1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
32
33#include <crypto/hash.h>
34#include <linux/types.h>
35#include <linux/kernel.h>
36#include <linux/ip.h>
37#include <linux/ipv6.h>
38#include <linux/net.h>
39#include <linux/inet.h>
40#include <linux/scatterlist.h>
41#include <linux/slab.h>
42#include <net/sock.h>
43
44#include <linux/skbuff.h>
45#include <linux/random.h>
46#include <net/sctp/sctp.h>
47#include <net/sctp/sm.h>
48
49static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc,
50 __u8 type, __u8 flags, int paylen,
51 gfp_t gfp);
52static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc,
53 __u8 flags, int paylen, gfp_t gfp);
54static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc,
55 __u8 type, __u8 flags, int paylen,
56 gfp_t gfp);
57static struct sctp_cookie_param *sctp_pack_cookie(
58 const struct sctp_endpoint *ep,
59 const struct sctp_association *asoc,
60 const struct sctp_chunk *init_chunk,
61 int *cookie_len,
62 const __u8 *raw_addrs, int addrs_len);
63static int sctp_process_param(struct sctp_association *asoc,
64 union sctp_params param,
65 const union sctp_addr *peer_addr,
66 gfp_t gfp);
67static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
68 const void *data);
69
70
71static void sctp_control_release_owner(struct sk_buff *skb)
72{
73 struct sctp_chunk *chunk = skb_shinfo(skb)->destructor_arg;
74
75 if (chunk->shkey) {
76 struct sctp_shared_key *shkey = chunk->shkey;
77 struct sctp_association *asoc = chunk->asoc;
78
79
80
81
82
83 if (shkey->deactivated && !list_empty(&shkey->key_list) &&
84 refcount_read(&shkey->refcnt) == 2) {
85 struct sctp_ulpevent *ev;
86
87 ev = sctp_ulpevent_make_authkey(asoc, shkey->key_id,
88 SCTP_AUTH_FREE_KEY,
89 GFP_KERNEL);
90 if (ev)
91 asoc->stream.si->enqueue_event(&asoc->ulpq, ev);
92 }
93 sctp_auth_shkey_release(chunk->shkey);
94 }
95}
96
97static void sctp_control_set_owner_w(struct sctp_chunk *chunk)
98{
99 struct sctp_association *asoc = chunk->asoc;
100 struct sk_buff *skb = chunk->skb;
101
102
103
104
105
106
107
108
109 if (chunk->auth) {
110 chunk->shkey = asoc->shkey;
111 sctp_auth_shkey_hold(chunk->shkey);
112 }
113 skb->sk = asoc ? asoc->base.sk : NULL;
114 skb_shinfo(skb)->destructor_arg = chunk;
115 skb->destructor = sctp_control_release_owner;
116}
117
118
119int sctp_chunk_iif(const struct sctp_chunk *chunk)
120{
121 struct sk_buff *skb = chunk->skb;
122
123 return SCTP_INPUT_CB(skb)->af->skb_iif(skb);
124}
125
126
127
128
129
130
131static const struct sctp_paramhdr ecap_param = {
132 SCTP_PARAM_ECN_CAPABLE,
133 cpu_to_be16(sizeof(struct sctp_paramhdr)),
134};
135static const struct sctp_paramhdr prsctp_param = {
136 SCTP_PARAM_FWD_TSN_SUPPORT,
137 cpu_to_be16(sizeof(struct sctp_paramhdr)),
138};
139
140
141
142
143int sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code,
144 size_t paylen)
145{
146 struct sctp_errhdr err;
147 __u16 len;
148
149
150 err.cause = cause_code;
151 len = sizeof(err) + paylen;
152 err.length = htons(len);
153
154 if (skb_tailroom(chunk->skb) < len)
155 return -ENOSPC;
156
157 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(err), &err);
158
159 return 0;
160}
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
207 const struct sctp_bind_addr *bp,
208 gfp_t gfp, int vparam_len)
209{
210 struct sctp_supported_ext_param ext_param;
211 struct sctp_adaptation_ind_param aiparam;
212 struct sctp_paramhdr *auth_chunks = NULL;
213 struct sctp_paramhdr *auth_hmacs = NULL;
214 struct sctp_supported_addrs_param sat;
215 struct sctp_endpoint *ep = asoc->ep;
216 struct sctp_chunk *retval = NULL;
217 int num_types, addrs_len = 0;
218 struct sctp_inithdr init;
219 union sctp_params addrs;
220 struct sctp_sock *sp;
221 __u8 extensions[5];
222 size_t chunksize;
223 __be16 types[2];
224 int num_ext = 0;
225
226
227
228
229
230
231
232
233 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp);
234
235 init.init_tag = htonl(asoc->c.my_vtag);
236 init.a_rwnd = htonl(asoc->rwnd);
237 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
238 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
239 init.initial_tsn = htonl(asoc->c.initial_tsn);
240
241
242 sp = sctp_sk(asoc->base.sk);
243 num_types = sp->pf->supported_addrs(sp, types);
244
245 chunksize = sizeof(init) + addrs_len;
246 chunksize += SCTP_PAD4(SCTP_SAT_LEN(num_types));
247
248 if (asoc->ep->ecn_enable)
249 chunksize += sizeof(ecap_param);
250
251 if (asoc->ep->prsctp_enable)
252 chunksize += sizeof(prsctp_param);
253
254
255
256
257
258
259 if (asoc->ep->asconf_enable) {
260 extensions[num_ext] = SCTP_CID_ASCONF;
261 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
262 num_ext += 2;
263 }
264
265 if (asoc->ep->reconf_enable) {
266 extensions[num_ext] = SCTP_CID_RECONF;
267 num_ext += 1;
268 }
269
270 if (sp->adaptation_ind)
271 chunksize += sizeof(aiparam);
272
273 if (asoc->ep->intl_enable) {
274 extensions[num_ext] = SCTP_CID_I_DATA;
275 num_ext += 1;
276 }
277
278 chunksize += vparam_len;
279
280
281 if (ep->auth_enable) {
282
283 chunksize += sizeof(asoc->c.auth_random);
284
285
286 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs;
287 if (auth_hmacs->length)
288 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length));
289 else
290 auth_hmacs = NULL;
291
292
293 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks;
294 if (auth_chunks->length)
295 chunksize += SCTP_PAD4(ntohs(auth_chunks->length));
296 else
297 auth_chunks = NULL;
298
299 extensions[num_ext] = SCTP_CID_AUTH;
300 num_ext += 1;
301 }
302
303
304 if (num_ext)
305 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext);
306
307
308
309
310
311
312
313
314
315
316
317
318
319 retval = sctp_make_control(asoc, SCTP_CID_INIT, 0, chunksize, gfp);
320 if (!retval)
321 goto nodata;
322
323 retval->subh.init_hdr =
324 sctp_addto_chunk(retval, sizeof(init), &init);
325 retval->param_hdr.v =
326 sctp_addto_chunk(retval, addrs_len, addrs.v);
327
328
329
330
331
332
333
334
335 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES;
336 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types));
337 sctp_addto_chunk(retval, sizeof(sat), &sat);
338 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types);
339
340 if (asoc->ep->ecn_enable)
341 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
342
343
344
345
346 if (num_ext) {
347 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
348 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext);
349 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param);
350 sctp_addto_param(retval, num_ext, extensions);
351 }
352
353 if (asoc->ep->prsctp_enable)
354 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
355
356 if (sp->adaptation_ind) {
357 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
358 aiparam.param_hdr.length = htons(sizeof(aiparam));
359 aiparam.adaptation_ind = htonl(sp->adaptation_ind);
360 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
361 }
362
363
364 if (ep->auth_enable) {
365 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random),
366 asoc->c.auth_random);
367 if (auth_hmacs)
368 sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
369 auth_hmacs);
370 if (auth_chunks)
371 sctp_addto_chunk(retval, ntohs(auth_chunks->length),
372 auth_chunks);
373 }
374nodata:
375 kfree(addrs.v);
376 return retval;
377}
378
379struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
380 const struct sctp_chunk *chunk,
381 gfp_t gfp, int unkparam_len)
382{
383 struct sctp_supported_ext_param ext_param;
384 struct sctp_adaptation_ind_param aiparam;
385 struct sctp_paramhdr *auth_chunks = NULL;
386 struct sctp_paramhdr *auth_random = NULL;
387 struct sctp_paramhdr *auth_hmacs = NULL;
388 struct sctp_chunk *retval = NULL;
389 struct sctp_cookie_param *cookie;
390 struct sctp_inithdr initack;
391 union sctp_params addrs;
392 struct sctp_sock *sp;
393 __u8 extensions[5];
394 size_t chunksize;
395 int num_ext = 0;
396 int cookie_len;
397 int addrs_len;
398
399
400 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp);
401
402 initack.init_tag = htonl(asoc->c.my_vtag);
403 initack.a_rwnd = htonl(asoc->rwnd);
404 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
405 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
406 initack.initial_tsn = htonl(asoc->c.initial_tsn);
407
408
409
410
411 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len,
412 addrs.v, addrs_len);
413 if (!cookie)
414 goto nomem_cookie;
415
416
417
418
419 sp = sctp_sk(asoc->base.sk);
420 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len;
421
422
423 if (asoc->peer.ecn_capable)
424 chunksize += sizeof(ecap_param);
425
426 if (asoc->peer.prsctp_capable)
427 chunksize += sizeof(prsctp_param);
428
429 if (asoc->peer.asconf_capable) {
430 extensions[num_ext] = SCTP_CID_ASCONF;
431 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
432 num_ext += 2;
433 }
434
435 if (asoc->peer.reconf_capable) {
436 extensions[num_ext] = SCTP_CID_RECONF;
437 num_ext += 1;
438 }
439
440 if (sp->adaptation_ind)
441 chunksize += sizeof(aiparam);
442
443 if (asoc->peer.intl_capable) {
444 extensions[num_ext] = SCTP_CID_I_DATA;
445 num_ext += 1;
446 }
447
448 if (asoc->peer.auth_capable) {
449 auth_random = (struct sctp_paramhdr *)asoc->c.auth_random;
450 chunksize += ntohs(auth_random->length);
451
452 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs;
453 if (auth_hmacs->length)
454 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length));
455 else
456 auth_hmacs = NULL;
457
458 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks;
459 if (auth_chunks->length)
460 chunksize += SCTP_PAD4(ntohs(auth_chunks->length));
461 else
462 auth_chunks = NULL;
463
464 extensions[num_ext] = SCTP_CID_AUTH;
465 num_ext += 1;
466 }
467
468 if (num_ext)
469 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext);
470
471
472 retval = sctp_make_control(asoc, SCTP_CID_INIT_ACK, 0, chunksize, gfp);
473 if (!retval)
474 goto nomem_chunk;
475
476
477
478
479
480
481
482
483
484
485 if (chunk->transport)
486 retval->transport =
487 sctp_assoc_lookup_paddr(asoc,
488 &chunk->transport->ipaddr);
489
490 retval->subh.init_hdr =
491 sctp_addto_chunk(retval, sizeof(initack), &initack);
492 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v);
493 sctp_addto_chunk(retval, cookie_len, cookie);
494 if (asoc->peer.ecn_capable)
495 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
496 if (num_ext) {
497 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
498 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext);
499 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param);
500 sctp_addto_param(retval, num_ext, extensions);
501 }
502 if (asoc->peer.prsctp_capable)
503 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
504
505 if (sp->adaptation_ind) {
506 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
507 aiparam.param_hdr.length = htons(sizeof(aiparam));
508 aiparam.adaptation_ind = htonl(sp->adaptation_ind);
509 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
510 }
511
512 if (asoc->peer.auth_capable) {
513 sctp_addto_chunk(retval, ntohs(auth_random->length),
514 auth_random);
515 if (auth_hmacs)
516 sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
517 auth_hmacs);
518 if (auth_chunks)
519 sctp_addto_chunk(retval, ntohs(auth_chunks->length),
520 auth_chunks);
521 }
522
523
524 retval->asoc = (struct sctp_association *) asoc;
525
526nomem_chunk:
527 kfree(cookie);
528nomem_cookie:
529 kfree(addrs.v);
530 return retval;
531}
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc,
568 const struct sctp_chunk *chunk)
569{
570 struct sctp_chunk *retval;
571 int cookie_len;
572 void *cookie;
573
574 cookie = asoc->peer.cookie;
575 cookie_len = asoc->peer.cookie_len;
576
577
578 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ECHO, 0,
579 cookie_len, GFP_ATOMIC);
580 if (!retval)
581 goto nodata;
582 retval->subh.cookie_hdr =
583 sctp_addto_chunk(retval, cookie_len, cookie);
584
585
586
587
588
589
590
591
592
593
594 if (chunk)
595 retval->transport = chunk->transport;
596
597nodata:
598 return retval;
599}
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc,
620 const struct sctp_chunk *chunk)
621{
622 struct sctp_chunk *retval;
623
624 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ACK, 0, 0, GFP_ATOMIC);
625
626
627
628
629
630
631
632
633
634
635 if (retval && chunk && chunk->transport)
636 retval->transport =
637 sctp_assoc_lookup_paddr(asoc,
638 &chunk->transport->ipaddr);
639
640 return retval;
641}
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc,
667 const __u32 lowest_tsn,
668 const struct sctp_chunk *chunk)
669{
670 struct sctp_chunk *retval;
671 struct sctp_cwrhdr cwr;
672
673 cwr.lowest_tsn = htonl(lowest_tsn);
674 retval = sctp_make_control(asoc, SCTP_CID_ECN_CWR, 0,
675 sizeof(cwr), GFP_ATOMIC);
676
677 if (!retval)
678 goto nodata;
679
680 retval->subh.ecn_cwr_hdr =
681 sctp_addto_chunk(retval, sizeof(cwr), &cwr);
682
683
684
685
686
687
688
689
690
691
692
693 if (chunk)
694 retval->transport = chunk->transport;
695
696nodata:
697 return retval;
698}
699
700
701struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc,
702 const __u32 lowest_tsn)
703{
704 struct sctp_chunk *retval;
705 struct sctp_ecnehdr ecne;
706
707 ecne.lowest_tsn = htonl(lowest_tsn);
708 retval = sctp_make_control(asoc, SCTP_CID_ECN_ECNE, 0,
709 sizeof(ecne), GFP_ATOMIC);
710 if (!retval)
711 goto nodata;
712 retval->subh.ecne_hdr =
713 sctp_addto_chunk(retval, sizeof(ecne), &ecne);
714
715nodata:
716 return retval;
717}
718
719
720
721
722struct sctp_chunk *sctp_make_datafrag_empty(const struct sctp_association *asoc,
723 const struct sctp_sndrcvinfo *sinfo,
724 int len, __u8 flags, gfp_t gfp)
725{
726 struct sctp_chunk *retval;
727 struct sctp_datahdr dp;
728
729
730
731
732 memset(&dp, 0, sizeof(dp));
733 dp.ppid = sinfo->sinfo_ppid;
734 dp.stream = htons(sinfo->sinfo_stream);
735
736
737 if (sinfo->sinfo_flags & SCTP_UNORDERED)
738 flags |= SCTP_DATA_UNORDERED;
739
740 retval = sctp_make_data(asoc, flags, sizeof(dp) + len, gfp);
741 if (!retval)
742 return NULL;
743
744 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp);
745 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo));
746
747 return retval;
748}
749
750
751
752
753
754struct sctp_chunk *sctp_make_sack(struct sctp_association *asoc)
755{
756 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
757 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS];
758 __u16 num_gabs, num_dup_tsns;
759 struct sctp_transport *trans;
760 struct sctp_chunk *retval;
761 struct sctp_sackhdr sack;
762 __u32 ctsn;
763 int len;
764
765 memset(gabs, 0, sizeof(gabs));
766 ctsn = sctp_tsnmap_get_ctsn(map);
767
768 pr_debug("%s: sackCTSNAck sent:0x%x\n", __func__, ctsn);
769
770
771 num_gabs = sctp_tsnmap_num_gabs(map, gabs);
772 num_dup_tsns = sctp_tsnmap_num_dups(map);
773
774
775 sack.cum_tsn_ack = htonl(ctsn);
776 sack.a_rwnd = htonl(asoc->a_rwnd);
777 sack.num_gap_ack_blocks = htons(num_gabs);
778 sack.num_dup_tsns = htons(num_dup_tsns);
779
780 len = sizeof(sack)
781 + sizeof(struct sctp_gap_ack_block) * num_gabs
782 + sizeof(__u32) * num_dup_tsns;
783
784
785 retval = sctp_make_control(asoc, SCTP_CID_SACK, 0, len, GFP_ATOMIC);
786 if (!retval)
787 goto nodata;
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819 retval->transport = asoc->peer.last_data_from;
820
821 retval->subh.sack_hdr =
822 sctp_addto_chunk(retval, sizeof(sack), &sack);
823
824
825 if (num_gabs)
826 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs,
827 gabs);
828
829
830 if (num_dup_tsns) {
831 asoc->stats.idupchunks += num_dup_tsns;
832 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns,
833 sctp_tsnmap_get_dups(map));
834 }
835
836
837
838
839
840
841
842
843 if (++asoc->peer.sack_generation == 0) {
844 list_for_each_entry(trans, &asoc->peer.transport_addr_list,
845 transports)
846 trans->sack_generation = 0;
847 asoc->peer.sack_generation = 1;
848 }
849nodata:
850 return retval;
851}
852
853
854struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc,
855 const struct sctp_chunk *chunk)
856{
857 struct sctp_shutdownhdr shut;
858 struct sctp_chunk *retval;
859 __u32 ctsn;
860
861 if (chunk && chunk->asoc)
862 ctsn = sctp_tsnmap_get_ctsn(&chunk->asoc->peer.tsn_map);
863 else
864 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map);
865
866 shut.cum_tsn_ack = htonl(ctsn);
867
868 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN, 0,
869 sizeof(shut), GFP_ATOMIC);
870 if (!retval)
871 goto nodata;
872
873 retval->subh.shutdown_hdr =
874 sctp_addto_chunk(retval, sizeof(shut), &shut);
875
876 if (chunk)
877 retval->transport = chunk->transport;
878nodata:
879 return retval;
880}
881
882struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc,
883 const struct sctp_chunk *chunk)
884{
885 struct sctp_chunk *retval;
886
887 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0,
888 GFP_ATOMIC);
889
890
891
892
893
894
895
896
897
898
899 if (retval && chunk)
900 retval->transport = chunk->transport;
901
902 return retval;
903}
904
905struct sctp_chunk *sctp_make_shutdown_complete(
906 const struct sctp_association *asoc,
907 const struct sctp_chunk *chunk)
908{
909 struct sctp_chunk *retval;
910 __u8 flags = 0;
911
912
913
914
915 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T;
916
917 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags,
918 0, GFP_ATOMIC);
919
920
921
922
923
924
925
926
927
928
929
930 if (retval && chunk)
931 retval->transport = chunk->transport;
932
933 return retval;
934}
935
936
937
938
939struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc,
940 const struct sctp_chunk *chunk,
941 const size_t hint)
942{
943 struct sctp_chunk *retval;
944 __u8 flags = 0;
945
946
947
948
949 if (!asoc) {
950 if (chunk && chunk->chunk_hdr &&
951 chunk->chunk_hdr->type == SCTP_CID_INIT)
952 flags = 0;
953 else
954 flags = SCTP_CHUNK_FLAG_T;
955 }
956
957 retval = sctp_make_control(asoc, SCTP_CID_ABORT, flags, hint,
958 GFP_ATOMIC);
959
960
961
962
963
964
965
966
967
968
969 if (retval && chunk)
970 retval->transport = chunk->transport;
971
972 return retval;
973}
974
975
976struct sctp_chunk *sctp_make_abort_no_data(
977 const struct sctp_association *asoc,
978 const struct sctp_chunk *chunk,
979 __u32 tsn)
980{
981 struct sctp_chunk *retval;
982 __be32 payload;
983
984 retval = sctp_make_abort(asoc, chunk,
985 sizeof(struct sctp_errhdr) + sizeof(tsn));
986
987 if (!retval)
988 goto no_mem;
989
990
991 payload = htonl(tsn);
992 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload));
993 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload);
994
995
996
997
998
999
1000
1001
1002
1003
1004 if (chunk)
1005 retval->transport = chunk->transport;
1006
1007no_mem:
1008 return retval;
1009}
1010
1011
1012struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc,
1013 struct msghdr *msg,
1014 size_t paylen)
1015{
1016 struct sctp_chunk *retval;
1017 void *payload = NULL;
1018 int err;
1019
1020 retval = sctp_make_abort(asoc, NULL,
1021 sizeof(struct sctp_errhdr) + paylen);
1022 if (!retval)
1023 goto err_chunk;
1024
1025 if (paylen) {
1026
1027 payload = kmalloc(paylen, GFP_KERNEL);
1028 if (!payload)
1029 goto err_payload;
1030
1031 err = memcpy_from_msg(payload, msg, paylen);
1032 if (err < 0)
1033 goto err_copy;
1034 }
1035
1036 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen);
1037 sctp_addto_chunk(retval, paylen, payload);
1038
1039 if (paylen)
1040 kfree(payload);
1041
1042 return retval;
1043
1044err_copy:
1045 kfree(payload);
1046err_payload:
1047 sctp_chunk_free(retval);
1048 retval = NULL;
1049err_chunk:
1050 return retval;
1051}
1052
1053
1054
1055
1056static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
1057 const void *data)
1058{
1059 int chunklen = ntohs(chunk->chunk_hdr->length);
1060 void *target;
1061
1062 target = skb_put(chunk->skb, len);
1063
1064 if (data)
1065 memcpy(target, data, len);
1066 else
1067 memset(target, 0, len);
1068
1069
1070 chunk->chunk_hdr->length = htons(chunklen + len);
1071 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1072
1073 return target;
1074}
1075
1076
1077struct sctp_chunk *sctp_make_abort_violation(
1078 const struct sctp_association *asoc,
1079 const struct sctp_chunk *chunk,
1080 const __u8 *payload,
1081 const size_t paylen)
1082{
1083 struct sctp_chunk *retval;
1084 struct sctp_paramhdr phdr;
1085
1086 retval = sctp_make_abort(asoc, chunk, sizeof(struct sctp_errhdr) +
1087 paylen + sizeof(phdr));
1088 if (!retval)
1089 goto end;
1090
1091 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen +
1092 sizeof(phdr));
1093
1094 phdr.type = htons(chunk->chunk_hdr->type);
1095 phdr.length = chunk->chunk_hdr->length;
1096 sctp_addto_chunk(retval, paylen, payload);
1097 sctp_addto_param(retval, sizeof(phdr), &phdr);
1098
1099end:
1100 return retval;
1101}
1102
1103struct sctp_chunk *sctp_make_violation_paramlen(
1104 const struct sctp_association *asoc,
1105 const struct sctp_chunk *chunk,
1106 struct sctp_paramhdr *param)
1107{
1108 static const char error[] = "The following parameter had invalid length:";
1109 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr) +
1110 sizeof(*param);
1111 struct sctp_chunk *retval;
1112
1113 retval = sctp_make_abort(asoc, chunk, payload_len);
1114 if (!retval)
1115 goto nodata;
1116
1117 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION,
1118 sizeof(error) + sizeof(*param));
1119 sctp_addto_chunk(retval, sizeof(error), error);
1120 sctp_addto_param(retval, sizeof(*param), param);
1121
1122nodata:
1123 return retval;
1124}
1125
1126struct sctp_chunk *sctp_make_violation_max_retrans(
1127 const struct sctp_association *asoc,
1128 const struct sctp_chunk *chunk)
1129{
1130 static const char error[] = "Association exceeded its max_retrans count";
1131 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr);
1132 struct sctp_chunk *retval;
1133
1134 retval = sctp_make_abort(asoc, chunk, payload_len);
1135 if (!retval)
1136 goto nodata;
1137
1138 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error));
1139 sctp_addto_chunk(retval, sizeof(error), error);
1140
1141nodata:
1142 return retval;
1143}
1144
1145struct sctp_chunk *sctp_make_new_encap_port(const struct sctp_association *asoc,
1146 const struct sctp_chunk *chunk)
1147{
1148 struct sctp_new_encap_port_hdr nep;
1149 struct sctp_chunk *retval;
1150
1151 retval = sctp_make_abort(asoc, chunk,
1152 sizeof(struct sctp_errhdr) + sizeof(nep));
1153 if (!retval)
1154 goto nodata;
1155
1156 sctp_init_cause(retval, SCTP_ERROR_NEW_ENCAP_PORT, sizeof(nep));
1157 nep.cur_port = SCTP_INPUT_CB(chunk->skb)->encap_port;
1158 nep.new_port = chunk->transport->encap_port;
1159 sctp_addto_chunk(retval, sizeof(nep), &nep);
1160
1161nodata:
1162 return retval;
1163}
1164
1165
1166struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc,
1167 const struct sctp_transport *transport)
1168{
1169 struct sctp_sender_hb_info hbinfo;
1170 struct sctp_chunk *retval;
1171
1172 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT, 0,
1173 sizeof(hbinfo), GFP_ATOMIC);
1174
1175 if (!retval)
1176 goto nodata;
1177
1178 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO;
1179 hbinfo.param_hdr.length = htons(sizeof(hbinfo));
1180 hbinfo.daddr = transport->ipaddr;
1181 hbinfo.sent_at = jiffies;
1182 hbinfo.hb_nonce = transport->hb_nonce;
1183
1184
1185
1186
1187 retval->transport = (struct sctp_transport *) transport;
1188 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo),
1189 &hbinfo);
1190
1191nodata:
1192 return retval;
1193}
1194
1195struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc,
1196 const struct sctp_chunk *chunk,
1197 const void *payload,
1198 const size_t paylen)
1199{
1200 struct sctp_chunk *retval;
1201
1202 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen,
1203 GFP_ATOMIC);
1204 if (!retval)
1205 goto nodata;
1206
1207 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload);
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218 if (chunk)
1219 retval->transport = chunk->transport;
1220
1221nodata:
1222 return retval;
1223}
1224
1225
1226
1227
1228static struct sctp_chunk *sctp_make_op_error_space(
1229 const struct sctp_association *asoc,
1230 const struct sctp_chunk *chunk,
1231 size_t size)
1232{
1233 struct sctp_chunk *retval;
1234
1235 retval = sctp_make_control(asoc, SCTP_CID_ERROR, 0,
1236 sizeof(struct sctp_errhdr) + size,
1237 GFP_ATOMIC);
1238 if (!retval)
1239 goto nodata;
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249 if (chunk)
1250 retval->transport = chunk->transport;
1251
1252nodata:
1253 return retval;
1254}
1255
1256
1257
1258
1259
1260
1261
1262
1263static inline struct sctp_chunk *sctp_make_op_error_limited(
1264 const struct sctp_association *asoc,
1265 const struct sctp_chunk *chunk)
1266{
1267 size_t size = SCTP_DEFAULT_MAXSEGMENT;
1268 struct sctp_sock *sp = NULL;
1269
1270 if (asoc) {
1271 size = min_t(size_t, size, asoc->pathmtu);
1272 sp = sctp_sk(asoc->base.sk);
1273 }
1274
1275 size = sctp_mtu_payload(sp, size, sizeof(struct sctp_errhdr));
1276
1277 return sctp_make_op_error_space(asoc, chunk, size);
1278}
1279
1280
1281struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc,
1282 const struct sctp_chunk *chunk,
1283 __be16 cause_code, const void *payload,
1284 size_t paylen, size_t reserve_tail)
1285{
1286 struct sctp_chunk *retval;
1287
1288 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail);
1289 if (!retval)
1290 goto nodata;
1291
1292 sctp_init_cause(retval, cause_code, paylen + reserve_tail);
1293 sctp_addto_chunk(retval, paylen, payload);
1294 if (reserve_tail)
1295 sctp_addto_param(retval, reserve_tail, NULL);
1296
1297nodata:
1298 return retval;
1299}
1300
1301struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc,
1302 __u16 key_id)
1303{
1304 struct sctp_authhdr auth_hdr;
1305 struct sctp_hmac *hmac_desc;
1306 struct sctp_chunk *retval;
1307
1308
1309 hmac_desc = sctp_auth_asoc_get_hmac(asoc);
1310 if (unlikely(!hmac_desc))
1311 return NULL;
1312
1313 retval = sctp_make_control(asoc, SCTP_CID_AUTH, 0,
1314 hmac_desc->hmac_len + sizeof(auth_hdr),
1315 GFP_ATOMIC);
1316 if (!retval)
1317 return NULL;
1318
1319 auth_hdr.hmac_id = htons(hmac_desc->hmac_id);
1320 auth_hdr.shkey_id = htons(key_id);
1321
1322 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(auth_hdr),
1323 &auth_hdr);
1324
1325 skb_put_zero(retval->skb, hmac_desc->hmac_len);
1326
1327
1328 retval->chunk_hdr->length =
1329 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len);
1330 retval->chunk_end = skb_tail_pointer(retval->skb);
1331
1332 return retval;
1333}
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350struct sctp_chunk *sctp_chunkify(struct sk_buff *skb,
1351 const struct sctp_association *asoc,
1352 struct sock *sk, gfp_t gfp)
1353{
1354 struct sctp_chunk *retval;
1355
1356 retval = kmem_cache_zalloc(sctp_chunk_cachep, gfp);
1357
1358 if (!retval)
1359 goto nodata;
1360 if (!sk)
1361 pr_debug("%s: chunkifying skb:%p w/o an sk\n", __func__, skb);
1362
1363 INIT_LIST_HEAD(&retval->list);
1364 retval->skb = skb;
1365 retval->asoc = (struct sctp_association *)asoc;
1366 retval->singleton = 1;
1367
1368 retval->fast_retransmit = SCTP_CAN_FRTX;
1369
1370
1371 INIT_LIST_HEAD(&retval->transmitted_list);
1372 INIT_LIST_HEAD(&retval->frag_list);
1373 SCTP_DBG_OBJCNT_INC(chunk);
1374 refcount_set(&retval->refcnt, 1);
1375
1376nodata:
1377 return retval;
1378}
1379
1380
1381void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src,
1382 union sctp_addr *dest)
1383{
1384 memcpy(&chunk->source, src, sizeof(union sctp_addr));
1385 memcpy(&chunk->dest, dest, sizeof(union sctp_addr));
1386}
1387
1388
1389const union sctp_addr *sctp_source(const struct sctp_chunk *chunk)
1390{
1391
1392 if (chunk->transport) {
1393 return &chunk->transport->ipaddr;
1394 } else {
1395
1396 return &chunk->source;
1397 }
1398}
1399
1400
1401
1402
1403static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc,
1404 __u8 type, __u8 flags, int paylen,
1405 gfp_t gfp)
1406{
1407 struct sctp_chunkhdr *chunk_hdr;
1408 struct sctp_chunk *retval;
1409 struct sk_buff *skb;
1410 struct sock *sk;
1411 int chunklen;
1412
1413 chunklen = SCTP_PAD4(sizeof(*chunk_hdr) + paylen);
1414 if (chunklen > SCTP_MAX_CHUNK_LEN)
1415 goto nodata;
1416
1417
1418 skb = alloc_skb(chunklen, gfp);
1419 if (!skb)
1420 goto nodata;
1421
1422
1423 chunk_hdr = (struct sctp_chunkhdr *)skb_put(skb, sizeof(*chunk_hdr));
1424 chunk_hdr->type = type;
1425 chunk_hdr->flags = flags;
1426 chunk_hdr->length = htons(sizeof(*chunk_hdr));
1427
1428 sk = asoc ? asoc->base.sk : NULL;
1429 retval = sctp_chunkify(skb, asoc, sk, gfp);
1430 if (!retval) {
1431 kfree_skb(skb);
1432 goto nodata;
1433 }
1434
1435 retval->chunk_hdr = chunk_hdr;
1436 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(*chunk_hdr);
1437
1438
1439 if (sctp_auth_send_cid(type, asoc))
1440 retval->auth = 1;
1441
1442 return retval;
1443nodata:
1444 return NULL;
1445}
1446
1447static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc,
1448 __u8 flags, int paylen, gfp_t gfp)
1449{
1450 return _sctp_make_chunk(asoc, SCTP_CID_DATA, flags, paylen, gfp);
1451}
1452
1453struct sctp_chunk *sctp_make_idata(const struct sctp_association *asoc,
1454 __u8 flags, int paylen, gfp_t gfp)
1455{
1456 return _sctp_make_chunk(asoc, SCTP_CID_I_DATA, flags, paylen, gfp);
1457}
1458
1459static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc,
1460 __u8 type, __u8 flags, int paylen,
1461 gfp_t gfp)
1462{
1463 struct sctp_chunk *chunk;
1464
1465 chunk = _sctp_make_chunk(asoc, type, flags, paylen, gfp);
1466 if (chunk)
1467 sctp_control_set_owner_w(chunk);
1468
1469 return chunk;
1470}
1471
1472
1473static void sctp_chunk_destroy(struct sctp_chunk *chunk)
1474{
1475 BUG_ON(!list_empty(&chunk->list));
1476 list_del_init(&chunk->transmitted_list);
1477
1478 consume_skb(chunk->skb);
1479 consume_skb(chunk->auth_chunk);
1480
1481 SCTP_DBG_OBJCNT_DEC(chunk);
1482 kmem_cache_free(sctp_chunk_cachep, chunk);
1483}
1484
1485
1486void sctp_chunk_free(struct sctp_chunk *chunk)
1487{
1488
1489 if (chunk->msg)
1490 sctp_datamsg_put(chunk->msg);
1491
1492 sctp_chunk_put(chunk);
1493}
1494
1495
1496void sctp_chunk_hold(struct sctp_chunk *ch)
1497{
1498 refcount_inc(&ch->refcnt);
1499}
1500
1501
1502void sctp_chunk_put(struct sctp_chunk *ch)
1503{
1504 if (refcount_dec_and_test(&ch->refcnt))
1505 sctp_chunk_destroy(ch);
1506}
1507
1508
1509
1510
1511void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data)
1512{
1513 int chunklen = ntohs(chunk->chunk_hdr->length);
1514 int padlen = SCTP_PAD4(chunklen) - chunklen;
1515 void *target;
1516
1517 skb_put_zero(chunk->skb, padlen);
1518 target = skb_put_data(chunk->skb, data, len);
1519
1520
1521 chunk->chunk_hdr->length = htons(chunklen + padlen + len);
1522 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1523
1524 return target;
1525}
1526
1527
1528
1529
1530
1531int sctp_user_addto_chunk(struct sctp_chunk *chunk, int len,
1532 struct iov_iter *from)
1533{
1534 void *target;
1535
1536
1537 target = skb_put(chunk->skb, len);
1538
1539
1540 if (!copy_from_iter_full(target, len, from))
1541 return -EFAULT;
1542
1543
1544 chunk->chunk_hdr->length =
1545 htons(ntohs(chunk->chunk_hdr->length) + len);
1546 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1547
1548 return 0;
1549}
1550
1551
1552
1553
1554void sctp_chunk_assign_ssn(struct sctp_chunk *chunk)
1555{
1556 struct sctp_stream *stream;
1557 struct sctp_chunk *lchunk;
1558 struct sctp_datamsg *msg;
1559 __u16 ssn, sid;
1560
1561 if (chunk->has_ssn)
1562 return;
1563
1564
1565 sid = ntohs(chunk->subh.data_hdr->stream);
1566 stream = &chunk->asoc->stream;
1567
1568
1569
1570
1571 msg = chunk->msg;
1572 list_for_each_entry(lchunk, &msg->chunks, frag_list) {
1573 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) {
1574 ssn = 0;
1575 } else {
1576 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG)
1577 ssn = sctp_ssn_next(stream, out, sid);
1578 else
1579 ssn = sctp_ssn_peek(stream, out, sid);
1580 }
1581
1582 lchunk->subh.data_hdr->ssn = htons(ssn);
1583 lchunk->has_ssn = 1;
1584 }
1585}
1586
1587
1588
1589
1590void sctp_chunk_assign_tsn(struct sctp_chunk *chunk)
1591{
1592 if (!chunk->has_tsn) {
1593
1594
1595
1596 chunk->subh.data_hdr->tsn =
1597 htonl(sctp_association_get_next_tsn(chunk->asoc));
1598 chunk->has_tsn = 1;
1599 }
1600}
1601
1602
1603struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep,
1604 struct sctp_chunk *chunk,
1605 gfp_t gfp)
1606{
1607 struct sctp_association *asoc;
1608 enum sctp_scope scope;
1609 struct sk_buff *skb;
1610
1611
1612 scope = sctp_scope(sctp_source(chunk));
1613 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp);
1614 if (!asoc)
1615 goto nodata;
1616 asoc->temp = 1;
1617 skb = chunk->skb;
1618
1619 SCTP_INPUT_CB(skb)->af->from_skb(&asoc->c.peer_addr, skb, 1);
1620
1621nodata:
1622 return asoc;
1623}
1624
1625
1626
1627
1628static struct sctp_cookie_param *sctp_pack_cookie(
1629 const struct sctp_endpoint *ep,
1630 const struct sctp_association *asoc,
1631 const struct sctp_chunk *init_chunk,
1632 int *cookie_len, const __u8 *raw_addrs,
1633 int addrs_len)
1634{
1635 struct sctp_signed_cookie *cookie;
1636 struct sctp_cookie_param *retval;
1637 int headersize, bodysize;
1638
1639
1640
1641
1642 headersize = sizeof(struct sctp_paramhdr) +
1643 (sizeof(struct sctp_signed_cookie) -
1644 sizeof(struct sctp_cookie));
1645 bodysize = sizeof(struct sctp_cookie)
1646 + ntohs(init_chunk->chunk_hdr->length) + addrs_len;
1647
1648
1649
1650
1651 if (bodysize % SCTP_COOKIE_MULTIPLE)
1652 bodysize += SCTP_COOKIE_MULTIPLE
1653 - (bodysize % SCTP_COOKIE_MULTIPLE);
1654 *cookie_len = headersize + bodysize;
1655
1656
1657
1658
1659 retval = kzalloc(*cookie_len, GFP_ATOMIC);
1660 if (!retval)
1661 goto nodata;
1662
1663 cookie = (struct sctp_signed_cookie *) retval->body;
1664
1665
1666 retval->p.type = SCTP_PARAM_STATE_COOKIE;
1667 retval->p.length = htons(*cookie_len);
1668
1669
1670 cookie->c = asoc->c;
1671
1672 cookie->c.raw_addr_list_len = addrs_len;
1673
1674
1675 cookie->c.prsctp_capable = asoc->peer.prsctp_capable;
1676
1677
1678 cookie->c.adaptation_ind = asoc->peer.adaptation_ind;
1679
1680
1681 cookie->c.expiration = ktime_add(asoc->cookie_life,
1682 ktime_get_real());
1683
1684
1685 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr,
1686 ntohs(init_chunk->chunk_hdr->length));
1687
1688
1689 memcpy((__u8 *)&cookie->c.peer_init[0] +
1690 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len);
1691
1692 if (sctp_sk(ep->base.sk)->hmac) {
1693 struct crypto_shash *tfm = sctp_sk(ep->base.sk)->hmac;
1694 int err;
1695
1696
1697 err = crypto_shash_setkey(tfm, ep->secret_key,
1698 sizeof(ep->secret_key)) ?:
1699 crypto_shash_tfm_digest(tfm, (u8 *)&cookie->c, bodysize,
1700 cookie->signature);
1701 if (err)
1702 goto free_cookie;
1703 }
1704
1705 return retval;
1706
1707free_cookie:
1708 kfree(retval);
1709nodata:
1710 *cookie_len = 0;
1711 return NULL;
1712}
1713
1714
1715struct sctp_association *sctp_unpack_cookie(
1716 const struct sctp_endpoint *ep,
1717 const struct sctp_association *asoc,
1718 struct sctp_chunk *chunk, gfp_t gfp,
1719 int *error, struct sctp_chunk **errp)
1720{
1721 struct sctp_association *retval = NULL;
1722 int headersize, bodysize, fixed_size;
1723 struct sctp_signed_cookie *cookie;
1724 struct sk_buff *skb = chunk->skb;
1725 struct sctp_cookie *bear_cookie;
1726 __u8 *digest = ep->digest;
1727 enum sctp_scope scope;
1728 unsigned int len;
1729 ktime_t kt;
1730
1731
1732
1733
1734 headersize = sizeof(struct sctp_chunkhdr) +
1735 (sizeof(struct sctp_signed_cookie) -
1736 sizeof(struct sctp_cookie));
1737 bodysize = ntohs(chunk->chunk_hdr->length) - headersize;
1738 fixed_size = headersize + sizeof(struct sctp_cookie);
1739
1740
1741
1742
1743
1744 len = ntohs(chunk->chunk_hdr->length);
1745 if (len < fixed_size + sizeof(struct sctp_chunkhdr))
1746 goto malformed;
1747
1748
1749 if (bodysize % SCTP_COOKIE_MULTIPLE)
1750 goto malformed;
1751
1752
1753 cookie = chunk->subh.cookie_hdr;
1754 bear_cookie = &cookie->c;
1755
1756 if (!sctp_sk(ep->base.sk)->hmac)
1757 goto no_hmac;
1758
1759
1760 {
1761 struct crypto_shash *tfm = sctp_sk(ep->base.sk)->hmac;
1762 int err;
1763
1764 err = crypto_shash_setkey(tfm, ep->secret_key,
1765 sizeof(ep->secret_key)) ?:
1766 crypto_shash_tfm_digest(tfm, (u8 *)bear_cookie, bodysize,
1767 digest);
1768 if (err) {
1769 *error = -SCTP_IERROR_NOMEM;
1770 goto fail;
1771 }
1772 }
1773
1774 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
1775 *error = -SCTP_IERROR_BAD_SIG;
1776 goto fail;
1777 }
1778
1779no_hmac:
1780
1781
1782
1783
1784
1785
1786
1787 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) {
1788 *error = -SCTP_IERROR_BAD_TAG;
1789 goto fail;
1790 }
1791
1792 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port ||
1793 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) {
1794 *error = -SCTP_IERROR_BAD_PORTS;
1795 goto fail;
1796 }
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP))
1807 kt = skb_get_ktime(skb);
1808 else
1809 kt = ktime_get_real();
1810
1811 if (!asoc && ktime_before(bear_cookie->expiration, kt)) {
1812 suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration));
1813 __be32 n = htonl(usecs);
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823 *errp = sctp_make_op_error(asoc, chunk,
1824 SCTP_ERROR_STALE_COOKIE, &n,
1825 sizeof(n), 0);
1826 if (*errp)
1827 *error = -SCTP_IERROR_STALE_COOKIE;
1828 else
1829 *error = -SCTP_IERROR_NOMEM;
1830
1831 goto fail;
1832 }
1833
1834
1835 scope = sctp_scope(sctp_source(chunk));
1836 retval = sctp_association_new(ep, ep->base.sk, scope, gfp);
1837 if (!retval) {
1838 *error = -SCTP_IERROR_NOMEM;
1839 goto fail;
1840 }
1841
1842
1843 retval->peer.port = ntohs(chunk->sctp_hdr->source);
1844
1845
1846 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie));
1847
1848 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie,
1849 GFP_ATOMIC) < 0) {
1850 *error = -SCTP_IERROR_NOMEM;
1851 goto fail;
1852 }
1853
1854
1855 if (list_empty(&retval->base.bind_addr.address_list)) {
1856 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest,
1857 sizeof(chunk->dest), SCTP_ADDR_SRC,
1858 GFP_ATOMIC);
1859 }
1860
1861 retval->next_tsn = retval->c.initial_tsn;
1862 retval->ctsn_ack_point = retval->next_tsn - 1;
1863 retval->addip_serial = retval->c.initial_tsn;
1864 retval->strreset_outseq = retval->c.initial_tsn;
1865 retval->adv_peer_ack_point = retval->ctsn_ack_point;
1866 retval->peer.prsctp_capable = retval->c.prsctp_capable;
1867 retval->peer.adaptation_ind = retval->c.adaptation_ind;
1868
1869
1870 return retval;
1871
1872fail:
1873 if (retval)
1874 sctp_association_free(retval);
1875
1876 return NULL;
1877
1878malformed:
1879
1880
1881
1882 *error = -SCTP_IERROR_MALFORMED;
1883 goto fail;
1884}
1885
1886
1887
1888
1889
1890struct __sctp_missing {
1891 __be32 num_missing;
1892 __be16 type;
1893} __packed;
1894
1895
1896
1897
1898static int sctp_process_missing_param(const struct sctp_association *asoc,
1899 enum sctp_param paramtype,
1900 struct sctp_chunk *chunk,
1901 struct sctp_chunk **errp)
1902{
1903 struct __sctp_missing report;
1904 __u16 len;
1905
1906 len = SCTP_PAD4(sizeof(report));
1907
1908
1909
1910
1911 if (!*errp)
1912 *errp = sctp_make_op_error_space(asoc, chunk, len);
1913
1914 if (*errp) {
1915 report.num_missing = htonl(1);
1916 report.type = paramtype;
1917 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM,
1918 sizeof(report));
1919 sctp_addto_chunk(*errp, sizeof(report), &report);
1920 }
1921
1922
1923 return 0;
1924}
1925
1926
1927static int sctp_process_inv_mandatory(const struct sctp_association *asoc,
1928 struct sctp_chunk *chunk,
1929 struct sctp_chunk **errp)
1930{
1931
1932
1933 if (!*errp)
1934 *errp = sctp_make_op_error_space(asoc, chunk, 0);
1935
1936 if (*errp)
1937 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0);
1938
1939
1940 return 0;
1941}
1942
1943static int sctp_process_inv_paramlength(const struct sctp_association *asoc,
1944 struct sctp_paramhdr *param,
1945 const struct sctp_chunk *chunk,
1946 struct sctp_chunk **errp)
1947{
1948
1949
1950
1951 if (*errp)
1952 sctp_chunk_free(*errp);
1953
1954
1955 *errp = sctp_make_violation_paramlen(asoc, chunk, param);
1956
1957 return 0;
1958}
1959
1960
1961
1962
1963
1964static int sctp_process_hn_param(const struct sctp_association *asoc,
1965 union sctp_params param,
1966 struct sctp_chunk *chunk,
1967 struct sctp_chunk **errp)
1968{
1969 __u16 len = ntohs(param.p->length);
1970
1971
1972
1973
1974
1975
1976 if (*errp)
1977 sctp_chunk_free(*errp);
1978
1979 *errp = sctp_make_op_error(asoc, chunk, SCTP_ERROR_DNS_FAILED,
1980 param.v, len, 0);
1981
1982
1983 return 0;
1984}
1985
1986static int sctp_verify_ext_param(struct net *net,
1987 const struct sctp_endpoint *ep,
1988 union sctp_params param)
1989{
1990 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
1991 int have_asconf = 0;
1992 int have_auth = 0;
1993 int i;
1994
1995 for (i = 0; i < num_ext; i++) {
1996 switch (param.ext->chunks[i]) {
1997 case SCTP_CID_AUTH:
1998 have_auth = 1;
1999 break;
2000 case SCTP_CID_ASCONF:
2001 case SCTP_CID_ASCONF_ACK:
2002 have_asconf = 1;
2003 break;
2004 }
2005 }
2006
2007
2008
2009
2010
2011
2012 if (net->sctp.addip_noauth)
2013 return 1;
2014
2015 if (ep->asconf_enable && !have_auth && have_asconf)
2016 return 0;
2017
2018 return 1;
2019}
2020
2021static void sctp_process_ext_param(struct sctp_association *asoc,
2022 union sctp_params param)
2023{
2024 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
2025 int i;
2026
2027 for (i = 0; i < num_ext; i++) {
2028 switch (param.ext->chunks[i]) {
2029 case SCTP_CID_RECONF:
2030 if (asoc->ep->reconf_enable)
2031 asoc->peer.reconf_capable = 1;
2032 break;
2033 case SCTP_CID_FWD_TSN:
2034 if (asoc->ep->prsctp_enable)
2035 asoc->peer.prsctp_capable = 1;
2036 break;
2037 case SCTP_CID_AUTH:
2038
2039
2040
2041 if (asoc->ep->auth_enable)
2042 asoc->peer.auth_capable = 1;
2043 break;
2044 case SCTP_CID_ASCONF:
2045 case SCTP_CID_ASCONF_ACK:
2046 if (asoc->ep->asconf_enable)
2047 asoc->peer.asconf_capable = 1;
2048 break;
2049 case SCTP_CID_I_DATA:
2050 if (asoc->ep->intl_enable)
2051 asoc->peer.intl_capable = 1;
2052 break;
2053 default:
2054 break;
2055 }
2056 }
2057}
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084static enum sctp_ierror sctp_process_unk_param(
2085 const struct sctp_association *asoc,
2086 union sctp_params param,
2087 struct sctp_chunk *chunk,
2088 struct sctp_chunk **errp)
2089{
2090 int retval = SCTP_IERROR_NO_ERROR;
2091
2092 switch (param.p->type & SCTP_PARAM_ACTION_MASK) {
2093 case SCTP_PARAM_ACTION_DISCARD:
2094 retval = SCTP_IERROR_ERROR;
2095 break;
2096 case SCTP_PARAM_ACTION_SKIP:
2097 break;
2098 case SCTP_PARAM_ACTION_DISCARD_ERR:
2099 retval = SCTP_IERROR_ERROR;
2100 fallthrough;
2101 case SCTP_PARAM_ACTION_SKIP_ERR:
2102
2103
2104
2105 if (!*errp) {
2106 *errp = sctp_make_op_error_limited(asoc, chunk);
2107 if (!*errp) {
2108
2109
2110
2111
2112
2113 retval = SCTP_IERROR_NOMEM;
2114 break;
2115 }
2116 }
2117
2118 if (!sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM,
2119 ntohs(param.p->length)))
2120 sctp_addto_chunk(*errp, ntohs(param.p->length),
2121 param.v);
2122 break;
2123 default:
2124 break;
2125 }
2126
2127 return retval;
2128}
2129
2130
2131
2132
2133
2134
2135
2136
2137static enum sctp_ierror sctp_verify_param(struct net *net,
2138 const struct sctp_endpoint *ep,
2139 const struct sctp_association *asoc,
2140 union sctp_params param,
2141 enum sctp_cid cid,
2142 struct sctp_chunk *chunk,
2143 struct sctp_chunk **err_chunk)
2144{
2145 struct sctp_hmac_algo_param *hmacs;
2146 int retval = SCTP_IERROR_NO_ERROR;
2147 __u16 n_elt, id = 0;
2148 int i;
2149
2150
2151
2152
2153
2154
2155 switch (param.p->type) {
2156 case SCTP_PARAM_IPV4_ADDRESS:
2157 case SCTP_PARAM_IPV6_ADDRESS:
2158 case SCTP_PARAM_COOKIE_PRESERVATIVE:
2159 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2160 case SCTP_PARAM_STATE_COOKIE:
2161 case SCTP_PARAM_HEARTBEAT_INFO:
2162 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2163 case SCTP_PARAM_ECN_CAPABLE:
2164 case SCTP_PARAM_ADAPTATION_LAYER_IND:
2165 break;
2166
2167 case SCTP_PARAM_SUPPORTED_EXT:
2168 if (!sctp_verify_ext_param(net, ep, param))
2169 return SCTP_IERROR_ABORT;
2170 break;
2171
2172 case SCTP_PARAM_SET_PRIMARY:
2173 if (ep->asconf_enable)
2174 break;
2175 goto unhandled;
2176
2177 case SCTP_PARAM_HOST_NAME_ADDRESS:
2178
2179 sctp_process_hn_param(asoc, param, chunk, err_chunk);
2180 retval = SCTP_IERROR_ABORT;
2181 break;
2182
2183 case SCTP_PARAM_FWD_TSN_SUPPORT:
2184 if (ep->prsctp_enable)
2185 break;
2186 goto unhandled;
2187
2188 case SCTP_PARAM_RANDOM:
2189 if (!ep->auth_enable)
2190 goto unhandled;
2191
2192
2193
2194
2195
2196
2197 if (SCTP_AUTH_RANDOM_LENGTH != ntohs(param.p->length) -
2198 sizeof(struct sctp_paramhdr)) {
2199 sctp_process_inv_paramlength(asoc, param.p,
2200 chunk, err_chunk);
2201 retval = SCTP_IERROR_ABORT;
2202 }
2203 break;
2204
2205 case SCTP_PARAM_CHUNKS:
2206 if (!ep->auth_enable)
2207 goto unhandled;
2208
2209
2210
2211
2212
2213
2214 if (260 < ntohs(param.p->length)) {
2215 sctp_process_inv_paramlength(asoc, param.p,
2216 chunk, err_chunk);
2217 retval = SCTP_IERROR_ABORT;
2218 }
2219 break;
2220
2221 case SCTP_PARAM_HMAC_ALGO:
2222 if (!ep->auth_enable)
2223 goto unhandled;
2224
2225 hmacs = (struct sctp_hmac_algo_param *)param.p;
2226 n_elt = (ntohs(param.p->length) -
2227 sizeof(struct sctp_paramhdr)) >> 1;
2228
2229
2230
2231
2232
2233 for (i = 0; i < n_elt; i++) {
2234 id = ntohs(hmacs->hmac_ids[i]);
2235
2236 if (id == SCTP_AUTH_HMAC_ID_SHA1)
2237 break;
2238 }
2239
2240 if (id != SCTP_AUTH_HMAC_ID_SHA1) {
2241 sctp_process_inv_paramlength(asoc, param.p, chunk,
2242 err_chunk);
2243 retval = SCTP_IERROR_ABORT;
2244 }
2245 break;
2246unhandled:
2247 default:
2248 pr_debug("%s: unrecognized param:%d for chunk:%d\n",
2249 __func__, ntohs(param.p->type), cid);
2250
2251 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk);
2252 break;
2253 }
2254 return retval;
2255}
2256
2257
2258int sctp_verify_init(struct net *net, const struct sctp_endpoint *ep,
2259 const struct sctp_association *asoc, enum sctp_cid cid,
2260 struct sctp_init_chunk *peer_init,
2261 struct sctp_chunk *chunk, struct sctp_chunk **errp)
2262{
2263 union sctp_params param;
2264 bool has_cookie = false;
2265 int result;
2266
2267
2268
2269
2270
2271 if (peer_init->init_hdr.num_outbound_streams == 0 ||
2272 peer_init->init_hdr.num_inbound_streams == 0 ||
2273 peer_init->init_hdr.init_tag == 0 ||
2274 ntohl(peer_init->init_hdr.a_rwnd) < SCTP_DEFAULT_MINWINDOW)
2275 return sctp_process_inv_mandatory(asoc, chunk, errp);
2276
2277 sctp_walk_params(param, peer_init, init_hdr.params) {
2278 if (param.p->type == SCTP_PARAM_STATE_COOKIE)
2279 has_cookie = true;
2280 }
2281
2282
2283
2284
2285
2286
2287
2288
2289 if (param.v != (void *)chunk->chunk_end)
2290 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp);
2291
2292
2293
2294
2295 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie)
2296 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE,
2297 chunk, errp);
2298
2299
2300 sctp_walk_params(param, peer_init, init_hdr.params) {
2301 result = sctp_verify_param(net, ep, asoc, param, cid,
2302 chunk, errp);
2303 switch (result) {
2304 case SCTP_IERROR_ABORT:
2305 case SCTP_IERROR_NOMEM:
2306 return 0;
2307 case SCTP_IERROR_ERROR:
2308 return 1;
2309 case SCTP_IERROR_NO_ERROR:
2310 default:
2311 break;
2312 }
2313
2314 }
2315
2316 return 1;
2317}
2318
2319
2320
2321
2322
2323int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk,
2324 const union sctp_addr *peer_addr,
2325 struct sctp_init_chunk *peer_init, gfp_t gfp)
2326{
2327 struct sctp_transport *transport;
2328 struct list_head *pos, *temp;
2329 union sctp_params param;
2330 union sctp_addr addr;
2331 struct sctp_af *af;
2332 int src_match = 0;
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344 asoc->encap_port = SCTP_INPUT_CB(chunk->skb)->encap_port;
2345 if (!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE))
2346 goto nomem;
2347
2348 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr))
2349 src_match = 1;
2350
2351
2352 sctp_walk_params(param, peer_init, init_hdr.params) {
2353 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
2354 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) {
2355 af = sctp_get_af_specific(param_type2af(param.p->type));
2356 af->from_addr_param(&addr, param.addr,
2357 chunk->sctp_hdr->source, 0);
2358 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr))
2359 src_match = 1;
2360 }
2361
2362 if (!sctp_process_param(asoc, param, peer_addr, gfp))
2363 goto clean_up;
2364 }
2365
2366
2367 if (!src_match)
2368 goto clean_up;
2369
2370
2371
2372
2373 if (asoc->peer.auth_capable && (!asoc->peer.peer_random ||
2374 !asoc->peer.peer_hmacs))
2375 asoc->peer.auth_capable = 0;
2376
2377
2378
2379
2380
2381
2382
2383 if (!asoc->base.net->sctp.addip_noauth &&
2384 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) {
2385 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP |
2386 SCTP_PARAM_DEL_IP |
2387 SCTP_PARAM_SET_PRIMARY);
2388 asoc->peer.asconf_capable = 0;
2389 goto clean_up;
2390 }
2391
2392
2393 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2394 transport = list_entry(pos, struct sctp_transport, transports);
2395 if (transport->state == SCTP_UNKNOWN) {
2396 sctp_assoc_rm_peer(asoc, transport);
2397 }
2398 }
2399
2400
2401
2402
2403 asoc->peer.i.init_tag =
2404 ntohl(peer_init->init_hdr.init_tag);
2405 asoc->peer.i.a_rwnd =
2406 ntohl(peer_init->init_hdr.a_rwnd);
2407 asoc->peer.i.num_outbound_streams =
2408 ntohs(peer_init->init_hdr.num_outbound_streams);
2409 asoc->peer.i.num_inbound_streams =
2410 ntohs(peer_init->init_hdr.num_inbound_streams);
2411 asoc->peer.i.initial_tsn =
2412 ntohl(peer_init->init_hdr.initial_tsn);
2413
2414 asoc->strreset_inseq = asoc->peer.i.initial_tsn;
2415
2416
2417
2418
2419 if (asoc->c.sinit_num_ostreams >
2420 ntohs(peer_init->init_hdr.num_inbound_streams)) {
2421 asoc->c.sinit_num_ostreams =
2422 ntohs(peer_init->init_hdr.num_inbound_streams);
2423 }
2424
2425 if (asoc->c.sinit_max_instreams >
2426 ntohs(peer_init->init_hdr.num_outbound_streams)) {
2427 asoc->c.sinit_max_instreams =
2428 ntohs(peer_init->init_hdr.num_outbound_streams);
2429 }
2430
2431
2432 asoc->c.peer_vtag = asoc->peer.i.init_tag;
2433
2434
2435 asoc->peer.rwnd = asoc->peer.i.a_rwnd;
2436
2437
2438
2439
2440
2441 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
2442 transports) {
2443 transport->ssthresh = asoc->peer.i.a_rwnd;
2444 }
2445
2446
2447 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
2448 asoc->peer.i.initial_tsn, gfp))
2449 goto clean_up;
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459 if (sctp_stream_init(&asoc->stream, asoc->c.sinit_num_ostreams,
2460 asoc->c.sinit_max_instreams, gfp))
2461 goto clean_up;
2462
2463
2464 sctp_assoc_update_frag_point(asoc);
2465
2466 if (!asoc->temp && sctp_assoc_set_id(asoc, gfp))
2467 goto clean_up;
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1;
2480 return 1;
2481
2482clean_up:
2483
2484 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2485 transport = list_entry(pos, struct sctp_transport, transports);
2486 if (transport->state != SCTP_ACTIVE)
2487 sctp_assoc_rm_peer(asoc, transport);
2488 }
2489
2490nomem:
2491 return 0;
2492}
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506static int sctp_process_param(struct sctp_association *asoc,
2507 union sctp_params param,
2508 const union sctp_addr *peer_addr,
2509 gfp_t gfp)
2510{
2511 struct sctp_endpoint *ep = asoc->ep;
2512 union sctp_addr_param *addr_param;
2513 struct net *net = asoc->base.net;
2514 struct sctp_transport *t;
2515 enum sctp_scope scope;
2516 union sctp_addr addr;
2517 struct sctp_af *af;
2518 int retval = 1, i;
2519 u32 stale;
2520 __u16 sat;
2521
2522
2523
2524
2525
2526 switch (param.p->type) {
2527 case SCTP_PARAM_IPV6_ADDRESS:
2528 if (PF_INET6 != asoc->base.sk->sk_family)
2529 break;
2530 goto do_addr_param;
2531
2532 case SCTP_PARAM_IPV4_ADDRESS:
2533
2534 if (ipv6_only_sock(asoc->base.sk))
2535 break;
2536do_addr_param:
2537 af = sctp_get_af_specific(param_type2af(param.p->type));
2538 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0);
2539 scope = sctp_scope(peer_addr);
2540 if (sctp_in_scope(net, &addr, scope))
2541 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED))
2542 return 0;
2543 break;
2544
2545 case SCTP_PARAM_COOKIE_PRESERVATIVE:
2546 if (!net->sctp.cookie_preserve_enable)
2547 break;
2548
2549 stale = ntohl(param.life->lifespan_increment);
2550
2551
2552
2553
2554 asoc->cookie_life = ktime_add_ms(asoc->cookie_life, stale);
2555 break;
2556
2557 case SCTP_PARAM_HOST_NAME_ADDRESS:
2558 pr_debug("%s: unimplemented SCTP_HOST_NAME_ADDRESS\n", __func__);
2559 break;
2560
2561 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2562
2563
2564
2565 asoc->peer.ipv4_address = 0;
2566 asoc->peer.ipv6_address = 0;
2567
2568
2569
2570
2571 if (peer_addr->sa.sa_family == AF_INET6)
2572 asoc->peer.ipv6_address = 1;
2573 else if (peer_addr->sa.sa_family == AF_INET)
2574 asoc->peer.ipv4_address = 1;
2575
2576
2577 sat = ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
2578 if (sat)
2579 sat /= sizeof(__u16);
2580
2581 for (i = 0; i < sat; ++i) {
2582 switch (param.sat->types[i]) {
2583 case SCTP_PARAM_IPV4_ADDRESS:
2584 asoc->peer.ipv4_address = 1;
2585 break;
2586
2587 case SCTP_PARAM_IPV6_ADDRESS:
2588 if (PF_INET6 == asoc->base.sk->sk_family)
2589 asoc->peer.ipv6_address = 1;
2590 break;
2591
2592 case SCTP_PARAM_HOST_NAME_ADDRESS:
2593 asoc->peer.hostname_address = 1;
2594 break;
2595
2596 default:
2597 break;
2598 }
2599 }
2600 break;
2601
2602 case SCTP_PARAM_STATE_COOKIE:
2603 asoc->peer.cookie_len =
2604 ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
2605 kfree(asoc->peer.cookie);
2606 asoc->peer.cookie = kmemdup(param.cookie->body, asoc->peer.cookie_len, gfp);
2607 if (!asoc->peer.cookie)
2608 retval = 0;
2609 break;
2610
2611 case SCTP_PARAM_HEARTBEAT_INFO:
2612
2613 break;
2614
2615 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2616
2617 break;
2618
2619 case SCTP_PARAM_ECN_CAPABLE:
2620 if (asoc->ep->ecn_enable) {
2621 asoc->peer.ecn_capable = 1;
2622 break;
2623 }
2624
2625 goto fall_through;
2626
2627
2628 case SCTP_PARAM_ADAPTATION_LAYER_IND:
2629 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind);
2630 break;
2631
2632 case SCTP_PARAM_SET_PRIMARY:
2633 if (!ep->asconf_enable)
2634 goto fall_through;
2635
2636 addr_param = param.v + sizeof(struct sctp_addip_param);
2637
2638 af = sctp_get_af_specific(param_type2af(addr_param->p.type));
2639 if (af == NULL)
2640 break;
2641
2642 af->from_addr_param(&addr, addr_param,
2643 htons(asoc->peer.port), 0);
2644
2645
2646
2647
2648 if (!af->addr_valid(&addr, NULL, NULL))
2649 break;
2650
2651 t = sctp_assoc_lookup_paddr(asoc, &addr);
2652 if (!t)
2653 break;
2654
2655 sctp_assoc_set_primary(asoc, t);
2656 break;
2657
2658 case SCTP_PARAM_SUPPORTED_EXT:
2659 sctp_process_ext_param(asoc, param);
2660 break;
2661
2662 case SCTP_PARAM_FWD_TSN_SUPPORT:
2663 if (asoc->ep->prsctp_enable) {
2664 asoc->peer.prsctp_capable = 1;
2665 break;
2666 }
2667
2668 goto fall_through;
2669
2670 case SCTP_PARAM_RANDOM:
2671 if (!ep->auth_enable)
2672 goto fall_through;
2673
2674
2675 kfree(asoc->peer.peer_random);
2676 asoc->peer.peer_random = kmemdup(param.p,
2677 ntohs(param.p->length), gfp);
2678 if (!asoc->peer.peer_random) {
2679 retval = 0;
2680 break;
2681 }
2682 break;
2683
2684 case SCTP_PARAM_HMAC_ALGO:
2685 if (!ep->auth_enable)
2686 goto fall_through;
2687
2688
2689 kfree(asoc->peer.peer_hmacs);
2690 asoc->peer.peer_hmacs = kmemdup(param.p,
2691 ntohs(param.p->length), gfp);
2692 if (!asoc->peer.peer_hmacs) {
2693 retval = 0;
2694 break;
2695 }
2696
2697
2698 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo);
2699 break;
2700
2701 case SCTP_PARAM_CHUNKS:
2702 if (!ep->auth_enable)
2703 goto fall_through;
2704
2705 kfree(asoc->peer.peer_chunks);
2706 asoc->peer.peer_chunks = kmemdup(param.p,
2707 ntohs(param.p->length), gfp);
2708 if (!asoc->peer.peer_chunks)
2709 retval = 0;
2710 break;
2711fall_through:
2712 default:
2713
2714
2715
2716
2717
2718 pr_debug("%s: ignoring param:%d for association:%p.\n",
2719 __func__, ntohs(param.p->type), asoc);
2720 break;
2721 }
2722
2723 return retval;
2724}
2725
2726
2727__u32 sctp_generate_tag(const struct sctp_endpoint *ep)
2728{
2729
2730
2731
2732 __u32 x;
2733
2734 do {
2735 get_random_bytes(&x, sizeof(__u32));
2736 } while (x == 0);
2737
2738 return x;
2739}
2740
2741
2742__u32 sctp_generate_tsn(const struct sctp_endpoint *ep)
2743{
2744 __u32 retval;
2745
2746 get_random_bytes(&retval, sizeof(__u32));
2747 return retval;
2748}
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc,
2773 union sctp_addr *addr,
2774 int vparam_len)
2775{
2776 struct sctp_addiphdr asconf;
2777 struct sctp_chunk *retval;
2778 int length = sizeof(asconf) + vparam_len;
2779 union sctp_addr_param addrparam;
2780 int addrlen;
2781 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2782
2783 addrlen = af->to_addr_param(addr, &addrparam);
2784 if (!addrlen)
2785 return NULL;
2786 length += addrlen;
2787
2788
2789 retval = sctp_make_control(asoc, SCTP_CID_ASCONF, 0, length,
2790 GFP_ATOMIC);
2791 if (!retval)
2792 return NULL;
2793
2794 asconf.serial = htonl(asoc->addip_serial++);
2795
2796 retval->subh.addip_hdr =
2797 sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2798 retval->param_hdr.v =
2799 sctp_addto_chunk(retval, addrlen, &addrparam);
2800
2801 return retval;
2802}
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc,
2829 union sctp_addr *laddr,
2830 struct sockaddr *addrs,
2831 int addrcnt, __be16 flags)
2832{
2833 union sctp_addr_param addr_param;
2834 struct sctp_addip_param param;
2835 int paramlen = sizeof(param);
2836 struct sctp_chunk *retval;
2837 int addr_param_len = 0;
2838 union sctp_addr *addr;
2839 int totallen = 0, i;
2840 int del_pickup = 0;
2841 struct sctp_af *af;
2842 void *addr_buf;
2843
2844
2845 addr_buf = addrs;
2846 for (i = 0; i < addrcnt; i++) {
2847 addr = addr_buf;
2848 af = sctp_get_af_specific(addr->v4.sin_family);
2849 addr_param_len = af->to_addr_param(addr, &addr_param);
2850
2851 totallen += paramlen;
2852 totallen += addr_param_len;
2853
2854 addr_buf += af->sockaddr_len;
2855 if (asoc->asconf_addr_del_pending && !del_pickup) {
2856
2857 totallen += paramlen;
2858 totallen += addr_param_len;
2859 del_pickup = 1;
2860
2861 pr_debug("%s: picked same-scope del_pending addr, "
2862 "totallen for all addresses is %d\n",
2863 __func__, totallen);
2864 }
2865 }
2866
2867
2868 retval = sctp_make_asconf(asoc, laddr, totallen);
2869 if (!retval)
2870 return NULL;
2871
2872
2873 addr_buf = addrs;
2874 for (i = 0; i < addrcnt; i++) {
2875 addr = addr_buf;
2876 af = sctp_get_af_specific(addr->v4.sin_family);
2877 addr_param_len = af->to_addr_param(addr, &addr_param);
2878 param.param_hdr.type = flags;
2879 param.param_hdr.length = htons(paramlen + addr_param_len);
2880 param.crr_id = htonl(i);
2881
2882 sctp_addto_chunk(retval, paramlen, ¶m);
2883 sctp_addto_chunk(retval, addr_param_len, &addr_param);
2884
2885 addr_buf += af->sockaddr_len;
2886 }
2887 if (flags == SCTP_PARAM_ADD_IP && del_pickup) {
2888 addr = asoc->asconf_addr_del_pending;
2889 af = sctp_get_af_specific(addr->v4.sin_family);
2890 addr_param_len = af->to_addr_param(addr, &addr_param);
2891 param.param_hdr.type = SCTP_PARAM_DEL_IP;
2892 param.param_hdr.length = htons(paramlen + addr_param_len);
2893 param.crr_id = htonl(i);
2894
2895 sctp_addto_chunk(retval, paramlen, ¶m);
2896 sctp_addto_chunk(retval, addr_param_len, &addr_param);
2897 }
2898 return retval;
2899}
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc,
2916 union sctp_addr *addr)
2917{
2918 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2919 union sctp_addr_param addrparam;
2920 struct sctp_addip_param param;
2921 struct sctp_chunk *retval;
2922 int len = sizeof(param);
2923 int addrlen;
2924
2925 addrlen = af->to_addr_param(addr, &addrparam);
2926 if (!addrlen)
2927 return NULL;
2928 len += addrlen;
2929
2930
2931 retval = sctp_make_asconf(asoc, addr, len);
2932 if (!retval)
2933 return NULL;
2934
2935 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY;
2936 param.param_hdr.length = htons(len);
2937 param.crr_id = 0;
2938
2939 sctp_addto_chunk(retval, sizeof(param), ¶m);
2940 sctp_addto_chunk(retval, addrlen, &addrparam);
2941
2942 return retval;
2943}
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc,
2965 __u32 serial, int vparam_len)
2966{
2967 struct sctp_addiphdr asconf;
2968 struct sctp_chunk *retval;
2969 int length = sizeof(asconf) + vparam_len;
2970
2971
2972 retval = sctp_make_control(asoc, SCTP_CID_ASCONF_ACK, 0, length,
2973 GFP_ATOMIC);
2974 if (!retval)
2975 return NULL;
2976
2977 asconf.serial = htonl(serial);
2978
2979 retval->subh.addip_hdr =
2980 sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2981
2982 return retval;
2983}
2984
2985
2986static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id,
2987 __be16 err_code,
2988 struct sctp_addip_param *asconf_param)
2989{
2990 struct sctp_addip_param ack_param;
2991 struct sctp_errhdr err_param;
2992 int asconf_param_len = 0;
2993 int err_param_len = 0;
2994 __be16 response_type;
2995
2996 if (SCTP_ERROR_NO_ERROR == err_code) {
2997 response_type = SCTP_PARAM_SUCCESS_REPORT;
2998 } else {
2999 response_type = SCTP_PARAM_ERR_CAUSE;
3000 err_param_len = sizeof(err_param);
3001 if (asconf_param)
3002 asconf_param_len =
3003 ntohs(asconf_param->param_hdr.length);
3004 }
3005
3006
3007 ack_param.param_hdr.type = response_type;
3008 ack_param.param_hdr.length = htons(sizeof(ack_param) +
3009 err_param_len +
3010 asconf_param_len);
3011 ack_param.crr_id = crr_id;
3012 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param);
3013
3014 if (SCTP_ERROR_NO_ERROR == err_code)
3015 return;
3016
3017
3018 err_param.cause = err_code;
3019 err_param.length = htons(err_param_len + asconf_param_len);
3020 sctp_addto_chunk(chunk, err_param_len, &err_param);
3021
3022
3023 if (asconf_param)
3024 sctp_addto_chunk(chunk, asconf_param_len, asconf_param);
3025}
3026
3027
3028static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
3029 struct sctp_chunk *asconf,
3030 struct sctp_addip_param *asconf_param)
3031{
3032 union sctp_addr_param *addr_param;
3033 struct sctp_transport *peer;
3034 union sctp_addr addr;
3035 struct sctp_af *af;
3036
3037 addr_param = (void *)asconf_param + sizeof(*asconf_param);
3038
3039 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP &&
3040 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP &&
3041 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY)
3042 return SCTP_ERROR_UNKNOWN_PARAM;
3043
3044 switch (addr_param->p.type) {
3045 case SCTP_PARAM_IPV6_ADDRESS:
3046 if (!asoc->peer.ipv6_address)
3047 return SCTP_ERROR_DNS_FAILED;
3048 break;
3049 case SCTP_PARAM_IPV4_ADDRESS:
3050 if (!asoc->peer.ipv4_address)
3051 return SCTP_ERROR_DNS_FAILED;
3052 break;
3053 default:
3054 return SCTP_ERROR_DNS_FAILED;
3055 }
3056
3057 af = sctp_get_af_specific(param_type2af(addr_param->p.type));
3058 if (unlikely(!af))
3059 return SCTP_ERROR_DNS_FAILED;
3060
3061 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0);
3062
3063
3064
3065
3066
3067
3068 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb))
3069 return SCTP_ERROR_DNS_FAILED;
3070
3071 switch (asconf_param->param_hdr.type) {
3072 case SCTP_PARAM_ADD_IP:
3073
3074
3075
3076
3077 if (af->is_any(&addr))
3078 memcpy(&addr, &asconf->source, sizeof(addr));
3079
3080 if (security_sctp_bind_connect(asoc->ep->base.sk,
3081 SCTP_PARAM_ADD_IP,
3082 (struct sockaddr *)&addr,
3083 af->sockaddr_len))
3084 return SCTP_ERROR_REQ_REFUSED;
3085
3086
3087
3088
3089
3090
3091
3092
3093 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED);
3094 if (!peer)
3095 return SCTP_ERROR_RSRC_LOW;
3096
3097
3098 sctp_transport_reset_hb_timer(peer);
3099 asoc->new_transport = peer;
3100 break;
3101 case SCTP_PARAM_DEL_IP:
3102
3103
3104
3105
3106
3107 if (asoc->peer.transport_count == 1)
3108 return SCTP_ERROR_DEL_LAST_IP;
3109
3110
3111
3112
3113
3114
3115
3116
3117 if (sctp_cmp_addr_exact(&asconf->source, &addr))
3118 return SCTP_ERROR_DEL_SRC_IP;
3119
3120
3121
3122
3123
3124
3125 if (af->is_any(&addr)) {
3126 sctp_assoc_set_primary(asoc, asconf->transport);
3127 sctp_assoc_del_nonprimary_peers(asoc,
3128 asconf->transport);
3129 return SCTP_ERROR_NO_ERROR;
3130 }
3131
3132
3133
3134
3135
3136
3137 peer = sctp_assoc_lookup_paddr(asoc, &addr);
3138 if (!peer)
3139 return SCTP_ERROR_DNS_FAILED;
3140
3141 sctp_assoc_rm_peer(asoc, peer);
3142 break;
3143 case SCTP_PARAM_SET_PRIMARY:
3144
3145
3146
3147
3148
3149 if (af->is_any(&addr))
3150 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
3151
3152 if (security_sctp_bind_connect(asoc->ep->base.sk,
3153 SCTP_PARAM_SET_PRIMARY,
3154 (struct sockaddr *)&addr,
3155 af->sockaddr_len))
3156 return SCTP_ERROR_REQ_REFUSED;
3157
3158 peer = sctp_assoc_lookup_paddr(asoc, &addr);
3159 if (!peer)
3160 return SCTP_ERROR_DNS_FAILED;
3161
3162 sctp_assoc_set_primary(asoc, peer);
3163 break;
3164 }
3165
3166 return SCTP_ERROR_NO_ERROR;
3167}
3168
3169
3170bool sctp_verify_asconf(const struct sctp_association *asoc,
3171 struct sctp_chunk *chunk, bool addr_param_needed,
3172 struct sctp_paramhdr **errp)
3173{
3174 struct sctp_addip_chunk *addip;
3175 bool addr_param_seen = false;
3176 union sctp_params param;
3177
3178 addip = (struct sctp_addip_chunk *)chunk->chunk_hdr;
3179 sctp_walk_params(param, addip, addip_hdr.params) {
3180 size_t length = ntohs(param.p->length);
3181
3182 *errp = param.p;
3183 switch (param.p->type) {
3184 case SCTP_PARAM_ERR_CAUSE:
3185 break;
3186 case SCTP_PARAM_IPV4_ADDRESS:
3187 if (length != sizeof(struct sctp_ipv4addr_param))
3188 return false;
3189
3190
3191
3192 if (param.v != addip->addip_hdr.params)
3193 return false;
3194 addr_param_seen = true;
3195 break;
3196 case SCTP_PARAM_IPV6_ADDRESS:
3197 if (length != sizeof(struct sctp_ipv6addr_param))
3198 return false;
3199 if (param.v != addip->addip_hdr.params)
3200 return false;
3201 addr_param_seen = true;
3202 break;
3203 case SCTP_PARAM_ADD_IP:
3204 case SCTP_PARAM_DEL_IP:
3205 case SCTP_PARAM_SET_PRIMARY:
3206
3207 if (addr_param_needed && !addr_param_seen)
3208 return false;
3209 length = ntohs(param.addip->param_hdr.length);
3210 if (length < sizeof(struct sctp_addip_param) +
3211 sizeof(**errp))
3212 return false;
3213 break;
3214 case SCTP_PARAM_SUCCESS_REPORT:
3215 case SCTP_PARAM_ADAPTATION_LAYER_IND:
3216 if (length != sizeof(struct sctp_addip_param))
3217 return false;
3218 break;
3219 default:
3220
3221 return false;
3222 }
3223 }
3224
3225
3226 if (addr_param_needed && !addr_param_seen)
3227 return false;
3228 if (!addr_param_needed && addr_param_seen)
3229 return false;
3230 if (param.v != chunk->chunk_end)
3231 return false;
3232
3233 return true;
3234}
3235
3236
3237
3238
3239struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
3240 struct sctp_chunk *asconf)
3241{
3242 union sctp_addr_param *addr_param;
3243 struct sctp_addip_chunk *addip;
3244 struct sctp_chunk *asconf_ack;
3245 bool all_param_pass = true;
3246 struct sctp_addiphdr *hdr;
3247 int length = 0, chunk_len;
3248 union sctp_params param;
3249 __be16 err_code;
3250 __u32 serial;
3251
3252 addip = (struct sctp_addip_chunk *)asconf->chunk_hdr;
3253 chunk_len = ntohs(asconf->chunk_hdr->length) -
3254 sizeof(struct sctp_chunkhdr);
3255 hdr = (struct sctp_addiphdr *)asconf->skb->data;
3256 serial = ntohl(hdr->serial);
3257
3258
3259 length = sizeof(*hdr);
3260 addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3261 chunk_len -= length;
3262
3263
3264
3265
3266 length = ntohs(addr_param->p.length);
3267 chunk_len -= length;
3268
3269
3270
3271
3272
3273
3274 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4);
3275 if (!asconf_ack)
3276 goto done;
3277
3278
3279 sctp_walk_params(param, addip, addip_hdr.params) {
3280
3281 if (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
3282 param.p->type == SCTP_PARAM_IPV6_ADDRESS)
3283 continue;
3284
3285 err_code = sctp_process_asconf_param(asoc, asconf,
3286 param.addip);
3287
3288
3289
3290
3291
3292
3293
3294 if (err_code != SCTP_ERROR_NO_ERROR)
3295 all_param_pass = false;
3296 if (!all_param_pass)
3297 sctp_add_asconf_response(asconf_ack, param.addip->crr_id,
3298 err_code, param.addip);
3299
3300
3301
3302
3303
3304
3305 if (err_code == SCTP_ERROR_RSRC_LOW)
3306 goto done;
3307 }
3308done:
3309 asoc->peer.addip_serial++;
3310
3311
3312
3313
3314 if (asconf_ack) {
3315 sctp_chunk_hold(asconf_ack);
3316 list_add_tail(&asconf_ack->transmitted_list,
3317 &asoc->asconf_ack_list);
3318 }
3319
3320 return asconf_ack;
3321}
3322
3323
3324static void sctp_asconf_param_success(struct sctp_association *asoc,
3325 struct sctp_addip_param *asconf_param)
3326{
3327 struct sctp_bind_addr *bp = &asoc->base.bind_addr;
3328 union sctp_addr_param *addr_param;
3329 struct sctp_sockaddr_entry *saddr;
3330 struct sctp_transport *transport;
3331 union sctp_addr addr;
3332 struct sctp_af *af;
3333
3334 addr_param = (void *)asconf_param + sizeof(*asconf_param);
3335
3336
3337 af = sctp_get_af_specific(param_type2af(addr_param->p.type));
3338 af->from_addr_param(&addr, addr_param, htons(bp->port), 0);
3339
3340 switch (asconf_param->param_hdr.type) {
3341 case SCTP_PARAM_ADD_IP:
3342
3343
3344
3345 local_bh_disable();
3346 list_for_each_entry(saddr, &bp->address_list, list) {
3347 if (sctp_cmp_addr_exact(&saddr->a, &addr))
3348 saddr->state = SCTP_ADDR_SRC;
3349 }
3350 local_bh_enable();
3351 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3352 transports) {
3353 sctp_transport_dst_release(transport);
3354 }
3355 break;
3356 case SCTP_PARAM_DEL_IP:
3357 local_bh_disable();
3358 sctp_del_bind_addr(bp, &addr);
3359 if (asoc->asconf_addr_del_pending != NULL &&
3360 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) {
3361 kfree(asoc->asconf_addr_del_pending);
3362 asoc->asconf_addr_del_pending = NULL;
3363 }
3364 local_bh_enable();
3365 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3366 transports) {
3367 sctp_transport_dst_release(transport);
3368 }
3369 break;
3370 default:
3371 break;
3372 }
3373}
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
3385 struct sctp_addip_param *asconf_param,
3386 int no_err)
3387{
3388 struct sctp_addip_param *asconf_ack_param;
3389 struct sctp_errhdr *err_param;
3390 int asconf_ack_len;
3391 __be16 err_code;
3392 int length;
3393
3394 if (no_err)
3395 err_code = SCTP_ERROR_NO_ERROR;
3396 else
3397 err_code = SCTP_ERROR_REQ_REFUSED;
3398
3399 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) -
3400 sizeof(struct sctp_chunkhdr);
3401
3402
3403
3404
3405 length = sizeof(struct sctp_addiphdr);
3406 asconf_ack_param = (struct sctp_addip_param *)(asconf_ack->skb->data +
3407 length);
3408 asconf_ack_len -= length;
3409
3410 while (asconf_ack_len > 0) {
3411 if (asconf_ack_param->crr_id == asconf_param->crr_id) {
3412 switch (asconf_ack_param->param_hdr.type) {
3413 case SCTP_PARAM_SUCCESS_REPORT:
3414 return SCTP_ERROR_NO_ERROR;
3415 case SCTP_PARAM_ERR_CAUSE:
3416 length = sizeof(*asconf_ack_param);
3417 err_param = (void *)asconf_ack_param + length;
3418 asconf_ack_len -= length;
3419 if (asconf_ack_len > 0)
3420 return err_param->cause;
3421 else
3422 return SCTP_ERROR_INV_PARAM;
3423 break;
3424 default:
3425 return SCTP_ERROR_INV_PARAM;
3426 }
3427 }
3428
3429 length = ntohs(asconf_ack_param->param_hdr.length);
3430 asconf_ack_param = (void *)asconf_ack_param + length;
3431 asconf_ack_len -= length;
3432 }
3433
3434 return err_code;
3435}
3436
3437
3438int sctp_process_asconf_ack(struct sctp_association *asoc,
3439 struct sctp_chunk *asconf_ack)
3440{
3441 struct sctp_chunk *asconf = asoc->addip_last_asconf;
3442 struct sctp_addip_param *asconf_param;
3443 __be16 err_code = SCTP_ERROR_NO_ERROR;
3444 union sctp_addr_param *addr_param;
3445 int asconf_len = asconf->skb->len;
3446 int all_param_pass = 0;
3447 int length = 0;
3448 int no_err = 1;
3449 int retval = 0;
3450
3451
3452
3453
3454 length = sizeof(struct sctp_addip_chunk);
3455 addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3456 asconf_len -= length;
3457
3458
3459
3460
3461 length = ntohs(addr_param->p.length);
3462 asconf_param = (void *)addr_param + length;
3463 asconf_len -= length;
3464
3465
3466
3467
3468
3469
3470 if (asconf_ack->skb->len == sizeof(struct sctp_addiphdr))
3471 all_param_pass = 1;
3472
3473
3474 while (asconf_len > 0) {
3475 if (all_param_pass)
3476 err_code = SCTP_ERROR_NO_ERROR;
3477 else {
3478 err_code = sctp_get_asconf_response(asconf_ack,
3479 asconf_param,
3480 no_err);
3481 if (no_err && (SCTP_ERROR_NO_ERROR != err_code))
3482 no_err = 0;
3483 }
3484
3485 switch (err_code) {
3486 case SCTP_ERROR_NO_ERROR:
3487 sctp_asconf_param_success(asoc, asconf_param);
3488 break;
3489
3490 case SCTP_ERROR_RSRC_LOW:
3491 retval = 1;
3492 break;
3493
3494 case SCTP_ERROR_UNKNOWN_PARAM:
3495
3496
3497
3498 asoc->peer.addip_disabled_mask |=
3499 asconf_param->param_hdr.type;
3500 break;
3501
3502 case SCTP_ERROR_REQ_REFUSED:
3503 case SCTP_ERROR_DEL_LAST_IP:
3504 case SCTP_ERROR_DEL_SRC_IP:
3505 default:
3506 break;
3507 }
3508
3509
3510
3511
3512 length = ntohs(asconf_param->param_hdr.length);
3513 asconf_param = (void *)asconf_param + length;
3514 asconf_len -= length;
3515 }
3516
3517 if (no_err && asoc->src_out_of_asoc_ok) {
3518 asoc->src_out_of_asoc_ok = 0;
3519 sctp_transport_immediate_rtx(asoc->peer.primary_path);
3520 }
3521
3522
3523 list_del_init(&asconf->transmitted_list);
3524 sctp_chunk_free(asconf);
3525 asoc->addip_last_asconf = NULL;
3526
3527 return retval;
3528}
3529
3530
3531struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc,
3532 __u32 new_cum_tsn, size_t nstreams,
3533 struct sctp_fwdtsn_skip *skiplist)
3534{
3535 struct sctp_chunk *retval = NULL;
3536 struct sctp_fwdtsn_hdr ftsn_hdr;
3537 struct sctp_fwdtsn_skip skip;
3538 size_t hint;
3539 int i;
3540
3541 hint = (nstreams + 1) * sizeof(__u32);
3542
3543 retval = sctp_make_control(asoc, SCTP_CID_FWD_TSN, 0, hint, GFP_ATOMIC);
3544
3545 if (!retval)
3546 return NULL;
3547
3548 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn);
3549 retval->subh.fwdtsn_hdr =
3550 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr);
3551
3552 for (i = 0; i < nstreams; i++) {
3553 skip.stream = skiplist[i].stream;
3554 skip.ssn = skiplist[i].ssn;
3555 sctp_addto_chunk(retval, sizeof(skip), &skip);
3556 }
3557
3558 return retval;
3559}
3560
3561struct sctp_chunk *sctp_make_ifwdtsn(const struct sctp_association *asoc,
3562 __u32 new_cum_tsn, size_t nstreams,
3563 struct sctp_ifwdtsn_skip *skiplist)
3564{
3565 struct sctp_chunk *retval = NULL;
3566 struct sctp_ifwdtsn_hdr ftsn_hdr;
3567 size_t hint;
3568
3569 hint = (nstreams + 1) * sizeof(__u32);
3570
3571 retval = sctp_make_control(asoc, SCTP_CID_I_FWD_TSN, 0, hint,
3572 GFP_ATOMIC);
3573 if (!retval)
3574 return NULL;
3575
3576 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn);
3577 retval->subh.ifwdtsn_hdr =
3578 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr);
3579
3580 sctp_addto_chunk(retval, nstreams * sizeof(skiplist[0]), skiplist);
3581
3582 return retval;
3583}
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600static struct sctp_chunk *sctp_make_reconf(const struct sctp_association *asoc,
3601 int length)
3602{
3603 struct sctp_reconf_chunk *reconf;
3604 struct sctp_chunk *retval;
3605
3606 retval = sctp_make_control(asoc, SCTP_CID_RECONF, 0, length,
3607 GFP_ATOMIC);
3608 if (!retval)
3609 return NULL;
3610
3611 reconf = (struct sctp_reconf_chunk *)retval->chunk_hdr;
3612 retval->param_hdr.v = reconf->params;
3613
3614 return retval;
3615}
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651struct sctp_chunk *sctp_make_strreset_req(
3652 const struct sctp_association *asoc,
3653 __u16 stream_num, __be16 *stream_list,
3654 bool out, bool in)
3655{
3656 __u16 stream_len = stream_num * sizeof(__u16);
3657 struct sctp_strreset_outreq outreq;
3658 struct sctp_strreset_inreq inreq;
3659 struct sctp_chunk *retval;
3660 __u16 outlen, inlen;
3661
3662 outlen = (sizeof(outreq) + stream_len) * out;
3663 inlen = (sizeof(inreq) + stream_len) * in;
3664
3665 retval = sctp_make_reconf(asoc, outlen + inlen);
3666 if (!retval)
3667 return NULL;
3668
3669 if (outlen) {
3670 outreq.param_hdr.type = SCTP_PARAM_RESET_OUT_REQUEST;
3671 outreq.param_hdr.length = htons(outlen);
3672 outreq.request_seq = htonl(asoc->strreset_outseq);
3673 outreq.response_seq = htonl(asoc->strreset_inseq - 1);
3674 outreq.send_reset_at_tsn = htonl(asoc->next_tsn - 1);
3675
3676 sctp_addto_chunk(retval, sizeof(outreq), &outreq);
3677
3678 if (stream_len)
3679 sctp_addto_chunk(retval, stream_len, stream_list);
3680 }
3681
3682 if (inlen) {
3683 inreq.param_hdr.type = SCTP_PARAM_RESET_IN_REQUEST;
3684 inreq.param_hdr.length = htons(inlen);
3685 inreq.request_seq = htonl(asoc->strreset_outseq + out);
3686
3687 sctp_addto_chunk(retval, sizeof(inreq), &inreq);
3688
3689 if (stream_len)
3690 sctp_addto_chunk(retval, stream_len, stream_list);
3691 }
3692
3693 return retval;
3694}
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705struct sctp_chunk *sctp_make_strreset_tsnreq(
3706 const struct sctp_association *asoc)
3707{
3708 struct sctp_strreset_tsnreq tsnreq;
3709 __u16 length = sizeof(tsnreq);
3710 struct sctp_chunk *retval;
3711
3712 retval = sctp_make_reconf(asoc, length);
3713 if (!retval)
3714 return NULL;
3715
3716 tsnreq.param_hdr.type = SCTP_PARAM_RESET_TSN_REQUEST;
3717 tsnreq.param_hdr.length = htons(length);
3718 tsnreq.request_seq = htonl(asoc->strreset_outseq);
3719
3720 sctp_addto_chunk(retval, sizeof(tsnreq), &tsnreq);
3721
3722 return retval;
3723}
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736struct sctp_chunk *sctp_make_strreset_addstrm(
3737 const struct sctp_association *asoc,
3738 __u16 out, __u16 in)
3739{
3740 struct sctp_strreset_addstrm addstrm;
3741 __u16 size = sizeof(addstrm);
3742 struct sctp_chunk *retval;
3743
3744 retval = sctp_make_reconf(asoc, (!!out + !!in) * size);
3745 if (!retval)
3746 return NULL;
3747
3748 if (out) {
3749 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_OUT_STREAMS;
3750 addstrm.param_hdr.length = htons(size);
3751 addstrm.number_of_streams = htons(out);
3752 addstrm.request_seq = htonl(asoc->strreset_outseq);
3753 addstrm.reserved = 0;
3754
3755 sctp_addto_chunk(retval, size, &addstrm);
3756 }
3757
3758 if (in) {
3759 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_IN_STREAMS;
3760 addstrm.param_hdr.length = htons(size);
3761 addstrm.number_of_streams = htons(in);
3762 addstrm.request_seq = htonl(asoc->strreset_outseq + !!out);
3763 addstrm.reserved = 0;
3764
3765 sctp_addto_chunk(retval, size, &addstrm);
3766 }
3767
3768 return retval;
3769}
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782struct sctp_chunk *sctp_make_strreset_resp(const struct sctp_association *asoc,
3783 __u32 result, __u32 sn)
3784{
3785 struct sctp_strreset_resp resp;
3786 __u16 length = sizeof(resp);
3787 struct sctp_chunk *retval;
3788
3789 retval = sctp_make_reconf(asoc, length);
3790 if (!retval)
3791 return NULL;
3792
3793 resp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE;
3794 resp.param_hdr.length = htons(length);
3795 resp.response_seq = htonl(sn);
3796 resp.result = htonl(result);
3797
3798 sctp_addto_chunk(retval, sizeof(resp), &resp);
3799
3800 return retval;
3801}
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818struct sctp_chunk *sctp_make_strreset_tsnresp(struct sctp_association *asoc,
3819 __u32 result, __u32 sn,
3820 __u32 sender_tsn,
3821 __u32 receiver_tsn)
3822{
3823 struct sctp_strreset_resptsn tsnresp;
3824 __u16 length = sizeof(tsnresp);
3825 struct sctp_chunk *retval;
3826
3827 retval = sctp_make_reconf(asoc, length);
3828 if (!retval)
3829 return NULL;
3830
3831 tsnresp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE;
3832 tsnresp.param_hdr.length = htons(length);
3833
3834 tsnresp.response_seq = htonl(sn);
3835 tsnresp.result = htonl(result);
3836 tsnresp.senders_next_tsn = htonl(sender_tsn);
3837 tsnresp.receivers_next_tsn = htonl(receiver_tsn);
3838
3839 sctp_addto_chunk(retval, sizeof(tsnresp), &tsnresp);
3840
3841 return retval;
3842}
3843
3844bool sctp_verify_reconf(const struct sctp_association *asoc,
3845 struct sctp_chunk *chunk,
3846 struct sctp_paramhdr **errp)
3847{
3848 struct sctp_reconf_chunk *hdr;
3849 union sctp_params param;
3850 __be16 last = 0;
3851 __u16 cnt = 0;
3852
3853 hdr = (struct sctp_reconf_chunk *)chunk->chunk_hdr;
3854 sctp_walk_params(param, hdr, params) {
3855 __u16 length = ntohs(param.p->length);
3856
3857 *errp = param.p;
3858 if (cnt++ > 2)
3859 return false;
3860 switch (param.p->type) {
3861 case SCTP_PARAM_RESET_OUT_REQUEST:
3862 if (length < sizeof(struct sctp_strreset_outreq) ||
3863 (last && last != SCTP_PARAM_RESET_RESPONSE &&
3864 last != SCTP_PARAM_RESET_IN_REQUEST))
3865 return false;
3866 break;
3867 case SCTP_PARAM_RESET_IN_REQUEST:
3868 if (length < sizeof(struct sctp_strreset_inreq) ||
3869 (last && last != SCTP_PARAM_RESET_OUT_REQUEST))
3870 return false;
3871 break;
3872 case SCTP_PARAM_RESET_RESPONSE:
3873 if ((length != sizeof(struct sctp_strreset_resp) &&
3874 length != sizeof(struct sctp_strreset_resptsn)) ||
3875 (last && last != SCTP_PARAM_RESET_RESPONSE &&
3876 last != SCTP_PARAM_RESET_OUT_REQUEST))
3877 return false;
3878 break;
3879 case SCTP_PARAM_RESET_TSN_REQUEST:
3880 if (length !=
3881 sizeof(struct sctp_strreset_tsnreq) || last)
3882 return false;
3883 break;
3884 case SCTP_PARAM_RESET_ADD_IN_STREAMS:
3885 if (length != sizeof(struct sctp_strreset_addstrm) ||
3886 (last && last != SCTP_PARAM_RESET_ADD_OUT_STREAMS))
3887 return false;
3888 break;
3889 case SCTP_PARAM_RESET_ADD_OUT_STREAMS:
3890 if (length != sizeof(struct sctp_strreset_addstrm) ||
3891 (last && last != SCTP_PARAM_RESET_ADD_IN_STREAMS))
3892 return false;
3893 break;
3894 default:
3895 return false;
3896 }
3897
3898 last = param.p->type;
3899 }
3900
3901 return true;
3902}
3903