linux/net/sctp/sm_make_chunk.c
<<
>>
Prefs
   1/* SCTP kernel implementation
   2 * (C) Copyright IBM Corp. 2001, 2004
   3 * Copyright (c) 1999-2000 Cisco, Inc.
   4 * Copyright (c) 1999-2001 Motorola, Inc.
   5 * Copyright (c) 2001-2002 Intel Corp.
   6 *
   7 * This file is part of the SCTP kernel implementation
   8 *
   9 * These functions work with the state functions in sctp_sm_statefuns.c
  10 * to implement the state operations.  These functions implement the
  11 * steps which require modifying existing data structures.
  12 *
  13 * This SCTP implementation is free software;
  14 * you can redistribute it and/or modify it under the terms of
  15 * the GNU General Public License as published by
  16 * the Free Software Foundation; either version 2, or (at your option)
  17 * any later version.
  18 *
  19 * This SCTP implementation is distributed in the hope that it
  20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
  21 *                 ************************
  22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  23 * See the GNU General Public License for more details.
  24 *
  25 * You should have received a copy of the GNU General Public License
  26 * along with GNU CC; see the file COPYING.  If not, write to
  27 * the Free Software Foundation, 59 Temple Place - Suite 330,
  28 * Boston, MA 02111-1307, USA.
  29 *
  30 * Please send any bug reports or fixes you make to the
  31 * email address(es):
  32 *    lksctp developers <lksctp-developers@lists.sourceforge.net>
  33 *
  34 * Or submit a bug report through the following website:
  35 *    http://www.sf.net/projects/lksctp
  36 *
  37 * Written or modified by:
  38 *    La Monte H.P. Yarroll <piggy@acm.org>
  39 *    Karl Knutson          <karl@athena.chicago.il.us>
  40 *    C. Robin              <chris@hundredacre.ac.uk>
  41 *    Jon Grimm             <jgrimm@us.ibm.com>
  42 *    Xingang Guo           <xingang.guo@intel.com>
  43 *    Dajiang Zhang         <dajiang.zhang@nokia.com>
  44 *    Sridhar Samudrala     <sri@us.ibm.com>
  45 *    Daisy Chang           <daisyc@us.ibm.com>
  46 *    Ardelle Fan           <ardelle.fan@intel.com>
  47 *    Kevin Gao             <kevin.gao@intel.com>
  48 *
  49 * Any bugs reported given to us we will try to fix... any fixes shared will
  50 * be incorporated into the next SCTP release.
  51 */
  52
  53#include <linux/types.h>
  54#include <linux/kernel.h>
  55#include <linux/ip.h>
  56#include <linux/ipv6.h>
  57#include <linux/net.h>
  58#include <linux/inet.h>
  59#include <linux/scatterlist.h>
  60#include <linux/crypto.h>
  61#include <linux/slab.h>
  62#include <net/sock.h>
  63
  64#include <linux/skbuff.h>
  65#include <linux/random.h>       /* for get_random_bytes */
  66#include <net/sctp/sctp.h>
  67#include <net/sctp/sm.h>
  68
  69SCTP_STATIC
  70struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc,
  71                                   __u8 type, __u8 flags, int paylen);
  72static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
  73                                        const struct sctp_association *asoc,
  74                                        const struct sctp_chunk *init_chunk,
  75                                        int *cookie_len,
  76                                        const __u8 *raw_addrs, int addrs_len);
  77static int sctp_process_param(struct sctp_association *asoc,
  78                              union sctp_params param,
  79                              const union sctp_addr *peer_addr,
  80                              gfp_t gfp);
  81static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
  82                              const void *data);
  83
  84/* What was the inbound interface for this chunk? */
  85int sctp_chunk_iif(const struct sctp_chunk *chunk)
  86{
  87        struct sctp_af *af;
  88        int iif = 0;
  89
  90        af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version));
  91        if (af)
  92                iif = af->skb_iif(chunk->skb);
  93
  94        return iif;
  95}
  96
  97/* RFC 2960 3.3.2 Initiation (INIT) (1)
  98 *
  99 * Note 2: The ECN capable field is reserved for future use of
 100 * Explicit Congestion Notification.
 101 */
 102static const struct sctp_paramhdr ecap_param = {
 103        SCTP_PARAM_ECN_CAPABLE,
 104        cpu_to_be16(sizeof(struct sctp_paramhdr)),
 105};
 106static const struct sctp_paramhdr prsctp_param = {
 107        SCTP_PARAM_FWD_TSN_SUPPORT,
 108        cpu_to_be16(sizeof(struct sctp_paramhdr)),
 109};
 110
 111/* A helper to initialize an op error inside a
 112 * provided chunk, as most cause codes will be embedded inside an
 113 * abort chunk.
 114 */
 115void  sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code,
 116                      size_t paylen)
 117{
 118        sctp_errhdr_t err;
 119        __u16 len;
 120
 121        /* Cause code constants are now defined in network order.  */
 122        err.cause = cause_code;
 123        len = sizeof(sctp_errhdr_t) + paylen;
 124        err.length  = htons(len);
 125        chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err);
 126}
 127
 128/* A helper to initialize an op error inside a
 129 * provided chunk, as most cause codes will be embedded inside an
 130 * abort chunk.  Differs from sctp_init_cause in that it won't oops
 131 * if there isn't enough space in the op error chunk
 132 */
 133int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code,
 134                      size_t paylen)
 135{
 136        sctp_errhdr_t err;
 137        __u16 len;
 138
 139        /* Cause code constants are now defined in network order.  */
 140        err.cause = cause_code;
 141        len = sizeof(sctp_errhdr_t) + paylen;
 142        err.length  = htons(len);
 143
 144        if (skb_tailroom(chunk->skb) < len)
 145                return -ENOSPC;
 146        chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk,
 147                                                     sizeof(sctp_errhdr_t),
 148                                                     &err);
 149        return 0;
 150}
 151/* 3.3.2 Initiation (INIT) (1)
 152 *
 153 * This chunk is used to initiate a SCTP association between two
 154 * endpoints. The format of the INIT chunk is shown below:
 155 *
 156 *     0                   1                   2                   3
 157 *     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 158 *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 159 *    |   Type = 1    |  Chunk Flags  |      Chunk Length             |
 160 *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 161 *    |                         Initiate Tag                          |
 162 *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 163 *    |           Advertised Receiver Window Credit (a_rwnd)          |
 164 *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 165 *    |  Number of Outbound Streams   |  Number of Inbound Streams    |
 166 *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 167 *    |                          Initial TSN                          |
 168 *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 169 *    \                                                               \
 170 *    /              Optional/Variable-Length Parameters              /
 171 *    \                                                               \
 172 *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 173 *
 174 *
 175 * The INIT chunk contains the following parameters. Unless otherwise
 176 * noted, each parameter MUST only be included once in the INIT chunk.
 177 *
 178 * Fixed Parameters                     Status
 179 * ----------------------------------------------
 180 * Initiate Tag                        Mandatory
 181 * Advertised Receiver Window Credit   Mandatory
 182 * Number of Outbound Streams          Mandatory
 183 * Number of Inbound Streams           Mandatory
 184 * Initial TSN                         Mandatory
 185 *
 186 * Variable Parameters                  Status     Type Value
 187 * -------------------------------------------------------------
 188 * IPv4 Address (Note 1)               Optional    5
 189 * IPv6 Address (Note 1)               Optional    6
 190 * Cookie Preservative                 Optional    9
 191 * Reserved for ECN Capable (Note 2)   Optional    32768 (0x8000)
 192 * Host Name Address (Note 3)          Optional    11
 193 * Supported Address Types (Note 4)    Optional    12
 194 */
 195struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
 196                             const struct sctp_bind_addr *bp,
 197                             gfp_t gfp, int vparam_len)
 198{
 199        sctp_inithdr_t init;
 200        union sctp_params addrs;
 201        size_t chunksize;
 202        struct sctp_chunk *retval = NULL;
 203        int num_types, addrs_len = 0;
 204        struct sctp_sock *sp;
 205        sctp_supported_addrs_param_t sat;
 206        __be16 types[2];
 207        sctp_adaptation_ind_param_t aiparam;
 208        sctp_supported_ext_param_t ext_param;
 209        int num_ext = 0;
 210        __u8 extensions[3];
 211        sctp_paramhdr_t *auth_chunks = NULL,
 212                        *auth_hmacs = NULL;
 213
 214        /* RFC 2960 3.3.2 Initiation (INIT) (1)
 215         *
 216         * Note 1: The INIT chunks can contain multiple addresses that
 217         * can be IPv4 and/or IPv6 in any combination.
 218         */
 219        retval = NULL;
 220
 221        /* Convert the provided bind address list to raw format. */
 222        addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp);
 223
 224        init.init_tag              = htonl(asoc->c.my_vtag);
 225        init.a_rwnd                = htonl(asoc->rwnd);
 226        init.num_outbound_streams  = htons(asoc->c.sinit_num_ostreams);
 227        init.num_inbound_streams   = htons(asoc->c.sinit_max_instreams);
 228        init.initial_tsn           = htonl(asoc->c.initial_tsn);
 229
 230        /* How many address types are needed? */
 231        sp = sctp_sk(asoc->base.sk);
 232        num_types = sp->pf->supported_addrs(sp, types);
 233
 234        chunksize = sizeof(init) + addrs_len;
 235        chunksize += WORD_ROUND(SCTP_SAT_LEN(num_types));
 236        chunksize += sizeof(ecap_param);
 237
 238        if (sctp_prsctp_enable)
 239                chunksize += sizeof(prsctp_param);
 240
 241        /* ADDIP: Section 4.2.7:
 242         *  An implementation supporting this extension [ADDIP] MUST list
 243         *  the ASCONF,the ASCONF-ACK, and the AUTH  chunks in its INIT and
 244         *  INIT-ACK parameters.
 245         */
 246        if (sctp_addip_enable) {
 247                extensions[num_ext] = SCTP_CID_ASCONF;
 248                extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
 249                num_ext += 2;
 250        }
 251
 252        if (sp->adaptation_ind)
 253                chunksize += sizeof(aiparam);
 254
 255        chunksize += vparam_len;
 256
 257        /* Account for AUTH related parameters */
 258        if (sctp_auth_enable) {
 259                /* Add random parameter length*/
 260                chunksize += sizeof(asoc->c.auth_random);
 261
 262                /* Add HMACS parameter length if any were defined */
 263                auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs;
 264                if (auth_hmacs->length)
 265                        chunksize += WORD_ROUND(ntohs(auth_hmacs->length));
 266                else
 267                        auth_hmacs = NULL;
 268
 269                /* Add CHUNKS parameter length */
 270                auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks;
 271                if (auth_chunks->length)
 272                        chunksize += WORD_ROUND(ntohs(auth_chunks->length));
 273                else
 274                        auth_chunks = NULL;
 275
 276                extensions[num_ext] = SCTP_CID_AUTH;
 277                num_ext += 1;
 278        }
 279
 280        /* If we have any extensions to report, account for that */
 281        if (num_ext)
 282                chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) +
 283                                        num_ext);
 284
 285        /* RFC 2960 3.3.2 Initiation (INIT) (1)
 286         *
 287         * Note 3: An INIT chunk MUST NOT contain more than one Host
 288         * Name address parameter. Moreover, the sender of the INIT
 289         * MUST NOT combine any other address types with the Host Name
 290         * address in the INIT. The receiver of INIT MUST ignore any
 291         * other address types if the Host Name address parameter is
 292         * present in the received INIT chunk.
 293         *
 294         * PLEASE DO NOT FIXME [This version does not support Host Name.]
 295         */
 296
 297        retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize);
 298        if (!retval)
 299                goto nodata;
 300
 301        retval->subh.init_hdr =
 302                sctp_addto_chunk(retval, sizeof(init), &init);
 303        retval->param_hdr.v =
 304                sctp_addto_chunk(retval, addrs_len, addrs.v);
 305
 306        /* RFC 2960 3.3.2 Initiation (INIT) (1)
 307         *
 308         * Note 4: This parameter, when present, specifies all the
 309         * address types the sending endpoint can support. The absence
 310         * of this parameter indicates that the sending endpoint can
 311         * support any address type.
 312         */
 313        sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES;
 314        sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types));
 315        sctp_addto_chunk(retval, sizeof(sat), &sat);
 316        sctp_addto_chunk(retval, num_types * sizeof(__u16), &types);
 317
 318        sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
 319
 320        /* Add the supported extensions parameter.  Be nice and add this
 321         * fist before addiding the parameters for the extensions themselves
 322         */
 323        if (num_ext) {
 324                ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
 325                ext_param.param_hdr.length =
 326                            htons(sizeof(sctp_supported_ext_param_t) + num_ext);
 327                sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t),
 328                                &ext_param);
 329                sctp_addto_param(retval, num_ext, extensions);
 330        }
 331
 332        if (sctp_prsctp_enable)
 333                sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
 334
 335        if (sp->adaptation_ind) {
 336                aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
 337                aiparam.param_hdr.length = htons(sizeof(aiparam));
 338                aiparam.adaptation_ind = htonl(sp->adaptation_ind);
 339                sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
 340        }
 341
 342        /* Add SCTP-AUTH chunks to the parameter list */
 343        if (sctp_auth_enable) {
 344                sctp_addto_chunk(retval, sizeof(asoc->c.auth_random),
 345                                 asoc->c.auth_random);
 346                if (auth_hmacs)
 347                        sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
 348                                        auth_hmacs);
 349                if (auth_chunks)
 350                        sctp_addto_chunk(retval, ntohs(auth_chunks->length),
 351                                        auth_chunks);
 352        }
 353nodata:
 354        kfree(addrs.v);
 355        return retval;
 356}
 357
 358struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
 359                                 const struct sctp_chunk *chunk,
 360                                 gfp_t gfp, int unkparam_len)
 361{
 362        sctp_inithdr_t initack;
 363        struct sctp_chunk *retval;
 364        union sctp_params addrs;
 365        struct sctp_sock *sp;
 366        int addrs_len;
 367        sctp_cookie_param_t *cookie;
 368        int cookie_len;
 369        size_t chunksize;
 370        sctp_adaptation_ind_param_t aiparam;
 371        sctp_supported_ext_param_t ext_param;
 372        int num_ext = 0;
 373        __u8 extensions[3];
 374        sctp_paramhdr_t *auth_chunks = NULL,
 375                        *auth_hmacs = NULL,
 376                        *auth_random = NULL;
 377
 378        retval = NULL;
 379
 380        /* Note: there may be no addresses to embed. */
 381        addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp);
 382
 383        initack.init_tag                = htonl(asoc->c.my_vtag);
 384        initack.a_rwnd                  = htonl(asoc->rwnd);
 385        initack.num_outbound_streams    = htons(asoc->c.sinit_num_ostreams);
 386        initack.num_inbound_streams     = htons(asoc->c.sinit_max_instreams);
 387        initack.initial_tsn             = htonl(asoc->c.initial_tsn);
 388
 389        /* FIXME:  We really ought to build the cookie right
 390         * into the packet instead of allocating more fresh memory.
 391         */
 392        cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len,
 393                                  addrs.v, addrs_len);
 394        if (!cookie)
 395                goto nomem_cookie;
 396
 397        /* Calculate the total size of allocation, include the reserved
 398         * space for reporting unknown parameters if it is specified.
 399         */
 400        sp = sctp_sk(asoc->base.sk);
 401        chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len;
 402
 403        /* Tell peer that we'll do ECN only if peer advertised such cap.  */
 404        if (asoc->peer.ecn_capable)
 405                chunksize += sizeof(ecap_param);
 406
 407        if (asoc->peer.prsctp_capable)
 408                chunksize += sizeof(prsctp_param);
 409
 410        if (asoc->peer.asconf_capable) {
 411                extensions[num_ext] = SCTP_CID_ASCONF;
 412                extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
 413                num_ext += 2;
 414        }
 415
 416        if (sp->adaptation_ind)
 417                chunksize += sizeof(aiparam);
 418
 419        if (asoc->peer.auth_capable) {
 420                auth_random = (sctp_paramhdr_t *)asoc->c.auth_random;
 421                chunksize += ntohs(auth_random->length);
 422
 423                auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs;
 424                if (auth_hmacs->length)
 425                        chunksize += WORD_ROUND(ntohs(auth_hmacs->length));
 426                else
 427                        auth_hmacs = NULL;
 428
 429                auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks;
 430                if (auth_chunks->length)
 431                        chunksize += WORD_ROUND(ntohs(auth_chunks->length));
 432                else
 433                        auth_chunks = NULL;
 434
 435                extensions[num_ext] = SCTP_CID_AUTH;
 436                num_ext += 1;
 437        }
 438
 439        if (num_ext)
 440                chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) +
 441                                        num_ext);
 442
 443        /* Now allocate and fill out the chunk.  */
 444        retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize);
 445        if (!retval)
 446                goto nomem_chunk;
 447
 448        /* RFC 2960 6.4 Multi-homed SCTP Endpoints
 449         *
 450         * An endpoint SHOULD transmit reply chunks (e.g., SACK,
 451         * HEARTBEAT ACK, * etc.) to the same destination transport
 452         * address from which it received the DATA or control chunk
 453         * to which it is replying.
 454         *
 455         * [INIT ACK back to where the INIT came from.]
 456         */
 457        retval->transport = chunk->transport;
 458
 459        retval->subh.init_hdr =
 460                sctp_addto_chunk(retval, sizeof(initack), &initack);
 461        retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v);
 462        sctp_addto_chunk(retval, cookie_len, cookie);
 463        if (asoc->peer.ecn_capable)
 464                sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
 465        if (num_ext) {
 466                ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
 467                ext_param.param_hdr.length =
 468                            htons(sizeof(sctp_supported_ext_param_t) + num_ext);
 469                sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t),
 470                                 &ext_param);
 471                sctp_addto_param(retval, num_ext, extensions);
 472        }
 473        if (asoc->peer.prsctp_capable)
 474                sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
 475
 476        if (sp->adaptation_ind) {
 477                aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
 478                aiparam.param_hdr.length = htons(sizeof(aiparam));
 479                aiparam.adaptation_ind = htonl(sp->adaptation_ind);
 480                sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
 481        }
 482
 483        if (asoc->peer.auth_capable) {
 484                sctp_addto_chunk(retval, ntohs(auth_random->length),
 485                                 auth_random);
 486                if (auth_hmacs)
 487                        sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
 488                                        auth_hmacs);
 489                if (auth_chunks)
 490                        sctp_addto_chunk(retval, ntohs(auth_chunks->length),
 491                                        auth_chunks);
 492        }
 493
 494        /* We need to remove the const qualifier at this point.  */
 495        retval->asoc = (struct sctp_association *) asoc;
 496
 497nomem_chunk:
 498        kfree(cookie);
 499nomem_cookie:
 500        kfree(addrs.v);
 501        return retval;
 502}
 503
 504/* 3.3.11 Cookie Echo (COOKIE ECHO) (10):
 505 *
 506 * This chunk is used only during the initialization of an association.
 507 * It is sent by the initiator of an association to its peer to complete
 508 * the initialization process. This chunk MUST precede any DATA chunk
 509 * sent within the association, but MAY be bundled with one or more DATA
 510 * chunks in the same packet.
 511 *
 512 *      0                   1                   2                   3
 513 *      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 514 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 515 *     |   Type = 10   |Chunk  Flags   |         Length                |
 516 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 517 *     /                     Cookie                                    /
 518 *     \                                                               \
 519 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 520 *
 521 * Chunk Flags: 8 bit
 522 *
 523 *   Set to zero on transmit and ignored on receipt.
 524 *
 525 * Length: 16 bits (unsigned integer)
 526 *
 527 *   Set to the size of the chunk in bytes, including the 4 bytes of
 528 *   the chunk header and the size of the Cookie.
 529 *
 530 * Cookie: variable size
 531 *
 532 *   This field must contain the exact cookie received in the
 533 *   State Cookie parameter from the previous INIT ACK.
 534 *
 535 *   An implementation SHOULD make the cookie as small as possible
 536 *   to insure interoperability.
 537 */
 538struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc,
 539                                    const struct sctp_chunk *chunk)
 540{
 541        struct sctp_chunk *retval;
 542        void *cookie;
 543        int cookie_len;
 544
 545        cookie = asoc->peer.cookie;
 546        cookie_len = asoc->peer.cookie_len;
 547
 548        /* Build a cookie echo chunk.  */
 549        retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len);
 550        if (!retval)
 551                goto nodata;
 552        retval->subh.cookie_hdr =
 553                sctp_addto_chunk(retval, cookie_len, cookie);
 554
 555        /* RFC 2960 6.4 Multi-homed SCTP Endpoints
 556         *
 557         * An endpoint SHOULD transmit reply chunks (e.g., SACK,
 558         * HEARTBEAT ACK, * etc.) to the same destination transport
 559         * address from which it * received the DATA or control chunk
 560         * to which it is replying.
 561         *
 562         * [COOKIE ECHO back to where the INIT ACK came from.]
 563         */
 564        if (chunk)
 565                retval->transport = chunk->transport;
 566
 567nodata:
 568        return retval;
 569}
 570
 571/* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11):
 572 *
 573 * This chunk is used only during the initialization of an
 574 * association.  It is used to acknowledge the receipt of a COOKIE
 575 * ECHO chunk.  This chunk MUST precede any DATA or SACK chunk sent
 576 * within the association, but MAY be bundled with one or more DATA
 577 * chunks or SACK chunk in the same SCTP packet.
 578 *
 579 *      0                   1                   2                   3
 580 *      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 581 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 582 *     |   Type = 11   |Chunk  Flags   |     Length = 4                |
 583 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 584 *
 585 * Chunk Flags: 8 bits
 586 *
 587 *   Set to zero on transmit and ignored on receipt.
 588 */
 589struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc,
 590                                   const struct sctp_chunk *chunk)
 591{
 592        struct sctp_chunk *retval;
 593
 594        retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0);
 595
 596        /* RFC 2960 6.4 Multi-homed SCTP Endpoints
 597         *
 598         * An endpoint SHOULD transmit reply chunks (e.g., SACK,
 599         * HEARTBEAT ACK, * etc.) to the same destination transport
 600         * address from which it * received the DATA or control chunk
 601         * to which it is replying.
 602         *
 603         * [COOKIE ACK back to where the COOKIE ECHO came from.]
 604         */
 605        if (retval && chunk)
 606                retval->transport = chunk->transport;
 607
 608        return retval;
 609}
 610
 611/*
 612 *  Appendix A: Explicit Congestion Notification:
 613 *  CWR:
 614 *
 615 *  RFC 2481 details a specific bit for a sender to send in the header of
 616 *  its next outbound TCP segment to indicate to its peer that it has
 617 *  reduced its congestion window.  This is termed the CWR bit.  For
 618 *  SCTP the same indication is made by including the CWR chunk.
 619 *  This chunk contains one data element, i.e. the TSN number that
 620 *  was sent in the ECNE chunk.  This element represents the lowest
 621 *  TSN number in the datagram that was originally marked with the
 622 *  CE bit.
 623 *
 624 *     0                   1                   2                   3
 625 *     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 626 *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 627 *    | Chunk Type=13 | Flags=00000000|    Chunk Length = 8           |
 628 *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 629 *    |                      Lowest TSN Number                        |
 630 *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 631 *
 632 *     Note: The CWR is considered a Control chunk.
 633 */
 634struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc,
 635                            const __u32 lowest_tsn,
 636                            const struct sctp_chunk *chunk)
 637{
 638        struct sctp_chunk *retval;
 639        sctp_cwrhdr_t cwr;
 640
 641        cwr.lowest_tsn = htonl(lowest_tsn);
 642        retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0,
 643                                 sizeof(sctp_cwrhdr_t));
 644
 645        if (!retval)
 646                goto nodata;
 647
 648        retval->subh.ecn_cwr_hdr =
 649                sctp_addto_chunk(retval, sizeof(cwr), &cwr);
 650
 651        /* RFC 2960 6.4 Multi-homed SCTP Endpoints
 652         *
 653         * An endpoint SHOULD transmit reply chunks (e.g., SACK,
 654         * HEARTBEAT ACK, * etc.) to the same destination transport
 655         * address from which it * received the DATA or control chunk
 656         * to which it is replying.
 657         *
 658         * [Report a reduced congestion window back to where the ECNE
 659         * came from.]
 660         */
 661        if (chunk)
 662                retval->transport = chunk->transport;
 663
 664nodata:
 665        return retval;
 666}
 667
 668/* Make an ECNE chunk.  This is a congestion experienced report.  */
 669struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc,
 670                             const __u32 lowest_tsn)
 671{
 672        struct sctp_chunk *retval;
 673        sctp_ecnehdr_t ecne;
 674
 675        ecne.lowest_tsn = htonl(lowest_tsn);
 676        retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0,
 677                                 sizeof(sctp_ecnehdr_t));
 678        if (!retval)
 679                goto nodata;
 680        retval->subh.ecne_hdr =
 681                sctp_addto_chunk(retval, sizeof(ecne), &ecne);
 682
 683nodata:
 684        return retval;
 685}
 686
 687/* Make a DATA chunk for the given association from the provided
 688 * parameters.  However, do not populate the data payload.
 689 */
 690struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc,
 691                                       const struct sctp_sndrcvinfo *sinfo,
 692                                       int data_len, __u8 flags, __u16 ssn)
 693{
 694        struct sctp_chunk *retval;
 695        struct sctp_datahdr dp;
 696        int chunk_len;
 697
 698        /* We assign the TSN as LATE as possible, not here when
 699         * creating the chunk.
 700         */
 701        dp.tsn = 0;
 702        dp.stream = htons(sinfo->sinfo_stream);
 703        dp.ppid   = sinfo->sinfo_ppid;
 704
 705        /* Set the flags for an unordered send.  */
 706        if (sinfo->sinfo_flags & SCTP_UNORDERED) {
 707                flags |= SCTP_DATA_UNORDERED;
 708                dp.ssn = 0;
 709        } else
 710                dp.ssn = htons(ssn);
 711
 712        chunk_len = sizeof(dp) + data_len;
 713        retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len);
 714        if (!retval)
 715                goto nodata;
 716
 717        retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp);
 718        memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo));
 719
 720nodata:
 721        return retval;
 722}
 723
 724/* Create a selective ackowledgement (SACK) for the given
 725 * association.  This reports on which TSN's we've seen to date,
 726 * including duplicates and gaps.
 727 */
 728struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc)
 729{
 730        struct sctp_chunk *retval;
 731        struct sctp_sackhdr sack;
 732        int len;
 733        __u32 ctsn;
 734        __u16 num_gabs, num_dup_tsns;
 735        struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
 736        struct sctp_gap_ack_block gabs[SCTP_MAX_GABS];
 737
 738        memset(gabs, 0, sizeof(gabs));
 739        ctsn = sctp_tsnmap_get_ctsn(map);
 740        SCTP_DEBUG_PRINTK("sackCTSNAck sent:  0x%x.\n", ctsn);
 741
 742        /* How much room is needed in the chunk? */
 743        num_gabs = sctp_tsnmap_num_gabs(map, gabs);
 744        num_dup_tsns = sctp_tsnmap_num_dups(map);
 745
 746        /* Initialize the SACK header.  */
 747        sack.cum_tsn_ack            = htonl(ctsn);
 748        sack.a_rwnd                 = htonl(asoc->a_rwnd);
 749        sack.num_gap_ack_blocks     = htons(num_gabs);
 750        sack.num_dup_tsns           = htons(num_dup_tsns);
 751
 752        len = sizeof(sack)
 753                + sizeof(struct sctp_gap_ack_block) * num_gabs
 754                + sizeof(__u32) * num_dup_tsns;
 755
 756        /* Create the chunk.  */
 757        retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len);
 758        if (!retval)
 759                goto nodata;
 760
 761        /* RFC 2960 6.4 Multi-homed SCTP Endpoints
 762         *
 763         * An endpoint SHOULD transmit reply chunks (e.g., SACK,
 764         * HEARTBEAT ACK, etc.) to the same destination transport
 765         * address from which it received the DATA or control chunk to
 766         * which it is replying.  This rule should also be followed if
 767         * the endpoint is bundling DATA chunks together with the
 768         * reply chunk.
 769         *
 770         * However, when acknowledging multiple DATA chunks received
 771         * in packets from different source addresses in a single
 772         * SACK, the SACK chunk may be transmitted to one of the
 773         * destination transport addresses from which the DATA or
 774         * control chunks being acknowledged were received.
 775         *
 776         * [BUG:  We do not implement the following paragraph.
 777         * Perhaps we should remember the last transport we used for a
 778         * SACK and avoid that (if possible) if we have seen any
 779         * duplicates. --piggy]
 780         *
 781         * When a receiver of a duplicate DATA chunk sends a SACK to a
 782         * multi- homed endpoint it MAY be beneficial to vary the
 783         * destination address and not use the source address of the
 784         * DATA chunk.  The reason being that receiving a duplicate
 785         * from a multi-homed endpoint might indicate that the return
 786         * path (as specified in the source address of the DATA chunk)
 787         * for the SACK is broken.
 788         *
 789         * [Send to the address from which we last received a DATA chunk.]
 790         */
 791        retval->transport = asoc->peer.last_data_from;
 792
 793        retval->subh.sack_hdr =
 794                sctp_addto_chunk(retval, sizeof(sack), &sack);
 795
 796        /* Add the gap ack block information.   */
 797        if (num_gabs)
 798                sctp_addto_chunk(retval, sizeof(__u32) * num_gabs,
 799                                 gabs);
 800
 801        /* Add the duplicate TSN information.  */
 802        if (num_dup_tsns)
 803                sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns,
 804                                 sctp_tsnmap_get_dups(map));
 805
 806nodata:
 807        return retval;
 808}
 809
 810/* Make a SHUTDOWN chunk. */
 811struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc,
 812                                      const struct sctp_chunk *chunk)
 813{
 814        struct sctp_chunk *retval;
 815        sctp_shutdownhdr_t shut;
 816        __u32 ctsn;
 817
 818        ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map);
 819        shut.cum_tsn_ack = htonl(ctsn);
 820
 821        retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0,
 822                                 sizeof(sctp_shutdownhdr_t));
 823        if (!retval)
 824                goto nodata;
 825
 826        retval->subh.shutdown_hdr =
 827                sctp_addto_chunk(retval, sizeof(shut), &shut);
 828
 829        if (chunk)
 830                retval->transport = chunk->transport;
 831nodata:
 832        return retval;
 833}
 834
 835struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc,
 836                                     const struct sctp_chunk *chunk)
 837{
 838        struct sctp_chunk *retval;
 839
 840        retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0);
 841
 842        /* RFC 2960 6.4 Multi-homed SCTP Endpoints
 843         *
 844         * An endpoint SHOULD transmit reply chunks (e.g., SACK,
 845         * HEARTBEAT ACK, * etc.) to the same destination transport
 846         * address from which it * received the DATA or control chunk
 847         * to which it is replying.
 848         *
 849         * [ACK back to where the SHUTDOWN came from.]
 850         */
 851        if (retval && chunk)
 852                retval->transport = chunk->transport;
 853
 854        return retval;
 855}
 856
 857struct sctp_chunk *sctp_make_shutdown_complete(
 858        const struct sctp_association *asoc,
 859        const struct sctp_chunk *chunk)
 860{
 861        struct sctp_chunk *retval;
 862        __u8 flags = 0;
 863
 864        /* Set the T-bit if we have no association (vtag will be
 865         * reflected)
 866         */
 867        flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T;
 868
 869        retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0);
 870
 871        /* RFC 2960 6.4 Multi-homed SCTP Endpoints
 872         *
 873         * An endpoint SHOULD transmit reply chunks (e.g., SACK,
 874         * HEARTBEAT ACK, * etc.) to the same destination transport
 875         * address from which it * received the DATA or control chunk
 876         * to which it is replying.
 877         *
 878         * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK
 879         * came from.]
 880         */
 881        if (retval && chunk)
 882                retval->transport = chunk->transport;
 883
 884        return retval;
 885}
 886
 887/* Create an ABORT.  Note that we set the T bit if we have no
 888 * association, except when responding to an INIT (sctpimpguide 2.41).
 889 */
 890struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc,
 891                              const struct sctp_chunk *chunk,
 892                              const size_t hint)
 893{
 894        struct sctp_chunk *retval;
 895        __u8 flags = 0;
 896
 897        /* Set the T-bit if we have no association and 'chunk' is not
 898         * an INIT (vtag will be reflected).
 899         */
 900        if (!asoc) {
 901                if (chunk && chunk->chunk_hdr &&
 902                    chunk->chunk_hdr->type == SCTP_CID_INIT)
 903                        flags = 0;
 904                else
 905                        flags = SCTP_CHUNK_FLAG_T;
 906        }
 907
 908        retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint);
 909
 910        /* RFC 2960 6.4 Multi-homed SCTP Endpoints
 911         *
 912         * An endpoint SHOULD transmit reply chunks (e.g., SACK,
 913         * HEARTBEAT ACK, * etc.) to the same destination transport
 914         * address from which it * received the DATA or control chunk
 915         * to which it is replying.
 916         *
 917         * [ABORT back to where the offender came from.]
 918         */
 919        if (retval && chunk)
 920                retval->transport = chunk->transport;
 921
 922        return retval;
 923}
 924
 925/* Helper to create ABORT with a NO_USER_DATA error.  */
 926struct sctp_chunk *sctp_make_abort_no_data(
 927        const struct sctp_association *asoc,
 928        const struct sctp_chunk *chunk, __u32 tsn)
 929{
 930        struct sctp_chunk *retval;
 931        __be32 payload;
 932
 933        retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t)
 934                                 + sizeof(tsn));
 935
 936        if (!retval)
 937                goto no_mem;
 938
 939        /* Put the tsn back into network byte order.  */
 940        payload = htonl(tsn);
 941        sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload));
 942        sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload);
 943
 944        /* RFC 2960 6.4 Multi-homed SCTP Endpoints
 945         *
 946         * An endpoint SHOULD transmit reply chunks (e.g., SACK,
 947         * HEARTBEAT ACK, * etc.) to the same destination transport
 948         * address from which it * received the DATA or control chunk
 949         * to which it is replying.
 950         *
 951         * [ABORT back to where the offender came from.]
 952         */
 953        if (chunk)
 954                retval->transport = chunk->transport;
 955
 956no_mem:
 957        return retval;
 958}
 959
 960/* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error.  */
 961struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc,
 962                                        const struct msghdr *msg,
 963                                        size_t paylen)
 964{
 965        struct sctp_chunk *retval;
 966        void *payload = NULL;
 967        int err;
 968
 969        retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen);
 970        if (!retval)
 971                goto err_chunk;
 972
 973        if (paylen) {
 974                /* Put the msg_iov together into payload.  */
 975                payload = kmalloc(paylen, GFP_KERNEL);
 976                if (!payload)
 977                        goto err_payload;
 978
 979                err = memcpy_fromiovec(payload, msg->msg_iov, paylen);
 980                if (err < 0)
 981                        goto err_copy;
 982        }
 983
 984        sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen);
 985        sctp_addto_chunk(retval, paylen, payload);
 986
 987        if (paylen)
 988                kfree(payload);
 989
 990        return retval;
 991
 992err_copy:
 993        kfree(payload);
 994err_payload:
 995        sctp_chunk_free(retval);
 996        retval = NULL;
 997err_chunk:
 998        return retval;
 999}
1000
1001/* Append bytes to the end of a parameter.  Will panic if chunk is not big
1002 * enough.
1003 */
1004static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
1005                              const void *data)
1006{
1007        void *target;
1008        int chunklen = ntohs(chunk->chunk_hdr->length);
1009
1010        target = skb_put(chunk->skb, len);
1011
1012        if (data)
1013                memcpy(target, data, len);
1014        else
1015                memset(target, 0, len);
1016
1017        /* Adjust the chunk length field.  */
1018        chunk->chunk_hdr->length = htons(chunklen + len);
1019        chunk->chunk_end = skb_tail_pointer(chunk->skb);
1020
1021        return target;
1022}
1023
1024/* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */
1025struct sctp_chunk *sctp_make_abort_violation(
1026        const struct sctp_association *asoc,
1027        const struct sctp_chunk *chunk,
1028        const __u8   *payload,
1029        const size_t paylen)
1030{
1031        struct sctp_chunk  *retval;
1032        struct sctp_paramhdr phdr;
1033
1034        retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen
1035                                        + sizeof(sctp_paramhdr_t));
1036        if (!retval)
1037                goto end;
1038
1039        sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen
1040                                        + sizeof(sctp_paramhdr_t));
1041
1042        phdr.type = htons(chunk->chunk_hdr->type);
1043        phdr.length = chunk->chunk_hdr->length;
1044        sctp_addto_chunk(retval, paylen, payload);
1045        sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr);
1046
1047end:
1048        return retval;
1049}
1050
1051struct sctp_chunk *sctp_make_violation_paramlen(
1052        const struct sctp_association *asoc,
1053        const struct sctp_chunk *chunk,
1054        struct sctp_paramhdr *param)
1055{
1056        struct sctp_chunk *retval;
1057        static const char error[] = "The following parameter had invalid length:";
1058        size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) +
1059                                sizeof(sctp_paramhdr_t);
1060
1061        retval = sctp_make_abort(asoc, chunk, payload_len);
1062        if (!retval)
1063                goto nodata;
1064
1065        sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION,
1066                        sizeof(error) + sizeof(sctp_paramhdr_t));
1067        sctp_addto_chunk(retval, sizeof(error), error);
1068        sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param);
1069
1070nodata:
1071        return retval;
1072}
1073
1074/* Make a HEARTBEAT chunk.  */
1075struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc,
1076                                  const struct sctp_transport *transport,
1077                                  const void *payload, const size_t paylen)
1078{
1079        struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT,
1080                                                    0, paylen);
1081
1082        if (!retval)
1083                goto nodata;
1084
1085        /* Cast away the 'const', as this is just telling the chunk
1086         * what transport it belongs to.
1087         */
1088        retval->transport = (struct sctp_transport *) transport;
1089        retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload);
1090
1091nodata:
1092        return retval;
1093}
1094
1095struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc,
1096                                      const struct sctp_chunk *chunk,
1097                                      const void *payload, const size_t paylen)
1098{
1099        struct sctp_chunk *retval;
1100
1101        retval  = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen);
1102        if (!retval)
1103                goto nodata;
1104
1105        retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload);
1106
1107        /* RFC 2960 6.4 Multi-homed SCTP Endpoints
1108         *
1109         * An endpoint SHOULD transmit reply chunks (e.g., SACK,
1110         * HEARTBEAT ACK, * etc.) to the same destination transport
1111         * address from which it * received the DATA or control chunk
1112         * to which it is replying.
1113         *
1114         * [HBACK back to where the HEARTBEAT came from.]
1115         */
1116        if (chunk)
1117                retval->transport = chunk->transport;
1118
1119nodata:
1120        return retval;
1121}
1122
1123/* Create an Operation Error chunk with the specified space reserved.
1124 * This routine can be used for containing multiple causes in the chunk.
1125 */
1126static struct sctp_chunk *sctp_make_op_error_space(
1127        const struct sctp_association *asoc,
1128        const struct sctp_chunk *chunk,
1129        size_t size)
1130{
1131        struct sctp_chunk *retval;
1132
1133        retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0,
1134                                 sizeof(sctp_errhdr_t) + size);
1135        if (!retval)
1136                goto nodata;
1137
1138        /* RFC 2960 6.4 Multi-homed SCTP Endpoints
1139         *
1140         * An endpoint SHOULD transmit reply chunks (e.g., SACK,
1141         * HEARTBEAT ACK, etc.) to the same destination transport
1142         * address from which it received the DATA or control chunk
1143         * to which it is replying.
1144         *
1145         */
1146        if (chunk)
1147                retval->transport = chunk->transport;
1148
1149nodata:
1150        return retval;
1151}
1152
1153/* Create an Operation Error chunk of a fixed size,
1154 * specifically, max(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT)
1155 * This is a helper function to allocate an error chunk for
1156 * for those invalid parameter codes in which we may not want
1157 * to report all the errors, if the incomming chunk is large
1158 */
1159static inline struct sctp_chunk *sctp_make_op_error_fixed(
1160        const struct sctp_association *asoc,
1161        const struct sctp_chunk *chunk)
1162{
1163        size_t size = asoc ? asoc->pathmtu : 0;
1164
1165        if (!size)
1166                size = SCTP_DEFAULT_MAXSEGMENT;
1167
1168        return sctp_make_op_error_space(asoc, chunk, size);
1169}
1170
1171/* Create an Operation Error chunk.  */
1172struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc,
1173                                 const struct sctp_chunk *chunk,
1174                                 __be16 cause_code, const void *payload,
1175                                 size_t paylen, size_t reserve_tail)
1176{
1177        struct sctp_chunk *retval;
1178
1179        retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail);
1180        if (!retval)
1181                goto nodata;
1182
1183        sctp_init_cause(retval, cause_code, paylen + reserve_tail);
1184        sctp_addto_chunk(retval, paylen, payload);
1185        if (reserve_tail)
1186                sctp_addto_param(retval, reserve_tail, NULL);
1187
1188nodata:
1189        return retval;
1190}
1191
1192struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc)
1193{
1194        struct sctp_chunk *retval;
1195        struct sctp_hmac *hmac_desc;
1196        struct sctp_authhdr auth_hdr;
1197        __u8 *hmac;
1198
1199        /* Get the first hmac that the peer told us to use */
1200        hmac_desc = sctp_auth_asoc_get_hmac(asoc);
1201        if (unlikely(!hmac_desc))
1202                return NULL;
1203
1204        retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0,
1205                        hmac_desc->hmac_len + sizeof(sctp_authhdr_t));
1206        if (!retval)
1207                return NULL;
1208
1209        auth_hdr.hmac_id = htons(hmac_desc->hmac_id);
1210        auth_hdr.shkey_id = htons(asoc->active_key_id);
1211
1212        retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t),
1213                                                &auth_hdr);
1214
1215        hmac = skb_put(retval->skb, hmac_desc->hmac_len);
1216        memset(hmac, 0, hmac_desc->hmac_len);
1217
1218        /* Adjust the chunk header to include the empty MAC */
1219        retval->chunk_hdr->length =
1220                htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len);
1221        retval->chunk_end = skb_tail_pointer(retval->skb);
1222
1223        return retval;
1224}
1225
1226
1227/********************************************************************
1228 * 2nd Level Abstractions
1229 ********************************************************************/
1230
1231/* Turn an skb into a chunk.
1232 * FIXME: Eventually move the structure directly inside the skb->cb[].
1233 */
1234struct sctp_chunk *sctp_chunkify(struct sk_buff *skb,
1235                            const struct sctp_association *asoc,
1236                            struct sock *sk)
1237{
1238        struct sctp_chunk *retval;
1239
1240        retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC);
1241
1242        if (!retval)
1243                goto nodata;
1244
1245        if (!sk) {
1246                SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb);
1247        }
1248
1249        INIT_LIST_HEAD(&retval->list);
1250        retval->skb             = skb;
1251        retval->asoc            = (struct sctp_association *)asoc;
1252        retval->has_tsn         = 0;
1253        retval->has_ssn         = 0;
1254        retval->rtt_in_progress = 0;
1255        retval->sent_at         = 0;
1256        retval->singleton       = 1;
1257        retval->end_of_packet   = 0;
1258        retval->ecn_ce_done     = 0;
1259        retval->pdiscard        = 0;
1260
1261        /* sctpimpguide-05.txt Section 2.8.2
1262         * M1) Each time a new DATA chunk is transmitted
1263         * set the 'TSN.Missing.Report' count for that TSN to 0. The
1264         * 'TSN.Missing.Report' count will be used to determine missing chunks
1265         * and when to fast retransmit.
1266         */
1267        retval->tsn_missing_report = 0;
1268        retval->tsn_gap_acked = 0;
1269        retval->fast_retransmit = SCTP_CAN_FRTX;
1270
1271        /* If this is a fragmented message, track all fragments
1272         * of the message (for SEND_FAILED).
1273         */
1274        retval->msg = NULL;
1275
1276        /* Polish the bead hole.  */
1277        INIT_LIST_HEAD(&retval->transmitted_list);
1278        INIT_LIST_HEAD(&retval->frag_list);
1279        SCTP_DBG_OBJCNT_INC(chunk);
1280        atomic_set(&retval->refcnt, 1);
1281
1282nodata:
1283        return retval;
1284}
1285
1286/* Set chunk->source and dest based on the IP header in chunk->skb.  */
1287void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src,
1288                     union sctp_addr *dest)
1289{
1290        memcpy(&chunk->source, src, sizeof(union sctp_addr));
1291        memcpy(&chunk->dest, dest, sizeof(union sctp_addr));
1292}
1293
1294/* Extract the source address from a chunk.  */
1295const union sctp_addr *sctp_source(const struct sctp_chunk *chunk)
1296{
1297        /* If we have a known transport, use that.  */
1298        if (chunk->transport) {
1299                return &chunk->transport->ipaddr;
1300        } else {
1301                /* Otherwise, extract it from the IP header.  */
1302                return &chunk->source;
1303        }
1304}
1305
1306/* Create a new chunk, setting the type and flags headers from the
1307 * arguments, reserving enough space for a 'paylen' byte payload.
1308 */
1309SCTP_STATIC
1310struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc,
1311                                   __u8 type, __u8 flags, int paylen)
1312{
1313        struct sctp_chunk *retval;
1314        sctp_chunkhdr_t *chunk_hdr;
1315        struct sk_buff *skb;
1316        struct sock *sk;
1317
1318        /* No need to allocate LL here, as this is only a chunk. */
1319        skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen),
1320                        GFP_ATOMIC);
1321        if (!skb)
1322                goto nodata;
1323
1324        /* Make room for the chunk header.  */
1325        chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t));
1326        chunk_hdr->type   = type;
1327        chunk_hdr->flags  = flags;
1328        chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t));
1329
1330        sk = asoc ? asoc->base.sk : NULL;
1331        retval = sctp_chunkify(skb, asoc, sk);
1332        if (!retval) {
1333                kfree_skb(skb);
1334                goto nodata;
1335        }
1336
1337        retval->chunk_hdr = chunk_hdr;
1338        retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr);
1339
1340        /* Determine if the chunk needs to be authenticated */
1341        if (sctp_auth_send_cid(type, asoc))
1342                retval->auth = 1;
1343
1344        /* Set the skb to the belonging sock for accounting.  */
1345        skb->sk = sk;
1346
1347        return retval;
1348nodata:
1349        return NULL;
1350}
1351
1352
1353/* Release the memory occupied by a chunk.  */
1354static void sctp_chunk_destroy(struct sctp_chunk *chunk)
1355{
1356        BUG_ON(!list_empty(&chunk->list));
1357        list_del_init(&chunk->transmitted_list);
1358
1359        /* Free the chunk skb data and the SCTP_chunk stub itself. */
1360        dev_kfree_skb(chunk->skb);
1361
1362        SCTP_DBG_OBJCNT_DEC(chunk);
1363        kmem_cache_free(sctp_chunk_cachep, chunk);
1364}
1365
1366/* Possibly, free the chunk.  */
1367void sctp_chunk_free(struct sctp_chunk *chunk)
1368{
1369        /* Release our reference on the message tracker. */
1370        if (chunk->msg)
1371                sctp_datamsg_put(chunk->msg);
1372
1373        sctp_chunk_put(chunk);
1374}
1375
1376/* Grab a reference to the chunk. */
1377void sctp_chunk_hold(struct sctp_chunk *ch)
1378{
1379        atomic_inc(&ch->refcnt);
1380}
1381
1382/* Release a reference to the chunk. */
1383void sctp_chunk_put(struct sctp_chunk *ch)
1384{
1385        if (atomic_dec_and_test(&ch->refcnt))
1386                sctp_chunk_destroy(ch);
1387}
1388
1389/* Append bytes to the end of a chunk.  Will panic if chunk is not big
1390 * enough.
1391 */
1392void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data)
1393{
1394        void *target;
1395        void *padding;
1396        int chunklen = ntohs(chunk->chunk_hdr->length);
1397        int padlen = WORD_ROUND(chunklen) - chunklen;
1398
1399        padding = skb_put(chunk->skb, padlen);
1400        target = skb_put(chunk->skb, len);
1401
1402        memset(padding, 0, padlen);
1403        memcpy(target, data, len);
1404
1405        /* Adjust the chunk length field.  */
1406        chunk->chunk_hdr->length = htons(chunklen + padlen + len);
1407        chunk->chunk_end = skb_tail_pointer(chunk->skb);
1408
1409        return target;
1410}
1411
1412/* Append bytes to the end of a chunk. Returns NULL if there isn't sufficient
1413 * space in the chunk
1414 */
1415void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk,
1416                             int len, const void *data)
1417{
1418        if (skb_tailroom(chunk->skb) >= len)
1419                return sctp_addto_chunk(chunk, len, data);
1420        else
1421                return NULL;
1422}
1423
1424/* Append bytes from user space to the end of a chunk.  Will panic if
1425 * chunk is not big enough.
1426 * Returns a kernel err value.
1427 */
1428int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len,
1429                          struct iovec *data)
1430{
1431        __u8 *target;
1432        int err = 0;
1433
1434        /* Make room in chunk for data.  */
1435        target = skb_put(chunk->skb, len);
1436
1437        /* Copy data (whole iovec) into chunk */
1438        if ((err = memcpy_fromiovecend(target, data, off, len)))
1439                goto out;
1440
1441        /* Adjust the chunk length field.  */
1442        chunk->chunk_hdr->length =
1443                htons(ntohs(chunk->chunk_hdr->length) + len);
1444        chunk->chunk_end = skb_tail_pointer(chunk->skb);
1445
1446out:
1447        return err;
1448}
1449
1450/* Helper function to assign a TSN if needed.  This assumes that both
1451 * the data_hdr and association have already been assigned.
1452 */
1453void sctp_chunk_assign_ssn(struct sctp_chunk *chunk)
1454{
1455        struct sctp_datamsg *msg;
1456        struct sctp_chunk *lchunk;
1457        struct sctp_stream *stream;
1458        __u16 ssn;
1459        __u16 sid;
1460
1461        if (chunk->has_ssn)
1462                return;
1463
1464        /* All fragments will be on the same stream */
1465        sid = ntohs(chunk->subh.data_hdr->stream);
1466        stream = &chunk->asoc->ssnmap->out;
1467
1468        /* Now assign the sequence number to the entire message.
1469         * All fragments must have the same stream sequence number.
1470         */
1471        msg = chunk->msg;
1472        list_for_each_entry(lchunk, &msg->chunks, frag_list) {
1473                if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) {
1474                        ssn = 0;
1475                } else {
1476                        if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG)
1477                                ssn = sctp_ssn_next(stream, sid);
1478                        else
1479                                ssn = sctp_ssn_peek(stream, sid);
1480                }
1481
1482                lchunk->subh.data_hdr->ssn = htons(ssn);
1483                lchunk->has_ssn = 1;
1484        }
1485}
1486
1487/* Helper function to assign a TSN if needed.  This assumes that both
1488 * the data_hdr and association have already been assigned.
1489 */
1490void sctp_chunk_assign_tsn(struct sctp_chunk *chunk)
1491{
1492        if (!chunk->has_tsn) {
1493                /* This is the last possible instant to
1494                 * assign a TSN.
1495                 */
1496                chunk->subh.data_hdr->tsn =
1497                        htonl(sctp_association_get_next_tsn(chunk->asoc));
1498                chunk->has_tsn = 1;
1499        }
1500}
1501
1502/* Create a CLOSED association to use with an incoming packet.  */
1503struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep,
1504                                        struct sctp_chunk *chunk,
1505                                        gfp_t gfp)
1506{
1507        struct sctp_association *asoc;
1508        struct sk_buff *skb;
1509        sctp_scope_t scope;
1510        struct sctp_af *af;
1511
1512        /* Create the bare association.  */
1513        scope = sctp_scope(sctp_source(chunk));
1514        asoc = sctp_association_new(ep, ep->base.sk, scope, gfp);
1515        if (!asoc)
1516                goto nodata;
1517        asoc->temp = 1;
1518        skb = chunk->skb;
1519        /* Create an entry for the source address of the packet.  */
1520        af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version));
1521        if (unlikely(!af))
1522                goto fail;
1523        af->from_skb(&asoc->c.peer_addr, skb, 1);
1524nodata:
1525        return asoc;
1526
1527fail:
1528        sctp_association_free(asoc);
1529        return NULL;
1530}
1531
1532/* Build a cookie representing asoc.
1533 * This INCLUDES the param header needed to put the cookie in the INIT ACK.
1534 */
1535static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
1536                                      const struct sctp_association *asoc,
1537                                      const struct sctp_chunk *init_chunk,
1538                                      int *cookie_len,
1539                                      const __u8 *raw_addrs, int addrs_len)
1540{
1541        sctp_cookie_param_t *retval;
1542        struct sctp_signed_cookie *cookie;
1543        struct scatterlist sg;
1544        int headersize, bodysize;
1545        unsigned int keylen;
1546        char *key;
1547
1548        /* Header size is static data prior to the actual cookie, including
1549         * any padding.
1550         */
1551        headersize = sizeof(sctp_paramhdr_t) +
1552                     (sizeof(struct sctp_signed_cookie) -
1553                      sizeof(struct sctp_cookie));
1554        bodysize = sizeof(struct sctp_cookie)
1555                + ntohs(init_chunk->chunk_hdr->length) + addrs_len;
1556
1557        /* Pad out the cookie to a multiple to make the signature
1558         * functions simpler to write.
1559         */
1560        if (bodysize % SCTP_COOKIE_MULTIPLE)
1561                bodysize += SCTP_COOKIE_MULTIPLE
1562                        - (bodysize % SCTP_COOKIE_MULTIPLE);
1563        *cookie_len = headersize + bodysize;
1564
1565        /* Clear this memory since we are sending this data structure
1566         * out on the network.
1567         */
1568        retval = kzalloc(*cookie_len, GFP_ATOMIC);
1569        if (!retval)
1570                goto nodata;
1571
1572        cookie = (struct sctp_signed_cookie *) retval->body;
1573
1574        /* Set up the parameter header.  */
1575        retval->p.type = SCTP_PARAM_STATE_COOKIE;
1576        retval->p.length = htons(*cookie_len);
1577
1578        /* Copy the cookie part of the association itself.  */
1579        cookie->c = asoc->c;
1580        /* Save the raw address list length in the cookie. */
1581        cookie->c.raw_addr_list_len = addrs_len;
1582
1583        /* Remember PR-SCTP capability. */
1584        cookie->c.prsctp_capable = asoc->peer.prsctp_capable;
1585
1586        /* Save adaptation indication in the cookie. */
1587        cookie->c.adaptation_ind = asoc->peer.adaptation_ind;
1588
1589        /* Set an expiration time for the cookie.  */
1590        do_gettimeofday(&cookie->c.expiration);
1591        TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration);
1592
1593        /* Copy the peer's init packet.  */
1594        memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr,
1595               ntohs(init_chunk->chunk_hdr->length));
1596
1597        /* Copy the raw local address list of the association. */
1598        memcpy((__u8 *)&cookie->c.peer_init[0] +
1599               ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len);
1600
1601        if (sctp_sk(ep->base.sk)->hmac) {
1602                struct hash_desc desc;
1603
1604                /* Sign the message.  */
1605                sg_init_one(&sg, &cookie->c, bodysize);
1606                keylen = SCTP_SECRET_SIZE;
1607                key = (char *)ep->secret_key[ep->current_key];
1608                desc.tfm = sctp_sk(ep->base.sk)->hmac;
1609                desc.flags = 0;
1610
1611                if (crypto_hash_setkey(desc.tfm, key, keylen) ||
1612                    crypto_hash_digest(&desc, &sg, bodysize, cookie->signature))
1613                        goto free_cookie;
1614        }
1615
1616        return retval;
1617
1618free_cookie:
1619        kfree(retval);
1620nodata:
1621        *cookie_len = 0;
1622        return NULL;
1623}
1624
1625/* Unpack the cookie from COOKIE ECHO chunk, recreating the association.  */
1626struct sctp_association *sctp_unpack_cookie(
1627        const struct sctp_endpoint *ep,
1628        const struct sctp_association *asoc,
1629        struct sctp_chunk *chunk, gfp_t gfp,
1630        int *error, struct sctp_chunk **errp)
1631{
1632        struct sctp_association *retval = NULL;
1633        struct sctp_signed_cookie *cookie;
1634        struct sctp_cookie *bear_cookie;
1635        int headersize, bodysize, fixed_size;
1636        __u8 *digest = ep->digest;
1637        struct scatterlist sg;
1638        unsigned int keylen, len;
1639        char *key;
1640        sctp_scope_t scope;
1641        struct sk_buff *skb = chunk->skb;
1642        struct timeval tv;
1643        struct hash_desc desc;
1644
1645        /* Header size is static data prior to the actual cookie, including
1646         * any padding.
1647         */
1648        headersize = sizeof(sctp_chunkhdr_t) +
1649                     (sizeof(struct sctp_signed_cookie) -
1650                      sizeof(struct sctp_cookie));
1651        bodysize = ntohs(chunk->chunk_hdr->length) - headersize;
1652        fixed_size = headersize + sizeof(struct sctp_cookie);
1653
1654        /* Verify that the chunk looks like it even has a cookie.
1655         * There must be enough room for our cookie and our peer's
1656         * INIT chunk.
1657         */
1658        len = ntohs(chunk->chunk_hdr->length);
1659        if (len < fixed_size + sizeof(struct sctp_chunkhdr))
1660                goto malformed;
1661
1662        /* Verify that the cookie has been padded out. */
1663        if (bodysize % SCTP_COOKIE_MULTIPLE)
1664                goto malformed;
1665
1666        /* Process the cookie.  */
1667        cookie = chunk->subh.cookie_hdr;
1668        bear_cookie = &cookie->c;
1669
1670        if (!sctp_sk(ep->base.sk)->hmac)
1671                goto no_hmac;
1672
1673        /* Check the signature.  */
1674        keylen = SCTP_SECRET_SIZE;
1675        sg_init_one(&sg, bear_cookie, bodysize);
1676        key = (char *)ep->secret_key[ep->current_key];
1677        desc.tfm = sctp_sk(ep->base.sk)->hmac;
1678        desc.flags = 0;
1679
1680        memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
1681        if (crypto_hash_setkey(desc.tfm, key, keylen) ||
1682            crypto_hash_digest(&desc, &sg, bodysize, digest)) {
1683                *error = -SCTP_IERROR_NOMEM;
1684                goto fail;
1685        }
1686
1687        if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
1688                /* Try the previous key. */
1689                key = (char *)ep->secret_key[ep->last_key];
1690                memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
1691                if (crypto_hash_setkey(desc.tfm, key, keylen) ||
1692                    crypto_hash_digest(&desc, &sg, bodysize, digest)) {
1693                        *error = -SCTP_IERROR_NOMEM;
1694                        goto fail;
1695                }
1696
1697                if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
1698                        /* Yikes!  Still bad signature! */
1699                        *error = -SCTP_IERROR_BAD_SIG;
1700                        goto fail;
1701                }
1702        }
1703
1704no_hmac:
1705        /* IG Section 2.35.2:
1706         *  3) Compare the port numbers and the verification tag contained
1707         *     within the COOKIE ECHO chunk to the actual port numbers and the
1708         *     verification tag within the SCTP common header of the received
1709         *     packet. If these values do not match the packet MUST be silently
1710         *     discarded,
1711         */
1712        if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) {
1713                *error = -SCTP_IERROR_BAD_TAG;
1714                goto fail;
1715        }
1716
1717        if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port ||
1718            ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) {
1719                *error = -SCTP_IERROR_BAD_PORTS;
1720                goto fail;
1721        }
1722
1723        /* Check to see if the cookie is stale.  If there is already
1724         * an association, there is no need to check cookie's expiration
1725         * for init collision case of lost COOKIE ACK.
1726         * If skb has been timestamped, then use the stamp, otherwise
1727         * use current time.  This introduces a small possibility that
1728         * that a cookie may be considered expired, but his would only slow
1729         * down the new association establishment instead of every packet.
1730         */
1731        if (sock_flag(ep->base.sk, SOCK_TIMESTAMP))
1732                skb_get_timestamp(skb, &tv);
1733        else
1734                do_gettimeofday(&tv);
1735
1736        if (!asoc && tv_lt(bear_cookie->expiration, tv)) {
1737                /*
1738                 * Section 3.3.10.3 Stale Cookie Error (3)
1739                 *
1740                 * Cause of error
1741                 * ---------------
1742                 * Stale Cookie Error:  Indicates the receipt of a valid State
1743                 * Cookie that has expired.
1744                 */
1745                len = ntohs(chunk->chunk_hdr->length);
1746                *errp = sctp_make_op_error_space(asoc, chunk, len);
1747                if (*errp) {
1748                        suseconds_t usecs = (tv.tv_sec -
1749                                bear_cookie->expiration.tv_sec) * 1000000L +
1750                                tv.tv_usec - bear_cookie->expiration.tv_usec;
1751                        __be32 n = htonl(usecs);
1752
1753                        sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE,
1754                                        sizeof(n));
1755                        sctp_addto_chunk(*errp, sizeof(n), &n);
1756                        *error = -SCTP_IERROR_STALE_COOKIE;
1757                } else
1758                        *error = -SCTP_IERROR_NOMEM;
1759
1760                goto fail;
1761        }
1762
1763        /* Make a new base association.  */
1764        scope = sctp_scope(sctp_source(chunk));
1765        retval = sctp_association_new(ep, ep->base.sk, scope, gfp);
1766        if (!retval) {
1767                *error = -SCTP_IERROR_NOMEM;
1768                goto fail;
1769        }
1770
1771        /* Set up our peer's port number.  */
1772        retval->peer.port = ntohs(chunk->sctp_hdr->source);
1773
1774        /* Populate the association from the cookie.  */
1775        memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie));
1776
1777        if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie,
1778                                                 GFP_ATOMIC) < 0) {
1779                *error = -SCTP_IERROR_NOMEM;
1780                goto fail;
1781        }
1782
1783        /* Also, add the destination address. */
1784        if (list_empty(&retval->base.bind_addr.address_list)) {
1785                sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest,
1786                                SCTP_ADDR_SRC, GFP_ATOMIC);
1787        }
1788
1789        retval->next_tsn = retval->c.initial_tsn;
1790        retval->ctsn_ack_point = retval->next_tsn - 1;
1791        retval->addip_serial = retval->c.initial_tsn;
1792        retval->adv_peer_ack_point = retval->ctsn_ack_point;
1793        retval->peer.prsctp_capable = retval->c.prsctp_capable;
1794        retval->peer.adaptation_ind = retval->c.adaptation_ind;
1795
1796        /* The INIT stuff will be done by the side effects.  */
1797        return retval;
1798
1799fail:
1800        if (retval)
1801                sctp_association_free(retval);
1802
1803        return NULL;
1804
1805malformed:
1806        /* Yikes!  The packet is either corrupt or deliberately
1807         * malformed.
1808         */
1809        *error = -SCTP_IERROR_MALFORMED;
1810        goto fail;
1811}
1812
1813/********************************************************************
1814 * 3rd Level Abstractions
1815 ********************************************************************/
1816
1817struct __sctp_missing {
1818        __be32 num_missing;
1819        __be16 type;
1820}  __attribute__((packed));
1821
1822/*
1823 * Report a missing mandatory parameter.
1824 */
1825static int sctp_process_missing_param(const struct sctp_association *asoc,
1826                                      sctp_param_t paramtype,
1827                                      struct sctp_chunk *chunk,
1828                                      struct sctp_chunk **errp)
1829{
1830        struct __sctp_missing report;
1831        __u16 len;
1832
1833        len = WORD_ROUND(sizeof(report));
1834
1835        /* Make an ERROR chunk, preparing enough room for
1836         * returning multiple unknown parameters.
1837         */
1838        if (!*errp)
1839                *errp = sctp_make_op_error_space(asoc, chunk, len);
1840
1841        if (*errp) {
1842                report.num_missing = htonl(1);
1843                report.type = paramtype;
1844                sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM,
1845                                sizeof(report));
1846                sctp_addto_chunk(*errp, sizeof(report), &report);
1847        }
1848
1849        /* Stop processing this chunk. */
1850        return 0;
1851}
1852
1853/* Report an Invalid Mandatory Parameter.  */
1854static int sctp_process_inv_mandatory(const struct sctp_association *asoc,
1855                                      struct sctp_chunk *chunk,
1856                                      struct sctp_chunk **errp)
1857{
1858        /* Invalid Mandatory Parameter Error has no payload. */
1859
1860        if (!*errp)
1861                *errp = sctp_make_op_error_space(asoc, chunk, 0);
1862
1863        if (*errp)
1864                sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0);
1865
1866        /* Stop processing this chunk. */
1867        return 0;
1868}
1869
1870static int sctp_process_inv_paramlength(const struct sctp_association *asoc,
1871                                        struct sctp_paramhdr *param,
1872                                        const struct sctp_chunk *chunk,
1873                                        struct sctp_chunk **errp)
1874{
1875        /* This is a fatal error.  Any accumulated non-fatal errors are
1876         * not reported.
1877         */
1878        if (*errp)
1879                sctp_chunk_free(*errp);
1880
1881        /* Create an error chunk and fill it in with our payload. */
1882        *errp = sctp_make_violation_paramlen(asoc, chunk, param);
1883
1884        return 0;
1885}
1886
1887
1888/* Do not attempt to handle the HOST_NAME parm.  However, do
1889 * send back an indicator to the peer.
1890 */
1891static int sctp_process_hn_param(const struct sctp_association *asoc,
1892                                 union sctp_params param,
1893                                 struct sctp_chunk *chunk,
1894                                 struct sctp_chunk **errp)
1895{
1896        __u16 len = ntohs(param.p->length);
1897
1898        /* Processing of the HOST_NAME parameter will generate an
1899         * ABORT.  If we've accumulated any non-fatal errors, they
1900         * would be unrecognized parameters and we should not include
1901         * them in the ABORT.
1902         */
1903        if (*errp)
1904                sctp_chunk_free(*errp);
1905
1906        *errp = sctp_make_op_error_space(asoc, chunk, len);
1907
1908        if (*errp) {
1909                sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len);
1910                sctp_addto_chunk(*errp, len, param.v);
1911        }
1912
1913        /* Stop processing this chunk. */
1914        return 0;
1915}
1916
1917static int sctp_verify_ext_param(union sctp_params param)
1918{
1919        __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
1920        int have_auth = 0;
1921        int have_asconf = 0;
1922        int i;
1923
1924        for (i = 0; i < num_ext; i++) {
1925                switch (param.ext->chunks[i]) {
1926                    case SCTP_CID_AUTH:
1927                            have_auth = 1;
1928                            break;
1929                    case SCTP_CID_ASCONF:
1930                    case SCTP_CID_ASCONF_ACK:
1931                            have_asconf = 1;
1932                            break;
1933                }
1934        }
1935
1936        /* ADD-IP Security: The draft requires us to ABORT or ignore the
1937         * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not.  Do this
1938         * only if ADD-IP is turned on and we are not backward-compatible
1939         * mode.
1940         */
1941        if (sctp_addip_noauth)
1942                return 1;
1943
1944        if (sctp_addip_enable && !have_auth && have_asconf)
1945                return 0;
1946
1947        return 1;
1948}
1949
1950static void sctp_process_ext_param(struct sctp_association *asoc,
1951                                    union sctp_params param)
1952{
1953        __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
1954        int i;
1955
1956        for (i = 0; i < num_ext; i++) {
1957                switch (param.ext->chunks[i]) {
1958                    case SCTP_CID_FWD_TSN:
1959                            if (sctp_prsctp_enable &&
1960                                !asoc->peer.prsctp_capable)
1961                                    asoc->peer.prsctp_capable = 1;
1962                            break;
1963                    case SCTP_CID_AUTH:
1964                            /* if the peer reports AUTH, assume that he
1965                             * supports AUTH.
1966                             */
1967                            if (sctp_auth_enable)
1968                                    asoc->peer.auth_capable = 1;
1969                            break;
1970                    case SCTP_CID_ASCONF:
1971                    case SCTP_CID_ASCONF_ACK:
1972                            if (sctp_addip_enable)
1973                                    asoc->peer.asconf_capable = 1;
1974                            break;
1975                    default:
1976                            break;
1977                }
1978        }
1979}
1980
1981/* RFC 3.2.1 & the Implementers Guide 2.2.
1982 *
1983 * The Parameter Types are encoded such that the
1984 * highest-order two bits specify the action that must be
1985 * taken if the processing endpoint does not recognize the
1986 * Parameter Type.
1987 *
1988 * 00 - Stop processing this parameter; do not process any further
1989 *      parameters within this chunk
1990 *
1991 * 01 - Stop processing this parameter, do not process any further
1992 *      parameters within this chunk, and report the unrecognized
1993 *      parameter in an 'Unrecognized Parameter' ERROR chunk.
1994 *
1995 * 10 - Skip this parameter and continue processing.
1996 *
1997 * 11 - Skip this parameter and continue processing but
1998 *      report the unrecognized parameter in an
1999 *      'Unrecognized Parameter' ERROR chunk.
2000 *
2001 * Return value:
2002 *      SCTP_IERROR_NO_ERROR - continue with the chunk
2003 *      SCTP_IERROR_ERROR    - stop and report an error.
2004 *      SCTP_IERROR_NOMEME   - out of memory.
2005 */
2006static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc,
2007                                            union sctp_params param,
2008                                            struct sctp_chunk *chunk,
2009                                            struct sctp_chunk **errp)
2010{
2011        int retval = SCTP_IERROR_NO_ERROR;
2012
2013        switch (param.p->type & SCTP_PARAM_ACTION_MASK) {
2014        case SCTP_PARAM_ACTION_DISCARD:
2015                retval =  SCTP_IERROR_ERROR;
2016                break;
2017        case SCTP_PARAM_ACTION_SKIP:
2018                break;
2019        case SCTP_PARAM_ACTION_DISCARD_ERR:
2020                retval =  SCTP_IERROR_ERROR;
2021                /* Fall through */
2022        case SCTP_PARAM_ACTION_SKIP_ERR:
2023                /* Make an ERROR chunk, preparing enough room for
2024                 * returning multiple unknown parameters.
2025                 */
2026                if (NULL == *errp)
2027                        *errp = sctp_make_op_error_fixed(asoc, chunk);
2028
2029                if (*errp) {
2030                        sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM,
2031                                        WORD_ROUND(ntohs(param.p->length)));
2032                        sctp_addto_chunk_fixed(*errp,
2033                                        WORD_ROUND(ntohs(param.p->length)),
2034                                        param.v);
2035                } else {
2036                        /* If there is no memory for generating the ERROR
2037                         * report as specified, an ABORT will be triggered
2038                         * to the peer and the association won't be
2039                         * established.
2040                         */
2041                        retval = SCTP_IERROR_NOMEM;
2042                }
2043                break;
2044        default:
2045                break;
2046        }
2047
2048        return retval;
2049}
2050
2051/* Verify variable length parameters
2052 * Return values:
2053 *      SCTP_IERROR_ABORT - trigger an ABORT
2054 *      SCTP_IERROR_NOMEM - out of memory (abort)
2055 *      SCTP_IERROR_ERROR - stop processing, trigger an ERROR
2056 *      SCTP_IERROR_NO_ERROR - continue with the chunk
2057 */
2058static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc,
2059                                        union sctp_params param,
2060                                        sctp_cid_t cid,
2061                                        struct sctp_chunk *chunk,
2062                                        struct sctp_chunk **err_chunk)
2063{
2064        struct sctp_hmac_algo_param *hmacs;
2065        int retval = SCTP_IERROR_NO_ERROR;
2066        __u16 n_elt, id = 0;
2067        int i;
2068
2069        /* FIXME - This routine is not looking at each parameter per the
2070         * chunk type, i.e., unrecognized parameters should be further
2071         * identified based on the chunk id.
2072         */
2073
2074        switch (param.p->type) {
2075        case SCTP_PARAM_IPV4_ADDRESS:
2076        case SCTP_PARAM_IPV6_ADDRESS:
2077        case SCTP_PARAM_COOKIE_PRESERVATIVE:
2078        case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2079        case SCTP_PARAM_STATE_COOKIE:
2080        case SCTP_PARAM_HEARTBEAT_INFO:
2081        case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2082        case SCTP_PARAM_ECN_CAPABLE:
2083        case SCTP_PARAM_ADAPTATION_LAYER_IND:
2084                break;
2085
2086        case SCTP_PARAM_SUPPORTED_EXT:
2087                if (!sctp_verify_ext_param(param))
2088                        return SCTP_IERROR_ABORT;
2089                break;
2090
2091        case SCTP_PARAM_SET_PRIMARY:
2092                if (sctp_addip_enable)
2093                        break;
2094                goto fallthrough;
2095
2096        case SCTP_PARAM_HOST_NAME_ADDRESS:
2097                /* Tell the peer, we won't support this param.  */
2098                sctp_process_hn_param(asoc, param, chunk, err_chunk);
2099                retval = SCTP_IERROR_ABORT;
2100                break;
2101
2102        case SCTP_PARAM_FWD_TSN_SUPPORT:
2103                if (sctp_prsctp_enable)
2104                        break;
2105                goto fallthrough;
2106
2107        case SCTP_PARAM_RANDOM:
2108                if (!sctp_auth_enable)
2109                        goto fallthrough;
2110
2111                /* SCTP-AUTH: Secion 6.1
2112                 * If the random number is not 32 byte long the association
2113                 * MUST be aborted.  The ABORT chunk SHOULD contain the error
2114                 * cause 'Protocol Violation'.
2115                 */
2116                if (SCTP_AUTH_RANDOM_LENGTH !=
2117                        ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) {
2118                        sctp_process_inv_paramlength(asoc, param.p,
2119                                                        chunk, err_chunk);
2120                        retval = SCTP_IERROR_ABORT;
2121                }
2122                break;
2123
2124        case SCTP_PARAM_CHUNKS:
2125                if (!sctp_auth_enable)
2126                        goto fallthrough;
2127
2128                /* SCTP-AUTH: Section 3.2
2129                 * The CHUNKS parameter MUST be included once in the INIT or
2130                 *  INIT-ACK chunk if the sender wants to receive authenticated
2131                 *  chunks.  Its maximum length is 260 bytes.
2132                 */
2133                if (260 < ntohs(param.p->length)) {
2134                        sctp_process_inv_paramlength(asoc, param.p,
2135                                                     chunk, err_chunk);
2136                        retval = SCTP_IERROR_ABORT;
2137                }
2138                break;
2139
2140        case SCTP_PARAM_HMAC_ALGO:
2141                if (!sctp_auth_enable)
2142                        goto fallthrough;
2143
2144                hmacs = (struct sctp_hmac_algo_param *)param.p;
2145                n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1;
2146
2147                /* SCTP-AUTH: Section 6.1
2148                 * The HMAC algorithm based on SHA-1 MUST be supported and
2149                 * included in the HMAC-ALGO parameter.
2150                 */
2151                for (i = 0; i < n_elt; i++) {
2152                        id = ntohs(hmacs->hmac_ids[i]);
2153
2154                        if (id == SCTP_AUTH_HMAC_ID_SHA1)
2155                                break;
2156                }
2157
2158                if (id != SCTP_AUTH_HMAC_ID_SHA1) {
2159                        sctp_process_inv_paramlength(asoc, param.p, chunk,
2160                                                     err_chunk);
2161                        retval = SCTP_IERROR_ABORT;
2162                }
2163                break;
2164fallthrough:
2165        default:
2166                SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n",
2167                                ntohs(param.p->type), cid);
2168                retval = sctp_process_unk_param(asoc, param, chunk, err_chunk);
2169                break;
2170        }
2171        return retval;
2172}
2173
2174/* Verify the INIT packet before we process it.  */
2175int sctp_verify_init(const struct sctp_association *asoc,
2176                     sctp_cid_t cid,
2177                     sctp_init_chunk_t *peer_init,
2178                     struct sctp_chunk *chunk,
2179                     struct sctp_chunk **errp)
2180{
2181        union sctp_params param;
2182        int has_cookie = 0;
2183        int result;
2184
2185        /* Verify stream values are non-zero. */
2186        if ((0 == peer_init->init_hdr.num_outbound_streams) ||
2187            (0 == peer_init->init_hdr.num_inbound_streams) ||
2188            (0 == peer_init->init_hdr.init_tag) ||
2189            (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) {
2190
2191                return sctp_process_inv_mandatory(asoc, chunk, errp);
2192        }
2193
2194        /* Check for missing mandatory parameters.  */
2195        sctp_walk_params(param, peer_init, init_hdr.params) {
2196
2197                if (SCTP_PARAM_STATE_COOKIE == param.p->type)
2198                        has_cookie = 1;
2199
2200        } /* for (loop through all parameters) */
2201
2202        /* There is a possibility that a parameter length was bad and
2203         * in that case we would have stoped walking the parameters.
2204         * The current param.p would point at the bad one.
2205         * Current consensus on the mailing list is to generate a PROTOCOL
2206         * VIOLATION error.  We build the ERROR chunk here and let the normal
2207         * error handling code build and send the packet.
2208         */
2209        if (param.v != (void*)chunk->chunk_end)
2210                return sctp_process_inv_paramlength(asoc, param.p, chunk, errp);
2211
2212        /* The only missing mandatory param possible today is
2213         * the state cookie for an INIT-ACK chunk.
2214         */
2215        if ((SCTP_CID_INIT_ACK == cid) && !has_cookie)
2216                return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE,
2217                                                  chunk, errp);
2218
2219        /* Verify all the variable length parameters */
2220        sctp_walk_params(param, peer_init, init_hdr.params) {
2221
2222                result = sctp_verify_param(asoc, param, cid, chunk, errp);
2223                switch (result) {
2224                    case SCTP_IERROR_ABORT:
2225                    case SCTP_IERROR_NOMEM:
2226                                return 0;
2227                    case SCTP_IERROR_ERROR:
2228                                return 1;
2229                    case SCTP_IERROR_NO_ERROR:
2230                    default:
2231                                break;
2232                }
2233
2234        } /* for (loop through all parameters) */
2235
2236        return 1;
2237}
2238
2239/* Unpack the parameters in an INIT packet into an association.
2240 * Returns 0 on failure, else success.
2241 * FIXME:  This is an association method.
2242 */
2243int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid,
2244                      const union sctp_addr *peer_addr,
2245                      sctp_init_chunk_t *peer_init, gfp_t gfp)
2246{
2247        union sctp_params param;
2248        struct sctp_transport *transport;
2249        struct list_head *pos, *temp;
2250        char *cookie;
2251
2252        /* We must include the address that the INIT packet came from.
2253         * This is the only address that matters for an INIT packet.
2254         * When processing a COOKIE ECHO, we retrieve the from address
2255         * of the INIT from the cookie.
2256         */
2257
2258        /* This implementation defaults to making the first transport
2259         * added as the primary transport.  The source address seems to
2260         * be a a better choice than any of the embedded addresses.
2261         */
2262        if (peer_addr) {
2263                if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE))
2264                        goto nomem;
2265        }
2266
2267        /* Process the initialization parameters.  */
2268        sctp_walk_params(param, peer_init, init_hdr.params) {
2269
2270                if (!sctp_process_param(asoc, param, peer_addr, gfp))
2271                        goto clean_up;
2272        }
2273
2274        /* AUTH: After processing the parameters, make sure that we
2275         * have all the required info to potentially do authentications.
2276         */
2277        if (asoc->peer.auth_capable && (!asoc->peer.peer_random ||
2278                                        !asoc->peer.peer_hmacs))
2279                asoc->peer.auth_capable = 0;
2280
2281        /* In a non-backward compatible mode, if the peer claims
2282         * support for ADD-IP but not AUTH,  the ADD-IP spec states
2283         * that we MUST ABORT the association. Section 6.  The section
2284         * also give us an option to silently ignore the packet, which
2285         * is what we'll do here.
2286         */
2287        if (!sctp_addip_noauth &&
2288             (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) {
2289                asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP |
2290                                                  SCTP_PARAM_DEL_IP |
2291                                                  SCTP_PARAM_SET_PRIMARY);
2292                asoc->peer.asconf_capable = 0;
2293                goto clean_up;
2294        }
2295
2296        /* Walk list of transports, removing transports in the UNKNOWN state. */
2297        list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2298                transport = list_entry(pos, struct sctp_transport, transports);
2299                if (transport->state == SCTP_UNKNOWN) {
2300                        sctp_assoc_rm_peer(asoc, transport);
2301                }
2302        }
2303
2304        /* The fixed INIT headers are always in network byte
2305         * order.
2306         */
2307        asoc->peer.i.init_tag =
2308                ntohl(peer_init->init_hdr.init_tag);
2309        asoc->peer.i.a_rwnd =
2310                ntohl(peer_init->init_hdr.a_rwnd);
2311        asoc->peer.i.num_outbound_streams =
2312                ntohs(peer_init->init_hdr.num_outbound_streams);
2313        asoc->peer.i.num_inbound_streams =
2314                ntohs(peer_init->init_hdr.num_inbound_streams);
2315        asoc->peer.i.initial_tsn =
2316                ntohl(peer_init->init_hdr.initial_tsn);
2317
2318        /* Apply the upper bounds for output streams based on peer's
2319         * number of inbound streams.
2320         */
2321        if (asoc->c.sinit_num_ostreams  >
2322            ntohs(peer_init->init_hdr.num_inbound_streams)) {
2323                asoc->c.sinit_num_ostreams =
2324                        ntohs(peer_init->init_hdr.num_inbound_streams);
2325        }
2326
2327        if (asoc->c.sinit_max_instreams >
2328            ntohs(peer_init->init_hdr.num_outbound_streams)) {
2329                asoc->c.sinit_max_instreams =
2330                        ntohs(peer_init->init_hdr.num_outbound_streams);
2331        }
2332
2333        /* Copy Initiation tag from INIT to VT_peer in cookie.   */
2334        asoc->c.peer_vtag = asoc->peer.i.init_tag;
2335
2336        /* Peer Rwnd   : Current calculated value of the peer's rwnd.  */
2337        asoc->peer.rwnd = asoc->peer.i.a_rwnd;
2338
2339        /* Copy cookie in case we need to resend COOKIE-ECHO. */
2340        cookie = asoc->peer.cookie;
2341        if (cookie) {
2342                asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp);
2343                if (!asoc->peer.cookie)
2344                        goto clean_up;
2345        }
2346
2347        /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily
2348         * high (for example, implementations MAY use the size of the receiver
2349         * advertised window).
2350         */
2351        list_for_each_entry(transport, &asoc->peer.transport_addr_list,
2352                        transports) {
2353                transport->ssthresh = asoc->peer.i.a_rwnd;
2354        }
2355
2356        /* Set up the TSN tracking pieces.  */
2357        if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
2358                                asoc->peer.i.initial_tsn, gfp))
2359                goto clean_up;
2360
2361        /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number
2362         *
2363         * The stream sequence number in all the streams shall start
2364         * from 0 when the association is established.  Also, when the
2365         * stream sequence number reaches the value 65535 the next
2366         * stream sequence number shall be set to 0.
2367         */
2368
2369        /* Allocate storage for the negotiated streams if it is not a temporary
2370         * association.
2371         */
2372        if (!asoc->temp) {
2373                int error;
2374
2375                asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams,
2376                                               asoc->c.sinit_num_ostreams, gfp);
2377                if (!asoc->ssnmap)
2378                        goto clean_up;
2379
2380                error = sctp_assoc_set_id(asoc, gfp);
2381                if (error)
2382                        goto clean_up;
2383        }
2384
2385        /* ADDIP Section 4.1 ASCONF Chunk Procedures
2386         *
2387         * When an endpoint has an ASCONF signaled change to be sent to the
2388         * remote endpoint it should do the following:
2389         * ...
2390         * A2) A serial number should be assigned to the Chunk. The serial
2391         * number should be a monotonically increasing number. All serial
2392         * numbers are defined to be initialized at the start of the
2393         * association to the same value as the Initial TSN.
2394         */
2395        asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1;
2396        return 1;
2397
2398clean_up:
2399        /* Release the transport structures. */
2400        list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2401                transport = list_entry(pos, struct sctp_transport, transports);
2402                if (transport->state != SCTP_ACTIVE)
2403                        sctp_assoc_rm_peer(asoc, transport);
2404        }
2405
2406nomem:
2407        return 0;
2408}
2409
2410
2411/* Update asoc with the option described in param.
2412 *
2413 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT
2414 *
2415 * asoc is the association to update.
2416 * param is the variable length parameter to use for update.
2417 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO.
2418 * If the current packet is an INIT we want to minimize the amount of
2419 * work we do.  In particular, we should not build transport
2420 * structures for the addresses.
2421 */
2422static int sctp_process_param(struct sctp_association *asoc,
2423                              union sctp_params param,
2424                              const union sctp_addr *peer_addr,
2425                              gfp_t gfp)
2426{
2427        union sctp_addr addr;
2428        int i;
2429        __u16 sat;
2430        int retval = 1;
2431        sctp_scope_t scope;
2432        time_t stale;
2433        struct sctp_af *af;
2434        union sctp_addr_param *addr_param;
2435        struct sctp_transport *t;
2436
2437        /* We maintain all INIT parameters in network byte order all the
2438         * time.  This allows us to not worry about whether the parameters
2439         * came from a fresh INIT, and INIT ACK, or were stored in a cookie.
2440         */
2441        switch (param.p->type) {
2442        case SCTP_PARAM_IPV6_ADDRESS:
2443                if (PF_INET6 != asoc->base.sk->sk_family)
2444                        break;
2445                goto do_addr_param;
2446
2447        case SCTP_PARAM_IPV4_ADDRESS:
2448                /* v4 addresses are not allowed on v6-only socket */
2449                if (ipv6_only_sock(asoc->base.sk))
2450                        break;
2451do_addr_param:
2452                af = sctp_get_af_specific(param_type2af(param.p->type));
2453                af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0);
2454                scope = sctp_scope(peer_addr);
2455                if (sctp_in_scope(&addr, scope))
2456                        if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED))
2457                                return 0;
2458                break;
2459
2460        case SCTP_PARAM_COOKIE_PRESERVATIVE:
2461                if (!sctp_cookie_preserve_enable)
2462                        break;
2463
2464                stale = ntohl(param.life->lifespan_increment);
2465
2466                /* Suggested Cookie Life span increment's unit is msec,
2467                 * (1/1000sec).
2468                 */
2469                asoc->cookie_life.tv_sec += stale / 1000;
2470                asoc->cookie_life.tv_usec += (stale % 1000) * 1000;
2471                break;
2472
2473        case SCTP_PARAM_HOST_NAME_ADDRESS:
2474                SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n");
2475                break;
2476
2477        case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2478                /* Turn off the default values first so we'll know which
2479                 * ones are really set by the peer.
2480                 */
2481                asoc->peer.ipv4_address = 0;
2482                asoc->peer.ipv6_address = 0;
2483
2484                /* Assume that peer supports the address family
2485                 * by which it sends a packet.
2486                 */
2487                if (peer_addr->sa.sa_family == AF_INET6)
2488                        asoc->peer.ipv6_address = 1;
2489                else if (peer_addr->sa.sa_family == AF_INET)
2490                        asoc->peer.ipv4_address = 1;
2491
2492                /* Cycle through address types; avoid divide by 0. */
2493                sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
2494                if (sat)
2495                        sat /= sizeof(__u16);
2496
2497                for (i = 0; i < sat; ++i) {
2498                        switch (param.sat->types[i]) {
2499                        case SCTP_PARAM_IPV4_ADDRESS:
2500                                asoc->peer.ipv4_address = 1;
2501                                break;
2502
2503                        case SCTP_PARAM_IPV6_ADDRESS:
2504                                if (PF_INET6 == asoc->base.sk->sk_family)
2505                                        asoc->peer.ipv6_address = 1;
2506                                break;
2507
2508                        case SCTP_PARAM_HOST_NAME_ADDRESS:
2509                                asoc->peer.hostname_address = 1;
2510                                break;
2511
2512                        default: /* Just ignore anything else.  */
2513                                break;
2514                        }
2515                }
2516                break;
2517
2518        case SCTP_PARAM_STATE_COOKIE:
2519                asoc->peer.cookie_len =
2520                        ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
2521                asoc->peer.cookie = param.cookie->body;
2522                break;
2523
2524        case SCTP_PARAM_HEARTBEAT_INFO:
2525                /* Would be odd to receive, but it causes no problems. */
2526                break;
2527
2528        case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2529                /* Rejected during verify stage. */
2530                break;
2531
2532        case SCTP_PARAM_ECN_CAPABLE:
2533                asoc->peer.ecn_capable = 1;
2534                break;
2535
2536        case SCTP_PARAM_ADAPTATION_LAYER_IND:
2537                asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind);
2538                break;
2539
2540        case SCTP_PARAM_SET_PRIMARY:
2541                if (!sctp_addip_enable)
2542                        goto fall_through;
2543
2544                addr_param = param.v + sizeof(sctp_addip_param_t);
2545
2546                af = sctp_get_af_specific(param_type2af(param.p->type));
2547                af->from_addr_param(&addr, addr_param,
2548                                    htons(asoc->peer.port), 0);
2549
2550                /* if the address is invalid, we can't process it.
2551                 * XXX: see spec for what to do.
2552                 */
2553                if (!af->addr_valid(&addr, NULL, NULL))
2554                        break;
2555
2556                t = sctp_assoc_lookup_paddr(asoc, &addr);
2557                if (!t)
2558                        break;
2559
2560                sctp_assoc_set_primary(asoc, t);
2561                break;
2562
2563        case SCTP_PARAM_SUPPORTED_EXT:
2564                sctp_process_ext_param(asoc, param);
2565                break;
2566
2567        case SCTP_PARAM_FWD_TSN_SUPPORT:
2568                if (sctp_prsctp_enable) {
2569                        asoc->peer.prsctp_capable = 1;
2570                        break;
2571                }
2572                /* Fall Through */
2573                goto fall_through;
2574
2575        case SCTP_PARAM_RANDOM:
2576                if (!sctp_auth_enable)
2577                        goto fall_through;
2578
2579                /* Save peer's random parameter */
2580                asoc->peer.peer_random = kmemdup(param.p,
2581                                            ntohs(param.p->length), gfp);
2582                if (!asoc->peer.peer_random) {
2583                        retval = 0;
2584                        break;
2585                }
2586                break;
2587
2588        case SCTP_PARAM_HMAC_ALGO:
2589                if (!sctp_auth_enable)
2590                        goto fall_through;
2591
2592                /* Save peer's HMAC list */
2593                asoc->peer.peer_hmacs = kmemdup(param.p,
2594                                            ntohs(param.p->length), gfp);
2595                if (!asoc->peer.peer_hmacs) {
2596                        retval = 0;
2597                        break;
2598                }
2599
2600                /* Set the default HMAC the peer requested*/
2601                sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo);
2602                break;
2603
2604        case SCTP_PARAM_CHUNKS:
2605                if (!sctp_auth_enable)
2606                        goto fall_through;
2607
2608                asoc->peer.peer_chunks = kmemdup(param.p,
2609                                            ntohs(param.p->length), gfp);
2610                if (!asoc->peer.peer_chunks)
2611                        retval = 0;
2612                break;
2613fall_through:
2614        default:
2615                /* Any unrecognized parameters should have been caught
2616                 * and handled by sctp_verify_param() which should be
2617                 * called prior to this routine.  Simply log the error
2618                 * here.
2619                 */
2620                SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n",
2621                                  ntohs(param.p->type), asoc);
2622                break;
2623        }
2624
2625        return retval;
2626}
2627
2628/* Select a new verification tag.  */
2629__u32 sctp_generate_tag(const struct sctp_endpoint *ep)
2630{
2631        /* I believe that this random number generator complies with RFC1750.
2632         * A tag of 0 is reserved for special cases (e.g. INIT).
2633         */
2634        __u32 x;
2635
2636        do {
2637                get_random_bytes(&x, sizeof(__u32));
2638        } while (x == 0);
2639
2640        return x;
2641}
2642
2643/* Select an initial TSN to send during startup.  */
2644__u32 sctp_generate_tsn(const struct sctp_endpoint *ep)
2645{
2646        __u32 retval;
2647
2648        get_random_bytes(&retval, sizeof(__u32));
2649        return retval;
2650}
2651
2652/*
2653 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF)
2654 *      0                   1                   2                   3
2655 *      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2656 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2657 *     | Type = 0xC1   |  Chunk Flags  |      Chunk Length             |
2658 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2659 *     |                       Serial Number                           |
2660 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2661 *     |                    Address Parameter                          |
2662 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2663 *     |                     ASCONF Parameter #1                       |
2664 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2665 *     \                                                               \
2666 *     /                             ....                              /
2667 *     \                                                               \
2668 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2669 *     |                     ASCONF Parameter #N                       |
2670 *      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2671 *
2672 * Address Parameter and other parameter will not be wrapped in this function
2673 */
2674static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc,
2675                                           union sctp_addr *addr,
2676                                           int vparam_len)
2677{
2678        sctp_addiphdr_t asconf;
2679        struct sctp_chunk *retval;
2680        int length = sizeof(asconf) + vparam_len;
2681        union sctp_addr_param addrparam;
2682        int addrlen;
2683        struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2684
2685        addrlen = af->to_addr_param(addr, &addrparam);
2686        if (!addrlen)
2687                return NULL;
2688        length += addrlen;
2689
2690        /* Create the chunk.  */
2691        retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length);
2692        if (!retval)
2693                return NULL;
2694
2695        asconf.serial = htonl(asoc->addip_serial++);
2696
2697        retval->subh.addip_hdr =
2698                sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2699        retval->param_hdr.v =
2700                sctp_addto_chunk(retval, addrlen, &addrparam);
2701
2702        return retval;
2703}
2704
2705/* ADDIP
2706 * 3.2.1 Add IP Address
2707 *      0                   1                   2                   3
2708 *      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2709 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2710 *     |        Type = 0xC001          |    Length = Variable          |
2711 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2712 *     |               ASCONF-Request Correlation ID                   |
2713 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2714 *     |                       Address Parameter                       |
2715 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2716 *
2717 * 3.2.2 Delete IP Address
2718 *      0                   1                   2                   3
2719 *      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2720 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2721 *     |        Type = 0xC002          |    Length = Variable          |
2722 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2723 *     |               ASCONF-Request Correlation ID                   |
2724 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2725 *     |                       Address Parameter                       |
2726 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2727 *
2728 */
2729struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc,
2730                                              union sctp_addr         *laddr,
2731                                              struct sockaddr         *addrs,
2732                                              int                     addrcnt,
2733                                              __be16                  flags)
2734{
2735        sctp_addip_param_t      param;
2736        struct sctp_chunk       *retval;
2737        union sctp_addr_param   addr_param;
2738        union sctp_addr         *addr;
2739        void                    *addr_buf;
2740        struct sctp_af          *af;
2741        int                     paramlen = sizeof(param);
2742        int                     addr_param_len = 0;
2743        int                     totallen = 0;
2744        int                     i;
2745
2746        /* Get total length of all the address parameters. */
2747        addr_buf = addrs;
2748        for (i = 0; i < addrcnt; i++) {
2749                addr = (union sctp_addr *)addr_buf;
2750                af = sctp_get_af_specific(addr->v4.sin_family);
2751                addr_param_len = af->to_addr_param(addr, &addr_param);
2752
2753                totallen += paramlen;
2754                totallen += addr_param_len;
2755
2756                addr_buf += af->sockaddr_len;
2757        }
2758
2759        /* Create an asconf chunk with the required length. */
2760        retval = sctp_make_asconf(asoc, laddr, totallen);
2761        if (!retval)
2762                return NULL;
2763
2764        /* Add the address parameters to the asconf chunk. */
2765        addr_buf = addrs;
2766        for (i = 0; i < addrcnt; i++) {
2767                addr = (union sctp_addr *)addr_buf;
2768                af = sctp_get_af_specific(addr->v4.sin_family);
2769                addr_param_len = af->to_addr_param(addr, &addr_param);
2770                param.param_hdr.type = flags;
2771                param.param_hdr.length = htons(paramlen + addr_param_len);
2772                param.crr_id = i;
2773
2774                sctp_addto_chunk(retval, paramlen, &param);
2775                sctp_addto_chunk(retval, addr_param_len, &addr_param);
2776
2777                addr_buf += af->sockaddr_len;
2778        }
2779        return retval;
2780}
2781
2782/* ADDIP
2783 * 3.2.4 Set Primary IP Address
2784 *      0                   1                   2                   3
2785 *      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2786 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2787 *     |        Type =0xC004           |    Length = Variable          |
2788 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2789 *     |               ASCONF-Request Correlation ID                   |
2790 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2791 *     |                       Address Parameter                       |
2792 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2793 *
2794 * Create an ASCONF chunk with Set Primary IP address parameter.
2795 */
2796struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc,
2797                                             union sctp_addr *addr)
2798{
2799        sctp_addip_param_t      param;
2800        struct sctp_chunk       *retval;
2801        int                     len = sizeof(param);
2802        union sctp_addr_param   addrparam;
2803        int                     addrlen;
2804        struct sctp_af          *af = sctp_get_af_specific(addr->v4.sin_family);
2805
2806        addrlen = af->to_addr_param(addr, &addrparam);
2807        if (!addrlen)
2808                return NULL;
2809        len += addrlen;
2810
2811        /* Create the chunk and make asconf header. */
2812        retval = sctp_make_asconf(asoc, addr, len);
2813        if (!retval)
2814                return NULL;
2815
2816        param.param_hdr.type = SCTP_PARAM_SET_PRIMARY;
2817        param.param_hdr.length = htons(len);
2818        param.crr_id = 0;
2819
2820        sctp_addto_chunk(retval, sizeof(param), &param);
2821        sctp_addto_chunk(retval, addrlen, &addrparam);
2822
2823        return retval;
2824}
2825
2826/* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK)
2827 *      0                   1                   2                   3
2828 *      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2829 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2830 *     | Type = 0x80   |  Chunk Flags  |      Chunk Length             |
2831 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2832 *     |                       Serial Number                           |
2833 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2834 *     |                 ASCONF Parameter Response#1                   |
2835 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2836 *     \                                                               \
2837 *     /                             ....                              /
2838 *     \                                                               \
2839 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2840 *     |                 ASCONF Parameter Response#N                   |
2841 *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2842 *
2843 * Create an ASCONF_ACK chunk with enough space for the parameter responses.
2844 */
2845static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc,
2846                                               __u32 serial, int vparam_len)
2847{
2848        sctp_addiphdr_t         asconf;
2849        struct sctp_chunk       *retval;
2850        int                     length = sizeof(asconf) + vparam_len;
2851
2852        /* Create the chunk.  */
2853        retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length);
2854        if (!retval)
2855                return NULL;
2856
2857        asconf.serial = htonl(serial);
2858
2859        retval->subh.addip_hdr =
2860                sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2861
2862        return retval;
2863}
2864
2865/* Add response parameters to an ASCONF_ACK chunk. */
2866static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id,
2867                              __be16 err_code, sctp_addip_param_t *asconf_param)
2868{
2869        sctp_addip_param_t      ack_param;
2870        sctp_errhdr_t           err_param;
2871        int                     asconf_param_len = 0;
2872        int                     err_param_len = 0;
2873        __be16                  response_type;
2874
2875        if (SCTP_ERROR_NO_ERROR == err_code) {
2876                response_type = SCTP_PARAM_SUCCESS_REPORT;
2877        } else {
2878                response_type = SCTP_PARAM_ERR_CAUSE;
2879                err_param_len = sizeof(err_param);
2880                if (asconf_param)
2881                        asconf_param_len =
2882                                 ntohs(asconf_param->param_hdr.length);
2883        }
2884
2885        /* Add Success Indication or Error Cause Indication parameter. */
2886        ack_param.param_hdr.type = response_type;
2887        ack_param.param_hdr.length = htons(sizeof(ack_param) +
2888                                           err_param_len +
2889                                           asconf_param_len);
2890        ack_param.crr_id = crr_id;
2891        sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param);
2892
2893        if (SCTP_ERROR_NO_ERROR == err_code)
2894                return;
2895
2896        /* Add Error Cause parameter. */
2897        err_param.cause = err_code;
2898        err_param.length = htons(err_param_len + asconf_param_len);
2899        sctp_addto_chunk(chunk, err_param_len, &err_param);
2900
2901        /* Add the failed TLV copied from ASCONF chunk. */
2902        if (asconf_param)
2903                sctp_addto_chunk(chunk, asconf_param_len, asconf_param);
2904}
2905
2906/* Process a asconf parameter. */
2907static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
2908                                       struct sctp_chunk *asconf,
2909                                       sctp_addip_param_t *asconf_param)
2910{
2911        struct sctp_transport *peer;
2912        struct sctp_af *af;
2913        union sctp_addr addr;
2914        union sctp_addr_param *addr_param;
2915
2916        addr_param = (union sctp_addr_param *)
2917                        ((void *)asconf_param + sizeof(sctp_addip_param_t));
2918
2919        if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP &&
2920            asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP &&
2921            asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY)
2922                return SCTP_ERROR_UNKNOWN_PARAM;
2923
2924        switch (addr_param->v4.param_hdr.type) {
2925        case SCTP_PARAM_IPV6_ADDRESS:
2926                if (!asoc->peer.ipv6_address)
2927                        return SCTP_ERROR_DNS_FAILED;
2928                break;
2929        case SCTP_PARAM_IPV4_ADDRESS:
2930                if (!asoc->peer.ipv4_address)
2931                        return SCTP_ERROR_DNS_FAILED;
2932                break;
2933        default:
2934                return SCTP_ERROR_DNS_FAILED;
2935        }
2936
2937        af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type));
2938        if (unlikely(!af))
2939                return SCTP_ERROR_DNS_FAILED;
2940
2941        af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0);
2942
2943        /* ADDIP 4.2.1  This parameter MUST NOT contain a broadcast
2944         * or multicast address.
2945         * (note: wildcard is permitted and requires special handling so
2946         *  make sure we check for that)
2947         */
2948        if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb))
2949                return SCTP_ERROR_DNS_FAILED;
2950
2951        switch (asconf_param->param_hdr.type) {
2952        case SCTP_PARAM_ADD_IP:
2953                /* Section 4.2.1:
2954                 * If the address 0.0.0.0 or ::0 is provided, the source
2955                 * address of the packet MUST be added.
2956                 */
2957                if (af->is_any(&addr))
2958                        memcpy(&addr, &asconf->source, sizeof(addr));
2959
2960                /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address
2961                 * request and does not have the local resources to add this
2962                 * new address to the association, it MUST return an Error
2963                 * Cause TLV set to the new error code 'Operation Refused
2964                 * Due to Resource Shortage'.
2965                 */
2966
2967                peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED);
2968                if (!peer)
2969                        return SCTP_ERROR_RSRC_LOW;
2970
2971                /* Start the heartbeat timer. */
2972                if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer)))
2973                        sctp_transport_hold(peer);
2974                break;
2975        case SCTP_PARAM_DEL_IP:
2976                /* ADDIP 4.3 D7) If a request is received to delete the
2977                 * last remaining IP address of a peer endpoint, the receiver
2978                 * MUST send an Error Cause TLV with the error cause set to the
2979                 * new error code 'Request to Delete Last Remaining IP Address'.
2980                 */
2981                if (asoc->peer.transport_count == 1)
2982                        return SCTP_ERROR_DEL_LAST_IP;
2983
2984                /* ADDIP 4.3 D8) If a request is received to delete an IP
2985                 * address which is also the source address of the IP packet
2986                 * which contained the ASCONF chunk, the receiver MUST reject
2987                 * this request. To reject the request the receiver MUST send
2988                 * an Error Cause TLV set to the new error code 'Request to
2989                 * Delete Source IP Address'
2990                 */
2991                if (sctp_cmp_addr_exact(sctp_source(asconf), &addr))
2992                        return SCTP_ERROR_DEL_SRC_IP;
2993
2994                /* Section 4.2.2
2995                 * If the address 0.0.0.0 or ::0 is provided, all
2996                 * addresses of the peer except the source address of the
2997                 * packet MUST be deleted.
2998                 */
2999                if (af->is_any(&addr)) {
3000                        sctp_assoc_set_primary(asoc, asconf->transport);
3001                        sctp_assoc_del_nonprimary_peers(asoc,
3002                                                        asconf->transport);
3003                } else
3004                        sctp_assoc_del_peer(asoc, &addr);
3005                break;
3006        case SCTP_PARAM_SET_PRIMARY:
3007                /* ADDIP Section 4.2.4
3008                 * If the address 0.0.0.0 or ::0 is provided, the receiver
3009                 * MAY mark the source address of the packet as its
3010                 * primary.
3011                 */
3012                if (af->is_any(&addr))
3013                        memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
3014
3015                peer = sctp_assoc_lookup_paddr(asoc, &addr);
3016                if (!peer)
3017                        return SCTP_ERROR_DNS_FAILED;
3018
3019                sctp_assoc_set_primary(asoc, peer);
3020                break;
3021        }
3022
3023        return SCTP_ERROR_NO_ERROR;
3024}
3025
3026/* Verify the ASCONF packet before we process it.  */
3027int sctp_verify_asconf(const struct sctp_association *asoc,
3028                       struct sctp_paramhdr *param_hdr, void *chunk_end,
3029                       struct sctp_paramhdr **errp) {
3030        sctp_addip_param_t *asconf_param;
3031        union sctp_params param;
3032        int length, plen;
3033
3034        param.v = (sctp_paramhdr_t *) param_hdr;
3035        while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) {
3036                length = ntohs(param.p->length);
3037                *errp = param.p;
3038
3039                if (param.v > chunk_end - length ||
3040                    length < sizeof(sctp_paramhdr_t))
3041                        return 0;
3042
3043                switch (param.p->type) {
3044                case SCTP_PARAM_ADD_IP:
3045                case SCTP_PARAM_DEL_IP:
3046                case SCTP_PARAM_SET_PRIMARY:
3047                        asconf_param = (sctp_addip_param_t *)param.v;
3048                        plen = ntohs(asconf_param->param_hdr.length);
3049                        if (plen < sizeof(sctp_addip_param_t) +
3050                            sizeof(sctp_paramhdr_t))
3051                                return 0;
3052                        break;
3053                case SCTP_PARAM_SUCCESS_REPORT:
3054                case SCTP_PARAM_ADAPTATION_LAYER_IND:
3055                        if (length != sizeof(sctp_addip_param_t))
3056                                return 0;
3057
3058                        break;
3059                default:
3060                        break;
3061                }
3062
3063                param.v += WORD_ROUND(length);
3064        }
3065
3066        if (param.v != chunk_end)
3067                return 0;
3068
3069        return 1;
3070}
3071
3072/* Process an incoming ASCONF chunk with the next expected serial no. and
3073 * return an ASCONF_ACK chunk to be sent in response.
3074 */
3075struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
3076                                       struct sctp_chunk *asconf)
3077{
3078        sctp_addiphdr_t         *hdr;
3079        union sctp_addr_param   *addr_param;
3080        sctp_addip_param_t      *asconf_param;
3081        struct sctp_chunk       *asconf_ack;
3082
3083        __be16  err_code;
3084        int     length = 0;
3085        int     chunk_len;
3086        __u32   serial;
3087        int     all_param_pass = 1;
3088
3089        chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
3090        hdr = (sctp_addiphdr_t *)asconf->skb->data;
3091        serial = ntohl(hdr->serial);
3092
3093        /* Skip the addiphdr and store a pointer to address parameter.  */
3094        length = sizeof(sctp_addiphdr_t);
3095        addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3096        chunk_len -= length;
3097
3098        /* Skip the address parameter and store a pointer to the first
3099         * asconf parameter.
3100         */
3101        length = ntohs(addr_param->v4.param_hdr.length);
3102        asconf_param = (sctp_addip_param_t *)((void *)addr_param + length);
3103        chunk_len -= length;
3104
3105        /* create an ASCONF_ACK chunk.
3106         * Based on the definitions of parameters, we know that the size of
3107         * ASCONF_ACK parameters are less than or equal to the twice of ASCONF
3108         * parameters.
3109         */
3110        asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2);
3111        if (!asconf_ack)
3112                goto done;
3113
3114        /* Process the TLVs contained within the ASCONF chunk. */
3115        while (chunk_len > 0) {
3116                err_code = sctp_process_asconf_param(asoc, asconf,
3117                                                     asconf_param);
3118                /* ADDIP 4.1 A7)
3119                 * If an error response is received for a TLV parameter,
3120                 * all TLVs with no response before the failed TLV are
3121                 * considered successful if not reported.  All TLVs after
3122                 * the failed response are considered unsuccessful unless
3123                 * a specific success indication is present for the parameter.
3124                 */
3125                if (SCTP_ERROR_NO_ERROR != err_code)
3126                        all_param_pass = 0;
3127
3128                if (!all_param_pass)
3129                        sctp_add_asconf_response(asconf_ack,
3130                                                 asconf_param->crr_id, err_code,
3131                                                 asconf_param);
3132
3133                /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add
3134                 * an IP address sends an 'Out of Resource' in its response, it
3135                 * MUST also fail any subsequent add or delete requests bundled
3136                 * in the ASCONF.
3137                 */
3138                if (SCTP_ERROR_RSRC_LOW == err_code)
3139                        goto done;
3140
3141                /* Move to the next ASCONF param. */
3142                length = ntohs(asconf_param->param_hdr.length);
3143                asconf_param = (sctp_addip_param_t *)((void *)asconf_param +
3144                                                      length);
3145                chunk_len -= length;
3146        }
3147
3148done:
3149        asoc->peer.addip_serial++;
3150
3151        /* If we are sending a new ASCONF_ACK hold a reference to it in assoc
3152         * after freeing the reference to old asconf ack if any.
3153         */
3154        if (asconf_ack) {
3155                sctp_chunk_hold(asconf_ack);
3156                list_add_tail(&asconf_ack->transmitted_list,
3157                              &asoc->asconf_ack_list);
3158        }
3159
3160        return asconf_ack;
3161}
3162
3163/* Process a asconf parameter that is successfully acked. */
3164static void sctp_asconf_param_success(struct sctp_association *asoc,
3165                                     sctp_addip_param_t *asconf_param)
3166{
3167        struct sctp_af *af;
3168        union sctp_addr addr;
3169        struct sctp_bind_addr *bp = &asoc->base.bind_addr;
3170        union sctp_addr_param *addr_param;
3171        struct sctp_transport *transport;
3172        struct sctp_sockaddr_entry *saddr;
3173
3174        addr_param = (union sctp_addr_param *)
3175                        ((void *)asconf_param + sizeof(sctp_addip_param_t));
3176
3177        /* We have checked the packet before, so we do not check again. */
3178        af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type));
3179        af->from_addr_param(&addr, addr_param, htons(bp->port), 0);
3180
3181        switch (asconf_param->param_hdr.type) {
3182        case SCTP_PARAM_ADD_IP:
3183                /* This is always done in BH context with a socket lock
3184                 * held, so the list can not change.
3185                 */
3186                local_bh_disable();
3187                list_for_each_entry(saddr, &bp->address_list, list) {
3188                        if (sctp_cmp_addr_exact(&saddr->a, &addr))
3189                                saddr->state = SCTP_ADDR_SRC;
3190                }
3191                local_bh_enable();
3192                list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3193                                transports) {
3194                        if (transport->state == SCTP_ACTIVE)
3195                                continue;
3196                        dst_release(transport->dst);
3197                        sctp_transport_route(transport, NULL,
3198                                             sctp_sk(asoc->base.sk));
3199                }
3200                break;
3201        case SCTP_PARAM_DEL_IP:
3202                local_bh_disable();
3203                sctp_del_bind_addr(bp, &addr);
3204                local_bh_enable();
3205                list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3206                                transports) {
3207                        dst_release(transport->dst);
3208                        sctp_transport_route(transport, NULL,
3209                                             sctp_sk(asoc->base.sk));
3210                }
3211                break;
3212        default:
3213                break;
3214        }
3215}
3216
3217/* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk
3218 * for the given asconf parameter.  If there is no response for this parameter,
3219 * return the error code based on the third argument 'no_err'.
3220 * ADDIP 4.1
3221 * A7) If an error response is received for a TLV parameter, all TLVs with no
3222 * response before the failed TLV are considered successful if not reported.
3223 * All TLVs after the failed response are considered unsuccessful unless a
3224 * specific success indication is present for the parameter.
3225 */
3226static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
3227                                      sctp_addip_param_t *asconf_param,
3228                                      int no_err)
3229{
3230        sctp_addip_param_t      *asconf_ack_param;
3231        sctp_errhdr_t           *err_param;
3232        int                     length;
3233        int                     asconf_ack_len;
3234        __be16                  err_code;
3235
3236        if (no_err)
3237                err_code = SCTP_ERROR_NO_ERROR;
3238        else
3239                err_code = SCTP_ERROR_REQ_REFUSED;
3240
3241        asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) -
3242                             sizeof(sctp_chunkhdr_t);
3243
3244        /* Skip the addiphdr from the asconf_ack chunk and store a pointer to
3245         * the first asconf_ack parameter.
3246         */
3247        length = sizeof(sctp_addiphdr_t);
3248        asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data +
3249                                                  length);
3250        asconf_ack_len -= length;
3251
3252        while (asconf_ack_len > 0) {
3253                if (asconf_ack_param->crr_id == asconf_param->crr_id) {
3254                        switch(asconf_ack_param->param_hdr.type) {
3255                        case SCTP_PARAM_SUCCESS_REPORT:
3256                                return SCTP_ERROR_NO_ERROR;
3257                        case SCTP_PARAM_ERR_CAUSE:
3258                                length = sizeof(sctp_addip_param_t);
3259                                err_param = (sctp_errhdr_t *)
3260                                           ((void *)asconf_ack_param + length);
3261                                asconf_ack_len -= length;
3262                                if (asconf_ack_len > 0)
3263                                        return err_param->cause;
3264                                else
3265                                        return SCTP_ERROR_INV_PARAM;
3266                                break;
3267                        default:
3268                                return SCTP_ERROR_INV_PARAM;
3269                        }
3270                }
3271
3272                length = ntohs(asconf_ack_param->param_hdr.length);
3273                asconf_ack_param = (sctp_addip_param_t *)
3274                                        ((void *)asconf_ack_param + length);
3275                asconf_ack_len -= length;
3276        }
3277
3278        return err_code;
3279}
3280
3281/* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */
3282int sctp_process_asconf_ack(struct sctp_association *asoc,
3283                            struct sctp_chunk *asconf_ack)
3284{
3285        struct sctp_chunk       *asconf = asoc->addip_last_asconf;
3286        union sctp_addr_param   *addr_param;
3287        sctp_addip_param_t      *asconf_param;
3288        int     length = 0;
3289        int     asconf_len = asconf->skb->len;
3290        int     all_param_pass = 0;
3291        int     no_err = 1;
3292        int     retval = 0;
3293        __be16  err_code = SCTP_ERROR_NO_ERROR;
3294
3295        /* Skip the chunkhdr and addiphdr from the last asconf sent and store
3296         * a pointer to address parameter.
3297         */
3298        length = sizeof(sctp_addip_chunk_t);
3299        addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3300        asconf_len -= length;
3301
3302        /* Skip the address parameter in the last asconf sent and store a
3303         * pointer to the first asconf parameter.
3304         */
3305        length = ntohs(addr_param->v4.param_hdr.length);
3306        asconf_param = (sctp_addip_param_t *)((void *)addr_param + length);
3307        asconf_len -= length;
3308
3309        /* ADDIP 4.1
3310         * A8) If there is no response(s) to specific TLV parameter(s), and no
3311         * failures are indicated, then all request(s) are considered
3312         * successful.
3313         */
3314        if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t))
3315                all_param_pass = 1;
3316
3317        /* Process the TLVs contained in the last sent ASCONF chunk. */
3318        while (asconf_len > 0) {
3319                if (all_param_pass)
3320                        err_code = SCTP_ERROR_NO_ERROR;
3321                else {
3322                        err_code = sctp_get_asconf_response(asconf_ack,
3323                                                            asconf_param,
3324                                                            no_err);
3325                        if (no_err && (SCTP_ERROR_NO_ERROR != err_code))
3326                                no_err = 0;
3327                }
3328
3329                switch (err_code) {
3330                case SCTP_ERROR_NO_ERROR:
3331                        sctp_asconf_param_success(asoc, asconf_param);
3332                        break;
3333
3334                case SCTP_ERROR_RSRC_LOW:
3335                        retval = 1;
3336                        break;
3337
3338                case SCTP_ERROR_UNKNOWN_PARAM:
3339                        /* Disable sending this type of asconf parameter in
3340                         * future.
3341                         */
3342                        asoc->peer.addip_disabled_mask |=
3343                                asconf_param->param_hdr.type;
3344                        break;
3345
3346                case SCTP_ERROR_REQ_REFUSED:
3347                case SCTP_ERROR_DEL_LAST_IP:
3348                case SCTP_ERROR_DEL_SRC_IP:
3349                default:
3350                         break;
3351                }
3352
3353                /* Skip the processed asconf parameter and move to the next
3354                 * one.
3355                 */
3356                length = ntohs(asconf_param->param_hdr.length);
3357                asconf_param = (sctp_addip_param_t *)((void *)asconf_param +
3358                                                      length);
3359                asconf_len -= length;
3360        }
3361
3362        /* Free the cached last sent asconf chunk. */
3363        list_del_init(&asconf->transmitted_list);
3364        sctp_chunk_free(asconf);
3365        asoc->addip_last_asconf = NULL;
3366
3367        return retval;
3368}
3369
3370/* Make a FWD TSN chunk. */
3371struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc,
3372                                    __u32 new_cum_tsn, size_t nstreams,
3373                                    struct sctp_fwdtsn_skip *skiplist)
3374{
3375        struct sctp_chunk *retval = NULL;
3376        struct sctp_fwdtsn_chunk *ftsn_chunk;
3377        struct sctp_fwdtsn_hdr ftsn_hdr;
3378        struct sctp_fwdtsn_skip skip;
3379        size_t hint;
3380        int i;
3381
3382        hint = (nstreams + 1) * sizeof(__u32);
3383
3384        retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint);
3385
3386        if (!retval)
3387                return NULL;
3388
3389        ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr;
3390
3391        ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn);
3392        retval->subh.fwdtsn_hdr =
3393                sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr);
3394
3395        for (i = 0; i < nstreams; i++) {
3396                skip.stream = skiplist[i].stream;
3397                skip.ssn = skiplist[i].ssn;
3398                sctp_addto_chunk(retval, sizeof(skip), &skip);
3399        }
3400
3401        return retval;
3402}
3403