1 /* SCTP kernel reference Implementation
2 * (C) Copyright IBM Corp. 2001, 2004
3 * Copyright (c) 1999-2000 Cisco, Inc.
4 * Copyright (c) 1999-2001 Motorola, Inc.
5 * Copyright (c) 2001-2002 Intel Corp.
6 * Copyright (c) 2002 Nokia Corp.
8 * This file is part of the SCTP kernel reference Implementation
10 * This is part of the SCTP Linux Kernel Reference Implementation.
12 * These are the state functions for the state machine.
14 * The SCTP reference implementation is free software;
15 * you can redistribute it and/or modify it under the terms of
16 * the GNU General Public License as published by
17 * the Free Software Foundation; either version 2, or (at your option)
20 * The SCTP reference implementation is distributed in the hope that it
21 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
22 * ************************
23 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
24 * See the GNU General Public License for more details.
26 * You should have received a copy of the GNU General Public License
27 * along with GNU CC; see the file COPYING. If not, write to
28 * the Free Software Foundation, 59 Temple Place - Suite 330,
29 * Boston, MA 02111-1307, USA.
31 * Please send any bug reports or fixes you make to the
33 * lksctp developers <lksctp-developers@lists.sourceforge.net>
35 * Or submit a bug report through the following website:
36 * http://www.sf.net/projects/lksctp
38 * Written or modified by:
39 * La Monte H.P. Yarroll <piggy@acm.org>
40 * Karl Knutson <karl@athena.chicago.il.us>
41 * Mathew Kotowsky <kotowsky@sctp.org>
42 * Sridhar Samudrala <samudrala@us.ibm.com>
43 * Jon Grimm <jgrimm@us.ibm.com>
44 * Hui Huang <hui.huang@nokia.com>
45 * Dajiang Zhang <dajiang.zhang@nokia.com>
46 * Daisy Chang <daisyc@us.ibm.com>
47 * Ardelle Fan <ardelle.fan@intel.com>
48 * Ryan Layer <rmlayer@us.ibm.com>
49 * Kevin Gao <kevin.gao@intel.com>
51 * Any bugs reported given to us we will try to fix... any fixes shared will
52 * be incorporated into the next SCTP release.
55 #include <linux/types.h>
56 #include <linux/kernel.h>
58 #include <linux/ipv6.h>
59 #include <linux/net.h>
60 #include <linux/inet.h>
62 #include <net/inet_ecn.h>
63 #include <linux/skbuff.h>
64 #include <net/sctp/sctp.h>
65 #include <net/sctp/sm.h>
66 #include <net/sctp/structs.h>
68 /**********************************************************
69 * These are the state functions for handling chunk events.
70 **********************************************************/
73 * Process the final SHUTDOWN COMPLETE.
75 * Section: 4 (C) (diagram), 9.2
76 * Upon reception of the SHUTDOWN COMPLETE chunk the endpoint will verify
77 * that it is in SHUTDOWN-ACK-SENT state, if it is not the chunk should be
78 * discarded. If the endpoint is in the SHUTDOWN-ACK-SENT state the endpoint
79 * should stop the T2-shutdown timer and remove all knowledge of the
80 * association (and thus the association enters the CLOSED state).
82 * Verification Tag: 8.5.1(C)
83 * C) Rules for packet carrying SHUTDOWN COMPLETE:
85 * - The receiver of a SHUTDOWN COMPLETE shall accept the packet if the
86 * Verification Tag field of the packet matches its own tag OR it is
87 * set to its peer's tag and the T bit is set in the Chunk Flags.
88 * Otherwise, the receiver MUST silently discard the packet and take
89 * no further action. An endpoint MUST ignore the SHUTDOWN COMPLETE if
90 * it is not in the SHUTDOWN-ACK-SENT state.
93 * (endpoint, asoc, chunk)
96 * (asoc, reply_msg, msg_up, timers, counters)
98 * The return value is the disposition of the chunk.
100 sctp_disposition_t sctp_sf_do_4_C(const struct sctp_endpoint *ep,
101 const struct sctp_association *asoc,
102 const sctp_subtype_t type,
104 sctp_cmd_seq_t *commands)
106 struct sctp_chunk *chunk = arg;
107 struct sctp_ulpevent *ev;
109 /* RFC 2960 6.10 Bundling
111 * An endpoint MUST NOT bundle INIT, INIT ACK or
112 * SHUTDOWN COMPLETE with any other chunks.
114 if (!chunk->singleton)
115 return SCTP_DISPOSITION_VIOLATION;
117 if (!sctp_vtag_verify_either(chunk, asoc))
118 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
120 /* RFC 2960 10.2 SCTP-to-ULP
122 * H) SHUTDOWN COMPLETE notification
124 * When SCTP completes the shutdown procedures (section 9.2) this
125 * notification is passed to the upper layer.
127 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_SHUTDOWN_COMP,
128 0, 0, 0, GFP_ATOMIC);
132 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
134 /* Upon reception of the SHUTDOWN COMPLETE chunk the endpoint
135 * will verify that it is in SHUTDOWN-ACK-SENT state, if it is
136 * not the chunk should be discarded. If the endpoint is in
137 * the SHUTDOWN-ACK-SENT state the endpoint should stop the
138 * T2-shutdown timer and remove all knowledge of the
139 * association (and thus the association enters the CLOSED
142 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
143 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
145 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
146 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
148 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
149 SCTP_STATE(SCTP_STATE_CLOSED));
151 SCTP_INC_STATS(SCTP_MIB_SHUTDOWNS);
152 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
154 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
156 return SCTP_DISPOSITION_DELETE_TCB;
159 return SCTP_DISPOSITION_NOMEM;
163 * Respond to a normal INIT chunk.
164 * We are the side that is being asked for an association.
166 * Section: 5.1 Normal Establishment of an Association, B
167 * B) "Z" shall respond immediately with an INIT ACK chunk. The
168 * destination IP address of the INIT ACK MUST be set to the source
169 * IP address of the INIT to which this INIT ACK is responding. In
170 * the response, besides filling in other parameters, "Z" must set the
171 * Verification Tag field to Tag_A, and also provide its own
172 * Verification Tag (Tag_Z) in the Initiate Tag field.
174 * Verification Tag: Must be 0.
177 * (endpoint, asoc, chunk)
180 * (asoc, reply_msg, msg_up, timers, counters)
182 * The return value is the disposition of the chunk.
184 sctp_disposition_t sctp_sf_do_5_1B_init(const struct sctp_endpoint *ep,
185 const struct sctp_association *asoc,
186 const sctp_subtype_t type,
188 sctp_cmd_seq_t *commands)
190 struct sctp_chunk *chunk = arg;
191 struct sctp_chunk *repl;
192 struct sctp_association *new_asoc;
193 struct sctp_chunk *err_chunk;
194 struct sctp_packet *packet;
195 sctp_unrecognized_param_t *unk_param;
200 * An endpoint MUST NOT bundle INIT, INIT ACK or
201 * SHUTDOWN COMPLETE with any other chunks.
203 if (!chunk->singleton)
204 return SCTP_DISPOSITION_VIOLATION;
206 /* If the packet is an OOTB packet which is temporarily on the
207 * control endpoint, respond with an ABORT.
209 if (ep == sctp_sk((sctp_get_ctl_sock()))->ep)
210 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
213 /* If the endpoint is not listening or if the number of associations
214 * on the TCP-style socket exceed the max backlog, respond with an
217 if (!sctp_sstate(sk, LISTENING) ||
218 (sctp_style(sk, TCP) &&
219 (sk->sk_ack_backlog >= sk->sk_max_ack_backlog)))
220 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
222 /* 3.1 A packet containing an INIT chunk MUST have a zero Verification
225 if (chunk->sctp_hdr->vtag != 0)
226 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
228 /* Verify the INIT chunk before processing it. */
230 if (!sctp_verify_init(asoc, chunk->chunk_hdr->type,
231 (sctp_init_chunk_t *)chunk->chunk_hdr, chunk,
233 /* This chunk contains fatal error. It is to be discarded.
234 * Send an ABORT, with causes if there is any.
237 packet = sctp_abort_pkt_new(ep, asoc, arg,
238 (__u8 *)(err_chunk->chunk_hdr) +
239 sizeof(sctp_chunkhdr_t),
240 ntohs(err_chunk->chunk_hdr->length) -
241 sizeof(sctp_chunkhdr_t));
243 sctp_chunk_free(err_chunk);
246 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
247 SCTP_PACKET(packet));
248 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
249 return SCTP_DISPOSITION_CONSUME;
251 return SCTP_DISPOSITION_NOMEM;
254 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg,
259 /* Grab the INIT header. */
260 chunk->subh.init_hdr = (sctp_inithdr_t *)chunk->skb->data;
262 /* Tag the variable length parameters. */
263 chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t));
265 new_asoc = sctp_make_temp_asoc(ep, chunk, GFP_ATOMIC);
269 /* The call, sctp_process_init(), can fail on memory allocation. */
270 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
272 (sctp_init_chunk_t *)chunk->chunk_hdr,
276 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
278 /* B) "Z" shall respond immediately with an INIT ACK chunk. */
280 /* If there are errors need to be reported for unknown parameters,
281 * make sure to reserve enough room in the INIT ACK for them.
285 len = ntohs(err_chunk->chunk_hdr->length) -
286 sizeof(sctp_chunkhdr_t);
288 if (sctp_assoc_set_bind_addr_from_ep(new_asoc, GFP_ATOMIC) < 0)
291 repl = sctp_make_init_ack(new_asoc, chunk, GFP_ATOMIC, len);
295 /* If there are errors need to be reported for unknown parameters,
296 * include them in the outgoing INIT ACK as "Unrecognized parameter"
300 /* Get the "Unrecognized parameter" parameter(s) out of the
301 * ERROR chunk generated by sctp_verify_init(). Since the
302 * error cause code for "unknown parameter" and the
303 * "Unrecognized parameter" type is the same, we can
304 * construct the parameters in INIT ACK by copying the
307 unk_param = (sctp_unrecognized_param_t *)
308 ((__u8 *)(err_chunk->chunk_hdr) +
309 sizeof(sctp_chunkhdr_t));
310 /* Replace the cause code with the "Unrecognized parameter"
313 sctp_addto_chunk(repl, len, unk_param);
314 sctp_chunk_free(err_chunk);
317 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
320 * Note: After sending out INIT ACK with the State Cookie parameter,
321 * "Z" MUST NOT allocate any resources, nor keep any states for the
322 * new association. Otherwise, "Z" will be vulnerable to resource
325 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
327 return SCTP_DISPOSITION_DELETE_TCB;
331 sctp_chunk_free(err_chunk);
333 sctp_association_free(new_asoc);
335 return SCTP_DISPOSITION_NOMEM;
339 * Respond to a normal INIT ACK chunk.
340 * We are the side that is initiating the association.
342 * Section: 5.1 Normal Establishment of an Association, C
343 * C) Upon reception of the INIT ACK from "Z", "A" shall stop the T1-init
344 * timer and leave COOKIE-WAIT state. "A" shall then send the State
345 * Cookie received in the INIT ACK chunk in a COOKIE ECHO chunk, start
346 * the T1-cookie timer, and enter the COOKIE-ECHOED state.
348 * Note: The COOKIE ECHO chunk can be bundled with any pending outbound
349 * DATA chunks, but it MUST be the first chunk in the packet and
350 * until the COOKIE ACK is returned the sender MUST NOT send any
351 * other packets to the peer.
353 * Verification Tag: 3.3.3
354 * If the value of the Initiate Tag in a received INIT ACK chunk is
355 * found to be 0, the receiver MUST treat it as an error and close the
356 * association by transmitting an ABORT.
359 * (endpoint, asoc, chunk)
362 * (asoc, reply_msg, msg_up, timers, counters)
364 * The return value is the disposition of the chunk.
366 sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
367 const struct sctp_association *asoc,
368 const sctp_subtype_t type,
370 sctp_cmd_seq_t *commands)
372 struct sctp_chunk *chunk = arg;
373 sctp_init_chunk_t *initchunk;
375 struct sctp_chunk *err_chunk;
376 struct sctp_packet *packet;
377 sctp_disposition_t ret;
380 * An endpoint MUST NOT bundle INIT, INIT ACK or
381 * SHUTDOWN COMPLETE with any other chunks.
383 if (!chunk->singleton)
384 return SCTP_DISPOSITION_VIOLATION;
386 if (!sctp_vtag_verify(chunk, asoc))
387 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
389 /* Grab the INIT header. */
390 chunk->subh.init_hdr = (sctp_inithdr_t *) chunk->skb->data;
392 init_tag = ntohl(chunk->subh.init_hdr->init_tag);
394 /* Verification Tag: 3.3.3
395 * If the value of the Initiate Tag in a received INIT ACK
396 * chunk is found to be 0, the receiver MUST treat it as an
397 * error and close the association by transmitting an ABORT.
400 struct sctp_chunk *reply = sctp_make_abort(asoc, chunk, 0);
404 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
405 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
406 SCTP_STATE(SCTP_STATE_CLOSED));
407 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
408 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
409 return SCTP_DISPOSITION_DELETE_TCB;
412 /* Verify the INIT chunk before processing it. */
414 if (!sctp_verify_init(asoc, chunk->chunk_hdr->type,
415 (sctp_init_chunk_t *)chunk->chunk_hdr, chunk,
418 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
420 /* This chunk contains fatal error. It is to be discarded.
421 * Send an ABORT, with causes if there is any.
424 packet = sctp_abort_pkt_new(ep, asoc, arg,
425 (__u8 *)(err_chunk->chunk_hdr) +
426 sizeof(sctp_chunkhdr_t),
427 ntohs(err_chunk->chunk_hdr->length) -
428 sizeof(sctp_chunkhdr_t));
430 sctp_chunk_free(err_chunk);
433 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
434 SCTP_PACKET(packet));
435 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
436 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
437 SCTP_STATE(SCTP_STATE_CLOSED));
438 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB,
440 return SCTP_DISPOSITION_CONSUME;
442 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
443 SCTP_STATE(SCTP_STATE_CLOSED));
444 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB,
446 return SCTP_DISPOSITION_NOMEM;
449 ret = sctp_sf_tabort_8_4_8(ep, asoc, type, arg,
451 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
452 SCTP_STATE(SCTP_STATE_CLOSED));
453 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB,
459 /* Tag the variable length parameters. Note that we never
460 * convert the parameters in an INIT chunk.
462 chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t));
464 initchunk = (sctp_init_chunk_t *) chunk->chunk_hdr;
466 sctp_add_cmd_sf(commands, SCTP_CMD_PEER_INIT,
467 SCTP_PEER_INIT(initchunk));
469 /* 5.1 C) "A" shall stop the T1-init timer and leave
470 * COOKIE-WAIT state. "A" shall then ... start the T1-cookie
471 * timer, and enter the COOKIE-ECHOED state.
473 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
474 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
475 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
476 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
477 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
478 SCTP_STATE(SCTP_STATE_COOKIE_ECHOED));
480 /* 5.1 C) "A" shall then send the State Cookie received in the
481 * INIT ACK chunk in a COOKIE ECHO chunk, ...
483 /* If there is any errors to report, send the ERROR chunk generated
484 * for unknown parameters as well.
486 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_COOKIE_ECHO,
487 SCTP_CHUNK(err_chunk));
489 return SCTP_DISPOSITION_CONSUME;
492 return SCTP_DISPOSITION_NOMEM;
496 * Respond to a normal COOKIE ECHO chunk.
497 * We are the side that is being asked for an association.
499 * Section: 5.1 Normal Establishment of an Association, D
500 * D) Upon reception of the COOKIE ECHO chunk, Endpoint "Z" will reply
501 * with a COOKIE ACK chunk after building a TCB and moving to
502 * the ESTABLISHED state. A COOKIE ACK chunk may be bundled with
503 * any pending DATA chunks (and/or SACK chunks), but the COOKIE ACK
504 * chunk MUST be the first chunk in the packet.
506 * IMPLEMENTATION NOTE: An implementation may choose to send the
507 * Communication Up notification to the SCTP user upon reception
508 * of a valid COOKIE ECHO chunk.
510 * Verification Tag: 8.5.1 Exceptions in Verification Tag Rules
511 * D) Rules for packet carrying a COOKIE ECHO
513 * - When sending a COOKIE ECHO, the endpoint MUST use the value of the
514 * Initial Tag received in the INIT ACK.
516 * - The receiver of a COOKIE ECHO follows the procedures in Section 5.
519 * (endpoint, asoc, chunk)
522 * (asoc, reply_msg, msg_up, timers, counters)
524 * The return value is the disposition of the chunk.
526 sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
527 const struct sctp_association *asoc,
528 const sctp_subtype_t type, void *arg,
529 sctp_cmd_seq_t *commands)
531 struct sctp_chunk *chunk = arg;
532 struct sctp_association *new_asoc;
533 sctp_init_chunk_t *peer_init;
534 struct sctp_chunk *repl;
535 struct sctp_ulpevent *ev;
537 struct sctp_chunk *err_chk_p;
539 /* If the packet is an OOTB packet which is temporarily on the
540 * control endpoint, respond with an ABORT.
542 if (ep == sctp_sk((sctp_get_ctl_sock()))->ep)
543 return sctp_sf_ootb(ep, asoc, type, arg, commands);
545 /* "Decode" the chunk. We have no optional parameters so we
548 chunk->subh.cookie_hdr =
549 (struct sctp_signed_cookie *)chunk->skb->data;
551 ntohs(chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t));
553 /* 5.1 D) Upon reception of the COOKIE ECHO chunk, Endpoint
554 * "Z" will reply with a COOKIE ACK chunk after building a TCB
555 * and moving to the ESTABLISHED state.
557 new_asoc = sctp_unpack_cookie(ep, asoc, chunk, GFP_ATOMIC, &error,
561 * If the re-build failed, what is the proper error path
564 * [We should abort the association. --piggy]
567 /* FIXME: Several errors are possible. A bad cookie should
568 * be silently discarded, but think about logging it too.
571 case -SCTP_IERROR_NOMEM:
574 case -SCTP_IERROR_STALE_COOKIE:
575 sctp_send_stale_cookie_err(ep, asoc, chunk, commands,
577 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
579 case -SCTP_IERROR_BAD_SIG:
581 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
585 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
586 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
587 SCTP_STATE(SCTP_STATE_ESTABLISHED));
588 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
589 SCTP_INC_STATS(SCTP_MIB_PASSIVEESTABS);
590 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
592 if (new_asoc->autoclose)
593 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
594 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
596 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
598 /* Re-build the bind address for the association is done in
599 * the sctp_unpack_cookie() already.
601 /* This is a brand-new association, so these are not yet side
602 * effects--it is safe to run them here.
604 peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
606 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
607 &chunk->subh.cookie_hdr->c.peer_addr,
608 peer_init, GFP_ATOMIC))
611 repl = sctp_make_cookie_ack(new_asoc, chunk);
615 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
617 /* RFC 2960 5.1 Normal Establishment of an Association
619 * D) IMPLEMENTATION NOTE: An implementation may choose to
620 * send the Communication Up notification to the SCTP user
621 * upon reception of a valid COOKIE ECHO chunk.
623 ev = sctp_ulpevent_make_assoc_change(new_asoc, 0, SCTP_COMM_UP, 0,
624 new_asoc->c.sinit_num_ostreams,
625 new_asoc->c.sinit_max_instreams,
630 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
632 return SCTP_DISPOSITION_CONSUME;
635 sctp_chunk_free(repl);
638 sctp_association_free(new_asoc);
640 return SCTP_DISPOSITION_NOMEM;
644 * Respond to a normal COOKIE ACK chunk.
645 * We are the side that is being asked for an association.
647 * RFC 2960 5.1 Normal Establishment of an Association
649 * E) Upon reception of the COOKIE ACK, endpoint "A" will move from the
650 * COOKIE-ECHOED state to the ESTABLISHED state, stopping the T1-cookie
651 * timer. It may also notify its ULP about the successful
652 * establishment of the association with a Communication Up
653 * notification (see Section 10).
657 * (endpoint, asoc, chunk)
660 * (asoc, reply_msg, msg_up, timers, counters)
662 * The return value is the disposition of the chunk.
664 sctp_disposition_t sctp_sf_do_5_1E_ca(const struct sctp_endpoint *ep,
665 const struct sctp_association *asoc,
666 const sctp_subtype_t type, void *arg,
667 sctp_cmd_seq_t *commands)
669 struct sctp_chunk *chunk = arg;
670 struct sctp_ulpevent *ev;
672 if (!sctp_vtag_verify(chunk, asoc))
673 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
675 /* Reset init error count upon receipt of COOKIE-ACK,
676 * to avoid problems with the managemement of this
677 * counter in stale cookie situations when a transition back
678 * from the COOKIE-ECHOED state to the COOKIE-WAIT
679 * state is performed.
681 sctp_add_cmd_sf(commands, SCTP_CMD_COUNTER_RESET,
682 SCTP_COUNTER(SCTP_COUNTER_INIT_ERROR));
684 /* RFC 2960 5.1 Normal Establishment of an Association
686 * E) Upon reception of the COOKIE ACK, endpoint "A" will move
687 * from the COOKIE-ECHOED state to the ESTABLISHED state,
688 * stopping the T1-cookie timer.
690 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
691 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
692 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
693 SCTP_STATE(SCTP_STATE_ESTABLISHED));
694 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
695 SCTP_INC_STATS(SCTP_MIB_ACTIVEESTABS);
696 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
698 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
699 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
700 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
702 /* It may also notify its ULP about the successful
703 * establishment of the association with a Communication Up
704 * notification (see Section 10).
706 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_COMM_UP,
707 0, asoc->c.sinit_num_ostreams,
708 asoc->c.sinit_max_instreams,
714 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
716 return SCTP_DISPOSITION_CONSUME;
718 return SCTP_DISPOSITION_NOMEM;
721 /* Generate and sendout a heartbeat packet. */
722 sctp_disposition_t sctp_sf_heartbeat(const struct sctp_endpoint *ep,
723 const struct sctp_association *asoc,
724 const sctp_subtype_t type,
726 sctp_cmd_seq_t *commands)
728 struct sctp_transport *transport = (struct sctp_transport *) arg;
729 struct sctp_chunk *reply;
730 sctp_sender_hb_info_t hbinfo;
733 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO;
734 hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t));
735 hbinfo.daddr = transport->ipaddr;
736 hbinfo.sent_at = jiffies;
738 /* Send a heartbeat to our peer. */
739 paylen = sizeof(sctp_sender_hb_info_t);
740 reply = sctp_make_heartbeat(asoc, transport, &hbinfo, paylen);
742 return SCTP_DISPOSITION_NOMEM;
744 /* Set rto_pending indicating that an RTT measurement
745 * is started with this heartbeat chunk.
747 sctp_add_cmd_sf(commands, SCTP_CMD_RTO_PENDING,
748 SCTP_TRANSPORT(transport));
750 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
751 return SCTP_DISPOSITION_CONSUME;
754 /* Generate a HEARTBEAT packet on the given transport. */
755 sctp_disposition_t sctp_sf_sendbeat_8_3(const struct sctp_endpoint *ep,
756 const struct sctp_association *asoc,
757 const sctp_subtype_t type,
759 sctp_cmd_seq_t *commands)
761 struct sctp_transport *transport = (struct sctp_transport *) arg;
763 if (asoc->overall_error_count > asoc->max_retrans) {
764 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
765 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
766 SCTP_U32(SCTP_ERROR_NO_ERROR));
767 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
768 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
769 return SCTP_DISPOSITION_DELETE_TCB;
773 * The Sender-specific Heartbeat Info field should normally include
774 * information about the sender's current time when this HEARTBEAT
775 * chunk is sent and the destination transport address to which this
776 * HEARTBEAT is sent (see Section 8.3).
779 if (transport->hb_allowed) {
780 if (SCTP_DISPOSITION_NOMEM ==
781 sctp_sf_heartbeat(ep, asoc, type, arg,
783 return SCTP_DISPOSITION_NOMEM;
784 /* Set transport error counter and association error counter
785 * when sending heartbeat.
787 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSPORT_RESET,
788 SCTP_TRANSPORT(transport));
790 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMER_UPDATE,
791 SCTP_TRANSPORT(transport));
793 return SCTP_DISPOSITION_CONSUME;
797 * Process an heartbeat request.
799 * Section: 8.3 Path Heartbeat
800 * The receiver of the HEARTBEAT should immediately respond with a
801 * HEARTBEAT ACK that contains the Heartbeat Information field copied
802 * from the received HEARTBEAT chunk.
804 * Verification Tag: 8.5 Verification Tag [Normal verification]
805 * When receiving an SCTP packet, the endpoint MUST ensure that the
806 * value in the Verification Tag field of the received SCTP packet
807 * matches its own Tag. If the received Verification Tag value does not
808 * match the receiver's own tag value, the receiver shall silently
809 * discard the packet and shall not process it any further except for
810 * those cases listed in Section 8.5.1 below.
813 * (endpoint, asoc, chunk)
816 * (asoc, reply_msg, msg_up, timers, counters)
818 * The return value is the disposition of the chunk.
820 sctp_disposition_t sctp_sf_beat_8_3(const struct sctp_endpoint *ep,
821 const struct sctp_association *asoc,
822 const sctp_subtype_t type,
824 sctp_cmd_seq_t *commands)
826 struct sctp_chunk *chunk = arg;
827 struct sctp_chunk *reply;
830 if (!sctp_vtag_verify(chunk, asoc))
831 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
833 /* 8.3 The receiver of the HEARTBEAT should immediately
834 * respond with a HEARTBEAT ACK that contains the Heartbeat
835 * Information field copied from the received HEARTBEAT chunk.
837 chunk->subh.hb_hdr = (sctp_heartbeathdr_t *) chunk->skb->data;
838 paylen = ntohs(chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
839 skb_pull(chunk->skb, paylen);
841 reply = sctp_make_heartbeat_ack(asoc, chunk,
842 chunk->subh.hb_hdr, paylen);
846 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
847 return SCTP_DISPOSITION_CONSUME;
850 return SCTP_DISPOSITION_NOMEM;
854 * Process the returning HEARTBEAT ACK.
856 * Section: 8.3 Path Heartbeat
857 * Upon the receipt of the HEARTBEAT ACK, the sender of the HEARTBEAT
858 * should clear the error counter of the destination transport
859 * address to which the HEARTBEAT was sent, and mark the destination
860 * transport address as active if it is not so marked. The endpoint may
861 * optionally report to the upper layer when an inactive destination
862 * address is marked as active due to the reception of the latest
863 * HEARTBEAT ACK. The receiver of the HEARTBEAT ACK must also
864 * clear the association overall error count as well (as defined
867 * The receiver of the HEARTBEAT ACK should also perform an RTT
868 * measurement for that destination transport address using the time
869 * value carried in the HEARTBEAT ACK chunk.
871 * Verification Tag: 8.5 Verification Tag [Normal verification]
874 * (endpoint, asoc, chunk)
877 * (asoc, reply_msg, msg_up, timers, counters)
879 * The return value is the disposition of the chunk.
881 sctp_disposition_t sctp_sf_backbeat_8_3(const struct sctp_endpoint *ep,
882 const struct sctp_association *asoc,
883 const sctp_subtype_t type,
885 sctp_cmd_seq_t *commands)
887 struct sctp_chunk *chunk = arg;
888 union sctp_addr from_addr;
889 struct sctp_transport *link;
890 sctp_sender_hb_info_t *hbinfo;
891 unsigned long max_interval;
893 if (!sctp_vtag_verify(chunk, asoc))
894 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
896 hbinfo = (sctp_sender_hb_info_t *) chunk->skb->data;
897 from_addr = hbinfo->daddr;
898 link = sctp_assoc_lookup_paddr(asoc, &from_addr);
900 /* This should never happen, but lets log it if so. */
903 "%s: Could not find address %d.%d.%d.%d\n",
904 __FUNCTION__, NIPQUAD(from_addr.v4.sin_addr));
905 return SCTP_DISPOSITION_DISCARD;
908 max_interval = link->hb_interval + link->rto;
910 /* Check if the timestamp looks valid. */
911 if (time_after(hbinfo->sent_at, jiffies) ||
912 time_after(jiffies, hbinfo->sent_at + max_interval)) {
913 SCTP_DEBUG_PRINTK("%s: HEARTBEAT ACK with invalid timestamp"
914 "received for transport: %p\n",
916 return SCTP_DISPOSITION_DISCARD;
919 /* 8.3 Upon the receipt of the HEARTBEAT ACK, the sender of
920 * the HEARTBEAT should clear the error counter of the
921 * destination transport address to which the HEARTBEAT was
922 * sent and mark the destination transport address as active if
923 * it is not so marked.
925 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSPORT_ON, SCTP_TRANSPORT(link));
927 return SCTP_DISPOSITION_CONSUME;
930 /* Helper function to send out an abort for the restart
933 static int sctp_sf_send_restart_abort(union sctp_addr *ssa,
934 struct sctp_chunk *init,
935 sctp_cmd_seq_t *commands)
938 struct sctp_packet *pkt;
939 union sctp_addr_param *addrparm;
940 struct sctp_errhdr *errhdr;
941 struct sctp_endpoint *ep;
942 char buffer[sizeof(struct sctp_errhdr)+sizeof(union sctp_addr_param)];
943 struct sctp_af *af = sctp_get_af_specific(ssa->v4.sin_family);
945 /* Build the error on the stack. We are way to malloc crazy
946 * throughout the code today.
948 errhdr = (struct sctp_errhdr *)buffer;
949 addrparm = (union sctp_addr_param *)errhdr->variable;
951 /* Copy into a parm format. */
952 len = af->to_addr_param(ssa, addrparm);
953 len += sizeof(sctp_errhdr_t);
955 errhdr->cause = SCTP_ERROR_RESTART;
956 errhdr->length = htons(len);
958 /* Assign to the control socket. */
959 ep = sctp_sk((sctp_get_ctl_sock()))->ep;
961 /* Association is NULL since this may be a restart attack and we
962 * want to send back the attacker's vtag.
964 pkt = sctp_abort_pkt_new(ep, NULL, init, errhdr, len);
968 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT, SCTP_PACKET(pkt));
970 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
972 /* Discard the rest of the inbound packet. */
973 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET, SCTP_NULL());
976 /* Even if there is no memory, treat as a failure so
977 * the packet will get dropped.
982 /* A restart is occurring, check to make sure no new addresses
983 * are being added as we may be under a takeover attack.
985 static int sctp_sf_check_restart_addrs(const struct sctp_association *new_asoc,
986 const struct sctp_association *asoc,
987 struct sctp_chunk *init,
988 sctp_cmd_seq_t *commands)
990 struct sctp_transport *new_addr, *addr;
991 struct list_head *pos, *pos2;
994 /* Implementor's Guide - Sectin 5.2.2
996 * Before responding the endpoint MUST check to see if the
997 * unexpected INIT adds new addresses to the association. If new
998 * addresses are added to the association, the endpoint MUST respond
1002 /* Search through all current addresses and make sure
1003 * we aren't adding any new ones.
1008 list_for_each(pos, &new_asoc->peer.transport_addr_list) {
1009 new_addr = list_entry(pos, struct sctp_transport, transports);
1011 list_for_each(pos2, &asoc->peer.transport_addr_list) {
1012 addr = list_entry(pos2, struct sctp_transport,
1014 if (sctp_cmp_addr_exact(&new_addr->ipaddr,
1024 /* If a new address was added, ABORT the sender. */
1025 if (!found && new_addr) {
1026 sctp_sf_send_restart_abort(&new_addr->ipaddr, init, commands);
1029 /* Return success if all addresses were found. */
1033 /* Populate the verification/tie tags based on overlapping INIT
1036 * Note: Do not use in CLOSED or SHUTDOWN-ACK-SENT state.
1038 static void sctp_tietags_populate(struct sctp_association *new_asoc,
1039 const struct sctp_association *asoc)
1041 switch (asoc->state) {
1043 /* 5.2.1 INIT received in COOKIE-WAIT or COOKIE-ECHOED State */
1045 case SCTP_STATE_COOKIE_WAIT:
1046 new_asoc->c.my_vtag = asoc->c.my_vtag;
1047 new_asoc->c.my_ttag = asoc->c.my_vtag;
1048 new_asoc->c.peer_ttag = 0;
1051 case SCTP_STATE_COOKIE_ECHOED:
1052 new_asoc->c.my_vtag = asoc->c.my_vtag;
1053 new_asoc->c.my_ttag = asoc->c.my_vtag;
1054 new_asoc->c.peer_ttag = asoc->c.peer_vtag;
1057 /* 5.2.2 Unexpected INIT in States Other than CLOSED, COOKIE-ECHOED,
1058 * COOKIE-WAIT and SHUTDOWN-ACK-SENT
1061 new_asoc->c.my_ttag = asoc->c.my_vtag;
1062 new_asoc->c.peer_ttag = asoc->c.peer_vtag;
1066 /* Other parameters for the endpoint SHOULD be copied from the
1067 * existing parameters of the association (e.g. number of
1068 * outbound streams) into the INIT ACK and cookie.
1070 new_asoc->rwnd = asoc->rwnd;
1071 new_asoc->c.sinit_num_ostreams = asoc->c.sinit_num_ostreams;
1072 new_asoc->c.sinit_max_instreams = asoc->c.sinit_max_instreams;
1073 new_asoc->c.initial_tsn = asoc->c.initial_tsn;
1077 * Compare vtag/tietag values to determine unexpected COOKIE-ECHO
1080 * RFC 2960 5.2.4 Handle a COOKIE ECHO when a TCB exists.
1082 * Returns value representing action to be taken. These action values
1083 * correspond to Action/Description values in RFC 2960, Table 2.
1085 static char sctp_tietags_compare(struct sctp_association *new_asoc,
1086 const struct sctp_association *asoc)
1088 /* In this case, the peer may have restarted. */
1089 if ((asoc->c.my_vtag != new_asoc->c.my_vtag) &&
1090 (asoc->c.peer_vtag != new_asoc->c.peer_vtag) &&
1091 (asoc->c.my_vtag == new_asoc->c.my_ttag) &&
1092 (asoc->c.peer_vtag == new_asoc->c.peer_ttag))
1095 /* Collision case B. */
1096 if ((asoc->c.my_vtag == new_asoc->c.my_vtag) &&
1097 ((asoc->c.peer_vtag != new_asoc->c.peer_vtag) ||
1098 (0 == asoc->c.peer_vtag))) {
1102 /* Collision case D. */
1103 if ((asoc->c.my_vtag == new_asoc->c.my_vtag) &&
1104 (asoc->c.peer_vtag == new_asoc->c.peer_vtag))
1107 /* Collision case C. */
1108 if ((asoc->c.my_vtag != new_asoc->c.my_vtag) &&
1109 (asoc->c.peer_vtag == new_asoc->c.peer_vtag) &&
1110 (0 == new_asoc->c.my_ttag) &&
1111 (0 == new_asoc->c.peer_ttag))
1114 /* No match to any of the special cases; discard this packet. */
1118 /* Common helper routine for both duplicate and simulataneous INIT
1121 static sctp_disposition_t sctp_sf_do_unexpected_init(
1122 const struct sctp_endpoint *ep,
1123 const struct sctp_association *asoc,
1124 const sctp_subtype_t type,
1125 void *arg, sctp_cmd_seq_t *commands)
1127 sctp_disposition_t retval;
1128 struct sctp_chunk *chunk = arg;
1129 struct sctp_chunk *repl;
1130 struct sctp_association *new_asoc;
1131 struct sctp_chunk *err_chunk;
1132 struct sctp_packet *packet;
1133 sctp_unrecognized_param_t *unk_param;
1137 * An endpoint MUST NOT bundle INIT, INIT ACK or
1138 * SHUTDOWN COMPLETE with any other chunks.
1140 if (!chunk->singleton)
1141 return SCTP_DISPOSITION_VIOLATION;
1143 /* 3.1 A packet containing an INIT chunk MUST have a zero Verification
1146 if (chunk->sctp_hdr->vtag != 0)
1147 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
1149 /* Grab the INIT header. */
1150 chunk->subh.init_hdr = (sctp_inithdr_t *) chunk->skb->data;
1152 /* Tag the variable length parameters. */
1153 chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t));
1155 /* Verify the INIT chunk before processing it. */
1157 if (!sctp_verify_init(asoc, chunk->chunk_hdr->type,
1158 (sctp_init_chunk_t *)chunk->chunk_hdr, chunk,
1160 /* This chunk contains fatal error. It is to be discarded.
1161 * Send an ABORT, with causes if there is any.
1164 packet = sctp_abort_pkt_new(ep, asoc, arg,
1165 (__u8 *)(err_chunk->chunk_hdr) +
1166 sizeof(sctp_chunkhdr_t),
1167 ntohs(err_chunk->chunk_hdr->length) -
1168 sizeof(sctp_chunkhdr_t));
1171 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
1172 SCTP_PACKET(packet));
1173 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
1174 retval = SCTP_DISPOSITION_CONSUME;
1176 retval = SCTP_DISPOSITION_NOMEM;
1180 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg,
1186 * Other parameters for the endpoint SHOULD be copied from the
1187 * existing parameters of the association (e.g. number of
1188 * outbound streams) into the INIT ACK and cookie.
1189 * FIXME: We are copying parameters from the endpoint not the
1192 new_asoc = sctp_make_temp_asoc(ep, chunk, GFP_ATOMIC);
1196 /* In the outbound INIT ACK the endpoint MUST copy its current
1197 * Verification Tag and Peers Verification tag into a reserved
1198 * place (local tie-tag and per tie-tag) within the state cookie.
1200 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
1202 (sctp_init_chunk_t *)chunk->chunk_hdr,
1204 retval = SCTP_DISPOSITION_NOMEM;
1208 /* Make sure no new addresses are being added during the
1209 * restart. Do not do this check for COOKIE-WAIT state,
1210 * since there are no peer addresses to check against.
1211 * Upon return an ABORT will have been sent if needed.
1213 if (!sctp_state(asoc, COOKIE_WAIT)) {
1214 if (!sctp_sf_check_restart_addrs(new_asoc, asoc, chunk,
1216 retval = SCTP_DISPOSITION_CONSUME;
1221 sctp_tietags_populate(new_asoc, asoc);
1223 /* B) "Z" shall respond immediately with an INIT ACK chunk. */
1225 /* If there are errors need to be reported for unknown parameters,
1226 * make sure to reserve enough room in the INIT ACK for them.
1230 len = ntohs(err_chunk->chunk_hdr->length) -
1231 sizeof(sctp_chunkhdr_t);
1234 if (sctp_assoc_set_bind_addr_from_ep(new_asoc, GFP_ATOMIC) < 0)
1237 repl = sctp_make_init_ack(new_asoc, chunk, GFP_ATOMIC, len);
1241 /* If there are errors need to be reported for unknown parameters,
1242 * include them in the outgoing INIT ACK as "Unrecognized parameter"
1246 /* Get the "Unrecognized parameter" parameter(s) out of the
1247 * ERROR chunk generated by sctp_verify_init(). Since the
1248 * error cause code for "unknown parameter" and the
1249 * "Unrecognized parameter" type is the same, we can
1250 * construct the parameters in INIT ACK by copying the
1251 * ERROR causes over.
1253 unk_param = (sctp_unrecognized_param_t *)
1254 ((__u8 *)(err_chunk->chunk_hdr) +
1255 sizeof(sctp_chunkhdr_t));
1256 /* Replace the cause code with the "Unrecognized parameter"
1259 sctp_addto_chunk(repl, len, unk_param);
1262 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
1263 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1266 * Note: After sending out INIT ACK with the State Cookie parameter,
1267 * "Z" MUST NOT allocate any resources for this new association.
1268 * Otherwise, "Z" will be vulnerable to resource attacks.
1270 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
1271 retval = SCTP_DISPOSITION_CONSUME;
1275 sctp_chunk_free(err_chunk);
1278 retval = SCTP_DISPOSITION_NOMEM;
1282 sctp_association_free(new_asoc);
1287 * Handle simultanous INIT.
1288 * This means we started an INIT and then we got an INIT request from
1291 * Section: 5.2.1 INIT received in COOKIE-WAIT or COOKIE-ECHOED State (Item B)
1292 * This usually indicates an initialization collision, i.e., each
1293 * endpoint is attempting, at about the same time, to establish an
1294 * association with the other endpoint.
1296 * Upon receipt of an INIT in the COOKIE-WAIT or COOKIE-ECHOED state, an
1297 * endpoint MUST respond with an INIT ACK using the same parameters it
1298 * sent in its original INIT chunk (including its Verification Tag,
1299 * unchanged). These original parameters are combined with those from the
1300 * newly received INIT chunk. The endpoint shall also generate a State
1301 * Cookie with the INIT ACK. The endpoint uses the parameters sent in its
1302 * INIT to calculate the State Cookie.
1304 * After that, the endpoint MUST NOT change its state, the T1-init
1305 * timer shall be left running and the corresponding TCB MUST NOT be
1306 * destroyed. The normal procedures for handling State Cookies when
1307 * a TCB exists will resolve the duplicate INITs to a single association.
1309 * For an endpoint that is in the COOKIE-ECHOED state it MUST populate
1310 * its Tie-Tags with the Tag information of itself and its peer (see
1311 * section 5.2.2 for a description of the Tie-Tags).
1313 * Verification Tag: Not explicit, but an INIT can not have a valid
1314 * verification tag, so we skip the check.
1317 * (endpoint, asoc, chunk)
1320 * (asoc, reply_msg, msg_up, timers, counters)
1322 * The return value is the disposition of the chunk.
1324 sctp_disposition_t sctp_sf_do_5_2_1_siminit(const struct sctp_endpoint *ep,
1325 const struct sctp_association *asoc,
1326 const sctp_subtype_t type,
1328 sctp_cmd_seq_t *commands)
1330 /* Call helper to do the real work for both simulataneous and
1331 * duplicate INIT chunk handling.
1333 return sctp_sf_do_unexpected_init(ep, asoc, type, arg, commands);
1337 * Handle duplicated INIT messages. These are usually delayed
1340 * Section: 5.2.2 Unexpected INIT in States Other than CLOSED,
1341 * COOKIE-ECHOED and COOKIE-WAIT
1343 * Unless otherwise stated, upon reception of an unexpected INIT for
1344 * this association, the endpoint shall generate an INIT ACK with a
1345 * State Cookie. In the outbound INIT ACK the endpoint MUST copy its
1346 * current Verification Tag and peer's Verification Tag into a reserved
1347 * place within the state cookie. We shall refer to these locations as
1348 * the Peer's-Tie-Tag and the Local-Tie-Tag. The outbound SCTP packet
1349 * containing this INIT ACK MUST carry a Verification Tag value equal to
1350 * the Initiation Tag found in the unexpected INIT. And the INIT ACK
1351 * MUST contain a new Initiation Tag (randomly generated see Section
1352 * 5.3.1). Other parameters for the endpoint SHOULD be copied from the
1353 * existing parameters of the association (e.g. number of outbound
1354 * streams) into the INIT ACK and cookie.
1356 * After sending out the INIT ACK, the endpoint shall take no further
1357 * actions, i.e., the existing association, including its current state,
1358 * and the corresponding TCB MUST NOT be changed.
1360 * Note: Only when a TCB exists and the association is not in a COOKIE-
1361 * WAIT state are the Tie-Tags populated. For a normal association INIT
1362 * (i.e. the endpoint is in a COOKIE-WAIT state), the Tie-Tags MUST be
1363 * set to 0 (indicating that no previous TCB existed). The INIT ACK and
1364 * State Cookie are populated as specified in section 5.2.1.
1366 * Verification Tag: Not specified, but an INIT has no way of knowing
1367 * what the verification tag could be, so we ignore it.
1370 * (endpoint, asoc, chunk)
1373 * (asoc, reply_msg, msg_up, timers, counters)
1375 * The return value is the disposition of the chunk.
1377 sctp_disposition_t sctp_sf_do_5_2_2_dupinit(const struct sctp_endpoint *ep,
1378 const struct sctp_association *asoc,
1379 const sctp_subtype_t type,
1381 sctp_cmd_seq_t *commands)
1383 /* Call helper to do the real work for both simulataneous and
1384 * duplicate INIT chunk handling.
1386 return sctp_sf_do_unexpected_init(ep, asoc, type, arg, commands);
1391 /* Unexpected COOKIE-ECHO handler for peer restart (Table 2, action 'A')
1394 * A) In this case, the peer may have restarted.
1396 static sctp_disposition_t sctp_sf_do_dupcook_a(const struct sctp_endpoint *ep,
1397 const struct sctp_association *asoc,
1398 struct sctp_chunk *chunk,
1399 sctp_cmd_seq_t *commands,
1400 struct sctp_association *new_asoc)
1402 sctp_init_chunk_t *peer_init;
1403 struct sctp_ulpevent *ev;
1404 struct sctp_chunk *repl;
1405 struct sctp_chunk *err;
1406 sctp_disposition_t disposition;
1408 /* new_asoc is a brand-new association, so these are not yet
1409 * side effects--it is safe to run them here.
1411 peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
1413 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
1414 sctp_source(chunk), peer_init,
1418 /* Make sure no new addresses are being added during the
1419 * restart. Though this is a pretty complicated attack
1420 * since you'd have to get inside the cookie.
1422 if (!sctp_sf_check_restart_addrs(new_asoc, asoc, chunk, commands)) {
1423 return SCTP_DISPOSITION_CONSUME;
1426 /* If the endpoint is in the SHUTDOWN-ACK-SENT state and recognizes
1427 * the peer has restarted (Action A), it MUST NOT setup a new
1428 * association but instead resend the SHUTDOWN ACK and send an ERROR
1429 * chunk with a "Cookie Received while Shutting Down" error cause to
1432 if (sctp_state(asoc, SHUTDOWN_ACK_SENT)) {
1433 disposition = sctp_sf_do_9_2_reshutack(ep, asoc,
1434 SCTP_ST_CHUNK(chunk->chunk_hdr->type),
1436 if (SCTP_DISPOSITION_NOMEM == disposition)
1439 err = sctp_make_op_error(asoc, chunk,
1440 SCTP_ERROR_COOKIE_IN_SHUTDOWN,
1443 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
1446 return SCTP_DISPOSITION_CONSUME;
1449 /* For now, fail any unsent/unacked data. Consider the optional
1450 * choice of resending of this data.
1452 sctp_add_cmd_sf(commands, SCTP_CMD_PURGE_OUTQUEUE, SCTP_NULL());
1454 /* Update the content of current association. */
1455 sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc));
1457 repl = sctp_make_cookie_ack(new_asoc, chunk);
1461 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1463 /* Report association restart to upper layer. */
1464 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_RESTART, 0,
1465 new_asoc->c.sinit_num_ostreams,
1466 new_asoc->c.sinit_max_instreams,
1471 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
1472 return SCTP_DISPOSITION_CONSUME;
1475 sctp_chunk_free(repl);
1477 return SCTP_DISPOSITION_NOMEM;
1480 /* Unexpected COOKIE-ECHO handler for setup collision (Table 2, action 'B')
1483 * B) In this case, both sides may be attempting to start an association
1484 * at about the same time but the peer endpoint started its INIT
1485 * after responding to the local endpoint's INIT
1487 /* This case represents an initialization collision. */
1488 static sctp_disposition_t sctp_sf_do_dupcook_b(const struct sctp_endpoint *ep,
1489 const struct sctp_association *asoc,
1490 struct sctp_chunk *chunk,
1491 sctp_cmd_seq_t *commands,
1492 struct sctp_association *new_asoc)
1494 sctp_init_chunk_t *peer_init;
1495 struct sctp_ulpevent *ev;
1496 struct sctp_chunk *repl;
1498 /* new_asoc is a brand-new association, so these are not yet
1499 * side effects--it is safe to run them here.
1501 peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
1502 if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
1503 sctp_source(chunk), peer_init,
1507 /* Update the content of current association. */
1508 sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc));
1509 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
1510 SCTP_STATE(SCTP_STATE_ESTABLISHED));
1511 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
1512 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
1514 repl = sctp_make_cookie_ack(new_asoc, chunk);
1518 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1519 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
1521 /* RFC 2960 5.1 Normal Establishment of an Association
1523 * D) IMPLEMENTATION NOTE: An implementation may choose to
1524 * send the Communication Up notification to the SCTP user
1525 * upon reception of a valid COOKIE ECHO chunk.
1527 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_COMM_UP, 0,
1528 new_asoc->c.sinit_num_ostreams,
1529 new_asoc->c.sinit_max_instreams,
1534 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
1535 return SCTP_DISPOSITION_CONSUME;
1538 sctp_chunk_free(repl);
1540 return SCTP_DISPOSITION_NOMEM;
1543 /* Unexpected COOKIE-ECHO handler for setup collision (Table 2, action 'C')
1546 * C) In this case, the local endpoint's cookie has arrived late.
1547 * Before it arrived, the local endpoint sent an INIT and received an
1548 * INIT-ACK and finally sent a COOKIE ECHO with the peer's same tag
1549 * but a new tag of its own.
1551 /* This case represents an initialization collision. */
1552 static sctp_disposition_t sctp_sf_do_dupcook_c(const struct sctp_endpoint *ep,
1553 const struct sctp_association *asoc,
1554 struct sctp_chunk *chunk,
1555 sctp_cmd_seq_t *commands,
1556 struct sctp_association *new_asoc)
1558 /* The cookie should be silently discarded.
1559 * The endpoint SHOULD NOT change states and should leave
1560 * any timers running.
1562 return SCTP_DISPOSITION_DISCARD;
1565 /* Unexpected COOKIE-ECHO handler lost chunk (Table 2, action 'D')
1569 * D) When both local and remote tags match the endpoint should always
1570 * enter the ESTABLISHED state, if it has not already done so.
1572 /* This case represents an initialization collision. */
1573 static sctp_disposition_t sctp_sf_do_dupcook_d(const struct sctp_endpoint *ep,
1574 const struct sctp_association *asoc,
1575 struct sctp_chunk *chunk,
1576 sctp_cmd_seq_t *commands,
1577 struct sctp_association *new_asoc)
1579 struct sctp_ulpevent *ev = NULL;
1580 struct sctp_chunk *repl;
1582 /* Clarification from Implementor's Guide:
1583 * D) When both local and remote tags match the endpoint should
1584 * enter the ESTABLISHED state, if it is in the COOKIE-ECHOED state.
1585 * It should stop any cookie timer that may be running and send
1589 /* Don't accidentally move back into established state. */
1590 if (asoc->state < SCTP_STATE_ESTABLISHED) {
1591 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
1592 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
1593 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
1594 SCTP_STATE(SCTP_STATE_ESTABLISHED));
1595 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
1596 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START,
1599 /* RFC 2960 5.1 Normal Establishment of an Association
1601 * D) IMPLEMENTATION NOTE: An implementation may choose
1602 * to send the Communication Up notification to the
1603 * SCTP user upon reception of a valid COOKIE
1606 ev = sctp_ulpevent_make_assoc_change(new_asoc, 0,
1608 new_asoc->c.sinit_num_ostreams,
1609 new_asoc->c.sinit_max_instreams,
1613 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
1616 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
1618 repl = sctp_make_cookie_ack(new_asoc, chunk);
1622 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
1623 sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
1625 return SCTP_DISPOSITION_CONSUME;
1629 sctp_ulpevent_free(ev);
1630 return SCTP_DISPOSITION_NOMEM;
1634 * Handle a duplicate COOKIE-ECHO. This usually means a cookie-carrying
1635 * chunk was retransmitted and then delayed in the network.
1637 * Section: 5.2.4 Handle a COOKIE ECHO when a TCB exists
1639 * Verification Tag: None. Do cookie validation.
1642 * (endpoint, asoc, chunk)
1645 * (asoc, reply_msg, msg_up, timers, counters)
1647 * The return value is the disposition of the chunk.
1649 sctp_disposition_t sctp_sf_do_5_2_4_dupcook(const struct sctp_endpoint *ep,
1650 const struct sctp_association *asoc,
1651 const sctp_subtype_t type,
1653 sctp_cmd_seq_t *commands)
1655 sctp_disposition_t retval;
1656 struct sctp_chunk *chunk = arg;
1657 struct sctp_association *new_asoc;
1660 struct sctp_chunk *err_chk_p;
1662 /* "Decode" the chunk. We have no optional parameters so we
1663 * are in good shape.
1665 chunk->subh.cookie_hdr = (struct sctp_signed_cookie *)chunk->skb->data;
1666 skb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) -
1667 sizeof(sctp_chunkhdr_t));
1669 /* In RFC 2960 5.2.4 3, if both Verification Tags in the State Cookie
1670 * of a duplicate COOKIE ECHO match the Verification Tags of the
1671 * current association, consider the State Cookie valid even if
1672 * the lifespan is exceeded.
1674 new_asoc = sctp_unpack_cookie(ep, asoc, chunk, GFP_ATOMIC, &error,
1678 * If the re-build failed, what is the proper error path
1681 * [We should abort the association. --piggy]
1684 /* FIXME: Several errors are possible. A bad cookie should
1685 * be silently discarded, but think about logging it too.
1688 case -SCTP_IERROR_NOMEM:
1691 case -SCTP_IERROR_STALE_COOKIE:
1692 sctp_send_stale_cookie_err(ep, asoc, chunk, commands,
1694 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1695 case -SCTP_IERROR_BAD_SIG:
1697 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1701 /* Compare the tie_tag in cookie with the verification tag of
1702 * current association.
1704 action = sctp_tietags_compare(new_asoc, asoc);
1707 case 'A': /* Association restart. */
1708 retval = sctp_sf_do_dupcook_a(ep, asoc, chunk, commands,
1712 case 'B': /* Collision case B. */
1713 retval = sctp_sf_do_dupcook_b(ep, asoc, chunk, commands,
1717 case 'C': /* Collision case C. */
1718 retval = sctp_sf_do_dupcook_c(ep, asoc, chunk, commands,
1722 case 'D': /* Collision case D. */
1723 retval = sctp_sf_do_dupcook_d(ep, asoc, chunk, commands,
1727 default: /* Discard packet for all others. */
1728 retval = sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1732 /* Delete the tempory new association. */
1733 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
1734 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
1739 return SCTP_DISPOSITION_NOMEM;
1743 * Process an ABORT. (SHUTDOWN-PENDING state)
1745 * See sctp_sf_do_9_1_abort().
1747 sctp_disposition_t sctp_sf_shutdown_pending_abort(
1748 const struct sctp_endpoint *ep,
1749 const struct sctp_association *asoc,
1750 const sctp_subtype_t type,
1752 sctp_cmd_seq_t *commands)
1754 struct sctp_chunk *chunk = arg;
1756 if (!sctp_vtag_verify_either(chunk, asoc))
1757 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1759 /* Stop the T5-shutdown guard timer. */
1760 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
1761 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
1763 return sctp_sf_do_9_1_abort(ep, asoc, type, arg, commands);
1767 * Process an ABORT. (SHUTDOWN-SENT state)
1769 * See sctp_sf_do_9_1_abort().
1771 sctp_disposition_t sctp_sf_shutdown_sent_abort(const struct sctp_endpoint *ep,
1772 const struct sctp_association *asoc,
1773 const sctp_subtype_t type,
1775 sctp_cmd_seq_t *commands)
1777 struct sctp_chunk *chunk = arg;
1779 if (!sctp_vtag_verify_either(chunk, asoc))
1780 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1782 /* Stop the T2-shutdown timer. */
1783 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
1784 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
1786 /* Stop the T5-shutdown guard timer. */
1787 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
1788 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
1790 return sctp_sf_do_9_1_abort(ep, asoc, type, arg, commands);
1794 * Process an ABORT. (SHUTDOWN-ACK-SENT state)
1796 * See sctp_sf_do_9_1_abort().
1798 sctp_disposition_t sctp_sf_shutdown_ack_sent_abort(
1799 const struct sctp_endpoint *ep,
1800 const struct sctp_association *asoc,
1801 const sctp_subtype_t type,
1803 sctp_cmd_seq_t *commands)
1805 /* The same T2 timer, so we should be able to use
1806 * common function with the SHUTDOWN-SENT state.
1808 return sctp_sf_shutdown_sent_abort(ep, asoc, type, arg, commands);
1812 * Handle an Error received in COOKIE_ECHOED state.
1814 * Only handle the error type of stale COOKIE Error, the other errors will
1818 * (endpoint, asoc, chunk)
1821 * (asoc, reply_msg, msg_up, timers, counters)
1823 * The return value is the disposition of the chunk.
1825 sctp_disposition_t sctp_sf_cookie_echoed_err(const struct sctp_endpoint *ep,
1826 const struct sctp_association *asoc,
1827 const sctp_subtype_t type,
1829 sctp_cmd_seq_t *commands)
1831 struct sctp_chunk *chunk = arg;
1834 /* Process the error here */
1835 /* FUTURE FIXME: When PR-SCTP related and other optional
1836 * parms are emitted, this will have to change to handle multiple
1839 sctp_walk_errors(err, chunk->chunk_hdr) {
1840 if (SCTP_ERROR_STALE_COOKIE == err->cause)
1841 return sctp_sf_do_5_2_6_stale(ep, asoc, type,
1844 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
1848 * Handle a Stale COOKIE Error
1850 * Section: 5.2.6 Handle Stale COOKIE Error
1851 * If the association is in the COOKIE-ECHOED state, the endpoint may elect
1852 * one of the following three alternatives.
1854 * 3) Send a new INIT chunk to the endpoint, adding a Cookie
1855 * Preservative parameter requesting an extension to the lifetime of
1856 * the State Cookie. When calculating the time extension, an
1857 * implementation SHOULD use the RTT information measured based on the
1858 * previous COOKIE ECHO / ERROR exchange, and should add no more
1859 * than 1 second beyond the measured RTT, due to long State Cookie
1860 * lifetimes making the endpoint more subject to a replay attack.
1862 * Verification Tag: Not explicit, but safe to ignore.
1865 * (endpoint, asoc, chunk)
1868 * (asoc, reply_msg, msg_up, timers, counters)
1870 * The return value is the disposition of the chunk.
1872 sctp_disposition_t sctp_sf_do_5_2_6_stale(const struct sctp_endpoint *ep,
1873 const struct sctp_association *asoc,
1874 const sctp_subtype_t type,
1876 sctp_cmd_seq_t *commands)
1878 struct sctp_chunk *chunk = arg;
1880 sctp_cookie_preserve_param_t bht;
1882 struct sctp_chunk *reply;
1883 struct sctp_bind_addr *bp;
1886 attempts = asoc->counters[SCTP_COUNTER_INIT_ERROR] + 1;
1888 if (attempts >= asoc->max_init_attempts) {
1889 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
1890 SCTP_U32(SCTP_ERROR_STALE_COOKIE));
1891 return SCTP_DISPOSITION_DELETE_TCB;
1894 err = (sctp_errhdr_t *)(chunk->skb->data);
1896 /* When calculating the time extension, an implementation
1897 * SHOULD use the RTT information measured based on the
1898 * previous COOKIE ECHO / ERROR exchange, and should add no
1899 * more than 1 second beyond the measured RTT, due to long
1900 * State Cookie lifetimes making the endpoint more subject to
1902 * Measure of Staleness's unit is usec. (1/1000000 sec)
1903 * Suggested Cookie Life-span Increment's unit is msec.
1905 * In general, if you use the suggested cookie life, the value
1906 * found in the field of measure of staleness should be doubled
1907 * to give ample time to retransmit the new cookie and thus
1908 * yield a higher probability of success on the reattempt.
1910 stale = ntohl(*(suseconds_t *)((u8 *)err + sizeof(sctp_errhdr_t)));
1911 stale = (stale * 2) / 1000;
1913 bht.param_hdr.type = SCTP_PARAM_COOKIE_PRESERVATIVE;
1914 bht.param_hdr.length = htons(sizeof(bht));
1915 bht.lifespan_increment = htonl(stale);
1917 /* Build that new INIT chunk. */
1918 bp = (struct sctp_bind_addr *) &asoc->base.bind_addr;
1919 reply = sctp_make_init(asoc, bp, GFP_ATOMIC, sizeof(bht));
1923 sctp_addto_chunk(reply, sizeof(bht), &bht);
1925 /* Clear peer's init_tag cached in assoc as we are sending a new INIT */
1926 sctp_add_cmd_sf(commands, SCTP_CMD_CLEAR_INIT_TAG, SCTP_NULL());
1928 /* Stop pending T3-rtx and heartbeat timers */
1929 sctp_add_cmd_sf(commands, SCTP_CMD_T3_RTX_TIMERS_STOP, SCTP_NULL());
1930 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_STOP, SCTP_NULL());
1932 /* Delete non-primary peer ip addresses since we are transitioning
1933 * back to the COOKIE-WAIT state
1935 sctp_add_cmd_sf(commands, SCTP_CMD_DEL_NON_PRIMARY, SCTP_NULL());
1937 /* If we've sent any data bundled with COOKIE-ECHO we will need to
1940 sctp_add_cmd_sf(commands, SCTP_CMD_RETRAN,
1941 SCTP_TRANSPORT(asoc->peer.primary_path));
1943 /* Cast away the const modifier, as we want to just
1944 * rerun it through as a sideffect.
1946 sctp_add_cmd_sf(commands, SCTP_CMD_COUNTER_INC,
1947 SCTP_COUNTER(SCTP_COUNTER_INIT_ERROR));
1949 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
1950 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
1951 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
1952 SCTP_STATE(SCTP_STATE_COOKIE_WAIT));
1953 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
1954 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
1956 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
1958 return SCTP_DISPOSITION_CONSUME;
1961 return SCTP_DISPOSITION_NOMEM;
1968 * After checking the Verification Tag, the receiving endpoint shall
1969 * remove the association from its record, and shall report the
1970 * termination to its upper layer.
1972 * Verification Tag: 8.5.1 Exceptions in Verification Tag Rules
1973 * B) Rules for packet carrying ABORT:
1975 * - The endpoint shall always fill in the Verification Tag field of the
1976 * outbound packet with the destination endpoint's tag value if it
1979 * - If the ABORT is sent in response to an OOTB packet, the endpoint
1980 * MUST follow the procedure described in Section 8.4.
1982 * - The receiver MUST accept the packet if the Verification Tag
1983 * matches either its own tag, OR the tag of its peer. Otherwise, the
1984 * receiver MUST silently discard the packet and take no further
1988 * (endpoint, asoc, chunk)
1991 * (asoc, reply_msg, msg_up, timers, counters)
1993 * The return value is the disposition of the chunk.
1995 sctp_disposition_t sctp_sf_do_9_1_abort(const struct sctp_endpoint *ep,
1996 const struct sctp_association *asoc,
1997 const sctp_subtype_t type,
1999 sctp_cmd_seq_t *commands)
2001 struct sctp_chunk *chunk = arg;
2003 __u16 error = SCTP_ERROR_NO_ERROR;
2005 if (!sctp_vtag_verify_either(chunk, asoc))
2006 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2008 /* Check that chunk header looks valid. */
2009 len = ntohs(chunk->chunk_hdr->length);
2010 if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr))
2011 error = ((sctp_errhdr_t *)chunk->skb->data)->cause;
2014 /* ASSOC_FAILED will DELETE_TCB. */
2015 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_U32(error));
2016 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
2017 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
2019 return SCTP_DISPOSITION_ABORT;
2023 * Process an ABORT. (COOKIE-WAIT state)
2025 * See sctp_sf_do_9_1_abort() above.
2027 sctp_disposition_t sctp_sf_cookie_wait_abort(const struct sctp_endpoint *ep,
2028 const struct sctp_association *asoc,
2029 const sctp_subtype_t type,
2031 sctp_cmd_seq_t *commands)
2033 struct sctp_chunk *chunk = arg;
2035 __u16 error = SCTP_ERROR_NO_ERROR;
2037 if (!sctp_vtag_verify_either(chunk, asoc))
2038 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2040 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
2041 SCTP_STATE(SCTP_STATE_CLOSED));
2042 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
2043 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2044 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
2046 /* Check that chunk header looks valid. */
2047 len = ntohs(chunk->chunk_hdr->length);
2048 if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr))
2049 error = ((sctp_errhdr_t *)chunk->skb->data)->cause;
2051 /* CMD_INIT_FAILED will DELETE_TCB. */
2052 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED, SCTP_U32(error));
2054 return SCTP_DISPOSITION_ABORT;
2058 * Process an ABORT. (COOKIE-ECHOED state)
2060 * See sctp_sf_do_9_1_abort() above.
2062 sctp_disposition_t sctp_sf_cookie_echoed_abort(const struct sctp_endpoint *ep,
2063 const struct sctp_association *asoc,
2064 const sctp_subtype_t type,
2066 sctp_cmd_seq_t *commands)
2068 /* There is a single T1 timer, so we should be able to use
2069 * common function with the COOKIE-WAIT state.
2071 return sctp_sf_cookie_wait_abort(ep, asoc, type, arg, commands);
2075 * sctp_sf_do_9_2_shut
2078 * Upon the reception of the SHUTDOWN, the peer endpoint shall
2079 * - enter the SHUTDOWN-RECEIVED state,
2081 * - stop accepting new data from its SCTP user
2083 * - verify, by checking the Cumulative TSN Ack field of the chunk,
2084 * that all its outstanding DATA chunks have been received by the
2087 * Once an endpoint as reached the SHUTDOWN-RECEIVED state it MUST NOT
2088 * send a SHUTDOWN in response to a ULP request. And should discard
2089 * subsequent SHUTDOWN chunks.
2091 * If there are still outstanding DATA chunks left, the SHUTDOWN
2092 * receiver shall continue to follow normal data transmission
2093 * procedures defined in Section 6 until all outstanding DATA chunks
2094 * are acknowledged; however, the SHUTDOWN receiver MUST NOT accept
2095 * new data from its SCTP user.
2097 * Verification Tag: 8.5 Verification Tag [Normal verification]
2100 * (endpoint, asoc, chunk)
2103 * (asoc, reply_msg, msg_up, timers, counters)
2105 * The return value is the disposition of the chunk.
2107 sctp_disposition_t sctp_sf_do_9_2_shutdown(const struct sctp_endpoint *ep,
2108 const struct sctp_association *asoc,
2109 const sctp_subtype_t type,
2111 sctp_cmd_seq_t *commands)
2113 struct sctp_chunk *chunk = arg;
2114 sctp_shutdownhdr_t *sdh;
2115 sctp_disposition_t disposition;
2116 struct sctp_ulpevent *ev;
2118 /* Convert the elaborate header. */
2119 sdh = (sctp_shutdownhdr_t *)chunk->skb->data;
2120 skb_pull(chunk->skb, sizeof(sctp_shutdownhdr_t));
2121 chunk->subh.shutdown_hdr = sdh;
2123 if (!sctp_vtag_verify(chunk, asoc))
2124 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2126 /* Upon the reception of the SHUTDOWN, the peer endpoint shall
2127 * - enter the SHUTDOWN-RECEIVED state,
2128 * - stop accepting new data from its SCTP user
2130 * [This is implicit in the new state.]
2132 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
2133 SCTP_STATE(SCTP_STATE_SHUTDOWN_RECEIVED));
2134 disposition = SCTP_DISPOSITION_CONSUME;
2136 if (sctp_outq_is_empty(&asoc->outqueue)) {
2137 disposition = sctp_sf_do_9_2_shutdown_ack(ep, asoc, type,
2141 if (SCTP_DISPOSITION_NOMEM == disposition)
2144 /* - verify, by checking the Cumulative TSN Ack field of the
2145 * chunk, that all its outstanding DATA chunks have been
2146 * received by the SHUTDOWN sender.
2148 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_CTSN,
2149 SCTP_U32(chunk->subh.shutdown_hdr->cum_tsn_ack));
2151 /* API 5.3.1.5 SCTP_SHUTDOWN_EVENT
2152 * When a peer sends a SHUTDOWN, SCTP delivers this notification to
2153 * inform the application that it should cease sending data.
2155 ev = sctp_ulpevent_make_shutdown_event(asoc, 0, GFP_ATOMIC);
2157 disposition = SCTP_DISPOSITION_NOMEM;
2160 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
2167 * If an endpoint is in SHUTDOWN-ACK-SENT state and receives an INIT chunk
2168 * (e.g., if the SHUTDOWN COMPLETE was lost) with source and destination
2169 * transport addresses (either in the IP addresses or in the INIT chunk)
2170 * that belong to this association, it should discard the INIT chunk and
2171 * retransmit the SHUTDOWN ACK chunk.
2173 sctp_disposition_t sctp_sf_do_9_2_reshutack(const struct sctp_endpoint *ep,
2174 const struct sctp_association *asoc,
2175 const sctp_subtype_t type,
2177 sctp_cmd_seq_t *commands)
2179 struct sctp_chunk *chunk = (struct sctp_chunk *) arg;
2180 struct sctp_chunk *reply;
2182 reply = sctp_make_shutdown_ack(asoc, chunk);
2186 /* Set the transport for the SHUTDOWN ACK chunk and the timeout for
2187 * the T2-SHUTDOWN timer.
2189 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
2191 /* and restart the T2-shutdown timer. */
2192 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2193 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
2195 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
2197 return SCTP_DISPOSITION_CONSUME;
2199 return SCTP_DISPOSITION_NOMEM;
2203 * sctp_sf_do_ecn_cwr
2205 * Section: Appendix A: Explicit Congestion Notification
2209 * RFC 2481 details a specific bit for a sender to send in the header of
2210 * its next outbound TCP segment to indicate to its peer that it has
2211 * reduced its congestion window. This is termed the CWR bit. For
2212 * SCTP the same indication is made by including the CWR chunk.
2213 * This chunk contains one data element, i.e. the TSN number that
2214 * was sent in the ECNE chunk. This element represents the lowest
2215 * TSN number in the datagram that was originally marked with the
2218 * Verification Tag: 8.5 Verification Tag [Normal verification]
2220 * (endpoint, asoc, chunk)
2223 * (asoc, reply_msg, msg_up, timers, counters)
2225 * The return value is the disposition of the chunk.
2227 sctp_disposition_t sctp_sf_do_ecn_cwr(const struct sctp_endpoint *ep,
2228 const struct sctp_association *asoc,
2229 const sctp_subtype_t type,
2231 sctp_cmd_seq_t *commands)
2234 struct sctp_chunk *chunk = arg;
2236 if (!sctp_vtag_verify(chunk, asoc))
2237 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2239 cwr = (sctp_cwrhdr_t *) chunk->skb->data;
2240 skb_pull(chunk->skb, sizeof(sctp_cwrhdr_t));
2242 cwr->lowest_tsn = ntohl(cwr->lowest_tsn);
2244 /* Does this CWR ack the last sent congestion notification? */
2245 if (TSN_lte(asoc->last_ecne_tsn, cwr->lowest_tsn)) {
2246 /* Stop sending ECNE. */
2247 sctp_add_cmd_sf(commands,
2249 SCTP_U32(cwr->lowest_tsn));
2251 return SCTP_DISPOSITION_CONSUME;
2257 * Section: Appendix A: Explicit Congestion Notification
2261 * RFC 2481 details a specific bit for a receiver to send back in its
2262 * TCP acknowledgements to notify the sender of the Congestion
2263 * Experienced (CE) bit having arrived from the network. For SCTP this
2264 * same indication is made by including the ECNE chunk. This chunk
2265 * contains one data element, i.e. the lowest TSN associated with the IP
2266 * datagram marked with the CE bit.....
2268 * Verification Tag: 8.5 Verification Tag [Normal verification]
2270 * (endpoint, asoc, chunk)
2273 * (asoc, reply_msg, msg_up, timers, counters)
2275 * The return value is the disposition of the chunk.
2277 sctp_disposition_t sctp_sf_do_ecne(const struct sctp_endpoint *ep,
2278 const struct sctp_association *asoc,
2279 const sctp_subtype_t type,
2281 sctp_cmd_seq_t *commands)
2283 sctp_ecnehdr_t *ecne;
2284 struct sctp_chunk *chunk = arg;
2286 if (!sctp_vtag_verify(chunk, asoc))
2287 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2289 ecne = (sctp_ecnehdr_t *) chunk->skb->data;
2290 skb_pull(chunk->skb, sizeof(sctp_ecnehdr_t));
2292 /* If this is a newer ECNE than the last CWR packet we sent out */
2293 sctp_add_cmd_sf(commands, SCTP_CMD_ECN_ECNE,
2294 SCTP_U32(ntohl(ecne->lowest_tsn)));
2296 return SCTP_DISPOSITION_CONSUME;
2300 * Section: 6.2 Acknowledgement on Reception of DATA Chunks
2302 * The SCTP endpoint MUST always acknowledge the reception of each valid
2305 * The guidelines on delayed acknowledgement algorithm specified in
2306 * Section 4.2 of [RFC2581] SHOULD be followed. Specifically, an
2307 * acknowledgement SHOULD be generated for at least every second packet
2308 * (not every second DATA chunk) received, and SHOULD be generated within
2309 * 200 ms of the arrival of any unacknowledged DATA chunk. In some
2310 * situations it may be beneficial for an SCTP transmitter to be more
2311 * conservative than the algorithms detailed in this document allow.
2312 * However, an SCTP transmitter MUST NOT be more aggressive than the
2313 * following algorithms allow.
2315 * A SCTP receiver MUST NOT generate more than one SACK for every
2316 * incoming packet, other than to update the offered window as the
2317 * receiving application consumes new data.
2319 * Verification Tag: 8.5 Verification Tag [Normal verification]
2322 * (endpoint, asoc, chunk)
2325 * (asoc, reply_msg, msg_up, timers, counters)
2327 * The return value is the disposition of the chunk.
2329 sctp_disposition_t sctp_sf_eat_data_6_2(const struct sctp_endpoint *ep,
2330 const struct sctp_association *asoc,
2331 const sctp_subtype_t type,
2333 sctp_cmd_seq_t *commands)
2335 struct sctp_chunk *chunk = arg;
2338 if (!sctp_vtag_verify(chunk, asoc)) {
2339 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
2341 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2344 error = sctp_eat_data(asoc, chunk, commands );
2346 case SCTP_IERROR_NO_ERROR:
2348 case SCTP_IERROR_HIGH_TSN:
2349 case SCTP_IERROR_BAD_STREAM:
2350 goto discard_noforce;
2351 case SCTP_IERROR_DUP_TSN:
2352 case SCTP_IERROR_IGNORE_TSN:
2354 case SCTP_IERROR_NO_DATA:
2360 if (asoc->autoclose) {
2361 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2362 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
2365 /* If this is the last chunk in a packet, we need to count it
2366 * toward sack generation. Note that we need to SACK every
2367 * OTHER packet containing data chunks, EVEN IF WE DISCARD
2368 * THEM. We elect to NOT generate SACK's if the chunk fails
2369 * the verification tag test.
2371 * RFC 2960 6.2 Acknowledgement on Reception of DATA Chunks
2373 * The SCTP endpoint MUST always acknowledge the reception of
2374 * each valid DATA chunk.
2376 * The guidelines on delayed acknowledgement algorithm
2377 * specified in Section 4.2 of [RFC2581] SHOULD be followed.
2378 * Specifically, an acknowledgement SHOULD be generated for at
2379 * least every second packet (not every second DATA chunk)
2380 * received, and SHOULD be generated within 200 ms of the
2381 * arrival of any unacknowledged DATA chunk. In some
2382 * situations it may be beneficial for an SCTP transmitter to
2383 * be more conservative than the algorithms detailed in this
2384 * document allow. However, an SCTP transmitter MUST NOT be
2385 * more aggressive than the following algorithms allow.
2387 if (chunk->end_of_packet) {
2388 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_NOFORCE());
2390 /* Start the SACK timer. */
2391 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2392 SCTP_TO(SCTP_EVENT_TIMEOUT_SACK));
2395 return SCTP_DISPOSITION_CONSUME;
2398 /* RFC 2960 6.2 Acknowledgement on Reception of DATA Chunks
2400 * When a packet arrives with duplicate DATA chunk(s) and with
2401 * no new DATA chunk(s), the endpoint MUST immediately send a
2402 * SACK with no delay. If a packet arrives with duplicate
2403 * DATA chunk(s) bundled with new DATA chunks, the endpoint
2404 * MAY immediately send a SACK. Normally receipt of duplicate
2405 * DATA chunks will occur when the original SACK chunk was lost
2406 * and the peer's RTO has expired. The duplicate TSN number(s)
2407 * SHOULD be reported in the SACK as duplicate.
2409 /* In our case, we split the MAY SACK advice up whether or not
2410 * the last chunk is a duplicate.'
2412 if (chunk->end_of_packet)
2413 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
2414 return SCTP_DISPOSITION_DISCARD;
2417 if (chunk->end_of_packet) {
2418 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_NOFORCE());
2420 /* Start the SACK timer. */
2421 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2422 SCTP_TO(SCTP_EVENT_TIMEOUT_SACK));
2424 return SCTP_DISPOSITION_DISCARD;
2426 return SCTP_DISPOSITION_CONSUME;
2431 * sctp_sf_eat_data_fast_4_4
2434 * (4) In SHUTDOWN-SENT state the endpoint MUST acknowledge any received
2435 * DATA chunks without delay.
2437 * Verification Tag: 8.5 Verification Tag [Normal verification]
2439 * (endpoint, asoc, chunk)
2442 * (asoc, reply_msg, msg_up, timers, counters)
2444 * The return value is the disposition of the chunk.
2446 sctp_disposition_t sctp_sf_eat_data_fast_4_4(const struct sctp_endpoint *ep,
2447 const struct sctp_association *asoc,
2448 const sctp_subtype_t type,
2450 sctp_cmd_seq_t *commands)
2452 struct sctp_chunk *chunk = arg;
2455 if (!sctp_vtag_verify(chunk, asoc)) {
2456 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
2458 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2461 error = sctp_eat_data(asoc, chunk, commands );
2463 case SCTP_IERROR_NO_ERROR:
2464 case SCTP_IERROR_HIGH_TSN:
2465 case SCTP_IERROR_DUP_TSN:
2466 case SCTP_IERROR_IGNORE_TSN:
2467 case SCTP_IERROR_BAD_STREAM:
2469 case SCTP_IERROR_NO_DATA:
2475 /* Go a head and force a SACK, since we are shutting down. */
2477 /* Implementor's Guide.
2479 * While in SHUTDOWN-SENT state, the SHUTDOWN sender MUST immediately
2480 * respond to each received packet containing one or more DATA chunk(s)
2481 * with a SACK, a SHUTDOWN chunk, and restart the T2-shutdown timer
2483 if (chunk->end_of_packet) {
2484 /* We must delay the chunk creation since the cumulative
2485 * TSN has not been updated yet.
2487 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SHUTDOWN, SCTP_NULL());
2488 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
2489 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
2490 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
2494 return SCTP_DISPOSITION_CONSUME;
2498 * Section: 6.2 Processing a Received SACK
2499 * D) Any time a SACK arrives, the endpoint performs the following:
2501 * i) If Cumulative TSN Ack is less than the Cumulative TSN Ack Point,
2502 * then drop the SACK. Since Cumulative TSN Ack is monotonically
2503 * increasing, a SACK whose Cumulative TSN Ack is less than the
2504 * Cumulative TSN Ack Point indicates an out-of-order SACK.
2506 * ii) Set rwnd equal to the newly received a_rwnd minus the number
2507 * of bytes still outstanding after processing the Cumulative TSN Ack
2508 * and the Gap Ack Blocks.
2510 * iii) If the SACK is missing a TSN that was previously
2511 * acknowledged via a Gap Ack Block (e.g., the data receiver
2512 * reneged on the data), then mark the corresponding DATA chunk
2513 * as available for retransmit: Mark it as missing for fast
2514 * retransmit as described in Section 7.2.4 and if no retransmit
2515 * timer is running for the destination address to which the DATA
2516 * chunk was originally transmitted, then T3-rtx is started for
2517 * that destination address.
2519 * Verification Tag: 8.5 Verification Tag [Normal verification]
2522 * (endpoint, asoc, chunk)
2525 * (asoc, reply_msg, msg_up, timers, counters)
2527 * The return value is the disposition of the chunk.
2529 sctp_disposition_t sctp_sf_eat_sack_6_2(const struct sctp_endpoint *ep,
2530 const struct sctp_association *asoc,
2531 const sctp_subtype_t type,
2533 sctp_cmd_seq_t *commands)
2535 struct sctp_chunk *chunk = arg;
2536 sctp_sackhdr_t *sackh;
2539 if (!sctp_vtag_verify(chunk, asoc))
2540 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2542 /* Pull the SACK chunk from the data buffer */
2543 sackh = sctp_sm_pull_sack(chunk);
2544 /* Was this a bogus SACK? */
2546 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2547 chunk->subh.sack_hdr = sackh;
2548 ctsn = ntohl(sackh->cum_tsn_ack);
2550 /* i) If Cumulative TSN Ack is less than the Cumulative TSN
2551 * Ack Point, then drop the SACK. Since Cumulative TSN
2552 * Ack is monotonically increasing, a SACK whose
2553 * Cumulative TSN Ack is less than the Cumulative TSN Ack
2554 * Point indicates an out-of-order SACK.
2556 if (TSN_lt(ctsn, asoc->ctsn_ack_point)) {
2557 SCTP_DEBUG_PRINTK("ctsn %x\n", ctsn);
2558 SCTP_DEBUG_PRINTK("ctsn_ack_point %x\n", asoc->ctsn_ack_point);
2559 return SCTP_DISPOSITION_DISCARD;
2562 /* Return this SACK for further processing. */
2563 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_SACK, SCTP_SACKH(sackh));
2565 /* Note: We do the rest of the work on the PROCESS_SACK
2568 return SCTP_DISPOSITION_CONSUME;
2572 * Generate an ABORT in response to a packet.
2574 * Section: 8.4 Handle "Out of the blue" Packets
2576 * 8) The receiver should respond to the sender of the OOTB packet
2577 * with an ABORT. When sending the ABORT, the receiver of the
2578 * OOTB packet MUST fill in the Verification Tag field of the
2579 * outbound packet with the value found in the Verification Tag
2580 * field of the OOTB packet and set the T-bit in the Chunk Flags
2581 * to indicate that no TCB was found. After sending this ABORT,
2582 * the receiver of the OOTB packet shall discard the OOTB packet
2583 * and take no further action.
2587 * The return value is the disposition of the chunk.
2589 sctp_disposition_t sctp_sf_tabort_8_4_8(const struct sctp_endpoint *ep,
2590 const struct sctp_association *asoc,
2591 const sctp_subtype_t type,
2593 sctp_cmd_seq_t *commands)
2595 struct sctp_packet *packet = NULL;
2596 struct sctp_chunk *chunk = arg;
2597 struct sctp_chunk *abort;
2599 packet = sctp_ootb_pkt_new(asoc, chunk);
2602 /* Make an ABORT. The T bit will be set if the asoc
2605 abort = sctp_make_abort(asoc, chunk, 0);
2607 sctp_ootb_pkt_free(packet);
2608 return SCTP_DISPOSITION_NOMEM;
2611 /* Set the skb to the belonging sock for accounting. */
2612 abort->skb->sk = ep->base.sk;
2614 sctp_packet_append_chunk(packet, abort);
2616 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
2617 SCTP_PACKET(packet));
2619 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
2621 return SCTP_DISPOSITION_CONSUME;
2624 return SCTP_DISPOSITION_NOMEM;
2628 * Received an ERROR chunk from peer. Generate SCTP_REMOTE_ERROR
2629 * event as ULP notification for each cause included in the chunk.
2631 * API 5.3.1.3 - SCTP_REMOTE_ERROR
2633 * The return value is the disposition of the chunk.
2635 sctp_disposition_t sctp_sf_operr_notify(const struct sctp_endpoint *ep,
2636 const struct sctp_association *asoc,
2637 const sctp_subtype_t type,
2639 sctp_cmd_seq_t *commands)
2641 struct sctp_chunk *chunk = arg;
2642 struct sctp_ulpevent *ev;
2644 while (chunk->chunk_end > chunk->skb->data) {
2645 ev = sctp_ulpevent_make_remote_error(asoc, chunk, 0,
2650 if (!sctp_add_cmd(commands, SCTP_CMD_EVENT_ULP,
2651 SCTP_ULPEVENT(ev))) {
2652 sctp_ulpevent_free(ev);
2656 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_OPERR,
2659 return SCTP_DISPOSITION_CONSUME;
2662 return SCTP_DISPOSITION_NOMEM;
2666 * Process an inbound SHUTDOWN ACK.
2669 * Upon the receipt of the SHUTDOWN ACK, the SHUTDOWN sender shall
2670 * stop the T2-shutdown timer, send a SHUTDOWN COMPLETE chunk to its
2671 * peer, and remove all record of the association.
2673 * The return value is the disposition.
2675 sctp_disposition_t sctp_sf_do_9_2_final(const struct sctp_endpoint *ep,
2676 const struct sctp_association *asoc,
2677 const sctp_subtype_t type,
2679 sctp_cmd_seq_t *commands)
2681 struct sctp_chunk *chunk = arg;
2682 struct sctp_chunk *reply;
2683 struct sctp_ulpevent *ev;
2685 if (!sctp_vtag_verify(chunk, asoc))
2686 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2688 /* 10.2 H) SHUTDOWN COMPLETE notification
2690 * When SCTP completes the shutdown procedures (section 9.2) this
2691 * notification is passed to the upper layer.
2693 ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_SHUTDOWN_COMP,
2694 0, 0, 0, GFP_ATOMIC);
2698 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
2700 /* Upon the receipt of the SHUTDOWN ACK, the SHUTDOWN sender shall
2701 * stop the T2-shutdown timer,
2703 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2704 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
2706 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2707 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
2709 /* ...send a SHUTDOWN COMPLETE chunk to its peer, */
2710 reply = sctp_make_shutdown_complete(asoc, chunk);
2714 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
2715 SCTP_STATE(SCTP_STATE_CLOSED));
2716 SCTP_INC_STATS(SCTP_MIB_SHUTDOWNS);
2717 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
2718 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
2720 /* ...and remove all record of the association. */
2721 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
2722 return SCTP_DISPOSITION_DELETE_TCB;
2725 return SCTP_DISPOSITION_NOMEM;
2729 * RFC 2960, 8.4 - Handle "Out of the blue" Packets
2730 * 5) If the packet contains a SHUTDOWN ACK chunk, the receiver should
2731 * respond to the sender of the OOTB packet with a SHUTDOWN COMPLETE.
2732 * When sending the SHUTDOWN COMPLETE, the receiver of the OOTB
2733 * packet must fill in the Verification Tag field of the outbound
2734 * packet with the Verification Tag received in the SHUTDOWN ACK and
2735 * set the T-bit in the Chunk Flags to indicate that no TCB was
2738 * 8) The receiver should respond to the sender of the OOTB packet with
2739 * an ABORT. When sending the ABORT, the receiver of the OOTB packet
2740 * MUST fill in the Verification Tag field of the outbound packet
2741 * with the value found in the Verification Tag field of the OOTB
2742 * packet and set the T-bit in the Chunk Flags to indicate that no
2743 * TCB was found. After sending this ABORT, the receiver of the OOTB
2744 * packet shall discard the OOTB packet and take no further action.
2746 sctp_disposition_t sctp_sf_ootb(const struct sctp_endpoint *ep,
2747 const struct sctp_association *asoc,
2748 const sctp_subtype_t type,
2750 sctp_cmd_seq_t *commands)
2752 struct sctp_chunk *chunk = arg;
2753 struct sk_buff *skb = chunk->skb;
2754 sctp_chunkhdr_t *ch;
2756 int ootb_shut_ack = 0;
2758 SCTP_INC_STATS(SCTP_MIB_OUTOFBLUES);
2760 ch = (sctp_chunkhdr_t *) chunk->chunk_hdr;
2762 ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length));
2764 if (SCTP_CID_SHUTDOWN_ACK == ch->type)
2767 ch = (sctp_chunkhdr_t *) ch_end;
2768 } while (ch_end < skb->tail);
2771 sctp_sf_shut_8_4_5(ep, asoc, type, arg, commands);
2773 sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
2775 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2779 * Handle an "Out of the blue" SHUTDOWN ACK.
2782 * 5) If the packet contains a SHUTDOWN ACK chunk, the receiver should
2783 * respond to the sender of the OOTB packet with a SHUTDOWN COMPLETE.
2784 * When sending the SHUTDOWN COMPLETE, the receiver of the OOTB packet
2785 * must fill in the Verification Tag field of the outbound packet with
2786 * the Verification Tag received in the SHUTDOWN ACK and set the
2787 * T-bit in the Chunk Flags to indicate that no TCB was found.
2790 * (endpoint, asoc, type, arg, commands)
2793 * (sctp_disposition_t)
2795 * The return value is the disposition of the chunk.
2797 sctp_disposition_t sctp_sf_shut_8_4_5(const struct sctp_endpoint *ep,
2798 const struct sctp_association *asoc,
2799 const sctp_subtype_t type,
2801 sctp_cmd_seq_t *commands)
2803 struct sctp_packet *packet = NULL;
2804 struct sctp_chunk *chunk = arg;
2805 struct sctp_chunk *shut;
2807 packet = sctp_ootb_pkt_new(asoc, chunk);
2810 /* Make an SHUTDOWN_COMPLETE.
2811 * The T bit will be set if the asoc is NULL.
2813 shut = sctp_make_shutdown_complete(asoc, chunk);
2815 sctp_ootb_pkt_free(packet);
2816 return SCTP_DISPOSITION_NOMEM;
2819 /* Set the skb to the belonging sock for accounting. */
2820 shut->skb->sk = ep->base.sk;
2822 sctp_packet_append_chunk(packet, shut);
2824 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
2825 SCTP_PACKET(packet));
2827 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
2829 return SCTP_DISPOSITION_CONSUME;
2832 return SCTP_DISPOSITION_NOMEM;
2836 * Handle SHUTDOWN ACK in COOKIE_ECHOED or COOKIE_WAIT state.
2838 * Verification Tag: 8.5.1 E) Rules for packet carrying a SHUTDOWN ACK
2839 * If the receiver is in COOKIE-ECHOED or COOKIE-WAIT state the
2840 * procedures in section 8.4 SHOULD be followed, in other words it
2841 * should be treated as an Out Of The Blue packet.
2842 * [This means that we do NOT check the Verification Tag on these
2846 sctp_disposition_t sctp_sf_do_8_5_1_E_sa(const struct sctp_endpoint *ep,
2847 const struct sctp_association *asoc,
2848 const sctp_subtype_t type,
2850 sctp_cmd_seq_t *commands)
2852 /* Although we do have an association in this case, it corresponds
2853 * to a restarted association. So the packet is treated as an OOTB
2854 * packet and the state function that handles OOTB SHUTDOWN_ACK is
2855 * called with a NULL association.
2857 return sctp_sf_shut_8_4_5(ep, NULL, type, arg, commands);
2860 /* ADDIP Section 4.2 Upon reception of an ASCONF Chunk. */
2861 sctp_disposition_t sctp_sf_do_asconf(const struct sctp_endpoint *ep,
2862 const struct sctp_association *asoc,
2863 const sctp_subtype_t type, void *arg,
2864 sctp_cmd_seq_t *commands)
2866 struct sctp_chunk *chunk = arg;
2867 struct sctp_chunk *asconf_ack = NULL;
2868 sctp_addiphdr_t *hdr;
2871 hdr = (sctp_addiphdr_t *)chunk->skb->data;
2872 serial = ntohl(hdr->serial);
2874 /* ADDIP 4.2 C1) Compare the value of the serial number to the value
2875 * the endpoint stored in a new association variable
2876 * 'Peer-Serial-Number'.
2878 if (serial == asoc->peer.addip_serial + 1) {
2879 /* ADDIP 4.2 C2) If the value found in the serial number is
2880 * equal to the ('Peer-Serial-Number' + 1), the endpoint MUST
2883 asconf_ack = sctp_process_asconf((struct sctp_association *)
2886 return SCTP_DISPOSITION_NOMEM;
2887 } else if (serial == asoc->peer.addip_serial) {
2888 /* ADDIP 4.2 C3) If the value found in the serial number is
2889 * equal to the value stored in the 'Peer-Serial-Number'
2890 * IMPLEMENTATION NOTE: As an optimization a receiver may wish
2891 * to save the last ASCONF-ACK for some predetermined period of * time and instead of re-processing the ASCONF (with the same
2892 * serial number) it may just re-transmit the ASCONF-ACK.
2894 if (asoc->addip_last_asconf_ack)
2895 asconf_ack = asoc->addip_last_asconf_ack;
2897 return SCTP_DISPOSITION_DISCARD;
2899 /* ADDIP 4.2 C4) Otherwise, the ASCONF Chunk is discarded since
2900 * it must be either a stale packet or from an attacker.
2902 return SCTP_DISPOSITION_DISCARD;
2905 /* ADDIP 4.2 C5) In both cases C2 and C3 the ASCONF-ACK MUST be sent
2906 * back to the source address contained in the IP header of the ASCONF
2907 * being responded to.
2909 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(asconf_ack));
2911 return SCTP_DISPOSITION_CONSUME;
2915 * ADDIP Section 4.3 General rules for address manipulation
2916 * When building TLV parameters for the ASCONF Chunk that will add or
2917 * delete IP addresses the D0 to D13 rules should be applied:
2919 sctp_disposition_t sctp_sf_do_asconf_ack(const struct sctp_endpoint *ep,
2920 const struct sctp_association *asoc,
2921 const sctp_subtype_t type, void *arg,
2922 sctp_cmd_seq_t *commands)
2924 struct sctp_chunk *asconf_ack = arg;
2925 struct sctp_chunk *last_asconf = asoc->addip_last_asconf;
2926 struct sctp_chunk *abort;
2927 sctp_addiphdr_t *addip_hdr;
2928 __u32 sent_serial, rcvd_serial;
2930 addip_hdr = (sctp_addiphdr_t *)asconf_ack->skb->data;
2931 rcvd_serial = ntohl(addip_hdr->serial);
2934 addip_hdr = (sctp_addiphdr_t *)last_asconf->subh.addip_hdr;
2935 sent_serial = ntohl(addip_hdr->serial);
2937 sent_serial = asoc->addip_serial - 1;
2940 /* D0) If an endpoint receives an ASCONF-ACK that is greater than or
2941 * equal to the next serial number to be used but no ASCONF chunk is
2942 * outstanding the endpoint MUST ABORT the association. Note that a
2943 * sequence number is greater than if it is no more than 2^^31-1
2944 * larger than the current sequence number (using serial arithmetic).
2946 if (ADDIP_SERIAL_gte(rcvd_serial, sent_serial + 1) &&
2947 !(asoc->addip_last_asconf)) {
2948 abort = sctp_make_abort(asoc, asconf_ack,
2949 sizeof(sctp_errhdr_t));
2951 sctp_init_cause(abort, SCTP_ERROR_ASCONF_ACK, NULL, 0);
2952 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
2955 /* We are going to ABORT, so we might as well stop
2956 * processing the rest of the chunks in the packet.
2958 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2959 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
2960 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL());
2961 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
2962 SCTP_U32(SCTP_ERROR_ASCONF_ACK));
2963 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
2964 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
2965 return SCTP_DISPOSITION_ABORT;
2968 if ((rcvd_serial == sent_serial) && asoc->addip_last_asconf) {
2969 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
2970 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
2972 if (!sctp_process_asconf_ack((struct sctp_association *)asoc,
2974 return SCTP_DISPOSITION_CONSUME;
2976 abort = sctp_make_abort(asoc, asconf_ack,
2977 sizeof(sctp_errhdr_t));
2979 sctp_init_cause(abort, SCTP_ERROR_RSRC_LOW, NULL, 0);
2980 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
2983 /* We are going to ABORT, so we might as well stop
2984 * processing the rest of the chunks in the packet.
2986 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL());
2987 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
2988 SCTP_U32(SCTP_ERROR_ASCONF_ACK));
2989 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
2990 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
2991 return SCTP_DISPOSITION_ABORT;
2994 return SCTP_DISPOSITION_DISCARD;
2998 * PR-SCTP Section 3.6 Receiver Side Implementation of PR-SCTP
3000 * When a FORWARD TSN chunk arrives, the data receiver MUST first update
3001 * its cumulative TSN point to the value carried in the FORWARD TSN
3002 * chunk, and then MUST further advance its cumulative TSN point locally
3004 * After the above processing, the data receiver MUST stop reporting any
3005 * missing TSNs earlier than or equal to the new cumulative TSN point.
3007 * Verification Tag: 8.5 Verification Tag [Normal verification]
3009 * The return value is the disposition of the chunk.
3011 sctp_disposition_t sctp_sf_eat_fwd_tsn(const struct sctp_endpoint *ep,
3012 const struct sctp_association *asoc,
3013 const sctp_subtype_t type,
3015 sctp_cmd_seq_t *commands)
3017 struct sctp_chunk *chunk = arg;
3018 struct sctp_fwdtsn_hdr *fwdtsn_hdr;
3022 if (!sctp_vtag_verify(chunk, asoc)) {
3023 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
3025 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3028 fwdtsn_hdr = (struct sctp_fwdtsn_hdr *)chunk->skb->data;
3029 chunk->subh.fwdtsn_hdr = fwdtsn_hdr;
3030 len = ntohs(chunk->chunk_hdr->length);
3031 len -= sizeof(struct sctp_chunkhdr);
3032 skb_pull(chunk->skb, len);
3034 tsn = ntohl(fwdtsn_hdr->new_cum_tsn);
3035 SCTP_DEBUG_PRINTK("%s: TSN 0x%x.\n", __FUNCTION__, tsn);
3037 /* The TSN is too high--silently discard the chunk and count on it
3038 * getting retransmitted later.
3040 if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
3041 goto discard_noforce;
3043 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_FWDTSN, SCTP_U32(tsn));
3044 if (len > sizeof(struct sctp_fwdtsn_hdr))
3045 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_FWDTSN,
3048 /* Count this as receiving DATA. */
3049 if (asoc->autoclose) {
3050 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
3051 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
3054 /* FIXME: For now send a SACK, but DATA processing may
3057 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_NOFORCE());
3058 /* Start the SACK timer. */
3059 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
3060 SCTP_TO(SCTP_EVENT_TIMEOUT_SACK));
3062 return SCTP_DISPOSITION_CONSUME;
3065 return SCTP_DISPOSITION_DISCARD;
3068 sctp_disposition_t sctp_sf_eat_fwd_tsn_fast(
3069 const struct sctp_endpoint *ep,
3070 const struct sctp_association *asoc,
3071 const sctp_subtype_t type,
3073 sctp_cmd_seq_t *commands)
3075 struct sctp_chunk *chunk = arg;
3076 struct sctp_fwdtsn_hdr *fwdtsn_hdr;
3080 if (!sctp_vtag_verify(chunk, asoc)) {
3081 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
3083 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3086 fwdtsn_hdr = (struct sctp_fwdtsn_hdr *)chunk->skb->data;
3087 chunk->subh.fwdtsn_hdr = fwdtsn_hdr;
3088 len = ntohs(chunk->chunk_hdr->length);
3089 len -= sizeof(struct sctp_chunkhdr);
3090 skb_pull(chunk->skb, len);
3092 tsn = ntohl(fwdtsn_hdr->new_cum_tsn);
3093 SCTP_DEBUG_PRINTK("%s: TSN 0x%x.\n", __FUNCTION__, tsn);
3095 /* The TSN is too high--silently discard the chunk and count on it
3096 * getting retransmitted later.
3098 if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
3101 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_FWDTSN, SCTP_U32(tsn));
3102 if (len > sizeof(struct sctp_fwdtsn_hdr))
3103 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_FWDTSN,
3106 /* Go a head and force a SACK, since we are shutting down. */
3108 /* Implementor's Guide.
3110 * While in SHUTDOWN-SENT state, the SHUTDOWN sender MUST immediately
3111 * respond to each received packet containing one or more DATA chunk(s)
3112 * with a SACK, a SHUTDOWN chunk, and restart the T2-shutdown timer
3114 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SHUTDOWN, SCTP_NULL());
3115 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
3116 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
3117 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
3119 return SCTP_DISPOSITION_CONSUME;
3123 * Process an unknown chunk.
3125 * Section: 3.2. Also, 2.1 in the implementor's guide.
3127 * Chunk Types are encoded such that the highest-order two bits specify
3128 * the action that must be taken if the processing endpoint does not
3129 * recognize the Chunk Type.
3131 * 00 - Stop processing this SCTP packet and discard it, do not process
3132 * any further chunks within it.
3134 * 01 - Stop processing this SCTP packet and discard it, do not process
3135 * any further chunks within it, and report the unrecognized
3136 * chunk in an 'Unrecognized Chunk Type'.
3138 * 10 - Skip this chunk and continue processing.
3140 * 11 - Skip this chunk and continue processing, but report in an ERROR
3141 * Chunk using the 'Unrecognized Chunk Type' cause of error.
3143 * The return value is the disposition of the chunk.
3145 sctp_disposition_t sctp_sf_unk_chunk(const struct sctp_endpoint *ep,
3146 const struct sctp_association *asoc,
3147 const sctp_subtype_t type,
3149 sctp_cmd_seq_t *commands)
3151 struct sctp_chunk *unk_chunk = arg;
3152 struct sctp_chunk *err_chunk;
3153 sctp_chunkhdr_t *hdr;
3155 SCTP_DEBUG_PRINTK("Processing the unknown chunk id %d.\n", type.chunk);
3157 if (!sctp_vtag_verify(unk_chunk, asoc))
3158 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3160 switch (type.chunk & SCTP_CID_ACTION_MASK) {
3161 case SCTP_CID_ACTION_DISCARD:
3162 /* Discard the packet. */
3163 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3165 case SCTP_CID_ACTION_DISCARD_ERR:
3166 /* Discard the packet. */
3167 sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3169 /* Generate an ERROR chunk as response. */
3170 hdr = unk_chunk->chunk_hdr;
3171 err_chunk = sctp_make_op_error(asoc, unk_chunk,
3172 SCTP_ERROR_UNKNOWN_CHUNK, hdr,
3173 WORD_ROUND(ntohs(hdr->length)));
3175 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
3176 SCTP_CHUNK(err_chunk));
3178 return SCTP_DISPOSITION_CONSUME;
3180 case SCTP_CID_ACTION_SKIP:
3181 /* Skip the chunk. */
3182 return SCTP_DISPOSITION_DISCARD;
3184 case SCTP_CID_ACTION_SKIP_ERR:
3185 /* Generate an ERROR chunk as response. */
3186 hdr = unk_chunk->chunk_hdr;
3187 err_chunk = sctp_make_op_error(asoc, unk_chunk,
3188 SCTP_ERROR_UNKNOWN_CHUNK, hdr,
3189 WORD_ROUND(ntohs(hdr->length)));
3191 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
3192 SCTP_CHUNK(err_chunk));
3194 /* Skip the chunk. */
3195 return SCTP_DISPOSITION_CONSUME;
3201 return SCTP_DISPOSITION_DISCARD;
3205 * Discard the chunk.
3207 * Section: 0.2, 5.2.3, 5.2.5, 5.2.6, 6.0, 8.4.6, 8.5.1c, 9.2
3208 * [Too numerous to mention...]
3209 * Verification Tag: No verification needed.
3211 * (endpoint, asoc, chunk)
3214 * (asoc, reply_msg, msg_up, timers, counters)
3216 * The return value is the disposition of the chunk.
3218 sctp_disposition_t sctp_sf_discard_chunk(const struct sctp_endpoint *ep,
3219 const struct sctp_association *asoc,
3220 const sctp_subtype_t type,
3222 sctp_cmd_seq_t *commands)
3224 SCTP_DEBUG_PRINTK("Chunk %d is discarded\n", type.chunk);
3225 return SCTP_DISPOSITION_DISCARD;
3229 * Discard the whole packet.
3233 * 2) If the OOTB packet contains an ABORT chunk, the receiver MUST
3234 * silently discard the OOTB packet and take no further action.
3237 * Verification Tag: No verification necessary
3240 * (endpoint, asoc, chunk)
3243 * (asoc, reply_msg, msg_up, timers, counters)
3245 * The return value is the disposition of the chunk.
3247 sctp_disposition_t sctp_sf_pdiscard(const struct sctp_endpoint *ep,
3248 const struct sctp_association *asoc,
3249 const sctp_subtype_t type,
3251 sctp_cmd_seq_t *commands)
3253 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET, SCTP_NULL());
3255 return SCTP_DISPOSITION_CONSUME;
3260 * The other end is violating protocol.
3262 * Section: Not specified
3263 * Verification Tag: Not specified
3265 * (endpoint, asoc, chunk)
3268 * (asoc, reply_msg, msg_up, timers, counters)
3270 * We simply tag the chunk as a violation. The state machine will log
3271 * the violation and continue.
3273 sctp_disposition_t sctp_sf_violation(const struct sctp_endpoint *ep,
3274 const struct sctp_association *asoc,
3275 const sctp_subtype_t type,
3277 sctp_cmd_seq_t *commands)
3279 return SCTP_DISPOSITION_VIOLATION;
3282 /***************************************************************************
3283 * These are the state functions for handling primitive (Section 10) events.
3284 ***************************************************************************/
3286 * sctp_sf_do_prm_asoc
3288 * Section: 10.1 ULP-to-SCTP
3291 * Format: ASSOCIATE(local SCTP instance name, destination transport addr,
3292 * outbound stream count)
3293 * -> association id [,destination transport addr list] [,outbound stream
3296 * This primitive allows the upper layer to initiate an association to a
3297 * specific peer endpoint.
3299 * The peer endpoint shall be specified by one of the transport addresses
3300 * which defines the endpoint (see Section 1.4). If the local SCTP
3301 * instance has not been initialized, the ASSOCIATE is considered an
3303 * [This is not relevant for the kernel implementation since we do all
3304 * initialization at boot time. It we hadn't initialized we wouldn't
3305 * get anywhere near this code.]
3307 * An association id, which is a local handle to the SCTP association,
3308 * will be returned on successful establishment of the association. If
3309 * SCTP is not able to open an SCTP association with the peer endpoint,
3310 * an error is returned.
3311 * [In the kernel implementation, the struct sctp_association needs to
3312 * be created BEFORE causing this primitive to run.]
3314 * Other association parameters may be returned, including the
3315 * complete destination transport addresses of the peer as well as the
3316 * outbound stream count of the local endpoint. One of the transport
3317 * address from the returned destination addresses will be selected by
3318 * the local endpoint as default primary path for sending SCTP packets
3319 * to this peer. The returned "destination transport addr list" can
3320 * be used by the ULP to change the default primary path or to force
3321 * sending a packet to a specific transport address. [All of this
3322 * stuff happens when the INIT ACK arrives. This is a NON-BLOCKING
3325 * Mandatory attributes:
3327 * o local SCTP instance name - obtained from the INITIALIZE operation.
3328 * [This is the argument asoc.]
3329 * o destination transport addr - specified as one of the transport
3330 * addresses of the peer endpoint with which the association is to be
3332 * [This is asoc->peer.active_path.]
3333 * o outbound stream count - the number of outbound streams the ULP
3334 * would like to open towards this peer endpoint.
3335 * [BUG: This is not currently implemented.]
3336 * Optional attributes:
3340 * The return value is a disposition.
3342 sctp_disposition_t sctp_sf_do_prm_asoc(const struct sctp_endpoint *ep,
3343 const struct sctp_association *asoc,
3344 const sctp_subtype_t type,
3346 sctp_cmd_seq_t *commands)
3348 struct sctp_chunk *repl;
3350 /* The comment below says that we enter COOKIE-WAIT AFTER
3351 * sending the INIT, but that doesn't actually work in our
3354 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
3355 SCTP_STATE(SCTP_STATE_COOKIE_WAIT));
3357 /* RFC 2960 5.1 Normal Establishment of an Association
3359 * A) "A" first sends an INIT chunk to "Z". In the INIT, "A"
3360 * must provide its Verification Tag (Tag_A) in the Initiate
3361 * Tag field. Tag_A SHOULD be a random number in the range of
3362 * 1 to 4294967295 (see 5.3.1 for Tag value selection). ...
3365 repl = sctp_make_init(asoc, &asoc->base.bind_addr, GFP_ATOMIC, 0);
3369 /* Cast away the const modifier, as we want to just
3370 * rerun it through as a sideffect.
3372 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC,
3373 SCTP_ASOC((struct sctp_association *) asoc));
3375 /* After sending the INIT, "A" starts the T1-init timer and
3376 * enters the COOKIE-WAIT state.
3378 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
3379 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
3380 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
3381 return SCTP_DISPOSITION_CONSUME;
3384 return SCTP_DISPOSITION_NOMEM;
3388 * Process the SEND primitive.
3390 * Section: 10.1 ULP-to-SCTP
3393 * Format: SEND(association id, buffer address, byte count [,context]
3394 * [,stream id] [,life time] [,destination transport address]
3395 * [,unorder flag] [,no-bundle flag] [,payload protocol-id] )
3398 * This is the main method to send user data via SCTP.
3400 * Mandatory attributes:
3402 * o association id - local handle to the SCTP association
3404 * o buffer address - the location where the user message to be
3405 * transmitted is stored;
3407 * o byte count - The size of the user data in number of bytes;
3409 * Optional attributes:
3411 * o context - an optional 32 bit integer that will be carried in the
3412 * sending failure notification to the ULP if the transportation of
3413 * this User Message fails.
3415 * o stream id - to indicate which stream to send the data on. If not
3416 * specified, stream 0 will be used.
3418 * o life time - specifies the life time of the user data. The user data
3419 * will not be sent by SCTP after the life time expires. This
3420 * parameter can be used to avoid efforts to transmit stale
3421 * user messages. SCTP notifies the ULP if the data cannot be
3422 * initiated to transport (i.e. sent to the destination via SCTP's
3423 * send primitive) within the life time variable. However, the
3424 * user data will be transmitted if SCTP has attempted to transmit a
3425 * chunk before the life time expired.
3427 * o destination transport address - specified as one of the destination
3428 * transport addresses of the peer endpoint to which this packet
3429 * should be sent. Whenever possible, SCTP should use this destination
3430 * transport address for sending the packets, instead of the current
3433 * o unorder flag - this flag, if present, indicates that the user
3434 * would like the data delivered in an unordered fashion to the peer
3435 * (i.e., the U flag is set to 1 on all DATA chunks carrying this
3438 * o no-bundle flag - instructs SCTP not to bundle this user data with
3439 * other outbound DATA chunks. SCTP MAY still bundle even when
3440 * this flag is present, when faced with network congestion.
3442 * o payload protocol-id - A 32 bit unsigned integer that is to be
3443 * passed to the peer indicating the type of payload protocol data
3444 * being transmitted. This value is passed as opaque data by SCTP.
3446 * The return value is the disposition.
3448 sctp_disposition_t sctp_sf_do_prm_send(const struct sctp_endpoint *ep,
3449 const struct sctp_association *asoc,
3450 const sctp_subtype_t type,
3452 sctp_cmd_seq_t *commands)
3454 struct sctp_chunk *chunk = arg;
3456 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(chunk));
3457 return SCTP_DISPOSITION_CONSUME;
3461 * Process the SHUTDOWN primitive.
3466 * Format: SHUTDOWN(association id)
3469 * Gracefully closes an association. Any locally queued user data
3470 * will be delivered to the peer. The association will be terminated only
3471 * after the peer acknowledges all the SCTP packets sent. A success code
3472 * will be returned on successful termination of the association. If
3473 * attempting to terminate the association results in a failure, an error
3474 * code shall be returned.
3476 * Mandatory attributes:
3478 * o association id - local handle to the SCTP association
3480 * Optional attributes:
3484 * The return value is the disposition.
3486 sctp_disposition_t sctp_sf_do_9_2_prm_shutdown(
3487 const struct sctp_endpoint *ep,
3488 const struct sctp_association *asoc,
3489 const sctp_subtype_t type,
3491 sctp_cmd_seq_t *commands)
3495 /* From 9.2 Shutdown of an Association
3496 * Upon receipt of the SHUTDOWN primitive from its upper
3497 * layer, the endpoint enters SHUTDOWN-PENDING state and
3498 * remains there until all outstanding data has been
3499 * acknowledged by its peer. The endpoint accepts no new data
3500 * from its upper layer, but retransmits data to the far end
3501 * if necessary to fill gaps.
3503 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
3504 SCTP_STATE(SCTP_STATE_SHUTDOWN_PENDING));
3506 /* sctpimpguide-05 Section 2.12.2
3507 * The sender of the SHUTDOWN MAY also start an overall guard timer
3508 * 'T5-shutdown-guard' to bound the overall time for shutdown sequence.
3510 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
3511 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
3513 disposition = SCTP_DISPOSITION_CONSUME;
3514 if (sctp_outq_is_empty(&asoc->outqueue)) {
3515 disposition = sctp_sf_do_9_2_start_shutdown(ep, asoc, type,
3522 * Process the ABORT primitive.
3527 * Format: Abort(association id [, cause code])
3530 * Ungracefully closes an association. Any locally queued user data
3531 * will be discarded and an ABORT chunk is sent to the peer. A success code
3532 * will be returned on successful abortion of the association. If
3533 * attempting to abort the association results in a failure, an error
3534 * code shall be returned.
3536 * Mandatory attributes:
3538 * o association id - local handle to the SCTP association
3540 * Optional attributes:
3542 * o cause code - reason of the abort to be passed to the peer
3546 * The return value is the disposition.
3548 sctp_disposition_t sctp_sf_do_9_1_prm_abort(
3549 const struct sctp_endpoint *ep,
3550 const struct sctp_association *asoc,
3551 const sctp_subtype_t type,
3553 sctp_cmd_seq_t *commands)
3555 /* From 9.1 Abort of an Association
3556 * Upon receipt of the ABORT primitive from its upper
3557 * layer, the endpoint enters CLOSED state and
3558 * discard all outstanding data has been
3559 * acknowledged by its peer. The endpoint accepts no new data
3560 * from its upper layer, but retransmits data to the far end
3561 * if necessary to fill gaps.
3563 struct msghdr *msg = arg;
3564 struct sctp_chunk *abort;
3565 sctp_disposition_t retval;
3567 retval = SCTP_DISPOSITION_CONSUME;
3569 /* Generate ABORT chunk to send the peer. */
3570 abort = sctp_make_abort_user(asoc, NULL, msg);
3572 retval = SCTP_DISPOSITION_NOMEM;
3574 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
3576 /* Even if we can't send the ABORT due to low memory delete the
3577 * TCB. This is a departure from our typical NOMEM handling.
3580 /* Delete the established association. */
3581 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
3582 SCTP_U32(SCTP_ERROR_USER_ABORT));
3584 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
3585 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
3590 /* We tried an illegal operation on an association which is closed. */
3591 sctp_disposition_t sctp_sf_error_closed(const struct sctp_endpoint *ep,
3592 const struct sctp_association *asoc,
3593 const sctp_subtype_t type,
3595 sctp_cmd_seq_t *commands)
3597 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_ERROR, SCTP_ERROR(-EINVAL));
3598 return SCTP_DISPOSITION_CONSUME;
3601 /* We tried an illegal operation on an association which is shutting
3604 sctp_disposition_t sctp_sf_error_shutdown(const struct sctp_endpoint *ep,
3605 const struct sctp_association *asoc,
3606 const sctp_subtype_t type,
3608 sctp_cmd_seq_t *commands)
3610 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_ERROR,
3611 SCTP_ERROR(-ESHUTDOWN));
3612 return SCTP_DISPOSITION_CONSUME;
3616 * sctp_cookie_wait_prm_shutdown
3618 * Section: 4 Note: 2
3623 * The RFC does not explicitly address this issue, but is the route through the
3624 * state table when someone issues a shutdown while in COOKIE_WAIT state.
3629 sctp_disposition_t sctp_sf_cookie_wait_prm_shutdown(
3630 const struct sctp_endpoint *ep,
3631 const struct sctp_association *asoc,
3632 const sctp_subtype_t type,
3634 sctp_cmd_seq_t *commands)
3636 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3637 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
3639 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
3640 SCTP_STATE(SCTP_STATE_CLOSED));
3642 SCTP_INC_STATS(SCTP_MIB_SHUTDOWNS);
3644 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
3646 return SCTP_DISPOSITION_DELETE_TCB;
3650 * sctp_cookie_echoed_prm_shutdown
3652 * Section: 4 Note: 2
3657 * The RFC does not explcitly address this issue, but is the route through the
3658 * state table when someone issues a shutdown while in COOKIE_ECHOED state.
3663 sctp_disposition_t sctp_sf_cookie_echoed_prm_shutdown(
3664 const struct sctp_endpoint *ep,
3665 const struct sctp_association *asoc,
3666 const sctp_subtype_t type,
3667 void *arg, sctp_cmd_seq_t *commands)
3669 /* There is a single T1 timer, so we should be able to use
3670 * common function with the COOKIE-WAIT state.
3672 return sctp_sf_cookie_wait_prm_shutdown(ep, asoc, type, arg, commands);
3676 * sctp_sf_cookie_wait_prm_abort
3678 * Section: 4 Note: 2
3683 * The RFC does not explicitly address this issue, but is the route through the
3684 * state table when someone issues an abort while in COOKIE_WAIT state.
3689 sctp_disposition_t sctp_sf_cookie_wait_prm_abort(
3690 const struct sctp_endpoint *ep,
3691 const struct sctp_association *asoc,
3692 const sctp_subtype_t type,
3694 sctp_cmd_seq_t *commands)
3696 struct msghdr *msg = arg;
3697 struct sctp_chunk *abort;
3698 sctp_disposition_t retval;
3700 /* Stop T1-init timer */
3701 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3702 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
3703 retval = SCTP_DISPOSITION_CONSUME;
3705 /* Generate ABORT chunk to send the peer */
3706 abort = sctp_make_abort_user(asoc, NULL, msg);
3708 retval = SCTP_DISPOSITION_NOMEM;
3710 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
3712 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
3713 SCTP_STATE(SCTP_STATE_CLOSED));
3715 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
3717 /* Even if we can't send the ABORT due to low memory delete the
3718 * TCB. This is a departure from our typical NOMEM handling.
3721 /* Delete the established association. */
3722 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
3723 SCTP_U32(SCTP_ERROR_USER_ABORT));
3729 * sctp_sf_cookie_echoed_prm_abort
3731 * Section: 4 Note: 3
3736 * The RFC does not explcitly address this issue, but is the route through the
3737 * state table when someone issues an abort while in COOKIE_ECHOED state.
3742 sctp_disposition_t sctp_sf_cookie_echoed_prm_abort(
3743 const struct sctp_endpoint *ep,
3744 const struct sctp_association *asoc,
3745 const sctp_subtype_t type,
3747 sctp_cmd_seq_t *commands)
3749 /* There is a single T1 timer, so we should be able to use
3750 * common function with the COOKIE-WAIT state.
3752 return sctp_sf_cookie_wait_prm_abort(ep, asoc, type, arg, commands);
3756 * sctp_sf_shutdown_pending_prm_abort
3761 * The RFC does not explicitly address this issue, but is the route through the
3762 * state table when someone issues an abort while in SHUTDOWN-PENDING state.
3767 sctp_disposition_t sctp_sf_shutdown_pending_prm_abort(
3768 const struct sctp_endpoint *ep,
3769 const struct sctp_association *asoc,
3770 const sctp_subtype_t type,
3772 sctp_cmd_seq_t *commands)
3774 /* Stop the T5-shutdown guard timer. */
3775 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3776 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
3778 return sctp_sf_do_9_1_prm_abort(ep, asoc, type, arg, commands);
3782 * sctp_sf_shutdown_sent_prm_abort
3787 * The RFC does not explicitly address this issue, but is the route through the
3788 * state table when someone issues an abort while in SHUTDOWN-SENT state.
3793 sctp_disposition_t sctp_sf_shutdown_sent_prm_abort(
3794 const struct sctp_endpoint *ep,
3795 const struct sctp_association *asoc,
3796 const sctp_subtype_t type,
3798 sctp_cmd_seq_t *commands)
3800 /* Stop the T2-shutdown timer. */
3801 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3802 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
3804 /* Stop the T5-shutdown guard timer. */
3805 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3806 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
3808 return sctp_sf_do_9_1_prm_abort(ep, asoc, type, arg, commands);
3812 * sctp_sf_cookie_echoed_prm_abort
3817 * The RFC does not explcitly address this issue, but is the route through the
3818 * state table when someone issues an abort while in COOKIE_ECHOED state.
3823 sctp_disposition_t sctp_sf_shutdown_ack_sent_prm_abort(
3824 const struct sctp_endpoint *ep,
3825 const struct sctp_association *asoc,
3826 const sctp_subtype_t type,
3828 sctp_cmd_seq_t *commands)
3830 /* The same T2 timer, so we should be able to use
3831 * common function with the SHUTDOWN-SENT state.
3833 return sctp_sf_shutdown_sent_prm_abort(ep, asoc, type, arg, commands);
3837 * Process the REQUESTHEARTBEAT primitive
3840 * J) Request Heartbeat
3842 * Format: REQUESTHEARTBEAT(association id, destination transport address)
3846 * Instructs the local endpoint to perform a HeartBeat on the specified
3847 * destination transport address of the given association. The returned
3848 * result should indicate whether the transmission of the HEARTBEAT
3849 * chunk to the destination address is successful.
3851 * Mandatory attributes:
3853 * o association id - local handle to the SCTP association
3855 * o destination transport address - the transport address of the
3856 * association on which a heartbeat should be issued.
3858 sctp_disposition_t sctp_sf_do_prm_requestheartbeat(
3859 const struct sctp_endpoint *ep,
3860 const struct sctp_association *asoc,
3861 const sctp_subtype_t type,
3863 sctp_cmd_seq_t *commands)
3865 return sctp_sf_heartbeat(ep, asoc, type, (struct sctp_transport *)arg,
3870 * ADDIP Section 4.1 ASCONF Chunk Procedures
3871 * When an endpoint has an ASCONF signaled change to be sent to the
3872 * remote endpoint it should do A1 to A9
3874 sctp_disposition_t sctp_sf_do_prm_asconf(const struct sctp_endpoint *ep,
3875 const struct sctp_association *asoc,
3876 const sctp_subtype_t type,
3878 sctp_cmd_seq_t *commands)
3880 struct sctp_chunk *chunk = arg;
3882 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T4, SCTP_CHUNK(chunk));
3883 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
3884 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
3885 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(chunk));
3886 return SCTP_DISPOSITION_CONSUME;
3890 * Ignore the primitive event
3892 * The return value is the disposition of the primitive.
3894 sctp_disposition_t sctp_sf_ignore_primitive(
3895 const struct sctp_endpoint *ep,
3896 const struct sctp_association *asoc,
3897 const sctp_subtype_t type,
3899 sctp_cmd_seq_t *commands)
3901 SCTP_DEBUG_PRINTK("Primitive type %d is ignored.\n", type.primitive);
3902 return SCTP_DISPOSITION_DISCARD;
3905 /***************************************************************************
3906 * These are the state functions for the OTHER events.
3907 ***************************************************************************/
3910 * Start the shutdown negotiation.
3913 * Once all its outstanding data has been acknowledged, the endpoint
3914 * shall send a SHUTDOWN chunk to its peer including in the Cumulative
3915 * TSN Ack field the last sequential TSN it has received from the peer.
3916 * It shall then start the T2-shutdown timer and enter the SHUTDOWN-SENT
3917 * state. If the timer expires, the endpoint must re-send the SHUTDOWN
3918 * with the updated last sequential TSN received from its peer.
3920 * The return value is the disposition.
3922 sctp_disposition_t sctp_sf_do_9_2_start_shutdown(
3923 const struct sctp_endpoint *ep,
3924 const struct sctp_association *asoc,
3925 const sctp_subtype_t type,
3927 sctp_cmd_seq_t *commands)
3929 struct sctp_chunk *reply;
3931 /* Once all its outstanding data has been acknowledged, the
3932 * endpoint shall send a SHUTDOWN chunk to its peer including
3933 * in the Cumulative TSN Ack field the last sequential TSN it
3934 * has received from the peer.
3936 reply = sctp_make_shutdown(asoc, NULL);
3940 /* Set the transport for the SHUTDOWN chunk and the timeout for the
3941 * T2-shutdown timer.
3943 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
3945 /* It shall then start the T2-shutdown timer */
3946 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
3947 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
3949 if (asoc->autoclose)
3950 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
3951 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
3953 /* and enter the SHUTDOWN-SENT state. */
3954 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
3955 SCTP_STATE(SCTP_STATE_SHUTDOWN_SENT));
3957 /* sctp-implguide 2.10 Issues with Heartbeating and failover
3959 * HEARTBEAT ... is discontinued after sending either SHUTDOWN
3962 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_STOP, SCTP_NULL());
3964 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
3966 return SCTP_DISPOSITION_CONSUME;
3969 return SCTP_DISPOSITION_NOMEM;
3973 * Generate a SHUTDOWN ACK now that everything is SACK'd.
3977 * If it has no more outstanding DATA chunks, the SHUTDOWN receiver
3978 * shall send a SHUTDOWN ACK and start a T2-shutdown timer of its own,
3979 * entering the SHUTDOWN-ACK-SENT state. If the timer expires, the
3980 * endpoint must re-send the SHUTDOWN ACK.
3982 * The return value is the disposition.
3984 sctp_disposition_t sctp_sf_do_9_2_shutdown_ack(
3985 const struct sctp_endpoint *ep,
3986 const struct sctp_association *asoc,
3987 const sctp_subtype_t type,
3989 sctp_cmd_seq_t *commands)
3991 struct sctp_chunk *chunk = (struct sctp_chunk *) arg;
3992 struct sctp_chunk *reply;
3994 /* If it has no more outstanding DATA chunks, the SHUTDOWN receiver
3995 * shall send a SHUTDOWN ACK ...
3997 reply = sctp_make_shutdown_ack(asoc, chunk);
4001 /* Set the transport for the SHUTDOWN ACK chunk and the timeout for
4002 * the T2-shutdown timer.
4004 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
4006 /* and start/restart a T2-shutdown timer of its own, */
4007 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
4008 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
4010 if (asoc->autoclose)
4011 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4012 SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
4014 /* Enter the SHUTDOWN-ACK-SENT state. */
4015 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4016 SCTP_STATE(SCTP_STATE_SHUTDOWN_ACK_SENT));
4018 /* sctp-implguide 2.10 Issues with Heartbeating and failover
4020 * HEARTBEAT ... is discontinued after sending either SHUTDOWN
4023 sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_STOP, SCTP_NULL());
4025 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
4027 return SCTP_DISPOSITION_CONSUME;
4030 return SCTP_DISPOSITION_NOMEM;
4034 * Ignore the event defined as other
4036 * The return value is the disposition of the event.
4038 sctp_disposition_t sctp_sf_ignore_other(const struct sctp_endpoint *ep,
4039 const struct sctp_association *asoc,
4040 const sctp_subtype_t type,
4042 sctp_cmd_seq_t *commands)
4044 SCTP_DEBUG_PRINTK("The event other type %d is ignored\n", type.other);
4045 return SCTP_DISPOSITION_DISCARD;
4048 /************************************************************
4049 * These are the state functions for handling timeout events.
4050 ************************************************************/
4055 * Section: 6.3.3 Handle T3-rtx Expiration
4057 * Whenever the retransmission timer T3-rtx expires for a destination
4058 * address, do the following:
4061 * The return value is the disposition of the chunk.
4063 sctp_disposition_t sctp_sf_do_6_3_3_rtx(const struct sctp_endpoint *ep,
4064 const struct sctp_association *asoc,
4065 const sctp_subtype_t type,
4067 sctp_cmd_seq_t *commands)
4069 struct sctp_transport *transport = arg;
4071 if (asoc->overall_error_count >= asoc->max_retrans) {
4072 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
4073 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4074 SCTP_U32(SCTP_ERROR_NO_ERROR));
4075 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
4076 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
4077 return SCTP_DISPOSITION_DELETE_TCB;
4080 /* E1) For the destination address for which the timer
4081 * expires, adjust its ssthresh with rules defined in Section
4082 * 7.2.3 and set the cwnd <- MTU.
4085 /* E2) For the destination address for which the timer
4086 * expires, set RTO <- RTO * 2 ("back off the timer"). The
4087 * maximum value discussed in rule C7 above (RTO.max) may be
4088 * used to provide an upper bound to this doubling operation.
4091 /* E3) Determine how many of the earliest (i.e., lowest TSN)
4092 * outstanding DATA chunks for the address for which the
4093 * T3-rtx has expired will fit into a single packet, subject
4094 * to the MTU constraint for the path corresponding to the
4095 * destination transport address to which the retransmission
4096 * is being sent (this may be different from the address for
4097 * which the timer expires [see Section 6.4]). Call this
4098 * value K. Bundle and retransmit those K DATA chunks in a
4099 * single packet to the destination endpoint.
4101 * Note: Any DATA chunks that were sent to the address for
4102 * which the T3-rtx timer expired but did not fit in one MTU
4103 * (rule E3 above), should be marked for retransmission and
4104 * sent as soon as cwnd allows (normally when a SACK arrives).
4107 /* NB: Rules E4 and F1 are implicit in R1. */
4108 sctp_add_cmd_sf(commands, SCTP_CMD_RETRAN, SCTP_TRANSPORT(transport));
4110 /* Do some failure management (Section 8.2). */
4111 sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE, SCTP_TRANSPORT(transport));
4113 return SCTP_DISPOSITION_CONSUME;
4117 * Generate delayed SACK on timeout
4119 * Section: 6.2 Acknowledgement on Reception of DATA Chunks
4121 * The guidelines on delayed acknowledgement algorithm specified in
4122 * Section 4.2 of [RFC2581] SHOULD be followed. Specifically, an
4123 * acknowledgement SHOULD be generated for at least every second packet
4124 * (not every second DATA chunk) received, and SHOULD be generated
4125 * within 200 ms of the arrival of any unacknowledged DATA chunk. In
4126 * some situations it may be beneficial for an SCTP transmitter to be
4127 * more conservative than the algorithms detailed in this document
4128 * allow. However, an SCTP transmitter MUST NOT be more aggressive than
4129 * the following algorithms allow.
4131 sctp_disposition_t sctp_sf_do_6_2_sack(const struct sctp_endpoint *ep,
4132 const struct sctp_association *asoc,
4133 const sctp_subtype_t type,
4135 sctp_cmd_seq_t *commands)
4137 sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
4138 return SCTP_DISPOSITION_CONSUME;
4142 * sctp_sf_t1_timer_expire
4144 * Section: 4 Note: 2
4149 * RFC 2960 Section 4 Notes
4150 * 2) If the T1-init timer expires, the endpoint MUST retransmit INIT
4151 * and re-start the T1-init timer without changing state. This MUST
4152 * be repeated up to 'Max.Init.Retransmits' times. After that, the
4153 * endpoint MUST abort the initialization process and report the
4154 * error to SCTP user.
4156 * 3) If the T1-cookie timer expires, the endpoint MUST retransmit
4157 * COOKIE ECHO and re-start the T1-cookie timer without changing
4158 * state. This MUST be repeated up to 'Max.Init.Retransmits' times.
4159 * After that, the endpoint MUST abort the initialization process and
4160 * report the error to SCTP user.
4166 sctp_disposition_t sctp_sf_t1_timer_expire(const struct sctp_endpoint *ep,
4167 const struct sctp_association *asoc,
4168 const sctp_subtype_t type,
4170 sctp_cmd_seq_t *commands)
4172 struct sctp_chunk *repl;
4173 struct sctp_bind_addr *bp;
4174 sctp_event_timeout_t timer = (sctp_event_timeout_t) arg;
4178 timeout = asoc->timeouts[timer];
4179 attempts = asoc->counters[SCTP_COUNTER_INIT_ERROR] + 1;
4182 SCTP_DEBUG_PRINTK("Timer T1 expired.\n");
4184 if (attempts < asoc->max_init_attempts) {
4186 case SCTP_EVENT_TIMEOUT_T1_INIT:
4187 bp = (struct sctp_bind_addr *) &asoc->base.bind_addr;
4188 repl = sctp_make_init(asoc, bp, GFP_ATOMIC, 0);
4191 case SCTP_EVENT_TIMEOUT_T1_COOKIE:
4192 repl = sctp_make_cookie_echo(asoc, NULL);
4203 /* Issue a sideeffect to do the needed accounting. */
4204 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_RESTART,
4206 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
4208 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
4209 SCTP_U32(SCTP_ERROR_NO_ERROR));
4210 return SCTP_DISPOSITION_DELETE_TCB;
4213 return SCTP_DISPOSITION_CONSUME;
4216 return SCTP_DISPOSITION_NOMEM;
4219 /* RFC2960 9.2 If the timer expires, the endpoint must re-send the SHUTDOWN
4220 * with the updated last sequential TSN received from its peer.
4222 * An endpoint should limit the number of retransmissions of the
4223 * SHUTDOWN chunk to the protocol parameter 'Association.Max.Retrans'.
4224 * If this threshold is exceeded the endpoint should destroy the TCB and
4225 * MUST report the peer endpoint unreachable to the upper layer (and
4226 * thus the association enters the CLOSED state). The reception of any
4227 * packet from its peer (i.e. as the peer sends all of its queued DATA
4228 * chunks) should clear the endpoint's retransmission count and restart
4229 * the T2-Shutdown timer, giving its peer ample opportunity to transmit
4230 * all of its queued DATA chunks that have not yet been sent.
4232 sctp_disposition_t sctp_sf_t2_timer_expire(const struct sctp_endpoint *ep,
4233 const struct sctp_association *asoc,
4234 const sctp_subtype_t type,
4236 sctp_cmd_seq_t *commands)
4238 struct sctp_chunk *reply = NULL;
4240 SCTP_DEBUG_PRINTK("Timer T2 expired.\n");
4241 if (asoc->overall_error_count >= asoc->max_retrans) {
4242 /* Note: CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
4243 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4244 SCTP_U32(SCTP_ERROR_NO_ERROR));
4245 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
4246 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
4247 return SCTP_DISPOSITION_DELETE_TCB;
4250 switch (asoc->state) {
4251 case SCTP_STATE_SHUTDOWN_SENT:
4252 reply = sctp_make_shutdown(asoc, NULL);
4255 case SCTP_STATE_SHUTDOWN_ACK_SENT:
4256 reply = sctp_make_shutdown_ack(asoc, NULL);
4267 /* Do some failure management (Section 8.2). */
4268 sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE,
4269 SCTP_TRANSPORT(asoc->shutdown_last_sent_to));
4271 /* Set the transport for the SHUTDOWN/ACK chunk and the timeout for
4272 * the T2-shutdown timer.
4274 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply));
4276 /* Restart the T2-shutdown timer. */
4277 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
4278 SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN));
4279 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
4280 return SCTP_DISPOSITION_CONSUME;
4283 return SCTP_DISPOSITION_NOMEM;
4287 * ADDIP Section 4.1 ASCONF CHunk Procedures
4288 * If the T4 RTO timer expires the endpoint should do B1 to B5
4290 sctp_disposition_t sctp_sf_t4_timer_expire(
4291 const struct sctp_endpoint *ep,
4292 const struct sctp_association *asoc,
4293 const sctp_subtype_t type,
4295 sctp_cmd_seq_t *commands)
4297 struct sctp_chunk *chunk = asoc->addip_last_asconf;
4298 struct sctp_transport *transport = chunk->transport;
4300 /* ADDIP 4.1 B1) Increment the error counters and perform path failure
4301 * detection on the appropriate destination address as defined in
4302 * RFC2960 [5] section 8.1 and 8.2.
4304 sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE, SCTP_TRANSPORT(transport));
4306 /* Reconfig T4 timer and transport. */
4307 sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T4, SCTP_CHUNK(chunk));
4309 /* ADDIP 4.1 B2) Increment the association error counters and perform
4310 * endpoint failure detection on the association as defined in
4311 * RFC2960 [5] section 8.1 and 8.2.
4312 * association error counter is incremented in SCTP_CMD_STRIKE.
4314 if (asoc->overall_error_count >= asoc->max_retrans) {
4315 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
4316 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
4317 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4318 SCTP_U32(SCTP_ERROR_NO_ERROR));
4319 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
4320 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
4321 return SCTP_DISPOSITION_ABORT;
4324 /* ADDIP 4.1 B3) Back-off the destination address RTO value to which
4325 * the ASCONF chunk was sent by doubling the RTO timer value.
4326 * This is done in SCTP_CMD_STRIKE.
4329 /* ADDIP 4.1 B4) Re-transmit the ASCONF Chunk last sent and if possible
4330 * choose an alternate destination address (please refer to RFC2960
4331 * [5] section 6.4.1). An endpoint MUST NOT add new parameters to this
4332 * chunk, it MUST be the same (including its serial number) as the last
4335 sctp_chunk_hold(asoc->addip_last_asconf);
4336 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
4337 SCTP_CHUNK(asoc->addip_last_asconf));
4339 /* ADDIP 4.1 B5) Restart the T-4 RTO timer. Note that if a different
4340 * destination is selected, then the RTO used will be that of the new
4341 * destination address.
4343 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
4344 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
4346 return SCTP_DISPOSITION_CONSUME;
4349 /* sctpimpguide-05 Section 2.12.2
4350 * The sender of the SHUTDOWN MAY also start an overall guard timer
4351 * 'T5-shutdown-guard' to bound the overall time for shutdown sequence.
4352 * At the expiration of this timer the sender SHOULD abort the association
4353 * by sending an ABORT chunk.
4355 sctp_disposition_t sctp_sf_t5_timer_expire(const struct sctp_endpoint *ep,
4356 const struct sctp_association *asoc,
4357 const sctp_subtype_t type,
4359 sctp_cmd_seq_t *commands)
4361 struct sctp_chunk *reply = NULL;
4363 SCTP_DEBUG_PRINTK("Timer T5 expired.\n");
4365 reply = sctp_make_abort(asoc, NULL, 0);
4369 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
4370 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4371 SCTP_U32(SCTP_ERROR_NO_ERROR));
4373 return SCTP_DISPOSITION_DELETE_TCB;
4375 return SCTP_DISPOSITION_NOMEM;
4378 /* Handle expiration of AUTOCLOSE timer. When the autoclose timer expires,
4379 * the association is automatically closed by starting the shutdown process.
4380 * The work that needs to be done is same as when SHUTDOWN is initiated by
4381 * the user. So this routine looks same as sctp_sf_do_9_2_prm_shutdown().
4383 sctp_disposition_t sctp_sf_autoclose_timer_expire(
4384 const struct sctp_endpoint *ep,
4385 const struct sctp_association *asoc,
4386 const sctp_subtype_t type,
4388 sctp_cmd_seq_t *commands)
4392 /* From 9.2 Shutdown of an Association
4393 * Upon receipt of the SHUTDOWN primitive from its upper
4394 * layer, the endpoint enters SHUTDOWN-PENDING state and
4395 * remains there until all outstanding data has been
4396 * acknowledged by its peer. The endpoint accepts no new data
4397 * from its upper layer, but retransmits data to the far end
4398 * if necessary to fill gaps.
4400 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
4401 SCTP_STATE(SCTP_STATE_SHUTDOWN_PENDING));
4403 /* sctpimpguide-05 Section 2.12.2
4404 * The sender of the SHUTDOWN MAY also start an overall guard timer
4405 * 'T5-shutdown-guard' to bound the overall time for shutdown sequence.
4407 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
4408 SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
4409 disposition = SCTP_DISPOSITION_CONSUME;
4410 if (sctp_outq_is_empty(&asoc->outqueue)) {
4411 disposition = sctp_sf_do_9_2_start_shutdown(ep, asoc, type,
4417 /*****************************************************************************
4418 * These are sa state functions which could apply to all types of events.
4419 ****************************************************************************/
4422 * This table entry is not implemented.
4425 * (endpoint, asoc, chunk)
4427 * The return value is the disposition of the chunk.
4429 sctp_disposition_t sctp_sf_not_impl(const struct sctp_endpoint *ep,
4430 const struct sctp_association *asoc,
4431 const sctp_subtype_t type,
4433 sctp_cmd_seq_t *commands)
4435 return SCTP_DISPOSITION_NOT_IMPL;
4439 * This table entry represents a bug.
4442 * (endpoint, asoc, chunk)
4444 * The return value is the disposition of the chunk.
4446 sctp_disposition_t sctp_sf_bug(const struct sctp_endpoint *ep,
4447 const struct sctp_association *asoc,
4448 const sctp_subtype_t type,
4450 sctp_cmd_seq_t *commands)
4452 return SCTP_DISPOSITION_BUG;
4456 * This table entry represents the firing of a timer in the wrong state.
4457 * Since timer deletion cannot be guaranteed a timer 'may' end up firing
4458 * when the association is in the wrong state. This event should
4459 * be ignored, so as to prevent any rearming of the timer.
4462 * (endpoint, asoc, chunk)
4464 * The return value is the disposition of the chunk.
4466 sctp_disposition_t sctp_sf_timer_ignore(const struct sctp_endpoint *ep,
4467 const struct sctp_association *asoc,
4468 const sctp_subtype_t type,
4470 sctp_cmd_seq_t *commands)
4472 SCTP_DEBUG_PRINTK("Timer %d ignored.\n", type.chunk);
4473 return SCTP_DISPOSITION_CONSUME;
4476 /********************************************************************
4477 * 2nd Level Abstractions
4478 ********************************************************************/
4480 /* Pull the SACK chunk based on the SACK header. */
4481 struct sctp_sackhdr *sctp_sm_pull_sack(struct sctp_chunk *chunk)
4483 struct sctp_sackhdr *sack;
4488 /* Protect ourselves from reading too far into
4489 * the skb from a bogus sender.
4491 sack = (struct sctp_sackhdr *) chunk->skb->data;
4493 num_blocks = ntohs(sack->num_gap_ack_blocks);
4494 num_dup_tsns = ntohs(sack->num_dup_tsns);
4495 len = sizeof(struct sctp_sackhdr);
4496 len += (num_blocks + num_dup_tsns) * sizeof(__u32);
4497 if (len > chunk->skb->len)
4500 skb_pull(chunk->skb, len);
4505 /* Create an ABORT packet to be sent as a response, with the specified
4508 struct sctp_packet *sctp_abort_pkt_new(const struct sctp_endpoint *ep,
4509 const struct sctp_association *asoc,
4510 struct sctp_chunk *chunk,
4511 const void *payload,
4514 struct sctp_packet *packet;
4515 struct sctp_chunk *abort;
4517 packet = sctp_ootb_pkt_new(asoc, chunk);
4521 * The T bit will be set if the asoc is NULL.
4523 abort = sctp_make_abort(asoc, chunk, paylen);
4525 sctp_ootb_pkt_free(packet);
4528 /* Add specified error causes, i.e., payload, to the
4531 sctp_addto_chunk(abort, paylen, payload);
4533 /* Set the skb to the belonging sock for accounting. */
4534 abort->skb->sk = ep->base.sk;
4536 sctp_packet_append_chunk(packet, abort);
4543 /* Allocate a packet for responding in the OOTB conditions. */
4544 struct sctp_packet *sctp_ootb_pkt_new(const struct sctp_association *asoc,
4545 const struct sctp_chunk *chunk)
4547 struct sctp_packet *packet;
4548 struct sctp_transport *transport;
4553 /* Get the source and destination port from the inbound packet. */
4554 sport = ntohs(chunk->sctp_hdr->dest);
4555 dport = ntohs(chunk->sctp_hdr->source);
4557 /* The V-tag is going to be the same as the inbound packet if no
4558 * association exists, otherwise, use the peer's vtag.
4561 vtag = asoc->peer.i.init_tag;
4563 /* Special case the INIT and stale COOKIE_ECHO as there is no
4566 switch(chunk->chunk_hdr->type) {
4569 sctp_init_chunk_t *init;
4571 init = (sctp_init_chunk_t *)chunk->chunk_hdr;
4572 vtag = ntohl(init->init_hdr.init_tag);
4576 vtag = ntohl(chunk->sctp_hdr->vtag);
4581 /* Make a transport for the bucket, Eliza... */
4582 transport = sctp_transport_new(sctp_source(chunk), GFP_ATOMIC);
4586 /* Cache a route for the transport with the chunk's destination as
4587 * the source address.
4589 sctp_transport_route(transport, (union sctp_addr *)&chunk->dest,
4590 sctp_sk(sctp_get_ctl_sock()));
4592 packet = sctp_packet_init(&transport->packet, transport, sport, dport);
4593 packet = sctp_packet_config(packet, vtag, 0);
4601 /* Free the packet allocated earlier for responding in the OOTB condition. */
4602 void sctp_ootb_pkt_free(struct sctp_packet *packet)
4604 sctp_transport_free(packet->transport);
4607 /* Send a stale cookie error when a invalid COOKIE ECHO chunk is found */
4608 void sctp_send_stale_cookie_err(const struct sctp_endpoint *ep,
4609 const struct sctp_association *asoc,
4610 const struct sctp_chunk *chunk,
4611 sctp_cmd_seq_t *commands,
4612 struct sctp_chunk *err_chunk)
4614 struct sctp_packet *packet;
4617 packet = sctp_ootb_pkt_new(asoc, chunk);
4619 struct sctp_signed_cookie *cookie;
4621 /* Override the OOTB vtag from the cookie. */
4622 cookie = chunk->subh.cookie_hdr;
4623 packet->vtag = cookie->c.peer_vtag;
4625 /* Set the skb to the belonging sock for accounting. */
4626 err_chunk->skb->sk = ep->base.sk;
4627 sctp_packet_append_chunk(packet, err_chunk);
4628 sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
4629 SCTP_PACKET(packet));
4630 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
4632 sctp_chunk_free (err_chunk);
4637 /* Process a data chunk */
4638 int sctp_eat_data(const struct sctp_association *asoc,
4639 struct sctp_chunk *chunk,
4640 sctp_cmd_seq_t *commands)
4642 sctp_datahdr_t *data_hdr;
4643 struct sctp_chunk *err;
4645 sctp_verb_t deliver;
4649 data_hdr = chunk->subh.data_hdr = (sctp_datahdr_t *)chunk->skb->data;
4650 skb_pull(chunk->skb, sizeof(sctp_datahdr_t));
4652 tsn = ntohl(data_hdr->tsn);
4653 SCTP_DEBUG_PRINTK("eat_data: TSN 0x%x.\n", tsn);
4655 /* ASSERT: Now skb->data is really the user data. */
4657 /* Process ECN based congestion.
4659 * Since the chunk structure is reused for all chunks within
4660 * a packet, we use ecn_ce_done to track if we've already
4661 * done CE processing for this packet.
4663 * We need to do ECN processing even if we plan to discard the
4667 if (!chunk->ecn_ce_done) {
4669 chunk->ecn_ce_done = 1;
4671 af = sctp_get_af_specific(
4672 ipver2af(chunk->skb->nh.iph->version));
4674 if (af && af->is_ce(chunk->skb) && asoc->peer.ecn_capable) {
4675 /* Do real work as sideffect. */
4676 sctp_add_cmd_sf(commands, SCTP_CMD_ECN_CE,
4681 tmp = sctp_tsnmap_check(&asoc->peer.tsn_map, tsn);
4683 /* The TSN is too high--silently discard the chunk and
4684 * count on it getting retransmitted later.
4686 return SCTP_IERROR_HIGH_TSN;
4687 } else if (tmp > 0) {
4688 /* This is a duplicate. Record it. */
4689 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_DUP, SCTP_U32(tsn));
4690 return SCTP_IERROR_DUP_TSN;
4693 /* This is a new TSN. */
4695 /* Discard if there is no room in the receive window.
4696 * Actually, allow a little bit of overflow (up to a MTU).
4698 datalen = ntohs(chunk->chunk_hdr->length);
4699 datalen -= sizeof(sctp_data_chunk_t);
4701 deliver = SCTP_CMD_CHUNK_ULP;
4703 /* Think about partial delivery. */
4704 if ((datalen >= asoc->rwnd) && (!asoc->ulpq.pd_mode)) {
4706 /* Even if we don't accept this chunk there is
4709 sctp_add_cmd_sf(commands, SCTP_CMD_PART_DELIVER, SCTP_NULL());
4712 /* Spill over rwnd a little bit. Note: While allowed, this spill over
4713 * seems a bit troublesome in that frag_point varies based on
4714 * PMTU. In cases, such as loopback, this might be a rather
4717 if (!asoc->rwnd || asoc->rwnd_over ||
4718 (datalen > asoc->rwnd + asoc->frag_point)) {
4720 /* If this is the next TSN, consider reneging to make
4721 * room. Note: Playing nice with a confused sender. A
4722 * malicious sender can still eat up all our buffer
4723 * space and in the future we may want to detect and
4724 * do more drastic reneging.
4726 if (sctp_tsnmap_has_gap(&asoc->peer.tsn_map) &&
4727 (sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map) + 1) == tsn) {
4728 SCTP_DEBUG_PRINTK("Reneging for tsn:%u\n", tsn);
4729 deliver = SCTP_CMD_RENEGE;
4731 SCTP_DEBUG_PRINTK("Discard tsn: %u len: %Zd, "
4732 "rwnd: %d\n", tsn, datalen,
4734 return SCTP_IERROR_IGNORE_TSN;
4739 * Section 3.3.10.9 No User Data (9)
4743 * No User Data: This error cause is returned to the originator of a
4744 * DATA chunk if a received DATA chunk has no user data.
4746 if (unlikely(0 == datalen)) {
4747 err = sctp_make_abort_no_data(asoc, chunk, tsn);
4749 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
4752 /* We are going to ABORT, so we might as well stop
4753 * processing the rest of the chunks in the packet.
4755 sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL());
4756 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
4757 SCTP_U32(SCTP_ERROR_NO_DATA));
4758 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
4759 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
4760 return SCTP_IERROR_NO_DATA;
4763 /* If definately accepting the DATA chunk, record its TSN, otherwise
4764 * wait for renege processing.
4766 if (SCTP_CMD_CHUNK_ULP == deliver)
4767 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_TSN, SCTP_U32(tsn));
4769 /* Note: Some chunks may get overcounted (if we drop) or overcounted
4770 * if we renege and the chunk arrives again.
4772 if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED)
4773 SCTP_INC_STATS(SCTP_MIB_INUNORDERCHUNKS);
4775 SCTP_INC_STATS(SCTP_MIB_INORDERCHUNKS);
4777 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number
4779 * If an endpoint receive a DATA chunk with an invalid stream
4780 * identifier, it shall acknowledge the reception of the DATA chunk
4781 * following the normal procedure, immediately send an ERROR chunk
4782 * with cause set to "Invalid Stream Identifier" (See Section 3.3.10)
4783 * and discard the DATA chunk.
4785 if (ntohs(data_hdr->stream) >= asoc->c.sinit_max_instreams) {
4786 err = sctp_make_op_error(asoc, chunk, SCTP_ERROR_INV_STRM,
4788 sizeof(data_hdr->stream));
4790 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
4792 return SCTP_IERROR_BAD_STREAM;
4795 /* Send the data up to the user. Note: Schedule the
4796 * SCTP_CMD_CHUNK_ULP cmd before the SCTP_CMD_GEN_SACK, as the SACK
4797 * chunk needs the updated rwnd.
4799 sctp_add_cmd_sf(commands, deliver, SCTP_CHUNK(chunk));
4801 return SCTP_IERROR_NO_ERROR;