1 /* SCTP kernel reference Implementation
2 * Copyright (c) 1999-2000 Cisco, Inc.
3 * Copyright (c) 1999-2001 Motorola, Inc.
4 * Copyright (c) 2001-2003 International Business Machines, Corp.
5 * Copyright (c) 2001 Intel Corp.
6 * Copyright (c) 2001 Nokia, Inc.
7 * Copyright (c) 2001 La Monte H.P. Yarroll
8 *
9 * This file is part of the SCTP kernel reference Implementation
10 *
11 * These functions handle all input from the IP layer into SCTP.
12 *
13 * The SCTP reference implementation is free software;
14 * you can redistribute it and/or modify it under the terms of
15 * the GNU General Public License as published by
16 * the Free Software Foundation; either version 2, or (at your option)
17 * any later version.
18 *
19 * The SCTP reference implementation is distributed in the hope that it
20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
21 * ************************
22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
23 * See the GNU General Public License for more details.
24 *
25 * You should have received a copy of the GNU General Public License
26 * along with GNU CC; see the file COPYING. If not, write to
27 * the Free Software Foundation, 59 Temple Place - Suite 330,
28 * Boston, MA 02111-1307, USA.
29 *
30 * Please send any bug reports or fixes you make to the
31 * email address(es):
32 * lksctp developers <lksctp-developers@lists.sourceforge.net>
33 *
34 * Or submit a bug report through the following website:
35 * http://www.sf.net/projects/lksctp
36 *
37 * Written or modified by:
38 * La Monte H.P. Yarroll <piggy@acm.org>
39 * Karl Knutson <karl@athena.chicago.il.us>
40 * Xingang Guo <xingang.guo@intel.com>
41 * Jon Grimm <jgrimm@us.ibm.com>
42 * Hui Huang <hui.huang@nokia.com>
43 * Daisy Chang <daisyc@us.ibm.com>
44 * Sridhar Samudrala <sri@us.ibm.com>
45 * Ardelle Fan <ardelle.fan@intel.com>
46 *
47 * Any bugs reported given to us we will try to fix... any fixes shared will
48 * be incorporated into the next SCTP release.
49 */
50
51 #include <linux/types.h>
52 #include <linux/list.h> /* For struct list_head */
53 #include <linux/socket.h>
54 #include <linux/ip.h>
55 #include <linux/time.h> /* For struct timeval */
56 #include <net/ip.h>
57 #include <net/icmp.h>
58 #include <net/snmp.h>
59 #include <net/sock.h>
60 #include <linux/ipsec.h>
61 #include <net/sctp/sctp.h>
62 #include <net/sctp/sm.h>
63
64 /* Forward declarations for internal helpers. */
65 static int sctp_rcv_ootb(struct sk_buff *);
66 static struct sctp_association *__sctp_rcv_lookup(struct sk_buff *skb,
67 const union sctp_addr *laddr,
68 const union sctp_addr *paddr,
69 struct sctp_transport **transportp);
70 static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(const union sctp_addr *laddr);
71 static struct sctp_association *__sctp_lookup_association(
72 const union sctp_addr *local,
73 const union sctp_addr *peer,
74 struct sctp_transport **pt);
75
76
77 /* Calculate the SCTP checksum of an SCTP packet. */
sctp_rcv_checksum(struct sk_buff * skb)78 static inline int sctp_rcv_checksum(struct sk_buff *skb)
79 {
80 struct sctphdr *sh;
81 __u32 cmp, val;
82 struct sk_buff *list = skb_shinfo(skb)->frag_list;
83
84 sh = (struct sctphdr *) skb->h.raw;
85 cmp = ntohl(sh->checksum);
86
87 val = sctp_start_cksum((__u8 *)sh, skb_headlen(skb));
88
89 for (; list; list = list->next)
90 val = sctp_update_cksum((__u8 *)list->data, skb_headlen(list),
91 val);
92
93 val = sctp_end_cksum(val);
94
95 if (val != cmp) {
96 /* CRC failure, dump it. */
97 SCTP_INC_STATS_BH(SctpChecksumErrors);
98 return -1;
99 }
100 return 0;
101 }
102
103 /*
104 * This is the routine which IP calls when receiving an SCTP packet.
105 */
sctp_rcv(struct sk_buff * skb)106 int sctp_rcv(struct sk_buff *skb)
107 {
108 struct sock *sk;
109 struct sctp_association *asoc;
110 struct sctp_endpoint *ep = NULL;
111 struct sctp_ep_common *rcvr;
112 struct sctp_transport *transport = NULL;
113 struct sctp_chunk *chunk;
114 struct sctphdr *sh;
115 union sctp_addr src;
116 union sctp_addr dest;
117 int family;
118 struct sctp_af *af;
119 int ret = 0;
120
121 if (skb->pkt_type!=PACKET_HOST)
122 goto discard_it;
123
124 SCTP_INC_STATS_BH(SctpInSCTPPacks);
125
126 if (skb_linearize(skb, GFP_ATOMIC) != 0)
127 goto discard_it;
128
129 sh = (struct sctphdr *) skb->h.raw;
130
131 /* Pull up the IP and SCTP headers. */
132 __skb_pull(skb, skb->h.raw - skb->data);
133 if (skb->len < sizeof(struct sctphdr))
134 goto discard_it;
135 if (sctp_rcv_checksum(skb) < 0)
136 goto discard_it;
137
138 skb_pull(skb, sizeof(struct sctphdr));
139
140 /* Make sure we at least have chunk headers worth of data left. */
141 if (skb->len < sizeof(struct sctp_chunkhdr))
142 goto discard_it;
143
144 family = ipver2af(skb->nh.iph->version);
145 af = sctp_get_af_specific(family);
146 if (unlikely(!af))
147 goto discard_it;
148
149 /* Initialize local addresses for lookups. */
150 af->from_skb(&src, skb, 1);
151 af->from_skb(&dest, skb, 0);
152
153 /* If the packet is to or from a non-unicast address,
154 * silently discard the packet.
155 *
156 * This is not clearly defined in the RFC except in section
157 * 8.4 - OOTB handling. However, based on the book "Stream Control
158 * Transmission Protocol" 2.1, "It is important to note that the
159 * IP address of an SCTP transport address must be a routable
160 * unicast address. In other words, IP multicast addresses and
161 * IP broadcast addresses cannot be used in an SCTP transport
162 * address."
163 */
164 if (!af->addr_valid(&src, NULL) || !af->addr_valid(&dest, NULL))
165 goto discard_it;
166
167 asoc = __sctp_rcv_lookup(skb, &src, &dest, &transport);
168
169 /*
170 * RFC 2960, 8.4 - Handle "Out of the blue" Packets.
171 * An SCTP packet is called an "out of the blue" (OOTB)
172 * packet if it is correctly formed, i.e., passed the
173 * receiver's checksum check, but the receiver is not
174 * able to identify the association to which this
175 * packet belongs.
176 */
177 if (!asoc) {
178 ep = __sctp_rcv_lookup_endpoint(&dest);
179 if (sctp_rcv_ootb(skb)) {
180 SCTP_INC_STATS_BH(SctpOutOfBlues);
181 goto discard_release;
182 }
183 }
184
185 /* Retrieve the common input handling substructure. */
186 rcvr = asoc ? &asoc->base : &ep->base;
187 sk = rcvr->sk;
188
189 if (!ipsec_sk_policy(sk, skb))
190 goto discard_release;
191
192 ret = sk_filter(sk, skb, 1);
193 if (ret)
194 goto discard_release;
195
196 /* Create an SCTP packet structure. */
197 chunk = sctp_chunkify(skb, asoc, sk);
198 if (!chunk) {
199 ret = -ENOMEM;
200 goto discard_release;
201 }
202
203 /* Remember what endpoint is to handle this packet. */
204 chunk->rcvr = rcvr;
205
206 /* Remember the SCTP header. */
207 chunk->sctp_hdr = sh;
208
209 /* Set the source and destination addresses of the incoming chunk. */
210 sctp_init_addrs(chunk, &src, &dest);
211
212 /* Remember where we came from. */
213 chunk->transport = transport;
214
215 /* Acquire access to the sock lock. Note: We are safe from other
216 * bottom halves on this lock, but a user may be in the lock too,
217 * so check if it is busy.
218 */
219 sctp_bh_lock_sock(sk);
220
221 if (sock_owned_by_user(sk))
222 sk_add_backlog(sk, (struct sk_buff *) chunk);
223 else
224 sctp_backlog_rcv(sk, (struct sk_buff *) chunk);
225
226 /* Release the sock and any reference counts we took in the
227 * lookup calls.
228 */
229 sctp_bh_unlock_sock(sk);
230 if (asoc)
231 sctp_association_put(asoc);
232 else
233 sctp_endpoint_put(ep);
234 sock_put(sk);
235 return ret;
236
237 discard_it:
238 kfree_skb(skb);
239 return ret;
240
241 discard_release:
242 /* Release any structures we may be holding. */
243 if (asoc) {
244 sock_put(asoc->base.sk);
245 sctp_association_put(asoc);
246 } else {
247 sock_put(ep->base.sk);
248 sctp_endpoint_put(ep);
249 }
250
251 goto discard_it;
252 }
253
254 /* Handle second half of inbound skb processing. If the sock was busy,
255 * we may have need to delay processing until later when the sock is
256 * released (on the backlog). If not busy, we call this routine
257 * directly from the bottom half.
258 */
sctp_backlog_rcv(struct sock * sk,struct sk_buff * skb)259 int sctp_backlog_rcv(struct sock *sk, struct sk_buff *skb)
260 {
261 struct sctp_chunk *chunk;
262 struct sctp_inq *inqueue;
263
264 /* One day chunk will live inside the skb, but for
265 * now this works.
266 */
267 chunk = (struct sctp_chunk *) skb;
268 inqueue = &chunk->rcvr->inqueue;
269
270 sctp_inq_push(inqueue, chunk);
271 return 0;
272 }
273
274 /* Handle icmp frag needed error. */
sctp_icmp_frag_needed(struct sock * sk,struct sctp_association * asoc,struct sctp_transport * t,__u32 pmtu)275 void sctp_icmp_frag_needed(struct sock *sk, struct sctp_association *asoc,
276 struct sctp_transport *t, __u32 pmtu)
277 {
278 if (unlikely(pmtu < SCTP_DEFAULT_MINSEGMENT)) {
279 printk(KERN_WARNING "%s: Reported pmtu %d too low, "
280 "using default minimum of %d\n", __FUNCTION__, pmtu,
281 SCTP_DEFAULT_MINSEGMENT);
282 pmtu = SCTP_DEFAULT_MINSEGMENT;
283 }
284
285 if (!sock_owned_by_user(sk) && t && (t->pmtu != pmtu)) {
286 t->pmtu = pmtu;
287 sctp_assoc_sync_pmtu(asoc);
288 sctp_retransmit(&asoc->outqueue, t, SCTP_RTXR_PMTUD);
289 }
290 }
291
292 /*
293 * SCTP Implementer's Guide, 2.37 ICMP handling procedures
294 *
295 * ICMP8) If the ICMP code is a "Unrecognized next header type encountered"
296 * or a "Protocol Unreachable" treat this message as an abort
297 * with the T bit set.
298 *
299 * This function sends an event to the state machine, which will abort the
300 * association.
301 *
302 */
sctp_icmp_proto_unreachable(struct sock * sk,struct sctp_endpoint * ep,struct sctp_association * asoc,struct sctp_transport * t)303 void sctp_icmp_proto_unreachable(struct sock *sk,
304 struct sctp_endpoint *ep,
305 struct sctp_association *asoc,
306 struct sctp_transport *t)
307 {
308 SCTP_DEBUG_PRINTK("%s\n", __FUNCTION__);
309
310 sctp_do_sm(SCTP_EVENT_T_OTHER,
311 SCTP_ST_OTHER(SCTP_EVENT_ICMP_PROTO_UNREACH),
312 asoc->state, asoc->ep, asoc, NULL,
313 GFP_ATOMIC);
314
315 }
316
317 /* Common lookup code for icmp/icmpv6 error handler. */
sctp_err_lookup(int family,struct sk_buff * skb,struct sctphdr * sctphdr,struct sctp_endpoint ** epp,struct sctp_association ** app,struct sctp_transport ** tpp)318 struct sock *sctp_err_lookup(int family, struct sk_buff *skb,
319 struct sctphdr *sctphdr,
320 struct sctp_endpoint **epp,
321 struct sctp_association **app,
322 struct sctp_transport **tpp)
323 {
324 union sctp_addr saddr;
325 union sctp_addr daddr;
326 struct sctp_af *af;
327 struct sock *sk = NULL;
328 struct sctp_endpoint *ep = NULL;
329 struct sctp_association *asoc = NULL;
330 struct sctp_transport *transport = NULL;
331
332 *app = NULL; *epp = NULL; *tpp = NULL;
333
334 af = sctp_get_af_specific(family);
335 if (unlikely(!af)) {
336 return NULL;
337 }
338
339 /* Initialize local addresses for lookups. */
340 af->from_skb(&saddr, skb, 1);
341 af->from_skb(&daddr, skb, 0);
342
343 /* Look for an association that matches the incoming ICMP error
344 * packet.
345 */
346 asoc = __sctp_lookup_association(&saddr, &daddr, &transport);
347 if (!asoc) {
348 /* If there is no matching association, see if it matches any
349 * endpoint. This may happen for an ICMP error generated in
350 * response to an INIT_ACK.
351 */
352 ep = __sctp_rcv_lookup_endpoint(&daddr);
353 if (!ep) {
354 return NULL;
355 }
356 }
357
358 if (asoc) {
359 sk = asoc->base.sk;
360
361 if (ntohl(sctphdr->vtag) != asoc->c.peer_vtag) {
362 ICMP_INC_STATS_BH(IcmpInErrors);
363 goto out;
364 }
365 } else
366 sk = ep->base.sk;
367
368 sctp_bh_lock_sock(sk);
369
370 /* If too many ICMPs get dropped on busy
371 * servers this needs to be solved differently.
372 */
373 if (sock_owned_by_user(sk))
374 NET_INC_STATS_BH(LockDroppedIcmps);
375
376 *epp = ep;
377 *app = asoc;
378 *tpp = transport;
379 return sk;
380
381 out:
382 sock_put(sk);
383 if (asoc)
384 sctp_association_put(asoc);
385 if (ep)
386 sctp_endpoint_put(ep);
387 return NULL;
388 }
389
390 /* Common cleanup code for icmp/icmpv6 error handler. */
sctp_err_finish(struct sock * sk,struct sctp_endpoint * ep,struct sctp_association * asoc)391 void sctp_err_finish(struct sock *sk, struct sctp_endpoint *ep,
392 struct sctp_association *asoc)
393 {
394 sctp_bh_unlock_sock(sk);
395 sock_put(sk);
396 if (asoc)
397 sctp_association_put(asoc);
398 if (ep)
399 sctp_endpoint_put(ep);
400 }
401
402 /*
403 * This routine is called by the ICMP module when it gets some
404 * sort of error condition. If err < 0 then the socket should
405 * be closed and the error returned to the user. If err > 0
406 * it's just the icmp type << 8 | icmp code. After adjustment
407 * header points to the first 8 bytes of the sctp header. We need
408 * to find the appropriate port.
409 *
410 * The locking strategy used here is very "optimistic". When
411 * someone else accesses the socket the ICMP is just dropped
412 * and for some paths there is no check at all.
413 * A more general error queue to queue errors for later handling
414 * is probably better.
415 *
416 */
sctp_v4_err(struct sk_buff * skb,__u32 info)417 void sctp_v4_err(struct sk_buff *skb, __u32 info)
418 {
419 struct iphdr *iph = (struct iphdr *)skb->data;
420 struct sctphdr *sh = (struct sctphdr *)(skb->data + (iph->ihl <<2));
421 int type = skb->h.icmph->type;
422 int code = skb->h.icmph->code;
423 struct sock *sk;
424 struct sctp_endpoint *ep;
425 struct sctp_association *asoc;
426 struct sctp_transport *transport;
427 struct inet_opt *inet;
428 char *saveip, *savesctp;
429 int err;
430
431 if (skb->len < ((iph->ihl << 2) + 8)) {
432 ICMP_INC_STATS_BH(IcmpInErrors);
433 return;
434 }
435
436 /* Fix up skb to look at the embedded net header. */
437 saveip = skb->nh.raw;
438 savesctp = skb->h.raw;
439 skb->nh.iph = iph;
440 skb->h.raw = (char *)sh;
441 sk = sctp_err_lookup(AF_INET, skb, sh, &ep, &asoc, &transport);
442 /* Put back, the original pointers. */
443 skb->nh.raw = saveip;
444 skb->h.raw = savesctp;
445 if (!sk) {
446 ICMP_INC_STATS_BH(IcmpInErrors);
447 return;
448 }
449 /* Warning: The sock lock is held. Remember to call
450 * sctp_err_finish!
451 */
452
453 switch (type) {
454 case ICMP_PARAMETERPROB:
455 err = EPROTO;
456 break;
457 case ICMP_DEST_UNREACH:
458 if (code > NR_ICMP_UNREACH)
459 goto out_unlock;
460
461 /* PMTU discovery (RFC1191) */
462 if (ICMP_FRAG_NEEDED == code) {
463 sctp_icmp_frag_needed(sk, asoc, transport, info);
464 goto out_unlock;
465 }
466 else {
467 if (ICMP_PROT_UNREACH == code) {
468 sctp_icmp_proto_unreachable(sk, ep, asoc,
469 transport);
470 goto out_unlock;
471 }
472 }
473 err = icmp_err_convert[code].errno;
474 break;
475 case ICMP_TIME_EXCEEDED:
476 /* Ignore any time exceeded errors due to fragment reassembly
477 * timeouts.
478 */
479 if (ICMP_EXC_FRAGTIME == code)
480 goto out_unlock;
481
482 err = EHOSTUNREACH;
483 break;
484 default:
485 goto out_unlock;
486 }
487
488 inet = inet_sk(sk);
489 if (!sock_owned_by_user(sk) && inet->recverr) {
490 sk->err = err;
491 sk->error_report(sk);
492 } else { /* Only an error on timeout */
493 sk->err_soft = err;
494 }
495
496 out_unlock:
497 sctp_err_finish(sk, ep, asoc);
498 }
499
500 /*
501 * RFC 2960, 8.4 - Handle "Out of the blue" Packets.
502 *
503 * This function scans all the chunks in the OOTB packet to determine if
504 * the packet should be discarded right away. If a response might be needed
505 * for this packet, or, if further processing is possible, the packet will
506 * be queued to a proper inqueue for the next phase of handling.
507 *
508 * Output:
509 * Return 0 - If further processing is needed.
510 * Return 1 - If the packet can be discarded right away.
511 */
sctp_rcv_ootb(struct sk_buff * skb)512 int sctp_rcv_ootb(struct sk_buff *skb)
513 {
514 sctp_chunkhdr_t *ch;
515 __u8 *ch_end;
516 sctp_errhdr_t *err;
517
518 ch = (sctp_chunkhdr_t *) skb->data;
519 ch_end = ((__u8 *) ch) + WORD_ROUND(ntohs(ch->length));
520
521 /* Scan through all the chunks in the packet. */
522 while (ch_end > (__u8 *)ch && ch_end < skb->tail) {
523
524 /* RFC 8.4, 2) If the OOTB packet contains an ABORT chunk, the
525 * receiver MUST silently discard the OOTB packet and take no
526 * further action.
527 */
528 if (SCTP_CID_ABORT == ch->type)
529 goto discard;
530
531 /* RFC 8.4, 6) If the packet contains a SHUTDOWN COMPLETE
532 * chunk, the receiver should silently discard the packet
533 * and take no further action.
534 */
535 if (SCTP_CID_SHUTDOWN_COMPLETE == ch->type)
536 goto discard;
537
538 /* RFC 8.4, 7) If the packet contains a "Stale cookie" ERROR
539 * or a COOKIE ACK the SCTP Packet should be silently
540 * discarded.
541 */
542 if (SCTP_CID_COOKIE_ACK == ch->type)
543 goto discard;
544
545 if (SCTP_CID_ERROR == ch->type) {
546 sctp_walk_errors(err, ch) {
547 if (SCTP_ERROR_STALE_COOKIE == err->cause)
548 goto discard;
549 }
550 }
551
552 ch = (sctp_chunkhdr_t *) ch_end;
553 ch_end = ((__u8 *) ch) + WORD_ROUND(ntohs(ch->length));
554 }
555
556 return 0;
557
558 discard:
559 return 1;
560 }
561
562 /* Insert endpoint into the hash table. */
__sctp_hash_endpoint(struct sctp_endpoint * ep)563 static void __sctp_hash_endpoint(struct sctp_endpoint *ep)
564 {
565 struct sctp_ep_common **epp;
566 struct sctp_ep_common *epb;
567 struct sctp_hashbucket *head;
568
569 epb = &ep->base;
570
571 epb->hashent = sctp_ep_hashfn(epb->bind_addr.port);
572 head = &sctp_ep_hashtable[epb->hashent];
573
574 sctp_write_lock(&head->lock);
575 epp = &head->chain;
576 epb->next = *epp;
577 if (epb->next)
578 (*epp)->pprev = &epb->next;
579 *epp = epb;
580 epb->pprev = epp;
581 sctp_write_unlock(&head->lock);
582 }
583
584 /* Add an endpoint to the hash. Local BH-safe. */
sctp_hash_endpoint(struct sctp_endpoint * ep)585 void sctp_hash_endpoint(struct sctp_endpoint *ep)
586 {
587 sctp_local_bh_disable();
588 __sctp_hash_endpoint(ep);
589 sctp_local_bh_enable();
590 }
591
592 /* Remove endpoint from the hash table. */
__sctp_unhash_endpoint(struct sctp_endpoint * ep)593 static void __sctp_unhash_endpoint(struct sctp_endpoint *ep)
594 {
595 struct sctp_hashbucket *head;
596 struct sctp_ep_common *epb;
597
598 epb = &ep->base;
599
600 epb->hashent = sctp_ep_hashfn(epb->bind_addr.port);
601
602 head = &sctp_ep_hashtable[epb->hashent];
603
604 sctp_write_lock(&head->lock);
605
606 if (epb->pprev) {
607 if (epb->next)
608 epb->next->pprev = epb->pprev;
609 *epb->pprev = epb->next;
610 epb->pprev = NULL;
611 }
612
613 sctp_write_unlock(&head->lock);
614 }
615
616 /* Remove endpoint from the hash. Local BH-safe. */
sctp_unhash_endpoint(struct sctp_endpoint * ep)617 void sctp_unhash_endpoint(struct sctp_endpoint *ep)
618 {
619 sctp_local_bh_disable();
620 __sctp_unhash_endpoint(ep);
621 sctp_local_bh_enable();
622 }
623
624 /* Look up an endpoint. */
__sctp_rcv_lookup_endpoint(const union sctp_addr * laddr)625 static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(const union sctp_addr *laddr)
626 {
627 struct sctp_hashbucket *head;
628 struct sctp_ep_common *epb;
629 struct sctp_endpoint *ep;
630 int hash;
631
632 hash = sctp_ep_hashfn(laddr->v4.sin_port);
633 head = &sctp_ep_hashtable[hash];
634 read_lock(&head->lock);
635 for (epb = head->chain; epb; epb = epb->next) {
636 ep = sctp_ep(epb);
637 if (sctp_endpoint_is_match(ep, laddr))
638 goto hit;
639 }
640
641 ep = sctp_sk((sctp_get_ctl_sock()))->ep;
642 epb = &ep->base;
643
644 hit:
645 sctp_endpoint_hold(ep);
646 sock_hold(epb->sk);
647 read_unlock(&head->lock);
648 return ep;
649 }
650
651 /* Insert association into the hash table. */
__sctp_hash_established(struct sctp_association * asoc)652 static void __sctp_hash_established(struct sctp_association *asoc)
653 {
654 struct sctp_ep_common **epp;
655 struct sctp_ep_common *epb;
656 struct sctp_hashbucket *head;
657
658 epb = &asoc->base;
659
660 /* Calculate which chain this entry will belong to. */
661 epb->hashent = sctp_assoc_hashfn(epb->bind_addr.port, asoc->peer.port);
662
663 head = &sctp_assoc_hashtable[epb->hashent];
664
665 sctp_write_lock(&head->lock);
666 epp = &head->chain;
667 epb->next = *epp;
668 if (epb->next)
669 (*epp)->pprev = &epb->next;
670 *epp = epb;
671 epb->pprev = epp;
672 sctp_write_unlock(&head->lock);
673 }
674
675 /* Add an association to the hash. Local BH-safe. */
sctp_hash_established(struct sctp_association * asoc)676 void sctp_hash_established(struct sctp_association *asoc)
677 {
678 sctp_local_bh_disable();
679 __sctp_hash_established(asoc);
680 sctp_local_bh_enable();
681 }
682
683 /* Remove association from the hash table. */
__sctp_unhash_established(struct sctp_association * asoc)684 static void __sctp_unhash_established(struct sctp_association *asoc)
685 {
686 struct sctp_hashbucket *head;
687 struct sctp_ep_common *epb;
688
689 epb = &asoc->base;
690
691 epb->hashent = sctp_assoc_hashfn(epb->bind_addr.port,
692 asoc->peer.port);
693
694 head = &sctp_assoc_hashtable[epb->hashent];
695
696 sctp_write_lock(&head->lock);
697
698 if (epb->pprev) {
699 if (epb->next)
700 epb->next->pprev = epb->pprev;
701 *epb->pprev = epb->next;
702 epb->pprev = NULL;
703 }
704
705 sctp_write_unlock(&head->lock);
706 }
707
708 /* Remove association from the hash table. Local BH-safe. */
sctp_unhash_established(struct sctp_association * asoc)709 void sctp_unhash_established(struct sctp_association *asoc)
710 {
711 sctp_local_bh_disable();
712 __sctp_unhash_established(asoc);
713 sctp_local_bh_enable();
714 }
715
716 /* Look up an association. */
__sctp_lookup_association(const union sctp_addr * local,const union sctp_addr * peer,struct sctp_transport ** pt)717 static struct sctp_association *__sctp_lookup_association(
718 const union sctp_addr *local,
719 const union sctp_addr *peer,
720 struct sctp_transport **pt)
721 {
722 struct sctp_hashbucket *head;
723 struct sctp_ep_common *epb;
724 struct sctp_association *asoc;
725 struct sctp_transport *transport;
726 int hash;
727
728 /* Optimize here for direct hit, only listening connections can
729 * have wildcards anyways.
730 */
731 hash = sctp_assoc_hashfn(local->v4.sin_port, peer->v4.sin_port);
732 head = &sctp_assoc_hashtable[hash];
733 read_lock(&head->lock);
734 for (epb = head->chain; epb; epb = epb->next) {
735 asoc = sctp_assoc(epb);
736 transport = sctp_assoc_is_match(asoc, local, peer);
737 if (transport)
738 goto hit;
739 }
740
741 read_unlock(&head->lock);
742
743 return NULL;
744
745 hit:
746 *pt = transport;
747 sctp_association_hold(asoc);
748 sock_hold(epb->sk);
749 read_unlock(&head->lock);
750 return asoc;
751 }
752
753 /* Look up an association. BH-safe. */
754 SCTP_STATIC
sctp_lookup_association(const union sctp_addr * laddr,const union sctp_addr * paddr,struct sctp_transport ** transportp)755 struct sctp_association *sctp_lookup_association(const union sctp_addr *laddr,
756 const union sctp_addr *paddr,
757 struct sctp_transport **transportp)
758 {
759 struct sctp_association *asoc;
760
761 sctp_local_bh_disable();
762 asoc = __sctp_lookup_association(laddr, paddr, transportp);
763 sctp_local_bh_enable();
764
765 return asoc;
766 }
767
768 /* Is there an association matching the given local and peer addresses? */
sctp_has_association(const union sctp_addr * laddr,const union sctp_addr * paddr)769 int sctp_has_association(const union sctp_addr *laddr,
770 const union sctp_addr *paddr)
771 {
772 struct sctp_association *asoc;
773 struct sctp_transport *transport;
774
775 if ((asoc = sctp_lookup_association(laddr, paddr, &transport))) {
776 sock_put(asoc->base.sk);
777 sctp_association_put(asoc);
778 return 1;
779 }
780
781 return 0;
782 }
783
784 /*
785 * SCTP Implementors Guide, 2.18 Handling of address
786 * parameters within the INIT or INIT-ACK.
787 *
788 * D) When searching for a matching TCB upon reception of an INIT
789 * or INIT-ACK chunk the receiver SHOULD use not only the
790 * source address of the packet (containing the INIT or
791 * INIT-ACK) but the receiver SHOULD also use all valid
792 * address parameters contained within the chunk.
793 *
794 * 2.18.3 Solution description
795 *
796 * This new text clearly specifies to an implementor the need
797 * to look within the INIT or INIT-ACK. Any implementation that
798 * does not do this, may not be able to establish associations
799 * in certain circumstances.
800 *
801 */
__sctp_rcv_init_lookup(struct sk_buff * skb,const union sctp_addr * laddr,struct sctp_transport ** transportp)802 static struct sctp_association *__sctp_rcv_init_lookup(struct sk_buff *skb,
803 const union sctp_addr *laddr, struct sctp_transport **transportp)
804 {
805 struct sctp_association *asoc;
806 union sctp_addr addr;
807 union sctp_addr *paddr = &addr;
808 struct sctphdr *sh = (struct sctphdr *) skb->h.raw;
809 sctp_chunkhdr_t *ch;
810 union sctp_params params;
811 sctp_init_chunk_t *init;
812 struct sctp_transport *transport;
813 struct sctp_af *af;
814
815 ch = (sctp_chunkhdr_t *) skb->data;
816
817 /* If this is INIT/INIT-ACK look inside the chunk too. */
818 switch (ch->type) {
819 case SCTP_CID_INIT:
820 case SCTP_CID_INIT_ACK:
821 break;
822 default:
823 return NULL;
824 }
825
826 /* The code below will attempt to walk the chunk and extract
827 * parameter information. Before we do that, we need to verify
828 * that the chunk length doesn't cause overflow. Otherwise, we'll
829 * walk off the end.
830 */
831 if (WORD_ROUND(ntohs(ch->length)) > skb->len)
832 return NULL;
833
834 /*
835 * This code will NOT touch anything inside the chunk--it is
836 * strictly READ-ONLY.
837 *
838 * RFC 2960 3 SCTP packet Format
839 *
840 * Multiple chunks can be bundled into one SCTP packet up to
841 * the MTU size, except for the INIT, INIT ACK, and SHUTDOWN
842 * COMPLETE chunks. These chunks MUST NOT be bundled with any
843 * other chunk in a packet. See Section 6.10 for more details
844 * on chunk bundling.
845 */
846
847 /* Find the start of the TLVs and the end of the chunk. This is
848 * the region we search for address parameters.
849 */
850 init = (sctp_init_chunk_t *)skb->data;
851
852 /* Walk the parameters looking for embedded addresses. */
853 sctp_walk_params(params, init, init_hdr.params) {
854
855 /* Note: Ignoring hostname addresses. */
856 af = sctp_get_af_specific(param_type2af(params.p->type));
857 if (!af)
858 continue;
859
860 af->from_addr_param(paddr, params.addr, ntohs(sh->source), 0);
861
862 asoc = __sctp_lookup_association(laddr, paddr, &transport);
863 if (asoc)
864 return asoc;
865 }
866
867 return NULL;
868 }
869
870 /* Lookup an association for an inbound skb. */
__sctp_rcv_lookup(struct sk_buff * skb,const union sctp_addr * paddr,const union sctp_addr * laddr,struct sctp_transport ** transportp)871 static struct sctp_association *__sctp_rcv_lookup(struct sk_buff *skb,
872 const union sctp_addr *paddr,
873 const union sctp_addr *laddr,
874 struct sctp_transport **transportp)
875 {
876 struct sctp_association *asoc;
877
878 asoc = __sctp_lookup_association(laddr, paddr, transportp);
879
880 /* Further lookup for INIT/INIT-ACK packets.
881 * SCTP Implementors Guide, 2.18 Handling of address
882 * parameters within the INIT or INIT-ACK.
883 */
884 if (!asoc)
885 asoc = __sctp_rcv_init_lookup(skb, laddr, transportp);
886
887 return asoc;
888 }
889