1 /* SCTP kernel reference Implementation
2 * (C) Copyright IBM Corp. 2001, 2004
3 * Copyright (c) 1999-2000 Cisco, Inc.
4 * Copyright (c) 1999-2001 Motorola, Inc.
5 * Copyright (c) 2001-2002 Intel Corp.
6 * Copyright (c) 2002 Nokia Corp.
8 * This file is part of the SCTP kernel reference Implementation
10 * This is part of the SCTP Linux Kernel Reference Implementation.
12 * These are the state functions for the state machine.
14 * The SCTP reference implementation is free software;
15 * you can redistribute it and/or modify it under the terms of
16 * the GNU General Public License as published by
17 * the Free Software Foundation; either version 2, or (at your option)
20 * The SCTP reference implementation is distributed in the hope that it
21 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
22 * ************************
23 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
24 * See the GNU General Public License for more details.
26 * You should have received a copy of the GNU General Public License
27 * along with GNU CC; see the file COPYING. If not, write to
28 * the Free Software Foundation, 59 Temple Place - Suite 330,
29 * Boston, MA 02111-1307, USA.
31 * Please send any bug reports or fixes you make to the
33 * lksctp developers <lksctp-developers@lists.sourceforge.net>
35 * Or submit a bug report through the following website:
36 * http://www.sf.net/projects/lksctp
38 * Written or modified by:
39 * La Monte H.P. Yarroll <piggy@acm.org>
40 * Karl Knutson <karl@athena.chicago.il.us>
41 * Mathew Kotowsky <kotowsky@sctp.org>
42 * Sridhar Samudrala <samudrala@us.ibm.com>
43 * Jon Grimm <jgrimm@us.ibm.com>
44 * Hui Huang <hui.huang@nokia.com>
45 * Dajiang Zhang <dajiang.zhang@nokia.com>
46 * Daisy Chang <daisyc@us.ibm.com>
47 * Ardelle Fan <ardelle.fan@intel.com>
48 * Ryan Layer <rmlayer@us.ibm.com>
49 * Kevin Gao <kevin.gao@intel.com>
51 * Any bugs reported given to us we will try to fix... any fixes shared will
52 * be incorporated into the next SCTP release.
55 #include <linux/types.h>
56 #include <linux/kernel.h>
58 #include <linux/ipv6.h>
59 #include <linux/net.h>
60 #include <linux/inet.h>
62 #include <net/inet_ecn.h>
63 #include <linux/skbuff.h>
64 #include <net/sctp/sctp.h>
65 #include <net/sctp/sm.h>
66 #include <net/sctp/structs.h>
68 static struct sctp_packet *sctp_abort_pkt_new(const struct sctp_endpoint *ep,
69 const struct sctp_association *asoc,
70 struct sctp_chunk *chunk,
73 static int sctp_eat_data(const struct sctp_association *asoc,
74 struct sctp_chunk *chunk,
75 sctp_cmd_seq_t *commands);
76 static struct sctp_packet *sctp_ootb_pkt_new(const struct sctp_association *asoc,
77 const struct sctp_chunk *chunk);
78 static void sctp_send_stale_cookie_err(const struct sctp_endpoint *ep,
79 const struct sctp_association *asoc,
80 const struct sctp_chunk *chunk,
81 sctp_cmd_seq_t *commands,
82 struct sctp_chunk *err_chunk);
83 static sctp_disposition_t sctp_sf_do_5_2_6_stale(const struct sctp_endpoint *ep,
84 const struct sctp_association *asoc,
85 const sctp_subtype_t type,
87 sctp_cmd_seq_t *commands);
88 static sctp_disposition_t sctp_sf_shut_8_4_5(const struct sctp_endpoint *ep,
89 const struct sctp_association *asoc,
90 const sctp_subtype_t type,
92 sctp_cmd_seq_t *commands);
93 static sctp_disposition_t sctp_sf_tabort_8_4_8(const struct sctp_endpoint *ep,
94 const struct sctp_association *asoc,
95 const sctp_subtype_t type,
97 sctp_cmd_seq_t *commands);
98 static struct sctp_sackhdr *sctp_sm_pull_sack(struct sctp_chunk *chunk);
100 static sctp_disposition_t sctp_stop_t1_and_abort(sctp_cmd_seq_t *commands,
101 __be16 error, int sk_err,
102 const struct sctp_association *asoc,
103 struct sctp_transport *transport);
105 static sctp_disposition_t sctp_sf_abort_violation(
106 const struct sctp_endpoint *ep,
107 const struct sctp_association *asoc,
109 sctp_cmd_seq_t *commands,
111 const size_t paylen);
113 static sctp_disposition_t sctp_sf_violation_chunklen(
114 const struct sctp_endpoint *ep,
115 const struct sctp_association *asoc,
116 const sctp_subtype_t type,
118 sctp_cmd_seq_t *commands);
120 static sctp_disposition_t sctp_sf_violation_ctsn(
121 const struct sctp_endpoint *ep,
122 const struct sctp_association *asoc,
123 const sctp_subtype_t type,
125 sctp_cmd_seq_t *commands);
127 static sctp_disposition_t sctp_sf_violation_chunk(
128 const struct sctp_endpoint *ep,
129 const struct sctp_association *asoc,
130 const sctp_subtype_t type,
132 sctp_cmd_seq_t *commands);
134 /* Small helper function that checks if the chunk length
135 * is of the appropriate length. The 'required_length' argument
136 * is set to be the size of a specific chunk we are testing.
137 * Return Values: 1 = Valid length
142 sctp_chunk_length_valid(struct sctp_chunk *chunk,
143 __u16 required_length)
145 __u16 chunk_length = ntohs(chunk->chunk_hdr->length);
147 if (unlikely(chunk_length < required_length))
153 /**********************************************************
154 * These are the state functions for handling chunk events.
155 **********************************************************/
158 * Process the final SHUTDOWN COMPLETE.
160 * Section: 4 (C) (diagram), 9.2
161 * Upon reception of the SHUTDOWN COMPLETE chunk the endpoint will verify
162 * that it is in SHUTDOWN-ACK-SENT state, if it is not the chunk should be
163 * discarded. If the endpoint is in the SHUTDOWN-ACK-SENT state the endpoint
164 * should stop the T2-shutdown timer and remove all knowledge of the
165 * association (and thus the association enters the CLOSED state).
167 * Verification Tag: 8.5.1(C), sctpimpguide 2.41.
168 * C) Rules for packet carrying SHUTDOWN COMPLETE:
170 * - The receiver of a SHUTDOWN COMPLETE shall accept the packet
171 * if the Verification Tag field of the packet matches its own tag and
172 * the T bit is not set
174 * it is set to its peer's tag and the T bit is set in the Chunk
176 * Otherwise, the receiver MUST silently discard the packet
177 * and take no further action. An endpoint MUST ignore the
178 * SHUTDOWN COMPLETE if it is not in the SHUTDOWN-ACK-SENT state.
181 * (endpoint, asoc, chunk)
184 * (asoc, reply_msg, msg_up, timers, counters)
186 * The return value is the disposition of the chunk.
188 sctp_disposition_t sctp_sf_do_4_C(const struct sctp_endpoint *ep,
189 const struct sctp_association *asoc,
190 const sctp_subtype_t type,
192 sctp_cmd_seq_t *commands)
194 struct sctp_chunk *chunk = arg;
195 struct sctp_ulpevent *ev;
197 if (!sctp_vtag_verify_either(chunk, asoc))
198 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
200 /* RFC 2960 6.10 Bundling
202 * An endpoint MUST NOT bundle INIT, INIT ACK or
203 * SHUTDOWN COMPLETE with any other chunks.
205 if (!chunk->singleton)
206 return sctp_sf_violation_chunk(ep, asoc, type, arg, commands);
208 /* Make sure that the SHUTDOWN_COMPLETE chunk has a valid length. */
209 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
210 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
213 /* RFC 2960 10.2 SCTP-to-ULP
215 * H) SHUTDOWN COMPLETE notification
217 * When SCTP completes the shutdown procedures (section 9.2) this
218 * notification is passed to the upper layer.
220 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_SHUTDOWN_COMP,
221 0, 0, 0, NULL, GFP_ATOMIC);
223 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
226 /* Upon reception of the SHUTDOWN COMPLETE chunk the endpoint
227 * will verify that it is in SHUTDOWN-ACK-SENT state, if it is
228 * not the chunk should be discarded. If the endpoint is in
229 * the SHUTDOWN-ACK-SENT state the endpoint should stop the
230 * T2-shutdown timer and remove all knowledge of the
231 * association (and thus the association enters the CLOSED
234 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
235 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
237 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
238 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
240 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
241 SCTP_STATE(SCTP_STATE_CLOSED));
243 SCTP_INC_STATS(SCTP_MIB_SHUTDOWNS);
244 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
246 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
248 return SCTP_DISPOSITION_DELETE_TCB;
252 * Respond to a normal INIT chunk.
253 * We are the side that is being asked for an association.
255 * Section: 5.1 Normal Establishment of an Association, B
256 * B) "Z" shall respond immediately with an INIT ACK chunk. The
257 * destination IP address of the INIT ACK MUST be set to the source
258 * IP address of the INIT to which this INIT ACK is responding. In
259 * the response, besides filling in other parameters, "Z" must set the
260 * Verification Tag field to Tag_A, and also provide its own
261 * Verification Tag (Tag_Z) in the Initiate Tag field.
263 * Verification Tag: Must be 0.
266 * (endpoint, asoc, chunk)
269 * (asoc, reply_msg, msg_up, timers, counters)
271 * The return value is the disposition of the chunk.
273 sctp_disposition_t sctp_sf_do_5_1B_init(const struct sctp_endpoint *ep,
274 const struct sctp_association *asoc,
275 const sctp_subtype_t type,
277 sctp_cmd_seq_t *commands)
279 struct sctp_chunk *chunk = arg;
280 struct sctp_chunk *repl;
281 struct sctp_association *new_asoc;
282 struct sctp_chunk *err_chunk;
283 struct sctp_packet *packet;
284 sctp_unrecognized_param_t *unk_param;
288 * An endpoint MUST NOT bundle INIT, INIT ACK or
289 * SHUTDOWN COMPLETE with any other chunks.
292 * Furthermore, we require that the receiver of an INIT chunk MUST
293 * enforce these rules by silently discarding an arriving packet
294 * with an INIT chunk that is bundled with other chunks.
296 if (!chunk->singleton)
297 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
299 /* If the packet is an OOTB packet which is temporarily on the
300 * control endpoint, respond with an ABORT.
302 if (ep == sctp_sk((sctp_get_ctl_sock()))->ep)
303 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
305 /* 3.1 A packet containing an INIT chunk MUST have a zero Verification
308 if (chunk->sctp_hdr->vtag != 0)
309 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
311 /* Make sure that the INIT chunk has a valid length.
312 * Normally, this would cause an ABORT with a Protocol Violation
313 * error, but since we don't have an association, we'll
314 * just discard the packet.
316 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_init_chunk_t)))
317 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
319 /* Verify the INIT chunk before processing it. */
321 if (!sctp_verify_init(asoc, chunk->chunk_hdr->type,
322 (sctp_init_chunk_t *)chunk->chunk_hdr, chunk,
324 /* This chunk contains fatal error. It is to be discarded.
325 * Send an ABORT, with causes if there is any.
328 packet = sctp_abort_pkt_new(ep, asoc, arg,
329 (__u8 *)(err_chunk->chunk_hdr) +
330 sizeof(sctp_chunkhdr_t),
331 ntohs(err_chunk->chunk_hdr->length) -
332 sizeof(sctp_chunkhdr_t));
334 sctp_chunk_free(err_chunk);
337 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
338 SCTP_PACKET(packet));
339 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
340 return SCTP_DISPOSITION_CONSUME;
342 return SCTP_DISPOSITION_NOMEM;
345 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg,
350 /* Grab the INIT header. */
351 chunk->subh.init_hdr = (sctp_inithdr_t *)chunk->skb->data;
353 /* Tag the variable length parameters. */
354 chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t));
356 new_asoc = sctp_make_temp_asoc(ep, chunk, GFP_ATOMIC);
360 /* The call, sctp_process_init(), can fail on memory allocation. */
361 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
363 (sctp_init_chunk_t *)chunk->chunk_hdr,
367 /* B) "Z" shall respond immediately with an INIT ACK chunk. */
369 /* If there are errors need to be reported for unknown parameters,
370 * make sure to reserve enough room in the INIT ACK for them.
374 len = ntohs(err_chunk->chunk_hdr->length) -
375 sizeof(sctp_chunkhdr_t);
377 if (sctp_assoc_set_bind_addr_from_ep(new_asoc, GFP_ATOMIC) < 0)
380 repl = sctp_make_init_ack(new_asoc, chunk, GFP_ATOMIC, len);
384 /* If there are errors need to be reported for unknown parameters,
385 * include them in the outgoing INIT ACK as "Unrecognized parameter"
389 /* Get the "Unrecognized parameter" parameter(s) out of the
390 * ERROR chunk generated by sctp_verify_init(). Since the
391 * error cause code for "unknown parameter" and the
392 * "Unrecognized parameter" type is the same, we can
393 * construct the parameters in INIT ACK by copying the
396 unk_param = (sctp_unrecognized_param_t *)
397 ((__u8 *)(err_chunk->chunk_hdr) +
398 sizeof(sctp_chunkhdr_t));
399 /* Replace the cause code with the "Unrecognized parameter"
402 sctp_addto_chunk(repl, len, unk_param);
403 sctp_chunk_free(err_chunk);
406 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
408 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
411 * Note: After sending out INIT ACK with the State Cookie parameter,
412 * "Z" MUST NOT allocate any resources, nor keep any states for the
413 * new association. Otherwise, "Z" will be vulnerable to resource
416 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
418 return SCTP_DISPOSITION_DELETE_TCB;
421 sctp_association_free(new_asoc);
424 sctp_chunk_free(err_chunk);
425 return SCTP_DISPOSITION_NOMEM;
429 * Respond to a normal INIT ACK chunk.
430 * We are the side that is initiating the association.
432 * Section: 5.1 Normal Establishment of an Association, C
433 * C) Upon reception of the INIT ACK from "Z", "A" shall stop the T1-init
434 * timer and leave COOKIE-WAIT state. "A" shall then send the State
435 * Cookie received in the INIT ACK chunk in a COOKIE ECHO chunk, start
436 * the T1-cookie timer, and enter the COOKIE-ECHOED state.
438 * Note: The COOKIE ECHO chunk can be bundled with any pending outbound
439 * DATA chunks, but it MUST be the first chunk in the packet and
440 * until the COOKIE ACK is returned the sender MUST NOT send any
441 * other packets to the peer.
443 * Verification Tag: 3.3.3
444 * If the value of the Initiate Tag in a received INIT ACK chunk is
445 * found to be 0, the receiver MUST treat it as an error and close the
446 * association by transmitting an ABORT.
449 * (endpoint, asoc, chunk)
452 * (asoc, reply_msg, msg_up, timers, counters)
454 * The return value is the disposition of the chunk.
456 sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
457 const struct sctp_association *asoc,
458 const sctp_subtype_t type,
460 sctp_cmd_seq_t *commands)
462 struct sctp_chunk *chunk = arg;
463 sctp_init_chunk_t *initchunk;
464 struct sctp_chunk *err_chunk;
465 struct sctp_packet *packet;
468 if (!sctp_vtag_verify(chunk, asoc))
469 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
472 * An endpoint MUST NOT bundle INIT, INIT ACK or
473 * SHUTDOWN COMPLETE with any other chunks.
475 if (!chunk->singleton)
476 return sctp_sf_violation_chunk(ep, asoc, type, arg, commands);
478 /* Make sure that the INIT-ACK chunk has a valid length */
479 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_initack_chunk_t)))
480 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
482 /* Grab the INIT header. */
483 chunk->subh.init_hdr = (sctp_inithdr_t *) chunk->skb->data;
485 /* Verify the INIT chunk before processing it. */
487 if (!sctp_verify_init(asoc, chunk->chunk_hdr->type,
488 (sctp_init_chunk_t *)chunk->chunk_hdr, chunk,
491 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
493 /* This chunk contains fatal error. It is to be discarded.
494 * Send an ABORT, with causes if there is any.
497 packet = sctp_abort_pkt_new(ep, asoc, arg,
498 (__u8 *)(err_chunk->chunk_hdr) +
499 sizeof(sctp_chunkhdr_t),
500 ntohs(err_chunk->chunk_hdr->length) -
501 sizeof(sctp_chunkhdr_t));
503 sctp_chunk_free(err_chunk);
506 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
507 SCTP_PACKET(packet));
508 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
509 error = SCTP_ERROR_INV_PARAM;
511 error = SCTP_ERROR_NO_RESOURCE;
514 sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
515 error = SCTP_ERROR_INV_PARAM;
517 return sctp_stop_t1_and_abort(commands, error, ECONNREFUSED,
518 asoc, chunk->transport);
521 /* Tag the variable length parameters. Note that we never
522 * convert the parameters in an INIT chunk.
524 chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t));
526 initchunk = (sctp_init_chunk_t *) chunk->chunk_hdr;
528 sctp_add_cmd_sf(commands, SCTP_CMD_PEER_INIT,
529 SCTP_PEER_INIT(initchunk));
531 /* Reset init error count upon receipt of INIT-ACK. */
532 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_COUNTER_RESET, SCTP_NULL());
534 /* 5.1 C) "A" shall stop the T1-init timer and leave
535 * COOKIE-WAIT state. "A" shall then ... start the T1-cookie
536 * timer, and enter the COOKIE-ECHOED state.
538 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
539 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
540 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
541 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
542 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
543 SCTP_STATE(SCTP_STATE_COOKIE_ECHOED));
545 /* 5.1 C) "A" shall then send the State Cookie received in the
546 * INIT ACK chunk in a COOKIE ECHO chunk, ...
548 /* If there is any errors to report, send the ERROR chunk generated
549 * for unknown parameters as well.
551 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_COOKIE_ECHO,
552 SCTP_CHUNK(err_chunk));
554 return SCTP_DISPOSITION_CONSUME;
558 * Respond to a normal COOKIE ECHO chunk.
559 * We are the side that is being asked for an association.
561 * Section: 5.1 Normal Establishment of an Association, D
562 * D) Upon reception of the COOKIE ECHO chunk, Endpoint "Z" will reply
563 * with a COOKIE ACK chunk after building a TCB and moving to
564 * the ESTABLISHED state. A COOKIE ACK chunk may be bundled with
565 * any pending DATA chunks (and/or SACK chunks), but the COOKIE ACK
566 * chunk MUST be the first chunk in the packet.
568 * IMPLEMENTATION NOTE: An implementation may choose to send the
569 * Communication Up notification to the SCTP user upon reception
570 * of a valid COOKIE ECHO chunk.
572 * Verification Tag: 8.5.1 Exceptions in Verification Tag Rules
573 * D) Rules for packet carrying a COOKIE ECHO
575 * - When sending a COOKIE ECHO, the endpoint MUST use the value of the
576 * Initial Tag received in the INIT ACK.
578 * - The receiver of a COOKIE ECHO follows the procedures in Section 5.
581 * (endpoint, asoc, chunk)
584 * (asoc, reply_msg, msg_up, timers, counters)
586 * The return value is the disposition of the chunk.
588 sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
589 const struct sctp_association *asoc,
590 const sctp_subtype_t type, void *arg,
591 sctp_cmd_seq_t *commands)
593 struct sctp_chunk *chunk = arg;
594 struct sctp_association *new_asoc;
595 sctp_init_chunk_t *peer_init;
596 struct sctp_chunk *repl;
597 struct sctp_ulpevent *ev, *ai_ev = NULL;
599 struct sctp_chunk *err_chk_p;
602 /* If the packet is an OOTB packet which is temporarily on the
603 * control endpoint, respond with an ABORT.
605 if (ep == sctp_sk((sctp_get_ctl_sock()))->ep)
606 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
608 /* Make sure that the COOKIE_ECHO chunk has a valid length.
609 * In this case, we check that we have enough for at least a
610 * chunk header. More detailed verification is done
611 * in sctp_unpack_cookie().
613 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
614 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
616 /* If the endpoint is not listening or if the number of associations
617 * on the TCP-style socket exceed the max backlog, respond with an
621 if (!sctp_sstate(sk, LISTENING) ||
622 (sctp_style(sk, TCP) && sk_acceptq_is_full(sk)))
623 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
625 /* "Decode" the chunk. We have no optional parameters so we
628 chunk->subh.cookie_hdr =
629 (struct sctp_signed_cookie *)chunk->skb->data;
630 if (!pskb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) -
631 sizeof(sctp_chunkhdr_t)))
634 /* 5.1 D) Upon reception of the COOKIE ECHO chunk, Endpoint
635 * "Z" will reply with a COOKIE ACK chunk after building a TCB
636 * and moving to the ESTABLISHED state.
638 new_asoc = sctp_unpack_cookie(ep, asoc, chunk, GFP_ATOMIC, &error,
642 * If the re-build failed, what is the proper error path
645 * [We should abort the association. --piggy]
648 /* FIXME: Several errors are possible. A bad cookie should
649 * be silently discarded, but think about logging it too.
652 case -SCTP_IERROR_NOMEM:
655 case -SCTP_IERROR_STALE_COOKIE:
656 sctp_send_stale_cookie_err(ep, asoc, chunk, commands,
658 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
660 case -SCTP_IERROR_BAD_SIG:
662 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
667 /* Delay state machine commands until later.
669 * Re-build the bind address for the association is done in
670 * the sctp_unpack_cookie() already.
672 /* This is a brand-new association, so these are not yet side
673 * effects--it is safe to run them here.
675 peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
677 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
678 &chunk->subh.cookie_hdr->c.peer_addr,
679 peer_init, GFP_ATOMIC))
682 repl = sctp_make_cookie_ack(new_asoc, chunk);
686 /* RFC 2960 5.1 Normal Establishment of an Association
688 * D) IMPLEMENTATION NOTE: An implementation may choose to
689 * send the Communication Up notification to the SCTP user
690 * upon reception of a valid COOKIE ECHO chunk.
692 ev = sctp_ulpevent_make_assoc_change(new_asoc, 0, SCTP_COMM_UP, 0,
693 new_asoc->c.sinit_num_ostreams,
694 new_asoc->c.sinit_max_instreams,
699 /* Sockets API Draft Section 5.3.1.6
700 * When a peer sends a Adaptation Layer Indication parameter , SCTP
701 * delivers this notification to inform the application that of the
702 * peers requested adaptation layer.
704 if (new_asoc->peer.adaptation_ind) {
705 ai_ev = sctp_ulpevent_make_adaptation_indication(new_asoc,
711 /* Add all the state machine commands now since we've created
712 * everything. This way we don't introduce memory corruptions
713 * during side-effect processing and correclty count established
716 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
717 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
718 SCTP_STATE(SCTP_STATE_ESTABLISHED));
719 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
720 SCTP_INC_STATS(SCTP_MIB_PASSIVEESTABS);
721 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
723 if (new_asoc->autoclose)
724 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
725 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
727 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
729 /* This will send the COOKIE ACK */
730 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
732 /* Queue the ASSOC_CHANGE event */
733 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
735 /* Send up the Adaptation Layer Indication event */
737 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
738 SCTP_ULPEVENT(ai_ev));
740 return SCTP_DISPOSITION_CONSUME;
743 sctp_ulpevent_free(ev);
745 sctp_chunk_free(repl);
747 sctp_association_free(new_asoc);
749 return SCTP_DISPOSITION_NOMEM;
753 * Respond to a normal COOKIE ACK chunk.
754 * We are the side that is being asked for an association.
756 * RFC 2960 5.1 Normal Establishment of an Association
758 * E) Upon reception of the COOKIE ACK, endpoint "A" will move from the
759 * COOKIE-ECHOED state to the ESTABLISHED state, stopping the T1-cookie
760 * timer. It may also notify its ULP about the successful
761 * establishment of the association with a Communication Up
762 * notification (see Section 10).
766 * (endpoint, asoc, chunk)
769 * (asoc, reply_msg, msg_up, timers, counters)
771 * The return value is the disposition of the chunk.
773 sctp_disposition_t sctp_sf_do_5_1E_ca(const struct sctp_endpoint *ep,
774 const struct sctp_association *asoc,
775 const sctp_subtype_t type, void *arg,
776 sctp_cmd_seq_t *commands)
778 struct sctp_chunk *chunk = arg;
779 struct sctp_ulpevent *ev;
781 if (!sctp_vtag_verify(chunk, asoc))
782 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
784 /* Verify that the chunk length for the COOKIE-ACK is OK.
785 * If we don't do this, any bundled chunks may be junked.
787 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
788 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
791 /* Reset init error count upon receipt of COOKIE-ACK,
792 * to avoid problems with the managemement of this
793 * counter in stale cookie situations when a transition back
794 * from the COOKIE-ECHOED state to the COOKIE-WAIT
795 * state is performed.
797 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_COUNTER_RESET, SCTP_NULL());
799 /* RFC 2960 5.1 Normal Establishment of an Association
801 * E) Upon reception of the COOKIE ACK, endpoint "A" will move
802 * from the COOKIE-ECHOED state to the ESTABLISHED state,
803 * stopping the T1-cookie timer.
805 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
806 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
807 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
808 SCTP_STATE(SCTP_STATE_ESTABLISHED));
809 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
810 SCTP_INC_STATS(SCTP_MIB_ACTIVEESTABS);
811 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
813 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
814 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
815 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
817 /* It may also notify its ULP about the successful
818 * establishment of the association with a Communication Up
819 * notification (see Section 10).
821 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_COMM_UP,
822 0, asoc->c.sinit_num_ostreams,
823 asoc->c.sinit_max_instreams,
829 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
831 /* Sockets API Draft Section 5.3.1.6
832 * When a peer sends a Adaptation Layer Indication parameter , SCTP
833 * delivers this notification to inform the application that of the
834 * peers requested adaptation layer.
836 if (asoc->peer.adaptation_ind) {
837 ev = sctp_ulpevent_make_adaptation_indication(asoc, GFP_ATOMIC);
841 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
845 return SCTP_DISPOSITION_CONSUME;
847 return SCTP_DISPOSITION_NOMEM;
850 /* Generate and sendout a heartbeat packet. */
851 static sctp_disposition_t sctp_sf_heartbeat(const struct sctp_endpoint *ep,
852 const struct sctp_association *asoc,
853 const sctp_subtype_t type,
855 sctp_cmd_seq_t *commands)
857 struct sctp_transport *transport = (struct sctp_transport *) arg;
858 struct sctp_chunk *reply;
859 sctp_sender_hb_info_t hbinfo;
862 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO;
863 hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t));
864 hbinfo.daddr = transport->ipaddr;
865 hbinfo.sent_at = jiffies;
866 hbinfo.hb_nonce = transport->hb_nonce;
868 /* Send a heartbeat to our peer. */
869 paylen = sizeof(sctp_sender_hb_info_t);
870 reply = sctp_make_heartbeat(asoc, transport, &hbinfo, paylen);
872 return SCTP_DISPOSITION_NOMEM;
874 /* Set rto_pending indicating that an RTT measurement
875 * is started with this heartbeat chunk.
877 sctp_add_cmd_sf(commands, SCTP_CMD_RTO_PENDING,
878 SCTP_TRANSPORT(transport));
880 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
881 return SCTP_DISPOSITION_CONSUME;
884 /* Generate a HEARTBEAT packet on the given transport. */
885 sctp_disposition_t sctp_sf_sendbeat_8_3(const struct sctp_endpoint *ep,
886 const struct sctp_association *asoc,
887 const sctp_subtype_t type,
889 sctp_cmd_seq_t *commands)
891 struct sctp_transport *transport = (struct sctp_transport *) arg;
893 if (asoc->overall_error_count >= asoc->max_retrans) {
894 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
895 SCTP_ERROR(ETIMEDOUT));
896 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
897 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
898 SCTP_PERR(SCTP_ERROR_NO_ERROR));
899 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
900 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
901 return SCTP_DISPOSITION_DELETE_TCB;
905 * The Sender-specific Heartbeat Info field should normally include
906 * information about the sender's current time when this HEARTBEAT
907 * chunk is sent and the destination transport address to which this
908 * HEARTBEAT is sent (see Section 8.3).
911 if (transport->param_flags & SPP_HB_ENABLE) {
912 if (SCTP_DISPOSITION_NOMEM ==
913 sctp_sf_heartbeat(ep, asoc, type, arg,
915 return SCTP_DISPOSITION_NOMEM;
916 /* Set transport error counter and association error counter
917 * when sending heartbeat.
919 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSPORT_RESET,
920 SCTP_TRANSPORT(transport));
922 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMER_UPDATE,
923 SCTP_TRANSPORT(transport));
925 return SCTP_DISPOSITION_CONSUME;
929 * Process an heartbeat request.
931 * Section: 8.3 Path Heartbeat
932 * The receiver of the HEARTBEAT should immediately respond with a
933 * HEARTBEAT ACK that contains the Heartbeat Information field copied
934 * from the received HEARTBEAT chunk.
936 * Verification Tag: 8.5 Verification Tag [Normal verification]
937 * When receiving an SCTP packet, the endpoint MUST ensure that the
938 * value in the Verification Tag field of the received SCTP packet
939 * matches its own Tag. If the received Verification Tag value does not
940 * match the receiver's own tag value, the receiver shall silently
941 * discard the packet and shall not process it any further except for
942 * those cases listed in Section 8.5.1 below.
945 * (endpoint, asoc, chunk)
948 * (asoc, reply_msg, msg_up, timers, counters)
950 * The return value is the disposition of the chunk.
952 sctp_disposition_t sctp_sf_beat_8_3(const struct sctp_endpoint *ep,
953 const struct sctp_association *asoc,
954 const sctp_subtype_t type,
956 sctp_cmd_seq_t *commands)
958 struct sctp_chunk *chunk = arg;
959 struct sctp_chunk *reply;
962 if (!sctp_vtag_verify(chunk, asoc))
963 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
965 /* Make sure that the HEARTBEAT chunk has a valid length. */
966 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_heartbeat_chunk_t)))
967 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
970 /* 8.3 The receiver of the HEARTBEAT should immediately
971 * respond with a HEARTBEAT ACK that contains the Heartbeat
972 * Information field copied from the received HEARTBEAT chunk.
974 chunk->subh.hb_hdr = (sctp_heartbeathdr_t *) chunk->skb->data;
975 paylen = ntohs(chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
976 if (!pskb_pull(chunk->skb, paylen))
979 reply = sctp_make_heartbeat_ack(asoc, chunk,
980 chunk->subh.hb_hdr, paylen);
984 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
985 return SCTP_DISPOSITION_CONSUME;
988 return SCTP_DISPOSITION_NOMEM;
992 * Process the returning HEARTBEAT ACK.
994 * Section: 8.3 Path Heartbeat
995 * Upon the receipt of the HEARTBEAT ACK, the sender of the HEARTBEAT
996 * should clear the error counter of the destination transport
997 * address to which the HEARTBEAT was sent, and mark the destination
998 * transport address as active if it is not so marked. The endpoint may
999 * optionally report to the upper layer when an inactive destination
1000 * address is marked as active due to the reception of the latest
1001 * HEARTBEAT ACK. The receiver of the HEARTBEAT ACK must also
1002 * clear the association overall error count as well (as defined
1005 * The receiver of the HEARTBEAT ACK should also perform an RTT
1006 * measurement for that destination transport address using the time
1007 * value carried in the HEARTBEAT ACK chunk.
1009 * Verification Tag: 8.5 Verification Tag [Normal verification]
1012 * (endpoint, asoc, chunk)
1015 * (asoc, reply_msg, msg_up, timers, counters)
1017 * The return value is the disposition of the chunk.
1019 sctp_disposition_t sctp_sf_backbeat_8_3(const struct sctp_endpoint *ep,
1020 const struct sctp_association *asoc,
1021 const sctp_subtype_t type,
1023 sctp_cmd_seq_t *commands)
1025 struct sctp_chunk *chunk = arg;
1026 union sctp_addr from_addr;
1027 struct sctp_transport *link;
1028 sctp_sender_hb_info_t *hbinfo;
1029 unsigned long max_interval;
1031 if (!sctp_vtag_verify(chunk, asoc))
1032 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1034 /* Make sure that the HEARTBEAT-ACK chunk has a valid length. */
1035 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_heartbeat_chunk_t)))
1036 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
1039 hbinfo = (sctp_sender_hb_info_t *) chunk->skb->data;
1040 /* Make sure that the length of the parameter is what we expect */
1041 if (ntohs(hbinfo->param_hdr.length) !=
1042 sizeof(sctp_sender_hb_info_t)) {
1043 return SCTP_DISPOSITION_DISCARD;
1046 from_addr = hbinfo->daddr;
1047 link = sctp_assoc_lookup_paddr(asoc, &from_addr);
1049 /* This should never happen, but lets log it if so. */
1050 if (unlikely(!link)) {
1051 if (from_addr.sa.sa_family == AF_INET6) {
1052 if (net_ratelimit())
1054 "%s association %p could not find address "
1058 NIP6(from_addr.v6.sin6_addr));
1060 if (net_ratelimit())
1062 "%s association %p could not find address "
1066 NIPQUAD(from_addr.v4.sin_addr.s_addr));
1068 return SCTP_DISPOSITION_DISCARD;
1071 /* Validate the 64-bit random nonce. */
1072 if (hbinfo->hb_nonce != link->hb_nonce)
1073 return SCTP_DISPOSITION_DISCARD;
1075 max_interval = link->hbinterval + link->rto;
1077 /* Check if the timestamp looks valid. */
1078 if (time_after(hbinfo->sent_at, jiffies) ||
1079 time_after(jiffies, hbinfo->sent_at + max_interval)) {
1080 SCTP_DEBUG_PRINTK("%s: HEARTBEAT ACK with invalid timestamp"
1081 "received for transport: %p\n",
1082 __FUNCTION__, link);
1083 return SCTP_DISPOSITION_DISCARD;
1086 /* 8.3 Upon the receipt of the HEARTBEAT ACK, the sender of
1087 * the HEARTBEAT should clear the error counter of the
1088 * destination transport address to which the HEARTBEAT was
1089 * sent and mark the destination transport address as active if
1090 * it is not so marked.
1092 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSPORT_ON, SCTP_TRANSPORT(link));
1094 return SCTP_DISPOSITION_CONSUME;
1097 /* Helper function to send out an abort for the restart
1100 static int sctp_sf_send_restart_abort(union sctp_addr *ssa,
1101 struct sctp_chunk *init,
1102 sctp_cmd_seq_t *commands)
1105 struct sctp_packet *pkt;
1106 union sctp_addr_param *addrparm;
1107 struct sctp_errhdr *errhdr;
1108 struct sctp_endpoint *ep;
1109 char buffer[sizeof(struct sctp_errhdr)+sizeof(union sctp_addr_param)];
1110 struct sctp_af *af = sctp_get_af_specific(ssa->v4.sin_family);
1112 /* Build the error on the stack. We are way to malloc crazy
1113 * throughout the code today.
1115 errhdr = (struct sctp_errhdr *)buffer;
1116 addrparm = (union sctp_addr_param *)errhdr->variable;
1118 /* Copy into a parm format. */
1119 len = af->to_addr_param(ssa, addrparm);
1120 len += sizeof(sctp_errhdr_t);
1122 errhdr->cause = SCTP_ERROR_RESTART;
1123 errhdr->length = htons(len);
1125 /* Assign to the control socket. */
1126 ep = sctp_sk((sctp_get_ctl_sock()))->ep;
1128 /* Association is NULL since this may be a restart attack and we
1129 * want to send back the attacker's vtag.
1131 pkt = sctp_abort_pkt_new(ep, NULL, init, errhdr, len);
1135 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT, SCTP_PACKET(pkt));
1137 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
1139 /* Discard the rest of the inbound packet. */
1140 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET, SCTP_NULL());
1143 /* Even if there is no memory, treat as a failure so
1144 * the packet will get dropped.
1149 /* A restart is occurring, check to make sure no new addresses
1150 * are being added as we may be under a takeover attack.
1152 static int sctp_sf_check_restart_addrs(const struct sctp_association *new_asoc,
1153 const struct sctp_association *asoc,
1154 struct sctp_chunk *init,
1155 sctp_cmd_seq_t *commands)
1157 struct sctp_transport *new_addr, *addr;
1158 struct list_head *pos, *pos2;
1161 /* Implementor's Guide - Sectin 5.2.2
1163 * Before responding the endpoint MUST check to see if the
1164 * unexpected INIT adds new addresses to the association. If new
1165 * addresses are added to the association, the endpoint MUST respond
1169 /* Search through all current addresses and make sure
1170 * we aren't adding any new ones.
1175 list_for_each(pos, &new_asoc->peer.transport_addr_list) {
1176 new_addr = list_entry(pos, struct sctp_transport, transports);
1178 list_for_each(pos2, &asoc->peer.transport_addr_list) {
1179 addr = list_entry(pos2, struct sctp_transport,
1181 if (sctp_cmp_addr_exact(&new_addr->ipaddr,
1191 /* If a new address was added, ABORT the sender. */
1192 if (!found && new_addr) {
1193 sctp_sf_send_restart_abort(&new_addr->ipaddr, init, commands);
1196 /* Return success if all addresses were found. */
1200 /* Populate the verification/tie tags based on overlapping INIT
1203 * Note: Do not use in CLOSED or SHUTDOWN-ACK-SENT state.
1205 static void sctp_tietags_populate(struct sctp_association *new_asoc,
1206 const struct sctp_association *asoc)
1208 switch (asoc->state) {
1210 /* 5.2.1 INIT received in COOKIE-WAIT or COOKIE-ECHOED State */
1212 case SCTP_STATE_COOKIE_WAIT:
1213 new_asoc->c.my_vtag = asoc->c.my_vtag;
1214 new_asoc->c.my_ttag = asoc->c.my_vtag;
1215 new_asoc->c.peer_ttag = 0;
1218 case SCTP_STATE_COOKIE_ECHOED:
1219 new_asoc->c.my_vtag = asoc->c.my_vtag;
1220 new_asoc->c.my_ttag = asoc->c.my_vtag;
1221 new_asoc->c.peer_ttag = asoc->c.peer_vtag;
1224 /* 5.2.2 Unexpected INIT in States Other than CLOSED, COOKIE-ECHOED,
1225 * COOKIE-WAIT and SHUTDOWN-ACK-SENT
1228 new_asoc->c.my_ttag = asoc->c.my_vtag;
1229 new_asoc->c.peer_ttag = asoc->c.peer_vtag;
1233 /* Other parameters for the endpoint SHOULD be copied from the
1234 * existing parameters of the association (e.g. number of
1235 * outbound streams) into the INIT ACK and cookie.
1237 new_asoc->rwnd = asoc->rwnd;
1238 new_asoc->c.sinit_num_ostreams = asoc->c.sinit_num_ostreams;
1239 new_asoc->c.sinit_max_instreams = asoc->c.sinit_max_instreams;
1240 new_asoc->c.initial_tsn = asoc->c.initial_tsn;
1244 * Compare vtag/tietag values to determine unexpected COOKIE-ECHO
1247 * RFC 2960 5.2.4 Handle a COOKIE ECHO when a TCB exists.
1249 * Returns value representing action to be taken. These action values
1250 * correspond to Action/Description values in RFC 2960, Table 2.
1252 static char sctp_tietags_compare(struct sctp_association *new_asoc,
1253 const struct sctp_association *asoc)
1255 /* In this case, the peer may have restarted. */
1256 if ((asoc->c.my_vtag != new_asoc->c.my_vtag) &&
1257 (asoc->c.peer_vtag != new_asoc->c.peer_vtag) &&
1258 (asoc->c.my_vtag == new_asoc->c.my_ttag) &&
1259 (asoc->c.peer_vtag == new_asoc->c.peer_ttag))
1262 /* Collision case B. */
1263 if ((asoc->c.my_vtag == new_asoc->c.my_vtag) &&
1264 ((asoc->c.peer_vtag != new_asoc->c.peer_vtag) ||
1265 (0 == asoc->c.peer_vtag))) {
1269 /* Collision case D. */
1270 if ((asoc->c.my_vtag == new_asoc->c.my_vtag) &&
1271 (asoc->c.peer_vtag == new_asoc->c.peer_vtag))
1274 /* Collision case C. */
1275 if ((asoc->c.my_vtag != new_asoc->c.my_vtag) &&
1276 (asoc->c.peer_vtag == new_asoc->c.peer_vtag) &&
1277 (0 == new_asoc->c.my_ttag) &&
1278 (0 == new_asoc->c.peer_ttag))
1281 /* No match to any of the special cases; discard this packet. */
1285 /* Common helper routine for both duplicate and simulataneous INIT
1288 static sctp_disposition_t sctp_sf_do_unexpected_init(
1289 const struct sctp_endpoint *ep,
1290 const struct sctp_association *asoc,
1291 const sctp_subtype_t type,
1292 void *arg, sctp_cmd_seq_t *commands)
1294 sctp_disposition_t retval;
1295 struct sctp_chunk *chunk = arg;
1296 struct sctp_chunk *repl;
1297 struct sctp_association *new_asoc;
1298 struct sctp_chunk *err_chunk;
1299 struct sctp_packet *packet;
1300 sctp_unrecognized_param_t *unk_param;
1304 * An endpoint MUST NOT bundle INIT, INIT ACK or
1305 * SHUTDOWN COMPLETE with any other chunks.
1308 * Furthermore, we require that the receiver of an INIT chunk MUST
1309 * enforce these rules by silently discarding an arriving packet
1310 * with an INIT chunk that is bundled with other chunks.
1312 if (!chunk->singleton)
1313 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1315 /* 3.1 A packet containing an INIT chunk MUST have a zero Verification
1318 if (chunk->sctp_hdr->vtag != 0)
1319 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
1321 /* Make sure that the INIT chunk has a valid length.
1322 * In this case, we generate a protocol violation since we have
1323 * an association established.
1325 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_init_chunk_t)))
1326 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
1328 /* Grab the INIT header. */
1329 chunk->subh.init_hdr = (sctp_inithdr_t *) chunk->skb->data;
1331 /* Tag the variable length parameters. */
1332 chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t));
1334 /* Verify the INIT chunk before processing it. */
1336 if (!sctp_verify_init(asoc, chunk->chunk_hdr->type,
1337 (sctp_init_chunk_t *)chunk->chunk_hdr, chunk,
1339 /* This chunk contains fatal error. It is to be discarded.
1340 * Send an ABORT, with causes if there is any.
1343 packet = sctp_abort_pkt_new(ep, asoc, arg,
1344 (__u8 *)(err_chunk->chunk_hdr) +
1345 sizeof(sctp_chunkhdr_t),
1346 ntohs(err_chunk->chunk_hdr->length) -
1347 sizeof(sctp_chunkhdr_t));
1350 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
1351 SCTP_PACKET(packet));
1352 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
1353 retval = SCTP_DISPOSITION_CONSUME;
1355 retval = SCTP_DISPOSITION_NOMEM;
1359 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg,
1365 * Other parameters for the endpoint SHOULD be copied from the
1366 * existing parameters of the association (e.g. number of
1367 * outbound streams) into the INIT ACK and cookie.
1368 * FIXME: We are copying parameters from the endpoint not the
1371 new_asoc = sctp_make_temp_asoc(ep, chunk, GFP_ATOMIC);
1375 /* In the outbound INIT ACK the endpoint MUST copy its current
1376 * Verification Tag and Peers Verification tag into a reserved
1377 * place (local tie-tag and per tie-tag) within the state cookie.
1379 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
1381 (sctp_init_chunk_t *)chunk->chunk_hdr,
1385 /* Make sure no new addresses are being added during the
1386 * restart. Do not do this check for COOKIE-WAIT state,
1387 * since there are no peer addresses to check against.
1388 * Upon return an ABORT will have been sent if needed.
1390 if (!sctp_state(asoc, COOKIE_WAIT)) {
1391 if (!sctp_sf_check_restart_addrs(new_asoc, asoc, chunk,
1393 retval = SCTP_DISPOSITION_CONSUME;
1398 sctp_tietags_populate(new_asoc, asoc);
1400 /* B) "Z" shall respond immediately with an INIT ACK chunk. */
1402 /* If there are errors need to be reported for unknown parameters,
1403 * make sure to reserve enough room in the INIT ACK for them.
1407 len = ntohs(err_chunk->chunk_hdr->length) -
1408 sizeof(sctp_chunkhdr_t);
1411 if (sctp_assoc_set_bind_addr_from_ep(new_asoc, GFP_ATOMIC) < 0)
1414 repl = sctp_make_init_ack(new_asoc, chunk, GFP_ATOMIC, len);
1418 /* If there are errors need to be reported for unknown parameters,
1419 * include them in the outgoing INIT ACK as "Unrecognized parameter"
1423 /* Get the "Unrecognized parameter" parameter(s) out of the
1424 * ERROR chunk generated by sctp_verify_init(). Since the
1425 * error cause code for "unknown parameter" and the
1426 * "Unrecognized parameter" type is the same, we can
1427 * construct the parameters in INIT ACK by copying the
1428 * ERROR causes over.
1430 unk_param = (sctp_unrecognized_param_t *)
1431 ((__u8 *)(err_chunk->chunk_hdr) +
1432 sizeof(sctp_chunkhdr_t));
1433 /* Replace the cause code with the "Unrecognized parameter"
1436 sctp_addto_chunk(repl, len, unk_param);
1439 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
1440 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1443 * Note: After sending out INIT ACK with the State Cookie parameter,
1444 * "Z" MUST NOT allocate any resources for this new association.
1445 * Otherwise, "Z" will be vulnerable to resource attacks.
1447 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
1448 retval = SCTP_DISPOSITION_CONSUME;
1453 retval = SCTP_DISPOSITION_NOMEM;
1456 sctp_association_free(new_asoc);
1459 sctp_chunk_free(err_chunk);
1464 * Handle simultanous INIT.
1465 * This means we started an INIT and then we got an INIT request from
1468 * Section: 5.2.1 INIT received in COOKIE-WAIT or COOKIE-ECHOED State (Item B)
1469 * This usually indicates an initialization collision, i.e., each
1470 * endpoint is attempting, at about the same time, to establish an
1471 * association with the other endpoint.
1473 * Upon receipt of an INIT in the COOKIE-WAIT or COOKIE-ECHOED state, an
1474 * endpoint MUST respond with an INIT ACK using the same parameters it
1475 * sent in its original INIT chunk (including its Verification Tag,
1476 * unchanged). These original parameters are combined with those from the
1477 * newly received INIT chunk. The endpoint shall also generate a State
1478 * Cookie with the INIT ACK. The endpoint uses the parameters sent in its
1479 * INIT to calculate the State Cookie.
1481 * After that, the endpoint MUST NOT change its state, the T1-init
1482 * timer shall be left running and the corresponding TCB MUST NOT be
1483 * destroyed. The normal procedures for handling State Cookies when
1484 * a TCB exists will resolve the duplicate INITs to a single association.
1486 * For an endpoint that is in the COOKIE-ECHOED state it MUST populate
1487 * its Tie-Tags with the Tag information of itself and its peer (see
1488 * section 5.2.2 for a description of the Tie-Tags).
1490 * Verification Tag: Not explicit, but an INIT can not have a valid
1491 * verification tag, so we skip the check.
1494 * (endpoint, asoc, chunk)
1497 * (asoc, reply_msg, msg_up, timers, counters)
1499 * The return value is the disposition of the chunk.
1501 sctp_disposition_t sctp_sf_do_5_2_1_siminit(const struct sctp_endpoint *ep,
1502 const struct sctp_association *asoc,
1503 const sctp_subtype_t type,
1505 sctp_cmd_seq_t *commands)
1507 /* Call helper to do the real work for both simulataneous and
1508 * duplicate INIT chunk handling.
1510 return sctp_sf_do_unexpected_init(ep, asoc, type, arg, commands);
1514 * Handle duplicated INIT messages. These are usually delayed
1517 * Section: 5.2.2 Unexpected INIT in States Other than CLOSED,
1518 * COOKIE-ECHOED and COOKIE-WAIT
1520 * Unless otherwise stated, upon reception of an unexpected INIT for
1521 * this association, the endpoint shall generate an INIT ACK with a
1522 * State Cookie. In the outbound INIT ACK the endpoint MUST copy its
1523 * current Verification Tag and peer's Verification Tag into a reserved
1524 * place within the state cookie. We shall refer to these locations as
1525 * the Peer's-Tie-Tag and the Local-Tie-Tag. The outbound SCTP packet
1526 * containing this INIT ACK MUST carry a Verification Tag value equal to
1527 * the Initiation Tag found in the unexpected INIT. And the INIT ACK
1528 * MUST contain a new Initiation Tag (randomly generated see Section
1529 * 5.3.1). Other parameters for the endpoint SHOULD be copied from the
1530 * existing parameters of the association (e.g. number of outbound
1531 * streams) into the INIT ACK and cookie.
1533 * After sending out the INIT ACK, the endpoint shall take no further
1534 * actions, i.e., the existing association, including its current state,
1535 * and the corresponding TCB MUST NOT be changed.
1537 * Note: Only when a TCB exists and the association is not in a COOKIE-
1538 * WAIT state are the Tie-Tags populated. For a normal association INIT
1539 * (i.e. the endpoint is in a COOKIE-WAIT state), the Tie-Tags MUST be
1540 * set to 0 (indicating that no previous TCB existed). The INIT ACK and
1541 * State Cookie are populated as specified in section 5.2.1.
1543 * Verification Tag: Not specified, but an INIT has no way of knowing
1544 * what the verification tag could be, so we ignore it.
1547 * (endpoint, asoc, chunk)
1550 * (asoc, reply_msg, msg_up, timers, counters)
1552 * The return value is the disposition of the chunk.
1554 sctp_disposition_t sctp_sf_do_5_2_2_dupinit(const struct sctp_endpoint *ep,
1555 const struct sctp_association *asoc,
1556 const sctp_subtype_t type,
1558 sctp_cmd_seq_t *commands)
1560 /* Call helper to do the real work for both simulataneous and
1561 * duplicate INIT chunk handling.
1563 return sctp_sf_do_unexpected_init(ep, asoc, type, arg, commands);
1568 * Unexpected INIT-ACK handler.
1571 * If an INIT ACK received by an endpoint in any state other than the
1572 * COOKIE-WAIT state, the endpoint should discard the INIT ACK chunk.
1573 * An unexpected INIT ACK usually indicates the processing of an old or
1574 * duplicated INIT chunk.
1576 sctp_disposition_t sctp_sf_do_5_2_3_initack(const struct sctp_endpoint *ep,
1577 const struct sctp_association *asoc,
1578 const sctp_subtype_t type,
1579 void *arg, sctp_cmd_seq_t *commands)
1581 /* Per the above section, we'll discard the chunk if we have an
1582 * endpoint. If this is an OOTB INIT-ACK, treat it as such.
1584 if (ep == sctp_sk((sctp_get_ctl_sock()))->ep)
1585 return sctp_sf_ootb(ep, asoc, type, arg, commands);
1587 return sctp_sf_discard_chunk(ep, asoc, type, arg, commands);
1590 /* Unexpected COOKIE-ECHO handler for peer restart (Table 2, action 'A')
1593 * A) In this case, the peer may have restarted.
1595 static sctp_disposition_t sctp_sf_do_dupcook_a(const struct sctp_endpoint *ep,
1596 const struct sctp_association *asoc,
1597 struct sctp_chunk *chunk,
1598 sctp_cmd_seq_t *commands,
1599 struct sctp_association *new_asoc)
1601 sctp_init_chunk_t *peer_init;
1602 struct sctp_ulpevent *ev;
1603 struct sctp_chunk *repl;
1604 struct sctp_chunk *err;
1605 sctp_disposition_t disposition;
1607 /* new_asoc is a brand-new association, so these are not yet
1608 * side effects--it is safe to run them here.
1610 peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
1612 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
1613 sctp_source(chunk), peer_init,
1617 /* Make sure no new addresses are being added during the
1618 * restart. Though this is a pretty complicated attack
1619 * since you'd have to get inside the cookie.
1621 if (!sctp_sf_check_restart_addrs(new_asoc, asoc, chunk, commands)) {
1622 return SCTP_DISPOSITION_CONSUME;
1625 /* If the endpoint is in the SHUTDOWN-ACK-SENT state and recognizes
1626 * the peer has restarted (Action A), it MUST NOT setup a new
1627 * association but instead resend the SHUTDOWN ACK and send an ERROR
1628 * chunk with a "Cookie Received while Shutting Down" error cause to
1631 if (sctp_state(asoc, SHUTDOWN_ACK_SENT)) {
1632 disposition = sctp_sf_do_9_2_reshutack(ep, asoc,
1633 SCTP_ST_CHUNK(chunk->chunk_hdr->type),
1635 if (SCTP_DISPOSITION_NOMEM == disposition)
1638 err = sctp_make_op_error(asoc, chunk,
1639 SCTP_ERROR_COOKIE_IN_SHUTDOWN,
1642 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
1645 return SCTP_DISPOSITION_CONSUME;
1648 /* For now, fail any unsent/unacked data. Consider the optional
1649 * choice of resending of this data.
1651 sctp_add_cmd_sf(commands, SCTP_CMD_PURGE_OUTQUEUE, SCTP_NULL());
1653 repl = sctp_make_cookie_ack(new_asoc, chunk);
1657 /* Report association restart to upper layer. */
1658 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_RESTART, 0,
1659 new_asoc->c.sinit_num_ostreams,
1660 new_asoc->c.sinit_max_instreams,
1665 /* Update the content of current association. */
1666 sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc));
1667 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1668 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
1669 return SCTP_DISPOSITION_CONSUME;
1672 sctp_chunk_free(repl);
1674 return SCTP_DISPOSITION_NOMEM;
1677 /* Unexpected COOKIE-ECHO handler for setup collision (Table 2, action 'B')
1680 * B) In this case, both sides may be attempting to start an association
1681 * at about the same time but the peer endpoint started its INIT
1682 * after responding to the local endpoint's INIT
1684 /* This case represents an initialization collision. */
1685 static sctp_disposition_t sctp_sf_do_dupcook_b(const struct sctp_endpoint *ep,
1686 const struct sctp_association *asoc,
1687 struct sctp_chunk *chunk,
1688 sctp_cmd_seq_t *commands,
1689 struct sctp_association *new_asoc)
1691 sctp_init_chunk_t *peer_init;
1692 struct sctp_chunk *repl;
1694 /* new_asoc is a brand-new association, so these are not yet
1695 * side effects--it is safe to run them here.
1697 peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
1698 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
1699 sctp_source(chunk), peer_init,
1703 /* Update the content of current association. */
1704 sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc));
1705 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
1706 SCTP_STATE(SCTP_STATE_ESTABLISHED));
1707 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
1708 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
1710 repl = sctp_make_cookie_ack(new_asoc, chunk);
1714 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1715 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
1717 /* RFC 2960 5.1 Normal Establishment of an Association
1719 * D) IMPLEMENTATION NOTE: An implementation may choose to
1720 * send the Communication Up notification to the SCTP user
1721 * upon reception of a valid COOKIE ECHO chunk.
1723 * Sadly, this needs to be implemented as a side-effect, because
1724 * we are not guaranteed to have set the association id of the real
1725 * association and so these notifications need to be delayed until
1726 * the association id is allocated.
1729 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_CHANGE, SCTP_U8(SCTP_COMM_UP));
1731 /* Sockets API Draft Section 5.3.1.6
1732 * When a peer sends a Adaptation Layer Indication parameter , SCTP
1733 * delivers this notification to inform the application that of the
1734 * peers requested adaptation layer.
1736 * This also needs to be done as a side effect for the same reason as
1739 if (asoc->peer.adaptation_ind)
1740 sctp_add_cmd_sf(commands, SCTP_CMD_ADAPTATION_IND, SCTP_NULL());
1742 return SCTP_DISPOSITION_CONSUME;
1745 return SCTP_DISPOSITION_NOMEM;
1748 /* Unexpected COOKIE-ECHO handler for setup collision (Table 2, action 'C')
1751 * C) In this case, the local endpoint's cookie has arrived late.
1752 * Before it arrived, the local endpoint sent an INIT and received an
1753 * INIT-ACK and finally sent a COOKIE ECHO with the peer's same tag
1754 * but a new tag of its own.
1756 /* This case represents an initialization collision. */
1757 static sctp_disposition_t sctp_sf_do_dupcook_c(const struct sctp_endpoint *ep,
1758 const struct sctp_association *asoc,
1759 struct sctp_chunk *chunk,
1760 sctp_cmd_seq_t *commands,
1761 struct sctp_association *new_asoc)
1763 /* The cookie should be silently discarded.
1764 * The endpoint SHOULD NOT change states and should leave
1765 * any timers running.
1767 return SCTP_DISPOSITION_DISCARD;
1770 /* Unexpected COOKIE-ECHO handler lost chunk (Table 2, action 'D')
1774 * D) When both local and remote tags match the endpoint should always
1775 * enter the ESTABLISHED state, if it has not already done so.
1777 /* This case represents an initialization collision. */
1778 static sctp_disposition_t sctp_sf_do_dupcook_d(const struct sctp_endpoint *ep,
1779 const struct sctp_association *asoc,
1780 struct sctp_chunk *chunk,
1781 sctp_cmd_seq_t *commands,
1782 struct sctp_association *new_asoc)
1784 struct sctp_ulpevent *ev = NULL, *ai_ev = NULL;
1785 struct sctp_chunk *repl;
1787 /* Clarification from Implementor's Guide:
1788 * D) When both local and remote tags match the endpoint should
1789 * enter the ESTABLISHED state, if it is in the COOKIE-ECHOED state.
1790 * It should stop any cookie timer that may be running and send
1794 /* Don't accidentally move back into established state. */
1795 if (asoc->state < SCTP_STATE_ESTABLISHED) {
1796 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
1797 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
1798 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
1799 SCTP_STATE(SCTP_STATE_ESTABLISHED));
1800 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
1801 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START,
1804 /* RFC 2960 5.1 Normal Establishment of an Association
1806 * D) IMPLEMENTATION NOTE: An implementation may choose
1807 * to send the Communication Up notification to the
1808 * SCTP user upon reception of a valid COOKIE
1811 ev = sctp_ulpevent_make_assoc_change(asoc, 0,
1813 asoc->c.sinit_num_ostreams,
1814 asoc->c.sinit_max_instreams,
1819 /* Sockets API Draft Section 5.3.1.6
1820 * When a peer sends a Adaptation Layer Indication parameter,
1821 * SCTP delivers this notification to inform the application
1822 * that of the peers requested adaptation layer.
1824 if (asoc->peer.adaptation_ind) {
1825 ai_ev = sctp_ulpevent_make_adaptation_indication(asoc,
1832 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
1834 repl = sctp_make_cookie_ack(new_asoc, chunk);
1839 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
1842 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
1843 SCTP_ULPEVENT(ai_ev));
1845 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1846 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
1848 return SCTP_DISPOSITION_CONSUME;
1852 sctp_ulpevent_free(ai_ev);
1854 sctp_ulpevent_free(ev);
1855 return SCTP_DISPOSITION_NOMEM;
1859 * Handle a duplicate COOKIE-ECHO. This usually means a cookie-carrying
1860 * chunk was retransmitted and then delayed in the network.
1862 * Section: 5.2.4 Handle a COOKIE ECHO when a TCB exists
1864 * Verification Tag: None. Do cookie validation.
1867 * (endpoint, asoc, chunk)
1870 * (asoc, reply_msg, msg_up, timers, counters)
1872 * The return value is the disposition of the chunk.
1874 sctp_disposition_t sctp_sf_do_5_2_4_dupcook(const struct sctp_endpoint *ep,
1875 const struct sctp_association *asoc,
1876 const sctp_subtype_t type,
1878 sctp_cmd_seq_t *commands)
1880 sctp_disposition_t retval;
1881 struct sctp_chunk *chunk = arg;
1882 struct sctp_association *new_asoc;
1885 struct sctp_chunk *err_chk_p;
1887 /* Make sure that the chunk has a valid length from the protocol
1888 * perspective. In this case check to make sure we have at least
1889 * enough for the chunk header. Cookie length verification is
1892 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
1893 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
1896 /* "Decode" the chunk. We have no optional parameters so we
1897 * are in good shape.
1899 chunk->subh.cookie_hdr = (struct sctp_signed_cookie *)chunk->skb->data;
1900 if (!pskb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) -
1901 sizeof(sctp_chunkhdr_t)))
1904 /* In RFC 2960 5.2.4 3, if both Verification Tags in the State Cookie
1905 * of a duplicate COOKIE ECHO match the Verification Tags of the
1906 * current association, consider the State Cookie valid even if
1907 * the lifespan is exceeded.
1909 new_asoc = sctp_unpack_cookie(ep, asoc, chunk, GFP_ATOMIC, &error,
1913 * If the re-build failed, what is the proper error path
1916 * [We should abort the association. --piggy]
1919 /* FIXME: Several errors are possible. A bad cookie should
1920 * be silently discarded, but think about logging it too.
1923 case -SCTP_IERROR_NOMEM:
1926 case -SCTP_IERROR_STALE_COOKIE:
1927 sctp_send_stale_cookie_err(ep, asoc, chunk, commands,
1929 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1930 case -SCTP_IERROR_BAD_SIG:
1932 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1936 /* Compare the tie_tag in cookie with the verification tag of
1937 * current association.
1939 action = sctp_tietags_compare(new_asoc, asoc);
1942 case 'A': /* Association restart. */
1943 retval = sctp_sf_do_dupcook_a(ep, asoc, chunk, commands,
1947 case 'B': /* Collision case B. */
1948 retval = sctp_sf_do_dupcook_b(ep, asoc, chunk, commands,
1952 case 'C': /* Collision case C. */
1953 retval = sctp_sf_do_dupcook_c(ep, asoc, chunk, commands,
1957 case 'D': /* Collision case D. */
1958 retval = sctp_sf_do_dupcook_d(ep, asoc, chunk, commands,
1962 default: /* Discard packet for all others. */
1963 retval = sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1967 /* Delete the tempory new association. */
1968 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
1969 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
1974 return SCTP_DISPOSITION_NOMEM;
1978 * Process an ABORT. (SHUTDOWN-PENDING state)
1980 * See sctp_sf_do_9_1_abort().
1982 sctp_disposition_t sctp_sf_shutdown_pending_abort(
1983 const struct sctp_endpoint *ep,
1984 const struct sctp_association *asoc,
1985 const sctp_subtype_t type,
1987 sctp_cmd_seq_t *commands)
1989 struct sctp_chunk *chunk = arg;
1991 if (!sctp_vtag_verify_either(chunk, asoc))
1992 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1994 /* Make sure that the ABORT chunk has a valid length.
1995 * Since this is an ABORT chunk, we have to discard it
1996 * because of the following text:
1997 * RFC 2960, Section 3.3.7
1998 * If an endpoint receives an ABORT with a format error or for an
1999 * association that doesn't exist, it MUST silently discard it.
2000 * Becasue the length is "invalid", we can't really discard just
2001 * as we do not know its true length. So, to be safe, discard the
2004 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_abort_chunk_t)))
2005 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2007 /* Stop the T5-shutdown guard timer. */
2008 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2009 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
2011 return sctp_sf_do_9_1_abort(ep, asoc, type, arg, commands);
2015 * Process an ABORT. (SHUTDOWN-SENT state)
2017 * See sctp_sf_do_9_1_abort().
2019 sctp_disposition_t sctp_sf_shutdown_sent_abort(const struct sctp_endpoint *ep,
2020 const struct sctp_association *asoc,
2021 const sctp_subtype_t type,
2023 sctp_cmd_seq_t *commands)
2025 struct sctp_chunk *chunk = arg;
2027 if (!sctp_vtag_verify_either(chunk, asoc))
2028 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2030 /* Make sure that the ABORT chunk has a valid length.
2031 * Since this is an ABORT chunk, we have to discard it
2032 * because of the following text:
2033 * RFC 2960, Section 3.3.7
2034 * If an endpoint receives an ABORT with a format error or for an
2035 * association that doesn't exist, it MUST silently discard it.
2036 * Becasue the length is "invalid", we can't really discard just
2037 * as we do not know its true length. So, to be safe, discard the
2040 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_abort_chunk_t)))
2041 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2043 /* Stop the T2-shutdown timer. */
2044 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2045 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
2047 /* Stop the T5-shutdown guard timer. */
2048 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2049 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
2051 return sctp_sf_do_9_1_abort(ep, asoc, type, arg, commands);
2055 * Process an ABORT. (SHUTDOWN-ACK-SENT state)
2057 * See sctp_sf_do_9_1_abort().
2059 sctp_disposition_t sctp_sf_shutdown_ack_sent_abort(
2060 const struct sctp_endpoint *ep,
2061 const struct sctp_association *asoc,
2062 const sctp_subtype_t type,
2064 sctp_cmd_seq_t *commands)
2066 /* The same T2 timer, so we should be able to use
2067 * common function with the SHUTDOWN-SENT state.
2069 return sctp_sf_shutdown_sent_abort(ep, asoc, type, arg, commands);
2073 * Handle an Error received in COOKIE_ECHOED state.
2075 * Only handle the error type of stale COOKIE Error, the other errors will
2079 * (endpoint, asoc, chunk)
2082 * (asoc, reply_msg, msg_up, timers, counters)
2084 * The return value is the disposition of the chunk.
2086 sctp_disposition_t sctp_sf_cookie_echoed_err(const struct sctp_endpoint *ep,
2087 const struct sctp_association *asoc,
2088 const sctp_subtype_t type,
2090 sctp_cmd_seq_t *commands)
2092 struct sctp_chunk *chunk = arg;
2095 if (!sctp_vtag_verify(chunk, asoc))
2096 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2098 /* Make sure that the ERROR chunk has a valid length.
2099 * The parameter walking depends on this as well.
2101 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_operr_chunk_t)))
2102 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2105 /* Process the error here */
2106 /* FUTURE FIXME: When PR-SCTP related and other optional
2107 * parms are emitted, this will have to change to handle multiple
2110 sctp_walk_errors(err, chunk->chunk_hdr) {
2111 if (SCTP_ERROR_STALE_COOKIE == err->cause)
2112 return sctp_sf_do_5_2_6_stale(ep, asoc, type,
2116 /* It is possible to have malformed error causes, and that
2117 * will cause us to end the walk early. However, since
2118 * we are discarding the packet, there should be no adverse
2121 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2125 * Handle a Stale COOKIE Error
2127 * Section: 5.2.6 Handle Stale COOKIE Error
2128 * If the association is in the COOKIE-ECHOED state, the endpoint may elect
2129 * one of the following three alternatives.
2131 * 3) Send a new INIT chunk to the endpoint, adding a Cookie
2132 * Preservative parameter requesting an extension to the lifetime of
2133 * the State Cookie. When calculating the time extension, an
2134 * implementation SHOULD use the RTT information measured based on the
2135 * previous COOKIE ECHO / ERROR exchange, and should add no more
2136 * than 1 second beyond the measured RTT, due to long State Cookie
2137 * lifetimes making the endpoint more subject to a replay attack.
2139 * Verification Tag: Not explicit, but safe to ignore.
2142 * (endpoint, asoc, chunk)
2145 * (asoc, reply_msg, msg_up, timers, counters)
2147 * The return value is the disposition of the chunk.
2149 static sctp_disposition_t sctp_sf_do_5_2_6_stale(const struct sctp_endpoint *ep,
2150 const struct sctp_association *asoc,
2151 const sctp_subtype_t type,
2153 sctp_cmd_seq_t *commands)
2155 struct sctp_chunk *chunk = arg;
2157 sctp_cookie_preserve_param_t bht;
2159 struct sctp_chunk *reply;
2160 struct sctp_bind_addr *bp;
2161 int attempts = asoc->init_err_counter + 1;
2163 if (attempts > asoc->max_init_attempts) {
2164 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
2165 SCTP_ERROR(ETIMEDOUT));
2166 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
2167 SCTP_PERR(SCTP_ERROR_STALE_COOKIE));
2168 return SCTP_DISPOSITION_DELETE_TCB;
2171 err = (sctp_errhdr_t *)(chunk->skb->data);
2173 /* When calculating the time extension, an implementation
2174 * SHOULD use the RTT information measured based on the
2175 * previous COOKIE ECHO / ERROR exchange, and should add no
2176 * more than 1 second beyond the measured RTT, due to long
2177 * State Cookie lifetimes making the endpoint more subject to
2179 * Measure of Staleness's unit is usec. (1/1000000 sec)
2180 * Suggested Cookie Life-span Increment's unit is msec.
2182 * In general, if you use the suggested cookie life, the value
2183 * found in the field of measure of staleness should be doubled
2184 * to give ample time to retransmit the new cookie and thus
2185 * yield a higher probability of success on the reattempt.
2187 stale = ntohl(*(__be32 *)((u8 *)err + sizeof(sctp_errhdr_t)));
2188 stale = (stale * 2) / 1000;
2190 bht.param_hdr.type = SCTP_PARAM_COOKIE_PRESERVATIVE;
2191 bht.param_hdr.length = htons(sizeof(bht));
2192 bht.lifespan_increment = htonl(stale);
2194 /* Build that new INIT chunk. */
2195 bp = (struct sctp_bind_addr *) &asoc->base.bind_addr;
2196 reply = sctp_make_init(asoc, bp, GFP_ATOMIC, sizeof(bht));
2200 sctp_addto_chunk(reply, sizeof(bht), &bht);
2202 /* Clear peer's init_tag cached in assoc as we are sending a new INIT */
2203 sctp_add_cmd_sf(commands, SCTP_CMD_CLEAR_INIT_TAG, SCTP_NULL());
2205 /* Stop pending T3-rtx and heartbeat timers */
2206 sctp_add_cmd_sf(commands, SCTP_CMD_T3_RTX_TIMERS_STOP, SCTP_NULL());
2207 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_STOP, SCTP_NULL());
2209 /* Delete non-primary peer ip addresses since we are transitioning
2210 * back to the COOKIE-WAIT state
2212 sctp_add_cmd_sf(commands, SCTP_CMD_DEL_NON_PRIMARY, SCTP_NULL());
2214 /* If we've sent any data bundled with COOKIE-ECHO we will need to
2217 sctp_add_cmd_sf(commands, SCTP_CMD_RETRAN,
2218 SCTP_TRANSPORT(asoc->peer.primary_path));
2220 /* Cast away the const modifier, as we want to just
2221 * rerun it through as a sideffect.
2223 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_COUNTER_INC, SCTP_NULL());
2225 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2226 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
2227 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
2228 SCTP_STATE(SCTP_STATE_COOKIE_WAIT));
2229 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
2230 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
2232 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
2234 return SCTP_DISPOSITION_CONSUME;
2237 return SCTP_DISPOSITION_NOMEM;
2244 * After checking the Verification Tag, the receiving endpoint shall
2245 * remove the association from its record, and shall report the
2246 * termination to its upper layer.
2248 * Verification Tag: 8.5.1 Exceptions in Verification Tag Rules
2249 * B) Rules for packet carrying ABORT:
2251 * - The endpoint shall always fill in the Verification Tag field of the
2252 * outbound packet with the destination endpoint's tag value if it
2255 * - If the ABORT is sent in response to an OOTB packet, the endpoint
2256 * MUST follow the procedure described in Section 8.4.
2258 * - The receiver MUST accept the packet if the Verification Tag
2259 * matches either its own tag, OR the tag of its peer. Otherwise, the
2260 * receiver MUST silently discard the packet and take no further
2264 * (endpoint, asoc, chunk)
2267 * (asoc, reply_msg, msg_up, timers, counters)
2269 * The return value is the disposition of the chunk.
2271 sctp_disposition_t sctp_sf_do_9_1_abort(const struct sctp_endpoint *ep,
2272 const struct sctp_association *asoc,
2273 const sctp_subtype_t type,
2275 sctp_cmd_seq_t *commands)
2277 struct sctp_chunk *chunk = arg;
2279 __be16 error = SCTP_ERROR_NO_ERROR;
2281 if (!sctp_vtag_verify_either(chunk, asoc))
2282 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2284 /* Make sure that the ABORT chunk has a valid length.
2285 * Since this is an ABORT chunk, we have to discard it
2286 * because of the following text:
2287 * RFC 2960, Section 3.3.7
2288 * If an endpoint receives an ABORT with a format error or for an
2289 * association that doesn't exist, it MUST silently discard it.
2290 * Becasue the length is "invalid", we can't really discard just
2291 * as we do not know its true length. So, to be safe, discard the
2294 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_abort_chunk_t)))
2295 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2297 /* See if we have an error cause code in the chunk. */
2298 len = ntohs(chunk->chunk_hdr->length);
2299 if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr))
2300 error = ((sctp_errhdr_t *)chunk->skb->data)->cause;
2302 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNRESET));
2303 /* ASSOC_FAILED will DELETE_TCB. */
2304 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_PERR(error));
2305 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
2306 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
2308 return SCTP_DISPOSITION_ABORT;
2312 * Process an ABORT. (COOKIE-WAIT state)
2314 * See sctp_sf_do_9_1_abort() above.
2316 sctp_disposition_t sctp_sf_cookie_wait_abort(const struct sctp_endpoint *ep,
2317 const struct sctp_association *asoc,
2318 const sctp_subtype_t type,
2320 sctp_cmd_seq_t *commands)
2322 struct sctp_chunk *chunk = arg;
2324 __be16 error = SCTP_ERROR_NO_ERROR;
2326 if (!sctp_vtag_verify_either(chunk, asoc))
2327 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2329 /* Make sure that the ABORT chunk has a valid length.
2330 * Since this is an ABORT chunk, we have to discard it
2331 * because of the following text:
2332 * RFC 2960, Section 3.3.7
2333 * If an endpoint receives an ABORT with a format error or for an
2334 * association that doesn't exist, it MUST silently discard it.
2335 * Becasue the length is "invalid", we can't really discard just
2336 * as we do not know its true length. So, to be safe, discard the
2339 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_abort_chunk_t)))
2340 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2342 /* See if we have an error cause code in the chunk. */
2343 len = ntohs(chunk->chunk_hdr->length);
2344 if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr))
2345 error = ((sctp_errhdr_t *)chunk->skb->data)->cause;
2347 return sctp_stop_t1_and_abort(commands, error, ECONNREFUSED, asoc,
2352 * Process an incoming ICMP as an ABORT. (COOKIE-WAIT state)
2354 sctp_disposition_t sctp_sf_cookie_wait_icmp_abort(const struct sctp_endpoint *ep,
2355 const struct sctp_association *asoc,
2356 const sctp_subtype_t type,
2358 sctp_cmd_seq_t *commands)
2360 return sctp_stop_t1_and_abort(commands, SCTP_ERROR_NO_ERROR,
2362 (struct sctp_transport *)arg);
2366 * Process an ABORT. (COOKIE-ECHOED state)
2368 sctp_disposition_t sctp_sf_cookie_echoed_abort(const struct sctp_endpoint *ep,
2369 const struct sctp_association *asoc,
2370 const sctp_subtype_t type,
2372 sctp_cmd_seq_t *commands)
2374 /* There is a single T1 timer, so we should be able to use
2375 * common function with the COOKIE-WAIT state.
2377 return sctp_sf_cookie_wait_abort(ep, asoc, type, arg, commands);
2381 * Stop T1 timer and abort association with "INIT failed".
2383 * This is common code called by several sctp_sf_*_abort() functions above.
2385 static sctp_disposition_t sctp_stop_t1_and_abort(sctp_cmd_seq_t *commands,
2386 __be16 error, int sk_err,
2387 const struct sctp_association *asoc,
2388 struct sctp_transport *transport)
2390 SCTP_DEBUG_PRINTK("ABORT received (INIT).\n");
2391 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
2392 SCTP_STATE(SCTP_STATE_CLOSED));
2393 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
2394 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2395 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
2396 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(sk_err));
2397 /* CMD_INIT_FAILED will DELETE_TCB. */
2398 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
2400 return SCTP_DISPOSITION_ABORT;
2404 * sctp_sf_do_9_2_shut
2407 * Upon the reception of the SHUTDOWN, the peer endpoint shall
2408 * - enter the SHUTDOWN-RECEIVED state,
2410 * - stop accepting new data from its SCTP user
2412 * - verify, by checking the Cumulative TSN Ack field of the chunk,
2413 * that all its outstanding DATA chunks have been received by the
2416 * Once an endpoint as reached the SHUTDOWN-RECEIVED state it MUST NOT
2417 * send a SHUTDOWN in response to a ULP request. And should discard
2418 * subsequent SHUTDOWN chunks.
2420 * If there are still outstanding DATA chunks left, the SHUTDOWN
2421 * receiver shall continue to follow normal data transmission
2422 * procedures defined in Section 6 until all outstanding DATA chunks
2423 * are acknowledged; however, the SHUTDOWN receiver MUST NOT accept
2424 * new data from its SCTP user.
2426 * Verification Tag: 8.5 Verification Tag [Normal verification]
2429 * (endpoint, asoc, chunk)
2432 * (asoc, reply_msg, msg_up, timers, counters)
2434 * The return value is the disposition of the chunk.
2436 sctp_disposition_t sctp_sf_do_9_2_shutdown(const struct sctp_endpoint *ep,
2437 const struct sctp_association *asoc,
2438 const sctp_subtype_t type,
2440 sctp_cmd_seq_t *commands)
2442 struct sctp_chunk *chunk = arg;
2443 sctp_shutdownhdr_t *sdh;
2444 sctp_disposition_t disposition;
2445 struct sctp_ulpevent *ev;
2447 if (!sctp_vtag_verify(chunk, asoc))
2448 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2450 /* Make sure that the SHUTDOWN chunk has a valid length. */
2451 if (!sctp_chunk_length_valid(chunk,
2452 sizeof(struct sctp_shutdown_chunk_t)))
2453 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2456 /* Convert the elaborate header. */
2457 sdh = (sctp_shutdownhdr_t *)chunk->skb->data;
2458 skb_pull(chunk->skb, sizeof(sctp_shutdownhdr_t));
2459 chunk->subh.shutdown_hdr = sdh;
2461 /* API 5.3.1.5 SCTP_SHUTDOWN_EVENT
2462 * When a peer sends a SHUTDOWN, SCTP delivers this notification to
2463 * inform the application that it should cease sending data.
2465 ev = sctp_ulpevent_make_shutdown_event(asoc, 0, GFP_ATOMIC);
2467 disposition = SCTP_DISPOSITION_NOMEM;
2470 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
2472 /* Upon the reception of the SHUTDOWN, the peer endpoint shall
2473 * - enter the SHUTDOWN-RECEIVED state,
2474 * - stop accepting new data from its SCTP user
2476 * [This is implicit in the new state.]
2478 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
2479 SCTP_STATE(SCTP_STATE_SHUTDOWN_RECEIVED));
2480 disposition = SCTP_DISPOSITION_CONSUME;
2482 if (sctp_outq_is_empty(&asoc->outqueue)) {
2483 disposition = sctp_sf_do_9_2_shutdown_ack(ep, asoc, type,
2487 if (SCTP_DISPOSITION_NOMEM == disposition)
2490 /* - verify, by checking the Cumulative TSN Ack field of the
2491 * chunk, that all its outstanding DATA chunks have been
2492 * received by the SHUTDOWN sender.
2494 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_CTSN,
2495 SCTP_BE32(chunk->subh.shutdown_hdr->cum_tsn_ack));
2502 * If an endpoint is in SHUTDOWN-ACK-SENT state and receives an INIT chunk
2503 * (e.g., if the SHUTDOWN COMPLETE was lost) with source and destination
2504 * transport addresses (either in the IP addresses or in the INIT chunk)
2505 * that belong to this association, it should discard the INIT chunk and
2506 * retransmit the SHUTDOWN ACK chunk.
2508 sctp_disposition_t sctp_sf_do_9_2_reshutack(const struct sctp_endpoint *ep,
2509 const struct sctp_association *asoc,
2510 const sctp_subtype_t type,
2512 sctp_cmd_seq_t *commands)
2514 struct sctp_chunk *chunk = (struct sctp_chunk *) arg;
2515 struct sctp_chunk *reply;
2517 /* Make sure that the chunk has a valid length */
2518 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
2519 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2522 /* Since we are not going to really process this INIT, there
2523 * is no point in verifying chunk boundries. Just generate
2526 reply = sctp_make_shutdown_ack(asoc, chunk);
2530 /* Set the transport for the SHUTDOWN ACK chunk and the timeout for
2531 * the T2-SHUTDOWN timer.
2533 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
2535 /* and restart the T2-shutdown timer. */
2536 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2537 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
2539 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
2541 return SCTP_DISPOSITION_CONSUME;
2543 return SCTP_DISPOSITION_NOMEM;
2547 * sctp_sf_do_ecn_cwr
2549 * Section: Appendix A: Explicit Congestion Notification
2553 * RFC 2481 details a specific bit for a sender to send in the header of
2554 * its next outbound TCP segment to indicate to its peer that it has
2555 * reduced its congestion window. This is termed the CWR bit. For
2556 * SCTP the same indication is made by including the CWR chunk.
2557 * This chunk contains one data element, i.e. the TSN number that
2558 * was sent in the ECNE chunk. This element represents the lowest
2559 * TSN number in the datagram that was originally marked with the
2562 * Verification Tag: 8.5 Verification Tag [Normal verification]
2564 * (endpoint, asoc, chunk)
2567 * (asoc, reply_msg, msg_up, timers, counters)
2569 * The return value is the disposition of the chunk.
2571 sctp_disposition_t sctp_sf_do_ecn_cwr(const struct sctp_endpoint *ep,
2572 const struct sctp_association *asoc,
2573 const sctp_subtype_t type,
2575 sctp_cmd_seq_t *commands)
2578 struct sctp_chunk *chunk = arg;
2581 if (!sctp_vtag_verify(chunk, asoc))
2582 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2584 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_ecne_chunk_t)))
2585 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2588 cwr = (sctp_cwrhdr_t *) chunk->skb->data;
2589 skb_pull(chunk->skb, sizeof(sctp_cwrhdr_t));
2591 lowest_tsn = ntohl(cwr->lowest_tsn);
2593 /* Does this CWR ack the last sent congestion notification? */
2594 if (TSN_lte(asoc->last_ecne_tsn, lowest_tsn)) {
2595 /* Stop sending ECNE. */
2596 sctp_add_cmd_sf(commands,
2598 SCTP_U32(lowest_tsn));
2600 return SCTP_DISPOSITION_CONSUME;
2606 * Section: Appendix A: Explicit Congestion Notification
2610 * RFC 2481 details a specific bit for a receiver to send back in its
2611 * TCP acknowledgements to notify the sender of the Congestion
2612 * Experienced (CE) bit having arrived from the network. For SCTP this
2613 * same indication is made by including the ECNE chunk. This chunk
2614 * contains one data element, i.e. the lowest TSN associated with the IP
2615 * datagram marked with the CE bit.....
2617 * Verification Tag: 8.5 Verification Tag [Normal verification]
2619 * (endpoint, asoc, chunk)
2622 * (asoc, reply_msg, msg_up, timers, counters)
2624 * The return value is the disposition of the chunk.
2626 sctp_disposition_t sctp_sf_do_ecne(const struct sctp_endpoint *ep,
2627 const struct sctp_association *asoc,
2628 const sctp_subtype_t type,
2630 sctp_cmd_seq_t *commands)
2632 sctp_ecnehdr_t *ecne;
2633 struct sctp_chunk *chunk = arg;
2635 if (!sctp_vtag_verify(chunk, asoc))
2636 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2638 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_ecne_chunk_t)))
2639 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2642 ecne = (sctp_ecnehdr_t *) chunk->skb->data;
2643 skb_pull(chunk->skb, sizeof(sctp_ecnehdr_t));
2645 /* If this is a newer ECNE than the last CWR packet we sent out */
2646 sctp_add_cmd_sf(commands, SCTP_CMD_ECN_ECNE,
2647 SCTP_U32(ntohl(ecne->lowest_tsn)));
2649 return SCTP_DISPOSITION_CONSUME;
2653 * Section: 6.2 Acknowledgement on Reception of DATA Chunks
2655 * The SCTP endpoint MUST always acknowledge the reception of each valid
2658 * The guidelines on delayed acknowledgement algorithm specified in
2659 * Section 4.2 of [RFC2581] SHOULD be followed. Specifically, an
2660 * acknowledgement SHOULD be generated for at least every second packet
2661 * (not every second DATA chunk) received, and SHOULD be generated within
2662 * 200 ms of the arrival of any unacknowledged DATA chunk. In some
2663 * situations it may be beneficial for an SCTP transmitter to be more
2664 * conservative than the algorithms detailed in this document allow.
2665 * However, an SCTP transmitter MUST NOT be more aggressive than the
2666 * following algorithms allow.
2668 * A SCTP receiver MUST NOT generate more than one SACK for every
2669 * incoming packet, other than to update the offered window as the
2670 * receiving application consumes new data.
2672 * Verification Tag: 8.5 Verification Tag [Normal verification]
2675 * (endpoint, asoc, chunk)
2678 * (asoc, reply_msg, msg_up, timers, counters)
2680 * The return value is the disposition of the chunk.
2682 sctp_disposition_t sctp_sf_eat_data_6_2(const struct sctp_endpoint *ep,
2683 const struct sctp_association *asoc,
2684 const sctp_subtype_t type,
2686 sctp_cmd_seq_t *commands)
2688 struct sctp_chunk *chunk = arg;
2691 if (!sctp_vtag_verify(chunk, asoc)) {
2692 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
2694 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2697 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_data_chunk_t)))
2698 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2701 error = sctp_eat_data(asoc, chunk, commands );
2703 case SCTP_IERROR_NO_ERROR:
2705 case SCTP_IERROR_HIGH_TSN:
2706 case SCTP_IERROR_BAD_STREAM:
2707 SCTP_INC_STATS(SCTP_MIB_IN_DATA_CHUNK_DISCARDS);
2708 goto discard_noforce;
2709 case SCTP_IERROR_DUP_TSN:
2710 case SCTP_IERROR_IGNORE_TSN:
2711 SCTP_INC_STATS(SCTP_MIB_IN_DATA_CHUNK_DISCARDS);
2713 case SCTP_IERROR_NO_DATA:
2719 if (asoc->autoclose) {
2720 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2721 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
2724 /* If this is the last chunk in a packet, we need to count it
2725 * toward sack generation. Note that we need to SACK every
2726 * OTHER packet containing data chunks, EVEN IF WE DISCARD
2727 * THEM. We elect to NOT generate SACK's if the chunk fails
2728 * the verification tag test.
2730 * RFC 2960 6.2 Acknowledgement on Reception of DATA Chunks
2732 * The SCTP endpoint MUST always acknowledge the reception of
2733 * each valid DATA chunk.
2735 * The guidelines on delayed acknowledgement algorithm
2736 * specified in Section 4.2 of [RFC2581] SHOULD be followed.
2737 * Specifically, an acknowledgement SHOULD be generated for at
2738 * least every second packet (not every second DATA chunk)
2739 * received, and SHOULD be generated within 200 ms of the
2740 * arrival of any unacknowledged DATA chunk. In some
2741 * situations it may be beneficial for an SCTP transmitter to
2742 * be more conservative than the algorithms detailed in this
2743 * document allow. However, an SCTP transmitter MUST NOT be
2744 * more aggressive than the following algorithms allow.
2746 if (chunk->end_of_packet)
2747 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_NOFORCE());
2749 return SCTP_DISPOSITION_CONSUME;
2752 /* RFC 2960 6.2 Acknowledgement on Reception of DATA Chunks
2754 * When a packet arrives with duplicate DATA chunk(s) and with
2755 * no new DATA chunk(s), the endpoint MUST immediately send a
2756 * SACK with no delay. If a packet arrives with duplicate
2757 * DATA chunk(s) bundled with new DATA chunks, the endpoint
2758 * MAY immediately send a SACK. Normally receipt of duplicate
2759 * DATA chunks will occur when the original SACK chunk was lost
2760 * and the peer's RTO has expired. The duplicate TSN number(s)
2761 * SHOULD be reported in the SACK as duplicate.
2763 /* In our case, we split the MAY SACK advice up whether or not
2764 * the last chunk is a duplicate.'
2766 if (chunk->end_of_packet)
2767 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
2768 return SCTP_DISPOSITION_DISCARD;
2771 if (chunk->end_of_packet)
2772 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_NOFORCE());
2774 return SCTP_DISPOSITION_DISCARD;
2776 return SCTP_DISPOSITION_CONSUME;
2781 * sctp_sf_eat_data_fast_4_4
2784 * (4) In SHUTDOWN-SENT state the endpoint MUST acknowledge any received
2785 * DATA chunks without delay.
2787 * Verification Tag: 8.5 Verification Tag [Normal verification]
2789 * (endpoint, asoc, chunk)
2792 * (asoc, reply_msg, msg_up, timers, counters)
2794 * The return value is the disposition of the chunk.
2796 sctp_disposition_t sctp_sf_eat_data_fast_4_4(const struct sctp_endpoint *ep,
2797 const struct sctp_association *asoc,
2798 const sctp_subtype_t type,
2800 sctp_cmd_seq_t *commands)
2802 struct sctp_chunk *chunk = arg;
2805 if (!sctp_vtag_verify(chunk, asoc)) {
2806 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
2808 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2811 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_data_chunk_t)))
2812 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2815 error = sctp_eat_data(asoc, chunk, commands );
2817 case SCTP_IERROR_NO_ERROR:
2818 case SCTP_IERROR_HIGH_TSN:
2819 case SCTP_IERROR_DUP_TSN:
2820 case SCTP_IERROR_IGNORE_TSN:
2821 case SCTP_IERROR_BAD_STREAM:
2823 case SCTP_IERROR_NO_DATA:
2829 /* Go a head and force a SACK, since we are shutting down. */
2831 /* Implementor's Guide.
2833 * While in SHUTDOWN-SENT state, the SHUTDOWN sender MUST immediately
2834 * respond to each received packet containing one or more DATA chunk(s)
2835 * with a SACK, a SHUTDOWN chunk, and restart the T2-shutdown timer
2837 if (chunk->end_of_packet) {
2838 /* We must delay the chunk creation since the cumulative
2839 * TSN has not been updated yet.
2841 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SHUTDOWN, SCTP_NULL());
2842 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
2843 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2844 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
2848 return SCTP_DISPOSITION_CONSUME;
2852 * Section: 6.2 Processing a Received SACK
2853 * D) Any time a SACK arrives, the endpoint performs the following:
2855 * i) If Cumulative TSN Ack is less than the Cumulative TSN Ack Point,
2856 * then drop the SACK. Since Cumulative TSN Ack is monotonically
2857 * increasing, a SACK whose Cumulative TSN Ack is less than the
2858 * Cumulative TSN Ack Point indicates an out-of-order SACK.
2860 * ii) Set rwnd equal to the newly received a_rwnd minus the number
2861 * of bytes still outstanding after processing the Cumulative TSN Ack
2862 * and the Gap Ack Blocks.
2864 * iii) If the SACK is missing a TSN that was previously
2865 * acknowledged via a Gap Ack Block (e.g., the data receiver
2866 * reneged on the data), then mark the corresponding DATA chunk
2867 * as available for retransmit: Mark it as missing for fast
2868 * retransmit as described in Section 7.2.4 and if no retransmit
2869 * timer is running for the destination address to which the DATA
2870 * chunk was originally transmitted, then T3-rtx is started for
2871 * that destination address.
2873 * Verification Tag: 8.5 Verification Tag [Normal verification]
2876 * (endpoint, asoc, chunk)
2879 * (asoc, reply_msg, msg_up, timers, counters)
2881 * The return value is the disposition of the chunk.
2883 sctp_disposition_t sctp_sf_eat_sack_6_2(const struct sctp_endpoint *ep,
2884 const struct sctp_association *asoc,
2885 const sctp_subtype_t type,
2887 sctp_cmd_seq_t *commands)
2889 struct sctp_chunk *chunk = arg;
2890 sctp_sackhdr_t *sackh;
2893 if (!sctp_vtag_verify(chunk, asoc))
2894 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2896 /* Make sure that the SACK chunk has a valid length. */
2897 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_sack_chunk_t)))
2898 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2901 /* Pull the SACK chunk from the data buffer */
2902 sackh = sctp_sm_pull_sack(chunk);
2903 /* Was this a bogus SACK? */
2905 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2906 chunk->subh.sack_hdr = sackh;
2907 ctsn = ntohl(sackh->cum_tsn_ack);
2909 /* i) If Cumulative TSN Ack is less than the Cumulative TSN
2910 * Ack Point, then drop the SACK. Since Cumulative TSN
2911 * Ack is monotonically increasing, a SACK whose
2912 * Cumulative TSN Ack is less than the Cumulative TSN Ack
2913 * Point indicates an out-of-order SACK.
2915 if (TSN_lt(ctsn, asoc->ctsn_ack_point)) {
2916 SCTP_DEBUG_PRINTK("ctsn %x\n", ctsn);
2917 SCTP_DEBUG_PRINTK("ctsn_ack_point %x\n", asoc->ctsn_ack_point);
2918 return SCTP_DISPOSITION_DISCARD;
2921 /* If Cumulative TSN Ack beyond the max tsn currently
2922 * send, terminating the association and respond to the
2923 * sender with an ABORT.
2925 if (!TSN_lt(ctsn, asoc->next_tsn))
2926 return sctp_sf_violation_ctsn(ep, asoc, type, arg, commands);
2928 /* Return this SACK for further processing. */
2929 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_SACK, SCTP_SACKH(sackh));
2931 /* Note: We do the rest of the work on the PROCESS_SACK
2934 return SCTP_DISPOSITION_CONSUME;
2938 * Generate an ABORT in response to a packet.
2940 * Section: 8.4 Handle "Out of the blue" Packets, sctpimpguide 2.41
2942 * 8) The receiver should respond to the sender of the OOTB packet with
2943 * an ABORT. When sending the ABORT, the receiver of the OOTB packet
2944 * MUST fill in the Verification Tag field of the outbound packet
2945 * with the value found in the Verification Tag field of the OOTB
2946 * packet and set the T-bit in the Chunk Flags to indicate that the
2947 * Verification Tag is reflected. After sending this ABORT, the
2948 * receiver of the OOTB packet shall discard the OOTB packet and take
2949 * no further action.
2953 * The return value is the disposition of the chunk.
2955 static sctp_disposition_t sctp_sf_tabort_8_4_8(const struct sctp_endpoint *ep,
2956 const struct sctp_association *asoc,
2957 const sctp_subtype_t type,
2959 sctp_cmd_seq_t *commands)
2961 struct sctp_packet *packet = NULL;
2962 struct sctp_chunk *chunk = arg;
2963 struct sctp_chunk *abort;
2965 packet = sctp_ootb_pkt_new(asoc, chunk);
2968 /* Make an ABORT. The T bit will be set if the asoc
2971 abort = sctp_make_abort(asoc, chunk, 0);
2973 sctp_ootb_pkt_free(packet);
2974 return SCTP_DISPOSITION_NOMEM;
2977 /* Reflect vtag if T-Bit is set */
2978 if (sctp_test_T_bit(abort))
2979 packet->vtag = ntohl(chunk->sctp_hdr->vtag);
2981 /* Set the skb to the belonging sock for accounting. */
2982 abort->skb->sk = ep->base.sk;
2984 sctp_packet_append_chunk(packet, abort);
2986 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
2987 SCTP_PACKET(packet));
2989 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
2991 sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2992 return SCTP_DISPOSITION_CONSUME;
2995 return SCTP_DISPOSITION_NOMEM;
2999 * Received an ERROR chunk from peer. Generate SCTP_REMOTE_ERROR
3000 * event as ULP notification for each cause included in the chunk.
3002 * API 5.3.1.3 - SCTP_REMOTE_ERROR
3004 * The return value is the disposition of the chunk.
3006 sctp_disposition_t sctp_sf_operr_notify(const struct sctp_endpoint *ep,
3007 const struct sctp_association *asoc,
3008 const sctp_subtype_t type,
3010 sctp_cmd_seq_t *commands)
3012 struct sctp_chunk *chunk = arg;
3013 struct sctp_ulpevent *ev;
3015 if (!sctp_vtag_verify(chunk, asoc))
3016 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3018 /* Make sure that the ERROR chunk has a valid length. */
3019 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_operr_chunk_t)))
3020 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3023 while (chunk->chunk_end > chunk->skb->data) {
3024 ev = sctp_ulpevent_make_remote_error(asoc, chunk, 0,
3029 if (!sctp_add_cmd(commands, SCTP_CMD_EVENT_ULP,
3030 SCTP_ULPEVENT(ev))) {
3031 sctp_ulpevent_free(ev);
3035 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_OPERR,
3038 return SCTP_DISPOSITION_CONSUME;
3041 return SCTP_DISPOSITION_NOMEM;
3045 * Process an inbound SHUTDOWN ACK.
3048 * Upon the receipt of the SHUTDOWN ACK, the SHUTDOWN sender shall
3049 * stop the T2-shutdown timer, send a SHUTDOWN COMPLETE chunk to its
3050 * peer, and remove all record of the association.
3052 * The return value is the disposition.
3054 sctp_disposition_t sctp_sf_do_9_2_final(const struct sctp_endpoint *ep,
3055 const struct sctp_association *asoc,
3056 const sctp_subtype_t type,
3058 sctp_cmd_seq_t *commands)
3060 struct sctp_chunk *chunk = arg;
3061 struct sctp_chunk *reply;
3062 struct sctp_ulpevent *ev;
3064 if (!sctp_vtag_verify(chunk, asoc))
3065 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3067 /* Make sure that the SHUTDOWN_ACK chunk has a valid length. */
3068 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
3069 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3071 /* 10.2 H) SHUTDOWN COMPLETE notification
3073 * When SCTP completes the shutdown procedures (section 9.2) this
3074 * notification is passed to the upper layer.
3076 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_SHUTDOWN_COMP,
3077 0, 0, 0, NULL, GFP_ATOMIC);
3081 /* ...send a SHUTDOWN COMPLETE chunk to its peer, */
3082 reply = sctp_make_shutdown_complete(asoc, chunk);
3086 /* Do all the commands now (after allocation), so that we
3087 * have consistent state if memory allocation failes
3089 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
3091 /* Upon the receipt of the SHUTDOWN ACK, the SHUTDOWN sender shall
3092 * stop the T2-shutdown timer,
3094 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3095 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
3097 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3098 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
3100 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
3101 SCTP_STATE(SCTP_STATE_CLOSED));
3102 SCTP_INC_STATS(SCTP_MIB_SHUTDOWNS);
3103 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
3104 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
3106 /* ...and remove all record of the association. */
3107 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
3108 return SCTP_DISPOSITION_DELETE_TCB;
3111 sctp_ulpevent_free(ev);
3113 return SCTP_DISPOSITION_NOMEM;
3117 * RFC 2960, 8.4 - Handle "Out of the blue" Packets, sctpimpguide 2.41.
3119 * 5) If the packet contains a SHUTDOWN ACK chunk, the receiver should
3120 * respond to the sender of the OOTB packet with a SHUTDOWN COMPLETE.
3121 * When sending the SHUTDOWN COMPLETE, the receiver of the OOTB
3122 * packet must fill in the Verification Tag field of the outbound
3123 * packet with the Verification Tag received in the SHUTDOWN ACK and
3124 * set the T-bit in the Chunk Flags to indicate that the Verification
3127 * 8) The receiver should respond to the sender of the OOTB packet with
3128 * an ABORT. When sending the ABORT, the receiver of the OOTB packet
3129 * MUST fill in the Verification Tag field of the outbound packet
3130 * with the value found in the Verification Tag field of the OOTB
3131 * packet and set the T-bit in the Chunk Flags to indicate that the
3132 * Verification Tag is reflected. After sending this ABORT, the
3133 * receiver of the OOTB packet shall discard the OOTB packet and take
3134 * no further action.
3136 sctp_disposition_t sctp_sf_ootb(const struct sctp_endpoint *ep,
3137 const struct sctp_association *asoc,
3138 const sctp_subtype_t type,
3140 sctp_cmd_seq_t *commands)
3142 struct sctp_chunk *chunk = arg;
3143 struct sk_buff *skb = chunk->skb;
3144 sctp_chunkhdr_t *ch;
3146 int ootb_shut_ack = 0;
3148 SCTP_INC_STATS(SCTP_MIB_OUTOFBLUES);
3150 ch = (sctp_chunkhdr_t *) chunk->chunk_hdr;
3152 /* Report violation if the chunk is less then minimal */
3153 if (ntohs(ch->length) < sizeof(sctp_chunkhdr_t))
3154 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3157 /* Now that we know we at least have a chunk header,
3158 * do things that are type appropriate.
3160 if (SCTP_CID_SHUTDOWN_ACK == ch->type)
3163 /* RFC 2960, Section 3.3.7
3164 * Moreover, under any circumstances, an endpoint that
3165 * receives an ABORT MUST NOT respond to that ABORT by
3166 * sending an ABORT of its own.
3168 if (SCTP_CID_ABORT == ch->type)
3169 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3171 /* Report violation if chunk len overflows */
3172 ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length));
3173 if (ch_end > skb_tail_pointer(skb))
3174 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3177 ch = (sctp_chunkhdr_t *) ch_end;
3178 } while (ch_end < skb_tail_pointer(skb));
3181 return sctp_sf_shut_8_4_5(ep, asoc, type, arg, commands);
3183 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
3187 * Handle an "Out of the blue" SHUTDOWN ACK.
3189 * Section: 8.4 5, sctpimpguide 2.41.
3191 * 5) If the packet contains a SHUTDOWN ACK chunk, the receiver should
3192 * respond to the sender of the OOTB packet with a SHUTDOWN COMPLETE.
3193 * When sending the SHUTDOWN COMPLETE, the receiver of the OOTB
3194 * packet must fill in the Verification Tag field of the outbound
3195 * packet with the Verification Tag received in the SHUTDOWN ACK and
3196 * set the T-bit in the Chunk Flags to indicate that the Verification
3200 * (endpoint, asoc, type, arg, commands)
3203 * (sctp_disposition_t)
3205 * The return value is the disposition of the chunk.
3207 static sctp_disposition_t sctp_sf_shut_8_4_5(const struct sctp_endpoint *ep,
3208 const struct sctp_association *asoc,
3209 const sctp_subtype_t type,
3211 sctp_cmd_seq_t *commands)
3213 struct sctp_packet *packet = NULL;
3214 struct sctp_chunk *chunk = arg;
3215 struct sctp_chunk *shut;
3217 packet = sctp_ootb_pkt_new(asoc, chunk);
3220 /* Make an SHUTDOWN_COMPLETE.
3221 * The T bit will be set if the asoc is NULL.
3223 shut = sctp_make_shutdown_complete(asoc, chunk);
3225 sctp_ootb_pkt_free(packet);
3226 return SCTP_DISPOSITION_NOMEM;
3229 /* Reflect vtag if T-Bit is set */
3230 if (sctp_test_T_bit(shut))
3231 packet->vtag = ntohl(chunk->sctp_hdr->vtag);
3233 /* Set the skb to the belonging sock for accounting. */
3234 shut->skb->sk = ep->base.sk;
3236 sctp_packet_append_chunk(packet, shut);
3238 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
3239 SCTP_PACKET(packet));
3241 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
3243 /* If the chunk length is invalid, we don't want to process
3244 * the reset of the packet.
3246 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
3247 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3249 /* We need to discard the rest of the packet to prevent
3250 * potential bomming attacks from additional bundled chunks.
3251 * This is documented in SCTP Threats ID.
3253 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3256 return SCTP_DISPOSITION_NOMEM;
3260 * Handle SHUTDOWN ACK in COOKIE_ECHOED or COOKIE_WAIT state.
3262 * Verification Tag: 8.5.1 E) Rules for packet carrying a SHUTDOWN ACK
3263 * If the receiver is in COOKIE-ECHOED or COOKIE-WAIT state the
3264 * procedures in section 8.4 SHOULD be followed, in other words it
3265 * should be treated as an Out Of The Blue packet.
3266 * [This means that we do NOT check the Verification Tag on these
3270 sctp_disposition_t sctp_sf_do_8_5_1_E_sa(const struct sctp_endpoint *ep,
3271 const struct sctp_association *asoc,
3272 const sctp_subtype_t type,
3274 sctp_cmd_seq_t *commands)
3276 struct sctp_chunk *chunk = arg;
3278 /* Make sure that the SHUTDOWN_ACK chunk has a valid length. */
3279 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
3280 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3283 /* Although we do have an association in this case, it corresponds
3284 * to a restarted association. So the packet is treated as an OOTB
3285 * packet and the state function that handles OOTB SHUTDOWN_ACK is
3286 * called with a NULL association.
3288 return sctp_sf_shut_8_4_5(ep, NULL, type, arg, commands);
3291 /* ADDIP Section 4.2 Upon reception of an ASCONF Chunk. */
3292 sctp_disposition_t sctp_sf_do_asconf(const struct sctp_endpoint *ep,
3293 const struct sctp_association *asoc,
3294 const sctp_subtype_t type, void *arg,
3295 sctp_cmd_seq_t *commands)
3297 struct sctp_chunk *chunk = arg;
3298 struct sctp_chunk *asconf_ack = NULL;
3299 sctp_addiphdr_t *hdr;
3302 if (!sctp_vtag_verify(chunk, asoc)) {
3303 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
3305 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3308 /* Make sure that the ASCONF ADDIP chunk has a valid length. */
3309 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_addip_chunk_t)))
3310 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3313 hdr = (sctp_addiphdr_t *)chunk->skb->data;
3314 serial = ntohl(hdr->serial);
3316 /* ADDIP 4.2 C1) Compare the value of the serial number to the value
3317 * the endpoint stored in a new association variable
3318 * 'Peer-Serial-Number'.
3320 if (serial == asoc->peer.addip_serial + 1) {
3321 /* ADDIP 4.2 C2) If the value found in the serial number is
3322 * equal to the ('Peer-Serial-Number' + 1), the endpoint MUST
3325 asconf_ack = sctp_process_asconf((struct sctp_association *)
3328 return SCTP_DISPOSITION_NOMEM;
3329 } else if (serial == asoc->peer.addip_serial) {
3330 /* ADDIP 4.2 C3) If the value found in the serial number is
3331 * equal to the value stored in the 'Peer-Serial-Number'
3332 * IMPLEMENTATION NOTE: As an optimization a receiver may wish
3333 * to save the last ASCONF-ACK for some predetermined period of
3334 * time and instead of re-processing the ASCONF (with the same
3335 * serial number) it may just re-transmit the ASCONF-ACK.
3337 if (asoc->addip_last_asconf_ack)
3338 asconf_ack = asoc->addip_last_asconf_ack;
3340 return SCTP_DISPOSITION_DISCARD;
3342 /* ADDIP 4.2 C4) Otherwise, the ASCONF Chunk is discarded since
3343 * it must be either a stale packet or from an attacker.
3345 return SCTP_DISPOSITION_DISCARD;
3348 /* ADDIP 4.2 C5) In both cases C2 and C3 the ASCONF-ACK MUST be sent
3349 * back to the source address contained in the IP header of the ASCONF
3350 * being responded to.
3352 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(asconf_ack));
3354 return SCTP_DISPOSITION_CONSUME;
3358 * ADDIP Section 4.3 General rules for address manipulation
3359 * When building TLV parameters for the ASCONF Chunk that will add or
3360 * delete IP addresses the D0 to D13 rules should be applied:
3362 sctp_disposition_t sctp_sf_do_asconf_ack(const struct sctp_endpoint *ep,
3363 const struct sctp_association *asoc,
3364 const sctp_subtype_t type, void *arg,
3365 sctp_cmd_seq_t *commands)
3367 struct sctp_chunk *asconf_ack = arg;
3368 struct sctp_chunk *last_asconf = asoc->addip_last_asconf;
3369 struct sctp_chunk *abort;
3370 sctp_addiphdr_t *addip_hdr;
3371 __u32 sent_serial, rcvd_serial;
3373 if (!sctp_vtag_verify(asconf_ack, asoc)) {
3374 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
3376 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3379 /* Make sure that the ADDIP chunk has a valid length. */
3380 if (!sctp_chunk_length_valid(asconf_ack, sizeof(sctp_addip_chunk_t)))
3381 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3384 addip_hdr = (sctp_addiphdr_t *)asconf_ack->skb->data;
3385 rcvd_serial = ntohl(addip_hdr->serial);
3388 addip_hdr = (sctp_addiphdr_t *)last_asconf->subh.addip_hdr;
3389 sent_serial = ntohl(addip_hdr->serial);
3391 sent_serial = asoc->addip_serial - 1;
3394 /* D0) If an endpoint receives an ASCONF-ACK that is greater than or
3395 * equal to the next serial number to be used but no ASCONF chunk is
3396 * outstanding the endpoint MUST ABORT the association. Note that a
3397 * sequence number is greater than if it is no more than 2^^31-1
3398 * larger than the current sequence number (using serial arithmetic).
3400 if (ADDIP_SERIAL_gte(rcvd_serial, sent_serial + 1) &&
3401 !(asoc->addip_last_asconf)) {
3402 abort = sctp_make_abort(asoc, asconf_ack,
3403 sizeof(sctp_errhdr_t));
3405 sctp_init_cause(abort, SCTP_ERROR_ASCONF_ACK, 0);
3406 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
3409 /* We are going to ABORT, so we might as well stop
3410 * processing the rest of the chunks in the packet.
3412 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3413 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
3414 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL());
3415 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
3416 SCTP_ERROR(ECONNABORTED));
3417 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
3418 SCTP_PERR(SCTP_ERROR_ASCONF_ACK));
3419 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
3420 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
3421 return SCTP_DISPOSITION_ABORT;
3424 if ((rcvd_serial == sent_serial) && asoc->addip_last_asconf) {
3425 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3426 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
3428 if (!sctp_process_asconf_ack((struct sctp_association *)asoc,
3430 return SCTP_DISPOSITION_CONSUME;
3432 abort = sctp_make_abort(asoc, asconf_ack,
3433 sizeof(sctp_errhdr_t));
3435 sctp_init_cause(abort, SCTP_ERROR_RSRC_LOW, 0);
3436 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
3439 /* We are going to ABORT, so we might as well stop
3440 * processing the rest of the chunks in the packet.
3442 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL());
3443 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
3444 SCTP_ERROR(ECONNABORTED));
3445 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
3446 SCTP_PERR(SCTP_ERROR_ASCONF_ACK));
3447 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
3448 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
3449 return SCTP_DISPOSITION_ABORT;
3452 return SCTP_DISPOSITION_DISCARD;
3456 * PR-SCTP Section 3.6 Receiver Side Implementation of PR-SCTP
3458 * When a FORWARD TSN chunk arrives, the data receiver MUST first update
3459 * its cumulative TSN point to the value carried in the FORWARD TSN
3460 * chunk, and then MUST further advance its cumulative TSN point locally
3462 * After the above processing, the data receiver MUST stop reporting any
3463 * missing TSNs earlier than or equal to the new cumulative TSN point.
3465 * Verification Tag: 8.5 Verification Tag [Normal verification]
3467 * The return value is the disposition of the chunk.
3469 sctp_disposition_t sctp_sf_eat_fwd_tsn(const struct sctp_endpoint *ep,
3470 const struct sctp_association *asoc,
3471 const sctp_subtype_t type,
3473 sctp_cmd_seq_t *commands)
3475 struct sctp_chunk *chunk = arg;
3476 struct sctp_fwdtsn_hdr *fwdtsn_hdr;
3480 if (!sctp_vtag_verify(chunk, asoc)) {
3481 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
3483 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3486 /* Make sure that the FORWARD_TSN chunk has valid length. */
3487 if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_fwdtsn_chunk)))
3488 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3491 fwdtsn_hdr = (struct sctp_fwdtsn_hdr *)chunk->skb->data;
3492 chunk->subh.fwdtsn_hdr = fwdtsn_hdr;
3493 len = ntohs(chunk->chunk_hdr->length);
3494 len -= sizeof(struct sctp_chunkhdr);
3495 skb_pull(chunk->skb, len);
3497 tsn = ntohl(fwdtsn_hdr->new_cum_tsn);
3498 SCTP_DEBUG_PRINTK("%s: TSN 0x%x.\n", __FUNCTION__, tsn);
3500 /* The TSN is too high--silently discard the chunk and count on it
3501 * getting retransmitted later.
3503 if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
3504 goto discard_noforce;
3506 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_FWDTSN, SCTP_U32(tsn));
3507 if (len > sizeof(struct sctp_fwdtsn_hdr))
3508 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_FWDTSN,
3511 /* Count this as receiving DATA. */
3512 if (asoc->autoclose) {
3513 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
3514 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
3517 /* FIXME: For now send a SACK, but DATA processing may
3520 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_NOFORCE());
3522 return SCTP_DISPOSITION_CONSUME;
3525 return SCTP_DISPOSITION_DISCARD;
3528 sctp_disposition_t sctp_sf_eat_fwd_tsn_fast(
3529 const struct sctp_endpoint *ep,
3530 const struct sctp_association *asoc,
3531 const sctp_subtype_t type,
3533 sctp_cmd_seq_t *commands)
3535 struct sctp_chunk *chunk = arg;
3536 struct sctp_fwdtsn_hdr *fwdtsn_hdr;
3540 if (!sctp_vtag_verify(chunk, asoc)) {
3541 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
3543 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3546 /* Make sure that the FORWARD_TSN chunk has a valid length. */
3547 if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_fwdtsn_chunk)))
3548 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3551 fwdtsn_hdr = (struct sctp_fwdtsn_hdr *)chunk->skb->data;
3552 chunk->subh.fwdtsn_hdr = fwdtsn_hdr;
3553 len = ntohs(chunk->chunk_hdr->length);
3554 len -= sizeof(struct sctp_chunkhdr);
3555 skb_pull(chunk->skb, len);
3557 tsn = ntohl(fwdtsn_hdr->new_cum_tsn);
3558 SCTP_DEBUG_PRINTK("%s: TSN 0x%x.\n", __FUNCTION__, tsn);
3560 /* The TSN is too high--silently discard the chunk and count on it
3561 * getting retransmitted later.
3563 if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
3566 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_FWDTSN, SCTP_U32(tsn));
3567 if (len > sizeof(struct sctp_fwdtsn_hdr))
3568 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_FWDTSN,
3571 /* Go a head and force a SACK, since we are shutting down. */
3573 /* Implementor's Guide.
3575 * While in SHUTDOWN-SENT state, the SHUTDOWN sender MUST immediately
3576 * respond to each received packet containing one or more DATA chunk(s)
3577 * with a SACK, a SHUTDOWN chunk, and restart the T2-shutdown timer
3579 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SHUTDOWN, SCTP_NULL());
3580 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
3581 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
3582 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
3584 return SCTP_DISPOSITION_CONSUME;
3588 * Process an unknown chunk.
3590 * Section: 3.2. Also, 2.1 in the implementor's guide.
3592 * Chunk Types are encoded such that the highest-order two bits specify
3593 * the action that must be taken if the processing endpoint does not
3594 * recognize the Chunk Type.
3596 * 00 - Stop processing this SCTP packet and discard it, do not process
3597 * any further chunks within it.
3599 * 01 - Stop processing this SCTP packet and discard it, do not process
3600 * any further chunks within it, and report the unrecognized
3601 * chunk in an 'Unrecognized Chunk Type'.
3603 * 10 - Skip this chunk and continue processing.
3605 * 11 - Skip this chunk and continue processing, but report in an ERROR
3606 * Chunk using the 'Unrecognized Chunk Type' cause of error.
3608 * The return value is the disposition of the chunk.
3610 sctp_disposition_t sctp_sf_unk_chunk(const struct sctp_endpoint *ep,
3611 const struct sctp_association *asoc,
3612 const sctp_subtype_t type,
3614 sctp_cmd_seq_t *commands)
3616 struct sctp_chunk *unk_chunk = arg;
3617 struct sctp_chunk *err_chunk;
3618 sctp_chunkhdr_t *hdr;
3620 SCTP_DEBUG_PRINTK("Processing the unknown chunk id %d.\n", type.chunk);
3622 if (!sctp_vtag_verify(unk_chunk, asoc))
3623 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3625 /* Make sure that the chunk has a valid length.
3626 * Since we don't know the chunk type, we use a general
3627 * chunkhdr structure to make a comparison.
3629 if (!sctp_chunk_length_valid(unk_chunk, sizeof(sctp_chunkhdr_t)))
3630 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3633 switch (type.chunk & SCTP_CID_ACTION_MASK) {
3634 case SCTP_CID_ACTION_DISCARD:
3635 /* Discard the packet. */
3636 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3638 case SCTP_CID_ACTION_DISCARD_ERR:
3639 /* Discard the packet. */
3640 sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3642 /* Generate an ERROR chunk as response. */
3643 hdr = unk_chunk->chunk_hdr;
3644 err_chunk = sctp_make_op_error(asoc, unk_chunk,
3645 SCTP_ERROR_UNKNOWN_CHUNK, hdr,
3646 WORD_ROUND(ntohs(hdr->length)));
3648 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
3649 SCTP_CHUNK(err_chunk));
3651 return SCTP_DISPOSITION_CONSUME;
3653 case SCTP_CID_ACTION_SKIP:
3654 /* Skip the chunk. */
3655 return SCTP_DISPOSITION_DISCARD;
3657 case SCTP_CID_ACTION_SKIP_ERR:
3658 /* Generate an ERROR chunk as response. */
3659 hdr = unk_chunk->chunk_hdr;
3660 err_chunk = sctp_make_op_error(asoc, unk_chunk,
3661 SCTP_ERROR_UNKNOWN_CHUNK, hdr,
3662 WORD_ROUND(ntohs(hdr->length)));
3664 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
3665 SCTP_CHUNK(err_chunk));
3667 /* Skip the chunk. */
3668 return SCTP_DISPOSITION_CONSUME;
3674 return SCTP_DISPOSITION_DISCARD;
3678 * Discard the chunk.
3680 * Section: 0.2, 5.2.3, 5.2.5, 5.2.6, 6.0, 8.4.6, 8.5.1c, 9.2
3681 * [Too numerous to mention...]
3682 * Verification Tag: No verification needed.
3684 * (endpoint, asoc, chunk)
3687 * (asoc, reply_msg, msg_up, timers, counters)
3689 * The return value is the disposition of the chunk.
3691 sctp_disposition_t sctp_sf_discard_chunk(const struct sctp_endpoint *ep,
3692 const struct sctp_association *asoc,
3693 const sctp_subtype_t type,
3695 sctp_cmd_seq_t *commands)
3697 struct sctp_chunk *chunk = arg;
3699 /* Make sure that the chunk has a valid length.
3700 * Since we don't know the chunk type, we use a general
3701 * chunkhdr structure to make a comparison.
3703 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
3704 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3707 SCTP_DEBUG_PRINTK("Chunk %d is discarded\n", type.chunk);
3708 return SCTP_DISPOSITION_DISCARD;
3712 * Discard the whole packet.
3716 * 2) If the OOTB packet contains an ABORT chunk, the receiver MUST
3717 * silently discard the OOTB packet and take no further action.
3719 * Verification Tag: No verification necessary
3722 * (endpoint, asoc, chunk)
3725 * (asoc, reply_msg, msg_up, timers, counters)
3727 * The return value is the disposition of the chunk.
3729 sctp_disposition_t sctp_sf_pdiscard(const struct sctp_endpoint *ep,
3730 const struct sctp_association *asoc,
3731 const sctp_subtype_t type,
3733 sctp_cmd_seq_t *commands)
3735 SCTP_INC_STATS(SCTP_MIB_IN_PKT_DISCARDS);
3736 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET, SCTP_NULL());
3738 return SCTP_DISPOSITION_CONSUME;
3743 * The other end is violating protocol.
3745 * Section: Not specified
3746 * Verification Tag: Not specified
3748 * (endpoint, asoc, chunk)
3751 * (asoc, reply_msg, msg_up, timers, counters)
3753 * We simply tag the chunk as a violation. The state machine will log
3754 * the violation and continue.
3756 sctp_disposition_t sctp_sf_violation(const struct sctp_endpoint *ep,
3757 const struct sctp_association *asoc,
3758 const sctp_subtype_t type,
3760 sctp_cmd_seq_t *commands)
3762 struct sctp_chunk *chunk = arg;
3764 /* Make sure that the chunk has a valid length. */
3765 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
3766 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3769 return SCTP_DISPOSITION_VIOLATION;
3773 * Common function to handle a protocol violation.
3775 static sctp_disposition_t sctp_sf_abort_violation(
3776 const struct sctp_endpoint *ep,
3777 const struct sctp_association *asoc,
3779 sctp_cmd_seq_t *commands,
3780 const __u8 *payload,
3781 const size_t paylen)
3783 struct sctp_packet *packet = NULL;
3784 struct sctp_chunk *chunk = arg;
3785 struct sctp_chunk *abort = NULL;
3787 /* Make the abort chunk. */
3788 abort = sctp_make_abort_violation(asoc, chunk, payload, paylen);
3793 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
3794 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
3796 if (asoc->state <= SCTP_STATE_COOKIE_ECHOED) {
3797 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3798 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
3799 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
3800 SCTP_ERROR(ECONNREFUSED));
3801 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
3802 SCTP_PERR(SCTP_ERROR_PROTO_VIOLATION));
3804 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
3805 SCTP_ERROR(ECONNABORTED));
3806 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
3807 SCTP_PERR(SCTP_ERROR_PROTO_VIOLATION));
3808 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
3811 packet = sctp_ootb_pkt_new(asoc, chunk);
3816 if (sctp_test_T_bit(abort))
3817 packet->vtag = ntohl(chunk->sctp_hdr->vtag);
3819 abort->skb->sk = ep->base.sk;
3821 sctp_packet_append_chunk(packet, abort);
3823 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
3824 SCTP_PACKET(packet));
3826 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
3829 sctp_sf_pdiscard(ep, asoc, SCTP_ST_CHUNK(0), arg, commands);
3831 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
3833 return SCTP_DISPOSITION_ABORT;
3836 sctp_chunk_free(abort);
3838 return SCTP_DISPOSITION_NOMEM;
3842 * Handle a protocol violation when the chunk length is invalid.
3843 * "Invalid" length is identified as smaller then the minimal length a
3844 * given chunk can be. For example, a SACK chunk has invalid length
3845 * if it's length is set to be smaller then the size of sctp_sack_chunk_t.
3847 * We inform the other end by sending an ABORT with a Protocol Violation
3850 * Section: Not specified
3851 * Verification Tag: Nothing to do
3853 * (endpoint, asoc, chunk)
3856 * (reply_msg, msg_up, counters)
3858 * Generate an ABORT chunk and terminate the association.
3860 static sctp_disposition_t sctp_sf_violation_chunklen(
3861 const struct sctp_endpoint *ep,
3862 const struct sctp_association *asoc,
3863 const sctp_subtype_t type,
3865 sctp_cmd_seq_t *commands)
3867 char err_str[]="The following chunk had invalid length:";
3869 return sctp_sf_abort_violation(ep, asoc, arg, commands, err_str,
3873 /* Handle a protocol violation when the peer trying to advance the
3874 * cumulative tsn ack to a point beyond the max tsn currently sent.
3876 * We inform the other end by sending an ABORT with a Protocol Violation
3879 static sctp_disposition_t sctp_sf_violation_ctsn(
3880 const struct sctp_endpoint *ep,
3881 const struct sctp_association *asoc,
3882 const sctp_subtype_t type,
3884 sctp_cmd_seq_t *commands)
3886 char err_str[]="The cumulative tsn ack beyond the max tsn currently sent:";
3888 return sctp_sf_abort_violation(ep, asoc, arg, commands, err_str,
3892 /* Handle protocol violation of an invalid chunk bundling. For example,
3893 * when we have an association and we recieve bundled INIT-ACK, or
3894 * SHUDOWN-COMPLETE, our peer is clearly violationg the "MUST NOT bundle"
3895 * statement from the specs. Additinally, there might be an attacker
3896 * on the path and we may not want to continue this communication.
3898 static sctp_disposition_t sctp_sf_violation_chunk(
3899 const struct sctp_endpoint *ep,
3900 const struct sctp_association *asoc,
3901 const sctp_subtype_t type,
3903 sctp_cmd_seq_t *commands)
3905 char err_str[]="The following chunk violates protocol:";
3908 return sctp_sf_violation(ep, asoc, type, arg, commands);
3910 return sctp_sf_abort_violation(ep, asoc, arg, commands, err_str,
3913 /***************************************************************************
3914 * These are the state functions for handling primitive (Section 10) events.
3915 ***************************************************************************/
3917 * sctp_sf_do_prm_asoc
3919 * Section: 10.1 ULP-to-SCTP
3922 * Format: ASSOCIATE(local SCTP instance name, destination transport addr,
3923 * outbound stream count)
3924 * -> association id [,destination transport addr list] [,outbound stream
3927 * This primitive allows the upper layer to initiate an association to a
3928 * specific peer endpoint.
3930 * The peer endpoint shall be specified by one of the transport addresses
3931 * which defines the endpoint (see Section 1.4). If the local SCTP
3932 * instance has not been initialized, the ASSOCIATE is considered an
3934 * [This is not relevant for the kernel implementation since we do all
3935 * initialization at boot time. It we hadn't initialized we wouldn't
3936 * get anywhere near this code.]
3938 * An association id, which is a local handle to the SCTP association,
3939 * will be returned on successful establishment of the association. If
3940 * SCTP is not able to open an SCTP association with the peer endpoint,
3941 * an error is returned.
3942 * [In the kernel implementation, the struct sctp_association needs to
3943 * be created BEFORE causing this primitive to run.]
3945 * Other association parameters may be returned, including the
3946 * complete destination transport addresses of the peer as well as the
3947 * outbound stream count of the local endpoint. One of the transport
3948 * address from the returned destination addresses will be selected by
3949 * the local endpoint as default primary path for sending SCTP packets
3950 * to this peer. The returned "destination transport addr list" can
3951 * be used by the ULP to change the default primary path or to force
3952 * sending a packet to a specific transport address. [All of this
3953 * stuff happens when the INIT ACK arrives. This is a NON-BLOCKING
3956 * Mandatory attributes:
3958 * o local SCTP instance name - obtained from the INITIALIZE operation.
3959 * [This is the argument asoc.]
3960 * o destination transport addr - specified as one of the transport
3961 * addresses of the peer endpoint with which the association is to be
3963 * [This is asoc->peer.active_path.]
3964 * o outbound stream count - the number of outbound streams the ULP
3965 * would like to open towards this peer endpoint.
3966 * [BUG: This is not currently implemented.]
3967 * Optional attributes:
3971 * The return value is a disposition.
3973 sctp_disposition_t sctp_sf_do_prm_asoc(const struct sctp_endpoint *ep,
3974 const struct sctp_association *asoc,
3975 const sctp_subtype_t type,
3977 sctp_cmd_seq_t *commands)
3979 struct sctp_chunk *repl;
3981 /* The comment below says that we enter COOKIE-WAIT AFTER
3982 * sending the INIT, but that doesn't actually work in our
3985 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
3986 SCTP_STATE(SCTP_STATE_COOKIE_WAIT));
3988 /* RFC 2960 5.1 Normal Establishment of an Association
3990 * A) "A" first sends an INIT chunk to "Z". In the INIT, "A"
3991 * must provide its Verification Tag (Tag_A) in the Initiate
3992 * Tag field. Tag_A SHOULD be a random number in the range of
3993 * 1 to 4294967295 (see 5.3.1 for Tag value selection). ...
3996 repl = sctp_make_init(asoc, &asoc->base.bind_addr, GFP_ATOMIC, 0);
4000 /* Cast away the const modifier, as we want to just
4001 * rerun it through as a sideffect.
4003 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC,
4004 SCTP_ASOC((struct sctp_association *) asoc));
4006 /* Choose transport for INIT. */
4007 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_CHOOSE_TRANSPORT,
4010 /* After sending the INIT, "A" starts the T1-init timer and
4011 * enters the COOKIE-WAIT state.
4013 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
4014 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
4015 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
4016 return SCTP_DISPOSITION_CONSUME;
4019 return SCTP_DISPOSITION_NOMEM;
4023 * Process the SEND primitive.
4025 * Section: 10.1 ULP-to-SCTP
4028 * Format: SEND(association id, buffer address, byte count [,context]
4029 * [,stream id] [,life time] [,destination transport address]
4030 * [,unorder flag] [,no-bundle flag] [,payload protocol-id] )
4033 * This is the main method to send user data via SCTP.
4035 * Mandatory attributes:
4037 * o association id - local handle to the SCTP association
4039 * o buffer address - the location where the user message to be
4040 * transmitted is stored;
4042 * o byte count - The size of the user data in number of bytes;
4044 * Optional attributes:
4046 * o context - an optional 32 bit integer that will be carried in the
4047 * sending failure notification to the ULP if the transportation of
4048 * this User Message fails.
4050 * o stream id - to indicate which stream to send the data on. If not
4051 * specified, stream 0 will be used.
4053 * o life time - specifies the life time of the user data. The user data
4054 * will not be sent by SCTP after the life time expires. This
4055 * parameter can be used to avoid efforts to transmit stale
4056 * user messages. SCTP notifies the ULP if the data cannot be
4057 * initiated to transport (i.e. sent to the destination via SCTP's
4058 * send primitive) within the life time variable. However, the
4059 * user data will be transmitted if SCTP has attempted to transmit a
4060 * chunk before the life time expired.
4062 * o destination transport address - specified as one of the destination
4063 * transport addresses of the peer endpoint to which this packet
4064 * should be sent. Whenever possible, SCTP should use this destination
4065 * transport address for sending the packets, instead of the current
4068 * o unorder flag - this flag, if present, indicates that the user
4069 * would like the data delivered in an unordered fashion to the peer
4070 * (i.e., the U flag is set to 1 on all DATA chunks carrying this
4073 * o no-bundle flag - instructs SCTP not to bundle this user data with
4074 * other outbound DATA chunks. SCTP MAY still bundle even when
4075 * this flag is present, when faced with network congestion.
4077 * o payload protocol-id - A 32 bit unsigned integer that is to be
4078 * passed to the peer indicating the type of payload protocol data
4079 * being transmitted. This value is passed as opaque data by SCTP.
4081 * The return value is the disposition.
4083 sctp_disposition_t sctp_sf_do_prm_send(const struct sctp_endpoint *ep,
4084 const struct sctp_association *asoc,
4085 const sctp_subtype_t type,
4087 sctp_cmd_seq_t *commands)
4089 struct sctp_chunk *chunk = arg;
4091 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(chunk));
4092 return SCTP_DISPOSITION_CONSUME;
4096 * Process the SHUTDOWN primitive.
4101 * Format: SHUTDOWN(association id)
4104 * Gracefully closes an association. Any locally queued user data
4105 * will be delivered to the peer. The association will be terminated only
4106 * after the peer acknowledges all the SCTP packets sent. A success code
4107 * will be returned on successful termination of the association. If
4108 * attempting to terminate the association results in a failure, an error
4109 * code shall be returned.
4111 * Mandatory attributes:
4113 * o association id - local handle to the SCTP association
4115 * Optional attributes:
4119 * The return value is the disposition.
4121 sctp_disposition_t sctp_sf_do_9_2_prm_shutdown(
4122 const struct sctp_endpoint *ep,
4123 const struct sctp_association *asoc,
4124 const sctp_subtype_t type,
4126 sctp_cmd_seq_t *commands)
4130 /* From 9.2 Shutdown of an Association
4131 * Upon receipt of the SHUTDOWN primitive from its upper
4132 * layer, the endpoint enters SHUTDOWN-PENDING state and
4133 * remains there until all outstanding data has been
4134 * acknowledged by its peer. The endpoint accepts no new data
4135 * from its upper layer, but retransmits data to the far end
4136 * if necessary to fill gaps.
4138 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4139 SCTP_STATE(SCTP_STATE_SHUTDOWN_PENDING));
4141 /* sctpimpguide-05 Section 2.12.2
4142 * The sender of the SHUTDOWN MAY also start an overall guard timer
4143 * 'T5-shutdown-guard' to bound the overall time for shutdown sequence.
4145 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
4146 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
4148 disposition = SCTP_DISPOSITION_CONSUME;
4149 if (sctp_outq_is_empty(&asoc->outqueue)) {
4150 disposition = sctp_sf_do_9_2_start_shutdown(ep, asoc, type,
4157 * Process the ABORT primitive.
4162 * Format: Abort(association id [, cause code])
4165 * Ungracefully closes an association. Any locally queued user data
4166 * will be discarded and an ABORT chunk is sent to the peer. A success code
4167 * will be returned on successful abortion of the association. If
4168 * attempting to abort the association results in a failure, an error
4169 * code shall be returned.
4171 * Mandatory attributes:
4173 * o association id - local handle to the SCTP association
4175 * Optional attributes:
4177 * o cause code - reason of the abort to be passed to the peer
4181 * The return value is the disposition.
4183 sctp_disposition_t sctp_sf_do_9_1_prm_abort(
4184 const struct sctp_endpoint *ep,
4185 const struct sctp_association *asoc,
4186 const sctp_subtype_t type,
4188 sctp_cmd_seq_t *commands)
4190 /* From 9.1 Abort of an Association
4191 * Upon receipt of the ABORT primitive from its upper
4192 * layer, the endpoint enters CLOSED state and
4193 * discard all outstanding data has been
4194 * acknowledged by its peer. The endpoint accepts no new data
4195 * from its upper layer, but retransmits data to the far end
4196 * if necessary to fill gaps.
4198 struct sctp_chunk *abort = arg;
4199 sctp_disposition_t retval;
4201 retval = SCTP_DISPOSITION_CONSUME;
4203 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
4205 /* Even if we can't send the ABORT due to low memory delete the
4206 * TCB. This is a departure from our typical NOMEM handling.
4209 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
4210 SCTP_ERROR(ECONNABORTED));
4211 /* Delete the established association. */
4212 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4213 SCTP_PERR(SCTP_ERROR_USER_ABORT));
4215 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
4216 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
4221 /* We tried an illegal operation on an association which is closed. */
4222 sctp_disposition_t sctp_sf_error_closed(const struct sctp_endpoint *ep,
4223 const struct sctp_association *asoc,
4224 const sctp_subtype_t type,
4226 sctp_cmd_seq_t *commands)
4228 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_ERROR, SCTP_ERROR(-EINVAL));
4229 return SCTP_DISPOSITION_CONSUME;
4232 /* We tried an illegal operation on an association which is shutting
4235 sctp_disposition_t sctp_sf_error_shutdown(const struct sctp_endpoint *ep,
4236 const struct sctp_association *asoc,
4237 const sctp_subtype_t type,
4239 sctp_cmd_seq_t *commands)
4241 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_ERROR,
4242 SCTP_ERROR(-ESHUTDOWN));
4243 return SCTP_DISPOSITION_CONSUME;
4247 * sctp_cookie_wait_prm_shutdown
4249 * Section: 4 Note: 2
4254 * The RFC does not explicitly address this issue, but is the route through the
4255 * state table when someone issues a shutdown while in COOKIE_WAIT state.
4260 sctp_disposition_t sctp_sf_cookie_wait_prm_shutdown(
4261 const struct sctp_endpoint *ep,
4262 const struct sctp_association *asoc,
4263 const sctp_subtype_t type,
4265 sctp_cmd_seq_t *commands)
4267 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4268 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
4270 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4271 SCTP_STATE(SCTP_STATE_CLOSED));
4273 SCTP_INC_STATS(SCTP_MIB_SHUTDOWNS);
4275 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
4277 return SCTP_DISPOSITION_DELETE_TCB;
4281 * sctp_cookie_echoed_prm_shutdown
4283 * Section: 4 Note: 2
4288 * The RFC does not explcitly address this issue, but is the route through the
4289 * state table when someone issues a shutdown while in COOKIE_ECHOED state.
4294 sctp_disposition_t sctp_sf_cookie_echoed_prm_shutdown(
4295 const struct sctp_endpoint *ep,
4296 const struct sctp_association *asoc,
4297 const sctp_subtype_t type,
4298 void *arg, sctp_cmd_seq_t *commands)
4300 /* There is a single T1 timer, so we should be able to use
4301 * common function with the COOKIE-WAIT state.
4303 return sctp_sf_cookie_wait_prm_shutdown(ep, asoc, type, arg, commands);
4307 * sctp_sf_cookie_wait_prm_abort
4309 * Section: 4 Note: 2
4314 * The RFC does not explicitly address this issue, but is the route through the
4315 * state table when someone issues an abort while in COOKIE_WAIT state.
4320 sctp_disposition_t sctp_sf_cookie_wait_prm_abort(
4321 const struct sctp_endpoint *ep,
4322 const struct sctp_association *asoc,
4323 const sctp_subtype_t type,
4325 sctp_cmd_seq_t *commands)
4327 struct sctp_chunk *abort = arg;
4328 sctp_disposition_t retval;
4330 /* Stop T1-init timer */
4331 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4332 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
4333 retval = SCTP_DISPOSITION_CONSUME;
4335 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
4337 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4338 SCTP_STATE(SCTP_STATE_CLOSED));
4340 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
4342 /* Even if we can't send the ABORT due to low memory delete the
4343 * TCB. This is a departure from our typical NOMEM handling.
4346 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
4347 SCTP_ERROR(ECONNREFUSED));
4348 /* Delete the established association. */
4349 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
4350 SCTP_PERR(SCTP_ERROR_USER_ABORT));
4356 * sctp_sf_cookie_echoed_prm_abort
4358 * Section: 4 Note: 3
4363 * The RFC does not explcitly address this issue, but is the route through the
4364 * state table when someone issues an abort while in COOKIE_ECHOED state.
4369 sctp_disposition_t sctp_sf_cookie_echoed_prm_abort(
4370 const struct sctp_endpoint *ep,
4371 const struct sctp_association *asoc,
4372 const sctp_subtype_t type,
4374 sctp_cmd_seq_t *commands)
4376 /* There is a single T1 timer, so we should be able to use
4377 * common function with the COOKIE-WAIT state.
4379 return sctp_sf_cookie_wait_prm_abort(ep, asoc, type, arg, commands);
4383 * sctp_sf_shutdown_pending_prm_abort
4388 * The RFC does not explicitly address this issue, but is the route through the
4389 * state table when someone issues an abort while in SHUTDOWN-PENDING state.
4394 sctp_disposition_t sctp_sf_shutdown_pending_prm_abort(
4395 const struct sctp_endpoint *ep,
4396 const struct sctp_association *asoc,
4397 const sctp_subtype_t type,
4399 sctp_cmd_seq_t *commands)
4401 /* Stop the T5-shutdown guard timer. */
4402 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4403 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
4405 return sctp_sf_do_9_1_prm_abort(ep, asoc, type, arg, commands);
4409 * sctp_sf_shutdown_sent_prm_abort
4414 * The RFC does not explicitly address this issue, but is the route through the
4415 * state table when someone issues an abort while in SHUTDOWN-SENT state.
4420 sctp_disposition_t sctp_sf_shutdown_sent_prm_abort(
4421 const struct sctp_endpoint *ep,
4422 const struct sctp_association *asoc,
4423 const sctp_subtype_t type,
4425 sctp_cmd_seq_t *commands)
4427 /* Stop the T2-shutdown timer. */
4428 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4429 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
4431 /* Stop the T5-shutdown guard timer. */
4432 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4433 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
4435 return sctp_sf_do_9_1_prm_abort(ep, asoc, type, arg, commands);
4439 * sctp_sf_cookie_echoed_prm_abort
4444 * The RFC does not explcitly address this issue, but is the route through the
4445 * state table when someone issues an abort while in COOKIE_ECHOED state.
4450 sctp_disposition_t sctp_sf_shutdown_ack_sent_prm_abort(
4451 const struct sctp_endpoint *ep,
4452 const struct sctp_association *asoc,
4453 const sctp_subtype_t type,
4455 sctp_cmd_seq_t *commands)
4457 /* The same T2 timer, so we should be able to use
4458 * common function with the SHUTDOWN-SENT state.
4460 return sctp_sf_shutdown_sent_prm_abort(ep, asoc, type, arg, commands);
4464 * Process the REQUESTHEARTBEAT primitive
4467 * J) Request Heartbeat
4469 * Format: REQUESTHEARTBEAT(association id, destination transport address)
4473 * Instructs the local endpoint to perform a HeartBeat on the specified
4474 * destination transport address of the given association. The returned
4475 * result should indicate whether the transmission of the HEARTBEAT
4476 * chunk to the destination address is successful.
4478 * Mandatory attributes:
4480 * o association id - local handle to the SCTP association
4482 * o destination transport address - the transport address of the
4483 * association on which a heartbeat should be issued.
4485 sctp_disposition_t sctp_sf_do_prm_requestheartbeat(
4486 const struct sctp_endpoint *ep,
4487 const struct sctp_association *asoc,
4488 const sctp_subtype_t type,
4490 sctp_cmd_seq_t *commands)
4492 if (SCTP_DISPOSITION_NOMEM == sctp_sf_heartbeat(ep, asoc, type,
4493 (struct sctp_transport *)arg, commands))
4494 return SCTP_DISPOSITION_NOMEM;
4497 * RFC 2960 (bis), section 8.3
4499 * D) Request an on-demand HEARTBEAT on a specific destination
4500 * transport address of a given association.
4502 * The endpoint should increment the respective error counter of
4503 * the destination transport address each time a HEARTBEAT is sent
4504 * to that address and not acknowledged within one RTO.
4507 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSPORT_RESET,
4508 SCTP_TRANSPORT(arg));
4509 return SCTP_DISPOSITION_CONSUME;
4513 * ADDIP Section 4.1 ASCONF Chunk Procedures
4514 * When an endpoint has an ASCONF signaled change to be sent to the
4515 * remote endpoint it should do A1 to A9
4517 sctp_disposition_t sctp_sf_do_prm_asconf(const struct sctp_endpoint *ep,
4518 const struct sctp_association *asoc,
4519 const sctp_subtype_t type,
4521 sctp_cmd_seq_t *commands)
4523 struct sctp_chunk *chunk = arg;
4525 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T4, SCTP_CHUNK(chunk));
4526 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
4527 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
4528 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(chunk));
4529 return SCTP_DISPOSITION_CONSUME;
4533 * Ignore the primitive event
4535 * The return value is the disposition of the primitive.
4537 sctp_disposition_t sctp_sf_ignore_primitive(
4538 const struct sctp_endpoint *ep,
4539 const struct sctp_association *asoc,
4540 const sctp_subtype_t type,
4542 sctp_cmd_seq_t *commands)
4544 SCTP_DEBUG_PRINTK("Primitive type %d is ignored.\n", type.primitive);
4545 return SCTP_DISPOSITION_DISCARD;
4548 /***************************************************************************
4549 * These are the state functions for the OTHER events.
4550 ***************************************************************************/
4553 * Start the shutdown negotiation.
4556 * Once all its outstanding data has been acknowledged, the endpoint
4557 * shall send a SHUTDOWN chunk to its peer including in the Cumulative
4558 * TSN Ack field the last sequential TSN it has received from the peer.
4559 * It shall then start the T2-shutdown timer and enter the SHUTDOWN-SENT
4560 * state. If the timer expires, the endpoint must re-send the SHUTDOWN
4561 * with the updated last sequential TSN received from its peer.
4563 * The return value is the disposition.
4565 sctp_disposition_t sctp_sf_do_9_2_start_shutdown(
4566 const struct sctp_endpoint *ep,
4567 const struct sctp_association *asoc,
4568 const sctp_subtype_t type,
4570 sctp_cmd_seq_t *commands)
4572 struct sctp_chunk *reply;
4574 /* Once all its outstanding data has been acknowledged, the
4575 * endpoint shall send a SHUTDOWN chunk to its peer including
4576 * in the Cumulative TSN Ack field the last sequential TSN it
4577 * has received from the peer.
4579 reply = sctp_make_shutdown(asoc, NULL);
4583 /* Set the transport for the SHUTDOWN chunk and the timeout for the
4584 * T2-shutdown timer.
4586 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
4588 /* It shall then start the T2-shutdown timer */
4589 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
4590 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
4592 if (asoc->autoclose)
4593 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4594 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
4596 /* and enter the SHUTDOWN-SENT state. */
4597 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4598 SCTP_STATE(SCTP_STATE_SHUTDOWN_SENT));
4600 /* sctp-implguide 2.10 Issues with Heartbeating and failover
4602 * HEARTBEAT ... is discontinued after sending either SHUTDOWN
4605 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_STOP, SCTP_NULL());
4607 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
4609 return SCTP_DISPOSITION_CONSUME;
4612 return SCTP_DISPOSITION_NOMEM;
4616 * Generate a SHUTDOWN ACK now that everything is SACK'd.
4620 * If it has no more outstanding DATA chunks, the SHUTDOWN receiver
4621 * shall send a SHUTDOWN ACK and start a T2-shutdown timer of its own,
4622 * entering the SHUTDOWN-ACK-SENT state. If the timer expires, the
4623 * endpoint must re-send the SHUTDOWN ACK.
4625 * The return value is the disposition.
4627 sctp_disposition_t sctp_sf_do_9_2_shutdown_ack(
4628 const struct sctp_endpoint *ep,
4629 const struct sctp_association *asoc,
4630 const sctp_subtype_t type,
4632 sctp_cmd_seq_t *commands)
4634 struct sctp_chunk *chunk = (struct sctp_chunk *) arg;
4635 struct sctp_chunk *reply;
4637 /* There are 2 ways of getting here:
4638 * 1) called in response to a SHUTDOWN chunk
4639 * 2) called when SCTP_EVENT_NO_PENDING_TSN event is issued.
4641 * For the case (2), the arg parameter is set to NULL. We need
4642 * to check that we have a chunk before accessing it's fields.
4645 if (!sctp_vtag_verify(chunk, asoc))
4646 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
4648 /* Make sure that the SHUTDOWN chunk has a valid length. */
4649 if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_shutdown_chunk_t)))
4650 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
4654 /* If it has no more outstanding DATA chunks, the SHUTDOWN receiver
4655 * shall send a SHUTDOWN ACK ...
4657 reply = sctp_make_shutdown_ack(asoc, chunk);
4661 /* Set the transport for the SHUTDOWN ACK chunk and the timeout for
4662 * the T2-shutdown timer.
4664 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
4666 /* and start/restart a T2-shutdown timer of its own, */
4667 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
4668 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
4670 if (asoc->autoclose)
4671 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4672 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
4674 /* Enter the SHUTDOWN-ACK-SENT state. */
4675 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4676 SCTP_STATE(SCTP_STATE_SHUTDOWN_ACK_SENT));
4678 /* sctp-implguide 2.10 Issues with Heartbeating and failover
4680 * HEARTBEAT ... is discontinued after sending either SHUTDOWN
4683 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_STOP, SCTP_NULL());
4685 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
4687 return SCTP_DISPOSITION_CONSUME;
4690 return SCTP_DISPOSITION_NOMEM;
4694 * Ignore the event defined as other
4696 * The return value is the disposition of the event.
4698 sctp_disposition_t sctp_sf_ignore_other(const struct sctp_endpoint *ep,
4699 const struct sctp_association *asoc,
4700 const sctp_subtype_t type,
4702 sctp_cmd_seq_t *commands)
4704 SCTP_DEBUG_PRINTK("The event other type %d is ignored\n", type.other);
4705 return SCTP_DISPOSITION_DISCARD;
4708 /************************************************************
4709 * These are the state functions for handling timeout events.
4710 ************************************************************/
4715 * Section: 6.3.3 Handle T3-rtx Expiration
4717 * Whenever the retransmission timer T3-rtx expires for a destination
4718 * address, do the following:
4721 * The return value is the disposition of the chunk.
4723 sctp_disposition_t sctp_sf_do_6_3_3_rtx(const struct sctp_endpoint *ep,
4724 const struct sctp_association *asoc,
4725 const sctp_subtype_t type,
4727 sctp_cmd_seq_t *commands)
4729 struct sctp_transport *transport = arg;
4731 SCTP_INC_STATS(SCTP_MIB_T3_RTX_EXPIREDS);
4733 if (asoc->overall_error_count >= asoc->max_retrans) {
4734 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
4735 SCTP_ERROR(ETIMEDOUT));
4736 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
4737 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4738 SCTP_PERR(SCTP_ERROR_NO_ERROR));
4739 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
4740 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
4741 return SCTP_DISPOSITION_DELETE_TCB;
4744 /* E1) For the destination address for which the timer
4745 * expires, adjust its ssthresh with rules defined in Section
4746 * 7.2.3 and set the cwnd <- MTU.
4749 /* E2) For the destination address for which the timer
4750 * expires, set RTO <- RTO * 2 ("back off the timer"). The
4751 * maximum value discussed in rule C7 above (RTO.max) may be
4752 * used to provide an upper bound to this doubling operation.
4755 /* E3) Determine how many of the earliest (i.e., lowest TSN)
4756 * outstanding DATA chunks for the address for which the
4757 * T3-rtx has expired will fit into a single packet, subject
4758 * to the MTU constraint for the path corresponding to the
4759 * destination transport address to which the retransmission
4760 * is being sent (this may be different from the address for
4761 * which the timer expires [see Section 6.4]). Call this
4762 * value K. Bundle and retransmit those K DATA chunks in a
4763 * single packet to the destination endpoint.
4765 * Note: Any DATA chunks that were sent to the address for
4766 * which the T3-rtx timer expired but did not fit in one MTU
4767 * (rule E3 above), should be marked for retransmission and
4768 * sent as soon as cwnd allows (normally when a SACK arrives).
4771 /* Do some failure management (Section 8.2). */
4772 sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE, SCTP_TRANSPORT(transport));
4774 /* NB: Rules E4 and F1 are implicit in R1. */
4775 sctp_add_cmd_sf(commands, SCTP_CMD_RETRAN, SCTP_TRANSPORT(transport));
4777 return SCTP_DISPOSITION_CONSUME;
4781 * Generate delayed SACK on timeout
4783 * Section: 6.2 Acknowledgement on Reception of DATA Chunks
4785 * The guidelines on delayed acknowledgement algorithm specified in
4786 * Section 4.2 of [RFC2581] SHOULD be followed. Specifically, an
4787 * acknowledgement SHOULD be generated for at least every second packet
4788 * (not every second DATA chunk) received, and SHOULD be generated
4789 * within 200 ms of the arrival of any unacknowledged DATA chunk. In
4790 * some situations it may be beneficial for an SCTP transmitter to be
4791 * more conservative than the algorithms detailed in this document
4792 * allow. However, an SCTP transmitter MUST NOT be more aggressive than
4793 * the following algorithms allow.
4795 sctp_disposition_t sctp_sf_do_6_2_sack(const struct sctp_endpoint *ep,
4796 const struct sctp_association *asoc,
4797 const sctp_subtype_t type,
4799 sctp_cmd_seq_t *commands)
4801 SCTP_INC_STATS(SCTP_MIB_DELAY_SACK_EXPIREDS);
4802 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
4803 return SCTP_DISPOSITION_CONSUME;
4807 * sctp_sf_t1_init_timer_expire
4809 * Section: 4 Note: 2
4814 * RFC 2960 Section 4 Notes
4815 * 2) If the T1-init timer expires, the endpoint MUST retransmit INIT
4816 * and re-start the T1-init timer without changing state. This MUST
4817 * be repeated up to 'Max.Init.Retransmits' times. After that, the
4818 * endpoint MUST abort the initialization process and report the
4819 * error to SCTP user.
4825 sctp_disposition_t sctp_sf_t1_init_timer_expire(const struct sctp_endpoint *ep,
4826 const struct sctp_association *asoc,
4827 const sctp_subtype_t type,
4829 sctp_cmd_seq_t *commands)
4831 struct sctp_chunk *repl = NULL;
4832 struct sctp_bind_addr *bp;
4833 int attempts = asoc->init_err_counter + 1;
4835 SCTP_DEBUG_PRINTK("Timer T1 expired (INIT).\n");
4836 SCTP_INC_STATS(SCTP_MIB_T1_INIT_EXPIREDS);
4838 if (attempts <= asoc->max_init_attempts) {
4839 bp = (struct sctp_bind_addr *) &asoc->base.bind_addr;
4840 repl = sctp_make_init(asoc, bp, GFP_ATOMIC, 0);
4842 return SCTP_DISPOSITION_NOMEM;
4844 /* Choose transport for INIT. */
4845 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_CHOOSE_TRANSPORT,
4848 /* Issue a sideeffect to do the needed accounting. */
4849 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_RESTART,
4850 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
4852 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
4854 SCTP_DEBUG_PRINTK("Giving up on INIT, attempts: %d"
4855 " max_init_attempts: %d\n",
4856 attempts, asoc->max_init_attempts);
4857 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
4858 SCTP_ERROR(ETIMEDOUT));
4859 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
4860 SCTP_PERR(SCTP_ERROR_NO_ERROR));
4861 return SCTP_DISPOSITION_DELETE_TCB;
4864 return SCTP_DISPOSITION_CONSUME;
4868 * sctp_sf_t1_cookie_timer_expire
4870 * Section: 4 Note: 2
4875 * RFC 2960 Section 4 Notes
4876 * 3) If the T1-cookie timer expires, the endpoint MUST retransmit
4877 * COOKIE ECHO and re-start the T1-cookie timer without changing
4878 * state. This MUST be repeated up to 'Max.Init.Retransmits' times.
4879 * After that, the endpoint MUST abort the initialization process and
4880 * report the error to SCTP user.
4886 sctp_disposition_t sctp_sf_t1_cookie_timer_expire(const struct sctp_endpoint *ep,
4887 const struct sctp_association *asoc,
4888 const sctp_subtype_t type,
4890 sctp_cmd_seq_t *commands)
4892 struct sctp_chunk *repl = NULL;
4893 int attempts = asoc->init_err_counter + 1;
4895 SCTP_DEBUG_PRINTK("Timer T1 expired (COOKIE-ECHO).\n");
4896 SCTP_INC_STATS(SCTP_MIB_T1_COOKIE_EXPIREDS);
4898 if (attempts <= asoc->max_init_attempts) {
4899 repl = sctp_make_cookie_echo(asoc, NULL);
4901 return SCTP_DISPOSITION_NOMEM;
4903 /* Issue a sideeffect to do the needed accounting. */
4904 sctp_add_cmd_sf(commands, SCTP_CMD_COOKIEECHO_RESTART,
4905 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
4907 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
4909 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
4910 SCTP_ERROR(ETIMEDOUT));
4911 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
4912 SCTP_PERR(SCTP_ERROR_NO_ERROR));
4913 return SCTP_DISPOSITION_DELETE_TCB;
4916 return SCTP_DISPOSITION_CONSUME;
4919 /* RFC2960 9.2 If the timer expires, the endpoint must re-send the SHUTDOWN
4920 * with the updated last sequential TSN received from its peer.
4922 * An endpoint should limit the number of retransmissions of the
4923 * SHUTDOWN chunk to the protocol parameter 'Association.Max.Retrans'.
4924 * If this threshold is exceeded the endpoint should destroy the TCB and
4925 * MUST report the peer endpoint unreachable to the upper layer (and
4926 * thus the association enters the CLOSED state). The reception of any
4927 * packet from its peer (i.e. as the peer sends all of its queued DATA
4928 * chunks) should clear the endpoint's retransmission count and restart
4929 * the T2-Shutdown timer, giving its peer ample opportunity to transmit
4930 * all of its queued DATA chunks that have not yet been sent.
4932 sctp_disposition_t sctp_sf_t2_timer_expire(const struct sctp_endpoint *ep,
4933 const struct sctp_association *asoc,
4934 const sctp_subtype_t type,
4936 sctp_cmd_seq_t *commands)
4938 struct sctp_chunk *reply = NULL;
4940 SCTP_DEBUG_PRINTK("Timer T2 expired.\n");
4941 SCTP_INC_STATS(SCTP_MIB_T2_SHUTDOWN_EXPIREDS);
4943 if (asoc->overall_error_count >= asoc->max_retrans) {
4944 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
4945 SCTP_ERROR(ETIMEDOUT));
4946 /* Note: CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
4947 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4948 SCTP_PERR(SCTP_ERROR_NO_ERROR));
4949 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
4950 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
4951 return SCTP_DISPOSITION_DELETE_TCB;
4954 switch (asoc->state) {
4955 case SCTP_STATE_SHUTDOWN_SENT:
4956 reply = sctp_make_shutdown(asoc, NULL);
4959 case SCTP_STATE_SHUTDOWN_ACK_SENT:
4960 reply = sctp_make_shutdown_ack(asoc, NULL);
4971 /* Do some failure management (Section 8.2). */
4972 sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE,
4973 SCTP_TRANSPORT(asoc->shutdown_last_sent_to));
4975 /* Set the transport for the SHUTDOWN/ACK chunk and the timeout for
4976 * the T2-shutdown timer.
4978 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
4980 /* Restart the T2-shutdown timer. */
4981 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
4982 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
4983 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
4984 return SCTP_DISPOSITION_CONSUME;
4987 return SCTP_DISPOSITION_NOMEM;
4991 * ADDIP Section 4.1 ASCONF CHunk Procedures
4992 * If the T4 RTO timer expires the endpoint should do B1 to B5
4994 sctp_disposition_t sctp_sf_t4_timer_expire(
4995 const struct sctp_endpoint *ep,
4996 const struct sctp_association *asoc,
4997 const sctp_subtype_t type,
4999 sctp_cmd_seq_t *commands)
5001 struct sctp_chunk *chunk = asoc->addip_last_asconf;
5002 struct sctp_transport *transport = chunk->transport;
5004 SCTP_INC_STATS(SCTP_MIB_T4_RTO_EXPIREDS);
5006 /* ADDIP 4.1 B1) Increment the error counters and perform path failure
5007 * detection on the appropriate destination address as defined in
5008 * RFC2960 [5] section 8.1 and 8.2.
5010 sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE, SCTP_TRANSPORT(transport));
5012 /* Reconfig T4 timer and transport. */
5013 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T4, SCTP_CHUNK(chunk));
5015 /* ADDIP 4.1 B2) Increment the association error counters and perform
5016 * endpoint failure detection on the association as defined in
5017 * RFC2960 [5] section 8.1 and 8.2.
5018 * association error counter is incremented in SCTP_CMD_STRIKE.
5020 if (asoc->overall_error_count >= asoc->max_retrans) {
5021 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
5022 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
5023 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
5024 SCTP_ERROR(ETIMEDOUT));
5025 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
5026 SCTP_PERR(SCTP_ERROR_NO_ERROR));
5027 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
5028 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
5029 return SCTP_DISPOSITION_ABORT;
5032 /* ADDIP 4.1 B3) Back-off the destination address RTO value to which
5033 * the ASCONF chunk was sent by doubling the RTO timer value.
5034 * This is done in SCTP_CMD_STRIKE.
5037 /* ADDIP 4.1 B4) Re-transmit the ASCONF Chunk last sent and if possible
5038 * choose an alternate destination address (please refer to RFC2960
5039 * [5] section 6.4.1). An endpoint MUST NOT add new parameters to this
5040 * chunk, it MUST be the same (including its serial number) as the last
5043 sctp_chunk_hold(asoc->addip_last_asconf);
5044 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
5045 SCTP_CHUNK(asoc->addip_last_asconf));
5047 /* ADDIP 4.1 B5) Restart the T-4 RTO timer. Note that if a different
5048 * destination is selected, then the RTO used will be that of the new
5049 * destination address.
5051 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
5052 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
5054 return SCTP_DISPOSITION_CONSUME;
5057 /* sctpimpguide-05 Section 2.12.2
5058 * The sender of the SHUTDOWN MAY also start an overall guard timer
5059 * 'T5-shutdown-guard' to bound the overall time for shutdown sequence.
5060 * At the expiration of this timer the sender SHOULD abort the association
5061 * by sending an ABORT chunk.
5063 sctp_disposition_t sctp_sf_t5_timer_expire(const struct sctp_endpoint *ep,
5064 const struct sctp_association *asoc,
5065 const sctp_subtype_t type,
5067 sctp_cmd_seq_t *commands)
5069 struct sctp_chunk *reply = NULL;
5071 SCTP_DEBUG_PRINTK("Timer T5 expired.\n");
5072 SCTP_INC_STATS(SCTP_MIB_T5_SHUTDOWN_GUARD_EXPIREDS);
5074 reply = sctp_make_abort(asoc, NULL, 0);
5078 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
5079 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
5080 SCTP_ERROR(ETIMEDOUT));
5081 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
5082 SCTP_PERR(SCTP_ERROR_NO_ERROR));
5084 return SCTP_DISPOSITION_DELETE_TCB;
5086 return SCTP_DISPOSITION_NOMEM;
5089 /* Handle expiration of AUTOCLOSE timer. When the autoclose timer expires,
5090 * the association is automatically closed by starting the shutdown process.
5091 * The work that needs to be done is same as when SHUTDOWN is initiated by
5092 * the user. So this routine looks same as sctp_sf_do_9_2_prm_shutdown().
5094 sctp_disposition_t sctp_sf_autoclose_timer_expire(
5095 const struct sctp_endpoint *ep,
5096 const struct sctp_association *asoc,
5097 const sctp_subtype_t type,
5099 sctp_cmd_seq_t *commands)
5103 SCTP_INC_STATS(SCTP_MIB_AUTOCLOSE_EXPIREDS);
5105 /* From 9.2 Shutdown of an Association
5106 * Upon receipt of the SHUTDOWN primitive from its upper
5107 * layer, the endpoint enters SHUTDOWN-PENDING state and
5108 * remains there until all outstanding data has been
5109 * acknowledged by its peer. The endpoint accepts no new data
5110 * from its upper layer, but retransmits data to the far end
5111 * if necessary to fill gaps.
5113 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
5114 SCTP_STATE(SCTP_STATE_SHUTDOWN_PENDING));
5116 /* sctpimpguide-05 Section 2.12.2
5117 * The sender of the SHUTDOWN MAY also start an overall guard timer
5118 * 'T5-shutdown-guard' to bound the overall time for shutdown sequence.
5120 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
5121 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
5122 disposition = SCTP_DISPOSITION_CONSUME;
5123 if (sctp_outq_is_empty(&asoc->outqueue)) {
5124 disposition = sctp_sf_do_9_2_start_shutdown(ep, asoc, type,
5130 /*****************************************************************************
5131 * These are sa state functions which could apply to all types of events.
5132 ****************************************************************************/
5135 * This table entry is not implemented.
5138 * (endpoint, asoc, chunk)
5140 * The return value is the disposition of the chunk.
5142 sctp_disposition_t sctp_sf_not_impl(const struct sctp_endpoint *ep,
5143 const struct sctp_association *asoc,
5144 const sctp_subtype_t type,
5146 sctp_cmd_seq_t *commands)
5148 return SCTP_DISPOSITION_NOT_IMPL;
5152 * This table entry represents a bug.
5155 * (endpoint, asoc, chunk)
5157 * The return value is the disposition of the chunk.
5159 sctp_disposition_t sctp_sf_bug(const struct sctp_endpoint *ep,
5160 const struct sctp_association *asoc,
5161 const sctp_subtype_t type,
5163 sctp_cmd_seq_t *commands)
5165 return SCTP_DISPOSITION_BUG;
5169 * This table entry represents the firing of a timer in the wrong state.
5170 * Since timer deletion cannot be guaranteed a timer 'may' end up firing
5171 * when the association is in the wrong state. This event should
5172 * be ignored, so as to prevent any rearming of the timer.
5175 * (endpoint, asoc, chunk)
5177 * The return value is the disposition of the chunk.
5179 sctp_disposition_t sctp_sf_timer_ignore(const struct sctp_endpoint *ep,
5180 const struct sctp_association *asoc,
5181 const sctp_subtype_t type,
5183 sctp_cmd_seq_t *commands)
5185 SCTP_DEBUG_PRINTK("Timer %d ignored.\n", type.chunk);
5186 return SCTP_DISPOSITION_CONSUME;
5189 /********************************************************************
5190 * 2nd Level Abstractions
5191 ********************************************************************/
5193 /* Pull the SACK chunk based on the SACK header. */
5194 static struct sctp_sackhdr *sctp_sm_pull_sack(struct sctp_chunk *chunk)
5196 struct sctp_sackhdr *sack;
5201 /* Protect ourselves from reading too far into
5202 * the skb from a bogus sender.
5204 sack = (struct sctp_sackhdr *) chunk->skb->data;
5206 num_blocks = ntohs(sack->num_gap_ack_blocks);
5207 num_dup_tsns = ntohs(sack->num_dup_tsns);
5208 len = sizeof(struct sctp_sackhdr);
5209 len += (num_blocks + num_dup_tsns) * sizeof(__u32);
5210 if (len > chunk->skb->len)
5213 skb_pull(chunk->skb, len);
5218 /* Create an ABORT packet to be sent as a response, with the specified
5221 static struct sctp_packet *sctp_abort_pkt_new(const struct sctp_endpoint *ep,
5222 const struct sctp_association *asoc,
5223 struct sctp_chunk *chunk,
5224 const void *payload,
5227 struct sctp_packet *packet;
5228 struct sctp_chunk *abort;
5230 packet = sctp_ootb_pkt_new(asoc, chunk);
5234 * The T bit will be set if the asoc is NULL.
5236 abort = sctp_make_abort(asoc, chunk, paylen);
5238 sctp_ootb_pkt_free(packet);
5242 /* Reflect vtag if T-Bit is set */
5243 if (sctp_test_T_bit(abort))
5244 packet->vtag = ntohl(chunk->sctp_hdr->vtag);
5246 /* Add specified error causes, i.e., payload, to the
5249 sctp_addto_chunk(abort, paylen, payload);
5251 /* Set the skb to the belonging sock for accounting. */
5252 abort->skb->sk = ep->base.sk;
5254 sctp_packet_append_chunk(packet, abort);
5261 /* Allocate a packet for responding in the OOTB conditions. */
5262 static struct sctp_packet *sctp_ootb_pkt_new(const struct sctp_association *asoc,
5263 const struct sctp_chunk *chunk)
5265 struct sctp_packet *packet;
5266 struct sctp_transport *transport;
5271 /* Get the source and destination port from the inbound packet. */
5272 sport = ntohs(chunk->sctp_hdr->dest);
5273 dport = ntohs(chunk->sctp_hdr->source);
5275 /* The V-tag is going to be the same as the inbound packet if no
5276 * association exists, otherwise, use the peer's vtag.
5279 /* Special case the INIT-ACK as there is no peer's vtag
5282 switch(chunk->chunk_hdr->type) {
5283 case SCTP_CID_INIT_ACK:
5285 sctp_initack_chunk_t *initack;
5287 initack = (sctp_initack_chunk_t *)chunk->chunk_hdr;
5288 vtag = ntohl(initack->init_hdr.init_tag);
5292 vtag = asoc->peer.i.init_tag;
5296 /* Special case the INIT and stale COOKIE_ECHO as there is no
5299 switch(chunk->chunk_hdr->type) {
5302 sctp_init_chunk_t *init;
5304 init = (sctp_init_chunk_t *)chunk->chunk_hdr;
5305 vtag = ntohl(init->init_hdr.init_tag);
5309 vtag = ntohl(chunk->sctp_hdr->vtag);
5314 /* Make a transport for the bucket, Eliza... */
5315 transport = sctp_transport_new(sctp_source(chunk), GFP_ATOMIC);
5319 /* Cache a route for the transport with the chunk's destination as
5320 * the source address.
5322 sctp_transport_route(transport, (union sctp_addr *)&chunk->dest,
5323 sctp_sk(sctp_get_ctl_sock()));
5325 packet = sctp_packet_init(&transport->packet, transport, sport, dport);
5326 packet = sctp_packet_config(packet, vtag, 0);
5334 /* Free the packet allocated earlier for responding in the OOTB condition. */
5335 void sctp_ootb_pkt_free(struct sctp_packet *packet)
5337 sctp_transport_free(packet->transport);
5340 /* Send a stale cookie error when a invalid COOKIE ECHO chunk is found */
5341 static void sctp_send_stale_cookie_err(const struct sctp_endpoint *ep,
5342 const struct sctp_association *asoc,
5343 const struct sctp_chunk *chunk,
5344 sctp_cmd_seq_t *commands,
5345 struct sctp_chunk *err_chunk)
5347 struct sctp_packet *packet;
5350 packet = sctp_ootb_pkt_new(asoc, chunk);
5352 struct sctp_signed_cookie *cookie;
5354 /* Override the OOTB vtag from the cookie. */
5355 cookie = chunk->subh.cookie_hdr;
5356 packet->vtag = cookie->c.peer_vtag;
5358 /* Set the skb to the belonging sock for accounting. */
5359 err_chunk->skb->sk = ep->base.sk;
5360 sctp_packet_append_chunk(packet, err_chunk);
5361 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
5362 SCTP_PACKET(packet));
5363 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
5365 sctp_chunk_free (err_chunk);
5370 /* Process a data chunk */
5371 static int sctp_eat_data(const struct sctp_association *asoc,
5372 struct sctp_chunk *chunk,
5373 sctp_cmd_seq_t *commands)
5375 sctp_datahdr_t *data_hdr;
5376 struct sctp_chunk *err;
5378 sctp_verb_t deliver;
5382 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
5383 struct sock *sk = asoc->base.sk;
5384 int rcvbuf_over = 0;
5386 data_hdr = chunk->subh.data_hdr = (sctp_datahdr_t *)chunk->skb->data;
5387 skb_pull(chunk->skb, sizeof(sctp_datahdr_t));
5389 tsn = ntohl(data_hdr->tsn);
5390 SCTP_DEBUG_PRINTK("eat_data: TSN 0x%x.\n", tsn);
5392 /* ASSERT: Now skb->data is really the user data. */
5395 * If we are established, and we have used up our receive buffer
5396 * memory, think about droping the frame.
5397 * Note that we have an opportunity to improve performance here.
5398 * If we accept one chunk from an skbuff, we have to keep all the
5399 * memory of that skbuff around until the chunk is read into user
5400 * space. Therefore, once we accept 1 chunk we may as well accept all
5401 * remaining chunks in the skbuff. The data_accepted flag helps us do
5404 if ((asoc->state == SCTP_STATE_ESTABLISHED) && (!chunk->data_accepted)) {
5406 * If the receive buffer policy is 1, then each
5407 * association can allocate up to sk_rcvbuf bytes
5408 * otherwise, all the associations in aggregate
5409 * may allocate up to sk_rcvbuf bytes
5411 if (asoc->ep->rcvbuf_policy)
5412 account_value = atomic_read(&asoc->rmem_alloc);
5414 account_value = atomic_read(&sk->sk_rmem_alloc);
5415 if (account_value > sk->sk_rcvbuf) {
5417 * We need to make forward progress, even when we are
5418 * under memory pressure, so we always allow the
5419 * next tsn after the ctsn ack point to be accepted.
5420 * This lets us avoid deadlocks in which we have to
5421 * drop frames that would otherwise let us drain the
5424 if ((sctp_tsnmap_get_ctsn(map) + 1) != tsn)
5425 return SCTP_IERROR_IGNORE_TSN;
5428 * We're going to accept the frame but we should renege
5429 * to make space for it. This will send us down that
5430 * path later in this function.
5436 /* Process ECN based congestion.
5438 * Since the chunk structure is reused for all chunks within
5439 * a packet, we use ecn_ce_done to track if we've already
5440 * done CE processing for this packet.
5442 * We need to do ECN processing even if we plan to discard the
5446 if (!chunk->ecn_ce_done) {
5448 chunk->ecn_ce_done = 1;
5450 af = sctp_get_af_specific(
5451 ipver2af(ip_hdr(chunk->skb)->version));
5453 if (af && af->is_ce(chunk->skb) && asoc->peer.ecn_capable) {
5454 /* Do real work as sideffect. */
5455 sctp_add_cmd_sf(commands, SCTP_CMD_ECN_CE,
5460 tmp = sctp_tsnmap_check(&asoc->peer.tsn_map, tsn);
5462 /* The TSN is too high--silently discard the chunk and
5463 * count on it getting retransmitted later.
5465 return SCTP_IERROR_HIGH_TSN;
5466 } else if (tmp > 0) {
5467 /* This is a duplicate. Record it. */
5468 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_DUP, SCTP_U32(tsn));
5469 return SCTP_IERROR_DUP_TSN;
5472 /* This is a new TSN. */
5474 /* Discard if there is no room in the receive window.
5475 * Actually, allow a little bit of overflow (up to a MTU).
5477 datalen = ntohs(chunk->chunk_hdr->length);
5478 datalen -= sizeof(sctp_data_chunk_t);
5480 deliver = SCTP_CMD_CHUNK_ULP;
5482 /* Think about partial delivery. */
5483 if ((datalen >= asoc->rwnd) && (!asoc->ulpq.pd_mode)) {
5485 /* Even if we don't accept this chunk there is
5488 sctp_add_cmd_sf(commands, SCTP_CMD_PART_DELIVER, SCTP_NULL());
5491 /* Spill over rwnd a little bit. Note: While allowed, this spill over
5492 * seems a bit troublesome in that frag_point varies based on
5493 * PMTU. In cases, such as loopback, this might be a rather
5495 * NOTE: If we have a full receive buffer here, we only renege if
5496 * our receiver can still make progress without the tsn being
5497 * received. We do this because in the event that the associations
5498 * receive queue is empty we are filling a leading gap, and since
5499 * reneging moves the gap to the end of the tsn stream, we are likely
5500 * to stall again very shortly. Avoiding the renege when we fill a
5501 * leading gap is a good heuristic for avoiding such steady state
5504 if (!asoc->rwnd || asoc->rwnd_over ||
5505 (datalen > asoc->rwnd + asoc->frag_point) ||
5506 (rcvbuf_over && (!skb_queue_len(&sk->sk_receive_queue)))) {
5508 /* If this is the next TSN, consider reneging to make
5509 * room. Note: Playing nice with a confused sender. A
5510 * malicious sender can still eat up all our buffer
5511 * space and in the future we may want to detect and
5512 * do more drastic reneging.
5514 if (sctp_tsnmap_has_gap(map) &&
5515 (sctp_tsnmap_get_ctsn(map) + 1) == tsn) {
5516 SCTP_DEBUG_PRINTK("Reneging for tsn:%u\n", tsn);
5517 deliver = SCTP_CMD_RENEGE;
5519 SCTP_DEBUG_PRINTK("Discard tsn: %u len: %Zd, "
5520 "rwnd: %d\n", tsn, datalen,
5522 return SCTP_IERROR_IGNORE_TSN;
5527 * Section 3.3.10.9 No User Data (9)
5531 * No User Data: This error cause is returned to the originator of a
5532 * DATA chunk if a received DATA chunk has no user data.
5534 if (unlikely(0 == datalen)) {
5535 err = sctp_make_abort_no_data(asoc, chunk, tsn);
5537 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
5540 /* We are going to ABORT, so we might as well stop
5541 * processing the rest of the chunks in the packet.
5543 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL());
5544 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
5545 SCTP_ERROR(ECONNABORTED));
5546 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
5547 SCTP_PERR(SCTP_ERROR_NO_DATA));
5548 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
5549 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
5550 return SCTP_IERROR_NO_DATA;
5553 /* If definately accepting the DATA chunk, record its TSN, otherwise
5554 * wait for renege processing.
5556 if (SCTP_CMD_CHUNK_ULP == deliver)
5557 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_TSN, SCTP_U32(tsn));
5559 chunk->data_accepted = 1;
5561 /* Note: Some chunks may get overcounted (if we drop) or overcounted
5562 * if we renege and the chunk arrives again.
5564 if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED)
5565 SCTP_INC_STATS(SCTP_MIB_INUNORDERCHUNKS);
5567 SCTP_INC_STATS(SCTP_MIB_INORDERCHUNKS);
5569 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number
5571 * If an endpoint receive a DATA chunk with an invalid stream
5572 * identifier, it shall acknowledge the reception of the DATA chunk
5573 * following the normal procedure, immediately send an ERROR chunk
5574 * with cause set to "Invalid Stream Identifier" (See Section 3.3.10)
5575 * and discard the DATA chunk.
5577 if (ntohs(data_hdr->stream) >= asoc->c.sinit_max_instreams) {
5578 err = sctp_make_op_error(asoc, chunk, SCTP_ERROR_INV_STRM,
5580 sizeof(data_hdr->stream));
5582 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
5584 return SCTP_IERROR_BAD_STREAM;
5587 /* Send the data up to the user. Note: Schedule the
5588 * SCTP_CMD_CHUNK_ULP cmd before the SCTP_CMD_GEN_SACK, as the SACK
5589 * chunk needs the updated rwnd.
5591 sctp_add_cmd_sf(commands, deliver, SCTP_CHUNK(chunk));
5593 return SCTP_IERROR_NO_ERROR;