1 /* SCTP kernel reference Implementation
2 * (C) Copyright IBM Corp. 2001, 2004
3 * Copyright (c) 1999-2000 Cisco, Inc.
4 * Copyright (c) 1999-2001 Motorola, Inc.
5 * Copyright (c) 2001-2002 Intel Corp.
6 * Copyright (c) 2002 Nokia Corp.
8 * This file is part of the SCTP kernel reference Implementation
10 * This is part of the SCTP Linux Kernel Reference Implementation.
12 * These are the state functions for the state machine.
14 * The SCTP reference implementation is free software;
15 * you can redistribute it and/or modify it under the terms of
16 * the GNU General Public License as published by
17 * the Free Software Foundation; either version 2, or (at your option)
20 * The SCTP reference implementation is distributed in the hope that it
21 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
22 * ************************
23 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
24 * See the GNU General Public License for more details.
26 * You should have received a copy of the GNU General Public License
27 * along with GNU CC; see the file COPYING. If not, write to
28 * the Free Software Foundation, 59 Temple Place - Suite 330,
29 * Boston, MA 02111-1307, USA.
31 * Please send any bug reports or fixes you make to the
33 * lksctp developers <lksctp-developers@lists.sourceforge.net>
35 * Or submit a bug report through the following website:
36 * http://www.sf.net/projects/lksctp
38 * Written or modified by:
39 * La Monte H.P. Yarroll <piggy@acm.org>
40 * Karl Knutson <karl@athena.chicago.il.us>
41 * Mathew Kotowsky <kotowsky@sctp.org>
42 * Sridhar Samudrala <samudrala@us.ibm.com>
43 * Jon Grimm <jgrimm@us.ibm.com>
44 * Hui Huang <hui.huang@nokia.com>
45 * Dajiang Zhang <dajiang.zhang@nokia.com>
46 * Daisy Chang <daisyc@us.ibm.com>
47 * Ardelle Fan <ardelle.fan@intel.com>
48 * Ryan Layer <rmlayer@us.ibm.com>
49 * Kevin Gao <kevin.gao@intel.com>
51 * Any bugs reported given to us we will try to fix... any fixes shared will
52 * be incorporated into the next SCTP release.
55 #include <linux/types.h>
56 #include <linux/kernel.h>
58 #include <linux/ipv6.h>
59 #include <linux/net.h>
60 #include <linux/inet.h>
62 #include <net/inet_ecn.h>
63 #include <linux/skbuff.h>
64 #include <net/sctp/sctp.h>
65 #include <net/sctp/sm.h>
66 #include <net/sctp/structs.h>
68 static struct sctp_packet *sctp_abort_pkt_new(const struct sctp_endpoint *ep,
69 const struct sctp_association *asoc,
70 struct sctp_chunk *chunk,
73 static int sctp_eat_data(const struct sctp_association *asoc,
74 struct sctp_chunk *chunk,
75 sctp_cmd_seq_t *commands);
76 static struct sctp_packet *sctp_ootb_pkt_new(const struct sctp_association *asoc,
77 const struct sctp_chunk *chunk);
78 static void sctp_send_stale_cookie_err(const struct sctp_endpoint *ep,
79 const struct sctp_association *asoc,
80 const struct sctp_chunk *chunk,
81 sctp_cmd_seq_t *commands,
82 struct sctp_chunk *err_chunk);
83 static sctp_disposition_t sctp_sf_do_5_2_6_stale(const struct sctp_endpoint *ep,
84 const struct sctp_association *asoc,
85 const sctp_subtype_t type,
87 sctp_cmd_seq_t *commands);
88 static sctp_disposition_t sctp_sf_shut_8_4_5(const struct sctp_endpoint *ep,
89 const struct sctp_association *asoc,
90 const sctp_subtype_t type,
92 sctp_cmd_seq_t *commands);
93 static struct sctp_sackhdr *sctp_sm_pull_sack(struct sctp_chunk *chunk);
96 /* Small helper function that checks if the chunk length
97 * is of the appropriate length. The 'required_length' argument
98 * is set to be the size of a specific chunk we are testing.
99 * Return Values: 1 = Valid length
104 sctp_chunk_length_valid(struct sctp_chunk *chunk,
105 __u16 required_length)
107 __u16 chunk_length = ntohs(chunk->chunk_hdr->length);
109 if (unlikely(chunk_length < required_length))
115 /**********************************************************
116 * These are the state functions for handling chunk events.
117 **********************************************************/
120 * Process the final SHUTDOWN COMPLETE.
122 * Section: 4 (C) (diagram), 9.2
123 * Upon reception of the SHUTDOWN COMPLETE chunk the endpoint will verify
124 * that it is in SHUTDOWN-ACK-SENT state, if it is not the chunk should be
125 * discarded. If the endpoint is in the SHUTDOWN-ACK-SENT state the endpoint
126 * should stop the T2-shutdown timer and remove all knowledge of the
127 * association (and thus the association enters the CLOSED state).
129 * Verification Tag: 8.5.1(C)
130 * C) Rules for packet carrying SHUTDOWN COMPLETE:
132 * - The receiver of a SHUTDOWN COMPLETE shall accept the packet if the
133 * Verification Tag field of the packet matches its own tag OR it is
134 * set to its peer's tag and the T bit is set in the Chunk Flags.
135 * Otherwise, the receiver MUST silently discard the packet and take
136 * no further action. An endpoint MUST ignore the SHUTDOWN COMPLETE if
137 * it is not in the SHUTDOWN-ACK-SENT state.
140 * (endpoint, asoc, chunk)
143 * (asoc, reply_msg, msg_up, timers, counters)
145 * The return value is the disposition of the chunk.
147 sctp_disposition_t sctp_sf_do_4_C(const struct sctp_endpoint *ep,
148 const struct sctp_association *asoc,
149 const sctp_subtype_t type,
151 sctp_cmd_seq_t *commands)
153 struct sctp_chunk *chunk = arg;
154 struct sctp_ulpevent *ev;
156 /* RFC 2960 6.10 Bundling
158 * An endpoint MUST NOT bundle INIT, INIT ACK or
159 * SHUTDOWN COMPLETE with any other chunks.
161 if (!chunk->singleton)
162 return SCTP_DISPOSITION_VIOLATION;
164 if (!sctp_vtag_verify_either(chunk, asoc))
165 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
167 /* RFC 2960 10.2 SCTP-to-ULP
169 * H) SHUTDOWN COMPLETE notification
171 * When SCTP completes the shutdown procedures (section 9.2) this
172 * notification is passed to the upper layer.
174 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_SHUTDOWN_COMP,
175 0, 0, 0, GFP_ATOMIC);
179 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
181 /* Upon reception of the SHUTDOWN COMPLETE chunk the endpoint
182 * will verify that it is in SHUTDOWN-ACK-SENT state, if it is
183 * not the chunk should be discarded. If the endpoint is in
184 * the SHUTDOWN-ACK-SENT state the endpoint should stop the
185 * T2-shutdown timer and remove all knowledge of the
186 * association (and thus the association enters the CLOSED
189 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
190 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
192 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
193 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
195 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
196 SCTP_STATE(SCTP_STATE_CLOSED));
198 SCTP_INC_STATS(SctpShutdowns);
199 SCTP_DEC_STATS(SctpCurrEstab);
201 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
203 return SCTP_DISPOSITION_DELETE_TCB;
206 return SCTP_DISPOSITION_NOMEM;
210 * Respond to a normal INIT chunk.
211 * We are the side that is being asked for an association.
213 * Section: 5.1 Normal Establishment of an Association, B
214 * B) "Z" shall respond immediately with an INIT ACK chunk. The
215 * destination IP address of the INIT ACK MUST be set to the source
216 * IP address of the INIT to which this INIT ACK is responding. In
217 * the response, besides filling in other parameters, "Z" must set the
218 * Verification Tag field to Tag_A, and also provide its own
219 * Verification Tag (Tag_Z) in the Initiate Tag field.
221 * Verification Tag: Must be 0.
224 * (endpoint, asoc, chunk)
227 * (asoc, reply_msg, msg_up, timers, counters)
229 * The return value is the disposition of the chunk.
231 sctp_disposition_t sctp_sf_do_5_1B_init(const struct sctp_endpoint *ep,
232 const struct sctp_association *asoc,
233 const sctp_subtype_t type,
235 sctp_cmd_seq_t *commands)
237 struct sctp_chunk *chunk = arg;
238 struct sctp_chunk *repl;
239 struct sctp_association *new_asoc;
240 struct sctp_chunk *err_chunk;
241 struct sctp_packet *packet;
242 sctp_unrecognized_param_t *unk_param;
247 * An endpoint MUST NOT bundle INIT, INIT ACK or
248 * SHUTDOWN COMPLETE with any other chunks.
251 * Furthermore, we require that the receiver of an INIT chunk MUST
252 * enforce these rules by silently discarding an arriving packet
253 * with an INIT chunk that is bundled with other chunks.
255 if (!chunk->singleton)
256 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
258 /* If the packet is an OOTB packet which is temporarily on the
259 * control endpoint, respond with an ABORT.
261 if (ep == sctp_sk((sctp_get_ctl_sock()))->ep)
262 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
265 /* If the endpoint is not listening or if the number of associations
266 * on the TCP-style socket exceed the max backlog, respond with an
269 if (!sctp_sstate(sk, LISTENING) ||
270 (sctp_style(sk, TCP) &&
271 (sk->ack_backlog >= sk->max_ack_backlog)))
272 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
274 /* 3.1 A packet containing an INIT chunk MUST have a zero Verification
277 if (chunk->sctp_hdr->vtag != 0)
278 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
280 /* Make sure that the INIT chunk has a valid length.
281 * Normally, this would cause an ABORT with a Protocol Violation
282 * error, but since we don't have an association, we'll
283 * just discard the packet.
285 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_init_chunk_t)))
286 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
288 /* Verify the INIT chunk before processing it. */
290 if (!sctp_verify_init(asoc, chunk->chunk_hdr->type,
291 (sctp_init_chunk_t *)chunk->chunk_hdr, chunk,
293 /* This chunk contains fatal error. It is to be discarded.
294 * Send an ABORT, with causes if there is any.
297 packet = sctp_abort_pkt_new(ep, asoc, arg,
298 (__u8 *)(err_chunk->chunk_hdr) +
299 sizeof(sctp_chunkhdr_t),
300 ntohs(err_chunk->chunk_hdr->length) -
301 sizeof(sctp_chunkhdr_t));
303 sctp_chunk_free(err_chunk);
306 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
307 SCTP_PACKET(packet));
308 SCTP_INC_STATS(SctpOutCtrlChunks);
309 return SCTP_DISPOSITION_CONSUME;
311 return SCTP_DISPOSITION_NOMEM;
314 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg,
319 /* Grab the INIT header. */
320 chunk->subh.init_hdr = (sctp_inithdr_t *)chunk->skb->data;
322 /* Tag the variable length parameters. */
323 chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t));
325 new_asoc = sctp_make_temp_asoc(ep, chunk, GFP_ATOMIC);
329 /* The call, sctp_process_init(), can fail on memory allocation. */
330 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
332 (sctp_init_chunk_t *)chunk->chunk_hdr,
336 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
338 /* B) "Z" shall respond immediately with an INIT ACK chunk. */
340 /* If there are errors need to be reported for unknown parameters,
341 * make sure to reserve enough room in the INIT ACK for them.
345 len = ntohs(err_chunk->chunk_hdr->length) -
346 sizeof(sctp_chunkhdr_t);
348 if (sctp_assoc_set_bind_addr_from_ep(new_asoc, GFP_ATOMIC) < 0)
351 repl = sctp_make_init_ack(new_asoc, chunk, GFP_ATOMIC, len);
355 /* If there are errors need to be reported for unknown parameters,
356 * include them in the outgoing INIT ACK as "Unrecognized parameter"
360 /* Get the "Unrecognized parameter" parameter(s) out of the
361 * ERROR chunk generated by sctp_verify_init(). Since the
362 * error cause code for "unknown parameter" and the
363 * "Unrecognized parameter" type is the same, we can
364 * construct the parameters in INIT ACK by copying the
367 unk_param = (sctp_unrecognized_param_t *)
368 ((__u8 *)(err_chunk->chunk_hdr) +
369 sizeof(sctp_chunkhdr_t));
370 /* Replace the cause code with the "Unrecognized parameter"
373 sctp_addto_chunk(repl, len, unk_param);
374 sctp_chunk_free(err_chunk);
377 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
380 * Note: After sending out INIT ACK with the State Cookie parameter,
381 * "Z" MUST NOT allocate any resources, nor keep any states for the
382 * new association. Otherwise, "Z" will be vulnerable to resource
385 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
387 return SCTP_DISPOSITION_DELETE_TCB;
391 sctp_chunk_free(err_chunk);
393 sctp_association_free(new_asoc);
395 return SCTP_DISPOSITION_NOMEM;
399 * Respond to a normal INIT ACK chunk.
400 * We are the side that is initiating the association.
402 * Section: 5.1 Normal Establishment of an Association, C
403 * C) Upon reception of the INIT ACK from "Z", "A" shall stop the T1-init
404 * timer and leave COOKIE-WAIT state. "A" shall then send the State
405 * Cookie received in the INIT ACK chunk in a COOKIE ECHO chunk, start
406 * the T1-cookie timer, and enter the COOKIE-ECHOED state.
408 * Note: The COOKIE ECHO chunk can be bundled with any pending outbound
409 * DATA chunks, but it MUST be the first chunk in the packet and
410 * until the COOKIE ACK is returned the sender MUST NOT send any
411 * other packets to the peer.
413 * Verification Tag: 3.3.3
414 * If the value of the Initiate Tag in a received INIT ACK chunk is
415 * found to be 0, the receiver MUST treat it as an error and close the
416 * association by transmitting an ABORT.
419 * (endpoint, asoc, chunk)
422 * (asoc, reply_msg, msg_up, timers, counters)
424 * The return value is the disposition of the chunk.
426 sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
427 const struct sctp_association *asoc,
428 const sctp_subtype_t type,
430 sctp_cmd_seq_t *commands)
432 struct sctp_chunk *chunk = arg;
433 sctp_init_chunk_t *initchunk;
435 struct sctp_chunk *err_chunk;
436 struct sctp_packet *packet;
437 sctp_disposition_t ret;
439 if (!sctp_vtag_verify(chunk, asoc))
440 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
442 /* Make sure that the INIT-ACK chunk has a valid length */
443 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_initack_chunk_t)))
444 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
447 * An endpoint MUST NOT bundle INIT, INIT ACK or
448 * SHUTDOWN COMPLETE with any other chunks.
450 if (!chunk->singleton)
451 return SCTP_DISPOSITION_VIOLATION;
453 /* Grab the INIT header. */
454 chunk->subh.init_hdr = (sctp_inithdr_t *) chunk->skb->data;
456 init_tag = ntohl(chunk->subh.init_hdr->init_tag);
458 /* Verification Tag: 3.3.3
459 * If the value of the Initiate Tag in a received INIT ACK
460 * chunk is found to be 0, the receiver MUST treat it as an
461 * error and close the association by transmitting an ABORT.
464 struct sctp_chunk *reply = sctp_make_abort(asoc, chunk, 0);
468 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
469 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
470 SCTP_STATE(SCTP_STATE_CLOSED));
471 SCTP_INC_STATS(SctpAborteds);
472 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
473 return SCTP_DISPOSITION_DELETE_TCB;
476 /* Verify the INIT chunk before processing it. */
478 if (!sctp_verify_init(asoc, chunk->chunk_hdr->type,
479 (sctp_init_chunk_t *)chunk->chunk_hdr, chunk,
482 SCTP_INC_STATS(SctpAborteds);
484 /* This chunk contains fatal error. It is to be discarded.
485 * Send an ABORT, with causes if there is any.
488 packet = sctp_abort_pkt_new(ep, asoc, arg,
489 (__u8 *)(err_chunk->chunk_hdr) +
490 sizeof(sctp_chunkhdr_t),
491 ntohs(err_chunk->chunk_hdr->length) -
492 sizeof(sctp_chunkhdr_t));
494 sctp_chunk_free(err_chunk);
497 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
498 SCTP_PACKET(packet));
499 SCTP_INC_STATS(SctpOutCtrlChunks);
500 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
501 SCTP_STATE(SCTP_STATE_CLOSED));
502 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB,
504 return SCTP_DISPOSITION_CONSUME;
506 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
507 SCTP_STATE(SCTP_STATE_CLOSED));
508 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB,
510 return SCTP_DISPOSITION_NOMEM;
513 ret = sctp_sf_tabort_8_4_8(ep, asoc, type, arg,
515 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
516 SCTP_STATE(SCTP_STATE_CLOSED));
517 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB,
523 /* Tag the variable length parameters. Note that we never
524 * convert the parameters in an INIT chunk.
526 chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t));
528 initchunk = (sctp_init_chunk_t *) chunk->chunk_hdr;
530 sctp_add_cmd_sf(commands, SCTP_CMD_PEER_INIT,
531 SCTP_PEER_INIT(initchunk));
533 /* 5.1 C) "A" shall stop the T1-init timer and leave
534 * COOKIE-WAIT state. "A" shall then ... start the T1-cookie
535 * timer, and enter the COOKIE-ECHOED state.
537 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
538 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
539 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
540 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
541 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
542 SCTP_STATE(SCTP_STATE_COOKIE_ECHOED));
544 /* 5.1 C) "A" shall then send the State Cookie received in the
545 * INIT ACK chunk in a COOKIE ECHO chunk, ...
547 /* If there is any errors to report, send the ERROR chunk generated
548 * for unknown parameters as well.
550 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_COOKIE_ECHO,
551 SCTP_CHUNK(err_chunk));
553 return SCTP_DISPOSITION_CONSUME;
556 return SCTP_DISPOSITION_NOMEM;
560 * Respond to a normal COOKIE ECHO chunk.
561 * We are the side that is being asked for an association.
563 * Section: 5.1 Normal Establishment of an Association, D
564 * D) Upon reception of the COOKIE ECHO chunk, Endpoint "Z" will reply
565 * with a COOKIE ACK chunk after building a TCB and moving to
566 * the ESTABLISHED state. A COOKIE ACK chunk may be bundled with
567 * any pending DATA chunks (and/or SACK chunks), but the COOKIE ACK
568 * chunk MUST be the first chunk in the packet.
570 * IMPLEMENTATION NOTE: An implementation may choose to send the
571 * Communication Up notification to the SCTP user upon reception
572 * of a valid COOKIE ECHO chunk.
574 * Verification Tag: 8.5.1 Exceptions in Verification Tag Rules
575 * D) Rules for packet carrying a COOKIE ECHO
577 * - When sending a COOKIE ECHO, the endpoint MUST use the value of the
578 * Initial Tag received in the INIT ACK.
580 * - The receiver of a COOKIE ECHO follows the procedures in Section 5.
583 * (endpoint, asoc, chunk)
586 * (asoc, reply_msg, msg_up, timers, counters)
588 * The return value is the disposition of the chunk.
590 sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
591 const struct sctp_association *asoc,
592 const sctp_subtype_t type, void *arg,
593 sctp_cmd_seq_t *commands)
595 struct sctp_chunk *chunk = arg;
596 struct sctp_association *new_asoc;
597 sctp_init_chunk_t *peer_init;
598 struct sctp_chunk *repl;
599 struct sctp_ulpevent *ev;
601 struct sctp_chunk *err_chk_p;
603 /* If the packet is an OOTB packet which is temporarily on the
604 * control endpoint, respond with an ABORT.
606 if (ep == sctp_sk((sctp_get_ctl_sock()))->ep)
607 return sctp_sf_ootb(ep, asoc, type, arg, commands);
609 /* Make sure that the COOKIE_ECHO chunk has a valid length.
610 * In this case, we check that we have enough for at least a
611 * chunk header. More detailed verification is done
612 * in sctp_unpack_cookie().
614 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
615 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
617 /* "Decode" the chunk. We have no optional parameters so we
620 chunk->subh.cookie_hdr =
621 (struct sctp_signed_cookie *)chunk->skb->data;
622 if (!pskb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) -
623 sizeof(sctp_chunkhdr_t)))
626 /* 5.1 D) Upon reception of the COOKIE ECHO chunk, Endpoint
627 * "Z" will reply with a COOKIE ACK chunk after building a TCB
628 * and moving to the ESTABLISHED state.
630 new_asoc = sctp_unpack_cookie(ep, asoc, chunk, GFP_ATOMIC, &error,
634 * If the re-build failed, what is the proper error path
637 * [We should abort the association. --piggy]
640 /* FIXME: Several errors are possible. A bad cookie should
641 * be silently discarded, but think about logging it too.
644 case -SCTP_IERROR_NOMEM:
647 case -SCTP_IERROR_STALE_COOKIE:
648 sctp_send_stale_cookie_err(ep, asoc, chunk, commands,
650 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
652 case -SCTP_IERROR_BAD_SIG:
654 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
658 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
659 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
660 SCTP_STATE(SCTP_STATE_ESTABLISHED));
661 SCTP_INC_STATS(SctpCurrEstab);
662 SCTP_INC_STATS(SctpPassiveEstabs);
663 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
665 if (new_asoc->autoclose)
666 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
667 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
669 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
671 /* Re-build the bind address for the association is done in
672 * the sctp_unpack_cookie() already.
674 /* This is a brand-new association, so these are not yet side
675 * effects--it is safe to run them here.
677 peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
679 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
680 &chunk->subh.cookie_hdr->c.peer_addr,
681 peer_init, GFP_ATOMIC))
684 repl = sctp_make_cookie_ack(new_asoc, chunk);
688 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
690 /* RFC 2960 5.1 Normal Establishment of an Association
692 * D) IMPLEMENTATION NOTE: An implementation may choose to
693 * send the Communication Up notification to the SCTP user
694 * upon reception of a valid COOKIE ECHO chunk.
696 ev = sctp_ulpevent_make_assoc_change(new_asoc, 0, SCTP_COMM_UP, 0,
697 new_asoc->c.sinit_num_ostreams,
698 new_asoc->c.sinit_max_instreams,
703 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
705 /* Sockets API Draft Section 5.3.1.6
706 * When a peer sends a Adaption Layer Indication parameter , SCTP
707 * delivers this notification to inform the application that of the
708 * peers requested adaption layer.
710 if (new_asoc->peer.adaption_ind) {
711 ev = sctp_ulpevent_make_adaption_indication(new_asoc,
716 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
720 return SCTP_DISPOSITION_CONSUME;
723 sctp_chunk_free(repl);
726 sctp_association_free(new_asoc);
728 return SCTP_DISPOSITION_NOMEM;
732 * Respond to a normal COOKIE ACK chunk.
733 * We are the side that is being asked for an association.
735 * RFC 2960 5.1 Normal Establishment of an Association
737 * E) Upon reception of the COOKIE ACK, endpoint "A" will move from the
738 * COOKIE-ECHOED state to the ESTABLISHED state, stopping the T1-cookie
739 * timer. It may also notify its ULP about the successful
740 * establishment of the association with a Communication Up
741 * notification (see Section 10).
745 * (endpoint, asoc, chunk)
748 * (asoc, reply_msg, msg_up, timers, counters)
750 * The return value is the disposition of the chunk.
752 sctp_disposition_t sctp_sf_do_5_1E_ca(const struct sctp_endpoint *ep,
753 const struct sctp_association *asoc,
754 const sctp_subtype_t type, void *arg,
755 sctp_cmd_seq_t *commands)
757 struct sctp_chunk *chunk = arg;
758 struct sctp_ulpevent *ev;
760 if (!sctp_vtag_verify(chunk, asoc))
761 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
763 /* Verify that the chunk length for the COOKIE-ACK is OK.
764 * If we don't do this, any bundled chunks may be junked.
766 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
767 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
770 /* Reset init error count upon receipt of COOKIE-ACK,
771 * to avoid problems with the managemement of this
772 * counter in stale cookie situations when a transition back
773 * from the COOKIE-ECHOED state to the COOKIE-WAIT
774 * state is performed.
776 sctp_add_cmd_sf(commands, SCTP_CMD_COUNTER_RESET,
777 SCTP_COUNTER(SCTP_COUNTER_INIT_ERROR));
779 /* RFC 2960 5.1 Normal Establishment of an Association
781 * E) Upon reception of the COOKIE ACK, endpoint "A" will move
782 * from the COOKIE-ECHOED state to the ESTABLISHED state,
783 * stopping the T1-cookie timer.
785 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
786 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
787 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
788 SCTP_STATE(SCTP_STATE_ESTABLISHED));
789 SCTP_INC_STATS(SctpCurrEstab);
790 SCTP_INC_STATS(SctpActiveEstabs);
791 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
793 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
794 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
795 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
797 /* It may also notify its ULP about the successful
798 * establishment of the association with a Communication Up
799 * notification (see Section 10).
801 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_COMM_UP,
802 0, asoc->c.sinit_num_ostreams,
803 asoc->c.sinit_max_instreams,
809 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
811 /* Sockets API Draft Section 5.3.1.6
812 * When a peer sends a Adaption Layer Indication parameter , SCTP
813 * delivers this notification to inform the application that of the
814 * peers requested adaption layer.
816 if (asoc->peer.adaption_ind) {
817 ev = sctp_ulpevent_make_adaption_indication(asoc, GFP_ATOMIC);
821 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
825 return SCTP_DISPOSITION_CONSUME;
827 return SCTP_DISPOSITION_NOMEM;
830 /* Generate and sendout a heartbeat packet. */
831 static sctp_disposition_t sctp_sf_heartbeat(const struct sctp_endpoint *ep,
832 const struct sctp_association *asoc,
833 const sctp_subtype_t type,
835 sctp_cmd_seq_t *commands)
837 struct sctp_transport *transport = (struct sctp_transport *) arg;
838 struct sctp_chunk *reply;
839 sctp_sender_hb_info_t hbinfo;
842 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO;
843 hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t));
844 hbinfo.daddr = transport->ipaddr;
845 hbinfo.sent_at = jiffies;
847 /* Send a heartbeat to our peer. */
848 paylen = sizeof(sctp_sender_hb_info_t);
849 reply = sctp_make_heartbeat(asoc, transport, &hbinfo, paylen);
851 return SCTP_DISPOSITION_NOMEM;
853 /* Set rto_pending indicating that an RTT measurement
854 * is started with this heartbeat chunk.
856 sctp_add_cmd_sf(commands, SCTP_CMD_RTO_PENDING,
857 SCTP_TRANSPORT(transport));
859 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
860 return SCTP_DISPOSITION_CONSUME;
863 /* Generate a HEARTBEAT packet on the given transport. */
864 sctp_disposition_t sctp_sf_sendbeat_8_3(const struct sctp_endpoint *ep,
865 const struct sctp_association *asoc,
866 const sctp_subtype_t type,
868 sctp_cmd_seq_t *commands)
870 struct sctp_transport *transport = (struct sctp_transport *) arg;
872 if (asoc->overall_error_count > asoc->max_retrans) {
873 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
874 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
875 SCTP_U32(SCTP_ERROR_NO_ERROR));
876 SCTP_INC_STATS(SctpAborteds);
877 SCTP_DEC_STATS(SctpCurrEstab);
878 return SCTP_DISPOSITION_DELETE_TCB;
882 * The Sender-specific Heartbeat Info field should normally include
883 * information about the sender's current time when this HEARTBEAT
884 * chunk is sent and the destination transport address to which this
885 * HEARTBEAT is sent (see Section 8.3).
888 if (transport->hb_allowed) {
889 if (SCTP_DISPOSITION_NOMEM ==
890 sctp_sf_heartbeat(ep, asoc, type, arg,
892 return SCTP_DISPOSITION_NOMEM;
893 /* Set transport error counter and association error counter
894 * when sending heartbeat.
896 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSPORT_RESET,
897 SCTP_TRANSPORT(transport));
899 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMER_UPDATE,
900 SCTP_TRANSPORT(transport));
902 return SCTP_DISPOSITION_CONSUME;
906 * Process an heartbeat request.
908 * Section: 8.3 Path Heartbeat
909 * The receiver of the HEARTBEAT should immediately respond with a
910 * HEARTBEAT ACK that contains the Heartbeat Information field copied
911 * from the received HEARTBEAT chunk.
913 * Verification Tag: 8.5 Verification Tag [Normal verification]
914 * When receiving an SCTP packet, the endpoint MUST ensure that the
915 * value in the Verification Tag field of the received SCTP packet
916 * matches its own Tag. If the received Verification Tag value does not
917 * match the receiver's own tag value, the receiver shall silently
918 * discard the packet and shall not process it any further except for
919 * those cases listed in Section 8.5.1 below.
922 * (endpoint, asoc, chunk)
925 * (asoc, reply_msg, msg_up, timers, counters)
927 * The return value is the disposition of the chunk.
929 sctp_disposition_t sctp_sf_beat_8_3(const struct sctp_endpoint *ep,
930 const struct sctp_association *asoc,
931 const sctp_subtype_t type,
933 sctp_cmd_seq_t *commands)
935 struct sctp_chunk *chunk = arg;
936 struct sctp_chunk *reply;
939 if (!sctp_vtag_verify(chunk, asoc))
940 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
942 /* Make sure that the HEARTBEAT chunk has a valid length. */
943 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_heartbeat_chunk_t)))
944 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
947 /* 8.3 The receiver of the HEARTBEAT should immediately
948 * respond with a HEARTBEAT ACK that contains the Heartbeat
949 * Information field copied from the received HEARTBEAT chunk.
951 chunk->subh.hb_hdr = (sctp_heartbeathdr_t *) chunk->skb->data;
952 paylen = ntohs(chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
953 if (!pskb_pull(chunk->skb, paylen))
956 reply = sctp_make_heartbeat_ack(asoc, chunk,
957 chunk->subh.hb_hdr, paylen);
961 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
962 return SCTP_DISPOSITION_CONSUME;
965 return SCTP_DISPOSITION_NOMEM;
969 * Process the returning HEARTBEAT ACK.
971 * Section: 8.3 Path Heartbeat
972 * Upon the receipt of the HEARTBEAT ACK, the sender of the HEARTBEAT
973 * should clear the error counter of the destination transport
974 * address to which the HEARTBEAT was sent, and mark the destination
975 * transport address as active if it is not so marked. The endpoint may
976 * optionally report to the upper layer when an inactive destination
977 * address is marked as active due to the reception of the latest
978 * HEARTBEAT ACK. The receiver of the HEARTBEAT ACK must also
979 * clear the association overall error count as well (as defined
982 * The receiver of the HEARTBEAT ACK should also perform an RTT
983 * measurement for that destination transport address using the time
984 * value carried in the HEARTBEAT ACK chunk.
986 * Verification Tag: 8.5 Verification Tag [Normal verification]
989 * (endpoint, asoc, chunk)
992 * (asoc, reply_msg, msg_up, timers, counters)
994 * The return value is the disposition of the chunk.
996 sctp_disposition_t sctp_sf_backbeat_8_3(const struct sctp_endpoint *ep,
997 const struct sctp_association *asoc,
998 const sctp_subtype_t type,
1000 sctp_cmd_seq_t *commands)
1002 struct sctp_chunk *chunk = arg;
1003 union sctp_addr from_addr;
1004 struct sctp_transport *link;
1005 sctp_sender_hb_info_t *hbinfo;
1006 unsigned long max_interval;
1008 if (!sctp_vtag_verify(chunk, asoc))
1009 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1011 /* Make sure that the HEARTBEAT-ACK chunk has a valid length. */
1012 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_heartbeat_chunk_t)))
1013 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
1016 hbinfo = (sctp_sender_hb_info_t *) chunk->skb->data;
1017 from_addr = hbinfo->daddr;
1018 link = sctp_assoc_lookup_paddr(asoc, &from_addr);
1020 /* This should never happen, but lets log it if so. */
1023 "%s: Could not find address %d.%d.%d.%d\n",
1024 __FUNCTION__, NIPQUAD(from_addr.v4.sin_addr));
1025 return SCTP_DISPOSITION_DISCARD;
1028 max_interval = link->hb_interval + link->rto;
1030 /* Check if the timestamp looks valid. */
1031 if (time_after(hbinfo->sent_at, jiffies) ||
1032 time_after(jiffies, hbinfo->sent_at + max_interval)) {
1033 SCTP_DEBUG_PRINTK("%s: HEARTBEAT ACK with invalid timestamp"
1034 "received for transport: %p\n",
1035 __FUNCTION__, link);
1036 return SCTP_DISPOSITION_DISCARD;
1039 /* 8.3 Upon the receipt of the HEARTBEAT ACK, the sender of
1040 * the HEARTBEAT should clear the error counter of the
1041 * destination transport address to which the HEARTBEAT was
1042 * sent and mark the destination transport address as active if
1043 * it is not so marked.
1045 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSPORT_ON, SCTP_TRANSPORT(link));
1047 return SCTP_DISPOSITION_CONSUME;
1050 /* Helper function to send out an abort for the restart
1053 static int sctp_sf_send_restart_abort(union sctp_addr *ssa,
1054 struct sctp_chunk *init,
1055 sctp_cmd_seq_t *commands)
1058 struct sctp_packet *pkt;
1059 union sctp_addr_param *addrparm;
1060 struct sctp_errhdr *errhdr;
1061 struct sctp_endpoint *ep;
1062 char buffer[sizeof(struct sctp_errhdr)+sizeof(union sctp_addr_param)];
1063 struct sctp_af *af = sctp_get_af_specific(ssa->v4.sin_family);
1065 /* Build the error on the stack. We are way to malloc crazy
1066 * throughout the code today.
1068 errhdr = (struct sctp_errhdr *)buffer;
1069 addrparm = (union sctp_addr_param *)errhdr->variable;
1071 /* Copy into a parm format. */
1072 len = af->to_addr_param(ssa, addrparm);
1073 len += sizeof(sctp_errhdr_t);
1075 errhdr->cause = SCTP_ERROR_RESTART;
1076 errhdr->length = htons(len);
1078 /* Assign to the control socket. */
1079 ep = sctp_sk((sctp_get_ctl_sock()))->ep;
1081 /* Association is NULL since this may be a restart attack and we
1082 * want to send back the attacker's vtag.
1084 pkt = sctp_abort_pkt_new(ep, NULL, init, errhdr, len);
1088 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT, SCTP_PACKET(pkt));
1090 SCTP_INC_STATS(SctpOutCtrlChunks);
1092 /* Discard the rest of the inbound packet. */
1093 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET, SCTP_NULL());
1096 /* Even if there is no memory, treat as a failure so
1097 * the packet will get dropped.
1102 /* A restart is occurring, check to make sure no new addresses
1103 * are being added as we may be under a takeover attack.
1105 static int sctp_sf_check_restart_addrs(const struct sctp_association *new_asoc,
1106 const struct sctp_association *asoc,
1107 struct sctp_chunk *init,
1108 sctp_cmd_seq_t *commands)
1110 struct sctp_transport *new_addr, *addr;
1111 struct list_head *pos, *pos2;
1114 /* Implementor's Guide - Sectin 5.2.2
1116 * Before responding the endpoint MUST check to see if the
1117 * unexpected INIT adds new addresses to the association. If new
1118 * addresses are added to the association, the endpoint MUST respond
1122 /* Search through all current addresses and make sure
1123 * we aren't adding any new ones.
1128 list_for_each(pos, &new_asoc->peer.transport_addr_list) {
1129 new_addr = list_entry(pos, struct sctp_transport, transports);
1131 list_for_each(pos2, &asoc->peer.transport_addr_list) {
1132 addr = list_entry(pos2, struct sctp_transport,
1134 if (sctp_cmp_addr_exact(&new_addr->ipaddr,
1144 /* If a new address was added, ABORT the sender. */
1145 if (!found && new_addr) {
1146 sctp_sf_send_restart_abort(&new_addr->ipaddr, init, commands);
1149 /* Return success if all addresses were found. */
1153 /* Populate the verification/tie tags based on overlapping INIT
1156 * Note: Do not use in CLOSED or SHUTDOWN-ACK-SENT state.
1158 static void sctp_tietags_populate(struct sctp_association *new_asoc,
1159 const struct sctp_association *asoc)
1161 switch (asoc->state) {
1163 /* 5.2.1 INIT received in COOKIE-WAIT or COOKIE-ECHOED State */
1165 case SCTP_STATE_COOKIE_WAIT:
1166 new_asoc->c.my_vtag = asoc->c.my_vtag;
1167 new_asoc->c.my_ttag = asoc->c.my_vtag;
1168 new_asoc->c.peer_ttag = 0;
1171 case SCTP_STATE_COOKIE_ECHOED:
1172 new_asoc->c.my_vtag = asoc->c.my_vtag;
1173 new_asoc->c.my_ttag = asoc->c.my_vtag;
1174 new_asoc->c.peer_ttag = asoc->c.peer_vtag;
1177 /* 5.2.2 Unexpected INIT in States Other than CLOSED, COOKIE-ECHOED,
1178 * COOKIE-WAIT and SHUTDOWN-ACK-SENT
1181 new_asoc->c.my_ttag = asoc->c.my_vtag;
1182 new_asoc->c.peer_ttag = asoc->c.peer_vtag;
1186 /* Other parameters for the endpoint SHOULD be copied from the
1187 * existing parameters of the association (e.g. number of
1188 * outbound streams) into the INIT ACK and cookie.
1190 new_asoc->rwnd = asoc->rwnd;
1191 new_asoc->c.sinit_num_ostreams = asoc->c.sinit_num_ostreams;
1192 new_asoc->c.sinit_max_instreams = asoc->c.sinit_max_instreams;
1193 new_asoc->c.initial_tsn = asoc->c.initial_tsn;
1197 * Compare vtag/tietag values to determine unexpected COOKIE-ECHO
1200 * RFC 2960 5.2.4 Handle a COOKIE ECHO when a TCB exists.
1202 * Returns value representing action to be taken. These action values
1203 * correspond to Action/Description values in RFC 2960, Table 2.
1205 static char sctp_tietags_compare(struct sctp_association *new_asoc,
1206 const struct sctp_association *asoc)
1208 /* In this case, the peer may have restarted. */
1209 if ((asoc->c.my_vtag != new_asoc->c.my_vtag) &&
1210 (asoc->c.peer_vtag != new_asoc->c.peer_vtag) &&
1211 (asoc->c.my_vtag == new_asoc->c.my_ttag) &&
1212 (asoc->c.peer_vtag == new_asoc->c.peer_ttag))
1215 /* Collision case B. */
1216 if ((asoc->c.my_vtag == new_asoc->c.my_vtag) &&
1217 ((asoc->c.peer_vtag != new_asoc->c.peer_vtag) ||
1218 (0 == asoc->c.peer_vtag))) {
1222 /* Collision case D. */
1223 if ((asoc->c.my_vtag == new_asoc->c.my_vtag) &&
1224 (asoc->c.peer_vtag == new_asoc->c.peer_vtag))
1227 /* Collision case C. */
1228 if ((asoc->c.my_vtag != new_asoc->c.my_vtag) &&
1229 (asoc->c.peer_vtag == new_asoc->c.peer_vtag) &&
1230 (0 == new_asoc->c.my_ttag) &&
1231 (0 == new_asoc->c.peer_ttag))
1234 /* No match to any of the special cases; discard this packet. */
1238 /* Common helper routine for both duplicate and simulataneous INIT
1241 static sctp_disposition_t sctp_sf_do_unexpected_init(
1242 const struct sctp_endpoint *ep,
1243 const struct sctp_association *asoc,
1244 const sctp_subtype_t type,
1245 void *arg, sctp_cmd_seq_t *commands)
1247 sctp_disposition_t retval;
1248 struct sctp_chunk *chunk = arg;
1249 struct sctp_chunk *repl;
1250 struct sctp_association *new_asoc;
1251 struct sctp_chunk *err_chunk;
1252 struct sctp_packet *packet;
1253 sctp_unrecognized_param_t *unk_param;
1257 * An endpoint MUST NOT bundle INIT, INIT ACK or
1258 * SHUTDOWN COMPLETE with any other chunks.
1261 * Furthermore, we require that the receiver of an INIT chunk MUST
1262 * enforce these rules by silently discarding an arriving packet
1263 * with an INIT chunk that is bundled with other chunks.
1265 if (!chunk->singleton)
1266 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1268 /* 3.1 A packet containing an INIT chunk MUST have a zero Verification
1271 if (chunk->sctp_hdr->vtag != 0)
1272 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
1274 /* Make sure that the INIT chunk has a valid length.
1275 * In this case, we generate a protocol violation since we have
1276 * an association established.
1278 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_init_chunk_t)))
1279 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
1281 /* Grab the INIT header. */
1282 chunk->subh.init_hdr = (sctp_inithdr_t *) chunk->skb->data;
1284 /* Tag the variable length parameters. */
1285 chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t));
1287 /* Verify the INIT chunk before processing it. */
1289 if (!sctp_verify_init(asoc, chunk->chunk_hdr->type,
1290 (sctp_init_chunk_t *)chunk->chunk_hdr, chunk,
1292 /* This chunk contains fatal error. It is to be discarded.
1293 * Send an ABORT, with causes if there is any.
1296 packet = sctp_abort_pkt_new(ep, asoc, arg,
1297 (__u8 *)(err_chunk->chunk_hdr) +
1298 sizeof(sctp_chunkhdr_t),
1299 ntohs(err_chunk->chunk_hdr->length) -
1300 sizeof(sctp_chunkhdr_t));
1303 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
1304 SCTP_PACKET(packet));
1305 SCTP_INC_STATS(SctpOutCtrlChunks);
1306 retval = SCTP_DISPOSITION_CONSUME;
1308 retval = SCTP_DISPOSITION_NOMEM;
1312 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg,
1318 * Other parameters for the endpoint SHOULD be copied from the
1319 * existing parameters of the association (e.g. number of
1320 * outbound streams) into the INIT ACK and cookie.
1321 * FIXME: We are copying parameters from the endpoint not the
1324 new_asoc = sctp_make_temp_asoc(ep, chunk, GFP_ATOMIC);
1328 /* In the outbound INIT ACK the endpoint MUST copy its current
1329 * Verification Tag and Peers Verification tag into a reserved
1330 * place (local tie-tag and per tie-tag) within the state cookie.
1332 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
1334 (sctp_init_chunk_t *)chunk->chunk_hdr,
1336 retval = SCTP_DISPOSITION_NOMEM;
1340 /* Make sure no new addresses are being added during the
1341 * restart. Do not do this check for COOKIE-WAIT state,
1342 * since there are no peer addresses to check against.
1343 * Upon return an ABORT will have been sent if needed.
1345 if (!sctp_state(asoc, COOKIE_WAIT)) {
1346 if (!sctp_sf_check_restart_addrs(new_asoc, asoc, chunk,
1348 retval = SCTP_DISPOSITION_CONSUME;
1353 sctp_tietags_populate(new_asoc, asoc);
1355 /* B) "Z" shall respond immediately with an INIT ACK chunk. */
1357 /* If there are errors need to be reported for unknown parameters,
1358 * make sure to reserve enough room in the INIT ACK for them.
1362 len = ntohs(err_chunk->chunk_hdr->length) -
1363 sizeof(sctp_chunkhdr_t);
1366 if (sctp_assoc_set_bind_addr_from_ep(new_asoc, GFP_ATOMIC) < 0)
1369 repl = sctp_make_init_ack(new_asoc, chunk, GFP_ATOMIC, len);
1373 /* If there are errors need to be reported for unknown parameters,
1374 * include them in the outgoing INIT ACK as "Unrecognized parameter"
1378 /* Get the "Unrecognized parameter" parameter(s) out of the
1379 * ERROR chunk generated by sctp_verify_init(). Since the
1380 * error cause code for "unknown parameter" and the
1381 * "Unrecognized parameter" type is the same, we can
1382 * construct the parameters in INIT ACK by copying the
1383 * ERROR causes over.
1385 unk_param = (sctp_unrecognized_param_t *)
1386 ((__u8 *)(err_chunk->chunk_hdr) +
1387 sizeof(sctp_chunkhdr_t));
1388 /* Replace the cause code with the "Unrecognized parameter"
1391 sctp_addto_chunk(repl, len, unk_param);
1394 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
1395 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1398 * Note: After sending out INIT ACK with the State Cookie parameter,
1399 * "Z" MUST NOT allocate any resources for this new association.
1400 * Otherwise, "Z" will be vulnerable to resource attacks.
1402 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
1403 retval = SCTP_DISPOSITION_CONSUME;
1407 sctp_chunk_free(err_chunk);
1410 retval = SCTP_DISPOSITION_NOMEM;
1414 sctp_association_free(new_asoc);
1419 * Handle simultanous INIT.
1420 * This means we started an INIT and then we got an INIT request from
1423 * Section: 5.2.1 INIT received in COOKIE-WAIT or COOKIE-ECHOED State (Item B)
1424 * This usually indicates an initialization collision, i.e., each
1425 * endpoint is attempting, at about the same time, to establish an
1426 * association with the other endpoint.
1428 * Upon receipt of an INIT in the COOKIE-WAIT or COOKIE-ECHOED state, an
1429 * endpoint MUST respond with an INIT ACK using the same parameters it
1430 * sent in its original INIT chunk (including its Verification Tag,
1431 * unchanged). These original parameters are combined with those from the
1432 * newly received INIT chunk. The endpoint shall also generate a State
1433 * Cookie with the INIT ACK. The endpoint uses the parameters sent in its
1434 * INIT to calculate the State Cookie.
1436 * After that, the endpoint MUST NOT change its state, the T1-init
1437 * timer shall be left running and the corresponding TCB MUST NOT be
1438 * destroyed. The normal procedures for handling State Cookies when
1439 * a TCB exists will resolve the duplicate INITs to a single association.
1441 * For an endpoint that is in the COOKIE-ECHOED state it MUST populate
1442 * its Tie-Tags with the Tag information of itself and its peer (see
1443 * section 5.2.2 for a description of the Tie-Tags).
1445 * Verification Tag: Not explicit, but an INIT can not have a valid
1446 * verification tag, so we skip the check.
1449 * (endpoint, asoc, chunk)
1452 * (asoc, reply_msg, msg_up, timers, counters)
1454 * The return value is the disposition of the chunk.
1456 sctp_disposition_t sctp_sf_do_5_2_1_siminit(const struct sctp_endpoint *ep,
1457 const struct sctp_association *asoc,
1458 const sctp_subtype_t type,
1460 sctp_cmd_seq_t *commands)
1462 /* Call helper to do the real work for both simulataneous and
1463 * duplicate INIT chunk handling.
1465 return sctp_sf_do_unexpected_init(ep, asoc, type, arg, commands);
1469 * Handle duplicated INIT messages. These are usually delayed
1472 * Section: 5.2.2 Unexpected INIT in States Other than CLOSED,
1473 * COOKIE-ECHOED and COOKIE-WAIT
1475 * Unless otherwise stated, upon reception of an unexpected INIT for
1476 * this association, the endpoint shall generate an INIT ACK with a
1477 * State Cookie. In the outbound INIT ACK the endpoint MUST copy its
1478 * current Verification Tag and peer's Verification Tag into a reserved
1479 * place within the state cookie. We shall refer to these locations as
1480 * the Peer's-Tie-Tag and the Local-Tie-Tag. The outbound SCTP packet
1481 * containing this INIT ACK MUST carry a Verification Tag value equal to
1482 * the Initiation Tag found in the unexpected INIT. And the INIT ACK
1483 * MUST contain a new Initiation Tag (randomly generated see Section
1484 * 5.3.1). Other parameters for the endpoint SHOULD be copied from the
1485 * existing parameters of the association (e.g. number of outbound
1486 * streams) into the INIT ACK and cookie.
1488 * After sending out the INIT ACK, the endpoint shall take no further
1489 * actions, i.e., the existing association, including its current state,
1490 * and the corresponding TCB MUST NOT be changed.
1492 * Note: Only when a TCB exists and the association is not in a COOKIE-
1493 * WAIT state are the Tie-Tags populated. For a normal association INIT
1494 * (i.e. the endpoint is in a COOKIE-WAIT state), the Tie-Tags MUST be
1495 * set to 0 (indicating that no previous TCB existed). The INIT ACK and
1496 * State Cookie are populated as specified in section 5.2.1.
1498 * Verification Tag: Not specified, but an INIT has no way of knowing
1499 * what the verification tag could be, so we ignore it.
1502 * (endpoint, asoc, chunk)
1505 * (asoc, reply_msg, msg_up, timers, counters)
1507 * The return value is the disposition of the chunk.
1509 sctp_disposition_t sctp_sf_do_5_2_2_dupinit(const struct sctp_endpoint *ep,
1510 const struct sctp_association *asoc,
1511 const sctp_subtype_t type,
1513 sctp_cmd_seq_t *commands)
1515 /* Call helper to do the real work for both simulataneous and
1516 * duplicate INIT chunk handling.
1518 return sctp_sf_do_unexpected_init(ep, asoc, type, arg, commands);
1523 /* Unexpected COOKIE-ECHO handler for peer restart (Table 2, action 'A')
1526 * A) In this case, the peer may have restarted.
1528 static sctp_disposition_t sctp_sf_do_dupcook_a(const struct sctp_endpoint *ep,
1529 const struct sctp_association *asoc,
1530 struct sctp_chunk *chunk,
1531 sctp_cmd_seq_t *commands,
1532 struct sctp_association *new_asoc)
1534 sctp_init_chunk_t *peer_init;
1535 struct sctp_ulpevent *ev;
1536 struct sctp_chunk *repl;
1537 struct sctp_chunk *err;
1538 sctp_disposition_t disposition;
1540 /* new_asoc is a brand-new association, so these are not yet
1541 * side effects--it is safe to run them here.
1543 peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
1545 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
1546 sctp_source(chunk), peer_init,
1550 /* Make sure no new addresses are being added during the
1551 * restart. Though this is a pretty complicated attack
1552 * since you'd have to get inside the cookie.
1554 if (!sctp_sf_check_restart_addrs(new_asoc, asoc, chunk, commands)) {
1555 return SCTP_DISPOSITION_CONSUME;
1558 /* If the endpoint is in the SHUTDOWN-ACK-SENT state and recognizes
1559 * the peer has restarted (Action A), it MUST NOT setup a new
1560 * association but instead resend the SHUTDOWN ACK and send an ERROR
1561 * chunk with a "Cookie Received while Shutting Down" error cause to
1564 if (sctp_state(asoc, SHUTDOWN_ACK_SENT)) {
1565 disposition = sctp_sf_do_9_2_reshutack(ep, asoc,
1566 SCTP_ST_CHUNK(chunk->chunk_hdr->type),
1568 if (SCTP_DISPOSITION_NOMEM == disposition)
1571 err = sctp_make_op_error(asoc, chunk,
1572 SCTP_ERROR_COOKIE_IN_SHUTDOWN,
1575 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
1578 return SCTP_DISPOSITION_CONSUME;
1581 /* For now, fail any unsent/unacked data. Consider the optional
1582 * choice of resending of this data.
1584 sctp_add_cmd_sf(commands, SCTP_CMD_PURGE_OUTQUEUE, SCTP_NULL());
1586 /* Update the content of current association. */
1587 sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc));
1589 repl = sctp_make_cookie_ack(new_asoc, chunk);
1593 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1595 /* Report association restart to upper layer. */
1596 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_RESTART, 0,
1597 new_asoc->c.sinit_num_ostreams,
1598 new_asoc->c.sinit_max_instreams,
1603 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
1604 return SCTP_DISPOSITION_CONSUME;
1607 sctp_chunk_free(repl);
1609 return SCTP_DISPOSITION_NOMEM;
1612 /* Unexpected COOKIE-ECHO handler for setup collision (Table 2, action 'B')
1615 * B) In this case, both sides may be attempting to start an association
1616 * at about the same time but the peer endpoint started its INIT
1617 * after responding to the local endpoint's INIT
1619 /* This case represents an initialization collision. */
1620 static sctp_disposition_t sctp_sf_do_dupcook_b(const struct sctp_endpoint *ep,
1621 const struct sctp_association *asoc,
1622 struct sctp_chunk *chunk,
1623 sctp_cmd_seq_t *commands,
1624 struct sctp_association *new_asoc)
1626 sctp_init_chunk_t *peer_init;
1627 struct sctp_ulpevent *ev;
1628 struct sctp_chunk *repl;
1630 /* new_asoc is a brand-new association, so these are not yet
1631 * side effects--it is safe to run them here.
1633 peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
1634 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
1635 sctp_source(chunk), peer_init,
1639 /* Update the content of current association. */
1640 sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc));
1641 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
1642 SCTP_STATE(SCTP_STATE_ESTABLISHED));
1643 SCTP_INC_STATS(SctpCurrEstab);
1644 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
1646 repl = sctp_make_cookie_ack(new_asoc, chunk);
1650 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1651 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
1653 /* RFC 2960 5.1 Normal Establishment of an Association
1655 * D) IMPLEMENTATION NOTE: An implementation may choose to
1656 * send the Communication Up notification to the SCTP user
1657 * upon reception of a valid COOKIE ECHO chunk.
1659 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_COMM_UP, 0,
1660 new_asoc->c.sinit_num_ostreams,
1661 new_asoc->c.sinit_max_instreams,
1666 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
1668 /* Sockets API Draft Section 5.3.1.6
1669 * When a peer sends a Adaption Layer Indication parameter , SCTP
1670 * delivers this notification to inform the application that of the
1671 * peers requested adaption layer.
1673 if (asoc->peer.adaption_ind) {
1674 ev = sctp_ulpevent_make_adaption_indication(asoc, GFP_ATOMIC);
1678 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
1682 return SCTP_DISPOSITION_CONSUME;
1685 sctp_chunk_free(repl);
1687 return SCTP_DISPOSITION_NOMEM;
1690 /* Unexpected COOKIE-ECHO handler for setup collision (Table 2, action 'C')
1693 * C) In this case, the local endpoint's cookie has arrived late.
1694 * Before it arrived, the local endpoint sent an INIT and received an
1695 * INIT-ACK and finally sent a COOKIE ECHO with the peer's same tag
1696 * but a new tag of its own.
1698 /* This case represents an initialization collision. */
1699 static sctp_disposition_t sctp_sf_do_dupcook_c(const struct sctp_endpoint *ep,
1700 const struct sctp_association *asoc,
1701 struct sctp_chunk *chunk,
1702 sctp_cmd_seq_t *commands,
1703 struct sctp_association *new_asoc)
1705 /* The cookie should be silently discarded.
1706 * The endpoint SHOULD NOT change states and should leave
1707 * any timers running.
1709 return SCTP_DISPOSITION_DISCARD;
1712 /* Unexpected COOKIE-ECHO handler lost chunk (Table 2, action 'D')
1716 * D) When both local and remote tags match the endpoint should always
1717 * enter the ESTABLISHED state, if it has not already done so.
1719 /* This case represents an initialization collision. */
1720 static sctp_disposition_t sctp_sf_do_dupcook_d(const struct sctp_endpoint *ep,
1721 const struct sctp_association *asoc,
1722 struct sctp_chunk *chunk,
1723 sctp_cmd_seq_t *commands,
1724 struct sctp_association *new_asoc)
1726 struct sctp_ulpevent *ev = NULL;
1727 struct sctp_chunk *repl;
1729 /* Clarification from Implementor's Guide:
1730 * D) When both local and remote tags match the endpoint should
1731 * enter the ESTABLISHED state, if it is in the COOKIE-ECHOED state.
1732 * It should stop any cookie timer that may be running and send
1736 /* Don't accidentally move back into established state. */
1737 if (asoc->state < SCTP_STATE_ESTABLISHED) {
1738 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
1739 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
1740 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
1741 SCTP_STATE(SCTP_STATE_ESTABLISHED));
1742 SCTP_INC_STATS(SctpCurrEstab);
1743 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START,
1746 /* RFC 2960 5.1 Normal Establishment of an Association
1748 * D) IMPLEMENTATION NOTE: An implementation may choose
1749 * to send the Communication Up notification to the
1750 * SCTP user upon reception of a valid COOKIE
1753 ev = sctp_ulpevent_make_assoc_change(new_asoc, 0,
1755 new_asoc->c.sinit_num_ostreams,
1756 new_asoc->c.sinit_max_instreams,
1760 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
1763 /* Sockets API Draft Section 5.3.1.6
1764 * When a peer sends a Adaption Layer Indication parameter,
1765 * SCTP delivers this notification to inform the application
1766 * that of the peers requested adaption layer.
1768 if (new_asoc->peer.adaption_ind) {
1769 ev = sctp_ulpevent_make_adaption_indication(new_asoc,
1774 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
1778 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
1780 repl = sctp_make_cookie_ack(new_asoc, chunk);
1784 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1785 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
1787 return SCTP_DISPOSITION_CONSUME;
1791 sctp_ulpevent_free(ev);
1792 return SCTP_DISPOSITION_NOMEM;
1796 * Handle a duplicate COOKIE-ECHO. This usually means a cookie-carrying
1797 * chunk was retransmitted and then delayed in the network.
1799 * Section: 5.2.4 Handle a COOKIE ECHO when a TCB exists
1801 * Verification Tag: None. Do cookie validation.
1804 * (endpoint, asoc, chunk)
1807 * (asoc, reply_msg, msg_up, timers, counters)
1809 * The return value is the disposition of the chunk.
1811 sctp_disposition_t sctp_sf_do_5_2_4_dupcook(const struct sctp_endpoint *ep,
1812 const struct sctp_association *asoc,
1813 const sctp_subtype_t type,
1815 sctp_cmd_seq_t *commands)
1817 sctp_disposition_t retval;
1818 struct sctp_chunk *chunk = arg;
1819 struct sctp_association *new_asoc;
1822 struct sctp_chunk *err_chk_p;
1824 /* Make sure that the chunk has a valid length from the protocol
1825 * perspective. In this case check to make sure we have at least
1826 * enough for the chunk header. Cookie length verification is
1829 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
1830 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
1833 /* "Decode" the chunk. We have no optional parameters so we
1834 * are in good shape.
1836 chunk->subh.cookie_hdr = (struct sctp_signed_cookie *)chunk->skb->data;
1837 if (!pskb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) -
1838 sizeof(sctp_chunkhdr_t)))
1841 /* In RFC 2960 5.2.4 3, if both Verification Tags in the State Cookie
1842 * of a duplicate COOKIE ECHO match the Verification Tags of the
1843 * current association, consider the State Cookie valid even if
1844 * the lifespan is exceeded.
1846 new_asoc = sctp_unpack_cookie(ep, asoc, chunk, GFP_ATOMIC, &error,
1850 * If the re-build failed, what is the proper error path
1853 * [We should abort the association. --piggy]
1856 /* FIXME: Several errors are possible. A bad cookie should
1857 * be silently discarded, but think about logging it too.
1860 case -SCTP_IERROR_NOMEM:
1863 case -SCTP_IERROR_STALE_COOKIE:
1864 sctp_send_stale_cookie_err(ep, asoc, chunk, commands,
1866 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1867 case -SCTP_IERROR_BAD_SIG:
1869 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1873 /* Compare the tie_tag in cookie with the verification tag of
1874 * current association.
1876 action = sctp_tietags_compare(new_asoc, asoc);
1879 case 'A': /* Association restart. */
1880 retval = sctp_sf_do_dupcook_a(ep, asoc, chunk, commands,
1884 case 'B': /* Collision case B. */
1885 retval = sctp_sf_do_dupcook_b(ep, asoc, chunk, commands,
1889 case 'C': /* Collision case C. */
1890 retval = sctp_sf_do_dupcook_c(ep, asoc, chunk, commands,
1894 case 'D': /* Collision case D. */
1895 retval = sctp_sf_do_dupcook_d(ep, asoc, chunk, commands,
1899 default: /* Discard packet for all others. */
1900 retval = sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1904 /* Delete the tempory new association. */
1905 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
1906 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
1911 return SCTP_DISPOSITION_NOMEM;
1915 * Process an ABORT. (SHUTDOWN-PENDING state)
1917 * See sctp_sf_do_9_1_abort().
1919 sctp_disposition_t sctp_sf_shutdown_pending_abort(
1920 const struct sctp_endpoint *ep,
1921 const struct sctp_association *asoc,
1922 const sctp_subtype_t type,
1924 sctp_cmd_seq_t *commands)
1926 struct sctp_chunk *chunk = arg;
1928 if (!sctp_vtag_verify_either(chunk, asoc))
1929 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1931 /* Make sure that the ABORT chunk has a valid length.
1932 * Since this is an ABORT chunk, we have to discard it
1933 * because of the following text:
1934 * RFC 2960, Section 3.3.7
1935 * If an endpoint receives an ABORT with a format error or for an
1936 * association that doesn't exist, it MUST silently discard it.
1937 * Becasue the length is "invalid", we can't really discard just
1938 * as we do not know its true length. So, to be safe, discard the
1941 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_abort_chunk_t)))
1942 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1944 /* Stop the T5-shutdown guard timer. */
1945 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
1946 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
1948 return sctp_sf_do_9_1_abort(ep, asoc, type, arg, commands);
1952 * Process an ABORT. (SHUTDOWN-SENT state)
1954 * See sctp_sf_do_9_1_abort().
1956 sctp_disposition_t sctp_sf_shutdown_sent_abort(const struct sctp_endpoint *ep,
1957 const struct sctp_association *asoc,
1958 const sctp_subtype_t type,
1960 sctp_cmd_seq_t *commands)
1962 struct sctp_chunk *chunk = arg;
1964 if (!sctp_vtag_verify_either(chunk, asoc))
1965 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1967 /* Make sure that the ABORT chunk has a valid length.
1968 * Since this is an ABORT chunk, we have to discard it
1969 * because of the following text:
1970 * RFC 2960, Section 3.3.7
1971 * If an endpoint receives an ABORT with a format error or for an
1972 * association that doesn't exist, it MUST silently discard it.
1973 * Becasue the length is "invalid", we can't really discard just
1974 * as we do not know its true length. So, to be safe, discard the
1977 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_abort_chunk_t)))
1978 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1980 /* Stop the T2-shutdown timer. */
1981 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
1982 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
1984 /* Stop the T5-shutdown guard timer. */
1985 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
1986 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
1988 return sctp_sf_do_9_1_abort(ep, asoc, type, arg, commands);
1992 * Process an ABORT. (SHUTDOWN-ACK-SENT state)
1994 * See sctp_sf_do_9_1_abort().
1996 sctp_disposition_t sctp_sf_shutdown_ack_sent_abort(
1997 const struct sctp_endpoint *ep,
1998 const struct sctp_association *asoc,
1999 const sctp_subtype_t type,
2001 sctp_cmd_seq_t *commands)
2003 /* The same T2 timer, so we should be able to use
2004 * common function with the SHUTDOWN-SENT state.
2006 return sctp_sf_shutdown_sent_abort(ep, asoc, type, arg, commands);
2010 * Handle an Error received in COOKIE_ECHOED state.
2012 * Only handle the error type of stale COOKIE Error, the other errors will
2016 * (endpoint, asoc, chunk)
2019 * (asoc, reply_msg, msg_up, timers, counters)
2021 * The return value is the disposition of the chunk.
2023 sctp_disposition_t sctp_sf_cookie_echoed_err(const struct sctp_endpoint *ep,
2024 const struct sctp_association *asoc,
2025 const sctp_subtype_t type,
2027 sctp_cmd_seq_t *commands)
2029 struct sctp_chunk *chunk = arg;
2032 if (!sctp_vtag_verify(chunk, asoc))
2033 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2035 /* Make sure that the ERROR chunk has a valid length.
2036 * The parameter walking depends on this as well.
2038 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_operr_chunk_t)))
2039 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2042 /* Process the error here */
2043 /* FUTURE FIXME: When PR-SCTP related and other optional
2044 * parms are emitted, this will have to change to handle multiple
2047 sctp_walk_errors(err, chunk->chunk_hdr) {
2048 if (SCTP_ERROR_STALE_COOKIE == err->cause)
2049 return sctp_sf_do_5_2_6_stale(ep, asoc, type,
2053 /* It is possible to have malformed error causes, and that
2054 * will cause us to end the walk early. However, since
2055 * we are discarding the packet, there should be no adverse
2058 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2062 * Handle a Stale COOKIE Error
2064 * Section: 5.2.6 Handle Stale COOKIE Error
2065 * If the association is in the COOKIE-ECHOED state, the endpoint may elect
2066 * one of the following three alternatives.
2068 * 3) Send a new INIT chunk to the endpoint, adding a Cookie
2069 * Preservative parameter requesting an extension to the lifetime of
2070 * the State Cookie. When calculating the time extension, an
2071 * implementation SHOULD use the RTT information measured based on the
2072 * previous COOKIE ECHO / ERROR exchange, and should add no more
2073 * than 1 second beyond the measured RTT, due to long State Cookie
2074 * lifetimes making the endpoint more subject to a replay attack.
2076 * Verification Tag: Not explicit, but safe to ignore.
2079 * (endpoint, asoc, chunk)
2082 * (asoc, reply_msg, msg_up, timers, counters)
2084 * The return value is the disposition of the chunk.
2086 static sctp_disposition_t sctp_sf_do_5_2_6_stale(const struct sctp_endpoint *ep,
2087 const struct sctp_association *asoc,
2088 const sctp_subtype_t type,
2090 sctp_cmd_seq_t *commands)
2092 struct sctp_chunk *chunk = arg;
2094 sctp_cookie_preserve_param_t bht;
2096 struct sctp_chunk *reply;
2097 struct sctp_bind_addr *bp;
2100 attempts = asoc->counters[SCTP_COUNTER_INIT_ERROR] + 1;
2102 if (attempts >= asoc->max_init_attempts) {
2103 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
2104 SCTP_U32(SCTP_ERROR_STALE_COOKIE));
2105 return SCTP_DISPOSITION_DELETE_TCB;
2108 err = (sctp_errhdr_t *)(chunk->skb->data);
2110 /* When calculating the time extension, an implementation
2111 * SHOULD use the RTT information measured based on the
2112 * previous COOKIE ECHO / ERROR exchange, and should add no
2113 * more than 1 second beyond the measured RTT, due to long
2114 * State Cookie lifetimes making the endpoint more subject to
2116 * Measure of Staleness's unit is usec. (1/1000000 sec)
2117 * Suggested Cookie Life-span Increment's unit is msec.
2119 * In general, if you use the suggested cookie life, the value
2120 * found in the field of measure of staleness should be doubled
2121 * to give ample time to retransmit the new cookie and thus
2122 * yield a higher probability of success on the reattempt.
2124 stale = ntohl(*(suseconds_t *)((u8 *)err + sizeof(sctp_errhdr_t)));
2125 stale = (stale * 2) / 1000;
2127 bht.param_hdr.type = SCTP_PARAM_COOKIE_PRESERVATIVE;
2128 bht.param_hdr.length = htons(sizeof(bht));
2129 bht.lifespan_increment = htonl(stale);
2131 /* Build that new INIT chunk. */
2132 bp = (struct sctp_bind_addr *) &asoc->base.bind_addr;
2133 reply = sctp_make_init(asoc, bp, GFP_ATOMIC, sizeof(bht));
2137 sctp_addto_chunk(reply, sizeof(bht), &bht);
2139 /* Clear peer's init_tag cached in assoc as we are sending a new INIT */
2140 sctp_add_cmd_sf(commands, SCTP_CMD_CLEAR_INIT_TAG, SCTP_NULL());
2142 /* Stop pending T3-rtx and heartbeat timers */
2143 sctp_add_cmd_sf(commands, SCTP_CMD_T3_RTX_TIMERS_STOP, SCTP_NULL());
2144 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_STOP, SCTP_NULL());
2146 /* Delete non-primary peer ip addresses since we are transitioning
2147 * back to the COOKIE-WAIT state
2149 sctp_add_cmd_sf(commands, SCTP_CMD_DEL_NON_PRIMARY, SCTP_NULL());
2151 /* If we've sent any data bundled with COOKIE-ECHO we will need to
2154 sctp_add_cmd_sf(commands, SCTP_CMD_RETRAN,
2155 SCTP_TRANSPORT(asoc->peer.primary_path));
2157 /* Cast away the const modifier, as we want to just
2158 * rerun it through as a sideffect.
2160 sctp_add_cmd_sf(commands, SCTP_CMD_COUNTER_INC,
2161 SCTP_COUNTER(SCTP_COUNTER_INIT_ERROR));
2163 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2164 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
2165 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
2166 SCTP_STATE(SCTP_STATE_COOKIE_WAIT));
2167 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
2168 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
2170 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
2172 return SCTP_DISPOSITION_CONSUME;
2175 return SCTP_DISPOSITION_NOMEM;
2182 * After checking the Verification Tag, the receiving endpoint shall
2183 * remove the association from its record, and shall report the
2184 * termination to its upper layer.
2186 * Verification Tag: 8.5.1 Exceptions in Verification Tag Rules
2187 * B) Rules for packet carrying ABORT:
2189 * - The endpoint shall always fill in the Verification Tag field of the
2190 * outbound packet with the destination endpoint's tag value if it
2193 * - If the ABORT is sent in response to an OOTB packet, the endpoint
2194 * MUST follow the procedure described in Section 8.4.
2196 * - The receiver MUST accept the packet if the Verification Tag
2197 * matches either its own tag, OR the tag of its peer. Otherwise, the
2198 * receiver MUST silently discard the packet and take no further
2202 * (endpoint, asoc, chunk)
2205 * (asoc, reply_msg, msg_up, timers, counters)
2207 * The return value is the disposition of the chunk.
2209 sctp_disposition_t sctp_sf_do_9_1_abort(const struct sctp_endpoint *ep,
2210 const struct sctp_association *asoc,
2211 const sctp_subtype_t type,
2213 sctp_cmd_seq_t *commands)
2215 struct sctp_chunk *chunk = arg;
2217 __u16 error = SCTP_ERROR_NO_ERROR;
2219 if (!sctp_vtag_verify_either(chunk, asoc))
2220 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2222 /* Make sure that the ABORT chunk has a valid length.
2223 * Since this is an ABORT chunk, we have to discard it
2224 * because of the following text:
2225 * RFC 2960, Section 3.3.7
2226 * If an endpoint receives an ABORT with a format error or for an
2227 * association that doesn't exist, it MUST silently discard it.
2228 * Becasue the length is "invalid", we can't really discard just
2229 * as we do not know its true length. So, to be safe, discard the
2232 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_abort_chunk_t)))
2233 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2235 /* See if we have an error cause code in the chunk. */
2236 len = ntohs(chunk->chunk_hdr->length);
2237 if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr))
2238 error = ((sctp_errhdr_t *)chunk->skb->data)->cause;
2240 /* ASSOC_FAILED will DELETE_TCB. */
2241 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_U32(error));
2242 SCTP_INC_STATS(SctpAborteds);
2243 SCTP_DEC_STATS(SctpCurrEstab);
2245 return SCTP_DISPOSITION_ABORT;
2249 * Process an ABORT. (COOKIE-WAIT state)
2251 * See sctp_sf_do_9_1_abort() above.
2253 sctp_disposition_t sctp_sf_cookie_wait_abort(const struct sctp_endpoint *ep,
2254 const struct sctp_association *asoc,
2255 const sctp_subtype_t type,
2257 sctp_cmd_seq_t *commands)
2259 struct sctp_chunk *chunk = arg;
2261 __u16 error = SCTP_ERROR_NO_ERROR;
2263 if (!sctp_vtag_verify_either(chunk, asoc))
2264 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2266 /* Make sure that the ABORT chunk has a valid length.
2267 * Since this is an ABORT chunk, we have to discard it
2268 * because of the following text:
2269 * RFC 2960, Section 3.3.7
2270 * If an endpoint receives an ABORT with a format error or for an
2271 * association that doesn't exist, it MUST silently discard it.
2272 * Becasue the length is "invalid", we can't really discard just
2273 * as we do not know its true length. So, to be safe, discard the
2276 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_abort_chunk_t)))
2277 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2279 /* See if we have an error cause code in the chunk. */
2280 len = ntohs(chunk->chunk_hdr->length);
2281 if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr))
2282 error = ((sctp_errhdr_t *)chunk->skb->data)->cause;
2284 sctp_stop_t1_and_abort(commands, error);
2286 return SCTP_DISPOSITION_ABORT;
2290 * Process an incoming ICMP as an ABORT. (COOKIE-WAIT state)
2292 sctp_disposition_t sctp_sf_cookie_wait_icmp_abort(const struct sctp_endpoint *ep,
2293 const struct sctp_association *asoc,
2294 const sctp_subtype_t type,
2296 sctp_cmd_seq_t *commands)
2298 sctp_stop_t1_and_abort(commands, SCTP_ERROR_NO_ERROR);
2299 return SCTP_DISPOSITION_ABORT;
2303 * Process an ABORT. (COOKIE-ECHOED state)
2305 sctp_disposition_t sctp_sf_cookie_echoed_abort(const struct sctp_endpoint *ep,
2306 const struct sctp_association *asoc,
2307 const sctp_subtype_t type,
2309 sctp_cmd_seq_t *commands)
2311 /* There is a single T1 timer, so we should be able to use
2312 * common function with the COOKIE-WAIT state.
2314 return sctp_sf_cookie_wait_abort(ep, asoc, type, arg, commands);
2318 * Stop T1 timer and abort association with "INIT failed".
2320 * This is common code called by several sctp_sf_*_abort() functions above.
2322 void sctp_stop_t1_and_abort(sctp_cmd_seq_t *commands, __u16 error)
2324 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
2325 SCTP_STATE(SCTP_STATE_CLOSED));
2326 SCTP_INC_STATS(SctpAborteds);
2327 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2328 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
2329 /* CMD_INIT_FAILED will DELETE_TCB. */
2330 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
2335 * sctp_sf_do_9_2_shut
2338 * Upon the reception of the SHUTDOWN, the peer endpoint shall
2339 * - enter the SHUTDOWN-RECEIVED state,
2341 * - stop accepting new data from its SCTP user
2343 * - verify, by checking the Cumulative TSN Ack field of the chunk,
2344 * that all its outstanding DATA chunks have been received by the
2347 * Once an endpoint as reached the SHUTDOWN-RECEIVED state it MUST NOT
2348 * send a SHUTDOWN in response to a ULP request. And should discard
2349 * subsequent SHUTDOWN chunks.
2351 * If there are still outstanding DATA chunks left, the SHUTDOWN
2352 * receiver shall continue to follow normal data transmission
2353 * procedures defined in Section 6 until all outstanding DATA chunks
2354 * are acknowledged; however, the SHUTDOWN receiver MUST NOT accept
2355 * new data from its SCTP user.
2357 * Verification Tag: 8.5 Verification Tag [Normal verification]
2360 * (endpoint, asoc, chunk)
2363 * (asoc, reply_msg, msg_up, timers, counters)
2365 * The return value is the disposition of the chunk.
2367 sctp_disposition_t sctp_sf_do_9_2_shutdown(const struct sctp_endpoint *ep,
2368 const struct sctp_association *asoc,
2369 const sctp_subtype_t type,
2371 sctp_cmd_seq_t *commands)
2373 struct sctp_chunk *chunk = arg;
2374 sctp_shutdownhdr_t *sdh;
2375 sctp_disposition_t disposition;
2376 struct sctp_ulpevent *ev;
2378 if (!sctp_vtag_verify(chunk, asoc))
2379 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2381 /* Make sure that the SHUTDOWN chunk has a valid length. */
2382 if (!sctp_chunk_length_valid(chunk,
2383 sizeof(struct sctp_shutdown_chunk_t)))
2384 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2387 /* Convert the elaborate header. */
2388 sdh = (sctp_shutdownhdr_t *)chunk->skb->data;
2389 skb_pull(chunk->skb, sizeof(sctp_shutdownhdr_t));
2390 chunk->subh.shutdown_hdr = sdh;
2392 /* Upon the reception of the SHUTDOWN, the peer endpoint shall
2393 * - enter the SHUTDOWN-RECEIVED state,
2394 * - stop accepting new data from its SCTP user
2396 * [This is implicit in the new state.]
2398 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
2399 SCTP_STATE(SCTP_STATE_SHUTDOWN_RECEIVED));
2400 disposition = SCTP_DISPOSITION_CONSUME;
2402 if (sctp_outq_is_empty(&asoc->outqueue)) {
2403 disposition = sctp_sf_do_9_2_shutdown_ack(ep, asoc, type,
2407 if (SCTP_DISPOSITION_NOMEM == disposition)
2410 /* - verify, by checking the Cumulative TSN Ack field of the
2411 * chunk, that all its outstanding DATA chunks have been
2412 * received by the SHUTDOWN sender.
2414 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_CTSN,
2415 SCTP_U32(chunk->subh.shutdown_hdr->cum_tsn_ack));
2417 /* API 5.3.1.5 SCTP_SHUTDOWN_EVENT
2418 * When a peer sends a SHUTDOWN, SCTP delivers this notification to
2419 * inform the application that it should cease sending data.
2421 ev = sctp_ulpevent_make_shutdown_event(asoc, 0, GFP_ATOMIC);
2423 disposition = SCTP_DISPOSITION_NOMEM;
2426 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
2433 * If an endpoint is in SHUTDOWN-ACK-SENT state and receives an INIT chunk
2434 * (e.g., if the SHUTDOWN COMPLETE was lost) with source and destination
2435 * transport addresses (either in the IP addresses or in the INIT chunk)
2436 * that belong to this association, it should discard the INIT chunk and
2437 * retransmit the SHUTDOWN ACK chunk.
2439 sctp_disposition_t sctp_sf_do_9_2_reshutack(const struct sctp_endpoint *ep,
2440 const struct sctp_association *asoc,
2441 const sctp_subtype_t type,
2443 sctp_cmd_seq_t *commands)
2445 struct sctp_chunk *chunk = (struct sctp_chunk *) arg;
2446 struct sctp_chunk *reply;
2448 /* Since we are not going to really process this INIT, there
2449 * is no point in verifying chunk boundries. Just generate
2452 reply = sctp_make_shutdown_ack(asoc, chunk);
2456 /* Set the transport for the SHUTDOWN ACK chunk and the timeout for
2457 * the T2-SHUTDOWN timer.
2459 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
2461 /* and restart the T2-shutdown timer. */
2462 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2463 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
2465 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
2467 return SCTP_DISPOSITION_CONSUME;
2469 return SCTP_DISPOSITION_NOMEM;
2473 * sctp_sf_do_ecn_cwr
2475 * Section: Appendix A: Explicit Congestion Notification
2479 * RFC 2481 details a specific bit for a sender to send in the header of
2480 * its next outbound TCP segment to indicate to its peer that it has
2481 * reduced its congestion window. This is termed the CWR bit. For
2482 * SCTP the same indication is made by including the CWR chunk.
2483 * This chunk contains one data element, i.e. the TSN number that
2484 * was sent in the ECNE chunk. This element represents the lowest
2485 * TSN number in the datagram that was originally marked with the
2488 * Verification Tag: 8.5 Verification Tag [Normal verification]
2490 * (endpoint, asoc, chunk)
2493 * (asoc, reply_msg, msg_up, timers, counters)
2495 * The return value is the disposition of the chunk.
2497 sctp_disposition_t sctp_sf_do_ecn_cwr(const struct sctp_endpoint *ep,
2498 const struct sctp_association *asoc,
2499 const sctp_subtype_t type,
2501 sctp_cmd_seq_t *commands)
2504 struct sctp_chunk *chunk = arg;
2506 if (!sctp_vtag_verify(chunk, asoc))
2507 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2509 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_ecne_chunk_t)))
2510 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2513 cwr = (sctp_cwrhdr_t *) chunk->skb->data;
2514 skb_pull(chunk->skb, sizeof(sctp_cwrhdr_t));
2516 cwr->lowest_tsn = ntohl(cwr->lowest_tsn);
2518 /* Does this CWR ack the last sent congestion notification? */
2519 if (TSN_lte(asoc->last_ecne_tsn, cwr->lowest_tsn)) {
2520 /* Stop sending ECNE. */
2521 sctp_add_cmd_sf(commands,
2523 SCTP_U32(cwr->lowest_tsn));
2525 return SCTP_DISPOSITION_CONSUME;
2531 * Section: Appendix A: Explicit Congestion Notification
2535 * RFC 2481 details a specific bit for a receiver to send back in its
2536 * TCP acknowledgements to notify the sender of the Congestion
2537 * Experienced (CE) bit having arrived from the network. For SCTP this
2538 * same indication is made by including the ECNE chunk. This chunk
2539 * contains one data element, i.e. the lowest TSN associated with the IP
2540 * datagram marked with the CE bit.....
2542 * Verification Tag: 8.5 Verification Tag [Normal verification]
2544 * (endpoint, asoc, chunk)
2547 * (asoc, reply_msg, msg_up, timers, counters)
2549 * The return value is the disposition of the chunk.
2551 sctp_disposition_t sctp_sf_do_ecne(const struct sctp_endpoint *ep,
2552 const struct sctp_association *asoc,
2553 const sctp_subtype_t type,
2555 sctp_cmd_seq_t *commands)
2557 sctp_ecnehdr_t *ecne;
2558 struct sctp_chunk *chunk = arg;
2560 if (!sctp_vtag_verify(chunk, asoc))
2561 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2563 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_ecne_chunk_t)))
2564 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2567 ecne = (sctp_ecnehdr_t *) chunk->skb->data;
2568 skb_pull(chunk->skb, sizeof(sctp_ecnehdr_t));
2570 /* If this is a newer ECNE than the last CWR packet we sent out */
2571 sctp_add_cmd_sf(commands, SCTP_CMD_ECN_ECNE,
2572 SCTP_U32(ntohl(ecne->lowest_tsn)));
2574 return SCTP_DISPOSITION_CONSUME;
2578 * Section: 6.2 Acknowledgement on Reception of DATA Chunks
2580 * The SCTP endpoint MUST always acknowledge the reception of each valid
2583 * The guidelines on delayed acknowledgement algorithm specified in
2584 * Section 4.2 of [RFC2581] SHOULD be followed. Specifically, an
2585 * acknowledgement SHOULD be generated for at least every second packet
2586 * (not every second DATA chunk) received, and SHOULD be generated within
2587 * 200 ms of the arrival of any unacknowledged DATA chunk. In some
2588 * situations it may be beneficial for an SCTP transmitter to be more
2589 * conservative than the algorithms detailed in this document allow.
2590 * However, an SCTP transmitter MUST NOT be more aggressive than the
2591 * following algorithms allow.
2593 * A SCTP receiver MUST NOT generate more than one SACK for every
2594 * incoming packet, other than to update the offered window as the
2595 * receiving application consumes new data.
2597 * Verification Tag: 8.5 Verification Tag [Normal verification]
2600 * (endpoint, asoc, chunk)
2603 * (asoc, reply_msg, msg_up, timers, counters)
2605 * The return value is the disposition of the chunk.
2607 sctp_disposition_t sctp_sf_eat_data_6_2(const struct sctp_endpoint *ep,
2608 const struct sctp_association *asoc,
2609 const sctp_subtype_t type,
2611 sctp_cmd_seq_t *commands)
2613 struct sctp_chunk *chunk = arg;
2616 if (!sctp_vtag_verify(chunk, asoc)) {
2617 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
2619 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2622 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_data_chunk_t)))
2623 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2626 error = sctp_eat_data(asoc, chunk, commands );
2628 case SCTP_IERROR_NO_ERROR:
2630 case SCTP_IERROR_HIGH_TSN:
2631 case SCTP_IERROR_BAD_STREAM:
2632 goto discard_noforce;
2633 case SCTP_IERROR_DUP_TSN:
2634 case SCTP_IERROR_IGNORE_TSN:
2636 case SCTP_IERROR_NO_DATA:
2642 if (asoc->autoclose) {
2643 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2644 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
2647 /* If this is the last chunk in a packet, we need to count it
2648 * toward sack generation. Note that we need to SACK every
2649 * OTHER packet containing data chunks, EVEN IF WE DISCARD
2650 * THEM. We elect to NOT generate SACK's if the chunk fails
2651 * the verification tag test.
2653 * RFC 2960 6.2 Acknowledgement on Reception of DATA Chunks
2655 * The SCTP endpoint MUST always acknowledge the reception of
2656 * each valid DATA chunk.
2658 * The guidelines on delayed acknowledgement algorithm
2659 * specified in Section 4.2 of [RFC2581] SHOULD be followed.
2660 * Specifically, an acknowledgement SHOULD be generated for at
2661 * least every second packet (not every second DATA chunk)
2662 * received, and SHOULD be generated within 200 ms of the
2663 * arrival of any unacknowledged DATA chunk. In some
2664 * situations it may be beneficial for an SCTP transmitter to
2665 * be more conservative than the algorithms detailed in this
2666 * document allow. However, an SCTP transmitter MUST NOT be
2667 * more aggressive than the following algorithms allow.
2669 if (chunk->end_of_packet) {
2670 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_NOFORCE());
2672 /* Start the SACK timer. */
2673 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2674 SCTP_TO(SCTP_EVENT_TIMEOUT_SACK));
2677 return SCTP_DISPOSITION_CONSUME;
2680 /* RFC 2960 6.2 Acknowledgement on Reception of DATA Chunks
2682 * When a packet arrives with duplicate DATA chunk(s) and with
2683 * no new DATA chunk(s), the endpoint MUST immediately send a
2684 * SACK with no delay. If a packet arrives with duplicate
2685 * DATA chunk(s) bundled with new DATA chunks, the endpoint
2686 * MAY immediately send a SACK. Normally receipt of duplicate
2687 * DATA chunks will occur when the original SACK chunk was lost
2688 * and the peer's RTO has expired. The duplicate TSN number(s)
2689 * SHOULD be reported in the SACK as duplicate.
2691 /* In our case, we split the MAY SACK advice up whether or not
2692 * the last chunk is a duplicate.'
2694 if (chunk->end_of_packet)
2695 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
2696 return SCTP_DISPOSITION_DISCARD;
2699 if (chunk->end_of_packet) {
2700 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_NOFORCE());
2702 /* Start the SACK timer. */
2703 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2704 SCTP_TO(SCTP_EVENT_TIMEOUT_SACK));
2706 return SCTP_DISPOSITION_DISCARD;
2708 return SCTP_DISPOSITION_CONSUME;
2713 * sctp_sf_eat_data_fast_4_4
2716 * (4) In SHUTDOWN-SENT state the endpoint MUST acknowledge any received
2717 * DATA chunks without delay.
2719 * Verification Tag: 8.5 Verification Tag [Normal verification]
2721 * (endpoint, asoc, chunk)
2724 * (asoc, reply_msg, msg_up, timers, counters)
2726 * The return value is the disposition of the chunk.
2728 sctp_disposition_t sctp_sf_eat_data_fast_4_4(const struct sctp_endpoint *ep,
2729 const struct sctp_association *asoc,
2730 const sctp_subtype_t type,
2732 sctp_cmd_seq_t *commands)
2734 struct sctp_chunk *chunk = arg;
2737 if (!sctp_vtag_verify(chunk, asoc)) {
2738 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
2740 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2744 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_data_chunk_t)))
2745 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2748 error = sctp_eat_data(asoc, chunk, commands );
2750 case SCTP_IERROR_NO_ERROR:
2751 case SCTP_IERROR_HIGH_TSN:
2752 case SCTP_IERROR_DUP_TSN:
2753 case SCTP_IERROR_IGNORE_TSN:
2754 case SCTP_IERROR_BAD_STREAM:
2756 case SCTP_IERROR_NO_DATA:
2762 /* Go a head and force a SACK, since we are shutting down. */
2764 /* Implementor's Guide.
2766 * While in SHUTDOWN-SENT state, the SHUTDOWN sender MUST immediately
2767 * respond to each received packet containing one or more DATA chunk(s)
2768 * with a SACK, a SHUTDOWN chunk, and restart the T2-shutdown timer
2770 if (chunk->end_of_packet) {
2771 /* We must delay the chunk creation since the cumulative
2772 * TSN has not been updated yet.
2774 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SHUTDOWN, SCTP_NULL());
2775 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
2776 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2777 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
2781 return SCTP_DISPOSITION_CONSUME;
2785 * Section: 6.2 Processing a Received SACK
2786 * D) Any time a SACK arrives, the endpoint performs the following:
2788 * i) If Cumulative TSN Ack is less than the Cumulative TSN Ack Point,
2789 * then drop the SACK. Since Cumulative TSN Ack is monotonically
2790 * increasing, a SACK whose Cumulative TSN Ack is less than the
2791 * Cumulative TSN Ack Point indicates an out-of-order SACK.
2793 * ii) Set rwnd equal to the newly received a_rwnd minus the number
2794 * of bytes still outstanding after processing the Cumulative TSN Ack
2795 * and the Gap Ack Blocks.
2797 * iii) If the SACK is missing a TSN that was previously
2798 * acknowledged via a Gap Ack Block (e.g., the data receiver
2799 * reneged on the data), then mark the corresponding DATA chunk
2800 * as available for retransmit: Mark it as missing for fast
2801 * retransmit as described in Section 7.2.4 and if no retransmit
2802 * timer is running for the destination address to which the DATA
2803 * chunk was originally transmitted, then T3-rtx is started for
2804 * that destination address.
2806 * Verification Tag: 8.5 Verification Tag [Normal verification]
2809 * (endpoint, asoc, chunk)
2812 * (asoc, reply_msg, msg_up, timers, counters)
2814 * The return value is the disposition of the chunk.
2816 sctp_disposition_t sctp_sf_eat_sack_6_2(const struct sctp_endpoint *ep,
2817 const struct sctp_association *asoc,
2818 const sctp_subtype_t type,
2820 sctp_cmd_seq_t *commands)
2822 struct sctp_chunk *chunk = arg;
2823 sctp_sackhdr_t *sackh;
2826 if (!sctp_vtag_verify(chunk, asoc))
2827 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2829 /* Make sure that the SACK chunk has a valid length. */
2830 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_sack_chunk_t)))
2831 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2834 /* Pull the SACK chunk from the data buffer */
2835 sackh = sctp_sm_pull_sack(chunk);
2836 /* Was this a bogus SACK? */
2838 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2839 chunk->subh.sack_hdr = sackh;
2840 ctsn = ntohl(sackh->cum_tsn_ack);
2842 /* i) If Cumulative TSN Ack is less than the Cumulative TSN
2843 * Ack Point, then drop the SACK. Since Cumulative TSN
2844 * Ack is monotonically increasing, a SACK whose
2845 * Cumulative TSN Ack is less than the Cumulative TSN Ack
2846 * Point indicates an out-of-order SACK.
2848 if (TSN_lt(ctsn, asoc->ctsn_ack_point)) {
2849 SCTP_DEBUG_PRINTK("ctsn %x\n", ctsn);
2850 SCTP_DEBUG_PRINTK("ctsn_ack_point %x\n", asoc->ctsn_ack_point);
2851 return SCTP_DISPOSITION_DISCARD;
2854 /* Return this SACK for further processing. */
2855 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_SACK, SCTP_SACKH(sackh));
2857 /* Note: We do the rest of the work on the PROCESS_SACK
2860 return SCTP_DISPOSITION_CONSUME;
2864 * Generate an ABORT in response to a packet.
2866 * Section: 8.4 Handle "Out of the blue" Packets
2868 * 8) The receiver should respond to the sender of the OOTB packet
2869 * with an ABORT. When sending the ABORT, the receiver of the
2870 * OOTB packet MUST fill in the Verification Tag field of the
2871 * outbound packet with the value found in the Verification Tag
2872 * field of the OOTB packet and set the T-bit in the Chunk Flags
2873 * to indicate that no TCB was found. After sending this ABORT,
2874 * the receiver of the OOTB packet shall discard the OOTB packet
2875 * and take no further action.
2879 * The return value is the disposition of the chunk.
2881 sctp_disposition_t sctp_sf_tabort_8_4_8(const struct sctp_endpoint *ep,
2882 const struct sctp_association *asoc,
2883 const sctp_subtype_t type,
2885 sctp_cmd_seq_t *commands)
2887 struct sctp_packet *packet = NULL;
2888 struct sctp_chunk *chunk = arg;
2889 struct sctp_chunk *abort;
2891 packet = sctp_ootb_pkt_new(asoc, chunk);
2894 /* Make an ABORT. The T bit will be set if the asoc
2897 abort = sctp_make_abort(asoc, chunk, 0);
2899 sctp_ootb_pkt_free(packet);
2900 return SCTP_DISPOSITION_NOMEM;
2903 /* Set the skb to the belonging sock for accounting. */
2904 abort->skb->sk = ep->base.sk;
2906 sctp_packet_append_chunk(packet, abort);
2908 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
2909 SCTP_PACKET(packet));
2911 SCTP_INC_STATS(SctpOutCtrlChunks);
2913 return SCTP_DISPOSITION_CONSUME;
2916 return SCTP_DISPOSITION_NOMEM;
2920 * Received an ERROR chunk from peer. Generate SCTP_REMOTE_ERROR
2921 * event as ULP notification for each cause included in the chunk.
2923 * API 5.3.1.3 - SCTP_REMOTE_ERROR
2925 * The return value is the disposition of the chunk.
2927 sctp_disposition_t sctp_sf_operr_notify(const struct sctp_endpoint *ep,
2928 const struct sctp_association *asoc,
2929 const sctp_subtype_t type,
2931 sctp_cmd_seq_t *commands)
2933 struct sctp_chunk *chunk = arg;
2934 struct sctp_ulpevent *ev;
2936 if (!sctp_vtag_verify(chunk, asoc))
2937 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2939 /* Make sure that the ERROR chunk has a valid length. */
2940 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_operr_chunk_t)))
2941 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2944 while (chunk->chunk_end > chunk->skb->data) {
2945 ev = sctp_ulpevent_make_remote_error(asoc, chunk, 0,
2950 if (!sctp_add_cmd(commands, SCTP_CMD_EVENT_ULP,
2951 SCTP_ULPEVENT(ev))) {
2952 sctp_ulpevent_free(ev);
2956 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_OPERR,
2959 return SCTP_DISPOSITION_CONSUME;
2962 return SCTP_DISPOSITION_NOMEM;
2966 * Process an inbound SHUTDOWN ACK.
2969 * Upon the receipt of the SHUTDOWN ACK, the SHUTDOWN sender shall
2970 * stop the T2-shutdown timer, send a SHUTDOWN COMPLETE chunk to its
2971 * peer, and remove all record of the association.
2973 * The return value is the disposition.
2975 sctp_disposition_t sctp_sf_do_9_2_final(const struct sctp_endpoint *ep,
2976 const struct sctp_association *asoc,
2977 const sctp_subtype_t type,
2979 sctp_cmd_seq_t *commands)
2981 struct sctp_chunk *chunk = arg;
2982 struct sctp_chunk *reply;
2983 struct sctp_ulpevent *ev;
2985 if (!sctp_vtag_verify(chunk, asoc))
2986 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2988 /* Make sure that the SHUTDOWN_ACK chunk has a valid length. */
2989 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
2990 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2993 /* 10.2 H) SHUTDOWN COMPLETE notification
2995 * When SCTP completes the shutdown procedures (section 9.2) this
2996 * notification is passed to the upper layer.
2998 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_SHUTDOWN_COMP,
2999 0, 0, 0, GFP_ATOMIC);
3003 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
3005 /* Upon the receipt of the SHUTDOWN ACK, the SHUTDOWN sender shall
3006 * stop the T2-shutdown timer,
3008 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3009 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
3011 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3012 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
3014 /* ...send a SHUTDOWN COMPLETE chunk to its peer, */
3015 reply = sctp_make_shutdown_complete(asoc, chunk);
3019 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
3020 SCTP_STATE(SCTP_STATE_CLOSED));
3021 SCTP_INC_STATS(SctpShutdowns);
3022 SCTP_DEC_STATS(SctpCurrEstab);
3023 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
3025 /* ...and remove all record of the association. */
3026 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
3027 return SCTP_DISPOSITION_DELETE_TCB;
3030 return SCTP_DISPOSITION_NOMEM;
3034 * RFC 2960, 8.4 - Handle "Out of the blue" Packets
3035 * 5) If the packet contains a SHUTDOWN ACK chunk, the receiver should
3036 * respond to the sender of the OOTB packet with a SHUTDOWN COMPLETE.
3037 * When sending the SHUTDOWN COMPLETE, the receiver of the OOTB
3038 * packet must fill in the Verification Tag field of the outbound
3039 * packet with the Verification Tag received in the SHUTDOWN ACK and
3040 * set the T-bit in the Chunk Flags to indicate that no TCB was
3043 * 8) The receiver should respond to the sender of the OOTB packet with
3044 * an ABORT. When sending the ABORT, the receiver of the OOTB packet
3045 * MUST fill in the Verification Tag field of the outbound packet
3046 * with the value found in the Verification Tag field of the OOTB
3047 * packet and set the T-bit in the Chunk Flags to indicate that no
3048 * TCB was found. After sending this ABORT, the receiver of the OOTB
3049 * packet shall discard the OOTB packet and take no further action.
3051 sctp_disposition_t sctp_sf_ootb(const struct sctp_endpoint *ep,
3052 const struct sctp_association *asoc,
3053 const sctp_subtype_t type,
3055 sctp_cmd_seq_t *commands)
3057 struct sctp_chunk *chunk = arg;
3058 struct sk_buff *skb = chunk->skb;
3059 sctp_chunkhdr_t *ch;
3061 int ootb_shut_ack = 0;
3063 SCTP_INC_STATS(SctpOutOfBlues);
3065 ch = (sctp_chunkhdr_t *) chunk->chunk_hdr;
3067 /* Break out if chunk length is less then minimal. */
3068 if (ntohs(ch->length) < sizeof(sctp_chunkhdr_t))
3071 ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length));
3073 if (SCTP_CID_SHUTDOWN_ACK == ch->type)
3076 /* RFC 2960, Section 3.3.7
3077 * Moreover, under any circumstances, an endpoint that
3078 * receives an ABORT MUST NOT respond to that ABORT by
3079 * sending an ABORT of its own.
3081 if (SCTP_CID_ABORT == ch->type)
3082 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3084 ch = (sctp_chunkhdr_t *) ch_end;
3085 } while (ch_end < skb->tail);
3088 sctp_sf_shut_8_4_5(ep, asoc, type, arg, commands);
3090 sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
3092 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3096 * Handle an "Out of the blue" SHUTDOWN ACK.
3099 * 5) If the packet contains a SHUTDOWN ACK chunk, the receiver should
3100 * respond to the sender of the OOTB packet with a SHUTDOWN COMPLETE.
3101 * When sending the SHUTDOWN COMPLETE, the receiver of the OOTB packet
3102 * must fill in the Verification Tag field of the outbound packet with
3103 * the Verification Tag received in the SHUTDOWN ACK and set the
3104 * T-bit in the Chunk Flags to indicate that no TCB was found.
3107 * (endpoint, asoc, type, arg, commands)
3110 * (sctp_disposition_t)
3112 * The return value is the disposition of the chunk.
3114 static sctp_disposition_t sctp_sf_shut_8_4_5(const struct sctp_endpoint *ep,
3115 const struct sctp_association *asoc,
3116 const sctp_subtype_t type,
3118 sctp_cmd_seq_t *commands)
3120 struct sctp_packet *packet = NULL;
3121 struct sctp_chunk *chunk = arg;
3122 struct sctp_chunk *shut;
3124 packet = sctp_ootb_pkt_new(asoc, chunk);
3127 /* Make an SHUTDOWN_COMPLETE.
3128 * The T bit will be set if the asoc is NULL.
3130 shut = sctp_make_shutdown_complete(asoc, chunk);
3132 sctp_ootb_pkt_free(packet);
3133 return SCTP_DISPOSITION_NOMEM;
3136 /* Set the skb to the belonging sock for accounting. */
3137 shut->skb->sk = ep->base.sk;
3139 sctp_packet_append_chunk(packet, shut);
3141 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
3142 SCTP_PACKET(packet));
3144 SCTP_INC_STATS(SctpOutCtrlChunks);
3146 /* If the chunk length is invalid, we don't want to process
3147 * the reset of the packet.
3149 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
3150 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3152 return SCTP_DISPOSITION_CONSUME;
3155 return SCTP_DISPOSITION_NOMEM;
3159 * Handle SHUTDOWN ACK in COOKIE_ECHOED or COOKIE_WAIT state.
3161 * Verification Tag: 8.5.1 E) Rules for packet carrying a SHUTDOWN ACK
3162 * If the receiver is in COOKIE-ECHOED or COOKIE-WAIT state the
3163 * procedures in section 8.4 SHOULD be followed, in other words it
3164 * should be treated as an Out Of The Blue packet.
3165 * [This means that we do NOT check the Verification Tag on these
3169 sctp_disposition_t sctp_sf_do_8_5_1_E_sa(const struct sctp_endpoint *ep,
3170 const struct sctp_association *asoc,
3171 const sctp_subtype_t type,
3173 sctp_cmd_seq_t *commands)
3175 /* Although we do have an association in this case, it corresponds
3176 * to a restarted association. So the packet is treated as an OOTB
3177 * packet and the state function that handles OOTB SHUTDOWN_ACK is
3178 * called with a NULL association.
3180 return sctp_sf_shut_8_4_5(ep, NULL, type, arg, commands);
3183 /* ADDIP Section 4.2 Upon reception of an ASCONF Chunk. */
3184 sctp_disposition_t sctp_sf_do_asconf(const struct sctp_endpoint *ep,
3185 const struct sctp_association *asoc,
3186 const sctp_subtype_t type, void *arg,
3187 sctp_cmd_seq_t *commands)
3189 struct sctp_chunk *chunk = arg;
3190 struct sctp_chunk *asconf_ack = NULL;
3191 sctp_addiphdr_t *hdr;
3194 if (!sctp_vtag_verify(chunk, asoc)) {
3195 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
3197 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3200 /* Make sure that the ASCONF ADDIP chunk has a valid length. */
3201 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_addip_chunk_t)))
3202 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3205 hdr = (sctp_addiphdr_t *)chunk->skb->data;
3206 serial = ntohl(hdr->serial);
3208 /* ADDIP 4.2 C1) Compare the value of the serial number to the value
3209 * the endpoint stored in a new association variable
3210 * 'Peer-Serial-Number'.
3212 if (serial == asoc->peer.addip_serial + 1) {
3213 /* ADDIP 4.2 C2) If the value found in the serial number is
3214 * equal to the ('Peer-Serial-Number' + 1), the endpoint MUST
3217 asconf_ack = sctp_process_asconf((struct sctp_association *)
3220 return SCTP_DISPOSITION_NOMEM;
3221 } else if (serial == asoc->peer.addip_serial) {
3222 /* ADDIP 4.2 C3) If the value found in the serial number is
3223 * equal to the value stored in the 'Peer-Serial-Number'
3224 * IMPLEMENTATION NOTE: As an optimization a receiver may wish
3225 * to save the last ASCONF-ACK for some predetermined period of
3226 * time and instead of re-processing the ASCONF (with the same
3227 * serial number) it may just re-transmit the ASCONF-ACK.
3229 if (asoc->addip_last_asconf_ack)
3230 asconf_ack = asoc->addip_last_asconf_ack;
3232 return SCTP_DISPOSITION_DISCARD;
3234 /* ADDIP 4.2 C4) Otherwise, the ASCONF Chunk is discarded since
3235 * it must be either a stale packet or from an attacker.
3237 return SCTP_DISPOSITION_DISCARD;
3240 /* ADDIP 4.2 C5) In both cases C2 and C3 the ASCONF-ACK MUST be sent
3241 * back to the source address contained in the IP header of the ASCONF
3242 * being responded to.
3244 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(asconf_ack));
3246 return SCTP_DISPOSITION_CONSUME;
3250 * ADDIP Section 4.3 General rules for address manipulation
3251 * When building TLV parameters for the ASCONF Chunk that will add or
3252 * delete IP addresses the D0 to D13 rules should be applied:
3254 sctp_disposition_t sctp_sf_do_asconf_ack(const struct sctp_endpoint *ep,
3255 const struct sctp_association *asoc,
3256 const sctp_subtype_t type, void *arg,
3257 sctp_cmd_seq_t *commands)
3259 struct sctp_chunk *asconf_ack = arg;
3260 struct sctp_chunk *last_asconf = asoc->addip_last_asconf;
3261 struct sctp_chunk *abort;
3262 sctp_addiphdr_t *addip_hdr;
3263 __u32 sent_serial, rcvd_serial;
3265 if (!sctp_vtag_verify(asconf_ack, asoc)) {
3266 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
3268 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3271 /* Make sure that the ADDIP chunk has a valid length. */
3272 if (!sctp_chunk_length_valid(asconf_ack, sizeof(sctp_addip_chunk_t)))
3273 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3276 addip_hdr = (sctp_addiphdr_t *)asconf_ack->skb->data;
3277 rcvd_serial = ntohl(addip_hdr->serial);
3280 addip_hdr = (sctp_addiphdr_t *)last_asconf->subh.addip_hdr;
3281 sent_serial = ntohl(addip_hdr->serial);
3283 sent_serial = asoc->addip_serial - 1;
3286 /* D0) If an endpoint receives an ASCONF-ACK that is greater than or
3287 * equal to the next serial number to be used but no ASCONF chunk is
3288 * outstanding the endpoint MUST ABORT the association. Note that a
3289 * sequence number is greater than if it is no more than 2^^31-1
3290 * larger than the current sequence number (using serial arithmetic).
3292 if (ADDIP_SERIAL_gte(rcvd_serial, sent_serial + 1) &&
3293 !(asoc->addip_last_asconf)) {
3294 abort = sctp_make_abort(asoc, asconf_ack,
3295 sizeof(sctp_errhdr_t));
3297 sctp_init_cause(abort, SCTP_ERROR_ASCONF_ACK, NULL, 0);
3298 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
3301 /* We are going to ABORT, so we might as well stop
3302 * processing the rest of the chunks in the packet.
3304 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3305 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
3306 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL());
3307 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
3308 SCTP_U32(SCTP_ERROR_ASCONF_ACK));
3309 SCTP_INC_STATS(SctpAborteds);
3310 SCTP_DEC_STATS(SctpCurrEstab);
3311 return SCTP_DISPOSITION_ABORT;
3314 if ((rcvd_serial == sent_serial) && asoc->addip_last_asconf) {
3315 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3316 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
3318 if (!sctp_process_asconf_ack((struct sctp_association *)asoc,
3320 return SCTP_DISPOSITION_CONSUME;
3322 abort = sctp_make_abort(asoc, asconf_ack,
3323 sizeof(sctp_errhdr_t));
3325 sctp_init_cause(abort, SCTP_ERROR_RSRC_LOW, NULL, 0);
3326 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
3329 /* We are going to ABORT, so we might as well stop
3330 * processing the rest of the chunks in the packet.
3332 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL());
3333 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
3334 SCTP_U32(SCTP_ERROR_ASCONF_ACK));
3335 SCTP_INC_STATS(SctpAborteds);
3336 SCTP_DEC_STATS(SctpCurrEstab);
3337 return SCTP_DISPOSITION_ABORT;
3340 return SCTP_DISPOSITION_DISCARD;
3344 * PR-SCTP Section 3.6 Receiver Side Implementation of PR-SCTP
3346 * When a FORWARD TSN chunk arrives, the data receiver MUST first update
3347 * its cumulative TSN point to the value carried in the FORWARD TSN
3348 * chunk, and then MUST further advance its cumulative TSN point locally
3350 * After the above processing, the data receiver MUST stop reporting any
3351 * missing TSNs earlier than or equal to the new cumulative TSN point.
3353 * Verification Tag: 8.5 Verification Tag [Normal verification]
3355 * The return value is the disposition of the chunk.
3357 sctp_disposition_t sctp_sf_eat_fwd_tsn(const struct sctp_endpoint *ep,
3358 const struct sctp_association *asoc,
3359 const sctp_subtype_t type,
3361 sctp_cmd_seq_t *commands)
3363 struct sctp_chunk *chunk = arg;
3364 struct sctp_fwdtsn_hdr *fwdtsn_hdr;
3368 if (!sctp_vtag_verify(chunk, asoc)) {
3369 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
3371 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3374 /* Make sure that the FORWARD_TSN chunk has valid length. */
3375 if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_fwdtsn_chunk)))
3376 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3379 fwdtsn_hdr = (struct sctp_fwdtsn_hdr *)chunk->skb->data;
3380 chunk->subh.fwdtsn_hdr = fwdtsn_hdr;
3381 len = ntohs(chunk->chunk_hdr->length);
3382 len -= sizeof(struct sctp_chunkhdr);
3383 skb_pull(chunk->skb, len);
3385 tsn = ntohl(fwdtsn_hdr->new_cum_tsn);
3386 SCTP_DEBUG_PRINTK("%s: TSN 0x%x.\n", __FUNCTION__, tsn);
3388 /* The TSN is too high--silently discard the chunk and count on it
3389 * getting retransmitted later.
3391 if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
3392 goto discard_noforce;
3394 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_FWDTSN, SCTP_U32(tsn));
3395 if (len > sizeof(struct sctp_fwdtsn_hdr))
3396 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_FWDTSN,
3399 /* Count this as receiving DATA. */
3400 if (asoc->autoclose) {
3401 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
3402 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
3405 /* FIXME: For now send a SACK, but DATA processing may
3408 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_NOFORCE());
3409 /* Start the SACK timer. */
3410 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
3411 SCTP_TO(SCTP_EVENT_TIMEOUT_SACK));
3413 return SCTP_DISPOSITION_CONSUME;
3416 return SCTP_DISPOSITION_DISCARD;
3419 sctp_disposition_t sctp_sf_eat_fwd_tsn_fast(
3420 const struct sctp_endpoint *ep,
3421 const struct sctp_association *asoc,
3422 const sctp_subtype_t type,
3424 sctp_cmd_seq_t *commands)
3426 struct sctp_chunk *chunk = arg;
3427 struct sctp_fwdtsn_hdr *fwdtsn_hdr;
3431 if (!sctp_vtag_verify(chunk, asoc)) {
3432 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
3434 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3437 /* Make sure that the FORWARD_TSN chunk has a valid length. */
3438 if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_fwdtsn_chunk)))
3439 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3442 fwdtsn_hdr = (struct sctp_fwdtsn_hdr *)chunk->skb->data;
3443 chunk->subh.fwdtsn_hdr = fwdtsn_hdr;
3444 len = ntohs(chunk->chunk_hdr->length);
3445 len -= sizeof(struct sctp_chunkhdr);
3446 skb_pull(chunk->skb, len);
3448 tsn = ntohl(fwdtsn_hdr->new_cum_tsn);
3449 SCTP_DEBUG_PRINTK("%s: TSN 0x%x.\n", __FUNCTION__, tsn);
3451 /* The TSN is too high--silently discard the chunk and count on it
3452 * getting retransmitted later.
3454 if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
3457 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_FWDTSN, SCTP_U32(tsn));
3458 if (len > sizeof(struct sctp_fwdtsn_hdr))
3459 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_FWDTSN,
3462 /* Go a head and force a SACK, since we are shutting down. */
3464 /* Implementor's Guide.
3466 * While in SHUTDOWN-SENT state, the SHUTDOWN sender MUST immediately
3467 * respond to each received packet containing one or more DATA chunk(s)
3468 * with a SACK, a SHUTDOWN chunk, and restart the T2-shutdown timer
3470 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SHUTDOWN, SCTP_NULL());
3471 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
3472 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
3473 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
3475 return SCTP_DISPOSITION_CONSUME;
3479 * Process an unknown chunk.
3481 * Section: 3.2. Also, 2.1 in the implementor's guide.
3483 * Chunk Types are encoded such that the highest-order two bits specify
3484 * the action that must be taken if the processing endpoint does not
3485 * recognize the Chunk Type.
3487 * 00 - Stop processing this SCTP packet and discard it, do not process
3488 * any further chunks within it.
3490 * 01 - Stop processing this SCTP packet and discard it, do not process
3491 * any further chunks within it, and report the unrecognized
3492 * chunk in an 'Unrecognized Chunk Type'.
3494 * 10 - Skip this chunk and continue processing.
3496 * 11 - Skip this chunk and continue processing, but report in an ERROR
3497 * Chunk using the 'Unrecognized Chunk Type' cause of error.
3499 * The return value is the disposition of the chunk.
3501 sctp_disposition_t sctp_sf_unk_chunk(const struct sctp_endpoint *ep,
3502 const struct sctp_association *asoc,
3503 const sctp_subtype_t type,
3505 sctp_cmd_seq_t *commands)
3507 struct sctp_chunk *unk_chunk = arg;
3508 struct sctp_chunk *err_chunk;
3509 sctp_chunkhdr_t *hdr;
3511 SCTP_DEBUG_PRINTK("Processing the unknown chunk id %d.\n", type.chunk);
3513 if (!sctp_vtag_verify(unk_chunk, asoc))
3514 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3516 /* Make sure that the chunk has a valid length.
3517 * Since we don't know the chunk type, we use a general
3518 * chunkhdr structure to make a comparison.
3520 if (!sctp_chunk_length_valid(unk_chunk, sizeof(sctp_chunkhdr_t)))
3521 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3524 switch (type.chunk & SCTP_CID_ACTION_MASK) {
3525 case SCTP_CID_ACTION_DISCARD:
3526 /* Discard the packet. */
3527 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3529 case SCTP_CID_ACTION_DISCARD_ERR:
3530 /* Discard the packet. */
3531 sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3533 /* Generate an ERROR chunk as response. */
3534 hdr = unk_chunk->chunk_hdr;
3535 err_chunk = sctp_make_op_error(asoc, unk_chunk,
3536 SCTP_ERROR_UNKNOWN_CHUNK, hdr,
3537 WORD_ROUND(ntohs(hdr->length)));
3539 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
3540 SCTP_CHUNK(err_chunk));
3542 return SCTP_DISPOSITION_CONSUME;
3544 case SCTP_CID_ACTION_SKIP:
3545 /* Skip the chunk. */
3546 return SCTP_DISPOSITION_DISCARD;
3548 case SCTP_CID_ACTION_SKIP_ERR:
3549 /* Generate an ERROR chunk as response. */
3550 hdr = unk_chunk->chunk_hdr;
3551 err_chunk = sctp_make_op_error(asoc, unk_chunk,
3552 SCTP_ERROR_UNKNOWN_CHUNK, hdr,
3553 WORD_ROUND(ntohs(hdr->length)));
3555 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
3556 SCTP_CHUNK(err_chunk));
3558 /* Skip the chunk. */
3559 return SCTP_DISPOSITION_CONSUME;
3565 return SCTP_DISPOSITION_DISCARD;
3569 * Discard the chunk.
3571 * Section: 0.2, 5.2.3, 5.2.5, 5.2.6, 6.0, 8.4.6, 8.5.1c, 9.2
3572 * [Too numerous to mention...]
3573 * Verification Tag: No verification needed.
3575 * (endpoint, asoc, chunk)
3578 * (asoc, reply_msg, msg_up, timers, counters)
3580 * The return value is the disposition of the chunk.
3582 sctp_disposition_t sctp_sf_discard_chunk(const struct sctp_endpoint *ep,
3583 const struct sctp_association *asoc,
3584 const sctp_subtype_t type,
3586 sctp_cmd_seq_t *commands)
3588 SCTP_DEBUG_PRINTK("Chunk %d is discarded\n", type.chunk);
3589 return SCTP_DISPOSITION_DISCARD;
3593 * Discard the whole packet.
3597 * 2) If the OOTB packet contains an ABORT chunk, the receiver MUST
3598 * silently discard the OOTB packet and take no further action.
3601 * Verification Tag: No verification necessary
3604 * (endpoint, asoc, chunk)
3607 * (asoc, reply_msg, msg_up, timers, counters)
3609 * The return value is the disposition of the chunk.
3611 sctp_disposition_t sctp_sf_pdiscard(const struct sctp_endpoint *ep,
3612 const struct sctp_association *asoc,
3613 const sctp_subtype_t type,
3615 sctp_cmd_seq_t *commands)
3617 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET, SCTP_NULL());
3619 return SCTP_DISPOSITION_CONSUME;
3624 * The other end is violating protocol.
3626 * Section: Not specified
3627 * Verification Tag: Not specified
3629 * (endpoint, asoc, chunk)
3632 * (asoc, reply_msg, msg_up, timers, counters)
3634 * We simply tag the chunk as a violation. The state machine will log
3635 * the violation and continue.
3637 sctp_disposition_t sctp_sf_violation(const struct sctp_endpoint *ep,
3638 const struct sctp_association *asoc,
3639 const sctp_subtype_t type,
3641 sctp_cmd_seq_t *commands)
3643 return SCTP_DISPOSITION_VIOLATION;
3648 * Handle a protocol violation when the chunk length is invalid.
3649 * "Invalid" length is identified as smaller then the minimal length a
3650 * given chunk can be. For example, a SACK chunk has invalid length
3651 * if it's length is set to be smaller then the size of sctp_sack_chunk_t.
3653 * We inform the other end by sending an ABORT with a Protocol Violation
3656 * Section: Not specified
3657 * Verification Tag: Nothing to do
3659 * (endpoint, asoc, chunk)
3662 * (reply_msg, msg_up, counters)
3664 * Generate an ABORT chunk and terminate the association.
3666 sctp_disposition_t sctp_sf_violation_chunklen(const struct sctp_endpoint *ep,
3667 const struct sctp_association *asoc,
3668 const sctp_subtype_t type,
3670 sctp_cmd_seq_t *commands)
3672 struct sctp_chunk *chunk = arg;
3673 struct sctp_chunk *abort = NULL;
3674 char err_str[]="The following chunk had invalid length:";
3676 /* Make the abort chunk. */
3677 abort = sctp_make_abort_violation(asoc, chunk, err_str,
3682 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
3683 SCTP_INC_STATS(SctpOutCtrlChunks);
3685 if (asoc->state <= SCTP_STATE_COOKIE_ECHOED) {
3686 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3687 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
3688 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
3689 SCTP_U32(SCTP_ERROR_PROTO_VIOLATION));
3691 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
3692 SCTP_U32(SCTP_ERROR_PROTO_VIOLATION));
3693 SCTP_DEC_STATS(SctpCurrEstab);
3696 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET, SCTP_NULL());
3698 SCTP_INC_STATS(SctpAborteds);
3700 return SCTP_DISPOSITION_ABORT;
3703 return SCTP_DISPOSITION_NOMEM;
3706 /***************************************************************************
3707 * These are the state functions for handling primitive (Section 10) events.
3708 ***************************************************************************/
3710 * sctp_sf_do_prm_asoc
3712 * Section: 10.1 ULP-to-SCTP
3715 * Format: ASSOCIATE(local SCTP instance name, destination transport addr,
3716 * outbound stream count)
3717 * -> association id [,destination transport addr list] [,outbound stream
3720 * This primitive allows the upper layer to initiate an association to a
3721 * specific peer endpoint.
3723 * The peer endpoint shall be specified by one of the transport addresses
3724 * which defines the endpoint (see Section 1.4). If the local SCTP
3725 * instance has not been initialized, the ASSOCIATE is considered an
3727 * [This is not relevant for the kernel implementation since we do all
3728 * initialization at boot time. It we hadn't initialized we wouldn't
3729 * get anywhere near this code.]
3731 * An association id, which is a local handle to the SCTP association,
3732 * will be returned on successful establishment of the association. If
3733 * SCTP is not able to open an SCTP association with the peer endpoint,
3734 * an error is returned.
3735 * [In the kernel implementation, the struct sctp_association needs to
3736 * be created BEFORE causing this primitive to run.]
3738 * Other association parameters may be returned, including the
3739 * complete destination transport addresses of the peer as well as the
3740 * outbound stream count of the local endpoint. One of the transport
3741 * address from the returned destination addresses will be selected by
3742 * the local endpoint as default primary path for sending SCTP packets
3743 * to this peer. The returned "destination transport addr list" can
3744 * be used by the ULP to change the default primary path or to force
3745 * sending a packet to a specific transport address. [All of this
3746 * stuff happens when the INIT ACK arrives. This is a NON-BLOCKING
3749 * Mandatory attributes:
3751 * o local SCTP instance name - obtained from the INITIALIZE operation.
3752 * [This is the argument asoc.]
3753 * o destination transport addr - specified as one of the transport
3754 * addresses of the peer endpoint with which the association is to be
3756 * [This is asoc->peer.active_path.]
3757 * o outbound stream count - the number of outbound streams the ULP
3758 * would like to open towards this peer endpoint.
3759 * [BUG: This is not currently implemented.]
3760 * Optional attributes:
3764 * The return value is a disposition.
3766 sctp_disposition_t sctp_sf_do_prm_asoc(const struct sctp_endpoint *ep,
3767 const struct sctp_association *asoc,
3768 const sctp_subtype_t type,
3770 sctp_cmd_seq_t *commands)
3772 struct sctp_chunk *repl;
3774 /* The comment below says that we enter COOKIE-WAIT AFTER
3775 * sending the INIT, but that doesn't actually work in our
3778 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
3779 SCTP_STATE(SCTP_STATE_COOKIE_WAIT));
3781 /* RFC 2960 5.1 Normal Establishment of an Association
3783 * A) "A" first sends an INIT chunk to "Z". In the INIT, "A"
3784 * must provide its Verification Tag (Tag_A) in the Initiate
3785 * Tag field. Tag_A SHOULD be a random number in the range of
3786 * 1 to 4294967295 (see 5.3.1 for Tag value selection). ...
3789 repl = sctp_make_init(asoc, &asoc->base.bind_addr, GFP_ATOMIC, 0);
3793 /* Cast away the const modifier, as we want to just
3794 * rerun it through as a sideffect.
3796 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC,
3797 SCTP_ASOC((struct sctp_association *) asoc));
3799 /* After sending the INIT, "A" starts the T1-init timer and
3800 * enters the COOKIE-WAIT state.
3802 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
3803 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
3804 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
3805 return SCTP_DISPOSITION_CONSUME;
3808 return SCTP_DISPOSITION_NOMEM;
3812 * Process the SEND primitive.
3814 * Section: 10.1 ULP-to-SCTP
3817 * Format: SEND(association id, buffer address, byte count [,context]
3818 * [,stream id] [,life time] [,destination transport address]
3819 * [,unorder flag] [,no-bundle flag] [,payload protocol-id] )
3822 * This is the main method to send user data via SCTP.
3824 * Mandatory attributes:
3826 * o association id - local handle to the SCTP association
3828 * o buffer address - the location where the user message to be
3829 * transmitted is stored;
3831 * o byte count - The size of the user data in number of bytes;
3833 * Optional attributes:
3835 * o context - an optional 32 bit integer that will be carried in the
3836 * sending failure notification to the ULP if the transportation of
3837 * this User Message fails.
3839 * o stream id - to indicate which stream to send the data on. If not
3840 * specified, stream 0 will be used.
3842 * o life time - specifies the life time of the user data. The user data
3843 * will not be sent by SCTP after the life time expires. This
3844 * parameter can be used to avoid efforts to transmit stale
3845 * user messages. SCTP notifies the ULP if the data cannot be
3846 * initiated to transport (i.e. sent to the destination via SCTP's
3847 * send primitive) within the life time variable. However, the
3848 * user data will be transmitted if SCTP has attempted to transmit a
3849 * chunk before the life time expired.
3851 * o destination transport address - specified as one of the destination
3852 * transport addresses of the peer endpoint to which this packet
3853 * should be sent. Whenever possible, SCTP should use this destination
3854 * transport address for sending the packets, instead of the current
3857 * o unorder flag - this flag, if present, indicates that the user
3858 * would like the data delivered in an unordered fashion to the peer
3859 * (i.e., the U flag is set to 1 on all DATA chunks carrying this
3862 * o no-bundle flag - instructs SCTP not to bundle this user data with
3863 * other outbound DATA chunks. SCTP MAY still bundle even when
3864 * this flag is present, when faced with network congestion.
3866 * o payload protocol-id - A 32 bit unsigned integer that is to be
3867 * passed to the peer indicating the type of payload protocol data
3868 * being transmitted. This value is passed as opaque data by SCTP.
3870 * The return value is the disposition.
3872 sctp_disposition_t sctp_sf_do_prm_send(const struct sctp_endpoint *ep,
3873 const struct sctp_association *asoc,
3874 const sctp_subtype_t type,
3876 sctp_cmd_seq_t *commands)
3878 struct sctp_chunk *chunk = arg;
3880 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(chunk));
3881 return SCTP_DISPOSITION_CONSUME;
3885 * Process the SHUTDOWN primitive.
3890 * Format: SHUTDOWN(association id)
3893 * Gracefully closes an association. Any locally queued user data
3894 * will be delivered to the peer. The association will be terminated only
3895 * after the peer acknowledges all the SCTP packets sent. A success code
3896 * will be returned on successful termination of the association. If
3897 * attempting to terminate the association results in a failure, an error
3898 * code shall be returned.
3900 * Mandatory attributes:
3902 * o association id - local handle to the SCTP association
3904 * Optional attributes:
3908 * The return value is the disposition.
3910 sctp_disposition_t sctp_sf_do_9_2_prm_shutdown(
3911 const struct sctp_endpoint *ep,
3912 const struct sctp_association *asoc,
3913 const sctp_subtype_t type,
3915 sctp_cmd_seq_t *commands)
3919 /* From 9.2 Shutdown of an Association
3920 * Upon receipt of the SHUTDOWN primitive from its upper
3921 * layer, the endpoint enters SHUTDOWN-PENDING state and
3922 * remains there until all outstanding data has been
3923 * acknowledged by its peer. The endpoint accepts no new data
3924 * from its upper layer, but retransmits data to the far end
3925 * if necessary to fill gaps.
3927 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
3928 SCTP_STATE(SCTP_STATE_SHUTDOWN_PENDING));
3930 /* sctpimpguide-05 Section 2.12.2
3931 * The sender of the SHUTDOWN MAY also start an overall guard timer
3932 * 'T5-shutdown-guard' to bound the overall time for shutdown sequence.
3934 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
3935 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
3937 disposition = SCTP_DISPOSITION_CONSUME;
3938 if (sctp_outq_is_empty(&asoc->outqueue)) {
3939 disposition = sctp_sf_do_9_2_start_shutdown(ep, asoc, type,
3946 * Process the ABORT primitive.
3951 * Format: Abort(association id [, cause code])
3954 * Ungracefully closes an association. Any locally queued user data
3955 * will be discarded and an ABORT chunk is sent to the peer. A success code
3956 * will be returned on successful abortion of the association. If
3957 * attempting to abort the association results in a failure, an error
3958 * code shall be returned.
3960 * Mandatory attributes:
3962 * o association id - local handle to the SCTP association
3964 * Optional attributes:
3966 * o cause code - reason of the abort to be passed to the peer
3970 * The return value is the disposition.
3972 sctp_disposition_t sctp_sf_do_9_1_prm_abort(
3973 const struct sctp_endpoint *ep,
3974 const struct sctp_association *asoc,
3975 const sctp_subtype_t type,
3977 sctp_cmd_seq_t *commands)
3979 /* From 9.1 Abort of an Association
3980 * Upon receipt of the ABORT primitive from its upper
3981 * layer, the endpoint enters CLOSED state and
3982 * discard all outstanding data has been
3983 * acknowledged by its peer. The endpoint accepts no new data
3984 * from its upper layer, but retransmits data to the far end
3985 * if necessary to fill gaps.
3987 struct msghdr *msg = arg;
3988 struct sctp_chunk *abort;
3989 sctp_disposition_t retval;
3991 retval = SCTP_DISPOSITION_CONSUME;
3993 /* Generate ABORT chunk to send the peer. */
3994 abort = sctp_make_abort_user(asoc, NULL, msg);
3996 retval = SCTP_DISPOSITION_NOMEM;
3998 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
4000 /* Even if we can't send the ABORT due to low memory delete the
4001 * TCB. This is a departure from our typical NOMEM handling.
4004 /* Delete the established association. */
4005 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4006 SCTP_U32(SCTP_ERROR_USER_ABORT));
4008 SCTP_INC_STATS(SctpAborteds);
4009 SCTP_DEC_STATS(SctpCurrEstab);
4014 /* We tried an illegal operation on an association which is closed. */
4015 sctp_disposition_t sctp_sf_error_closed(const struct sctp_endpoint *ep,
4016 const struct sctp_association *asoc,
4017 const sctp_subtype_t type,
4019 sctp_cmd_seq_t *commands)
4021 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_ERROR, SCTP_ERROR(-EINVAL));
4022 return SCTP_DISPOSITION_CONSUME;
4025 /* We tried an illegal operation on an association which is shutting
4028 sctp_disposition_t sctp_sf_error_shutdown(const struct sctp_endpoint *ep,
4029 const struct sctp_association *asoc,
4030 const sctp_subtype_t type,
4032 sctp_cmd_seq_t *commands)
4034 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_ERROR,
4035 SCTP_ERROR(-ESHUTDOWN));
4036 return SCTP_DISPOSITION_CONSUME;
4040 * sctp_cookie_wait_prm_shutdown
4042 * Section: 4 Note: 2
4047 * The RFC does not explicitly address this issue, but is the route through the
4048 * state table when someone issues a shutdown while in COOKIE_WAIT state.
4053 sctp_disposition_t sctp_sf_cookie_wait_prm_shutdown(
4054 const struct sctp_endpoint *ep,
4055 const struct sctp_association *asoc,
4056 const sctp_subtype_t type,
4058 sctp_cmd_seq_t *commands)
4060 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4061 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
4063 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4064 SCTP_STATE(SCTP_STATE_CLOSED));
4066 SCTP_INC_STATS(SctpShutdowns);
4068 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
4070 return SCTP_DISPOSITION_DELETE_TCB;
4074 * sctp_cookie_echoed_prm_shutdown
4076 * Section: 4 Note: 2
4081 * The RFC does not explcitly address this issue, but is the route through the
4082 * state table when someone issues a shutdown while in COOKIE_ECHOED state.
4087 sctp_disposition_t sctp_sf_cookie_echoed_prm_shutdown(
4088 const struct sctp_endpoint *ep,
4089 const struct sctp_association *asoc,
4090 const sctp_subtype_t type,
4091 void *arg, sctp_cmd_seq_t *commands)
4093 /* There is a single T1 timer, so we should be able to use
4094 * common function with the COOKIE-WAIT state.
4096 return sctp_sf_cookie_wait_prm_shutdown(ep, asoc, type, arg, commands);
4100 * sctp_sf_cookie_wait_prm_abort
4102 * Section: 4 Note: 2
4107 * The RFC does not explicitly address this issue, but is the route through the
4108 * state table when someone issues an abort while in COOKIE_WAIT state.
4113 sctp_disposition_t sctp_sf_cookie_wait_prm_abort(
4114 const struct sctp_endpoint *ep,
4115 const struct sctp_association *asoc,
4116 const sctp_subtype_t type,
4118 sctp_cmd_seq_t *commands)
4120 struct msghdr *msg = arg;
4121 struct sctp_chunk *abort;
4122 sctp_disposition_t retval;
4124 /* Stop T1-init timer */
4125 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4126 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
4127 retval = SCTP_DISPOSITION_CONSUME;
4129 /* Generate ABORT chunk to send the peer */
4130 abort = sctp_make_abort_user(asoc, NULL, msg);
4132 retval = SCTP_DISPOSITION_NOMEM;
4134 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
4136 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4137 SCTP_STATE(SCTP_STATE_CLOSED));
4139 SCTP_INC_STATS(SctpAborteds);
4141 /* Even if we can't send the ABORT due to low memory delete the
4142 * TCB. This is a departure from our typical NOMEM handling.
4145 /* Delete the established association. */
4146 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
4147 SCTP_U32(SCTP_ERROR_USER_ABORT));
4153 * sctp_sf_cookie_echoed_prm_abort
4155 * Section: 4 Note: 3
4160 * The RFC does not explcitly address this issue, but is the route through the
4161 * state table when someone issues an abort while in COOKIE_ECHOED state.
4166 sctp_disposition_t sctp_sf_cookie_echoed_prm_abort(
4167 const struct sctp_endpoint *ep,
4168 const struct sctp_association *asoc,
4169 const sctp_subtype_t type,
4171 sctp_cmd_seq_t *commands)
4173 /* There is a single T1 timer, so we should be able to use
4174 * common function with the COOKIE-WAIT state.
4176 return sctp_sf_cookie_wait_prm_abort(ep, asoc, type, arg, commands);
4180 * sctp_sf_shutdown_pending_prm_abort
4185 * The RFC does not explicitly address this issue, but is the route through the
4186 * state table when someone issues an abort while in SHUTDOWN-PENDING state.
4191 sctp_disposition_t sctp_sf_shutdown_pending_prm_abort(
4192 const struct sctp_endpoint *ep,
4193 const struct sctp_association *asoc,
4194 const sctp_subtype_t type,
4196 sctp_cmd_seq_t *commands)
4198 /* Stop the T5-shutdown guard timer. */
4199 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4200 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
4202 return sctp_sf_do_9_1_prm_abort(ep, asoc, type, arg, commands);
4206 * sctp_sf_shutdown_sent_prm_abort
4211 * The RFC does not explicitly address this issue, but is the route through the
4212 * state table when someone issues an abort while in SHUTDOWN-SENT state.
4217 sctp_disposition_t sctp_sf_shutdown_sent_prm_abort(
4218 const struct sctp_endpoint *ep,
4219 const struct sctp_association *asoc,
4220 const sctp_subtype_t type,
4222 sctp_cmd_seq_t *commands)
4224 /* Stop the T2-shutdown timer. */
4225 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4226 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
4228 /* Stop the T5-shutdown guard timer. */
4229 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4230 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
4232 return sctp_sf_do_9_1_prm_abort(ep, asoc, type, arg, commands);
4236 * sctp_sf_cookie_echoed_prm_abort
4241 * The RFC does not explcitly address this issue, but is the route through the
4242 * state table when someone issues an abort while in COOKIE_ECHOED state.
4247 sctp_disposition_t sctp_sf_shutdown_ack_sent_prm_abort(
4248 const struct sctp_endpoint *ep,
4249 const struct sctp_association *asoc,
4250 const sctp_subtype_t type,
4252 sctp_cmd_seq_t *commands)
4254 /* The same T2 timer, so we should be able to use
4255 * common function with the SHUTDOWN-SENT state.
4257 return sctp_sf_shutdown_sent_prm_abort(ep, asoc, type, arg, commands);
4261 * Process the REQUESTHEARTBEAT primitive
4264 * J) Request Heartbeat
4266 * Format: REQUESTHEARTBEAT(association id, destination transport address)
4270 * Instructs the local endpoint to perform a HeartBeat on the specified
4271 * destination transport address of the given association. The returned
4272 * result should indicate whether the transmission of the HEARTBEAT
4273 * chunk to the destination address is successful.
4275 * Mandatory attributes:
4277 * o association id - local handle to the SCTP association
4279 * o destination transport address - the transport address of the
4280 * association on which a heartbeat should be issued.
4282 sctp_disposition_t sctp_sf_do_prm_requestheartbeat(
4283 const struct sctp_endpoint *ep,
4284 const struct sctp_association *asoc,
4285 const sctp_subtype_t type,
4287 sctp_cmd_seq_t *commands)
4289 return sctp_sf_heartbeat(ep, asoc, type, (struct sctp_transport *)arg,
4294 * ADDIP Section 4.1 ASCONF Chunk Procedures
4295 * When an endpoint has an ASCONF signaled change to be sent to the
4296 * remote endpoint it should do A1 to A9
4298 sctp_disposition_t sctp_sf_do_prm_asconf(const struct sctp_endpoint *ep,
4299 const struct sctp_association *asoc,
4300 const sctp_subtype_t type,
4302 sctp_cmd_seq_t *commands)
4304 struct sctp_chunk *chunk = arg;
4306 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T4, SCTP_CHUNK(chunk));
4307 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
4308 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
4309 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(chunk));
4310 return SCTP_DISPOSITION_CONSUME;
4314 * Ignore the primitive event
4316 * The return value is the disposition of the primitive.
4318 sctp_disposition_t sctp_sf_ignore_primitive(
4319 const struct sctp_endpoint *ep,
4320 const struct sctp_association *asoc,
4321 const sctp_subtype_t type,
4323 sctp_cmd_seq_t *commands)
4325 SCTP_DEBUG_PRINTK("Primitive type %d is ignored.\n", type.primitive);
4326 return SCTP_DISPOSITION_DISCARD;
4329 /***************************************************************************
4330 * These are the state functions for the OTHER events.
4331 ***************************************************************************/
4334 * Start the shutdown negotiation.
4337 * Once all its outstanding data has been acknowledged, the endpoint
4338 * shall send a SHUTDOWN chunk to its peer including in the Cumulative
4339 * TSN Ack field the last sequential TSN it has received from the peer.
4340 * It shall then start the T2-shutdown timer and enter the SHUTDOWN-SENT
4341 * state. If the timer expires, the endpoint must re-send the SHUTDOWN
4342 * with the updated last sequential TSN received from its peer.
4344 * The return value is the disposition.
4346 sctp_disposition_t sctp_sf_do_9_2_start_shutdown(
4347 const struct sctp_endpoint *ep,
4348 const struct sctp_association *asoc,
4349 const sctp_subtype_t type,
4351 sctp_cmd_seq_t *commands)
4353 struct sctp_chunk *reply;
4355 /* Once all its outstanding data has been acknowledged, the
4356 * endpoint shall send a SHUTDOWN chunk to its peer including
4357 * in the Cumulative TSN Ack field the last sequential TSN it
4358 * has received from the peer.
4360 reply = sctp_make_shutdown(asoc, NULL);
4364 /* Set the transport for the SHUTDOWN chunk and the timeout for the
4365 * T2-shutdown timer.
4367 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
4369 /* It shall then start the T2-shutdown timer */
4370 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
4371 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
4373 if (asoc->autoclose)
4374 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4375 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
4377 /* and enter the SHUTDOWN-SENT state. */
4378 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4379 SCTP_STATE(SCTP_STATE_SHUTDOWN_SENT));
4381 /* sctp-implguide 2.10 Issues with Heartbeating and failover
4383 * HEARTBEAT ... is discontinued after sending either SHUTDOWN
4386 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_STOP, SCTP_NULL());
4388 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
4390 return SCTP_DISPOSITION_CONSUME;
4393 return SCTP_DISPOSITION_NOMEM;
4397 * Generate a SHUTDOWN ACK now that everything is SACK'd.
4401 * If it has no more outstanding DATA chunks, the SHUTDOWN receiver
4402 * shall send a SHUTDOWN ACK and start a T2-shutdown timer of its own,
4403 * entering the SHUTDOWN-ACK-SENT state. If the timer expires, the
4404 * endpoint must re-send the SHUTDOWN ACK.
4406 * The return value is the disposition.
4408 sctp_disposition_t sctp_sf_do_9_2_shutdown_ack(
4409 const struct sctp_endpoint *ep,
4410 const struct sctp_association *asoc,
4411 const sctp_subtype_t type,
4413 sctp_cmd_seq_t *commands)
4415 struct sctp_chunk *chunk = (struct sctp_chunk *) arg;
4416 struct sctp_chunk *reply;
4418 /* There are 2 ways of getting here:
4419 * 1) called in response to a SHUTDOWN chunk
4420 * 2) called when SCTP_EVENT_NO_PENDING_TSN event is issued.
4422 * For the case (2), the arg parameter is set to NULL. We need
4423 * to check that we have a chunk before accessing it's fields.
4426 if (!sctp_vtag_verify(chunk, asoc))
4427 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
4429 /* Make sure that the SHUTDOWN chunk has a valid length. */
4430 if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_shutdown_chunk_t)))
4431 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
4435 /* If it has no more outstanding DATA chunks, the SHUTDOWN receiver
4436 * shall send a SHUTDOWN ACK ...
4438 reply = sctp_make_shutdown_ack(asoc, chunk);
4442 /* Set the transport for the SHUTDOWN ACK chunk and the timeout for
4443 * the T2-shutdown timer.
4445 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
4447 /* and start/restart a T2-shutdown timer of its own, */
4448 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
4449 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
4451 if (asoc->autoclose)
4452 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4453 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
4455 /* Enter the SHUTDOWN-ACK-SENT state. */
4456 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4457 SCTP_STATE(SCTP_STATE_SHUTDOWN_ACK_SENT));
4459 /* sctp-implguide 2.10 Issues with Heartbeating and failover
4461 * HEARTBEAT ... is discontinued after sending either SHUTDOWN
4464 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_STOP, SCTP_NULL());
4466 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
4468 return SCTP_DISPOSITION_CONSUME;
4471 return SCTP_DISPOSITION_NOMEM;
4475 * Ignore the event defined as other
4477 * The return value is the disposition of the event.
4479 sctp_disposition_t sctp_sf_ignore_other(const struct sctp_endpoint *ep,
4480 const struct sctp_association *asoc,
4481 const sctp_subtype_t type,
4483 sctp_cmd_seq_t *commands)
4485 SCTP_DEBUG_PRINTK("The event other type %d is ignored\n", type.other);
4486 return SCTP_DISPOSITION_DISCARD;
4489 /************************************************************
4490 * These are the state functions for handling timeout events.
4491 ************************************************************/
4496 * Section: 6.3.3 Handle T3-rtx Expiration
4498 * Whenever the retransmission timer T3-rtx expires for a destination
4499 * address, do the following:
4502 * The return value is the disposition of the chunk.
4504 sctp_disposition_t sctp_sf_do_6_3_3_rtx(const struct sctp_endpoint *ep,
4505 const struct sctp_association *asoc,
4506 const sctp_subtype_t type,
4508 sctp_cmd_seq_t *commands)
4510 struct sctp_transport *transport = arg;
4512 if (asoc->overall_error_count >= asoc->max_retrans) {
4513 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
4514 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4515 SCTP_U32(SCTP_ERROR_NO_ERROR));
4516 SCTP_INC_STATS(SctpAborteds);
4517 SCTP_DEC_STATS(SctpCurrEstab);
4518 return SCTP_DISPOSITION_DELETE_TCB;
4521 /* E1) For the destination address for which the timer
4522 * expires, adjust its ssthresh with rules defined in Section
4523 * 7.2.3 and set the cwnd <- MTU.
4526 /* E2) For the destination address for which the timer
4527 * expires, set RTO <- RTO * 2 ("back off the timer"). The
4528 * maximum value discussed in rule C7 above (RTO.max) may be
4529 * used to provide an upper bound to this doubling operation.
4532 /* E3) Determine how many of the earliest (i.e., lowest TSN)
4533 * outstanding DATA chunks for the address for which the
4534 * T3-rtx has expired will fit into a single packet, subject
4535 * to the MTU constraint for the path corresponding to the
4536 * destination transport address to which the retransmission
4537 * is being sent (this may be different from the address for
4538 * which the timer expires [see Section 6.4]). Call this
4539 * value K. Bundle and retransmit those K DATA chunks in a
4540 * single packet to the destination endpoint.
4542 * Note: Any DATA chunks that were sent to the address for
4543 * which the T3-rtx timer expired but did not fit in one MTU
4544 * (rule E3 above), should be marked for retransmission and
4545 * sent as soon as cwnd allows (normally when a SACK arrives).
4548 /* NB: Rules E4 and F1 are implicit in R1. */
4549 sctp_add_cmd_sf(commands, SCTP_CMD_RETRAN, SCTP_TRANSPORT(transport));
4551 /* Do some failure management (Section 8.2). */
4552 sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE, SCTP_TRANSPORT(transport));
4554 return SCTP_DISPOSITION_CONSUME;
4558 * Generate delayed SACK on timeout
4560 * Section: 6.2 Acknowledgement on Reception of DATA Chunks
4562 * The guidelines on delayed acknowledgement algorithm specified in
4563 * Section 4.2 of [RFC2581] SHOULD be followed. Specifically, an
4564 * acknowledgement SHOULD be generated for at least every second packet
4565 * (not every second DATA chunk) received, and SHOULD be generated
4566 * within 200 ms of the arrival of any unacknowledged DATA chunk. In
4567 * some situations it may be beneficial for an SCTP transmitter to be
4568 * more conservative than the algorithms detailed in this document
4569 * allow. However, an SCTP transmitter MUST NOT be more aggressive than
4570 * the following algorithms allow.
4572 sctp_disposition_t sctp_sf_do_6_2_sack(const struct sctp_endpoint *ep,
4573 const struct sctp_association *asoc,
4574 const sctp_subtype_t type,
4576 sctp_cmd_seq_t *commands)
4578 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
4579 return SCTP_DISPOSITION_CONSUME;
4583 * sctp_sf_t1_timer_expire
4585 * Section: 4 Note: 2
4590 * RFC 2960 Section 4 Notes
4591 * 2) If the T1-init timer expires, the endpoint MUST retransmit INIT
4592 * and re-start the T1-init timer without changing state. This MUST
4593 * be repeated up to 'Max.Init.Retransmits' times. After that, the
4594 * endpoint MUST abort the initialization process and report the
4595 * error to SCTP user.
4597 * 3) If the T1-cookie timer expires, the endpoint MUST retransmit
4598 * COOKIE ECHO and re-start the T1-cookie timer without changing
4599 * state. This MUST be repeated up to 'Max.Init.Retransmits' times.
4600 * After that, the endpoint MUST abort the initialization process and
4601 * report the error to SCTP user.
4607 sctp_disposition_t sctp_sf_t1_timer_expire(const struct sctp_endpoint *ep,
4608 const struct sctp_association *asoc,
4609 const sctp_subtype_t type,
4611 sctp_cmd_seq_t *commands)
4613 struct sctp_chunk *repl;
4614 struct sctp_bind_addr *bp;
4615 sctp_event_timeout_t timer = (sctp_event_timeout_t) arg;
4619 timeout = asoc->timeouts[timer];
4620 attempts = asoc->counters[SCTP_COUNTER_INIT_ERROR] + 1;
4623 SCTP_DEBUG_PRINTK("Timer T1 expired.\n");
4625 if (attempts < asoc->max_init_attempts) {
4627 case SCTP_EVENT_TIMEOUT_T1_INIT:
4628 bp = (struct sctp_bind_addr *) &asoc->base.bind_addr;
4629 repl = sctp_make_init(asoc, bp, GFP_ATOMIC, 0);
4632 case SCTP_EVENT_TIMEOUT_T1_COOKIE:
4633 repl = sctp_make_cookie_echo(asoc, NULL);
4644 /* Issue a sideeffect to do the needed accounting. */
4645 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_RESTART,
4647 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
4649 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
4650 SCTP_U32(SCTP_ERROR_NO_ERROR));
4651 return SCTP_DISPOSITION_DELETE_TCB;
4654 return SCTP_DISPOSITION_CONSUME;
4657 return SCTP_DISPOSITION_NOMEM;
4660 /* RFC2960 9.2 If the timer expires, the endpoint must re-send the SHUTDOWN
4661 * with the updated last sequential TSN received from its peer.
4663 * An endpoint should limit the number of retransmissions of the
4664 * SHUTDOWN chunk to the protocol parameter 'Association.Max.Retrans'.
4665 * If this threshold is exceeded the endpoint should destroy the TCB and
4666 * MUST report the peer endpoint unreachable to the upper layer (and
4667 * thus the association enters the CLOSED state). The reception of any
4668 * packet from its peer (i.e. as the peer sends all of its queued DATA
4669 * chunks) should clear the endpoint's retransmission count and restart
4670 * the T2-Shutdown timer, giving its peer ample opportunity to transmit
4671 * all of its queued DATA chunks that have not yet been sent.
4673 sctp_disposition_t sctp_sf_t2_timer_expire(const struct sctp_endpoint *ep,
4674 const struct sctp_association *asoc,
4675 const sctp_subtype_t type,
4677 sctp_cmd_seq_t *commands)
4679 struct sctp_chunk *reply = NULL;
4681 SCTP_DEBUG_PRINTK("Timer T2 expired.\n");
4682 if (asoc->overall_error_count >= asoc->max_retrans) {
4683 /* Note: CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
4684 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4685 SCTP_U32(SCTP_ERROR_NO_ERROR));
4686 SCTP_INC_STATS(SctpAborteds);
4687 SCTP_DEC_STATS(SctpCurrEstab);
4688 return SCTP_DISPOSITION_DELETE_TCB;
4691 switch (asoc->state) {
4692 case SCTP_STATE_SHUTDOWN_SENT:
4693 reply = sctp_make_shutdown(asoc, NULL);
4696 case SCTP_STATE_SHUTDOWN_ACK_SENT:
4697 reply = sctp_make_shutdown_ack(asoc, NULL);
4708 /* Do some failure management (Section 8.2). */
4709 sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE,
4710 SCTP_TRANSPORT(asoc->shutdown_last_sent_to));
4712 /* Set the transport for the SHUTDOWN/ACK chunk and the timeout for
4713 * the T2-shutdown timer.
4715 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
4717 /* Restart the T2-shutdown timer. */
4718 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
4719 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
4720 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
4721 return SCTP_DISPOSITION_CONSUME;
4724 return SCTP_DISPOSITION_NOMEM;
4728 * ADDIP Section 4.1 ASCONF CHunk Procedures
4729 * If the T4 RTO timer expires the endpoint should do B1 to B5
4731 sctp_disposition_t sctp_sf_t4_timer_expire(
4732 const struct sctp_endpoint *ep,
4733 const struct sctp_association *asoc,
4734 const sctp_subtype_t type,
4736 sctp_cmd_seq_t *commands)
4738 struct sctp_chunk *chunk = asoc->addip_last_asconf;
4739 struct sctp_transport *transport = chunk->transport;
4741 /* ADDIP 4.1 B1) Increment the error counters and perform path failure
4742 * detection on the appropriate destination address as defined in
4743 * RFC2960 [5] section 8.1 and 8.2.
4745 sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE, SCTP_TRANSPORT(transport));
4747 /* Reconfig T4 timer and transport. */
4748 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T4, SCTP_CHUNK(chunk));
4750 /* ADDIP 4.1 B2) Increment the association error counters and perform
4751 * endpoint failure detection on the association as defined in
4752 * RFC2960 [5] section 8.1 and 8.2.
4753 * association error counter is incremented in SCTP_CMD_STRIKE.
4755 if (asoc->overall_error_count >= asoc->max_retrans) {
4756 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4757 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
4758 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4759 SCTP_U32(SCTP_ERROR_NO_ERROR));
4760 SCTP_INC_STATS(SctpAborteds);
4761 SCTP_INC_STATS(SctpCurrEstab);
4762 return SCTP_DISPOSITION_ABORT;
4765 /* ADDIP 4.1 B3) Back-off the destination address RTO value to which
4766 * the ASCONF chunk was sent by doubling the RTO timer value.
4767 * This is done in SCTP_CMD_STRIKE.
4770 /* ADDIP 4.1 B4) Re-transmit the ASCONF Chunk last sent and if possible
4771 * choose an alternate destination address (please refer to RFC2960
4772 * [5] section 6.4.1). An endpoint MUST NOT add new parameters to this
4773 * chunk, it MUST be the same (including its serial number) as the last
4776 sctp_chunk_hold(asoc->addip_last_asconf);
4777 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
4778 SCTP_CHUNK(asoc->addip_last_asconf));
4780 /* ADDIP 4.1 B5) Restart the T-4 RTO timer. Note that if a different
4781 * destination is selected, then the RTO used will be that of the new
4782 * destination address.
4784 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
4785 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
4787 return SCTP_DISPOSITION_CONSUME;
4790 /* sctpimpguide-05 Section 2.12.2
4791 * The sender of the SHUTDOWN MAY also start an overall guard timer
4792 * 'T5-shutdown-guard' to bound the overall time for shutdown sequence.
4793 * At the expiration of this timer the sender SHOULD abort the association
4794 * by sending an ABORT chunk.
4796 sctp_disposition_t sctp_sf_t5_timer_expire(const struct sctp_endpoint *ep,
4797 const struct sctp_association *asoc,
4798 const sctp_subtype_t type,
4800 sctp_cmd_seq_t *commands)
4802 struct sctp_chunk *reply = NULL;
4804 SCTP_DEBUG_PRINTK("Timer T5 expired.\n");
4806 reply = sctp_make_abort(asoc, NULL, 0);
4810 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
4811 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4812 SCTP_U32(SCTP_ERROR_NO_ERROR));
4814 return SCTP_DISPOSITION_DELETE_TCB;
4816 return SCTP_DISPOSITION_NOMEM;
4819 /* Handle expiration of AUTOCLOSE timer. When the autoclose timer expires,
4820 * the association is automatically closed by starting the shutdown process.
4821 * The work that needs to be done is same as when SHUTDOWN is initiated by
4822 * the user. So this routine looks same as sctp_sf_do_9_2_prm_shutdown().
4824 sctp_disposition_t sctp_sf_autoclose_timer_expire(
4825 const struct sctp_endpoint *ep,
4826 const struct sctp_association *asoc,
4827 const sctp_subtype_t type,
4829 sctp_cmd_seq_t *commands)
4833 /* From 9.2 Shutdown of an Association
4834 * Upon receipt of the SHUTDOWN primitive from its upper
4835 * layer, the endpoint enters SHUTDOWN-PENDING state and
4836 * remains there until all outstanding data has been
4837 * acknowledged by its peer. The endpoint accepts no new data
4838 * from its upper layer, but retransmits data to the far end
4839 * if necessary to fill gaps.
4841 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4842 SCTP_STATE(SCTP_STATE_SHUTDOWN_PENDING));
4844 /* sctpimpguide-05 Section 2.12.2
4845 * The sender of the SHUTDOWN MAY also start an overall guard timer
4846 * 'T5-shutdown-guard' to bound the overall time for shutdown sequence.
4848 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
4849 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
4850 disposition = SCTP_DISPOSITION_CONSUME;
4851 if (sctp_outq_is_empty(&asoc->outqueue)) {
4852 disposition = sctp_sf_do_9_2_start_shutdown(ep, asoc, type,
4858 /*****************************************************************************
4859 * These are sa state functions which could apply to all types of events.
4860 ****************************************************************************/
4863 * This table entry is not implemented.
4866 * (endpoint, asoc, chunk)
4868 * The return value is the disposition of the chunk.
4870 sctp_disposition_t sctp_sf_not_impl(const struct sctp_endpoint *ep,
4871 const struct sctp_association *asoc,
4872 const sctp_subtype_t type,
4874 sctp_cmd_seq_t *commands)
4876 return SCTP_DISPOSITION_NOT_IMPL;
4880 * This table entry represents a bug.
4883 * (endpoint, asoc, chunk)
4885 * The return value is the disposition of the chunk.
4887 sctp_disposition_t sctp_sf_bug(const struct sctp_endpoint *ep,
4888 const struct sctp_association *asoc,
4889 const sctp_subtype_t type,
4891 sctp_cmd_seq_t *commands)
4893 return SCTP_DISPOSITION_BUG;
4897 * This table entry represents the firing of a timer in the wrong state.
4898 * Since timer deletion cannot be guaranteed a timer 'may' end up firing
4899 * when the association is in the wrong state. This event should
4900 * be ignored, so as to prevent any rearming of the timer.
4903 * (endpoint, asoc, chunk)
4905 * The return value is the disposition of the chunk.
4907 sctp_disposition_t sctp_sf_timer_ignore(const struct sctp_endpoint *ep,
4908 const struct sctp_association *asoc,
4909 const sctp_subtype_t type,
4911 sctp_cmd_seq_t *commands)
4913 SCTP_DEBUG_PRINTK("Timer %d ignored.\n", type.chunk);
4914 return SCTP_DISPOSITION_CONSUME;
4917 /********************************************************************
4918 * 2nd Level Abstractions
4919 ********************************************************************/
4921 /* Pull the SACK chunk based on the SACK header. */
4922 static struct sctp_sackhdr *sctp_sm_pull_sack(struct sctp_chunk *chunk)
4924 struct sctp_sackhdr *sack;
4929 /* Protect ourselves from reading too far into
4930 * the skb from a bogus sender.
4932 sack = (struct sctp_sackhdr *) chunk->skb->data;
4934 num_blocks = ntohs(sack->num_gap_ack_blocks);
4935 num_dup_tsns = ntohs(sack->num_dup_tsns);
4936 len = sizeof(struct sctp_sackhdr);
4937 len += (num_blocks + num_dup_tsns) * sizeof(__u32);
4938 if (len > chunk->skb->len)
4941 skb_pull(chunk->skb, len);
4946 /* Create an ABORT packet to be sent as a response, with the specified
4949 static struct sctp_packet *sctp_abort_pkt_new(const struct sctp_endpoint *ep,
4950 const struct sctp_association *asoc,
4951 struct sctp_chunk *chunk,
4952 const void *payload,
4955 struct sctp_packet *packet;
4956 struct sctp_chunk *abort;
4958 packet = sctp_ootb_pkt_new(asoc, chunk);
4962 * The T bit will be set if the asoc is NULL.
4964 abort = sctp_make_abort(asoc, chunk, paylen);
4966 sctp_ootb_pkt_free(packet);
4969 /* Add specified error causes, i.e., payload, to the
4972 sctp_addto_chunk(abort, paylen, payload);
4974 /* Set the skb to the belonging sock for accounting. */
4975 abort->skb->sk = ep->base.sk;
4977 sctp_packet_append_chunk(packet, abort);
4984 /* Allocate a packet for responding in the OOTB conditions. */
4985 static struct sctp_packet *sctp_ootb_pkt_new(const struct sctp_association *asoc,
4986 const struct sctp_chunk *chunk)
4988 struct sctp_packet *packet;
4989 struct sctp_transport *transport;
4994 /* Get the source and destination port from the inbound packet. */
4995 sport = ntohs(chunk->sctp_hdr->dest);
4996 dport = ntohs(chunk->sctp_hdr->source);
4998 /* The V-tag is going to be the same as the inbound packet if no
4999 * association exists, otherwise, use the peer's vtag.
5002 vtag = asoc->peer.i.init_tag;
5004 /* Special case the INIT and stale COOKIE_ECHO as there is no
5007 switch(chunk->chunk_hdr->type) {
5010 sctp_init_chunk_t *init;
5012 init = (sctp_init_chunk_t *)chunk->chunk_hdr;
5013 vtag = ntohl(init->init_hdr.init_tag);
5017 vtag = ntohl(chunk->sctp_hdr->vtag);
5022 /* Make a transport for the bucket, Eliza... */
5023 transport = sctp_transport_new(sctp_source(chunk), GFP_ATOMIC);
5027 /* Cache a route for the transport with the chunk's destination as
5028 * the source address.
5030 sctp_transport_route(transport, (union sctp_addr *)&chunk->dest,
5031 sctp_sk(sctp_get_ctl_sock()));
5033 packet = sctp_packet_init(&transport->packet, transport, sport, dport);
5034 packet = sctp_packet_config(packet, vtag, 0);
5042 /* Free the packet allocated earlier for responding in the OOTB condition. */
5043 void sctp_ootb_pkt_free(struct sctp_packet *packet)
5045 sctp_transport_free(packet->transport);
5048 /* Send a stale cookie error when a invalid COOKIE ECHO chunk is found */
5049 static void sctp_send_stale_cookie_err(const struct sctp_endpoint *ep,
5050 const struct sctp_association *asoc,
5051 const struct sctp_chunk *chunk,
5052 sctp_cmd_seq_t *commands,
5053 struct sctp_chunk *err_chunk)
5055 struct sctp_packet *packet;
5058 packet = sctp_ootb_pkt_new(asoc, chunk);
5060 struct sctp_signed_cookie *cookie;
5062 /* Override the OOTB vtag from the cookie. */
5063 cookie = chunk->subh.cookie_hdr;
5064 packet->vtag = cookie->c.peer_vtag;
5066 /* Set the skb to the belonging sock for accounting. */
5067 err_chunk->skb->sk = ep->base.sk;
5068 sctp_packet_append_chunk(packet, err_chunk);
5069 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
5070 SCTP_PACKET(packet));
5071 SCTP_INC_STATS(SctpOutCtrlChunks);
5073 sctp_chunk_free (err_chunk);
5078 /* Process a data chunk */
5079 static int sctp_eat_data(const struct sctp_association *asoc,
5080 struct sctp_chunk *chunk,
5081 sctp_cmd_seq_t *commands)
5083 sctp_datahdr_t *data_hdr;
5084 struct sctp_chunk *err;
5086 sctp_verb_t deliver;
5090 data_hdr = chunk->subh.data_hdr = (sctp_datahdr_t *)chunk->skb->data;
5091 skb_pull(chunk->skb, sizeof(sctp_datahdr_t));
5093 tsn = ntohl(data_hdr->tsn);
5094 SCTP_DEBUG_PRINTK("eat_data: TSN 0x%x.\n", tsn);
5096 /* ASSERT: Now skb->data is really the user data. */
5098 /* Process ECN based congestion.
5100 * Since the chunk structure is reused for all chunks within
5101 * a packet, we use ecn_ce_done to track if we've already
5102 * done CE processing for this packet.
5104 * We need to do ECN processing even if we plan to discard the
5108 if (!chunk->ecn_ce_done) {
5110 chunk->ecn_ce_done = 1;
5112 af = sctp_get_af_specific(
5113 ipver2af(chunk->skb->nh.iph->version));
5115 if (af && af->is_ce(chunk->skb) && asoc->peer.ecn_capable) {
5116 /* Do real work as sideffect. */
5117 sctp_add_cmd_sf(commands, SCTP_CMD_ECN_CE,
5122 tmp = sctp_tsnmap_check(&asoc->peer.tsn_map, tsn);
5124 /* The TSN is too high--silently discard the chunk and
5125 * count on it getting retransmitted later.
5127 return SCTP_IERROR_HIGH_TSN;
5128 } else if (tmp > 0) {
5129 /* This is a duplicate. Record it. */
5130 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_DUP, SCTP_U32(tsn));
5131 return SCTP_IERROR_DUP_TSN;
5134 /* This is a new TSN. */
5136 /* Discard if there is no room in the receive window.
5137 * Actually, allow a little bit of overflow (up to a MTU).
5139 datalen = ntohs(chunk->chunk_hdr->length);
5140 datalen -= sizeof(sctp_data_chunk_t);
5142 deliver = SCTP_CMD_CHUNK_ULP;
5144 /* Think about partial delivery. */
5145 if ((datalen >= asoc->rwnd) && (!asoc->ulpq.pd_mode)) {
5147 /* Even if we don't accept this chunk there is
5150 sctp_add_cmd_sf(commands, SCTP_CMD_PART_DELIVER, SCTP_NULL());
5153 /* Spill over rwnd a little bit. Note: While allowed, this spill over
5154 * seems a bit troublesome in that frag_point varies based on
5155 * PMTU. In cases, such as loopback, this might be a rather
5158 if (!asoc->rwnd || asoc->rwnd_over ||
5159 (datalen > asoc->rwnd + asoc->frag_point)) {
5161 /* If this is the next TSN, consider reneging to make
5162 * room. Note: Playing nice with a confused sender. A
5163 * malicious sender can still eat up all our buffer
5164 * space and in the future we may want to detect and
5165 * do more drastic reneging.
5167 if (sctp_tsnmap_has_gap(&asoc->peer.tsn_map) &&
5168 (sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map) + 1) == tsn) {
5169 SCTP_DEBUG_PRINTK("Reneging for tsn:%u\n", tsn);
5170 deliver = SCTP_CMD_RENEGE;
5172 SCTP_DEBUG_PRINTK("Discard tsn: %u len: %Zd, "
5173 "rwnd: %d\n", tsn, datalen,
5175 return SCTP_IERROR_IGNORE_TSN;
5180 * Section 3.3.10.9 No User Data (9)
5184 * No User Data: This error cause is returned to the originator of a
5185 * DATA chunk if a received DATA chunk has no user data.
5187 if (unlikely(0 == datalen)) {
5188 err = sctp_make_abort_no_data(asoc, chunk, tsn);
5190 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
5193 /* We are going to ABORT, so we might as well stop
5194 * processing the rest of the chunks in the packet.
5196 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL());
5197 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
5198 SCTP_U32(SCTP_ERROR_NO_DATA));
5199 SCTP_INC_STATS(SctpAborteds);
5200 SCTP_DEC_STATS(SctpCurrEstab);
5201 return SCTP_IERROR_NO_DATA;
5204 /* If definately accepting the DATA chunk, record its TSN, otherwise
5205 * wait for renege processing.
5207 if (SCTP_CMD_CHUNK_ULP == deliver)
5208 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_TSN, SCTP_U32(tsn));
5210 /* Note: Some chunks may get overcounted (if we drop) or overcounted
5211 * if we renege and the chunk arrives again.
5213 if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED)
5214 SCTP_INC_STATS(SctpInUnorderChunks);
5216 SCTP_INC_STATS(SctpInOrderChunks);
5218 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number
5220 * If an endpoint receive a DATA chunk with an invalid stream
5221 * identifier, it shall acknowledge the reception of the DATA chunk
5222 * following the normal procedure, immediately send an ERROR chunk
5223 * with cause set to "Invalid Stream Identifier" (See Section 3.3.10)
5224 * and discard the DATA chunk.
5226 if (ntohs(data_hdr->stream) >= asoc->c.sinit_max_instreams) {
5227 err = sctp_make_op_error(asoc, chunk, SCTP_ERROR_INV_STRM,
5229 sizeof(data_hdr->stream));
5231 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
5233 return SCTP_IERROR_BAD_STREAM;
5236 /* Send the data up to the user. Note: Schedule the
5237 * SCTP_CMD_CHUNK_ULP cmd before the SCTP_CMD_GEN_SACK, as the SACK
5238 * chunk needs the updated rwnd.
5240 sctp_add_cmd_sf(commands, deliver, SCTP_CHUNK(chunk));
5242 return SCTP_IERROR_NO_ERROR;