/* SCTP kernel implementation
 * (C) Copyright IBM Corp. 2001, 2004
 * Copyright (c) 1999-2000 Cisco, Inc.
 * Copyright (c) 1999-2001 Motorola, Inc.
 * Copyright (c) 2001-2003 Intel Corp.
 * Copyright (c) 2001-2002 Nokia, Inc.
 * Copyright (c) 2001 La Monte H.P. Yarroll
 *
 * This file is part of the SCTP kernel implementation
 *
 * These functions interface with the sockets layer to implement the
 * SCTP Extensions for the Sockets API.
 *
 * Note that the descriptions from the specification are USER level
 * functions--this file is the functions which populate the struct proto
 * for SCTP which is the BOTTOM of the sockets interface.
 *
 * This SCTP implementation is free software;
 * you can redistribute it and/or modify it under the terms of
 * the GNU General Public License as published by
 * the Free Software Foundation; either version 2, or (at your option)
 * any later version.
 *
 * This SCTP implementation is distributed in the hope that it
 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
 *                 ************************
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with GNU CC; see the file COPYING.  If not, write to
 * the Free Software Foundation, 59 Temple Place - Suite 330,
 * Boston, MA 02111-1307, USA.
 *
 * Please send any bug reports or fixes you make to the
 * email address(es):
 *    lksctp developers <lksctp-developers@lists.sourceforge.net>
 *
 * Or submit a bug report through the following website:
 *    http://www.sf.net/projects/lksctp
 *
 * Written or modified by:
 *    La Monte H.P. Yarroll <piggy@acm.org>
 *    Narasimha Budihal     <narsi@refcode.org>
 *    Karl Knutson          <karl@athena.chicago.il.us>
 *    Jon Grimm             <jgrimm@us.ibm.com>
 *    Xingang Guo           <xingang.guo@intel.com>
 *    Daisy Chang           <daisyc@us.ibm.com>
 *    Sridhar Samudrala     <samudrala@us.ibm.com>
 *    Inaky Perez-Gonzalez  <inaky.gonzalez@intel.com>
 *    Ardelle Fan           <ardelle.fan@intel.com>
 *    Ryan Layer            <rmlayer@us.ibm.com>
 *    Anup Pemmaiah         <pemmaiah@cc.usu.edu>
 *    Kevin Gao             <kevin.gao@intel.com>
 *
 * Any bugs reported given to us we will try to fix... any fixes shared will
 * be incorporated into the next SCTP release.
 */

#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/wait.h>
#include <linux/time.h>
#include <linux/ip.h>
#include <linux/capability.h>
#include <linux/fcntl.h>
#include <linux/poll.h>
#include <linux/init.h>
#include <linux/crypto.h>

#include <net/ip.h>
#include <net/icmp.h>
#include <net/route.h>
#include <net/ipv6.h>
#include <net/inet_common.h>

#include <linux/socket.h> /* for sa_family_t */
#include <net/sock.h>
#include <net/sctp/sctp.h>
#include <net/sctp/sm.h>

/* WARNING:  Please do not remove the SCTP_STATIC attribute to
 * any of the functions below as they are used to export functions
 * used by a project regression testsuite.
 */

/* Forward declarations for internal helper functions. */
static int sctp_writeable(struct sock *sk);
static void sctp_wfree(struct sk_buff *skb);
static int sctp_wait_for_sndbuf(struct sctp_association *, long *timeo_p,
                                size_t msg_len);
static int sctp_wait_for_packet(struct sock * sk, int *err, long *timeo_p);
static int sctp_wait_for_connect(struct sctp_association *, long *timeo_p);
static int sctp_wait_for_accept(struct sock *sk, long timeo);
static void sctp_wait_for_close(struct sock *sk, long timeo);
static struct sctp_af *sctp_sockaddr_af(struct sctp_sock *opt,
                                        union sctp_addr *addr, int len);
static int sctp_bindx_add(struct sock *, struct sockaddr *, int);
static int sctp_bindx_rem(struct sock *, struct sockaddr *, int);
static int sctp_send_asconf_add_ip(struct sock *, struct sockaddr *, int);
static int sctp_send_asconf_del_ip(struct sock *, struct sockaddr *, int);
static int sctp_send_asconf(struct sctp_association *asoc,
                            struct sctp_chunk *chunk);
static int sctp_do_bind(struct sock *, union sctp_addr *, int);
static int sctp_autobind(struct sock *sk);
static void sctp_sock_migrate(struct sock *, struct sock *,
                              struct sctp_association *, sctp_socket_type_t);
static char *sctp_hmac_alg = SCTP_COOKIE_HMAC_ALG;

extern struct kmem_cache *sctp_bucket_cachep;
extern int sysctl_sctp_mem[3];
extern int sysctl_sctp_rmem[3];
extern int sysctl_sctp_wmem[3];

static int sctp_memory_pressure;
static atomic_t sctp_memory_allocated;
struct percpu_counter sctp_sockets_allocated;

static void sctp_enter_memory_pressure(struct sock *sk)
{
        sctp_memory_pressure = 1;
}


/* Get the sndbuf space available at the time on the association.  */
static inline int sctp_wspace(struct sctp_association *asoc)
{
        int amt;

        if (asoc->ep->sndbuf_policy)
                amt = asoc->sndbuf_used;
        else
                amt = atomic_read(&asoc->base.sk->sk_wmem_alloc);

        if (amt >= asoc->base.sk->sk_sndbuf) {
                if (asoc->base.sk->sk_userlocks & SOCK_SNDBUF_LOCK)
                        amt = 0;
                else {
                        amt = sk_stream_wspace(asoc->base.sk);
                        if (amt < 0)
                                amt = 0;
                }
        } else {
                amt = asoc->base.sk->sk_sndbuf - amt;
        }
        return amt;
}

/* Increment the used sndbuf space count of the corresponding association by
 * the size of the outgoing data chunk.
 * Also, set the skb destructor for sndbuf accounting later.
 *
 * Since it is always 1-1 between chunk and skb, and also a new skb is always
 * allocated for chunk bundling in sctp_packet_transmit(), we can use the
 * destructor in the data chunk skb for the purpose of the sndbuf space
 * tracking.
 */
static inline void sctp_set_owner_w(struct sctp_chunk *chunk)
{
        struct sctp_association *asoc = chunk->asoc;
        struct sock *sk = asoc->base.sk;

        /* The sndbuf space is tracked per association.  */
        sctp_association_hold(asoc);

        skb_set_owner_w(chunk->skb, sk);

        chunk->skb->destructor = sctp_wfree;
        /* Save the chunk pointer in skb for sctp_wfree to use later.  */
        *((struct sctp_chunk **)(chunk->skb->cb)) = chunk;

        asoc->sndbuf_used += SCTP_DATA_SNDSIZE(chunk) +
                                sizeof(struct sk_buff) +
                                sizeof(struct sctp_chunk);

        atomic_add(sizeof(struct sctp_chunk), &sk->sk_wmem_alloc);
        sk->sk_wmem_queued += chunk->skb->truesize;
        sk_mem_charge(sk, chunk->skb->truesize);
}

/* Verify that this is a valid address. */
static inline int sctp_verify_addr(struct sock *sk, union sctp_addr *addr,
                                   int len)
{
        struct sctp_af *af;

        /* Verify basic sockaddr. */
        af = sctp_sockaddr_af(sctp_sk(sk), addr, len);
        if (!af)
                return -EINVAL;

        /* Is this a valid SCTP address?  */
        if (!af->addr_valid(addr, sctp_sk(sk), NULL))
                return -EINVAL;

        if (!sctp_sk(sk)->pf->send_verify(sctp_sk(sk), (addr)))
                return -EINVAL;

        return 0;
}

/* Look up the association by its id.  If this is not a UDP-style
 * socket, the ID field is always ignored.
 */
struct sctp_association *sctp_id2assoc(struct sock *sk, sctp_assoc_t id)
{
        struct sctp_association *asoc = NULL;

        /* If this is not a UDP-style socket, assoc id should be ignored. */
        if (!sctp_style(sk, UDP)) {
                /* Return NULL if the socket state is not ESTABLISHED. It
                 * could be a TCP-style listening socket or a socket which
                 * hasn't yet called connect() to establish an association.
                 */
                if (!sctp_sstate(sk, ESTABLISHED))
                        return NULL;

                /* Get the first and the only association from the list. */
                if (!list_empty(&sctp_sk(sk)->ep->asocs))
                        asoc = list_entry(sctp_sk(sk)->ep->asocs.next,
                                          struct sctp_association, asocs);
                return asoc;
        }

        /* Otherwise this is a UDP-style socket. */
        if (!id || (id == (sctp_assoc_t)-1))
                return NULL;

        spin_lock_bh(&sctp_assocs_id_lock);
        asoc = (struct sctp_association *)idr_find(&sctp_assocs_id, (int)id);
        spin_unlock_bh(&sctp_assocs_id_lock);

        if (!asoc || (asoc->base.sk != sk) || asoc->base.dead)
                return NULL;

        return asoc;
}

/* Look up the transport from an address and an assoc id. If both address and
 * id are specified, the associations matching the address and the id should be
 * the same.
 */
static struct sctp_transport *sctp_addr_id2transport(struct sock *sk,
                                              struct sockaddr_storage *addr,
                                              sctp_assoc_t id)
{
        struct sctp_association *addr_asoc = NULL, *id_asoc = NULL;
        struct sctp_transport *transport;
        union sctp_addr *laddr = (union sctp_addr *)addr;

        addr_asoc = sctp_endpoint_lookup_assoc(sctp_sk(sk)->ep,
                                               laddr,
                                               &transport);

        if (!addr_asoc)
                return NULL;

        id_asoc = sctp_id2assoc(sk, id);
        if (id_asoc && (id_asoc != addr_asoc))
                return NULL;

        sctp_get_pf_specific(sk->sk_family)->addr_v4map(sctp_sk(sk),
                                                (union sctp_addr *)addr);

        return transport;
}

/* API 3.1.2 bind() - UDP Style Syntax
 * The syntax of bind() is,
 *
 *   ret = bind(int sd, struct sockaddr *addr, int addrlen);
 *
 *   sd      - the socket descriptor returned by socket().
 *   addr    - the address structure (struct sockaddr_in or struct
 *             sockaddr_in6 [RFC 2553]),
 *   addr_len - the size of the address structure.
 */
SCTP_STATIC int sctp_bind(struct sock *sk, struct sockaddr *addr, int addr_len)
{
        int retval = 0;

        sctp_lock_sock(sk);

        SCTP_DEBUG_PRINTK("sctp_bind(sk: %p, addr: %p, addr_len: %d)\n",
                          sk, addr, addr_len);

        /* Disallow binding twice. */
        if (!sctp_sk(sk)->ep->base.bind_addr.port)
                retval = sctp_do_bind(sk, (union sctp_addr *)addr,
                                      addr_len);
        else
                retval = -EINVAL;

        sctp_release_sock(sk);

        return retval;
}

static long sctp_get_port_local(struct sock *, union sctp_addr *);

/* Verify this is a valid sockaddr. */
static struct sctp_af *sctp_sockaddr_af(struct sctp_sock *opt,
                                        union sctp_addr *addr, int len)
{
        struct sctp_af *af;

        /* Check minimum size.  */
        if (len < sizeof (struct sockaddr))
                return NULL;

        /* V4 mapped address are really of AF_INET family */
        if (addr->sa.sa_family == AF_INET6 &&
            ipv6_addr_v4mapped(&addr->v6.sin6_addr)) {
                if (!opt->pf->af_supported(AF_INET, opt))
                        return NULL;
        } else {
                /* Does this PF support this AF? */
                if (!opt->pf->af_supported(addr->sa.sa_family, opt))
                        return NULL;
        }

        /* If we get this far, af is valid. */
        af = sctp_get_af_specific(addr->sa.sa_family);

        if (len < af->sockaddr_len)
                return NULL;

        return af;
}

/* Bind a local address either to an endpoint or to an association.  */
SCTP_STATIC int sctp_do_bind(struct sock *sk, union sctp_addr *addr, int len)
{
        struct sctp_sock *sp = sctp_sk(sk);
        struct sctp_endpoint *ep = sp->ep;
        struct sctp_bind_addr *bp = &ep->base.bind_addr;
        struct sctp_af *af;
        unsigned short snum;
        int ret = 0;

        /* Common sockaddr verification. */
        af = sctp_sockaddr_af(sp, addr, len);
        if (!af) {
                SCTP_DEBUG_PRINTK("sctp_do_bind(sk: %p, newaddr: %p, len: %d) EINVAL\n",
                                  sk, addr, len);
                return -EINVAL;
        }

        snum = ntohs(addr->v4.sin_port);

        SCTP_DEBUG_PRINTK_IPADDR("sctp_do_bind(sk: %p, new addr: ",
                                 ", port: %d, new port: %d, len: %d)\n",
                                 sk,
                                 addr,
                                 bp->port, snum,
                                 len);

        /* PF specific bind() address verification. */
        if (!sp->pf->bind_verify(sp, addr))
                return -EADDRNOTAVAIL;

        /* We must either be unbound, or bind to the same port.
         * It's OK to allow 0 ports if we are already bound.
         * We'll just inhert an already bound port in this case
         */
        if (bp->port) {
                if (!snum)
                        snum = bp->port;
                else if (snum != bp->port) {
                        SCTP_DEBUG_PRINTK("sctp_do_bind:"
                                  " New port %d does not match existing port "
                                  "%d.\n", snum, bp->port);
                        return -EINVAL;
                }
        }

        if (snum && snum < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE))
                return -EACCES;

        /* See if the address matches any of the addresses we may have
         * already bound before checking against other endpoints.
         */
        if (sctp_bind_addr_match(bp, addr, sp))
                return -EINVAL;

        /* Make sure we are allowed to bind here.
         * The function sctp_get_port_local() does duplicate address
         * detection.
         */
        addr->v4.sin_port = htons(snum);
        if ((ret = sctp_get_port_local(sk, addr))) {
                return -EADDRINUSE;
        }

        /* Refresh ephemeral port.  */
        if (!bp->port)
                bp->port = inet_sk(sk)->num;

        /* Add the address to the bind address list.
         * Use GFP_ATOMIC since BHs will be disabled.
         */
        ret = sctp_add_bind_addr(bp, addr, SCTP_ADDR_SRC, GFP_ATOMIC);

        /* Copy back into socket for getsockname() use. */
        if (!ret) {
                inet_sk(sk)->sport = htons(inet_sk(sk)->num);
                af->to_sk_saddr(addr, sk);
        }

        return ret;
}

 /* ADDIP Section 4.1.1 Congestion Control of ASCONF Chunks
 *
 * R1) One and only one ASCONF Chunk MAY be in transit and unacknowledged
 * at any one time.  If a sender, after sending an ASCONF chunk, decides
 * it needs to transfer another ASCONF Chunk, it MUST wait until the
 * ASCONF-ACK Chunk returns from the previous ASCONF Chunk before sending a
 * subsequent ASCONF. Note this restriction binds each side, so at any
 * time two ASCONF may be in-transit on any given association (one sent
 * from each endpoint).
 */
static int sctp_send_asconf(struct sctp_association *asoc,
                            struct sctp_chunk *chunk)
{
        int             retval = 0;

        /* If there is an outstanding ASCONF chunk, queue it for later
         * transmission.
         */
        if (asoc->addip_last_asconf) {
                list_add_tail(&chunk->list, &asoc->addip_chunk_list);
                goto out;
        }

        /* Hold the chunk until an ASCONF_ACK is received. */
        sctp_chunk_hold(chunk);
        retval = sctp_primitive_ASCONF(asoc, chunk);
        if (retval)
                sctp_chunk_free(chunk);
        else
                asoc->addip_last_asconf = chunk;

out:
        return retval;
}

/* Add a list of addresses as bind addresses to local endpoint or
 * association.
 *
 * Basically run through each address specified in the addrs/addrcnt
 * array/length pair, determine if it is IPv6 or IPv4 and call
 * sctp_do_bind() on it.
 *
 * If any of them fails, then the operation will be reversed and the
 * ones that were added will be removed.
 *
 * Only sctp_setsockopt_bindx() is supposed to call this function.
 */
static int sctp_bindx_add(struct sock *sk, struct sockaddr *addrs, int addrcnt)
{
        int cnt;
        int retval = 0;
        void *addr_buf;
        struct sockaddr *sa_addr;
        struct sctp_af *af;

        SCTP_DEBUG_PRINTK("sctp_bindx_add (sk: %p, addrs: %p, addrcnt: %d)\n",
                          sk, addrs, addrcnt);

        addr_buf = addrs;
        for (cnt = 0; cnt < addrcnt; cnt++) {
                /* The list may contain either IPv4 or IPv6 address;
                 * determine the address length for walking thru the list.
                 */
                sa_addr = (struct sockaddr *)addr_buf;
                af = sctp_get_af_specific(sa_addr->sa_family);
                if (!af) {
                        retval = -EINVAL;
                        goto err_bindx_add;
                }

                retval = sctp_do_bind(sk, (union sctp_addr *)sa_addr,
                                      af->sockaddr_len);

                addr_buf += af->sockaddr_len;

err_bindx_add:
                if (retval < 0) {
                        /* Failed. Cleanup the ones that have been added */
                        if (cnt > 0)
                                sctp_bindx_rem(sk, addrs, cnt);
                        return retval;
                }
        }

        return retval;
}

/* Send an ASCONF chunk with Add IP address parameters to all the peers of the
 * associations that are part of the endpoint indicating that a list of local
 * addresses are added to the endpoint.
 *
 * If any of the addresses is already in the bind address list of the
 * association, we do not send the chunk for that association.  But it will not
 * affect other associations.
 *
 * Only sctp_setsockopt_bindx() is supposed to call this function.
 */
static int sctp_send_asconf_add_ip(struct sock          *sk,
                                   struct sockaddr      *addrs,
                                   int                  addrcnt)
{
        struct sctp_sock                *sp;
        struct sctp_endpoint            *ep;
        struct sctp_association         *asoc;
        struct sctp_bind_addr           *bp;
        struct sctp_chunk               *chunk;
        struct sctp_sockaddr_entry      *laddr;
        union sctp_addr                 *addr;
        union sctp_addr                 saveaddr;
        void                            *addr_buf;
        struct sctp_af                  *af;
        struct list_head                *p;
        int                             i;
        int                             retval = 0;

        if (!sctp_addip_enable)
                return retval;

        sp = sctp_sk(sk);
        ep = sp->ep;

        SCTP_DEBUG_PRINTK("%s: (sk: %p, addrs: %p, addrcnt: %d)\n",
                          __func__, sk, addrs, addrcnt);

        list_for_each_entry(asoc, &ep->asocs, asocs) {

                if (!asoc->peer.asconf_capable)
                        continue;

                if (asoc->peer.addip_disabled_mask & SCTP_PARAM_ADD_IP)
                        continue;

                if (!sctp_state(asoc, ESTABLISHED))
                        continue;

                /* Check if any address in the packed array of addresses is
                 * in the bind address list of the association. If so,
                 * do not send the asconf chunk to its peer, but continue with
                 * other associations.
                 */
                addr_buf = addrs;
                for (i = 0; i < addrcnt; i++) {
                        addr = (union sctp_addr *)addr_buf;
                        af = sctp_get_af_specific(addr->v4.sin_family);
                        if (!af) {
                                retval = -EINVAL;
                                goto out;
                        }

                        if (sctp_assoc_lookup_laddr(asoc, addr))
                                break;

                        addr_buf += af->sockaddr_len;
                }
                if (i < addrcnt)
                        continue;

                /* Use the first valid address in bind addr list of
                 * association as Address Parameter of ASCONF CHUNK.
                 */
                bp = &asoc->base.bind_addr;
                p = bp->address_list.next;
                laddr = list_entry(p, struct sctp_sockaddr_entry, list);
                chunk = sctp_make_asconf_update_ip(asoc, &laddr->a, addrs,
                                                   addrcnt, SCTP_PARAM_ADD_IP);
                if (!chunk) {
                        retval = -ENOMEM;
                        goto out;
                }

                retval = sctp_send_asconf(asoc, chunk);
                if (retval)
                        goto out;

                /* Add the new addresses to the bind address list with
                 * use_as_src set to 0.
                 */
                addr_buf = addrs;
                for (i = 0; i < addrcnt; i++) {
                        addr = (union sctp_addr *)addr_buf;
                        af = sctp_get_af_specific(addr->v4.sin_family);
                        memcpy(&saveaddr, addr, af->sockaddr_len);
                        retval = sctp_add_bind_addr(bp, &saveaddr,
                                                    SCTP_ADDR_NEW, GFP_ATOMIC);
                        addr_buf += af->sockaddr_len;
                }
        }

out:
        return retval;
}

/* Remove a list of addresses from bind addresses list.  Do not remove the
 * last address.
 *
 * Basically run through each address specified in the addrs/addrcnt
 * array/length pair, determine if it is IPv6 or IPv4 and call
 * sctp_del_bind() on it.
 *
 * If any of them fails, then the operation will be reversed and the
 * ones that were removed will be added back.
 *
 * At least one address has to be left; if only one address is
 * available, the operation will return -EBUSY.
 *
 * Only sctp_setsockopt_bindx() is supposed to call this function.
 */
static int sctp_bindx_rem(struct sock *sk, struct sockaddr *addrs, int addrcnt)
{
        struct sctp_sock *sp = sctp_sk(sk);
        struct sctp_endpoint *ep = sp->ep;
        int cnt;
        struct sctp_bind_addr *bp = &ep->base.bind_addr;
        int retval = 0;
        void *addr_buf;
        union sctp_addr *sa_addr;
        struct sctp_af *af;

        SCTP_DEBUG_PRINTK("sctp_bindx_rem (sk: %p, addrs: %p, addrcnt: %d)\n",
                          sk, addrs, addrcnt);

        addr_buf = addrs;
        for (cnt = 0; cnt < addrcnt; cnt++) {
                /* If the bind address list is empty or if there is only one
                 * bind address, there is nothing more to be removed (we need
                 * at least one address here).
                 */
                if (list_empty(&bp->address_list) ||
                    (sctp_list_single_entry(&bp->address_list))) {
                        retval = -EBUSY;
                        goto err_bindx_rem;
                }

                sa_addr = (union sctp_addr *)addr_buf;
                af = sctp_get_af_specific(sa_addr->sa.sa_family);
                if (!af) {
                        retval = -EINVAL;
                        goto err_bindx_rem;
                }

                if (!af->addr_valid(sa_addr, sp, NULL)) {
                        retval = -EADDRNOTAVAIL;
                        goto err_bindx_rem;
                }

                if (sa_addr->v4.sin_port != htons(bp->port)) {
                        retval = -EINVAL;
                        goto err_bindx_rem;
                }

                /* FIXME - There is probably a need to check if sk->sk_saddr and
                 * sk->sk_rcv_addr are currently set to one of the addresses to
                 * be removed. This is something which needs to be looked into
                 * when we are fixing the outstanding issues with multi-homing
                 * socket routing and failover schemes. Refer to comments in
                 * sctp_do_bind(). -daisy
                 */
                retval = sctp_del_bind_addr(bp, sa_addr);

                addr_buf += af->sockaddr_len;
err_bindx_rem:
                if (retval < 0) {
                        /* Failed. Add the ones that has been removed back */
                        if (cnt > 0)
                                sctp_bindx_add(sk, addrs, cnt);
                        return retval;
                }
        }

        return retval;
}

/* Send an ASCONF chunk with Delete IP address parameters to all the peers of
 * the associations that are part of the endpoint indicating that a list of
 * local addresses are removed from the endpoint.
 *
 * If any of the addresses is already in the bind address list of the
 * association, we do not send the chunk for that association.  But it will not
 * affect other associations.
 *
 * Only sctp_setsockopt_bindx() is supposed to call this function.
 */
static int sctp_send_asconf_del_ip(struct sock          *sk,
                                   struct sockaddr      *addrs,
                                   int                  addrcnt)
{
        struct sctp_sock        *sp;
        struct sctp_endpoint    *ep;
        struct sctp_association *asoc;
        struct sctp_transport   *transport;
        struct sctp_bind_addr   *bp;
        struct sctp_chunk       *chunk;
        union sctp_addr         *laddr;
        void                    *addr_buf;
        struct sctp_af          *af;
        struct sctp_sockaddr_entry *saddr;
        int                     i;
        int                     retval = 0;

        if (!sctp_addip_enable)
                return retval;

        sp = sctp_sk(sk);
        ep = sp->ep;

        SCTP_DEBUG_PRINTK("%s: (sk: %p, addrs: %p, addrcnt: %d)\n",
                          __func__, sk, addrs, addrcnt);

        list_for_each_entry(asoc, &ep->asocs, asocs) {

                if (!asoc->peer.asconf_capable)
                        continue;

                if (asoc->peer.addip_disabled_mask & SCTP_PARAM_DEL_IP)
                        continue;

                if (!sctp_state(asoc, ESTABLISHED))
                        continue;

                /* Check if any address in the packed array of addresses is
                 * not present in the bind address list of the association.
                 * If so, do not send the asconf chunk to its peer, but
                 * continue with other associations.
                 */
                addr_buf = addrs;
                for (i = 0; i < addrcnt; i++) {
                        laddr = (union sctp_addr *)addr_buf;
                        af = sctp_get_af_specific(laddr->v4.sin_family);
                        if (!af) {
                                retval = -EINVAL;
                                goto out;
                        }

                        if (!sctp_assoc_lookup_laddr(asoc, laddr))
                                break;

                        addr_buf += af->sockaddr_len;
                }
                if (i < addrcnt)
                        continue;

                /* Find one address in the association's bind address list
                 * that is not in the packed array of addresses. This is to
                 * make sure that we do not delete all the addresses in the
                 * association.
                 */
                bp = &asoc->base.bind_addr;
                laddr = sctp_find_unmatch_addr(bp, (union sctp_addr *)addrs,
                                               addrcnt, sp);
                if (!laddr)
                        continue;

                /* We do not need RCU protection throughout this loop
                 * because this is done under a socket lock from the
                 * setsockopt call.
                 */
                chunk = sctp_make_asconf_update_ip(asoc, laddr, addrs, addrcnt,
                                                   SCTP_PARAM_DEL_IP);
                if (!chunk) {
                        retval = -ENOMEM;
                        goto out;
                }

                /* Reset use_as_src flag for the addresses in the bind address
                 * list that are to be deleted.
                 */
                addr_buf = addrs;
                for (i = 0; i < addrcnt; i++) {
                        laddr = (union sctp_addr *)addr_buf;
                        af = sctp_get_af_specific(laddr->v4.sin_family);
                        list_for_each_entry(saddr, &bp->address_list, list) {
                                if (sctp_cmp_addr_exact(&saddr->a, laddr))
                                        saddr->state = SCTP_ADDR_DEL;
                        }
                        addr_buf += af->sockaddr_len;
                }

                /* Update the route and saddr entries for all the transports
                 * as some of the addresses in the bind address list are
                 * about to be deleted and cannot be used as source addresses.
                 */
                list_for_each_entry(transport, &asoc->peer.transport_addr_list,
                                        transports) {
                        dst_release(transport->dst);
                        sctp_transport_route(transport, NULL,
                                             sctp_sk(asoc->base.sk));
                }

                retval = sctp_send_asconf(asoc, chunk);
        }
out:
        return retval;
}

/* Helper for tunneling sctp_bindx() requests through sctp_setsockopt()
 *
 * API 8.1
 * int sctp_bindx(int sd, struct sockaddr *addrs, int addrcnt,
 *                int flags);
 *
 * If sd is an IPv4 socket, the addresses passed must be IPv4 addresses.
 * If the sd is an IPv6 socket, the addresses passed can either be IPv4
 * or IPv6 addresses.
 *
 * A single address may be specified as INADDR_ANY or IN6ADDR_ANY, see
 * Section 3.1.2 for this usage.
 *
 * addrs is a pointer to an array of one or more socket addresses. Each
 * address is contained in its appropriate structure (i.e. struct
 * sockaddr_in or struct sockaddr_in6) the family of the address type
 * must be used to distinguish the address length (note that this
 * representation is termed a "packed array" of addresses). The caller
 * specifies the number of addresses in the array with addrcnt.
 *
 * On success, sctp_bindx() returns 0. On failure, sctp_bindx() returns
 * -1, and sets errno to the appropriate error code.
 *
 * For SCTP, the port given in each socket address must be the same, or
 * sctp_bindx() will fail, setting errno to EINVAL.
 *
 * The flags parameter is formed from the bitwise OR of zero or more of
 * the following currently defined flags:
 *
 * SCTP_BINDX_ADD_ADDR
 *
 * SCTP_BINDX_REM_ADDR
 *
 * SCTP_BINDX_ADD_ADDR directs SCTP to add the given addresses to the
 * association, and SCTP_BINDX_REM_ADDR directs SCTP to remove the given
 * addresses from the association. The two flags are mutually exclusive;
 * if both are given, sctp_bindx() will fail with EINVAL. A caller may
 * not remove all addresses from an association; sctp_bindx() will
 * reject such an attempt with EINVAL.
 *
 * An application can use sctp_bindx(SCTP_BINDX_ADD_ADDR) to associate
 * additional addresses with an endpoint after calling bind().  Or use
 * sctp_bindx(SCTP_BINDX_REM_ADDR) to remove some addresses a listening
 * socket is associated with so that no new association accepted will be
 * associated with those addresses. If the endpoint supports dynamic
 * address a SCTP_BINDX_REM_ADDR or SCTP_BINDX_ADD_ADDR may cause a
 * endpoint to send the appropriate message to the peer to change the
 * peers address lists.
 *
 * Adding and removing addresses from a connected association is
 * optional functionality. Implementations that do not support this
 * functionality should return EOPNOTSUPP.
 *
 * Basically do nothing but copying the addresses from user to kernel
 * land and invoking either sctp_bindx_add() or sctp_bindx_rem() on the sk.
 * This is used for tunneling the sctp_bindx() request through sctp_setsockopt()
 * from userspace.
 *
 * We don't use copy_from_user() for optimization: we first do the
 * sanity checks (buffer size -fast- and access check-healthy
 * pointer); if all of those succeed, then we can alloc the memory
 * (expensive operation) needed to copy the data to kernel. Then we do
 * the copying without checking the user space area
 * (__copy_from_user()).
 *
 * On exit there is no need to do sockfd_put(), sys_setsockopt() does
 * it.
 *
 * sk        The sk of the socket
 * addrs     The pointer to the addresses in user land
 * addrssize Size of the addrs buffer
 * op        Operation to perform (add or remove, see the flags of
 *           sctp_bindx)
 *
 * Returns 0 if ok, <0 errno code on error.
 */
SCTP_STATIC int sctp_setsockopt_bindx(struct sock* sk,
                                      struct sockaddr __user *addrs,
                                      int addrs_size, int op)
{
        struct sockaddr *kaddrs;
        int err;
        int addrcnt = 0;
        int walk_size = 0;
        struct sockaddr *sa_addr;
        void *addr_buf;
        struct sctp_af *af;

        SCTP_DEBUG_PRINTK("sctp_setsocktopt_bindx: sk %p addrs %p"
                          " addrs_size %d opt %d\n", sk, addrs, addrs_size, op);

        if (unlikely(addrs_size <= 0))
                return -EINVAL;

        /* Check the user passed a healthy pointer.  */
        if (unlikely(!access_ok(VERIFY_READ, addrs, addrs_size)))
                return -EFAULT;

        /* Alloc space for the address array in kernel memory.  */
        kaddrs = kmalloc(addrs_size, GFP_KERNEL);
        if (unlikely(!kaddrs))
                return -ENOMEM;

        if (__copy_from_user(kaddrs, addrs, addrs_size)) {
                kfree(kaddrs);
                return -EFAULT;
        }

        /* Walk through the addrs buffer and count the number of addresses. */
        addr_buf = kaddrs;
        while (walk_size < addrs_size) {
                sa_addr = (struct sockaddr *)addr_buf;
                af = sctp_get_af_specific(sa_addr->sa_family);

                /* If the address family is not supported or if this address
                 * causes the address buffer to overflow return EINVAL.
                 */
                if (!af || (walk_size + af->sockaddr_len) > addrs_size) {
                        kfree(kaddrs);
                        return -EINVAL;
                }
                addrcnt++;
                addr_buf += af->sockaddr_len;
                walk_size += af->sockaddr_len;
        }

        /* Do the work. */
        switch (op) {
        case SCTP_BINDX_ADD_ADDR:
                err = sctp_bindx_add(sk, kaddrs, addrcnt);
                if (err)
                        goto out;
                err = sctp_send_asconf_add_ip(sk, kaddrs, addrcnt);
                break;

        case SCTP_BINDX_REM_ADDR:
                err = sctp_bindx_rem(sk, kaddrs, addrcnt);
                if (err)
                        goto out;
                err = sctp_send_asconf_del_ip(sk, kaddrs, addrcnt);
                break;

        default:
                err = -EINVAL;
                break;
        }

out:
        kfree(kaddrs);

        return err;
}

/* __sctp_connect(struct sock* sk, struct sockaddr *kaddrs, int addrs_size)
 *
 * Common routine for handling connect() and sctp_connectx().
 * Connect will come in with just a single address.
 */
static int __sctp_connect(struct sock* sk,
                          struct sockaddr *kaddrs,
                          int addrs_size,
                          sctp_assoc_t *assoc_id)
{
        struct sctp_sock *sp;
        struct sctp_endpoint *ep;
        struct sctp_association *asoc = NULL;
        struct sctp_association *asoc2;
        struct sctp_transport *transport;
        union sctp_addr to;
        struct sctp_af *af;
        sctp_scope_t scope;
        long timeo;
        int err = 0;
        int addrcnt = 0;
        int walk_size = 0;
        union sctp_addr *sa_addr = NULL;
        void *addr_buf;
        unsigned short port;
        unsigned int f_flags = 0;

        sp = sctp_sk(sk);
        ep = sp->ep;

        /* connect() cannot be done on a socket that is already in ESTABLISHED
         * state - UDP-style peeled off socket or a TCP-style socket that
         * is already connected.
         * It cannot be done even on a TCP-style listening socket.
         */
        if (sctp_sstate(sk, ESTABLISHED) ||
            (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING))) {
                err = -EISCONN;
                goto out_free;
        }

        /* Walk through the addrs buffer and count the number of addresses. */
        addr_buf = kaddrs;
        while (walk_size < addrs_size) {
                sa_addr = (union sctp_addr *)addr_buf;
                af = sctp_get_af_specific(sa_addr->sa.sa_family);
                port = ntohs(sa_addr->v4.sin_port);

                /* If the address family is not supported or if this address
                 * causes the address buffer to overflow return EINVAL.
                 */
                if (!af || (walk_size + af->sockaddr_len) > addrs_size) {
                        err = -EINVAL;
                        goto out_free;
                }

                /* Save current address so we can work with it */
                memcpy(&to, sa_addr, af->sockaddr_len);

                err = sctp_verify_addr(sk, &to, af->sockaddr_len);
                if (err)
                        goto out_free;

                /* Make sure the destination port is correctly set
                 * in all addresses.
                 */
                if (asoc && asoc->peer.port && asoc->peer.port != port)
                        goto out_free;


                /* Check if there already is a matching association on the
                 * endpoint (other than the one created here).
                 */
                asoc2 = sctp_endpoint_lookup_assoc(ep, &to, &transport);
                if (asoc2 && asoc2 != asoc) {
                        if (asoc2->state >= SCTP_STATE_ESTABLISHED)
                                err = -EISCONN;
                        else
                                err = -EALREADY;
                        goto out_free;
                }

                /* If we could not find a matching association on the endpoint,
                 * make sure that there is no peeled-off association matching
                 * the peer address even on another socket.
                 */
                if (sctp_endpoint_is_peeled_off(ep, &to)) {
                        err = -EADDRNOTAVAIL;
                        goto out_free;
                }

                if (!asoc) {
                        /* If a bind() or sctp_bindx() is not called prior to
                         * an sctp_connectx() call, the system picks an
                         * ephemeral port and will choose an address set
                         * equivalent to binding with a wildcard address.
                         */
                        if (!ep->base.bind_addr.port) {
                                if (sctp_autobind(sk)) {
                                        err = -EAGAIN;
                                        goto out_free;
                                }
                        } else {
                                /*
                                 * If an unprivileged user inherits a 1-many
                                 * style socket with open associations on a
                                 * privileged port, it MAY be permitted to
                                 * accept new associations, but it SHOULD NOT
                                 * be permitted to open new associations.
                                 */
                                if (ep->base.bind_addr.port < PROT_SOCK &&
                                    !capable(CAP_NET_BIND_SERVICE)) {
                                        err = -EACCES;
                                        goto out_free;
                                }
                        }

                        scope = sctp_scope(&to);
                        asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
                        if (!asoc) {
                                err = -ENOMEM;
                                goto out_free;
                        }
                }

                /* Prime the peer's transport structures.  */
                transport = sctp_assoc_add_peer(asoc, &to, GFP_KERNEL,
                                                SCTP_UNKNOWN);
                if (!transport) {
                        err = -ENOMEM;
                        goto out_free;
                }

                addrcnt++;
                addr_buf += af->sockaddr_len;
                walk_size += af->sockaddr_len;
        }

        err = sctp_assoc_set_bind_addr_from_ep(asoc, GFP_KERNEL);
        if (err < 0) {
                goto out_free;
        }

        err = sctp_primitive_ASSOCIATE(asoc, NULL);
        if (err < 0) {
                goto out_free;
        }

        /* Initialize sk's dport and daddr for getpeername() */
        inet_sk(sk)->dport = htons(asoc->peer.port);
        af = sctp_get_af_specific(sa_addr->sa.sa_family);
        af->to_sk_daddr(sa_addr, sk);
        sk->sk_err = 0;

        /* in-kernel sockets don't generally have a file allocated to them
         * if all they do is call sock_create_kern().
         */
        if (sk->sk_socket->file)
                f_flags = sk->sk_socket->file->f_flags;

        timeo = sock_sndtimeo(sk, f_flags & O_NONBLOCK);

        err = sctp_wait_for_connect(asoc, &timeo);
        if (!err && assoc_id)
                *assoc_id = asoc->assoc_id;

        /* Don't free association on exit. */
        asoc = NULL;

out_free:

        SCTP_DEBUG_PRINTK("About to exit __sctp_connect() free asoc: %p"
                          " kaddrs: %p err: %d\n",
                          asoc, kaddrs, err);
        if (asoc)
                sctp_association_free(asoc);
        return err;
}

/* Helper for tunneling sctp_connectx() requests through sctp_setsockopt()
 *
 * API 8.9
 * int sctp_connectx(int sd, struct sockaddr *addrs, int addrcnt,
 *                      sctp_assoc_t *asoc);
 *
 * If sd is an IPv4 socket, the addresses passed must be IPv4 addresses.
 * If the sd is an IPv6 socket, the addresses passed can either be IPv4
 * or IPv6 addresses.
 *
 * A single address may be specified as INADDR_ANY or IN6ADDR_ANY, see
 * Section 3.1.2 for this usage.
 *
 * addrs is a pointer to an array of one or more socket addresses. Each
 * address is contained in its appropriate structure (i.e. struct
 * sockaddr_in or struct sockaddr_in6) the family of the address type
 * must be used to distengish the address length (note that this
 * representation is termed a "packed array" of addresses). The caller
 * specifies the number of addresses in the array with addrcnt.
 *
 * On success, sctp_connectx() returns 0. It also sets the assoc_id to
 * the association id of the new association.  On failure, sctp_connectx()
 * returns -1, and sets errno to the appropriate error code.  The assoc_id
 * is not touched by the kernel.
 *
 * For SCTP, the port given in each socket address must be the same, or
 * sctp_connectx() will fail, setting errno to EINVAL.
 *
 * An application can use sctp_connectx to initiate an association with
 * an endpoint that is multi-homed.  Much like sctp_bindx() this call
 * allows a caller to specify multiple addresses at which a peer can be
 * reached.  The way the SCTP stack uses the list of addresses to set up
 * the association is implementation dependant.  This function only
 * specifies that the stack will try to make use of all the addresses in
 * the list when needed.
 *
 * Note that the list of addresses passed in is only used for setting up
 * the association.  It does not necessarily equal the set of addresses
 * the peer uses for the resulting association.  If the caller wants to
 * find out the set of peer addresses, it must use sctp_getpaddrs() to
 * retrieve them after the association has been set up.
 *
 * Basically do nothing but copying the addresses from user to kernel
 * land and invoking either sctp_connectx(). This is used for tunneling
 * the sctp_connectx() request through sctp_setsockopt() from userspace.
 *
 * We don't use copy_from_user() for optimization: we first do the
 * sanity checks (buffer size -fast- and access check-healthy
 * pointer); if all of those succeed, then we can alloc the memory
 * (expensive operation) needed to copy the data to kernel. Then we do
 * the copying without checking the user space area
 * (__copy_from_user()).
 *
 * On exit there is no need to do sockfd_put(), sys_setsockopt() does
 * it.
 *
 * sk        The sk of the socket
 * addrs     The pointer to the addresses in user land
 * addrssize Size of the addrs buffer
 *
 * Returns >=0 if ok, <0 errno code on error.
 */
SCTP_STATIC int __sctp_setsockopt_connectx(struct sock* sk,
                                      struct sockaddr __user *addrs,
                                      int addrs_size,
                                      sctp_assoc_t *assoc_id)
{
        int err = 0;
        struct sockaddr *kaddrs;

        SCTP_DEBUG_PRINTK("%s - sk %p addrs %p addrs_size %d\n",
                          __func__, sk, addrs, addrs_size);

        if (unlikely(addrs_size <= 0))
                return -EINVAL;

        /* Check the user passed a healthy pointer.  */
        if (unlikely(!access_ok(VERIFY_READ, addrs, addrs_size)))
                return -EFAULT;

        /* Alloc space for the address array in kernel memory.  */
        kaddrs = kmalloc(addrs_size, GFP_KERNEL);
        if (unlikely(!kaddrs))
                return -ENOMEM;

        if (__copy_from_user(kaddrs, addrs, addrs_size)) {
                err = -EFAULT;
        } else {
                err = __sctp_connect(sk, kaddrs, addrs_size, assoc_id);
        }

        kfree(kaddrs);

        return err;
}

/*
 * This is an older interface.  It's kept for backward compatibility
 * to the option that doesn't provide association id.
 */
SCTP_STATIC int sctp_setsockopt_connectx_old(struct sock* sk,
                                      struct sockaddr __user *addrs,
                                      int addrs_size)
{
        return __sctp_setsockopt_connectx(sk, addrs, addrs_size, NULL);
}

/*
 * New interface for the API.  The since the API is done with a socket
 * option, to make it simple we feed back the association id is as a return
 * indication to the call.  Error is always negative and association id is
 * always positive.
 */
SCTP_STATIC int sctp_setsockopt_connectx(struct sock* sk,
                                      struct sockaddr __user *addrs,
                                      int addrs_size)
{
        sctp_assoc_t assoc_id = 0;
        int err = 0;

        err = __sctp_setsockopt_connectx(sk, addrs, addrs_size, &assoc_id);

        if (err)
                return err;
        else
                return assoc_id;
}

/* API 3.1.4 close() - UDP Style Syntax
 * Applications use close() to perform graceful shutdown (as described in
 * Section 10.1 of [SCTP]) on ALL the associations currently represented
 * by a UDP-style socket.
 *
 * The syntax is
 *
 *   ret = close(int sd);
 *
 *   sd      - the socket descriptor of the associations to be closed.
 *
 * To gracefully shutdown a specific association represented by the
 * UDP-style socket, an application should use the sendmsg() call,
 * passing no user data, but including the appropriate flag in the
 * ancillary data (see Section xxxx).
 *
 * If sd in the close() call is a branched-off socket representing only
 * one association, the shutdown is performed on that association only.
 *
 * 4.1.6 close() - TCP Style Syntax
 *
 * Applications use close() to gracefully close down an association.
 *
 * The syntax is:
 *
 *    int close(int sd);
 *
 *      sd      - the socket descriptor of the association to be closed.
 *
 * After an application calls close() on a socket descriptor, no further
 * socket operations will succeed on that descriptor.
 *
 * API 7.1.4 SO_LINGER
 *
 * An application using the TCP-style socket can use this option to
 * perform the SCTP ABORT primitive.  The linger option structure is:
 *
 *  struct  linger {
 *     int     l_onoff;                // option on/off
 *     int     l_linger;               // linger time
 * };
 *
 * To enable the option, set l_onoff to 1.  If the l_linger value is set
 * to 0, calling close() is the same as the ABORT primitive.  If the
 * value is set to a negative value, the setsockopt() call will return
 * an error.  If the value is set to a positive value linger_time, the
 * close() can be blocked for at most linger_time ms.  If the graceful
 * shutdown phase does not finish during this period, close() will
 * return but the graceful shutdown phase continues in the system.
 */
SCTP_STATIC void sctp_close(struct sock *sk, long timeout)
{
        struct sctp_endpoint *ep;
        struct sctp_association *asoc;
        struct list_head *pos, *temp;

        SCTP_DEBUG_PRINTK("sctp_close(sk: 0x%p, timeout:%ld)\n", sk, timeout);

        sctp_lock_sock(sk);
        sk->sk_shutdown = SHUTDOWN_MASK;

        ep = sctp_sk(sk)->ep;

        /* Walk all associations on an endpoint.  */
        list_for_each_safe(pos, temp, &ep->asocs) {
                asoc = list_entry(pos, struct sctp_association, asocs);

                if (sctp_style(sk, TCP)) {
                        /* A closed association can still be in the list if
                         * it belongs to a TCP-style listening socket that is
                         * not yet accepted. If so, free it. If not, send an
                         * ABORT or SHUTDOWN based on the linger options.
                         */
                        if (sctp_state(asoc, CLOSED)) {
                                sctp_unhash_established(asoc);
                                sctp_association_free(asoc);
                                continue;
                        }
                }

                if (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime) {
                        struct sctp_chunk *chunk;

                        chunk = sctp_make_abort_user(asoc, NULL, 0);
                        if (chunk)
                                sctp_primitive_ABORT(asoc, chunk);
                } else
                        sctp_primitive_SHUTDOWN(asoc, NULL);
        }

        /* Clean up any skbs sitting on the receive queue.  */
        sctp_queue_purge_ulpevents(&sk->sk_receive_queue);
        sctp_queue_purge_ulpevents(&sctp_sk(sk)->pd_lobby);

        /* On a TCP-style socket, block for at most linger_time if set. */
        if (sctp_style(sk, TCP) && timeout)
                sctp_wait_for_close(sk, timeout);

        /* This will run the backlog queue.  */
        sctp_release_sock(sk);

        /* Supposedly, no process has access to the socket, but
         * the net layers still may.
         */
        sctp_local_bh_disable();
        sctp_bh_lock_sock(sk);

        /* Hold the sock, since sk_common_release() will put sock_put()
         * and we have just a little more cleanup.
         */
        sock_hold(sk);
        sk_common_release(sk);

        sctp_bh_unlock_sock(sk);
        sctp_local_bh_enable();

        sock_put(sk);

        SCTP_DBG_OBJCNT_DEC(sock);
}

/* Handle EPIPE error. */
static int sctp_error(struct sock *sk, int flags, int err)
{
        if (err == -EPIPE)
                err = sock_error(sk) ? : -EPIPE;
        if (err == -EPIPE && !(flags & MSG_NOSIGNAL))
                send_sig(SIGPIPE, current, 0);
        return err;
}

/* API 3.1.3 sendmsg() - UDP Style Syntax
 *
 * An application uses sendmsg() and recvmsg() calls to transmit data to
 * and receive data from its peer.
 *
 *  ssize_t sendmsg(int socket, const struct msghdr *message,
 *                  int flags);
 *
 *  socket  - the socket descriptor of the endpoint.
 *  message - pointer to the msghdr structure which contains a single
 *            user message and possibly some ancillary data.
 *
 *            See Section 5 for complete description of the data
 *            structures.
 *
 *  flags   - flags sent or received with the user message, see Section
 *            5 for complete description of the flags.
 *
 * Note:  This function could use a rewrite especially when explicit
 * connect support comes in.
 */
/* BUG:  We do not implement the equivalent of sk_stream_wait_memory(). */

SCTP_STATIC int sctp_msghdr_parse(const struct msghdr *, sctp_cmsgs_t *);

SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk,
                             struct msghdr *msg, size_t msg_len)
{
        struct sctp_sock *sp;
        struct sctp_endpoint *ep;
        struct sctp_association *new_asoc=NULL, *asoc=NULL;
        struct sctp_transport *transport, *chunk_tp;
        struct sctp_chunk *chunk;
        union sctp_addr to;
        struct sockaddr *msg_name = NULL;
        struct sctp_sndrcvinfo default_sinfo = { 0 };
        struct sctp_sndrcvinfo *sinfo;
        struct sctp_initmsg *sinit;
        sctp_assoc_t associd = 0;
        sctp_cmsgs_t cmsgs = { NULL };
        int err;
        sctp_scope_t scope;
        long timeo;
        __u16 sinfo_flags = 0;
        struct sctp_datamsg *datamsg;
        int msg_flags = msg->msg_flags;

        SCTP_DEBUG_PRINTK("sctp_sendmsg(sk: %p, msg: %p, msg_len: %zu)\n",
                          sk, msg, msg_len);

        err = 0;
        sp = sctp_sk(sk);
        ep = sp->ep;

        SCTP_DEBUG_PRINTK("Using endpoint: %p.\n", ep);

        /* We cannot send a message over a TCP-style listening socket. */
        if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING)) {
                err = -EPIPE;
                goto out_nounlock;
        }

        /* Parse out the SCTP CMSGs.  */
        err = sctp_msghdr_parse(msg, &cmsgs);

        if (err) {
                SCTP_DEBUG_PRINTK("msghdr parse err = %x\n", err);
                goto out_nounlock;
        }

        /* Fetch the destination address for this packet.  This
         * address only selects the association--it is not necessarily
         * the address we will send to.
         * For a peeled-off socket, msg_name is ignored.
         */
        if (!sctp_style(sk, UDP_HIGH_BANDWIDTH) && msg->msg_name) {
                int msg_namelen = msg->msg_namelen;

                err = sctp_verify_addr(sk, (union sctp_addr *)msg->msg_name,
                                       msg_namelen);
                if (err)
                        return err;

                if (msg_namelen > sizeof(to))
                        msg_namelen = sizeof(to);
                memcpy(&to, msg->msg_name, msg_namelen);
                msg_name = msg->msg_name;
        }

        sinfo = cmsgs.info;
        sinit = cmsgs.init;

        /* Did the user specify SNDRCVINFO?  */
        if (sinfo) {
                sinfo_flags = sinfo->sinfo_flags;
                associd = sinfo->sinfo_assoc_id;
        }

        SCTP_DEBUG_PRINTK("msg_len: %zu, sinfo_flags: 0x%x\n",
                          msg_len, sinfo_flags);

        /* SCTP_EOF or SCTP_ABORT cannot be set on a TCP-style socket. */
        if (sctp_style(sk, TCP) && (sinfo_flags & (SCTP_EOF | SCTP_ABORT))) {
                err = -EINVAL;
                goto out_nounlock;
        }

        /* If SCTP_EOF is set, no data can be sent. Disallow sending zero
         * length messages when SCTP_EOF|SCTP_ABORT is not set.
         * If SCTP_ABORT is set, the message length could be non zero with
         * the msg_iov set to the user abort reason.
         */
        if (((sinfo_flags & SCTP_EOF) && (msg_len > 0)) ||
            (!(sinfo_flags & (SCTP_EOF|SCTP_ABORT)) && (msg_len == 0))) {
                err = -EINVAL;
                goto out_nounlock;
        }

        /* If SCTP_ADDR_OVER is set, there must be an address
         * specified in msg_name.
         */
        if ((sinfo_flags & SCTP_ADDR_OVER) && (!msg->msg_name)) {
                err = -EINVAL;
                goto out_nounlock;
        }

        transport = NULL;

        SCTP_DEBUG_PRINTK("About to look up association.\n");

        sctp_lock_sock(sk);

        /* If a msg_name has been specified, assume this is to be used.  */
        if (msg_name) {
                /* Look for a matching association on the endpoint. */
                asoc = sctp_endpoint_lookup_assoc(ep, &to, &transport);
                if (!asoc) {
                        /* If we could not find a matching association on the
                         * endpoint, make sure that it is not a TCP-style
                         * socket that already has an association or there is
                         * no peeled-off association on another socket.
                         */
                        if ((sctp_style(sk, TCP) &&
                             sctp_sstate(sk, ESTABLISHED)) ||
                            sctp_endpoint_is_peeled_off(ep, &to)) {
                                err = -EADDRNOTAVAIL;
                                goto out_unlock;
                        }
                }
        } else {
                asoc = sctp_id2assoc(sk, associd);
                if (!asoc) {
                        err = -EPIPE;
                        goto out_unlock;
                }
        }

        if (asoc) {
                SCTP_DEBUG_PRINTK("Just looked up association: %p.\n", asoc);

                /* We cannot send a message on a TCP-style SCTP_SS_ESTABLISHED
                 * socket that has an association in CLOSED state. This can
                 * happen when an accepted socket has an association that is
                 * already CLOSED.
                 */
                if (sctp_state(asoc, CLOSED) && sctp_style(sk, TCP)) {
                        err = -EPIPE;
                        goto out_unlock;
                }

                if (sinfo_flags & SCTP_EOF) {
                        SCTP_DEBUG_PRINTK("Shutting down association: %p\n",
                                          asoc);
                        sctp_primitive_SHUTDOWN(asoc, NULL);
                        err = 0;
                        goto out_unlock;
                }
                if (sinfo_flags & SCTP_ABORT) {

                        chunk = sctp_make_abort_user(asoc, msg, msg_len);
                        if (!chunk) {
                                err = -ENOMEM;
                                goto out_unlock;
                        }

                        SCTP_DEBUG_PRINTK("Aborting association: %p\n", asoc);
                        sctp_primitive_ABORT(asoc, chunk);
                        err = 0;
                        goto out_unlock;
                }
        }

        /* Do we need to create the association?  */
        if (!asoc) {
                SCTP_DEBUG_PRINTK("There is no association yet.\n");

                if (sinfo_flags & (SCTP_EOF | SCTP_ABORT)) {
                        err = -EINVAL;
                        goto out_unlock;
                }

                /* Check for invalid stream against the stream counts,
                 * either the default or the user specified stream counts.
                 */
                if (sinfo) {
                        if (!sinit || (sinit && !sinit->sinit_num_ostreams)) {
                                /* Check against the defaults. */
                                if (sinfo->sinfo_stream >=
                                    sp->initmsg.sinit_num_ostreams) {
                                        err = -EINVAL;
                                        goto out_unlock;
                                }
                        } else {
                                /* Check against the requested.  */
                                if (sinfo->sinfo_stream >=
                                    sinit->sinit_num_ostreams) {
                                        err = -EINVAL;
                                        goto out_unlock;
                                }
                        }
                }

                /*
                 * API 3.1.2 bind() - UDP Style Syntax
                 * If a bind() or sctp_bindx() is not called prior to a
                 * sendmsg() call that initiates a new association, the
                 * system picks an ephemeral port and will choose an address
                 * set equivalent to binding with a wildcard address.
                 */
                if (!ep->base.bind_addr.port) {
                        if (sctp_autobind(sk)) {
                                err = -EAGAIN;
                                goto out_unlock;
                        }
                } else {
                        /*
                         * If an unprivileged user inherits a one-to-many
                         * style socket with open associations on a privileged
                         * port, it MAY be permitted to accept new associations,
                         * but it SHOULD NOT be permitted to open new
                         * associations.
                         */
                        if (ep->base.bind_addr.port < PROT_SOCK &&
                            !capable(CAP_NET_BIND_SERVICE)) {
                                err = -EACCES;
                                goto out_unlock;
                        }
                }

                scope = sctp_scope(&to);
                new_asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
                if (!new_asoc) {
                        err = -ENOMEM;
                        goto out_unlock;
                }
                asoc = new_asoc;

                /* If the SCTP_INIT ancillary data is specified, set all
                 * the association init values accordingly.
                 */
                if (sinit) {
                        if (sinit->sinit_num_ostreams) {
                                asoc->c.sinit_num_ostreams =
                                        sinit->sinit_num_ostreams;
                        }
                        if (sinit->sinit_max_instreams) {
                                asoc->c.sinit_max_instreams =
                                        sinit->sinit_max_instreams;
                        }
                        if (sinit->sinit_max_attempts) {
                                asoc->max_init_attempts
                                        = sinit->sinit_max_attempts;
                        }
                        if (sinit->sinit_max_init_timeo) {
                                asoc->max_init_timeo =
                                 msecs_to_jiffies(sinit->sinit_max_init_timeo);
                        }
                }

                /* Prime the peer's transport structures.  */
                transport = sctp_assoc_add_peer(asoc, &to, GFP_KERNEL, SCTP_UNKNOWN);
                if (!transport) {
                        err = -ENOMEM;
                        goto out_free;
                }
                err = sctp_assoc_set_bind_addr_from_ep(asoc, GFP_KERNEL);
                if (err < 0) {
                        err = -ENOMEM;
                        goto out_free;
                }
        }

        /* ASSERT: we have a valid association at this point.  */
        SCTP_DEBUG_PRINTK("We have a valid association.\n");

        if (!sinfo) {
                /* If the user didn't specify SNDRCVINFO, make up one with
                 * some defaults.
                 */
                default_sinfo.sinfo_stream = asoc->default_stream;
                default_sinfo.sinfo_flags = asoc->default_flags;
                default_sinfo.sinfo_ppid = asoc->default_ppid;
                default_sinfo.sinfo_context = asoc->default_context;
                default_sinfo.sinfo_timetolive = asoc->default_timetolive;
                default_sinfo.sinfo_assoc_id = sctp_assoc2id(asoc);
                sinfo = &default_sinfo;
        }

        /* API 7.1.7, the sndbuf size per association bounds the
         * maximum size of data that can be sent in a single send call.
         */
        if (msg_len > sk->sk_sndbuf) {
                err = -EMSGSIZE;
                goto out_free;
        }

        if (asoc->pmtu_pending)
                sctp_assoc_pending_pmtu(asoc);

        /* If fragmentation is disabled and the message length exceeds the
         * association fragmentation point, return EMSGSIZE.  The I-D
         * does not specify what this error is, but this looks like
         * a great fit.
         */
        if (sctp_sk(sk)->disable_fragments && (msg_len > asoc->frag_point)) {
                err = -EMSGSIZE;
                goto out_free;
        }

        if (sinfo) {
                /* Check for invalid stream. */
                if (sinfo->sinfo_stream >= asoc->c.sinit_num_ostreams) {
                        err = -EINVAL;
                        goto out_free;
                }
        }

        timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
        if (!sctp_wspace(asoc)) {
                err = sctp_wait_for_sndbuf(asoc, &timeo, msg_len);
                if (err)
                        goto out_free;
        }

        /* If an address is passed with the sendto/sendmsg call, it is used
         * to override the primary destination address in the TCP model, or
         * when SCTP_ADDR_OVER flag is set in the UDP model.
         */
        if ((sctp_style(sk, TCP) && msg_name) ||
            (sinfo_flags & SCTP_ADDR_OVER)) {
                chunk_tp = sctp_assoc_lookup_paddr(asoc, &to);
                if (!chunk_tp) {
                        err = -EINVAL;
                        goto out_free;
                }
        } else
                chunk_tp = NULL;

        /* Auto-connect, if we aren't connected already. */
        if (sctp_state(asoc, CLOSED)) {
                err = sctp_primitive_ASSOCIATE(asoc, NULL);
                if (err < 0)
                        goto out_free;
                SCTP_DEBUG_PRINTK("We associated primitively.\n");
        }

        /* Break the message into multiple chunks of maximum size. */
        datamsg = sctp_datamsg_from_user(asoc, sinfo, msg, msg_len);
        if (!datamsg) {
                err = -ENOMEM;
                goto out_free;
        }

        /* Now send the (possibly) fragmented message. */
        list_for_each_entry(chunk, &datamsg->chunks, frag_list) {
                sctp_chunk_hold(chunk);

                /* Do accounting for the write space.  */
                sctp_set_owner_w(chunk);

                chunk->transport = chunk_tp;

                /* Send it to the lower layers.  Note:  all chunks
                 * must either fail or succeed.   The lower layer
                 * works that way today.  Keep it that way or this
                 * breaks.
                 */
                err = sctp_primitive_SEND(asoc, chunk);
                /* Did the lower layer accept the chunk? */
                if (err)
                        sctp_chunk_free(chunk);
                SCTP_DEBUG_PRINTK("We sent primitively.\n");
        }

        sctp_datamsg_put(datamsg);
        if (err)
                goto out_free;
        else
                err = msg_len;

        /* If we are already past ASSOCIATE, the lower
         * layers are responsible for association cleanup.
         */
        goto out_unlock;

out_free:
        if (new_asoc)
                sctp_association_free(asoc);
out_unlock:
        sctp_release_sock(sk);

out_nounlock:
        return sctp_error(sk, msg_flags, err);

#if 0
do_sock_err:
        if (msg_len)
                err = msg_len;
        else
                err = sock_error(sk);
        goto out;

do_interrupted:
        if (msg_len)
                err = msg_len;
        goto out;
#endif /* 0 */
}

/* This is an extended version of skb_pull() that removes the data from the
 * start of a skb even when data is spread across the list of skb's in the
 * frag_list. len specifies the total amount of data that needs to be removed.
 * when 'len' bytes could be removed from the skb, it returns 0.
 * If 'len' exceeds the total skb length,  it returns the no. of bytes that
 * could not be removed.
 */
static int sctp_skb_pull(struct sk_buff *skb, int len)
{
        struct sk_buff *list;
        int skb_len = skb_headlen(skb);
        int rlen;

        if (len <= skb_len) {
                __skb_pull(skb, len);
                return 0;
        }
        len -= skb_len;
        __skb_pull(skb, skb_len);

        for (list = skb_shinfo(skb)->frag_list; list; list = list->next) {
                rlen = sctp_skb_pull(list, len);
                skb->len -= (len-rlen);
                skb->data_len -= (len-rlen);

                if (!rlen)
                        return 0;

                len = rlen;
        }

        return len;
}

/* API 3.1.3  recvmsg() - UDP Style Syntax
 *
 *  ssize_t recvmsg(int socket, struct msghdr *message,
 *                    int flags);
 *
 *  socket  - the socket descriptor of the endpoint.
 *  message - pointer to the msghdr structure which contains a single
 *            user message and possibly some ancillary data.
 *
 *            See Section 5 for complete description of the data
 *            structures.
 *
 *  flags   - flags sent or received with the user message, see Section
 *            5 for complete description of the flags.
 */
static struct sk_buff *sctp_skb_recv_datagram(struct sock *, int, int, int *);

SCTP_STATIC int sctp_recvmsg(struct kiocb *iocb, struct sock *sk,
                             struct msghdr *msg, size_t len, int noblock,
                             int flags, int *addr_len)
{
        struct sctp_ulpevent *event = NULL;
        struct sctp_sock *sp = sctp_sk(sk);
        struct sk_buff *skb;
        int copied;
        int err = 0;
        int skb_len;

        SCTP_DEBUG_PRINTK("sctp_recvmsg(%s: %p, %s: %p, %s: %zd, %s: %d, %s: "
                          "0x%x, %s: %p)\n", "sk", sk, "msghdr", msg,
                          "len", len, "knoblauch", noblock,
                          "flags", flags, "addr_len", addr_len);

        sctp_lock_sock(sk);

        if (sctp_style(sk, TCP) && !sctp_sstate(sk, ESTABLISHED)) {
                err = -ENOTCONN;
                goto out;
        }

        skb = sctp_skb_recv_datagram(sk, flags, noblock, &err);
        if (!skb)
                goto out;

        /* Get the total length of the skb including any skb's in the
         * frag_list.
         */
        skb_len = skb->len;

        copied = skb_len;
        if (copied > len)
                copied = len;

        err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);

        event = sctp_skb2event(skb);

        if (err)
                goto out_free;

        sock_recv_timestamp(msg, sk, skb);
        if (sctp_ulpevent_is_notification(event)) {
                msg->msg_flags |= MSG_NOTIFICATION;
                sp->pf->event_msgname(event, msg->msg_name, addr_len);
        } else {
                sp->pf->skb_msgname(skb, msg->msg_name, addr_len);
        }

        /* Check if we allow SCTP_SNDRCVINFO. */
        if (sp->subscribe.sctp_data_io_event)
                sctp_ulpevent_read_sndrcvinfo(event, msg);
#if 0
        /* FIXME: we should be calling IP/IPv6 layers.  */
        if (sk->sk_protinfo.af_inet.cmsg_flags)
                ip_cmsg_recv(msg, skb);
#endif

        err = copied;

        /* If skb's length exceeds the user's buffer, update the skb and
         * push it back to the receive_queue so that the next call to
         * recvmsg() will return the remaining data. Don't set MSG_EOR.
         */
        if (skb_len > copied) {
                msg->msg_flags &= ~MSG_EOR;
                if (flags & MSG_PEEK)
                        goto out_free;
                sctp_skb_pull(skb, copied);
                skb_queue_head(&sk->sk_receive_queue, skb);

                /* When only partial message is copied to the user, increase
                 * rwnd by that amount. If all the data in the skb is read,
                 * rwnd is updated when the event is freed.
                 */
                if (!sctp_ulpevent_is_notification(event))
                        sctp_assoc_rwnd_increase(event->asoc, copied);
                goto out;
        } else if ((event->msg_flags & MSG_NOTIFICATION) ||
                   (event->msg_flags & MSG_EOR))
                msg->msg_flags |= MSG_EOR;
        else
                msg->msg_flags &= ~MSG_EOR;

out_free:
        if (flags & MSG_PEEK) {
                /* Release the skb reference acquired after peeking the skb in
                 * sctp_skb_recv_datagram().
                 */
                kfree_skb(skb);
        } else {
                /* Free the event which includes releasing the reference to
                 * the owner of the skb, freeing the skb and updating the
                 * rwnd.
                 */
                sctp_ulpevent_free(event);
        }
out:
        sctp_release_sock(sk);
        return err;
}

/* 7.1.12 Enable/Disable message fragmentation (SCTP_DISABLE_FRAGMENTS)
 *
 * This option is a on/off flag.  If enabled no SCTP message
 * fragmentation will be performed.  Instead if a message being sent
 * exceeds the current PMTU size, the message will NOT be sent and
 * instead a error will be indicated to the user.
 */
static int sctp_setsockopt_disable_fragments(struct sock *sk,
                                            char __user *optval, int optlen)
{
        int val;

        if (optlen < sizeof(int))
                return -EINVAL;

        if (get_user(val, (int __user *)optval))
                return -EFAULT;

        sctp_sk(sk)->disable_fragments = (val == 0) ? 0 : 1;