1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
47
48#include <crypto/hash.h>
49#include <linux/types.h>
50#include <linux/kernel.h>
51#include <linux/ip.h>
52#include <linux/ipv6.h>
53#include <linux/net.h>
54#include <linux/inet.h>
55#include <linux/scatterlist.h>
56#include <linux/slab.h>
57#include <net/sock.h>
58
59#include <linux/skbuff.h>
60#include <linux/random.h>
61#include <net/sctp/sctp.h>
62#include <net/sctp/sm.h>
63
64static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc,
65 __u8 type, __u8 flags, int paylen,
66 gfp_t gfp);
67static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc,
68 __u8 flags, int paylen, gfp_t gfp);
69static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc,
70 __u8 type, __u8 flags, int paylen,
71 gfp_t gfp);
72static struct sctp_cookie_param *sctp_pack_cookie(
73 const struct sctp_endpoint *ep,
74 const struct sctp_association *asoc,
75 const struct sctp_chunk *init_chunk,
76 int *cookie_len,
77 const __u8 *raw_addrs, int addrs_len);
78static int sctp_process_param(struct sctp_association *asoc,
79 union sctp_params param,
80 const union sctp_addr *peer_addr,
81 gfp_t gfp);
82static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
83 const void *data);
84static void *sctp_addto_chunk_fixed(struct sctp_chunk *, int len,
85 const void *data);
86
87
88static void sctp_control_release_owner(struct sk_buff *skb)
89{
90 struct sctp_chunk *chunk = skb_shinfo(skb)->destructor_arg;
91
92 if (chunk->shkey) {
93 struct sctp_shared_key *shkey = chunk->shkey;
94 struct sctp_association *asoc = chunk->asoc;
95
96
97
98
99
100 if (shkey->deactivated && !list_empty(&shkey->key_list) &&
101 refcount_read(&shkey->refcnt) == 2) {
102 struct sctp_ulpevent *ev;
103
104 ev = sctp_ulpevent_make_authkey(asoc, shkey->key_id,
105 SCTP_AUTH_FREE_KEY,
106 GFP_KERNEL);
107 if (ev)
108 asoc->stream.si->enqueue_event(&asoc->ulpq, ev);
109 }
110 sctp_auth_shkey_release(chunk->shkey);
111 }
112}
113
114static void sctp_control_set_owner_w(struct sctp_chunk *chunk)
115{
116 struct sctp_association *asoc = chunk->asoc;
117 struct sk_buff *skb = chunk->skb;
118
119
120
121
122
123
124
125
126 if (chunk->auth) {
127 chunk->shkey = asoc->shkey;
128 sctp_auth_shkey_hold(chunk->shkey);
129 }
130 skb->sk = asoc ? asoc->base.sk : NULL;
131 skb_shinfo(skb)->destructor_arg = chunk;
132 skb->destructor = sctp_control_release_owner;
133}
134
135
136int sctp_chunk_iif(const struct sctp_chunk *chunk)
137{
138 struct sk_buff *skb = chunk->skb;
139
140 return SCTP_INPUT_CB(skb)->af->skb_iif(skb);
141}
142
143
144
145
146
147
148static const struct sctp_paramhdr ecap_param = {
149 SCTP_PARAM_ECN_CAPABLE,
150 cpu_to_be16(sizeof(struct sctp_paramhdr)),
151};
152static const struct sctp_paramhdr prsctp_param = {
153 SCTP_PARAM_FWD_TSN_SUPPORT,
154 cpu_to_be16(sizeof(struct sctp_paramhdr)),
155};
156
157
158
159
160
161void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code,
162 size_t paylen)
163{
164 struct sctp_errhdr err;
165 __u16 len;
166
167
168 err.cause = cause_code;
169 len = sizeof(err) + paylen;
170 err.length = htons(len);
171 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(err), &err);
172}
173
174
175
176
177
178
179static int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code,
180 size_t paylen)
181{
182 struct sctp_errhdr err;
183 __u16 len;
184
185
186 err.cause = cause_code;
187 len = sizeof(err) + paylen;
188 err.length = htons(len);
189
190 if (skb_tailroom(chunk->skb) < len)
191 return -ENOSPC;
192
193 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk, sizeof(err), &err);
194
195 return 0;
196}
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
242 const struct sctp_bind_addr *bp,
243 gfp_t gfp, int vparam_len)
244{
245 struct net *net = sock_net(asoc->base.sk);
246 struct sctp_supported_ext_param ext_param;
247 struct sctp_adaptation_ind_param aiparam;
248 struct sctp_paramhdr *auth_chunks = NULL;
249 struct sctp_paramhdr *auth_hmacs = NULL;
250 struct sctp_supported_addrs_param sat;
251 struct sctp_endpoint *ep = asoc->ep;
252 struct sctp_chunk *retval = NULL;
253 int num_types, addrs_len = 0;
254 struct sctp_inithdr init;
255 union sctp_params addrs;
256 struct sctp_sock *sp;
257 __u8 extensions[5];
258 size_t chunksize;
259 __be16 types[2];
260 int num_ext = 0;
261
262
263
264
265
266
267
268
269 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp);
270
271 init.init_tag = htonl(asoc->c.my_vtag);
272 init.a_rwnd = htonl(asoc->rwnd);
273 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
274 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
275 init.initial_tsn = htonl(asoc->c.initial_tsn);
276
277
278 sp = sctp_sk(asoc->base.sk);
279 num_types = sp->pf->supported_addrs(sp, types);
280
281 chunksize = sizeof(init) + addrs_len;
282 chunksize += SCTP_PAD4(SCTP_SAT_LEN(num_types));
283 chunksize += sizeof(ecap_param);
284
285 if (asoc->prsctp_enable)
286 chunksize += sizeof(prsctp_param);
287
288
289
290
291
292
293 if (net->sctp.addip_enable) {
294 extensions[num_ext] = SCTP_CID_ASCONF;
295 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
296 num_ext += 2;
297 }
298
299 if (asoc->reconf_enable) {
300 extensions[num_ext] = SCTP_CID_RECONF;
301 num_ext += 1;
302 }
303
304 if (sp->adaptation_ind)
305 chunksize += sizeof(aiparam);
306
307 if (sp->strm_interleave) {
308 extensions[num_ext] = SCTP_CID_I_DATA;
309 num_ext += 1;
310 }
311
312 chunksize += vparam_len;
313
314
315 if (ep->auth_enable) {
316
317 chunksize += sizeof(asoc->c.auth_random);
318
319
320 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs;
321 if (auth_hmacs->length)
322 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length));
323 else
324 auth_hmacs = NULL;
325
326
327 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks;
328 if (auth_chunks->length)
329 chunksize += SCTP_PAD4(ntohs(auth_chunks->length));
330 else
331 auth_chunks = NULL;
332
333 extensions[num_ext] = SCTP_CID_AUTH;
334 num_ext += 1;
335 }
336
337
338 if (num_ext)
339 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext);
340
341
342
343
344
345
346
347
348
349
350
351
352
353 retval = sctp_make_control(asoc, SCTP_CID_INIT, 0, chunksize, gfp);
354 if (!retval)
355 goto nodata;
356
357 retval->subh.init_hdr =
358 sctp_addto_chunk(retval, sizeof(init), &init);
359 retval->param_hdr.v =
360 sctp_addto_chunk(retval, addrs_len, addrs.v);
361
362
363
364
365
366
367
368
369 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES;
370 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types));
371 sctp_addto_chunk(retval, sizeof(sat), &sat);
372 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types);
373
374 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
375
376
377
378
379 if (num_ext) {
380 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
381 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext);
382 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param);
383 sctp_addto_param(retval, num_ext, extensions);
384 }
385
386 if (asoc->prsctp_enable)
387 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
388
389 if (sp->adaptation_ind) {
390 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
391 aiparam.param_hdr.length = htons(sizeof(aiparam));
392 aiparam.adaptation_ind = htonl(sp->adaptation_ind);
393 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
394 }
395
396
397 if (ep->auth_enable) {
398 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random),
399 asoc->c.auth_random);
400 if (auth_hmacs)
401 sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
402 auth_hmacs);
403 if (auth_chunks)
404 sctp_addto_chunk(retval, ntohs(auth_chunks->length),
405 auth_chunks);
406 }
407nodata:
408 kfree(addrs.v);
409 return retval;
410}
411
412struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
413 const struct sctp_chunk *chunk,
414 gfp_t gfp, int unkparam_len)
415{
416 struct sctp_supported_ext_param ext_param;
417 struct sctp_adaptation_ind_param aiparam;
418 struct sctp_paramhdr *auth_chunks = NULL;
419 struct sctp_paramhdr *auth_random = NULL;
420 struct sctp_paramhdr *auth_hmacs = NULL;
421 struct sctp_chunk *retval = NULL;
422 struct sctp_cookie_param *cookie;
423 struct sctp_inithdr initack;
424 union sctp_params addrs;
425 struct sctp_sock *sp;
426 __u8 extensions[5];
427 size_t chunksize;
428 int num_ext = 0;
429 int cookie_len;
430 int addrs_len;
431
432
433 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp);
434
435 initack.init_tag = htonl(asoc->c.my_vtag);
436 initack.a_rwnd = htonl(asoc->rwnd);
437 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
438 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
439 initack.initial_tsn = htonl(asoc->c.initial_tsn);
440
441
442
443
444 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len,
445 addrs.v, addrs_len);
446 if (!cookie)
447 goto nomem_cookie;
448
449
450
451
452 sp = sctp_sk(asoc->base.sk);
453 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len;
454
455
456 if (asoc->peer.ecn_capable)
457 chunksize += sizeof(ecap_param);
458
459 if (asoc->peer.prsctp_capable)
460 chunksize += sizeof(prsctp_param);
461
462 if (asoc->peer.asconf_capable) {
463 extensions[num_ext] = SCTP_CID_ASCONF;
464 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
465 num_ext += 2;
466 }
467
468 if (asoc->peer.reconf_capable) {
469 extensions[num_ext] = SCTP_CID_RECONF;
470 num_ext += 1;
471 }
472
473 if (sp->adaptation_ind)
474 chunksize += sizeof(aiparam);
475
476 if (asoc->intl_enable) {
477 extensions[num_ext] = SCTP_CID_I_DATA;
478 num_ext += 1;
479 }
480
481 if (asoc->peer.auth_capable) {
482 auth_random = (struct sctp_paramhdr *)asoc->c.auth_random;
483 chunksize += ntohs(auth_random->length);
484
485 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs;
486 if (auth_hmacs->length)
487 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length));
488 else
489 auth_hmacs = NULL;
490
491 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks;
492 if (auth_chunks->length)
493 chunksize += SCTP_PAD4(ntohs(auth_chunks->length));
494 else
495 auth_chunks = NULL;
496
497 extensions[num_ext] = SCTP_CID_AUTH;
498 num_ext += 1;
499 }
500
501 if (num_ext)
502 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext);
503
504
505 retval = sctp_make_control(asoc, SCTP_CID_INIT_ACK, 0, chunksize, gfp);
506 if (!retval)
507 goto nomem_chunk;
508
509
510
511
512
513
514
515
516
517
518 retval->transport = chunk->transport;
519
520 retval->subh.init_hdr =
521 sctp_addto_chunk(retval, sizeof(initack), &initack);
522 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v);
523 sctp_addto_chunk(retval, cookie_len, cookie);
524 if (asoc->peer.ecn_capable)
525 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
526 if (num_ext) {
527 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
528 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext);
529 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param);
530 sctp_addto_param(retval, num_ext, extensions);
531 }
532 if (asoc->peer.prsctp_capable)
533 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
534
535 if (sp->adaptation_ind) {
536 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
537 aiparam.param_hdr.length = htons(sizeof(aiparam));
538 aiparam.adaptation_ind = htonl(sp->adaptation_ind);
539 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
540 }
541
542 if (asoc->peer.auth_capable) {
543 sctp_addto_chunk(retval, ntohs(auth_random->length),
544 auth_random);
545 if (auth_hmacs)
546 sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
547 auth_hmacs);
548 if (auth_chunks)
549 sctp_addto_chunk(retval, ntohs(auth_chunks->length),
550 auth_chunks);
551 }
552
553
554 retval->asoc = (struct sctp_association *) asoc;
555
556nomem_chunk:
557 kfree(cookie);
558nomem_cookie:
559 kfree(addrs.v);
560 return retval;
561}
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc,
598 const struct sctp_chunk *chunk)
599{
600 struct sctp_chunk *retval;
601 int cookie_len;
602 void *cookie;
603
604 cookie = asoc->peer.cookie;
605 cookie_len = asoc->peer.cookie_len;
606
607
608 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ECHO, 0,
609 cookie_len, GFP_ATOMIC);
610 if (!retval)
611 goto nodata;
612 retval->subh.cookie_hdr =
613 sctp_addto_chunk(retval, cookie_len, cookie);
614
615
616
617
618
619
620
621
622
623
624 if (chunk)
625 retval->transport = chunk->transport;
626
627nodata:
628 return retval;
629}
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc,
650 const struct sctp_chunk *chunk)
651{
652 struct sctp_chunk *retval;
653
654 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ACK, 0, 0, GFP_ATOMIC);
655
656
657
658
659
660
661
662
663
664
665 if (retval && chunk)
666 retval->transport = chunk->transport;
667
668 return retval;
669}
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc,
695 const __u32 lowest_tsn,
696 const struct sctp_chunk *chunk)
697{
698 struct sctp_chunk *retval;
699 struct sctp_cwrhdr cwr;
700
701 cwr.lowest_tsn = htonl(lowest_tsn);
702 retval = sctp_make_control(asoc, SCTP_CID_ECN_CWR, 0,
703 sizeof(cwr), GFP_ATOMIC);
704
705 if (!retval)
706 goto nodata;
707
708 retval->subh.ecn_cwr_hdr =
709 sctp_addto_chunk(retval, sizeof(cwr), &cwr);
710
711
712
713
714
715
716
717
718
719
720
721 if (chunk)
722 retval->transport = chunk->transport;
723
724nodata:
725 return retval;
726}
727
728
729struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc,
730 const __u32 lowest_tsn)
731{
732 struct sctp_chunk *retval;
733 struct sctp_ecnehdr ecne;
734
735 ecne.lowest_tsn = htonl(lowest_tsn);
736 retval = sctp_make_control(asoc, SCTP_CID_ECN_ECNE, 0,
737 sizeof(ecne), GFP_ATOMIC);
738 if (!retval)
739 goto nodata;
740 retval->subh.ecne_hdr =
741 sctp_addto_chunk(retval, sizeof(ecne), &ecne);
742
743nodata:
744 return retval;
745}
746
747
748
749
750struct sctp_chunk *sctp_make_datafrag_empty(const struct sctp_association *asoc,
751 const struct sctp_sndrcvinfo *sinfo,
752 int len, __u8 flags, gfp_t gfp)
753{
754 struct sctp_chunk *retval;
755 struct sctp_datahdr dp;
756
757
758
759
760 memset(&dp, 0, sizeof(dp));
761 dp.ppid = sinfo->sinfo_ppid;
762 dp.stream = htons(sinfo->sinfo_stream);
763
764
765 if (sinfo->sinfo_flags & SCTP_UNORDERED)
766 flags |= SCTP_DATA_UNORDERED;
767
768 retval = sctp_make_data(asoc, flags, sizeof(dp) + len, gfp);
769 if (!retval)
770 return NULL;
771
772 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp);
773 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo));
774
775 return retval;
776}
777
778
779
780
781
782struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc)
783{
784 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
785 struct sctp_association *aptr = (struct sctp_association *)asoc;
786 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS];
787 __u16 num_gabs, num_dup_tsns;
788 struct sctp_transport *trans;
789 struct sctp_chunk *retval;
790 struct sctp_sackhdr sack;
791 __u32 ctsn;
792 int len;
793
794 memset(gabs, 0, sizeof(gabs));
795 ctsn = sctp_tsnmap_get_ctsn(map);
796
797 pr_debug("%s: sackCTSNAck sent:0x%x\n", __func__, ctsn);
798
799
800 num_gabs = sctp_tsnmap_num_gabs(map, gabs);
801 num_dup_tsns = sctp_tsnmap_num_dups(map);
802
803
804 sack.cum_tsn_ack = htonl(ctsn);
805 sack.a_rwnd = htonl(asoc->a_rwnd);
806 sack.num_gap_ack_blocks = htons(num_gabs);
807 sack.num_dup_tsns = htons(num_dup_tsns);
808
809 len = sizeof(sack)
810 + sizeof(struct sctp_gap_ack_block) * num_gabs
811 + sizeof(__u32) * num_dup_tsns;
812
813
814 retval = sctp_make_control(asoc, SCTP_CID_SACK, 0, len, GFP_ATOMIC);
815 if (!retval)
816 goto nodata;
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848 retval->transport = asoc->peer.last_data_from;
849
850 retval->subh.sack_hdr =
851 sctp_addto_chunk(retval, sizeof(sack), &sack);
852
853
854 if (num_gabs)
855 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs,
856 gabs);
857
858
859 if (num_dup_tsns) {
860 aptr->stats.idupchunks += num_dup_tsns;
861 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns,
862 sctp_tsnmap_get_dups(map));
863 }
864
865
866
867
868
869
870
871
872 if (++aptr->peer.sack_generation == 0) {
873 list_for_each_entry(trans, &asoc->peer.transport_addr_list,
874 transports)
875 trans->sack_generation = 0;
876 aptr->peer.sack_generation = 1;
877 }
878nodata:
879 return retval;
880}
881
882
883struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc,
884 const struct sctp_chunk *chunk)
885{
886 struct sctp_shutdownhdr shut;
887 struct sctp_chunk *retval;
888 __u32 ctsn;
889
890 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map);
891 shut.cum_tsn_ack = htonl(ctsn);
892
893 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN, 0,
894 sizeof(shut), GFP_ATOMIC);
895 if (!retval)
896 goto nodata;
897
898 retval->subh.shutdown_hdr =
899 sctp_addto_chunk(retval, sizeof(shut), &shut);
900
901 if (chunk)
902 retval->transport = chunk->transport;
903nodata:
904 return retval;
905}
906
907struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc,
908 const struct sctp_chunk *chunk)
909{
910 struct sctp_chunk *retval;
911
912 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0,
913 GFP_ATOMIC);
914
915
916
917
918
919
920
921
922
923
924 if (retval && chunk)
925 retval->transport = chunk->transport;
926
927 return retval;
928}
929
930struct sctp_chunk *sctp_make_shutdown_complete(
931 const struct sctp_association *asoc,
932 const struct sctp_chunk *chunk)
933{
934 struct sctp_chunk *retval;
935 __u8 flags = 0;
936
937
938
939
940 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T;
941
942 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags,
943 0, GFP_ATOMIC);
944
945
946
947
948
949
950
951
952
953
954
955 if (retval && chunk)
956 retval->transport = chunk->transport;
957
958 return retval;
959}
960
961
962
963
964struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc,
965 const struct sctp_chunk *chunk,
966 const size_t hint)
967{
968 struct sctp_chunk *retval;
969 __u8 flags = 0;
970
971
972
973
974 if (!asoc) {
975 if (chunk && chunk->chunk_hdr &&
976 chunk->chunk_hdr->type == SCTP_CID_INIT)
977 flags = 0;
978 else
979 flags = SCTP_CHUNK_FLAG_T;
980 }
981
982 retval = sctp_make_control(asoc, SCTP_CID_ABORT, flags, hint,
983 GFP_ATOMIC);
984
985
986
987
988
989
990
991
992
993
994 if (retval && chunk)
995 retval->transport = chunk->transport;
996
997 return retval;
998}
999
1000
1001struct sctp_chunk *sctp_make_abort_no_data(
1002 const struct sctp_association *asoc,
1003 const struct sctp_chunk *chunk,
1004 __u32 tsn)
1005{
1006 struct sctp_chunk *retval;
1007 __be32 payload;
1008
1009 retval = sctp_make_abort(asoc, chunk,
1010 sizeof(struct sctp_errhdr) + sizeof(tsn));
1011
1012 if (!retval)
1013 goto no_mem;
1014
1015
1016 payload = htonl(tsn);
1017 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload));
1018 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload);
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029 if (chunk)
1030 retval->transport = chunk->transport;
1031
1032no_mem:
1033 return retval;
1034}
1035
1036
1037struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc,
1038 struct msghdr *msg,
1039 size_t paylen)
1040{
1041 struct sctp_chunk *retval;
1042 void *payload = NULL;
1043 int err;
1044
1045 retval = sctp_make_abort(asoc, NULL,
1046 sizeof(struct sctp_errhdr) + paylen);
1047 if (!retval)
1048 goto err_chunk;
1049
1050 if (paylen) {
1051
1052 payload = kmalloc(paylen, GFP_KERNEL);
1053 if (!payload)
1054 goto err_payload;
1055
1056 err = memcpy_from_msg(payload, msg, paylen);
1057 if (err < 0)
1058 goto err_copy;
1059 }
1060
1061 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen);
1062 sctp_addto_chunk(retval, paylen, payload);
1063
1064 if (paylen)
1065 kfree(payload);
1066
1067 return retval;
1068
1069err_copy:
1070 kfree(payload);
1071err_payload:
1072 sctp_chunk_free(retval);
1073 retval = NULL;
1074err_chunk:
1075 return retval;
1076}
1077
1078
1079
1080
1081static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
1082 const void *data)
1083{
1084 int chunklen = ntohs(chunk->chunk_hdr->length);
1085 void *target;
1086
1087 target = skb_put(chunk->skb, len);
1088
1089 if (data)
1090 memcpy(target, data, len);
1091 else
1092 memset(target, 0, len);
1093
1094
1095 chunk->chunk_hdr->length = htons(chunklen + len);
1096 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1097
1098 return target;
1099}
1100
1101
1102struct sctp_chunk *sctp_make_abort_violation(
1103 const struct sctp_association *asoc,
1104 const struct sctp_chunk *chunk,
1105 const __u8 *payload,
1106 const size_t paylen)
1107{
1108 struct sctp_chunk *retval;
1109 struct sctp_paramhdr phdr;
1110
1111 retval = sctp_make_abort(asoc, chunk, sizeof(struct sctp_errhdr) +
1112 paylen + sizeof(phdr));
1113 if (!retval)
1114 goto end;
1115
1116 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen +
1117 sizeof(phdr));
1118
1119 phdr.type = htons(chunk->chunk_hdr->type);
1120 phdr.length = chunk->chunk_hdr->length;
1121 sctp_addto_chunk(retval, paylen, payload);
1122 sctp_addto_param(retval, sizeof(phdr), &phdr);
1123
1124end:
1125 return retval;
1126}
1127
1128struct sctp_chunk *sctp_make_violation_paramlen(
1129 const struct sctp_association *asoc,
1130 const struct sctp_chunk *chunk,
1131 struct sctp_paramhdr *param)
1132{
1133 static const char error[] = "The following parameter had invalid length:";
1134 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr) +
1135 sizeof(*param);
1136 struct sctp_chunk *retval;
1137
1138 retval = sctp_make_abort(asoc, chunk, payload_len);
1139 if (!retval)
1140 goto nodata;
1141
1142 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION,
1143 sizeof(error) + sizeof(*param));
1144 sctp_addto_chunk(retval, sizeof(error), error);
1145 sctp_addto_param(retval, sizeof(*param), param);
1146
1147nodata:
1148 return retval;
1149}
1150
1151struct sctp_chunk *sctp_make_violation_max_retrans(
1152 const struct sctp_association *asoc,
1153 const struct sctp_chunk *chunk)
1154{
1155 static const char error[] = "Association exceeded its max_retrans count";
1156 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr);
1157 struct sctp_chunk *retval;
1158
1159 retval = sctp_make_abort(asoc, chunk, payload_len);
1160 if (!retval)
1161 goto nodata;
1162
1163 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error));
1164 sctp_addto_chunk(retval, sizeof(error), error);
1165
1166nodata:
1167 return retval;
1168}
1169
1170
1171struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc,
1172 const struct sctp_transport *transport)
1173{
1174 struct sctp_sender_hb_info hbinfo;
1175 struct sctp_chunk *retval;
1176
1177 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT, 0,
1178 sizeof(hbinfo), GFP_ATOMIC);
1179
1180 if (!retval)
1181 goto nodata;
1182
1183 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO;
1184 hbinfo.param_hdr.length = htons(sizeof(hbinfo));
1185 hbinfo.daddr = transport->ipaddr;
1186 hbinfo.sent_at = jiffies;
1187 hbinfo.hb_nonce = transport->hb_nonce;
1188
1189
1190
1191
1192 retval->transport = (struct sctp_transport *) transport;
1193 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo),
1194 &hbinfo);
1195
1196nodata:
1197 return retval;
1198}
1199
1200struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc,
1201 const struct sctp_chunk *chunk,
1202 const void *payload,
1203 const size_t paylen)
1204{
1205 struct sctp_chunk *retval;
1206
1207 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen,
1208 GFP_ATOMIC);
1209 if (!retval)
1210 goto nodata;
1211
1212 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload);
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223 if (chunk)
1224 retval->transport = chunk->transport;
1225
1226nodata:
1227 return retval;
1228}
1229
1230
1231
1232
1233static struct sctp_chunk *sctp_make_op_error_space(
1234 const struct sctp_association *asoc,
1235 const struct sctp_chunk *chunk,
1236 size_t size)
1237{
1238 struct sctp_chunk *retval;
1239
1240 retval = sctp_make_control(asoc, SCTP_CID_ERROR, 0,
1241 sizeof(struct sctp_errhdr) + size,
1242 GFP_ATOMIC);
1243 if (!retval)
1244 goto nodata;
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254 if (chunk)
1255 retval->transport = chunk->transport;
1256
1257nodata:
1258 return retval;
1259}
1260
1261
1262
1263
1264
1265
1266
1267static inline struct sctp_chunk *sctp_make_op_error_fixed(
1268 const struct sctp_association *asoc,
1269 const struct sctp_chunk *chunk)
1270{
1271 size_t size = asoc ? asoc->pathmtu : 0;
1272
1273 if (!size)
1274 size = SCTP_DEFAULT_MAXSEGMENT;
1275
1276 return sctp_make_op_error_space(asoc, chunk, size);
1277}
1278
1279
1280struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc,
1281 const struct sctp_chunk *chunk,
1282 __be16 cause_code, const void *payload,
1283 size_t paylen, size_t reserve_tail)
1284{
1285 struct sctp_chunk *retval;
1286
1287 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail);
1288 if (!retval)
1289 goto nodata;
1290
1291 sctp_init_cause(retval, cause_code, paylen + reserve_tail);
1292 sctp_addto_chunk(retval, paylen, payload);
1293 if (reserve_tail)
1294 sctp_addto_param(retval, reserve_tail, NULL);
1295
1296nodata:
1297 return retval;
1298}
1299
1300struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc,
1301 __u16 key_id)
1302{
1303 struct sctp_authhdr auth_hdr;
1304 struct sctp_hmac *hmac_desc;
1305 struct sctp_chunk *retval;
1306
1307
1308 hmac_desc = sctp_auth_asoc_get_hmac(asoc);
1309 if (unlikely(!hmac_desc))
1310 return NULL;
1311
1312 retval = sctp_make_control(asoc, SCTP_CID_AUTH, 0,
1313 hmac_desc->hmac_len + sizeof(auth_hdr),
1314 GFP_ATOMIC);
1315 if (!retval)
1316 return NULL;
1317
1318 auth_hdr.hmac_id = htons(hmac_desc->hmac_id);
1319 auth_hdr.shkey_id = htons(key_id);
1320
1321 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(auth_hdr),
1322 &auth_hdr);
1323
1324 skb_put_zero(retval->skb, hmac_desc->hmac_len);
1325
1326
1327 retval->chunk_hdr->length =
1328 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len);
1329 retval->chunk_end = skb_tail_pointer(retval->skb);
1330
1331 return retval;
1332}
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349struct sctp_chunk *sctp_chunkify(struct sk_buff *skb,
1350 const struct sctp_association *asoc,
1351 struct sock *sk, gfp_t gfp)
1352{
1353 struct sctp_chunk *retval;
1354
1355 retval = kmem_cache_zalloc(sctp_chunk_cachep, gfp);
1356
1357 if (!retval)
1358 goto nodata;
1359 if (!sk)
1360 pr_debug("%s: chunkifying skb:%p w/o an sk\n", __func__, skb);
1361
1362 INIT_LIST_HEAD(&retval->list);
1363 retval->skb = skb;
1364 retval->asoc = (struct sctp_association *)asoc;
1365 retval->singleton = 1;
1366
1367 retval->fast_retransmit = SCTP_CAN_FRTX;
1368
1369
1370 INIT_LIST_HEAD(&retval->transmitted_list);
1371 INIT_LIST_HEAD(&retval->frag_list);
1372 SCTP_DBG_OBJCNT_INC(chunk);
1373 refcount_set(&retval->refcnt, 1);
1374
1375nodata:
1376 return retval;
1377}
1378
1379
1380void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src,
1381 union sctp_addr *dest)
1382{
1383 memcpy(&chunk->source, src, sizeof(union sctp_addr));
1384 memcpy(&chunk->dest, dest, sizeof(union sctp_addr));
1385}
1386
1387
1388const union sctp_addr *sctp_source(const struct sctp_chunk *chunk)
1389{
1390
1391 if (chunk->transport) {
1392 return &chunk->transport->ipaddr;
1393 } else {
1394
1395 return &chunk->source;
1396 }
1397}
1398
1399
1400
1401
1402static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc,
1403 __u8 type, __u8 flags, int paylen,
1404 gfp_t gfp)
1405{
1406 struct sctp_chunkhdr *chunk_hdr;
1407 struct sctp_chunk *retval;
1408 struct sk_buff *skb;
1409 struct sock *sk;
1410 int chunklen;
1411
1412 chunklen = SCTP_PAD4(sizeof(*chunk_hdr) + paylen);
1413 if (chunklen > SCTP_MAX_CHUNK_LEN)
1414 goto nodata;
1415
1416
1417 skb = alloc_skb(chunklen, gfp);
1418 if (!skb)
1419 goto nodata;
1420
1421
1422 chunk_hdr = (struct sctp_chunkhdr *)skb_put(skb, sizeof(*chunk_hdr));
1423 chunk_hdr->type = type;
1424 chunk_hdr->flags = flags;
1425 chunk_hdr->length = htons(sizeof(*chunk_hdr));
1426
1427 sk = asoc ? asoc->base.sk : NULL;
1428 retval = sctp_chunkify(skb, asoc, sk, gfp);
1429 if (!retval) {
1430 kfree_skb(skb);
1431 goto nodata;
1432 }
1433
1434 retval->chunk_hdr = chunk_hdr;
1435 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(*chunk_hdr);
1436
1437
1438 if (sctp_auth_send_cid(type, asoc))
1439 retval->auth = 1;
1440
1441 return retval;
1442nodata:
1443 return NULL;
1444}
1445
1446static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc,
1447 __u8 flags, int paylen, gfp_t gfp)
1448{
1449 return _sctp_make_chunk(asoc, SCTP_CID_DATA, flags, paylen, gfp);
1450}
1451
1452struct sctp_chunk *sctp_make_idata(const struct sctp_association *asoc,
1453 __u8 flags, int paylen, gfp_t gfp)
1454{
1455 return _sctp_make_chunk(asoc, SCTP_CID_I_DATA, flags, paylen, gfp);
1456}
1457
1458static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc,
1459 __u8 type, __u8 flags, int paylen,
1460 gfp_t gfp)
1461{
1462 struct sctp_chunk *chunk;
1463
1464 chunk = _sctp_make_chunk(asoc, type, flags, paylen, gfp);
1465 if (chunk)
1466 sctp_control_set_owner_w(chunk);
1467
1468 return chunk;
1469}
1470
1471
1472static void sctp_chunk_destroy(struct sctp_chunk *chunk)
1473{
1474 BUG_ON(!list_empty(&chunk->list));
1475 list_del_init(&chunk->transmitted_list);
1476
1477 consume_skb(chunk->skb);
1478 consume_skb(chunk->auth_chunk);
1479
1480 SCTP_DBG_OBJCNT_DEC(chunk);
1481 kmem_cache_free(sctp_chunk_cachep, chunk);
1482}
1483
1484
1485void sctp_chunk_free(struct sctp_chunk *chunk)
1486{
1487
1488 if (chunk->msg)
1489 sctp_datamsg_put(chunk->msg);
1490
1491 sctp_chunk_put(chunk);
1492}
1493
1494
1495void sctp_chunk_hold(struct sctp_chunk *ch)
1496{
1497 refcount_inc(&ch->refcnt);
1498}
1499
1500
1501void sctp_chunk_put(struct sctp_chunk *ch)
1502{
1503 if (refcount_dec_and_test(&ch->refcnt))
1504 sctp_chunk_destroy(ch);
1505}
1506
1507
1508
1509
1510void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data)
1511{
1512 int chunklen = ntohs(chunk->chunk_hdr->length);
1513 int padlen = SCTP_PAD4(chunklen) - chunklen;
1514 void *target;
1515
1516 skb_put_zero(chunk->skb, padlen);
1517 target = skb_put_data(chunk->skb, data, len);
1518
1519
1520 chunk->chunk_hdr->length = htons(chunklen + padlen + len);
1521 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1522
1523 return target;
1524}
1525
1526
1527
1528
1529static void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk,
1530 int len, const void *data)
1531{
1532 if (skb_tailroom(chunk->skb) >= len)
1533 return sctp_addto_chunk(chunk, len, data);
1534 else
1535 return NULL;
1536}
1537
1538
1539
1540
1541
1542int sctp_user_addto_chunk(struct sctp_chunk *chunk, int len,
1543 struct iov_iter *from)
1544{
1545 void *target;
1546
1547
1548 target = skb_put(chunk->skb, len);
1549
1550
1551 if (!copy_from_iter_full(target, len, from))
1552 return -EFAULT;
1553
1554
1555 chunk->chunk_hdr->length =
1556 htons(ntohs(chunk->chunk_hdr->length) + len);
1557 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1558
1559 return 0;
1560}
1561
1562
1563
1564
1565void sctp_chunk_assign_ssn(struct sctp_chunk *chunk)
1566{
1567 struct sctp_stream *stream;
1568 struct sctp_chunk *lchunk;
1569 struct sctp_datamsg *msg;
1570 __u16 ssn, sid;
1571
1572 if (chunk->has_ssn)
1573 return;
1574
1575
1576 sid = ntohs(chunk->subh.data_hdr->stream);
1577 stream = &chunk->asoc->stream;
1578
1579
1580
1581
1582 msg = chunk->msg;
1583 list_for_each_entry(lchunk, &msg->chunks, frag_list) {
1584 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) {
1585 ssn = 0;
1586 } else {
1587 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG)
1588 ssn = sctp_ssn_next(stream, out, sid);
1589 else
1590 ssn = sctp_ssn_peek(stream, out, sid);
1591 }
1592
1593 lchunk->subh.data_hdr->ssn = htons(ssn);
1594 lchunk->has_ssn = 1;
1595 }
1596}
1597
1598
1599
1600
1601void sctp_chunk_assign_tsn(struct sctp_chunk *chunk)
1602{
1603 if (!chunk->has_tsn) {
1604
1605
1606
1607 chunk->subh.data_hdr->tsn =
1608 htonl(sctp_association_get_next_tsn(chunk->asoc));
1609 chunk->has_tsn = 1;
1610 }
1611}
1612
1613
1614struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep,
1615 struct sctp_chunk *chunk,
1616 gfp_t gfp)
1617{
1618 struct sctp_association *asoc;
1619 enum sctp_scope scope;
1620 struct sk_buff *skb;
1621
1622
1623 scope = sctp_scope(sctp_source(chunk));
1624 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp);
1625 if (!asoc)
1626 goto nodata;
1627 asoc->temp = 1;
1628 skb = chunk->skb;
1629
1630 SCTP_INPUT_CB(skb)->af->from_skb(&asoc->c.peer_addr, skb, 1);
1631
1632nodata:
1633 return asoc;
1634}
1635
1636
1637
1638
1639static struct sctp_cookie_param *sctp_pack_cookie(
1640 const struct sctp_endpoint *ep,
1641 const struct sctp_association *asoc,
1642 const struct sctp_chunk *init_chunk,
1643 int *cookie_len, const __u8 *raw_addrs,
1644 int addrs_len)
1645{
1646 struct sctp_signed_cookie *cookie;
1647 struct sctp_cookie_param *retval;
1648 int headersize, bodysize;
1649
1650
1651
1652
1653 headersize = sizeof(struct sctp_paramhdr) +
1654 (sizeof(struct sctp_signed_cookie) -
1655 sizeof(struct sctp_cookie));
1656 bodysize = sizeof(struct sctp_cookie)
1657 + ntohs(init_chunk->chunk_hdr->length) + addrs_len;
1658
1659
1660
1661
1662 if (bodysize % SCTP_COOKIE_MULTIPLE)
1663 bodysize += SCTP_COOKIE_MULTIPLE
1664 - (bodysize % SCTP_COOKIE_MULTIPLE);
1665 *cookie_len = headersize + bodysize;
1666
1667
1668
1669
1670 retval = kzalloc(*cookie_len, GFP_ATOMIC);
1671 if (!retval)
1672 goto nodata;
1673
1674 cookie = (struct sctp_signed_cookie *) retval->body;
1675
1676
1677 retval->p.type = SCTP_PARAM_STATE_COOKIE;
1678 retval->p.length = htons(*cookie_len);
1679
1680
1681 cookie->c = asoc->c;
1682
1683 cookie->c.raw_addr_list_len = addrs_len;
1684
1685
1686 cookie->c.prsctp_capable = asoc->peer.prsctp_capable;
1687
1688
1689 cookie->c.adaptation_ind = asoc->peer.adaptation_ind;
1690
1691
1692 cookie->c.expiration = ktime_add(asoc->cookie_life,
1693 ktime_get_real());
1694
1695
1696 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr,
1697 ntohs(init_chunk->chunk_hdr->length));
1698
1699
1700 memcpy((__u8 *)&cookie->c.peer_init[0] +
1701 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len);
1702
1703 if (sctp_sk(ep->base.sk)->hmac) {
1704 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac);
1705 int err;
1706
1707
1708 desc->tfm = sctp_sk(ep->base.sk)->hmac;
1709 desc->flags = 0;
1710
1711 err = crypto_shash_setkey(desc->tfm, ep->secret_key,
1712 sizeof(ep->secret_key)) ?:
1713 crypto_shash_digest(desc, (u8 *)&cookie->c, bodysize,
1714 cookie->signature);
1715 shash_desc_zero(desc);
1716 if (err)
1717 goto free_cookie;
1718 }
1719
1720 return retval;
1721
1722free_cookie:
1723 kfree(retval);
1724nodata:
1725 *cookie_len = 0;
1726 return NULL;
1727}
1728
1729
1730struct sctp_association *sctp_unpack_cookie(
1731 const struct sctp_endpoint *ep,
1732 const struct sctp_association *asoc,
1733 struct sctp_chunk *chunk, gfp_t gfp,
1734 int *error, struct sctp_chunk **errp)
1735{
1736 struct sctp_association *retval = NULL;
1737 int headersize, bodysize, fixed_size;
1738 struct sctp_signed_cookie *cookie;
1739 struct sk_buff *skb = chunk->skb;
1740 struct sctp_cookie *bear_cookie;
1741 __u8 *digest = ep->digest;
1742 enum sctp_scope scope;
1743 unsigned int len;
1744 ktime_t kt;
1745
1746
1747
1748
1749 headersize = sizeof(struct sctp_chunkhdr) +
1750 (sizeof(struct sctp_signed_cookie) -
1751 sizeof(struct sctp_cookie));
1752 bodysize = ntohs(chunk->chunk_hdr->length) - headersize;
1753 fixed_size = headersize + sizeof(struct sctp_cookie);
1754
1755
1756
1757
1758
1759 len = ntohs(chunk->chunk_hdr->length);
1760 if (len < fixed_size + sizeof(struct sctp_chunkhdr))
1761 goto malformed;
1762
1763
1764 if (bodysize % SCTP_COOKIE_MULTIPLE)
1765 goto malformed;
1766
1767
1768 cookie = chunk->subh.cookie_hdr;
1769 bear_cookie = &cookie->c;
1770
1771 if (!sctp_sk(ep->base.sk)->hmac)
1772 goto no_hmac;
1773
1774
1775 {
1776 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac);
1777 int err;
1778
1779 desc->tfm = sctp_sk(ep->base.sk)->hmac;
1780 desc->flags = 0;
1781
1782 err = crypto_shash_setkey(desc->tfm, ep->secret_key,
1783 sizeof(ep->secret_key)) ?:
1784 crypto_shash_digest(desc, (u8 *)bear_cookie, bodysize,
1785 digest);
1786 shash_desc_zero(desc);
1787
1788 if (err) {
1789 *error = -SCTP_IERROR_NOMEM;
1790 goto fail;
1791 }
1792 }
1793
1794 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
1795 *error = -SCTP_IERROR_BAD_SIG;
1796 goto fail;
1797 }
1798
1799no_hmac:
1800
1801
1802
1803
1804
1805
1806
1807 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) {
1808 *error = -SCTP_IERROR_BAD_TAG;
1809 goto fail;
1810 }
1811
1812 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port ||
1813 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) {
1814 *error = -SCTP_IERROR_BAD_PORTS;
1815 goto fail;
1816 }
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP))
1827 kt = skb_get_ktime(skb);
1828 else
1829 kt = ktime_get_real();
1830
1831 if (!asoc && ktime_before(bear_cookie->expiration, kt)) {
1832
1833
1834
1835
1836
1837
1838
1839
1840 len = ntohs(chunk->chunk_hdr->length);
1841 *errp = sctp_make_op_error_space(asoc, chunk, len);
1842 if (*errp) {
1843 suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration));
1844 __be32 n = htonl(usecs);
1845
1846 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE,
1847 sizeof(n));
1848 sctp_addto_chunk(*errp, sizeof(n), &n);
1849 *error = -SCTP_IERROR_STALE_COOKIE;
1850 } else
1851 *error = -SCTP_IERROR_NOMEM;
1852
1853 goto fail;
1854 }
1855
1856
1857 scope = sctp_scope(sctp_source(chunk));
1858 retval = sctp_association_new(ep, ep->base.sk, scope, gfp);
1859 if (!retval) {
1860 *error = -SCTP_IERROR_NOMEM;
1861 goto fail;
1862 }
1863
1864
1865 retval->peer.port = ntohs(chunk->sctp_hdr->source);
1866
1867
1868 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie));
1869
1870 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie,
1871 GFP_ATOMIC) < 0) {
1872 *error = -SCTP_IERROR_NOMEM;
1873 goto fail;
1874 }
1875
1876
1877 if (list_empty(&retval->base.bind_addr.address_list)) {
1878 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest,
1879 sizeof(chunk->dest), SCTP_ADDR_SRC,
1880 GFP_ATOMIC);
1881 }
1882
1883 retval->next_tsn = retval->c.initial_tsn;
1884 retval->ctsn_ack_point = retval->next_tsn - 1;
1885 retval->addip_serial = retval->c.initial_tsn;
1886 retval->strreset_outseq = retval->c.initial_tsn;
1887 retval->adv_peer_ack_point = retval->ctsn_ack_point;
1888 retval->peer.prsctp_capable = retval->c.prsctp_capable;
1889 retval->peer.adaptation_ind = retval->c.adaptation_ind;
1890
1891
1892 return retval;
1893
1894fail:
1895 if (retval)
1896 sctp_association_free(retval);
1897
1898 return NULL;
1899
1900malformed:
1901
1902
1903
1904 *error = -SCTP_IERROR_MALFORMED;
1905 goto fail;
1906}
1907
1908
1909
1910
1911
1912struct __sctp_missing {
1913 __be32 num_missing;
1914 __be16 type;
1915} __packed;
1916
1917
1918
1919
1920static int sctp_process_missing_param(const struct sctp_association *asoc,
1921 enum sctp_param paramtype,
1922 struct sctp_chunk *chunk,
1923 struct sctp_chunk **errp)
1924{
1925 struct __sctp_missing report;
1926 __u16 len;
1927
1928 len = SCTP_PAD4(sizeof(report));
1929
1930
1931
1932
1933 if (!*errp)
1934 *errp = sctp_make_op_error_space(asoc, chunk, len);
1935
1936 if (*errp) {
1937 report.num_missing = htonl(1);
1938 report.type = paramtype;
1939 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM,
1940 sizeof(report));
1941 sctp_addto_chunk(*errp, sizeof(report), &report);
1942 }
1943
1944
1945 return 0;
1946}
1947
1948
1949static int sctp_process_inv_mandatory(const struct sctp_association *asoc,
1950 struct sctp_chunk *chunk,
1951 struct sctp_chunk **errp)
1952{
1953
1954
1955 if (!*errp)
1956 *errp = sctp_make_op_error_space(asoc, chunk, 0);
1957
1958 if (*errp)
1959 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0);
1960
1961
1962 return 0;
1963}
1964
1965static int sctp_process_inv_paramlength(const struct sctp_association *asoc,
1966 struct sctp_paramhdr *param,
1967 const struct sctp_chunk *chunk,
1968 struct sctp_chunk **errp)
1969{
1970
1971
1972
1973 if (*errp)
1974 sctp_chunk_free(*errp);
1975
1976
1977 *errp = sctp_make_violation_paramlen(asoc, chunk, param);
1978
1979 return 0;
1980}
1981
1982
1983
1984
1985
1986static int sctp_process_hn_param(const struct sctp_association *asoc,
1987 union sctp_params param,
1988 struct sctp_chunk *chunk,
1989 struct sctp_chunk **errp)
1990{
1991 __u16 len = ntohs(param.p->length);
1992
1993
1994
1995
1996
1997
1998 if (*errp)
1999 sctp_chunk_free(*errp);
2000
2001 *errp = sctp_make_op_error_space(asoc, chunk, len);
2002
2003 if (*errp) {
2004 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len);
2005 sctp_addto_chunk(*errp, len, param.v);
2006 }
2007
2008
2009 return 0;
2010}
2011
2012static int sctp_verify_ext_param(struct net *net, union sctp_params param)
2013{
2014 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
2015 int have_asconf = 0;
2016 int have_auth = 0;
2017 int i;
2018
2019 for (i = 0; i < num_ext; i++) {
2020 switch (param.ext->chunks[i]) {
2021 case SCTP_CID_AUTH:
2022 have_auth = 1;
2023 break;
2024 case SCTP_CID_ASCONF:
2025 case SCTP_CID_ASCONF_ACK:
2026 have_asconf = 1;
2027 break;
2028 }
2029 }
2030
2031
2032
2033
2034
2035
2036 if (net->sctp.addip_noauth)
2037 return 1;
2038
2039 if (net->sctp.addip_enable && !have_auth && have_asconf)
2040 return 0;
2041
2042 return 1;
2043}
2044
2045static void sctp_process_ext_param(struct sctp_association *asoc,
2046 union sctp_params param)
2047{
2048 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
2049 struct net *net = sock_net(asoc->base.sk);
2050 int i;
2051
2052 for (i = 0; i < num_ext; i++) {
2053 switch (param.ext->chunks[i]) {
2054 case SCTP_CID_RECONF:
2055 if (asoc->reconf_enable &&
2056 !asoc->peer.reconf_capable)
2057 asoc->peer.reconf_capable = 1;
2058 break;
2059 case SCTP_CID_FWD_TSN:
2060 if (asoc->prsctp_enable && !asoc->peer.prsctp_capable)
2061 asoc->peer.prsctp_capable = 1;
2062 break;
2063 case SCTP_CID_AUTH:
2064
2065
2066
2067 if (asoc->ep->auth_enable)
2068 asoc->peer.auth_capable = 1;
2069 break;
2070 case SCTP_CID_ASCONF:
2071 case SCTP_CID_ASCONF_ACK:
2072 if (net->sctp.addip_enable)
2073 asoc->peer.asconf_capable = 1;
2074 break;
2075 case SCTP_CID_I_DATA:
2076 if (sctp_sk(asoc->base.sk)->strm_interleave)
2077 asoc->intl_enable = 1;
2078 break;
2079 default:
2080 break;
2081 }
2082 }
2083}
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110static enum sctp_ierror sctp_process_unk_param(
2111 const struct sctp_association *asoc,
2112 union sctp_params param,
2113 struct sctp_chunk *chunk,
2114 struct sctp_chunk **errp)
2115{
2116 int retval = SCTP_IERROR_NO_ERROR;
2117
2118 switch (param.p->type & SCTP_PARAM_ACTION_MASK) {
2119 case SCTP_PARAM_ACTION_DISCARD:
2120 retval = SCTP_IERROR_ERROR;
2121 break;
2122 case SCTP_PARAM_ACTION_SKIP:
2123 break;
2124 case SCTP_PARAM_ACTION_DISCARD_ERR:
2125 retval = SCTP_IERROR_ERROR;
2126
2127 case SCTP_PARAM_ACTION_SKIP_ERR:
2128
2129
2130
2131 if (NULL == *errp)
2132 *errp = sctp_make_op_error_fixed(asoc, chunk);
2133
2134 if (*errp) {
2135 if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM,
2136 SCTP_PAD4(ntohs(param.p->length))))
2137 sctp_addto_chunk_fixed(*errp,
2138 SCTP_PAD4(ntohs(param.p->length)),
2139 param.v);
2140 } else {
2141
2142
2143
2144
2145
2146 retval = SCTP_IERROR_NOMEM;
2147 }
2148 break;
2149 default:
2150 break;
2151 }
2152
2153 return retval;
2154}
2155
2156
2157
2158
2159
2160
2161
2162
2163static enum sctp_ierror sctp_verify_param(struct net *net,
2164 const struct sctp_endpoint *ep,
2165 const struct sctp_association *asoc,
2166 union sctp_params param,
2167 enum sctp_cid cid,
2168 struct sctp_chunk *chunk,
2169 struct sctp_chunk **err_chunk)
2170{
2171 struct sctp_hmac_algo_param *hmacs;
2172 int retval = SCTP_IERROR_NO_ERROR;
2173 __u16 n_elt, id = 0;
2174 int i;
2175
2176
2177
2178
2179
2180
2181 switch (param.p->type) {
2182 case SCTP_PARAM_IPV4_ADDRESS:
2183 case SCTP_PARAM_IPV6_ADDRESS:
2184 case SCTP_PARAM_COOKIE_PRESERVATIVE:
2185 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2186 case SCTP_PARAM_STATE_COOKIE:
2187 case SCTP_PARAM_HEARTBEAT_INFO:
2188 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2189 case SCTP_PARAM_ECN_CAPABLE:
2190 case SCTP_PARAM_ADAPTATION_LAYER_IND:
2191 break;
2192
2193 case SCTP_PARAM_SUPPORTED_EXT:
2194 if (!sctp_verify_ext_param(net, param))
2195 return SCTP_IERROR_ABORT;
2196 break;
2197
2198 case SCTP_PARAM_SET_PRIMARY:
2199 if (net->sctp.addip_enable)
2200 break;
2201 goto fallthrough;
2202
2203 case SCTP_PARAM_HOST_NAME_ADDRESS:
2204
2205 sctp_process_hn_param(asoc, param, chunk, err_chunk);
2206 retval = SCTP_IERROR_ABORT;
2207 break;
2208
2209 case SCTP_PARAM_FWD_TSN_SUPPORT:
2210 if (ep->prsctp_enable)
2211 break;
2212 goto fallthrough;
2213
2214 case SCTP_PARAM_RANDOM:
2215 if (!ep->auth_enable)
2216 goto fallthrough;
2217
2218
2219
2220
2221
2222
2223 if (SCTP_AUTH_RANDOM_LENGTH !=
2224 ntohs(param.p->length) - sizeof(struct sctp_paramhdr)) {
2225 sctp_process_inv_paramlength(asoc, param.p,
2226 chunk, err_chunk);
2227 retval = SCTP_IERROR_ABORT;
2228 }
2229 break;
2230
2231 case SCTP_PARAM_CHUNKS:
2232 if (!ep->auth_enable)
2233 goto fallthrough;
2234
2235
2236
2237
2238
2239
2240 if (260 < ntohs(param.p->length)) {
2241 sctp_process_inv_paramlength(asoc, param.p,
2242 chunk, err_chunk);
2243 retval = SCTP_IERROR_ABORT;
2244 }
2245 break;
2246
2247 case SCTP_PARAM_HMAC_ALGO:
2248 if (!ep->auth_enable)
2249 goto fallthrough;
2250
2251 hmacs = (struct sctp_hmac_algo_param *)param.p;
2252 n_elt = (ntohs(param.p->length) -
2253 sizeof(struct sctp_paramhdr)) >> 1;
2254
2255
2256
2257
2258
2259 for (i = 0; i < n_elt; i++) {
2260 id = ntohs(hmacs->hmac_ids[i]);
2261
2262 if (id == SCTP_AUTH_HMAC_ID_SHA1)
2263 break;
2264 }
2265
2266 if (id != SCTP_AUTH_HMAC_ID_SHA1) {
2267 sctp_process_inv_paramlength(asoc, param.p, chunk,
2268 err_chunk);
2269 retval = SCTP_IERROR_ABORT;
2270 }
2271 break;
2272fallthrough:
2273 default:
2274 pr_debug("%s: unrecognized param:%d for chunk:%d\n",
2275 __func__, ntohs(param.p->type), cid);
2276
2277 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk);
2278 break;
2279 }
2280 return retval;
2281}
2282
2283
2284int sctp_verify_init(struct net *net, const struct sctp_endpoint *ep,
2285 const struct sctp_association *asoc, enum sctp_cid cid,
2286 struct sctp_init_chunk *peer_init,
2287 struct sctp_chunk *chunk, struct sctp_chunk **errp)
2288{
2289 union sctp_params param;
2290 bool has_cookie = false;
2291 int result;
2292
2293
2294
2295
2296
2297 if (peer_init->init_hdr.num_outbound_streams == 0 ||
2298 peer_init->init_hdr.num_inbound_streams == 0 ||
2299 peer_init->init_hdr.init_tag == 0 ||
2300 ntohl(peer_init->init_hdr.a_rwnd) < SCTP_DEFAULT_MINWINDOW)
2301 return sctp_process_inv_mandatory(asoc, chunk, errp);
2302
2303 sctp_walk_params(param, peer_init, init_hdr.params) {
2304 if (param.p->type == SCTP_PARAM_STATE_COOKIE)
2305 has_cookie = true;
2306 }
2307
2308
2309
2310
2311
2312
2313
2314
2315 if (param.v != (void *)chunk->chunk_end)
2316 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp);
2317
2318
2319
2320
2321 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie)
2322 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE,
2323 chunk, errp);
2324
2325
2326 sctp_walk_params(param, peer_init, init_hdr.params) {
2327 result = sctp_verify_param(net, ep, asoc, param, cid,
2328 chunk, errp);
2329 switch (result) {
2330 case SCTP_IERROR_ABORT:
2331 case SCTP_IERROR_NOMEM:
2332 return 0;
2333 case SCTP_IERROR_ERROR:
2334 return 1;
2335 case SCTP_IERROR_NO_ERROR:
2336 default:
2337 break;
2338 }
2339
2340 }
2341
2342 return 1;
2343}
2344
2345
2346
2347
2348
2349int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk,
2350 const union sctp_addr *peer_addr,
2351 struct sctp_init_chunk *peer_init, gfp_t gfp)
2352{
2353 struct net *net = sock_net(asoc->base.sk);
2354 struct sctp_transport *transport;
2355 struct list_head *pos, *temp;
2356 union sctp_params param;
2357 union sctp_addr addr;
2358 struct sctp_af *af;
2359 int src_match = 0;
2360 char *cookie;
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372 if (!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE))
2373 goto nomem;
2374
2375 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr))
2376 src_match = 1;
2377
2378
2379 sctp_walk_params(param, peer_init, init_hdr.params) {
2380 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
2381 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) {
2382 af = sctp_get_af_specific(param_type2af(param.p->type));
2383 af->from_addr_param(&addr, param.addr,
2384 chunk->sctp_hdr->source, 0);
2385 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr))
2386 src_match = 1;
2387 }
2388
2389 if (!sctp_process_param(asoc, param, peer_addr, gfp))
2390 goto clean_up;
2391 }
2392
2393
2394 if (!src_match)
2395 goto clean_up;
2396
2397
2398
2399
2400 if (asoc->peer.auth_capable && (!asoc->peer.peer_random ||
2401 !asoc->peer.peer_hmacs))
2402 asoc->peer.auth_capable = 0;
2403
2404
2405
2406
2407
2408
2409
2410 if (!net->sctp.addip_noauth &&
2411 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) {
2412 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP |
2413 SCTP_PARAM_DEL_IP |
2414 SCTP_PARAM_SET_PRIMARY);
2415 asoc->peer.asconf_capable = 0;
2416 goto clean_up;
2417 }
2418
2419
2420 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2421 transport = list_entry(pos, struct sctp_transport, transports);
2422 if (transport->state == SCTP_UNKNOWN) {
2423 sctp_assoc_rm_peer(asoc, transport);
2424 }
2425 }
2426
2427
2428
2429
2430 asoc->peer.i.init_tag =
2431 ntohl(peer_init->init_hdr.init_tag);
2432 asoc->peer.i.a_rwnd =
2433 ntohl(peer_init->init_hdr.a_rwnd);
2434 asoc->peer.i.num_outbound_streams =
2435 ntohs(peer_init->init_hdr.num_outbound_streams);
2436 asoc->peer.i.num_inbound_streams =
2437 ntohs(peer_init->init_hdr.num_inbound_streams);
2438 asoc->peer.i.initial_tsn =
2439 ntohl(peer_init->init_hdr.initial_tsn);
2440
2441 asoc->strreset_inseq = asoc->peer.i.initial_tsn;
2442
2443
2444
2445
2446 if (asoc->c.sinit_num_ostreams >
2447 ntohs(peer_init->init_hdr.num_inbound_streams)) {
2448 asoc->c.sinit_num_ostreams =
2449 ntohs(peer_init->init_hdr.num_inbound_streams);
2450 }
2451
2452 if (asoc->c.sinit_max_instreams >
2453 ntohs(peer_init->init_hdr.num_outbound_streams)) {
2454 asoc->c.sinit_max_instreams =
2455 ntohs(peer_init->init_hdr.num_outbound_streams);
2456 }
2457
2458
2459 asoc->c.peer_vtag = asoc->peer.i.init_tag;
2460
2461
2462 asoc->peer.rwnd = asoc->peer.i.a_rwnd;
2463
2464
2465 cookie = asoc->peer.cookie;
2466 if (cookie) {
2467 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp);
2468 if (!asoc->peer.cookie)
2469 goto clean_up;
2470 }
2471
2472
2473
2474
2475
2476 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
2477 transports) {
2478 transport->ssthresh = asoc->peer.i.a_rwnd;
2479 }
2480
2481
2482 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
2483 asoc->peer.i.initial_tsn, gfp))
2484 goto clean_up;
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494 if (sctp_stream_init(&asoc->stream, asoc->c.sinit_num_ostreams,
2495 asoc->c.sinit_max_instreams, gfp))
2496 goto clean_up;
2497
2498 if (!asoc->temp && sctp_assoc_set_id(asoc, gfp))
2499 goto clean_up;
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1;
2512 return 1;
2513
2514clean_up:
2515
2516 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2517 transport = list_entry(pos, struct sctp_transport, transports);
2518 if (transport->state != SCTP_ACTIVE)
2519 sctp_assoc_rm_peer(asoc, transport);
2520 }
2521
2522nomem:
2523 return 0;
2524}
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538static int sctp_process_param(struct sctp_association *asoc,
2539 union sctp_params param,
2540 const union sctp_addr *peer_addr,
2541 gfp_t gfp)
2542{
2543 struct net *net = sock_net(asoc->base.sk);
2544 struct sctp_endpoint *ep = asoc->ep;
2545 union sctp_addr_param *addr_param;
2546 struct sctp_transport *t;
2547 enum sctp_scope scope;
2548 union sctp_addr addr;
2549 struct sctp_af *af;
2550 int retval = 1, i;
2551 u32 stale;
2552 __u16 sat;
2553
2554
2555
2556
2557
2558 switch (param.p->type) {
2559 case SCTP_PARAM_IPV6_ADDRESS:
2560 if (PF_INET6 != asoc->base.sk->sk_family)
2561 break;
2562 goto do_addr_param;
2563
2564 case SCTP_PARAM_IPV4_ADDRESS:
2565
2566 if (ipv6_only_sock(asoc->base.sk))
2567 break;
2568do_addr_param:
2569 af = sctp_get_af_specific(param_type2af(param.p->type));
2570 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0);
2571 scope = sctp_scope(peer_addr);
2572 if (sctp_in_scope(net, &addr, scope))
2573 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED))
2574 return 0;
2575 break;
2576
2577 case SCTP_PARAM_COOKIE_PRESERVATIVE:
2578 if (!net->sctp.cookie_preserve_enable)
2579 break;
2580
2581 stale = ntohl(param.life->lifespan_increment);
2582
2583
2584
2585
2586 asoc->cookie_life = ktime_add_ms(asoc->cookie_life, stale);
2587 break;
2588
2589 case SCTP_PARAM_HOST_NAME_ADDRESS:
2590 pr_debug("%s: unimplemented SCTP_HOST_NAME_ADDRESS\n", __func__);
2591 break;
2592
2593 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2594
2595
2596
2597 asoc->peer.ipv4_address = 0;
2598 asoc->peer.ipv6_address = 0;
2599
2600
2601
2602
2603 if (peer_addr->sa.sa_family == AF_INET6)
2604 asoc->peer.ipv6_address = 1;
2605 else if (peer_addr->sa.sa_family == AF_INET)
2606 asoc->peer.ipv4_address = 1;
2607
2608
2609 sat = ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
2610 if (sat)
2611 sat /= sizeof(__u16);
2612
2613 for (i = 0; i < sat; ++i) {
2614 switch (param.sat->types[i]) {
2615 case SCTP_PARAM_IPV4_ADDRESS:
2616 asoc->peer.ipv4_address = 1;
2617 break;
2618
2619 case SCTP_PARAM_IPV6_ADDRESS:
2620 if (PF_INET6 == asoc->base.sk->sk_family)
2621 asoc->peer.ipv6_address = 1;
2622 break;
2623
2624 case SCTP_PARAM_HOST_NAME_ADDRESS:
2625 asoc->peer.hostname_address = 1;
2626 break;
2627
2628 default:
2629 break;
2630 }
2631 }
2632 break;
2633
2634 case SCTP_PARAM_STATE_COOKIE:
2635 asoc->peer.cookie_len =
2636 ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
2637 asoc->peer.cookie = param.cookie->body;
2638 break;
2639
2640 case SCTP_PARAM_HEARTBEAT_INFO:
2641
2642 break;
2643
2644 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2645
2646 break;
2647
2648 case SCTP_PARAM_ECN_CAPABLE:
2649 asoc->peer.ecn_capable = 1;
2650 break;
2651
2652 case SCTP_PARAM_ADAPTATION_LAYER_IND:
2653 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind);
2654 break;
2655
2656 case SCTP_PARAM_SET_PRIMARY:
2657 if (!net->sctp.addip_enable)
2658 goto fall_through;
2659
2660 addr_param = param.v + sizeof(struct sctp_addip_param);
2661
2662 af = sctp_get_af_specific(param_type2af(addr_param->p.type));
2663 if (af == NULL)
2664 break;
2665
2666 af->from_addr_param(&addr, addr_param,
2667 htons(asoc->peer.port), 0);
2668
2669
2670
2671
2672 if (!af->addr_valid(&addr, NULL, NULL))
2673 break;
2674
2675 t = sctp_assoc_lookup_paddr(asoc, &addr);
2676 if (!t)
2677 break;
2678
2679 sctp_assoc_set_primary(asoc, t);
2680 break;
2681
2682 case SCTP_PARAM_SUPPORTED_EXT:
2683 sctp_process_ext_param(asoc, param);
2684 break;
2685
2686 case SCTP_PARAM_FWD_TSN_SUPPORT:
2687 if (asoc->prsctp_enable) {
2688 asoc->peer.prsctp_capable = 1;
2689 break;
2690 }
2691
2692 goto fall_through;
2693
2694 case SCTP_PARAM_RANDOM:
2695 if (!ep->auth_enable)
2696 goto fall_through;
2697
2698
2699 asoc->peer.peer_random = kmemdup(param.p,
2700 ntohs(param.p->length), gfp);
2701 if (!asoc->peer.peer_random) {
2702 retval = 0;
2703 break;
2704 }
2705 break;
2706
2707 case SCTP_PARAM_HMAC_ALGO:
2708 if (!ep->auth_enable)
2709 goto fall_through;
2710
2711
2712 asoc->peer.peer_hmacs = kmemdup(param.p,
2713 ntohs(param.p->length), gfp);
2714 if (!asoc->peer.peer_hmacs) {
2715 retval = 0;
2716 break;
2717 }
2718
2719
2720 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo);
2721 break;
2722
2723 case SCTP_PARAM_CHUNKS:
2724 if (!ep->auth_enable)
2725 goto fall_through;
2726
2727 asoc->peer.peer_chunks = kmemdup(param.p,
2728 ntohs(param.p->length), gfp);
2729 if (!asoc->peer.peer_chunks)
2730 retval = 0;
2731 break;
2732fall_through:
2733 default:
2734
2735
2736
2737
2738
2739 pr_debug("%s: ignoring param:%d for association:%p.\n",
2740 __func__, ntohs(param.p->type), asoc);
2741 break;
2742 }
2743
2744 return retval;
2745}
2746
2747
2748__u32 sctp_generate_tag(const struct sctp_endpoint *ep)
2749{
2750
2751
2752
2753 __u32 x;
2754
2755 do {
2756 get_random_bytes(&x, sizeof(__u32));
2757 } while (x == 0);
2758
2759 return x;
2760}
2761
2762
2763__u32 sctp_generate_tsn(const struct sctp_endpoint *ep)
2764{
2765 __u32 retval;
2766
2767 get_random_bytes(&retval, sizeof(__u32));
2768 return retval;
2769}
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc,
2794 union sctp_addr *addr,
2795 int vparam_len)
2796{
2797 struct sctp_addiphdr asconf;
2798 struct sctp_chunk *retval;
2799 int length = sizeof(asconf) + vparam_len;
2800 union sctp_addr_param addrparam;
2801 int addrlen;
2802 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2803
2804 addrlen = af->to_addr_param(addr, &addrparam);
2805 if (!addrlen)
2806 return NULL;
2807 length += addrlen;
2808
2809
2810 retval = sctp_make_control(asoc, SCTP_CID_ASCONF, 0, length,
2811 GFP_ATOMIC);
2812 if (!retval)
2813 return NULL;
2814
2815 asconf.serial = htonl(asoc->addip_serial++);
2816
2817 retval->subh.addip_hdr =
2818 sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2819 retval->param_hdr.v =
2820 sctp_addto_chunk(retval, addrlen, &addrparam);
2821
2822 return retval;
2823}
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc,
2850 union sctp_addr *laddr,
2851 struct sockaddr *addrs,
2852 int addrcnt, __be16 flags)
2853{
2854 union sctp_addr_param addr_param;
2855 struct sctp_addip_param param;
2856 int paramlen = sizeof(param);
2857 struct sctp_chunk *retval;
2858 int addr_param_len = 0;
2859 union sctp_addr *addr;
2860 int totallen = 0, i;
2861 int del_pickup = 0;
2862 struct sctp_af *af;
2863 void *addr_buf;
2864
2865
2866 addr_buf = addrs;
2867 for (i = 0; i < addrcnt; i++) {
2868 addr = addr_buf;
2869 af = sctp_get_af_specific(addr->v4.sin_family);
2870 addr_param_len = af->to_addr_param(addr, &addr_param);
2871
2872 totallen += paramlen;
2873 totallen += addr_param_len;
2874
2875 addr_buf += af->sockaddr_len;
2876 if (asoc->asconf_addr_del_pending && !del_pickup) {
2877
2878 totallen += paramlen;
2879 totallen += addr_param_len;
2880 del_pickup = 1;
2881
2882 pr_debug("%s: picked same-scope del_pending addr, "
2883 "totallen for all addresses is %d\n",
2884 __func__, totallen);
2885 }
2886 }
2887
2888
2889 retval = sctp_make_asconf(asoc, laddr, totallen);
2890 if (!retval)
2891 return NULL;
2892
2893
2894 addr_buf = addrs;
2895 for (i = 0; i < addrcnt; i++) {
2896 addr = addr_buf;
2897 af = sctp_get_af_specific(addr->v4.sin_family);
2898 addr_param_len = af->to_addr_param(addr, &addr_param);
2899 param.param_hdr.type = flags;
2900 param.param_hdr.length = htons(paramlen + addr_param_len);
2901 param.crr_id = htonl(i);
2902
2903 sctp_addto_chunk(retval, paramlen, ¶m);
2904 sctp_addto_chunk(retval, addr_param_len, &addr_param);
2905
2906 addr_buf += af->sockaddr_len;
2907 }
2908 if (flags == SCTP_PARAM_ADD_IP && del_pickup) {
2909 addr = asoc->asconf_addr_del_pending;
2910 af = sctp_get_af_specific(addr->v4.sin_family);
2911 addr_param_len = af->to_addr_param(addr, &addr_param);
2912 param.param_hdr.type = SCTP_PARAM_DEL_IP;
2913 param.param_hdr.length = htons(paramlen + addr_param_len);
2914 param.crr_id = htonl(i);
2915
2916 sctp_addto_chunk(retval, paramlen, ¶m);
2917 sctp_addto_chunk(retval, addr_param_len, &addr_param);
2918 }
2919 return retval;
2920}
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc,
2937 union sctp_addr *addr)
2938{
2939 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2940 union sctp_addr_param addrparam;
2941 struct sctp_addip_param param;
2942 struct sctp_chunk *retval;
2943 int len = sizeof(param);
2944 int addrlen;
2945
2946 addrlen = af->to_addr_param(addr, &addrparam);
2947 if (!addrlen)
2948 return NULL;
2949 len += addrlen;
2950
2951
2952 retval = sctp_make_asconf(asoc, addr, len);
2953 if (!retval)
2954 return NULL;
2955
2956 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY;
2957 param.param_hdr.length = htons(len);
2958 param.crr_id = 0;
2959
2960 sctp_addto_chunk(retval, sizeof(param), ¶m);
2961 sctp_addto_chunk(retval, addrlen, &addrparam);
2962
2963 return retval;
2964}
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc,
2986 __u32 serial, int vparam_len)
2987{
2988 struct sctp_addiphdr asconf;
2989 struct sctp_chunk *retval;
2990 int length = sizeof(asconf) + vparam_len;
2991
2992
2993 retval = sctp_make_control(asoc, SCTP_CID_ASCONF_ACK, 0, length,
2994 GFP_ATOMIC);
2995 if (!retval)
2996 return NULL;
2997
2998 asconf.serial = htonl(serial);
2999
3000 retval->subh.addip_hdr =
3001 sctp_addto_chunk(retval, sizeof(asconf), &asconf);
3002
3003 return retval;
3004}
3005
3006
3007static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id,
3008 __be16 err_code,
3009 struct sctp_addip_param *asconf_param)
3010{
3011 struct sctp_addip_param ack_param;
3012 struct sctp_errhdr err_param;
3013 int asconf_param_len = 0;
3014 int err_param_len = 0;
3015 __be16 response_type;
3016
3017 if (SCTP_ERROR_NO_ERROR == err_code) {
3018 response_type = SCTP_PARAM_SUCCESS_REPORT;
3019 } else {
3020 response_type = SCTP_PARAM_ERR_CAUSE;
3021 err_param_len = sizeof(err_param);
3022 if (asconf_param)
3023 asconf_param_len =
3024 ntohs(asconf_param->param_hdr.length);
3025 }
3026
3027
3028 ack_param.param_hdr.type = response_type;
3029 ack_param.param_hdr.length = htons(sizeof(ack_param) +
3030 err_param_len +
3031 asconf_param_len);
3032 ack_param.crr_id = crr_id;
3033 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param);
3034
3035 if (SCTP_ERROR_NO_ERROR == err_code)
3036 return;
3037
3038
3039 err_param.cause = err_code;
3040 err_param.length = htons(err_param_len + asconf_param_len);
3041 sctp_addto_chunk(chunk, err_param_len, &err_param);
3042
3043
3044 if (asconf_param)
3045 sctp_addto_chunk(chunk, asconf_param_len, asconf_param);
3046}
3047
3048
3049static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
3050 struct sctp_chunk *asconf,
3051 struct sctp_addip_param *asconf_param)
3052{
3053 union sctp_addr_param *addr_param;
3054 struct sctp_transport *peer;
3055 union sctp_addr addr;
3056 struct sctp_af *af;
3057
3058 addr_param = (void *)asconf_param + sizeof(*asconf_param);
3059
3060 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP &&
3061 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP &&
3062 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY)
3063 return SCTP_ERROR_UNKNOWN_PARAM;
3064
3065 switch (addr_param->p.type) {
3066 case SCTP_PARAM_IPV6_ADDRESS:
3067 if (!asoc->peer.ipv6_address)
3068 return SCTP_ERROR_DNS_FAILED;
3069 break;
3070 case SCTP_PARAM_IPV4_ADDRESS:
3071 if (!asoc->peer.ipv4_address)
3072 return SCTP_ERROR_DNS_FAILED;
3073 break;
3074 default:
3075 return SCTP_ERROR_DNS_FAILED;
3076 }
3077
3078 af = sctp_get_af_specific(param_type2af(addr_param->p.type));
3079 if (unlikely(!af))
3080 return SCTP_ERROR_DNS_FAILED;
3081
3082 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0);
3083
3084
3085
3086
3087
3088
3089 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb))
3090 return SCTP_ERROR_DNS_FAILED;
3091
3092 switch (asconf_param->param_hdr.type) {
3093 case SCTP_PARAM_ADD_IP:
3094
3095
3096
3097
3098 if (af->is_any(&addr))
3099 memcpy(&addr, &asconf->source, sizeof(addr));
3100
3101 if (security_sctp_bind_connect(asoc->ep->base.sk,
3102 SCTP_PARAM_ADD_IP,
3103 (struct sockaddr *)&addr,
3104 af->sockaddr_len))
3105 return SCTP_ERROR_REQ_REFUSED;
3106
3107
3108
3109
3110
3111
3112
3113
3114 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED);
3115 if (!peer)
3116 return SCTP_ERROR_RSRC_LOW;
3117
3118
3119 sctp_transport_reset_hb_timer(peer);
3120 asoc->new_transport = peer;
3121 break;
3122 case SCTP_PARAM_DEL_IP:
3123
3124
3125
3126
3127
3128 if (asoc->peer.transport_count == 1)
3129 return SCTP_ERROR_DEL_LAST_IP;
3130
3131
3132
3133
3134
3135
3136
3137
3138 if (sctp_cmp_addr_exact(&asconf->source, &addr))
3139 return SCTP_ERROR_DEL_SRC_IP;
3140
3141
3142
3143
3144
3145
3146 if (af->is_any(&addr)) {
3147 sctp_assoc_set_primary(asoc, asconf->transport);
3148 sctp_assoc_del_nonprimary_peers(asoc,
3149 asconf->transport);
3150 return SCTP_ERROR_NO_ERROR;
3151 }
3152
3153
3154
3155
3156
3157
3158 peer = sctp_assoc_lookup_paddr(asoc, &addr);
3159 if (!peer)
3160 return SCTP_ERROR_DNS_FAILED;
3161
3162 sctp_assoc_rm_peer(asoc, peer);
3163 break;
3164 case SCTP_PARAM_SET_PRIMARY:
3165
3166
3167
3168
3169
3170 if (af->is_any(&addr))
3171 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
3172
3173 if (security_sctp_bind_connect(asoc->ep->base.sk,
3174 SCTP_PARAM_SET_PRIMARY,
3175 (struct sockaddr *)&addr,
3176 af->sockaddr_len))
3177 return SCTP_ERROR_REQ_REFUSED;
3178
3179 peer = sctp_assoc_lookup_paddr(asoc, &addr);
3180 if (!peer)
3181 return SCTP_ERROR_DNS_FAILED;
3182
3183 sctp_assoc_set_primary(asoc, peer);
3184 break;
3185 }
3186
3187 return SCTP_ERROR_NO_ERROR;
3188}
3189
3190
3191bool sctp_verify_asconf(const struct sctp_association *asoc,
3192 struct sctp_chunk *chunk, bool addr_param_needed,
3193 struct sctp_paramhdr **errp)
3194{
3195 struct sctp_addip_chunk *addip;
3196 bool addr_param_seen = false;
3197 union sctp_params param;
3198
3199 addip = (struct sctp_addip_chunk *)chunk->chunk_hdr;
3200 sctp_walk_params(param, addip, addip_hdr.params) {
3201 size_t length = ntohs(param.p->length);
3202
3203 *errp = param.p;
3204 switch (param.p->type) {
3205 case SCTP_PARAM_ERR_CAUSE:
3206 break;
3207 case SCTP_PARAM_IPV4_ADDRESS:
3208 if (length != sizeof(struct sctp_ipv4addr_param))
3209 return false;
3210
3211
3212
3213 if (param.v != addip->addip_hdr.params)
3214 return false;
3215 addr_param_seen = true;
3216 break;
3217 case SCTP_PARAM_IPV6_ADDRESS:
3218 if (length != sizeof(struct sctp_ipv6addr_param))
3219 return false;
3220 if (param.v != addip->addip_hdr.params)
3221 return false;
3222 addr_param_seen = true;
3223 break;
3224 case SCTP_PARAM_ADD_IP:
3225 case SCTP_PARAM_DEL_IP:
3226 case SCTP_PARAM_SET_PRIMARY:
3227
3228 if (addr_param_needed && !addr_param_seen)
3229 return false;
3230 length = ntohs(param.addip->param_hdr.length);
3231 if (length < sizeof(struct sctp_addip_param) +
3232 sizeof(**errp))
3233 return false;
3234 break;
3235 case SCTP_PARAM_SUCCESS_REPORT:
3236 case SCTP_PARAM_ADAPTATION_LAYER_IND:
3237 if (length != sizeof(struct sctp_addip_param))
3238 return false;
3239 break;
3240 default:
3241
3242 return false;
3243 }
3244 }
3245
3246
3247 if (addr_param_needed && !addr_param_seen)
3248 return false;
3249 if (!addr_param_needed && addr_param_seen)
3250 return false;
3251 if (param.v != chunk->chunk_end)
3252 return false;
3253
3254 return true;
3255}
3256
3257
3258
3259
3260struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
3261 struct sctp_chunk *asconf)
3262{
3263 union sctp_addr_param *addr_param;
3264 struct sctp_addip_chunk *addip;
3265 struct sctp_chunk *asconf_ack;
3266 bool all_param_pass = true;
3267 struct sctp_addiphdr *hdr;
3268 int length = 0, chunk_len;
3269 union sctp_params param;
3270 __be16 err_code;
3271 __u32 serial;
3272
3273 addip = (struct sctp_addip_chunk *)asconf->chunk_hdr;
3274 chunk_len = ntohs(asconf->chunk_hdr->length) -
3275 sizeof(struct sctp_chunkhdr);
3276 hdr = (struct sctp_addiphdr *)asconf->skb->data;
3277 serial = ntohl(hdr->serial);
3278
3279
3280 length = sizeof(*hdr);
3281 addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3282 chunk_len -= length;
3283
3284
3285
3286
3287 length = ntohs(addr_param->p.length);
3288 chunk_len -= length;
3289
3290
3291
3292
3293
3294
3295 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4);
3296 if (!asconf_ack)
3297 goto done;
3298
3299
3300 sctp_walk_params(param, addip, addip_hdr.params) {
3301
3302 if (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
3303 param.p->type == SCTP_PARAM_IPV6_ADDRESS)
3304 continue;
3305
3306 err_code = sctp_process_asconf_param(asoc, asconf,
3307 param.addip);
3308
3309
3310
3311
3312
3313
3314
3315 if (err_code != SCTP_ERROR_NO_ERROR)
3316 all_param_pass = false;
3317 if (!all_param_pass)
3318 sctp_add_asconf_response(asconf_ack, param.addip->crr_id,
3319 err_code, param.addip);
3320
3321
3322
3323
3324
3325
3326 if (err_code == SCTP_ERROR_RSRC_LOW)
3327 goto done;
3328 }
3329done:
3330 asoc->peer.addip_serial++;
3331
3332
3333
3334
3335 if (asconf_ack) {
3336 sctp_chunk_hold(asconf_ack);
3337 list_add_tail(&asconf_ack->transmitted_list,
3338 &asoc->asconf_ack_list);
3339 }
3340
3341 return asconf_ack;
3342}
3343
3344
3345static void sctp_asconf_param_success(struct sctp_association *asoc,
3346 struct sctp_addip_param *asconf_param)
3347{
3348 struct sctp_bind_addr *bp = &asoc->base.bind_addr;
3349 union sctp_addr_param *addr_param;
3350 struct sctp_sockaddr_entry *saddr;
3351 struct sctp_transport *transport;
3352 union sctp_addr addr;
3353 struct sctp_af *af;
3354
3355 addr_param = (void *)asconf_param + sizeof(*asconf_param);
3356
3357
3358 af = sctp_get_af_specific(param_type2af(addr_param->p.type));
3359 af->from_addr_param(&addr, addr_param, htons(bp->port), 0);
3360
3361 switch (asconf_param->param_hdr.type) {
3362 case SCTP_PARAM_ADD_IP:
3363
3364
3365
3366 local_bh_disable();
3367 list_for_each_entry(saddr, &bp->address_list, list) {
3368 if (sctp_cmp_addr_exact(&saddr->a, &addr))
3369 saddr->state = SCTP_ADDR_SRC;
3370 }
3371 local_bh_enable();
3372 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3373 transports) {
3374 sctp_transport_dst_release(transport);
3375 }
3376 break;
3377 case SCTP_PARAM_DEL_IP:
3378 local_bh_disable();
3379 sctp_del_bind_addr(bp, &addr);
3380 if (asoc->asconf_addr_del_pending != NULL &&
3381 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) {
3382 kfree(asoc->asconf_addr_del_pending);
3383 asoc->asconf_addr_del_pending = NULL;
3384 }
3385 local_bh_enable();
3386 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3387 transports) {
3388 sctp_transport_dst_release(transport);
3389 }
3390 break;
3391 default:
3392 break;
3393 }
3394}
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
3406 struct sctp_addip_param *asconf_param,
3407 int no_err)
3408{
3409 struct sctp_addip_param *asconf_ack_param;
3410 struct sctp_errhdr *err_param;
3411 int asconf_ack_len;
3412 __be16 err_code;
3413 int length;
3414
3415 if (no_err)
3416 err_code = SCTP_ERROR_NO_ERROR;
3417 else
3418 err_code = SCTP_ERROR_REQ_REFUSED;
3419
3420 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) -
3421 sizeof(struct sctp_chunkhdr);
3422
3423
3424
3425
3426 length = sizeof(struct sctp_addiphdr);
3427 asconf_ack_param = (struct sctp_addip_param *)(asconf_ack->skb->data +
3428 length);
3429 asconf_ack_len -= length;
3430
3431 while (asconf_ack_len > 0) {
3432 if (asconf_ack_param->crr_id == asconf_param->crr_id) {
3433 switch (asconf_ack_param->param_hdr.type) {
3434 case SCTP_PARAM_SUCCESS_REPORT:
3435 return SCTP_ERROR_NO_ERROR;
3436 case SCTP_PARAM_ERR_CAUSE:
3437 length = sizeof(*asconf_ack_param);
3438 err_param = (void *)asconf_ack_param + length;
3439 asconf_ack_len -= length;
3440 if (asconf_ack_len > 0)
3441 return err_param->cause;
3442 else
3443 return SCTP_ERROR_INV_PARAM;
3444 break;
3445 default:
3446 return SCTP_ERROR_INV_PARAM;
3447 }
3448 }
3449
3450 length = ntohs(asconf_ack_param->param_hdr.length);
3451 asconf_ack_param = (void *)asconf_ack_param + length;
3452 asconf_ack_len -= length;
3453 }
3454
3455 return err_code;
3456}
3457
3458
3459int sctp_process_asconf_ack(struct sctp_association *asoc,
3460 struct sctp_chunk *asconf_ack)
3461{
3462 struct sctp_chunk *asconf = asoc->addip_last_asconf;
3463 struct sctp_addip_param *asconf_param;
3464 __be16 err_code = SCTP_ERROR_NO_ERROR;
3465 union sctp_addr_param *addr_param;
3466 int asconf_len = asconf->skb->len;
3467 int all_param_pass = 0;
3468 int length = 0;
3469 int no_err = 1;
3470 int retval = 0;
3471
3472
3473
3474
3475 length = sizeof(struct sctp_addip_chunk);
3476 addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3477 asconf_len -= length;
3478
3479
3480
3481
3482 length = ntohs(addr_param->p.length);
3483 asconf_param = (void *)addr_param + length;
3484 asconf_len -= length;
3485
3486
3487
3488
3489
3490
3491 if (asconf_ack->skb->len == sizeof(struct sctp_addiphdr))
3492 all_param_pass = 1;
3493
3494
3495 while (asconf_len > 0) {
3496 if (all_param_pass)
3497 err_code = SCTP_ERROR_NO_ERROR;
3498 else {
3499 err_code = sctp_get_asconf_response(asconf_ack,
3500 asconf_param,
3501 no_err);
3502 if (no_err && (SCTP_ERROR_NO_ERROR != err_code))
3503 no_err = 0;
3504 }
3505
3506 switch (err_code) {
3507 case SCTP_ERROR_NO_ERROR:
3508 sctp_asconf_param_success(asoc, asconf_param);
3509 break;
3510
3511 case SCTP_ERROR_RSRC_LOW:
3512 retval = 1;
3513 break;
3514
3515 case SCTP_ERROR_UNKNOWN_PARAM:
3516
3517
3518
3519 asoc->peer.addip_disabled_mask |=
3520 asconf_param->param_hdr.type;
3521 break;
3522
3523 case SCTP_ERROR_REQ_REFUSED:
3524 case SCTP_ERROR_DEL_LAST_IP:
3525 case SCTP_ERROR_DEL_SRC_IP:
3526 default:
3527 break;
3528 }
3529
3530
3531
3532
3533 length = ntohs(asconf_param->param_hdr.length);
3534 asconf_param = (void *)asconf_param + length;
3535 asconf_len -= length;
3536 }
3537
3538 if (no_err && asoc->src_out_of_asoc_ok) {
3539 asoc->src_out_of_asoc_ok = 0;
3540 sctp_transport_immediate_rtx(asoc->peer.primary_path);
3541 }
3542
3543
3544 list_del_init(&asconf->transmitted_list);
3545 sctp_chunk_free(asconf);
3546 asoc->addip_last_asconf = NULL;
3547
3548 return retval;
3549}
3550
3551
3552struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc,
3553 __u32 new_cum_tsn, size_t nstreams,
3554 struct sctp_fwdtsn_skip *skiplist)
3555{
3556 struct sctp_chunk *retval = NULL;
3557 struct sctp_fwdtsn_hdr ftsn_hdr;
3558 struct sctp_fwdtsn_skip skip;
3559 size_t hint;
3560 int i;
3561
3562 hint = (nstreams + 1) * sizeof(__u32);
3563
3564 retval = sctp_make_control(asoc, SCTP_CID_FWD_TSN, 0, hint, GFP_ATOMIC);
3565
3566 if (!retval)
3567 return NULL;
3568
3569 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn);
3570 retval->subh.fwdtsn_hdr =
3571 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr);
3572
3573 for (i = 0; i < nstreams; i++) {
3574 skip.stream = skiplist[i].stream;
3575 skip.ssn = skiplist[i].ssn;
3576 sctp_addto_chunk(retval, sizeof(skip), &skip);
3577 }
3578
3579 return retval;
3580}
3581
3582struct sctp_chunk *sctp_make_ifwdtsn(const struct sctp_association *asoc,
3583 __u32 new_cum_tsn, size_t nstreams,
3584 struct sctp_ifwdtsn_skip *skiplist)
3585{
3586 struct sctp_chunk *retval = NULL;
3587 struct sctp_ifwdtsn_hdr ftsn_hdr;
3588 size_t hint;
3589
3590 hint = (nstreams + 1) * sizeof(__u32);
3591
3592 retval = sctp_make_control(asoc, SCTP_CID_I_FWD_TSN, 0, hint,
3593 GFP_ATOMIC);
3594 if (!retval)
3595 return NULL;
3596
3597 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn);
3598 retval->subh.ifwdtsn_hdr =
3599 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr);
3600
3601 sctp_addto_chunk(retval, nstreams * sizeof(skiplist[0]), skiplist);
3602
3603 return retval;
3604}
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621static struct sctp_chunk *sctp_make_reconf(const struct sctp_association *asoc,
3622 int length)
3623{
3624 struct sctp_reconf_chunk *reconf;
3625 struct sctp_chunk *retval;
3626
3627 retval = sctp_make_control(asoc, SCTP_CID_RECONF, 0, length,
3628 GFP_ATOMIC);
3629 if (!retval)
3630 return NULL;
3631
3632 reconf = (struct sctp_reconf_chunk *)retval->chunk_hdr;
3633 retval->param_hdr.v = reconf->params;
3634
3635 return retval;
3636}
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672struct sctp_chunk *sctp_make_strreset_req(
3673 const struct sctp_association *asoc,
3674 __u16 stream_num, __be16 *stream_list,
3675 bool out, bool in)
3676{
3677 __u16 stream_len = stream_num * sizeof(__u16);
3678 struct sctp_strreset_outreq outreq;
3679 struct sctp_strreset_inreq inreq;
3680 struct sctp_chunk *retval;
3681 __u16 outlen, inlen;
3682
3683 outlen = (sizeof(outreq) + stream_len) * out;
3684 inlen = (sizeof(inreq) + stream_len) * in;
3685
3686 retval = sctp_make_reconf(asoc, outlen + inlen);
3687 if (!retval)
3688 return NULL;
3689
3690 if (outlen) {
3691 outreq.param_hdr.type = SCTP_PARAM_RESET_OUT_REQUEST;
3692 outreq.param_hdr.length = htons(outlen);
3693 outreq.request_seq = htonl(asoc->strreset_outseq);
3694 outreq.response_seq = htonl(asoc->strreset_inseq - 1);
3695 outreq.send_reset_at_tsn = htonl(asoc->next_tsn - 1);
3696
3697 sctp_addto_chunk(retval, sizeof(outreq), &outreq);
3698
3699 if (stream_len)
3700 sctp_addto_chunk(retval, stream_len, stream_list);
3701 }
3702
3703 if (inlen) {
3704 inreq.param_hdr.type = SCTP_PARAM_RESET_IN_REQUEST;
3705 inreq.param_hdr.length = htons(inlen);
3706 inreq.request_seq = htonl(asoc->strreset_outseq + out);
3707
3708 sctp_addto_chunk(retval, sizeof(inreq), &inreq);
3709
3710 if (stream_len)
3711 sctp_addto_chunk(retval, stream_len, stream_list);
3712 }
3713
3714 return retval;
3715}
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726struct sctp_chunk *sctp_make_strreset_tsnreq(
3727 const struct sctp_association *asoc)
3728{
3729 struct sctp_strreset_tsnreq tsnreq;
3730 __u16 length = sizeof(tsnreq);
3731 struct sctp_chunk *retval;
3732
3733 retval = sctp_make_reconf(asoc, length);
3734 if (!retval)
3735 return NULL;
3736
3737 tsnreq.param_hdr.type = SCTP_PARAM_RESET_TSN_REQUEST;
3738 tsnreq.param_hdr.length = htons(length);
3739 tsnreq.request_seq = htonl(asoc->strreset_outseq);
3740
3741 sctp_addto_chunk(retval, sizeof(tsnreq), &tsnreq);
3742
3743 return retval;
3744}
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757struct sctp_chunk *sctp_make_strreset_addstrm(
3758 const struct sctp_association *asoc,
3759 __u16 out, __u16 in)
3760{
3761 struct sctp_strreset_addstrm addstrm;
3762 __u16 size = sizeof(addstrm);
3763 struct sctp_chunk *retval;
3764
3765 retval = sctp_make_reconf(asoc, (!!out + !!in) * size);
3766 if (!retval)
3767 return NULL;
3768
3769 if (out) {
3770 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_OUT_STREAMS;
3771 addstrm.param_hdr.length = htons(size);
3772 addstrm.number_of_streams = htons(out);
3773 addstrm.request_seq = htonl(asoc->strreset_outseq);
3774 addstrm.reserved = 0;
3775
3776 sctp_addto_chunk(retval, size, &addstrm);
3777 }
3778
3779 if (in) {
3780 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_IN_STREAMS;
3781 addstrm.param_hdr.length = htons(size);
3782 addstrm.number_of_streams = htons(in);
3783 addstrm.request_seq = htonl(asoc->strreset_outseq + !!out);
3784 addstrm.reserved = 0;
3785
3786 sctp_addto_chunk(retval, size, &addstrm);
3787 }
3788
3789 return retval;
3790}
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803struct sctp_chunk *sctp_make_strreset_resp(const struct sctp_association *asoc,
3804 __u32 result, __u32 sn)
3805{
3806 struct sctp_strreset_resp resp;
3807 __u16 length = sizeof(resp);
3808 struct sctp_chunk *retval;
3809
3810 retval = sctp_make_reconf(asoc, length);
3811 if (!retval)
3812 return NULL;
3813
3814 resp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE;
3815 resp.param_hdr.length = htons(length);
3816 resp.response_seq = htonl(sn);
3817 resp.result = htonl(result);
3818
3819 sctp_addto_chunk(retval, sizeof(resp), &resp);
3820
3821 return retval;
3822}
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839struct sctp_chunk *sctp_make_strreset_tsnresp(struct sctp_association *asoc,
3840 __u32 result, __u32 sn,
3841 __u32 sender_tsn,
3842 __u32 receiver_tsn)
3843{
3844 struct sctp_strreset_resptsn tsnresp;
3845 __u16 length = sizeof(tsnresp);
3846 struct sctp_chunk *retval;
3847
3848 retval = sctp_make_reconf(asoc, length);
3849 if (!retval)
3850 return NULL;
3851
3852 tsnresp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE;
3853 tsnresp.param_hdr.length = htons(length);
3854
3855 tsnresp.response_seq = htonl(sn);
3856 tsnresp.result = htonl(result);
3857 tsnresp.senders_next_tsn = htonl(sender_tsn);
3858 tsnresp.receivers_next_tsn = htonl(receiver_tsn);
3859
3860 sctp_addto_chunk(retval, sizeof(tsnresp), &tsnresp);
3861
3862 return retval;
3863}
3864
3865bool sctp_verify_reconf(const struct sctp_association *asoc,
3866 struct sctp_chunk *chunk,
3867 struct sctp_paramhdr **errp)
3868{
3869 struct sctp_reconf_chunk *hdr;
3870 union sctp_params param;
3871 __be16 last = 0;
3872 __u16 cnt = 0;
3873
3874 hdr = (struct sctp_reconf_chunk *)chunk->chunk_hdr;
3875 sctp_walk_params(param, hdr, params) {
3876 __u16 length = ntohs(param.p->length);
3877
3878 *errp = param.p;
3879 if (cnt++ > 2)
3880 return false;
3881 switch (param.p->type) {
3882 case SCTP_PARAM_RESET_OUT_REQUEST:
3883 if (length < sizeof(struct sctp_strreset_outreq) ||
3884 (last && last != SCTP_PARAM_RESET_RESPONSE &&
3885 last != SCTP_PARAM_RESET_IN_REQUEST))
3886 return false;
3887 break;
3888 case SCTP_PARAM_RESET_IN_REQUEST:
3889 if (length < sizeof(struct sctp_strreset_inreq) ||
3890 (last && last != SCTP_PARAM_RESET_OUT_REQUEST))
3891 return false;
3892 break;
3893 case SCTP_PARAM_RESET_RESPONSE:
3894 if ((length != sizeof(struct sctp_strreset_resp) &&
3895 length != sizeof(struct sctp_strreset_resptsn)) ||
3896 (last && last != SCTP_PARAM_RESET_RESPONSE &&
3897 last != SCTP_PARAM_RESET_OUT_REQUEST))
3898 return false;
3899 break;
3900 case SCTP_PARAM_RESET_TSN_REQUEST:
3901 if (length !=
3902 sizeof(struct sctp_strreset_tsnreq) || last)
3903 return false;
3904 break;
3905 case SCTP_PARAM_RESET_ADD_IN_STREAMS:
3906 if (length != sizeof(struct sctp_strreset_addstrm) ||
3907 (last && last != SCTP_PARAM_RESET_ADD_OUT_STREAMS))
3908 return false;
3909 break;
3910 case SCTP_PARAM_RESET_ADD_OUT_STREAMS:
3911 if (length != sizeof(struct sctp_strreset_addstrm) ||
3912 (last && last != SCTP_PARAM_RESET_ADD_IN_STREAMS))
3913 return false;
3914 break;
3915 default:
3916 return false;
3917 }
3918
3919 last = param.p->type;
3920 }
3921
3922 return true;
3923}
3924