1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* SCTP kernel implementation |
3 | * (C) Copyright IBM Corp. 2001, 2004 |
4 | * Copyright (c) 1999-2000 Cisco, Inc. |
5 | * Copyright (c) 1999-2001 Motorola, Inc. |
6 | * Copyright (c) 2001-2002 Intel Corp. |
7 | * |
8 | * This file is part of the SCTP kernel implementation |
9 | * |
10 | * These functions work with the state functions in sctp_sm_statefuns.c |
11 | * to implement the state operations. These functions implement the |
12 | * steps which require modifying existing data structures. |
13 | * |
14 | * Please send any bug reports or fixes you make to the |
15 | * email address(es): |
16 | * lksctp developers <linux-sctp@vger.kernel.org> |
17 | * |
18 | * Written or modified by: |
19 | * La Monte H.P. Yarroll <piggy@acm.org> |
20 | * Karl Knutson <karl@athena.chicago.il.us> |
21 | * C. Robin <chris@hundredacre.ac.uk> |
22 | * Jon Grimm <jgrimm@us.ibm.com> |
23 | * Xingang Guo <xingang.guo@intel.com> |
24 | * Dajiang Zhang <dajiang.zhang@nokia.com> |
25 | * Sridhar Samudrala <sri@us.ibm.com> |
26 | * Daisy Chang <daisyc@us.ibm.com> |
27 | * Ardelle Fan <ardelle.fan@intel.com> |
28 | * Kevin Gao <kevin.gao@intel.com> |
29 | */ |
30 | |
31 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
32 | |
33 | #include <crypto/hash.h> |
34 | #include <linux/types.h> |
35 | #include <linux/kernel.h> |
36 | #include <linux/ip.h> |
37 | #include <linux/ipv6.h> |
38 | #include <linux/net.h> |
39 | #include <linux/inet.h> |
40 | #include <linux/scatterlist.h> |
41 | #include <linux/slab.h> |
42 | #include <net/sock.h> |
43 | |
44 | #include <linux/skbuff.h> |
45 | #include <linux/random.h> /* for get_random_bytes */ |
46 | #include <net/sctp/sctp.h> |
47 | #include <net/sctp/sm.h> |
48 | |
49 | static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, |
50 | __u8 type, __u8 flags, int paylen, |
51 | gfp_t gfp); |
52 | static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, |
53 | __u8 flags, int paylen, gfp_t gfp); |
54 | static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, |
55 | __u8 type, __u8 flags, int paylen, |
56 | gfp_t gfp); |
57 | static struct sctp_cookie_param *sctp_pack_cookie( |
58 | const struct sctp_endpoint *ep, |
59 | const struct sctp_association *asoc, |
60 | const struct sctp_chunk *init_chunk, |
61 | int *cookie_len, |
62 | const __u8 *raw_addrs, int addrs_len); |
63 | static int sctp_process_param(struct sctp_association *asoc, |
64 | union sctp_params param, |
65 | const union sctp_addr *peer_addr, |
66 | gfp_t gfp); |
67 | static void *sctp_addto_param(struct sctp_chunk *chunk, int len, |
68 | const void *data); |
69 | |
70 | /* Control chunk destructor */ |
71 | static void sctp_control_release_owner(struct sk_buff *skb) |
72 | { |
73 | struct sctp_chunk *chunk = skb_shinfo(skb)->destructor_arg; |
74 | |
75 | if (chunk->shkey) { |
76 | struct sctp_shared_key *shkey = chunk->shkey; |
77 | struct sctp_association *asoc = chunk->asoc; |
78 | |
79 | /* refcnt == 2 and !list_empty mean after this release, it's |
80 | * not being used anywhere, and it's time to notify userland |
81 | * that this shkey can be freed if it's been deactivated. |
82 | */ |
83 | if (shkey->deactivated && !list_empty(head: &shkey->key_list) && |
84 | refcount_read(r: &shkey->refcnt) == 2) { |
85 | struct sctp_ulpevent *ev; |
86 | |
87 | ev = sctp_ulpevent_make_authkey(asoc, key_id: shkey->key_id, |
88 | indication: SCTP_AUTH_FREE_KEY, |
89 | GFP_KERNEL); |
90 | if (ev) |
91 | asoc->stream.si->enqueue_event(&asoc->ulpq, ev); |
92 | } |
93 | sctp_auth_shkey_release(sh_key: chunk->shkey); |
94 | } |
95 | } |
96 | |
97 | static void sctp_control_set_owner_w(struct sctp_chunk *chunk) |
98 | { |
99 | struct sctp_association *asoc = chunk->asoc; |
100 | struct sk_buff *skb = chunk->skb; |
101 | |
102 | /* TODO: properly account for control chunks. |
103 | * To do it right we'll need: |
104 | * 1) endpoint if association isn't known. |
105 | * 2) proper memory accounting. |
106 | * |
107 | * For now don't do anything for now. |
108 | */ |
109 | if (chunk->auth) { |
110 | chunk->shkey = asoc->shkey; |
111 | sctp_auth_shkey_hold(sh_key: chunk->shkey); |
112 | } |
113 | skb->sk = asoc ? asoc->base.sk : NULL; |
114 | skb_shinfo(skb)->destructor_arg = chunk; |
115 | skb->destructor = sctp_control_release_owner; |
116 | } |
117 | |
118 | /* What was the inbound interface for this chunk? */ |
119 | int sctp_chunk_iif(const struct sctp_chunk *chunk) |
120 | { |
121 | struct sk_buff *skb = chunk->skb; |
122 | |
123 | return SCTP_INPUT_CB(skb)->af->skb_iif(skb); |
124 | } |
125 | |
126 | /* RFC 2960 3.3.2 Initiation (INIT) (1) |
127 | * |
128 | * Note 2: The ECN capable field is reserved for future use of |
129 | * Explicit Congestion Notification. |
130 | */ |
131 | static const struct sctp_paramhdr ecap_param = { |
132 | SCTP_PARAM_ECN_CAPABLE, |
133 | cpu_to_be16(sizeof(struct sctp_paramhdr)), |
134 | }; |
135 | static const struct sctp_paramhdr prsctp_param = { |
136 | SCTP_PARAM_FWD_TSN_SUPPORT, |
137 | cpu_to_be16(sizeof(struct sctp_paramhdr)), |
138 | }; |
139 | |
140 | /* A helper to initialize an op error inside a provided chunk, as most |
141 | * cause codes will be embedded inside an abort chunk. |
142 | */ |
143 | int sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, |
144 | size_t paylen) |
145 | { |
146 | struct sctp_errhdr err; |
147 | __u16 len; |
148 | |
149 | /* Cause code constants are now defined in network order. */ |
150 | err.cause = cause_code; |
151 | len = sizeof(err) + paylen; |
152 | err.length = htons(len); |
153 | |
154 | if (skb_tailroom(skb: chunk->skb) < len) |
155 | return -ENOSPC; |
156 | |
157 | chunk->subh.err_hdr = sctp_addto_chunk(chunk, len: sizeof(err), data: &err); |
158 | |
159 | return 0; |
160 | } |
161 | |
162 | /* 3.3.2 Initiation (INIT) (1) |
163 | * |
164 | * This chunk is used to initiate a SCTP association between two |
165 | * endpoints. The format of the INIT chunk is shown below: |
166 | * |
167 | * 0 1 2 3 |
168 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
169 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
170 | * | Type = 1 | Chunk Flags | Chunk Length | |
171 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
172 | * | Initiate Tag | |
173 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
174 | * | Advertised Receiver Window Credit (a_rwnd) | |
175 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
176 | * | Number of Outbound Streams | Number of Inbound Streams | |
177 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
178 | * | Initial TSN | |
179 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
180 | * \ \ |
181 | * / Optional/Variable-Length Parameters / |
182 | * \ \ |
183 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
184 | * |
185 | * |
186 | * The INIT chunk contains the following parameters. Unless otherwise |
187 | * noted, each parameter MUST only be included once in the INIT chunk. |
188 | * |
189 | * Fixed Parameters Status |
190 | * ---------------------------------------------- |
191 | * Initiate Tag Mandatory |
192 | * Advertised Receiver Window Credit Mandatory |
193 | * Number of Outbound Streams Mandatory |
194 | * Number of Inbound Streams Mandatory |
195 | * Initial TSN Mandatory |
196 | * |
197 | * Variable Parameters Status Type Value |
198 | * ------------------------------------------------------------- |
199 | * IPv4 Address (Note 1) Optional 5 |
200 | * IPv6 Address (Note 1) Optional 6 |
201 | * Cookie Preservative Optional 9 |
202 | * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) |
203 | * Host Name Address (Note 3) Optional 11 |
204 | * Supported Address Types (Note 4) Optional 12 |
205 | */ |
206 | struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, |
207 | const struct sctp_bind_addr *bp, |
208 | gfp_t gfp, int vparam_len) |
209 | { |
210 | struct sctp_supported_ext_param ext_param; |
211 | struct sctp_adaptation_ind_param aiparam; |
212 | struct sctp_paramhdr *auth_chunks = NULL; |
213 | struct sctp_paramhdr *auth_hmacs = NULL; |
214 | struct sctp_supported_addrs_param sat; |
215 | struct sctp_endpoint *ep = asoc->ep; |
216 | struct sctp_chunk *retval = NULL; |
217 | int num_types, addrs_len = 0; |
218 | struct sctp_inithdr init; |
219 | union sctp_params addrs; |
220 | struct sctp_sock *sp; |
221 | __u8 extensions[5]; |
222 | size_t chunksize; |
223 | __be16 types[2]; |
224 | int num_ext = 0; |
225 | |
226 | /* RFC 2960 3.3.2 Initiation (INIT) (1) |
227 | * |
228 | * Note 1: The INIT chunks can contain multiple addresses that |
229 | * can be IPv4 and/or IPv6 in any combination. |
230 | */ |
231 | |
232 | /* Convert the provided bind address list to raw format. */ |
233 | addrs = sctp_bind_addrs_to_raw(bp, addrs_len: &addrs_len, gfp); |
234 | |
235 | init.init_tag = htonl(asoc->c.my_vtag); |
236 | init.a_rwnd = htonl(asoc->rwnd); |
237 | init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); |
238 | init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); |
239 | init.initial_tsn = htonl(asoc->c.initial_tsn); |
240 | |
241 | /* How many address types are needed? */ |
242 | sp = sctp_sk(asoc->base.sk); |
243 | num_types = sp->pf->supported_addrs(sp, types); |
244 | |
245 | chunksize = sizeof(init) + addrs_len; |
246 | chunksize += SCTP_PAD4(SCTP_SAT_LEN(num_types)); |
247 | |
248 | if (asoc->ep->ecn_enable) |
249 | chunksize += sizeof(ecap_param); |
250 | |
251 | if (asoc->ep->prsctp_enable) |
252 | chunksize += sizeof(prsctp_param); |
253 | |
254 | /* ADDIP: Section 4.2.7: |
255 | * An implementation supporting this extension [ADDIP] MUST list |
256 | * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and |
257 | * INIT-ACK parameters. |
258 | */ |
259 | if (asoc->ep->asconf_enable) { |
260 | extensions[num_ext] = SCTP_CID_ASCONF; |
261 | extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; |
262 | num_ext += 2; |
263 | } |
264 | |
265 | if (asoc->ep->reconf_enable) { |
266 | extensions[num_ext] = SCTP_CID_RECONF; |
267 | num_ext += 1; |
268 | } |
269 | |
270 | if (sp->adaptation_ind) |
271 | chunksize += sizeof(aiparam); |
272 | |
273 | if (asoc->ep->intl_enable) { |
274 | extensions[num_ext] = SCTP_CID_I_DATA; |
275 | num_ext += 1; |
276 | } |
277 | |
278 | chunksize += vparam_len; |
279 | |
280 | /* Account for AUTH related parameters */ |
281 | if (ep->auth_enable) { |
282 | /* Add random parameter length*/ |
283 | chunksize += sizeof(asoc->c.auth_random); |
284 | |
285 | /* Add HMACS parameter length if any were defined */ |
286 | auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs; |
287 | if (auth_hmacs->length) |
288 | chunksize += SCTP_PAD4(ntohs(auth_hmacs->length)); |
289 | else |
290 | auth_hmacs = NULL; |
291 | |
292 | /* Add CHUNKS parameter length */ |
293 | auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks; |
294 | if (auth_chunks->length) |
295 | chunksize += SCTP_PAD4(ntohs(auth_chunks->length)); |
296 | else |
297 | auth_chunks = NULL; |
298 | |
299 | extensions[num_ext] = SCTP_CID_AUTH; |
300 | num_ext += 1; |
301 | } |
302 | |
303 | /* If we have any extensions to report, account for that */ |
304 | if (num_ext) |
305 | chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext); |
306 | |
307 | /* RFC 2960 3.3.2 Initiation (INIT) (1) |
308 | * |
309 | * Note 3: An INIT chunk MUST NOT contain more than one Host |
310 | * Name address parameter. Moreover, the sender of the INIT |
311 | * MUST NOT combine any other address types with the Host Name |
312 | * address in the INIT. The receiver of INIT MUST ignore any |
313 | * other address types if the Host Name address parameter is |
314 | * present in the received INIT chunk. |
315 | * |
316 | * PLEASE DO NOT FIXME [This version does not support Host Name.] |
317 | */ |
318 | |
319 | retval = sctp_make_control(asoc, type: SCTP_CID_INIT, flags: 0, paylen: chunksize, gfp); |
320 | if (!retval) |
321 | goto nodata; |
322 | |
323 | retval->subh.init_hdr = |
324 | sctp_addto_chunk(retval, len: sizeof(init), data: &init); |
325 | retval->param_hdr.v = |
326 | sctp_addto_chunk(retval, len: addrs_len, data: addrs.v); |
327 | |
328 | /* RFC 2960 3.3.2 Initiation (INIT) (1) |
329 | * |
330 | * Note 4: This parameter, when present, specifies all the |
331 | * address types the sending endpoint can support. The absence |
332 | * of this parameter indicates that the sending endpoint can |
333 | * support any address type. |
334 | */ |
335 | sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; |
336 | sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); |
337 | sctp_addto_chunk(retval, len: sizeof(sat), data: &sat); |
338 | sctp_addto_chunk(retval, len: num_types * sizeof(__u16), data: &types); |
339 | |
340 | if (asoc->ep->ecn_enable) |
341 | sctp_addto_chunk(retval, len: sizeof(ecap_param), data: &ecap_param); |
342 | |
343 | /* Add the supported extensions parameter. Be nice and add this |
344 | * fist before addiding the parameters for the extensions themselves |
345 | */ |
346 | if (num_ext) { |
347 | ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; |
348 | ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext); |
349 | sctp_addto_chunk(retval, len: sizeof(ext_param), data: &ext_param); |
350 | sctp_addto_param(chunk: retval, len: num_ext, data: extensions); |
351 | } |
352 | |
353 | if (asoc->ep->prsctp_enable) |
354 | sctp_addto_chunk(retval, len: sizeof(prsctp_param), data: &prsctp_param); |
355 | |
356 | if (sp->adaptation_ind) { |
357 | aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; |
358 | aiparam.param_hdr.length = htons(sizeof(aiparam)); |
359 | aiparam.adaptation_ind = htonl(sp->adaptation_ind); |
360 | sctp_addto_chunk(retval, len: sizeof(aiparam), data: &aiparam); |
361 | } |
362 | |
363 | /* Add SCTP-AUTH chunks to the parameter list */ |
364 | if (ep->auth_enable) { |
365 | sctp_addto_chunk(retval, len: sizeof(asoc->c.auth_random), |
366 | data: asoc->c.auth_random); |
367 | if (auth_hmacs) |
368 | sctp_addto_chunk(retval, ntohs(auth_hmacs->length), |
369 | data: auth_hmacs); |
370 | if (auth_chunks) |
371 | sctp_addto_chunk(retval, ntohs(auth_chunks->length), |
372 | data: auth_chunks); |
373 | } |
374 | nodata: |
375 | kfree(objp: addrs.v); |
376 | return retval; |
377 | } |
378 | |
379 | struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, |
380 | const struct sctp_chunk *chunk, |
381 | gfp_t gfp, int unkparam_len) |
382 | { |
383 | struct sctp_supported_ext_param ext_param; |
384 | struct sctp_adaptation_ind_param aiparam; |
385 | struct sctp_paramhdr *auth_chunks = NULL; |
386 | struct sctp_paramhdr *auth_random = NULL; |
387 | struct sctp_paramhdr *auth_hmacs = NULL; |
388 | struct sctp_chunk *retval = NULL; |
389 | struct sctp_cookie_param *cookie; |
390 | struct sctp_inithdr initack; |
391 | union sctp_params addrs; |
392 | struct sctp_sock *sp; |
393 | __u8 extensions[5]; |
394 | size_t chunksize; |
395 | int num_ext = 0; |
396 | int cookie_len; |
397 | int addrs_len; |
398 | |
399 | /* Note: there may be no addresses to embed. */ |
400 | addrs = sctp_bind_addrs_to_raw(bp: &asoc->base.bind_addr, addrs_len: &addrs_len, gfp); |
401 | |
402 | initack.init_tag = htonl(asoc->c.my_vtag); |
403 | initack.a_rwnd = htonl(asoc->rwnd); |
404 | initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); |
405 | initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); |
406 | initack.initial_tsn = htonl(asoc->c.initial_tsn); |
407 | |
408 | /* FIXME: We really ought to build the cookie right |
409 | * into the packet instead of allocating more fresh memory. |
410 | */ |
411 | cookie = sctp_pack_cookie(ep: asoc->ep, asoc, init_chunk: chunk, cookie_len: &cookie_len, |
412 | raw_addrs: addrs.v, addrs_len); |
413 | if (!cookie) |
414 | goto nomem_cookie; |
415 | |
416 | /* Calculate the total size of allocation, include the reserved |
417 | * space for reporting unknown parameters if it is specified. |
418 | */ |
419 | sp = sctp_sk(asoc->base.sk); |
420 | chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; |
421 | |
422 | /* Tell peer that we'll do ECN only if peer advertised such cap. */ |
423 | if (asoc->peer.ecn_capable) |
424 | chunksize += sizeof(ecap_param); |
425 | |
426 | if (asoc->peer.prsctp_capable) |
427 | chunksize += sizeof(prsctp_param); |
428 | |
429 | if (asoc->peer.asconf_capable) { |
430 | extensions[num_ext] = SCTP_CID_ASCONF; |
431 | extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; |
432 | num_ext += 2; |
433 | } |
434 | |
435 | if (asoc->peer.reconf_capable) { |
436 | extensions[num_ext] = SCTP_CID_RECONF; |
437 | num_ext += 1; |
438 | } |
439 | |
440 | if (sp->adaptation_ind) |
441 | chunksize += sizeof(aiparam); |
442 | |
443 | if (asoc->peer.intl_capable) { |
444 | extensions[num_ext] = SCTP_CID_I_DATA; |
445 | num_ext += 1; |
446 | } |
447 | |
448 | if (asoc->peer.auth_capable) { |
449 | auth_random = (struct sctp_paramhdr *)asoc->c.auth_random; |
450 | chunksize += ntohs(auth_random->length); |
451 | |
452 | auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs; |
453 | if (auth_hmacs->length) |
454 | chunksize += SCTP_PAD4(ntohs(auth_hmacs->length)); |
455 | else |
456 | auth_hmacs = NULL; |
457 | |
458 | auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks; |
459 | if (auth_chunks->length) |
460 | chunksize += SCTP_PAD4(ntohs(auth_chunks->length)); |
461 | else |
462 | auth_chunks = NULL; |
463 | |
464 | extensions[num_ext] = SCTP_CID_AUTH; |
465 | num_ext += 1; |
466 | } |
467 | |
468 | if (num_ext) |
469 | chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext); |
470 | |
471 | /* Now allocate and fill out the chunk. */ |
472 | retval = sctp_make_control(asoc, type: SCTP_CID_INIT_ACK, flags: 0, paylen: chunksize, gfp); |
473 | if (!retval) |
474 | goto nomem_chunk; |
475 | |
476 | /* RFC 2960 6.4 Multi-homed SCTP Endpoints |
477 | * |
478 | * An endpoint SHOULD transmit reply chunks (e.g., SACK, |
479 | * HEARTBEAT ACK, * etc.) to the same destination transport |
480 | * address from which it received the DATA or control chunk |
481 | * to which it is replying. |
482 | * |
483 | * [INIT ACK back to where the INIT came from.] |
484 | */ |
485 | if (chunk->transport) |
486 | retval->transport = |
487 | sctp_assoc_lookup_paddr(asoc, |
488 | &chunk->transport->ipaddr); |
489 | |
490 | retval->subh.init_hdr = |
491 | sctp_addto_chunk(retval, len: sizeof(initack), data: &initack); |
492 | retval->param_hdr.v = sctp_addto_chunk(retval, len: addrs_len, data: addrs.v); |
493 | sctp_addto_chunk(retval, len: cookie_len, data: cookie); |
494 | if (asoc->peer.ecn_capable) |
495 | sctp_addto_chunk(retval, len: sizeof(ecap_param), data: &ecap_param); |
496 | if (num_ext) { |
497 | ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; |
498 | ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext); |
499 | sctp_addto_chunk(retval, len: sizeof(ext_param), data: &ext_param); |
500 | sctp_addto_param(chunk: retval, len: num_ext, data: extensions); |
501 | } |
502 | if (asoc->peer.prsctp_capable) |
503 | sctp_addto_chunk(retval, len: sizeof(prsctp_param), data: &prsctp_param); |
504 | |
505 | if (sp->adaptation_ind) { |
506 | aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; |
507 | aiparam.param_hdr.length = htons(sizeof(aiparam)); |
508 | aiparam.adaptation_ind = htonl(sp->adaptation_ind); |
509 | sctp_addto_chunk(retval, len: sizeof(aiparam), data: &aiparam); |
510 | } |
511 | |
512 | if (asoc->peer.auth_capable) { |
513 | sctp_addto_chunk(retval, ntohs(auth_random->length), |
514 | data: auth_random); |
515 | if (auth_hmacs) |
516 | sctp_addto_chunk(retval, ntohs(auth_hmacs->length), |
517 | data: auth_hmacs); |
518 | if (auth_chunks) |
519 | sctp_addto_chunk(retval, ntohs(auth_chunks->length), |
520 | data: auth_chunks); |
521 | } |
522 | |
523 | /* We need to remove the const qualifier at this point. */ |
524 | retval->asoc = (struct sctp_association *) asoc; |
525 | |
526 | nomem_chunk: |
527 | kfree(objp: cookie); |
528 | nomem_cookie: |
529 | kfree(objp: addrs.v); |
530 | return retval; |
531 | } |
532 | |
533 | /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): |
534 | * |
535 | * This chunk is used only during the initialization of an association. |
536 | * It is sent by the initiator of an association to its peer to complete |
537 | * the initialization process. This chunk MUST precede any DATA chunk |
538 | * sent within the association, but MAY be bundled with one or more DATA |
539 | * chunks in the same packet. |
540 | * |
541 | * 0 1 2 3 |
542 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
543 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
544 | * | Type = 10 |Chunk Flags | Length | |
545 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
546 | * / Cookie / |
547 | * \ \ |
548 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
549 | * |
550 | * Chunk Flags: 8 bit |
551 | * |
552 | * Set to zero on transmit and ignored on receipt. |
553 | * |
554 | * Length: 16 bits (unsigned integer) |
555 | * |
556 | * Set to the size of the chunk in bytes, including the 4 bytes of |
557 | * the chunk header and the size of the Cookie. |
558 | * |
559 | * Cookie: variable size |
560 | * |
561 | * This field must contain the exact cookie received in the |
562 | * State Cookie parameter from the previous INIT ACK. |
563 | * |
564 | * An implementation SHOULD make the cookie as small as possible |
565 | * to insure interoperability. |
566 | */ |
567 | struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, |
568 | const struct sctp_chunk *chunk) |
569 | { |
570 | struct sctp_chunk *retval; |
571 | int cookie_len; |
572 | void *cookie; |
573 | |
574 | cookie = asoc->peer.cookie; |
575 | cookie_len = asoc->peer.cookie_len; |
576 | |
577 | /* Build a cookie echo chunk. */ |
578 | retval = sctp_make_control(asoc, type: SCTP_CID_COOKIE_ECHO, flags: 0, |
579 | paylen: cookie_len, GFP_ATOMIC); |
580 | if (!retval) |
581 | goto nodata; |
582 | retval->subh.cookie_hdr = |
583 | sctp_addto_chunk(retval, len: cookie_len, data: cookie); |
584 | |
585 | /* RFC 2960 6.4 Multi-homed SCTP Endpoints |
586 | * |
587 | * An endpoint SHOULD transmit reply chunks (e.g., SACK, |
588 | * HEARTBEAT ACK, * etc.) to the same destination transport |
589 | * address from which it * received the DATA or control chunk |
590 | * to which it is replying. |
591 | * |
592 | * [COOKIE ECHO back to where the INIT ACK came from.] |
593 | */ |
594 | if (chunk) |
595 | retval->transport = chunk->transport; |
596 | |
597 | nodata: |
598 | return retval; |
599 | } |
600 | |
601 | /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): |
602 | * |
603 | * This chunk is used only during the initialization of an |
604 | * association. It is used to acknowledge the receipt of a COOKIE |
605 | * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent |
606 | * within the association, but MAY be bundled with one or more DATA |
607 | * chunks or SACK chunk in the same SCTP packet. |
608 | * |
609 | * 0 1 2 3 |
610 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
611 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
612 | * | Type = 11 |Chunk Flags | Length = 4 | |
613 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
614 | * |
615 | * Chunk Flags: 8 bits |
616 | * |
617 | * Set to zero on transmit and ignored on receipt. |
618 | */ |
619 | struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, |
620 | const struct sctp_chunk *chunk) |
621 | { |
622 | struct sctp_chunk *retval; |
623 | |
624 | retval = sctp_make_control(asoc, type: SCTP_CID_COOKIE_ACK, flags: 0, paylen: 0, GFP_ATOMIC); |
625 | |
626 | /* RFC 2960 6.4 Multi-homed SCTP Endpoints |
627 | * |
628 | * An endpoint SHOULD transmit reply chunks (e.g., SACK, |
629 | * HEARTBEAT ACK, * etc.) to the same destination transport |
630 | * address from which it * received the DATA or control chunk |
631 | * to which it is replying. |
632 | * |
633 | * [COOKIE ACK back to where the COOKIE ECHO came from.] |
634 | */ |
635 | if (retval && chunk && chunk->transport) |
636 | retval->transport = |
637 | sctp_assoc_lookup_paddr(asoc, |
638 | &chunk->transport->ipaddr); |
639 | |
640 | return retval; |
641 | } |
642 | |
643 | /* |
644 | * Appendix A: Explicit Congestion Notification: |
645 | * CWR: |
646 | * |
647 | * RFC 2481 details a specific bit for a sender to send in the header of |
648 | * its next outbound TCP segment to indicate to its peer that it has |
649 | * reduced its congestion window. This is termed the CWR bit. For |
650 | * SCTP the same indication is made by including the CWR chunk. |
651 | * This chunk contains one data element, i.e. the TSN number that |
652 | * was sent in the ECNE chunk. This element represents the lowest |
653 | * TSN number in the datagram that was originally marked with the |
654 | * CE bit. |
655 | * |
656 | * 0 1 2 3 |
657 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
658 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
659 | * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | |
660 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
661 | * | Lowest TSN Number | |
662 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
663 | * |
664 | * Note: The CWR is considered a Control chunk. |
665 | */ |
666 | struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, |
667 | const __u32 lowest_tsn, |
668 | const struct sctp_chunk *chunk) |
669 | { |
670 | struct sctp_chunk *retval; |
671 | struct sctp_cwrhdr cwr; |
672 | |
673 | cwr.lowest_tsn = htonl(lowest_tsn); |
674 | retval = sctp_make_control(asoc, type: SCTP_CID_ECN_CWR, flags: 0, |
675 | paylen: sizeof(cwr), GFP_ATOMIC); |
676 | |
677 | if (!retval) |
678 | goto nodata; |
679 | |
680 | retval->subh.ecn_cwr_hdr = |
681 | sctp_addto_chunk(retval, len: sizeof(cwr), data: &cwr); |
682 | |
683 | /* RFC 2960 6.4 Multi-homed SCTP Endpoints |
684 | * |
685 | * An endpoint SHOULD transmit reply chunks (e.g., SACK, |
686 | * HEARTBEAT ACK, * etc.) to the same destination transport |
687 | * address from which it * received the DATA or control chunk |
688 | * to which it is replying. |
689 | * |
690 | * [Report a reduced congestion window back to where the ECNE |
691 | * came from.] |
692 | */ |
693 | if (chunk) |
694 | retval->transport = chunk->transport; |
695 | |
696 | nodata: |
697 | return retval; |
698 | } |
699 | |
700 | /* Make an ECNE chunk. This is a congestion experienced report. */ |
701 | struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, |
702 | const __u32 lowest_tsn) |
703 | { |
704 | struct sctp_chunk *retval; |
705 | struct sctp_ecnehdr ecne; |
706 | |
707 | ecne.lowest_tsn = htonl(lowest_tsn); |
708 | retval = sctp_make_control(asoc, type: SCTP_CID_ECN_ECNE, flags: 0, |
709 | paylen: sizeof(ecne), GFP_ATOMIC); |
710 | if (!retval) |
711 | goto nodata; |
712 | retval->subh.ecne_hdr = |
713 | sctp_addto_chunk(retval, len: sizeof(ecne), data: &ecne); |
714 | |
715 | nodata: |
716 | return retval; |
717 | } |
718 | |
719 | /* Make a DATA chunk for the given association from the provided |
720 | * parameters. However, do not populate the data payload. |
721 | */ |
722 | struct sctp_chunk *sctp_make_datafrag_empty(const struct sctp_association *asoc, |
723 | const struct sctp_sndrcvinfo *sinfo, |
724 | int len, __u8 flags, gfp_t gfp) |
725 | { |
726 | struct sctp_chunk *retval; |
727 | struct sctp_datahdr dp; |
728 | |
729 | /* We assign the TSN as LATE as possible, not here when |
730 | * creating the chunk. |
731 | */ |
732 | memset(&dp, 0, sizeof(dp)); |
733 | dp.ppid = sinfo->sinfo_ppid; |
734 | dp.stream = htons(sinfo->sinfo_stream); |
735 | |
736 | /* Set the flags for an unordered send. */ |
737 | if (sinfo->sinfo_flags & SCTP_UNORDERED) |
738 | flags |= SCTP_DATA_UNORDERED; |
739 | |
740 | retval = sctp_make_data(asoc, flags, paylen: sizeof(dp) + len, gfp); |
741 | if (!retval) |
742 | return NULL; |
743 | |
744 | retval->subh.data_hdr = sctp_addto_chunk(retval, len: sizeof(dp), data: &dp); |
745 | memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); |
746 | |
747 | return retval; |
748 | } |
749 | |
750 | /* Create a selective ackowledgement (SACK) for the given |
751 | * association. This reports on which TSN's we've seen to date, |
752 | * including duplicates and gaps. |
753 | */ |
754 | struct sctp_chunk *sctp_make_sack(struct sctp_association *asoc) |
755 | { |
756 | struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; |
757 | struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; |
758 | __u16 num_gabs, num_dup_tsns; |
759 | struct sctp_transport *trans; |
760 | struct sctp_chunk *retval; |
761 | struct sctp_sackhdr sack; |
762 | __u32 ctsn; |
763 | int len; |
764 | |
765 | memset(gabs, 0, sizeof(gabs)); |
766 | ctsn = sctp_tsnmap_get_ctsn(map); |
767 | |
768 | pr_debug("%s: sackCTSNAck sent:0x%x\n" , __func__, ctsn); |
769 | |
770 | /* How much room is needed in the chunk? */ |
771 | num_gabs = sctp_tsnmap_num_gabs(map, gabs); |
772 | num_dup_tsns = sctp_tsnmap_num_dups(map); |
773 | |
774 | /* Initialize the SACK header. */ |
775 | sack.cum_tsn_ack = htonl(ctsn); |
776 | sack.a_rwnd = htonl(asoc->a_rwnd); |
777 | sack.num_gap_ack_blocks = htons(num_gabs); |
778 | sack.num_dup_tsns = htons(num_dup_tsns); |
779 | |
780 | len = sizeof(sack) |
781 | + sizeof(struct sctp_gap_ack_block) * num_gabs |
782 | + sizeof(__u32) * num_dup_tsns; |
783 | |
784 | /* Create the chunk. */ |
785 | retval = sctp_make_control(asoc, type: SCTP_CID_SACK, flags: 0, paylen: len, GFP_ATOMIC); |
786 | if (!retval) |
787 | goto nodata; |
788 | |
789 | /* RFC 2960 6.4 Multi-homed SCTP Endpoints |
790 | * |
791 | * An endpoint SHOULD transmit reply chunks (e.g., SACK, |
792 | * HEARTBEAT ACK, etc.) to the same destination transport |
793 | * address from which it received the DATA or control chunk to |
794 | * which it is replying. This rule should also be followed if |
795 | * the endpoint is bundling DATA chunks together with the |
796 | * reply chunk. |
797 | * |
798 | * However, when acknowledging multiple DATA chunks received |
799 | * in packets from different source addresses in a single |
800 | * SACK, the SACK chunk may be transmitted to one of the |
801 | * destination transport addresses from which the DATA or |
802 | * control chunks being acknowledged were received. |
803 | * |
804 | * [BUG: We do not implement the following paragraph. |
805 | * Perhaps we should remember the last transport we used for a |
806 | * SACK and avoid that (if possible) if we have seen any |
807 | * duplicates. --piggy] |
808 | * |
809 | * When a receiver of a duplicate DATA chunk sends a SACK to a |
810 | * multi- homed endpoint it MAY be beneficial to vary the |
811 | * destination address and not use the source address of the |
812 | * DATA chunk. The reason being that receiving a duplicate |
813 | * from a multi-homed endpoint might indicate that the return |
814 | * path (as specified in the source address of the DATA chunk) |
815 | * for the SACK is broken. |
816 | * |
817 | * [Send to the address from which we last received a DATA chunk.] |
818 | */ |
819 | retval->transport = asoc->peer.last_data_from; |
820 | |
821 | retval->subh.sack_hdr = |
822 | sctp_addto_chunk(retval, len: sizeof(sack), data: &sack); |
823 | |
824 | /* Add the gap ack block information. */ |
825 | if (num_gabs) |
826 | sctp_addto_chunk(retval, len: sizeof(__u32) * num_gabs, |
827 | data: gabs); |
828 | |
829 | /* Add the duplicate TSN information. */ |
830 | if (num_dup_tsns) { |
831 | asoc->stats.idupchunks += num_dup_tsns; |
832 | sctp_addto_chunk(retval, len: sizeof(__u32) * num_dup_tsns, |
833 | data: sctp_tsnmap_get_dups(map)); |
834 | } |
835 | /* Once we have a sack generated, check to see what our sack |
836 | * generation is, if its 0, reset the transports to 0, and reset |
837 | * the association generation to 1 |
838 | * |
839 | * The idea is that zero is never used as a valid generation for the |
840 | * association so no transport will match after a wrap event like this, |
841 | * Until the next sack |
842 | */ |
843 | if (++asoc->peer.sack_generation == 0) { |
844 | list_for_each_entry(trans, &asoc->peer.transport_addr_list, |
845 | transports) |
846 | trans->sack_generation = 0; |
847 | asoc->peer.sack_generation = 1; |
848 | } |
849 | nodata: |
850 | return retval; |
851 | } |
852 | |
853 | /* Make a SHUTDOWN chunk. */ |
854 | struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, |
855 | const struct sctp_chunk *chunk) |
856 | { |
857 | struct sctp_shutdownhdr shut; |
858 | struct sctp_chunk *retval; |
859 | __u32 ctsn; |
860 | |
861 | ctsn = sctp_tsnmap_get_ctsn(map: &asoc->peer.tsn_map); |
862 | shut.cum_tsn_ack = htonl(ctsn); |
863 | |
864 | retval = sctp_make_control(asoc, type: SCTP_CID_SHUTDOWN, flags: 0, |
865 | paylen: sizeof(shut), GFP_ATOMIC); |
866 | if (!retval) |
867 | goto nodata; |
868 | |
869 | retval->subh.shutdown_hdr = |
870 | sctp_addto_chunk(retval, len: sizeof(shut), data: &shut); |
871 | |
872 | if (chunk) |
873 | retval->transport = chunk->transport; |
874 | nodata: |
875 | return retval; |
876 | } |
877 | |
878 | struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, |
879 | const struct sctp_chunk *chunk) |
880 | { |
881 | struct sctp_chunk *retval; |
882 | |
883 | retval = sctp_make_control(asoc, type: SCTP_CID_SHUTDOWN_ACK, flags: 0, paylen: 0, |
884 | GFP_ATOMIC); |
885 | |
886 | /* RFC 2960 6.4 Multi-homed SCTP Endpoints |
887 | * |
888 | * An endpoint SHOULD transmit reply chunks (e.g., SACK, |
889 | * HEARTBEAT ACK, * etc.) to the same destination transport |
890 | * address from which it * received the DATA or control chunk |
891 | * to which it is replying. |
892 | * |
893 | * [ACK back to where the SHUTDOWN came from.] |
894 | */ |
895 | if (retval && chunk) |
896 | retval->transport = chunk->transport; |
897 | |
898 | return retval; |
899 | } |
900 | |
901 | struct sctp_chunk *sctp_make_shutdown_complete( |
902 | const struct sctp_association *asoc, |
903 | const struct sctp_chunk *chunk) |
904 | { |
905 | struct sctp_chunk *retval; |
906 | __u8 flags = 0; |
907 | |
908 | /* Set the T-bit if we have no association (vtag will be |
909 | * reflected) |
910 | */ |
911 | flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; |
912 | |
913 | retval = sctp_make_control(asoc, type: SCTP_CID_SHUTDOWN_COMPLETE, flags, |
914 | paylen: 0, GFP_ATOMIC); |
915 | |
916 | /* RFC 2960 6.4 Multi-homed SCTP Endpoints |
917 | * |
918 | * An endpoint SHOULD transmit reply chunks (e.g., SACK, |
919 | * HEARTBEAT ACK, * etc.) to the same destination transport |
920 | * address from which it * received the DATA or control chunk |
921 | * to which it is replying. |
922 | * |
923 | * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK |
924 | * came from.] |
925 | */ |
926 | if (retval && chunk) |
927 | retval->transport = chunk->transport; |
928 | |
929 | return retval; |
930 | } |
931 | |
932 | /* Create an ABORT. Note that we set the T bit if we have no |
933 | * association, except when responding to an INIT (sctpimpguide 2.41). |
934 | */ |
935 | struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, |
936 | const struct sctp_chunk *chunk, |
937 | const size_t hint) |
938 | { |
939 | struct sctp_chunk *retval; |
940 | __u8 flags = 0; |
941 | |
942 | /* Set the T-bit if we have no association and 'chunk' is not |
943 | * an INIT (vtag will be reflected). |
944 | */ |
945 | if (!asoc) { |
946 | if (chunk && chunk->chunk_hdr && |
947 | chunk->chunk_hdr->type == SCTP_CID_INIT) |
948 | flags = 0; |
949 | else |
950 | flags = SCTP_CHUNK_FLAG_T; |
951 | } |
952 | |
953 | retval = sctp_make_control(asoc, type: SCTP_CID_ABORT, flags, paylen: hint, |
954 | GFP_ATOMIC); |
955 | |
956 | /* RFC 2960 6.4 Multi-homed SCTP Endpoints |
957 | * |
958 | * An endpoint SHOULD transmit reply chunks (e.g., SACK, |
959 | * HEARTBEAT ACK, * etc.) to the same destination transport |
960 | * address from which it * received the DATA or control chunk |
961 | * to which it is replying. |
962 | * |
963 | * [ABORT back to where the offender came from.] |
964 | */ |
965 | if (retval && chunk) |
966 | retval->transport = chunk->transport; |
967 | |
968 | return retval; |
969 | } |
970 | |
971 | /* Helper to create ABORT with a NO_USER_DATA error. */ |
972 | struct sctp_chunk *sctp_make_abort_no_data( |
973 | const struct sctp_association *asoc, |
974 | const struct sctp_chunk *chunk, |
975 | __u32 tsn) |
976 | { |
977 | struct sctp_chunk *retval; |
978 | __be32 payload; |
979 | |
980 | retval = sctp_make_abort(asoc, chunk, |
981 | hint: sizeof(struct sctp_errhdr) + sizeof(tsn)); |
982 | |
983 | if (!retval) |
984 | goto no_mem; |
985 | |
986 | /* Put the tsn back into network byte order. */ |
987 | payload = htonl(tsn); |
988 | sctp_init_cause(chunk: retval, cause_code: SCTP_ERROR_NO_DATA, paylen: sizeof(payload)); |
989 | sctp_addto_chunk(retval, len: sizeof(payload), data: (const void *)&payload); |
990 | |
991 | /* RFC 2960 6.4 Multi-homed SCTP Endpoints |
992 | * |
993 | * An endpoint SHOULD transmit reply chunks (e.g., SACK, |
994 | * HEARTBEAT ACK, * etc.) to the same destination transport |
995 | * address from which it * received the DATA or control chunk |
996 | * to which it is replying. |
997 | * |
998 | * [ABORT back to where the offender came from.] |
999 | */ |
1000 | if (chunk) |
1001 | retval->transport = chunk->transport; |
1002 | |
1003 | no_mem: |
1004 | return retval; |
1005 | } |
1006 | |
1007 | /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ |
1008 | struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, |
1009 | struct msghdr *msg, |
1010 | size_t paylen) |
1011 | { |
1012 | struct sctp_chunk *retval; |
1013 | void *payload = NULL; |
1014 | int err; |
1015 | |
1016 | retval = sctp_make_abort(asoc, NULL, |
1017 | hint: sizeof(struct sctp_errhdr) + paylen); |
1018 | if (!retval) |
1019 | goto err_chunk; |
1020 | |
1021 | if (paylen) { |
1022 | /* Put the msg_iov together into payload. */ |
1023 | payload = kmalloc(size: paylen, GFP_KERNEL); |
1024 | if (!payload) |
1025 | goto err_payload; |
1026 | |
1027 | err = memcpy_from_msg(data: payload, msg, len: paylen); |
1028 | if (err < 0) |
1029 | goto err_copy; |
1030 | } |
1031 | |
1032 | sctp_init_cause(chunk: retval, cause_code: SCTP_ERROR_USER_ABORT, paylen); |
1033 | sctp_addto_chunk(retval, len: paylen, data: payload); |
1034 | |
1035 | if (paylen) |
1036 | kfree(objp: payload); |
1037 | |
1038 | return retval; |
1039 | |
1040 | err_copy: |
1041 | kfree(objp: payload); |
1042 | err_payload: |
1043 | sctp_chunk_free(retval); |
1044 | retval = NULL; |
1045 | err_chunk: |
1046 | return retval; |
1047 | } |
1048 | |
1049 | /* Append bytes to the end of a parameter. Will panic if chunk is not big |
1050 | * enough. |
1051 | */ |
1052 | static void *sctp_addto_param(struct sctp_chunk *chunk, int len, |
1053 | const void *data) |
1054 | { |
1055 | int chunklen = ntohs(chunk->chunk_hdr->length); |
1056 | void *target; |
1057 | |
1058 | target = skb_put(skb: chunk->skb, len); |
1059 | |
1060 | if (data) |
1061 | memcpy(target, data, len); |
1062 | else |
1063 | memset(target, 0, len); |
1064 | |
1065 | /* Adjust the chunk length field. */ |
1066 | chunk->chunk_hdr->length = htons(chunklen + len); |
1067 | chunk->chunk_end = skb_tail_pointer(skb: chunk->skb); |
1068 | |
1069 | return target; |
1070 | } |
1071 | |
1072 | /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ |
1073 | struct sctp_chunk *sctp_make_abort_violation( |
1074 | const struct sctp_association *asoc, |
1075 | const struct sctp_chunk *chunk, |
1076 | const __u8 *payload, |
1077 | const size_t paylen) |
1078 | { |
1079 | struct sctp_chunk *retval; |
1080 | struct sctp_paramhdr phdr; |
1081 | |
1082 | retval = sctp_make_abort(asoc, chunk, hint: sizeof(struct sctp_errhdr) + |
1083 | paylen + sizeof(phdr)); |
1084 | if (!retval) |
1085 | goto end; |
1086 | |
1087 | sctp_init_cause(chunk: retval, cause_code: SCTP_ERROR_PROTO_VIOLATION, paylen: paylen + |
1088 | sizeof(phdr)); |
1089 | |
1090 | phdr.type = htons(chunk->chunk_hdr->type); |
1091 | phdr.length = chunk->chunk_hdr->length; |
1092 | sctp_addto_chunk(retval, len: paylen, data: payload); |
1093 | sctp_addto_param(chunk: retval, len: sizeof(phdr), data: &phdr); |
1094 | |
1095 | end: |
1096 | return retval; |
1097 | } |
1098 | |
1099 | struct sctp_chunk *sctp_make_violation_paramlen( |
1100 | const struct sctp_association *asoc, |
1101 | const struct sctp_chunk *chunk, |
1102 | struct sctp_paramhdr *param) |
1103 | { |
1104 | static const char error[] = "The following parameter had invalid length:" ; |
1105 | size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr) + |
1106 | sizeof(*param); |
1107 | struct sctp_chunk *retval; |
1108 | |
1109 | retval = sctp_make_abort(asoc, chunk, hint: payload_len); |
1110 | if (!retval) |
1111 | goto nodata; |
1112 | |
1113 | sctp_init_cause(chunk: retval, cause_code: SCTP_ERROR_PROTO_VIOLATION, |
1114 | paylen: sizeof(error) + sizeof(*param)); |
1115 | sctp_addto_chunk(retval, len: sizeof(error), data: error); |
1116 | sctp_addto_param(chunk: retval, len: sizeof(*param), data: param); |
1117 | |
1118 | nodata: |
1119 | return retval; |
1120 | } |
1121 | |
1122 | struct sctp_chunk *sctp_make_violation_max_retrans( |
1123 | const struct sctp_association *asoc, |
1124 | const struct sctp_chunk *chunk) |
1125 | { |
1126 | static const char error[] = "Association exceeded its max_retrans count" ; |
1127 | size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr); |
1128 | struct sctp_chunk *retval; |
1129 | |
1130 | retval = sctp_make_abort(asoc, chunk, hint: payload_len); |
1131 | if (!retval) |
1132 | goto nodata; |
1133 | |
1134 | sctp_init_cause(chunk: retval, cause_code: SCTP_ERROR_PROTO_VIOLATION, paylen: sizeof(error)); |
1135 | sctp_addto_chunk(retval, len: sizeof(error), data: error); |
1136 | |
1137 | nodata: |
1138 | return retval; |
1139 | } |
1140 | |
1141 | struct sctp_chunk *sctp_make_new_encap_port(const struct sctp_association *asoc, |
1142 | const struct sctp_chunk *chunk) |
1143 | { |
1144 | struct sctp_new_encap_port_hdr nep; |
1145 | struct sctp_chunk *retval; |
1146 | |
1147 | retval = sctp_make_abort(asoc, chunk, |
1148 | hint: sizeof(struct sctp_errhdr) + sizeof(nep)); |
1149 | if (!retval) |
1150 | goto nodata; |
1151 | |
1152 | sctp_init_cause(chunk: retval, cause_code: SCTP_ERROR_NEW_ENCAP_PORT, paylen: sizeof(nep)); |
1153 | nep.cur_port = SCTP_INPUT_CB(chunk->skb)->encap_port; |
1154 | nep.new_port = chunk->transport->encap_port; |
1155 | sctp_addto_chunk(retval, len: sizeof(nep), data: &nep); |
1156 | |
1157 | nodata: |
1158 | return retval; |
1159 | } |
1160 | |
1161 | /* Make a HEARTBEAT chunk. */ |
1162 | struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, |
1163 | const struct sctp_transport *transport, |
1164 | __u32 probe_size) |
1165 | { |
1166 | struct sctp_sender_hb_info hbinfo = {}; |
1167 | struct sctp_chunk *retval; |
1168 | |
1169 | retval = sctp_make_control(asoc, type: SCTP_CID_HEARTBEAT, flags: 0, |
1170 | paylen: sizeof(hbinfo), GFP_ATOMIC); |
1171 | |
1172 | if (!retval) |
1173 | goto nodata; |
1174 | |
1175 | hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO; |
1176 | hbinfo.param_hdr.length = htons(sizeof(hbinfo)); |
1177 | hbinfo.daddr = transport->ipaddr; |
1178 | hbinfo.sent_at = jiffies; |
1179 | hbinfo.hb_nonce = transport->hb_nonce; |
1180 | hbinfo.probe_size = probe_size; |
1181 | |
1182 | /* Cast away the 'const', as this is just telling the chunk |
1183 | * what transport it belongs to. |
1184 | */ |
1185 | retval->transport = (struct sctp_transport *) transport; |
1186 | retval->subh.hbs_hdr = sctp_addto_chunk(retval, len: sizeof(hbinfo), |
1187 | data: &hbinfo); |
1188 | retval->pmtu_probe = !!probe_size; |
1189 | |
1190 | nodata: |
1191 | return retval; |
1192 | } |
1193 | |
1194 | struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, |
1195 | const struct sctp_chunk *chunk, |
1196 | const void *payload, |
1197 | const size_t paylen) |
1198 | { |
1199 | struct sctp_chunk *retval; |
1200 | |
1201 | retval = sctp_make_control(asoc, type: SCTP_CID_HEARTBEAT_ACK, flags: 0, paylen, |
1202 | GFP_ATOMIC); |
1203 | if (!retval) |
1204 | goto nodata; |
1205 | |
1206 | retval->subh.hbs_hdr = sctp_addto_chunk(retval, len: paylen, data: payload); |
1207 | |
1208 | /* RFC 2960 6.4 Multi-homed SCTP Endpoints |
1209 | * |
1210 | * An endpoint SHOULD transmit reply chunks (e.g., SACK, |
1211 | * HEARTBEAT ACK, * etc.) to the same destination transport |
1212 | * address from which it * received the DATA or control chunk |
1213 | * to which it is replying. |
1214 | * |
1215 | * [HBACK back to where the HEARTBEAT came from.] |
1216 | */ |
1217 | if (chunk) |
1218 | retval->transport = chunk->transport; |
1219 | |
1220 | nodata: |
1221 | return retval; |
1222 | } |
1223 | |
1224 | /* RFC4820 3. Padding Chunk (PAD) |
1225 | * 0 1 2 3 |
1226 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
1227 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
1228 | * | Type = 0x84 | Flags=0 | Length | |
1229 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
1230 | * | | |
1231 | * \ Padding Data / |
1232 | * / \ |
1233 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
1234 | */ |
1235 | struct sctp_chunk *sctp_make_pad(const struct sctp_association *asoc, int len) |
1236 | { |
1237 | struct sctp_chunk *retval; |
1238 | |
1239 | retval = sctp_make_control(asoc, type: SCTP_CID_PAD, flags: 0, paylen: len, GFP_ATOMIC); |
1240 | if (!retval) |
1241 | return NULL; |
1242 | |
1243 | skb_put_zero(skb: retval->skb, len); |
1244 | retval->chunk_hdr->length = htons(ntohs(retval->chunk_hdr->length) + len); |
1245 | retval->chunk_end = skb_tail_pointer(skb: retval->skb); |
1246 | |
1247 | return retval; |
1248 | } |
1249 | |
1250 | /* Create an Operation Error chunk with the specified space reserved. |
1251 | * This routine can be used for containing multiple causes in the chunk. |
1252 | */ |
1253 | static struct sctp_chunk *sctp_make_op_error_space( |
1254 | const struct sctp_association *asoc, |
1255 | const struct sctp_chunk *chunk, |
1256 | size_t size) |
1257 | { |
1258 | struct sctp_chunk *retval; |
1259 | |
1260 | retval = sctp_make_control(asoc, type: SCTP_CID_ERROR, flags: 0, |
1261 | paylen: sizeof(struct sctp_errhdr) + size, |
1262 | GFP_ATOMIC); |
1263 | if (!retval) |
1264 | goto nodata; |
1265 | |
1266 | /* RFC 2960 6.4 Multi-homed SCTP Endpoints |
1267 | * |
1268 | * An endpoint SHOULD transmit reply chunks (e.g., SACK, |
1269 | * HEARTBEAT ACK, etc.) to the same destination transport |
1270 | * address from which it received the DATA or control chunk |
1271 | * to which it is replying. |
1272 | * |
1273 | */ |
1274 | if (chunk) |
1275 | retval->transport = chunk->transport; |
1276 | |
1277 | nodata: |
1278 | return retval; |
1279 | } |
1280 | |
1281 | /* Create an Operation Error chunk of a fixed size, specifically, |
1282 | * min(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) - overheads. |
1283 | * This is a helper function to allocate an error chunk for those |
1284 | * invalid parameter codes in which we may not want to report all the |
1285 | * errors, if the incoming chunk is large. If it can't fit in a single |
1286 | * packet, we ignore it. |
1287 | */ |
1288 | static inline struct sctp_chunk *sctp_make_op_error_limited( |
1289 | const struct sctp_association *asoc, |
1290 | const struct sctp_chunk *chunk) |
1291 | { |
1292 | size_t size = SCTP_DEFAULT_MAXSEGMENT; |
1293 | struct sctp_sock *sp = NULL; |
1294 | |
1295 | if (asoc) { |
1296 | size = min_t(size_t, size, asoc->pathmtu); |
1297 | sp = sctp_sk(asoc->base.sk); |
1298 | } |
1299 | |
1300 | size = sctp_mtu_payload(sp, mtu: size, extra: sizeof(struct sctp_errhdr)); |
1301 | |
1302 | return sctp_make_op_error_space(asoc, chunk, size); |
1303 | } |
1304 | |
1305 | /* Create an Operation Error chunk. */ |
1306 | struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, |
1307 | const struct sctp_chunk *chunk, |
1308 | __be16 cause_code, const void *payload, |
1309 | size_t paylen, size_t reserve_tail) |
1310 | { |
1311 | struct sctp_chunk *retval; |
1312 | |
1313 | retval = sctp_make_op_error_space(asoc, chunk, size: paylen + reserve_tail); |
1314 | if (!retval) |
1315 | goto nodata; |
1316 | |
1317 | sctp_init_cause(chunk: retval, cause_code, paylen: paylen + reserve_tail); |
1318 | sctp_addto_chunk(retval, len: paylen, data: payload); |
1319 | if (reserve_tail) |
1320 | sctp_addto_param(chunk: retval, len: reserve_tail, NULL); |
1321 | |
1322 | nodata: |
1323 | return retval; |
1324 | } |
1325 | |
1326 | struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc, |
1327 | __u16 key_id) |
1328 | { |
1329 | struct sctp_authhdr auth_hdr; |
1330 | struct sctp_hmac *hmac_desc; |
1331 | struct sctp_chunk *retval; |
1332 | |
1333 | /* Get the first hmac that the peer told us to use */ |
1334 | hmac_desc = sctp_auth_asoc_get_hmac(asoc); |
1335 | if (unlikely(!hmac_desc)) |
1336 | return NULL; |
1337 | |
1338 | retval = sctp_make_control(asoc, type: SCTP_CID_AUTH, flags: 0, |
1339 | paylen: hmac_desc->hmac_len + sizeof(auth_hdr), |
1340 | GFP_ATOMIC); |
1341 | if (!retval) |
1342 | return NULL; |
1343 | |
1344 | auth_hdr.hmac_id = htons(hmac_desc->hmac_id); |
1345 | auth_hdr.shkey_id = htons(key_id); |
1346 | |
1347 | retval->subh.auth_hdr = sctp_addto_chunk(retval, len: sizeof(auth_hdr), |
1348 | data: &auth_hdr); |
1349 | |
1350 | skb_put_zero(skb: retval->skb, len: hmac_desc->hmac_len); |
1351 | |
1352 | /* Adjust the chunk header to include the empty MAC */ |
1353 | retval->chunk_hdr->length = |
1354 | htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); |
1355 | retval->chunk_end = skb_tail_pointer(skb: retval->skb); |
1356 | |
1357 | return retval; |
1358 | } |
1359 | |
1360 | |
1361 | /******************************************************************** |
1362 | * 2nd Level Abstractions |
1363 | ********************************************************************/ |
1364 | |
1365 | /* Turn an skb into a chunk. |
1366 | * FIXME: Eventually move the structure directly inside the skb->cb[]. |
1367 | * |
1368 | * sctpimpguide-05.txt Section 2.8.2 |
1369 | * M1) Each time a new DATA chunk is transmitted |
1370 | * set the 'TSN.Missing.Report' count for that TSN to 0. The |
1371 | * 'TSN.Missing.Report' count will be used to determine missing chunks |
1372 | * and when to fast retransmit. |
1373 | * |
1374 | */ |
1375 | struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, |
1376 | const struct sctp_association *asoc, |
1377 | struct sock *sk, gfp_t gfp) |
1378 | { |
1379 | struct sctp_chunk *retval; |
1380 | |
1381 | retval = kmem_cache_zalloc(k: sctp_chunk_cachep, flags: gfp); |
1382 | |
1383 | if (!retval) |
1384 | goto nodata; |
1385 | if (!sk) |
1386 | pr_debug("%s: chunkifying skb:%p w/o an sk\n" , __func__, skb); |
1387 | |
1388 | INIT_LIST_HEAD(list: &retval->list); |
1389 | retval->skb = skb; |
1390 | retval->asoc = (struct sctp_association *)asoc; |
1391 | retval->singleton = 1; |
1392 | |
1393 | retval->fast_retransmit = SCTP_CAN_FRTX; |
1394 | |
1395 | /* Polish the bead hole. */ |
1396 | INIT_LIST_HEAD(list: &retval->transmitted_list); |
1397 | INIT_LIST_HEAD(list: &retval->frag_list); |
1398 | SCTP_DBG_OBJCNT_INC(chunk); |
1399 | refcount_set(r: &retval->refcnt, n: 1); |
1400 | |
1401 | nodata: |
1402 | return retval; |
1403 | } |
1404 | |
1405 | /* Set chunk->source and dest based on the IP header in chunk->skb. */ |
1406 | void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, |
1407 | union sctp_addr *dest) |
1408 | { |
1409 | memcpy(&chunk->source, src, sizeof(union sctp_addr)); |
1410 | memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); |
1411 | } |
1412 | |
1413 | /* Extract the source address from a chunk. */ |
1414 | const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) |
1415 | { |
1416 | /* If we have a known transport, use that. */ |
1417 | if (chunk->transport) { |
1418 | return &chunk->transport->ipaddr; |
1419 | } else { |
1420 | /* Otherwise, extract it from the IP header. */ |
1421 | return &chunk->source; |
1422 | } |
1423 | } |
1424 | |
1425 | /* Create a new chunk, setting the type and flags headers from the |
1426 | * arguments, reserving enough space for a 'paylen' byte payload. |
1427 | */ |
1428 | static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, |
1429 | __u8 type, __u8 flags, int paylen, |
1430 | gfp_t gfp) |
1431 | { |
1432 | struct sctp_chunkhdr *chunk_hdr; |
1433 | struct sctp_chunk *retval; |
1434 | struct sk_buff *skb; |
1435 | struct sock *sk; |
1436 | int chunklen; |
1437 | |
1438 | chunklen = SCTP_PAD4(sizeof(*chunk_hdr) + paylen); |
1439 | if (chunklen > SCTP_MAX_CHUNK_LEN) |
1440 | goto nodata; |
1441 | |
1442 | /* No need to allocate LL here, as this is only a chunk. */ |
1443 | skb = alloc_skb(size: chunklen, priority: gfp); |
1444 | if (!skb) |
1445 | goto nodata; |
1446 | |
1447 | /* Make room for the chunk header. */ |
1448 | chunk_hdr = (struct sctp_chunkhdr *)skb_put(skb, len: sizeof(*chunk_hdr)); |
1449 | chunk_hdr->type = type; |
1450 | chunk_hdr->flags = flags; |
1451 | chunk_hdr->length = htons(sizeof(*chunk_hdr)); |
1452 | |
1453 | sk = asoc ? asoc->base.sk : NULL; |
1454 | retval = sctp_chunkify(skb, asoc, sk, gfp); |
1455 | if (!retval) { |
1456 | kfree_skb(skb); |
1457 | goto nodata; |
1458 | } |
1459 | |
1460 | retval->chunk_hdr = chunk_hdr; |
1461 | retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(*chunk_hdr); |
1462 | |
1463 | /* Determine if the chunk needs to be authenticated */ |
1464 | if (sctp_auth_send_cid(chunk: type, asoc)) |
1465 | retval->auth = 1; |
1466 | |
1467 | return retval; |
1468 | nodata: |
1469 | return NULL; |
1470 | } |
1471 | |
1472 | static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, |
1473 | __u8 flags, int paylen, gfp_t gfp) |
1474 | { |
1475 | return _sctp_make_chunk(asoc, type: SCTP_CID_DATA, flags, paylen, gfp); |
1476 | } |
1477 | |
1478 | struct sctp_chunk *sctp_make_idata(const struct sctp_association *asoc, |
1479 | __u8 flags, int paylen, gfp_t gfp) |
1480 | { |
1481 | return _sctp_make_chunk(asoc, type: SCTP_CID_I_DATA, flags, paylen, gfp); |
1482 | } |
1483 | |
1484 | static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, |
1485 | __u8 type, __u8 flags, int paylen, |
1486 | gfp_t gfp) |
1487 | { |
1488 | struct sctp_chunk *chunk; |
1489 | |
1490 | chunk = _sctp_make_chunk(asoc, type, flags, paylen, gfp); |
1491 | if (chunk) |
1492 | sctp_control_set_owner_w(chunk); |
1493 | |
1494 | return chunk; |
1495 | } |
1496 | |
1497 | /* Release the memory occupied by a chunk. */ |
1498 | static void sctp_chunk_destroy(struct sctp_chunk *chunk) |
1499 | { |
1500 | BUG_ON(!list_empty(&chunk->list)); |
1501 | list_del_init(entry: &chunk->transmitted_list); |
1502 | |
1503 | consume_skb(skb: chunk->skb); |
1504 | consume_skb(skb: chunk->auth_chunk); |
1505 | |
1506 | SCTP_DBG_OBJCNT_DEC(chunk); |
1507 | kmem_cache_free(s: sctp_chunk_cachep, objp: chunk); |
1508 | } |
1509 | |
1510 | /* Possibly, free the chunk. */ |
1511 | void sctp_chunk_free(struct sctp_chunk *chunk) |
1512 | { |
1513 | /* Release our reference on the message tracker. */ |
1514 | if (chunk->msg) |
1515 | sctp_datamsg_put(chunk->msg); |
1516 | |
1517 | sctp_chunk_put(chunk); |
1518 | } |
1519 | |
1520 | /* Grab a reference to the chunk. */ |
1521 | void sctp_chunk_hold(struct sctp_chunk *ch) |
1522 | { |
1523 | refcount_inc(r: &ch->refcnt); |
1524 | } |
1525 | |
1526 | /* Release a reference to the chunk. */ |
1527 | void sctp_chunk_put(struct sctp_chunk *ch) |
1528 | { |
1529 | if (refcount_dec_and_test(r: &ch->refcnt)) |
1530 | sctp_chunk_destroy(chunk: ch); |
1531 | } |
1532 | |
1533 | /* Append bytes to the end of a chunk. Will panic if chunk is not big |
1534 | * enough. |
1535 | */ |
1536 | void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) |
1537 | { |
1538 | int chunklen = ntohs(chunk->chunk_hdr->length); |
1539 | int padlen = SCTP_PAD4(chunklen) - chunklen; |
1540 | void *target; |
1541 | |
1542 | skb_put_zero(skb: chunk->skb, len: padlen); |
1543 | target = skb_put_data(skb: chunk->skb, data, len); |
1544 | |
1545 | /* Adjust the chunk length field. */ |
1546 | chunk->chunk_hdr->length = htons(chunklen + padlen + len); |
1547 | chunk->chunk_end = skb_tail_pointer(skb: chunk->skb); |
1548 | |
1549 | return target; |
1550 | } |
1551 | |
1552 | /* Append bytes from user space to the end of a chunk. Will panic if |
1553 | * chunk is not big enough. |
1554 | * Returns a kernel err value. |
1555 | */ |
1556 | int sctp_user_addto_chunk(struct sctp_chunk *chunk, int len, |
1557 | struct iov_iter *from) |
1558 | { |
1559 | void *target; |
1560 | |
1561 | /* Make room in chunk for data. */ |
1562 | target = skb_put(skb: chunk->skb, len); |
1563 | |
1564 | /* Copy data (whole iovec) into chunk */ |
1565 | if (!copy_from_iter_full(addr: target, bytes: len, i: from)) |
1566 | return -EFAULT; |
1567 | |
1568 | /* Adjust the chunk length field. */ |
1569 | chunk->chunk_hdr->length = |
1570 | htons(ntohs(chunk->chunk_hdr->length) + len); |
1571 | chunk->chunk_end = skb_tail_pointer(skb: chunk->skb); |
1572 | |
1573 | return 0; |
1574 | } |
1575 | |
1576 | /* Helper function to assign a TSN if needed. This assumes that both |
1577 | * the data_hdr and association have already been assigned. |
1578 | */ |
1579 | void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) |
1580 | { |
1581 | struct sctp_stream *stream; |
1582 | struct sctp_chunk *lchunk; |
1583 | struct sctp_datamsg *msg; |
1584 | __u16 ssn, sid; |
1585 | |
1586 | if (chunk->has_ssn) |
1587 | return; |
1588 | |
1589 | /* All fragments will be on the same stream */ |
1590 | sid = ntohs(chunk->subh.data_hdr->stream); |
1591 | stream = &chunk->asoc->stream; |
1592 | |
1593 | /* Now assign the sequence number to the entire message. |
1594 | * All fragments must have the same stream sequence number. |
1595 | */ |
1596 | msg = chunk->msg; |
1597 | list_for_each_entry(lchunk, &msg->chunks, frag_list) { |
1598 | if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { |
1599 | ssn = 0; |
1600 | } else { |
1601 | if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) |
1602 | ssn = sctp_ssn_next(stream, out, sid); |
1603 | else |
1604 | ssn = sctp_ssn_peek(stream, out, sid); |
1605 | } |
1606 | |
1607 | lchunk->subh.data_hdr->ssn = htons(ssn); |
1608 | lchunk->has_ssn = 1; |
1609 | } |
1610 | } |
1611 | |
1612 | /* Helper function to assign a TSN if needed. This assumes that both |
1613 | * the data_hdr and association have already been assigned. |
1614 | */ |
1615 | void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) |
1616 | { |
1617 | if (!chunk->has_tsn) { |
1618 | /* This is the last possible instant to |
1619 | * assign a TSN. |
1620 | */ |
1621 | chunk->subh.data_hdr->tsn = |
1622 | htonl(sctp_association_get_next_tsn(chunk->asoc)); |
1623 | chunk->has_tsn = 1; |
1624 | } |
1625 | } |
1626 | |
1627 | /* Create a CLOSED association to use with an incoming packet. */ |
1628 | struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, |
1629 | struct sctp_chunk *chunk, |
1630 | gfp_t gfp) |
1631 | { |
1632 | struct sctp_association *asoc; |
1633 | enum sctp_scope scope; |
1634 | struct sk_buff *skb; |
1635 | |
1636 | /* Create the bare association. */ |
1637 | scope = sctp_scope(addr: sctp_source(chunk)); |
1638 | asoc = sctp_association_new(ep, sk: ep->base.sk, scope, gfp); |
1639 | if (!asoc) |
1640 | goto nodata; |
1641 | asoc->temp = 1; |
1642 | skb = chunk->skb; |
1643 | /* Create an entry for the source address of the packet. */ |
1644 | SCTP_INPUT_CB(skb)->af->from_skb(&asoc->c.peer_addr, skb, 1); |
1645 | |
1646 | nodata: |
1647 | return asoc; |
1648 | } |
1649 | |
1650 | /* Build a cookie representing asoc. |
1651 | * This INCLUDES the param header needed to put the cookie in the INIT ACK. |
1652 | */ |
1653 | static struct sctp_cookie_param *sctp_pack_cookie( |
1654 | const struct sctp_endpoint *ep, |
1655 | const struct sctp_association *asoc, |
1656 | const struct sctp_chunk *init_chunk, |
1657 | int *cookie_len, const __u8 *raw_addrs, |
1658 | int addrs_len) |
1659 | { |
1660 | struct sctp_signed_cookie *cookie; |
1661 | struct sctp_cookie_param *retval; |
1662 | int , bodysize; |
1663 | |
1664 | /* Header size is static data prior to the actual cookie, including |
1665 | * any padding. |
1666 | */ |
1667 | headersize = sizeof(struct sctp_paramhdr) + |
1668 | (sizeof(struct sctp_signed_cookie) - |
1669 | sizeof(struct sctp_cookie)); |
1670 | bodysize = sizeof(struct sctp_cookie) |
1671 | + ntohs(init_chunk->chunk_hdr->length) + addrs_len; |
1672 | |
1673 | /* Pad out the cookie to a multiple to make the signature |
1674 | * functions simpler to write. |
1675 | */ |
1676 | if (bodysize % SCTP_COOKIE_MULTIPLE) |
1677 | bodysize += SCTP_COOKIE_MULTIPLE |
1678 | - (bodysize % SCTP_COOKIE_MULTIPLE); |
1679 | *cookie_len = headersize + bodysize; |
1680 | |
1681 | /* Clear this memory since we are sending this data structure |
1682 | * out on the network. |
1683 | */ |
1684 | retval = kzalloc(size: *cookie_len, GFP_ATOMIC); |
1685 | if (!retval) |
1686 | goto nodata; |
1687 | |
1688 | cookie = (struct sctp_signed_cookie *) retval->body; |
1689 | |
1690 | /* Set up the parameter header. */ |
1691 | retval->p.type = SCTP_PARAM_STATE_COOKIE; |
1692 | retval->p.length = htons(*cookie_len); |
1693 | |
1694 | /* Copy the cookie part of the association itself. */ |
1695 | cookie->c = asoc->c; |
1696 | /* Save the raw address list length in the cookie. */ |
1697 | cookie->c.raw_addr_list_len = addrs_len; |
1698 | |
1699 | /* Remember PR-SCTP capability. */ |
1700 | cookie->c.prsctp_capable = asoc->peer.prsctp_capable; |
1701 | |
1702 | /* Save adaptation indication in the cookie. */ |
1703 | cookie->c.adaptation_ind = asoc->peer.adaptation_ind; |
1704 | |
1705 | /* Set an expiration time for the cookie. */ |
1706 | cookie->c.expiration = ktime_add(asoc->cookie_life, |
1707 | ktime_get_real()); |
1708 | |
1709 | /* Copy the peer's init packet. */ |
1710 | memcpy(cookie + 1, init_chunk->chunk_hdr, |
1711 | ntohs(init_chunk->chunk_hdr->length)); |
1712 | |
1713 | /* Copy the raw local address list of the association. */ |
1714 | memcpy((__u8 *)(cookie + 1) + |
1715 | ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); |
1716 | |
1717 | if (sctp_sk(ep->base.sk)->hmac) { |
1718 | struct crypto_shash *tfm = sctp_sk(ep->base.sk)->hmac; |
1719 | int err; |
1720 | |
1721 | /* Sign the message. */ |
1722 | err = crypto_shash_setkey(tfm, key: ep->secret_key, |
1723 | keylen: sizeof(ep->secret_key)) ?: |
1724 | crypto_shash_tfm_digest(tfm, data: (u8 *)&cookie->c, len: bodysize, |
1725 | out: cookie->signature); |
1726 | if (err) |
1727 | goto free_cookie; |
1728 | } |
1729 | |
1730 | return retval; |
1731 | |
1732 | free_cookie: |
1733 | kfree(objp: retval); |
1734 | nodata: |
1735 | *cookie_len = 0; |
1736 | return NULL; |
1737 | } |
1738 | |
1739 | /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ |
1740 | struct sctp_association *sctp_unpack_cookie( |
1741 | const struct sctp_endpoint *ep, |
1742 | const struct sctp_association *asoc, |
1743 | struct sctp_chunk *chunk, gfp_t gfp, |
1744 | int *error, struct sctp_chunk **errp) |
1745 | { |
1746 | struct sctp_association *retval = NULL; |
1747 | int , bodysize, fixed_size; |
1748 | struct sctp_signed_cookie *cookie; |
1749 | struct sk_buff *skb = chunk->skb; |
1750 | struct sctp_cookie *bear_cookie; |
1751 | __u8 *digest = ep->digest; |
1752 | enum sctp_scope scope; |
1753 | unsigned int len; |
1754 | ktime_t kt; |
1755 | |
1756 | /* Header size is static data prior to the actual cookie, including |
1757 | * any padding. |
1758 | */ |
1759 | headersize = sizeof(struct sctp_chunkhdr) + |
1760 | (sizeof(struct sctp_signed_cookie) - |
1761 | sizeof(struct sctp_cookie)); |
1762 | bodysize = ntohs(chunk->chunk_hdr->length) - headersize; |
1763 | fixed_size = headersize + sizeof(struct sctp_cookie); |
1764 | |
1765 | /* Verify that the chunk looks like it even has a cookie. |
1766 | * There must be enough room for our cookie and our peer's |
1767 | * INIT chunk. |
1768 | */ |
1769 | len = ntohs(chunk->chunk_hdr->length); |
1770 | if (len < fixed_size + sizeof(struct sctp_chunkhdr)) |
1771 | goto malformed; |
1772 | |
1773 | /* Verify that the cookie has been padded out. */ |
1774 | if (bodysize % SCTP_COOKIE_MULTIPLE) |
1775 | goto malformed; |
1776 | |
1777 | /* Process the cookie. */ |
1778 | cookie = chunk->subh.cookie_hdr; |
1779 | bear_cookie = &cookie->c; |
1780 | |
1781 | if (!sctp_sk(ep->base.sk)->hmac) |
1782 | goto no_hmac; |
1783 | |
1784 | /* Check the signature. */ |
1785 | { |
1786 | struct crypto_shash *tfm = sctp_sk(ep->base.sk)->hmac; |
1787 | int err; |
1788 | |
1789 | err = crypto_shash_setkey(tfm, key: ep->secret_key, |
1790 | keylen: sizeof(ep->secret_key)) ?: |
1791 | crypto_shash_tfm_digest(tfm, data: (u8 *)bear_cookie, len: bodysize, |
1792 | out: digest); |
1793 | if (err) { |
1794 | *error = -SCTP_IERROR_NOMEM; |
1795 | goto fail; |
1796 | } |
1797 | } |
1798 | |
1799 | if (memcmp(p: digest, q: cookie->signature, SCTP_SIGNATURE_SIZE)) { |
1800 | *error = -SCTP_IERROR_BAD_SIG; |
1801 | goto fail; |
1802 | } |
1803 | |
1804 | no_hmac: |
1805 | /* IG Section 2.35.2: |
1806 | * 3) Compare the port numbers and the verification tag contained |
1807 | * within the COOKIE ECHO chunk to the actual port numbers and the |
1808 | * verification tag within the SCTP common header of the received |
1809 | * packet. If these values do not match the packet MUST be silently |
1810 | * discarded, |
1811 | */ |
1812 | if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { |
1813 | *error = -SCTP_IERROR_BAD_TAG; |
1814 | goto fail; |
1815 | } |
1816 | |
1817 | if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || |
1818 | ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { |
1819 | *error = -SCTP_IERROR_BAD_PORTS; |
1820 | goto fail; |
1821 | } |
1822 | |
1823 | /* Check to see if the cookie is stale. If there is already |
1824 | * an association, there is no need to check cookie's expiration |
1825 | * for init collision case of lost COOKIE ACK. |
1826 | * If skb has been timestamped, then use the stamp, otherwise |
1827 | * use current time. This introduces a small possibility that |
1828 | * a cookie may be considered expired, but this would only slow |
1829 | * down the new association establishment instead of every packet. |
1830 | */ |
1831 | if (sock_flag(sk: ep->base.sk, flag: SOCK_TIMESTAMP)) |
1832 | kt = skb_get_ktime(skb); |
1833 | else |
1834 | kt = ktime_get_real(); |
1835 | |
1836 | if (!asoc && ktime_before(cmp1: bear_cookie->expiration, cmp2: kt)) { |
1837 | suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration)); |
1838 | __be32 n = htonl(usecs); |
1839 | |
1840 | /* |
1841 | * Section 3.3.10.3 Stale Cookie Error (3) |
1842 | * |
1843 | * Cause of error |
1844 | * --------------- |
1845 | * Stale Cookie Error: Indicates the receipt of a valid State |
1846 | * Cookie that has expired. |
1847 | */ |
1848 | *errp = sctp_make_op_error(asoc, chunk, |
1849 | cause_code: SCTP_ERROR_STALE_COOKIE, payload: &n, |
1850 | paylen: sizeof(n), reserve_tail: 0); |
1851 | if (*errp) |
1852 | *error = -SCTP_IERROR_STALE_COOKIE; |
1853 | else |
1854 | *error = -SCTP_IERROR_NOMEM; |
1855 | |
1856 | goto fail; |
1857 | } |
1858 | |
1859 | /* Make a new base association. */ |
1860 | scope = sctp_scope(addr: sctp_source(chunk)); |
1861 | retval = sctp_association_new(ep, sk: ep->base.sk, scope, gfp); |
1862 | if (!retval) { |
1863 | *error = -SCTP_IERROR_NOMEM; |
1864 | goto fail; |
1865 | } |
1866 | |
1867 | /* Set up our peer's port number. */ |
1868 | retval->peer.port = ntohs(chunk->sctp_hdr->source); |
1869 | |
1870 | /* Populate the association from the cookie. */ |
1871 | memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); |
1872 | |
1873 | if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, |
1874 | GFP_ATOMIC) < 0) { |
1875 | *error = -SCTP_IERROR_NOMEM; |
1876 | goto fail; |
1877 | } |
1878 | |
1879 | /* Also, add the destination address. */ |
1880 | if (list_empty(head: &retval->base.bind_addr.address_list)) { |
1881 | sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, |
1882 | new_size: sizeof(chunk->dest), addr_state: SCTP_ADDR_SRC, |
1883 | GFP_ATOMIC); |
1884 | } |
1885 | |
1886 | retval->next_tsn = retval->c.initial_tsn; |
1887 | retval->ctsn_ack_point = retval->next_tsn - 1; |
1888 | retval->addip_serial = retval->c.initial_tsn; |
1889 | retval->strreset_outseq = retval->c.initial_tsn; |
1890 | retval->adv_peer_ack_point = retval->ctsn_ack_point; |
1891 | retval->peer.prsctp_capable = retval->c.prsctp_capable; |
1892 | retval->peer.adaptation_ind = retval->c.adaptation_ind; |
1893 | |
1894 | /* The INIT stuff will be done by the side effects. */ |
1895 | return retval; |
1896 | |
1897 | fail: |
1898 | if (retval) |
1899 | sctp_association_free(retval); |
1900 | |
1901 | return NULL; |
1902 | |
1903 | malformed: |
1904 | /* Yikes! The packet is either corrupt or deliberately |
1905 | * malformed. |
1906 | */ |
1907 | *error = -SCTP_IERROR_MALFORMED; |
1908 | goto fail; |
1909 | } |
1910 | |
1911 | /******************************************************************** |
1912 | * 3rd Level Abstractions |
1913 | ********************************************************************/ |
1914 | |
1915 | struct __sctp_missing { |
1916 | __be32 num_missing; |
1917 | __be16 type; |
1918 | } __packed; |
1919 | |
1920 | /* |
1921 | * Report a missing mandatory parameter. |
1922 | */ |
1923 | static int sctp_process_missing_param(const struct sctp_association *asoc, |
1924 | enum sctp_param paramtype, |
1925 | struct sctp_chunk *chunk, |
1926 | struct sctp_chunk **errp) |
1927 | { |
1928 | struct __sctp_missing report; |
1929 | __u16 len; |
1930 | |
1931 | len = SCTP_PAD4(sizeof(report)); |
1932 | |
1933 | /* Make an ERROR chunk, preparing enough room for |
1934 | * returning multiple unknown parameters. |
1935 | */ |
1936 | if (!*errp) |
1937 | *errp = sctp_make_op_error_space(asoc, chunk, size: len); |
1938 | |
1939 | if (*errp) { |
1940 | report.num_missing = htonl(1); |
1941 | report.type = paramtype; |
1942 | sctp_init_cause(chunk: *errp, cause_code: SCTP_ERROR_MISS_PARAM, |
1943 | paylen: sizeof(report)); |
1944 | sctp_addto_chunk(chunk: *errp, len: sizeof(report), data: &report); |
1945 | } |
1946 | |
1947 | /* Stop processing this chunk. */ |
1948 | return 0; |
1949 | } |
1950 | |
1951 | /* Report an Invalid Mandatory Parameter. */ |
1952 | static int sctp_process_inv_mandatory(const struct sctp_association *asoc, |
1953 | struct sctp_chunk *chunk, |
1954 | struct sctp_chunk **errp) |
1955 | { |
1956 | /* Invalid Mandatory Parameter Error has no payload. */ |
1957 | |
1958 | if (!*errp) |
1959 | *errp = sctp_make_op_error_space(asoc, chunk, size: 0); |
1960 | |
1961 | if (*errp) |
1962 | sctp_init_cause(chunk: *errp, cause_code: SCTP_ERROR_INV_PARAM, paylen: 0); |
1963 | |
1964 | /* Stop processing this chunk. */ |
1965 | return 0; |
1966 | } |
1967 | |
1968 | static int sctp_process_inv_paramlength(const struct sctp_association *asoc, |
1969 | struct sctp_paramhdr *param, |
1970 | const struct sctp_chunk *chunk, |
1971 | struct sctp_chunk **errp) |
1972 | { |
1973 | /* This is a fatal error. Any accumulated non-fatal errors are |
1974 | * not reported. |
1975 | */ |
1976 | if (*errp) |
1977 | sctp_chunk_free(chunk: *errp); |
1978 | |
1979 | /* Create an error chunk and fill it in with our payload. */ |
1980 | *errp = sctp_make_violation_paramlen(asoc, chunk, param); |
1981 | |
1982 | return 0; |
1983 | } |
1984 | |
1985 | |
1986 | /* Do not attempt to handle the HOST_NAME parm. However, do |
1987 | * send back an indicator to the peer. |
1988 | */ |
1989 | static int sctp_process_hn_param(const struct sctp_association *asoc, |
1990 | union sctp_params param, |
1991 | struct sctp_chunk *chunk, |
1992 | struct sctp_chunk **errp) |
1993 | { |
1994 | __u16 len = ntohs(param.p->length); |
1995 | |
1996 | /* Processing of the HOST_NAME parameter will generate an |
1997 | * ABORT. If we've accumulated any non-fatal errors, they |
1998 | * would be unrecognized parameters and we should not include |
1999 | * them in the ABORT. |
2000 | */ |
2001 | if (*errp) |
2002 | sctp_chunk_free(chunk: *errp); |
2003 | |
2004 | *errp = sctp_make_op_error(asoc, chunk, cause_code: SCTP_ERROR_DNS_FAILED, |
2005 | payload: param.v, paylen: len, reserve_tail: 0); |
2006 | |
2007 | /* Stop processing this chunk. */ |
2008 | return 0; |
2009 | } |
2010 | |
2011 | static int sctp_verify_ext_param(struct net *net, |
2012 | const struct sctp_endpoint *ep, |
2013 | union sctp_params param) |
2014 | { |
2015 | __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); |
2016 | int have_asconf = 0; |
2017 | int have_auth = 0; |
2018 | int i; |
2019 | |
2020 | for (i = 0; i < num_ext; i++) { |
2021 | switch (param.ext->chunks[i]) { |
2022 | case SCTP_CID_AUTH: |
2023 | have_auth = 1; |
2024 | break; |
2025 | case SCTP_CID_ASCONF: |
2026 | case SCTP_CID_ASCONF_ACK: |
2027 | have_asconf = 1; |
2028 | break; |
2029 | } |
2030 | } |
2031 | |
2032 | /* ADD-IP Security: The draft requires us to ABORT or ignore the |
2033 | * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this |
2034 | * only if ADD-IP is turned on and we are not backward-compatible |
2035 | * mode. |
2036 | */ |
2037 | if (net->sctp.addip_noauth) |
2038 | return 1; |
2039 | |
2040 | if (ep->asconf_enable && !have_auth && have_asconf) |
2041 | return 0; |
2042 | |
2043 | return 1; |
2044 | } |
2045 | |
2046 | static void sctp_process_ext_param(struct sctp_association *asoc, |
2047 | union sctp_params param) |
2048 | { |
2049 | __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); |
2050 | int i; |
2051 | |
2052 | for (i = 0; i < num_ext; i++) { |
2053 | switch (param.ext->chunks[i]) { |
2054 | case SCTP_CID_RECONF: |
2055 | if (asoc->ep->reconf_enable) |
2056 | asoc->peer.reconf_capable = 1; |
2057 | break; |
2058 | case SCTP_CID_FWD_TSN: |
2059 | if (asoc->ep->prsctp_enable) |
2060 | asoc->peer.prsctp_capable = 1; |
2061 | break; |
2062 | case SCTP_CID_AUTH: |
2063 | /* if the peer reports AUTH, assume that he |
2064 | * supports AUTH. |
2065 | */ |
2066 | if (asoc->ep->auth_enable) |
2067 | asoc->peer.auth_capable = 1; |
2068 | break; |
2069 | case SCTP_CID_ASCONF: |
2070 | case SCTP_CID_ASCONF_ACK: |
2071 | if (asoc->ep->asconf_enable) |
2072 | asoc->peer.asconf_capable = 1; |
2073 | break; |
2074 | case SCTP_CID_I_DATA: |
2075 | if (asoc->ep->intl_enable) |
2076 | asoc->peer.intl_capable = 1; |
2077 | break; |
2078 | default: |
2079 | break; |
2080 | } |
2081 | } |
2082 | } |
2083 | |
2084 | /* RFC 3.2.1 & the Implementers Guide 2.2. |
2085 | * |
2086 | * The Parameter Types are encoded such that the |
2087 | * highest-order two bits specify the action that must be |
2088 | * taken if the processing endpoint does not recognize the |
2089 | * Parameter Type. |
2090 | * |
2091 | * 00 - Stop processing this parameter; do not process any further |
2092 | * parameters within this chunk |
2093 | * |
2094 | * 01 - Stop processing this parameter, do not process any further |
2095 | * parameters within this chunk, and report the unrecognized |
2096 | * parameter in an 'Unrecognized Parameter' ERROR chunk. |
2097 | * |
2098 | * 10 - Skip this parameter and continue processing. |
2099 | * |
2100 | * 11 - Skip this parameter and continue processing but |
2101 | * report the unrecognized parameter in an |
2102 | * 'Unrecognized Parameter' ERROR chunk. |
2103 | * |
2104 | * Return value: |
2105 | * SCTP_IERROR_NO_ERROR - continue with the chunk |
2106 | * SCTP_IERROR_ERROR - stop and report an error. |
2107 | * SCTP_IERROR_NOMEME - out of memory. |
2108 | */ |
2109 | static enum sctp_ierror sctp_process_unk_param( |
2110 | const struct sctp_association *asoc, |
2111 | union sctp_params param, |
2112 | struct sctp_chunk *chunk, |
2113 | struct sctp_chunk **errp) |
2114 | { |
2115 | int retval = SCTP_IERROR_NO_ERROR; |
2116 | |
2117 | switch (param.p->type & SCTP_PARAM_ACTION_MASK) { |
2118 | case SCTP_PARAM_ACTION_DISCARD: |
2119 | retval = SCTP_IERROR_ERROR; |
2120 | break; |
2121 | case SCTP_PARAM_ACTION_SKIP: |
2122 | break; |
2123 | case SCTP_PARAM_ACTION_DISCARD_ERR: |
2124 | retval = SCTP_IERROR_ERROR; |
2125 | fallthrough; |
2126 | case SCTP_PARAM_ACTION_SKIP_ERR: |
2127 | /* Make an ERROR chunk, preparing enough room for |
2128 | * returning multiple unknown parameters. |
2129 | */ |
2130 | if (!*errp) { |
2131 | *errp = sctp_make_op_error_limited(asoc, chunk); |
2132 | if (!*errp) { |
2133 | /* If there is no memory for generating the |
2134 | * ERROR report as specified, an ABORT will be |
2135 | * triggered to the peer and the association |
2136 | * won't be established. |
2137 | */ |
2138 | retval = SCTP_IERROR_NOMEM; |
2139 | break; |
2140 | } |
2141 | } |
2142 | |
2143 | if (!sctp_init_cause(chunk: *errp, cause_code: SCTP_ERROR_UNKNOWN_PARAM, |
2144 | ntohs(param.p->length))) |
2145 | sctp_addto_chunk(chunk: *errp, ntohs(param.p->length), |
2146 | data: param.v); |
2147 | break; |
2148 | default: |
2149 | break; |
2150 | } |
2151 | |
2152 | return retval; |
2153 | } |
2154 | |
2155 | /* Verify variable length parameters |
2156 | * Return values: |
2157 | * SCTP_IERROR_ABORT - trigger an ABORT |
2158 | * SCTP_IERROR_NOMEM - out of memory (abort) |
2159 | * SCTP_IERROR_ERROR - stop processing, trigger an ERROR |
2160 | * SCTP_IERROR_NO_ERROR - continue with the chunk |
2161 | */ |
2162 | static enum sctp_ierror sctp_verify_param(struct net *net, |
2163 | const struct sctp_endpoint *ep, |
2164 | const struct sctp_association *asoc, |
2165 | union sctp_params param, |
2166 | enum sctp_cid cid, |
2167 | struct sctp_chunk *chunk, |
2168 | struct sctp_chunk **err_chunk) |
2169 | { |
2170 | struct sctp_hmac_algo_param *hmacs; |
2171 | int retval = SCTP_IERROR_NO_ERROR; |
2172 | __u16 n_elt, id = 0; |
2173 | int i; |
2174 | |
2175 | /* FIXME - This routine is not looking at each parameter per the |
2176 | * chunk type, i.e., unrecognized parameters should be further |
2177 | * identified based on the chunk id. |
2178 | */ |
2179 | |
2180 | switch (param.p->type) { |
2181 | case SCTP_PARAM_IPV4_ADDRESS: |
2182 | case SCTP_PARAM_IPV6_ADDRESS: |
2183 | case SCTP_PARAM_COOKIE_PRESERVATIVE: |
2184 | case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: |
2185 | case SCTP_PARAM_STATE_COOKIE: |
2186 | case SCTP_PARAM_HEARTBEAT_INFO: |
2187 | case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: |
2188 | case SCTP_PARAM_ECN_CAPABLE: |
2189 | case SCTP_PARAM_ADAPTATION_LAYER_IND: |
2190 | break; |
2191 | |
2192 | case SCTP_PARAM_SUPPORTED_EXT: |
2193 | if (!sctp_verify_ext_param(net, ep, param)) |
2194 | return SCTP_IERROR_ABORT; |
2195 | break; |
2196 | |
2197 | case SCTP_PARAM_SET_PRIMARY: |
2198 | if (!ep->asconf_enable) |
2199 | goto unhandled; |
2200 | |
2201 | if (ntohs(param.p->length) < sizeof(struct sctp_addip_param) + |
2202 | sizeof(struct sctp_paramhdr)) { |
2203 | sctp_process_inv_paramlength(asoc, param: param.p, |
2204 | chunk, errp: err_chunk); |
2205 | retval = SCTP_IERROR_ABORT; |
2206 | } |
2207 | break; |
2208 | |
2209 | case SCTP_PARAM_HOST_NAME_ADDRESS: |
2210 | /* This param has been Deprecated, send ABORT. */ |
2211 | sctp_process_hn_param(asoc, param, chunk, errp: err_chunk); |
2212 | retval = SCTP_IERROR_ABORT; |
2213 | break; |
2214 | |
2215 | case SCTP_PARAM_FWD_TSN_SUPPORT: |
2216 | if (ep->prsctp_enable) |
2217 | break; |
2218 | goto unhandled; |
2219 | |
2220 | case SCTP_PARAM_RANDOM: |
2221 | if (!ep->auth_enable) |
2222 | goto unhandled; |
2223 | |
2224 | /* SCTP-AUTH: Secion 6.1 |
2225 | * If the random number is not 32 byte long the association |
2226 | * MUST be aborted. The ABORT chunk SHOULD contain the error |
2227 | * cause 'Protocol Violation'. |
2228 | */ |
2229 | if (SCTP_AUTH_RANDOM_LENGTH != ntohs(param.p->length) - |
2230 | sizeof(struct sctp_paramhdr)) { |
2231 | sctp_process_inv_paramlength(asoc, param: param.p, |
2232 | chunk, errp: err_chunk); |
2233 | retval = SCTP_IERROR_ABORT; |
2234 | } |
2235 | break; |
2236 | |
2237 | case SCTP_PARAM_CHUNKS: |
2238 | if (!ep->auth_enable) |
2239 | goto unhandled; |
2240 | |
2241 | /* SCTP-AUTH: Section 3.2 |
2242 | * The CHUNKS parameter MUST be included once in the INIT or |
2243 | * INIT-ACK chunk if the sender wants to receive authenticated |
2244 | * chunks. Its maximum length is 260 bytes. |
2245 | */ |
2246 | if (260 < ntohs(param.p->length)) { |
2247 | sctp_process_inv_paramlength(asoc, param: param.p, |
2248 | chunk, errp: err_chunk); |
2249 | retval = SCTP_IERROR_ABORT; |
2250 | } |
2251 | break; |
2252 | |
2253 | case SCTP_PARAM_HMAC_ALGO: |
2254 | if (!ep->auth_enable) |
2255 | goto unhandled; |
2256 | |
2257 | hmacs = (struct sctp_hmac_algo_param *)param.p; |
2258 | n_elt = (ntohs(param.p->length) - |
2259 | sizeof(struct sctp_paramhdr)) >> 1; |
2260 | |
2261 | /* SCTP-AUTH: Section 6.1 |
2262 | * The HMAC algorithm based on SHA-1 MUST be supported and |
2263 | * included in the HMAC-ALGO parameter. |
2264 | */ |
2265 | for (i = 0; i < n_elt; i++) { |
2266 | id = ntohs(hmacs->hmac_ids[i]); |
2267 | |
2268 | if (id == SCTP_AUTH_HMAC_ID_SHA1) |
2269 | break; |
2270 | } |
2271 | |
2272 | if (id != SCTP_AUTH_HMAC_ID_SHA1) { |
2273 | sctp_process_inv_paramlength(asoc, param: param.p, chunk, |
2274 | errp: err_chunk); |
2275 | retval = SCTP_IERROR_ABORT; |
2276 | } |
2277 | break; |
2278 | unhandled: |
2279 | default: |
2280 | pr_debug("%s: unrecognized param:%d for chunk:%d\n" , |
2281 | __func__, ntohs(param.p->type), cid); |
2282 | |
2283 | retval = sctp_process_unk_param(asoc, param, chunk, errp: err_chunk); |
2284 | break; |
2285 | } |
2286 | return retval; |
2287 | } |
2288 | |
2289 | /* Verify the INIT packet before we process it. */ |
2290 | int sctp_verify_init(struct net *net, const struct sctp_endpoint *ep, |
2291 | const struct sctp_association *asoc, enum sctp_cid cid, |
2292 | struct sctp_init_chunk *peer_init, |
2293 | struct sctp_chunk *chunk, struct sctp_chunk **errp) |
2294 | { |
2295 | union sctp_params param; |
2296 | bool has_cookie = false; |
2297 | int result; |
2298 | |
2299 | /* Check for missing mandatory parameters. Note: Initial TSN is |
2300 | * also mandatory, but is not checked here since the valid range |
2301 | * is 0..2**32-1. RFC4960, section 3.3.3. |
2302 | */ |
2303 | if (peer_init->init_hdr.num_outbound_streams == 0 || |
2304 | peer_init->init_hdr.num_inbound_streams == 0 || |
2305 | peer_init->init_hdr.init_tag == 0 || |
2306 | ntohl(peer_init->init_hdr.a_rwnd) < SCTP_DEFAULT_MINWINDOW) |
2307 | return sctp_process_inv_mandatory(asoc, chunk, errp); |
2308 | |
2309 | sctp_walk_params(param, peer_init) { |
2310 | if (param.p->type == SCTP_PARAM_STATE_COOKIE) |
2311 | has_cookie = true; |
2312 | } |
2313 | |
2314 | /* There is a possibility that a parameter length was bad and |
2315 | * in that case we would have stoped walking the parameters. |
2316 | * The current param.p would point at the bad one. |
2317 | * Current consensus on the mailing list is to generate a PROTOCOL |
2318 | * VIOLATION error. We build the ERROR chunk here and let the normal |
2319 | * error handling code build and send the packet. |
2320 | */ |
2321 | if (param.v != (void *)chunk->chunk_end) |
2322 | return sctp_process_inv_paramlength(asoc, param: param.p, chunk, errp); |
2323 | |
2324 | /* The only missing mandatory param possible today is |
2325 | * the state cookie for an INIT-ACK chunk. |
2326 | */ |
2327 | if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) |
2328 | return sctp_process_missing_param(asoc, paramtype: SCTP_PARAM_STATE_COOKIE, |
2329 | chunk, errp); |
2330 | |
2331 | /* Verify all the variable length parameters */ |
2332 | sctp_walk_params(param, peer_init) { |
2333 | result = sctp_verify_param(net, ep, asoc, param, cid, |
2334 | chunk, err_chunk: errp); |
2335 | switch (result) { |
2336 | case SCTP_IERROR_ABORT: |
2337 | case SCTP_IERROR_NOMEM: |
2338 | return 0; |
2339 | case SCTP_IERROR_ERROR: |
2340 | return 1; |
2341 | case SCTP_IERROR_NO_ERROR: |
2342 | default: |
2343 | break; |
2344 | } |
2345 | |
2346 | } /* for (loop through all parameters) */ |
2347 | |
2348 | return 1; |
2349 | } |
2350 | |
2351 | /* Unpack the parameters in an INIT packet into an association. |
2352 | * Returns 0 on failure, else success. |
2353 | * FIXME: This is an association method. |
2354 | */ |
2355 | int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, |
2356 | const union sctp_addr *peer_addr, |
2357 | struct sctp_init_chunk *peer_init, gfp_t gfp) |
2358 | { |
2359 | struct sctp_transport *transport; |
2360 | struct list_head *pos, *temp; |
2361 | union sctp_params param; |
2362 | union sctp_addr addr; |
2363 | struct sctp_af *af; |
2364 | int src_match = 0; |
2365 | |
2366 | /* We must include the address that the INIT packet came from. |
2367 | * This is the only address that matters for an INIT packet. |
2368 | * When processing a COOKIE ECHO, we retrieve the from address |
2369 | * of the INIT from the cookie. |
2370 | */ |
2371 | |
2372 | /* This implementation defaults to making the first transport |
2373 | * added as the primary transport. The source address seems to |
2374 | * be a better choice than any of the embedded addresses. |
2375 | */ |
2376 | asoc->encap_port = SCTP_INPUT_CB(chunk->skb)->encap_port; |
2377 | if (!sctp_assoc_add_peer(asoc, address: peer_addr, gfp, peer_state: SCTP_ACTIVE)) |
2378 | goto nomem; |
2379 | |
2380 | if (sctp_cmp_addr_exact(ss1: sctp_source(chunk), ss2: peer_addr)) |
2381 | src_match = 1; |
2382 | |
2383 | /* Process the initialization parameters. */ |
2384 | sctp_walk_params(param, peer_init) { |
2385 | if (!src_match && |
2386 | (param.p->type == SCTP_PARAM_IPV4_ADDRESS || |
2387 | param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { |
2388 | af = sctp_get_af_specific(param_type2af(type: param.p->type)); |
2389 | if (!af->from_addr_param(&addr, param.addr, |
2390 | chunk->sctp_hdr->source, 0)) |
2391 | continue; |
2392 | if (sctp_cmp_addr_exact(ss1: sctp_source(chunk), ss2: &addr)) |
2393 | src_match = 1; |
2394 | } |
2395 | |
2396 | if (!sctp_process_param(asoc, param, peer_addr, gfp)) |
2397 | goto clean_up; |
2398 | } |
2399 | |
2400 | /* source address of chunk may not match any valid address */ |
2401 | if (!src_match) |
2402 | goto clean_up; |
2403 | |
2404 | /* AUTH: After processing the parameters, make sure that we |
2405 | * have all the required info to potentially do authentications. |
2406 | */ |
2407 | if (asoc->peer.auth_capable && (!asoc->peer.peer_random || |
2408 | !asoc->peer.peer_hmacs)) |
2409 | asoc->peer.auth_capable = 0; |
2410 | |
2411 | /* In a non-backward compatible mode, if the peer claims |
2412 | * support for ADD-IP but not AUTH, the ADD-IP spec states |
2413 | * that we MUST ABORT the association. Section 6. The section |
2414 | * also give us an option to silently ignore the packet, which |
2415 | * is what we'll do here. |
2416 | */ |
2417 | if (!asoc->base.net->sctp.addip_noauth && |
2418 | (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { |
2419 | asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | |
2420 | SCTP_PARAM_DEL_IP | |
2421 | SCTP_PARAM_SET_PRIMARY); |
2422 | asoc->peer.asconf_capable = 0; |
2423 | goto clean_up; |
2424 | } |
2425 | |
2426 | /* Walk list of transports, removing transports in the UNKNOWN state. */ |
2427 | list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { |
2428 | transport = list_entry(pos, struct sctp_transport, transports); |
2429 | if (transport->state == SCTP_UNKNOWN) { |
2430 | sctp_assoc_rm_peer(asoc, peer: transport); |
2431 | } |
2432 | } |
2433 | |
2434 | /* The fixed INIT headers are always in network byte |
2435 | * order. |
2436 | */ |
2437 | asoc->peer.i.init_tag = |
2438 | ntohl(peer_init->init_hdr.init_tag); |
2439 | asoc->peer.i.a_rwnd = |
2440 | ntohl(peer_init->init_hdr.a_rwnd); |
2441 | asoc->peer.i.num_outbound_streams = |
2442 | ntohs(peer_init->init_hdr.num_outbound_streams); |
2443 | asoc->peer.i.num_inbound_streams = |
2444 | ntohs(peer_init->init_hdr.num_inbound_streams); |
2445 | asoc->peer.i.initial_tsn = |
2446 | ntohl(peer_init->init_hdr.initial_tsn); |
2447 | |
2448 | asoc->strreset_inseq = asoc->peer.i.initial_tsn; |
2449 | |
2450 | /* Apply the upper bounds for output streams based on peer's |
2451 | * number of inbound streams. |
2452 | */ |
2453 | if (asoc->c.sinit_num_ostreams > |
2454 | ntohs(peer_init->init_hdr.num_inbound_streams)) { |
2455 | asoc->c.sinit_num_ostreams = |
2456 | ntohs(peer_init->init_hdr.num_inbound_streams); |
2457 | } |
2458 | |
2459 | if (asoc->c.sinit_max_instreams > |
2460 | ntohs(peer_init->init_hdr.num_outbound_streams)) { |
2461 | asoc->c.sinit_max_instreams = |
2462 | ntohs(peer_init->init_hdr.num_outbound_streams); |
2463 | } |
2464 | |
2465 | /* Copy Initiation tag from INIT to VT_peer in cookie. */ |
2466 | asoc->c.peer_vtag = asoc->peer.i.init_tag; |
2467 | |
2468 | /* Peer Rwnd : Current calculated value of the peer's rwnd. */ |
2469 | asoc->peer.rwnd = asoc->peer.i.a_rwnd; |
2470 | |
2471 | /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily |
2472 | * high (for example, implementations MAY use the size of the receiver |
2473 | * advertised window). |
2474 | */ |
2475 | list_for_each_entry(transport, &asoc->peer.transport_addr_list, |
2476 | transports) { |
2477 | transport->ssthresh = asoc->peer.i.a_rwnd; |
2478 | } |
2479 | |
2480 | /* Set up the TSN tracking pieces. */ |
2481 | if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, |
2482 | initial_tsn: asoc->peer.i.initial_tsn, gfp)) |
2483 | goto clean_up; |
2484 | |
2485 | /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number |
2486 | * |
2487 | * The stream sequence number in all the streams shall start |
2488 | * from 0 when the association is established. Also, when the |
2489 | * stream sequence number reaches the value 65535 the next |
2490 | * stream sequence number shall be set to 0. |
2491 | */ |
2492 | |
2493 | if (sctp_stream_init(stream: &asoc->stream, outcnt: asoc->c.sinit_num_ostreams, |
2494 | incnt: asoc->c.sinit_max_instreams, gfp)) |
2495 | goto clean_up; |
2496 | |
2497 | /* Update frag_point when stream_interleave may get changed. */ |
2498 | sctp_assoc_update_frag_point(asoc); |
2499 | |
2500 | if (!asoc->temp && sctp_assoc_set_id(asoc, gfp)) |
2501 | goto clean_up; |
2502 | |
2503 | /* ADDIP Section 4.1 ASCONF Chunk Procedures |
2504 | * |
2505 | * When an endpoint has an ASCONF signaled change to be sent to the |
2506 | * remote endpoint it should do the following: |
2507 | * ... |
2508 | * A2) A serial number should be assigned to the Chunk. The serial |
2509 | * number should be a monotonically increasing number. All serial |
2510 | * numbers are defined to be initialized at the start of the |
2511 | * association to the same value as the Initial TSN. |
2512 | */ |
2513 | asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; |
2514 | return 1; |
2515 | |
2516 | clean_up: |
2517 | /* Release the transport structures. */ |
2518 | list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { |
2519 | transport = list_entry(pos, struct sctp_transport, transports); |
2520 | if (transport->state != SCTP_ACTIVE) |
2521 | sctp_assoc_rm_peer(asoc, peer: transport); |
2522 | } |
2523 | |
2524 | nomem: |
2525 | return 0; |
2526 | } |
2527 | |
2528 | |
2529 | /* Update asoc with the option described in param. |
2530 | * |
2531 | * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT |
2532 | * |
2533 | * asoc is the association to update. |
2534 | * param is the variable length parameter to use for update. |
2535 | * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. |
2536 | * If the current packet is an INIT we want to minimize the amount of |
2537 | * work we do. In particular, we should not build transport |
2538 | * structures for the addresses. |
2539 | */ |
2540 | static int sctp_process_param(struct sctp_association *asoc, |
2541 | union sctp_params param, |
2542 | const union sctp_addr *peer_addr, |
2543 | gfp_t gfp) |
2544 | { |
2545 | struct sctp_endpoint *ep = asoc->ep; |
2546 | union sctp_addr_param *addr_param; |
2547 | struct net *net = asoc->base.net; |
2548 | struct sctp_transport *t; |
2549 | enum sctp_scope scope; |
2550 | union sctp_addr addr; |
2551 | struct sctp_af *af; |
2552 | int retval = 1, i; |
2553 | u32 stale; |
2554 | __u16 sat; |
2555 | |
2556 | /* We maintain all INIT parameters in network byte order all the |
2557 | * time. This allows us to not worry about whether the parameters |
2558 | * came from a fresh INIT, and INIT ACK, or were stored in a cookie. |
2559 | */ |
2560 | switch (param.p->type) { |
2561 | case SCTP_PARAM_IPV6_ADDRESS: |
2562 | if (PF_INET6 != asoc->base.sk->sk_family) |
2563 | break; |
2564 | goto do_addr_param; |
2565 | |
2566 | case SCTP_PARAM_IPV4_ADDRESS: |
2567 | /* v4 addresses are not allowed on v6-only socket */ |
2568 | if (ipv6_only_sock(asoc->base.sk)) |
2569 | break; |
2570 | do_addr_param: |
2571 | af = sctp_get_af_specific(param_type2af(type: param.p->type)); |
2572 | if (!af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0)) |
2573 | break; |
2574 | scope = sctp_scope(addr: peer_addr); |
2575 | if (sctp_in_scope(net, addr: &addr, scope)) |
2576 | if (!sctp_assoc_add_peer(asoc, address: &addr, gfp, peer_state: SCTP_UNCONFIRMED)) |
2577 | return 0; |
2578 | break; |
2579 | |
2580 | case SCTP_PARAM_COOKIE_PRESERVATIVE: |
2581 | if (!net->sctp.cookie_preserve_enable) |
2582 | break; |
2583 | |
2584 | stale = ntohl(param.life->lifespan_increment); |
2585 | |
2586 | /* Suggested Cookie Life span increment's unit is msec, |
2587 | * (1/1000sec). |
2588 | */ |
2589 | asoc->cookie_life = ktime_add_ms(kt: asoc->cookie_life, msec: stale); |
2590 | break; |
2591 | |
2592 | case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: |
2593 | /* Turn off the default values first so we'll know which |
2594 | * ones are really set by the peer. |
2595 | */ |
2596 | asoc->peer.ipv4_address = 0; |
2597 | asoc->peer.ipv6_address = 0; |
2598 | |
2599 | /* Assume that peer supports the address family |
2600 | * by which it sends a packet. |
2601 | */ |
2602 | if (peer_addr->sa.sa_family == AF_INET6) |
2603 | asoc->peer.ipv6_address = 1; |
2604 | else if (peer_addr->sa.sa_family == AF_INET) |
2605 | asoc->peer.ipv4_address = 1; |
2606 | |
2607 | /* Cycle through address types; avoid divide by 0. */ |
2608 | sat = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); |
2609 | if (sat) |
2610 | sat /= sizeof(__u16); |
2611 | |
2612 | for (i = 0; i < sat; ++i) { |
2613 | switch (param.sat->types[i]) { |
2614 | case SCTP_PARAM_IPV4_ADDRESS: |
2615 | asoc->peer.ipv4_address = 1; |
2616 | break; |
2617 | |
2618 | case SCTP_PARAM_IPV6_ADDRESS: |
2619 | if (PF_INET6 == asoc->base.sk->sk_family) |
2620 | asoc->peer.ipv6_address = 1; |
2621 | break; |
2622 | |
2623 | default: /* Just ignore anything else. */ |
2624 | break; |
2625 | } |
2626 | } |
2627 | break; |
2628 | |
2629 | case SCTP_PARAM_STATE_COOKIE: |
2630 | asoc->peer.cookie_len = |
2631 | ntohs(param.p->length) - sizeof(struct sctp_paramhdr); |
2632 | kfree(objp: asoc->peer.cookie); |
2633 | asoc->peer.cookie = kmemdup(p: param.cookie->body, size: asoc->peer.cookie_len, gfp); |
2634 | if (!asoc->peer.cookie) |
2635 | retval = 0; |
2636 | break; |
2637 | |
2638 | case SCTP_PARAM_HEARTBEAT_INFO: |
2639 | /* Would be odd to receive, but it causes no problems. */ |
2640 | break; |
2641 | |
2642 | case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: |
2643 | /* Rejected during verify stage. */ |
2644 | break; |
2645 | |
2646 | case SCTP_PARAM_ECN_CAPABLE: |
2647 | if (asoc->ep->ecn_enable) { |
2648 | asoc->peer.ecn_capable = 1; |
2649 | break; |
2650 | } |
2651 | /* Fall Through */ |
2652 | goto fall_through; |
2653 | |
2654 | |
2655 | case SCTP_PARAM_ADAPTATION_LAYER_IND: |
2656 | asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); |
2657 | break; |
2658 | |
2659 | case SCTP_PARAM_SET_PRIMARY: |
2660 | if (!ep->asconf_enable) |
2661 | goto fall_through; |
2662 | |
2663 | addr_param = param.v + sizeof(struct sctp_addip_param); |
2664 | |
2665 | af = sctp_get_af_specific(param_type2af(type: addr_param->p.type)); |
2666 | if (!af) |
2667 | break; |
2668 | |
2669 | if (!af->from_addr_param(&addr, addr_param, |
2670 | htons(asoc->peer.port), 0)) |
2671 | break; |
2672 | |
2673 | if (!af->addr_valid(&addr, NULL, NULL)) |
2674 | break; |
2675 | |
2676 | t = sctp_assoc_lookup_paddr(asoc, &addr); |
2677 | if (!t) |
2678 | break; |
2679 | |
2680 | sctp_assoc_set_primary(asoc, t); |
2681 | break; |
2682 | |
2683 | case SCTP_PARAM_SUPPORTED_EXT: |
2684 | sctp_process_ext_param(asoc, param); |
2685 | break; |
2686 | |
2687 | case SCTP_PARAM_FWD_TSN_SUPPORT: |
2688 | if (asoc->ep->prsctp_enable) { |
2689 | asoc->peer.prsctp_capable = 1; |
2690 | break; |
2691 | } |
2692 | /* Fall Through */ |
2693 | goto fall_through; |
2694 | |
2695 | case SCTP_PARAM_RANDOM: |
2696 | if (!ep->auth_enable) |
2697 | goto fall_through; |
2698 | |
2699 | /* Save peer's random parameter */ |
2700 | kfree(objp: asoc->peer.peer_random); |
2701 | asoc->peer.peer_random = kmemdup(p: param.p, |
2702 | ntohs(param.p->length), gfp); |
2703 | if (!asoc->peer.peer_random) { |
2704 | retval = 0; |
2705 | break; |
2706 | } |
2707 | break; |
2708 | |
2709 | case SCTP_PARAM_HMAC_ALGO: |
2710 | if (!ep->auth_enable) |
2711 | goto fall_through; |
2712 | |
2713 | /* Save peer's HMAC list */ |
2714 | kfree(objp: asoc->peer.peer_hmacs); |
2715 | asoc->peer.peer_hmacs = kmemdup(p: param.p, |
2716 | ntohs(param.p->length), gfp); |
2717 | if (!asoc->peer.peer_hmacs) { |
2718 | retval = 0; |
2719 | break; |
2720 | } |
2721 | |
2722 | /* Set the default HMAC the peer requested*/ |
2723 | sctp_auth_asoc_set_default_hmac(asoc, hmacs: param.hmac_algo); |
2724 | break; |
2725 | |
2726 | case SCTP_PARAM_CHUNKS: |
2727 | if (!ep->auth_enable) |
2728 | goto fall_through; |
2729 | |
2730 | kfree(objp: asoc->peer.peer_chunks); |
2731 | asoc->peer.peer_chunks = kmemdup(p: param.p, |
2732 | ntohs(param.p->length), gfp); |
2733 | if (!asoc->peer.peer_chunks) |
2734 | retval = 0; |
2735 | break; |
2736 | fall_through: |
2737 | default: |
2738 | /* Any unrecognized parameters should have been caught |
2739 | * and handled by sctp_verify_param() which should be |
2740 | * called prior to this routine. Simply log the error |
2741 | * here. |
2742 | */ |
2743 | pr_debug("%s: ignoring param:%d for association:%p.\n" , |
2744 | __func__, ntohs(param.p->type), asoc); |
2745 | break; |
2746 | } |
2747 | |
2748 | return retval; |
2749 | } |
2750 | |
2751 | /* Select a new verification tag. */ |
2752 | __u32 sctp_generate_tag(const struct sctp_endpoint *ep) |
2753 | { |
2754 | /* I believe that this random number generator complies with RFC1750. |
2755 | * A tag of 0 is reserved for special cases (e.g. INIT). |
2756 | */ |
2757 | __u32 x; |
2758 | |
2759 | do { |
2760 | get_random_bytes(buf: &x, len: sizeof(__u32)); |
2761 | } while (x == 0); |
2762 | |
2763 | return x; |
2764 | } |
2765 | |
2766 | /* Select an initial TSN to send during startup. */ |
2767 | __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) |
2768 | { |
2769 | __u32 retval; |
2770 | |
2771 | get_random_bytes(buf: &retval, len: sizeof(__u32)); |
2772 | return retval; |
2773 | } |
2774 | |
2775 | /* |
2776 | * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) |
2777 | * 0 1 2 3 |
2778 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
2779 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2780 | * | Type = 0xC1 | Chunk Flags | Chunk Length | |
2781 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2782 | * | Serial Number | |
2783 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2784 | * | Address Parameter | |
2785 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2786 | * | ASCONF Parameter #1 | |
2787 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2788 | * \ \ |
2789 | * / .... / |
2790 | * \ \ |
2791 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2792 | * | ASCONF Parameter #N | |
2793 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2794 | * |
2795 | * Address Parameter and other parameter will not be wrapped in this function |
2796 | */ |
2797 | static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, |
2798 | union sctp_addr *addr, |
2799 | int vparam_len) |
2800 | { |
2801 | struct sctp_addiphdr asconf; |
2802 | struct sctp_chunk *retval; |
2803 | int length = sizeof(asconf) + vparam_len; |
2804 | union sctp_addr_param addrparam; |
2805 | int addrlen; |
2806 | struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); |
2807 | |
2808 | addrlen = af->to_addr_param(addr, &addrparam); |
2809 | if (!addrlen) |
2810 | return NULL; |
2811 | length += addrlen; |
2812 | |
2813 | /* Create the chunk. */ |
2814 | retval = sctp_make_control(asoc, type: SCTP_CID_ASCONF, flags: 0, paylen: length, |
2815 | GFP_ATOMIC); |
2816 | if (!retval) |
2817 | return NULL; |
2818 | |
2819 | asconf.serial = htonl(asoc->addip_serial++); |
2820 | |
2821 | retval->subh.addip_hdr = |
2822 | sctp_addto_chunk(chunk: retval, len: sizeof(asconf), data: &asconf); |
2823 | retval->param_hdr.v = |
2824 | sctp_addto_chunk(chunk: retval, len: addrlen, data: &addrparam); |
2825 | |
2826 | return retval; |
2827 | } |
2828 | |
2829 | /* ADDIP |
2830 | * 3.2.1 Add IP Address |
2831 | * 0 1 2 3 |
2832 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
2833 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2834 | * | Type = 0xC001 | Length = Variable | |
2835 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2836 | * | ASCONF-Request Correlation ID | |
2837 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2838 | * | Address Parameter | |
2839 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2840 | * |
2841 | * 3.2.2 Delete IP Address |
2842 | * 0 1 2 3 |
2843 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
2844 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2845 | * | Type = 0xC002 | Length = Variable | |
2846 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2847 | * | ASCONF-Request Correlation ID | |
2848 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2849 | * | Address Parameter | |
2850 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2851 | * |
2852 | */ |
2853 | struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, |
2854 | union sctp_addr *laddr, |
2855 | struct sockaddr *addrs, |
2856 | int addrcnt, __be16 flags) |
2857 | { |
2858 | union sctp_addr_param addr_param; |
2859 | struct sctp_addip_param param; |
2860 | int paramlen = sizeof(param); |
2861 | struct sctp_chunk *retval; |
2862 | int addr_param_len = 0; |
2863 | union sctp_addr *addr; |
2864 | int totallen = 0, i; |
2865 | int del_pickup = 0; |
2866 | struct sctp_af *af; |
2867 | void *addr_buf; |
2868 | |
2869 | /* Get total length of all the address parameters. */ |
2870 | addr_buf = addrs; |
2871 | for (i = 0; i < addrcnt; i++) { |
2872 | addr = addr_buf; |
2873 | af = sctp_get_af_specific(addr->v4.sin_family); |
2874 | addr_param_len = af->to_addr_param(addr, &addr_param); |
2875 | |
2876 | totallen += paramlen; |
2877 | totallen += addr_param_len; |
2878 | |
2879 | addr_buf += af->sockaddr_len; |
2880 | if (asoc->asconf_addr_del_pending && !del_pickup) { |
2881 | /* reuse the parameter length from the same scope one */ |
2882 | totallen += paramlen; |
2883 | totallen += addr_param_len; |
2884 | del_pickup = 1; |
2885 | |
2886 | pr_debug("%s: picked same-scope del_pending addr, " |
2887 | "totallen for all addresses is %d\n" , |
2888 | __func__, totallen); |
2889 | } |
2890 | } |
2891 | |
2892 | /* Create an asconf chunk with the required length. */ |
2893 | retval = sctp_make_asconf(asoc, addr: laddr, vparam_len: totallen); |
2894 | if (!retval) |
2895 | return NULL; |
2896 | |
2897 | /* Add the address parameters to the asconf chunk. */ |
2898 | addr_buf = addrs; |
2899 | for (i = 0; i < addrcnt; i++) { |
2900 | addr = addr_buf; |
2901 | af = sctp_get_af_specific(addr->v4.sin_family); |
2902 | addr_param_len = af->to_addr_param(addr, &addr_param); |
2903 | param.param_hdr.type = flags; |
2904 | param.param_hdr.length = htons(paramlen + addr_param_len); |
2905 | param.crr_id = htonl(i); |
2906 | |
2907 | sctp_addto_chunk(chunk: retval, len: paramlen, data: ¶m); |
2908 | sctp_addto_chunk(chunk: retval, len: addr_param_len, data: &addr_param); |
2909 | |
2910 | addr_buf += af->sockaddr_len; |
2911 | } |
2912 | if (flags == SCTP_PARAM_ADD_IP && del_pickup) { |
2913 | addr = asoc->asconf_addr_del_pending; |
2914 | af = sctp_get_af_specific(addr->v4.sin_family); |
2915 | addr_param_len = af->to_addr_param(addr, &addr_param); |
2916 | param.param_hdr.type = SCTP_PARAM_DEL_IP; |
2917 | param.param_hdr.length = htons(paramlen + addr_param_len); |
2918 | param.crr_id = htonl(i); |
2919 | |
2920 | sctp_addto_chunk(chunk: retval, len: paramlen, data: ¶m); |
2921 | sctp_addto_chunk(chunk: retval, len: addr_param_len, data: &addr_param); |
2922 | } |
2923 | return retval; |
2924 | } |
2925 | |
2926 | /* ADDIP |
2927 | * 3.2.4 Set Primary IP Address |
2928 | * 0 1 2 3 |
2929 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
2930 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2931 | * | Type =0xC004 | Length = Variable | |
2932 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2933 | * | ASCONF-Request Correlation ID | |
2934 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2935 | * | Address Parameter | |
2936 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2937 | * |
2938 | * Create an ASCONF chunk with Set Primary IP address parameter. |
2939 | */ |
2940 | struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, |
2941 | union sctp_addr *addr) |
2942 | { |
2943 | struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); |
2944 | union sctp_addr_param addrparam; |
2945 | struct sctp_addip_param param; |
2946 | struct sctp_chunk *retval; |
2947 | int len = sizeof(param); |
2948 | int addrlen; |
2949 | |
2950 | addrlen = af->to_addr_param(addr, &addrparam); |
2951 | if (!addrlen) |
2952 | return NULL; |
2953 | len += addrlen; |
2954 | |
2955 | /* Create the chunk and make asconf header. */ |
2956 | retval = sctp_make_asconf(asoc, addr, vparam_len: len); |
2957 | if (!retval) |
2958 | return NULL; |
2959 | |
2960 | param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; |
2961 | param.param_hdr.length = htons(len); |
2962 | param.crr_id = 0; |
2963 | |
2964 | sctp_addto_chunk(chunk: retval, len: sizeof(param), data: ¶m); |
2965 | sctp_addto_chunk(chunk: retval, len: addrlen, data: &addrparam); |
2966 | |
2967 | return retval; |
2968 | } |
2969 | |
2970 | /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) |
2971 | * 0 1 2 3 |
2972 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
2973 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2974 | * | Type = 0x80 | Chunk Flags | Chunk Length | |
2975 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2976 | * | Serial Number | |
2977 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2978 | * | ASCONF Parameter Response#1 | |
2979 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2980 | * \ \ |
2981 | * / .... / |
2982 | * \ \ |
2983 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2984 | * | ASCONF Parameter Response#N | |
2985 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
2986 | * |
2987 | * Create an ASCONF_ACK chunk with enough space for the parameter responses. |
2988 | */ |
2989 | static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, |
2990 | __u32 serial, int vparam_len) |
2991 | { |
2992 | struct sctp_addiphdr asconf; |
2993 | struct sctp_chunk *retval; |
2994 | int length = sizeof(asconf) + vparam_len; |
2995 | |
2996 | /* Create the chunk. */ |
2997 | retval = sctp_make_control(asoc, type: SCTP_CID_ASCONF_ACK, flags: 0, paylen: length, |
2998 | GFP_ATOMIC); |
2999 | if (!retval) |
3000 | return NULL; |
3001 | |
3002 | asconf.serial = htonl(serial); |
3003 | |
3004 | retval->subh.addip_hdr = |
3005 | sctp_addto_chunk(chunk: retval, len: sizeof(asconf), data: &asconf); |
3006 | |
3007 | return retval; |
3008 | } |
3009 | |
3010 | /* Add response parameters to an ASCONF_ACK chunk. */ |
3011 | static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, |
3012 | __be16 err_code, |
3013 | struct sctp_addip_param *asconf_param) |
3014 | { |
3015 | struct sctp_addip_param ack_param; |
3016 | struct sctp_errhdr err_param; |
3017 | int asconf_param_len = 0; |
3018 | int err_param_len = 0; |
3019 | __be16 response_type; |
3020 | |
3021 | if (SCTP_ERROR_NO_ERROR == err_code) { |
3022 | response_type = SCTP_PARAM_SUCCESS_REPORT; |
3023 | } else { |
3024 | response_type = SCTP_PARAM_ERR_CAUSE; |
3025 | err_param_len = sizeof(err_param); |
3026 | if (asconf_param) |
3027 | asconf_param_len = |
3028 | ntohs(asconf_param->param_hdr.length); |
3029 | } |
3030 | |
3031 | /* Add Success Indication or Error Cause Indication parameter. */ |
3032 | ack_param.param_hdr.type = response_type; |
3033 | ack_param.param_hdr.length = htons(sizeof(ack_param) + |
3034 | err_param_len + |
3035 | asconf_param_len); |
3036 | ack_param.crr_id = crr_id; |
3037 | sctp_addto_chunk(chunk, len: sizeof(ack_param), data: &ack_param); |
3038 | |
3039 | if (SCTP_ERROR_NO_ERROR == err_code) |
3040 | return; |
3041 | |
3042 | /* Add Error Cause parameter. */ |
3043 | err_param.cause = err_code; |
3044 | err_param.length = htons(err_param_len + asconf_param_len); |
3045 | sctp_addto_chunk(chunk, len: err_param_len, data: &err_param); |
3046 | |
3047 | /* Add the failed TLV copied from ASCONF chunk. */ |
3048 | if (asconf_param) |
3049 | sctp_addto_chunk(chunk, len: asconf_param_len, data: asconf_param); |
3050 | } |
3051 | |
3052 | /* Process a asconf parameter. */ |
3053 | static __be16 sctp_process_asconf_param(struct sctp_association *asoc, |
3054 | struct sctp_chunk *asconf, |
3055 | struct sctp_addip_param *asconf_param) |
3056 | { |
3057 | union sctp_addr_param *addr_param; |
3058 | struct sctp_transport *peer; |
3059 | union sctp_addr addr; |
3060 | struct sctp_af *af; |
3061 | |
3062 | addr_param = (void *)asconf_param + sizeof(*asconf_param); |
3063 | |
3064 | if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && |
3065 | asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && |
3066 | asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) |
3067 | return SCTP_ERROR_UNKNOWN_PARAM; |
3068 | |
3069 | switch (addr_param->p.type) { |
3070 | case SCTP_PARAM_IPV6_ADDRESS: |
3071 | if (!asoc->peer.ipv6_address) |
3072 | return SCTP_ERROR_DNS_FAILED; |
3073 | break; |
3074 | case SCTP_PARAM_IPV4_ADDRESS: |
3075 | if (!asoc->peer.ipv4_address) |
3076 | return SCTP_ERROR_DNS_FAILED; |
3077 | break; |
3078 | default: |
3079 | return SCTP_ERROR_DNS_FAILED; |
3080 | } |
3081 | |
3082 | af = sctp_get_af_specific(param_type2af(type: addr_param->p.type)); |
3083 | if (unlikely(!af)) |
3084 | return SCTP_ERROR_DNS_FAILED; |
3085 | |
3086 | if (!af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0)) |
3087 | return SCTP_ERROR_DNS_FAILED; |
3088 | |
3089 | /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast |
3090 | * or multicast address. |
3091 | * (note: wildcard is permitted and requires special handling so |
3092 | * make sure we check for that) |
3093 | */ |
3094 | if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) |
3095 | return SCTP_ERROR_DNS_FAILED; |
3096 | |
3097 | switch (asconf_param->param_hdr.type) { |
3098 | case SCTP_PARAM_ADD_IP: |
3099 | /* Section 4.2.1: |
3100 | * If the address 0.0.0.0 or ::0 is provided, the source |
3101 | * address of the packet MUST be added. |
3102 | */ |
3103 | if (af->is_any(&addr)) |
3104 | memcpy(&addr, &asconf->source, sizeof(addr)); |
3105 | |
3106 | if (security_sctp_bind_connect(sk: asoc->ep->base.sk, |
3107 | optname: SCTP_PARAM_ADD_IP, |
3108 | address: (struct sockaddr *)&addr, |
3109 | addrlen: af->sockaddr_len)) |
3110 | return SCTP_ERROR_REQ_REFUSED; |
3111 | |
3112 | /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address |
3113 | * request and does not have the local resources to add this |
3114 | * new address to the association, it MUST return an Error |
3115 | * Cause TLV set to the new error code 'Operation Refused |
3116 | * Due to Resource Shortage'. |
3117 | */ |
3118 | |
3119 | peer = sctp_assoc_add_peer(asoc, address: &addr, GFP_ATOMIC, peer_state: SCTP_UNCONFIRMED); |
3120 | if (!peer) |
3121 | return SCTP_ERROR_RSRC_LOW; |
3122 | |
3123 | /* Start the heartbeat timer. */ |
3124 | sctp_transport_reset_hb_timer(peer); |
3125 | asoc->new_transport = peer; |
3126 | break; |
3127 | case SCTP_PARAM_DEL_IP: |
3128 | /* ADDIP 4.3 D7) If a request is received to delete the |
3129 | * last remaining IP address of a peer endpoint, the receiver |
3130 | * MUST send an Error Cause TLV with the error cause set to the |
3131 | * new error code 'Request to Delete Last Remaining IP Address'. |
3132 | */ |
3133 | if (asoc->peer.transport_count == 1) |
3134 | return SCTP_ERROR_DEL_LAST_IP; |
3135 | |
3136 | /* ADDIP 4.3 D8) If a request is received to delete an IP |
3137 | * address which is also the source address of the IP packet |
3138 | * which contained the ASCONF chunk, the receiver MUST reject |
3139 | * this request. To reject the request the receiver MUST send |
3140 | * an Error Cause TLV set to the new error code 'Request to |
3141 | * Delete Source IP Address' |
3142 | */ |
3143 | if (sctp_cmp_addr_exact(ss1: &asconf->source, ss2: &addr)) |
3144 | return SCTP_ERROR_DEL_SRC_IP; |
3145 | |
3146 | /* Section 4.2.2 |
3147 | * If the address 0.0.0.0 or ::0 is provided, all |
3148 | * addresses of the peer except the source address of the |
3149 | * packet MUST be deleted. |
3150 | */ |
3151 | if (af->is_any(&addr)) { |
3152 | sctp_assoc_set_primary(asoc, asconf->transport); |
3153 | sctp_assoc_del_nonprimary_peers(asoc, |
3154 | asconf->transport); |
3155 | return SCTP_ERROR_NO_ERROR; |
3156 | } |
3157 | |
3158 | /* If the address is not part of the association, the |
3159 | * ASCONF-ACK with Error Cause Indication Parameter |
3160 | * which including cause of Unresolvable Address should |
3161 | * be sent. |
3162 | */ |
3163 | peer = sctp_assoc_lookup_paddr(asoc, &addr); |
3164 | if (!peer) |
3165 | return SCTP_ERROR_DNS_FAILED; |
3166 | |
3167 | sctp_assoc_rm_peer(asoc, peer); |
3168 | break; |
3169 | case SCTP_PARAM_SET_PRIMARY: |
3170 | /* ADDIP Section 4.2.4 |
3171 | * If the address 0.0.0.0 or ::0 is provided, the receiver |
3172 | * MAY mark the source address of the packet as its |
3173 | * primary. |
3174 | */ |
3175 | if (af->is_any(&addr)) |
3176 | memcpy(&addr, sctp_source(asconf), sizeof(addr)); |
3177 | |
3178 | if (security_sctp_bind_connect(sk: asoc->ep->base.sk, |
3179 | optname: SCTP_PARAM_SET_PRIMARY, |
3180 | address: (struct sockaddr *)&addr, |
3181 | addrlen: af->sockaddr_len)) |
3182 | return SCTP_ERROR_REQ_REFUSED; |
3183 | |
3184 | peer = sctp_assoc_lookup_paddr(asoc, &addr); |
3185 | if (!peer) |
3186 | return SCTP_ERROR_DNS_FAILED; |
3187 | |
3188 | sctp_assoc_set_primary(asoc, peer); |
3189 | break; |
3190 | } |
3191 | |
3192 | return SCTP_ERROR_NO_ERROR; |
3193 | } |
3194 | |
3195 | /* Verify the ASCONF packet before we process it. */ |
3196 | bool sctp_verify_asconf(const struct sctp_association *asoc, |
3197 | struct sctp_chunk *chunk, bool addr_param_needed, |
3198 | struct sctp_paramhdr **errp) |
3199 | { |
3200 | struct sctp_addip_chunk *addip; |
3201 | bool addr_param_seen = false; |
3202 | union sctp_params param; |
3203 | |
3204 | addip = (struct sctp_addip_chunk *)chunk->chunk_hdr; |
3205 | sctp_walk_params(param, addip) { |
3206 | size_t length = ntohs(param.p->length); |
3207 | |
3208 | *errp = param.p; |
3209 | switch (param.p->type) { |
3210 | case SCTP_PARAM_ERR_CAUSE: |
3211 | break; |
3212 | case SCTP_PARAM_IPV4_ADDRESS: |
3213 | if (length != sizeof(struct sctp_ipv4addr_param)) |
3214 | return false; |
3215 | /* ensure there is only one addr param and it's in the |
3216 | * beginning of addip_hdr params, or we reject it. |
3217 | */ |
3218 | if (param.v != (addip + 1)) |
3219 | return false; |
3220 | addr_param_seen = true; |
3221 | break; |
3222 | case SCTP_PARAM_IPV6_ADDRESS: |
3223 | if (length != sizeof(struct sctp_ipv6addr_param)) |
3224 | return false; |
3225 | if (param.v != (addip + 1)) |
3226 | return false; |
3227 | addr_param_seen = true; |
3228 | break; |
3229 | case SCTP_PARAM_ADD_IP: |
3230 | case SCTP_PARAM_DEL_IP: |
3231 | case SCTP_PARAM_SET_PRIMARY: |
3232 | /* In ASCONF chunks, these need to be first. */ |
3233 | if (addr_param_needed && !addr_param_seen) |
3234 | return false; |
3235 | length = ntohs(param.addip->param_hdr.length); |
3236 | if (length < sizeof(struct sctp_addip_param) + |
3237 | sizeof(**errp)) |
3238 | return false; |
3239 | break; |
3240 | case SCTP_PARAM_SUCCESS_REPORT: |
3241 | case SCTP_PARAM_ADAPTATION_LAYER_IND: |
3242 | if (length != sizeof(struct sctp_addip_param)) |
3243 | return false; |
3244 | break; |
3245 | default: |
3246 | /* This is unknown to us, reject! */ |
3247 | return false; |
3248 | } |
3249 | } |
3250 | |
3251 | /* Remaining sanity checks. */ |
3252 | if (addr_param_needed && !addr_param_seen) |
3253 | return false; |
3254 | if (!addr_param_needed && addr_param_seen) |
3255 | return false; |
3256 | if (param.v != chunk->chunk_end) |
3257 | return false; |
3258 | |
3259 | return true; |
3260 | } |
3261 | |
3262 | /* Process an incoming ASCONF chunk with the next expected serial no. and |
3263 | * return an ASCONF_ACK chunk to be sent in response. |
3264 | */ |
3265 | struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, |
3266 | struct sctp_chunk *asconf) |
3267 | { |
3268 | union sctp_addr_param *addr_param; |
3269 | struct sctp_addip_chunk *addip; |
3270 | struct sctp_chunk *asconf_ack; |
3271 | bool all_param_pass = true; |
3272 | struct sctp_addiphdr *hdr; |
3273 | int length = 0, chunk_len; |
3274 | union sctp_params param; |
3275 | __be16 err_code; |
3276 | __u32 serial; |
3277 | |
3278 | addip = (struct sctp_addip_chunk *)asconf->chunk_hdr; |
3279 | chunk_len = ntohs(asconf->chunk_hdr->length) - |
3280 | sizeof(struct sctp_chunkhdr); |
3281 | hdr = (struct sctp_addiphdr *)asconf->skb->data; |
3282 | serial = ntohl(hdr->serial); |
3283 | |
3284 | /* Skip the addiphdr and store a pointer to address parameter. */ |
3285 | length = sizeof(*hdr); |
3286 | addr_param = (union sctp_addr_param *)(asconf->skb->data + length); |
3287 | chunk_len -= length; |
3288 | |
3289 | /* Skip the address parameter and store a pointer to the first |
3290 | * asconf parameter. |
3291 | */ |
3292 | length = ntohs(addr_param->p.length); |
3293 | chunk_len -= length; |
3294 | |
3295 | /* create an ASCONF_ACK chunk. |
3296 | * Based on the definitions of parameters, we know that the size of |
3297 | * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF |
3298 | * parameters. |
3299 | */ |
3300 | asconf_ack = sctp_make_asconf_ack(asoc, serial, vparam_len: chunk_len * 4); |
3301 | if (!asconf_ack) |
3302 | goto done; |
3303 | |
3304 | /* Process the TLVs contained within the ASCONF chunk. */ |
3305 | sctp_walk_params(param, addip) { |
3306 | /* Skip preceding address parameters. */ |
3307 | if (param.p->type == SCTP_PARAM_IPV4_ADDRESS || |
3308 | param.p->type == SCTP_PARAM_IPV6_ADDRESS) |
3309 | continue; |
3310 | |
3311 | err_code = sctp_process_asconf_param(asoc, asconf, |
3312 | asconf_param: param.addip); |
3313 | /* ADDIP 4.1 A7) |
3314 | * If an error response is received for a TLV parameter, |
3315 | * all TLVs with no response before the failed TLV are |
3316 | * considered successful if not reported. All TLVs after |
3317 | * the failed response are considered unsuccessful unless |
3318 | * a specific success indication is present for the parameter. |
3319 | */ |
3320 | if (err_code != SCTP_ERROR_NO_ERROR) |
3321 | all_param_pass = false; |
3322 | if (!all_param_pass) |
3323 | sctp_add_asconf_response(chunk: asconf_ack, crr_id: param.addip->crr_id, |
3324 | err_code, asconf_param: param.addip); |
3325 | |
3326 | /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add |
3327 | * an IP address sends an 'Out of Resource' in its response, it |
3328 | * MUST also fail any subsequent add or delete requests bundled |
3329 | * in the ASCONF. |
3330 | */ |
3331 | if (err_code == SCTP_ERROR_RSRC_LOW) |
3332 | goto done; |
3333 | } |
3334 | done: |
3335 | asoc->peer.addip_serial++; |
3336 | |
3337 | /* If we are sending a new ASCONF_ACK hold a reference to it in assoc |
3338 | * after freeing the reference to old asconf ack if any. |
3339 | */ |
3340 | if (asconf_ack) { |
3341 | sctp_chunk_hold(ch: asconf_ack); |
3342 | list_add_tail(new: &asconf_ack->transmitted_list, |
3343 | head: &asoc->asconf_ack_list); |
3344 | } |
3345 | |
3346 | return asconf_ack; |
3347 | } |
3348 | |
3349 | /* Process a asconf parameter that is successfully acked. */ |
3350 | static void sctp_asconf_param_success(struct sctp_association *asoc, |
3351 | struct sctp_addip_param *asconf_param) |
3352 | { |
3353 | struct sctp_bind_addr *bp = &asoc->base.bind_addr; |
3354 | union sctp_addr_param *addr_param; |
3355 | struct sctp_sockaddr_entry *saddr; |
3356 | struct sctp_transport *transport; |
3357 | union sctp_addr addr; |
3358 | struct sctp_af *af; |
3359 | |
3360 | addr_param = (void *)asconf_param + sizeof(*asconf_param); |
3361 | |
3362 | /* We have checked the packet before, so we do not check again. */ |
3363 | af = sctp_get_af_specific(param_type2af(type: addr_param->p.type)); |
3364 | if (!af->from_addr_param(&addr, addr_param, htons(bp->port), 0)) |
3365 | return; |
3366 | |
3367 | switch (asconf_param->param_hdr.type) { |
3368 | case SCTP_PARAM_ADD_IP: |
3369 | /* This is always done in BH context with a socket lock |
3370 | * held, so the list can not change. |
3371 | */ |
3372 | local_bh_disable(); |
3373 | list_for_each_entry(saddr, &bp->address_list, list) { |
3374 | if (sctp_cmp_addr_exact(ss1: &saddr->a, ss2: &addr)) |
3375 | saddr->state = SCTP_ADDR_SRC; |
3376 | } |
3377 | local_bh_enable(); |
3378 | list_for_each_entry(transport, &asoc->peer.transport_addr_list, |
3379 | transports) { |
3380 | sctp_transport_dst_release(t: transport); |
3381 | } |
3382 | break; |
3383 | case SCTP_PARAM_DEL_IP: |
3384 | local_bh_disable(); |
3385 | sctp_del_bind_addr(bp, &addr); |
3386 | if (asoc->asconf_addr_del_pending != NULL && |
3387 | sctp_cmp_addr_exact(ss1: asoc->asconf_addr_del_pending, ss2: &addr)) { |
3388 | kfree(objp: asoc->asconf_addr_del_pending); |
3389 | asoc->asconf_addr_del_pending = NULL; |
3390 | } |
3391 | local_bh_enable(); |
3392 | list_for_each_entry(transport, &asoc->peer.transport_addr_list, |
3393 | transports) { |
3394 | sctp_transport_dst_release(t: transport); |
3395 | } |
3396 | break; |
3397 | default: |
3398 | break; |
3399 | } |
3400 | } |
3401 | |
3402 | /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk |
3403 | * for the given asconf parameter. If there is no response for this parameter, |
3404 | * return the error code based on the third argument 'no_err'. |
3405 | * ADDIP 4.1 |
3406 | * A7) If an error response is received for a TLV parameter, all TLVs with no |
3407 | * response before the failed TLV are considered successful if not reported. |
3408 | * All TLVs after the failed response are considered unsuccessful unless a |
3409 | * specific success indication is present for the parameter. |
3410 | */ |
3411 | static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, |
3412 | struct sctp_addip_param *asconf_param, |
3413 | int no_err) |
3414 | { |
3415 | struct sctp_addip_param *asconf_ack_param; |
3416 | struct sctp_errhdr *err_param; |
3417 | int asconf_ack_len; |
3418 | __be16 err_code; |
3419 | int length; |
3420 | |
3421 | if (no_err) |
3422 | err_code = SCTP_ERROR_NO_ERROR; |
3423 | else |
3424 | err_code = SCTP_ERROR_REQ_REFUSED; |
3425 | |
3426 | asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - |
3427 | sizeof(struct sctp_chunkhdr); |
3428 | |
3429 | /* Skip the addiphdr from the asconf_ack chunk and store a pointer to |
3430 | * the first asconf_ack parameter. |
3431 | */ |
3432 | length = sizeof(struct sctp_addiphdr); |
3433 | asconf_ack_param = (struct sctp_addip_param *)(asconf_ack->skb->data + |
3434 | length); |
3435 | asconf_ack_len -= length; |
3436 | |
3437 | while (asconf_ack_len > 0) { |
3438 | if (asconf_ack_param->crr_id == asconf_param->crr_id) { |
3439 | switch (asconf_ack_param->param_hdr.type) { |
3440 | case SCTP_PARAM_SUCCESS_REPORT: |
3441 | return SCTP_ERROR_NO_ERROR; |
3442 | case SCTP_PARAM_ERR_CAUSE: |
3443 | length = sizeof(*asconf_ack_param); |
3444 | err_param = (void *)asconf_ack_param + length; |
3445 | asconf_ack_len -= length; |
3446 | if (asconf_ack_len > 0) |
3447 | return err_param->cause; |
3448 | else |
3449 | return SCTP_ERROR_INV_PARAM; |
3450 | break; |
3451 | default: |
3452 | return SCTP_ERROR_INV_PARAM; |
3453 | } |
3454 | } |
3455 | |
3456 | length = ntohs(asconf_ack_param->param_hdr.length); |
3457 | asconf_ack_param = (void *)asconf_ack_param + length; |
3458 | asconf_ack_len -= length; |
3459 | } |
3460 | |
3461 | return err_code; |
3462 | } |
3463 | |
3464 | /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ |
3465 | int sctp_process_asconf_ack(struct sctp_association *asoc, |
3466 | struct sctp_chunk *asconf_ack) |
3467 | { |
3468 | struct sctp_chunk *asconf = asoc->addip_last_asconf; |
3469 | struct sctp_addip_param *asconf_param; |
3470 | __be16 err_code = SCTP_ERROR_NO_ERROR; |
3471 | union sctp_addr_param *addr_param; |
3472 | int asconf_len = asconf->skb->len; |
3473 | int all_param_pass = 0; |
3474 | int length = 0; |
3475 | int no_err = 1; |
3476 | int retval = 0; |
3477 | |
3478 | /* Skip the chunkhdr and addiphdr from the last asconf sent and store |
3479 | * a pointer to address parameter. |
3480 | */ |
3481 | length = sizeof(struct sctp_addip_chunk); |
3482 | addr_param = (union sctp_addr_param *)(asconf->skb->data + length); |
3483 | asconf_len -= length; |
3484 | |
3485 | /* Skip the address parameter in the last asconf sent and store a |
3486 | * pointer to the first asconf parameter. |
3487 | */ |
3488 | length = ntohs(addr_param->p.length); |
3489 | asconf_param = (void *)addr_param + length; |
3490 | asconf_len -= length; |
3491 | |
3492 | /* ADDIP 4.1 |
3493 | * A8) If there is no response(s) to specific TLV parameter(s), and no |
3494 | * failures are indicated, then all request(s) are considered |
3495 | * successful. |
3496 | */ |
3497 | if (asconf_ack->skb->len == sizeof(struct sctp_addiphdr)) |
3498 | all_param_pass = 1; |
3499 | |
3500 | /* Process the TLVs contained in the last sent ASCONF chunk. */ |
3501 | while (asconf_len > 0) { |
3502 | if (all_param_pass) |
3503 | err_code = SCTP_ERROR_NO_ERROR; |
3504 | else { |
3505 | err_code = sctp_get_asconf_response(asconf_ack, |
3506 | asconf_param, |
3507 | no_err); |
3508 | if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) |
3509 | no_err = 0; |
3510 | } |
3511 | |
3512 | switch (err_code) { |
3513 | case SCTP_ERROR_NO_ERROR: |
3514 | sctp_asconf_param_success(asoc, asconf_param); |
3515 | break; |
3516 | |
3517 | case SCTP_ERROR_RSRC_LOW: |
3518 | retval = 1; |
3519 | break; |
3520 | |
3521 | case SCTP_ERROR_UNKNOWN_PARAM: |
3522 | /* Disable sending this type of asconf parameter in |
3523 | * future. |
3524 | */ |
3525 | asoc->peer.addip_disabled_mask |= |
3526 | asconf_param->param_hdr.type; |
3527 | break; |
3528 | |
3529 | case SCTP_ERROR_REQ_REFUSED: |
3530 | case SCTP_ERROR_DEL_LAST_IP: |
3531 | case SCTP_ERROR_DEL_SRC_IP: |
3532 | default: |
3533 | break; |
3534 | } |
3535 | |
3536 | /* Skip the processed asconf parameter and move to the next |
3537 | * one. |
3538 | */ |
3539 | length = ntohs(asconf_param->param_hdr.length); |
3540 | asconf_param = (void *)asconf_param + length; |
3541 | asconf_len -= length; |
3542 | } |
3543 | |
3544 | if (no_err && asoc->src_out_of_asoc_ok) { |
3545 | asoc->src_out_of_asoc_ok = 0; |
3546 | sctp_transport_immediate_rtx(asoc->peer.primary_path); |
3547 | } |
3548 | |
3549 | /* Free the cached last sent asconf chunk. */ |
3550 | list_del_init(entry: &asconf->transmitted_list); |
3551 | sctp_chunk_free(chunk: asconf); |
3552 | asoc->addip_last_asconf = NULL; |
3553 | |
3554 | return retval; |
3555 | } |
3556 | |
3557 | /* Make a FWD TSN chunk. */ |
3558 | struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, |
3559 | __u32 new_cum_tsn, size_t nstreams, |
3560 | struct sctp_fwdtsn_skip *skiplist) |
3561 | { |
3562 | struct sctp_chunk *retval = NULL; |
3563 | struct sctp_fwdtsn_hdr ftsn_hdr; |
3564 | struct sctp_fwdtsn_skip skip; |
3565 | size_t hint; |
3566 | int i; |
3567 | |
3568 | hint = (nstreams + 1) * sizeof(__u32); |
3569 | |
3570 | retval = sctp_make_control(asoc, type: SCTP_CID_FWD_TSN, flags: 0, paylen: hint, GFP_ATOMIC); |
3571 | |
3572 | if (!retval) |
3573 | return NULL; |
3574 | |
3575 | ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); |
3576 | retval->subh.fwdtsn_hdr = |
3577 | sctp_addto_chunk(chunk: retval, len: sizeof(ftsn_hdr), data: &ftsn_hdr); |
3578 | |
3579 | for (i = 0; i < nstreams; i++) { |
3580 | skip.stream = skiplist[i].stream; |
3581 | skip.ssn = skiplist[i].ssn; |
3582 | sctp_addto_chunk(chunk: retval, len: sizeof(skip), data: &skip); |
3583 | } |
3584 | |
3585 | return retval; |
3586 | } |
3587 | |
3588 | struct sctp_chunk *sctp_make_ifwdtsn(const struct sctp_association *asoc, |
3589 | __u32 new_cum_tsn, size_t nstreams, |
3590 | struct sctp_ifwdtsn_skip *skiplist) |
3591 | { |
3592 | struct sctp_chunk *retval = NULL; |
3593 | struct sctp_ifwdtsn_hdr ftsn_hdr; |
3594 | size_t hint; |
3595 | |
3596 | hint = (nstreams + 1) * sizeof(__u32); |
3597 | |
3598 | retval = sctp_make_control(asoc, type: SCTP_CID_I_FWD_TSN, flags: 0, paylen: hint, |
3599 | GFP_ATOMIC); |
3600 | if (!retval) |
3601 | return NULL; |
3602 | |
3603 | ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); |
3604 | retval->subh.ifwdtsn_hdr = |
3605 | sctp_addto_chunk(chunk: retval, len: sizeof(ftsn_hdr), data: &ftsn_hdr); |
3606 | |
3607 | sctp_addto_chunk(chunk: retval, len: nstreams * sizeof(skiplist[0]), data: skiplist); |
3608 | |
3609 | return retval; |
3610 | } |
3611 | |
3612 | /* RE-CONFIG 3.1 (RE-CONFIG chunk) |
3613 | * 0 1 2 3 |
3614 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
3615 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3616 | * | Type = 130 | Chunk Flags | Chunk Length | |
3617 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3618 | * \ \ |
3619 | * / Re-configuration Parameter / |
3620 | * \ \ |
3621 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3622 | * \ \ |
3623 | * / Re-configuration Parameter (optional) / |
3624 | * \ \ |
3625 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3626 | */ |
3627 | static struct sctp_chunk *sctp_make_reconf(const struct sctp_association *asoc, |
3628 | int length) |
3629 | { |
3630 | struct sctp_reconf_chunk *reconf; |
3631 | struct sctp_chunk *retval; |
3632 | |
3633 | retval = sctp_make_control(asoc, type: SCTP_CID_RECONF, flags: 0, paylen: length, |
3634 | GFP_ATOMIC); |
3635 | if (!retval) |
3636 | return NULL; |
3637 | |
3638 | reconf = (struct sctp_reconf_chunk *)retval->chunk_hdr; |
3639 | retval->param_hdr.v = (u8 *)(reconf + 1); |
3640 | |
3641 | return retval; |
3642 | } |
3643 | |
3644 | /* RE-CONFIG 4.1 (STREAM OUT RESET) |
3645 | * 0 1 2 3 |
3646 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
3647 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3648 | * | Parameter Type = 13 | Parameter Length = 16 + 2 * N | |
3649 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3650 | * | Re-configuration Request Sequence Number | |
3651 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3652 | * | Re-configuration Response Sequence Number | |
3653 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3654 | * | Sender's Last Assigned TSN | |
3655 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3656 | * | Stream Number 1 (optional) | Stream Number 2 (optional) | |
3657 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3658 | * / ...... / |
3659 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3660 | * | Stream Number N-1 (optional) | Stream Number N (optional) | |
3661 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3662 | * |
3663 | * RE-CONFIG 4.2 (STREAM IN RESET) |
3664 | * 0 1 2 3 |
3665 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
3666 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3667 | * | Parameter Type = 14 | Parameter Length = 8 + 2 * N | |
3668 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3669 | * | Re-configuration Request Sequence Number | |
3670 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3671 | * | Stream Number 1 (optional) | Stream Number 2 (optional) | |
3672 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3673 | * / ...... / |
3674 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3675 | * | Stream Number N-1 (optional) | Stream Number N (optional) | |
3676 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3677 | */ |
3678 | struct sctp_chunk *sctp_make_strreset_req( |
3679 | const struct sctp_association *asoc, |
3680 | __u16 stream_num, __be16 *stream_list, |
3681 | bool out, bool in) |
3682 | { |
3683 | __u16 stream_len = stream_num * sizeof(__u16); |
3684 | struct sctp_strreset_outreq outreq; |
3685 | struct sctp_strreset_inreq inreq; |
3686 | struct sctp_chunk *retval; |
3687 | __u16 outlen, inlen; |
3688 | |
3689 | outlen = (sizeof(outreq) + stream_len) * out; |
3690 | inlen = (sizeof(inreq) + stream_len) * in; |
3691 | |
3692 | retval = sctp_make_reconf(asoc, SCTP_PAD4(outlen) + SCTP_PAD4(inlen)); |
3693 | if (!retval) |
3694 | return NULL; |
3695 | |
3696 | if (outlen) { |
3697 | outreq.param_hdr.type = SCTP_PARAM_RESET_OUT_REQUEST; |
3698 | outreq.param_hdr.length = htons(outlen); |
3699 | outreq.request_seq = htonl(asoc->strreset_outseq); |
3700 | outreq.response_seq = htonl(asoc->strreset_inseq - 1); |
3701 | outreq.send_reset_at_tsn = htonl(asoc->next_tsn - 1); |
3702 | |
3703 | sctp_addto_chunk(chunk: retval, len: sizeof(outreq), data: &outreq); |
3704 | |
3705 | if (stream_len) |
3706 | sctp_addto_chunk(chunk: retval, len: stream_len, data: stream_list); |
3707 | } |
3708 | |
3709 | if (inlen) { |
3710 | inreq.param_hdr.type = SCTP_PARAM_RESET_IN_REQUEST; |
3711 | inreq.param_hdr.length = htons(inlen); |
3712 | inreq.request_seq = htonl(asoc->strreset_outseq + out); |
3713 | |
3714 | sctp_addto_chunk(chunk: retval, len: sizeof(inreq), data: &inreq); |
3715 | |
3716 | if (stream_len) |
3717 | sctp_addto_chunk(chunk: retval, len: stream_len, data: stream_list); |
3718 | } |
3719 | |
3720 | return retval; |
3721 | } |
3722 | |
3723 | /* RE-CONFIG 4.3 (SSN/TSN RESET ALL) |
3724 | * 0 1 2 3 |
3725 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
3726 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3727 | * | Parameter Type = 15 | Parameter Length = 8 | |
3728 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3729 | * | Re-configuration Request Sequence Number | |
3730 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3731 | */ |
3732 | struct sctp_chunk *sctp_make_strreset_tsnreq( |
3733 | const struct sctp_association *asoc) |
3734 | { |
3735 | struct sctp_strreset_tsnreq tsnreq; |
3736 | __u16 length = sizeof(tsnreq); |
3737 | struct sctp_chunk *retval; |
3738 | |
3739 | retval = sctp_make_reconf(asoc, length); |
3740 | if (!retval) |
3741 | return NULL; |
3742 | |
3743 | tsnreq.param_hdr.type = SCTP_PARAM_RESET_TSN_REQUEST; |
3744 | tsnreq.param_hdr.length = htons(length); |
3745 | tsnreq.request_seq = htonl(asoc->strreset_outseq); |
3746 | |
3747 | sctp_addto_chunk(chunk: retval, len: sizeof(tsnreq), data: &tsnreq); |
3748 | |
3749 | return retval; |
3750 | } |
3751 | |
3752 | /* RE-CONFIG 4.5/4.6 (ADD STREAM) |
3753 | * 0 1 2 3 |
3754 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
3755 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3756 | * | Parameter Type = 17 | Parameter Length = 12 | |
3757 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3758 | * | Re-configuration Request Sequence Number | |
3759 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3760 | * | Number of new streams | Reserved | |
3761 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3762 | */ |
3763 | struct sctp_chunk *sctp_make_strreset_addstrm( |
3764 | const struct sctp_association *asoc, |
3765 | __u16 out, __u16 in) |
3766 | { |
3767 | struct sctp_strreset_addstrm addstrm; |
3768 | __u16 size = sizeof(addstrm); |
3769 | struct sctp_chunk *retval; |
3770 | |
3771 | retval = sctp_make_reconf(asoc, length: (!!out + !!in) * size); |
3772 | if (!retval) |
3773 | return NULL; |
3774 | |
3775 | if (out) { |
3776 | addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_OUT_STREAMS; |
3777 | addstrm.param_hdr.length = htons(size); |
3778 | addstrm.number_of_streams = htons(out); |
3779 | addstrm.request_seq = htonl(asoc->strreset_outseq); |
3780 | addstrm.reserved = 0; |
3781 | |
3782 | sctp_addto_chunk(chunk: retval, len: size, data: &addstrm); |
3783 | } |
3784 | |
3785 | if (in) { |
3786 | addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_IN_STREAMS; |
3787 | addstrm.param_hdr.length = htons(size); |
3788 | addstrm.number_of_streams = htons(in); |
3789 | addstrm.request_seq = htonl(asoc->strreset_outseq + !!out); |
3790 | addstrm.reserved = 0; |
3791 | |
3792 | sctp_addto_chunk(chunk: retval, len: size, data: &addstrm); |
3793 | } |
3794 | |
3795 | return retval; |
3796 | } |
3797 | |
3798 | /* RE-CONFIG 4.4 (RESP) |
3799 | * 0 1 2 3 |
3800 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
3801 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3802 | * | Parameter Type = 16 | Parameter Length | |
3803 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3804 | * | Re-configuration Response Sequence Number | |
3805 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3806 | * | Result | |
3807 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3808 | */ |
3809 | struct sctp_chunk *sctp_make_strreset_resp(const struct sctp_association *asoc, |
3810 | __u32 result, __u32 sn) |
3811 | { |
3812 | struct sctp_strreset_resp resp; |
3813 | __u16 length = sizeof(resp); |
3814 | struct sctp_chunk *retval; |
3815 | |
3816 | retval = sctp_make_reconf(asoc, length); |
3817 | if (!retval) |
3818 | return NULL; |
3819 | |
3820 | resp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE; |
3821 | resp.param_hdr.length = htons(length); |
3822 | resp.response_seq = htonl(sn); |
3823 | resp.result = htonl(result); |
3824 | |
3825 | sctp_addto_chunk(chunk: retval, len: sizeof(resp), data: &resp); |
3826 | |
3827 | return retval; |
3828 | } |
3829 | |
3830 | /* RE-CONFIG 4.4 OPTIONAL (TSNRESP) |
3831 | * 0 1 2 3 |
3832 | * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |
3833 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3834 | * | Parameter Type = 16 | Parameter Length | |
3835 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3836 | * | Re-configuration Response Sequence Number | |
3837 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3838 | * | Result | |
3839 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3840 | * | Sender's Next TSN (optional) | |
3841 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3842 | * | Receiver's Next TSN (optional) | |
3843 | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
3844 | */ |
3845 | struct sctp_chunk *sctp_make_strreset_tsnresp(struct sctp_association *asoc, |
3846 | __u32 result, __u32 sn, |
3847 | __u32 sender_tsn, |
3848 | __u32 receiver_tsn) |
3849 | { |
3850 | struct sctp_strreset_resptsn tsnresp; |
3851 | __u16 length = sizeof(tsnresp); |
3852 | struct sctp_chunk *retval; |
3853 | |
3854 | retval = sctp_make_reconf(asoc, length); |
3855 | if (!retval) |
3856 | return NULL; |
3857 | |
3858 | tsnresp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE; |
3859 | tsnresp.param_hdr.length = htons(length); |
3860 | |
3861 | tsnresp.response_seq = htonl(sn); |
3862 | tsnresp.result = htonl(result); |
3863 | tsnresp.senders_next_tsn = htonl(sender_tsn); |
3864 | tsnresp.receivers_next_tsn = htonl(receiver_tsn); |
3865 | |
3866 | sctp_addto_chunk(chunk: retval, len: sizeof(tsnresp), data: &tsnresp); |
3867 | |
3868 | return retval; |
3869 | } |
3870 | |
3871 | bool sctp_verify_reconf(const struct sctp_association *asoc, |
3872 | struct sctp_chunk *chunk, |
3873 | struct sctp_paramhdr **errp) |
3874 | { |
3875 | struct sctp_reconf_chunk *hdr; |
3876 | union sctp_params param; |
3877 | __be16 last = 0; |
3878 | __u16 cnt = 0; |
3879 | |
3880 | hdr = (struct sctp_reconf_chunk *)chunk->chunk_hdr; |
3881 | sctp_walk_params(param, hdr) { |
3882 | __u16 length = ntohs(param.p->length); |
3883 | |
3884 | *errp = param.p; |
3885 | if (cnt++ > 2) |
3886 | return false; |
3887 | switch (param.p->type) { |
3888 | case SCTP_PARAM_RESET_OUT_REQUEST: |
3889 | if (length < sizeof(struct sctp_strreset_outreq) || |
3890 | (last && last != SCTP_PARAM_RESET_RESPONSE && |
3891 | last != SCTP_PARAM_RESET_IN_REQUEST)) |
3892 | return false; |
3893 | break; |
3894 | case SCTP_PARAM_RESET_IN_REQUEST: |
3895 | if (length < sizeof(struct sctp_strreset_inreq) || |
3896 | (last && last != SCTP_PARAM_RESET_OUT_REQUEST)) |
3897 | return false; |
3898 | break; |
3899 | case SCTP_PARAM_RESET_RESPONSE: |
3900 | if ((length != sizeof(struct sctp_strreset_resp) && |
3901 | length != sizeof(struct sctp_strreset_resptsn)) || |
3902 | (last && last != SCTP_PARAM_RESET_RESPONSE && |
3903 | last != SCTP_PARAM_RESET_OUT_REQUEST)) |
3904 | return false; |
3905 | break; |
3906 | case SCTP_PARAM_RESET_TSN_REQUEST: |
3907 | if (length != |
3908 | sizeof(struct sctp_strreset_tsnreq) || last) |
3909 | return false; |
3910 | break; |
3911 | case SCTP_PARAM_RESET_ADD_IN_STREAMS: |
3912 | if (length != sizeof(struct sctp_strreset_addstrm) || |
3913 | (last && last != SCTP_PARAM_RESET_ADD_OUT_STREAMS)) |
3914 | return false; |
3915 | break; |
3916 | case SCTP_PARAM_RESET_ADD_OUT_STREAMS: |
3917 | if (length != sizeof(struct sctp_strreset_addstrm) || |
3918 | (last && last != SCTP_PARAM_RESET_ADD_IN_STREAMS)) |
3919 | return false; |
3920 | break; |
3921 | default: |
3922 | return false; |
3923 | } |
3924 | |
3925 | last = param.p->type; |
3926 | } |
3927 | |
3928 | return true; |
3929 | } |
3930 | |