1 /* SCTP kernel implementation
2 * Copyright (c) 1999-2000 Cisco, Inc.
3 * Copyright (c) 1999-2001 Motorola, Inc.
4 * Copyright (c) 2001-2003 International Business Machines, Corp.
5 * Copyright (c) 2001 Intel Corp.
6 * Copyright (c) 2001 Nokia, Inc.
7 * Copyright (c) 2001 La Monte H.P. Yarroll
9 * This file is part of the SCTP kernel implementation
11 * These functions handle all input from the IP layer into SCTP.
13 * This SCTP implementation is free software;
14 * you can redistribute it and/or modify it under the terms of
15 * the GNU General Public License as published by
16 * the Free Software Foundation; either version 2, or (at your option)
19 * This SCTP implementation is distributed in the hope that it
20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
21 * ************************
22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
23 * See the GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with GNU CC; see the file COPYING. If not, write to
27 * the Free Software Foundation, 59 Temple Place - Suite 330,
28 * Boston, MA 02111-1307, USA.
30 * Please send any bug reports or fixes you make to the
32 * lksctp developers <lksctp-developers@lists.sourceforge.net>
34 * Or submit a bug report through the following website:
35 * http://www.sf.net/projects/lksctp
37 * Written or modified by:
38 * La Monte H.P. Yarroll <piggy@acm.org>
39 * Karl Knutson <karl@athena.chicago.il.us>
40 * Xingang Guo <xingang.guo@intel.com>
41 * Jon Grimm <jgrimm@us.ibm.com>
42 * Hui Huang <hui.huang@nokia.com>
43 * Daisy Chang <daisyc@us.ibm.com>
44 * Sridhar Samudrala <sri@us.ibm.com>
45 * Ardelle Fan <ardelle.fan@intel.com>
47 * Any bugs reported given to us we will try to fix... any fixes shared will
48 * be incorporated into the next SCTP release.
51 #include <linux/types.h>
52 #include <linux/list.h> /* For struct list_head */
53 #include <linux/socket.h>
55 #include <linux/time.h> /* For struct timeval */
56 #include <linux/slab.h>
62 #include <net/sctp/sctp.h>
63 #include <net/sctp/sm.h>
64 #include <net/sctp/checksum.h>
65 #include <net/net_namespace.h>
67 /* Forward declarations for internal helpers. */
68 static int sctp_rcv_ootb(struct sk_buff
*);
69 static struct sctp_association
*__sctp_rcv_lookup(struct sk_buff
*skb
,
70 const union sctp_addr
*laddr
,
71 const union sctp_addr
*paddr
,
72 struct sctp_transport
**transportp
);
73 static struct sctp_endpoint
*__sctp_rcv_lookup_endpoint(const union sctp_addr
*laddr
);
74 static struct sctp_association
*__sctp_lookup_association(
75 const union sctp_addr
*local
,
76 const union sctp_addr
*peer
,
77 struct sctp_transport
**pt
);
79 static int sctp_add_backlog(struct sock
*sk
, struct sk_buff
*skb
);
82 /* Calculate the SCTP checksum of an SCTP packet. */
83 static inline int sctp_rcv_checksum(struct sk_buff
*skb
)
85 struct sctphdr
*sh
= sctp_hdr(skb
);
86 __le32 cmp
= sh
->checksum
;
89 __u32 tmp
= sctp_start_cksum((__u8
*)sh
, skb_headlen(skb
));
91 skb_walk_frags(skb
, list
)
92 tmp
= sctp_update_cksum((__u8
*)list
->data
, skb_headlen(list
),
95 val
= sctp_end_cksum(tmp
);
98 /* CRC failure, dump it. */
99 SCTP_INC_STATS_BH(SCTP_MIB_CHECKSUMERRORS
);
105 struct sctp_input_cb
{
107 struct inet_skb_parm h4
;
108 #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
109 struct inet6_skb_parm h6
;
112 struct sctp_chunk
*chunk
;
114 #define SCTP_INPUT_CB(__skb) ((struct sctp_input_cb *)&((__skb)->cb[0]))
117 * This is the routine which IP calls when receiving an SCTP packet.
119 int sctp_rcv(struct sk_buff
*skb
)
122 struct sctp_association
*asoc
;
123 struct sctp_endpoint
*ep
= NULL
;
124 struct sctp_ep_common
*rcvr
;
125 struct sctp_transport
*transport
= NULL
;
126 struct sctp_chunk
*chunk
;
129 union sctp_addr dest
;
133 if (skb
->pkt_type
!=PACKET_HOST
)
136 SCTP_INC_STATS_BH(SCTP_MIB_INSCTPPACKS
);
138 if (skb_linearize(skb
))
143 /* Pull up the IP and SCTP headers. */
144 __skb_pull(skb
, skb_transport_offset(skb
));
145 if (skb
->len
< sizeof(struct sctphdr
))
147 if (!sctp_checksum_disable
&& !skb_csum_unnecessary(skb
) &&
148 sctp_rcv_checksum(skb
) < 0)
151 skb_pull(skb
, sizeof(struct sctphdr
));
153 /* Make sure we at least have chunk headers worth of data left. */
154 if (skb
->len
< sizeof(struct sctp_chunkhdr
))
157 family
= ipver2af(ip_hdr(skb
)->version
);
158 af
= sctp_get_af_specific(family
);
162 /* Initialize local addresses for lookups. */
163 af
->from_skb(&src
, skb
, 1);
164 af
->from_skb(&dest
, skb
, 0);
166 /* If the packet is to or from a non-unicast address,
167 * silently discard the packet.
169 * This is not clearly defined in the RFC except in section
170 * 8.4 - OOTB handling. However, based on the book "Stream Control
171 * Transmission Protocol" 2.1, "It is important to note that the
172 * IP address of an SCTP transport address must be a routable
173 * unicast address. In other words, IP multicast addresses and
174 * IP broadcast addresses cannot be used in an SCTP transport
177 if (!af
->addr_valid(&src
, NULL
, skb
) ||
178 !af
->addr_valid(&dest
, NULL
, skb
))
181 asoc
= __sctp_rcv_lookup(skb
, &src
, &dest
, &transport
);
184 ep
= __sctp_rcv_lookup_endpoint(&dest
);
186 /* Retrieve the common input handling substructure. */
187 rcvr
= asoc
? &asoc
->base
: &ep
->base
;
191 * If a frame arrives on an interface and the receiving socket is
192 * bound to another interface, via SO_BINDTODEVICE, treat it as OOTB
194 if (sk
->sk_bound_dev_if
&& (sk
->sk_bound_dev_if
!= af
->skb_iif(skb
)))
197 sctp_association_put(asoc
);
200 sctp_endpoint_put(ep
);
203 sk
= sctp_get_ctl_sock();
204 ep
= sctp_sk(sk
)->ep
;
205 sctp_endpoint_hold(ep
);
210 * RFC 2960, 8.4 - Handle "Out of the blue" Packets.
211 * An SCTP packet is called an "out of the blue" (OOTB)
212 * packet if it is correctly formed, i.e., passed the
213 * receiver's checksum check, but the receiver is not
214 * able to identify the association to which this
218 if (sctp_rcv_ootb(skb
)) {
219 SCTP_INC_STATS_BH(SCTP_MIB_OUTOFBLUES
);
220 goto discard_release
;
224 if (!xfrm_policy_check(sk
, XFRM_POLICY_IN
, skb
, family
))
225 goto discard_release
;
228 if (sk_filter(sk
, skb
))
229 goto discard_release
;
231 /* Create an SCTP packet structure. */
232 chunk
= sctp_chunkify(skb
, asoc
, sk
);
234 goto discard_release
;
235 SCTP_INPUT_CB(skb
)->chunk
= chunk
;
237 /* Remember what endpoint is to handle this packet. */
240 /* Remember the SCTP header. */
241 chunk
->sctp_hdr
= sh
;
243 /* Set the source and destination addresses of the incoming chunk. */
244 sctp_init_addrs(chunk
, &src
, &dest
);
246 /* Remember where we came from. */
247 chunk
->transport
= transport
;
249 /* Acquire access to the sock lock. Note: We are safe from other
250 * bottom halves on this lock, but a user may be in the lock too,
251 * so check if it is busy.
253 sctp_bh_lock_sock(sk
);
255 if (sk
!= rcvr
->sk
) {
256 /* Our cached sk is different from the rcvr->sk. This is
257 * because migrate()/accept() may have moved the association
258 * to a new socket and released all the sockets. So now we
259 * are holding a lock on the old socket while the user may
260 * be doing something with the new socket. Switch our veiw
263 sctp_bh_unlock_sock(sk
);
265 sctp_bh_lock_sock(sk
);
268 if (sock_owned_by_user(sk
)) {
269 if (sctp_add_backlog(sk
, skb
)) {
270 sctp_bh_unlock_sock(sk
);
271 sctp_chunk_free(chunk
);
272 skb
= NULL
; /* sctp_chunk_free already freed the skb */
273 goto discard_release
;
275 SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_BACKLOG
);
277 SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_SOFTIRQ
);
278 sctp_inq_push(&chunk
->rcvr
->inqueue
, chunk
);
281 sctp_bh_unlock_sock(sk
);
283 /* Release the asoc/ep ref we took in the lookup calls. */
285 sctp_association_put(asoc
);
287 sctp_endpoint_put(ep
);
292 SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_DISCARDS
);
297 /* Release the asoc/ep ref we took in the lookup calls. */
299 sctp_association_put(asoc
);
301 sctp_endpoint_put(ep
);
306 /* Process the backlog queue of the socket. Every skb on
307 * the backlog holds a ref on an association or endpoint.
308 * We hold this ref throughout the state machine to make
309 * sure that the structure we need is still around.
311 int sctp_backlog_rcv(struct sock
*sk
, struct sk_buff
*skb
)
313 struct sctp_chunk
*chunk
= SCTP_INPUT_CB(skb
)->chunk
;
314 struct sctp_inq
*inqueue
= &chunk
->rcvr
->inqueue
;
315 struct sctp_ep_common
*rcvr
= NULL
;
320 /* If the rcvr is dead then the association or endpoint
321 * has been deleted and we can safely drop the chunk
322 * and refs that we are holding.
325 sctp_chunk_free(chunk
);
329 if (unlikely(rcvr
->sk
!= sk
)) {
330 /* In this case, the association moved from one socket to
331 * another. We are currently sitting on the backlog of the
332 * old socket, so we need to move.
333 * However, since we are here in the process context we
334 * need to take make sure that the user doesn't own
335 * the new socket when we process the packet.
336 * If the new socket is user-owned, queue the chunk to the
337 * backlog of the new socket without dropping any refs.
338 * Otherwise, we can safely push the chunk on the inqueue.
342 sctp_bh_lock_sock(sk
);
344 if (sock_owned_by_user(sk
)) {
345 if (sk_add_backlog(sk
, skb
))
346 sctp_chunk_free(chunk
);
350 sctp_inq_push(inqueue
, chunk
);
352 sctp_bh_unlock_sock(sk
);
354 /* If the chunk was backloged again, don't drop refs */
358 sctp_inq_push(inqueue
, chunk
);
362 /* Release the refs we took in sctp_add_backlog */
363 if (SCTP_EP_TYPE_ASSOCIATION
== rcvr
->type
)
364 sctp_association_put(sctp_assoc(rcvr
));
365 else if (SCTP_EP_TYPE_SOCKET
== rcvr
->type
)
366 sctp_endpoint_put(sctp_ep(rcvr
));
373 static int sctp_add_backlog(struct sock
*sk
, struct sk_buff
*skb
)
375 struct sctp_chunk
*chunk
= SCTP_INPUT_CB(skb
)->chunk
;
376 struct sctp_ep_common
*rcvr
= chunk
->rcvr
;
379 ret
= sk_add_backlog(sk
, skb
);
381 /* Hold the assoc/ep while hanging on the backlog queue.
382 * This way, we know structures we need will not disappear
385 if (SCTP_EP_TYPE_ASSOCIATION
== rcvr
->type
)
386 sctp_association_hold(sctp_assoc(rcvr
));
387 else if (SCTP_EP_TYPE_SOCKET
== rcvr
->type
)
388 sctp_endpoint_hold(sctp_ep(rcvr
));
396 /* Handle icmp frag needed error. */
397 void sctp_icmp_frag_needed(struct sock
*sk
, struct sctp_association
*asoc
,
398 struct sctp_transport
*t
, __u32 pmtu
)
400 if (!t
|| (t
->pathmtu
<= pmtu
))
403 if (sock_owned_by_user(sk
)) {
404 asoc
->pmtu_pending
= 1;
409 if (t
->param_flags
& SPP_PMTUD_ENABLE
) {
410 /* Update transports view of the MTU */
411 sctp_transport_update_pmtu(t
, pmtu
);
413 /* Update association pmtu. */
414 sctp_assoc_sync_pmtu(asoc
);
417 /* Retransmit with the new pmtu setting.
418 * Normally, if PMTU discovery is disabled, an ICMP Fragmentation
419 * Needed will never be sent, but if a message was sent before
420 * PMTU discovery was disabled that was larger than the PMTU, it
421 * would not be fragmented, so it must be re-transmitted fragmented.
423 sctp_retransmit(&asoc
->outqueue
, t
, SCTP_RTXR_PMTUD
);
427 * SCTP Implementer's Guide, 2.37 ICMP handling procedures
429 * ICMP8) If the ICMP code is a "Unrecognized next header type encountered"
430 * or a "Protocol Unreachable" treat this message as an abort
431 * with the T bit set.
433 * This function sends an event to the state machine, which will abort the
437 void sctp_icmp_proto_unreachable(struct sock
*sk
,
438 struct sctp_association
*asoc
,
439 struct sctp_transport
*t
)
441 SCTP_DEBUG_PRINTK("%s\n", __func__
);
443 if (sock_owned_by_user(sk
)) {
444 if (timer_pending(&t
->proto_unreach_timer
))
447 if (!mod_timer(&t
->proto_unreach_timer
,
449 sctp_association_hold(asoc
);
453 if (timer_pending(&t
->proto_unreach_timer
) &&
454 del_timer(&t
->proto_unreach_timer
))
455 sctp_association_put(asoc
);
457 sctp_do_sm(SCTP_EVENT_T_OTHER
,
458 SCTP_ST_OTHER(SCTP_EVENT_ICMP_PROTO_UNREACH
),
459 asoc
->state
, asoc
->ep
, asoc
, t
,
464 /* Common lookup code for icmp/icmpv6 error handler. */
465 struct sock
*sctp_err_lookup(int family
, struct sk_buff
*skb
,
466 struct sctphdr
*sctphdr
,
467 struct sctp_association
**app
,
468 struct sctp_transport
**tpp
)
470 union sctp_addr saddr
;
471 union sctp_addr daddr
;
473 struct sock
*sk
= NULL
;
474 struct sctp_association
*asoc
;
475 struct sctp_transport
*transport
= NULL
;
476 struct sctp_init_chunk
*chunkhdr
;
477 __u32 vtag
= ntohl(sctphdr
->vtag
);
478 int len
= skb
->len
- ((void *)sctphdr
- (void *)skb
->data
);
480 *app
= NULL
; *tpp
= NULL
;
482 af
= sctp_get_af_specific(family
);
487 /* Initialize local addresses for lookups. */
488 af
->from_skb(&saddr
, skb
, 1);
489 af
->from_skb(&daddr
, skb
, 0);
491 /* Look for an association that matches the incoming ICMP error
494 asoc
= __sctp_lookup_association(&saddr
, &daddr
, &transport
);
500 /* RFC 4960, Appendix C. ICMP Handling
502 * ICMP6) An implementation MUST validate that the Verification Tag
503 * contained in the ICMP message matches the Verification Tag of
504 * the peer. If the Verification Tag is not 0 and does NOT
505 * match, discard the ICMP message. If it is 0 and the ICMP
506 * message contains enough bytes to verify that the chunk type is
507 * an INIT chunk and that the Initiate Tag matches the tag of the
508 * peer, continue with ICMP7. If the ICMP message is too short
509 * or the chunk type or the Initiate Tag does not match, silently
510 * discard the packet.
513 chunkhdr
= (struct sctp_init_chunk
*)((void *)sctphdr
514 + sizeof(struct sctphdr
));
515 if (len
< sizeof(struct sctphdr
) + sizeof(sctp_chunkhdr_t
)
517 chunkhdr
->chunk_hdr
.type
!= SCTP_CID_INIT
||
518 ntohl(chunkhdr
->init_hdr
.init_tag
) != asoc
->c
.my_vtag
) {
521 } else if (vtag
!= asoc
->c
.peer_vtag
) {
525 sctp_bh_lock_sock(sk
);
527 /* If too many ICMPs get dropped on busy
528 * servers this needs to be solved differently.
530 if (sock_owned_by_user(sk
))
531 NET_INC_STATS_BH(&init_net
, LINUX_MIB_LOCKDROPPEDICMPS
);
539 sctp_association_put(asoc
);
543 /* Common cleanup code for icmp/icmpv6 error handler. */
544 void sctp_err_finish(struct sock
*sk
, struct sctp_association
*asoc
)
546 sctp_bh_unlock_sock(sk
);
548 sctp_association_put(asoc
);
552 * This routine is called by the ICMP module when it gets some
553 * sort of error condition. If err < 0 then the socket should
554 * be closed and the error returned to the user. If err > 0
555 * it's just the icmp type << 8 | icmp code. After adjustment
556 * header points to the first 8 bytes of the sctp header. We need
557 * to find the appropriate port.
559 * The locking strategy used here is very "optimistic". When
560 * someone else accesses the socket the ICMP is just dropped
561 * and for some paths there is no check at all.
562 * A more general error queue to queue errors for later handling
563 * is probably better.
566 void sctp_v4_err(struct sk_buff
*skb
, __u32 info
)
568 struct iphdr
*iph
= (struct iphdr
*)skb
->data
;
569 const int ihlen
= iph
->ihl
* 4;
570 const int type
= icmp_hdr(skb
)->type
;
571 const int code
= icmp_hdr(skb
)->code
;
573 struct sctp_association
*asoc
= NULL
;
574 struct sctp_transport
*transport
;
575 struct inet_sock
*inet
;
576 sk_buff_data_t saveip
, savesctp
;
579 if (skb
->len
< ihlen
+ 8) {
580 ICMP_INC_STATS_BH(&init_net
, ICMP_MIB_INERRORS
);
584 /* Fix up skb to look at the embedded net header. */
585 saveip
= skb
->network_header
;
586 savesctp
= skb
->transport_header
;
587 skb_reset_network_header(skb
);
588 skb_set_transport_header(skb
, ihlen
);
589 sk
= sctp_err_lookup(AF_INET
, skb
, sctp_hdr(skb
), &asoc
, &transport
);
590 /* Put back, the original values. */
591 skb
->network_header
= saveip
;
592 skb
->transport_header
= savesctp
;
594 ICMP_INC_STATS_BH(&init_net
, ICMP_MIB_INERRORS
);
597 /* Warning: The sock lock is held. Remember to call
602 case ICMP_PARAMETERPROB
:
605 case ICMP_DEST_UNREACH
:
606 if (code
> NR_ICMP_UNREACH
)
609 /* PMTU discovery (RFC1191) */
610 if (ICMP_FRAG_NEEDED
== code
) {
611 sctp_icmp_frag_needed(sk
, asoc
, transport
, info
);
615 if (ICMP_PROT_UNREACH
== code
) {
616 sctp_icmp_proto_unreachable(sk
, asoc
,
621 err
= icmp_err_convert
[code
].errno
;
623 case ICMP_TIME_EXCEEDED
:
624 /* Ignore any time exceeded errors due to fragment reassembly
627 if (ICMP_EXC_FRAGTIME
== code
)
637 if (!sock_owned_by_user(sk
) && inet
->recverr
) {
639 sk
->sk_error_report(sk
);
640 } else { /* Only an error on timeout */
641 sk
->sk_err_soft
= err
;
645 sctp_err_finish(sk
, asoc
);
649 * RFC 2960, 8.4 - Handle "Out of the blue" Packets.
651 * This function scans all the chunks in the OOTB packet to determine if
652 * the packet should be discarded right away. If a response might be needed
653 * for this packet, or, if further processing is possible, the packet will
654 * be queued to a proper inqueue for the next phase of handling.
657 * Return 0 - If further processing is needed.
658 * Return 1 - If the packet can be discarded right away.
660 static int sctp_rcv_ootb(struct sk_buff
*skb
)
666 ch
= (sctp_chunkhdr_t
*) skb
->data
;
668 /* Scan through all the chunks in the packet. */
670 /* Break out if chunk length is less then minimal. */
671 if (ntohs(ch
->length
) < sizeof(sctp_chunkhdr_t
))
674 ch_end
= ((__u8
*)ch
) + WORD_ROUND(ntohs(ch
->length
));
675 if (ch_end
> skb_tail_pointer(skb
))
678 /* RFC 8.4, 2) If the OOTB packet contains an ABORT chunk, the
679 * receiver MUST silently discard the OOTB packet and take no
682 if (SCTP_CID_ABORT
== ch
->type
)
685 /* RFC 8.4, 6) If the packet contains a SHUTDOWN COMPLETE
686 * chunk, the receiver should silently discard the packet
687 * and take no further action.
689 if (SCTP_CID_SHUTDOWN_COMPLETE
== ch
->type
)
693 * This will discard packets with INIT chunk bundled as
694 * subsequent chunks in the packet. When INIT is first,
695 * the normal INIT processing will discard the chunk.
697 if (SCTP_CID_INIT
== ch
->type
&& (void *)ch
!= skb
->data
)
700 /* RFC 8.4, 7) If the packet contains a "Stale cookie" ERROR
701 * or a COOKIE ACK the SCTP Packet should be silently
704 if (SCTP_CID_COOKIE_ACK
== ch
->type
)
707 if (SCTP_CID_ERROR
== ch
->type
) {
708 sctp_walk_errors(err
, ch
) {
709 if (SCTP_ERROR_STALE_COOKIE
== err
->cause
)
714 ch
= (sctp_chunkhdr_t
*) ch_end
;
715 } while (ch_end
< skb_tail_pointer(skb
));
723 /* Insert endpoint into the hash table. */
724 static void __sctp_hash_endpoint(struct sctp_endpoint
*ep
)
726 struct sctp_ep_common
*epb
;
727 struct sctp_hashbucket
*head
;
731 epb
->hashent
= sctp_ep_hashfn(epb
->bind_addr
.port
);
732 head
= &sctp_ep_hashtable
[epb
->hashent
];
734 sctp_write_lock(&head
->lock
);
735 hlist_add_head(&epb
->node
, &head
->chain
);
736 sctp_write_unlock(&head
->lock
);
739 /* Add an endpoint to the hash. Local BH-safe. */
740 void sctp_hash_endpoint(struct sctp_endpoint
*ep
)
742 sctp_local_bh_disable();
743 __sctp_hash_endpoint(ep
);
744 sctp_local_bh_enable();
747 /* Remove endpoint from the hash table. */
748 static void __sctp_unhash_endpoint(struct sctp_endpoint
*ep
)
750 struct sctp_hashbucket
*head
;
751 struct sctp_ep_common
*epb
;
755 if (hlist_unhashed(&epb
->node
))
758 epb
->hashent
= sctp_ep_hashfn(epb
->bind_addr
.port
);
760 head
= &sctp_ep_hashtable
[epb
->hashent
];
762 sctp_write_lock(&head
->lock
);
763 __hlist_del(&epb
->node
);
764 sctp_write_unlock(&head
->lock
);
767 /* Remove endpoint from the hash. Local BH-safe. */
768 void sctp_unhash_endpoint(struct sctp_endpoint
*ep
)
770 sctp_local_bh_disable();
771 __sctp_unhash_endpoint(ep
);
772 sctp_local_bh_enable();
775 /* Look up an endpoint. */
776 static struct sctp_endpoint
*__sctp_rcv_lookup_endpoint(const union sctp_addr
*laddr
)
778 struct sctp_hashbucket
*head
;
779 struct sctp_ep_common
*epb
;
780 struct sctp_endpoint
*ep
;
781 struct hlist_node
*node
;
784 hash
= sctp_ep_hashfn(ntohs(laddr
->v4
.sin_port
));
785 head
= &sctp_ep_hashtable
[hash
];
786 read_lock(&head
->lock
);
787 sctp_for_each_hentry(epb
, node
, &head
->chain
) {
789 if (sctp_endpoint_is_match(ep
, laddr
))
793 ep
= sctp_sk((sctp_get_ctl_sock()))->ep
;
796 sctp_endpoint_hold(ep
);
797 read_unlock(&head
->lock
);
801 /* Insert association into the hash table. */
802 static void __sctp_hash_established(struct sctp_association
*asoc
)
804 struct sctp_ep_common
*epb
;
805 struct sctp_hashbucket
*head
;
809 /* Calculate which chain this entry will belong to. */
810 epb
->hashent
= sctp_assoc_hashfn(epb
->bind_addr
.port
, asoc
->peer
.port
);
812 head
= &sctp_assoc_hashtable
[epb
->hashent
];
814 sctp_write_lock(&head
->lock
);
815 hlist_add_head(&epb
->node
, &head
->chain
);
816 sctp_write_unlock(&head
->lock
);
819 /* Add an association to the hash. Local BH-safe. */
820 void sctp_hash_established(struct sctp_association
*asoc
)
825 sctp_local_bh_disable();
826 __sctp_hash_established(asoc
);
827 sctp_local_bh_enable();
830 /* Remove association from the hash table. */
831 static void __sctp_unhash_established(struct sctp_association
*asoc
)
833 struct sctp_hashbucket
*head
;
834 struct sctp_ep_common
*epb
;
838 epb
->hashent
= sctp_assoc_hashfn(epb
->bind_addr
.port
,
841 head
= &sctp_assoc_hashtable
[epb
->hashent
];
843 sctp_write_lock(&head
->lock
);
844 __hlist_del(&epb
->node
);
845 sctp_write_unlock(&head
->lock
);
848 /* Remove association from the hash table. Local BH-safe. */
849 void sctp_unhash_established(struct sctp_association
*asoc
)
854 sctp_local_bh_disable();
855 __sctp_unhash_established(asoc
);
856 sctp_local_bh_enable();
859 /* Look up an association. */
860 static struct sctp_association
*__sctp_lookup_association(
861 const union sctp_addr
*local
,
862 const union sctp_addr
*peer
,
863 struct sctp_transport
**pt
)
865 struct sctp_hashbucket
*head
;
866 struct sctp_ep_common
*epb
;
867 struct sctp_association
*asoc
;
868 struct sctp_transport
*transport
;
869 struct hlist_node
*node
;
872 /* Optimize here for direct hit, only listening connections can
873 * have wildcards anyways.
875 hash
= sctp_assoc_hashfn(ntohs(local
->v4
.sin_port
), ntohs(peer
->v4
.sin_port
));
876 head
= &sctp_assoc_hashtable
[hash
];
877 read_lock(&head
->lock
);
878 sctp_for_each_hentry(epb
, node
, &head
->chain
) {
879 asoc
= sctp_assoc(epb
);
880 transport
= sctp_assoc_is_match(asoc
, local
, peer
);
885 read_unlock(&head
->lock
);
891 sctp_association_hold(asoc
);
892 read_unlock(&head
->lock
);
896 /* Look up an association. BH-safe. */
898 struct sctp_association
*sctp_lookup_association(const union sctp_addr
*laddr
,
899 const union sctp_addr
*paddr
,
900 struct sctp_transport
**transportp
)
902 struct sctp_association
*asoc
;
904 sctp_local_bh_disable();
905 asoc
= __sctp_lookup_association(laddr
, paddr
, transportp
);
906 sctp_local_bh_enable();
911 /* Is there an association matching the given local and peer addresses? */
912 int sctp_has_association(const union sctp_addr
*laddr
,
913 const union sctp_addr
*paddr
)
915 struct sctp_association
*asoc
;
916 struct sctp_transport
*transport
;
918 if ((asoc
= sctp_lookup_association(laddr
, paddr
, &transport
))) {
919 sctp_association_put(asoc
);
927 * SCTP Implementors Guide, 2.18 Handling of address
928 * parameters within the INIT or INIT-ACK.
930 * D) When searching for a matching TCB upon reception of an INIT
931 * or INIT-ACK chunk the receiver SHOULD use not only the
932 * source address of the packet (containing the INIT or
933 * INIT-ACK) but the receiver SHOULD also use all valid
934 * address parameters contained within the chunk.
936 * 2.18.3 Solution description
938 * This new text clearly specifies to an implementor the need
939 * to look within the INIT or INIT-ACK. Any implementation that
940 * does not do this, may not be able to establish associations
941 * in certain circumstances.
944 static struct sctp_association
*__sctp_rcv_init_lookup(struct sk_buff
*skb
,
945 const union sctp_addr
*laddr
, struct sctp_transport
**transportp
)
947 struct sctp_association
*asoc
;
948 union sctp_addr addr
;
949 union sctp_addr
*paddr
= &addr
;
950 struct sctphdr
*sh
= sctp_hdr(skb
);
951 union sctp_params params
;
952 sctp_init_chunk_t
*init
;
953 struct sctp_transport
*transport
;
957 * This code will NOT touch anything inside the chunk--it is
958 * strictly READ-ONLY.
960 * RFC 2960 3 SCTP packet Format
962 * Multiple chunks can be bundled into one SCTP packet up to
963 * the MTU size, except for the INIT, INIT ACK, and SHUTDOWN
964 * COMPLETE chunks. These chunks MUST NOT be bundled with any
965 * other chunk in a packet. See Section 6.10 for more details
969 /* Find the start of the TLVs and the end of the chunk. This is
970 * the region we search for address parameters.
972 init
= (sctp_init_chunk_t
*)skb
->data
;
974 /* Walk the parameters looking for embedded addresses. */
975 sctp_walk_params(params
, init
, init_hdr
.params
) {
977 /* Note: Ignoring hostname addresses. */
978 af
= sctp_get_af_specific(param_type2af(params
.p
->type
));
982 af
->from_addr_param(paddr
, params
.addr
, sh
->source
, 0);
984 asoc
= __sctp_lookup_association(laddr
, paddr
, &transport
);
992 /* ADD-IP, Section 5.2
993 * When an endpoint receives an ASCONF Chunk from the remote peer
994 * special procedures may be needed to identify the association the
995 * ASCONF Chunk is associated with. To properly find the association
996 * the following procedures SHOULD be followed:
998 * D2) If the association is not found, use the address found in the
999 * Address Parameter TLV combined with the port number found in the
1000 * SCTP common header. If found proceed to rule D4.
1002 * D2-ext) If more than one ASCONF Chunks are packed together, use the
1003 * address found in the ASCONF Address Parameter TLV of each of the
1004 * subsequent ASCONF Chunks. If found, proceed to rule D4.
1006 static struct sctp_association
*__sctp_rcv_asconf_lookup(
1007 sctp_chunkhdr_t
*ch
,
1008 const union sctp_addr
*laddr
,
1010 struct sctp_transport
**transportp
)
1012 sctp_addip_chunk_t
*asconf
= (struct sctp_addip_chunk
*)ch
;
1014 union sctp_addr_param
*param
;
1015 union sctp_addr paddr
;
1017 /* Skip over the ADDIP header and find the Address parameter */
1018 param
= (union sctp_addr_param
*)(asconf
+ 1);
1020 af
= sctp_get_af_specific(param_type2af(param
->v4
.param_hdr
.type
));
1024 af
->from_addr_param(&paddr
, param
, peer_port
, 0);
1026 return __sctp_lookup_association(laddr
, &paddr
, transportp
);
1030 /* SCTP-AUTH, Section 6.3:
1031 * If the receiver does not find a STCB for a packet containing an AUTH
1032 * chunk as the first chunk and not a COOKIE-ECHO chunk as the second
1033 * chunk, it MUST use the chunks after the AUTH chunk to look up an existing
1036 * This means that any chunks that can help us identify the association need
1037 * to be looked at to find this assocation.
1039 static struct sctp_association
*__sctp_rcv_walk_lookup(struct sk_buff
*skb
,
1040 const union sctp_addr
*laddr
,
1041 struct sctp_transport
**transportp
)
1043 struct sctp_association
*asoc
= NULL
;
1044 sctp_chunkhdr_t
*ch
;
1046 unsigned int chunk_num
= 1;
1049 /* Walk through the chunks looking for AUTH or ASCONF chunks
1050 * to help us find the association.
1052 ch
= (sctp_chunkhdr_t
*) skb
->data
;
1054 /* Break out if chunk length is less then minimal. */
1055 if (ntohs(ch
->length
) < sizeof(sctp_chunkhdr_t
))
1058 ch_end
= ((__u8
*)ch
) + WORD_ROUND(ntohs(ch
->length
));
1059 if (ch_end
> skb_tail_pointer(skb
))
1064 have_auth
= chunk_num
;
1067 case SCTP_CID_COOKIE_ECHO
:
1068 /* If a packet arrives containing an AUTH chunk as
1069 * a first chunk, a COOKIE-ECHO chunk as the second
1070 * chunk, and possibly more chunks after them, and
1071 * the receiver does not have an STCB for that
1072 * packet, then authentication is based on
1073 * the contents of the COOKIE- ECHO chunk.
1075 if (have_auth
== 1 && chunk_num
== 2)
1079 case SCTP_CID_ASCONF
:
1080 if (have_auth
|| sctp_addip_noauth
)
1081 asoc
= __sctp_rcv_asconf_lookup(ch
, laddr
,
1082 sctp_hdr(skb
)->source
,
1091 ch
= (sctp_chunkhdr_t
*) ch_end
;
1093 } while (ch_end
< skb_tail_pointer(skb
));
1099 * There are circumstances when we need to look inside the SCTP packet
1100 * for information to help us find the association. Examples
1101 * include looking inside of INIT/INIT-ACK chunks or after the AUTH
1104 static struct sctp_association
*__sctp_rcv_lookup_harder(struct sk_buff
*skb
,
1105 const union sctp_addr
*laddr
,
1106 struct sctp_transport
**transportp
)
1108 sctp_chunkhdr_t
*ch
;
1110 ch
= (sctp_chunkhdr_t
*) skb
->data
;
1112 /* The code below will attempt to walk the chunk and extract
1113 * parameter information. Before we do that, we need to verify
1114 * that the chunk length doesn't cause overflow. Otherwise, we'll
1117 if (WORD_ROUND(ntohs(ch
->length
)) > skb
->len
)
1120 /* If this is INIT/INIT-ACK look inside the chunk too. */
1123 case SCTP_CID_INIT_ACK
:
1124 return __sctp_rcv_init_lookup(skb
, laddr
, transportp
);
1128 return __sctp_rcv_walk_lookup(skb
, laddr
, transportp
);
1136 /* Lookup an association for an inbound skb. */
1137 static struct sctp_association
*__sctp_rcv_lookup(struct sk_buff
*skb
,
1138 const union sctp_addr
*paddr
,
1139 const union sctp_addr
*laddr
,
1140 struct sctp_transport
**transportp
)
1142 struct sctp_association
*asoc
;
1144 asoc
= __sctp_lookup_association(laddr
, paddr
, transportp
);
1146 /* Further lookup for INIT/INIT-ACK packets.
1147 * SCTP Implementors Guide, 2.18 Handling of address
1148 * parameters within the INIT or INIT-ACK.
1151 asoc
= __sctp_rcv_lookup_harder(skb
, laddr
, transportp
);