diff options
Diffstat (limited to 'net/sctp/sm_statefuns.c')
| -rw-r--r-- | net/sctp/sm_statefuns.c | 89 |
1 files changed, 67 insertions, 22 deletions
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index 76792083c379..7f4a4f8368ee 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c | |||
| @@ -393,8 +393,7 @@ sctp_disposition_t sctp_sf_do_5_1B_init(const struct sctp_endpoint *ep, | |||
| 393 | goto nomem_init; | 393 | goto nomem_init; |
| 394 | 394 | ||
| 395 | /* The call, sctp_process_init(), can fail on memory allocation. */ | 395 | /* The call, sctp_process_init(), can fail on memory allocation. */ |
| 396 | if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type, | 396 | if (!sctp_process_init(new_asoc, chunk, sctp_source(chunk), |
| 397 | sctp_source(chunk), | ||
| 398 | (sctp_init_chunk_t *)chunk->chunk_hdr, | 397 | (sctp_init_chunk_t *)chunk->chunk_hdr, |
| 399 | GFP_ATOMIC)) | 398 | GFP_ATOMIC)) |
| 400 | goto nomem_init; | 399 | goto nomem_init; |
| @@ -725,7 +724,7 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep, | |||
| 725 | */ | 724 | */ |
| 726 | peer_init = &chunk->subh.cookie_hdr->c.peer_init[0]; | 725 | peer_init = &chunk->subh.cookie_hdr->c.peer_init[0]; |
| 727 | 726 | ||
| 728 | if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type, | 727 | if (!sctp_process_init(new_asoc, chunk, |
| 729 | &chunk->subh.cookie_hdr->c.peer_addr, | 728 | &chunk->subh.cookie_hdr->c.peer_addr, |
| 730 | peer_init, GFP_ATOMIC)) | 729 | peer_init, GFP_ATOMIC)) |
| 731 | goto nomem_init; | 730 | goto nomem_init; |
| @@ -942,18 +941,9 @@ static sctp_disposition_t sctp_sf_heartbeat(const struct sctp_endpoint *ep, | |||
| 942 | { | 941 | { |
| 943 | struct sctp_transport *transport = (struct sctp_transport *) arg; | 942 | struct sctp_transport *transport = (struct sctp_transport *) arg; |
| 944 | struct sctp_chunk *reply; | 943 | struct sctp_chunk *reply; |
| 945 | sctp_sender_hb_info_t hbinfo; | ||
| 946 | size_t paylen = 0; | ||
| 947 | |||
| 948 | hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO; | ||
| 949 | hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t)); | ||
| 950 | hbinfo.daddr = transport->ipaddr; | ||
| 951 | hbinfo.sent_at = jiffies; | ||
| 952 | hbinfo.hb_nonce = transport->hb_nonce; | ||
| 953 | 944 | ||
| 954 | /* Send a heartbeat to our peer. */ | 945 | /* Send a heartbeat to our peer. */ |
| 955 | paylen = sizeof(sctp_sender_hb_info_t); | 946 | reply = sctp_make_heartbeat(asoc, transport); |
| 956 | reply = sctp_make_heartbeat(asoc, transport, &hbinfo, paylen); | ||
| 957 | if (!reply) | 947 | if (!reply) |
| 958 | return SCTP_DISPOSITION_NOMEM; | 948 | return SCTP_DISPOSITION_NOMEM; |
| 959 | 949 | ||
| @@ -1464,8 +1454,7 @@ static sctp_disposition_t sctp_sf_do_unexpected_init( | |||
| 1464 | * Verification Tag and Peers Verification tag into a reserved | 1454 | * Verification Tag and Peers Verification tag into a reserved |
| 1465 | * place (local tie-tag and per tie-tag) within the state cookie. | 1455 | * place (local tie-tag and per tie-tag) within the state cookie. |
| 1466 | */ | 1456 | */ |
| 1467 | if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type, | 1457 | if (!sctp_process_init(new_asoc, chunk, sctp_source(chunk), |
| 1468 | sctp_source(chunk), | ||
| 1469 | (sctp_init_chunk_t *)chunk->chunk_hdr, | 1458 | (sctp_init_chunk_t *)chunk->chunk_hdr, |
| 1470 | GFP_ATOMIC)) | 1459 | GFP_ATOMIC)) |
| 1471 | goto nomem; | 1460 | goto nomem; |
| @@ -1694,8 +1683,7 @@ static sctp_disposition_t sctp_sf_do_dupcook_a(const struct sctp_endpoint *ep, | |||
| 1694 | */ | 1683 | */ |
| 1695 | peer_init = &chunk->subh.cookie_hdr->c.peer_init[0]; | 1684 | peer_init = &chunk->subh.cookie_hdr->c.peer_init[0]; |
| 1696 | 1685 | ||
| 1697 | if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type, | 1686 | if (!sctp_process_init(new_asoc, chunk, sctp_source(chunk), peer_init, |
| 1698 | sctp_source(chunk), peer_init, | ||
| 1699 | GFP_ATOMIC)) | 1687 | GFP_ATOMIC)) |
| 1700 | goto nomem; | 1688 | goto nomem; |
| 1701 | 1689 | ||
| @@ -1780,8 +1768,7 @@ static sctp_disposition_t sctp_sf_do_dupcook_b(const struct sctp_endpoint *ep, | |||
| 1780 | * side effects--it is safe to run them here. | 1768 | * side effects--it is safe to run them here. |
| 1781 | */ | 1769 | */ |
| 1782 | peer_init = &chunk->subh.cookie_hdr->c.peer_init[0]; | 1770 | peer_init = &chunk->subh.cookie_hdr->c.peer_init[0]; |
| 1783 | if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type, | 1771 | if (!sctp_process_init(new_asoc, chunk, sctp_source(chunk), peer_init, |
| 1784 | sctp_source(chunk), peer_init, | ||
| 1785 | GFP_ATOMIC)) | 1772 | GFP_ATOMIC)) |
| 1786 | goto nomem; | 1773 | goto nomem; |
| 1787 | 1774 | ||
| @@ -2412,8 +2399,15 @@ static sctp_disposition_t __sctp_sf_do_9_1_abort(const struct sctp_endpoint *ep, | |||
| 2412 | 2399 | ||
| 2413 | /* See if we have an error cause code in the chunk. */ | 2400 | /* See if we have an error cause code in the chunk. */ |
| 2414 | len = ntohs(chunk->chunk_hdr->length); | 2401 | len = ntohs(chunk->chunk_hdr->length); |
| 2415 | if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr)) | 2402 | if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr)) { |
| 2403 | |||
| 2404 | sctp_errhdr_t *err; | ||
| 2405 | sctp_walk_errors(err, chunk->chunk_hdr); | ||
| 2406 | if ((void *)err != (void *)chunk->chunk_end) | ||
| 2407 | return sctp_sf_pdiscard(ep, asoc, type, arg, commands); | ||
| 2408 | |||
| 2416 | error = ((sctp_errhdr_t *)chunk->skb->data)->cause; | 2409 | error = ((sctp_errhdr_t *)chunk->skb->data)->cause; |
| 2410 | } | ||
| 2417 | 2411 | ||
| 2418 | sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNRESET)); | 2412 | sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNRESET)); |
| 2419 | /* ASSOC_FAILED will DELETE_TCB. */ | 2413 | /* ASSOC_FAILED will DELETE_TCB. */ |
| @@ -3204,6 +3198,7 @@ sctp_disposition_t sctp_sf_operr_notify(const struct sctp_endpoint *ep, | |||
| 3204 | sctp_cmd_seq_t *commands) | 3198 | sctp_cmd_seq_t *commands) |
| 3205 | { | 3199 | { |
| 3206 | struct sctp_chunk *chunk = arg; | 3200 | struct sctp_chunk *chunk = arg; |
| 3201 | sctp_errhdr_t *err; | ||
| 3207 | 3202 | ||
| 3208 | if (!sctp_vtag_verify(chunk, asoc)) | 3203 | if (!sctp_vtag_verify(chunk, asoc)) |
| 3209 | return sctp_sf_pdiscard(ep, asoc, type, arg, commands); | 3204 | return sctp_sf_pdiscard(ep, asoc, type, arg, commands); |
| @@ -3212,6 +3207,10 @@ sctp_disposition_t sctp_sf_operr_notify(const struct sctp_endpoint *ep, | |||
| 3212 | if (!sctp_chunk_length_valid(chunk, sizeof(sctp_operr_chunk_t))) | 3207 | if (!sctp_chunk_length_valid(chunk, sizeof(sctp_operr_chunk_t))) |
| 3213 | return sctp_sf_violation_chunklen(ep, asoc, type, arg, | 3208 | return sctp_sf_violation_chunklen(ep, asoc, type, arg, |
| 3214 | commands); | 3209 | commands); |
| 3210 | sctp_walk_errors(err, chunk->chunk_hdr); | ||
| 3211 | if ((void *)err != (void *)chunk->chunk_end) | ||
| 3212 | return sctp_sf_violation_paramlen(ep, asoc, type, arg, | ||
| 3213 | (void *)err, commands); | ||
| 3215 | 3214 | ||
| 3216 | sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_OPERR, | 3215 | sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_OPERR, |
| 3217 | SCTP_CHUNK(chunk)); | 3216 | SCTP_CHUNK(chunk)); |
| @@ -3320,8 +3319,10 @@ sctp_disposition_t sctp_sf_ootb(const struct sctp_endpoint *ep, | |||
| 3320 | struct sctp_chunk *chunk = arg; | 3319 | struct sctp_chunk *chunk = arg; |
| 3321 | struct sk_buff *skb = chunk->skb; | 3320 | struct sk_buff *skb = chunk->skb; |
| 3322 | sctp_chunkhdr_t *ch; | 3321 | sctp_chunkhdr_t *ch; |
| 3322 | sctp_errhdr_t *err; | ||
| 3323 | __u8 *ch_end; | 3323 | __u8 *ch_end; |
| 3324 | int ootb_shut_ack = 0; | 3324 | int ootb_shut_ack = 0; |
| 3325 | int ootb_cookie_ack = 0; | ||
| 3325 | 3326 | ||
| 3326 | SCTP_INC_STATS(SCTP_MIB_OUTOFBLUES); | 3327 | SCTP_INC_STATS(SCTP_MIB_OUTOFBLUES); |
| 3327 | 3328 | ||
| @@ -3346,6 +3347,23 @@ sctp_disposition_t sctp_sf_ootb(const struct sctp_endpoint *ep, | |||
| 3346 | if (SCTP_CID_ABORT == ch->type) | 3347 | if (SCTP_CID_ABORT == ch->type) |
| 3347 | return sctp_sf_pdiscard(ep, asoc, type, arg, commands); | 3348 | return sctp_sf_pdiscard(ep, asoc, type, arg, commands); |
| 3348 | 3349 | ||
| 3350 | /* RFC 8.4, 7) If the packet contains a "Stale cookie" ERROR | ||
| 3351 | * or a COOKIE ACK the SCTP Packet should be silently | ||
| 3352 | * discarded. | ||
| 3353 | */ | ||
| 3354 | |||
| 3355 | if (SCTP_CID_COOKIE_ACK == ch->type) | ||
| 3356 | ootb_cookie_ack = 1; | ||
| 3357 | |||
| 3358 | if (SCTP_CID_ERROR == ch->type) { | ||
| 3359 | sctp_walk_errors(err, ch) { | ||
| 3360 | if (SCTP_ERROR_STALE_COOKIE == err->cause) { | ||
| 3361 | ootb_cookie_ack = 1; | ||
| 3362 | break; | ||
| 3363 | } | ||
| 3364 | } | ||
| 3365 | } | ||
| 3366 | |||
| 3349 | /* Report violation if chunk len overflows */ | 3367 | /* Report violation if chunk len overflows */ |
| 3350 | ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length)); | 3368 | ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length)); |
| 3351 | if (ch_end > skb_tail_pointer(skb)) | 3369 | if (ch_end > skb_tail_pointer(skb)) |
| @@ -3357,6 +3375,8 @@ sctp_disposition_t sctp_sf_ootb(const struct sctp_endpoint *ep, | |||
| 3357 | 3375 | ||
| 3358 | if (ootb_shut_ack) | 3376 | if (ootb_shut_ack) |
| 3359 | return sctp_sf_shut_8_4_5(ep, asoc, type, arg, commands); | 3377 | return sctp_sf_shut_8_4_5(ep, asoc, type, arg, commands); |
| 3378 | else if (ootb_cookie_ack) | ||
| 3379 | return sctp_sf_pdiscard(ep, asoc, type, arg, commands); | ||
| 3360 | else | 3380 | else |
| 3361 | return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); | 3381 | return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); |
| 3362 | } | 3382 | } |
| @@ -4343,8 +4363,9 @@ static sctp_disposition_t sctp_sf_violation_chunklen( | |||
| 4343 | 4363 | ||
| 4344 | /* | 4364 | /* |
| 4345 | * Handle a protocol violation when the parameter length is invalid. | 4365 | * Handle a protocol violation when the parameter length is invalid. |
| 4346 | * "Invalid" length is identified as smaller than the minimal length a | 4366 | * If the length is smaller than the minimum length of a given parameter, |
| 4347 | * given parameter can be. | 4367 | * or accumulated length in multi parameters exceeds the end of the chunk, |
| 4368 | * the length is considered as invalid. | ||
| 4348 | */ | 4369 | */ |
| 4349 | static sctp_disposition_t sctp_sf_violation_paramlen( | 4370 | static sctp_disposition_t sctp_sf_violation_paramlen( |
| 4350 | const struct sctp_endpoint *ep, | 4371 | const struct sctp_endpoint *ep, |
| @@ -5056,6 +5077,30 @@ sctp_disposition_t sctp_sf_ignore_primitive( | |||
| 5056 | ***************************************************************************/ | 5077 | ***************************************************************************/ |
| 5057 | 5078 | ||
| 5058 | /* | 5079 | /* |
| 5080 | * When the SCTP stack has no more user data to send or retransmit, this | ||
| 5081 | * notification is given to the user. Also, at the time when a user app | ||
| 5082 | * subscribes to this event, if there is no data to be sent or | ||
| 5083 | * retransmit, the stack will immediately send up this notification. | ||
| 5084 | */ | ||
| 5085 | sctp_disposition_t sctp_sf_do_no_pending_tsn( | ||
| 5086 | const struct sctp_endpoint *ep, | ||
| 5087 | const struct sctp_association *asoc, | ||
| 5088 | const sctp_subtype_t type, | ||
| 5089 | void *arg, | ||
| 5090 | sctp_cmd_seq_t *commands) | ||
| 5091 | { | ||
| 5092 | struct sctp_ulpevent *event; | ||
| 5093 | |||
| 5094 | event = sctp_ulpevent_make_sender_dry_event(asoc, GFP_ATOMIC); | ||
| 5095 | if (!event) | ||
| 5096 | return SCTP_DISPOSITION_NOMEM; | ||
| 5097 | |||
| 5098 | sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(event)); | ||
| 5099 | |||
| 5100 | return SCTP_DISPOSITION_CONSUME; | ||
| 5101 | } | ||
| 5102 | |||
| 5103 | /* | ||
| 5059 | * Start the shutdown negotiation. | 5104 | * Start the shutdown negotiation. |
| 5060 | * | 5105 | * |
| 5061 | * From Section 9.2: | 5106 | * From Section 9.2: |