_hmacs->length)
291 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length));
292 else
293 auth_hmacs = NULL;
294
295
296 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks;
297 if (auth_chunks->length)
298 chunksize += SCTP_PAD4(ntohs(auth_chunks->length));
299 else
300 auth_chunks = NULL;
301
302 extensions[num_ext] = SCTP_CID_AUTH;
303 num_ext += 1;
304 }
305
306
307 if (num_ext)
308 chunksize += SCTP_PAD4(sizeof(sctp_supported_ext_param_t) +
309 num_ext);
310
311
312
313
314
315
316
317
318
319
320
321
322
323 retval = sctp_make_control(asoc, SCTP_CID_INIT, 0, chunksize, gfp);
324 if (!retval)
325 goto nodata;
326
327 retval->subh.init_hdr =
328 sctp_addto_chunk(retval, sizeof(init), &init);
329 retval->param_hdr.v =
330 sctp_addto_chunk(retval, addrs_len, addrs.v);
331
332
333
334
335
336
337
338
339 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES;
340 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types));
341 sctp_addto_chunk(retval, sizeof(sat), &sat);
342 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types);
343
344 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
345
346
347
348
349 if (num_ext) {
350 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
351 ext_param.param_hdr.length =
352 htons(sizeof(sctp_supported_ext_param_t) + num_ext);
353 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t),
354 &ext_param);
355 sctp_addto_param(retval, num_ext, extensions);
356 }
357
358 if (asoc->prsctp_enable)
359 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
360
361 if (sp->adaptation_ind) {
362 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
363 aiparam.param_hdr.length = htons(sizeof(aiparam));
364 aiparam.adaptation_ind = htonl(sp->adaptation_ind);
365 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
366 }
367
368
369 if (ep->auth_enable) {
370 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random),
371 asoc->c.auth_random);
372 if (auth_hmacs)
373 sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
374 auth_hmacs);
375 if (auth_chunks)
376 sctp_addto_chunk(retval, ntohs(auth_chunks->length),
377 auth_chunks);
378 }
379nodata:
380 kfree(addrs.v);
381 return retval;
382}
383
384struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
385 const struct sctp_chunk *chunk,
386 gfp_t gfp, int unkparam_len)
387{
388 struct sctp_inithdr initack;
389 struct sctp_chunk *retval;
390 union sctp_params addrs;
391 struct sctp_sock *sp;
392 int addrs_len;
393 sctp_cookie_param_t *cookie;
394 int cookie_len;
395 size_t chunksize;
396 sctp_adaptation_ind_param_t aiparam;
397 sctp_supported_ext_param_t ext_param;
398 int num_ext = 0;
399 __u8 extensions[4];
400 struct sctp_paramhdr *auth_chunks = NULL,
401 *auth_hmacs = NULL,
402 *auth_random = NULL;
403
404 retval = NULL;
405
406
407 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp);
408
409 initack.init_tag = htonl(asoc->c.my_vtag);
410 initack.a_rwnd = htonl(asoc->rwnd);
411 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
412 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
413 initack.initial_tsn = htonl(asoc->c.initial_tsn);
414
415
416
417
418 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len,
419 addrs.v, addrs_len);
420 if (!cookie)
421 goto nomem_cookie;
422
423
424
425
426 sp = sctp_sk(asoc->base.sk);
427 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len;
428
429
430 if (asoc->peer.ecn_capable)
431 chunksize += sizeof(ecap_param);
432
433 if (asoc->peer.prsctp_capable)
434 chunksize += sizeof(prsctp_param);
435
436 if (asoc->peer.asconf_capable) {
437 extensions[num_ext] = SCTP_CID_ASCONF;
438 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
439 num_ext += 2;
440 }
441
442 if (asoc->peer.reconf_capable) {
443 extensions[num_ext] = SCTP_CID_RECONF;
444 num_ext += 1;
445 }
446
447 if (sp->adaptation_ind)
448 chunksize += sizeof(aiparam);
449
450 if (asoc->peer.auth_capable) {
451 auth_random = (struct sctp_paramhdr *)asoc->c.auth_random;
452 chunksize += ntohs(auth_random->length);
453
454 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs;
455 if (auth_hmacs->length)
456 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length));
457 else
458 auth_hmacs = NULL;
459
460 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks;
461 if (auth_chunks->length)
462 chunksize += SCTP_PAD4(ntohs(auth_chunks->length));
463 else
464 auth_chunks = NULL;
465
466 extensions[num_ext] = SCTP_CID_AUTH;
467 num_ext += 1;
468 }
469
470 if (num_ext)
471 chunksize += SCTP_PAD4(sizeof(sctp_supported_ext_param_t) +
472 num_ext);
473
474
475 retval = sctp_make_control(asoc, SCTP_CID_INIT_ACK, 0, chunksize, gfp);
476 if (!retval)
477 goto nomem_chunk;
478
479
480
481
482
483
484
485
486
487
488 retval->transport = chunk->transport;
489
490 retval->subh.init_hdr =
491 sctp_addto_chunk(retval, sizeof(initack), &initack);
492 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v);
493 sctp_addto_chunk(retval, cookie_len, cookie);
494 if (asoc->peer.ecn_capable)
495 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
496 if (num_ext) {
497 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
498 ext_param.param_hdr.length =
499 htons(sizeof(sctp_supported_ext_param_t) + num_ext);
500 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t),
501 &ext_param);
502 sctp_addto_param(retval, num_ext, extensions);
503 }
504 if (asoc->peer.prsctp_capable)
505 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
506
507 if (sp->adaptation_ind) {
508 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
509 aiparam.param_hdr.length = htons(sizeof(aiparam));
510 aiparam.adaptation_ind = htonl(sp->adaptation_ind);
511 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
512 }
513
514 if (asoc->peer.auth_capable) {
515 sctp_addto_chunk(retval, ntohs(auth_random->length),
516 auth_random);
517 if (auth_hmacs)
518 sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
519 auth_hmacs);
520 if (auth_chunks)
521 sctp_addto_chunk(retval, ntohs(auth_chunks->length),
522 auth_chunks);
523 }
524
525
526 retval->asoc = (struct sctp_association *) asoc;
527
528nomem_chunk:
529 kfree(cookie);
530nomem_cookie:
531 kfree(addrs.v);
532 return retval;
533}
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc,
570 const struct sctp_chunk *chunk)
571{
572 struct sctp_chunk *retval;
573 void *cookie;
574 int cookie_len;
575
576 cookie = asoc->peer.cookie;
577 cookie_len = asoc->peer.cookie_len;
578
579
580 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ECHO, 0,
581 cookie_len, GFP_ATOMIC);
582 if (!retval)
583 goto nodata;
584 retval->subh.cookie_hdr =
585 sctp_addto_chunk(retval, cookie_len, cookie);
586
587
588
589
590
591
592
593
594
595
596 if (chunk)
597 retval->transport = chunk->transport;
598
599nodata:
600 return retval;
601}
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc,
622 const struct sctp_chunk *chunk)
623{
624 struct sctp_chunk *retval;
625
626 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ACK, 0, 0, GFP_ATOMIC);
627
628
629
630
631
632
633
634
635
636
637 if (retval && chunk)
638 retval->transport = chunk->transport;
639
640 return retval;
641}
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc,
667 const __u32 lowest_tsn,
668 const struct sctp_chunk *chunk)
669{
670 struct sctp_chunk *retval;
671 sctp_cwrhdr_t cwr;
672
673 cwr.lowest_tsn = htonl(lowest_tsn);
674 retval = sctp_make_control(asoc, SCTP_CID_ECN_CWR, 0,
675 sizeof(sctp_cwrhdr_t), GFP_ATOMIC);
676
677 if (!retval)
678 goto nodata;
679
680 retval->subh.ecn_cwr_hdr =
681 sctp_addto_chunk(retval, sizeof(cwr), &cwr);
682
683
684
685
686
687
688
689
690
691
692
693 if (chunk)
694 retval->transport = chunk->transport;
695
696nodata:
697 return retval;
698}
699
700
701struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc,
702 const __u32 lowest_tsn)
703{
704 struct sctp_chunk *retval;
705 sctp_ecnehdr_t ecne;
706
707 ecne.lowest_tsn = htonl(lowest_tsn);
708 retval = sctp_make_control(asoc, SCTP_CID_ECN_ECNE, 0,
709 sizeof(sctp_ecnehdr_t), GFP_ATOMIC);
710 if (!retval)
711 goto nodata;
712 retval->subh.ecne_hdr =
713 sctp_addto_chunk(retval, sizeof(ecne), &ecne);
714
715nodata:
716 return retval;
717}
718
719
720
721
722struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc,
723 const struct sctp_sndrcvinfo *sinfo,
724 int data_len, __u8 flags, __u16 ssn,
725 gfp_t gfp)
726{
727 struct sctp_chunk *retval;
728 struct sctp_datahdr dp;
729 int chunk_len;
730
731
732
733
734 dp.tsn = 0;
735 dp.stream = htons(sinfo->sinfo_stream);
736 dp.ppid = sinfo->sinfo_ppid;
737
738
739 if (sinfo->sinfo_flags & SCTP_UNORDERED) {
740 flags |= SCTP_DATA_UNORDERED;
741 dp.ssn = 0;
742 } else
743 dp.ssn = htons(ssn);
744
745 chunk_len = sizeof(dp) + data_len;
746 retval = sctp_make_data(asoc, flags, chunk_len, gfp);
747 if (!retval)
748 goto nodata;
749
750 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp);
751 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo));
752
753nodata:
754 return retval;
755}
756
757
758
759
760
761struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc)
762{
763 struct sctp_chunk *retval;
764 struct sctp_sackhdr sack;
765 int len;
766 __u32 ctsn;
767 __u16 num_gabs, num_dup_tsns;
768 struct sctp_association *aptr = (struct sctp_association *)asoc;
769 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
770 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS];
771 struct sctp_transport *trans;
772
773 memset(gabs, 0, sizeof(gabs));
774 ctsn = sctp_tsnmap_get_ctsn(map);
775
776 pr_debug("%s: sackCTSNAck sent:0x%x\n", __func__, ctsn);
777
778
779 num_gabs = sctp_tsnmap_num_gabs(map, gabs);
780 num_dup_tsns = sctp_tsnmap_num_dups(map);
781
782
783 sack.cum_tsn_ack = htonl(ctsn);
784 sack.a_rwnd = htonl(asoc->a_rwnd);
785 sack.num_gap_ack_blocks = htons(num_gabs);
786 sack.num_dup_tsns = htons(num_dup_tsns);
787
788 len = sizeof(sack)
789 + sizeof(struct sctp_gap_ack_block) * num_gabs
790 + sizeof(__u32) * num_dup_tsns;
791
792
793 retval = sctp_make_control(asoc, SCTP_CID_SACK, 0, len, GFP_ATOMIC);
794 if (!retval)
795 goto nodata;
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827 retval->transport = asoc->peer.last_data_from;
828
829 retval->subh.sack_hdr =
830 sctp_addto_chunk(retval, sizeof(sack), &sack);
831
832
833 if (num_gabs)
834 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs,
835 gabs);
836
837
838 if (num_dup_tsns) {
839 aptr->stats.idupchunks += num_dup_tsns;
840 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns,
841 sctp_tsnmap_get_dups(map));
842 }
843
844
845
846
847
848
849
850
851 if (++aptr->peer.sack_generation == 0) {
852 list_for_each_entry(trans, &asoc->peer.transport_addr_list,
853 transports)
854 trans->sack_generation = 0;
855 aptr->peer.sack_generation = 1;
856 }
857nodata:
858 return retval;
859}
860
861
862struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc,
863 const struct sctp_chunk *chunk)
864{
865 struct sctp_chunk *retval;
866 sctp_shutdownhdr_t shut;
867 __u32 ctsn;
868
869 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map);
870 shut.cum_tsn_ack = htonl(ctsn);
871
872 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN, 0,
873 sizeof(sctp_shutdownhdr_t), GFP_ATOMIC);
874 if (!retval)
875 goto nodata;
876
877 retval->subh.shutdown_hdr =
878 sctp_addto_chunk(retval, sizeof(shut), &shut);
879
880 if (chunk)
881 retval->transport = chunk->transport;
882nodata:
883 return retval;
884}
885
886struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc,
887 const struct sctp_chunk *chunk)
888{
889 struct sctp_chunk *retval;
890
891 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0,
892 GFP_ATOMIC);
893
894
895
896
897
898
899
900
901
902
903 if (retval && chunk)
904 retval->transport = chunk->transport;
905
906 return retval;
907}
908
909struct sctp_chunk *sctp_make_shutdown_complete(
910 const struct sctp_association *asoc,
911 const struct sctp_chunk *chunk)
912{
913 struct sctp_chunk *retval;
914 __u8 flags = 0;
915
916
917
918
919 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T;
920
921 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags,
922 0, GFP_ATOMIC);
923
924
925
926
927
928
929
930
931
932
933
934 if (retval && chunk)
935 retval->transport = chunk->transport;
936
937 return retval;
938}
939
940
941
942
943struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc,
944 const struct sctp_chunk *chunk,
945 const size_t hint)
946{
947 struct sctp_chunk *retval;
948 __u8 flags = 0;
949
950
951
952
953 if (!asoc) {
954 if (chunk && chunk->chunk_hdr &&
955 chunk->chunk_hdr->type == SCTP_CID_INIT)
956 flags = 0;
957 else
958 flags = SCTP_CHUNK_FLAG_T;
959 }
960
961 retval = sctp_make_control(asoc, SCTP_CID_ABORT, flags, hint,
962 GFP_ATOMIC);
963
964
965
966
967
968
969
970
971
972
973 if (retval && chunk)
974 retval->transport = chunk->transport;
975
976 return retval;
977}
978
979
980struct sctp_chunk *sctp_make_abort_no_data(
981 const struct sctp_association *asoc,
982 const struct sctp_chunk *chunk, __u32 tsn)
983{
984 struct sctp_chunk *retval;
985 __be32 payload;
986
987 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t)
988 + sizeof(tsn));
989
990 if (!retval)
991 goto no_mem;
992
993
994 payload = htonl(tsn);
995 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload));
996 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload);
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007 if (chunk)
1008 retval->transport = chunk->transport;
1009
1010no_mem:
1011 return retval;
1012}
1013
1014
1015struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc,
1016 struct msghdr *msg,
1017 size_t paylen)
1018{
1019 struct sctp_chunk *retval;
1020 void *payload = NULL;
1021 int err;
1022
1023 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen);
1024 if (!retval)
1025 goto err_chunk;
1026
1027 if (paylen) {
1028
1029 payload = kmalloc(paylen, GFP_KERNEL);
1030 if (!payload)
1031 goto err_payload;
1032
1033 err = memcpy_from_msg(payload, msg, paylen);
1034 if (err < 0)
1035 goto err_copy;
1036 }
1037
1038 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen);
1039 sctp_addto_chunk(retval, paylen, payload);
1040
1041 if (paylen)
1042 kfree(payload);
1043
1044 return retval;
1045
1046err_copy:
1047 kfree(payload);
1048err_payload:
1049 sctp_chunk_free(retval);
1050 retval = NULL;
1051err_chunk:
1052 return retval;
1053}
1054
1055
1056
1057
1058static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
1059 const void *data)
1060{
1061 void *target;
1062 int chunklen = ntohs(chunk->chunk_hdr->length);
1063
1064 target = skb_put(chunk->skb, len);
1065
1066 if (data)
1067 memcpy(target, data, len);
1068 else
1069 memset(target, 0, len);
1070
1071
1072 chunk->chunk_hdr->length = htons(chunklen + len);
1073 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1074
1075 return target;
1076}
1077
1078
1079struct sctp_chunk *sctp_make_abort_violation(
1080 const struct sctp_association *asoc,
1081 const struct sctp_chunk *chunk,
1082 const __u8 *payload,
1083 const size_t paylen)
1084{
1085 struct sctp_chunk *retval;
1086 struct sctp_paramhdr phdr;
1087
1088 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen +
1089 sizeof(phdr));
1090 if (!retval)
1091 goto end;
1092
1093 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen +
1094 sizeof(phdr));
1095
1096 phdr.type = htons(chunk->chunk_hdr->type);
1097 phdr.length = chunk->chunk_hdr->length;
1098 sctp_addto_chunk(retval, paylen, payload);
1099 sctp_addto_param(retval, sizeof(phdr), &phdr);
1100
1101end:
1102 return retval;
1103}
1104
1105struct sctp_chunk *sctp_make_violation_paramlen(
1106 const struct sctp_association *asoc,
1107 const struct sctp_chunk *chunk,
1108 struct sctp_paramhdr *param)
1109{
1110 struct sctp_chunk *retval;
1111 static const char error[] = "The following parameter had invalid length:";
1112 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) +
1113 sizeof(*param);
1114
1115 retval = sctp_make_abort(asoc, chunk, payload_len);
1116 if (!retval)
1117 goto nodata;
1118
1119 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION,
1120 sizeof(error) + sizeof(*param));
1121 sctp_addto_chunk(retval, sizeof(error), error);
1122 sctp_addto_param(retval, sizeof(*param), param);
1123
1124nodata:
1125 return retval;
1126}
1127
1128struct sctp_chunk *sctp_make_violation_max_retrans(
1129 const struct sctp_association *asoc,
1130 const struct sctp_chunk *chunk)
1131{
1132 struct sctp_chunk *retval;
1133 static const char error[] = "Association exceeded its max_retans count";
1134 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t);
1135
1136 retval = sctp_make_abort(asoc, chunk, payload_len);
1137 if (!retval)
1138 goto nodata;
1139
1140 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error));
1141 sctp_addto_chunk(retval, sizeof(error), error);
1142
1143nodata:
1144 return retval;
1145}
1146
1147
1148struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc,
1149 const struct sctp_transport *transport)
1150{
1151 struct sctp_chunk *retval;
1152 sctp_sender_hb_info_t hbinfo;
1153
1154 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT, 0,
1155 sizeof(hbinfo), GFP_ATOMIC);
1156
1157 if (!retval)
1158 goto nodata;
1159
1160 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO;
1161 hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t));
1162 hbinfo.daddr = transport->ipaddr;
1163 hbinfo.sent_at = jiffies;
1164 hbinfo.hb_nonce = transport->hb_nonce;
1165
1166
1167
1168
1169 retval->transport = (struct sctp_transport *) transport;
1170 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo),
1171 &hbinfo);
1172
1173nodata:
1174 return retval;
1175}
1176
1177struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc,
1178 const struct sctp_chunk *chunk,
1179 const void *payload, const size_t paylen)
1180{
1181 struct sctp_chunk *retval;
1182
1183 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen,
1184 GFP_ATOMIC);
1185 if (!retval)
1186 goto nodata;
1187
1188 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload);
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199 if (chunk)
1200 retval->transport = chunk->transport;
1201
1202nodata:
1203 return retval;
1204}
1205
1206
1207
1208
1209static struct sctp_chunk *sctp_make_op_error_space(
1210 const struct sctp_association *asoc,
1211 const struct sctp_chunk *chunk,
1212 size_t size)
1213{
1214 struct sctp_chunk *retval;
1215
1216 retval = sctp_make_control(asoc, SCTP_CID_ERROR, 0,
1217 sizeof(sctp_errhdr_t) + size, GFP_ATOMIC);
1218 if (!retval)
1219 goto nodata;
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229 if (chunk)
1230 retval->transport = chunk->transport;
1231
1232nodata:
1233 return retval;
1234}
1235
1236
1237
1238
1239
1240
1241
1242static inline struct sctp_chunk *sctp_make_op_error_fixed(
1243 const struct sctp_association *asoc,
1244 const struct sctp_chunk *chunk)
1245{
1246 size_t size = asoc ? asoc->pathmtu : 0;
1247
1248 if (!size)
1249 size = SCTP_DEFAULT_MAXSEGMENT;
1250
1251 return sctp_make_op_error_space(asoc, chunk, size);
1252}
1253
1254
1255struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc,
1256 const struct sctp_chunk *chunk,
1257 __be16 cause_code, const void *payload,
1258 size_t paylen, size_t reserve_tail)
1259{
1260 struct sctp_chunk *retval;
1261
1262 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail);
1263 if (!retval)
1264 goto nodata;
1265
1266 sctp_init_cause(retval, cause_code, paylen + reserve_tail);
1267 sctp_addto_chunk(retval, paylen, payload);
1268 if (reserve_tail)
1269 sctp_addto_param(retval, reserve_tail, NULL);
1270
1271nodata:
1272 return retval;
1273}
1274
1275struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc)
1276{
1277 struct sctp_chunk *retval;
1278 struct sctp_hmac *hmac_desc;
1279 struct sctp_authhdr auth_hdr;
1280 __u8 *hmac;
1281
1282
1283 hmac_desc = sctp_auth_asoc_get_hmac(asoc);
1284 if (unlikely(!hmac_desc))
1285 return NULL;
1286
1287 retval = sctp_make_control(asoc, SCTP_CID_AUTH, 0,
1288 hmac_desc->hmac_len + sizeof(sctp_authhdr_t),
1289 GFP_ATOMIC);
1290 if (!retval)
1291 return NULL;
1292
1293 auth_hdr.hmac_id = htons(hmac_desc->hmac_id);
1294 auth_hdr.shkey_id = htons(asoc->active_key_id);
1295
1296 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t),
1297 &auth_hdr);
1298
1299 hmac = skb_put_zero(retval->skb, hmac_desc->hmac_len);
1300
1301
1302 retval->chunk_hdr->length =
1303 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len);
1304 retval->chunk_end = skb_tail_pointer(retval->skb);
1305
1306 return retval;
1307}
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324struct sctp_chunk *sctp_chunkify(struct sk_buff *skb,
1325 const struct sctp_association *asoc,
1326 struct sock *sk, gfp_t gfp)
1327{
1328 struct sctp_chunk *retval;
1329
1330 retval = kmem_cache_zalloc(sctp_chunk_cachep, gfp);
1331
1332 if (!retval)
1333 goto nodata;
1334 if (!sk)
1335 pr_debug("%s: chunkifying skb:%p w/o an sk\n", __func__, skb);
1336
1337 INIT_LIST_HEAD(&retval->list);
1338 retval->skb = skb;
1339 retval->asoc = (struct sctp_association *)asoc;
1340 retval->singleton = 1;
1341
1342 retval->fast_retransmit = SCTP_CAN_FRTX;
1343
1344
1345 INIT_LIST_HEAD(&retval->transmitted_list);
1346 INIT_LIST_HEAD(&retval->frag_list);
1347 SCTP_DBG_OBJCNT_INC(chunk);
1348 refcount_set(&retval->refcnt, 1);
1349
1350nodata:
1351 return retval;
1352}
1353
1354
1355void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src,
1356 union sctp_addr *dest)
1357{
1358 memcpy(&chunk->source, src, sizeof(union sctp_addr));
1359 memcpy(&chunk->dest, dest, sizeof(union sctp_addr));
1360}
1361
1362
1363const union sctp_addr *sctp_source(const struct sctp_chunk *chunk)
1364{
1365
1366 if (chunk->transport) {
1367 return &chunk->transport->ipaddr;
1368 } else {
1369
1370 return &chunk->source;
1371 }
1372}
1373
1374
1375
1376
1377static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc,
1378 __u8 type, __u8 flags, int paylen,
1379 gfp_t gfp)
1380{
1381 struct sctp_chunk *retval;
1382 struct sctp_chunkhdr *chunk_hdr;
1383 struct sk_buff *skb;
1384 struct sock *sk;
1385
1386
1387 skb = alloc_skb(SCTP_PAD4(sizeof(*chunk_hdr) + paylen), gfp);
1388 if (!skb)
1389 goto nodata;
1390
1391
1392 chunk_hdr = (struct sctp_chunkhdr *)skb_put(skb, sizeof(*chunk_hdr));
1393 chunk_hdr->type = type;
1394 chunk_hdr->flags = flags;
1395 chunk_hdr->length = htons(sizeof(*chunk_hdr));
1396
1397 sk = asoc ? asoc->base.sk : NULL;
1398 retval = sctp_chunkify(skb, asoc, sk, gfp);
1399 if (!retval) {
1400 kfree_skb(skb);
1401 goto nodata;
1402 }
1403
1404 retval->chunk_hdr = chunk_hdr;
1405 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(*chunk_hdr);
1406
1407
1408 if (sctp_auth_send_cid(type, asoc))
1409 retval->auth = 1;
1410
1411 return retval;
1412nodata:
1413 return NULL;
1414}
1415
1416static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc,
1417 __u8 flags, int paylen, gfp_t gfp)
1418{
1419 return _sctp_make_chunk(asoc, SCTP_CID_DATA, flags, paylen, gfp);
1420}
1421
1422static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc,
1423 __u8 type, __u8 flags, int paylen,
1424 gfp_t gfp)
1425{
1426 struct sctp_chunk *chunk;
1427
1428 chunk = _sctp_make_chunk(asoc, type, flags, paylen, gfp);
1429 if (chunk)
1430 sctp_control_set_owner_w(chunk);
1431
1432 return chunk;
1433}
1434
1435
1436static void sctp_chunk_destroy(struct sctp_chunk *chunk)
1437{
1438 BUG_ON(!list_empty(&chunk->list));
1439 list_del_init(&chunk->transmitted_list);
1440
1441 consume_skb(chunk->skb);
1442 consume_skb(chunk->auth_chunk);
1443
1444 SCTP_DBG_OBJCNT_DEC(chunk);
1445 kmem_cache_free(sctp_chunk_cachep, chunk);
1446}
1447
1448
1449void sctp_chunk_free(struct sctp_chunk *chunk)
1450{
1451
1452 if (chunk->msg)
1453 sctp_datamsg_put(chunk->msg);
1454
1455 sctp_chunk_put(chunk);
1456}
1457
1458
1459void sctp_chunk_hold(struct sctp_chunk *ch)
1460{
1461 refcount_inc(&ch->refcnt);
1462}
1463
1464
1465void sctp_chunk_put(struct sctp_chunk *ch)
1466{
1467 if (refcount_dec_and_test(&ch->refcnt))
1468 sctp_chunk_destroy(ch);
1469}
1470
1471
1472
1473
1474void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data)
1475{
1476 void *target;
1477 int chunklen = ntohs(chunk->chunk_hdr->length);
1478 int padlen = SCTP_PAD4(chunklen) - chunklen;
1479
1480 skb_put_zero(chunk->skb, padlen);
1481 target = skb_put_data(chunk->skb, data, len);
1482
1483
1484 chunk->chunk_hdr->length = htons(chunklen + padlen + len);
1485 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1486
1487 return target;
1488}
1489
1490
1491
1492
1493static void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk,
1494 int len, const void *data)
1495{
1496 if (skb_tailroom(chunk->skb) >= len)
1497 return sctp_addto_chunk(chunk, len, data);
1498 else
1499 return NULL;
1500}
1501
1502
1503
1504
1505
1506int sctp_user_addto_chunk(struct sctp_chunk *chunk, int len,
1507 struct iov_iter *from)
1508{
1509 void *target;
1510
1511
1512 target = skb_put(chunk->skb, len);
1513
1514
1515 if (!copy_from_iter_full(target, len, from))
1516 return -EFAULT;
1517
1518
1519 chunk->chunk_hdr->length =
1520 htons(ntohs(chunk->chunk_hdr->length) + len);
1521 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1522
1523 return 0;
1524}
1525
1526
1527
1528
1529void sctp_chunk_assign_ssn(struct sctp_chunk *chunk)
1530{
1531 struct sctp_datamsg *msg;
1532 struct sctp_chunk *lchunk;
1533 struct sctp_stream *stream;
1534 __u16 ssn;
1535 __u16 sid;
1536
1537 if (chunk->has_ssn)
1538 return;
1539
1540
1541 sid = ntohs(chunk->subh.data_hdr->stream);
1542 stream = &chunk->asoc->stream;
1543
1544
1545
1546
1547 msg = chunk->msg;
1548 list_for_each_entry(lchunk, &msg->chunks, frag_list) {
1549 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) {
1550 ssn = 0;
1551 } else {
1552 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG)
1553 ssn = sctp_ssn_next(stream, out, sid);
1554 else
1555 ssn = sctp_ssn_peek(stream, out, sid);
1556 }
1557
1558 lchunk->subh.data_hdr->ssn = htons(ssn);
1559 lchunk->has_ssn = 1;
1560 }
1561}
1562
1563
1564
1565
1566void sctp_chunk_assign_tsn(struct sctp_chunk *chunk)
1567{
1568 if (!chunk->has_tsn) {
1569
1570
1571
1572 chunk->subh.data_hdr->tsn =
1573 htonl(sctp_association_get_next_tsn(chunk->asoc));
1574 chunk->has_tsn = 1;
1575 }
1576}
1577
1578
1579struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep,
1580 struct sctp_chunk *chunk,
1581 gfp_t gfp)
1582{
1583 struct sctp_association *asoc;
1584 struct sk_buff *skb;
1585 sctp_scope_t scope;
1586
1587
1588 scope = sctp_scope(sctp_source(chunk));
1589 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp);
1590 if (!asoc)
1591 goto nodata;
1592 asoc->temp = 1;
1593 skb = chunk->skb;
1594
1595 SCTP_INPUT_CB(skb)->af->from_skb(&asoc->c.peer_addr, skb, 1);
1596
1597nodata:
1598 return asoc;
1599}
1600
1601
1602
1603
1604static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
1605 const struct sctp_association *asoc,
1606 const struct sctp_chunk *init_chunk,
1607 int *cookie_len,
1608 const __u8 *raw_addrs, int addrs_len)
1609{
1610 sctp_cookie_param_t *retval;
1611 struct sctp_signed_cookie *cookie;
1612 int headersize, bodysize;
1613
1614
1615
1616
1617 headersize = sizeof(struct sctp_paramhdr) +
1618 (sizeof(struct sctp_signed_cookie) -
1619 sizeof(struct sctp_cookie));
1620 bodysize = sizeof(struct sctp_cookie)
1621 + ntohs(init_chunk->chunk_hdr->length) + addrs_len;
1622
1623
1624
1625
1626 if (bodysize % SCTP_COOKIE_MULTIPLE)
1627 bodysize += SCTP_COOKIE_MULTIPLE
1628 - (bodysize % SCTP_COOKIE_MULTIPLE);
1629 *cookie_len = headersize + bodysize;
1630
1631
1632
1633
1634 retval = kzalloc(*cookie_len, GFP_ATOMIC);
1635 if (!retval)
1636 goto nodata;
1637
1638 cookie = (struct sctp_signed_cookie *) retval->body;
1639
1640
1641 retval->p.type = SCTP_PARAM_STATE_COOKIE;
1642 retval->p.length = htons(*cookie_len);
1643
1644
1645 cookie->c = asoc->c;
1646
1647 cookie->c.raw_addr_list_len = addrs_len;
1648
1649
1650 cookie->c.prsctp_capable = asoc->peer.prsctp_capable;
1651
1652
1653 cookie->c.adaptation_ind = asoc->peer.adaptation_ind;
1654
1655
1656 cookie->c.expiration = ktime_add(asoc->cookie_life,
1657 ktime_get_real());
1658
1659
1660 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr,
1661 ntohs(init_chunk->chunk_hdr->length));
1662
1663
1664 memcpy((__u8 *)&cookie->c.peer_init[0] +
1665 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len);
1666
1667 if (sctp_sk(ep->base.sk)->hmac) {
1668 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac);
1669 int err;
1670
1671
1672 desc->tfm = sctp_sk(ep->base.sk)->hmac;
1673 desc->flags = 0;
1674
1675 err = crypto_shash_setkey(desc->tfm, ep->secret_key,
1676 sizeof(ep->secret_key)) ?:
1677 crypto_shash_digest(desc, (u8 *)&cookie->c, bodysize,
1678 cookie->signature);
1679 shash_desc_zero(desc);
1680 if (err)
1681 goto free_cookie;
1682 }
1683
1684 return retval;
1685
1686free_cookie:
1687 kfree(retval);
1688nodata:
1689 *cookie_len = 0;
1690 return NULL;
1691}
1692
1693
1694struct sctp_association *sctp_unpack_cookie(
1695 const struct sctp_endpoint *ep,
1696 const struct sctp_association *asoc,
1697 struct sctp_chunk *chunk, gfp_t gfp,
1698 int *error, struct sctp_chunk **errp)
1699{
1700 struct sctp_association *retval = NULL;
1701 struct sctp_signed_cookie *cookie;
1702 struct sctp_cookie *bear_cookie;
1703 int headersize, bodysize, fixed_size;
1704 __u8 *digest = ep->digest;
1705 unsigned int len;
1706 sctp_scope_t scope;
1707 struct sk_buff *skb = chunk->skb;
1708 ktime_t kt;
1709
1710
1711
1712
1713 headersize = sizeof(struct sctp_chunkhdr) +
1714 (sizeof(struct sctp_signed_cookie) -
1715 sizeof(struct sctp_cookie));
1716 bodysize = ntohs(chunk->chunk_hdr->length) - headersize;
1717 fixed_size = headersize + sizeof(struct sctp_cookie);
1718
1719
1720
1721
1722
1723 len = ntohs(chunk->chunk_hdr->length);
1724 if (len < fixed_size + sizeof(struct sctp_chunkhdr))
1725 goto malformed;
1726
1727
1728 if (bodysize % SCTP_COOKIE_MULTIPLE)
1729 goto malformed;
1730
1731
1732 cookie = chunk->subh.cookie_hdr;
1733 bear_cookie = &cookie->c;
1734
1735 if (!sctp_sk(ep->base.sk)->hmac)
1736 goto no_hmac;
1737
1738
1739 {
1740 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac);
1741 int err;
1742
1743 desc->tfm = sctp_sk(ep->base.sk)->hmac;
1744 desc->flags = 0;
1745
1746 err = crypto_shash_setkey(desc->tfm, ep->secret_key,
1747 sizeof(ep->secret_key)) ?:
1748 crypto_shash_digest(desc, (u8 *)bear_cookie, bodysize,
1749 digest);
1750 shash_desc_zero(desc);
1751
1752 if (err) {
1753 *error = -SCTP_IERROR_NOMEM;
1754 goto fail;
1755 }
1756 }
1757
1758 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
1759 *error = -SCTP_IERROR_BAD_SIG;
1760 goto fail;
1761 }
1762
1763no_hmac:
1764
1765
1766
1767
1768
1769
1770
1771 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) {
1772 *error = -SCTP_IERROR_BAD_TAG;
1773 goto fail;
1774 }
1775
1776 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port ||
1777 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) {
1778 *error = -SCTP_IERROR_BAD_PORTS;
1779 goto fail;
1780 }
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP))
1791 kt = skb_get_ktime(skb);
1792 else
1793 kt = ktime_get_real();
1794
1795 if (!asoc && ktime_before(bear_cookie->expiration, kt)) {
1796
1797
1798
1799
1800
1801
1802
1803
1804 len = ntohs(chunk->chunk_hdr->length);
1805 *errp = sctp_make_op_error_space(asoc, chunk, len);
1806 if (*errp) {
1807 suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration));
1808 __be32 n = htonl(usecs);
1809
1810 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE,
1811 sizeof(n));
1812 sctp_addto_chunk(*errp, sizeof(n), &n);
1813 *error = -SCTP_IERROR_STALE_COOKIE;
1814 } else
1815 *error = -SCTP_IERROR_NOMEM;
1816
1817 goto fail;
1818 }
1819
1820
1821 scope = sctp_scope(sctp_source(chunk));
1822 retval = sctp_association_new(ep, ep->base.sk, scope, gfp);
1823 if (!retval) {
1824 *error = -SCTP_IERROR_NOMEM;
1825 goto fail;
1826 }
1827
1828
1829 retval->peer.port = ntohs(chunk->sctp_hdr->source);
1830
1831
1832 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie));
1833
1834 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie,
1835 GFP_ATOMIC) < 0) {
1836 *error = -SCTP_IERROR_NOMEM;
1837 goto fail;
1838 }
1839
1840
1841 if (list_empty(&retval->base.bind_addr.address_list)) {
1842 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest,
1843 sizeof(chunk->dest), SCTP_ADDR_SRC,
1844 GFP_ATOMIC);
1845 }
1846
1847 retval->next_tsn = retval->c.initial_tsn;
1848 retval->ctsn_ack_point = retval->next_tsn - 1;
1849 retval->addip_serial = retval->c.initial_tsn;
1850 retval->strreset_outseq = retval->c.initial_tsn;
1851 retval->adv_peer_ack_point = retval->ctsn_ack_point;
1852 retval->peer.prsctp_capable = retval->c.prsctp_capable;
1853 retval->peer.adaptation_ind = retval->c.adaptation_ind;
1854
1855
1856 return retval;
1857
1858fail:
1859 if (retval)
1860 sctp_association_free(retval);
1861
1862 return NULL;
1863
1864malformed:
1865
1866
1867
1868 *error = -SCTP_IERROR_MALFORMED;
1869 goto fail;
1870}
1871
1872
1873
1874
1875
1876struct __sctp_missing {
1877 __be32 num_missing;
1878 __be16 type;
1879} __packed;
1880
1881
1882
1883
1884static int sctp_process_missing_param(const struct sctp_association *asoc,
1885 enum sctp_param paramtype,
1886 struct sctp_chunk *chunk,
1887 struct sctp_chunk **errp)
1888{
1889 struct __sctp_missing report;
1890 __u16 len;
1891
1892 len = SCTP_PAD4(sizeof(report));
1893
1894
1895
1896
1897 if (!*errp)
1898 *errp = sctp_make_op_error_space(asoc, chunk, len);
1899
1900 if (*errp) {
1901 report.num_missing = htonl(1);
1902 report.type = paramtype;
1903 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM,
1904 sizeof(report));
1905 sctp_addto_chunk(*errp, sizeof(report), &report);
1906 }
1907
1908
1909 return 0;
1910}
1911
1912
1913static int sctp_process_inv_mandatory(const struct sctp_association *asoc,
1914 struct sctp_chunk *chunk,
1915 struct sctp_chunk **errp)
1916{
1917
1918
1919 if (!*errp)
1920 *errp = sctp_make_op_error_space(asoc, chunk, 0);
1921
1922 if (*errp)
1923 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0);
1924
1925
1926 return 0;
1927}
1928
1929static int sctp_process_inv_paramlength(const struct sctp_association *asoc,
1930 struct sctp_paramhdr *param,
1931 const struct sctp_chunk *chunk,
1932 struct sctp_chunk **errp)
1933{
1934
1935
1936
1937 if (*errp)
1938 sctp_chunk_free(*errp);
1939
1940
1941 *errp = sctp_make_violation_paramlen(asoc, chunk, param);
1942
1943 return 0;
1944}
1945
1946
1947
1948
1949
1950static int sctp_process_hn_param(const struct sctp_association *asoc,
1951 union sctp_params param,
1952 struct sctp_chunk *chunk,
1953 struct sctp_chunk **errp)
1954{
1955 __u16 len = ntohs(param.p->length);
1956
1957
1958
1959
1960
1961
1962 if (*errp)
1963 sctp_chunk_free(*errp);
1964
1965 *errp = sctp_make_op_error_space(asoc, chunk, len);
1966
1967 if (*errp) {
1968 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len);
1969 sctp_addto_chunk(*errp, len, param.v);
1970 }
1971
1972
1973 return 0;
1974}
1975
1976static int sctp_verify_ext_param(struct net *net, union sctp_params param)
1977{
1978 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
1979 int have_auth = 0;
1980 int have_asconf = 0;
1981 int i;
1982
1983 for (i = 0; i < num_ext; i++) {
1984 switch (param.ext->chunks[i]) {
1985 case SCTP_CID_AUTH:
1986 have_auth = 1;
1987 break;
1988 case SCTP_CID_ASCONF:
1989 case SCTP_CID_ASCONF_ACK:
1990 have_asconf = 1;
1991 break;
1992 }
1993 }
1994
1995
1996
1997
1998
1999
2000 if (net->sctp.addip_noauth)
2001 return 1;
2002
2003 if (net->sctp.addip_enable && !have_auth && have_asconf)
2004 return 0;
2005
2006 return 1;
2007}
2008
2009static void sctp_process_ext_param(struct sctp_association *asoc,
2010 union sctp_params param)
2011{
2012 struct net *net = sock_net(asoc->base.sk);
2013 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
2014 int i;
2015
2016 for (i = 0; i < num_ext; i++) {
2017 switch (param.ext->chunks[i]) {
2018 case SCTP_CID_RECONF:
2019 if (asoc->reconf_enable &&
2020 !asoc->peer.reconf_capable)
2021 asoc->peer.reconf_capable = 1;
2022 break;
2023 case SCTP_CID_FWD_TSN:
2024 if (asoc->prsctp_enable && !asoc->peer.prsctp_capable)
2025 asoc->peer.prsctp_capable = 1;
2026 break;
2027 case SCTP_CID_AUTH:
2028
2029
2030
2031 if (asoc->ep->auth_enable)
2032 asoc->peer.auth_capable = 1;
2033 break;
2034 case SCTP_CID_ASCONF:
2035 case SCTP_CID_ASCONF_ACK:
2036 if (net->sctp.addip_enable)
2037 asoc->peer.asconf_capable = 1;
2038 break;
2039 default:
2040 break;
2041 }
2042 }
2043}
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc,
2071 union sctp_params param,
2072 struct sctp_chunk *chunk,
2073 struct sctp_chunk **errp)
2074{
2075 int retval = SCTP_IERROR_NO_ERROR;
2076
2077 switch (param.p->type & SCTP_PARAM_ACTION_MASK) {
2078 case SCTP_PARAM_ACTION_DISCARD:
2079 retval = SCTP_IERROR_ERROR;
2080 break;
2081 case SCTP_PARAM_ACTION_SKIP:
2082 break;
2083 case SCTP_PARAM_ACTION_DISCARD_ERR:
2084 retval = SCTP_IERROR_ERROR;
2085
2086 case SCTP_PARAM_ACTION_SKIP_ERR:
2087
2088
2089
2090 if (NULL == *errp)
2091 *errp = sctp_make_op_error_fixed(asoc, chunk);
2092
2093 if (*errp) {
2094 if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM,
2095 SCTP_PAD4(ntohs(param.p->length))))
2096 sctp_addto_chunk_fixed(*errp,
2097 SCTP_PAD4(ntohs(param.p->length)),
2098 param.v);
2099 } else {
2100
2101
2102
2103
2104
2105 retval = SCTP_IERROR_NOMEM;
2106 }
2107 break;
2108 default:
2109 break;
2110 }
2111
2112 return retval;
2113}
2114
2115
2116
2117
2118
2119
2120
2121
2122static sctp_ierror_t sctp_verify_param(struct net *net,
2123 const struct sctp_endpoint *ep,
2124 const struct sctp_association *asoc,
2125 union sctp_params param,
2126 enum sctp_cid cid,
2127 struct sctp_chunk *chunk,
2128 struct sctp_chunk **err_chunk)
2129{
2130 struct sctp_hmac_algo_param *hmacs;
2131 int retval = SCTP_IERROR_NO_ERROR;
2132 __u16 n_elt, id = 0;
2133 int i;
2134
2135
2136
2137
2138
2139
2140 switch (param.p->type) {
2141 case SCTP_PARAM_IPV4_ADDRESS:
2142 case SCTP_PARAM_IPV6_ADDRESS:
2143 case SCTP_PARAM_COOKIE_PRESERVATIVE:
2144 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2145 case SCTP_PARAM_STATE_COOKIE:
2146 case SCTP_PARAM_HEARTBEAT_INFO:
2147 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2148 case SCTP_PARAM_ECN_CAPABLE:
2149 case SCTP_PARAM_ADAPTATION_LAYER_IND:
2150 break;
2151
2152 case SCTP_PARAM_SUPPORTED_EXT:
2153 if (!sctp_verify_ext_param(net, param))
2154 return SCTP_IERROR_ABORT;
2155 break;
2156
2157 case SCTP_PARAM_SET_PRIMARY:
2158 if (net->sctp.addip_enable)
2159 break;
2160 goto fallthrough;
2161
2162 case SCTP_PARAM_HOST_NAME_ADDRESS:
2163
2164 sctp_process_hn_param(asoc, param, chunk, err_chunk);
2165 retval = SCTP_IERROR_ABORT;
2166 break;
2167
2168 case SCTP_PARAM_FWD_TSN_SUPPORT:
2169 if (ep->prsctp_enable)
2170 break;
2171 goto fallthrough;
2172
2173 case SCTP_PARAM_RANDOM:
2174 if (!ep->auth_enable)
2175 goto fallthrough;
2176
2177
2178
2179
2180
2181
2182 if (SCTP_AUTH_RANDOM_LENGTH !=
2183 ntohs(param.p->length) - sizeof(struct sctp_paramhdr)) {
2184 sctp_process_inv_paramlength(asoc, param.p,
2185 chunk, err_chunk);
2186 retval = SCTP_IERROR_ABORT;
2187 }
2188 break;
2189
2190 case SCTP_PARAM_CHUNKS:
2191 if (!ep->auth_enable)
2192 goto fallthrough;
2193
2194
2195
2196
2197
2198
2199 if (260 < ntohs(param.p->length)) {
2200 sctp_process_inv_paramlength(asoc, param.p,
2201 chunk, err_chunk);
2202 retval = SCTP_IERROR_ABORT;
2203 }
2204 break;
2205
2206 case SCTP_PARAM_HMAC_ALGO:
2207 if (!ep->auth_enable)
2208 goto fallthrough;
2209
2210 hmacs = (struct sctp_hmac_algo_param *)param.p;
2211 n_elt = (ntohs(param.p->length) -
2212 sizeof(struct sctp_paramhdr)) >> 1;
2213
2214
2215
2216
2217
2218 for (i = 0; i < n_elt; i++) {
2219 id = ntohs(hmacs->hmac_ids[i]);
2220
2221 if (id == SCTP_AUTH_HMAC_ID_SHA1)
2222 break;
2223 }
2224
2225 if (id != SCTP_AUTH_HMAC_ID_SHA1) {
2226 sctp_process_inv_paramlength(asoc, param.p, chunk,
2227 err_chunk);
2228 retval = SCTP_IERROR_ABORT;
2229 }
2230 break;
2231fallthrough:
2232 default:
2233 pr_debug("%s: unrecognized param:%d for chunk:%d\n",
2234 __func__, ntohs(param.p->type), cid);
2235
2236 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk);
2237 break;
2238 }
2239 return retval;
2240}
2241
2242
2243int sctp_verify_init(struct net *net, const struct sctp_endpoint *ep,
2244 const struct sctp_association *asoc, enum sctp_cid cid,
2245 struct sctp_init_chunk *peer_init,
2246 struct sctp_chunk *chunk, struct sctp_chunk **errp)
2247{
2248 union sctp_params param;
2249 bool has_cookie = false;
2250 int result;
2251
2252
2253
2254
2255
2256 if (peer_init->init_hdr.num_outbound_streams == 0 ||
2257 peer_init->init_hdr.num_inbound_streams == 0 ||
2258 peer_init->init_hdr.init_tag == 0 ||
2259 ntohl(peer_init->init_hdr.a_rwnd) < SCTP_DEFAULT_MINWINDOW)
2260 return sctp_process_inv_mandatory(asoc, chunk, errp);
2261
2262 sctp_walk_params(param, peer_init, init_hdr.params) {
2263 if (param.p->type == SCTP_PARAM_STATE_COOKIE)
2264 has_cookie = true;
2265 }
2266
2267
2268
2269
2270
2271
2272
2273
2274 if (param.v != (void *)chunk->chunk_end)
2275 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp);
2276
2277
2278
2279
2280 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie)
2281 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE,
2282 chunk, errp);
2283
2284
2285 sctp_walk_params(param, peer_init, init_hdr.params) {
2286 result = sctp_verify_param(net, ep, asoc, param, cid,
2287 chunk, errp);
2288 switch (result) {
2289 case SCTP_IERROR_ABORT:
2290 case SCTP_IERROR_NOMEM:
2291 return 0;
2292 case SCTP_IERROR_ERROR:
2293 return 1;
2294 case SCTP_IERROR_NO_ERROR:
2295 default:
2296 break;
2297 }
2298
2299 }
2300
2301 return 1;
2302}
2303
2304
2305
2306
2307
2308int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk,
2309 const union sctp_addr *peer_addr,
2310 struct sctp_init_chunk *peer_init, gfp_t gfp)
2311{
2312 struct net *net = sock_net(asoc->base.sk);
2313 union sctp_params param;
2314 struct sctp_transport *transport;
2315 struct list_head *pos, *temp;
2316 struct sctp_af *af;
2317 union sctp_addr addr;
2318 char *cookie;
2319 int src_match = 0;
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331 if (!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE))
2332 goto nomem;
2333
2334 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr))
2335 src_match = 1;
2336
2337
2338 sctp_walk_params(param, peer_init, init_hdr.params) {
2339 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
2340 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) {
2341 af = sctp_get_af_specific(param_type2af(param.p->type));
2342 af->from_addr_param(&addr, param.addr,
2343 chunk->sctp_hdr->source, 0);
2344 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr))
2345 src_match = 1;
2346 }
2347
2348 if (!sctp_process_param(asoc, param, peer_addr, gfp))
2349 goto clean_up;
2350 }
2351
2352
2353 if (!src_match)
2354 goto clean_up;
2355
2356
2357
2358
2359 if (asoc->peer.auth_capable && (!asoc->peer.peer_random ||
2360 !asoc->peer.peer_hmacs))
2361 asoc->peer.auth_capable = 0;
2362
2363
2364
2365
2366
2367
2368
2369 if (!net->sctp.addip_noauth &&
2370 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) {
2371 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP |
2372 SCTP_PARAM_DEL_IP |
2373 SCTP_PARAM_SET_PRIMARY);
2374 asoc->peer.asconf_capable = 0;
2375 goto clean_up;
2376 }
2377
2378
2379 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2380 transport = list_entry(pos, struct sctp_transport, transports);
2381 if (transport->state == SCTP_UNKNOWN) {
2382 sctp_assoc_rm_peer(asoc, transport);
2383 }
2384 }
2385
2386
2387
2388
2389 asoc->peer.i.init_tag =
2390 ntohl(peer_init->init_hdr.init_tag);
2391 asoc->peer.i.a_rwnd =
2392 ntohl(peer_init->init_hdr.a_rwnd);
2393 asoc->peer.i.num_outbound_streams =
2394 ntohs(peer_init->init_hdr.num_outbound_streams);
2395 asoc->peer.i.num_inbound_streams =
2396 ntohs(peer_init->init_hdr.num_inbound_streams);
2397 asoc->peer.i.initial_tsn =
2398 ntohl(peer_init->init_hdr.initial_tsn);
2399
2400 asoc->strreset_inseq = asoc->peer.i.initial_tsn;
2401
2402
2403
2404
2405 if (asoc->c.sinit_num_ostreams >
2406 ntohs(peer_init->init_hdr.num_inbound_streams)) {
2407 asoc->c.sinit_num_ostreams =
2408 ntohs(peer_init->init_hdr.num_inbound_streams);
2409 }
2410
2411 if (asoc->c.sinit_max_instreams >
2412 ntohs(peer_init->init_hdr.num_outbound_streams)) {
2413 asoc->c.sinit_max_instreams =
2414 ntohs(peer_init->init_hdr.num_outbound_streams);
2415 }
2416
2417
2418 asoc->c.peer_vtag = asoc->peer.i.init_tag;
2419
2420
2421 asoc->peer.rwnd = asoc->peer.i.a_rwnd;
2422
2423
2424 cookie = asoc->peer.cookie;
2425 if (cookie) {
2426 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp);
2427 if (!asoc->peer.cookie)
2428 goto clean_up;
2429 }
2430
2431
2432
2433
2434
2435 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
2436 transports) {
2437 transport->ssthresh = asoc->peer.i.a_rwnd;
2438 }
2439
2440
2441 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
2442 asoc->peer.i.initial_tsn, gfp))
2443 goto clean_up;
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453 if (sctp_stream_init(&asoc->stream, asoc->c.sinit_num_ostreams,
2454 asoc->c.sinit_max_instreams, gfp))
2455 goto clean_up;
2456
2457 if (!asoc->temp && sctp_assoc_set_id(asoc, gfp))
2458 goto clean_up;
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1;
2471 return 1;
2472
2473clean_up:
2474
2475 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2476 transport = list_entry(pos, struct sctp_transport, transports);
2477 if (transport->state != SCTP_ACTIVE)
2478 sctp_assoc_rm_peer(asoc, transport);
2479 }
2480
2481nomem:
2482 return 0;
2483}
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497static int sctp_process_param(struct sctp_association *asoc,
2498 union sctp_params param,
2499 const union sctp_addr *peer_addr,
2500 gfp_t gfp)
2501{
2502 struct net *net = sock_net(asoc->base.sk);
2503 union sctp_addr addr;
2504 int i;
2505 __u16 sat;
2506 int retval = 1;
2507 sctp_scope_t scope;
2508 u32 stale;
2509 struct sctp_af *af;
2510 union sctp_addr_param *addr_param;
2511 struct sctp_transport *t;
2512 struct sctp_endpoint *ep = asoc->ep;
2513
2514
2515
2516
2517
2518 switch (param.p->type) {
2519 case SCTP_PARAM_IPV6_ADDRESS:
2520 if (PF_INET6 != asoc->base.sk->sk_family)
2521 break;
2522 goto do_addr_param;
2523
2524 case SCTP_PARAM_IPV4_ADDRESS:
2525
2526 if (ipv6_only_sock(asoc->base.sk))
2527 break;
2528do_addr_param:
2529 af = sctp_get_af_specific(param_type2af(param.p->type));
2530 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0);
2531 scope = sctp_scope(peer_addr);
2532 if (sctp_in_scope(net, &addr, scope))
2533 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED))
2534 return 0;
2535 break;
2536
2537 case SCTP_PARAM_COOKIE_PRESERVATIVE:
2538 if (!net->sctp.cookie_preserve_enable)
2539 break;
2540
2541 stale = ntohl(param.life->lifespan_increment);
2542
2543
2544
2545
2546 asoc->cookie_life = ktime_add_ms(asoc->cookie_life, stale);
2547 break;
2548
2549 case SCTP_PARAM_HOST_NAME_ADDRESS:
2550 pr_debug("%s: unimplemented SCTP_HOST_NAME_ADDRESS\n", __func__);
2551 break;
2552
2553 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2554
2555
2556
2557 asoc->peer.ipv4_address = 0;
2558 asoc->peer.ipv6_address = 0;
2559
2560
2561
2562
2563 if (peer_addr->sa.sa_family == AF_INET6)
2564 asoc->peer.ipv6_address = 1;
2565 else if (peer_addr->sa.sa_family == AF_INET)
2566 asoc->peer.ipv4_address = 1;
2567
2568
2569 sat = ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
2570 if (sat)
2571 sat /= sizeof(__u16);
2572
2573 for (i = 0; i < sat; ++i) {
2574 switch (param.sat->types[i]) {
2575 case SCTP_PARAM_IPV4_ADDRESS:
2576 asoc->peer.ipv4_address = 1;
2577 break;
2578
2579 case SCTP_PARAM_IPV6_ADDRESS:
2580 if (PF_INET6 == asoc->base.sk->sk_family)
2581 asoc->peer.ipv6_address = 1;
2582 break;
2583
2584 case SCTP_PARAM_HOST_NAME_ADDRESS:
2585 asoc->peer.hostname_address = 1;
2586 break;
2587
2588 default:
2589 break;
2590 }
2591 }
2592 break;
2593
2594 case SCTP_PARAM_STATE_COOKIE:
2595 asoc->peer.cookie_len =
2596 ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
2597 asoc->peer.cookie = param.cookie->body;
2598 break;
2599
2600 case SCTP_PARAM_HEARTBEAT_INFO:
2601
2602 break;
2603
2604 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2605
2606 break;
2607
2608 case SCTP_PARAM_ECN_CAPABLE:
2609 asoc->peer.ecn_capable = 1;
2610 break;
2611
2612 case SCTP_PARAM_ADAPTATION_LAYER_IND:
2613 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind);
2614 break;
2615
2616 case SCTP_PARAM_SET_PRIMARY:
2617 if (!net->sctp.addip_enable)
2618 goto fall_through;
2619
2620 addr_param = param.v + sizeof(sctp_addip_param_t);
2621
2622 af = sctp_get_af_specific(param_type2af(addr_param->p.type));
2623 if (af == NULL)
2624 break;
2625
2626 af->from_addr_param(&addr, addr_param,
2627 htons(asoc->peer.port), 0);
2628
2629
2630
2631
2632 if (!af->addr_valid(&addr, NULL, NULL))
2633 break;
2634
2635 t = sctp_assoc_lookup_paddr(asoc, &addr);
2636 if (!t)
2637 break;
2638
2639 sctp_assoc_set_primary(asoc, t);
2640 break;
2641
2642 case SCTP_PARAM_SUPPORTED_EXT:
2643 sctp_process_ext_param(asoc, param);
2644 break;
2645
2646 case SCTP_PARAM_FWD_TSN_SUPPORT:
2647 if (asoc->prsctp_enable) {
2648 asoc->peer.prsctp_capable = 1;
2649 break;
2650 }
2651
2652 goto fall_through;
2653
2654 case SCTP_PARAM_RANDOM:
2655 if (!ep->auth_enable)
2656 goto fall_through;
2657
2658
2659 asoc->peer.peer_random = kmemdup(param.p,
2660 ntohs(param.p->length), gfp);
2661 if (!asoc->peer.peer_random) {
2662 retval = 0;
2663 break;
2664 }
2665 break;
2666
2667 case SCTP_PARAM_HMAC_ALGO:
2668 if (!ep->auth_enable)
2669 goto fall_through;
2670
2671
2672 asoc->peer.peer_hmacs = kmemdup(param.p,
2673 ntohs(param.p->length), gfp);
2674 if (!asoc->peer.peer_hmacs) {
2675 retval = 0;
2676 break;
2677 }
2678
2679
2680 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo);
2681 break;
2682
2683 case SCTP_PARAM_CHUNKS:
2684 if (!ep->auth_enable)
2685 goto fall_through;
2686
2687 asoc->peer.peer_chunks = kmemdup(param.p,
2688 ntohs(param.p->length), gfp);
2689 if (!asoc->peer.peer_chunks)
2690 retval = 0;
2691 break;
2692fall_through:
2693 default:
2694
2695
2696
2697
2698
2699 pr_debug("%s: ignoring param:%d for association:%p.\n",
2700 __func__, ntohs(param.p->type), asoc);
2701 break;
2702 }
2703
2704 return retval;
2705}
2706
2707
2708__u32 sctp_generate_tag(const struct sctp_endpoint *ep)
2709{
2710
2711
2712
2713 __u32 x;
2714
2715 do {
2716 get_random_bytes(&x, sizeof(__u32));
2717 } while (x == 0);
2718
2719 return x;
2720}
2721
2722
2723__u32 sctp_generate_tsn(const struct sctp_endpoint *ep)
2724{
2725 __u32 retval;
2726
2727 get_random_bytes(&retval, sizeof(__u32));
2728 return retval;
2729}
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc,
2754 union sctp_addr *addr,
2755 int vparam_len)
2756{
2757 sctp_addiphdr_t asconf;
2758 struct sctp_chunk *retval;
2759 int length = sizeof(asconf) + vparam_len;
2760 union sctp_addr_param addrparam;
2761 int addrlen;
2762 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2763
2764 addrlen = af->to_addr_param(addr, &addrparam);
2765 if (!addrlen)
2766 return NULL;
2767 length += addrlen;
2768
2769
2770 retval = sctp_make_control(asoc, SCTP_CID_ASCONF, 0, length,
2771 GFP_ATOMIC);
2772 if (!retval)
2773 return NULL;
2774
2775 asconf.serial = htonl(asoc->addip_serial++);
2776
2777 retval->subh.addip_hdr =
2778 sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2779 retval->param_hdr.v =
2780 sctp_addto_chunk(retval, addrlen, &addrparam);
2781
2782 return retval;
2783}
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc,
2810 union sctp_addr *laddr,
2811 struct sockaddr *addrs,
2812 int addrcnt,
2813 __be16 flags)
2814{
2815 sctp_addip_param_t param;
2816 struct sctp_chunk *retval;
2817 union sctp_addr_param addr_param;
2818 union sctp_addr *addr;
2819 void *addr_buf;
2820 struct sctp_af *af;
2821 int paramlen = sizeof(param);
2822 int addr_param_len = 0;
2823 int totallen = 0;
2824 int i;
2825 int del_pickup = 0;
2826
2827
2828 addr_buf = addrs;
2829 for (i = 0; i < addrcnt; i++) {
2830 addr = addr_buf;
2831 af = sctp_get_af_specific(addr->v4.sin_family);
2832 addr_param_len = af->to_addr_param(addr, &addr_param);
2833
2834 totallen += paramlen;
2835 totallen += addr_param_len;
2836
2837 addr_buf += af->sockaddr_len;
2838 if (asoc->asconf_addr_del_pending && !del_pickup) {
2839
2840 totallen += paramlen;
2841 totallen += addr_param_len;
2842 del_pickup = 1;
2843
2844 pr_debug("%s: picked same-scope del_pending addr, "
2845 "totallen for all addresses is %d\n",
2846 __func__, totallen);
2847 }
2848 }
2849
2850
2851 retval = sctp_make_asconf(asoc, laddr, totallen);
2852 if (!retval)
2853 return NULL;
2854
2855
2856 addr_buf = addrs;
2857 for (i = 0; i < addrcnt; i++) {
2858 addr = addr_buf;
2859 af = sctp_get_af_specific(addr->v4.sin_family);
2860 addr_param_len = af->to_addr_param(addr, &addr_param);
2861 param.param_hdr.type = flags;
2862 param.param_hdr.length = htons(paramlen + addr_param_len);
2863 param.crr_id = i;
2864
2865 sctp_addto_chunk(retval, paramlen, ¶m);
2866 sctp_addto_chunk(retval, addr_param_len, &addr_param);
2867
2868 addr_buf += af->sockaddr_len;
2869 }
2870 if (flags == SCTP_PARAM_ADD_IP && del_pickup) {
2871 addr = asoc->asconf_addr_del_pending;
2872 af = sctp_get_af_specific(addr->v4.sin_family);
2873 addr_param_len = af->to_addr_param(addr, &addr_param);
2874 param.param_hdr.type = SCTP_PARAM_DEL_IP;
2875 param.param_hdr.length = htons(paramlen + addr_param_len);
2876 param.crr_id = i;
2877
2878 sctp_addto_chunk(retval, paramlen, ¶m);
2879 sctp_addto_chunk(retval, addr_param_len, &addr_param);
2880 }
2881 return retval;
2882}
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc,
2899 union sctp_addr *addr)
2900{
2901 sctp_addip_param_t param;
2902 struct sctp_chunk *retval;
2903 int len = sizeof(param);
2904 union sctp_addr_param addrparam;
2905 int addrlen;
2906 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2907
2908 addrlen = af->to_addr_param(addr, &addrparam);
2909 if (!addrlen)
2910 return NULL;
2911 len += addrlen;
2912
2913
2914 retval = sctp_make_asconf(asoc, addr, len);
2915 if (!retval)
2916 return NULL;
2917
2918 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY;
2919 param.param_hdr.length = htons(len);
2920 param.crr_id = 0;
2921
2922 sctp_addto_chunk(retval, sizeof(param), ¶m);
2923 sctp_addto_chunk(retval, addrlen, &addrparam);
2924
2925 return retval;
2926}
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc,
2948 __u32 serial, int vparam_len)
2949{
2950 sctp_addiphdr_t asconf;
2951 struct sctp_chunk *retval;
2952 int length = sizeof(asconf) + vparam_len;
2953
2954
2955 retval = sctp_make_control(asoc, SCTP_CID_ASCONF_ACK, 0, length,
2956 GFP_ATOMIC);
2957 if (!retval)
2958 return NULL;
2959
2960 asconf.serial = htonl(serial);
2961
2962 retval->subh.addip_hdr =
2963 sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2964
2965 return retval;
2966}
2967
2968
2969static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id,
2970 __be16 err_code, sctp_addip_param_t *asconf_param)
2971{
2972 sctp_addip_param_t ack_param;
2973 sctp_errhdr_t err_param;
2974 int asconf_param_len = 0;
2975 int err_param_len = 0;
2976 __be16 response_type;
2977
2978 if (SCTP_ERROR_NO_ERROR == err_code) {
2979 response_type = SCTP_PARAM_SUCCESS_REPORT;
2980 } else {
2981 response_type = SCTP_PARAM_ERR_CAUSE;
2982 err_param_len = sizeof(err_param);
2983 if (asconf_param)
2984 asconf_param_len =
2985 ntohs(asconf_param->param_hdr.length);
2986 }
2987
2988
2989 ack_param.param_hdr.type = response_type;
2990 ack_param.param_hdr.length = htons(sizeof(ack_param) +
2991 err_param_len +
2992 asconf_param_len);
2993 ack_param.crr_id = crr_id;
2994 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param);
2995
2996 if (SCTP_ERROR_NO_ERROR == err_code)
2997 return;
2998
2999
3000 err_param.cause = err_code;
3001 err_param.length = htons(err_param_len + asconf_param_len);
3002 sctp_addto_chunk(chunk, err_param_len, &err_param);
3003
3004
3005 if (asconf_param)
3006 sctp_addto_chunk(chunk, asconf_param_len, asconf_param);
3007}
3008
3009
3010static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
3011 struct sctp_chunk *asconf,
3012 sctp_addip_param_t *asconf_param)
3013{
3014 struct sctp_transport *peer;
3015 struct sctp_af *af;
3016 union sctp_addr addr;
3017 union sctp_addr_param *addr_param;
3018
3019 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t);
3020
3021 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP &&
3022 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP &&
3023 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY)
3024 return SCTP_ERROR_UNKNOWN_PARAM;
3025
3026 switch (addr_param->p.type) {
3027 case SCTP_PARAM_IPV6_ADDRESS:
3028 if (!asoc->peer.ipv6_address)
3029 return SCTP_ERROR_DNS_FAILED;
3030 break;
3031 case SCTP_PARAM_IPV4_ADDRESS:
3032 if (!asoc->peer.ipv4_address)
3033 return SCTP_ERROR_DNS_FAILED;
3034 break;
3035 default:
3036 return SCTP_ERROR_DNS_FAILED;
3037 }
3038
3039 af = sctp_get_af_specific(param_type2af(addr_param->p.type));
3040 if (unlikely(!af))
3041 return SCTP_ERROR_DNS_FAILED;
3042
3043 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0);
3044
3045
3046
3047
3048
3049
3050 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb))
3051 return SCTP_ERROR_DNS_FAILED;
3052
3053 switch (asconf_param->param_hdr.type) {
3054 case SCTP_PARAM_ADD_IP:
3055
3056
3057
3058
3059 if (af->is_any(&addr))
3060 memcpy(&addr, &asconf->source, sizeof(addr));
3061
3062
3063
3064
3065
3066
3067
3068
3069 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED);
3070 if (!peer)
3071 return SCTP_ERROR_RSRC_LOW;
3072
3073
3074 sctp_transport_reset_hb_timer(peer);
3075 asoc->new_transport = peer;
3076 break;
3077 case SCTP_PARAM_DEL_IP:
3078
3079
3080
3081
3082
3083 if (asoc->peer.transport_count == 1)
3084 return SCTP_ERROR_DEL_LAST_IP;
3085
3086
3087
3088
3089
3090
3091
3092
3093 if (sctp_cmp_addr_exact(&asconf->source, &addr))
3094 return SCTP_ERROR_DEL_SRC_IP;
3095
3096
3097
3098
3099
3100
3101 if (af->is_any(&addr)) {
3102 sctp_assoc_set_primary(asoc, asconf->transport);
3103 sctp_assoc_del_nonprimary_peers(asoc,
3104 asconf->transport);
3105 return SCTP_ERROR_NO_ERROR;
3106 }
3107
3108
3109
3110
3111
3112
3113 peer = sctp_assoc_lookup_paddr(asoc, &addr);
3114 if (!peer)
3115 return SCTP_ERROR_DNS_FAILED;
3116
3117 sctp_assoc_rm_peer(asoc, peer);
3118 break;
3119 case SCTP_PARAM_SET_PRIMARY:
3120
3121
3122
3123
3124
3125 if (af->is_any(&addr))
3126 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
3127
3128 peer = sctp_assoc_lookup_paddr(asoc, &addr);
3129 if (!peer)
3130 return SCTP_ERROR_DNS_FAILED;
3131
3132 sctp_assoc_set_primary(asoc, peer);
3133 break;
3134 }
3135
3136 return SCTP_ERROR_NO_ERROR;
3137}
3138
3139
3140bool sctp_verify_asconf(const struct sctp_association *asoc,
3141 struct sctp_chunk *chunk, bool addr_param_needed,
3142 struct sctp_paramhdr **errp)
3143{
3144 sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) chunk->chunk_hdr;
3145 union sctp_params param;
3146 bool addr_param_seen = false;
3147
3148 sctp_walk_params(param, addip, addip_hdr.params) {
3149 size_t length = ntohs(param.p->length);
3150
3151 *errp = param.p;
3152 switch (param.p->type) {
3153 case SCTP_PARAM_ERR_CAUSE:
3154 break;
3155 case SCTP_PARAM_IPV4_ADDRESS:
3156 if (length != sizeof(sctp_ipv4addr_param_t))
3157 return false;
3158
3159
3160
3161 if (param.v != addip->addip_hdr.params)
3162 return false;
3163 addr_param_seen = true;
3164 break;
3165 case SCTP_PARAM_IPV6_ADDRESS:
3166 if (length != sizeof(sctp_ipv6addr_param_t))
3167 return false;
3168 if (param.v != addip->addip_hdr.params)
3169 return false;
3170 addr_param_seen = true;
3171 break;
3172 case SCTP_PARAM_ADD_IP:
3173 case SCTP_PARAM_DEL_IP:
3174 case SCTP_PARAM_SET_PRIMARY:
3175
3176 if (addr_param_needed && !addr_param_seen)
3177 return false;
3178 length = ntohs(param.addip->param_hdr.length);
3179 if (length < sizeof(sctp_addip_param_t) +
3180 sizeof(**errp))
3181 return false;
3182 break;
3183 case SCTP_PARAM_SUCCESS_REPORT:
3184 case SCTP_PARAM_ADAPTATION_LAYER_IND:
3185 if (length != sizeof(sctp_addip_param_t))
3186 return false;
3187 break;
3188 default:
3189
3190 return false;
3191 }
3192 }
3193
3194
3195 if (addr_param_needed && !addr_param_seen)
3196 return false;
3197 if (!addr_param_needed && addr_param_seen)
3198 return false;
3199 if (param.v != chunk->chunk_end)
3200 return false;
3201
3202 return true;
3203}
3204
3205
3206
3207
3208struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
3209 struct sctp_chunk *asconf)
3210{
3211 sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) asconf->chunk_hdr;
3212 bool all_param_pass = true;
3213 union sctp_params param;
3214 sctp_addiphdr_t *hdr;
3215 union sctp_addr_param *addr_param;
3216 struct sctp_chunk *asconf_ack;
3217 __be16 err_code;
3218 int length = 0;
3219 int chunk_len;
3220 __u32 serial;
3221
3222 chunk_len = ntohs(asconf->chunk_hdr->length) -
3223 sizeof(struct sctp_chunkhdr);
3224 hdr = (sctp_addiphdr_t *)asconf->skb->data;
3225 serial = ntohl(hdr->serial);
3226
3227
3228 length = sizeof(sctp_addiphdr_t);
3229 addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3230 chunk_len -= length;
3231
3232
3233
3234
3235 length = ntohs(addr_param->p.length);
3236 chunk_len -= length;
3237
3238
3239
3240
3241
3242
3243 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4);
3244 if (!asconf_ack)
3245 goto done;
3246
3247
3248 sctp_walk_params(param, addip, addip_hdr.params) {
3249
3250 if (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
3251 param.p->type == SCTP_PARAM_IPV6_ADDRESS)
3252 continue;
3253
3254 err_code = sctp_process_asconf_param(asoc, asconf,
3255 param.addip);
3256
3257
3258
3259
3260
3261
3262
3263 if (err_code != SCTP_ERROR_NO_ERROR)
3264 all_param_pass = false;
3265 if (!all_param_pass)
3266 sctp_add_asconf_response(asconf_ack, param.addip->crr_id,
3267 err_code, param.addip);
3268
3269
3270
3271
3272
3273
3274 if (err_code == SCTP_ERROR_RSRC_LOW)
3275 goto done;
3276 }
3277done:
3278 asoc->peer.addip_serial++;
3279
3280
3281
3282
3283 if (asconf_ack) {
3284 sctp_chunk_hold(asconf_ack);
3285 list_add_tail(&asconf_ack->transmitted_list,
3286 &asoc->asconf_ack_list);
3287 }
3288
3289 return asconf_ack;
3290}
3291
3292
3293static void sctp_asconf_param_success(struct sctp_association *asoc,
3294 sctp_addip_param_t *asconf_param)
3295{
3296 struct sctp_af *af;
3297 union sctp_addr addr;
3298 struct sctp_bind_addr *bp = &asoc->base.bind_addr;
3299 union sctp_addr_param *addr_param;
3300 struct sctp_transport *transport;
3301 struct sctp_sockaddr_entry *saddr;
3302
3303 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t);
3304
3305
3306 af = sctp_get_af_specific(param_type2af(addr_param->p.type));
3307 af->from_addr_param(&addr, addr_param, htons(bp->port), 0);
3308
3309 switch (asconf_param->param_hdr.type) {
3310 case SCTP_PARAM_ADD_IP:
3311
3312
3313
3314 local_bh_disable();
3315 list_for_each_entry(saddr, &bp->address_list, list) {
3316 if (sctp_cmp_addr_exact(&saddr->a, &addr))
3317 saddr->state = SCTP_ADDR_SRC;
3318 }
3319 local_bh_enable();
3320 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3321 transports) {
3322 sctp_transport_dst_release(transport);
3323 }
3324 break;
3325 case SCTP_PARAM_DEL_IP:
3326 local_bh_disable();
3327 sctp_del_bind_addr(bp, &addr);
3328 if (asoc->asconf_addr_del_pending != NULL &&
3329 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) {
3330 kfree(asoc->asconf_addr_del_pending);
3331 asoc->asconf_addr_del_pending = NULL;
3332 }
3333 local_bh_enable();
3334 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3335 transports) {
3336 sctp_transport_dst_release(transport);
3337 }
3338 break;
3339 default:
3340 break;
3341 }
3342}
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
3354 sctp_addip_param_t *asconf_param,
3355 int no_err)
3356{
3357 sctp_addip_param_t *asconf_ack_param;
3358 sctp_errhdr_t *err_param;
3359 int length;
3360 int asconf_ack_len;
3361 __be16 err_code;
3362
3363 if (no_err)
3364 err_code = SCTP_ERROR_NO_ERROR;
3365 else
3366 err_code = SCTP_ERROR_REQ_REFUSED;
3367
3368 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) -
3369 sizeof(struct sctp_chunkhdr);
3370
3371
3372
3373
3374 length = sizeof(sctp_addiphdr_t);
3375 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data +
3376 length);
3377 asconf_ack_len -= length;
3378
3379 while (asconf_ack_len > 0) {
3380 if (asconf_ack_param->crr_id == asconf_param->crr_id) {
3381 switch (asconf_ack_param->param_hdr.type) {
3382 case SCTP_PARAM_SUCCESS_REPORT:
3383 return SCTP_ERROR_NO_ERROR;
3384 case SCTP_PARAM_ERR_CAUSE:
3385 length = sizeof(sctp_addip_param_t);
3386 err_param = (void *)asconf_ack_param + length;
3387 asconf_ack_len -= length;
3388 if (asconf_ack_len > 0)
3389 return err_param->cause;
3390 else
3391 return SCTP_ERROR_INV_PARAM;
3392 break;
3393 default:
3394 return SCTP_ERROR_INV_PARAM;
3395 }
3396 }
3397
3398 length = ntohs(asconf_ack_param->param_hdr.length);
3399 asconf_ack_param = (void *)asconf_ack_param + length;
3400 asconf_ack_len -= length;
3401 }
3402
3403 return err_code;
3404}
3405
3406
3407int sctp_process_asconf_ack(struct sctp_association *asoc,
3408 struct sctp_chunk *asconf_ack)
3409{
3410 struct sctp_chunk *asconf = asoc->addip_last_asconf;
3411 union sctp_addr_param *addr_param;
3412 sctp_addip_param_t *asconf_param;
3413 int length = 0;
3414 int asconf_len = asconf->skb->len;
3415 int all_param_pass = 0;
3416 int no_err = 1;
3417 int retval = 0;
3418 __be16 err_code = SCTP_ERROR_NO_ERROR;
3419
3420
3421
3422
3423 length = sizeof(sctp_addip_chunk_t);
3424 addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3425 asconf_len -= length;
3426
3427
3428
3429
3430 length = ntohs(addr_param->p.length);
3431 asconf_param = (void *)addr_param + length;
3432 asconf_len -= length;
3433
3434
3435
3436
3437
3438
3439 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t))
3440 all_param_pass = 1;
3441
3442
3443 while (asconf_len > 0) {
3444 if (all_param_pass)
3445 err_code = SCTP_ERROR_NO_ERROR;
3446 else {
3447 err_code = sctp_get_asconf_response(asconf_ack,
3448 asconf_param,
3449 no_err);
3450 if (no_err && (SCTP_ERROR_NO_ERROR != err_code))
3451 no_err = 0;
3452 }
3453
3454 switch (err_code) {
3455 case SCTP_ERROR_NO_ERROR:
3456 sctp_asconf_param_success(asoc, asconf_param);
3457 break;
3458
3459 case SCTP_ERROR_RSRC_LOW:
3460 retval = 1;
3461 break;
3462
3463 case SCTP_ERROR_UNKNOWN_PARAM:
3464
3465
3466
3467 asoc->peer.addip_disabled_mask |=
3468 asconf_param->param_hdr.type;
3469 break;
3470
3471 case SCTP_ERROR_REQ_REFUSED:
3472 case SCTP_ERROR_DEL_LAST_IP:
3473 case SCTP_ERROR_DEL_SRC_IP:
3474 default:
3475 break;
3476 }
3477
3478
3479
3480
3481 length = ntohs(asconf_param->param_hdr.length);
3482 asconf_param = (void *)asconf_param + length;
3483 asconf_len -= length;
3484 }
3485
3486 if (no_err && asoc->src_out_of_asoc_ok) {
3487 asoc->src_out_of_asoc_ok = 0;
3488 sctp_transport_immediate_rtx(asoc->peer.primary_path);
3489 }
3490
3491
3492 list_del_init(&asconf->transmitted_list);
3493 sctp_chunk_free(asconf);
3494 asoc->addip_last_asconf = NULL;
3495
3496 return retval;
3497}
3498
3499
3500struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc,
3501 __u32 new_cum_tsn, size_t nstreams,
3502 struct sctp_fwdtsn_skip *skiplist)
3503{
3504 struct sctp_chunk *retval = NULL;
3505 struct sctp_fwdtsn_hdr ftsn_hdr;
3506 struct sctp_fwdtsn_skip skip;
3507 size_t hint;
3508 int i;
3509
3510 hint = (nstreams + 1) * sizeof(__u32);
3511
3512 retval = sctp_make_control(asoc, SCTP_CID_FWD_TSN, 0, hint, GFP_ATOMIC);
3513
3514 if (!retval)
3515 return NULL;
3516
3517 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn);
3518 retval->subh.fwdtsn_hdr =
3519 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr);
3520
3521 for (i = 0; i < nstreams; i++) {
3522 skip.stream = skiplist[i].stream;
3523 skip.ssn = skiplist[i].ssn;
3524 sctp_addto_chunk(retval, sizeof(skip), &skip);
3525 }
3526
3527 return retval;
3528}
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545static struct sctp_chunk *sctp_make_reconf(
3546 const struct sctp_association *asoc,
3547 int length)
3548{
3549 struct sctp_reconf_chunk *reconf;
3550 struct sctp_chunk *retval;
3551
3552 retval = sctp_make_control(asoc, SCTP_CID_RECONF, 0, length,
3553 GFP_ATOMIC);
3554 if (!retval)
3555 return NULL;
3556
3557 reconf = (struct sctp_reconf_chunk *)retval->chunk_hdr;
3558 retval->param_hdr.v = reconf->params;
3559
3560 return retval;
3561}
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597struct sctp_chunk *sctp_make_strreset_req(
3598 const struct sctp_association *asoc,
3599 __u16 stream_num, __u16 *stream_list,
3600 bool out, bool in)
3601{
3602 struct sctp_strreset_outreq outreq;
3603 __u16 stream_len = stream_num * 2;
3604 struct sctp_strreset_inreq inreq;
3605 struct sctp_chunk *retval;
3606 __u16 outlen, inlen;
3607
3608 outlen = (sizeof(outreq) + stream_len) * out;
3609 inlen = (sizeof(inreq) + stream_len) * in;
3610
3611 retval = sctp_make_reconf(asoc, outlen + inlen);
3612 if (!retval)
3613 return NULL;
3614
3615 if (outlen) {
3616 outreq.param_hdr.type = SCTP_PARAM_RESET_OUT_REQUEST;
3617 outreq.param_hdr.length = htons(outlen);
3618 outreq.request_seq = htonl(asoc->strreset_outseq);
3619 outreq.response_seq = htonl(asoc->strreset_inseq - 1);
3620 outreq.send_reset_at_tsn = htonl(asoc->next_tsn - 1);
3621
3622 sctp_addto_chunk(retval, sizeof(outreq), &outreq);
3623
3624 if (stream_len)
3625 sctp_addto_chunk(retval, stream_len, stream_list);
3626 }
3627
3628 if (inlen) {
3629 inreq.param_hdr.type = SCTP_PARAM_RESET_IN_REQUEST;
3630 inreq.param_hdr.length = htons(inlen);
3631 inreq.request_seq = htonl(asoc->strreset_outseq + out);
3632
3633 sctp_addto_chunk(retval, sizeof(inreq), &inreq);
3634
3635 if (stream_len)
3636 sctp_addto_chunk(retval, stream_len, stream_list);
3637 }
3638
3639 return retval;
3640}
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651struct sctp_chunk *sctp_make_strreset_tsnreq(
3652 const struct sctp_association *asoc)
3653{
3654 struct sctp_strreset_tsnreq tsnreq;
3655 __u16 length = sizeof(tsnreq);
3656 struct sctp_chunk *retval;
3657
3658 retval = sctp_make_reconf(asoc, length);
3659 if (!retval)
3660 return NULL;
3661
3662 tsnreq.param_hdr.type = SCTP_PARAM_RESET_TSN_REQUEST;
3663 tsnreq.param_hdr.length = htons(length);
3664 tsnreq.request_seq = htonl(asoc->strreset_outseq);
3665
3666 sctp_addto_chunk(retval, sizeof(tsnreq), &tsnreq);
3667
3668 return retval;
3669}
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682struct sctp_chunk *sctp_make_strreset_addstrm(
3683 const struct sctp_association *asoc,
3684 __u16 out, __u16 in)
3685{
3686 struct sctp_strreset_addstrm addstrm;
3687 __u16 size = sizeof(addstrm);
3688 struct sctp_chunk *retval;
3689
3690 retval = sctp_make_reconf(asoc, (!!out + !!in) * size);
3691 if (!retval)
3692 return NULL;
3693
3694 if (out) {
3695 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_OUT_STREAMS;
3696 addstrm.param_hdr.length = htons(size);
3697 addstrm.number_of_streams = htons(out);
3698 addstrm.request_seq = htonl(asoc->strreset_outseq);
3699 addstrm.reserved = 0;
3700
3701 sctp_addto_chunk(retval, size, &addstrm);
3702 }
3703
3704 if (in) {
3705 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_IN_STREAMS;
3706 addstrm.param_hdr.length = htons(size);
3707 addstrm.number_of_streams = htons(in);
3708 addstrm.request_seq = htonl(asoc->strreset_outseq + !!out);
3709 addstrm.reserved = 0;
3710
3711 sctp_addto_chunk(retval, size, &addstrm);
3712 }
3713
3714 return retval;
3715}
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728struct sctp_chunk *sctp_make_strreset_resp(
3729 const struct sctp_association *asoc,
3730 __u32 result, __u32 sn)
3731{
3732 struct sctp_strreset_resp resp;
3733 __u16 length = sizeof(resp);
3734 struct sctp_chunk *retval;
3735
3736 retval = sctp_make_reconf(asoc, length);
3737 if (!retval)
3738 return NULL;
3739
3740 resp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE;
3741 resp.param_hdr.length = htons(length);
3742 resp.response_seq = htonl(sn);
3743 resp.result = htonl(result);
3744
3745 sctp_addto_chunk(retval, sizeof(resp), &resp);
3746
3747 return retval;
3748}
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765struct sctp_chunk *sctp_make_strreset_tsnresp(
3766 struct sctp_association *asoc,
3767 __u32 result, __u32 sn,
3768 __u32 sender_tsn, __u32 receiver_tsn)
3769{
3770 struct sctp_strreset_resptsn tsnresp;
3771 __u16 length = sizeof(tsnresp);
3772 struct sctp_chunk *retval;
3773
3774 retval = sctp_make_reconf(asoc, length);
3775 if (!retval)
3776 return NULL;
3777
3778 tsnresp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE;
3779 tsnresp.param_hdr.length = htons(length);
3780
3781 tsnresp.response_seq = htonl(sn);
3782 tsnresp.result = htonl(result);
3783 tsnresp.senders_next_tsn = htonl(sender_tsn);
3784 tsnresp.receivers_next_tsn = htonl(receiver_tsn);
3785
3786 sctp_addto_chunk(retval, sizeof(tsnresp), &tsnresp);
3787
3788 return retval;
3789}
3790
3791bool sctp_verify_reconf(const struct sctp_association *asoc,
3792 struct sctp_chunk *chunk,
3793 struct sctp_paramhdr **errp)
3794{
3795 struct sctp_reconf_chunk *hdr;
3796 union sctp_params param;
3797 __u16 last = 0, cnt = 0;
3798
3799 hdr = (struct sctp_reconf_chunk *)chunk->chunk_hdr;
3800 sctp_walk_params(param, hdr, params) {
3801 __u16 length = ntohs(param.p->length);
3802
3803 *errp = param.p;
3804 if (cnt++ > 2)
3805 return false;
3806 switch (param.p->type) {
3807 case SCTP_PARAM_RESET_OUT_REQUEST:
3808 if (length < sizeof(struct sctp_strreset_outreq) ||
3809 (last && last != SCTP_PARAM_RESET_RESPONSE &&
3810 last != SCTP_PARAM_RESET_IN_REQUEST))
3811 return false;
3812 break;
3813 case SCTP_PARAM_RESET_IN_REQUEST:
3814 if (length < sizeof(struct sctp_strreset_inreq) ||
3815 (last && last != SCTP_PARAM_RESET_OUT_REQUEST))
3816 return false;
3817 break;
3818 case SCTP_PARAM_RESET_RESPONSE:
3819 if ((length != sizeof(struct sctp_strreset_resp) &&
3820 length != sizeof(struct sctp_strreset_resptsn)) ||
3821 (last && last != SCTP_PARAM_RESET_RESPONSE &&
3822 last != SCTP_PARAM_RESET_OUT_REQUEST))
3823 return false;
3824 break;
3825 case SCTP_PARAM_RESET_TSN_REQUEST:
3826 if (length !=
3827 sizeof(struct sctp_strreset_tsnreq) || last)
3828 return false;
3829 break;
3830 case SCTP_PARAM_RESET_ADD_IN_STREAMS:
3831 if (length != sizeof(struct sctp_strreset_addstrm) ||
3832 (last && last != SCTP_PARAM_RESET_ADD_OUT_STREAMS))
3833 return false;
3834 break;
3835 case SCTP_PARAM_RESET_ADD_OUT_STREAMS:
3836 if (length != sizeof(struct sctp_strreset_addstrm) ||
3837 (last && last != SCTP_PARAM_RESET_ADD_IN_STREAMS))
3838 return false;
3839 break;
3840 default:
3841 return false;
3842 }
3843
3844 last = param.p->type;
3845 }
3846
3847 return true;
3848}
3849