1 /* SCTP kernel reference Implementation
2 * (C) Copyright IBM Corp. 2001, 2004
3 * Copyright (c) 1999-2000 Cisco, Inc.
4 * Copyright (c) 1999-2001 Motorola, Inc.
5 * Copyright (c) 2001-2002 Intel Corp.
6 * Copyright (c) 2002 Nokia Corp.
8 * This file is part of the SCTP kernel reference Implementation
10 * This is part of the SCTP Linux Kernel Reference Implementation.
12 * These are the state functions for the state machine.
14 * The SCTP reference implementation is free software;
15 * you can redistribute it and/or modify it under the terms of
16 * the GNU General Public License as published by
17 * the Free Software Foundation; either version 2, or (at your option)
20 * The SCTP reference implementation is distributed in the hope that it
21 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
22 * ************************
23 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
24 * See the GNU General Public License for more details.
26 * You should have received a copy of the GNU General Public License
27 * along with GNU CC; see the file COPYING. If not, write to
28 * the Free Software Foundation, 59 Temple Place - Suite 330,
29 * Boston, MA 02111-1307, USA.
31 * Please send any bug reports or fixes you make to the
33 * lksctp developers <lksctp-developers@lists.sourceforge.net>
35 * Or submit a bug report through the following website:
36 * http://www.sf.net/projects/lksctp
38 * Written or modified by:
39 * La Monte H.P. Yarroll <piggy@acm.org>
40 * Karl Knutson <karl@athena.chicago.il.us>
41 * Mathew Kotowsky <kotowsky@sctp.org>
42 * Sridhar Samudrala <samudrala@us.ibm.com>
43 * Jon Grimm <jgrimm@us.ibm.com>
44 * Hui Huang <hui.huang@nokia.com>
45 * Dajiang Zhang <dajiang.zhang@nokia.com>
46 * Daisy Chang <daisyc@us.ibm.com>
47 * Ardelle Fan <ardelle.fan@intel.com>
48 * Ryan Layer <rmlayer@us.ibm.com>
49 * Kevin Gao <kevin.gao@intel.com>
51 * Any bugs reported given to us we will try to fix... any fixes shared will
52 * be incorporated into the next SCTP release.
55 #include <linux/types.h>
56 #include <linux/kernel.h>
58 #include <linux/ipv6.h>
59 #include <linux/net.h>
60 #include <linux/inet.h>
62 #include <net/inet_ecn.h>
63 #include <linux/skbuff.h>
64 #include <net/sctp/sctp.h>
65 #include <net/sctp/sm.h>
66 #include <net/sctp/structs.h>
68 static struct sctp_packet *sctp_abort_pkt_new(const struct sctp_endpoint *ep,
69 const struct sctp_association *asoc,
70 struct sctp_chunk *chunk,
73 static int sctp_eat_data(const struct sctp_association *asoc,
74 struct sctp_chunk *chunk,
75 sctp_cmd_seq_t *commands);
76 static struct sctp_packet *sctp_ootb_pkt_new(const struct sctp_association *asoc,
77 const struct sctp_chunk *chunk);
78 static void sctp_send_stale_cookie_err(const struct sctp_endpoint *ep,
79 const struct sctp_association *asoc,
80 const struct sctp_chunk *chunk,
81 sctp_cmd_seq_t *commands,
82 struct sctp_chunk *err_chunk);
83 static sctp_disposition_t sctp_sf_do_5_2_6_stale(const struct sctp_endpoint *ep,
84 const struct sctp_association *asoc,
85 const sctp_subtype_t type,
87 sctp_cmd_seq_t *commands);
88 static sctp_disposition_t sctp_sf_shut_8_4_5(const struct sctp_endpoint *ep,
89 const struct sctp_association *asoc,
90 const sctp_subtype_t type,
92 sctp_cmd_seq_t *commands);
93 static struct sctp_sackhdr *sctp_sm_pull_sack(struct sctp_chunk *chunk);
95 static sctp_disposition_t sctp_stop_t1_and_abort(sctp_cmd_seq_t *commands,
97 const struct sctp_association *asoc,
98 struct sctp_transport *transport);
100 static sctp_disposition_t sctp_sf_violation_chunklen(
101 const struct sctp_endpoint *ep,
102 const struct sctp_association *asoc,
103 const sctp_subtype_t type,
105 sctp_cmd_seq_t *commands);
107 /* Small helper function that checks if the chunk length
108 * is of the appropriate length. The 'required_length' argument
109 * is set to be the size of a specific chunk we are testing.
110 * Return Values: 1 = Valid length
115 sctp_chunk_length_valid(struct sctp_chunk *chunk,
116 __u16 required_length)
118 __u16 chunk_length = ntohs(chunk->chunk_hdr->length);
120 if (unlikely(chunk_length < required_length))
126 /**********************************************************
127 * These are the state functions for handling chunk events.
128 **********************************************************/
131 * Process the final SHUTDOWN COMPLETE.
133 * Section: 4 (C) (diagram), 9.2
134 * Upon reception of the SHUTDOWN COMPLETE chunk the endpoint will verify
135 * that it is in SHUTDOWN-ACK-SENT state, if it is not the chunk should be
136 * discarded. If the endpoint is in the SHUTDOWN-ACK-SENT state the endpoint
137 * should stop the T2-shutdown timer and remove all knowledge of the
138 * association (and thus the association enters the CLOSED state).
140 * Verification Tag: 8.5.1(C), sctpimpguide 2.41.
141 * C) Rules for packet carrying SHUTDOWN COMPLETE:
143 * - The receiver of a SHUTDOWN COMPLETE shall accept the packet
144 * if the Verification Tag field of the packet matches its own tag and
145 * the T bit is not set
147 * it is set to its peer's tag and the T bit is set in the Chunk
149 * Otherwise, the receiver MUST silently discard the packet
150 * and take no further action. An endpoint MUST ignore the
151 * SHUTDOWN COMPLETE if it is not in the SHUTDOWN-ACK-SENT state.
154 * (endpoint, asoc, chunk)
157 * (asoc, reply_msg, msg_up, timers, counters)
159 * The return value is the disposition of the chunk.
161 sctp_disposition_t sctp_sf_do_4_C(const struct sctp_endpoint *ep,
162 const struct sctp_association *asoc,
163 const sctp_subtype_t type,
165 sctp_cmd_seq_t *commands)
167 struct sctp_chunk *chunk = arg;
168 struct sctp_ulpevent *ev;
170 /* RFC 2960 6.10 Bundling
172 * An endpoint MUST NOT bundle INIT, INIT ACK or
173 * SHUTDOWN COMPLETE with any other chunks.
175 if (!chunk->singleton)
176 return SCTP_DISPOSITION_VIOLATION;
178 if (!sctp_vtag_verify_either(chunk, asoc))
179 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
181 /* RFC 2960 10.2 SCTP-to-ULP
183 * H) SHUTDOWN COMPLETE notification
185 * When SCTP completes the shutdown procedures (section 9.2) this
186 * notification is passed to the upper layer.
188 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_SHUTDOWN_COMP,
189 0, 0, 0, GFP_ATOMIC);
193 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
195 /* Upon reception of the SHUTDOWN COMPLETE chunk the endpoint
196 * will verify that it is in SHUTDOWN-ACK-SENT state, if it is
197 * not the chunk should be discarded. If the endpoint is in
198 * the SHUTDOWN-ACK-SENT state the endpoint should stop the
199 * T2-shutdown timer and remove all knowledge of the
200 * association (and thus the association enters the CLOSED
203 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
204 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
206 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
207 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
209 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
210 SCTP_STATE(SCTP_STATE_CLOSED));
212 SCTP_INC_STATS(SCTP_MIB_SHUTDOWNS);
213 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
215 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
217 return SCTP_DISPOSITION_DELETE_TCB;
220 return SCTP_DISPOSITION_NOMEM;
224 * Respond to a normal INIT chunk.
225 * We are the side that is being asked for an association.
227 * Section: 5.1 Normal Establishment of an Association, B
228 * B) "Z" shall respond immediately with an INIT ACK chunk. The
229 * destination IP address of the INIT ACK MUST be set to the source
230 * IP address of the INIT to which this INIT ACK is responding. In
231 * the response, besides filling in other parameters, "Z" must set the
232 * Verification Tag field to Tag_A, and also provide its own
233 * Verification Tag (Tag_Z) in the Initiate Tag field.
235 * Verification Tag: Must be 0.
238 * (endpoint, asoc, chunk)
241 * (asoc, reply_msg, msg_up, timers, counters)
243 * The return value is the disposition of the chunk.
245 sctp_disposition_t sctp_sf_do_5_1B_init(const struct sctp_endpoint *ep,
246 const struct sctp_association *asoc,
247 const sctp_subtype_t type,
249 sctp_cmd_seq_t *commands)
251 struct sctp_chunk *chunk = arg;
252 struct sctp_chunk *repl;
253 struct sctp_association *new_asoc;
254 struct sctp_chunk *err_chunk;
255 struct sctp_packet *packet;
256 sctp_unrecognized_param_t *unk_param;
261 * An endpoint MUST NOT bundle INIT, INIT ACK or
262 * SHUTDOWN COMPLETE with any other chunks.
265 * Furthermore, we require that the receiver of an INIT chunk MUST
266 * enforce these rules by silently discarding an arriving packet
267 * with an INIT chunk that is bundled with other chunks.
269 if (!chunk->singleton)
270 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
272 /* If the packet is an OOTB packet which is temporarily on the
273 * control endpoint, respond with an ABORT.
275 if (ep == sctp_sk((sctp_get_ctl_sock()))->ep)
276 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
279 /* If the endpoint is not listening or if the number of associations
280 * on the TCP-style socket exceed the max backlog, respond with an
283 if (!sctp_sstate(sk, LISTENING) ||
284 (sctp_style(sk, TCP) &&
285 sk_acceptq_is_full(sk)))
286 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
288 /* 3.1 A packet containing an INIT chunk MUST have a zero Verification
291 if (chunk->sctp_hdr->vtag != 0)
292 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
294 /* Make sure that the INIT chunk has a valid length.
295 * Normally, this would cause an ABORT with a Protocol Violation
296 * error, but since we don't have an association, we'll
297 * just discard the packet.
299 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_init_chunk_t)))
300 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
302 /* Verify the INIT chunk before processing it. */
304 if (!sctp_verify_init(asoc, chunk->chunk_hdr->type,
305 (sctp_init_chunk_t *)chunk->chunk_hdr, chunk,
307 /* This chunk contains fatal error. It is to be discarded.
308 * Send an ABORT, with causes if there is any.
311 packet = sctp_abort_pkt_new(ep, asoc, arg,
312 (__u8 *)(err_chunk->chunk_hdr) +
313 sizeof(sctp_chunkhdr_t),
314 ntohs(err_chunk->chunk_hdr->length) -
315 sizeof(sctp_chunkhdr_t));
317 sctp_chunk_free(err_chunk);
320 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
321 SCTP_PACKET(packet));
322 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
323 return SCTP_DISPOSITION_CONSUME;
325 return SCTP_DISPOSITION_NOMEM;
328 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg,
333 /* Grab the INIT header. */
334 chunk->subh.init_hdr = (sctp_inithdr_t *)chunk->skb->data;
336 /* Tag the variable length parameters. */
337 chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t));
339 new_asoc = sctp_make_temp_asoc(ep, chunk, GFP_ATOMIC);
343 /* The call, sctp_process_init(), can fail on memory allocation. */
344 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
346 (sctp_init_chunk_t *)chunk->chunk_hdr,
350 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
352 /* B) "Z" shall respond immediately with an INIT ACK chunk. */
354 /* If there are errors need to be reported for unknown parameters,
355 * make sure to reserve enough room in the INIT ACK for them.
359 len = ntohs(err_chunk->chunk_hdr->length) -
360 sizeof(sctp_chunkhdr_t);
362 if (sctp_assoc_set_bind_addr_from_ep(new_asoc, GFP_ATOMIC) < 0)
365 repl = sctp_make_init_ack(new_asoc, chunk, GFP_ATOMIC, len);
369 /* If there are errors need to be reported for unknown parameters,
370 * include them in the outgoing INIT ACK as "Unrecognized parameter"
374 /* Get the "Unrecognized parameter" parameter(s) out of the
375 * ERROR chunk generated by sctp_verify_init(). Since the
376 * error cause code for "unknown parameter" and the
377 * "Unrecognized parameter" type is the same, we can
378 * construct the parameters in INIT ACK by copying the
381 unk_param = (sctp_unrecognized_param_t *)
382 ((__u8 *)(err_chunk->chunk_hdr) +
383 sizeof(sctp_chunkhdr_t));
384 /* Replace the cause code with the "Unrecognized parameter"
387 sctp_addto_chunk(repl, len, unk_param);
388 sctp_chunk_free(err_chunk);
391 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
394 * Note: After sending out INIT ACK with the State Cookie parameter,
395 * "Z" MUST NOT allocate any resources, nor keep any states for the
396 * new association. Otherwise, "Z" will be vulnerable to resource
399 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
401 return SCTP_DISPOSITION_DELETE_TCB;
405 sctp_chunk_free(err_chunk);
407 sctp_association_free(new_asoc);
409 return SCTP_DISPOSITION_NOMEM;
413 * Respond to a normal INIT ACK chunk.
414 * We are the side that is initiating the association.
416 * Section: 5.1 Normal Establishment of an Association, C
417 * C) Upon reception of the INIT ACK from "Z", "A" shall stop the T1-init
418 * timer and leave COOKIE-WAIT state. "A" shall then send the State
419 * Cookie received in the INIT ACK chunk in a COOKIE ECHO chunk, start
420 * the T1-cookie timer, and enter the COOKIE-ECHOED state.
422 * Note: The COOKIE ECHO chunk can be bundled with any pending outbound
423 * DATA chunks, but it MUST be the first chunk in the packet and
424 * until the COOKIE ACK is returned the sender MUST NOT send any
425 * other packets to the peer.
427 * Verification Tag: 3.3.3
428 * If the value of the Initiate Tag in a received INIT ACK chunk is
429 * found to be 0, the receiver MUST treat it as an error and close the
430 * association by transmitting an ABORT.
433 * (endpoint, asoc, chunk)
436 * (asoc, reply_msg, msg_up, timers, counters)
438 * The return value is the disposition of the chunk.
440 sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
441 const struct sctp_association *asoc,
442 const sctp_subtype_t type,
444 sctp_cmd_seq_t *commands)
446 struct sctp_chunk *chunk = arg;
447 sctp_init_chunk_t *initchunk;
449 struct sctp_chunk *err_chunk;
450 struct sctp_packet *packet;
451 sctp_disposition_t ret;
453 if (!sctp_vtag_verify(chunk, asoc))
454 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
456 /* Make sure that the INIT-ACK chunk has a valid length */
457 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_initack_chunk_t)))
458 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
461 * An endpoint MUST NOT bundle INIT, INIT ACK or
462 * SHUTDOWN COMPLETE with any other chunks.
464 if (!chunk->singleton)
465 return SCTP_DISPOSITION_VIOLATION;
467 /* Grab the INIT header. */
468 chunk->subh.init_hdr = (sctp_inithdr_t *) chunk->skb->data;
470 init_tag = ntohl(chunk->subh.init_hdr->init_tag);
472 /* Verification Tag: 3.3.3
473 * If the value of the Initiate Tag in a received INIT ACK
474 * chunk is found to be 0, the receiver MUST treat it as an
475 * error and close the association by transmitting an ABORT.
478 struct sctp_chunk *reply = sctp_make_abort(asoc, chunk, 0);
482 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
483 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
484 SCTP_STATE(SCTP_STATE_CLOSED));
485 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
486 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
487 return SCTP_DISPOSITION_DELETE_TCB;
490 /* Verify the INIT chunk before processing it. */
492 if (!sctp_verify_init(asoc, chunk->chunk_hdr->type,
493 (sctp_init_chunk_t *)chunk->chunk_hdr, chunk,
496 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
498 /* This chunk contains fatal error. It is to be discarded.
499 * Send an ABORT, with causes if there is any.
502 packet = sctp_abort_pkt_new(ep, asoc, arg,
503 (__u8 *)(err_chunk->chunk_hdr) +
504 sizeof(sctp_chunkhdr_t),
505 ntohs(err_chunk->chunk_hdr->length) -
506 sizeof(sctp_chunkhdr_t));
508 sctp_chunk_free(err_chunk);
511 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
512 SCTP_PACKET(packet));
513 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
514 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
515 SCTP_STATE(SCTP_STATE_CLOSED));
516 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB,
518 return SCTP_DISPOSITION_CONSUME;
520 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
521 SCTP_STATE(SCTP_STATE_CLOSED));
522 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB,
524 return SCTP_DISPOSITION_NOMEM;
527 ret = sctp_sf_tabort_8_4_8(ep, asoc, type, arg,
529 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
530 SCTP_STATE(SCTP_STATE_CLOSED));
531 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB,
537 /* Tag the variable length parameters. Note that we never
538 * convert the parameters in an INIT chunk.
540 chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t));
542 initchunk = (sctp_init_chunk_t *) chunk->chunk_hdr;
544 sctp_add_cmd_sf(commands, SCTP_CMD_PEER_INIT,
545 SCTP_PEER_INIT(initchunk));
547 /* Reset init error count upon receipt of INIT-ACK. */
548 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_COUNTER_RESET, SCTP_NULL());
550 /* 5.1 C) "A" shall stop the T1-init timer and leave
551 * COOKIE-WAIT state. "A" shall then ... start the T1-cookie
552 * timer, and enter the COOKIE-ECHOED state.
554 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
555 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
556 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
557 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
558 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
559 SCTP_STATE(SCTP_STATE_COOKIE_ECHOED));
561 /* 5.1 C) "A" shall then send the State Cookie received in the
562 * INIT ACK chunk in a COOKIE ECHO chunk, ...
564 /* If there is any errors to report, send the ERROR chunk generated
565 * for unknown parameters as well.
567 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_COOKIE_ECHO,
568 SCTP_CHUNK(err_chunk));
570 return SCTP_DISPOSITION_CONSUME;
573 return SCTP_DISPOSITION_NOMEM;
577 * Respond to a normal COOKIE ECHO chunk.
578 * We are the side that is being asked for an association.
580 * Section: 5.1 Normal Establishment of an Association, D
581 * D) Upon reception of the COOKIE ECHO chunk, Endpoint "Z" will reply
582 * with a COOKIE ACK chunk after building a TCB and moving to
583 * the ESTABLISHED state. A COOKIE ACK chunk may be bundled with
584 * any pending DATA chunks (and/or SACK chunks), but the COOKIE ACK
585 * chunk MUST be the first chunk in the packet.
587 * IMPLEMENTATION NOTE: An implementation may choose to send the
588 * Communication Up notification to the SCTP user upon reception
589 * of a valid COOKIE ECHO chunk.
591 * Verification Tag: 8.5.1 Exceptions in Verification Tag Rules
592 * D) Rules for packet carrying a COOKIE ECHO
594 * - When sending a COOKIE ECHO, the endpoint MUST use the value of the
595 * Initial Tag received in the INIT ACK.
597 * - The receiver of a COOKIE ECHO follows the procedures in Section 5.
600 * (endpoint, asoc, chunk)
603 * (asoc, reply_msg, msg_up, timers, counters)
605 * The return value is the disposition of the chunk.
607 sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
608 const struct sctp_association *asoc,
609 const sctp_subtype_t type, void *arg,
610 sctp_cmd_seq_t *commands)
612 struct sctp_chunk *chunk = arg;
613 struct sctp_association *new_asoc;
614 sctp_init_chunk_t *peer_init;
615 struct sctp_chunk *repl;
616 struct sctp_ulpevent *ev;
618 struct sctp_chunk *err_chk_p;
620 /* If the packet is an OOTB packet which is temporarily on the
621 * control endpoint, respond with an ABORT.
623 if (ep == sctp_sk((sctp_get_ctl_sock()))->ep)
624 return sctp_sf_ootb(ep, asoc, type, arg, commands);
626 /* Make sure that the COOKIE_ECHO chunk has a valid length.
627 * In this case, we check that we have enough for at least a
628 * chunk header. More detailed verification is done
629 * in sctp_unpack_cookie().
631 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
632 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
634 /* "Decode" the chunk. We have no optional parameters so we
637 chunk->subh.cookie_hdr =
638 (struct sctp_signed_cookie *)chunk->skb->data;
639 if (!pskb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) -
640 sizeof(sctp_chunkhdr_t)))
643 /* 5.1 D) Upon reception of the COOKIE ECHO chunk, Endpoint
644 * "Z" will reply with a COOKIE ACK chunk after building a TCB
645 * and moving to the ESTABLISHED state.
647 new_asoc = sctp_unpack_cookie(ep, asoc, chunk, GFP_ATOMIC, &error,
651 * If the re-build failed, what is the proper error path
654 * [We should abort the association. --piggy]
657 /* FIXME: Several errors are possible. A bad cookie should
658 * be silently discarded, but think about logging it too.
661 case -SCTP_IERROR_NOMEM:
664 case -SCTP_IERROR_STALE_COOKIE:
665 sctp_send_stale_cookie_err(ep, asoc, chunk, commands,
667 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
669 case -SCTP_IERROR_BAD_SIG:
671 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
675 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
676 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
677 SCTP_STATE(SCTP_STATE_ESTABLISHED));
678 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
679 SCTP_INC_STATS(SCTP_MIB_PASSIVEESTABS);
680 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
682 if (new_asoc->autoclose)
683 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
684 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
686 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
688 /* Re-build the bind address for the association is done in
689 * the sctp_unpack_cookie() already.
691 /* This is a brand-new association, so these are not yet side
692 * effects--it is safe to run them here.
694 peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
696 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
697 &chunk->subh.cookie_hdr->c.peer_addr,
698 peer_init, GFP_ATOMIC))
701 repl = sctp_make_cookie_ack(new_asoc, chunk);
705 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
707 /* RFC 2960 5.1 Normal Establishment of an Association
709 * D) IMPLEMENTATION NOTE: An implementation may choose to
710 * send the Communication Up notification to the SCTP user
711 * upon reception of a valid COOKIE ECHO chunk.
713 ev = sctp_ulpevent_make_assoc_change(new_asoc, 0, SCTP_COMM_UP, 0,
714 new_asoc->c.sinit_num_ostreams,
715 new_asoc->c.sinit_max_instreams,
720 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
722 /* Sockets API Draft Section 5.3.1.6
723 * When a peer sends a Adaption Layer Indication parameter , SCTP
724 * delivers this notification to inform the application that of the
725 * peers requested adaption layer.
727 if (new_asoc->peer.adaption_ind) {
728 ev = sctp_ulpevent_make_adaption_indication(new_asoc,
733 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
737 return SCTP_DISPOSITION_CONSUME;
740 sctp_chunk_free(repl);
743 sctp_association_free(new_asoc);
745 return SCTP_DISPOSITION_NOMEM;
749 * Respond to a normal COOKIE ACK chunk.
750 * We are the side that is being asked for an association.
752 * RFC 2960 5.1 Normal Establishment of an Association
754 * E) Upon reception of the COOKIE ACK, endpoint "A" will move from the
755 * COOKIE-ECHOED state to the ESTABLISHED state, stopping the T1-cookie
756 * timer. It may also notify its ULP about the successful
757 * establishment of the association with a Communication Up
758 * notification (see Section 10).
762 * (endpoint, asoc, chunk)
765 * (asoc, reply_msg, msg_up, timers, counters)
767 * The return value is the disposition of the chunk.
769 sctp_disposition_t sctp_sf_do_5_1E_ca(const struct sctp_endpoint *ep,
770 const struct sctp_association *asoc,
771 const sctp_subtype_t type, void *arg,
772 sctp_cmd_seq_t *commands)
774 struct sctp_chunk *chunk = arg;
775 struct sctp_ulpevent *ev;
777 if (!sctp_vtag_verify(chunk, asoc))
778 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
780 /* Verify that the chunk length for the COOKIE-ACK is OK.
781 * If we don't do this, any bundled chunks may be junked.
783 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
784 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
787 /* Reset init error count upon receipt of COOKIE-ACK,
788 * to avoid problems with the managemement of this
789 * counter in stale cookie situations when a transition back
790 * from the COOKIE-ECHOED state to the COOKIE-WAIT
791 * state is performed.
793 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_COUNTER_RESET, SCTP_NULL());
795 /* RFC 2960 5.1 Normal Establishment of an Association
797 * E) Upon reception of the COOKIE ACK, endpoint "A" will move
798 * from the COOKIE-ECHOED state to the ESTABLISHED state,
799 * stopping the T1-cookie timer.
801 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
802 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
803 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
804 SCTP_STATE(SCTP_STATE_ESTABLISHED));
805 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
806 SCTP_INC_STATS(SCTP_MIB_ACTIVEESTABS);
807 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
809 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
810 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
811 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
813 /* It may also notify its ULP about the successful
814 * establishment of the association with a Communication Up
815 * notification (see Section 10).
817 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_COMM_UP,
818 0, asoc->c.sinit_num_ostreams,
819 asoc->c.sinit_max_instreams,
825 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
827 /* Sockets API Draft Section 5.3.1.6
828 * When a peer sends a Adaption Layer Indication parameter , SCTP
829 * delivers this notification to inform the application that of the
830 * peers requested adaption layer.
832 if (asoc->peer.adaption_ind) {
833 ev = sctp_ulpevent_make_adaption_indication(asoc, GFP_ATOMIC);
837 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
841 return SCTP_DISPOSITION_CONSUME;
843 return SCTP_DISPOSITION_NOMEM;
846 /* Generate and sendout a heartbeat packet. */
847 static sctp_disposition_t sctp_sf_heartbeat(const struct sctp_endpoint *ep,
848 const struct sctp_association *asoc,
849 const sctp_subtype_t type,
851 sctp_cmd_seq_t *commands)
853 struct sctp_transport *transport = (struct sctp_transport *) arg;
854 struct sctp_chunk *reply;
855 sctp_sender_hb_info_t hbinfo;
858 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO;
859 hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t));
860 hbinfo.daddr = transport->ipaddr;
861 hbinfo.sent_at = jiffies;
863 /* Send a heartbeat to our peer. */
864 paylen = sizeof(sctp_sender_hb_info_t);
865 reply = sctp_make_heartbeat(asoc, transport, &hbinfo, paylen);
867 return SCTP_DISPOSITION_NOMEM;
869 /* Set rto_pending indicating that an RTT measurement
870 * is started with this heartbeat chunk.
872 sctp_add_cmd_sf(commands, SCTP_CMD_RTO_PENDING,
873 SCTP_TRANSPORT(transport));
875 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
876 return SCTP_DISPOSITION_CONSUME;
879 /* Generate a HEARTBEAT packet on the given transport. */
880 sctp_disposition_t sctp_sf_sendbeat_8_3(const struct sctp_endpoint *ep,
881 const struct sctp_association *asoc,
882 const sctp_subtype_t type,
884 sctp_cmd_seq_t *commands)
886 struct sctp_transport *transport = (struct sctp_transport *) arg;
888 if (asoc->overall_error_count >= asoc->max_retrans) {
889 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
890 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
891 SCTP_U32(SCTP_ERROR_NO_ERROR));
892 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
893 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
894 return SCTP_DISPOSITION_DELETE_TCB;
898 * The Sender-specific Heartbeat Info field should normally include
899 * information about the sender's current time when this HEARTBEAT
900 * chunk is sent and the destination transport address to which this
901 * HEARTBEAT is sent (see Section 8.3).
904 if (transport->param_flags & SPP_HB_ENABLE) {
905 if (SCTP_DISPOSITION_NOMEM ==
906 sctp_sf_heartbeat(ep, asoc, type, arg,
908 return SCTP_DISPOSITION_NOMEM;
909 /* Set transport error counter and association error counter
910 * when sending heartbeat.
912 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSPORT_RESET,
913 SCTP_TRANSPORT(transport));
915 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMER_UPDATE,
916 SCTP_TRANSPORT(transport));
918 return SCTP_DISPOSITION_CONSUME;
922 * Process an heartbeat request.
924 * Section: 8.3 Path Heartbeat
925 * The receiver of the HEARTBEAT should immediately respond with a
926 * HEARTBEAT ACK that contains the Heartbeat Information field copied
927 * from the received HEARTBEAT chunk.
929 * Verification Tag: 8.5 Verification Tag [Normal verification]
930 * When receiving an SCTP packet, the endpoint MUST ensure that the
931 * value in the Verification Tag field of the received SCTP packet
932 * matches its own Tag. If the received Verification Tag value does not
933 * match the receiver's own tag value, the receiver shall silently
934 * discard the packet and shall not process it any further except for
935 * those cases listed in Section 8.5.1 below.
938 * (endpoint, asoc, chunk)
941 * (asoc, reply_msg, msg_up, timers, counters)
943 * The return value is the disposition of the chunk.
945 sctp_disposition_t sctp_sf_beat_8_3(const struct sctp_endpoint *ep,
946 const struct sctp_association *asoc,
947 const sctp_subtype_t type,
949 sctp_cmd_seq_t *commands)
951 struct sctp_chunk *chunk = arg;
952 struct sctp_chunk *reply;
955 if (!sctp_vtag_verify(chunk, asoc))
956 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
958 /* Make sure that the HEARTBEAT chunk has a valid length. */
959 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_heartbeat_chunk_t)))
960 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
963 /* 8.3 The receiver of the HEARTBEAT should immediately
964 * respond with a HEARTBEAT ACK that contains the Heartbeat
965 * Information field copied from the received HEARTBEAT chunk.
967 chunk->subh.hb_hdr = (sctp_heartbeathdr_t *) chunk->skb->data;
968 paylen = ntohs(chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
969 if (!pskb_pull(chunk->skb, paylen))
972 reply = sctp_make_heartbeat_ack(asoc, chunk,
973 chunk->subh.hb_hdr, paylen);
977 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
978 return SCTP_DISPOSITION_CONSUME;
981 return SCTP_DISPOSITION_NOMEM;
985 * Process the returning HEARTBEAT ACK.
987 * Section: 8.3 Path Heartbeat
988 * Upon the receipt of the HEARTBEAT ACK, the sender of the HEARTBEAT
989 * should clear the error counter of the destination transport
990 * address to which the HEARTBEAT was sent, and mark the destination
991 * transport address as active if it is not so marked. The endpoint may
992 * optionally report to the upper layer when an inactive destination
993 * address is marked as active due to the reception of the latest
994 * HEARTBEAT ACK. The receiver of the HEARTBEAT ACK must also
995 * clear the association overall error count as well (as defined
998 * The receiver of the HEARTBEAT ACK should also perform an RTT
999 * measurement for that destination transport address using the time
1000 * value carried in the HEARTBEAT ACK chunk.
1002 * Verification Tag: 8.5 Verification Tag [Normal verification]
1005 * (endpoint, asoc, chunk)
1008 * (asoc, reply_msg, msg_up, timers, counters)
1010 * The return value is the disposition of the chunk.
1012 sctp_disposition_t sctp_sf_backbeat_8_3(const struct sctp_endpoint *ep,
1013 const struct sctp_association *asoc,
1014 const sctp_subtype_t type,
1016 sctp_cmd_seq_t *commands)
1018 struct sctp_chunk *chunk = arg;
1019 union sctp_addr from_addr;
1020 struct sctp_transport *link;
1021 sctp_sender_hb_info_t *hbinfo;
1022 unsigned long max_interval;
1024 if (!sctp_vtag_verify(chunk, asoc))
1025 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1027 /* Make sure that the HEARTBEAT-ACK chunk has a valid length. */
1028 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_heartbeat_chunk_t)))
1029 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
1032 hbinfo = (sctp_sender_hb_info_t *) chunk->skb->data;
1033 /* Make sure that the length of the parameter is what we expect */
1034 if (ntohs(hbinfo->param_hdr.length) !=
1035 sizeof(sctp_sender_hb_info_t)) {
1036 return SCTP_DISPOSITION_DISCARD;
1039 from_addr = hbinfo->daddr;
1040 link = sctp_assoc_lookup_paddr(asoc, &from_addr);
1042 /* This should never happen, but lets log it if so. */
1043 if (unlikely(!link)) {
1044 if (from_addr.sa.sa_family == AF_INET6) {
1046 "%s association %p could not find address "
1050 NIP6(from_addr.v6.sin6_addr));
1053 "%s association %p could not find address "
1057 NIPQUAD(from_addr.v4.sin_addr.s_addr));
1059 return SCTP_DISPOSITION_DISCARD;
1062 max_interval = link->hbinterval + link->rto;
1064 /* Check if the timestamp looks valid. */
1065 if (time_after(hbinfo->sent_at, jiffies) ||
1066 time_after(jiffies, hbinfo->sent_at + max_interval)) {
1067 SCTP_DEBUG_PRINTK("%s: HEARTBEAT ACK with invalid timestamp"
1068 "received for transport: %p\n",
1069 __FUNCTION__, link);
1070 return SCTP_DISPOSITION_DISCARD;
1073 /* 8.3 Upon the receipt of the HEARTBEAT ACK, the sender of
1074 * the HEARTBEAT should clear the error counter of the
1075 * destination transport address to which the HEARTBEAT was
1076 * sent and mark the destination transport address as active if
1077 * it is not so marked.
1079 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSPORT_ON, SCTP_TRANSPORT(link));
1081 return SCTP_DISPOSITION_CONSUME;
1084 /* Helper function to send out an abort for the restart
1087 static int sctp_sf_send_restart_abort(union sctp_addr *ssa,
1088 struct sctp_chunk *init,
1089 sctp_cmd_seq_t *commands)
1092 struct sctp_packet *pkt;
1093 union sctp_addr_param *addrparm;
1094 struct sctp_errhdr *errhdr;
1095 struct sctp_endpoint *ep;
1096 char buffer[sizeof(struct sctp_errhdr)+sizeof(union sctp_addr_param)];
1097 struct sctp_af *af = sctp_get_af_specific(ssa->v4.sin_family);
1099 /* Build the error on the stack. We are way to malloc crazy
1100 * throughout the code today.
1102 errhdr = (struct sctp_errhdr *)buffer;
1103 addrparm = (union sctp_addr_param *)errhdr->variable;
1105 /* Copy into a parm format. */
1106 len = af->to_addr_param(ssa, addrparm);
1107 len += sizeof(sctp_errhdr_t);
1109 errhdr->cause = SCTP_ERROR_RESTART;
1110 errhdr->length = htons(len);
1112 /* Assign to the control socket. */
1113 ep = sctp_sk((sctp_get_ctl_sock()))->ep;
1115 /* Association is NULL since this may be a restart attack and we
1116 * want to send back the attacker's vtag.
1118 pkt = sctp_abort_pkt_new(ep, NULL, init, errhdr, len);
1122 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT, SCTP_PACKET(pkt));
1124 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
1126 /* Discard the rest of the inbound packet. */
1127 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET, SCTP_NULL());
1130 /* Even if there is no memory, treat as a failure so
1131 * the packet will get dropped.
1136 /* A restart is occurring, check to make sure no new addresses
1137 * are being added as we may be under a takeover attack.
1139 static int sctp_sf_check_restart_addrs(const struct sctp_association *new_asoc,
1140 const struct sctp_association *asoc,
1141 struct sctp_chunk *init,
1142 sctp_cmd_seq_t *commands)
1144 struct sctp_transport *new_addr, *addr;
1145 struct list_head *pos, *pos2;
1148 /* Implementor's Guide - Sectin 5.2.2
1150 * Before responding the endpoint MUST check to see if the
1151 * unexpected INIT adds new addresses to the association. If new
1152 * addresses are added to the association, the endpoint MUST respond
1156 /* Search through all current addresses and make sure
1157 * we aren't adding any new ones.
1162 list_for_each(pos, &new_asoc->peer.transport_addr_list) {
1163 new_addr = list_entry(pos, struct sctp_transport, transports);
1165 list_for_each(pos2, &asoc->peer.transport_addr_list) {
1166 addr = list_entry(pos2, struct sctp_transport,
1168 if (sctp_cmp_addr_exact(&new_addr->ipaddr,
1178 /* If a new address was added, ABORT the sender. */
1179 if (!found && new_addr) {
1180 sctp_sf_send_restart_abort(&new_addr->ipaddr, init, commands);
1183 /* Return success if all addresses were found. */
1187 /* Populate the verification/tie tags based on overlapping INIT
1190 * Note: Do not use in CLOSED or SHUTDOWN-ACK-SENT state.
1192 static void sctp_tietags_populate(struct sctp_association *new_asoc,
1193 const struct sctp_association *asoc)
1195 switch (asoc->state) {
1197 /* 5.2.1 INIT received in COOKIE-WAIT or COOKIE-ECHOED State */
1199 case SCTP_STATE_COOKIE_WAIT:
1200 new_asoc->c.my_vtag = asoc->c.my_vtag;
1201 new_asoc->c.my_ttag = asoc->c.my_vtag;
1202 new_asoc->c.peer_ttag = 0;
1205 case SCTP_STATE_COOKIE_ECHOED:
1206 new_asoc->c.my_vtag = asoc->c.my_vtag;
1207 new_asoc->c.my_ttag = asoc->c.my_vtag;
1208 new_asoc->c.peer_ttag = asoc->c.peer_vtag;
1211 /* 5.2.2 Unexpected INIT in States Other than CLOSED, COOKIE-ECHOED,
1212 * COOKIE-WAIT and SHUTDOWN-ACK-SENT
1215 new_asoc->c.my_ttag = asoc->c.my_vtag;
1216 new_asoc->c.peer_ttag = asoc->c.peer_vtag;
1220 /* Other parameters for the endpoint SHOULD be copied from the
1221 * existing parameters of the association (e.g. number of
1222 * outbound streams) into the INIT ACK and cookie.
1224 new_asoc->rwnd = asoc->rwnd;
1225 new_asoc->c.sinit_num_ostreams = asoc->c.sinit_num_ostreams;
1226 new_asoc->c.sinit_max_instreams = asoc->c.sinit_max_instreams;
1227 new_asoc->c.initial_tsn = asoc->c.initial_tsn;
1231 * Compare vtag/tietag values to determine unexpected COOKIE-ECHO
1234 * RFC 2960 5.2.4 Handle a COOKIE ECHO when a TCB exists.
1236 * Returns value representing action to be taken. These action values
1237 * correspond to Action/Description values in RFC 2960, Table 2.
1239 static char sctp_tietags_compare(struct sctp_association *new_asoc,
1240 const struct sctp_association *asoc)
1242 /* In this case, the peer may have restarted. */
1243 if ((asoc->c.my_vtag != new_asoc->c.my_vtag) &&
1244 (asoc->c.peer_vtag != new_asoc->c.peer_vtag) &&
1245 (asoc->c.my_vtag == new_asoc->c.my_ttag) &&
1246 (asoc->c.peer_vtag == new_asoc->c.peer_ttag))
1249 /* Collision case B. */
1250 if ((asoc->c.my_vtag == new_asoc->c.my_vtag) &&
1251 ((asoc->c.peer_vtag != new_asoc->c.peer_vtag) ||
1252 (0 == asoc->c.peer_vtag))) {
1256 /* Collision case D. */
1257 if ((asoc->c.my_vtag == new_asoc->c.my_vtag) &&
1258 (asoc->c.peer_vtag == new_asoc->c.peer_vtag))
1261 /* Collision case C. */
1262 if ((asoc->c.my_vtag != new_asoc->c.my_vtag) &&
1263 (asoc->c.peer_vtag == new_asoc->c.peer_vtag) &&
1264 (0 == new_asoc->c.my_ttag) &&
1265 (0 == new_asoc->c.peer_ttag))
1268 /* No match to any of the special cases; discard this packet. */
1272 /* Common helper routine for both duplicate and simulataneous INIT
1275 static sctp_disposition_t sctp_sf_do_unexpected_init(
1276 const struct sctp_endpoint *ep,
1277 const struct sctp_association *asoc,
1278 const sctp_subtype_t type,
1279 void *arg, sctp_cmd_seq_t *commands)
1281 sctp_disposition_t retval;
1282 struct sctp_chunk *chunk = arg;
1283 struct sctp_chunk *repl;
1284 struct sctp_association *new_asoc;
1285 struct sctp_chunk *err_chunk;
1286 struct sctp_packet *packet;
1287 sctp_unrecognized_param_t *unk_param;
1291 * An endpoint MUST NOT bundle INIT, INIT ACK or
1292 * SHUTDOWN COMPLETE with any other chunks.
1295 * Furthermore, we require that the receiver of an INIT chunk MUST
1296 * enforce these rules by silently discarding an arriving packet
1297 * with an INIT chunk that is bundled with other chunks.
1299 if (!chunk->singleton)
1300 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1302 /* 3.1 A packet containing an INIT chunk MUST have a zero Verification
1305 if (chunk->sctp_hdr->vtag != 0)
1306 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
1308 /* Make sure that the INIT chunk has a valid length.
1309 * In this case, we generate a protocol violation since we have
1310 * an association established.
1312 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_init_chunk_t)))
1313 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
1315 /* Grab the INIT header. */
1316 chunk->subh.init_hdr = (sctp_inithdr_t *) chunk->skb->data;
1318 /* Tag the variable length parameters. */
1319 chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t));
1321 /* Verify the INIT chunk before processing it. */
1323 if (!sctp_verify_init(asoc, chunk->chunk_hdr->type,
1324 (sctp_init_chunk_t *)chunk->chunk_hdr, chunk,
1326 /* This chunk contains fatal error. It is to be discarded.
1327 * Send an ABORT, with causes if there is any.
1330 packet = sctp_abort_pkt_new(ep, asoc, arg,
1331 (__u8 *)(err_chunk->chunk_hdr) +
1332 sizeof(sctp_chunkhdr_t),
1333 ntohs(err_chunk->chunk_hdr->length) -
1334 sizeof(sctp_chunkhdr_t));
1337 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
1338 SCTP_PACKET(packet));
1339 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
1340 retval = SCTP_DISPOSITION_CONSUME;
1342 retval = SCTP_DISPOSITION_NOMEM;
1346 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg,
1352 * Other parameters for the endpoint SHOULD be copied from the
1353 * existing parameters of the association (e.g. number of
1354 * outbound streams) into the INIT ACK and cookie.
1355 * FIXME: We are copying parameters from the endpoint not the
1358 new_asoc = sctp_make_temp_asoc(ep, chunk, GFP_ATOMIC);
1362 /* In the outbound INIT ACK the endpoint MUST copy its current
1363 * Verification Tag and Peers Verification tag into a reserved
1364 * place (local tie-tag and per tie-tag) within the state cookie.
1366 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
1368 (sctp_init_chunk_t *)chunk->chunk_hdr,
1370 retval = SCTP_DISPOSITION_NOMEM;
1374 /* Make sure no new addresses are being added during the
1375 * restart. Do not do this check for COOKIE-WAIT state,
1376 * since there are no peer addresses to check against.
1377 * Upon return an ABORT will have been sent if needed.
1379 if (!sctp_state(asoc, COOKIE_WAIT)) {
1380 if (!sctp_sf_check_restart_addrs(new_asoc, asoc, chunk,
1382 retval = SCTP_DISPOSITION_CONSUME;
1387 sctp_tietags_populate(new_asoc, asoc);
1389 /* B) "Z" shall respond immediately with an INIT ACK chunk. */
1391 /* If there are errors need to be reported for unknown parameters,
1392 * make sure to reserve enough room in the INIT ACK for them.
1396 len = ntohs(err_chunk->chunk_hdr->length) -
1397 sizeof(sctp_chunkhdr_t);
1400 if (sctp_assoc_set_bind_addr_from_ep(new_asoc, GFP_ATOMIC) < 0)
1403 repl = sctp_make_init_ack(new_asoc, chunk, GFP_ATOMIC, len);
1407 /* If there are errors need to be reported for unknown parameters,
1408 * include them in the outgoing INIT ACK as "Unrecognized parameter"
1412 /* Get the "Unrecognized parameter" parameter(s) out of the
1413 * ERROR chunk generated by sctp_verify_init(). Since the
1414 * error cause code for "unknown parameter" and the
1415 * "Unrecognized parameter" type is the same, we can
1416 * construct the parameters in INIT ACK by copying the
1417 * ERROR causes over.
1419 unk_param = (sctp_unrecognized_param_t *)
1420 ((__u8 *)(err_chunk->chunk_hdr) +
1421 sizeof(sctp_chunkhdr_t));
1422 /* Replace the cause code with the "Unrecognized parameter"
1425 sctp_addto_chunk(repl, len, unk_param);
1428 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
1429 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1432 * Note: After sending out INIT ACK with the State Cookie parameter,
1433 * "Z" MUST NOT allocate any resources for this new association.
1434 * Otherwise, "Z" will be vulnerable to resource attacks.
1436 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
1437 retval = SCTP_DISPOSITION_CONSUME;
1441 sctp_chunk_free(err_chunk);
1444 retval = SCTP_DISPOSITION_NOMEM;
1448 sctp_association_free(new_asoc);
1453 * Handle simultanous INIT.
1454 * This means we started an INIT and then we got an INIT request from
1457 * Section: 5.2.1 INIT received in COOKIE-WAIT or COOKIE-ECHOED State (Item B)
1458 * This usually indicates an initialization collision, i.e., each
1459 * endpoint is attempting, at about the same time, to establish an
1460 * association with the other endpoint.
1462 * Upon receipt of an INIT in the COOKIE-WAIT or COOKIE-ECHOED state, an
1463 * endpoint MUST respond with an INIT ACK using the same parameters it
1464 * sent in its original INIT chunk (including its Verification Tag,
1465 * unchanged). These original parameters are combined with those from the
1466 * newly received INIT chunk. The endpoint shall also generate a State
1467 * Cookie with the INIT ACK. The endpoint uses the parameters sent in its
1468 * INIT to calculate the State Cookie.
1470 * After that, the endpoint MUST NOT change its state, the T1-init
1471 * timer shall be left running and the corresponding TCB MUST NOT be
1472 * destroyed. The normal procedures for handling State Cookies when
1473 * a TCB exists will resolve the duplicate INITs to a single association.
1475 * For an endpoint that is in the COOKIE-ECHOED state it MUST populate
1476 * its Tie-Tags with the Tag information of itself and its peer (see
1477 * section 5.2.2 for a description of the Tie-Tags).
1479 * Verification Tag: Not explicit, but an INIT can not have a valid
1480 * verification tag, so we skip the check.
1483 * (endpoint, asoc, chunk)
1486 * (asoc, reply_msg, msg_up, timers, counters)
1488 * The return value is the disposition of the chunk.
1490 sctp_disposition_t sctp_sf_do_5_2_1_siminit(const struct sctp_endpoint *ep,
1491 const struct sctp_association *asoc,
1492 const sctp_subtype_t type,
1494 sctp_cmd_seq_t *commands)
1496 /* Call helper to do the real work for both simulataneous and
1497 * duplicate INIT chunk handling.
1499 return sctp_sf_do_unexpected_init(ep, asoc, type, arg, commands);
1503 * Handle duplicated INIT messages. These are usually delayed
1506 * Section: 5.2.2 Unexpected INIT in States Other than CLOSED,
1507 * COOKIE-ECHOED and COOKIE-WAIT
1509 * Unless otherwise stated, upon reception of an unexpected INIT for
1510 * this association, the endpoint shall generate an INIT ACK with a
1511 * State Cookie. In the outbound INIT ACK the endpoint MUST copy its
1512 * current Verification Tag and peer's Verification Tag into a reserved
1513 * place within the state cookie. We shall refer to these locations as
1514 * the Peer's-Tie-Tag and the Local-Tie-Tag. The outbound SCTP packet
1515 * containing this INIT ACK MUST carry a Verification Tag value equal to
1516 * the Initiation Tag found in the unexpected INIT. And the INIT ACK
1517 * MUST contain a new Initiation Tag (randomly generated see Section
1518 * 5.3.1). Other parameters for the endpoint SHOULD be copied from the
1519 * existing parameters of the association (e.g. number of outbound
1520 * streams) into the INIT ACK and cookie.
1522 * After sending out the INIT ACK, the endpoint shall take no further
1523 * actions, i.e., the existing association, including its current state,
1524 * and the corresponding TCB MUST NOT be changed.
1526 * Note: Only when a TCB exists and the association is not in a COOKIE-
1527 * WAIT state are the Tie-Tags populated. For a normal association INIT
1528 * (i.e. the endpoint is in a COOKIE-WAIT state), the Tie-Tags MUST be
1529 * set to 0 (indicating that no previous TCB existed). The INIT ACK and
1530 * State Cookie are populated as specified in section 5.2.1.
1532 * Verification Tag: Not specified, but an INIT has no way of knowing
1533 * what the verification tag could be, so we ignore it.
1536 * (endpoint, asoc, chunk)
1539 * (asoc, reply_msg, msg_up, timers, counters)
1541 * The return value is the disposition of the chunk.
1543 sctp_disposition_t sctp_sf_do_5_2_2_dupinit(const struct sctp_endpoint *ep,
1544 const struct sctp_association *asoc,
1545 const sctp_subtype_t type,
1547 sctp_cmd_seq_t *commands)
1549 /* Call helper to do the real work for both simulataneous and
1550 * duplicate INIT chunk handling.
1552 return sctp_sf_do_unexpected_init(ep, asoc, type, arg, commands);
1557 /* Unexpected COOKIE-ECHO handler for peer restart (Table 2, action 'A')
1560 * A) In this case, the peer may have restarted.
1562 static sctp_disposition_t sctp_sf_do_dupcook_a(const struct sctp_endpoint *ep,
1563 const struct sctp_association *asoc,
1564 struct sctp_chunk *chunk,
1565 sctp_cmd_seq_t *commands,
1566 struct sctp_association *new_asoc)
1568 sctp_init_chunk_t *peer_init;
1569 struct sctp_ulpevent *ev;
1570 struct sctp_chunk *repl;
1571 struct sctp_chunk *err;
1572 sctp_disposition_t disposition;
1574 /* new_asoc is a brand-new association, so these are not yet
1575 * side effects--it is safe to run them here.
1577 peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
1579 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
1580 sctp_source(chunk), peer_init,
1584 /* Make sure no new addresses are being added during the
1585 * restart. Though this is a pretty complicated attack
1586 * since you'd have to get inside the cookie.
1588 if (!sctp_sf_check_restart_addrs(new_asoc, asoc, chunk, commands)) {
1589 return SCTP_DISPOSITION_CONSUME;
1592 /* If the endpoint is in the SHUTDOWN-ACK-SENT state and recognizes
1593 * the peer has restarted (Action A), it MUST NOT setup a new
1594 * association but instead resend the SHUTDOWN ACK and send an ERROR
1595 * chunk with a "Cookie Received while Shutting Down" error cause to
1598 if (sctp_state(asoc, SHUTDOWN_ACK_SENT)) {
1599 disposition = sctp_sf_do_9_2_reshutack(ep, asoc,
1600 SCTP_ST_CHUNK(chunk->chunk_hdr->type),
1602 if (SCTP_DISPOSITION_NOMEM == disposition)
1605 err = sctp_make_op_error(asoc, chunk,
1606 SCTP_ERROR_COOKIE_IN_SHUTDOWN,
1609 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
1612 return SCTP_DISPOSITION_CONSUME;
1615 /* For now, fail any unsent/unacked data. Consider the optional
1616 * choice of resending of this data.
1618 sctp_add_cmd_sf(commands, SCTP_CMD_PURGE_OUTQUEUE, SCTP_NULL());
1620 /* Update the content of current association. */
1621 sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc));
1623 repl = sctp_make_cookie_ack(new_asoc, chunk);
1627 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1629 /* Report association restart to upper layer. */
1630 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_RESTART, 0,
1631 new_asoc->c.sinit_num_ostreams,
1632 new_asoc->c.sinit_max_instreams,
1637 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
1638 return SCTP_DISPOSITION_CONSUME;
1641 sctp_chunk_free(repl);
1643 return SCTP_DISPOSITION_NOMEM;
1646 /* Unexpected COOKIE-ECHO handler for setup collision (Table 2, action 'B')
1649 * B) In this case, both sides may be attempting to start an association
1650 * at about the same time but the peer endpoint started its INIT
1651 * after responding to the local endpoint's INIT
1653 /* This case represents an initialization collision. */
1654 static sctp_disposition_t sctp_sf_do_dupcook_b(const struct sctp_endpoint *ep,
1655 const struct sctp_association *asoc,
1656 struct sctp_chunk *chunk,
1657 sctp_cmd_seq_t *commands,
1658 struct sctp_association *new_asoc)
1660 sctp_init_chunk_t *peer_init;
1661 struct sctp_ulpevent *ev;
1662 struct sctp_chunk *repl;
1664 /* new_asoc is a brand-new association, so these are not yet
1665 * side effects--it is safe to run them here.
1667 peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
1668 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
1669 sctp_source(chunk), peer_init,
1673 /* Update the content of current association. */
1674 sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc));
1675 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
1676 SCTP_STATE(SCTP_STATE_ESTABLISHED));
1677 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
1678 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
1680 repl = sctp_make_cookie_ack(new_asoc, chunk);
1684 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1685 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
1687 /* RFC 2960 5.1 Normal Establishment of an Association
1689 * D) IMPLEMENTATION NOTE: An implementation may choose to
1690 * send the Communication Up notification to the SCTP user
1691 * upon reception of a valid COOKIE ECHO chunk.
1693 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_COMM_UP, 0,
1694 new_asoc->c.sinit_num_ostreams,
1695 new_asoc->c.sinit_max_instreams,
1700 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
1702 /* Sockets API Draft Section 5.3.1.6
1703 * When a peer sends a Adaption Layer Indication parameter , SCTP
1704 * delivers this notification to inform the application that of the
1705 * peers requested adaption layer.
1707 if (asoc->peer.adaption_ind) {
1708 ev = sctp_ulpevent_make_adaption_indication(asoc, GFP_ATOMIC);
1712 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
1716 return SCTP_DISPOSITION_CONSUME;
1719 sctp_chunk_free(repl);
1721 return SCTP_DISPOSITION_NOMEM;
1724 /* Unexpected COOKIE-ECHO handler for setup collision (Table 2, action 'C')
1727 * C) In this case, the local endpoint's cookie has arrived late.
1728 * Before it arrived, the local endpoint sent an INIT and received an
1729 * INIT-ACK and finally sent a COOKIE ECHO with the peer's same tag
1730 * but a new tag of its own.
1732 /* This case represents an initialization collision. */
1733 static sctp_disposition_t sctp_sf_do_dupcook_c(const struct sctp_endpoint *ep,
1734 const struct sctp_association *asoc,
1735 struct sctp_chunk *chunk,
1736 sctp_cmd_seq_t *commands,
1737 struct sctp_association *new_asoc)
1739 /* The cookie should be silently discarded.
1740 * The endpoint SHOULD NOT change states and should leave
1741 * any timers running.
1743 return SCTP_DISPOSITION_DISCARD;
1746 /* Unexpected COOKIE-ECHO handler lost chunk (Table 2, action 'D')
1750 * D) When both local and remote tags match the endpoint should always
1751 * enter the ESTABLISHED state, if it has not already done so.
1753 /* This case represents an initialization collision. */
1754 static sctp_disposition_t sctp_sf_do_dupcook_d(const struct sctp_endpoint *ep,
1755 const struct sctp_association *asoc,
1756 struct sctp_chunk *chunk,
1757 sctp_cmd_seq_t *commands,
1758 struct sctp_association *new_asoc)
1760 struct sctp_ulpevent *ev = NULL;
1761 struct sctp_chunk *repl;
1763 /* Clarification from Implementor's Guide:
1764 * D) When both local and remote tags match the endpoint should
1765 * enter the ESTABLISHED state, if it is in the COOKIE-ECHOED state.
1766 * It should stop any cookie timer that may be running and send
1770 /* Don't accidentally move back into established state. */
1771 if (asoc->state < SCTP_STATE_ESTABLISHED) {
1772 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
1773 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
1774 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
1775 SCTP_STATE(SCTP_STATE_ESTABLISHED));
1776 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
1777 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START,
1780 /* RFC 2960 5.1 Normal Establishment of an Association
1782 * D) IMPLEMENTATION NOTE: An implementation may choose
1783 * to send the Communication Up notification to the
1784 * SCTP user upon reception of a valid COOKIE
1787 ev = sctp_ulpevent_make_assoc_change(new_asoc, 0,
1789 new_asoc->c.sinit_num_ostreams,
1790 new_asoc->c.sinit_max_instreams,
1794 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
1797 /* Sockets API Draft Section 5.3.1.6
1798 * When a peer sends a Adaption Layer Indication parameter,
1799 * SCTP delivers this notification to inform the application
1800 * that of the peers requested adaption layer.
1802 if (new_asoc->peer.adaption_ind) {
1803 ev = sctp_ulpevent_make_adaption_indication(new_asoc,
1808 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
1812 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
1814 repl = sctp_make_cookie_ack(new_asoc, chunk);
1818 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1819 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
1821 return SCTP_DISPOSITION_CONSUME;
1825 sctp_ulpevent_free(ev);
1826 return SCTP_DISPOSITION_NOMEM;
1830 * Handle a duplicate COOKIE-ECHO. This usually means a cookie-carrying
1831 * chunk was retransmitted and then delayed in the network.
1833 * Section: 5.2.4 Handle a COOKIE ECHO when a TCB exists
1835 * Verification Tag: None. Do cookie validation.
1838 * (endpoint, asoc, chunk)
1841 * (asoc, reply_msg, msg_up, timers, counters)
1843 * The return value is the disposition of the chunk.
1845 sctp_disposition_t sctp_sf_do_5_2_4_dupcook(const struct sctp_endpoint *ep,
1846 const struct sctp_association *asoc,
1847 const sctp_subtype_t type,
1849 sctp_cmd_seq_t *commands)
1851 sctp_disposition_t retval;
1852 struct sctp_chunk *chunk = arg;
1853 struct sctp_association *new_asoc;
1856 struct sctp_chunk *err_chk_p;
1858 /* Make sure that the chunk has a valid length from the protocol
1859 * perspective. In this case check to make sure we have at least
1860 * enough for the chunk header. Cookie length verification is
1863 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
1864 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
1867 /* "Decode" the chunk. We have no optional parameters so we
1868 * are in good shape.
1870 chunk->subh.cookie_hdr = (struct sctp_signed_cookie *)chunk->skb->data;
1871 if (!pskb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) -
1872 sizeof(sctp_chunkhdr_t)))
1875 /* In RFC 2960 5.2.4 3, if both Verification Tags in the State Cookie
1876 * of a duplicate COOKIE ECHO match the Verification Tags of the
1877 * current association, consider the State Cookie valid even if
1878 * the lifespan is exceeded.
1880 new_asoc = sctp_unpack_cookie(ep, asoc, chunk, GFP_ATOMIC, &error,
1884 * If the re-build failed, what is the proper error path
1887 * [We should abort the association. --piggy]
1890 /* FIXME: Several errors are possible. A bad cookie should
1891 * be silently discarded, but think about logging it too.
1894 case -SCTP_IERROR_NOMEM:
1897 case -SCTP_IERROR_STALE_COOKIE:
1898 sctp_send_stale_cookie_err(ep, asoc, chunk, commands,
1900 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1901 case -SCTP_IERROR_BAD_SIG:
1903 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1907 /* Compare the tie_tag in cookie with the verification tag of
1908 * current association.
1910 action = sctp_tietags_compare(new_asoc, asoc);
1913 case 'A': /* Association restart. */
1914 retval = sctp_sf_do_dupcook_a(ep, asoc, chunk, commands,
1918 case 'B': /* Collision case B. */
1919 retval = sctp_sf_do_dupcook_b(ep, asoc, chunk, commands,
1923 case 'C': /* Collision case C. */
1924 retval = sctp_sf_do_dupcook_c(ep, asoc, chunk, commands,
1928 case 'D': /* Collision case D. */
1929 retval = sctp_sf_do_dupcook_d(ep, asoc, chunk, commands,
1933 default: /* Discard packet for all others. */
1934 retval = sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1938 /* Delete the tempory new association. */
1939 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
1940 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
1945 return SCTP_DISPOSITION_NOMEM;
1949 * Process an ABORT. (SHUTDOWN-PENDING state)
1951 * See sctp_sf_do_9_1_abort().
1953 sctp_disposition_t sctp_sf_shutdown_pending_abort(
1954 const struct sctp_endpoint *ep,
1955 const struct sctp_association *asoc,
1956 const sctp_subtype_t type,
1958 sctp_cmd_seq_t *commands)
1960 struct sctp_chunk *chunk = arg;
1962 if (!sctp_vtag_verify_either(chunk, asoc))
1963 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1965 /* Make sure that the ABORT chunk has a valid length.
1966 * Since this is an ABORT chunk, we have to discard it
1967 * because of the following text:
1968 * RFC 2960, Section 3.3.7
1969 * If an endpoint receives an ABORT with a format error or for an
1970 * association that doesn't exist, it MUST silently discard it.
1971 * Becasue the length is "invalid", we can't really discard just
1972 * as we do not know its true length. So, to be safe, discard the
1975 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_abort_chunk_t)))
1976 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1978 /* Stop the T5-shutdown guard timer. */
1979 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
1980 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
1982 return sctp_sf_do_9_1_abort(ep, asoc, type, arg, commands);
1986 * Process an ABORT. (SHUTDOWN-SENT state)
1988 * See sctp_sf_do_9_1_abort().
1990 sctp_disposition_t sctp_sf_shutdown_sent_abort(const struct sctp_endpoint *ep,
1991 const struct sctp_association *asoc,
1992 const sctp_subtype_t type,
1994 sctp_cmd_seq_t *commands)
1996 struct sctp_chunk *chunk = arg;
1998 if (!sctp_vtag_verify_either(chunk, asoc))
1999 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2001 /* Make sure that the ABORT chunk has a valid length.
2002 * Since this is an ABORT chunk, we have to discard it
2003 * because of the following text:
2004 * RFC 2960, Section 3.3.7
2005 * If an endpoint receives an ABORT with a format error or for an
2006 * association that doesn't exist, it MUST silently discard it.
2007 * Becasue the length is "invalid", we can't really discard just
2008 * as we do not know its true length. So, to be safe, discard the
2011 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_abort_chunk_t)))
2012 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2014 /* Stop the T2-shutdown timer. */
2015 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2016 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
2018 /* Stop the T5-shutdown guard timer. */
2019 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2020 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
2022 return sctp_sf_do_9_1_abort(ep, asoc, type, arg, commands);
2026 * Process an ABORT. (SHUTDOWN-ACK-SENT state)
2028 * See sctp_sf_do_9_1_abort().
2030 sctp_disposition_t sctp_sf_shutdown_ack_sent_abort(
2031 const struct sctp_endpoint *ep,
2032 const struct sctp_association *asoc,
2033 const sctp_subtype_t type,
2035 sctp_cmd_seq_t *commands)
2037 /* The same T2 timer, so we should be able to use
2038 * common function with the SHUTDOWN-SENT state.
2040 return sctp_sf_shutdown_sent_abort(ep, asoc, type, arg, commands);
2044 * Handle an Error received in COOKIE_ECHOED state.
2046 * Only handle the error type of stale COOKIE Error, the other errors will
2050 * (endpoint, asoc, chunk)
2053 * (asoc, reply_msg, msg_up, timers, counters)
2055 * The return value is the disposition of the chunk.
2057 sctp_disposition_t sctp_sf_cookie_echoed_err(const struct sctp_endpoint *ep,
2058 const struct sctp_association *asoc,
2059 const sctp_subtype_t type,
2061 sctp_cmd_seq_t *commands)
2063 struct sctp_chunk *chunk = arg;
2066 if (!sctp_vtag_verify(chunk, asoc))
2067 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2069 /* Make sure that the ERROR chunk has a valid length.
2070 * The parameter walking depends on this as well.
2072 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_operr_chunk_t)))
2073 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2076 /* Process the error here */
2077 /* FUTURE FIXME: When PR-SCTP related and other optional
2078 * parms are emitted, this will have to change to handle multiple
2081 sctp_walk_errors(err, chunk->chunk_hdr) {
2082 if (SCTP_ERROR_STALE_COOKIE == err->cause)
2083 return sctp_sf_do_5_2_6_stale(ep, asoc, type,
2087 /* It is possible to have malformed error causes, and that
2088 * will cause us to end the walk early. However, since
2089 * we are discarding the packet, there should be no adverse
2092 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2096 * Handle a Stale COOKIE Error
2098 * Section: 5.2.6 Handle Stale COOKIE Error
2099 * If the association is in the COOKIE-ECHOED state, the endpoint may elect
2100 * one of the following three alternatives.
2102 * 3) Send a new INIT chunk to the endpoint, adding a Cookie
2103 * Preservative parameter requesting an extension to the lifetime of
2104 * the State Cookie. When calculating the time extension, an
2105 * implementation SHOULD use the RTT information measured based on the
2106 * previous COOKIE ECHO / ERROR exchange, and should add no more
2107 * than 1 second beyond the measured RTT, due to long State Cookie
2108 * lifetimes making the endpoint more subject to a replay attack.
2110 * Verification Tag: Not explicit, but safe to ignore.
2113 * (endpoint, asoc, chunk)
2116 * (asoc, reply_msg, msg_up, timers, counters)
2118 * The return value is the disposition of the chunk.
2120 static sctp_disposition_t sctp_sf_do_5_2_6_stale(const struct sctp_endpoint *ep,
2121 const struct sctp_association *asoc,
2122 const sctp_subtype_t type,
2124 sctp_cmd_seq_t *commands)
2126 struct sctp_chunk *chunk = arg;
2128 sctp_cookie_preserve_param_t bht;
2130 struct sctp_chunk *reply;
2131 struct sctp_bind_addr *bp;
2132 int attempts = asoc->init_err_counter + 1;
2134 if (attempts > asoc->max_init_attempts) {
2135 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
2136 SCTP_U32(SCTP_ERROR_STALE_COOKIE));
2137 return SCTP_DISPOSITION_DELETE_TCB;
2140 err = (sctp_errhdr_t *)(chunk->skb->data);
2142 /* When calculating the time extension, an implementation
2143 * SHOULD use the RTT information measured based on the
2144 * previous COOKIE ECHO / ERROR exchange, and should add no
2145 * more than 1 second beyond the measured RTT, due to long
2146 * State Cookie lifetimes making the endpoint more subject to
2148 * Measure of Staleness's unit is usec. (1/1000000 sec)
2149 * Suggested Cookie Life-span Increment's unit is msec.
2151 * In general, if you use the suggested cookie life, the value
2152 * found in the field of measure of staleness should be doubled
2153 * to give ample time to retransmit the new cookie and thus
2154 * yield a higher probability of success on the reattempt.
2156 stale = ntohl(*(suseconds_t *)((u8 *)err + sizeof(sctp_errhdr_t)));
2157 stale = (stale * 2) / 1000;
2159 bht.param_hdr.type = SCTP_PARAM_COOKIE_PRESERVATIVE;
2160 bht.param_hdr.length = htons(sizeof(bht));
2161 bht.lifespan_increment = htonl(stale);
2163 /* Build that new INIT chunk. */
2164 bp = (struct sctp_bind_addr *) &asoc->base.bind_addr;
2165 reply = sctp_make_init(asoc, bp, GFP_ATOMIC, sizeof(bht));
2169 sctp_addto_chunk(reply, sizeof(bht), &bht);
2171 /* Clear peer's init_tag cached in assoc as we are sending a new INIT */
2172 sctp_add_cmd_sf(commands, SCTP_CMD_CLEAR_INIT_TAG, SCTP_NULL());
2174 /* Stop pending T3-rtx and heartbeat timers */
2175 sctp_add_cmd_sf(commands, SCTP_CMD_T3_RTX_TIMERS_STOP, SCTP_NULL());
2176 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_STOP, SCTP_NULL());
2178 /* Delete non-primary peer ip addresses since we are transitioning
2179 * back to the COOKIE-WAIT state
2181 sctp_add_cmd_sf(commands, SCTP_CMD_DEL_NON_PRIMARY, SCTP_NULL());
2183 /* If we've sent any data bundled with COOKIE-ECHO we will need to
2186 sctp_add_cmd_sf(commands, SCTP_CMD_RETRAN,
2187 SCTP_TRANSPORT(asoc->peer.primary_path));
2189 /* Cast away the const modifier, as we want to just
2190 * rerun it through as a sideffect.
2192 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_COUNTER_INC, SCTP_NULL());
2194 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2195 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
2196 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
2197 SCTP_STATE(SCTP_STATE_COOKIE_WAIT));
2198 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
2199 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
2201 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
2203 return SCTP_DISPOSITION_CONSUME;
2206 return SCTP_DISPOSITION_NOMEM;
2213 * After checking the Verification Tag, the receiving endpoint shall
2214 * remove the association from its record, and shall report the
2215 * termination to its upper layer.
2217 * Verification Tag: 8.5.1 Exceptions in Verification Tag Rules
2218 * B) Rules for packet carrying ABORT:
2220 * - The endpoint shall always fill in the Verification Tag field of the
2221 * outbound packet with the destination endpoint's tag value if it
2224 * - If the ABORT is sent in response to an OOTB packet, the endpoint
2225 * MUST follow the procedure described in Section 8.4.
2227 * - The receiver MUST accept the packet if the Verification Tag
2228 * matches either its own tag, OR the tag of its peer. Otherwise, the
2229 * receiver MUST silently discard the packet and take no further
2233 * (endpoint, asoc, chunk)
2236 * (asoc, reply_msg, msg_up, timers, counters)
2238 * The return value is the disposition of the chunk.
2240 sctp_disposition_t sctp_sf_do_9_1_abort(const struct sctp_endpoint *ep,
2241 const struct sctp_association *asoc,
2242 const sctp_subtype_t type,
2244 sctp_cmd_seq_t *commands)
2246 struct sctp_chunk *chunk = arg;
2248 __u16 error = SCTP_ERROR_NO_ERROR;
2250 if (!sctp_vtag_verify_either(chunk, asoc))
2251 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2253 /* Make sure that the ABORT chunk has a valid length.
2254 * Since this is an ABORT chunk, we have to discard it
2255 * because of the following text:
2256 * RFC 2960, Section 3.3.7
2257 * If an endpoint receives an ABORT with a format error or for an
2258 * association that doesn't exist, it MUST silently discard it.
2259 * Becasue the length is "invalid", we can't really discard just
2260 * as we do not know its true length. So, to be safe, discard the
2263 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_abort_chunk_t)))
2264 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2266 /* See if we have an error cause code in the chunk. */
2267 len = ntohs(chunk->chunk_hdr->length);
2268 if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr))
2269 error = ((sctp_errhdr_t *)chunk->skb->data)->cause;
2271 /* ASSOC_FAILED will DELETE_TCB. */
2272 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_U32(error));
2273 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
2274 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
2276 return SCTP_DISPOSITION_ABORT;
2280 * Process an ABORT. (COOKIE-WAIT state)
2282 * See sctp_sf_do_9_1_abort() above.
2284 sctp_disposition_t sctp_sf_cookie_wait_abort(const struct sctp_endpoint *ep,
2285 const struct sctp_association *asoc,
2286 const sctp_subtype_t type,
2288 sctp_cmd_seq_t *commands)
2290 struct sctp_chunk *chunk = arg;
2292 __u16 error = SCTP_ERROR_NO_ERROR;
2294 if (!sctp_vtag_verify_either(chunk, asoc))
2295 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2297 /* Make sure that the ABORT chunk has a valid length.
2298 * Since this is an ABORT chunk, we have to discard it
2299 * because of the following text:
2300 * RFC 2960, Section 3.3.7
2301 * If an endpoint receives an ABORT with a format error or for an
2302 * association that doesn't exist, it MUST silently discard it.
2303 * Becasue the length is "invalid", we can't really discard just
2304 * as we do not know its true length. So, to be safe, discard the
2307 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_abort_chunk_t)))
2308 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2310 /* See if we have an error cause code in the chunk. */
2311 len = ntohs(chunk->chunk_hdr->length);
2312 if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr))
2313 error = ((sctp_errhdr_t *)chunk->skb->data)->cause;
2315 return sctp_stop_t1_and_abort(commands, error, asoc, chunk->transport);
2319 * Process an incoming ICMP as an ABORT. (COOKIE-WAIT state)
2321 sctp_disposition_t sctp_sf_cookie_wait_icmp_abort(const struct sctp_endpoint *ep,
2322 const struct sctp_association *asoc,
2323 const sctp_subtype_t type,
2325 sctp_cmd_seq_t *commands)
2327 return sctp_stop_t1_and_abort(commands, SCTP_ERROR_NO_ERROR, asoc,
2328 (struct sctp_transport *)arg);
2332 * Process an ABORT. (COOKIE-ECHOED state)
2334 sctp_disposition_t sctp_sf_cookie_echoed_abort(const struct sctp_endpoint *ep,
2335 const struct sctp_association *asoc,
2336 const sctp_subtype_t type,
2338 sctp_cmd_seq_t *commands)
2340 /* There is a single T1 timer, so we should be able to use
2341 * common function with the COOKIE-WAIT state.
2343 return sctp_sf_cookie_wait_abort(ep, asoc, type, arg, commands);
2347 * Stop T1 timer and abort association with "INIT failed".
2349 * This is common code called by several sctp_sf_*_abort() functions above.
2351 static sctp_disposition_t sctp_stop_t1_and_abort(sctp_cmd_seq_t *commands,
2353 const struct sctp_association *asoc,
2354 struct sctp_transport *transport)
2356 SCTP_DEBUG_PRINTK("ABORT received (INIT).\n");
2357 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
2358 SCTP_STATE(SCTP_STATE_CLOSED));
2359 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
2360 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2361 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
2362 /* CMD_INIT_FAILED will DELETE_TCB. */
2363 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
2365 return SCTP_DISPOSITION_ABORT;
2369 * sctp_sf_do_9_2_shut
2372 * Upon the reception of the SHUTDOWN, the peer endpoint shall
2373 * - enter the SHUTDOWN-RECEIVED state,
2375 * - stop accepting new data from its SCTP user
2377 * - verify, by checking the Cumulative TSN Ack field of the chunk,
2378 * that all its outstanding DATA chunks have been received by the
2381 * Once an endpoint as reached the SHUTDOWN-RECEIVED state it MUST NOT
2382 * send a SHUTDOWN in response to a ULP request. And should discard
2383 * subsequent SHUTDOWN chunks.
2385 * If there are still outstanding DATA chunks left, the SHUTDOWN
2386 * receiver shall continue to follow normal data transmission
2387 * procedures defined in Section 6 until all outstanding DATA chunks
2388 * are acknowledged; however, the SHUTDOWN receiver MUST NOT accept
2389 * new data from its SCTP user.
2391 * Verification Tag: 8.5 Verification Tag [Normal verification]
2394 * (endpoint, asoc, chunk)
2397 * (asoc, reply_msg, msg_up, timers, counters)
2399 * The return value is the disposition of the chunk.
2401 sctp_disposition_t sctp_sf_do_9_2_shutdown(const struct sctp_endpoint *ep,
2402 const struct sctp_association *asoc,
2403 const sctp_subtype_t type,
2405 sctp_cmd_seq_t *commands)
2407 struct sctp_chunk *chunk = arg;
2408 sctp_shutdownhdr_t *sdh;
2409 sctp_disposition_t disposition;
2410 struct sctp_ulpevent *ev;
2412 if (!sctp_vtag_verify(chunk, asoc))
2413 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2415 /* Make sure that the SHUTDOWN chunk has a valid length. */
2416 if (!sctp_chunk_length_valid(chunk,
2417 sizeof(struct sctp_shutdown_chunk_t)))
2418 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2421 /* Convert the elaborate header. */
2422 sdh = (sctp_shutdownhdr_t *)chunk->skb->data;
2423 skb_pull(chunk->skb, sizeof(sctp_shutdownhdr_t));
2424 chunk->subh.shutdown_hdr = sdh;
2426 /* API 5.3.1.5 SCTP_SHUTDOWN_EVENT
2427 * When a peer sends a SHUTDOWN, SCTP delivers this notification to
2428 * inform the application that it should cease sending data.
2430 ev = sctp_ulpevent_make_shutdown_event(asoc, 0, GFP_ATOMIC);
2432 disposition = SCTP_DISPOSITION_NOMEM;
2435 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
2437 /* Upon the reception of the SHUTDOWN, the peer endpoint shall
2438 * - enter the SHUTDOWN-RECEIVED state,
2439 * - stop accepting new data from its SCTP user
2441 * [This is implicit in the new state.]
2443 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
2444 SCTP_STATE(SCTP_STATE_SHUTDOWN_RECEIVED));
2445 disposition = SCTP_DISPOSITION_CONSUME;
2447 if (sctp_outq_is_empty(&asoc->outqueue)) {
2448 disposition = sctp_sf_do_9_2_shutdown_ack(ep, asoc, type,
2452 if (SCTP_DISPOSITION_NOMEM == disposition)
2455 /* - verify, by checking the Cumulative TSN Ack field of the
2456 * chunk, that all its outstanding DATA chunks have been
2457 * received by the SHUTDOWN sender.
2459 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_CTSN,
2460 SCTP_U32(chunk->subh.shutdown_hdr->cum_tsn_ack));
2467 * If an endpoint is in SHUTDOWN-ACK-SENT state and receives an INIT chunk
2468 * (e.g., if the SHUTDOWN COMPLETE was lost) with source and destination
2469 * transport addresses (either in the IP addresses or in the INIT chunk)
2470 * that belong to this association, it should discard the INIT chunk and
2471 * retransmit the SHUTDOWN ACK chunk.
2473 sctp_disposition_t sctp_sf_do_9_2_reshutack(const struct sctp_endpoint *ep,
2474 const struct sctp_association *asoc,
2475 const sctp_subtype_t type,
2477 sctp_cmd_seq_t *commands)
2479 struct sctp_chunk *chunk = (struct sctp_chunk *) arg;
2480 struct sctp_chunk *reply;
2482 /* Since we are not going to really process this INIT, there
2483 * is no point in verifying chunk boundries. Just generate
2486 reply = sctp_make_shutdown_ack(asoc, chunk);
2490 /* Set the transport for the SHUTDOWN ACK chunk and the timeout for
2491 * the T2-SHUTDOWN timer.
2493 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
2495 /* and restart the T2-shutdown timer. */
2496 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2497 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
2499 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
2501 return SCTP_DISPOSITION_CONSUME;
2503 return SCTP_DISPOSITION_NOMEM;
2507 * sctp_sf_do_ecn_cwr
2509 * Section: Appendix A: Explicit Congestion Notification
2513 * RFC 2481 details a specific bit for a sender to send in the header of
2514 * its next outbound TCP segment to indicate to its peer that it has
2515 * reduced its congestion window. This is termed the CWR bit. For
2516 * SCTP the same indication is made by including the CWR chunk.
2517 * This chunk contains one data element, i.e. the TSN number that
2518 * was sent in the ECNE chunk. This element represents the lowest
2519 * TSN number in the datagram that was originally marked with the
2522 * Verification Tag: 8.5 Verification Tag [Normal verification]
2524 * (endpoint, asoc, chunk)
2527 * (asoc, reply_msg, msg_up, timers, counters)
2529 * The return value is the disposition of the chunk.
2531 sctp_disposition_t sctp_sf_do_ecn_cwr(const struct sctp_endpoint *ep,
2532 const struct sctp_association *asoc,
2533 const sctp_subtype_t type,
2535 sctp_cmd_seq_t *commands)
2538 struct sctp_chunk *chunk = arg;
2540 if (!sctp_vtag_verify(chunk, asoc))
2541 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2543 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_ecne_chunk_t)))
2544 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2547 cwr = (sctp_cwrhdr_t *) chunk->skb->data;
2548 skb_pull(chunk->skb, sizeof(sctp_cwrhdr_t));
2550 cwr->lowest_tsn = ntohl(cwr->lowest_tsn);
2552 /* Does this CWR ack the last sent congestion notification? */
2553 if (TSN_lte(asoc->last_ecne_tsn, cwr->lowest_tsn)) {
2554 /* Stop sending ECNE. */
2555 sctp_add_cmd_sf(commands,
2557 SCTP_U32(cwr->lowest_tsn));
2559 return SCTP_DISPOSITION_CONSUME;
2565 * Section: Appendix A: Explicit Congestion Notification
2569 * RFC 2481 details a specific bit for a receiver to send back in its
2570 * TCP acknowledgements to notify the sender of the Congestion
2571 * Experienced (CE) bit having arrived from the network. For SCTP this
2572 * same indication is made by including the ECNE chunk. This chunk
2573 * contains one data element, i.e. the lowest TSN associated with the IP
2574 * datagram marked with the CE bit.....
2576 * Verification Tag: 8.5 Verification Tag [Normal verification]
2578 * (endpoint, asoc, chunk)
2581 * (asoc, reply_msg, msg_up, timers, counters)
2583 * The return value is the disposition of the chunk.
2585 sctp_disposition_t sctp_sf_do_ecne(const struct sctp_endpoint *ep,
2586 const struct sctp_association *asoc,
2587 const sctp_subtype_t type,
2589 sctp_cmd_seq_t *commands)
2591 sctp_ecnehdr_t *ecne;
2592 struct sctp_chunk *chunk = arg;
2594 if (!sctp_vtag_verify(chunk, asoc))
2595 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2597 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_ecne_chunk_t)))
2598 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2601 ecne = (sctp_ecnehdr_t *) chunk->skb->data;
2602 skb_pull(chunk->skb, sizeof(sctp_ecnehdr_t));
2604 /* If this is a newer ECNE than the last CWR packet we sent out */
2605 sctp_add_cmd_sf(commands, SCTP_CMD_ECN_ECNE,
2606 SCTP_U32(ntohl(ecne->lowest_tsn)));
2608 return SCTP_DISPOSITION_CONSUME;
2612 * Section: 6.2 Acknowledgement on Reception of DATA Chunks
2614 * The SCTP endpoint MUST always acknowledge the reception of each valid
2617 * The guidelines on delayed acknowledgement algorithm specified in
2618 * Section 4.2 of [RFC2581] SHOULD be followed. Specifically, an
2619 * acknowledgement SHOULD be generated for at least every second packet
2620 * (not every second DATA chunk) received, and SHOULD be generated within
2621 * 200 ms of the arrival of any unacknowledged DATA chunk. In some
2622 * situations it may be beneficial for an SCTP transmitter to be more
2623 * conservative than the algorithms detailed in this document allow.
2624 * However, an SCTP transmitter MUST NOT be more aggressive than the
2625 * following algorithms allow.
2627 * A SCTP receiver MUST NOT generate more than one SACK for every
2628 * incoming packet, other than to update the offered window as the
2629 * receiving application consumes new data.
2631 * Verification Tag: 8.5 Verification Tag [Normal verification]
2634 * (endpoint, asoc, chunk)
2637 * (asoc, reply_msg, msg_up, timers, counters)
2639 * The return value is the disposition of the chunk.
2641 sctp_disposition_t sctp_sf_eat_data_6_2(const struct sctp_endpoint *ep,
2642 const struct sctp_association *asoc,
2643 const sctp_subtype_t type,
2645 sctp_cmd_seq_t *commands)
2647 struct sctp_chunk *chunk = arg;
2650 if (!sctp_vtag_verify(chunk, asoc)) {
2651 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
2653 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2656 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_data_chunk_t)))
2657 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2660 error = sctp_eat_data(asoc, chunk, commands );
2662 case SCTP_IERROR_NO_ERROR:
2664 case SCTP_IERROR_HIGH_TSN:
2665 case SCTP_IERROR_BAD_STREAM:
2666 goto discard_noforce;
2667 case SCTP_IERROR_DUP_TSN:
2668 case SCTP_IERROR_IGNORE_TSN:
2670 case SCTP_IERROR_NO_DATA:
2676 if (asoc->autoclose) {
2677 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2678 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
2681 /* If this is the last chunk in a packet, we need to count it
2682 * toward sack generation. Note that we need to SACK every
2683 * OTHER packet containing data chunks, EVEN IF WE DISCARD
2684 * THEM. We elect to NOT generate SACK's if the chunk fails
2685 * the verification tag test.
2687 * RFC 2960 6.2 Acknowledgement on Reception of DATA Chunks
2689 * The SCTP endpoint MUST always acknowledge the reception of
2690 * each valid DATA chunk.
2692 * The guidelines on delayed acknowledgement algorithm
2693 * specified in Section 4.2 of [RFC2581] SHOULD be followed.
2694 * Specifically, an acknowledgement SHOULD be generated for at
2695 * least every second packet (not every second DATA chunk)
2696 * received, and SHOULD be generated within 200 ms of the
2697 * arrival of any unacknowledged DATA chunk. In some
2698 * situations it may be beneficial for an SCTP transmitter to
2699 * be more conservative than the algorithms detailed in this
2700 * document allow. However, an SCTP transmitter MUST NOT be
2701 * more aggressive than the following algorithms allow.
2703 if (chunk->end_of_packet)
2704 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_NOFORCE());
2706 return SCTP_DISPOSITION_CONSUME;
2709 /* RFC 2960 6.2 Acknowledgement on Reception of DATA Chunks
2711 * When a packet arrives with duplicate DATA chunk(s) and with
2712 * no new DATA chunk(s), the endpoint MUST immediately send a
2713 * SACK with no delay. If a packet arrives with duplicate
2714 * DATA chunk(s) bundled with new DATA chunks, the endpoint
2715 * MAY immediately send a SACK. Normally receipt of duplicate
2716 * DATA chunks will occur when the original SACK chunk was lost
2717 * and the peer's RTO has expired. The duplicate TSN number(s)
2718 * SHOULD be reported in the SACK as duplicate.
2720 /* In our case, we split the MAY SACK advice up whether or not
2721 * the last chunk is a duplicate.'
2723 if (chunk->end_of_packet)
2724 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
2725 return SCTP_DISPOSITION_DISCARD;
2728 if (chunk->end_of_packet)
2729 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_NOFORCE());
2731 return SCTP_DISPOSITION_DISCARD;
2733 return SCTP_DISPOSITION_CONSUME;
2738 * sctp_sf_eat_data_fast_4_4
2741 * (4) In SHUTDOWN-SENT state the endpoint MUST acknowledge any received
2742 * DATA chunks without delay.
2744 * Verification Tag: 8.5 Verification Tag [Normal verification]
2746 * (endpoint, asoc, chunk)
2749 * (asoc, reply_msg, msg_up, timers, counters)
2751 * The return value is the disposition of the chunk.
2753 sctp_disposition_t sctp_sf_eat_data_fast_4_4(const struct sctp_endpoint *ep,
2754 const struct sctp_association *asoc,
2755 const sctp_subtype_t type,
2757 sctp_cmd_seq_t *commands)
2759 struct sctp_chunk *chunk = arg;
2762 if (!sctp_vtag_verify(chunk, asoc)) {
2763 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
2765 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2768 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_data_chunk_t)))
2769 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2772 error = sctp_eat_data(asoc, chunk, commands );
2774 case SCTP_IERROR_NO_ERROR:
2775 case SCTP_IERROR_HIGH_TSN:
2776 case SCTP_IERROR_DUP_TSN:
2777 case SCTP_IERROR_IGNORE_TSN:
2778 case SCTP_IERROR_BAD_STREAM:
2780 case SCTP_IERROR_NO_DATA:
2786 /* Go a head and force a SACK, since we are shutting down. */
2788 /* Implementor's Guide.
2790 * While in SHUTDOWN-SENT state, the SHUTDOWN sender MUST immediately
2791 * respond to each received packet containing one or more DATA chunk(s)
2792 * with a SACK, a SHUTDOWN chunk, and restart the T2-shutdown timer
2794 if (chunk->end_of_packet) {
2795 /* We must delay the chunk creation since the cumulative
2796 * TSN has not been updated yet.
2798 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SHUTDOWN, SCTP_NULL());
2799 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
2800 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2801 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
2805 return SCTP_DISPOSITION_CONSUME;
2809 * Section: 6.2 Processing a Received SACK
2810 * D) Any time a SACK arrives, the endpoint performs the following:
2812 * i) If Cumulative TSN Ack is less than the Cumulative TSN Ack Point,
2813 * then drop the SACK. Since Cumulative TSN Ack is monotonically
2814 * increasing, a SACK whose Cumulative TSN Ack is less than the
2815 * Cumulative TSN Ack Point indicates an out-of-order SACK.
2817 * ii) Set rwnd equal to the newly received a_rwnd minus the number
2818 * of bytes still outstanding after processing the Cumulative TSN Ack
2819 * and the Gap Ack Blocks.
2821 * iii) If the SACK is missing a TSN that was previously
2822 * acknowledged via a Gap Ack Block (e.g., the data receiver
2823 * reneged on the data), then mark the corresponding DATA chunk
2824 * as available for retransmit: Mark it as missing for fast
2825 * retransmit as described in Section 7.2.4 and if no retransmit
2826 * timer is running for the destination address to which the DATA
2827 * chunk was originally transmitted, then T3-rtx is started for
2828 * that destination address.
2830 * Verification Tag: 8.5 Verification Tag [Normal verification]
2833 * (endpoint, asoc, chunk)
2836 * (asoc, reply_msg, msg_up, timers, counters)
2838 * The return value is the disposition of the chunk.
2840 sctp_disposition_t sctp_sf_eat_sack_6_2(const struct sctp_endpoint *ep,
2841 const struct sctp_association *asoc,
2842 const sctp_subtype_t type,
2844 sctp_cmd_seq_t *commands)
2846 struct sctp_chunk *chunk = arg;
2847 sctp_sackhdr_t *sackh;
2850 if (!sctp_vtag_verify(chunk, asoc))
2851 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2853 /* Make sure that the SACK chunk has a valid length. */
2854 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_sack_chunk_t)))
2855 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2858 /* Pull the SACK chunk from the data buffer */
2859 sackh = sctp_sm_pull_sack(chunk);
2860 /* Was this a bogus SACK? */
2862 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2863 chunk->subh.sack_hdr = sackh;
2864 ctsn = ntohl(sackh->cum_tsn_ack);
2866 /* i) If Cumulative TSN Ack is less than the Cumulative TSN
2867 * Ack Point, then drop the SACK. Since Cumulative TSN
2868 * Ack is monotonically increasing, a SACK whose
2869 * Cumulative TSN Ack is less than the Cumulative TSN Ack
2870 * Point indicates an out-of-order SACK.
2872 if (TSN_lt(ctsn, asoc->ctsn_ack_point)) {
2873 SCTP_DEBUG_PRINTK("ctsn %x\n", ctsn);
2874 SCTP_DEBUG_PRINTK("ctsn_ack_point %x\n", asoc->ctsn_ack_point);
2875 return SCTP_DISPOSITION_DISCARD;
2878 /* Return this SACK for further processing. */
2879 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_SACK, SCTP_SACKH(sackh));
2881 /* Note: We do the rest of the work on the PROCESS_SACK
2884 return SCTP_DISPOSITION_CONSUME;
2888 * Generate an ABORT in response to a packet.
2890 * Section: 8.4 Handle "Out of the blue" Packets, sctpimpguide 2.41
2892 * 8) The receiver should respond to the sender of the OOTB packet with
2893 * an ABORT. When sending the ABORT, the receiver of the OOTB packet
2894 * MUST fill in the Verification Tag field of the outbound packet
2895 * with the value found in the Verification Tag field of the OOTB
2896 * packet and set the T-bit in the Chunk Flags to indicate that the
2897 * Verification Tag is reflected. After sending this ABORT, the
2898 * receiver of the OOTB packet shall discard the OOTB packet and take
2899 * no further action.
2903 * The return value is the disposition of the chunk.
2905 sctp_disposition_t sctp_sf_tabort_8_4_8(const struct sctp_endpoint *ep,
2906 const struct sctp_association *asoc,
2907 const sctp_subtype_t type,
2909 sctp_cmd_seq_t *commands)
2911 struct sctp_packet *packet = NULL;
2912 struct sctp_chunk *chunk = arg;
2913 struct sctp_chunk *abort;
2915 packet = sctp_ootb_pkt_new(asoc, chunk);
2918 /* Make an ABORT. The T bit will be set if the asoc
2921 abort = sctp_make_abort(asoc, chunk, 0);
2923 sctp_ootb_pkt_free(packet);
2924 return SCTP_DISPOSITION_NOMEM;
2927 /* Reflect vtag if T-Bit is set */
2928 if (sctp_test_T_bit(abort))
2929 packet->vtag = ntohl(chunk->sctp_hdr->vtag);
2931 /* Set the skb to the belonging sock for accounting. */
2932 abort->skb->sk = ep->base.sk;
2934 sctp_packet_append_chunk(packet, abort);
2936 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
2937 SCTP_PACKET(packet));
2939 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
2941 return SCTP_DISPOSITION_CONSUME;
2944 return SCTP_DISPOSITION_NOMEM;
2948 * Received an ERROR chunk from peer. Generate SCTP_REMOTE_ERROR
2949 * event as ULP notification for each cause included in the chunk.
2951 * API 5.3.1.3 - SCTP_REMOTE_ERROR
2953 * The return value is the disposition of the chunk.
2955 sctp_disposition_t sctp_sf_operr_notify(const struct sctp_endpoint *ep,
2956 const struct sctp_association *asoc,
2957 const sctp_subtype_t type,
2959 sctp_cmd_seq_t *commands)
2961 struct sctp_chunk *chunk = arg;
2962 struct sctp_ulpevent *ev;
2964 if (!sctp_vtag_verify(chunk, asoc))
2965 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2967 /* Make sure that the ERROR chunk has a valid length. */
2968 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_operr_chunk_t)))
2969 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
2972 while (chunk->chunk_end > chunk->skb->data) {
2973 ev = sctp_ulpevent_make_remote_error(asoc, chunk, 0,
2978 if (!sctp_add_cmd(commands, SCTP_CMD_EVENT_ULP,
2979 SCTP_ULPEVENT(ev))) {
2980 sctp_ulpevent_free(ev);
2984 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_OPERR,
2987 return SCTP_DISPOSITION_CONSUME;
2990 return SCTP_DISPOSITION_NOMEM;
2994 * Process an inbound SHUTDOWN ACK.
2997 * Upon the receipt of the SHUTDOWN ACK, the SHUTDOWN sender shall
2998 * stop the T2-shutdown timer, send a SHUTDOWN COMPLETE chunk to its
2999 * peer, and remove all record of the association.
3001 * The return value is the disposition.
3003 sctp_disposition_t sctp_sf_do_9_2_final(const struct sctp_endpoint *ep,
3004 const struct sctp_association *asoc,
3005 const sctp_subtype_t type,
3007 sctp_cmd_seq_t *commands)
3009 struct sctp_chunk *chunk = arg;
3010 struct sctp_chunk *reply;
3011 struct sctp_ulpevent *ev;
3013 if (!sctp_vtag_verify(chunk, asoc))
3014 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3016 /* Make sure that the SHUTDOWN_ACK chunk has a valid length. */
3017 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
3018 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3021 /* 10.2 H) SHUTDOWN COMPLETE notification
3023 * When SCTP completes the shutdown procedures (section 9.2) this
3024 * notification is passed to the upper layer.
3026 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_SHUTDOWN_COMP,
3027 0, 0, 0, GFP_ATOMIC);
3031 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
3033 /* Upon the receipt of the SHUTDOWN ACK, the SHUTDOWN sender shall
3034 * stop the T2-shutdown timer,
3036 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3037 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
3039 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3040 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
3042 /* ...send a SHUTDOWN COMPLETE chunk to its peer, */
3043 reply = sctp_make_shutdown_complete(asoc, chunk);
3047 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
3048 SCTP_STATE(SCTP_STATE_CLOSED));
3049 SCTP_INC_STATS(SCTP_MIB_SHUTDOWNS);
3050 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
3051 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
3053 /* ...and remove all record of the association. */
3054 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
3055 return SCTP_DISPOSITION_DELETE_TCB;
3058 return SCTP_DISPOSITION_NOMEM;
3062 * RFC 2960, 8.4 - Handle "Out of the blue" Packets, sctpimpguide 2.41.
3064 * 5) If the packet contains a SHUTDOWN ACK chunk, the receiver should
3065 * respond to the sender of the OOTB packet with a SHUTDOWN COMPLETE.
3066 * When sending the SHUTDOWN COMPLETE, the receiver of the OOTB
3067 * packet must fill in the Verification Tag field of the outbound
3068 * packet with the Verification Tag received in the SHUTDOWN ACK and
3069 * set the T-bit in the Chunk Flags to indicate that the Verification
3072 * 8) The receiver should respond to the sender of the OOTB packet with
3073 * an ABORT. When sending the ABORT, the receiver of the OOTB packet
3074 * MUST fill in the Verification Tag field of the outbound packet
3075 * with the value found in the Verification Tag field of the OOTB
3076 * packet and set the T-bit in the Chunk Flags to indicate that the
3077 * Verification Tag is reflected. After sending this ABORT, the
3078 * receiver of the OOTB packet shall discard the OOTB packet and take
3079 * no further action.
3081 sctp_disposition_t sctp_sf_ootb(const struct sctp_endpoint *ep,
3082 const struct sctp_association *asoc,
3083 const sctp_subtype_t type,
3085 sctp_cmd_seq_t *commands)
3087 struct sctp_chunk *chunk = arg;
3088 struct sk_buff *skb = chunk->skb;
3089 sctp_chunkhdr_t *ch;
3091 int ootb_shut_ack = 0;
3093 SCTP_INC_STATS(SCTP_MIB_OUTOFBLUES);
3095 ch = (sctp_chunkhdr_t *) chunk->chunk_hdr;
3097 /* Break out if chunk length is less then minimal. */
3098 if (ntohs(ch->length) < sizeof(sctp_chunkhdr_t))
3101 ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length));
3102 if (ch_end > skb->tail)
3105 if (SCTP_CID_SHUTDOWN_ACK == ch->type)
3108 /* RFC 2960, Section 3.3.7
3109 * Moreover, under any circumstances, an endpoint that
3110 * receives an ABORT MUST NOT respond to that ABORT by
3111 * sending an ABORT of its own.
3113 if (SCTP_CID_ABORT == ch->type)
3114 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3116 ch = (sctp_chunkhdr_t *) ch_end;
3117 } while (ch_end < skb->tail);
3120 sctp_sf_shut_8_4_5(ep, asoc, type, arg, commands);
3122 sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
3124 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3128 * Handle an "Out of the blue" SHUTDOWN ACK.
3130 * Section: 8.4 5, sctpimpguide 2.41.
3132 * 5) If the packet contains a SHUTDOWN ACK chunk, the receiver should
3133 * respond to the sender of the OOTB packet with a SHUTDOWN COMPLETE.
3134 * When sending the SHUTDOWN COMPLETE, the receiver of the OOTB
3135 * packet must fill in the Verification Tag field of the outbound
3136 * packet with the Verification Tag received in the SHUTDOWN ACK and
3137 * set the T-bit in the Chunk Flags to indicate that the Verification
3141 * (endpoint, asoc, type, arg, commands)
3144 * (sctp_disposition_t)
3146 * The return value is the disposition of the chunk.
3148 static sctp_disposition_t sctp_sf_shut_8_4_5(const struct sctp_endpoint *ep,
3149 const struct sctp_association *asoc,
3150 const sctp_subtype_t type,
3152 sctp_cmd_seq_t *commands)
3154 struct sctp_packet *packet = NULL;
3155 struct sctp_chunk *chunk = arg;
3156 struct sctp_chunk *shut;
3158 packet = sctp_ootb_pkt_new(asoc, chunk);
3161 /* Make an SHUTDOWN_COMPLETE.
3162 * The T bit will be set if the asoc is NULL.
3164 shut = sctp_make_shutdown_complete(asoc, chunk);
3166 sctp_ootb_pkt_free(packet);
3167 return SCTP_DISPOSITION_NOMEM;
3170 /* Reflect vtag if T-Bit is set */
3171 if (sctp_test_T_bit(shut))
3172 packet->vtag = ntohl(chunk->sctp_hdr->vtag);
3174 /* Set the skb to the belonging sock for accounting. */
3175 shut->skb->sk = ep->base.sk;
3177 sctp_packet_append_chunk(packet, shut);
3179 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
3180 SCTP_PACKET(packet));
3182 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
3184 /* If the chunk length is invalid, we don't want to process
3185 * the reset of the packet.
3187 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
3188 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3190 return SCTP_DISPOSITION_CONSUME;
3193 return SCTP_DISPOSITION_NOMEM;
3197 * Handle SHUTDOWN ACK in COOKIE_ECHOED or COOKIE_WAIT state.
3199 * Verification Tag: 8.5.1 E) Rules for packet carrying a SHUTDOWN ACK
3200 * If the receiver is in COOKIE-ECHOED or COOKIE-WAIT state the
3201 * procedures in section 8.4 SHOULD be followed, in other words it
3202 * should be treated as an Out Of The Blue packet.
3203 * [This means that we do NOT check the Verification Tag on these
3207 sctp_disposition_t sctp_sf_do_8_5_1_E_sa(const struct sctp_endpoint *ep,
3208 const struct sctp_association *asoc,
3209 const sctp_subtype_t type,
3211 sctp_cmd_seq_t *commands)
3213 /* Although we do have an association in this case, it corresponds
3214 * to a restarted association. So the packet is treated as an OOTB
3215 * packet and the state function that handles OOTB SHUTDOWN_ACK is
3216 * called with a NULL association.
3218 return sctp_sf_shut_8_4_5(ep, NULL, type, arg, commands);
3221 /* ADDIP Section 4.2 Upon reception of an ASCONF Chunk. */
3222 sctp_disposition_t sctp_sf_do_asconf(const struct sctp_endpoint *ep,
3223 const struct sctp_association *asoc,
3224 const sctp_subtype_t type, void *arg,
3225 sctp_cmd_seq_t *commands)
3227 struct sctp_chunk *chunk = arg;
3228 struct sctp_chunk *asconf_ack = NULL;
3229 sctp_addiphdr_t *hdr;
3232 if (!sctp_vtag_verify(chunk, asoc)) {
3233 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
3235 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3238 /* Make sure that the ASCONF ADDIP chunk has a valid length. */
3239 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_addip_chunk_t)))
3240 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3243 hdr = (sctp_addiphdr_t *)chunk->skb->data;
3244 serial = ntohl(hdr->serial);
3246 /* ADDIP 4.2 C1) Compare the value of the serial number to the value
3247 * the endpoint stored in a new association variable
3248 * 'Peer-Serial-Number'.
3250 if (serial == asoc->peer.addip_serial + 1) {
3251 /* ADDIP 4.2 C2) If the value found in the serial number is
3252 * equal to the ('Peer-Serial-Number' + 1), the endpoint MUST
3255 asconf_ack = sctp_process_asconf((struct sctp_association *)
3258 return SCTP_DISPOSITION_NOMEM;
3259 } else if (serial == asoc->peer.addip_serial) {
3260 /* ADDIP 4.2 C3) If the value found in the serial number is
3261 * equal to the value stored in the 'Peer-Serial-Number'
3262 * IMPLEMENTATION NOTE: As an optimization a receiver may wish
3263 * to save the last ASCONF-ACK for some predetermined period of
3264 * time and instead of re-processing the ASCONF (with the same
3265 * serial number) it may just re-transmit the ASCONF-ACK.
3267 if (asoc->addip_last_asconf_ack)
3268 asconf_ack = asoc->addip_last_asconf_ack;
3270 return SCTP_DISPOSITION_DISCARD;
3272 /* ADDIP 4.2 C4) Otherwise, the ASCONF Chunk is discarded since
3273 * it must be either a stale packet or from an attacker.
3275 return SCTP_DISPOSITION_DISCARD;
3278 /* ADDIP 4.2 C5) In both cases C2 and C3 the ASCONF-ACK MUST be sent
3279 * back to the source address contained in the IP header of the ASCONF
3280 * being responded to.
3282 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(asconf_ack));
3284 return SCTP_DISPOSITION_CONSUME;
3288 * ADDIP Section 4.3 General rules for address manipulation
3289 * When building TLV parameters for the ASCONF Chunk that will add or
3290 * delete IP addresses the D0 to D13 rules should be applied:
3292 sctp_disposition_t sctp_sf_do_asconf_ack(const struct sctp_endpoint *ep,
3293 const struct sctp_association *asoc,
3294 const sctp_subtype_t type, void *arg,
3295 sctp_cmd_seq_t *commands)
3297 struct sctp_chunk *asconf_ack = arg;
3298 struct sctp_chunk *last_asconf = asoc->addip_last_asconf;
3299 struct sctp_chunk *abort;
3300 sctp_addiphdr_t *addip_hdr;
3301 __u32 sent_serial, rcvd_serial;
3303 if (!sctp_vtag_verify(asconf_ack, asoc)) {
3304 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
3306 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3309 /* Make sure that the ADDIP chunk has a valid length. */
3310 if (!sctp_chunk_length_valid(asconf_ack, sizeof(sctp_addip_chunk_t)))
3311 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3314 addip_hdr = (sctp_addiphdr_t *)asconf_ack->skb->data;
3315 rcvd_serial = ntohl(addip_hdr->serial);
3318 addip_hdr = (sctp_addiphdr_t *)last_asconf->subh.addip_hdr;
3319 sent_serial = ntohl(addip_hdr->serial);
3321 sent_serial = asoc->addip_serial - 1;
3324 /* D0) If an endpoint receives an ASCONF-ACK that is greater than or
3325 * equal to the next serial number to be used but no ASCONF chunk is
3326 * outstanding the endpoint MUST ABORT the association. Note that a
3327 * sequence number is greater than if it is no more than 2^^31-1
3328 * larger than the current sequence number (using serial arithmetic).
3330 if (ADDIP_SERIAL_gte(rcvd_serial, sent_serial + 1) &&
3331 !(asoc->addip_last_asconf)) {
3332 abort = sctp_make_abort(asoc, asconf_ack,
3333 sizeof(sctp_errhdr_t));
3335 sctp_init_cause(abort, SCTP_ERROR_ASCONF_ACK, NULL, 0);
3336 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
3339 /* We are going to ABORT, so we might as well stop
3340 * processing the rest of the chunks in the packet.
3342 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3343 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
3344 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL());
3345 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
3346 SCTP_U32(SCTP_ERROR_ASCONF_ACK));
3347 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
3348 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
3349 return SCTP_DISPOSITION_ABORT;
3352 if ((rcvd_serial == sent_serial) && asoc->addip_last_asconf) {
3353 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3354 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
3356 if (!sctp_process_asconf_ack((struct sctp_association *)asoc,
3358 return SCTP_DISPOSITION_CONSUME;
3360 abort = sctp_make_abort(asoc, asconf_ack,
3361 sizeof(sctp_errhdr_t));
3363 sctp_init_cause(abort, SCTP_ERROR_RSRC_LOW, NULL, 0);
3364 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
3367 /* We are going to ABORT, so we might as well stop
3368 * processing the rest of the chunks in the packet.
3370 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL());
3371 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
3372 SCTP_U32(SCTP_ERROR_ASCONF_ACK));
3373 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
3374 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
3375 return SCTP_DISPOSITION_ABORT;
3378 return SCTP_DISPOSITION_DISCARD;
3382 * PR-SCTP Section 3.6 Receiver Side Implementation of PR-SCTP
3384 * When a FORWARD TSN chunk arrives, the data receiver MUST first update
3385 * its cumulative TSN point to the value carried in the FORWARD TSN
3386 * chunk, and then MUST further advance its cumulative TSN point locally
3388 * After the above processing, the data receiver MUST stop reporting any
3389 * missing TSNs earlier than or equal to the new cumulative TSN point.
3391 * Verification Tag: 8.5 Verification Tag [Normal verification]
3393 * The return value is the disposition of the chunk.
3395 sctp_disposition_t sctp_sf_eat_fwd_tsn(const struct sctp_endpoint *ep,
3396 const struct sctp_association *asoc,
3397 const sctp_subtype_t type,
3399 sctp_cmd_seq_t *commands)
3401 struct sctp_chunk *chunk = arg;
3402 struct sctp_fwdtsn_hdr *fwdtsn_hdr;
3406 if (!sctp_vtag_verify(chunk, asoc)) {
3407 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
3409 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3412 /* Make sure that the FORWARD_TSN chunk has valid length. */
3413 if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_fwdtsn_chunk)))
3414 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3417 fwdtsn_hdr = (struct sctp_fwdtsn_hdr *)chunk->skb->data;
3418 chunk->subh.fwdtsn_hdr = fwdtsn_hdr;
3419 len = ntohs(chunk->chunk_hdr->length);
3420 len -= sizeof(struct sctp_chunkhdr);
3421 skb_pull(chunk->skb, len);
3423 tsn = ntohl(fwdtsn_hdr->new_cum_tsn);
3424 SCTP_DEBUG_PRINTK("%s: TSN 0x%x.\n", __FUNCTION__, tsn);
3426 /* The TSN is too high--silently discard the chunk and count on it
3427 * getting retransmitted later.
3429 if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
3430 goto discard_noforce;
3432 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_FWDTSN, SCTP_U32(tsn));
3433 if (len > sizeof(struct sctp_fwdtsn_hdr))
3434 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_FWDTSN,
3437 /* Count this as receiving DATA. */
3438 if (asoc->autoclose) {
3439 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
3440 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
3443 /* FIXME: For now send a SACK, but DATA processing may
3446 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_NOFORCE());
3448 return SCTP_DISPOSITION_CONSUME;
3451 return SCTP_DISPOSITION_DISCARD;
3454 sctp_disposition_t sctp_sf_eat_fwd_tsn_fast(
3455 const struct sctp_endpoint *ep,
3456 const struct sctp_association *asoc,
3457 const sctp_subtype_t type,
3459 sctp_cmd_seq_t *commands)
3461 struct sctp_chunk *chunk = arg;
3462 struct sctp_fwdtsn_hdr *fwdtsn_hdr;
3466 if (!sctp_vtag_verify(chunk, asoc)) {
3467 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
3469 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3472 /* Make sure that the FORWARD_TSN chunk has a valid length. */
3473 if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_fwdtsn_chunk)))
3474 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3477 fwdtsn_hdr = (struct sctp_fwdtsn_hdr *)chunk->skb->data;
3478 chunk->subh.fwdtsn_hdr = fwdtsn_hdr;
3479 len = ntohs(chunk->chunk_hdr->length);
3480 len -= sizeof(struct sctp_chunkhdr);
3481 skb_pull(chunk->skb, len);
3483 tsn = ntohl(fwdtsn_hdr->new_cum_tsn);
3484 SCTP_DEBUG_PRINTK("%s: TSN 0x%x.\n", __FUNCTION__, tsn);
3486 /* The TSN is too high--silently discard the chunk and count on it
3487 * getting retransmitted later.
3489 if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
3492 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_FWDTSN, SCTP_U32(tsn));
3493 if (len > sizeof(struct sctp_fwdtsn_hdr))
3494 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_FWDTSN,
3497 /* Go a head and force a SACK, since we are shutting down. */
3499 /* Implementor's Guide.
3501 * While in SHUTDOWN-SENT state, the SHUTDOWN sender MUST immediately
3502 * respond to each received packet containing one or more DATA chunk(s)
3503 * with a SACK, a SHUTDOWN chunk, and restart the T2-shutdown timer
3505 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SHUTDOWN, SCTP_NULL());
3506 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
3507 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
3508 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
3510 return SCTP_DISPOSITION_CONSUME;
3514 * Process an unknown chunk.
3516 * Section: 3.2. Also, 2.1 in the implementor's guide.
3518 * Chunk Types are encoded such that the highest-order two bits specify
3519 * the action that must be taken if the processing endpoint does not
3520 * recognize the Chunk Type.
3522 * 00 - Stop processing this SCTP packet and discard it, do not process
3523 * any further chunks within it.
3525 * 01 - Stop processing this SCTP packet and discard it, do not process
3526 * any further chunks within it, and report the unrecognized
3527 * chunk in an 'Unrecognized Chunk Type'.
3529 * 10 - Skip this chunk and continue processing.
3531 * 11 - Skip this chunk and continue processing, but report in an ERROR
3532 * Chunk using the 'Unrecognized Chunk Type' cause of error.
3534 * The return value is the disposition of the chunk.
3536 sctp_disposition_t sctp_sf_unk_chunk(const struct sctp_endpoint *ep,
3537 const struct sctp_association *asoc,
3538 const sctp_subtype_t type,
3540 sctp_cmd_seq_t *commands)
3542 struct sctp_chunk *unk_chunk = arg;
3543 struct sctp_chunk *err_chunk;
3544 sctp_chunkhdr_t *hdr;
3546 SCTP_DEBUG_PRINTK("Processing the unknown chunk id %d.\n", type.chunk);
3548 if (!sctp_vtag_verify(unk_chunk, asoc))
3549 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3551 /* Make sure that the chunk has a valid length.
3552 * Since we don't know the chunk type, we use a general
3553 * chunkhdr structure to make a comparison.
3555 if (!sctp_chunk_length_valid(unk_chunk, sizeof(sctp_chunkhdr_t)))
3556 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
3559 switch (type.chunk & SCTP_CID_ACTION_MASK) {
3560 case SCTP_CID_ACTION_DISCARD:
3561 /* Discard the packet. */
3562 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3564 case SCTP_CID_ACTION_DISCARD_ERR:
3565 /* Discard the packet. */
3566 sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3568 /* Generate an ERROR chunk as response. */
3569 hdr = unk_chunk->chunk_hdr;
3570 err_chunk = sctp_make_op_error(asoc, unk_chunk,
3571 SCTP_ERROR_UNKNOWN_CHUNK, hdr,
3572 WORD_ROUND(ntohs(hdr->length)));
3574 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
3575 SCTP_CHUNK(err_chunk));
3577 return SCTP_DISPOSITION_CONSUME;
3579 case SCTP_CID_ACTION_SKIP:
3580 /* Skip the chunk. */
3581 return SCTP_DISPOSITION_DISCARD;
3583 case SCTP_CID_ACTION_SKIP_ERR:
3584 /* Generate an ERROR chunk as response. */
3585 hdr = unk_chunk->chunk_hdr;
3586 err_chunk = sctp_make_op_error(asoc, unk_chunk,
3587 SCTP_ERROR_UNKNOWN_CHUNK, hdr,
3588 WORD_ROUND(ntohs(hdr->length)));
3590 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
3591 SCTP_CHUNK(err_chunk));
3593 /* Skip the chunk. */
3594 return SCTP_DISPOSITION_CONSUME;
3600 return SCTP_DISPOSITION_DISCARD;
3604 * Discard the chunk.
3606 * Section: 0.2, 5.2.3, 5.2.5, 5.2.6, 6.0, 8.4.6, 8.5.1c, 9.2
3607 * [Too numerous to mention...]
3608 * Verification Tag: No verification needed.
3610 * (endpoint, asoc, chunk)
3613 * (asoc, reply_msg, msg_up, timers, counters)
3615 * The return value is the disposition of the chunk.
3617 sctp_disposition_t sctp_sf_discard_chunk(const struct sctp_endpoint *ep,
3618 const struct sctp_association *asoc,
3619 const sctp_subtype_t type,
3621 sctp_cmd_seq_t *commands)
3623 SCTP_DEBUG_PRINTK("Chunk %d is discarded\n", type.chunk);
3624 return SCTP_DISPOSITION_DISCARD;
3628 * Discard the whole packet.
3632 * 2) If the OOTB packet contains an ABORT chunk, the receiver MUST
3633 * silently discard the OOTB packet and take no further action.
3635 * Verification Tag: No verification necessary
3638 * (endpoint, asoc, chunk)
3641 * (asoc, reply_msg, msg_up, timers, counters)
3643 * The return value is the disposition of the chunk.
3645 sctp_disposition_t sctp_sf_pdiscard(const struct sctp_endpoint *ep,
3646 const struct sctp_association *asoc,
3647 const sctp_subtype_t type,
3649 sctp_cmd_seq_t *commands)
3651 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET, SCTP_NULL());
3653 return SCTP_DISPOSITION_CONSUME;
3658 * The other end is violating protocol.
3660 * Section: Not specified
3661 * Verification Tag: Not specified
3663 * (endpoint, asoc, chunk)
3666 * (asoc, reply_msg, msg_up, timers, counters)
3668 * We simply tag the chunk as a violation. The state machine will log
3669 * the violation and continue.
3671 sctp_disposition_t sctp_sf_violation(const struct sctp_endpoint *ep,
3672 const struct sctp_association *asoc,
3673 const sctp_subtype_t type,
3675 sctp_cmd_seq_t *commands)
3677 return SCTP_DISPOSITION_VIOLATION;
3682 * Handle a protocol violation when the chunk length is invalid.
3683 * "Invalid" length is identified as smaller then the minimal length a
3684 * given chunk can be. For example, a SACK chunk has invalid length
3685 * if it's length is set to be smaller then the size of sctp_sack_chunk_t.
3687 * We inform the other end by sending an ABORT with a Protocol Violation
3690 * Section: Not specified
3691 * Verification Tag: Nothing to do
3693 * (endpoint, asoc, chunk)
3696 * (reply_msg, msg_up, counters)
3698 * Generate an ABORT chunk and terminate the association.
3700 static sctp_disposition_t sctp_sf_violation_chunklen(
3701 const struct sctp_endpoint *ep,
3702 const struct sctp_association *asoc,
3703 const sctp_subtype_t type,
3705 sctp_cmd_seq_t *commands)
3707 struct sctp_chunk *chunk = arg;
3708 struct sctp_chunk *abort = NULL;
3709 char err_str[]="The following chunk had invalid length:";
3711 /* Make the abort chunk. */
3712 abort = sctp_make_abort_violation(asoc, chunk, err_str,
3717 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
3718 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
3720 if (asoc->state <= SCTP_STATE_COOKIE_ECHOED) {
3721 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3722 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
3723 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
3724 SCTP_U32(SCTP_ERROR_PROTO_VIOLATION));
3726 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
3727 SCTP_U32(SCTP_ERROR_PROTO_VIOLATION));
3728 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
3731 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET, SCTP_NULL());
3733 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
3735 return SCTP_DISPOSITION_ABORT;
3738 return SCTP_DISPOSITION_NOMEM;
3741 /***************************************************************************
3742 * These are the state functions for handling primitive (Section 10) events.
3743 ***************************************************************************/
3745 * sctp_sf_do_prm_asoc
3747 * Section: 10.1 ULP-to-SCTP
3750 * Format: ASSOCIATE(local SCTP instance name, destination transport addr,
3751 * outbound stream count)
3752 * -> association id [,destination transport addr list] [,outbound stream
3755 * This primitive allows the upper layer to initiate an association to a
3756 * specific peer endpoint.
3758 * The peer endpoint shall be specified by one of the transport addresses
3759 * which defines the endpoint (see Section 1.4). If the local SCTP
3760 * instance has not been initialized, the ASSOCIATE is considered an
3762 * [This is not relevant for the kernel implementation since we do all
3763 * initialization at boot time. It we hadn't initialized we wouldn't
3764 * get anywhere near this code.]
3766 * An association id, which is a local handle to the SCTP association,
3767 * will be returned on successful establishment of the association. If
3768 * SCTP is not able to open an SCTP association with the peer endpoint,
3769 * an error is returned.
3770 * [In the kernel implementation, the struct sctp_association needs to
3771 * be created BEFORE causing this primitive to run.]
3773 * Other association parameters may be returned, including the
3774 * complete destination transport addresses of the peer as well as the
3775 * outbound stream count of the local endpoint. One of the transport
3776 * address from the returned destination addresses will be selected by
3777 * the local endpoint as default primary path for sending SCTP packets
3778 * to this peer. The returned "destination transport addr list" can
3779 * be used by the ULP to change the default primary path or to force
3780 * sending a packet to a specific transport address. [All of this
3781 * stuff happens when the INIT ACK arrives. This is a NON-BLOCKING
3784 * Mandatory attributes:
3786 * o local SCTP instance name - obtained from the INITIALIZE operation.
3787 * [This is the argument asoc.]
3788 * o destination transport addr - specified as one of the transport
3789 * addresses of the peer endpoint with which the association is to be
3791 * [This is asoc->peer.active_path.]
3792 * o outbound stream count - the number of outbound streams the ULP
3793 * would like to open towards this peer endpoint.
3794 * [BUG: This is not currently implemented.]
3795 * Optional attributes:
3799 * The return value is a disposition.
3801 sctp_disposition_t sctp_sf_do_prm_asoc(const struct sctp_endpoint *ep,
3802 const struct sctp_association *asoc,
3803 const sctp_subtype_t type,
3805 sctp_cmd_seq_t *commands)
3807 struct sctp_chunk *repl;
3809 /* The comment below says that we enter COOKIE-WAIT AFTER
3810 * sending the INIT, but that doesn't actually work in our
3813 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
3814 SCTP_STATE(SCTP_STATE_COOKIE_WAIT));
3816 /* RFC 2960 5.1 Normal Establishment of an Association
3818 * A) "A" first sends an INIT chunk to "Z". In the INIT, "A"
3819 * must provide its Verification Tag (Tag_A) in the Initiate
3820 * Tag field. Tag_A SHOULD be a random number in the range of
3821 * 1 to 4294967295 (see 5.3.1 for Tag value selection). ...
3824 repl = sctp_make_init(asoc, &asoc->base.bind_addr, GFP_ATOMIC, 0);
3828 /* Cast away the const modifier, as we want to just
3829 * rerun it through as a sideffect.
3831 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC,
3832 SCTP_ASOC((struct sctp_association *) asoc));
3834 /* Choose transport for INIT. */
3835 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_CHOOSE_TRANSPORT,
3838 /* After sending the INIT, "A" starts the T1-init timer and
3839 * enters the COOKIE-WAIT state.
3841 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
3842 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
3843 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
3844 return SCTP_DISPOSITION_CONSUME;
3847 return SCTP_DISPOSITION_NOMEM;
3851 * Process the SEND primitive.
3853 * Section: 10.1 ULP-to-SCTP
3856 * Format: SEND(association id, buffer address, byte count [,context]
3857 * [,stream id] [,life time] [,destination transport address]
3858 * [,unorder flag] [,no-bundle flag] [,payload protocol-id] )
3861 * This is the main method to send user data via SCTP.
3863 * Mandatory attributes:
3865 * o association id - local handle to the SCTP association
3867 * o buffer address - the location where the user message to be
3868 * transmitted is stored;
3870 * o byte count - The size of the user data in number of bytes;
3872 * Optional attributes:
3874 * o context - an optional 32 bit integer that will be carried in the
3875 * sending failure notification to the ULP if the transportation of
3876 * this User Message fails.
3878 * o stream id - to indicate which stream to send the data on. If not
3879 * specified, stream 0 will be used.
3881 * o life time - specifies the life time of the user data. The user data
3882 * will not be sent by SCTP after the life time expires. This
3883 * parameter can be used to avoid efforts to transmit stale
3884 * user messages. SCTP notifies the ULP if the data cannot be
3885 * initiated to transport (i.e. sent to the destination via SCTP's
3886 * send primitive) within the life time variable. However, the
3887 * user data will be transmitted if SCTP has attempted to transmit a
3888 * chunk before the life time expired.
3890 * o destination transport address - specified as one of the destination
3891 * transport addresses of the peer endpoint to which this packet
3892 * should be sent. Whenever possible, SCTP should use this destination
3893 * transport address for sending the packets, instead of the current
3896 * o unorder flag - this flag, if present, indicates that the user
3897 * would like the data delivered in an unordered fashion to the peer
3898 * (i.e., the U flag is set to 1 on all DATA chunks carrying this
3901 * o no-bundle flag - instructs SCTP not to bundle this user data with
3902 * other outbound DATA chunks. SCTP MAY still bundle even when
3903 * this flag is present, when faced with network congestion.
3905 * o payload protocol-id - A 32 bit unsigned integer that is to be
3906 * passed to the peer indicating the type of payload protocol data
3907 * being transmitted. This value is passed as opaque data by SCTP.
3909 * The return value is the disposition.
3911 sctp_disposition_t sctp_sf_do_prm_send(const struct sctp_endpoint *ep,
3912 const struct sctp_association *asoc,
3913 const sctp_subtype_t type,
3915 sctp_cmd_seq_t *commands)
3917 struct sctp_chunk *chunk = arg;
3919 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(chunk));
3920 return SCTP_DISPOSITION_CONSUME;
3924 * Process the SHUTDOWN primitive.
3929 * Format: SHUTDOWN(association id)
3932 * Gracefully closes an association. Any locally queued user data
3933 * will be delivered to the peer. The association will be terminated only
3934 * after the peer acknowledges all the SCTP packets sent. A success code
3935 * will be returned on successful termination of the association. If
3936 * attempting to terminate the association results in a failure, an error
3937 * code shall be returned.
3939 * Mandatory attributes:
3941 * o association id - local handle to the SCTP association
3943 * Optional attributes:
3947 * The return value is the disposition.
3949 sctp_disposition_t sctp_sf_do_9_2_prm_shutdown(
3950 const struct sctp_endpoint *ep,
3951 const struct sctp_association *asoc,
3952 const sctp_subtype_t type,
3954 sctp_cmd_seq_t *commands)
3958 /* From 9.2 Shutdown of an Association
3959 * Upon receipt of the SHUTDOWN primitive from its upper
3960 * layer, the endpoint enters SHUTDOWN-PENDING state and
3961 * remains there until all outstanding data has been
3962 * acknowledged by its peer. The endpoint accepts no new data
3963 * from its upper layer, but retransmits data to the far end
3964 * if necessary to fill gaps.
3966 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
3967 SCTP_STATE(SCTP_STATE_SHUTDOWN_PENDING));
3969 /* sctpimpguide-05 Section 2.12.2
3970 * The sender of the SHUTDOWN MAY also start an overall guard timer
3971 * 'T5-shutdown-guard' to bound the overall time for shutdown sequence.
3973 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
3974 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
3976 disposition = SCTP_DISPOSITION_CONSUME;
3977 if (sctp_outq_is_empty(&asoc->outqueue)) {
3978 disposition = sctp_sf_do_9_2_start_shutdown(ep, asoc, type,
3985 * Process the ABORT primitive.
3990 * Format: Abort(association id [, cause code])
3993 * Ungracefully closes an association. Any locally queued user data
3994 * will be discarded and an ABORT chunk is sent to the peer. A success code
3995 * will be returned on successful abortion of the association. If
3996 * attempting to abort the association results in a failure, an error
3997 * code shall be returned.
3999 * Mandatory attributes:
4001 * o association id - local handle to the SCTP association
4003 * Optional attributes:
4005 * o cause code - reason of the abort to be passed to the peer
4009 * The return value is the disposition.
4011 sctp_disposition_t sctp_sf_do_9_1_prm_abort(
4012 const struct sctp_endpoint *ep,
4013 const struct sctp_association *asoc,
4014 const sctp_subtype_t type,
4016 sctp_cmd_seq_t *commands)
4018 /* From 9.1 Abort of an Association
4019 * Upon receipt of the ABORT primitive from its upper
4020 * layer, the endpoint enters CLOSED state and
4021 * discard all outstanding data has been
4022 * acknowledged by its peer. The endpoint accepts no new data
4023 * from its upper layer, but retransmits data to the far end
4024 * if necessary to fill gaps.
4026 struct sctp_chunk *abort = arg;
4027 sctp_disposition_t retval;
4029 retval = SCTP_DISPOSITION_CONSUME;
4031 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
4033 /* Even if we can't send the ABORT due to low memory delete the
4034 * TCB. This is a departure from our typical NOMEM handling.
4037 /* Delete the established association. */
4038 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4039 SCTP_U32(SCTP_ERROR_USER_ABORT));
4041 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
4042 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
4047 /* We tried an illegal operation on an association which is closed. */
4048 sctp_disposition_t sctp_sf_error_closed(const struct sctp_endpoint *ep,
4049 const struct sctp_association *asoc,
4050 const sctp_subtype_t type,
4052 sctp_cmd_seq_t *commands)
4054 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_ERROR, SCTP_ERROR(-EINVAL));
4055 return SCTP_DISPOSITION_CONSUME;
4058 /* We tried an illegal operation on an association which is shutting
4061 sctp_disposition_t sctp_sf_error_shutdown(const struct sctp_endpoint *ep,
4062 const struct sctp_association *asoc,
4063 const sctp_subtype_t type,
4065 sctp_cmd_seq_t *commands)
4067 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_ERROR,
4068 SCTP_ERROR(-ESHUTDOWN));
4069 return SCTP_DISPOSITION_CONSUME;
4073 * sctp_cookie_wait_prm_shutdown
4075 * Section: 4 Note: 2
4080 * The RFC does not explicitly address this issue, but is the route through the
4081 * state table when someone issues a shutdown while in COOKIE_WAIT state.
4086 sctp_disposition_t sctp_sf_cookie_wait_prm_shutdown(
4087 const struct sctp_endpoint *ep,
4088 const struct sctp_association *asoc,
4089 const sctp_subtype_t type,
4091 sctp_cmd_seq_t *commands)
4093 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4094 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
4096 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4097 SCTP_STATE(SCTP_STATE_CLOSED));
4099 SCTP_INC_STATS(SCTP_MIB_SHUTDOWNS);
4101 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
4103 return SCTP_DISPOSITION_DELETE_TCB;
4107 * sctp_cookie_echoed_prm_shutdown
4109 * Section: 4 Note: 2
4114 * The RFC does not explcitly address this issue, but is the route through the
4115 * state table when someone issues a shutdown while in COOKIE_ECHOED state.
4120 sctp_disposition_t sctp_sf_cookie_echoed_prm_shutdown(
4121 const struct sctp_endpoint *ep,
4122 const struct sctp_association *asoc,
4123 const sctp_subtype_t type,
4124 void *arg, sctp_cmd_seq_t *commands)
4126 /* There is a single T1 timer, so we should be able to use
4127 * common function with the COOKIE-WAIT state.
4129 return sctp_sf_cookie_wait_prm_shutdown(ep, asoc, type, arg, commands);
4133 * sctp_sf_cookie_wait_prm_abort
4135 * Section: 4 Note: 2
4140 * The RFC does not explicitly address this issue, but is the route through the
4141 * state table when someone issues an abort while in COOKIE_WAIT state.
4146 sctp_disposition_t sctp_sf_cookie_wait_prm_abort(
4147 const struct sctp_endpoint *ep,
4148 const struct sctp_association *asoc,
4149 const sctp_subtype_t type,
4151 sctp_cmd_seq_t *commands)
4153 struct sctp_chunk *abort = arg;
4154 sctp_disposition_t retval;
4156 /* Stop T1-init timer */
4157 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4158 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
4159 retval = SCTP_DISPOSITION_CONSUME;
4161 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
4163 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4164 SCTP_STATE(SCTP_STATE_CLOSED));
4166 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
4168 /* Even if we can't send the ABORT due to low memory delete the
4169 * TCB. This is a departure from our typical NOMEM handling.
4172 /* Delete the established association. */
4173 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
4174 SCTP_U32(SCTP_ERROR_USER_ABORT));
4180 * sctp_sf_cookie_echoed_prm_abort
4182 * Section: 4 Note: 3
4187 * The RFC does not explcitly address this issue, but is the route through the
4188 * state table when someone issues an abort while in COOKIE_ECHOED state.
4193 sctp_disposition_t sctp_sf_cookie_echoed_prm_abort(
4194 const struct sctp_endpoint *ep,
4195 const struct sctp_association *asoc,
4196 const sctp_subtype_t type,
4198 sctp_cmd_seq_t *commands)
4200 /* There is a single T1 timer, so we should be able to use
4201 * common function with the COOKIE-WAIT state.
4203 return sctp_sf_cookie_wait_prm_abort(ep, asoc, type, arg, commands);
4207 * sctp_sf_shutdown_pending_prm_abort
4212 * The RFC does not explicitly address this issue, but is the route through the
4213 * state table when someone issues an abort while in SHUTDOWN-PENDING state.
4218 sctp_disposition_t sctp_sf_shutdown_pending_prm_abort(
4219 const struct sctp_endpoint *ep,
4220 const struct sctp_association *asoc,
4221 const sctp_subtype_t type,
4223 sctp_cmd_seq_t *commands)
4225 /* Stop the T5-shutdown guard timer. */
4226 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4227 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
4229 return sctp_sf_do_9_1_prm_abort(ep, asoc, type, arg, commands);
4233 * sctp_sf_shutdown_sent_prm_abort
4238 * The RFC does not explicitly address this issue, but is the route through the
4239 * state table when someone issues an abort while in SHUTDOWN-SENT state.
4244 sctp_disposition_t sctp_sf_shutdown_sent_prm_abort(
4245 const struct sctp_endpoint *ep,
4246 const struct sctp_association *asoc,
4247 const sctp_subtype_t type,
4249 sctp_cmd_seq_t *commands)
4251 /* Stop the T2-shutdown timer. */
4252 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4253 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
4255 /* Stop the T5-shutdown guard timer. */
4256 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4257 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
4259 return sctp_sf_do_9_1_prm_abort(ep, asoc, type, arg, commands);
4263 * sctp_sf_cookie_echoed_prm_abort
4268 * The RFC does not explcitly address this issue, but is the route through the
4269 * state table when someone issues an abort while in COOKIE_ECHOED state.
4274 sctp_disposition_t sctp_sf_shutdown_ack_sent_prm_abort(
4275 const struct sctp_endpoint *ep,
4276 const struct sctp_association *asoc,
4277 const sctp_subtype_t type,
4279 sctp_cmd_seq_t *commands)
4281 /* The same T2 timer, so we should be able to use
4282 * common function with the SHUTDOWN-SENT state.
4284 return sctp_sf_shutdown_sent_prm_abort(ep, asoc, type, arg, commands);
4288 * Process the REQUESTHEARTBEAT primitive
4291 * J) Request Heartbeat
4293 * Format: REQUESTHEARTBEAT(association id, destination transport address)
4297 * Instructs the local endpoint to perform a HeartBeat on the specified
4298 * destination transport address of the given association. The returned
4299 * result should indicate whether the transmission of the HEARTBEAT
4300 * chunk to the destination address is successful.
4302 * Mandatory attributes:
4304 * o association id - local handle to the SCTP association
4306 * o destination transport address - the transport address of the
4307 * association on which a heartbeat should be issued.
4309 sctp_disposition_t sctp_sf_do_prm_requestheartbeat(
4310 const struct sctp_endpoint *ep,
4311 const struct sctp_association *asoc,
4312 const sctp_subtype_t type,
4314 sctp_cmd_seq_t *commands)
4316 return sctp_sf_heartbeat(ep, asoc, type, (struct sctp_transport *)arg,
4321 * ADDIP Section 4.1 ASCONF Chunk Procedures
4322 * When an endpoint has an ASCONF signaled change to be sent to the
4323 * remote endpoint it should do A1 to A9
4325 sctp_disposition_t sctp_sf_do_prm_asconf(const struct sctp_endpoint *ep,
4326 const struct sctp_association *asoc,
4327 const sctp_subtype_t type,
4329 sctp_cmd_seq_t *commands)
4331 struct sctp_chunk *chunk = arg;
4333 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T4, SCTP_CHUNK(chunk));
4334 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
4335 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
4336 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(chunk));
4337 return SCTP_DISPOSITION_CONSUME;
4341 * Ignore the primitive event
4343 * The return value is the disposition of the primitive.
4345 sctp_disposition_t sctp_sf_ignore_primitive(
4346 const struct sctp_endpoint *ep,
4347 const struct sctp_association *asoc,
4348 const sctp_subtype_t type,
4350 sctp_cmd_seq_t *commands)
4352 SCTP_DEBUG_PRINTK("Primitive type %d is ignored.\n", type.primitive);
4353 return SCTP_DISPOSITION_DISCARD;
4356 /***************************************************************************
4357 * These are the state functions for the OTHER events.
4358 ***************************************************************************/
4361 * Start the shutdown negotiation.
4364 * Once all its outstanding data has been acknowledged, the endpoint
4365 * shall send a SHUTDOWN chunk to its peer including in the Cumulative
4366 * TSN Ack field the last sequential TSN it has received from the peer.
4367 * It shall then start the T2-shutdown timer and enter the SHUTDOWN-SENT
4368 * state. If the timer expires, the endpoint must re-send the SHUTDOWN
4369 * with the updated last sequential TSN received from its peer.
4371 * The return value is the disposition.
4373 sctp_disposition_t sctp_sf_do_9_2_start_shutdown(
4374 const struct sctp_endpoint *ep,
4375 const struct sctp_association *asoc,
4376 const sctp_subtype_t type,
4378 sctp_cmd_seq_t *commands)
4380 struct sctp_chunk *reply;
4382 /* Once all its outstanding data has been acknowledged, the
4383 * endpoint shall send a SHUTDOWN chunk to its peer including
4384 * in the Cumulative TSN Ack field the last sequential TSN it
4385 * has received from the peer.
4387 reply = sctp_make_shutdown(asoc, NULL);
4391 /* Set the transport for the SHUTDOWN chunk and the timeout for the
4392 * T2-shutdown timer.
4394 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
4396 /* It shall then start the T2-shutdown timer */
4397 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
4398 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
4400 if (asoc->autoclose)
4401 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4402 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
4404 /* and enter the SHUTDOWN-SENT state. */
4405 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4406 SCTP_STATE(SCTP_STATE_SHUTDOWN_SENT));
4408 /* sctp-implguide 2.10 Issues with Heartbeating and failover
4410 * HEARTBEAT ... is discontinued after sending either SHUTDOWN
4413 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_STOP, SCTP_NULL());
4415 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
4417 return SCTP_DISPOSITION_CONSUME;
4420 return SCTP_DISPOSITION_NOMEM;
4424 * Generate a SHUTDOWN ACK now that everything is SACK'd.
4428 * If it has no more outstanding DATA chunks, the SHUTDOWN receiver
4429 * shall send a SHUTDOWN ACK and start a T2-shutdown timer of its own,
4430 * entering the SHUTDOWN-ACK-SENT state. If the timer expires, the
4431 * endpoint must re-send the SHUTDOWN ACK.
4433 * The return value is the disposition.
4435 sctp_disposition_t sctp_sf_do_9_2_shutdown_ack(
4436 const struct sctp_endpoint *ep,
4437 const struct sctp_association *asoc,
4438 const sctp_subtype_t type,
4440 sctp_cmd_seq_t *commands)
4442 struct sctp_chunk *chunk = (struct sctp_chunk *) arg;
4443 struct sctp_chunk *reply;
4445 /* There are 2 ways of getting here:
4446 * 1) called in response to a SHUTDOWN chunk
4447 * 2) called when SCTP_EVENT_NO_PENDING_TSN event is issued.
4449 * For the case (2), the arg parameter is set to NULL. We need
4450 * to check that we have a chunk before accessing it's fields.
4453 if (!sctp_vtag_verify(chunk, asoc))
4454 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
4456 /* Make sure that the SHUTDOWN chunk has a valid length. */
4457 if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_shutdown_chunk_t)))
4458 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
4462 /* If it has no more outstanding DATA chunks, the SHUTDOWN receiver
4463 * shall send a SHUTDOWN ACK ...
4465 reply = sctp_make_shutdown_ack(asoc, chunk);
4469 /* Set the transport for the SHUTDOWN ACK chunk and the timeout for
4470 * the T2-shutdown timer.
4472 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
4474 /* and start/restart a T2-shutdown timer of its own, */
4475 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
4476 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
4478 if (asoc->autoclose)
4479 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4480 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
4482 /* Enter the SHUTDOWN-ACK-SENT state. */
4483 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4484 SCTP_STATE(SCTP_STATE_SHUTDOWN_ACK_SENT));
4486 /* sctp-implguide 2.10 Issues with Heartbeating and failover
4488 * HEARTBEAT ... is discontinued after sending either SHUTDOWN
4491 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_STOP, SCTP_NULL());
4493 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
4495 return SCTP_DISPOSITION_CONSUME;
4498 return SCTP_DISPOSITION_NOMEM;
4502 * Ignore the event defined as other
4504 * The return value is the disposition of the event.
4506 sctp_disposition_t sctp_sf_ignore_other(const struct sctp_endpoint *ep,
4507 const struct sctp_association *asoc,
4508 const sctp_subtype_t type,
4510 sctp_cmd_seq_t *commands)
4512 SCTP_DEBUG_PRINTK("The event other type %d is ignored\n", type.other);
4513 return SCTP_DISPOSITION_DISCARD;
4516 /************************************************************
4517 * These are the state functions for handling timeout events.
4518 ************************************************************/
4523 * Section: 6.3.3 Handle T3-rtx Expiration
4525 * Whenever the retransmission timer T3-rtx expires for a destination
4526 * address, do the following:
4529 * The return value is the disposition of the chunk.
4531 sctp_disposition_t sctp_sf_do_6_3_3_rtx(const struct sctp_endpoint *ep,
4532 const struct sctp_association *asoc,
4533 const sctp_subtype_t type,
4535 sctp_cmd_seq_t *commands)
4537 struct sctp_transport *transport = arg;
4539 if (asoc->overall_error_count >= asoc->max_retrans) {
4540 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
4541 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4542 SCTP_U32(SCTP_ERROR_NO_ERROR));
4543 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
4544 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
4545 return SCTP_DISPOSITION_DELETE_TCB;
4548 /* E1) For the destination address for which the timer
4549 * expires, adjust its ssthresh with rules defined in Section
4550 * 7.2.3 and set the cwnd <- MTU.
4553 /* E2) For the destination address for which the timer
4554 * expires, set RTO <- RTO * 2 ("back off the timer"). The
4555 * maximum value discussed in rule C7 above (RTO.max) may be
4556 * used to provide an upper bound to this doubling operation.
4559 /* E3) Determine how many of the earliest (i.e., lowest TSN)
4560 * outstanding DATA chunks for the address for which the
4561 * T3-rtx has expired will fit into a single packet, subject
4562 * to the MTU constraint for the path corresponding to the
4563 * destination transport address to which the retransmission
4564 * is being sent (this may be different from the address for
4565 * which the timer expires [see Section 6.4]). Call this
4566 * value K. Bundle and retransmit those K DATA chunks in a
4567 * single packet to the destination endpoint.
4569 * Note: Any DATA chunks that were sent to the address for
4570 * which the T3-rtx timer expired but did not fit in one MTU
4571 * (rule E3 above), should be marked for retransmission and
4572 * sent as soon as cwnd allows (normally when a SACK arrives).
4575 /* NB: Rules E4 and F1 are implicit in R1. */
4576 sctp_add_cmd_sf(commands, SCTP_CMD_RETRAN, SCTP_TRANSPORT(transport));
4578 /* Do some failure management (Section 8.2). */
4579 sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE, SCTP_TRANSPORT(transport));
4581 return SCTP_DISPOSITION_CONSUME;
4585 * Generate delayed SACK on timeout
4587 * Section: 6.2 Acknowledgement on Reception of DATA Chunks
4589 * The guidelines on delayed acknowledgement algorithm specified in
4590 * Section 4.2 of [RFC2581] SHOULD be followed. Specifically, an
4591 * acknowledgement SHOULD be generated for at least every second packet
4592 * (not every second DATA chunk) received, and SHOULD be generated
4593 * within 200 ms of the arrival of any unacknowledged DATA chunk. In
4594 * some situations it may be beneficial for an SCTP transmitter to be
4595 * more conservative than the algorithms detailed in this document
4596 * allow. However, an SCTP transmitter MUST NOT be more aggressive than
4597 * the following algorithms allow.
4599 sctp_disposition_t sctp_sf_do_6_2_sack(const struct sctp_endpoint *ep,
4600 const struct sctp_association *asoc,
4601 const sctp_subtype_t type,
4603 sctp_cmd_seq_t *commands)
4605 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
4606 return SCTP_DISPOSITION_CONSUME;
4610 * sctp_sf_t1_init_timer_expire
4612 * Section: 4 Note: 2
4617 * RFC 2960 Section 4 Notes
4618 * 2) If the T1-init timer expires, the endpoint MUST retransmit INIT
4619 * and re-start the T1-init timer without changing state. This MUST
4620 * be repeated up to 'Max.Init.Retransmits' times. After that, the
4621 * endpoint MUST abort the initialization process and report the
4622 * error to SCTP user.
4628 sctp_disposition_t sctp_sf_t1_init_timer_expire(const struct sctp_endpoint *ep,
4629 const struct sctp_association *asoc,
4630 const sctp_subtype_t type,
4632 sctp_cmd_seq_t *commands)
4634 struct sctp_chunk *repl = NULL;
4635 struct sctp_bind_addr *bp;
4636 int attempts = asoc->init_err_counter + 1;
4638 SCTP_DEBUG_PRINTK("Timer T1 expired (INIT).\n");
4640 if (attempts <= asoc->max_init_attempts) {
4641 bp = (struct sctp_bind_addr *) &asoc->base.bind_addr;
4642 repl = sctp_make_init(asoc, bp, GFP_ATOMIC, 0);
4644 return SCTP_DISPOSITION_NOMEM;
4646 /* Choose transport for INIT. */
4647 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_CHOOSE_TRANSPORT,
4650 /* Issue a sideeffect to do the needed accounting. */
4651 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_RESTART,
4652 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
4654 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
4656 SCTP_DEBUG_PRINTK("Giving up on INIT, attempts: %d"
4657 " max_init_attempts: %d\n",
4658 attempts, asoc->max_init_attempts);
4659 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
4660 SCTP_U32(SCTP_ERROR_NO_ERROR));
4661 return SCTP_DISPOSITION_DELETE_TCB;
4664 return SCTP_DISPOSITION_CONSUME;
4668 * sctp_sf_t1_cookie_timer_expire
4670 * Section: 4 Note: 2
4675 * RFC 2960 Section 4 Notes
4676 * 3) If the T1-cookie timer expires, the endpoint MUST retransmit
4677 * COOKIE ECHO and re-start the T1-cookie timer without changing
4678 * state. This MUST be repeated up to 'Max.Init.Retransmits' times.
4679 * After that, the endpoint MUST abort the initialization process and
4680 * report the error to SCTP user.
4686 sctp_disposition_t sctp_sf_t1_cookie_timer_expire(const struct sctp_endpoint *ep,
4687 const struct sctp_association *asoc,
4688 const sctp_subtype_t type,
4690 sctp_cmd_seq_t *commands)
4692 struct sctp_chunk *repl = NULL;
4693 int attempts = asoc->init_err_counter + 1;
4695 SCTP_DEBUG_PRINTK("Timer T1 expired (COOKIE-ECHO).\n");
4697 if (attempts <= asoc->max_init_attempts) {
4698 repl = sctp_make_cookie_echo(asoc, NULL);
4700 return SCTP_DISPOSITION_NOMEM;
4702 /* Issue a sideeffect to do the needed accounting. */
4703 sctp_add_cmd_sf(commands, SCTP_CMD_COOKIEECHO_RESTART,
4704 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
4706 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
4708 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
4709 SCTP_U32(SCTP_ERROR_NO_ERROR));
4710 return SCTP_DISPOSITION_DELETE_TCB;
4713 return SCTP_DISPOSITION_CONSUME;
4716 /* RFC2960 9.2 If the timer expires, the endpoint must re-send the SHUTDOWN
4717 * with the updated last sequential TSN received from its peer.
4719 * An endpoint should limit the number of retransmissions of the
4720 * SHUTDOWN chunk to the protocol parameter 'Association.Max.Retrans'.
4721 * If this threshold is exceeded the endpoint should destroy the TCB and
4722 * MUST report the peer endpoint unreachable to the upper layer (and
4723 * thus the association enters the CLOSED state). The reception of any
4724 * packet from its peer (i.e. as the peer sends all of its queued DATA
4725 * chunks) should clear the endpoint's retransmission count and restart
4726 * the T2-Shutdown timer, giving its peer ample opportunity to transmit
4727 * all of its queued DATA chunks that have not yet been sent.
4729 sctp_disposition_t sctp_sf_t2_timer_expire(const struct sctp_endpoint *ep,
4730 const struct sctp_association *asoc,
4731 const sctp_subtype_t type,
4733 sctp_cmd_seq_t *commands)
4735 struct sctp_chunk *reply = NULL;
4737 SCTP_DEBUG_PRINTK("Timer T2 expired.\n");
4738 if (asoc->overall_error_count >= asoc->max_retrans) {
4739 /* Note: CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
4740 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4741 SCTP_U32(SCTP_ERROR_NO_ERROR));
4742 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
4743 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
4744 return SCTP_DISPOSITION_DELETE_TCB;
4747 switch (asoc->state) {
4748 case SCTP_STATE_SHUTDOWN_SENT:
4749 reply = sctp_make_shutdown(asoc, NULL);
4752 case SCTP_STATE_SHUTDOWN_ACK_SENT:
4753 reply = sctp_make_shutdown_ack(asoc, NULL);
4764 /* Do some failure management (Section 8.2). */
4765 sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE,
4766 SCTP_TRANSPORT(asoc->shutdown_last_sent_to));
4768 /* Set the transport for the SHUTDOWN/ACK chunk and the timeout for
4769 * the T2-shutdown timer.
4771 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
4773 /* Restart the T2-shutdown timer. */
4774 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
4775 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
4776 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
4777 return SCTP_DISPOSITION_CONSUME;
4780 return SCTP_DISPOSITION_NOMEM;
4784 * ADDIP Section 4.1 ASCONF CHunk Procedures
4785 * If the T4 RTO timer expires the endpoint should do B1 to B5
4787 sctp_disposition_t sctp_sf_t4_timer_expire(
4788 const struct sctp_endpoint *ep,
4789 const struct sctp_association *asoc,
4790 const sctp_subtype_t type,
4792 sctp_cmd_seq_t *commands)
4794 struct sctp_chunk *chunk = asoc->addip_last_asconf;
4795 struct sctp_transport *transport = chunk->transport;
4797 /* ADDIP 4.1 B1) Increment the error counters and perform path failure
4798 * detection on the appropriate destination address as defined in
4799 * RFC2960 [5] section 8.1 and 8.2.
4801 sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE, SCTP_TRANSPORT(transport));
4803 /* Reconfig T4 timer and transport. */
4804 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T4, SCTP_CHUNK(chunk));
4806 /* ADDIP 4.1 B2) Increment the association error counters and perform
4807 * endpoint failure detection on the association as defined in
4808 * RFC2960 [5] section 8.1 and 8.2.
4809 * association error counter is incremented in SCTP_CMD_STRIKE.
4811 if (asoc->overall_error_count >= asoc->max_retrans) {
4812 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4813 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
4814 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4815 SCTP_U32(SCTP_ERROR_NO_ERROR));
4816 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
4817 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
4818 return SCTP_DISPOSITION_ABORT;
4821 /* ADDIP 4.1 B3) Back-off the destination address RTO value to which
4822 * the ASCONF chunk was sent by doubling the RTO timer value.
4823 * This is done in SCTP_CMD_STRIKE.
4826 /* ADDIP 4.1 B4) Re-transmit the ASCONF Chunk last sent and if possible
4827 * choose an alternate destination address (please refer to RFC2960
4828 * [5] section 6.4.1). An endpoint MUST NOT add new parameters to this
4829 * chunk, it MUST be the same (including its serial number) as the last
4832 sctp_chunk_hold(asoc->addip_last_asconf);
4833 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
4834 SCTP_CHUNK(asoc->addip_last_asconf));
4836 /* ADDIP 4.1 B5) Restart the T-4 RTO timer. Note that if a different
4837 * destination is selected, then the RTO used will be that of the new
4838 * destination address.
4840 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
4841 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
4843 return SCTP_DISPOSITION_CONSUME;
4846 /* sctpimpguide-05 Section 2.12.2
4847 * The sender of the SHUTDOWN MAY also start an overall guard timer
4848 * 'T5-shutdown-guard' to bound the overall time for shutdown sequence.
4849 * At the expiration of this timer the sender SHOULD abort the association
4850 * by sending an ABORT chunk.
4852 sctp_disposition_t sctp_sf_t5_timer_expire(const struct sctp_endpoint *ep,
4853 const struct sctp_association *asoc,
4854 const sctp_subtype_t type,
4856 sctp_cmd_seq_t *commands)
4858 struct sctp_chunk *reply = NULL;
4860 SCTP_DEBUG_PRINTK("Timer T5 expired.\n");
4862 reply = sctp_make_abort(asoc, NULL, 0);
4866 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
4867 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4868 SCTP_U32(SCTP_ERROR_NO_ERROR));
4870 return SCTP_DISPOSITION_DELETE_TCB;
4872 return SCTP_DISPOSITION_NOMEM;
4875 /* Handle expiration of AUTOCLOSE timer. When the autoclose timer expires,
4876 * the association is automatically closed by starting the shutdown process.
4877 * The work that needs to be done is same as when SHUTDOWN is initiated by
4878 * the user. So this routine looks same as sctp_sf_do_9_2_prm_shutdown().
4880 sctp_disposition_t sctp_sf_autoclose_timer_expire(
4881 const struct sctp_endpoint *ep,
4882 const struct sctp_association *asoc,
4883 const sctp_subtype_t type,
4885 sctp_cmd_seq_t *commands)
4889 /* From 9.2 Shutdown of an Association
4890 * Upon receipt of the SHUTDOWN primitive from its upper
4891 * layer, the endpoint enters SHUTDOWN-PENDING state and
4892 * remains there until all outstanding data has been
4893 * acknowledged by its peer. The endpoint accepts no new data
4894 * from its upper layer, but retransmits data to the far end
4895 * if necessary to fill gaps.
4897 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4898 SCTP_STATE(SCTP_STATE_SHUTDOWN_PENDING));
4900 /* sctpimpguide-05 Section 2.12.2
4901 * The sender of the SHUTDOWN MAY also start an overall guard timer
4902 * 'T5-shutdown-guard' to bound the overall time for shutdown sequence.
4904 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
4905 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
4906 disposition = SCTP_DISPOSITION_CONSUME;
4907 if (sctp_outq_is_empty(&asoc->outqueue)) {
4908 disposition = sctp_sf_do_9_2_start_shutdown(ep, asoc, type,
4914 /*****************************************************************************
4915 * These are sa state functions which could apply to all types of events.
4916 ****************************************************************************/
4919 * This table entry is not implemented.
4922 * (endpoint, asoc, chunk)
4924 * The return value is the disposition of the chunk.
4926 sctp_disposition_t sctp_sf_not_impl(const struct sctp_endpoint *ep,
4927 const struct sctp_association *asoc,
4928 const sctp_subtype_t type,
4930 sctp_cmd_seq_t *commands)
4932 return SCTP_DISPOSITION_NOT_IMPL;
4936 * This table entry represents a bug.
4939 * (endpoint, asoc, chunk)
4941 * The return value is the disposition of the chunk.
4943 sctp_disposition_t sctp_sf_bug(const struct sctp_endpoint *ep,
4944 const struct sctp_association *asoc,
4945 const sctp_subtype_t type,
4947 sctp_cmd_seq_t *commands)
4949 return SCTP_DISPOSITION_BUG;
4953 * This table entry represents the firing of a timer in the wrong state.
4954 * Since timer deletion cannot be guaranteed a timer 'may' end up firing
4955 * when the association is in the wrong state. This event should
4956 * be ignored, so as to prevent any rearming of the timer.
4959 * (endpoint, asoc, chunk)
4961 * The return value is the disposition of the chunk.
4963 sctp_disposition_t sctp_sf_timer_ignore(const struct sctp_endpoint *ep,
4964 const struct sctp_association *asoc,
4965 const sctp_subtype_t type,
4967 sctp_cmd_seq_t *commands)
4969 SCTP_DEBUG_PRINTK("Timer %d ignored.\n", type.chunk);
4970 return SCTP_DISPOSITION_CONSUME;
4973 /********************************************************************
4974 * 2nd Level Abstractions
4975 ********************************************************************/
4977 /* Pull the SACK chunk based on the SACK header. */
4978 static struct sctp_sackhdr *sctp_sm_pull_sack(struct sctp_chunk *chunk)
4980 struct sctp_sackhdr *sack;
4985 /* Protect ourselves from reading too far into
4986 * the skb from a bogus sender.
4988 sack = (struct sctp_sackhdr *) chunk->skb->data;
4990 num_blocks = ntohs(sack->num_gap_ack_blocks);
4991 num_dup_tsns = ntohs(sack->num_dup_tsns);
4992 len = sizeof(struct sctp_sackhdr);
4993 len += (num_blocks + num_dup_tsns) * sizeof(__u32);
4994 if (len > chunk->skb->len)
4997 skb_pull(chunk->skb, len);
5002 /* Create an ABORT packet to be sent as a response, with the specified
5005 static struct sctp_packet *sctp_abort_pkt_new(const struct sctp_endpoint *ep,
5006 const struct sctp_association *asoc,
5007 struct sctp_chunk *chunk,
5008 const void *payload,
5011 struct sctp_packet *packet;
5012 struct sctp_chunk *abort;
5014 packet = sctp_ootb_pkt_new(asoc, chunk);
5018 * The T bit will be set if the asoc is NULL.
5020 abort = sctp_make_abort(asoc, chunk, paylen);
5022 sctp_ootb_pkt_free(packet);
5026 /* Reflect vtag if T-Bit is set */
5027 if (sctp_test_T_bit(abort))
5028 packet->vtag = ntohl(chunk->sctp_hdr->vtag);
5030 /* Add specified error causes, i.e., payload, to the
5033 sctp_addto_chunk(abort, paylen, payload);
5035 /* Set the skb to the belonging sock for accounting. */
5036 abort->skb->sk = ep->base.sk;
5038 sctp_packet_append_chunk(packet, abort);
5045 /* Allocate a packet for responding in the OOTB conditions. */
5046 static struct sctp_packet *sctp_ootb_pkt_new(const struct sctp_association *asoc,
5047 const struct sctp_chunk *chunk)
5049 struct sctp_packet *packet;
5050 struct sctp_transport *transport;
5055 /* Get the source and destination port from the inbound packet. */
5056 sport = ntohs(chunk->sctp_hdr->dest);
5057 dport = ntohs(chunk->sctp_hdr->source);
5059 /* The V-tag is going to be the same as the inbound packet if no
5060 * association exists, otherwise, use the peer's vtag.
5063 vtag = asoc->peer.i.init_tag;
5065 /* Special case the INIT and stale COOKIE_ECHO as there is no
5068 switch(chunk->chunk_hdr->type) {
5071 sctp_init_chunk_t *init;
5073 init = (sctp_init_chunk_t *)chunk->chunk_hdr;
5074 vtag = ntohl(init->init_hdr.init_tag);
5078 vtag = ntohl(chunk->sctp_hdr->vtag);
5083 /* Make a transport for the bucket, Eliza... */
5084 transport = sctp_transport_new(sctp_source(chunk), GFP_ATOMIC);
5088 /* Cache a route for the transport with the chunk's destination as
5089 * the source address.
5091 sctp_transport_route(transport, (union sctp_addr *)&chunk->dest,
5092 sctp_sk(sctp_get_ctl_sock()));
5094 packet = sctp_packet_init(&transport->packet, transport, sport, dport);
5095 packet = sctp_packet_config(packet, vtag, 0);
5103 /* Free the packet allocated earlier for responding in the OOTB condition. */
5104 void sctp_ootb_pkt_free(struct sctp_packet *packet)
5106 sctp_transport_free(packet->transport);
5109 /* Send a stale cookie error when a invalid COOKIE ECHO chunk is found */
5110 static void sctp_send_stale_cookie_err(const struct sctp_endpoint *ep,
5111 const struct sctp_association *asoc,
5112 const struct sctp_chunk *chunk,
5113 sctp_cmd_seq_t *commands,
5114 struct sctp_chunk *err_chunk)
5116 struct sctp_packet *packet;
5119 packet = sctp_ootb_pkt_new(asoc, chunk);
5121 struct sctp_signed_cookie *cookie;
5123 /* Override the OOTB vtag from the cookie. */
5124 cookie = chunk->subh.cookie_hdr;
5125 packet->vtag = cookie->c.peer_vtag;
5127 /* Set the skb to the belonging sock for accounting. */
5128 err_chunk->skb->sk = ep->base.sk;
5129 sctp_packet_append_chunk(packet, err_chunk);
5130 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
5131 SCTP_PACKET(packet));
5132 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
5134 sctp_chunk_free (err_chunk);
5139 /* Process a data chunk */
5140 static int sctp_eat_data(const struct sctp_association *asoc,
5141 struct sctp_chunk *chunk,
5142 sctp_cmd_seq_t *commands)
5144 sctp_datahdr_t *data_hdr;
5145 struct sctp_chunk *err;
5147 sctp_verb_t deliver;
5151 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
5152 struct sock *sk = asoc->base.sk;
5153 int rcvbuf_over = 0;
5155 data_hdr = chunk->subh.data_hdr = (sctp_datahdr_t *)chunk->skb->data;
5156 skb_pull(chunk->skb, sizeof(sctp_datahdr_t));
5158 tsn = ntohl(data_hdr->tsn);
5159 SCTP_DEBUG_PRINTK("eat_data: TSN 0x%x.\n", tsn);
5161 /* ASSERT: Now skb->data is really the user data. */
5164 * If we are established, and we have used up our receive buffer
5165 * memory, think about droping the frame.
5166 * Note that we have an opportunity to improve performance here.
5167 * If we accept one chunk from an skbuff, we have to keep all the
5168 * memory of that skbuff around until the chunk is read into user
5169 * space. Therefore, once we accept 1 chunk we may as well accept all
5170 * remaining chunks in the skbuff. The data_accepted flag helps us do
5173 if ((asoc->state == SCTP_STATE_ESTABLISHED) && (!chunk->data_accepted)) {
5175 * If the receive buffer policy is 1, then each
5176 * association can allocate up to sk_rcvbuf bytes
5177 * otherwise, all the associations in aggregate
5178 * may allocate up to sk_rcvbuf bytes
5180 if (asoc->ep->rcvbuf_policy)
5181 account_value = atomic_read(&asoc->rmem_alloc);
5183 account_value = atomic_read(&sk->sk_rmem_alloc);
5184 if (account_value > sk->sk_rcvbuf) {
5186 * We need to make forward progress, even when we are
5187 * under memory pressure, so we always allow the
5188 * next tsn after the ctsn ack point to be accepted.
5189 * This lets us avoid deadlocks in which we have to
5190 * drop frames that would otherwise let us drain the
5193 if ((sctp_tsnmap_get_ctsn(map) + 1) != tsn)
5194 return SCTP_IERROR_IGNORE_TSN;
5197 * We're going to accept the frame but we should renege
5198 * to make space for it. This will send us down that
5199 * path later in this function.
5205 /* Process ECN based congestion.
5207 * Since the chunk structure is reused for all chunks within
5208 * a packet, we use ecn_ce_done to track if we've already
5209 * done CE processing for this packet.
5211 * We need to do ECN processing even if we plan to discard the
5215 if (!chunk->ecn_ce_done) {
5217 chunk->ecn_ce_done = 1;
5219 af = sctp_get_af_specific(
5220 ipver2af(chunk->skb->nh.iph->version));
5222 if (af && af->is_ce(chunk->skb) && asoc->peer.ecn_capable) {
5223 /* Do real work as sideffect. */
5224 sctp_add_cmd_sf(commands, SCTP_CMD_ECN_CE,
5229 tmp = sctp_tsnmap_check(&asoc->peer.tsn_map, tsn);
5231 /* The TSN is too high--silently discard the chunk and
5232 * count on it getting retransmitted later.
5234 return SCTP_IERROR_HIGH_TSN;
5235 } else if (tmp > 0) {
5236 /* This is a duplicate. Record it. */
5237 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_DUP, SCTP_U32(tsn));
5238 return SCTP_IERROR_DUP_TSN;
5241 /* This is a new TSN. */
5243 /* Discard if there is no room in the receive window.
5244 * Actually, allow a little bit of overflow (up to a MTU).
5246 datalen = ntohs(chunk->chunk_hdr->length);
5247 datalen -= sizeof(sctp_data_chunk_t);
5249 deliver = SCTP_CMD_CHUNK_ULP;
5250 chunk->data_accepted = 1;
5252 /* Think about partial delivery. */
5253 if ((datalen >= asoc->rwnd) && (!asoc->ulpq.pd_mode)) {
5255 /* Even if we don't accept this chunk there is
5258 sctp_add_cmd_sf(commands, SCTP_CMD_PART_DELIVER, SCTP_NULL());
5261 /* Spill over rwnd a little bit. Note: While allowed, this spill over
5262 * seems a bit troublesome in that frag_point varies based on
5263 * PMTU. In cases, such as loopback, this might be a rather
5265 * NOTE: If we have a full receive buffer here, we only renege if
5266 * our receiver can still make progress without the tsn being
5267 * received. We do this because in the event that the associations
5268 * receive queue is empty we are filling a leading gap, and since
5269 * reneging moves the gap to the end of the tsn stream, we are likely
5270 * to stall again very shortly. Avoiding the renege when we fill a
5271 * leading gap is a good heuristic for avoiding such steady state
5274 if (!asoc->rwnd || asoc->rwnd_over ||
5275 (datalen > asoc->rwnd + asoc->frag_point) ||
5276 (rcvbuf_over && (!skb_queue_len(&sk->sk_receive_queue)))) {
5278 /* If this is the next TSN, consider reneging to make
5279 * room. Note: Playing nice with a confused sender. A
5280 * malicious sender can still eat up all our buffer
5281 * space and in the future we may want to detect and
5282 * do more drastic reneging.
5284 if (sctp_tsnmap_has_gap(map) &&
5285 (sctp_tsnmap_get_ctsn(map) + 1) == tsn) {
5286 SCTP_DEBUG_PRINTK("Reneging for tsn:%u\n", tsn);
5287 deliver = SCTP_CMD_RENEGE;
5289 SCTP_DEBUG_PRINTK("Discard tsn: %u len: %Zd, "
5290 "rwnd: %d\n", tsn, datalen,
5292 return SCTP_IERROR_IGNORE_TSN;
5297 * Section 3.3.10.9 No User Data (9)
5301 * No User Data: This error cause is returned to the originator of a
5302 * DATA chunk if a received DATA chunk has no user data.
5304 if (unlikely(0 == datalen)) {
5305 err = sctp_make_abort_no_data(asoc, chunk, tsn);
5307 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
5310 /* We are going to ABORT, so we might as well stop
5311 * processing the rest of the chunks in the packet.
5313 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL());
5314 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
5315 SCTP_U32(SCTP_ERROR_NO_DATA));
5316 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
5317 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
5318 return SCTP_IERROR_NO_DATA;
5321 /* If definately accepting the DATA chunk, record its TSN, otherwise
5322 * wait for renege processing.
5324 if (SCTP_CMD_CHUNK_ULP == deliver)
5325 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_TSN, SCTP_U32(tsn));
5327 /* Note: Some chunks may get overcounted (if we drop) or overcounted
5328 * if we renege and the chunk arrives again.
5330 if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED)
5331 SCTP_INC_STATS(SCTP_MIB_INUNORDERCHUNKS);
5333 SCTP_INC_STATS(SCTP_MIB_INORDERCHUNKS);
5335 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number
5337 * If an endpoint receive a DATA chunk with an invalid stream
5338 * identifier, it shall acknowledge the reception of the DATA chunk
5339 * following the normal procedure, immediately send an ERROR chunk
5340 * with cause set to "Invalid Stream Identifier" (See Section 3.3.10)
5341 * and discard the DATA chunk.
5343 if (ntohs(data_hdr->stream) >= asoc->c.sinit_max_instreams) {
5344 err = sctp_make_op_error(asoc, chunk, SCTP_ERROR_INV_STRM,
5346 sizeof(data_hdr->stream));
5348 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
5350 return SCTP_IERROR_BAD_STREAM;
5353 /* Send the data up to the user. Note: Schedule the
5354 * SCTP_CMD_CHUNK_ULP cmd before the SCTP_CMD_GEN_SACK, as the SACK
5355 * chunk needs the updated rwnd.
5357 sctp_add_cmd_sf(commands, deliver, SCTP_CHUNK(chunk));
5359 return SCTP_IERROR_NO_ERROR;
git://git.onelab.eu / linux-2.6.git / blob