Root/
1 | /* SCTP kernel implementation |
2 | * Copyright (c) 1999-2000 Cisco, Inc. |
3 | * Copyright (c) 1999-2001 Motorola, Inc. |
4 | * Copyright (c) 2001-2003 International Business Machines, Corp. |
5 | * Copyright (c) 2001 Intel Corp. |
6 | * Copyright (c) 2001 Nokia, Inc. |
7 | * Copyright (c) 2001 La Monte H.P. Yarroll |
8 | * |
9 | * This file is part of the SCTP kernel implementation |
10 | * |
11 | * These functions handle all input from the IP layer into SCTP. |
12 | * |
13 | * This SCTP implementation is free software; |
14 | * you can redistribute it and/or modify it under the terms of |
15 | * the GNU General Public License as published by |
16 | * the Free Software Foundation; either version 2, or (at your option) |
17 | * any later version. |
18 | * |
19 | * This SCTP implementation is distributed in the hope that it |
20 | * will be useful, but WITHOUT ANY WARRANTY; without even the implied |
21 | * ************************ |
22 | * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
23 | * See the GNU General Public License for more details. |
24 | * |
25 | * You should have received a copy of the GNU General Public License |
26 | * along with GNU CC; see the file COPYING. If not, write to |
27 | * the Free Software Foundation, 59 Temple Place - Suite 330, |
28 | * Boston, MA 02111-1307, USA. |
29 | * |
30 | * Please send any bug reports or fixes you make to the |
31 | * email address(es): |
32 | * lksctp developers <lksctp-developers@lists.sourceforge.net> |
33 | * |
34 | * Or submit a bug report through the following website: |
35 | * http://www.sf.net/projects/lksctp |
36 | * |
37 | * Written or modified by: |
38 | * La Monte H.P. Yarroll <piggy@acm.org> |
39 | * Karl Knutson <karl@athena.chicago.il.us> |
40 | * Xingang Guo <xingang.guo@intel.com> |
41 | * Jon Grimm <jgrimm@us.ibm.com> |
42 | * Hui Huang <hui.huang@nokia.com> |
43 | * Daisy Chang <daisyc@us.ibm.com> |
44 | * Sridhar Samudrala <sri@us.ibm.com> |
45 | * Ardelle Fan <ardelle.fan@intel.com> |
46 | * |
47 | * Any bugs reported given to us we will try to fix... any fixes shared will |
48 | * be incorporated into the next SCTP release. |
49 | */ |
50 | |
51 | #include <linux/types.h> |
52 | #include <linux/list.h> /* For struct list_head */ |
53 | #include <linux/socket.h> |
54 | #include <linux/ip.h> |
55 | #include <linux/time.h> /* For struct timeval */ |
56 | #include <linux/slab.h> |
57 | #include <net/ip.h> |
58 | #include <net/icmp.h> |
59 | #include <net/snmp.h> |
60 | #include <net/sock.h> |
61 | #include <net/xfrm.h> |
62 | #include <net/sctp/sctp.h> |
63 | #include <net/sctp/sm.h> |
64 | #include <net/sctp/checksum.h> |
65 | #include <net/net_namespace.h> |
66 | |
67 | /* Forward declarations for internal helpers. */ |
68 | static int sctp_rcv_ootb(struct sk_buff *); |
69 | static struct sctp_association *__sctp_rcv_lookup(struct sk_buff *skb, |
70 | const union sctp_addr *laddr, |
71 | const union sctp_addr *paddr, |
72 | struct sctp_transport **transportp); |
73 | static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(const union sctp_addr *laddr); |
74 | static struct sctp_association *__sctp_lookup_association( |
75 | const union sctp_addr *local, |
76 | const union sctp_addr *peer, |
77 | struct sctp_transport **pt); |
78 | |
79 | static int sctp_add_backlog(struct sock *sk, struct sk_buff *skb); |
80 | |
81 | |
82 | /* Calculate the SCTP checksum of an SCTP packet. */ |
83 | static inline int sctp_rcv_checksum(struct sk_buff *skb) |
84 | { |
85 | struct sctphdr *sh = sctp_hdr(skb); |
86 | __le32 cmp = sh->checksum; |
87 | struct sk_buff *list; |
88 | __le32 val; |
89 | __u32 tmp = sctp_start_cksum((__u8 *)sh, skb_headlen(skb)); |
90 | |
91 | skb_walk_frags(skb, list) |
92 | tmp = sctp_update_cksum((__u8 *)list->data, skb_headlen(list), |
93 | tmp); |
94 | |
95 | val = sctp_end_cksum(tmp); |
96 | |
97 | if (val != cmp) { |
98 | /* CRC failure, dump it. */ |
99 | SCTP_INC_STATS_BH(SCTP_MIB_CHECKSUMERRORS); |
100 | return -1; |
101 | } |
102 | return 0; |
103 | } |
104 | |
105 | struct sctp_input_cb { |
106 | union { |
107 | struct inet_skb_parm h4; |
108 | #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) |
109 | struct inet6_skb_parm h6; |
110 | #endif |
111 | } header; |
112 | struct sctp_chunk *chunk; |
113 | }; |
114 | #define SCTP_INPUT_CB(__skb) ((struct sctp_input_cb *)&((__skb)->cb[0])) |
115 | |
116 | /* |
117 | * This is the routine which IP calls when receiving an SCTP packet. |
118 | */ |
119 | int sctp_rcv(struct sk_buff *skb) |
120 | { |
121 | struct sock *sk; |
122 | struct sctp_association *asoc; |
123 | struct sctp_endpoint *ep = NULL; |
124 | struct sctp_ep_common *rcvr; |
125 | struct sctp_transport *transport = NULL; |
126 | struct sctp_chunk *chunk; |
127 | struct sctphdr *sh; |
128 | union sctp_addr src; |
129 | union sctp_addr dest; |
130 | int family; |
131 | struct sctp_af *af; |
132 | |
133 | if (skb->pkt_type!=PACKET_HOST) |
134 | goto discard_it; |
135 | |
136 | SCTP_INC_STATS_BH(SCTP_MIB_INSCTPPACKS); |
137 | |
138 | if (skb_linearize(skb)) |
139 | goto discard_it; |
140 | |
141 | sh = sctp_hdr(skb); |
142 | |
143 | /* Pull up the IP and SCTP headers. */ |
144 | __skb_pull(skb, skb_transport_offset(skb)); |
145 | if (skb->len < sizeof(struct sctphdr)) |
146 | goto discard_it; |
147 | if (!sctp_checksum_disable && !skb_csum_unnecessary(skb) && |
148 | sctp_rcv_checksum(skb) < 0) |
149 | goto discard_it; |
150 | |
151 | skb_pull(skb, sizeof(struct sctphdr)); |
152 | |
153 | /* Make sure we at least have chunk headers worth of data left. */ |
154 | if (skb->len < sizeof(struct sctp_chunkhdr)) |
155 | goto discard_it; |
156 | |
157 | family = ipver2af(ip_hdr(skb)->version); |
158 | af = sctp_get_af_specific(family); |
159 | if (unlikely(!af)) |
160 | goto discard_it; |
161 | |
162 | /* Initialize local addresses for lookups. */ |
163 | af->from_skb(&src, skb, 1); |
164 | af->from_skb(&dest, skb, 0); |
165 | |
166 | /* If the packet is to or from a non-unicast address, |
167 | * silently discard the packet. |
168 | * |
169 | * This is not clearly defined in the RFC except in section |
170 | * 8.4 - OOTB handling. However, based on the book "Stream Control |
171 | * Transmission Protocol" 2.1, "It is important to note that the |
172 | * IP address of an SCTP transport address must be a routable |
173 | * unicast address. In other words, IP multicast addresses and |
174 | * IP broadcast addresses cannot be used in an SCTP transport |
175 | * address." |
176 | */ |
177 | if (!af->addr_valid(&src, NULL, skb) || |
178 | !af->addr_valid(&dest, NULL, skb)) |
179 | goto discard_it; |
180 | |
181 | asoc = __sctp_rcv_lookup(skb, &src, &dest, &transport); |
182 | |
183 | if (!asoc) |
184 | ep = __sctp_rcv_lookup_endpoint(&dest); |
185 | |
186 | /* Retrieve the common input handling substructure. */ |
187 | rcvr = asoc ? &asoc->base : &ep->base; |
188 | sk = rcvr->sk; |
189 | |
190 | /* |
191 | * If a frame arrives on an interface and the receiving socket is |
192 | * bound to another interface, via SO_BINDTODEVICE, treat it as OOTB |
193 | */ |
194 | if (sk->sk_bound_dev_if && (sk->sk_bound_dev_if != af->skb_iif(skb))) |
195 | { |
196 | if (asoc) { |
197 | sctp_association_put(asoc); |
198 | asoc = NULL; |
199 | } else { |
200 | sctp_endpoint_put(ep); |
201 | ep = NULL; |
202 | } |
203 | sk = sctp_get_ctl_sock(); |
204 | ep = sctp_sk(sk)->ep; |
205 | sctp_endpoint_hold(ep); |
206 | rcvr = &ep->base; |
207 | } |
208 | |
209 | /* |
210 | * RFC 2960, 8.4 - Handle "Out of the blue" Packets. |
211 | * An SCTP packet is called an "out of the blue" (OOTB) |
212 | * packet if it is correctly formed, i.e., passed the |
213 | * receiver's checksum check, but the receiver is not |
214 | * able to identify the association to which this |
215 | * packet belongs. |
216 | */ |
217 | if (!asoc) { |
218 | if (sctp_rcv_ootb(skb)) { |
219 | SCTP_INC_STATS_BH(SCTP_MIB_OUTOFBLUES); |
220 | goto discard_release; |
221 | } |
222 | } |
223 | |
224 | if (!xfrm_policy_check(sk, XFRM_POLICY_IN, skb, family)) |
225 | goto discard_release; |
226 | nf_reset(skb); |
227 | |
228 | if (sk_filter(sk, skb)) |
229 | goto discard_release; |
230 | |
231 | /* Create an SCTP packet structure. */ |
232 | chunk = sctp_chunkify(skb, asoc, sk); |
233 | if (!chunk) |
234 | goto discard_release; |
235 | SCTP_INPUT_CB(skb)->chunk = chunk; |
236 | |
237 | /* Remember what endpoint is to handle this packet. */ |
238 | chunk->rcvr = rcvr; |
239 | |
240 | /* Remember the SCTP header. */ |
241 | chunk->sctp_hdr = sh; |
242 | |
243 | /* Set the source and destination addresses of the incoming chunk. */ |
244 | sctp_init_addrs(chunk, &src, &dest); |
245 | |
246 | /* Remember where we came from. */ |
247 | chunk->transport = transport; |
248 | |
249 | /* Acquire access to the sock lock. Note: We are safe from other |
250 | * bottom halves on this lock, but a user may be in the lock too, |
251 | * so check if it is busy. |
252 | */ |
253 | sctp_bh_lock_sock(sk); |
254 | |
255 | if (sk != rcvr->sk) { |
256 | /* Our cached sk is different from the rcvr->sk. This is |
257 | * because migrate()/accept() may have moved the association |
258 | * to a new socket and released all the sockets. So now we |
259 | * are holding a lock on the old socket while the user may |
260 | * be doing something with the new socket. Switch our veiw |
261 | * of the current sk. |
262 | */ |
263 | sctp_bh_unlock_sock(sk); |
264 | sk = rcvr->sk; |
265 | sctp_bh_lock_sock(sk); |
266 | } |
267 | |
268 | if (sock_owned_by_user(sk)) { |
269 | if (sctp_add_backlog(sk, skb)) { |
270 | sctp_bh_unlock_sock(sk); |
271 | sctp_chunk_free(chunk); |
272 | skb = NULL; /* sctp_chunk_free already freed the skb */ |
273 | goto discard_release; |
274 | } |
275 | SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_BACKLOG); |
276 | } else { |
277 | SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_SOFTIRQ); |
278 | sctp_inq_push(&chunk->rcvr->inqueue, chunk); |
279 | } |
280 | |
281 | sctp_bh_unlock_sock(sk); |
282 | |
283 | /* Release the asoc/ep ref we took in the lookup calls. */ |
284 | if (asoc) |
285 | sctp_association_put(asoc); |
286 | else |
287 | sctp_endpoint_put(ep); |
288 | |
289 | return 0; |
290 | |
291 | discard_it: |
292 | SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_DISCARDS); |
293 | kfree_skb(skb); |
294 | return 0; |
295 | |
296 | discard_release: |
297 | /* Release the asoc/ep ref we took in the lookup calls. */ |
298 | if (asoc) |
299 | sctp_association_put(asoc); |
300 | else |
301 | sctp_endpoint_put(ep); |
302 | |
303 | goto discard_it; |
304 | } |
305 | |
306 | /* Process the backlog queue of the socket. Every skb on |
307 | * the backlog holds a ref on an association or endpoint. |
308 | * We hold this ref throughout the state machine to make |
309 | * sure that the structure we need is still around. |
310 | */ |
311 | int sctp_backlog_rcv(struct sock *sk, struct sk_buff *skb) |
312 | { |
313 | struct sctp_chunk *chunk = SCTP_INPUT_CB(skb)->chunk; |
314 | struct sctp_inq *inqueue = &chunk->rcvr->inqueue; |
315 | struct sctp_ep_common *rcvr = NULL; |
316 | int backloged = 0; |
317 | |
318 | rcvr = chunk->rcvr; |
319 | |
320 | /* If the rcvr is dead then the association or endpoint |
321 | * has been deleted and we can safely drop the chunk |
322 | * and refs that we are holding. |
323 | */ |
324 | if (rcvr->dead) { |
325 | sctp_chunk_free(chunk); |
326 | goto done; |
327 | } |
328 | |
329 | if (unlikely(rcvr->sk != sk)) { |
330 | /* In this case, the association moved from one socket to |
331 | * another. We are currently sitting on the backlog of the |
332 | * old socket, so we need to move. |
333 | * However, since we are here in the process context we |
334 | * need to take make sure that the user doesn't own |
335 | * the new socket when we process the packet. |
336 | * If the new socket is user-owned, queue the chunk to the |
337 | * backlog of the new socket without dropping any refs. |
338 | * Otherwise, we can safely push the chunk on the inqueue. |
339 | */ |
340 | |
341 | sk = rcvr->sk; |
342 | sctp_bh_lock_sock(sk); |
343 | |
344 | if (sock_owned_by_user(sk)) { |
345 | if (sk_add_backlog(sk, skb)) |
346 | sctp_chunk_free(chunk); |
347 | else |
348 | backloged = 1; |
349 | } else |
350 | sctp_inq_push(inqueue, chunk); |
351 | |
352 | sctp_bh_unlock_sock(sk); |
353 | |
354 | /* If the chunk was backloged again, don't drop refs */ |
355 | if (backloged) |
356 | return 0; |
357 | } else { |
358 | sctp_inq_push(inqueue, chunk); |
359 | } |
360 | |
361 | done: |
362 | /* Release the refs we took in sctp_add_backlog */ |
363 | if (SCTP_EP_TYPE_ASSOCIATION == rcvr->type) |
364 | sctp_association_put(sctp_assoc(rcvr)); |
365 | else if (SCTP_EP_TYPE_SOCKET == rcvr->type) |
366 | sctp_endpoint_put(sctp_ep(rcvr)); |
367 | else |
368 | BUG(); |
369 | |
370 | return 0; |
371 | } |
372 | |
373 | static int sctp_add_backlog(struct sock *sk, struct sk_buff *skb) |
374 | { |
375 | struct sctp_chunk *chunk = SCTP_INPUT_CB(skb)->chunk; |
376 | struct sctp_ep_common *rcvr = chunk->rcvr; |
377 | int ret; |
378 | |
379 | ret = sk_add_backlog(sk, skb); |
380 | if (!ret) { |
381 | /* Hold the assoc/ep while hanging on the backlog queue. |
382 | * This way, we know structures we need will not disappear |
383 | * from us |
384 | */ |
385 | if (SCTP_EP_TYPE_ASSOCIATION == rcvr->type) |
386 | sctp_association_hold(sctp_assoc(rcvr)); |
387 | else if (SCTP_EP_TYPE_SOCKET == rcvr->type) |
388 | sctp_endpoint_hold(sctp_ep(rcvr)); |
389 | else |
390 | BUG(); |
391 | } |
392 | return ret; |
393 | |
394 | } |
395 | |
396 | /* Handle icmp frag needed error. */ |
397 | void sctp_icmp_frag_needed(struct sock *sk, struct sctp_association *asoc, |
398 | struct sctp_transport *t, __u32 pmtu) |
399 | { |
400 | if (!t || (t->pathmtu <= pmtu)) |
401 | return; |
402 | |
403 | if (sock_owned_by_user(sk)) { |
404 | asoc->pmtu_pending = 1; |
405 | t->pmtu_pending = 1; |
406 | return; |
407 | } |
408 | |
409 | if (t->param_flags & SPP_PMTUD_ENABLE) { |
410 | /* Update transports view of the MTU */ |
411 | sctp_transport_update_pmtu(t, pmtu); |
412 | |
413 | /* Update association pmtu. */ |
414 | sctp_assoc_sync_pmtu(asoc); |
415 | } |
416 | |
417 | /* Retransmit with the new pmtu setting. |
418 | * Normally, if PMTU discovery is disabled, an ICMP Fragmentation |
419 | * Needed will never be sent, but if a message was sent before |
420 | * PMTU discovery was disabled that was larger than the PMTU, it |
421 | * would not be fragmented, so it must be re-transmitted fragmented. |
422 | */ |
423 | sctp_retransmit(&asoc->outqueue, t, SCTP_RTXR_PMTUD); |
424 | } |
425 | |
426 | /* |
427 | * SCTP Implementer's Guide, 2.37 ICMP handling procedures |
428 | * |
429 | * ICMP8) If the ICMP code is a "Unrecognized next header type encountered" |
430 | * or a "Protocol Unreachable" treat this message as an abort |
431 | * with the T bit set. |
432 | * |
433 | * This function sends an event to the state machine, which will abort the |
434 | * association. |
435 | * |
436 | */ |
437 | void sctp_icmp_proto_unreachable(struct sock *sk, |
438 | struct sctp_association *asoc, |
439 | struct sctp_transport *t) |
440 | { |
441 | SCTP_DEBUG_PRINTK("%s\n", __func__); |
442 | |
443 | sctp_do_sm(SCTP_EVENT_T_OTHER, |
444 | SCTP_ST_OTHER(SCTP_EVENT_ICMP_PROTO_UNREACH), |
445 | asoc->state, asoc->ep, asoc, t, |
446 | GFP_ATOMIC); |
447 | |
448 | } |
449 | |
450 | /* Common lookup code for icmp/icmpv6 error handler. */ |
451 | struct sock *sctp_err_lookup(int family, struct sk_buff *skb, |
452 | struct sctphdr *sctphdr, |
453 | struct sctp_association **app, |
454 | struct sctp_transport **tpp) |
455 | { |
456 | union sctp_addr saddr; |
457 | union sctp_addr daddr; |
458 | struct sctp_af *af; |
459 | struct sock *sk = NULL; |
460 | struct sctp_association *asoc; |
461 | struct sctp_transport *transport = NULL; |
462 | struct sctp_init_chunk *chunkhdr; |
463 | __u32 vtag = ntohl(sctphdr->vtag); |
464 | int len = skb->len - ((void *)sctphdr - (void *)skb->data); |
465 | |
466 | *app = NULL; *tpp = NULL; |
467 | |
468 | af = sctp_get_af_specific(family); |
469 | if (unlikely(!af)) { |
470 | return NULL; |
471 | } |
472 | |
473 | /* Initialize local addresses for lookups. */ |
474 | af->from_skb(&saddr, skb, 1); |
475 | af->from_skb(&daddr, skb, 0); |
476 | |
477 | /* Look for an association that matches the incoming ICMP error |
478 | * packet. |
479 | */ |
480 | asoc = __sctp_lookup_association(&saddr, &daddr, &transport); |
481 | if (!asoc) |
482 | return NULL; |
483 | |
484 | sk = asoc->base.sk; |
485 | |
486 | /* RFC 4960, Appendix C. ICMP Handling |
487 | * |
488 | * ICMP6) An implementation MUST validate that the Verification Tag |
489 | * contained in the ICMP message matches the Verification Tag of |
490 | * the peer. If the Verification Tag is not 0 and does NOT |
491 | * match, discard the ICMP message. If it is 0 and the ICMP |
492 | * message contains enough bytes to verify that the chunk type is |
493 | * an INIT chunk and that the Initiate Tag matches the tag of the |
494 | * peer, continue with ICMP7. If the ICMP message is too short |
495 | * or the chunk type or the Initiate Tag does not match, silently |
496 | * discard the packet. |
497 | */ |
498 | if (vtag == 0) { |
499 | chunkhdr = (struct sctp_init_chunk *)((void *)sctphdr |
500 | + sizeof(struct sctphdr)); |
501 | if (len < sizeof(struct sctphdr) + sizeof(sctp_chunkhdr_t) |
502 | + sizeof(__be32) || |
503 | chunkhdr->chunk_hdr.type != SCTP_CID_INIT || |
504 | ntohl(chunkhdr->init_hdr.init_tag) != asoc->c.my_vtag) { |
505 | goto out; |
506 | } |
507 | } else if (vtag != asoc->c.peer_vtag) { |
508 | goto out; |
509 | } |
510 | |
511 | sctp_bh_lock_sock(sk); |
512 | |
513 | /* If too many ICMPs get dropped on busy |
514 | * servers this needs to be solved differently. |
515 | */ |
516 | if (sock_owned_by_user(sk)) |
517 | NET_INC_STATS_BH(&init_net, LINUX_MIB_LOCKDROPPEDICMPS); |
518 | |
519 | *app = asoc; |
520 | *tpp = transport; |
521 | return sk; |
522 | |
523 | out: |
524 | if (asoc) |
525 | sctp_association_put(asoc); |
526 | return NULL; |
527 | } |
528 | |
529 | /* Common cleanup code for icmp/icmpv6 error handler. */ |
530 | void sctp_err_finish(struct sock *sk, struct sctp_association *asoc) |
531 | { |
532 | sctp_bh_unlock_sock(sk); |
533 | if (asoc) |
534 | sctp_association_put(asoc); |
535 | } |
536 | |
537 | /* |
538 | * This routine is called by the ICMP module when it gets some |
539 | * sort of error condition. If err < 0 then the socket should |
540 | * be closed and the error returned to the user. If err > 0 |
541 | * it's just the icmp type << 8 | icmp code. After adjustment |
542 | * header points to the first 8 bytes of the sctp header. We need |
543 | * to find the appropriate port. |
544 | * |
545 | * The locking strategy used here is very "optimistic". When |
546 | * someone else accesses the socket the ICMP is just dropped |
547 | * and for some paths there is no check at all. |
548 | * A more general error queue to queue errors for later handling |
549 | * is probably better. |
550 | * |
551 | */ |
552 | void sctp_v4_err(struct sk_buff *skb, __u32 info) |
553 | { |
554 | struct iphdr *iph = (struct iphdr *)skb->data; |
555 | const int ihlen = iph->ihl * 4; |
556 | const int type = icmp_hdr(skb)->type; |
557 | const int code = icmp_hdr(skb)->code; |
558 | struct sock *sk; |
559 | struct sctp_association *asoc = NULL; |
560 | struct sctp_transport *transport; |
561 | struct inet_sock *inet; |
562 | sk_buff_data_t saveip, savesctp; |
563 | int err; |
564 | |
565 | if (skb->len < ihlen + 8) { |
566 | ICMP_INC_STATS_BH(&init_net, ICMP_MIB_INERRORS); |
567 | return; |
568 | } |
569 | |
570 | /* Fix up skb to look at the embedded net header. */ |
571 | saveip = skb->network_header; |
572 | savesctp = skb->transport_header; |
573 | skb_reset_network_header(skb); |
574 | skb_set_transport_header(skb, ihlen); |
575 | sk = sctp_err_lookup(AF_INET, skb, sctp_hdr(skb), &asoc, &transport); |
576 | /* Put back, the original values. */ |
577 | skb->network_header = saveip; |
578 | skb->transport_header = savesctp; |
579 | if (!sk) { |
580 | ICMP_INC_STATS_BH(&init_net, ICMP_MIB_INERRORS); |
581 | return; |
582 | } |
583 | /* Warning: The sock lock is held. Remember to call |
584 | * sctp_err_finish! |
585 | */ |
586 | |
587 | switch (type) { |
588 | case ICMP_PARAMETERPROB: |
589 | err = EPROTO; |
590 | break; |
591 | case ICMP_DEST_UNREACH: |
592 | if (code > NR_ICMP_UNREACH) |
593 | goto out_unlock; |
594 | |
595 | /* PMTU discovery (RFC1191) */ |
596 | if (ICMP_FRAG_NEEDED == code) { |
597 | sctp_icmp_frag_needed(sk, asoc, transport, info); |
598 | goto out_unlock; |
599 | } |
600 | else { |
601 | if (ICMP_PROT_UNREACH == code) { |
602 | sctp_icmp_proto_unreachable(sk, asoc, |
603 | transport); |
604 | goto out_unlock; |
605 | } |
606 | } |
607 | err = icmp_err_convert[code].errno; |
608 | break; |
609 | case ICMP_TIME_EXCEEDED: |
610 | /* Ignore any time exceeded errors due to fragment reassembly |
611 | * timeouts. |
612 | */ |
613 | if (ICMP_EXC_FRAGTIME == code) |
614 | goto out_unlock; |
615 | |
616 | err = EHOSTUNREACH; |
617 | break; |
618 | default: |
619 | goto out_unlock; |
620 | } |
621 | |
622 | inet = inet_sk(sk); |
623 | if (!sock_owned_by_user(sk) && inet->recverr) { |
624 | sk->sk_err = err; |
625 | sk->sk_error_report(sk); |
626 | } else { /* Only an error on timeout */ |
627 | sk->sk_err_soft = err; |
628 | } |
629 | |
630 | out_unlock: |
631 | sctp_err_finish(sk, asoc); |
632 | } |
633 | |
634 | /* |
635 | * RFC 2960, 8.4 - Handle "Out of the blue" Packets. |
636 | * |
637 | * This function scans all the chunks in the OOTB packet to determine if |
638 | * the packet should be discarded right away. If a response might be needed |
639 | * for this packet, or, if further processing is possible, the packet will |
640 | * be queued to a proper inqueue for the next phase of handling. |
641 | * |
642 | * Output: |
643 | * Return 0 - If further processing is needed. |
644 | * Return 1 - If the packet can be discarded right away. |
645 | */ |
646 | static int sctp_rcv_ootb(struct sk_buff *skb) |
647 | { |
648 | sctp_chunkhdr_t *ch; |
649 | __u8 *ch_end; |
650 | sctp_errhdr_t *err; |
651 | |
652 | ch = (sctp_chunkhdr_t *) skb->data; |
653 | |
654 | /* Scan through all the chunks in the packet. */ |
655 | do { |
656 | /* Break out if chunk length is less then minimal. */ |
657 | if (ntohs(ch->length) < sizeof(sctp_chunkhdr_t)) |
658 | break; |
659 | |
660 | ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length)); |
661 | if (ch_end > skb_tail_pointer(skb)) |
662 | break; |
663 | |
664 | /* RFC 8.4, 2) If the OOTB packet contains an ABORT chunk, the |
665 | * receiver MUST silently discard the OOTB packet and take no |
666 | * further action. |
667 | */ |
668 | if (SCTP_CID_ABORT == ch->type) |
669 | goto discard; |
670 | |
671 | /* RFC 8.4, 6) If the packet contains a SHUTDOWN COMPLETE |
672 | * chunk, the receiver should silently discard the packet |
673 | * and take no further action. |
674 | */ |
675 | if (SCTP_CID_SHUTDOWN_COMPLETE == ch->type) |
676 | goto discard; |
677 | |
678 | /* RFC 4460, 2.11.2 |
679 | * This will discard packets with INIT chunk bundled as |
680 | * subsequent chunks in the packet. When INIT is first, |
681 | * the normal INIT processing will discard the chunk. |
682 | */ |
683 | if (SCTP_CID_INIT == ch->type && (void *)ch != skb->data) |
684 | goto discard; |
685 | |
686 | /* RFC 8.4, 7) If the packet contains a "Stale cookie" ERROR |
687 | * or a COOKIE ACK the SCTP Packet should be silently |
688 | * discarded. |
689 | */ |
690 | if (SCTP_CID_COOKIE_ACK == ch->type) |
691 | goto discard; |
692 | |
693 | if (SCTP_CID_ERROR == ch->type) { |
694 | sctp_walk_errors(err, ch) { |
695 | if (SCTP_ERROR_STALE_COOKIE == err->cause) |
696 | goto discard; |
697 | } |
698 | } |
699 | |
700 | ch = (sctp_chunkhdr_t *) ch_end; |
701 | } while (ch_end < skb_tail_pointer(skb)); |
702 | |
703 | return 0; |
704 | |
705 | discard: |
706 | return 1; |
707 | } |
708 | |
709 | /* Insert endpoint into the hash table. */ |
710 | static void __sctp_hash_endpoint(struct sctp_endpoint *ep) |
711 | { |
712 | struct sctp_ep_common *epb; |
713 | struct sctp_hashbucket *head; |
714 | |
715 | epb = &ep->base; |
716 | |
717 | epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); |
718 | head = &sctp_ep_hashtable[epb->hashent]; |
719 | |
720 | sctp_write_lock(&head->lock); |
721 | hlist_add_head(&epb->node, &head->chain); |
722 | sctp_write_unlock(&head->lock); |
723 | } |
724 | |
725 | /* Add an endpoint to the hash. Local BH-safe. */ |
726 | void sctp_hash_endpoint(struct sctp_endpoint *ep) |
727 | { |
728 | sctp_local_bh_disable(); |
729 | __sctp_hash_endpoint(ep); |
730 | sctp_local_bh_enable(); |
731 | } |
732 | |
733 | /* Remove endpoint from the hash table. */ |
734 | static void __sctp_unhash_endpoint(struct sctp_endpoint *ep) |
735 | { |
736 | struct sctp_hashbucket *head; |
737 | struct sctp_ep_common *epb; |
738 | |
739 | epb = &ep->base; |
740 | |
741 | if (hlist_unhashed(&epb->node)) |
742 | return; |
743 | |
744 | epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); |
745 | |
746 | head = &sctp_ep_hashtable[epb->hashent]; |
747 | |
748 | sctp_write_lock(&head->lock); |
749 | __hlist_del(&epb->node); |
750 | sctp_write_unlock(&head->lock); |
751 | } |
752 | |
753 | /* Remove endpoint from the hash. Local BH-safe. */ |
754 | void sctp_unhash_endpoint(struct sctp_endpoint *ep) |
755 | { |
756 | sctp_local_bh_disable(); |
757 | __sctp_unhash_endpoint(ep); |
758 | sctp_local_bh_enable(); |
759 | } |
760 | |
761 | /* Look up an endpoint. */ |
762 | static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(const union sctp_addr *laddr) |
763 | { |
764 | struct sctp_hashbucket *head; |
765 | struct sctp_ep_common *epb; |
766 | struct sctp_endpoint *ep; |
767 | struct hlist_node *node; |
768 | int hash; |
769 | |
770 | hash = sctp_ep_hashfn(ntohs(laddr->v4.sin_port)); |
771 | head = &sctp_ep_hashtable[hash]; |
772 | read_lock(&head->lock); |
773 | sctp_for_each_hentry(epb, node, &head->chain) { |
774 | ep = sctp_ep(epb); |
775 | if (sctp_endpoint_is_match(ep, laddr)) |
776 | goto hit; |
777 | } |
778 | |
779 | ep = sctp_sk((sctp_get_ctl_sock()))->ep; |
780 | |
781 | hit: |
782 | sctp_endpoint_hold(ep); |
783 | read_unlock(&head->lock); |
784 | return ep; |
785 | } |
786 | |
787 | /* Insert association into the hash table. */ |
788 | static void __sctp_hash_established(struct sctp_association *asoc) |
789 | { |
790 | struct sctp_ep_common *epb; |
791 | struct sctp_hashbucket *head; |
792 | |
793 | epb = &asoc->base; |
794 | |
795 | /* Calculate which chain this entry will belong to. */ |
796 | epb->hashent = sctp_assoc_hashfn(epb->bind_addr.port, asoc->peer.port); |
797 | |
798 | head = &sctp_assoc_hashtable[epb->hashent]; |
799 | |
800 | sctp_write_lock(&head->lock); |
801 | hlist_add_head(&epb->node, &head->chain); |
802 | sctp_write_unlock(&head->lock); |
803 | } |
804 | |
805 | /* Add an association to the hash. Local BH-safe. */ |
806 | void sctp_hash_established(struct sctp_association *asoc) |
807 | { |
808 | if (asoc->temp) |
809 | return; |
810 | |
811 | sctp_local_bh_disable(); |
812 | __sctp_hash_established(asoc); |
813 | sctp_local_bh_enable(); |
814 | } |
815 | |
816 | /* Remove association from the hash table. */ |
817 | static void __sctp_unhash_established(struct sctp_association *asoc) |
818 | { |
819 | struct sctp_hashbucket *head; |
820 | struct sctp_ep_common *epb; |
821 | |
822 | epb = &asoc->base; |
823 | |
824 | epb->hashent = sctp_assoc_hashfn(epb->bind_addr.port, |
825 | asoc->peer.port); |
826 | |
827 | head = &sctp_assoc_hashtable[epb->hashent]; |
828 | |
829 | sctp_write_lock(&head->lock); |
830 | __hlist_del(&epb->node); |
831 | sctp_write_unlock(&head->lock); |
832 | } |
833 | |
834 | /* Remove association from the hash table. Local BH-safe. */ |
835 | void sctp_unhash_established(struct sctp_association *asoc) |
836 | { |
837 | if (asoc->temp) |
838 | return; |
839 | |
840 | sctp_local_bh_disable(); |
841 | __sctp_unhash_established(asoc); |
842 | sctp_local_bh_enable(); |
843 | } |
844 | |
845 | /* Look up an association. */ |
846 | static struct sctp_association *__sctp_lookup_association( |
847 | const union sctp_addr *local, |
848 | const union sctp_addr *peer, |
849 | struct sctp_transport **pt) |
850 | { |
851 | struct sctp_hashbucket *head; |
852 | struct sctp_ep_common *epb; |
853 | struct sctp_association *asoc; |
854 | struct sctp_transport *transport; |
855 | struct hlist_node *node; |
856 | int hash; |
857 | |
858 | /* Optimize here for direct hit, only listening connections can |
859 | * have wildcards anyways. |
860 | */ |
861 | hash = sctp_assoc_hashfn(ntohs(local->v4.sin_port), ntohs(peer->v4.sin_port)); |
862 | head = &sctp_assoc_hashtable[hash]; |
863 | read_lock(&head->lock); |
864 | sctp_for_each_hentry(epb, node, &head->chain) { |
865 | asoc = sctp_assoc(epb); |
866 | transport = sctp_assoc_is_match(asoc, local, peer); |
867 | if (transport) |
868 | goto hit; |
869 | } |
870 | |
871 | read_unlock(&head->lock); |
872 | |
873 | return NULL; |
874 | |
875 | hit: |
876 | *pt = transport; |
877 | sctp_association_hold(asoc); |
878 | read_unlock(&head->lock); |
879 | return asoc; |
880 | } |
881 | |
882 | /* Look up an association. BH-safe. */ |
883 | SCTP_STATIC |
884 | struct sctp_association *sctp_lookup_association(const union sctp_addr *laddr, |
885 | const union sctp_addr *paddr, |
886 | struct sctp_transport **transportp) |
887 | { |
888 | struct sctp_association *asoc; |
889 | |
890 | sctp_local_bh_disable(); |
891 | asoc = __sctp_lookup_association(laddr, paddr, transportp); |
892 | sctp_local_bh_enable(); |
893 | |
894 | return asoc; |
895 | } |
896 | |
897 | /* Is there an association matching the given local and peer addresses? */ |
898 | int sctp_has_association(const union sctp_addr *laddr, |
899 | const union sctp_addr *paddr) |
900 | { |
901 | struct sctp_association *asoc; |
902 | struct sctp_transport *transport; |
903 | |
904 | if ((asoc = sctp_lookup_association(laddr, paddr, &transport))) { |
905 | sctp_association_put(asoc); |
906 | return 1; |
907 | } |
908 | |
909 | return 0; |
910 | } |
911 | |
912 | /* |
913 | * SCTP Implementors Guide, 2.18 Handling of address |
914 | * parameters within the INIT or INIT-ACK. |
915 | * |
916 | * D) When searching for a matching TCB upon reception of an INIT |
917 | * or INIT-ACK chunk the receiver SHOULD use not only the |
918 | * source address of the packet (containing the INIT or |
919 | * INIT-ACK) but the receiver SHOULD also use all valid |
920 | * address parameters contained within the chunk. |
921 | * |
922 | * 2.18.3 Solution description |
923 | * |
924 | * This new text clearly specifies to an implementor the need |
925 | * to look within the INIT or INIT-ACK. Any implementation that |
926 | * does not do this, may not be able to establish associations |
927 | * in certain circumstances. |
928 | * |
929 | */ |
930 | static struct sctp_association *__sctp_rcv_init_lookup(struct sk_buff *skb, |
931 | const union sctp_addr *laddr, struct sctp_transport **transportp) |
932 | { |
933 | struct sctp_association *asoc; |
934 | union sctp_addr addr; |
935 | union sctp_addr *paddr = &addr; |
936 | struct sctphdr *sh = sctp_hdr(skb); |
937 | sctp_chunkhdr_t *ch; |
938 | union sctp_params params; |
939 | sctp_init_chunk_t *init; |
940 | struct sctp_transport *transport; |
941 | struct sctp_af *af; |
942 | |
943 | ch = (sctp_chunkhdr_t *) skb->data; |
944 | |
945 | /* |
946 | * This code will NOT touch anything inside the chunk--it is |
947 | * strictly READ-ONLY. |
948 | * |
949 | * RFC 2960 3 SCTP packet Format |
950 | * |
951 | * Multiple chunks can be bundled into one SCTP packet up to |
952 | * the MTU size, except for the INIT, INIT ACK, and SHUTDOWN |
953 | * COMPLETE chunks. These chunks MUST NOT be bundled with any |
954 | * other chunk in a packet. See Section 6.10 for more details |
955 | * on chunk bundling. |
956 | */ |
957 | |
958 | /* Find the start of the TLVs and the end of the chunk. This is |
959 | * the region we search for address parameters. |
960 | */ |
961 | init = (sctp_init_chunk_t *)skb->data; |
962 | |
963 | /* Walk the parameters looking for embedded addresses. */ |
964 | sctp_walk_params(params, init, init_hdr.params) { |
965 | |
966 | /* Note: Ignoring hostname addresses. */ |
967 | af = sctp_get_af_specific(param_type2af(params.p->type)); |
968 | if (!af) |
969 | continue; |
970 | |
971 | af->from_addr_param(paddr, params.addr, sh->source, 0); |
972 | |
973 | asoc = __sctp_lookup_association(laddr, paddr, &transport); |
974 | if (asoc) |
975 | return asoc; |
976 | } |
977 | |
978 | return NULL; |
979 | } |
980 | |
981 | /* ADD-IP, Section 5.2 |
982 | * When an endpoint receives an ASCONF Chunk from the remote peer |
983 | * special procedures may be needed to identify the association the |
984 | * ASCONF Chunk is associated with. To properly find the association |
985 | * the following procedures SHOULD be followed: |
986 | * |
987 | * D2) If the association is not found, use the address found in the |
988 | * Address Parameter TLV combined with the port number found in the |
989 | * SCTP common header. If found proceed to rule D4. |
990 | * |
991 | * D2-ext) If more than one ASCONF Chunks are packed together, use the |
992 | * address found in the ASCONF Address Parameter TLV of each of the |
993 | * subsequent ASCONF Chunks. If found, proceed to rule D4. |
994 | */ |
995 | static struct sctp_association *__sctp_rcv_asconf_lookup( |
996 | sctp_chunkhdr_t *ch, |
997 | const union sctp_addr *laddr, |
998 | __be16 peer_port, |
999 | struct sctp_transport **transportp) |
1000 | { |
1001 | sctp_addip_chunk_t *asconf = (struct sctp_addip_chunk *)ch; |
1002 | struct sctp_af *af; |
1003 | union sctp_addr_param *param; |
1004 | union sctp_addr paddr; |
1005 | |
1006 | /* Skip over the ADDIP header and find the Address parameter */ |
1007 | param = (union sctp_addr_param *)(asconf + 1); |
1008 | |
1009 | af = sctp_get_af_specific(param_type2af(param->v4.param_hdr.type)); |
1010 | if (unlikely(!af)) |
1011 | return NULL; |
1012 | |
1013 | af->from_addr_param(&paddr, param, peer_port, 0); |
1014 | |
1015 | return __sctp_lookup_association(laddr, &paddr, transportp); |
1016 | } |
1017 | |
1018 | |
1019 | /* SCTP-AUTH, Section 6.3: |
1020 | * If the receiver does not find a STCB for a packet containing an AUTH |
1021 | * chunk as the first chunk and not a COOKIE-ECHO chunk as the second |
1022 | * chunk, it MUST use the chunks after the AUTH chunk to look up an existing |
1023 | * association. |
1024 | * |
1025 | * This means that any chunks that can help us identify the association need |
1026 | * to be looked at to find this assocation. |
1027 | */ |
1028 | static struct sctp_association *__sctp_rcv_walk_lookup(struct sk_buff *skb, |
1029 | const union sctp_addr *laddr, |
1030 | struct sctp_transport **transportp) |
1031 | { |
1032 | struct sctp_association *asoc = NULL; |
1033 | sctp_chunkhdr_t *ch; |
1034 | int have_auth = 0; |
1035 | unsigned int chunk_num = 1; |
1036 | __u8 *ch_end; |
1037 | |
1038 | /* Walk through the chunks looking for AUTH or ASCONF chunks |
1039 | * to help us find the association. |
1040 | */ |
1041 | ch = (sctp_chunkhdr_t *) skb->data; |
1042 | do { |
1043 | /* Break out if chunk length is less then minimal. */ |
1044 | if (ntohs(ch->length) < sizeof(sctp_chunkhdr_t)) |
1045 | break; |
1046 | |
1047 | ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length)); |
1048 | if (ch_end > skb_tail_pointer(skb)) |
1049 | break; |
1050 | |
1051 | switch(ch->type) { |
1052 | case SCTP_CID_AUTH: |
1053 | have_auth = chunk_num; |
1054 | break; |
1055 | |
1056 | case SCTP_CID_COOKIE_ECHO: |
1057 | /* If a packet arrives containing an AUTH chunk as |
1058 | * a first chunk, a COOKIE-ECHO chunk as the second |
1059 | * chunk, and possibly more chunks after them, and |
1060 | * the receiver does not have an STCB for that |
1061 | * packet, then authentication is based on |
1062 | * the contents of the COOKIE- ECHO chunk. |
1063 | */ |
1064 | if (have_auth == 1 && chunk_num == 2) |
1065 | return NULL; |
1066 | break; |
1067 | |
1068 | case SCTP_CID_ASCONF: |
1069 | if (have_auth || sctp_addip_noauth) |
1070 | asoc = __sctp_rcv_asconf_lookup(ch, laddr, |
1071 | sctp_hdr(skb)->source, |
1072 | transportp); |
1073 | default: |
1074 | break; |
1075 | } |
1076 | |
1077 | if (asoc) |
1078 | break; |
1079 | |
1080 | ch = (sctp_chunkhdr_t *) ch_end; |
1081 | chunk_num++; |
1082 | } while (ch_end < skb_tail_pointer(skb)); |
1083 | |
1084 | return asoc; |
1085 | } |
1086 | |
1087 | /* |
1088 | * There are circumstances when we need to look inside the SCTP packet |
1089 | * for information to help us find the association. Examples |
1090 | * include looking inside of INIT/INIT-ACK chunks or after the AUTH |
1091 | * chunks. |
1092 | */ |
1093 | static struct sctp_association *__sctp_rcv_lookup_harder(struct sk_buff *skb, |
1094 | const union sctp_addr *laddr, |
1095 | struct sctp_transport **transportp) |
1096 | { |
1097 | sctp_chunkhdr_t *ch; |
1098 | |
1099 | ch = (sctp_chunkhdr_t *) skb->data; |
1100 | |
1101 | /* The code below will attempt to walk the chunk and extract |
1102 | * parameter information. Before we do that, we need to verify |
1103 | * that the chunk length doesn't cause overflow. Otherwise, we'll |
1104 | * walk off the end. |
1105 | */ |
1106 | if (WORD_ROUND(ntohs(ch->length)) > skb->len) |
1107 | return NULL; |
1108 | |
1109 | /* If this is INIT/INIT-ACK look inside the chunk too. */ |
1110 | switch (ch->type) { |
1111 | case SCTP_CID_INIT: |
1112 | case SCTP_CID_INIT_ACK: |
1113 | return __sctp_rcv_init_lookup(skb, laddr, transportp); |
1114 | break; |
1115 | |
1116 | default: |
1117 | return __sctp_rcv_walk_lookup(skb, laddr, transportp); |
1118 | break; |
1119 | } |
1120 | |
1121 | |
1122 | return NULL; |
1123 | } |
1124 | |
1125 | /* Lookup an association for an inbound skb. */ |
1126 | static struct sctp_association *__sctp_rcv_lookup(struct sk_buff *skb, |
1127 | const union sctp_addr *paddr, |
1128 | const union sctp_addr *laddr, |
1129 | struct sctp_transport **transportp) |
1130 | { |
1131 | struct sctp_association *asoc; |
1132 | |
1133 | asoc = __sctp_lookup_association(laddr, paddr, transportp); |
1134 | |
1135 | /* Further lookup for INIT/INIT-ACK packets. |
1136 | * SCTP Implementors Guide, 2.18 Handling of address |
1137 | * parameters within the INIT or INIT-ACK. |
1138 | */ |
1139 | if (!asoc) |
1140 | asoc = __sctp_rcv_lookup_harder(skb, laddr, transportp); |
1141 | |
1142 | return asoc; |
1143 | } |
1144 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9