/* SCTP kernel implementation1* Copyright (c) 1999-2000 Cisco, Inc.2* Copyright (c) 1999-2001 Motorola, Inc.3* Copyright (c) 2001-2002 International Business Machines, Corp.4* Copyright (c) 2001 Intel Corp.5* Copyright (c) 2001 Nokia, Inc.6* Copyright (c) 2001 La Monte H.P. Yarroll7*8* This file is part of the SCTP kernel implementation9*10* This abstraction represents an SCTP endpoint.11*12* The SCTP implementation is free software;13* you can redistribute it and/or modify it under the terms of14* the GNU General Public License as published by15* the Free Software Foundation; either version 2, or (at your option)16* any later version.17*18* The SCTP implementation is distributed in the hope that it19* will be useful, but WITHOUT ANY WARRANTY; without even the implied20* ************************21* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.22* See the GNU General Public License for more details.23*24* You should have received a copy of the GNU General Public License25* along with GNU CC; see the file COPYING. If not, write to26* the Free Software Foundation, 59 Temple Place - Suite 330,27* Boston, MA 02111-1307, USA.28*29* Please send any bug reports or fixes you make to the30* email address(es):31* lksctp developers <[email protected]>32*33* Or submit a bug report through the following website:34* http://www.sf.net/projects/lksctp35*36* Written or modified by:37* La Monte H.P. Yarroll <[email protected]>38* Karl Knutson <[email protected]>39* Jon Grimm <[email protected]>40* Daisy Chang <[email protected]>41* Dajiang Zhang <[email protected]>42*43* Any bugs reported given to us we will try to fix... any fixes shared will44* be incorporated into the next SCTP release.45*/4647#include <linux/types.h>48#include <linux/slab.h>49#include <linux/in.h>50#include <linux/random.h> /* get_random_bytes() */51#include <linux/crypto.h>52#include <net/sock.h>53#include <net/ipv6.h>54#include <net/sctp/sctp.h>55#include <net/sctp/sm.h>5657/* Forward declarations for internal helpers. */58static void sctp_endpoint_bh_rcv(struct work_struct *work);5960/*61* Initialize the base fields of the endpoint structure.62*/63static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,64struct sock *sk,65gfp_t gfp)66{67struct sctp_hmac_algo_param *auth_hmacs = NULL;68struct sctp_chunks_param *auth_chunks = NULL;69struct sctp_shared_key *null_key;70int err;7172ep->digest = kzalloc(SCTP_SIGNATURE_SIZE, gfp);73if (!ep->digest)74return NULL;7576if (sctp_auth_enable) {77/* Allocate space for HMACS and CHUNKS authentication78* variables. There are arrays that we encode directly79* into parameters to make the rest of the operations easier.80*/81auth_hmacs = kzalloc(sizeof(sctp_hmac_algo_param_t) +82sizeof(__u16) * SCTP_AUTH_NUM_HMACS, gfp);83if (!auth_hmacs)84goto nomem;8586auth_chunks = kzalloc(sizeof(sctp_chunks_param_t) +87SCTP_NUM_CHUNK_TYPES, gfp);88if (!auth_chunks)89goto nomem;9091/* Initialize the HMACS parameter.92* SCTP-AUTH: Section 3.393* Every endpoint supporting SCTP chunk authentication MUST94* support the HMAC based on the SHA-1 algorithm.95*/96auth_hmacs->param_hdr.type = SCTP_PARAM_HMAC_ALGO;97auth_hmacs->param_hdr.length =98htons(sizeof(sctp_paramhdr_t) + 2);99auth_hmacs->hmac_ids[0] = htons(SCTP_AUTH_HMAC_ID_SHA1);100101/* Initialize the CHUNKS parameter */102auth_chunks->param_hdr.type = SCTP_PARAM_CHUNKS;103auth_chunks->param_hdr.length = htons(sizeof(sctp_paramhdr_t));104105/* If the Add-IP functionality is enabled, we must106* authenticate, ASCONF and ASCONF-ACK chunks107*/108if (sctp_addip_enable) {109auth_chunks->chunks[0] = SCTP_CID_ASCONF;110auth_chunks->chunks[1] = SCTP_CID_ASCONF_ACK;111auth_chunks->param_hdr.length =112htons(sizeof(sctp_paramhdr_t) + 2);113}114}115116/* Initialize the base structure. */117/* What type of endpoint are we? */118ep->base.type = SCTP_EP_TYPE_SOCKET;119120/* Initialize the basic object fields. */121atomic_set(&ep->base.refcnt, 1);122ep->base.dead = 0;123ep->base.malloced = 1;124125/* Create an input queue. */126sctp_inq_init(&ep->base.inqueue);127128/* Set its top-half handler */129sctp_inq_set_th_handler(&ep->base.inqueue, sctp_endpoint_bh_rcv);130131/* Initialize the bind addr area */132sctp_bind_addr_init(&ep->base.bind_addr, 0);133134/* Remember who we are attached to. */135ep->base.sk = sk;136sock_hold(ep->base.sk);137138/* Create the lists of associations. */139INIT_LIST_HEAD(&ep->asocs);140141/* Use SCTP specific send buffer space queues. */142ep->sndbuf_policy = sctp_sndbuf_policy;143144sk->sk_data_ready = sctp_data_ready;145sk->sk_write_space = sctp_write_space;146sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);147148/* Get the receive buffer policy for this endpoint */149ep->rcvbuf_policy = sctp_rcvbuf_policy;150151/* Initialize the secret key used with cookie. */152get_random_bytes(&ep->secret_key[0], SCTP_SECRET_SIZE);153ep->last_key = ep->current_key = 0;154ep->key_changed_at = jiffies;155156/* SCTP-AUTH extensions*/157INIT_LIST_HEAD(&ep->endpoint_shared_keys);158null_key = sctp_auth_shkey_create(0, GFP_KERNEL);159if (!null_key)160goto nomem;161162list_add(&null_key->key_list, &ep->endpoint_shared_keys);163164/* Allocate and initialize transorms arrays for suported HMACs. */165err = sctp_auth_init_hmacs(ep, gfp);166if (err)167goto nomem_hmacs;168169/* Add the null key to the endpoint shared keys list and170* set the hmcas and chunks pointers.171*/172ep->auth_hmacs_list = auth_hmacs;173ep->auth_chunk_list = auth_chunks;174175return ep;176177nomem_hmacs:178sctp_auth_destroy_keys(&ep->endpoint_shared_keys);179nomem:180/* Free all allocations */181kfree(auth_hmacs);182kfree(auth_chunks);183kfree(ep->digest);184return NULL;185186}187188/* Create a sctp_endpoint with all that boring stuff initialized.189* Returns NULL if there isn't enough memory.190*/191struct sctp_endpoint *sctp_endpoint_new(struct sock *sk, gfp_t gfp)192{193struct sctp_endpoint *ep;194195/* Build a local endpoint. */196ep = t_new(struct sctp_endpoint, gfp);197if (!ep)198goto fail;199if (!sctp_endpoint_init(ep, sk, gfp))200goto fail_init;201ep->base.malloced = 1;202SCTP_DBG_OBJCNT_INC(ep);203return ep;204205fail_init:206kfree(ep);207fail:208return NULL;209}210211/* Add an association to an endpoint. */212void sctp_endpoint_add_asoc(struct sctp_endpoint *ep,213struct sctp_association *asoc)214{215struct sock *sk = ep->base.sk;216217/* If this is a temporary association, don't bother218* since we'll be removing it shortly and don't219* want anyone to find it anyway.220*/221if (asoc->temp)222return;223224/* Now just add it to our list of asocs */225list_add_tail(&asoc->asocs, &ep->asocs);226227/* Increment the backlog value for a TCP-style listening socket. */228if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING))229sk->sk_ack_backlog++;230}231232/* Free the endpoint structure. Delay cleanup until233* all users have released their reference count on this structure.234*/235void sctp_endpoint_free(struct sctp_endpoint *ep)236{237ep->base.dead = 1;238239ep->base.sk->sk_state = SCTP_SS_CLOSED;240241/* Unlink this endpoint, so we can't find it again! */242sctp_unhash_endpoint(ep);243244sctp_endpoint_put(ep);245}246247/* Final destructor for endpoint. */248static void sctp_endpoint_destroy(struct sctp_endpoint *ep)249{250SCTP_ASSERT(ep->base.dead, "Endpoint is not dead", return);251252/* Free up the HMAC transform. */253crypto_free_hash(sctp_sk(ep->base.sk)->hmac);254255/* Free the digest buffer */256kfree(ep->digest);257258/* SCTP-AUTH: Free up AUTH releated data such as shared keys259* chunks and hmacs arrays that were allocated260*/261sctp_auth_destroy_keys(&ep->endpoint_shared_keys);262kfree(ep->auth_hmacs_list);263kfree(ep->auth_chunk_list);264265/* AUTH - Free any allocated HMAC transform containers */266sctp_auth_destroy_hmacs(ep->auth_hmacs);267268/* Cleanup. */269sctp_inq_free(&ep->base.inqueue);270sctp_bind_addr_free(&ep->base.bind_addr);271272/* Remove and free the port */273if (sctp_sk(ep->base.sk)->bind_hash)274sctp_put_port(ep->base.sk);275276/* Give up our hold on the sock. */277if (ep->base.sk)278sock_put(ep->base.sk);279280/* Finally, free up our memory. */281if (ep->base.malloced) {282kfree(ep);283SCTP_DBG_OBJCNT_DEC(ep);284}285}286287/* Hold a reference to an endpoint. */288void sctp_endpoint_hold(struct sctp_endpoint *ep)289{290atomic_inc(&ep->base.refcnt);291}292293/* Release a reference to an endpoint and clean up if there are294* no more references.295*/296void sctp_endpoint_put(struct sctp_endpoint *ep)297{298if (atomic_dec_and_test(&ep->base.refcnt))299sctp_endpoint_destroy(ep);300}301302/* Is this the endpoint we are looking for? */303struct sctp_endpoint *sctp_endpoint_is_match(struct sctp_endpoint *ep,304const union sctp_addr *laddr)305{306struct sctp_endpoint *retval = NULL;307308if (htons(ep->base.bind_addr.port) == laddr->v4.sin_port) {309if (sctp_bind_addr_match(&ep->base.bind_addr, laddr,310sctp_sk(ep->base.sk)))311retval = ep;312}313314return retval;315}316317/* Find the association that goes with this chunk.318* We do a linear search of the associations for this endpoint.319* We return the matching transport address too.320*/321static struct sctp_association *__sctp_endpoint_lookup_assoc(322const struct sctp_endpoint *ep,323const union sctp_addr *paddr,324struct sctp_transport **transport)325{326struct sctp_association *asoc = NULL;327struct sctp_association *tmp;328struct sctp_transport *t = NULL;329struct sctp_hashbucket *head;330struct sctp_ep_common *epb;331struct hlist_node *node;332int hash;333int rport;334335*transport = NULL;336337/* If the local port is not set, there can't be any associations338* on this endpoint.339*/340if (!ep->base.bind_addr.port)341goto out;342343rport = ntohs(paddr->v4.sin_port);344345hash = sctp_assoc_hashfn(ep->base.bind_addr.port, rport);346head = &sctp_assoc_hashtable[hash];347read_lock(&head->lock);348sctp_for_each_hentry(epb, node, &head->chain) {349tmp = sctp_assoc(epb);350if (tmp->ep != ep || rport != tmp->peer.port)351continue;352353t = sctp_assoc_lookup_paddr(tmp, paddr);354if (t) {355asoc = tmp;356*transport = t;357break;358}359}360read_unlock(&head->lock);361out:362return asoc;363}364365/* Lookup association on an endpoint based on a peer address. BH-safe. */366struct sctp_association *sctp_endpoint_lookup_assoc(367const struct sctp_endpoint *ep,368const union sctp_addr *paddr,369struct sctp_transport **transport)370{371struct sctp_association *asoc;372373sctp_local_bh_disable();374asoc = __sctp_endpoint_lookup_assoc(ep, paddr, transport);375sctp_local_bh_enable();376377return asoc;378}379380/* Look for any peeled off association from the endpoint that matches the381* given peer address.382*/383int sctp_endpoint_is_peeled_off(struct sctp_endpoint *ep,384const union sctp_addr *paddr)385{386struct sctp_sockaddr_entry *addr;387struct sctp_bind_addr *bp;388389bp = &ep->base.bind_addr;390/* This function is called with the socket lock held,391* so the address_list can not change.392*/393list_for_each_entry(addr, &bp->address_list, list) {394if (sctp_has_association(&addr->a, paddr))395return 1;396}397398return 0;399}400401/* Do delayed input processing. This is scheduled by sctp_rcv().402* This may be called on BH or task time.403*/404static void sctp_endpoint_bh_rcv(struct work_struct *work)405{406struct sctp_endpoint *ep =407container_of(work, struct sctp_endpoint,408base.inqueue.immediate);409struct sctp_association *asoc;410struct sock *sk;411struct sctp_transport *transport;412struct sctp_chunk *chunk;413struct sctp_inq *inqueue;414sctp_subtype_t subtype;415sctp_state_t state;416int error = 0;417int first_time = 1; /* is this the first time through the looop */418419if (ep->base.dead)420return;421422asoc = NULL;423inqueue = &ep->base.inqueue;424sk = ep->base.sk;425426while (NULL != (chunk = sctp_inq_pop(inqueue))) {427subtype = SCTP_ST_CHUNK(chunk->chunk_hdr->type);428429/* If the first chunk in the packet is AUTH, do special430* processing specified in Section 6.3 of SCTP-AUTH spec431*/432if (first_time && (subtype.chunk == SCTP_CID_AUTH)) {433struct sctp_chunkhdr *next_hdr;434435next_hdr = sctp_inq_peek(inqueue);436if (!next_hdr)437goto normal;438439/* If the next chunk is COOKIE-ECHO, skip the AUTH440* chunk while saving a pointer to it so we can do441* Authentication later (during cookie-echo442* processing).443*/444if (next_hdr->type == SCTP_CID_COOKIE_ECHO) {445chunk->auth_chunk = skb_clone(chunk->skb,446GFP_ATOMIC);447chunk->auth = 1;448continue;449}450}451normal:452/* We might have grown an association since last we453* looked, so try again.454*455* This happens when we've just processed our456* COOKIE-ECHO chunk.457*/458if (NULL == chunk->asoc) {459asoc = sctp_endpoint_lookup_assoc(ep,460sctp_source(chunk),461&transport);462chunk->asoc = asoc;463chunk->transport = transport;464}465466state = asoc ? asoc->state : SCTP_STATE_CLOSED;467if (sctp_auth_recv_cid(subtype.chunk, asoc) && !chunk->auth)468continue;469470/* Remember where the last DATA chunk came from so we471* know where to send the SACK.472*/473if (asoc && sctp_chunk_is_data(chunk))474asoc->peer.last_data_from = chunk->transport;475else476SCTP_INC_STATS(SCTP_MIB_INCTRLCHUNKS);477478if (chunk->transport)479chunk->transport->last_time_heard = jiffies;480481error = sctp_do_sm(SCTP_EVENT_T_CHUNK, subtype, state,482ep, asoc, chunk, GFP_ATOMIC);483484if (error && chunk)485chunk->pdiscard = 1;486487/* Check to see if the endpoint is freed in response to488* the incoming chunk. If so, get out of the while loop.489*/490if (!sctp_sk(sk)->ep)491break;492493if (first_time)494first_time = 0;495}496}497498499