Commit | Line | Data |
---|---|---|
8e8caf97 | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
60c778b2 | 2 | /* SCTP kernel implementation |
1da177e4 LT |
3 | * Copyright (c) 1999-2000 Cisco, Inc. |
4 | * Copyright (c) 1999-2001 Motorola, Inc. | |
5 | * Copyright (c) 2001-2002 International Business Machines, Corp. | |
6 | * Copyright (c) 2001 Intel Corp. | |
7 | * Copyright (c) 2001 Nokia, Inc. | |
8 | * Copyright (c) 2001 La Monte H.P. Yarroll | |
9 | * | |
60c778b2 | 10 | * This file is part of the SCTP kernel implementation |
1da177e4 LT |
11 | * |
12 | * This abstraction represents an SCTP endpoint. | |
13 | * | |
1da177e4 LT |
14 | * Please send any bug reports or fixes you make to the |
15 | * email address(es): | |
91705c61 | 16 | * lksctp developers <linux-sctp@vger.kernel.org> |
1da177e4 | 17 | * |
1da177e4 LT |
18 | * Written or modified by: |
19 | * La Monte H.P. Yarroll <piggy@acm.org> | |
20 | * Karl Knutson <karl@athena.chicago.il.us> | |
21 | * Jon Grimm <jgrimm@austin.ibm.com> | |
22 | * Daisy Chang <daisyc@us.ibm.com> | |
23 | * Dajiang Zhang <dajiang.zhang@nokia.com> | |
1da177e4 LT |
24 | */ |
25 | ||
26 | #include <linux/types.h> | |
1da177e4 LT |
27 | #include <linux/slab.h> |
28 | #include <linux/in.h> | |
29 | #include <linux/random.h> /* get_random_bytes() */ | |
1da177e4 LT |
30 | #include <net/sock.h> |
31 | #include <net/ipv6.h> | |
32 | #include <net/sctp/sctp.h> | |
33 | #include <net/sctp/sm.h> | |
34 | ||
35 | /* Forward declarations for internal helpers. */ | |
c4028958 | 36 | static void sctp_endpoint_bh_rcv(struct work_struct *work); |
1da177e4 LT |
37 | |
38 | /* | |
39 | * Initialize the base fields of the endpoint structure. | |
40 | */ | |
41 | static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep, | |
3182cd84 | 42 | struct sock *sk, |
dd0fc66f | 43 | gfp_t gfp) |
1da177e4 | 44 | { |
e1fc3b14 | 45 | struct net *net = sock_net(sk); |
a29a5bd4 VY |
46 | struct sctp_hmac_algo_param *auth_hmacs = NULL; |
47 | struct sctp_chunks_param *auth_chunks = NULL; | |
48 | struct sctp_shared_key *null_key; | |
49 | int err; | |
50 | ||
b68dbcab VY |
51 | ep->digest = kzalloc(SCTP_SIGNATURE_SIZE, gfp); |
52 | if (!ep->digest) | |
53 | return NULL; | |
54 | ||
b14878cc VY |
55 | ep->auth_enable = net->sctp.auth_enable; |
56 | if (ep->auth_enable) { | |
a29a5bd4 VY |
57 | /* Allocate space for HMACS and CHUNKS authentication |
58 | * variables. There are arrays that we encode directly | |
59 | * into parameters to make the rest of the operations easier. | |
60 | */ | |
acafe7e3 KC |
61 | auth_hmacs = kzalloc(struct_size(auth_hmacs, hmac_ids, |
62 | SCTP_AUTH_NUM_HMACS), gfp); | |
a29a5bd4 VY |
63 | if (!auth_hmacs) |
64 | goto nomem; | |
65 | ||
a762a9d9 XL |
66 | auth_chunks = kzalloc(sizeof(*auth_chunks) + |
67 | SCTP_NUM_CHUNK_TYPES, gfp); | |
a29a5bd4 VY |
68 | if (!auth_chunks) |
69 | goto nomem; | |
70 | ||
71 | /* Initialize the HMACS parameter. | |
72 | * SCTP-AUTH: Section 3.3 | |
73 | * Every endpoint supporting SCTP chunk authentication MUST | |
74 | * support the HMAC based on the SHA-1 algorithm. | |
75 | */ | |
76 | auth_hmacs->param_hdr.type = SCTP_PARAM_HMAC_ALGO; | |
77 | auth_hmacs->param_hdr.length = | |
3c918704 | 78 | htons(sizeof(struct sctp_paramhdr) + 2); |
a29a5bd4 VY |
79 | auth_hmacs->hmac_ids[0] = htons(SCTP_AUTH_HMAC_ID_SHA1); |
80 | ||
81 | /* Initialize the CHUNKS parameter */ | |
82 | auth_chunks->param_hdr.type = SCTP_PARAM_CHUNKS; | |
3c918704 XL |
83 | auth_chunks->param_hdr.length = |
84 | htons(sizeof(struct sctp_paramhdr)); | |
a29a5bd4 VY |
85 | |
86 | /* If the Add-IP functionality is enabled, we must | |
87 | * authenticate, ASCONF and ASCONF-ACK chunks | |
88 | */ | |
e1fc3b14 | 89 | if (net->sctp.addip_enable) { |
a29a5bd4 VY |
90 | auth_chunks->chunks[0] = SCTP_CID_ASCONF; |
91 | auth_chunks->chunks[1] = SCTP_CID_ASCONF_ACK; | |
cb0dc77d | 92 | auth_chunks->param_hdr.length = |
3c918704 | 93 | htons(sizeof(struct sctp_paramhdr) + 2); |
a29a5bd4 | 94 | } |
60208f79 XL |
95 | |
96 | /* Allocate and initialize transorms arrays for supported | |
97 | * HMACs. | |
98 | */ | |
99 | err = sctp_auth_init_hmacs(ep, gfp); | |
100 | if (err) | |
101 | goto nomem; | |
a29a5bd4 VY |
102 | } |
103 | ||
1da177e4 LT |
104 | /* Initialize the base structure. */ |
105 | /* What type of endpoint are we? */ | |
106 | ep->base.type = SCTP_EP_TYPE_SOCKET; | |
107 | ||
108 | /* Initialize the basic object fields. */ | |
c638457a | 109 | refcount_set(&ep->base.refcnt, 1); |
0022d2dd | 110 | ep->base.dead = false; |
1da177e4 LT |
111 | |
112 | /* Create an input queue. */ | |
113 | sctp_inq_init(&ep->base.inqueue); | |
114 | ||
115 | /* Set its top-half handler */ | |
c4028958 | 116 | sctp_inq_set_th_handler(&ep->base.inqueue, sctp_endpoint_bh_rcv); |
1da177e4 LT |
117 | |
118 | /* Initialize the bind addr area */ | |
119 | sctp_bind_addr_init(&ep->base.bind_addr, 0); | |
1da177e4 LT |
120 | |
121 | /* Remember who we are attached to. */ | |
122 | ep->base.sk = sk; | |
123 | sock_hold(ep->base.sk); | |
124 | ||
125 | /* Create the lists of associations. */ | |
126 | INIT_LIST_HEAD(&ep->asocs); | |
127 | ||
1da177e4 | 128 | /* Use SCTP specific send buffer space queues. */ |
e1fc3b14 | 129 | ep->sndbuf_policy = net->sctp.sndbuf_policy; |
4d93df0a | 130 | |
561b1733 | 131 | sk->sk_data_ready = sctp_data_ready; |
1da177e4 LT |
132 | sk->sk_write_space = sctp_write_space; |
133 | sock_set_flag(sk, SOCK_USE_WRITE_QUEUE); | |
134 | ||
049b3ff5 | 135 | /* Get the receive buffer policy for this endpoint */ |
e1fc3b14 | 136 | ep->rcvbuf_policy = net->sctp.rcvbuf_policy; |
049b3ff5 | 137 | |
1da177e4 | 138 | /* Initialize the secret key used with cookie. */ |
570617e7 | 139 | get_random_bytes(ep->secret_key, sizeof(ep->secret_key)); |
1da177e4 | 140 | |
a29a5bd4 VY |
141 | /* SCTP-AUTH extensions*/ |
142 | INIT_LIST_HEAD(&ep->endpoint_shared_keys); | |
81ce0dbc | 143 | null_key = sctp_auth_shkey_create(0, gfp); |
a29a5bd4 | 144 | if (!null_key) |
60208f79 | 145 | goto nomem_shkey; |
a29a5bd4 VY |
146 | |
147 | list_add(&null_key->key_list, &ep->endpoint_shared_keys); | |
148 | ||
a29a5bd4 VY |
149 | /* Add the null key to the endpoint shared keys list and |
150 | * set the hmcas and chunks pointers. | |
151 | */ | |
152 | ep->auth_hmacs_list = auth_hmacs; | |
153 | ep->auth_chunk_list = auth_chunks; | |
28aa4c26 | 154 | ep->prsctp_enable = net->sctp.prsctp_enable; |
c28445c3 | 155 | ep->reconf_enable = net->sctp.reconf_enable; |
a29a5bd4 | 156 | |
1da177e4 | 157 | return ep; |
a29a5bd4 | 158 | |
60208f79 XL |
159 | nomem_shkey: |
160 | sctp_auth_destroy_hmacs(ep->auth_hmacs); | |
a29a5bd4 VY |
161 | nomem: |
162 | /* Free all allocations */ | |
163 | kfree(auth_hmacs); | |
164 | kfree(auth_chunks); | |
165 | kfree(ep->digest); | |
166 | return NULL; | |
167 | ||
1da177e4 LT |
168 | } |
169 | ||
170 | /* Create a sctp_endpoint with all that boring stuff initialized. | |
171 | * Returns NULL if there isn't enough memory. | |
172 | */ | |
dd0fc66f | 173 | struct sctp_endpoint *sctp_endpoint_new(struct sock *sk, gfp_t gfp) |
1da177e4 LT |
174 | { |
175 | struct sctp_endpoint *ep; | |
176 | ||
177 | /* Build a local endpoint. */ | |
939cfa75 | 178 | ep = kzalloc(sizeof(*ep), gfp); |
1da177e4 LT |
179 | if (!ep) |
180 | goto fail; | |
939cfa75 | 181 | |
1da177e4 LT |
182 | if (!sctp_endpoint_init(ep, sk, gfp)) |
183 | goto fail_init; | |
ff2266cd | 184 | |
1da177e4 LT |
185 | SCTP_DBG_OBJCNT_INC(ep); |
186 | return ep; | |
187 | ||
188 | fail_init: | |
189 | kfree(ep); | |
190 | fail: | |
191 | return NULL; | |
192 | } | |
193 | ||
194 | /* Add an association to an endpoint. */ | |
195 | void sctp_endpoint_add_asoc(struct sctp_endpoint *ep, | |
196 | struct sctp_association *asoc) | |
197 | { | |
198 | struct sock *sk = ep->base.sk; | |
199 | ||
de76e695 VY |
200 | /* If this is a temporary association, don't bother |
201 | * since we'll be removing it shortly and don't | |
202 | * want anyone to find it anyway. | |
203 | */ | |
204 | if (asoc->temp) | |
205 | return; | |
206 | ||
1da177e4 LT |
207 | /* Now just add it to our list of asocs */ |
208 | list_add_tail(&asoc->asocs, &ep->asocs); | |
209 | ||
210 | /* Increment the backlog value for a TCP-style listening socket. */ | |
211 | if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING)) | |
212 | sk->sk_ack_backlog++; | |
213 | } | |
214 | ||
215 | /* Free the endpoint structure. Delay cleanup until | |
216 | * all users have released their reference count on this structure. | |
217 | */ | |
218 | void sctp_endpoint_free(struct sctp_endpoint *ep) | |
219 | { | |
0022d2dd | 220 | ep->base.dead = true; |
cfdeef32 | 221 | |
cbabf463 | 222 | inet_sk_set_state(ep->base.sk, SCTP_SS_CLOSED); |
cfdeef32 VY |
223 | |
224 | /* Unlink this endpoint, so we can't find it again! */ | |
225 | sctp_unhash_endpoint(ep); | |
226 | ||
1da177e4 LT |
227 | sctp_endpoint_put(ep); |
228 | } | |
229 | ||
230 | /* Final destructor for endpoint. */ | |
231 | static void sctp_endpoint_destroy(struct sctp_endpoint *ep) | |
232 | { | |
0a2fbac1 | 233 | struct sock *sk; |
1da177e4 | 234 | |
bb33381d DB |
235 | if (unlikely(!ep->base.dead)) { |
236 | WARN(1, "Attempt to destroy undead endpoint %p!\n", ep); | |
237 | return; | |
238 | } | |
1da177e4 | 239 | |
b68dbcab VY |
240 | /* Free the digest buffer */ |
241 | kfree(ep->digest); | |
242 | ||
a29a5bd4 VY |
243 | /* SCTP-AUTH: Free up AUTH releated data such as shared keys |
244 | * chunks and hmacs arrays that were allocated | |
245 | */ | |
246 | sctp_auth_destroy_keys(&ep->endpoint_shared_keys); | |
247 | kfree(ep->auth_hmacs_list); | |
248 | kfree(ep->auth_chunk_list); | |
249 | ||
250 | /* AUTH - Free any allocated HMAC transform containers */ | |
251 | sctp_auth_destroy_hmacs(ep->auth_hmacs); | |
252 | ||
1da177e4 LT |
253 | /* Cleanup. */ |
254 | sctp_inq_free(&ep->base.inqueue); | |
255 | sctp_bind_addr_free(&ep->base.bind_addr); | |
256 | ||
570617e7 | 257 | memset(ep->secret_key, 0, sizeof(ep->secret_key)); |
b5c37fe6 | 258 | |
0a2fbac1 | 259 | sk = ep->base.sk; |
7f304b9e XL |
260 | /* Remove and free the port */ |
261 | if (sctp_sk(sk)->bind_hash) | |
262 | sctp_put_port(sk); | |
0a2fbac1 | 263 | |
7f304b9e XL |
264 | sctp_sk(sk)->ep = NULL; |
265 | /* Give up our hold on the sock */ | |
266 | sock_put(sk); | |
1da177e4 | 267 | |
ff2266cd DB |
268 | kfree(ep); |
269 | SCTP_DBG_OBJCNT_DEC(ep); | |
1da177e4 LT |
270 | } |
271 | ||
272 | /* Hold a reference to an endpoint. */ | |
273 | void sctp_endpoint_hold(struct sctp_endpoint *ep) | |
274 | { | |
c638457a | 275 | refcount_inc(&ep->base.refcnt); |
1da177e4 LT |
276 | } |
277 | ||
278 | /* Release a reference to an endpoint and clean up if there are | |
279 | * no more references. | |
280 | */ | |
281 | void sctp_endpoint_put(struct sctp_endpoint *ep) | |
282 | { | |
c638457a | 283 | if (refcount_dec_and_test(&ep->base.refcnt)) |
1da177e4 LT |
284 | sctp_endpoint_destroy(ep); |
285 | } | |
286 | ||
287 | /* Is this the endpoint we are looking for? */ | |
288 | struct sctp_endpoint *sctp_endpoint_is_match(struct sctp_endpoint *ep, | |
4cdadcbc | 289 | struct net *net, |
1da177e4 LT |
290 | const union sctp_addr *laddr) |
291 | { | |
559cf710 | 292 | struct sctp_endpoint *retval = NULL; |
1da177e4 | 293 | |
4cdadcbc EB |
294 | if ((htons(ep->base.bind_addr.port) == laddr->v4.sin_port) && |
295 | net_eq(sock_net(ep->base.sk), net)) { | |
1da177e4 | 296 | if (sctp_bind_addr_match(&ep->base.bind_addr, laddr, |
559cf710 | 297 | sctp_sk(ep->base.sk))) |
1da177e4 | 298 | retval = ep; |
1da177e4 LT |
299 | } |
300 | ||
1da177e4 LT |
301 | return retval; |
302 | } | |
303 | ||
304 | /* Find the association that goes with this chunk. | |
4f008781 XL |
305 | * We lookup the transport from hashtable at first, then get association |
306 | * through t->assoc. | |
1da177e4 | 307 | */ |
c79c0666 | 308 | struct sctp_association *sctp_endpoint_lookup_assoc( |
1da177e4 LT |
309 | const struct sctp_endpoint *ep, |
310 | const union sctp_addr *paddr, | |
311 | struct sctp_transport **transport) | |
312 | { | |
123ed979 | 313 | struct sctp_association *asoc = NULL; |
4f008781 | 314 | struct sctp_transport *t; |
1da177e4 | 315 | |
123ed979 | 316 | *transport = NULL; |
deb85a6e VY |
317 | |
318 | /* If the local port is not set, there can't be any associations | |
319 | * on this endpoint. | |
320 | */ | |
321 | if (!ep->base.bind_addr.port) | |
5cb2cd68 XL |
322 | return NULL; |
323 | ||
324 | rcu_read_lock(); | |
4f008781 | 325 | t = sctp_epaddr_lookup_transport(ep, paddr); |
dd7445ad | 326 | if (!t) |
4f008781 | 327 | goto out; |
deb85a6e | 328 | |
4f008781 XL |
329 | *transport = t; |
330 | asoc = t->asoc; | |
deb85a6e | 331 | out: |
5cb2cd68 | 332 | rcu_read_unlock(); |
123ed979 | 333 | return asoc; |
1da177e4 LT |
334 | } |
335 | ||
1da177e4 LT |
336 | /* Look for any peeled off association from the endpoint that matches the |
337 | * given peer address. | |
338 | */ | |
53066538 XL |
339 | bool sctp_endpoint_is_peeled_off(struct sctp_endpoint *ep, |
340 | const union sctp_addr *paddr) | |
1da177e4 | 341 | { |
1da177e4 LT |
342 | struct sctp_sockaddr_entry *addr; |
343 | struct sctp_bind_addr *bp; | |
4110cc25 | 344 | struct net *net = sock_net(ep->base.sk); |
1da177e4 | 345 | |
1da177e4 | 346 | bp = &ep->base.bind_addr; |
559cf710 VY |
347 | /* This function is called with the socket lock held, |
348 | * so the address_list can not change. | |
349 | */ | |
350 | list_for_each_entry(addr, &bp->address_list, list) { | |
4110cc25 | 351 | if (sctp_has_association(net, &addr->a, paddr)) |
53066538 | 352 | return true; |
1da177e4 | 353 | } |
1da177e4 | 354 | |
53066538 | 355 | return false; |
1da177e4 LT |
356 | } |
357 | ||
358 | /* Do delayed input processing. This is scheduled by sctp_rcv(). | |
359 | * This may be called on BH or task time. | |
360 | */ | |
c4028958 | 361 | static void sctp_endpoint_bh_rcv(struct work_struct *work) |
1da177e4 | 362 | { |
c4028958 DH |
363 | struct sctp_endpoint *ep = |
364 | container_of(work, struct sctp_endpoint, | |
365 | base.inqueue.immediate); | |
1da177e4 LT |
366 | struct sctp_association *asoc; |
367 | struct sock *sk; | |
55e26eb9 | 368 | struct net *net; |
1da177e4 LT |
369 | struct sctp_transport *transport; |
370 | struct sctp_chunk *chunk; | |
371 | struct sctp_inq *inqueue; | |
bfc6f827 | 372 | union sctp_subtype subtype; |
52106019 | 373 | enum sctp_state state; |
1da177e4 | 374 | int error = 0; |
42b2aa86 | 375 | int first_time = 1; /* is this the first time through the loop */ |
1da177e4 LT |
376 | |
377 | if (ep->base.dead) | |
378 | return; | |
379 | ||
380 | asoc = NULL; | |
381 | inqueue = &ep->base.inqueue; | |
382 | sk = ep->base.sk; | |
55e26eb9 | 383 | net = sock_net(sk); |
1da177e4 LT |
384 | |
385 | while (NULL != (chunk = sctp_inq_pop(inqueue))) { | |
386 | subtype = SCTP_ST_CHUNK(chunk->chunk_hdr->type); | |
387 | ||
bbd0d598 VY |
388 | /* If the first chunk in the packet is AUTH, do special |
389 | * processing specified in Section 6.3 of SCTP-AUTH spec | |
390 | */ | |
391 | if (first_time && (subtype.chunk == SCTP_CID_AUTH)) { | |
392 | struct sctp_chunkhdr *next_hdr; | |
393 | ||
394 | next_hdr = sctp_inq_peek(inqueue); | |
395 | if (!next_hdr) | |
396 | goto normal; | |
397 | ||
398 | /* If the next chunk is COOKIE-ECHO, skip the AUTH | |
399 | * chunk while saving a pointer to it so we can do | |
400 | * Authentication later (during cookie-echo | |
401 | * processing). | |
402 | */ | |
403 | if (next_hdr->type == SCTP_CID_COOKIE_ECHO) { | |
404 | chunk->auth_chunk = skb_clone(chunk->skb, | |
405 | GFP_ATOMIC); | |
406 | chunk->auth = 1; | |
407 | continue; | |
408 | } | |
409 | } | |
410 | normal: | |
1da177e4 LT |
411 | /* We might have grown an association since last we |
412 | * looked, so try again. | |
413 | * | |
414 | * This happens when we've just processed our | |
415 | * COOKIE-ECHO chunk. | |
416 | */ | |
417 | if (NULL == chunk->asoc) { | |
418 | asoc = sctp_endpoint_lookup_assoc(ep, | |
419 | sctp_source(chunk), | |
420 | &transport); | |
421 | chunk->asoc = asoc; | |
422 | chunk->transport = transport; | |
423 | } | |
424 | ||
425 | state = asoc ? asoc->state : SCTP_STATE_CLOSED; | |
bbd0d598 VY |
426 | if (sctp_auth_recv_cid(subtype.chunk, asoc) && !chunk->auth) |
427 | continue; | |
1da177e4 LT |
428 | |
429 | /* Remember where the last DATA chunk came from so we | |
430 | * know where to send the SACK. | |
431 | */ | |
432 | if (asoc && sctp_chunk_is_data(chunk)) | |
433 | asoc->peer.last_data_from = chunk->transport; | |
196d6759 | 434 | else { |
b01a2407 | 435 | SCTP_INC_STATS(sock_net(ep->base.sk), SCTP_MIB_INCTRLCHUNKS); |
196d6759 MB |
436 | if (asoc) |
437 | asoc->stats.ictrlchunks++; | |
438 | } | |
1da177e4 LT |
439 | |
440 | if (chunk->transport) | |
e575235f | 441 | chunk->transport->last_time_heard = ktime_get(); |
1da177e4 | 442 | |
55e26eb9 | 443 | error = sctp_do_sm(net, SCTP_EVENT_T_CHUNK, subtype, state, |
d808ad9a | 444 | ep, asoc, chunk, GFP_ATOMIC); |
1da177e4 LT |
445 | |
446 | if (error && chunk) | |
447 | chunk->pdiscard = 1; | |
448 | ||
449 | /* Check to see if the endpoint is freed in response to | |
450 | * the incoming chunk. If so, get out of the while loop. | |
451 | */ | |
452 | if (!sctp_sk(sk)->ep) | |
453 | break; | |
bbd0d598 VY |
454 | |
455 | if (first_time) | |
456 | first_time = 0; | |
1da177e4 LT |
457 | } |
458 | } |