1 /* SCTP kernel implementation
2  * (C) Copyright IBM Corp. 2001, 2004
3  * Copyright (c) 1999-2000 Cisco, Inc.
4  * Copyright (c) 1999-2001 Motorola, Inc.
5  * Copyright (c) 2001 Intel Corp.
6  * Copyright (c) 2001 Nokia, Inc.
7  * Copyright (c) 2001 La Monte H.P. Yarroll
8  *
9  * These functions manipulate an sctp event.   The struct ulpevent is used
10  * to carry notifications and data to the ULP (sockets).
11  *
12  * This SCTP implementation is free software;
13  * you can redistribute it and/or modify it under the terms of
14  * the GNU General Public License as published by
15  * the Free Software Foundation; either version 2, or (at your option)
16  * any later version.
17  *
18  * This SCTP implementation is distributed in the hope that it
19  * will be useful, but WITHOUT ANY WARRANTY; without even the implied
20  *                 ************************
21  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
22  * See the GNU General Public License for more details.
23  *
24  * You should have received a copy of the GNU General Public License
25  * along with GNU CC; see the file COPYING.  If not, see
26  * <http://www.gnu.org/licenses/>.
27  *
28  * Please send any bug reports or fixes you make to the
29  * email address(es):
30  *    lksctp developers <linux-sctp@vger.kernel.org>
31  *
32  * Written or modified by:
33  *    Jon Grimm             <jgrimm@us.ibm.com>
34  *    La Monte H.P. Yarroll <piggy@acm.org>
35  *    Ardelle Fan	    <ardelle.fan@intel.com>
36  *    Sridhar Samudrala     <sri@us.ibm.com>
37  */
38 
39 #include <linux/slab.h>
40 #include <linux/types.h>
41 #include <linux/skbuff.h>
42 #include <net/sctp/structs.h>
43 #include <net/sctp/sctp.h>
44 #include <net/sctp/sm.h>
45 
46 static void sctp_ulpevent_receive_data(struct sctp_ulpevent *event,
47 				       struct sctp_association *asoc);
48 static void sctp_ulpevent_release_data(struct sctp_ulpevent *event);
49 static void sctp_ulpevent_release_frag_data(struct sctp_ulpevent *event);
50 
51 
52 /* Initialize an ULP event from an given skb.  */
sctp_ulpevent_init(struct sctp_ulpevent * event,__u16 msg_flags,unsigned int len)53 static void sctp_ulpevent_init(struct sctp_ulpevent *event,
54 			       __u16 msg_flags,
55 			       unsigned int len)
56 {
57 	memset(event, 0, sizeof(struct sctp_ulpevent));
58 	event->msg_flags = msg_flags;
59 	event->rmem_len = len;
60 }
61 
62 /* Create a new sctp_ulpevent.  */
sctp_ulpevent_new(int size,__u16 msg_flags,gfp_t gfp)63 static struct sctp_ulpevent *sctp_ulpevent_new(int size, __u16 msg_flags,
64 					       gfp_t gfp)
65 {
66 	struct sctp_ulpevent *event;
67 	struct sk_buff *skb;
68 
69 	skb = alloc_skb(size, gfp);
70 	if (!skb)
71 		goto fail;
72 
73 	event = sctp_skb2event(skb);
74 	sctp_ulpevent_init(event, msg_flags, skb->truesize);
75 
76 	return event;
77 
78 fail:
79 	return NULL;
80 }
81 
82 /* Is this a MSG_NOTIFICATION?  */
sctp_ulpevent_is_notification(const struct sctp_ulpevent * event)83 int sctp_ulpevent_is_notification(const struct sctp_ulpevent *event)
84 {
85 	return MSG_NOTIFICATION == (event->msg_flags & MSG_NOTIFICATION);
86 }
87 
88 /* Hold the association in case the msg_name needs read out of
89  * the association.
90  */
sctp_ulpevent_set_owner(struct sctp_ulpevent * event,const struct sctp_association * asoc)91 static inline void sctp_ulpevent_set_owner(struct sctp_ulpevent *event,
92 					   const struct sctp_association *asoc)
93 {
94 	struct sctp_chunk *chunk = event->chunk;
95 	struct sk_buff *skb;
96 
97 	/* Cast away the const, as we are just wanting to
98 	 * bump the reference count.
99 	 */
100 	sctp_association_hold((struct sctp_association *)asoc);
101 	skb = sctp_event2skb(event);
102 	event->asoc = (struct sctp_association *)asoc;
103 	atomic_add(event->rmem_len, &event->asoc->rmem_alloc);
104 	sctp_skb_set_owner_r(skb, asoc->base.sk);
105 	if (chunk && chunk->head_skb && !chunk->head_skb->sk)
106 		chunk->head_skb->sk = asoc->base.sk;
107 }
108 
109 /* A simple destructor to give up the reference to the association. */
sctp_ulpevent_release_owner(struct sctp_ulpevent * event)110 static inline void sctp_ulpevent_release_owner(struct sctp_ulpevent *event)
111 {
112 	struct sctp_association *asoc = event->asoc;
113 
114 	atomic_sub(event->rmem_len, &asoc->rmem_alloc);
115 	sctp_association_put(asoc);
116 }
117 
118 /* Create and initialize an SCTP_ASSOC_CHANGE event.
119  *
120  * 5.3.1.1 SCTP_ASSOC_CHANGE
121  *
122  * Communication notifications inform the ULP that an SCTP association
123  * has either begun or ended. The identifier for a new association is
124  * provided by this notification.
125  *
126  * Note: There is no field checking here.  If a field is unused it will be
127  * zero'd out.
128  */
sctp_ulpevent_make_assoc_change(const struct sctp_association * asoc,__u16 flags,__u16 state,__u16 error,__u16 outbound,__u16 inbound,struct sctp_chunk * chunk,gfp_t gfp)129 struct sctp_ulpevent  *sctp_ulpevent_make_assoc_change(
130 	const struct sctp_association *asoc,
131 	__u16 flags, __u16 state, __u16 error, __u16 outbound,
132 	__u16 inbound, struct sctp_chunk *chunk, gfp_t gfp)
133 {
134 	struct sctp_ulpevent *event;
135 	struct sctp_assoc_change *sac;
136 	struct sk_buff *skb;
137 
138 	/* If the lower layer passed in the chunk, it will be
139 	 * an ABORT, so we need to include it in the sac_info.
140 	 */
141 	if (chunk) {
142 		/* Copy the chunk data to a new skb and reserve enough
143 		 * head room to use as notification.
144 		 */
145 		skb = skb_copy_expand(chunk->skb,
146 				      sizeof(struct sctp_assoc_change), 0, gfp);
147 
148 		if (!skb)
149 			goto fail;
150 
151 		/* Embed the event fields inside the cloned skb.  */
152 		event = sctp_skb2event(skb);
153 		sctp_ulpevent_init(event, MSG_NOTIFICATION, skb->truesize);
154 
155 		/* Include the notification structure */
156 		sac = skb_push(skb, sizeof(struct sctp_assoc_change));
157 
158 		/* Trim the buffer to the right length.  */
159 		skb_trim(skb, sizeof(struct sctp_assoc_change) +
160 			 ntohs(chunk->chunk_hdr->length) -
161 			 sizeof(struct sctp_chunkhdr));
162 	} else {
163 		event = sctp_ulpevent_new(sizeof(struct sctp_assoc_change),
164 				  MSG_NOTIFICATION, gfp);
165 		if (!event)
166 			goto fail;
167 
168 		skb = sctp_event2skb(event);
169 		sac = skb_put(skb, sizeof(struct sctp_assoc_change));
170 	}
171 
172 	/* Socket Extensions for SCTP
173 	 * 5.3.1.1 SCTP_ASSOC_CHANGE
174 	 *
175 	 * sac_type:
176 	 * It should be SCTP_ASSOC_CHANGE.
177 	 */
178 	sac->sac_type = SCTP_ASSOC_CHANGE;
179 
180 	/* Socket Extensions for SCTP
181 	 * 5.3.1.1 SCTP_ASSOC_CHANGE
182 	 *
183 	 * sac_state: 32 bits (signed integer)
184 	 * This field holds one of a number of values that communicate the
185 	 * event that happened to the association.
186 	 */
187 	sac->sac_state = state;
188 
189 	/* Socket Extensions for SCTP
190 	 * 5.3.1.1 SCTP_ASSOC_CHANGE
191 	 *
192 	 * sac_flags: 16 bits (unsigned integer)
193 	 * Currently unused.
194 	 */
195 	sac->sac_flags = 0;
196 
197 	/* Socket Extensions for SCTP
198 	 * 5.3.1.1 SCTP_ASSOC_CHANGE
199 	 *
200 	 * sac_length: sizeof (__u32)
201 	 * This field is the total length of the notification data, including
202 	 * the notification header.
203 	 */
204 	sac->sac_length = skb->len;
205 
206 	/* Socket Extensions for SCTP
207 	 * 5.3.1.1 SCTP_ASSOC_CHANGE
208 	 *
209 	 * sac_error:  32 bits (signed integer)
210 	 *
211 	 * If the state was reached due to a error condition (e.g.
212 	 * COMMUNICATION_LOST) any relevant error information is available in
213 	 * this field. This corresponds to the protocol error codes defined in
214 	 * [SCTP].
215 	 */
216 	sac->sac_error = error;
217 
218 	/* Socket Extensions for SCTP
219 	 * 5.3.1.1 SCTP_ASSOC_CHANGE
220 	 *
221 	 * sac_outbound_streams:  16 bits (unsigned integer)
222 	 * sac_inbound_streams:  16 bits (unsigned integer)
223 	 *
224 	 * The maximum number of streams allowed in each direction are
225 	 * available in sac_outbound_streams and sac_inbound streams.
226 	 */
227 	sac->sac_outbound_streams = outbound;
228 	sac->sac_inbound_streams = inbound;
229 
230 	/* Socket Extensions for SCTP
231 	 * 5.3.1.1 SCTP_ASSOC_CHANGE
232 	 *
233 	 * sac_assoc_id: sizeof (sctp_assoc_t)
234 	 *
235 	 * The association id field, holds the identifier for the association.
236 	 * All notifications for a given association have the same association
237 	 * identifier.  For TCP style socket, this field is ignored.
238 	 */
239 	sctp_ulpevent_set_owner(event, asoc);
240 	sac->sac_assoc_id = sctp_assoc2id(asoc);
241 
242 	return event;
243 
244 fail:
245 	return NULL;
246 }
247 
248 /* Create and initialize an SCTP_PEER_ADDR_CHANGE event.
249  *
250  * Socket Extensions for SCTP - draft-01
251  * 5.3.1.2 SCTP_PEER_ADDR_CHANGE
252  *
253  * When a destination address on a multi-homed peer encounters a change
254  * an interface details event is sent.
255  */
sctp_ulpevent_make_peer_addr_change(const struct sctp_association * asoc,const struct sockaddr_storage * aaddr,int flags,int state,int error,gfp_t gfp)256 struct sctp_ulpevent *sctp_ulpevent_make_peer_addr_change(
257 	const struct sctp_association *asoc,
258 	const struct sockaddr_storage *aaddr,
259 	int flags, int state, int error, gfp_t gfp)
260 {
261 	struct sctp_ulpevent *event;
262 	struct sctp_paddr_change  *spc;
263 	struct sk_buff *skb;
264 
265 	event = sctp_ulpevent_new(sizeof(struct sctp_paddr_change),
266 				  MSG_NOTIFICATION, gfp);
267 	if (!event)
268 		goto fail;
269 
270 	skb = sctp_event2skb(event);
271 	spc = skb_put(skb, sizeof(struct sctp_paddr_change));
272 
273 	/* Sockets API Extensions for SCTP
274 	 * Section 5.3.1.2 SCTP_PEER_ADDR_CHANGE
275 	 *
276 	 * spc_type:
277 	 *
278 	 *    It should be SCTP_PEER_ADDR_CHANGE.
279 	 */
280 	spc->spc_type = SCTP_PEER_ADDR_CHANGE;
281 
282 	/* Sockets API Extensions for SCTP
283 	 * Section 5.3.1.2 SCTP_PEER_ADDR_CHANGE
284 	 *
285 	 * spc_length: sizeof (__u32)
286 	 *
287 	 * This field is the total length of the notification data, including
288 	 * the notification header.
289 	 */
290 	spc->spc_length = sizeof(struct sctp_paddr_change);
291 
292 	/* Sockets API Extensions for SCTP
293 	 * Section 5.3.1.2 SCTP_PEER_ADDR_CHANGE
294 	 *
295 	 * spc_flags: 16 bits (unsigned integer)
296 	 * Currently unused.
297 	 */
298 	spc->spc_flags = 0;
299 
300 	/* Sockets API Extensions for SCTP
301 	 * Section 5.3.1.2 SCTP_PEER_ADDR_CHANGE
302 	 *
303 	 * spc_state:  32 bits (signed integer)
304 	 *
305 	 * This field holds one of a number of values that communicate the
306 	 * event that happened to the address.
307 	 */
308 	spc->spc_state = state;
309 
310 	/* Sockets API Extensions for SCTP
311 	 * Section 5.3.1.2 SCTP_PEER_ADDR_CHANGE
312 	 *
313 	 * spc_error:  32 bits (signed integer)
314 	 *
315 	 * If the state was reached due to any error condition (e.g.
316 	 * ADDRESS_UNREACHABLE) any relevant error information is available in
317 	 * this field.
318 	 */
319 	spc->spc_error = error;
320 
321 	/* Socket Extensions for SCTP
322 	 * 5.3.1.1 SCTP_ASSOC_CHANGE
323 	 *
324 	 * spc_assoc_id: sizeof (sctp_assoc_t)
325 	 *
326 	 * The association id field, holds the identifier for the association.
327 	 * All notifications for a given association have the same association
328 	 * identifier.  For TCP style socket, this field is ignored.
329 	 */
330 	sctp_ulpevent_set_owner(event, asoc);
331 	spc->spc_assoc_id = sctp_assoc2id(asoc);
332 
333 	/* Sockets API Extensions for SCTP
334 	 * Section 5.3.1.2 SCTP_PEER_ADDR_CHANGE
335 	 *
336 	 * spc_aaddr: sizeof (struct sockaddr_storage)
337 	 *
338 	 * The affected address field, holds the remote peer's address that is
339 	 * encountering the change of state.
340 	 */
341 	memcpy(&spc->spc_aaddr, aaddr, sizeof(struct sockaddr_storage));
342 
343 	/* Map ipv4 address into v4-mapped-on-v6 address.  */
344 	sctp_get_pf_specific(asoc->base.sk->sk_family)->addr_to_user(
345 					sctp_sk(asoc->base.sk),
346 					(union sctp_addr *)&spc->spc_aaddr);
347 
348 	return event;
349 
350 fail:
351 	return NULL;
352 }
353 
354 /* Create and initialize an SCTP_REMOTE_ERROR notification.
355  *
356  * Note: This assumes that the chunk->skb->data already points to the
357  * operation error payload.
358  *
359  * Socket Extensions for SCTP - draft-01
360  * 5.3.1.3 SCTP_REMOTE_ERROR
361  *
362  * A remote peer may send an Operational Error message to its peer.
363  * This message indicates a variety of error conditions on an
364  * association. The entire error TLV as it appears on the wire is
365  * included in a SCTP_REMOTE_ERROR event.  Please refer to the SCTP
366  * specification [SCTP] and any extensions for a list of possible
367  * error formats.
368  */
369 struct sctp_ulpevent *
sctp_ulpevent_make_remote_error(const struct sctp_association * asoc,struct sctp_chunk * chunk,__u16 flags,gfp_t gfp)370 sctp_ulpevent_make_remote_error(const struct sctp_association *asoc,
371 				struct sctp_chunk *chunk, __u16 flags,
372 				gfp_t gfp)
373 {
374 	struct sctp_remote_error *sre;
375 	struct sctp_ulpevent *event;
376 	struct sctp_errhdr *ch;
377 	struct sk_buff *skb;
378 	__be16 cause;
379 	int elen;
380 
381 	ch = (struct sctp_errhdr *)(chunk->skb->data);
382 	cause = ch->cause;
383 	elen = SCTP_PAD4(ntohs(ch->length)) - sizeof(*ch);
384 
385 	/* Pull off the ERROR header.  */
386 	skb_pull(chunk->skb, sizeof(*ch));
387 
388 	/* Copy the skb to a new skb with room for us to prepend
389 	 * notification with.
390 	 */
391 	skb = skb_copy_expand(chunk->skb, sizeof(*sre), 0, gfp);
392 
393 	/* Pull off the rest of the cause TLV from the chunk.  */
394 	skb_pull(chunk->skb, elen);
395 	if (!skb)
396 		goto fail;
397 
398 	/* Embed the event fields inside the cloned skb.  */
399 	event = sctp_skb2event(skb);
400 	sctp_ulpevent_init(event, MSG_NOTIFICATION, skb->truesize);
401 
402 	sre = skb_push(skb, sizeof(*sre));
403 
404 	/* Trim the buffer to the right length.  */
405 	skb_trim(skb, sizeof(*sre) + elen);
406 
407 	/* RFC6458, Section 6.1.3. SCTP_REMOTE_ERROR */
408 	memset(sre, 0, sizeof(*sre));
409 	sre->sre_type = SCTP_REMOTE_ERROR;
410 	sre->sre_flags = 0;
411 	sre->sre_length = skb->len;
412 	sre->sre_error = cause;
413 	sctp_ulpevent_set_owner(event, asoc);
414 	sre->sre_assoc_id = sctp_assoc2id(asoc);
415 
416 	return event;
417 fail:
418 	return NULL;
419 }
420 
421 /* Create and initialize a SCTP_SEND_FAILED notification.
422  *
423  * Socket Extensions for SCTP - draft-01
424  * 5.3.1.4 SCTP_SEND_FAILED
425  */
sctp_ulpevent_make_send_failed(const struct sctp_association * asoc,struct sctp_chunk * chunk,__u16 flags,__u32 error,gfp_t gfp)426 struct sctp_ulpevent *sctp_ulpevent_make_send_failed(
427 	const struct sctp_association *asoc, struct sctp_chunk *chunk,
428 	__u16 flags, __u32 error, gfp_t gfp)
429 {
430 	struct sctp_ulpevent *event;
431 	struct sctp_send_failed *ssf;
432 	struct sk_buff *skb;
433 
434 	/* Pull off any padding. */
435 	int len = ntohs(chunk->chunk_hdr->length);
436 
437 	/* Make skb with more room so we can prepend notification.  */
438 	skb = skb_copy_expand(chunk->skb,
439 			      sizeof(struct sctp_send_failed), /* headroom */
440 			      0,                               /* tailroom */
441 			      gfp);
442 	if (!skb)
443 		goto fail;
444 
445 	/* Pull off the common chunk header and DATA header.  */
446 	skb_pull(skb, sctp_datachk_len(&asoc->stream));
447 	len -= sctp_datachk_len(&asoc->stream);
448 
449 	/* Embed the event fields inside the cloned skb.  */
450 	event = sctp_skb2event(skb);
451 	sctp_ulpevent_init(event, MSG_NOTIFICATION, skb->truesize);
452 
453 	ssf = skb_push(skb, sizeof(struct sctp_send_failed));
454 
455 	/* Socket Extensions for SCTP
456 	 * 5.3.1.4 SCTP_SEND_FAILED
457 	 *
458 	 * ssf_type:
459 	 * It should be SCTP_SEND_FAILED.
460 	 */
461 	ssf->ssf_type = SCTP_SEND_FAILED;
462 
463 	/* Socket Extensions for SCTP
464 	 * 5.3.1.4 SCTP_SEND_FAILED
465 	 *
466 	 * ssf_flags: 16 bits (unsigned integer)
467 	 * The flag value will take one of the following values
468 	 *
469 	 * SCTP_DATA_UNSENT - Indicates that the data was never put on
470 	 *                    the wire.
471 	 *
472 	 * SCTP_DATA_SENT   - Indicates that the data was put on the wire.
473 	 *                    Note that this does not necessarily mean that the
474 	 *                    data was (or was not) successfully delivered.
475 	 */
476 	ssf->ssf_flags = flags;
477 
478 	/* Socket Extensions for SCTP
479 	 * 5.3.1.4 SCTP_SEND_FAILED
480 	 *
481 	 * ssf_length: sizeof (__u32)
482 	 * This field is the total length of the notification data, including
483 	 * the notification header.
484 	 */
485 	ssf->ssf_length = sizeof(struct sctp_send_failed) + len;
486 	skb_trim(skb, ssf->ssf_length);
487 
488 	/* Socket Extensions for SCTP
489 	 * 5.3.1.4 SCTP_SEND_FAILED
490 	 *
491 	 * ssf_error: 16 bits (unsigned integer)
492 	 * This value represents the reason why the send failed, and if set,
493 	 * will be a SCTP protocol error code as defined in [SCTP] section
494 	 * 3.3.10.
495 	 */
496 	ssf->ssf_error = error;
497 
498 	/* Socket Extensions for SCTP
499 	 * 5.3.1.4 SCTP_SEND_FAILED
500 	 *
501 	 * ssf_info: sizeof (struct sctp_sndrcvinfo)
502 	 * The original send information associated with the undelivered
503 	 * message.
504 	 */
505 	memcpy(&ssf->ssf_info, &chunk->sinfo, sizeof(struct sctp_sndrcvinfo));
506 
507 	/* Per TSVWG discussion with Randy. Allow the application to
508 	 * reassemble a fragmented message.
509 	 */
510 	ssf->ssf_info.sinfo_flags = chunk->chunk_hdr->flags;
511 
512 	/* Socket Extensions for SCTP
513 	 * 5.3.1.4 SCTP_SEND_FAILED
514 	 *
515 	 * ssf_assoc_id: sizeof (sctp_assoc_t)
516 	 * The association id field, sf_assoc_id, holds the identifier for the
517 	 * association.  All notifications for a given association have the
518 	 * same association identifier.  For TCP style socket, this field is
519 	 * ignored.
520 	 */
521 	sctp_ulpevent_set_owner(event, asoc);
522 	ssf->ssf_assoc_id = sctp_assoc2id(asoc);
523 	return event;
524 
525 fail:
526 	return NULL;
527 }
528 
529 /* Create and initialize a SCTP_SHUTDOWN_EVENT notification.
530  *
531  * Socket Extensions for SCTP - draft-01
532  * 5.3.1.5 SCTP_SHUTDOWN_EVENT
533  */
sctp_ulpevent_make_shutdown_event(const struct sctp_association * asoc,__u16 flags,gfp_t gfp)534 struct sctp_ulpevent *sctp_ulpevent_make_shutdown_event(
535 	const struct sctp_association *asoc,
536 	__u16 flags, gfp_t gfp)
537 {
538 	struct sctp_ulpevent *event;
539 	struct sctp_shutdown_event *sse;
540 	struct sk_buff *skb;
541 
542 	event = sctp_ulpevent_new(sizeof(struct sctp_shutdown_event),
543 				  MSG_NOTIFICATION, gfp);
544 	if (!event)
545 		goto fail;
546 
547 	skb = sctp_event2skb(event);
548 	sse = skb_put(skb, sizeof(struct sctp_shutdown_event));
549 
550 	/* Socket Extensions for SCTP
551 	 * 5.3.1.5 SCTP_SHUTDOWN_EVENT
552 	 *
553 	 * sse_type
554 	 * It should be SCTP_SHUTDOWN_EVENT
555 	 */
556 	sse->sse_type = SCTP_SHUTDOWN_EVENT;
557 
558 	/* Socket Extensions for SCTP
559 	 * 5.3.1.5 SCTP_SHUTDOWN_EVENT
560 	 *
561 	 * sse_flags: 16 bits (unsigned integer)
562 	 * Currently unused.
563 	 */
564 	sse->sse_flags = 0;
565 
566 	/* Socket Extensions for SCTP
567 	 * 5.3.1.5 SCTP_SHUTDOWN_EVENT
568 	 *
569 	 * sse_length: sizeof (__u32)
570 	 * This field is the total length of the notification data, including
571 	 * the notification header.
572 	 */
573 	sse->sse_length = sizeof(struct sctp_shutdown_event);
574 
575 	/* Socket Extensions for SCTP
576 	 * 5.3.1.5 SCTP_SHUTDOWN_EVENT
577 	 *
578 	 * sse_assoc_id: sizeof (sctp_assoc_t)
579 	 * The association id field, holds the identifier for the association.
580 	 * All notifications for a given association have the same association
581 	 * identifier.  For TCP style socket, this field is ignored.
582 	 */
583 	sctp_ulpevent_set_owner(event, asoc);
584 	sse->sse_assoc_id = sctp_assoc2id(asoc);
585 
586 	return event;
587 
588 fail:
589 	return NULL;
590 }
591 
592 /* Create and initialize a SCTP_ADAPTATION_INDICATION notification.
593  *
594  * Socket Extensions for SCTP
595  * 5.3.1.6 SCTP_ADAPTATION_INDICATION
596  */
sctp_ulpevent_make_adaptation_indication(const struct sctp_association * asoc,gfp_t gfp)597 struct sctp_ulpevent *sctp_ulpevent_make_adaptation_indication(
598 	const struct sctp_association *asoc, gfp_t gfp)
599 {
600 	struct sctp_ulpevent *event;
601 	struct sctp_adaptation_event *sai;
602 	struct sk_buff *skb;
603 
604 	event = sctp_ulpevent_new(sizeof(struct sctp_adaptation_event),
605 				  MSG_NOTIFICATION, gfp);
606 	if (!event)
607 		goto fail;
608 
609 	skb = sctp_event2skb(event);
610 	sai = skb_put(skb, sizeof(struct sctp_adaptation_event));
611 
612 	sai->sai_type = SCTP_ADAPTATION_INDICATION;
613 	sai->sai_flags = 0;
614 	sai->sai_length = sizeof(struct sctp_adaptation_event);
615 	sai->sai_adaptation_ind = asoc->peer.adaptation_ind;
616 	sctp_ulpevent_set_owner(event, asoc);
617 	sai->sai_assoc_id = sctp_assoc2id(asoc);
618 
619 	return event;
620 
621 fail:
622 	return NULL;
623 }
624 
625 /* A message has been received.  Package this message as a notification
626  * to pass it to the upper layers.  Go ahead and calculate the sndrcvinfo
627  * even if filtered out later.
628  *
629  * Socket Extensions for SCTP
630  * 5.2.2 SCTP Header Information Structure (SCTP_SNDRCV)
631  */
sctp_ulpevent_make_rcvmsg(struct sctp_association * asoc,struct sctp_chunk * chunk,gfp_t gfp)632 struct sctp_ulpevent *sctp_ulpevent_make_rcvmsg(struct sctp_association *asoc,
633 						struct sctp_chunk *chunk,
634 						gfp_t gfp)
635 {
636 	struct sctp_ulpevent *event = NULL;
637 	struct sk_buff *skb;
638 	size_t padding, len;
639 	int rx_count;
640 
641 	/*
642 	 * check to see if we need to make space for this
643 	 * new skb, expand the rcvbuffer if needed, or drop
644 	 * the frame
645 	 */
646 	if (asoc->ep->rcvbuf_policy)
647 		rx_count = atomic_read(&asoc->rmem_alloc);
648 	else
649 		rx_count = atomic_read(&asoc->base.sk->sk_rmem_alloc);
650 
651 	if (rx_count >= asoc->base.sk->sk_rcvbuf) {
652 
653 		if ((asoc->base.sk->sk_userlocks & SOCK_RCVBUF_LOCK) ||
654 		    (!sk_rmem_schedule(asoc->base.sk, chunk->skb,
655 				       chunk->skb->truesize)))
656 			goto fail;
657 	}
658 
659 	/* Clone the original skb, sharing the data.  */
660 	skb = skb_clone(chunk->skb, gfp);
661 	if (!skb)
662 		goto fail;
663 
664 	/* Now that all memory allocations for this chunk succeeded, we
665 	 * can mark it as received so the tsn_map is updated correctly.
666 	 */
667 	if (sctp_tsnmap_mark(&asoc->peer.tsn_map,
668 			     ntohl(chunk->subh.data_hdr->tsn),
669 			     chunk->transport))
670 		goto fail_mark;
671 
672 	/* First calculate the padding, so we don't inadvertently
673 	 * pass up the wrong length to the user.
674 	 *
675 	 * RFC 2960 - Section 3.2  Chunk Field Descriptions
676 	 *
677 	 * The total length of a chunk(including Type, Length and Value fields)
678 	 * MUST be a multiple of 4 bytes.  If the length of the chunk is not a
679 	 * multiple of 4 bytes, the sender MUST pad the chunk with all zero
680 	 * bytes and this padding is not included in the chunk length field.
681 	 * The sender should never pad with more than 3 bytes.  The receiver
682 	 * MUST ignore the padding bytes.
683 	 */
684 	len = ntohs(chunk->chunk_hdr->length);
685 	padding = SCTP_PAD4(len) - len;
686 
687 	/* Fixup cloned skb with just this chunks data.  */
688 	skb_trim(skb, chunk->chunk_end - padding - skb->data);
689 
690 	/* Embed the event fields inside the cloned skb.  */
691 	event = sctp_skb2event(skb);
692 
693 	/* Initialize event with flags 0  and correct length
694 	 * Since this is a clone of the original skb, only account for
695 	 * the data of this chunk as other chunks will be accounted separately.
696 	 */
697 	sctp_ulpevent_init(event, 0, skb->len + sizeof(struct sk_buff));
698 
699 	/* And hold the chunk as we need it for getting the IP headers
700 	 * later in recvmsg
701 	 */
702 	sctp_chunk_hold(chunk);
703 	event->chunk = chunk;
704 
705 	sctp_ulpevent_receive_data(event, asoc);
706 
707 	event->stream = ntohs(chunk->subh.data_hdr->stream);
708 	if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) {
709 		event->flags |= SCTP_UNORDERED;
710 		event->cumtsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map);
711 	}
712 	event->tsn = ntohl(chunk->subh.data_hdr->tsn);
713 	event->msg_flags |= chunk->chunk_hdr->flags;
714 
715 	return event;
716 
717 fail_mark:
718 	kfree_skb(skb);
719 fail:
720 	return NULL;
721 }
722 
723 /* Create a partial delivery related event.
724  *
725  * 5.3.1.7 SCTP_PARTIAL_DELIVERY_EVENT
726  *
727  *   When a receiver is engaged in a partial delivery of a
728  *   message this notification will be used to indicate
729  *   various events.
730  */
sctp_ulpevent_make_pdapi(const struct sctp_association * asoc,__u32 indication,__u32 sid,__u32 seq,__u32 flags,gfp_t gfp)731 struct sctp_ulpevent *sctp_ulpevent_make_pdapi(
732 					const struct sctp_association *asoc,
733 					__u32 indication, __u32 sid, __u32 seq,
734 					__u32 flags, gfp_t gfp)
735 {
736 	struct sctp_ulpevent *event;
737 	struct sctp_pdapi_event *pd;
738 	struct sk_buff *skb;
739 
740 	event = sctp_ulpevent_new(sizeof(struct sctp_pdapi_event),
741 				  MSG_NOTIFICATION, gfp);
742 	if (!event)
743 		goto fail;
744 
745 	skb = sctp_event2skb(event);
746 	pd = skb_put(skb, sizeof(struct sctp_pdapi_event));
747 
748 	/* pdapi_type
749 	 *   It should be SCTP_PARTIAL_DELIVERY_EVENT
750 	 *
751 	 * pdapi_flags: 16 bits (unsigned integer)
752 	 *   Currently unused.
753 	 */
754 	pd->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT;
755 	pd->pdapi_flags = flags;
756 	pd->pdapi_stream = sid;
757 	pd->pdapi_seq = seq;
758 
759 	/* pdapi_length: 32 bits (unsigned integer)
760 	 *
761 	 * This field is the total length of the notification data, including
762 	 * the notification header.  It will generally be sizeof (struct
763 	 * sctp_pdapi_event).
764 	 */
765 	pd->pdapi_length = sizeof(struct sctp_pdapi_event);
766 
767 	/*  pdapi_indication: 32 bits (unsigned integer)
768 	 *
769 	 * This field holds the indication being sent to the application.
770 	 */
771 	pd->pdapi_indication = indication;
772 
773 	/*  pdapi_assoc_id: sizeof (sctp_assoc_t)
774 	 *
775 	 * The association id field, holds the identifier for the association.
776 	 */
777 	sctp_ulpevent_set_owner(event, asoc);
778 	pd->pdapi_assoc_id = sctp_assoc2id(asoc);
779 
780 	return event;
781 fail:
782 	return NULL;
783 }
784 
sctp_ulpevent_make_authkey(const struct sctp_association * asoc,__u16 key_id,__u32 indication,gfp_t gfp)785 struct sctp_ulpevent *sctp_ulpevent_make_authkey(
786 	const struct sctp_association *asoc, __u16 key_id,
787 	__u32 indication, gfp_t gfp)
788 {
789 	struct sctp_ulpevent *event;
790 	struct sctp_authkey_event *ak;
791 	struct sk_buff *skb;
792 
793 	event = sctp_ulpevent_new(sizeof(struct sctp_authkey_event),
794 				  MSG_NOTIFICATION, gfp);
795 	if (!event)
796 		goto fail;
797 
798 	skb = sctp_event2skb(event);
799 	ak = skb_put(skb, sizeof(struct sctp_authkey_event));
800 
801 	ak->auth_type = SCTP_AUTHENTICATION_EVENT;
802 	ak->auth_flags = 0;
803 	ak->auth_length = sizeof(struct sctp_authkey_event);
804 
805 	ak->auth_keynumber = key_id;
806 	ak->auth_altkeynumber = 0;
807 	ak->auth_indication = indication;
808 
809 	/*
810 	 * The association id field, holds the identifier for the association.
811 	 */
812 	sctp_ulpevent_set_owner(event, asoc);
813 	ak->auth_assoc_id = sctp_assoc2id(asoc);
814 
815 	return event;
816 fail:
817 	return NULL;
818 }
819 
820 /*
821  * Socket Extensions for SCTP
822  * 6.3.10. SCTP_SENDER_DRY_EVENT
823  */
sctp_ulpevent_make_sender_dry_event(const struct sctp_association * asoc,gfp_t gfp)824 struct sctp_ulpevent *sctp_ulpevent_make_sender_dry_event(
825 	const struct sctp_association *asoc, gfp_t gfp)
826 {
827 	struct sctp_ulpevent *event;
828 	struct sctp_sender_dry_event *sdry;
829 	struct sk_buff *skb;
830 
831 	event = sctp_ulpevent_new(sizeof(struct sctp_sender_dry_event),
832 				  MSG_NOTIFICATION, gfp);
833 	if (!event)
834 		return NULL;
835 
836 	skb = sctp_event2skb(event);
837 	sdry = skb_put(skb, sizeof(struct sctp_sender_dry_event));
838 
839 	sdry->sender_dry_type = SCTP_SENDER_DRY_EVENT;
840 	sdry->sender_dry_flags = 0;
841 	sdry->sender_dry_length = sizeof(struct sctp_sender_dry_event);
842 	sctp_ulpevent_set_owner(event, asoc);
843 	sdry->sender_dry_assoc_id = sctp_assoc2id(asoc);
844 
845 	return event;
846 }
847 
sctp_ulpevent_make_stream_reset_event(const struct sctp_association * asoc,__u16 flags,__u16 stream_num,__be16 * stream_list,gfp_t gfp)848 struct sctp_ulpevent *sctp_ulpevent_make_stream_reset_event(
849 	const struct sctp_association *asoc, __u16 flags, __u16 stream_num,
850 	__be16 *stream_list, gfp_t gfp)
851 {
852 	struct sctp_stream_reset_event *sreset;
853 	struct sctp_ulpevent *event;
854 	struct sk_buff *skb;
855 	int length, i;
856 
857 	length = sizeof(struct sctp_stream_reset_event) + 2 * stream_num;
858 	event = sctp_ulpevent_new(length, MSG_NOTIFICATION, gfp);
859 	if (!event)
860 		return NULL;
861 
862 	skb = sctp_event2skb(event);
863 	sreset = skb_put(skb, length);
864 
865 	sreset->strreset_type = SCTP_STREAM_RESET_EVENT;
866 	sreset->strreset_flags = flags;
867 	sreset->strreset_length = length;
868 	sctp_ulpevent_set_owner(event, asoc);
869 	sreset->strreset_assoc_id = sctp_assoc2id(asoc);
870 
871 	for (i = 0; i < stream_num; i++)
872 		sreset->strreset_stream_list[i] = ntohs(stream_list[i]);
873 
874 	return event;
875 }
876 
sctp_ulpevent_make_assoc_reset_event(const struct sctp_association * asoc,__u16 flags,__u32 local_tsn,__u32 remote_tsn,gfp_t gfp)877 struct sctp_ulpevent *sctp_ulpevent_make_assoc_reset_event(
878 	const struct sctp_association *asoc, __u16 flags, __u32 local_tsn,
879 	__u32 remote_tsn, gfp_t gfp)
880 {
881 	struct sctp_assoc_reset_event *areset;
882 	struct sctp_ulpevent *event;
883 	struct sk_buff *skb;
884 
885 	event = sctp_ulpevent_new(sizeof(struct sctp_assoc_reset_event),
886 				  MSG_NOTIFICATION, gfp);
887 	if (!event)
888 		return NULL;
889 
890 	skb = sctp_event2skb(event);
891 	areset = skb_put(skb, sizeof(struct sctp_assoc_reset_event));
892 
893 	areset->assocreset_type = SCTP_ASSOC_RESET_EVENT;
894 	areset->assocreset_flags = flags;
895 	areset->assocreset_length = sizeof(struct sctp_assoc_reset_event);
896 	sctp_ulpevent_set_owner(event, asoc);
897 	areset->assocreset_assoc_id = sctp_assoc2id(asoc);
898 	areset->assocreset_local_tsn = local_tsn;
899 	areset->assocreset_remote_tsn = remote_tsn;
900 
901 	return event;
902 }
903 
sctp_ulpevent_make_stream_change_event(const struct sctp_association * asoc,__u16 flags,__u32 strchange_instrms,__u32 strchange_outstrms,gfp_t gfp)904 struct sctp_ulpevent *sctp_ulpevent_make_stream_change_event(
905 	const struct sctp_association *asoc, __u16 flags,
906 	__u32 strchange_instrms, __u32 strchange_outstrms, gfp_t gfp)
907 {
908 	struct sctp_stream_change_event *schange;
909 	struct sctp_ulpevent *event;
910 	struct sk_buff *skb;
911 
912 	event = sctp_ulpevent_new(sizeof(struct sctp_stream_change_event),
913 				  MSG_NOTIFICATION, gfp);
914 	if (!event)
915 		return NULL;
916 
917 	skb = sctp_event2skb(event);
918 	schange = skb_put(skb, sizeof(struct sctp_stream_change_event));
919 
920 	schange->strchange_type = SCTP_STREAM_CHANGE_EVENT;
921 	schange->strchange_flags = flags;
922 	schange->strchange_length = sizeof(struct sctp_stream_change_event);
923 	sctp_ulpevent_set_owner(event, asoc);
924 	schange->strchange_assoc_id = sctp_assoc2id(asoc);
925 	schange->strchange_instrms = strchange_instrms;
926 	schange->strchange_outstrms = strchange_outstrms;
927 
928 	return event;
929 }
930 
931 /* Return the notification type, assuming this is a notification
932  * event.
933  */
sctp_ulpevent_get_notification_type(const struct sctp_ulpevent * event)934 __u16 sctp_ulpevent_get_notification_type(const struct sctp_ulpevent *event)
935 {
936 	union sctp_notification *notification;
937 	struct sk_buff *skb;
938 
939 	skb = sctp_event2skb(event);
940 	notification = (union sctp_notification *) skb->data;
941 	return notification->sn_header.sn_type;
942 }
943 
944 /* RFC6458, Section 5.3.2. SCTP Header Information Structure
945  * (SCTP_SNDRCV, DEPRECATED)
946  */
sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent * event,struct msghdr * msghdr)947 void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event,
948 				   struct msghdr *msghdr)
949 {
950 	struct sctp_sndrcvinfo sinfo;
951 
952 	if (sctp_ulpevent_is_notification(event))
953 		return;
954 
955 	memset(&sinfo, 0, sizeof(sinfo));
956 	sinfo.sinfo_stream = event->stream;
957 	sinfo.sinfo_ssn = event->ssn;
958 	sinfo.sinfo_ppid = event->ppid;
959 	sinfo.sinfo_flags = event->flags;
960 	sinfo.sinfo_tsn = event->tsn;
961 	sinfo.sinfo_cumtsn = event->cumtsn;
962 	sinfo.sinfo_assoc_id = sctp_assoc2id(event->asoc);
963 	/* Context value that is set via SCTP_CONTEXT socket option. */
964 	sinfo.sinfo_context = event->asoc->default_rcv_context;
965 	/* These fields are not used while receiving. */
966 	sinfo.sinfo_timetolive = 0;
967 
968 	put_cmsg(msghdr, IPPROTO_SCTP, SCTP_SNDRCV,
969 		 sizeof(sinfo), &sinfo);
970 }
971 
972 /* RFC6458, Section 5.3.5 SCTP Receive Information Structure
973  * (SCTP_SNDRCV)
974  */
sctp_ulpevent_read_rcvinfo(const struct sctp_ulpevent * event,struct msghdr * msghdr)975 void sctp_ulpevent_read_rcvinfo(const struct sctp_ulpevent *event,
976 				struct msghdr *msghdr)
977 {
978 	struct sctp_rcvinfo rinfo;
979 
980 	if (sctp_ulpevent_is_notification(event))
981 		return;
982 
983 	memset(&rinfo, 0, sizeof(struct sctp_rcvinfo));
984 	rinfo.rcv_sid = event->stream;
985 	rinfo.rcv_ssn = event->ssn;
986 	rinfo.rcv_ppid = event->ppid;
987 	rinfo.rcv_flags = event->flags;
988 	rinfo.rcv_tsn = event->tsn;
989 	rinfo.rcv_cumtsn = event->cumtsn;
990 	rinfo.rcv_assoc_id = sctp_assoc2id(event->asoc);
991 	rinfo.rcv_context = event->asoc->default_rcv_context;
992 
993 	put_cmsg(msghdr, IPPROTO_SCTP, SCTP_RCVINFO,
994 		 sizeof(rinfo), &rinfo);
995 }
996 
997 /* RFC6458, Section 5.3.6. SCTP Next Receive Information Structure
998  * (SCTP_NXTINFO)
999  */
__sctp_ulpevent_read_nxtinfo(const struct sctp_ulpevent * event,struct msghdr * msghdr,const struct sk_buff * skb)1000 static void __sctp_ulpevent_read_nxtinfo(const struct sctp_ulpevent *event,
1001 					 struct msghdr *msghdr,
1002 					 const struct sk_buff *skb)
1003 {
1004 	struct sctp_nxtinfo nxtinfo;
1005 
1006 	memset(&nxtinfo, 0, sizeof(nxtinfo));
1007 	nxtinfo.nxt_sid = event->stream;
1008 	nxtinfo.nxt_ppid = event->ppid;
1009 	nxtinfo.nxt_flags = event->flags;
1010 	if (sctp_ulpevent_is_notification(event))
1011 		nxtinfo.nxt_flags |= SCTP_NOTIFICATION;
1012 	nxtinfo.nxt_length = skb->len;
1013 	nxtinfo.nxt_assoc_id = sctp_assoc2id(event->asoc);
1014 
1015 	put_cmsg(msghdr, IPPROTO_SCTP, SCTP_NXTINFO,
1016 		 sizeof(nxtinfo), &nxtinfo);
1017 }
1018 
sctp_ulpevent_read_nxtinfo(const struct sctp_ulpevent * event,struct msghdr * msghdr,struct sock * sk)1019 void sctp_ulpevent_read_nxtinfo(const struct sctp_ulpevent *event,
1020 				struct msghdr *msghdr,
1021 				struct sock *sk)
1022 {
1023 	struct sk_buff *skb;
1024 	int err;
1025 
1026 	skb = sctp_skb_recv_datagram(sk, MSG_PEEK, 1, &err);
1027 	if (skb != NULL) {
1028 		__sctp_ulpevent_read_nxtinfo(sctp_skb2event(skb),
1029 					     msghdr, skb);
1030 		/* Just release refcount here. */
1031 		kfree_skb(skb);
1032 	}
1033 }
1034 
1035 /* Do accounting for bytes received and hold a reference to the association
1036  * for each skb.
1037  */
sctp_ulpevent_receive_data(struct sctp_ulpevent * event,struct sctp_association * asoc)1038 static void sctp_ulpevent_receive_data(struct sctp_ulpevent *event,
1039 				       struct sctp_association *asoc)
1040 {
1041 	struct sk_buff *skb, *frag;
1042 
1043 	skb = sctp_event2skb(event);
1044 	/* Set the owner and charge rwnd for bytes received.  */
1045 	sctp_ulpevent_set_owner(event, asoc);
1046 	sctp_assoc_rwnd_decrease(asoc, skb_headlen(skb));
1047 
1048 	if (!skb->data_len)
1049 		return;
1050 
1051 	/* Note:  Not clearing the entire event struct as this is just a
1052 	 * fragment of the real event.  However, we still need to do rwnd
1053 	 * accounting.
1054 	 * In general, the skb passed from IP can have only 1 level of
1055 	 * fragments. But we allow multiple levels of fragments.
1056 	 */
1057 	skb_walk_frags(skb, frag)
1058 		sctp_ulpevent_receive_data(sctp_skb2event(frag), asoc);
1059 }
1060 
1061 /* Do accounting for bytes just read by user and release the references to
1062  * the association.
1063  */
sctp_ulpevent_release_data(struct sctp_ulpevent * event)1064 static void sctp_ulpevent_release_data(struct sctp_ulpevent *event)
1065 {
1066 	struct sk_buff *skb, *frag;
1067 	unsigned int	len;
1068 
1069 	/* Current stack structures assume that the rcv buffer is
1070 	 * per socket.   For UDP style sockets this is not true as
1071 	 * multiple associations may be on a single UDP-style socket.
1072 	 * Use the local private area of the skb to track the owning
1073 	 * association.
1074 	 */
1075 
1076 	skb = sctp_event2skb(event);
1077 	len = skb->len;
1078 
1079 	if (!skb->data_len)
1080 		goto done;
1081 
1082 	/* Don't forget the fragments. */
1083 	skb_walk_frags(skb, frag) {
1084 		/* NOTE:  skb_shinfos are recursive. Although IP returns
1085 		 * skb's with only 1 level of fragments, SCTP reassembly can
1086 		 * increase the levels.
1087 		 */
1088 		sctp_ulpevent_release_frag_data(sctp_skb2event(frag));
1089 	}
1090 
1091 done:
1092 	sctp_assoc_rwnd_increase(event->asoc, len);
1093 	sctp_chunk_put(event->chunk);
1094 	sctp_ulpevent_release_owner(event);
1095 }
1096 
sctp_ulpevent_release_frag_data(struct sctp_ulpevent * event)1097 static void sctp_ulpevent_release_frag_data(struct sctp_ulpevent *event)
1098 {
1099 	struct sk_buff *skb, *frag;
1100 
1101 	skb = sctp_event2skb(event);
1102 
1103 	if (!skb->data_len)
1104 		goto done;
1105 
1106 	/* Don't forget the fragments. */
1107 	skb_walk_frags(skb, frag) {
1108 		/* NOTE:  skb_shinfos are recursive. Although IP returns
1109 		 * skb's with only 1 level of fragments, SCTP reassembly can
1110 		 * increase the levels.
1111 		 */
1112 		sctp_ulpevent_release_frag_data(sctp_skb2event(frag));
1113 	}
1114 
1115 done:
1116 	sctp_chunk_put(event->chunk);
1117 	sctp_ulpevent_release_owner(event);
1118 }
1119 
1120 /* Free a ulpevent that has an owner.  It includes releasing the reference
1121  * to the owner, updating the rwnd in case of a DATA event and freeing the
1122  * skb.
1123  */
sctp_ulpevent_free(struct sctp_ulpevent * event)1124 void sctp_ulpevent_free(struct sctp_ulpevent *event)
1125 {
1126 	if (sctp_ulpevent_is_notification(event))
1127 		sctp_ulpevent_release_owner(event);
1128 	else
1129 		sctp_ulpevent_release_data(event);
1130 
1131 	kfree_skb(sctp_event2skb(event));
1132 }
1133 
1134 /* Purge the skb lists holding ulpevents. */
sctp_queue_purge_ulpevents(struct sk_buff_head * list)1135 unsigned int sctp_queue_purge_ulpevents(struct sk_buff_head *list)
1136 {
1137 	struct sk_buff *skb;
1138 	unsigned int data_unread = 0;
1139 
1140 	while ((skb = skb_dequeue(list)) != NULL) {
1141 		struct sctp_ulpevent *event = sctp_skb2event(skb);
1142 
1143 		if (!sctp_ulpevent_is_notification(event))
1144 			data_unread += skb->len;
1145 
1146 		sctp_ulpevent_free(event);
1147 	}
1148 
1149 	return data_unread;
1150 }
1151