This source file includes following definitions.
- sctp_control_release_owner
- sctp_control_set_owner_w
- sctp_chunk_iif
- sctp_init_cause
- sctp_make_init
- sctp_make_init_ack
- sctp_make_cookie_echo
- sctp_make_cookie_ack
- sctp_make_cwr
- sctp_make_ecne
- sctp_make_datafrag_empty
- sctp_make_sack
- sctp_make_shutdown
- sctp_make_shutdown_ack
- sctp_make_shutdown_complete
- sctp_make_abort
- sctp_make_abort_no_data
- sctp_make_abort_user
- sctp_addto_param
- sctp_make_abort_violation
- sctp_make_violation_paramlen
- sctp_make_violation_max_retrans
- sctp_make_heartbeat
- sctp_make_heartbeat_ack
- sctp_make_op_error_space
- sctp_make_op_error_limited
- sctp_make_op_error
- sctp_make_auth
- sctp_chunkify
- sctp_init_addrs
- sctp_source
- _sctp_make_chunk
- sctp_make_data
- sctp_make_idata
- sctp_make_control
- sctp_chunk_destroy
- sctp_chunk_free
- sctp_chunk_hold
- sctp_chunk_put
- sctp_addto_chunk
- sctp_user_addto_chunk
- sctp_chunk_assign_ssn
- sctp_chunk_assign_tsn
- sctp_make_temp_asoc
- sctp_pack_cookie
- sctp_unpack_cookie
- sctp_process_missing_param
- sctp_process_inv_mandatory
- sctp_process_inv_paramlength
- sctp_process_hn_param
- sctp_verify_ext_param
- sctp_process_ext_param
- sctp_process_unk_param
- sctp_verify_param
- sctp_verify_init
- sctp_process_init
- sctp_process_param
- sctp_generate_tag
- sctp_generate_tsn
- sctp_make_asconf
- sctp_make_asconf_update_ip
- sctp_make_asconf_set_prim
- sctp_make_asconf_ack
- sctp_add_asconf_response
- sctp_process_asconf_param
- sctp_verify_asconf
- sctp_process_asconf
- sctp_asconf_param_success
- sctp_get_asconf_response
- sctp_process_asconf_ack
- sctp_make_fwdtsn
- sctp_make_ifwdtsn
- sctp_make_reconf
- sctp_make_strreset_req
- sctp_make_strreset_tsnreq
- sctp_make_strreset_addstrm
- sctp_make_strreset_resp
- sctp_make_strreset_tsnresp
- sctp_verify_reconf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
32
33 #include <crypto/hash.h>
34 #include <linux/types.h>
35 #include <linux/kernel.h>
36 #include <linux/ip.h>
37 #include <linux/ipv6.h>
38 #include <linux/net.h>
39 #include <linux/inet.h>
40 #include <linux/scatterlist.h>
41 #include <linux/slab.h>
42 #include <net/sock.h>
43
44 #include <linux/skbuff.h>
45 #include <linux/random.h>
46 #include <net/sctp/sctp.h>
47 #include <net/sctp/sm.h>
48
49 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc,
50 __u8 type, __u8 flags, int paylen,
51 gfp_t gfp);
52 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc,
53 __u8 flags, int paylen, gfp_t gfp);
54 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc,
55 __u8 type, __u8 flags, int paylen,
56 gfp_t gfp);
57 static struct sctp_cookie_param *sctp_pack_cookie(
58 const struct sctp_endpoint *ep,
59 const struct sctp_association *asoc,
60 const struct sctp_chunk *init_chunk,
61 int *cookie_len,
62 const __u8 *raw_addrs, int addrs_len);
63 static int sctp_process_param(struct sctp_association *asoc,
64 union sctp_params param,
65 const union sctp_addr *peer_addr,
66 gfp_t gfp);
67 static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
68 const void *data);
69
70
71 static void sctp_control_release_owner(struct sk_buff *skb)
72 {
73 struct sctp_chunk *chunk = skb_shinfo(skb)->destructor_arg;
74
75 if (chunk->shkey) {
76 struct sctp_shared_key *shkey = chunk->shkey;
77 struct sctp_association *asoc = chunk->asoc;
78
79
80
81
82
83 if (shkey->deactivated && !list_empty(&shkey->key_list) &&
84 refcount_read(&shkey->refcnt) == 2) {
85 struct sctp_ulpevent *ev;
86
87 ev = sctp_ulpevent_make_authkey(asoc, shkey->key_id,
88 SCTP_AUTH_FREE_KEY,
89 GFP_KERNEL);
90 if (ev)
91 asoc->stream.si->enqueue_event(&asoc->ulpq, ev);
92 }
93 sctp_auth_shkey_release(chunk->shkey);
94 }
95 }
96
97 static void sctp_control_set_owner_w(struct sctp_chunk *chunk)
98 {
99 struct sctp_association *asoc = chunk->asoc;
100 struct sk_buff *skb = chunk->skb;
101
102
103
104
105
106
107
108
109 if (chunk->auth) {
110 chunk->shkey = asoc->shkey;
111 sctp_auth_shkey_hold(chunk->shkey);
112 }
113 skb->sk = asoc ? asoc->base.sk : NULL;
114 skb_shinfo(skb)->destructor_arg = chunk;
115 skb->destructor = sctp_control_release_owner;
116 }
117
118
119 int sctp_chunk_iif(const struct sctp_chunk *chunk)
120 {
121 struct sk_buff *skb = chunk->skb;
122
123 return SCTP_INPUT_CB(skb)->af->skb_iif(skb);
124 }
125
126
127
128
129
130
131 static const struct sctp_paramhdr ecap_param = {
132 SCTP_PARAM_ECN_CAPABLE,
133 cpu_to_be16(sizeof(struct sctp_paramhdr)),
134 };
135 static const struct sctp_paramhdr prsctp_param = {
136 SCTP_PARAM_FWD_TSN_SUPPORT,
137 cpu_to_be16(sizeof(struct sctp_paramhdr)),
138 };
139
140
141
142
143 int sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code,
144 size_t paylen)
145 {
146 struct sctp_errhdr err;
147 __u16 len;
148
149
150 err.cause = cause_code;
151 len = sizeof(err) + paylen;
152 err.length = htons(len);
153
154 if (skb_tailroom(chunk->skb) < len)
155 return -ENOSPC;
156
157 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(err), &err);
158
159 return 0;
160 }
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
207 const struct sctp_bind_addr *bp,
208 gfp_t gfp, int vparam_len)
209 {
210 struct sctp_supported_ext_param ext_param;
211 struct sctp_adaptation_ind_param aiparam;
212 struct sctp_paramhdr *auth_chunks = NULL;
213 struct sctp_paramhdr *auth_hmacs = NULL;
214 struct sctp_supported_addrs_param sat;
215 struct sctp_endpoint *ep = asoc->ep;
216 struct sctp_chunk *retval = NULL;
217 int num_types, addrs_len = 0;
218 struct sctp_inithdr init;
219 union sctp_params addrs;
220 struct sctp_sock *sp;
221 __u8 extensions[5];
222 size_t chunksize;
223 __be16 types[2];
224 int num_ext = 0;
225
226
227
228
229
230
231
232
233 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp);
234
235 init.init_tag = htonl(asoc->c.my_vtag);
236 init.a_rwnd = htonl(asoc->rwnd);
237 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
238 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
239 init.initial_tsn = htonl(asoc->c.initial_tsn);
240
241
242 sp = sctp_sk(asoc->base.sk);
243 num_types = sp->pf->supported_addrs(sp, types);
244
245 chunksize = sizeof(init) + addrs_len;
246 chunksize += SCTP_PAD4(SCTP_SAT_LEN(num_types));
247
248 if (asoc->ep->ecn_enable)
249 chunksize += sizeof(ecap_param);
250
251 if (asoc->ep->prsctp_enable)
252 chunksize += sizeof(prsctp_param);
253
254
255
256
257
258
259 if (asoc->ep->asconf_enable) {
260 extensions[num_ext] = SCTP_CID_ASCONF;
261 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
262 num_ext += 2;
263 }
264
265 if (asoc->ep->reconf_enable) {
266 extensions[num_ext] = SCTP_CID_RECONF;
267 num_ext += 1;
268 }
269
270 if (sp->adaptation_ind)
271 chunksize += sizeof(aiparam);
272
273 if (asoc->ep->intl_enable) {
274 extensions[num_ext] = SCTP_CID_I_DATA;
275 num_ext += 1;
276 }
277
278 chunksize += vparam_len;
279
280
281 if (ep->auth_enable) {
282
283 chunksize += sizeof(asoc->c.auth_random);
284
285
286 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs;
287 if (auth_hmacs->length)
288 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length));
289 else
290 auth_hmacs = NULL;
291
292
293 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks;
294 if (auth_chunks->length)
295 chunksize += SCTP_PAD4(ntohs(auth_chunks->length));
296 else
297 auth_chunks = NULL;
298
299 extensions[num_ext] = SCTP_CID_AUTH;
300 num_ext += 1;
301 }
302
303
304 if (num_ext)
305 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext);
306
307
308
309
310
311
312
313
314
315
316
317
318
319 retval = sctp_make_control(asoc, SCTP_CID_INIT, 0, chunksize, gfp);
320 if (!retval)
321 goto nodata;
322
323 retval->subh.init_hdr =
324 sctp_addto_chunk(retval, sizeof(init), &init);
325 retval->param_hdr.v =
326 sctp_addto_chunk(retval, addrs_len, addrs.v);
327
328
329
330
331
332
333
334
335 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES;
336 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types));
337 sctp_addto_chunk(retval, sizeof(sat), &sat);
338 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types);
339
340 if (asoc->ep->ecn_enable)
341 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
342
343
344
345
346 if (num_ext) {
347 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
348 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext);
349 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param);
350 sctp_addto_param(retval, num_ext, extensions);
351 }
352
353 if (asoc->ep->prsctp_enable)
354 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
355
356 if (sp->adaptation_ind) {
357 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
358 aiparam.param_hdr.length = htons(sizeof(aiparam));
359 aiparam.adaptation_ind = htonl(sp->adaptation_ind);
360 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
361 }
362
363
364 if (ep->auth_enable) {
365 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random),
366 asoc->c.auth_random);
367 if (auth_hmacs)
368 sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
369 auth_hmacs);
370 if (auth_chunks)
371 sctp_addto_chunk(retval, ntohs(auth_chunks->length),
372 auth_chunks);
373 }
374 nodata:
375 kfree(addrs.v);
376 return retval;
377 }
378
379 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
380 const struct sctp_chunk *chunk,
381 gfp_t gfp, int unkparam_len)
382 {
383 struct sctp_supported_ext_param ext_param;
384 struct sctp_adaptation_ind_param aiparam;
385 struct sctp_paramhdr *auth_chunks = NULL;
386 struct sctp_paramhdr *auth_random = NULL;
387 struct sctp_paramhdr *auth_hmacs = NULL;
388 struct sctp_chunk *retval = NULL;
389 struct sctp_cookie_param *cookie;
390 struct sctp_inithdr initack;
391 union sctp_params addrs;
392 struct sctp_sock *sp;
393 __u8 extensions[5];
394 size_t chunksize;
395 int num_ext = 0;
396 int cookie_len;
397 int addrs_len;
398
399
400 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp);
401
402 initack.init_tag = htonl(asoc->c.my_vtag);
403 initack.a_rwnd = htonl(asoc->rwnd);
404 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
405 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
406 initack.initial_tsn = htonl(asoc->c.initial_tsn);
407
408
409
410
411 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len,
412 addrs.v, addrs_len);
413 if (!cookie)
414 goto nomem_cookie;
415
416
417
418
419 sp = sctp_sk(asoc->base.sk);
420 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len;
421
422
423 if (asoc->peer.ecn_capable)
424 chunksize += sizeof(ecap_param);
425
426 if (asoc->peer.prsctp_capable)
427 chunksize += sizeof(prsctp_param);
428
429 if (asoc->peer.asconf_capable) {
430 extensions[num_ext] = SCTP_CID_ASCONF;
431 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
432 num_ext += 2;
433 }
434
435 if (asoc->peer.reconf_capable) {
436 extensions[num_ext] = SCTP_CID_RECONF;
437 num_ext += 1;
438 }
439
440 if (sp->adaptation_ind)
441 chunksize += sizeof(aiparam);
442
443 if (asoc->peer.intl_capable) {
444 extensions[num_ext] = SCTP_CID_I_DATA;
445 num_ext += 1;
446 }
447
448 if (asoc->peer.auth_capable) {
449 auth_random = (struct sctp_paramhdr *)asoc->c.auth_random;
450 chunksize += ntohs(auth_random->length);
451
452 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs;
453 if (auth_hmacs->length)
454 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length));
455 else
456 auth_hmacs = NULL;
457
458 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks;
459 if (auth_chunks->length)
460 chunksize += SCTP_PAD4(ntohs(auth_chunks->length));
461 else
462 auth_chunks = NULL;
463
464 extensions[num_ext] = SCTP_CID_AUTH;
465 num_ext += 1;
466 }
467
468 if (num_ext)
469 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext);
470
471
472 retval = sctp_make_control(asoc, SCTP_CID_INIT_ACK, 0, chunksize, gfp);
473 if (!retval)
474 goto nomem_chunk;
475
476
477
478
479
480
481
482
483
484
485 if (chunk->transport)
486 retval->transport =
487 sctp_assoc_lookup_paddr(asoc,
488 &chunk->transport->ipaddr);
489
490 retval->subh.init_hdr =
491 sctp_addto_chunk(retval, sizeof(initack), &initack);
492 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v);
493 sctp_addto_chunk(retval, cookie_len, cookie);
494 if (asoc->peer.ecn_capable)
495 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
496 if (num_ext) {
497 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
498 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext);
499 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param);
500 sctp_addto_param(retval, num_ext, extensions);
501 }
502 if (asoc->peer.prsctp_capable)
503 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
504
505 if (sp->adaptation_ind) {
506 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
507 aiparam.param_hdr.length = htons(sizeof(aiparam));
508 aiparam.adaptation_ind = htonl(sp->adaptation_ind);
509 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
510 }
511
512 if (asoc->peer.auth_capable) {
513 sctp_addto_chunk(retval, ntohs(auth_random->length),
514 auth_random);
515 if (auth_hmacs)
516 sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
517 auth_hmacs);
518 if (auth_chunks)
519 sctp_addto_chunk(retval, ntohs(auth_chunks->length),
520 auth_chunks);
521 }
522
523
524 retval->asoc = (struct sctp_association *) asoc;
525
526 nomem_chunk:
527 kfree(cookie);
528 nomem_cookie:
529 kfree(addrs.v);
530 return retval;
531 }
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc,
568 const struct sctp_chunk *chunk)
569 {
570 struct sctp_chunk *retval;
571 int cookie_len;
572 void *cookie;
573
574 cookie = asoc->peer.cookie;
575 cookie_len = asoc->peer.cookie_len;
576
577
578 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ECHO, 0,
579 cookie_len, GFP_ATOMIC);
580 if (!retval)
581 goto nodata;
582 retval->subh.cookie_hdr =
583 sctp_addto_chunk(retval, cookie_len, cookie);
584
585
586
587
588
589
590
591
592
593
594 if (chunk)
595 retval->transport = chunk->transport;
596
597 nodata:
598 return retval;
599 }
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc,
620 const struct sctp_chunk *chunk)
621 {
622 struct sctp_chunk *retval;
623
624 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ACK, 0, 0, GFP_ATOMIC);
625
626
627
628
629
630
631
632
633
634
635 if (retval && chunk && chunk->transport)
636 retval->transport =
637 sctp_assoc_lookup_paddr(asoc,
638 &chunk->transport->ipaddr);
639
640 return retval;
641 }
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc,
667 const __u32 lowest_tsn,
668 const struct sctp_chunk *chunk)
669 {
670 struct sctp_chunk *retval;
671 struct sctp_cwrhdr cwr;
672
673 cwr.lowest_tsn = htonl(lowest_tsn);
674 retval = sctp_make_control(asoc, SCTP_CID_ECN_CWR, 0,
675 sizeof(cwr), GFP_ATOMIC);
676
677 if (!retval)
678 goto nodata;
679
680 retval->subh.ecn_cwr_hdr =
681 sctp_addto_chunk(retval, sizeof(cwr), &cwr);
682
683
684
685
686
687
688
689
690
691
692
693 if (chunk)
694 retval->transport = chunk->transport;
695
696 nodata:
697 return retval;
698 }
699
700
701 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc,
702 const __u32 lowest_tsn)
703 {
704 struct sctp_chunk *retval;
705 struct sctp_ecnehdr ecne;
706
707 ecne.lowest_tsn = htonl(lowest_tsn);
708 retval = sctp_make_control(asoc, SCTP_CID_ECN_ECNE, 0,
709 sizeof(ecne), GFP_ATOMIC);
710 if (!retval)
711 goto nodata;
712 retval->subh.ecne_hdr =
713 sctp_addto_chunk(retval, sizeof(ecne), &ecne);
714
715 nodata:
716 return retval;
717 }
718
719
720
721
722 struct sctp_chunk *sctp_make_datafrag_empty(const struct sctp_association *asoc,
723 const struct sctp_sndrcvinfo *sinfo,
724 int len, __u8 flags, gfp_t gfp)
725 {
726 struct sctp_chunk *retval;
727 struct sctp_datahdr dp;
728
729
730
731
732 memset(&dp, 0, sizeof(dp));
733 dp.ppid = sinfo->sinfo_ppid;
734 dp.stream = htons(sinfo->sinfo_stream);
735
736
737 if (sinfo->sinfo_flags & SCTP_UNORDERED)
738 flags |= SCTP_DATA_UNORDERED;
739
740 retval = sctp_make_data(asoc, flags, sizeof(dp) + len, gfp);
741 if (!retval)
742 return NULL;
743
744 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp);
745 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo));
746
747 return retval;
748 }
749
750
751
752
753
754 struct sctp_chunk *sctp_make_sack(struct sctp_association *asoc)
755 {
756 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
757 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS];
758 __u16 num_gabs, num_dup_tsns;
759 struct sctp_transport *trans;
760 struct sctp_chunk *retval;
761 struct sctp_sackhdr sack;
762 __u32 ctsn;
763 int len;
764
765 memset(gabs, 0, sizeof(gabs));
766 ctsn = sctp_tsnmap_get_ctsn(map);
767
768 pr_debug("%s: sackCTSNAck sent:0x%x\n", __func__, ctsn);
769
770
771 num_gabs = sctp_tsnmap_num_gabs(map, gabs);
772 num_dup_tsns = sctp_tsnmap_num_dups(map);
773
774
775 sack.cum_tsn_ack = htonl(ctsn);
776 sack.a_rwnd = htonl(asoc->a_rwnd);
777 sack.num_gap_ack_blocks = htons(num_gabs);
778 sack.num_dup_tsns = htons(num_dup_tsns);
779
780 len = sizeof(sack)
781 + sizeof(struct sctp_gap_ack_block) * num_gabs
782 + sizeof(__u32) * num_dup_tsns;
783
784
785 retval = sctp_make_control(asoc, SCTP_CID_SACK, 0, len, GFP_ATOMIC);
786 if (!retval)
787 goto nodata;
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819 retval->transport = asoc->peer.last_data_from;
820
821 retval->subh.sack_hdr =
822 sctp_addto_chunk(retval, sizeof(sack), &sack);
823
824
825 if (num_gabs)
826 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs,
827 gabs);
828
829
830 if (num_dup_tsns) {
831 asoc->stats.idupchunks += num_dup_tsns;
832 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns,
833 sctp_tsnmap_get_dups(map));
834 }
835
836
837
838
839
840
841
842
843 if (++asoc->peer.sack_generation == 0) {
844 list_for_each_entry(trans, &asoc->peer.transport_addr_list,
845 transports)
846 trans->sack_generation = 0;
847 asoc->peer.sack_generation = 1;
848 }
849 nodata:
850 return retval;
851 }
852
853
854 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc,
855 const struct sctp_chunk *chunk)
856 {
857 struct sctp_shutdownhdr shut;
858 struct sctp_chunk *retval;
859 __u32 ctsn;
860
861 if (chunk && chunk->asoc)
862 ctsn = sctp_tsnmap_get_ctsn(&chunk->asoc->peer.tsn_map);
863 else
864 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map);
865
866 shut.cum_tsn_ack = htonl(ctsn);
867
868 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN, 0,
869 sizeof(shut), GFP_ATOMIC);
870 if (!retval)
871 goto nodata;
872
873 retval->subh.shutdown_hdr =
874 sctp_addto_chunk(retval, sizeof(shut), &shut);
875
876 if (chunk)
877 retval->transport = chunk->transport;
878 nodata:
879 return retval;
880 }
881
882 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc,
883 const struct sctp_chunk *chunk)
884 {
885 struct sctp_chunk *retval;
886
887 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0,
888 GFP_ATOMIC);
889
890
891
892
893
894
895
896
897
898
899 if (retval && chunk)
900 retval->transport = chunk->transport;
901
902 return retval;
903 }
904
905 struct sctp_chunk *sctp_make_shutdown_complete(
906 const struct sctp_association *asoc,
907 const struct sctp_chunk *chunk)
908 {
909 struct sctp_chunk *retval;
910 __u8 flags = 0;
911
912
913
914
915 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T;
916
917 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags,
918 0, GFP_ATOMIC);
919
920
921
922
923
924
925
926
927
928
929
930 if (retval && chunk)
931 retval->transport = chunk->transport;
932
933 return retval;
934 }
935
936
937
938
939 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc,
940 const struct sctp_chunk *chunk,
941 const size_t hint)
942 {
943 struct sctp_chunk *retval;
944 __u8 flags = 0;
945
946
947
948
949 if (!asoc) {
950 if (chunk && chunk->chunk_hdr &&
951 chunk->chunk_hdr->type == SCTP_CID_INIT)
952 flags = 0;
953 else
954 flags = SCTP_CHUNK_FLAG_T;
955 }
956
957 retval = sctp_make_control(asoc, SCTP_CID_ABORT, flags, hint,
958 GFP_ATOMIC);
959
960
961
962
963
964
965
966
967
968
969 if (retval && chunk)
970 retval->transport = chunk->transport;
971
972 return retval;
973 }
974
975
976 struct sctp_chunk *sctp_make_abort_no_data(
977 const struct sctp_association *asoc,
978 const struct sctp_chunk *chunk,
979 __u32 tsn)
980 {
981 struct sctp_chunk *retval;
982 __be32 payload;
983
984 retval = sctp_make_abort(asoc, chunk,
985 sizeof(struct sctp_errhdr) + sizeof(tsn));
986
987 if (!retval)
988 goto no_mem;
989
990
991 payload = htonl(tsn);
992 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload));
993 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload);
994
995
996
997
998
999
1000
1001
1002
1003
1004 if (chunk)
1005 retval->transport = chunk->transport;
1006
1007 no_mem:
1008 return retval;
1009 }
1010
1011
1012 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc,
1013 struct msghdr *msg,
1014 size_t paylen)
1015 {
1016 struct sctp_chunk *retval;
1017 void *payload = NULL;
1018 int err;
1019
1020 retval = sctp_make_abort(asoc, NULL,
1021 sizeof(struct sctp_errhdr) + paylen);
1022 if (!retval)
1023 goto err_chunk;
1024
1025 if (paylen) {
1026
1027 payload = kmalloc(paylen, GFP_KERNEL);
1028 if (!payload)
1029 goto err_payload;
1030
1031 err = memcpy_from_msg(payload, msg, paylen);
1032 if (err < 0)
1033 goto err_copy;
1034 }
1035
1036 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen);
1037 sctp_addto_chunk(retval, paylen, payload);
1038
1039 if (paylen)
1040 kfree(payload);
1041
1042 return retval;
1043
1044 err_copy:
1045 kfree(payload);
1046 err_payload:
1047 sctp_chunk_free(retval);
1048 retval = NULL;
1049 err_chunk:
1050 return retval;
1051 }
1052
1053
1054
1055
1056 static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
1057 const void *data)
1058 {
1059 int chunklen = ntohs(chunk->chunk_hdr->length);
1060 void *target;
1061
1062 target = skb_put(chunk->skb, len);
1063
1064 if (data)
1065 memcpy(target, data, len);
1066 else
1067 memset(target, 0, len);
1068
1069
1070 chunk->chunk_hdr->length = htons(chunklen + len);
1071 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1072
1073 return target;
1074 }
1075
1076
1077 struct sctp_chunk *sctp_make_abort_violation(
1078 const struct sctp_association *asoc,
1079 const struct sctp_chunk *chunk,
1080 const __u8 *payload,
1081 const size_t paylen)
1082 {
1083 struct sctp_chunk *retval;
1084 struct sctp_paramhdr phdr;
1085
1086 retval = sctp_make_abort(asoc, chunk, sizeof(struct sctp_errhdr) +
1087 paylen + sizeof(phdr));
1088 if (!retval)
1089 goto end;
1090
1091 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen +
1092 sizeof(phdr));
1093
1094 phdr.type = htons(chunk->chunk_hdr->type);
1095 phdr.length = chunk->chunk_hdr->length;
1096 sctp_addto_chunk(retval, paylen, payload);
1097 sctp_addto_param(retval, sizeof(phdr), &phdr);
1098
1099 end:
1100 return retval;
1101 }
1102
1103 struct sctp_chunk *sctp_make_violation_paramlen(
1104 const struct sctp_association *asoc,
1105 const struct sctp_chunk *chunk,
1106 struct sctp_paramhdr *param)
1107 {
1108 static const char error[] = "The following parameter had invalid length:";
1109 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr) +
1110 sizeof(*param);
1111 struct sctp_chunk *retval;
1112
1113 retval = sctp_make_abort(asoc, chunk, payload_len);
1114 if (!retval)
1115 goto nodata;
1116
1117 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION,
1118 sizeof(error) + sizeof(*param));
1119 sctp_addto_chunk(retval, sizeof(error), error);
1120 sctp_addto_param(retval, sizeof(*param), param);
1121
1122 nodata:
1123 return retval;
1124 }
1125
1126 struct sctp_chunk *sctp_make_violation_max_retrans(
1127 const struct sctp_association *asoc,
1128 const struct sctp_chunk *chunk)
1129 {
1130 static const char error[] = "Association exceeded its max_retrans count";
1131 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr);
1132 struct sctp_chunk *retval;
1133
1134 retval = sctp_make_abort(asoc, chunk, payload_len);
1135 if (!retval)
1136 goto nodata;
1137
1138 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error));
1139 sctp_addto_chunk(retval, sizeof(error), error);
1140
1141 nodata:
1142 return retval;
1143 }
1144
1145
1146 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc,
1147 const struct sctp_transport *transport)
1148 {
1149 struct sctp_sender_hb_info hbinfo;
1150 struct sctp_chunk *retval;
1151
1152 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT, 0,
1153 sizeof(hbinfo), GFP_ATOMIC);
1154
1155 if (!retval)
1156 goto nodata;
1157
1158 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO;
1159 hbinfo.param_hdr.length = htons(sizeof(hbinfo));
1160 hbinfo.daddr = transport->ipaddr;
1161 hbinfo.sent_at = jiffies;
1162 hbinfo.hb_nonce = transport->hb_nonce;
1163
1164
1165
1166
1167 retval->transport = (struct sctp_transport *) transport;
1168 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo),
1169 &hbinfo);
1170
1171 nodata:
1172 return retval;
1173 }
1174
1175 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc,
1176 const struct sctp_chunk *chunk,
1177 const void *payload,
1178 const size_t paylen)
1179 {
1180 struct sctp_chunk *retval;
1181
1182 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen,
1183 GFP_ATOMIC);
1184 if (!retval)
1185 goto nodata;
1186
1187 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload);
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198 if (chunk)
1199 retval->transport = chunk->transport;
1200
1201 nodata:
1202 return retval;
1203 }
1204
1205
1206
1207
1208 static struct sctp_chunk *sctp_make_op_error_space(
1209 const struct sctp_association *asoc,
1210 const struct sctp_chunk *chunk,
1211 size_t size)
1212 {
1213 struct sctp_chunk *retval;
1214
1215 retval = sctp_make_control(asoc, SCTP_CID_ERROR, 0,
1216 sizeof(struct sctp_errhdr) + size,
1217 GFP_ATOMIC);
1218 if (!retval)
1219 goto nodata;
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229 if (chunk)
1230 retval->transport = chunk->transport;
1231
1232 nodata:
1233 return retval;
1234 }
1235
1236
1237
1238
1239
1240
1241
1242
1243 static inline struct sctp_chunk *sctp_make_op_error_limited(
1244 const struct sctp_association *asoc,
1245 const struct sctp_chunk *chunk)
1246 {
1247 size_t size = SCTP_DEFAULT_MAXSEGMENT;
1248 struct sctp_sock *sp = NULL;
1249
1250 if (asoc) {
1251 size = min_t(size_t, size, asoc->pathmtu);
1252 sp = sctp_sk(asoc->base.sk);
1253 }
1254
1255 size = sctp_mtu_payload(sp, size, sizeof(struct sctp_errhdr));
1256
1257 return sctp_make_op_error_space(asoc, chunk, size);
1258 }
1259
1260
1261 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc,
1262 const struct sctp_chunk *chunk,
1263 __be16 cause_code, const void *payload,
1264 size_t paylen, size_t reserve_tail)
1265 {
1266 struct sctp_chunk *retval;
1267
1268 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail);
1269 if (!retval)
1270 goto nodata;
1271
1272 sctp_init_cause(retval, cause_code, paylen + reserve_tail);
1273 sctp_addto_chunk(retval, paylen, payload);
1274 if (reserve_tail)
1275 sctp_addto_param(retval, reserve_tail, NULL);
1276
1277 nodata:
1278 return retval;
1279 }
1280
1281 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc,
1282 __u16 key_id)
1283 {
1284 struct sctp_authhdr auth_hdr;
1285 struct sctp_hmac *hmac_desc;
1286 struct sctp_chunk *retval;
1287
1288
1289 hmac_desc = sctp_auth_asoc_get_hmac(asoc);
1290 if (unlikely(!hmac_desc))
1291 return NULL;
1292
1293 retval = sctp_make_control(asoc, SCTP_CID_AUTH, 0,
1294 hmac_desc->hmac_len + sizeof(auth_hdr),
1295 GFP_ATOMIC);
1296 if (!retval)
1297 return NULL;
1298
1299 auth_hdr.hmac_id = htons(hmac_desc->hmac_id);
1300 auth_hdr.shkey_id = htons(key_id);
1301
1302 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(auth_hdr),
1303 &auth_hdr);
1304
1305 skb_put_zero(retval->skb, hmac_desc->hmac_len);
1306
1307
1308 retval->chunk_hdr->length =
1309 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len);
1310 retval->chunk_end = skb_tail_pointer(retval->skb);
1311
1312 return retval;
1313 }
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb,
1331 const struct sctp_association *asoc,
1332 struct sock *sk, gfp_t gfp)
1333 {
1334 struct sctp_chunk *retval;
1335
1336 retval = kmem_cache_zalloc(sctp_chunk_cachep, gfp);
1337
1338 if (!retval)
1339 goto nodata;
1340 if (!sk)
1341 pr_debug("%s: chunkifying skb:%p w/o an sk\n", __func__, skb);
1342
1343 INIT_LIST_HEAD(&retval->list);
1344 retval->skb = skb;
1345 retval->asoc = (struct sctp_association *)asoc;
1346 retval->singleton = 1;
1347
1348 retval->fast_retransmit = SCTP_CAN_FRTX;
1349
1350
1351 INIT_LIST_HEAD(&retval->transmitted_list);
1352 INIT_LIST_HEAD(&retval->frag_list);
1353 SCTP_DBG_OBJCNT_INC(chunk);
1354 refcount_set(&retval->refcnt, 1);
1355
1356 nodata:
1357 return retval;
1358 }
1359
1360
1361 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src,
1362 union sctp_addr *dest)
1363 {
1364 memcpy(&chunk->source, src, sizeof(union sctp_addr));
1365 memcpy(&chunk->dest, dest, sizeof(union sctp_addr));
1366 }
1367
1368
1369 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk)
1370 {
1371
1372 if (chunk->transport) {
1373 return &chunk->transport->ipaddr;
1374 } else {
1375
1376 return &chunk->source;
1377 }
1378 }
1379
1380
1381
1382
1383 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc,
1384 __u8 type, __u8 flags, int paylen,
1385 gfp_t gfp)
1386 {
1387 struct sctp_chunkhdr *chunk_hdr;
1388 struct sctp_chunk *retval;
1389 struct sk_buff *skb;
1390 struct sock *sk;
1391 int chunklen;
1392
1393 chunklen = SCTP_PAD4(sizeof(*chunk_hdr) + paylen);
1394 if (chunklen > SCTP_MAX_CHUNK_LEN)
1395 goto nodata;
1396
1397
1398 skb = alloc_skb(chunklen, gfp);
1399 if (!skb)
1400 goto nodata;
1401
1402
1403 chunk_hdr = (struct sctp_chunkhdr *)skb_put(skb, sizeof(*chunk_hdr));
1404 chunk_hdr->type = type;
1405 chunk_hdr->flags = flags;
1406 chunk_hdr->length = htons(sizeof(*chunk_hdr));
1407
1408 sk = asoc ? asoc->base.sk : NULL;
1409 retval = sctp_chunkify(skb, asoc, sk, gfp);
1410 if (!retval) {
1411 kfree_skb(skb);
1412 goto nodata;
1413 }
1414
1415 retval->chunk_hdr = chunk_hdr;
1416 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(*chunk_hdr);
1417
1418
1419 if (sctp_auth_send_cid(type, asoc))
1420 retval->auth = 1;
1421
1422 return retval;
1423 nodata:
1424 return NULL;
1425 }
1426
1427 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc,
1428 __u8 flags, int paylen, gfp_t gfp)
1429 {
1430 return _sctp_make_chunk(asoc, SCTP_CID_DATA, flags, paylen, gfp);
1431 }
1432
1433 struct sctp_chunk *sctp_make_idata(const struct sctp_association *asoc,
1434 __u8 flags, int paylen, gfp_t gfp)
1435 {
1436 return _sctp_make_chunk(asoc, SCTP_CID_I_DATA, flags, paylen, gfp);
1437 }
1438
1439 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc,
1440 __u8 type, __u8 flags, int paylen,
1441 gfp_t gfp)
1442 {
1443 struct sctp_chunk *chunk;
1444
1445 chunk = _sctp_make_chunk(asoc, type, flags, paylen, gfp);
1446 if (chunk)
1447 sctp_control_set_owner_w(chunk);
1448
1449 return chunk;
1450 }
1451
1452
1453 static void sctp_chunk_destroy(struct sctp_chunk *chunk)
1454 {
1455 BUG_ON(!list_empty(&chunk->list));
1456 list_del_init(&chunk->transmitted_list);
1457
1458 consume_skb(chunk->skb);
1459 consume_skb(chunk->auth_chunk);
1460
1461 SCTP_DBG_OBJCNT_DEC(chunk);
1462 kmem_cache_free(sctp_chunk_cachep, chunk);
1463 }
1464
1465
1466 void sctp_chunk_free(struct sctp_chunk *chunk)
1467 {
1468
1469 if (chunk->msg)
1470 sctp_datamsg_put(chunk->msg);
1471
1472 sctp_chunk_put(chunk);
1473 }
1474
1475
1476 void sctp_chunk_hold(struct sctp_chunk *ch)
1477 {
1478 refcount_inc(&ch->refcnt);
1479 }
1480
1481
1482 void sctp_chunk_put(struct sctp_chunk *ch)
1483 {
1484 if (refcount_dec_and_test(&ch->refcnt))
1485 sctp_chunk_destroy(ch);
1486 }
1487
1488
1489
1490
1491 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data)
1492 {
1493 int chunklen = ntohs(chunk->chunk_hdr->length);
1494 int padlen = SCTP_PAD4(chunklen) - chunklen;
1495 void *target;
1496
1497 skb_put_zero(chunk->skb, padlen);
1498 target = skb_put_data(chunk->skb, data, len);
1499
1500
1501 chunk->chunk_hdr->length = htons(chunklen + padlen + len);
1502 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1503
1504 return target;
1505 }
1506
1507
1508
1509
1510
1511 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int len,
1512 struct iov_iter *from)
1513 {
1514 void *target;
1515
1516
1517 target = skb_put(chunk->skb, len);
1518
1519
1520 if (!copy_from_iter_full(target, len, from))
1521 return -EFAULT;
1522
1523
1524 chunk->chunk_hdr->length =
1525 htons(ntohs(chunk->chunk_hdr->length) + len);
1526 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1527
1528 return 0;
1529 }
1530
1531
1532
1533
1534 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk)
1535 {
1536 struct sctp_stream *stream;
1537 struct sctp_chunk *lchunk;
1538 struct sctp_datamsg *msg;
1539 __u16 ssn, sid;
1540
1541 if (chunk->has_ssn)
1542 return;
1543
1544
1545 sid = ntohs(chunk->subh.data_hdr->stream);
1546 stream = &chunk->asoc->stream;
1547
1548
1549
1550
1551 msg = chunk->msg;
1552 list_for_each_entry(lchunk, &msg->chunks, frag_list) {
1553 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) {
1554 ssn = 0;
1555 } else {
1556 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG)
1557 ssn = sctp_ssn_next(stream, out, sid);
1558 else
1559 ssn = sctp_ssn_peek(stream, out, sid);
1560 }
1561
1562 lchunk->subh.data_hdr->ssn = htons(ssn);
1563 lchunk->has_ssn = 1;
1564 }
1565 }
1566
1567
1568
1569
1570 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk)
1571 {
1572 if (!chunk->has_tsn) {
1573
1574
1575
1576 chunk->subh.data_hdr->tsn =
1577 htonl(sctp_association_get_next_tsn(chunk->asoc));
1578 chunk->has_tsn = 1;
1579 }
1580 }
1581
1582
1583 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep,
1584 struct sctp_chunk *chunk,
1585 gfp_t gfp)
1586 {
1587 struct sctp_association *asoc;
1588 enum sctp_scope scope;
1589 struct sk_buff *skb;
1590
1591
1592 scope = sctp_scope(sctp_source(chunk));
1593 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp);
1594 if (!asoc)
1595 goto nodata;
1596 asoc->temp = 1;
1597 skb = chunk->skb;
1598
1599 SCTP_INPUT_CB(skb)->af->from_skb(&asoc->c.peer_addr, skb, 1);
1600
1601 nodata:
1602 return asoc;
1603 }
1604
1605
1606
1607
1608 static struct sctp_cookie_param *sctp_pack_cookie(
1609 const struct sctp_endpoint *ep,
1610 const struct sctp_association *asoc,
1611 const struct sctp_chunk *init_chunk,
1612 int *cookie_len, const __u8 *raw_addrs,
1613 int addrs_len)
1614 {
1615 struct sctp_signed_cookie *cookie;
1616 struct sctp_cookie_param *retval;
1617 int headersize, bodysize;
1618
1619
1620
1621
1622 headersize = sizeof(struct sctp_paramhdr) +
1623 (sizeof(struct sctp_signed_cookie) -
1624 sizeof(struct sctp_cookie));
1625 bodysize = sizeof(struct sctp_cookie)
1626 + ntohs(init_chunk->chunk_hdr->length) + addrs_len;
1627
1628
1629
1630
1631 if (bodysize % SCTP_COOKIE_MULTIPLE)
1632 bodysize += SCTP_COOKIE_MULTIPLE
1633 - (bodysize % SCTP_COOKIE_MULTIPLE);
1634 *cookie_len = headersize + bodysize;
1635
1636
1637
1638
1639 retval = kzalloc(*cookie_len, GFP_ATOMIC);
1640 if (!retval)
1641 goto nodata;
1642
1643 cookie = (struct sctp_signed_cookie *) retval->body;
1644
1645
1646 retval->p.type = SCTP_PARAM_STATE_COOKIE;
1647 retval->p.length = htons(*cookie_len);
1648
1649
1650 cookie->c = asoc->c;
1651
1652 cookie->c.raw_addr_list_len = addrs_len;
1653
1654
1655 cookie->c.prsctp_capable = asoc->peer.prsctp_capable;
1656
1657
1658 cookie->c.adaptation_ind = asoc->peer.adaptation_ind;
1659
1660
1661 cookie->c.expiration = ktime_add(asoc->cookie_life,
1662 ktime_get_real());
1663
1664
1665 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr,
1666 ntohs(init_chunk->chunk_hdr->length));
1667
1668
1669 memcpy((__u8 *)&cookie->c.peer_init[0] +
1670 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len);
1671
1672 if (sctp_sk(ep->base.sk)->hmac) {
1673 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac);
1674 int err;
1675
1676
1677 desc->tfm = sctp_sk(ep->base.sk)->hmac;
1678
1679 err = crypto_shash_setkey(desc->tfm, ep->secret_key,
1680 sizeof(ep->secret_key)) ?:
1681 crypto_shash_digest(desc, (u8 *)&cookie->c, bodysize,
1682 cookie->signature);
1683 shash_desc_zero(desc);
1684 if (err)
1685 goto free_cookie;
1686 }
1687
1688 return retval;
1689
1690 free_cookie:
1691 kfree(retval);
1692 nodata:
1693 *cookie_len = 0;
1694 return NULL;
1695 }
1696
1697
1698 struct sctp_association *sctp_unpack_cookie(
1699 const struct sctp_endpoint *ep,
1700 const struct sctp_association *asoc,
1701 struct sctp_chunk *chunk, gfp_t gfp,
1702 int *error, struct sctp_chunk **errp)
1703 {
1704 struct sctp_association *retval = NULL;
1705 int headersize, bodysize, fixed_size;
1706 struct sctp_signed_cookie *cookie;
1707 struct sk_buff *skb = chunk->skb;
1708 struct sctp_cookie *bear_cookie;
1709 __u8 *digest = ep->digest;
1710 enum sctp_scope scope;
1711 unsigned int len;
1712 ktime_t kt;
1713
1714
1715
1716
1717 headersize = sizeof(struct sctp_chunkhdr) +
1718 (sizeof(struct sctp_signed_cookie) -
1719 sizeof(struct sctp_cookie));
1720 bodysize = ntohs(chunk->chunk_hdr->length) - headersize;
1721 fixed_size = headersize + sizeof(struct sctp_cookie);
1722
1723
1724
1725
1726
1727 len = ntohs(chunk->chunk_hdr->length);
1728 if (len < fixed_size + sizeof(struct sctp_chunkhdr))
1729 goto malformed;
1730
1731
1732 if (bodysize % SCTP_COOKIE_MULTIPLE)
1733 goto malformed;
1734
1735
1736 cookie = chunk->subh.cookie_hdr;
1737 bear_cookie = &cookie->c;
1738
1739 if (!sctp_sk(ep->base.sk)->hmac)
1740 goto no_hmac;
1741
1742
1743 {
1744 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac);
1745 int err;
1746
1747 desc->tfm = sctp_sk(ep->base.sk)->hmac;
1748
1749 err = crypto_shash_setkey(desc->tfm, ep->secret_key,
1750 sizeof(ep->secret_key)) ?:
1751 crypto_shash_digest(desc, (u8 *)bear_cookie, bodysize,
1752 digest);
1753 shash_desc_zero(desc);
1754
1755 if (err) {
1756 *error = -SCTP_IERROR_NOMEM;
1757 goto fail;
1758 }
1759 }
1760
1761 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
1762 *error = -SCTP_IERROR_BAD_SIG;
1763 goto fail;
1764 }
1765
1766 no_hmac:
1767
1768
1769
1770
1771
1772
1773
1774 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) {
1775 *error = -SCTP_IERROR_BAD_TAG;
1776 goto fail;
1777 }
1778
1779 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port ||
1780 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) {
1781 *error = -SCTP_IERROR_BAD_PORTS;
1782 goto fail;
1783 }
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP))
1794 kt = skb_get_ktime(skb);
1795 else
1796 kt = ktime_get_real();
1797
1798 if (!asoc && ktime_before(bear_cookie->expiration, kt)) {
1799 suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration));
1800 __be32 n = htonl(usecs);
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810 *errp = sctp_make_op_error(asoc, chunk,
1811 SCTP_ERROR_STALE_COOKIE, &n,
1812 sizeof(n), 0);
1813 if (*errp)
1814 *error = -SCTP_IERROR_STALE_COOKIE;
1815 else
1816 *error = -SCTP_IERROR_NOMEM;
1817
1818 goto fail;
1819 }
1820
1821
1822 scope = sctp_scope(sctp_source(chunk));
1823 retval = sctp_association_new(ep, ep->base.sk, scope, gfp);
1824 if (!retval) {
1825 *error = -SCTP_IERROR_NOMEM;
1826 goto fail;
1827 }
1828
1829
1830 retval->peer.port = ntohs(chunk->sctp_hdr->source);
1831
1832
1833 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie));
1834
1835 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie,
1836 GFP_ATOMIC) < 0) {
1837 *error = -SCTP_IERROR_NOMEM;
1838 goto fail;
1839 }
1840
1841
1842 if (list_empty(&retval->base.bind_addr.address_list)) {
1843 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest,
1844 sizeof(chunk->dest), SCTP_ADDR_SRC,
1845 GFP_ATOMIC);
1846 }
1847
1848 retval->next_tsn = retval->c.initial_tsn;
1849 retval->ctsn_ack_point = retval->next_tsn - 1;
1850 retval->addip_serial = retval->c.initial_tsn;
1851 retval->strreset_outseq = retval->c.initial_tsn;
1852 retval->adv_peer_ack_point = retval->ctsn_ack_point;
1853 retval->peer.prsctp_capable = retval->c.prsctp_capable;
1854 retval->peer.adaptation_ind = retval->c.adaptation_ind;
1855
1856
1857 return retval;
1858
1859 fail:
1860 if (retval)
1861 sctp_association_free(retval);
1862
1863 return NULL;
1864
1865 malformed:
1866
1867
1868
1869 *error = -SCTP_IERROR_MALFORMED;
1870 goto fail;
1871 }
1872
1873
1874
1875
1876
1877 struct __sctp_missing {
1878 __be32 num_missing;
1879 __be16 type;
1880 } __packed;
1881
1882
1883
1884
1885 static int sctp_process_missing_param(const struct sctp_association *asoc,
1886 enum sctp_param paramtype,
1887 struct sctp_chunk *chunk,
1888 struct sctp_chunk **errp)
1889 {
1890 struct __sctp_missing report;
1891 __u16 len;
1892
1893 len = SCTP_PAD4(sizeof(report));
1894
1895
1896
1897
1898 if (!*errp)
1899 *errp = sctp_make_op_error_space(asoc, chunk, len);
1900
1901 if (*errp) {
1902 report.num_missing = htonl(1);
1903 report.type = paramtype;
1904 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM,
1905 sizeof(report));
1906 sctp_addto_chunk(*errp, sizeof(report), &report);
1907 }
1908
1909
1910 return 0;
1911 }
1912
1913
1914 static int sctp_process_inv_mandatory(const struct sctp_association *asoc,
1915 struct sctp_chunk *chunk,
1916 struct sctp_chunk **errp)
1917 {
1918
1919
1920 if (!*errp)
1921 *errp = sctp_make_op_error_space(asoc, chunk, 0);
1922
1923 if (*errp)
1924 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0);
1925
1926
1927 return 0;
1928 }
1929
1930 static int sctp_process_inv_paramlength(const struct sctp_association *asoc,
1931 struct sctp_paramhdr *param,
1932 const struct sctp_chunk *chunk,
1933 struct sctp_chunk **errp)
1934 {
1935
1936
1937
1938 if (*errp)
1939 sctp_chunk_free(*errp);
1940
1941
1942 *errp = sctp_make_violation_paramlen(asoc, chunk, param);
1943
1944 return 0;
1945 }
1946
1947
1948
1949
1950
1951 static int sctp_process_hn_param(const struct sctp_association *asoc,
1952 union sctp_params param,
1953 struct sctp_chunk *chunk,
1954 struct sctp_chunk **errp)
1955 {
1956 __u16 len = ntohs(param.p->length);
1957
1958
1959
1960
1961
1962
1963 if (*errp)
1964 sctp_chunk_free(*errp);
1965
1966 *errp = sctp_make_op_error(asoc, chunk, SCTP_ERROR_DNS_FAILED,
1967 param.v, len, 0);
1968
1969
1970 return 0;
1971 }
1972
1973 static int sctp_verify_ext_param(struct net *net,
1974 const struct sctp_endpoint *ep,
1975 union sctp_params param)
1976 {
1977 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
1978 int have_asconf = 0;
1979 int have_auth = 0;
1980 int i;
1981
1982 for (i = 0; i < num_ext; i++) {
1983 switch (param.ext->chunks[i]) {
1984 case SCTP_CID_AUTH:
1985 have_auth = 1;
1986 break;
1987 case SCTP_CID_ASCONF:
1988 case SCTP_CID_ASCONF_ACK:
1989 have_asconf = 1;
1990 break;
1991 }
1992 }
1993
1994
1995
1996
1997
1998
1999 if (net->sctp.addip_noauth)
2000 return 1;
2001
2002 if (ep->asconf_enable && !have_auth && have_asconf)
2003 return 0;
2004
2005 return 1;
2006 }
2007
2008 static void sctp_process_ext_param(struct sctp_association *asoc,
2009 union sctp_params param)
2010 {
2011 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
2012 int i;
2013
2014 for (i = 0; i < num_ext; i++) {
2015 switch (param.ext->chunks[i]) {
2016 case SCTP_CID_RECONF:
2017 if (asoc->ep->reconf_enable)
2018 asoc->peer.reconf_capable = 1;
2019 break;
2020 case SCTP_CID_FWD_TSN:
2021 if (asoc->ep->prsctp_enable)
2022 asoc->peer.prsctp_capable = 1;
2023 break;
2024 case SCTP_CID_AUTH:
2025
2026
2027
2028 if (asoc->ep->auth_enable)
2029 asoc->peer.auth_capable = 1;
2030 break;
2031 case SCTP_CID_ASCONF:
2032 case SCTP_CID_ASCONF_ACK:
2033 if (asoc->ep->asconf_enable)
2034 asoc->peer.asconf_capable = 1;
2035 break;
2036 case SCTP_CID_I_DATA:
2037 if (asoc->ep->intl_enable)
2038 asoc->peer.intl_capable = 1;
2039 break;
2040 default:
2041 break;
2042 }
2043 }
2044 }
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071 static enum sctp_ierror sctp_process_unk_param(
2072 const struct sctp_association *asoc,
2073 union sctp_params param,
2074 struct sctp_chunk *chunk,
2075 struct sctp_chunk **errp)
2076 {
2077 int retval = SCTP_IERROR_NO_ERROR;
2078
2079 switch (param.p->type & SCTP_PARAM_ACTION_MASK) {
2080 case SCTP_PARAM_ACTION_DISCARD:
2081 retval = SCTP_IERROR_ERROR;
2082 break;
2083 case SCTP_PARAM_ACTION_SKIP:
2084 break;
2085 case SCTP_PARAM_ACTION_DISCARD_ERR:
2086 retval = SCTP_IERROR_ERROR;
2087
2088 case SCTP_PARAM_ACTION_SKIP_ERR:
2089
2090
2091
2092 if (!*errp) {
2093 *errp = sctp_make_op_error_limited(asoc, chunk);
2094 if (!*errp) {
2095
2096
2097
2098
2099
2100 retval = SCTP_IERROR_NOMEM;
2101 break;
2102 }
2103 }
2104
2105 if (!sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM,
2106 ntohs(param.p->length)))
2107 sctp_addto_chunk(*errp, ntohs(param.p->length),
2108 param.v);
2109 break;
2110 default:
2111 break;
2112 }
2113
2114 return retval;
2115 }
2116
2117
2118
2119
2120
2121
2122
2123
2124 static enum sctp_ierror sctp_verify_param(struct net *net,
2125 const struct sctp_endpoint *ep,
2126 const struct sctp_association *asoc,
2127 union sctp_params param,
2128 enum sctp_cid cid,
2129 struct sctp_chunk *chunk,
2130 struct sctp_chunk **err_chunk)
2131 {
2132 struct sctp_hmac_algo_param *hmacs;
2133 int retval = SCTP_IERROR_NO_ERROR;
2134 __u16 n_elt, id = 0;
2135 int i;
2136
2137
2138
2139
2140
2141
2142 switch (param.p->type) {
2143 case SCTP_PARAM_IPV4_ADDRESS:
2144 case SCTP_PARAM_IPV6_ADDRESS:
2145 case SCTP_PARAM_COOKIE_PRESERVATIVE:
2146 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2147 case SCTP_PARAM_STATE_COOKIE:
2148 case SCTP_PARAM_HEARTBEAT_INFO:
2149 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2150 case SCTP_PARAM_ECN_CAPABLE:
2151 case SCTP_PARAM_ADAPTATION_LAYER_IND:
2152 break;
2153
2154 case SCTP_PARAM_SUPPORTED_EXT:
2155 if (!sctp_verify_ext_param(net, ep, param))
2156 return SCTP_IERROR_ABORT;
2157 break;
2158
2159 case SCTP_PARAM_SET_PRIMARY:
2160 if (ep->asconf_enable)
2161 break;
2162 goto unhandled;
2163
2164 case SCTP_PARAM_HOST_NAME_ADDRESS:
2165
2166 sctp_process_hn_param(asoc, param, chunk, err_chunk);
2167 retval = SCTP_IERROR_ABORT;
2168 break;
2169
2170 case SCTP_PARAM_FWD_TSN_SUPPORT:
2171 if (ep->prsctp_enable)
2172 break;
2173 goto unhandled;
2174
2175 case SCTP_PARAM_RANDOM:
2176 if (!ep->auth_enable)
2177 goto unhandled;
2178
2179
2180
2181
2182
2183
2184 if (SCTP_AUTH_RANDOM_LENGTH != ntohs(param.p->length) -
2185 sizeof(struct sctp_paramhdr)) {
2186 sctp_process_inv_paramlength(asoc, param.p,
2187 chunk, err_chunk);
2188 retval = SCTP_IERROR_ABORT;
2189 }
2190 break;
2191
2192 case SCTP_PARAM_CHUNKS:
2193 if (!ep->auth_enable)
2194 goto unhandled;
2195
2196
2197
2198
2199
2200
2201 if (260 < ntohs(param.p->length)) {
2202 sctp_process_inv_paramlength(asoc, param.p,
2203 chunk, err_chunk);
2204 retval = SCTP_IERROR_ABORT;
2205 }
2206 break;
2207
2208 case SCTP_PARAM_HMAC_ALGO:
2209 if (!ep->auth_enable)
2210 goto unhandled;
2211
2212 hmacs = (struct sctp_hmac_algo_param *)param.p;
2213 n_elt = (ntohs(param.p->length) -
2214 sizeof(struct sctp_paramhdr)) >> 1;
2215
2216
2217
2218
2219
2220 for (i = 0; i < n_elt; i++) {
2221 id = ntohs(hmacs->hmac_ids[i]);
2222
2223 if (id == SCTP_AUTH_HMAC_ID_SHA1)
2224 break;
2225 }
2226
2227 if (id != SCTP_AUTH_HMAC_ID_SHA1) {
2228 sctp_process_inv_paramlength(asoc, param.p, chunk,
2229 err_chunk);
2230 retval = SCTP_IERROR_ABORT;
2231 }
2232 break;
2233 unhandled:
2234 default:
2235 pr_debug("%s: unrecognized param:%d for chunk:%d\n",
2236 __func__, ntohs(param.p->type), cid);
2237
2238 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk);
2239 break;
2240 }
2241 return retval;
2242 }
2243
2244
2245 int sctp_verify_init(struct net *net, const struct sctp_endpoint *ep,
2246 const struct sctp_association *asoc, enum sctp_cid cid,
2247 struct sctp_init_chunk *peer_init,
2248 struct sctp_chunk *chunk, struct sctp_chunk **errp)
2249 {
2250 union sctp_params param;
2251 bool has_cookie = false;
2252 int result;
2253
2254
2255
2256
2257
2258 if (peer_init->init_hdr.num_outbound_streams == 0 ||
2259 peer_init->init_hdr.num_inbound_streams == 0 ||
2260 peer_init->init_hdr.init_tag == 0 ||
2261 ntohl(peer_init->init_hdr.a_rwnd) < SCTP_DEFAULT_MINWINDOW)
2262 return sctp_process_inv_mandatory(asoc, chunk, errp);
2263
2264 sctp_walk_params(param, peer_init, init_hdr.params) {
2265 if (param.p->type == SCTP_PARAM_STATE_COOKIE)
2266 has_cookie = true;
2267 }
2268
2269
2270
2271
2272
2273
2274
2275
2276 if (param.v != (void *)chunk->chunk_end)
2277 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp);
2278
2279
2280
2281
2282 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie)
2283 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE,
2284 chunk, errp);
2285
2286
2287 sctp_walk_params(param, peer_init, init_hdr.params) {
2288 result = sctp_verify_param(net, ep, asoc, param, cid,
2289 chunk, errp);
2290 switch (result) {
2291 case SCTP_IERROR_ABORT:
2292 case SCTP_IERROR_NOMEM:
2293 return 0;
2294 case SCTP_IERROR_ERROR:
2295 return 1;
2296 case SCTP_IERROR_NO_ERROR:
2297 default:
2298 break;
2299 }
2300
2301 }
2302
2303 return 1;
2304 }
2305
2306
2307
2308
2309
2310 int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk,
2311 const union sctp_addr *peer_addr,
2312 struct sctp_init_chunk *peer_init, gfp_t gfp)
2313 {
2314 struct net *net = sock_net(asoc->base.sk);
2315 struct sctp_transport *transport;
2316 struct list_head *pos, *temp;
2317 union sctp_params param;
2318 union sctp_addr addr;
2319 struct sctp_af *af;
2320 int src_match = 0;
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332 if (!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE))
2333 goto nomem;
2334
2335 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr))
2336 src_match = 1;
2337
2338
2339 sctp_walk_params(param, peer_init, init_hdr.params) {
2340 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
2341 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) {
2342 af = sctp_get_af_specific(param_type2af(param.p->type));
2343 af->from_addr_param(&addr, param.addr,
2344 chunk->sctp_hdr->source, 0);
2345 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr))
2346 src_match = 1;
2347 }
2348
2349 if (!sctp_process_param(asoc, param, peer_addr, gfp))
2350 goto clean_up;
2351 }
2352
2353
2354 if (!src_match)
2355 goto clean_up;
2356
2357
2358
2359
2360 if (asoc->peer.auth_capable && (!asoc->peer.peer_random ||
2361 !asoc->peer.peer_hmacs))
2362 asoc->peer.auth_capable = 0;
2363
2364
2365
2366
2367
2368
2369
2370 if (!net->sctp.addip_noauth &&
2371 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) {
2372 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP |
2373 SCTP_PARAM_DEL_IP |
2374 SCTP_PARAM_SET_PRIMARY);
2375 asoc->peer.asconf_capable = 0;
2376 goto clean_up;
2377 }
2378
2379
2380 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2381 transport = list_entry(pos, struct sctp_transport, transports);
2382 if (transport->state == SCTP_UNKNOWN) {
2383 sctp_assoc_rm_peer(asoc, transport);
2384 }
2385 }
2386
2387
2388
2389
2390 asoc->peer.i.init_tag =
2391 ntohl(peer_init->init_hdr.init_tag);
2392 asoc->peer.i.a_rwnd =
2393 ntohl(peer_init->init_hdr.a_rwnd);
2394 asoc->peer.i.num_outbound_streams =
2395 ntohs(peer_init->init_hdr.num_outbound_streams);
2396 asoc->peer.i.num_inbound_streams =
2397 ntohs(peer_init->init_hdr.num_inbound_streams);
2398 asoc->peer.i.initial_tsn =
2399 ntohl(peer_init->init_hdr.initial_tsn);
2400
2401 asoc->strreset_inseq = asoc->peer.i.initial_tsn;
2402
2403
2404
2405
2406 if (asoc->c.sinit_num_ostreams >
2407 ntohs(peer_init->init_hdr.num_inbound_streams)) {
2408 asoc->c.sinit_num_ostreams =
2409 ntohs(peer_init->init_hdr.num_inbound_streams);
2410 }
2411
2412 if (asoc->c.sinit_max_instreams >
2413 ntohs(peer_init->init_hdr.num_outbound_streams)) {
2414 asoc->c.sinit_max_instreams =
2415 ntohs(peer_init->init_hdr.num_outbound_streams);
2416 }
2417
2418
2419 asoc->c.peer_vtag = asoc->peer.i.init_tag;
2420
2421
2422 asoc->peer.rwnd = asoc->peer.i.a_rwnd;
2423
2424
2425
2426
2427
2428 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
2429 transports) {
2430 transport->ssthresh = asoc->peer.i.a_rwnd;
2431 }
2432
2433
2434 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
2435 asoc->peer.i.initial_tsn, gfp))
2436 goto clean_up;
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446 if (sctp_stream_init(&asoc->stream, asoc->c.sinit_num_ostreams,
2447 asoc->c.sinit_max_instreams, gfp))
2448 goto clean_up;
2449
2450
2451 sctp_assoc_update_frag_point(asoc);
2452
2453 if (!asoc->temp && sctp_assoc_set_id(asoc, gfp))
2454 goto clean_up;
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1;
2467 return 1;
2468
2469 clean_up:
2470
2471 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2472 transport = list_entry(pos, struct sctp_transport, transports);
2473 if (transport->state != SCTP_ACTIVE)
2474 sctp_assoc_rm_peer(asoc, transport);
2475 }
2476
2477 nomem:
2478 return 0;
2479 }
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493 static int sctp_process_param(struct sctp_association *asoc,
2494 union sctp_params param,
2495 const union sctp_addr *peer_addr,
2496 gfp_t gfp)
2497 {
2498 struct net *net = sock_net(asoc->base.sk);
2499 struct sctp_endpoint *ep = asoc->ep;
2500 union sctp_addr_param *addr_param;
2501 struct sctp_transport *t;
2502 enum sctp_scope scope;
2503 union sctp_addr addr;
2504 struct sctp_af *af;
2505 int retval = 1, i;
2506 u32 stale;
2507 __u16 sat;
2508
2509
2510
2511
2512
2513 switch (param.p->type) {
2514 case SCTP_PARAM_IPV6_ADDRESS:
2515 if (PF_INET6 != asoc->base.sk->sk_family)
2516 break;
2517 goto do_addr_param;
2518
2519 case SCTP_PARAM_IPV4_ADDRESS:
2520
2521 if (ipv6_only_sock(asoc->base.sk))
2522 break;
2523 do_addr_param:
2524 af = sctp_get_af_specific(param_type2af(param.p->type));
2525 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0);
2526 scope = sctp_scope(peer_addr);
2527 if (sctp_in_scope(net, &addr, scope))
2528 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED))
2529 return 0;
2530 break;
2531
2532 case SCTP_PARAM_COOKIE_PRESERVATIVE:
2533 if (!net->sctp.cookie_preserve_enable)
2534 break;
2535
2536 stale = ntohl(param.life->lifespan_increment);
2537
2538
2539
2540
2541 asoc->cookie_life = ktime_add_ms(asoc->cookie_life, stale);
2542 break;
2543
2544 case SCTP_PARAM_HOST_NAME_ADDRESS:
2545 pr_debug("%s: unimplemented SCTP_HOST_NAME_ADDRESS\n", __func__);
2546 break;
2547
2548 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2549
2550
2551
2552 asoc->peer.ipv4_address = 0;
2553 asoc->peer.ipv6_address = 0;
2554
2555
2556
2557
2558 if (peer_addr->sa.sa_family == AF_INET6)
2559 asoc->peer.ipv6_address = 1;
2560 else if (peer_addr->sa.sa_family == AF_INET)
2561 asoc->peer.ipv4_address = 1;
2562
2563
2564 sat = ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
2565 if (sat)
2566 sat /= sizeof(__u16);
2567
2568 for (i = 0; i < sat; ++i) {
2569 switch (param.sat->types[i]) {
2570 case SCTP_PARAM_IPV4_ADDRESS:
2571 asoc->peer.ipv4_address = 1;
2572 break;
2573
2574 case SCTP_PARAM_IPV6_ADDRESS:
2575 if (PF_INET6 == asoc->base.sk->sk_family)
2576 asoc->peer.ipv6_address = 1;
2577 break;
2578
2579 case SCTP_PARAM_HOST_NAME_ADDRESS:
2580 asoc->peer.hostname_address = 1;
2581 break;
2582
2583 default:
2584 break;
2585 }
2586 }
2587 break;
2588
2589 case SCTP_PARAM_STATE_COOKIE:
2590 asoc->peer.cookie_len =
2591 ntohs(param.p->length) - sizeof(struct sctp_paramhdr);
2592 kfree(asoc->peer.cookie);
2593 asoc->peer.cookie = kmemdup(param.cookie->body, asoc->peer.cookie_len, gfp);
2594 if (!asoc->peer.cookie)
2595 retval = 0;
2596 break;
2597
2598 case SCTP_PARAM_HEARTBEAT_INFO:
2599
2600 break;
2601
2602 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2603
2604 break;
2605
2606 case SCTP_PARAM_ECN_CAPABLE:
2607 if (asoc->ep->ecn_enable) {
2608 asoc->peer.ecn_capable = 1;
2609 break;
2610 }
2611
2612 goto fall_through;
2613
2614
2615 case SCTP_PARAM_ADAPTATION_LAYER_IND:
2616 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind);
2617 break;
2618
2619 case SCTP_PARAM_SET_PRIMARY:
2620 if (!ep->asconf_enable)
2621 goto fall_through;
2622
2623 addr_param = param.v + sizeof(struct sctp_addip_param);
2624
2625 af = sctp_get_af_specific(param_type2af(addr_param->p.type));
2626 if (af == NULL)
2627 break;
2628
2629 af->from_addr_param(&addr, addr_param,
2630 htons(asoc->peer.port), 0);
2631
2632
2633
2634
2635 if (!af->addr_valid(&addr, NULL, NULL))
2636 break;
2637
2638 t = sctp_assoc_lookup_paddr(asoc, &addr);
2639 if (!t)
2640 break;
2641
2642 sctp_assoc_set_primary(asoc, t);
2643 break;
2644
2645 case SCTP_PARAM_SUPPORTED_EXT:
2646 sctp_process_ext_param(asoc, param);
2647 break;
2648
2649 case SCTP_PARAM_FWD_TSN_SUPPORT:
2650 if (asoc->ep->prsctp_enable) {
2651 asoc->peer.prsctp_capable = 1;
2652 break;
2653 }
2654
2655 goto fall_through;
2656
2657 case SCTP_PARAM_RANDOM:
2658 if (!ep->auth_enable)
2659 goto fall_through;
2660
2661
2662 kfree(asoc->peer.peer_random);
2663 asoc->peer.peer_random = kmemdup(param.p,
2664 ntohs(param.p->length), gfp);
2665 if (!asoc->peer.peer_random) {
2666 retval = 0;
2667 break;
2668 }
2669 break;
2670
2671 case SCTP_PARAM_HMAC_ALGO:
2672 if (!ep->auth_enable)
2673 goto fall_through;
2674
2675
2676 kfree(asoc->peer.peer_hmacs);
2677 asoc->peer.peer_hmacs = kmemdup(param.p,
2678 ntohs(param.p->length), gfp);
2679 if (!asoc->peer.peer_hmacs) {
2680 retval = 0;
2681 break;
2682 }
2683
2684
2685 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo);
2686 break;
2687
2688 case SCTP_PARAM_CHUNKS:
2689 if (!ep->auth_enable)
2690 goto fall_through;
2691
2692 kfree(asoc->peer.peer_chunks);
2693 asoc->peer.peer_chunks = kmemdup(param.p,
2694 ntohs(param.p->length), gfp);
2695 if (!asoc->peer.peer_chunks)
2696 retval = 0;
2697 break;
2698 fall_through:
2699 default:
2700
2701
2702
2703
2704
2705 pr_debug("%s: ignoring param:%d for association:%p.\n",
2706 __func__, ntohs(param.p->type), asoc);
2707 break;
2708 }
2709
2710 return retval;
2711 }
2712
2713
2714 __u32 sctp_generate_tag(const struct sctp_endpoint *ep)
2715 {
2716
2717
2718
2719 __u32 x;
2720
2721 do {
2722 get_random_bytes(&x, sizeof(__u32));
2723 } while (x == 0);
2724
2725 return x;
2726 }
2727
2728
2729 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep)
2730 {
2731 __u32 retval;
2732
2733 get_random_bytes(&retval, sizeof(__u32));
2734 return retval;
2735 }
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc,
2760 union sctp_addr *addr,
2761 int vparam_len)
2762 {
2763 struct sctp_addiphdr asconf;
2764 struct sctp_chunk *retval;
2765 int length = sizeof(asconf) + vparam_len;
2766 union sctp_addr_param addrparam;
2767 int addrlen;
2768 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2769
2770 addrlen = af->to_addr_param(addr, &addrparam);
2771 if (!addrlen)
2772 return NULL;
2773 length += addrlen;
2774
2775
2776 retval = sctp_make_control(asoc, SCTP_CID_ASCONF, 0, length,
2777 GFP_ATOMIC);
2778 if (!retval)
2779 return NULL;
2780
2781 asconf.serial = htonl(asoc->addip_serial++);
2782
2783 retval->subh.addip_hdr =
2784 sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2785 retval->param_hdr.v =
2786 sctp_addto_chunk(retval, addrlen, &addrparam);
2787
2788 return retval;
2789 }
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc,
2816 union sctp_addr *laddr,
2817 struct sockaddr *addrs,
2818 int addrcnt, __be16 flags)
2819 {
2820 union sctp_addr_param addr_param;
2821 struct sctp_addip_param param;
2822 int paramlen = sizeof(param);
2823 struct sctp_chunk *retval;
2824 int addr_param_len = 0;
2825 union sctp_addr *addr;
2826 int totallen = 0, i;
2827 int del_pickup = 0;
2828 struct sctp_af *af;
2829 void *addr_buf;
2830
2831
2832 addr_buf = addrs;
2833 for (i = 0; i < addrcnt; i++) {
2834 addr = addr_buf;
2835 af = sctp_get_af_specific(addr->v4.sin_family);
2836 addr_param_len = af->to_addr_param(addr, &addr_param);
2837
2838 totallen += paramlen;
2839 totallen += addr_param_len;
2840
2841 addr_buf += af->sockaddr_len;
2842 if (asoc->asconf_addr_del_pending && !del_pickup) {
2843
2844 totallen += paramlen;
2845 totallen += addr_param_len;
2846 del_pickup = 1;
2847
2848 pr_debug("%s: picked same-scope del_pending addr, "
2849 "totallen for all addresses is %d\n",
2850 __func__, totallen);
2851 }
2852 }
2853
2854
2855 retval = sctp_make_asconf(asoc, laddr, totallen);
2856 if (!retval)
2857 return NULL;
2858
2859
2860 addr_buf = addrs;
2861 for (i = 0; i < addrcnt; i++) {
2862 addr = addr_buf;
2863 af = sctp_get_af_specific(addr->v4.sin_family);
2864 addr_param_len = af->to_addr_param(addr, &addr_param);
2865 param.param_hdr.type = flags;
2866 param.param_hdr.length = htons(paramlen + addr_param_len);
2867 param.crr_id = htonl(i);
2868
2869 sctp_addto_chunk(retval, paramlen, ¶m);
2870 sctp_addto_chunk(retval, addr_param_len, &addr_param);
2871
2872 addr_buf += af->sockaddr_len;
2873 }
2874 if (flags == SCTP_PARAM_ADD_IP && del_pickup) {
2875 addr = asoc->asconf_addr_del_pending;
2876 af = sctp_get_af_specific(addr->v4.sin_family);
2877 addr_param_len = af->to_addr_param(addr, &addr_param);
2878 param.param_hdr.type = SCTP_PARAM_DEL_IP;
2879 param.param_hdr.length = htons(paramlen + addr_param_len);
2880 param.crr_id = htonl(i);
2881
2882 sctp_addto_chunk(retval, paramlen, ¶m);
2883 sctp_addto_chunk(retval, addr_param_len, &addr_param);
2884 }
2885 return retval;
2886 }
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc,
2903 union sctp_addr *addr)
2904 {
2905 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2906 union sctp_addr_param addrparam;
2907 struct sctp_addip_param param;
2908 struct sctp_chunk *retval;
2909 int len = sizeof(param);
2910 int addrlen;
2911
2912 addrlen = af->to_addr_param(addr, &addrparam);
2913 if (!addrlen)
2914 return NULL;
2915 len += addrlen;
2916
2917
2918 retval = sctp_make_asconf(asoc, addr, len);
2919 if (!retval)
2920 return NULL;
2921
2922 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY;
2923 param.param_hdr.length = htons(len);
2924 param.crr_id = 0;
2925
2926 sctp_addto_chunk(retval, sizeof(param), ¶m);
2927 sctp_addto_chunk(retval, addrlen, &addrparam);
2928
2929 return retval;
2930 }
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc,
2952 __u32 serial, int vparam_len)
2953 {
2954 struct sctp_addiphdr asconf;
2955 struct sctp_chunk *retval;
2956 int length = sizeof(asconf) + vparam_len;
2957
2958
2959 retval = sctp_make_control(asoc, SCTP_CID_ASCONF_ACK, 0, length,
2960 GFP_ATOMIC);
2961 if (!retval)
2962 return NULL;
2963
2964 asconf.serial = htonl(serial);
2965
2966 retval->subh.addip_hdr =
2967 sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2968
2969 return retval;
2970 }
2971
2972
2973 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id,
2974 __be16 err_code,
2975 struct sctp_addip_param *asconf_param)
2976 {
2977 struct sctp_addip_param ack_param;
2978 struct sctp_errhdr err_param;
2979 int asconf_param_len = 0;
2980 int err_param_len = 0;
2981 __be16 response_type;
2982
2983 if (SCTP_ERROR_NO_ERROR == err_code) {
2984 response_type = SCTP_PARAM_SUCCESS_REPORT;
2985 } else {
2986 response_type = SCTP_PARAM_ERR_CAUSE;
2987 err_param_len = sizeof(err_param);
2988 if (asconf_param)
2989 asconf_param_len =
2990 ntohs(asconf_param->param_hdr.length);
2991 }
2992
2993
2994 ack_param.param_hdr.type = response_type;
2995 ack_param.param_hdr.length = htons(sizeof(ack_param) +
2996 err_param_len +
2997 asconf_param_len);
2998 ack_param.crr_id = crr_id;
2999 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param);
3000
3001 if (SCTP_ERROR_NO_ERROR == err_code)
3002 return;
3003
3004
3005 err_param.cause = err_code;
3006 err_param.length = htons(err_param_len + asconf_param_len);
3007 sctp_addto_chunk(chunk, err_param_len, &err_param);
3008
3009
3010 if (asconf_param)
3011 sctp_addto_chunk(chunk, asconf_param_len, asconf_param);
3012 }
3013
3014
3015 static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
3016 struct sctp_chunk *asconf,
3017 struct sctp_addip_param *asconf_param)
3018 {
3019 union sctp_addr_param *addr_param;
3020 struct sctp_transport *peer;
3021 union sctp_addr addr;
3022 struct sctp_af *af;
3023
3024 addr_param = (void *)asconf_param + sizeof(*asconf_param);
3025
3026 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP &&
3027 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP &&
3028 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY)
3029 return SCTP_ERROR_UNKNOWN_PARAM;
3030
3031 switch (addr_param->p.type) {
3032 case SCTP_PARAM_IPV6_ADDRESS:
3033 if (!asoc->peer.ipv6_address)
3034 return SCTP_ERROR_DNS_FAILED;
3035 break;
3036 case SCTP_PARAM_IPV4_ADDRESS:
3037 if (!asoc->peer.ipv4_address)
3038 return SCTP_ERROR_DNS_FAILED;
3039 break;
3040 default:
3041 return SCTP_ERROR_DNS_FAILED;
3042 }
3043
3044 af = sctp_get_af_specific(param_type2af(addr_param->p.type));
3045 if (unlikely(!af))
3046 return SCTP_ERROR_DNS_FAILED;
3047
3048 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0);
3049
3050
3051
3052
3053
3054
3055 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb))
3056 return SCTP_ERROR_DNS_FAILED;
3057
3058 switch (asconf_param->param_hdr.type) {
3059 case SCTP_PARAM_ADD_IP:
3060
3061
3062
3063
3064 if (af->is_any(&addr))
3065 memcpy(&addr, &asconf->source, sizeof(addr));
3066
3067 if (security_sctp_bind_connect(asoc->ep->base.sk,
3068 SCTP_PARAM_ADD_IP,
3069 (struct sockaddr *)&addr,
3070 af->sockaddr_len))
3071 return SCTP_ERROR_REQ_REFUSED;
3072
3073
3074
3075
3076
3077
3078
3079
3080 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED);
3081 if (!peer)
3082 return SCTP_ERROR_RSRC_LOW;
3083
3084
3085 sctp_transport_reset_hb_timer(peer);
3086 asoc->new_transport = peer;
3087 break;
3088 case SCTP_PARAM_DEL_IP:
3089
3090
3091
3092
3093
3094 if (asoc->peer.transport_count == 1)
3095 return SCTP_ERROR_DEL_LAST_IP;
3096
3097
3098
3099
3100
3101
3102
3103
3104 if (sctp_cmp_addr_exact(&asconf->source, &addr))
3105 return SCTP_ERROR_DEL_SRC_IP;
3106
3107
3108
3109
3110
3111
3112 if (af->is_any(&addr)) {
3113 sctp_assoc_set_primary(asoc, asconf->transport);
3114 sctp_assoc_del_nonprimary_peers(asoc,
3115 asconf->transport);
3116 return SCTP_ERROR_NO_ERROR;
3117 }
3118
3119
3120
3121
3122
3123
3124 peer = sctp_assoc_lookup_paddr(asoc, &addr);
3125 if (!peer)
3126 return SCTP_ERROR_DNS_FAILED;
3127
3128 sctp_assoc_rm_peer(asoc, peer);
3129 break;
3130 case SCTP_PARAM_SET_PRIMARY:
3131
3132
3133
3134
3135
3136 if (af->is_any(&addr))
3137 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
3138
3139 if (security_sctp_bind_connect(asoc->ep->base.sk,
3140 SCTP_PARAM_SET_PRIMARY,
3141 (struct sockaddr *)&addr,
3142 af->sockaddr_len))
3143 return SCTP_ERROR_REQ_REFUSED;
3144
3145 peer = sctp_assoc_lookup_paddr(asoc, &addr);
3146 if (!peer)
3147 return SCTP_ERROR_DNS_FAILED;
3148
3149 sctp_assoc_set_primary(asoc, peer);
3150 break;
3151 }
3152
3153 return SCTP_ERROR_NO_ERROR;
3154 }
3155
3156
3157 bool sctp_verify_asconf(const struct sctp_association *asoc,
3158 struct sctp_chunk *chunk, bool addr_param_needed,
3159 struct sctp_paramhdr **errp)
3160 {
3161 struct sctp_addip_chunk *addip;
3162 bool addr_param_seen = false;
3163 union sctp_params param;
3164
3165 addip = (struct sctp_addip_chunk *)chunk->chunk_hdr;
3166 sctp_walk_params(param, addip, addip_hdr.params) {
3167 size_t length = ntohs(param.p->length);
3168
3169 *errp = param.p;
3170 switch (param.p->type) {
3171 case SCTP_PARAM_ERR_CAUSE:
3172 break;
3173 case SCTP_PARAM_IPV4_ADDRESS:
3174 if (length != sizeof(struct sctp_ipv4addr_param))
3175 return false;
3176
3177
3178
3179 if (param.v != addip->addip_hdr.params)
3180 return false;
3181 addr_param_seen = true;
3182 break;
3183 case SCTP_PARAM_IPV6_ADDRESS:
3184 if (length != sizeof(struct sctp_ipv6addr_param))
3185 return false;
3186 if (param.v != addip->addip_hdr.params)
3187 return false;
3188 addr_param_seen = true;
3189 break;
3190 case SCTP_PARAM_ADD_IP:
3191 case SCTP_PARAM_DEL_IP:
3192 case SCTP_PARAM_SET_PRIMARY:
3193
3194 if (addr_param_needed && !addr_param_seen)
3195 return false;
3196 length = ntohs(param.addip->param_hdr.length);
3197 if (length < sizeof(struct sctp_addip_param) +
3198 sizeof(**errp))
3199 return false;
3200 break;
3201 case SCTP_PARAM_SUCCESS_REPORT:
3202 case SCTP_PARAM_ADAPTATION_LAYER_IND:
3203 if (length != sizeof(struct sctp_addip_param))
3204 return false;
3205 break;
3206 default:
3207
3208 return false;
3209 }
3210 }
3211
3212
3213 if (addr_param_needed && !addr_param_seen)
3214 return false;
3215 if (!addr_param_needed && addr_param_seen)
3216 return false;
3217 if (param.v != chunk->chunk_end)
3218 return false;
3219
3220 return true;
3221 }
3222
3223
3224
3225
3226 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
3227 struct sctp_chunk *asconf)
3228 {
3229 union sctp_addr_param *addr_param;
3230 struct sctp_addip_chunk *addip;
3231 struct sctp_chunk *asconf_ack;
3232 bool all_param_pass = true;
3233 struct sctp_addiphdr *hdr;
3234 int length = 0, chunk_len;
3235 union sctp_params param;
3236 __be16 err_code;
3237 __u32 serial;
3238
3239 addip = (struct sctp_addip_chunk *)asconf->chunk_hdr;
3240 chunk_len = ntohs(asconf->chunk_hdr->length) -
3241 sizeof(struct sctp_chunkhdr);
3242 hdr = (struct sctp_addiphdr *)asconf->skb->data;
3243 serial = ntohl(hdr->serial);
3244
3245
3246 length = sizeof(*hdr);
3247 addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3248 chunk_len -= length;
3249
3250
3251
3252
3253 length = ntohs(addr_param->p.length);
3254 chunk_len -= length;
3255
3256
3257
3258
3259
3260
3261 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4);
3262 if (!asconf_ack)
3263 goto done;
3264
3265
3266 sctp_walk_params(param, addip, addip_hdr.params) {
3267
3268 if (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
3269 param.p->type == SCTP_PARAM_IPV6_ADDRESS)
3270 continue;
3271
3272 err_code = sctp_process_asconf_param(asoc, asconf,
3273 param.addip);
3274
3275
3276
3277
3278
3279
3280
3281 if (err_code != SCTP_ERROR_NO_ERROR)
3282 all_param_pass = false;
3283 if (!all_param_pass)
3284 sctp_add_asconf_response(asconf_ack, param.addip->crr_id,
3285 err_code, param.addip);
3286
3287
3288
3289
3290
3291
3292 if (err_code == SCTP_ERROR_RSRC_LOW)
3293 goto done;
3294 }
3295 done:
3296 asoc->peer.addip_serial++;
3297
3298
3299
3300
3301 if (asconf_ack) {
3302 sctp_chunk_hold(asconf_ack);
3303 list_add_tail(&asconf_ack->transmitted_list,
3304 &asoc->asconf_ack_list);
3305 }
3306
3307 return asconf_ack;
3308 }
3309
3310
3311 static void sctp_asconf_param_success(struct sctp_association *asoc,
3312 struct sctp_addip_param *asconf_param)
3313 {
3314 struct sctp_bind_addr *bp = &asoc->base.bind_addr;
3315 union sctp_addr_param *addr_param;
3316 struct sctp_sockaddr_entry *saddr;
3317 struct sctp_transport *transport;
3318 union sctp_addr addr;
3319 struct sctp_af *af;
3320
3321 addr_param = (void *)asconf_param + sizeof(*asconf_param);
3322
3323
3324 af = sctp_get_af_specific(param_type2af(addr_param->p.type));
3325 af->from_addr_param(&addr, addr_param, htons(bp->port), 0);
3326
3327 switch (asconf_param->param_hdr.type) {
3328 case SCTP_PARAM_ADD_IP:
3329
3330
3331
3332 local_bh_disable();
3333 list_for_each_entry(saddr, &bp->address_list, list) {
3334 if (sctp_cmp_addr_exact(&saddr->a, &addr))
3335 saddr->state = SCTP_ADDR_SRC;
3336 }
3337 local_bh_enable();
3338 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3339 transports) {
3340 sctp_transport_dst_release(transport);
3341 }
3342 break;
3343 case SCTP_PARAM_DEL_IP:
3344 local_bh_disable();
3345 sctp_del_bind_addr(bp, &addr);
3346 if (asoc->asconf_addr_del_pending != NULL &&
3347 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) {
3348 kfree(asoc->asconf_addr_del_pending);
3349 asoc->asconf_addr_del_pending = NULL;
3350 }
3351 local_bh_enable();
3352 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3353 transports) {
3354 sctp_transport_dst_release(transport);
3355 }
3356 break;
3357 default:
3358 break;
3359 }
3360 }
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
3372 struct sctp_addip_param *asconf_param,
3373 int no_err)
3374 {
3375 struct sctp_addip_param *asconf_ack_param;
3376 struct sctp_errhdr *err_param;
3377 int asconf_ack_len;
3378 __be16 err_code;
3379 int length;
3380
3381 if (no_err)
3382 err_code = SCTP_ERROR_NO_ERROR;
3383 else
3384 err_code = SCTP_ERROR_REQ_REFUSED;
3385
3386 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) -
3387 sizeof(struct sctp_chunkhdr);
3388
3389
3390
3391
3392 length = sizeof(struct sctp_addiphdr);
3393 asconf_ack_param = (struct sctp_addip_param *)(asconf_ack->skb->data +
3394 length);
3395 asconf_ack_len -= length;
3396
3397 while (asconf_ack_len > 0) {
3398 if (asconf_ack_param->crr_id == asconf_param->crr_id) {
3399 switch (asconf_ack_param->param_hdr.type) {
3400 case SCTP_PARAM_SUCCESS_REPORT:
3401 return SCTP_ERROR_NO_ERROR;
3402 case SCTP_PARAM_ERR_CAUSE:
3403 length = sizeof(*asconf_ack_param);
3404 err_param = (void *)asconf_ack_param + length;
3405 asconf_ack_len -= length;
3406 if (asconf_ack_len > 0)
3407 return err_param->cause;
3408 else
3409 return SCTP_ERROR_INV_PARAM;
3410 break;
3411 default:
3412 return SCTP_ERROR_INV_PARAM;
3413 }
3414 }
3415
3416 length = ntohs(asconf_ack_param->param_hdr.length);
3417 asconf_ack_param = (void *)asconf_ack_param + length;
3418 asconf_ack_len -= length;
3419 }
3420
3421 return err_code;
3422 }
3423
3424
3425 int sctp_process_asconf_ack(struct sctp_association *asoc,
3426 struct sctp_chunk *asconf_ack)
3427 {
3428 struct sctp_chunk *asconf = asoc->addip_last_asconf;
3429 struct sctp_addip_param *asconf_param;
3430 __be16 err_code = SCTP_ERROR_NO_ERROR;
3431 union sctp_addr_param *addr_param;
3432 int asconf_len = asconf->skb->len;
3433 int all_param_pass = 0;
3434 int length = 0;
3435 int no_err = 1;
3436 int retval = 0;
3437
3438
3439
3440
3441 length = sizeof(struct sctp_addip_chunk);
3442 addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3443 asconf_len -= length;
3444
3445
3446
3447
3448 length = ntohs(addr_param->p.length);
3449 asconf_param = (void *)addr_param + length;
3450 asconf_len -= length;
3451
3452
3453
3454
3455
3456
3457 if (asconf_ack->skb->len == sizeof(struct sctp_addiphdr))
3458 all_param_pass = 1;
3459
3460
3461 while (asconf_len > 0) {
3462 if (all_param_pass)
3463 err_code = SCTP_ERROR_NO_ERROR;
3464 else {
3465 err_code = sctp_get_asconf_response(asconf_ack,
3466 asconf_param,
3467 no_err);
3468 if (no_err && (SCTP_ERROR_NO_ERROR != err_code))
3469 no_err = 0;
3470 }
3471
3472 switch (err_code) {
3473 case SCTP_ERROR_NO_ERROR:
3474 sctp_asconf_param_success(asoc, asconf_param);
3475 break;
3476
3477 case SCTP_ERROR_RSRC_LOW:
3478 retval = 1;
3479 break;
3480
3481 case SCTP_ERROR_UNKNOWN_PARAM:
3482
3483
3484
3485 asoc->peer.addip_disabled_mask |=
3486 asconf_param->param_hdr.type;
3487 break;
3488
3489 case SCTP_ERROR_REQ_REFUSED:
3490 case SCTP_ERROR_DEL_LAST_IP:
3491 case SCTP_ERROR_DEL_SRC_IP:
3492 default:
3493 break;
3494 }
3495
3496
3497
3498
3499 length = ntohs(asconf_param->param_hdr.length);
3500 asconf_param = (void *)asconf_param + length;
3501 asconf_len -= length;
3502 }
3503
3504 if (no_err && asoc->src_out_of_asoc_ok) {
3505 asoc->src_out_of_asoc_ok = 0;
3506 sctp_transport_immediate_rtx(asoc->peer.primary_path);
3507 }
3508
3509
3510 list_del_init(&asconf->transmitted_list);
3511 sctp_chunk_free(asconf);
3512 asoc->addip_last_asconf = NULL;
3513
3514 return retval;
3515 }
3516
3517
3518 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc,
3519 __u32 new_cum_tsn, size_t nstreams,
3520 struct sctp_fwdtsn_skip *skiplist)
3521 {
3522 struct sctp_chunk *retval = NULL;
3523 struct sctp_fwdtsn_hdr ftsn_hdr;
3524 struct sctp_fwdtsn_skip skip;
3525 size_t hint;
3526 int i;
3527
3528 hint = (nstreams + 1) * sizeof(__u32);
3529
3530 retval = sctp_make_control(asoc, SCTP_CID_FWD_TSN, 0, hint, GFP_ATOMIC);
3531
3532 if (!retval)
3533 return NULL;
3534
3535 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn);
3536 retval->subh.fwdtsn_hdr =
3537 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr);
3538
3539 for (i = 0; i < nstreams; i++) {
3540 skip.stream = skiplist[i].stream;
3541 skip.ssn = skiplist[i].ssn;
3542 sctp_addto_chunk(retval, sizeof(skip), &skip);
3543 }
3544
3545 return retval;
3546 }
3547
3548 struct sctp_chunk *sctp_make_ifwdtsn(const struct sctp_association *asoc,
3549 __u32 new_cum_tsn, size_t nstreams,
3550 struct sctp_ifwdtsn_skip *skiplist)
3551 {
3552 struct sctp_chunk *retval = NULL;
3553 struct sctp_ifwdtsn_hdr ftsn_hdr;
3554 size_t hint;
3555
3556 hint = (nstreams + 1) * sizeof(__u32);
3557
3558 retval = sctp_make_control(asoc, SCTP_CID_I_FWD_TSN, 0, hint,
3559 GFP_ATOMIC);
3560 if (!retval)
3561 return NULL;
3562
3563 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn);
3564 retval->subh.ifwdtsn_hdr =
3565 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr);
3566
3567 sctp_addto_chunk(retval, nstreams * sizeof(skiplist[0]), skiplist);
3568
3569 return retval;
3570 }
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587 static struct sctp_chunk *sctp_make_reconf(const struct sctp_association *asoc,
3588 int length)
3589 {
3590 struct sctp_reconf_chunk *reconf;
3591 struct sctp_chunk *retval;
3592
3593 retval = sctp_make_control(asoc, SCTP_CID_RECONF, 0, length,
3594 GFP_ATOMIC);
3595 if (!retval)
3596 return NULL;
3597
3598 reconf = (struct sctp_reconf_chunk *)retval->chunk_hdr;
3599 retval->param_hdr.v = reconf->params;
3600
3601 return retval;
3602 }
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638 struct sctp_chunk *sctp_make_strreset_req(
3639 const struct sctp_association *asoc,
3640 __u16 stream_num, __be16 *stream_list,
3641 bool out, bool in)
3642 {
3643 __u16 stream_len = stream_num * sizeof(__u16);
3644 struct sctp_strreset_outreq outreq;
3645 struct sctp_strreset_inreq inreq;
3646 struct sctp_chunk *retval;
3647 __u16 outlen, inlen;
3648
3649 outlen = (sizeof(outreq) + stream_len) * out;
3650 inlen = (sizeof(inreq) + stream_len) * in;
3651
3652 retval = sctp_make_reconf(asoc, outlen + inlen);
3653 if (!retval)
3654 return NULL;
3655
3656 if (outlen) {
3657 outreq.param_hdr.type = SCTP_PARAM_RESET_OUT_REQUEST;
3658 outreq.param_hdr.length = htons(outlen);
3659 outreq.request_seq = htonl(asoc->strreset_outseq);
3660 outreq.response_seq = htonl(asoc->strreset_inseq - 1);
3661 outreq.send_reset_at_tsn = htonl(asoc->next_tsn - 1);
3662
3663 sctp_addto_chunk(retval, sizeof(outreq), &outreq);
3664
3665 if (stream_len)
3666 sctp_addto_chunk(retval, stream_len, stream_list);
3667 }
3668
3669 if (inlen) {
3670 inreq.param_hdr.type = SCTP_PARAM_RESET_IN_REQUEST;
3671 inreq.param_hdr.length = htons(inlen);
3672 inreq.request_seq = htonl(asoc->strreset_outseq + out);
3673
3674 sctp_addto_chunk(retval, sizeof(inreq), &inreq);
3675
3676 if (stream_len)
3677 sctp_addto_chunk(retval, stream_len, stream_list);
3678 }
3679
3680 return retval;
3681 }
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
3692 struct sctp_chunk *sctp_make_strreset_tsnreq(
3693 const struct sctp_association *asoc)
3694 {
3695 struct sctp_strreset_tsnreq tsnreq;
3696 __u16 length = sizeof(tsnreq);
3697 struct sctp_chunk *retval;
3698
3699 retval = sctp_make_reconf(asoc, length);
3700 if (!retval)
3701 return NULL;
3702
3703 tsnreq.param_hdr.type = SCTP_PARAM_RESET_TSN_REQUEST;
3704 tsnreq.param_hdr.length = htons(length);
3705 tsnreq.request_seq = htonl(asoc->strreset_outseq);
3706
3707 sctp_addto_chunk(retval, sizeof(tsnreq), &tsnreq);
3708
3709 return retval;
3710 }
3711
3712
3713
3714
3715
3716
3717
3718
3719
3720
3721
3722
3723 struct sctp_chunk *sctp_make_strreset_addstrm(
3724 const struct sctp_association *asoc,
3725 __u16 out, __u16 in)
3726 {
3727 struct sctp_strreset_addstrm addstrm;
3728 __u16 size = sizeof(addstrm);
3729 struct sctp_chunk *retval;
3730
3731 retval = sctp_make_reconf(asoc, (!!out + !!in) * size);
3732 if (!retval)
3733 return NULL;
3734
3735 if (out) {
3736 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_OUT_STREAMS;
3737 addstrm.param_hdr.length = htons(size);
3738 addstrm.number_of_streams = htons(out);
3739 addstrm.request_seq = htonl(asoc->strreset_outseq);
3740 addstrm.reserved = 0;
3741
3742 sctp_addto_chunk(retval, size, &addstrm);
3743 }
3744
3745 if (in) {
3746 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_IN_STREAMS;
3747 addstrm.param_hdr.length = htons(size);
3748 addstrm.number_of_streams = htons(in);
3749 addstrm.request_seq = htonl(asoc->strreset_outseq + !!out);
3750 addstrm.reserved = 0;
3751
3752 sctp_addto_chunk(retval, size, &addstrm);
3753 }
3754
3755 return retval;
3756 }
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769 struct sctp_chunk *sctp_make_strreset_resp(const struct sctp_association *asoc,
3770 __u32 result, __u32 sn)
3771 {
3772 struct sctp_strreset_resp resp;
3773 __u16 length = sizeof(resp);
3774 struct sctp_chunk *retval;
3775
3776 retval = sctp_make_reconf(asoc, length);
3777 if (!retval)
3778 return NULL;
3779
3780 resp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE;
3781 resp.param_hdr.length = htons(length);
3782 resp.response_seq = htonl(sn);
3783 resp.result = htonl(result);
3784
3785 sctp_addto_chunk(retval, sizeof(resp), &resp);
3786
3787 return retval;
3788 }
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805 struct sctp_chunk *sctp_make_strreset_tsnresp(struct sctp_association *asoc,
3806 __u32 result, __u32 sn,
3807 __u32 sender_tsn,
3808 __u32 receiver_tsn)
3809 {
3810 struct sctp_strreset_resptsn tsnresp;
3811 __u16 length = sizeof(tsnresp);
3812 struct sctp_chunk *retval;
3813
3814 retval = sctp_make_reconf(asoc, length);
3815 if (!retval)
3816 return NULL;
3817
3818 tsnresp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE;
3819 tsnresp.param_hdr.length = htons(length);
3820
3821 tsnresp.response_seq = htonl(sn);
3822 tsnresp.result = htonl(result);
3823 tsnresp.senders_next_tsn = htonl(sender_tsn);
3824 tsnresp.receivers_next_tsn = htonl(receiver_tsn);
3825
3826 sctp_addto_chunk(retval, sizeof(tsnresp), &tsnresp);
3827
3828 return retval;
3829 }
3830
3831 bool sctp_verify_reconf(const struct sctp_association *asoc,
3832 struct sctp_chunk *chunk,
3833 struct sctp_paramhdr **errp)
3834 {
3835 struct sctp_reconf_chunk *hdr;
3836 union sctp_params param;
3837 __be16 last = 0;
3838 __u16 cnt = 0;
3839
3840 hdr = (struct sctp_reconf_chunk *)chunk->chunk_hdr;
3841 sctp_walk_params(param, hdr, params) {
3842 __u16 length = ntohs(param.p->length);
3843
3844 *errp = param.p;
3845 if (cnt++ > 2)
3846 return false;
3847 switch (param.p->type) {
3848 case SCTP_PARAM_RESET_OUT_REQUEST:
3849 if (length < sizeof(struct sctp_strreset_outreq) ||
3850 (last && last != SCTP_PARAM_RESET_RESPONSE &&
3851 last != SCTP_PARAM_RESET_IN_REQUEST))
3852 return false;
3853 break;
3854 case SCTP_PARAM_RESET_IN_REQUEST:
3855 if (length < sizeof(struct sctp_strreset_inreq) ||
3856 (last && last != SCTP_PARAM_RESET_OUT_REQUEST))
3857 return false;
3858 break;
3859 case SCTP_PARAM_RESET_RESPONSE:
3860 if ((length != sizeof(struct sctp_strreset_resp) &&
3861 length != sizeof(struct sctp_strreset_resptsn)) ||
3862 (last && last != SCTP_PARAM_RESET_RESPONSE &&
3863 last != SCTP_PARAM_RESET_OUT_REQUEST))
3864 return false;
3865 break;
3866 case SCTP_PARAM_RESET_TSN_REQUEST:
3867 if (length !=
3868 sizeof(struct sctp_strreset_tsnreq) || last)
3869 return false;
3870 break;
3871 case SCTP_PARAM_RESET_ADD_IN_STREAMS:
3872 if (length != sizeof(struct sctp_strreset_addstrm) ||
3873 (last && last != SCTP_PARAM_RESET_ADD_OUT_STREAMS))
3874 return false;
3875 break;
3876 case SCTP_PARAM_RESET_ADD_OUT_STREAMS:
3877 if (length != sizeof(struct sctp_strreset_addstrm) ||
3878 (last && last != SCTP_PARAM_RESET_ADD_IN_STREAMS))
3879 return false;
3880 break;
3881 default:
3882 return false;
3883 }
3884
3885 last = param.p->type;
3886 }
3887
3888 return true;
3889 }