net core: fix kernel-doc for new function parameters
[linux-2.6.git] / net / sctp / endpointola.c
index 4cca779..2d2d81e 100644 (file)
@@ -50,7 +50,6 @@
  */
 
 #include <linux/types.h>
-#include <linux/sched.h>
 #include <linux/slab.h>
 #include <linux/in.h>
 #include <linux/random.h>      /* get_random_bytes() */
@@ -61,7 +60,7 @@
 #include <net/sctp/sm.h>
 
 /* Forward declarations for internal helpers. */
-static void sctp_endpoint_bh_rcv(struct sctp_endpoint *ep);
+static void sctp_endpoint_bh_rcv(struct work_struct *work);
 
 /*
  * Initialize the base fields of the endpoint structure.
@@ -70,12 +69,56 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
                                                struct sock *sk,
                                                gfp_t gfp)
 {
+       struct sctp_hmac_algo_param *auth_hmacs = NULL;
+       struct sctp_chunks_param *auth_chunks = NULL;
+       struct sctp_shared_key *null_key;
+       int err;
+
        memset(ep, 0, sizeof(struct sctp_endpoint));
 
        ep->digest = kzalloc(SCTP_SIGNATURE_SIZE, gfp);
        if (!ep->digest)
                return NULL;
 
+       if (sctp_auth_enable) {
+               /* Allocate space for HMACS and CHUNKS authentication
+                * variables.  There are arrays that we encode directly
+                * into parameters to make the rest of the operations easier.
+                */
+               auth_hmacs = kzalloc(sizeof(sctp_hmac_algo_param_t) +
+                               sizeof(__u16) * SCTP_AUTH_NUM_HMACS, gfp);
+               if (!auth_hmacs)
+                       goto nomem;
+
+               auth_chunks = kzalloc(sizeof(sctp_chunks_param_t) +
+                                       SCTP_NUM_CHUNK_TYPES, gfp);
+               if (!auth_chunks)
+                       goto nomem;
+
+               /* Initialize the HMACS parameter.
+                * SCTP-AUTH: Section 3.3
+                *    Every endpoint supporting SCTP chunk authentication MUST
+                *    support the HMAC based on the SHA-1 algorithm.
+                */
+               auth_hmacs->param_hdr.type = SCTP_PARAM_HMAC_ALGO;
+               auth_hmacs->param_hdr.length =
+                                       htons(sizeof(sctp_paramhdr_t) + 2);
+               auth_hmacs->hmac_ids[0] = htons(SCTP_AUTH_HMAC_ID_SHA1);
+
+               /* Initialize the CHUNKS parameter */
+               auth_chunks->param_hdr.type = SCTP_PARAM_CHUNKS;
+
+               /* If the Add-IP functionality is enabled, we must
+                * authenticate, ASCONF and ASCONF-ACK chunks
+                */
+               if (sctp_addip_enable) {
+                       auth_chunks->chunks[0] = SCTP_CID_ASCONF;
+                       auth_chunks->chunks[1] = SCTP_CID_ASCONF_ACK;
+                       auth_chunks->param_hdr.length =
+                                       htons(sizeof(sctp_paramhdr_t) + 2);
+               }
+       }
+
        /* Initialize the base structure. */
        /* What type of endpoint are we?  */
        ep->base.type = SCTP_EP_TYPE_SOCKET;
@@ -89,12 +132,10 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
        sctp_inq_init(&ep->base.inqueue);
 
        /* Set its top-half handler */
-       sctp_inq_set_th_handler(&ep->base.inqueue,
-                               (void (*)(void *))sctp_endpoint_bh_rcv, ep);
+       sctp_inq_set_th_handler(&ep->base.inqueue, sctp_endpoint_bh_rcv);
 
        /* Initialize the bind addr area */
        sctp_bind_addr_init(&ep->base.bind_addr, 0);
-       rwlock_init(&ep->base.addr_lock);
 
        /* Remember who we are attached to.  */
        ep->base.sk = sk;
@@ -105,6 +146,7 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
 
        /* Use SCTP specific send buffer space queues.  */
        ep->sndbuf_policy = sctp_sndbuf_policy;
+
        sk->sk_write_space = sctp_write_space;
        sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
 
@@ -116,7 +158,36 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
        ep->last_key = ep->current_key = 0;
        ep->key_changed_at = jiffies;
 
+       /* SCTP-AUTH extensions*/
+       INIT_LIST_HEAD(&ep->endpoint_shared_keys);
+       null_key = sctp_auth_shkey_create(0, GFP_KERNEL);
+       if (!null_key)
+               goto nomem;
+
+       list_add(&null_key->key_list, &ep->endpoint_shared_keys);
+
+       /* Allocate and initialize transorms arrays for suported HMACs. */
+       err = sctp_auth_init_hmacs(ep, gfp);
+       if (err)
+               goto nomem_hmacs;
+
+       /* Add the null key to the endpoint shared keys list and
+        * set the hmcas and chunks pointers.
+        */
+       ep->auth_hmacs_list = auth_hmacs;
+       ep->auth_chunk_list = auth_chunks;
+
        return ep;
+
+nomem_hmacs:
+       sctp_auth_destroy_keys(&ep->endpoint_shared_keys);
+nomem:
+       /* Free all allocations */
+       kfree(auth_hmacs);
+       kfree(auth_chunks);
+       kfree(ep->digest);
+       return NULL;
+
 }
 
 /* Create a sctp_endpoint with all that boring stuff initialized.
@@ -189,6 +260,16 @@ static void sctp_endpoint_destroy(struct sctp_endpoint *ep)
        /* Free the digest buffer */
        kfree(ep->digest);
 
+       /* SCTP-AUTH: Free up AUTH releated data such as shared keys
+        * chunks and hmacs arrays that were allocated
+        */
+       sctp_auth_destroy_keys(&ep->endpoint_shared_keys);
+       kfree(ep->auth_hmacs_list);
+       kfree(ep->auth_chunk_list);
+
+       /* AUTH - Free any allocated HMAC transform containers */
+       sctp_auth_destroy_hmacs(ep->auth_hmacs);
+
        /* Cleanup. */
        sctp_inq_free(&ep->base.inqueue);
        sctp_bind_addr_free(&ep->base.bind_addr);
@@ -227,21 +308,14 @@ void sctp_endpoint_put(struct sctp_endpoint *ep)
 struct sctp_endpoint *sctp_endpoint_is_match(struct sctp_endpoint *ep,
                                               const union sctp_addr *laddr)
 {
-       struct sctp_endpoint *retval;
+       struct sctp_endpoint *retval = NULL;
 
-       sctp_read_lock(&ep->base.addr_lock);
        if (htons(ep->base.bind_addr.port) == laddr->v4.sin_port) {
                if (sctp_bind_addr_match(&ep->base.bind_addr, laddr,
-                                        sctp_sk(ep->base.sk))) {
+                                        sctp_sk(ep->base.sk)))
                        retval = ep;
-                       goto out;
-               }
        }
 
-       retval = NULL;
-
-out:
-       sctp_read_unlock(&ep->base.addr_lock);
        return retval;
 }
 
@@ -263,9 +337,7 @@ static struct sctp_association *__sctp_endpoint_lookup_assoc(
        list_for_each(pos, &ep->asocs) {
                asoc = list_entry(pos, struct sctp_association, asocs);
                if (rport == asoc->peer.port) {
-                       sctp_read_lock(&asoc->base.addr_lock);
                        *transport = sctp_assoc_lookup_paddr(asoc, paddr);
-                       sctp_read_unlock(&asoc->base.addr_lock);
 
                        if (*transport)
                                return asoc;
@@ -297,20 +369,17 @@ struct sctp_association *sctp_endpoint_lookup_assoc(
 int sctp_endpoint_is_peeled_off(struct sctp_endpoint *ep,
                                const union sctp_addr *paddr)
 {
-       struct list_head *pos;
        struct sctp_sockaddr_entry *addr;
        struct sctp_bind_addr *bp;
 
-       sctp_read_lock(&ep->base.addr_lock);
        bp = &ep->base.bind_addr;
-       list_for_each(pos, &bp->address_list) {
-               addr = list_entry(pos, struct sctp_sockaddr_entry, list);
-               if (sctp_has_association(&addr->a, paddr)) {
-                       sctp_read_unlock(&ep->base.addr_lock);
+       /* This function is called with the socket lock held,
+        * so the address_list can not change.
+        */
+       list_for_each_entry(addr, &bp->address_list, list) {
+               if (sctp_has_association(&addr->a, paddr))
                        return 1;
-               }
        }
-       sctp_read_unlock(&ep->base.addr_lock);
 
        return 0;
 }
@@ -318,8 +387,11 @@ int sctp_endpoint_is_peeled_off(struct sctp_endpoint *ep,
 /* Do delayed input processing.  This is scheduled by sctp_rcv().
  * This may be called on BH or task time.
  */
-static void sctp_endpoint_bh_rcv(struct sctp_endpoint *ep)
+static void sctp_endpoint_bh_rcv(struct work_struct *work)
 {
+       struct sctp_endpoint *ep =
+               container_of(work, struct sctp_endpoint,
+                            base.inqueue.immediate);
        struct sctp_association *asoc;
        struct sock *sk;
        struct sctp_transport *transport;
@@ -328,6 +400,7 @@ static void sctp_endpoint_bh_rcv(struct sctp_endpoint *ep)
        sctp_subtype_t subtype;
        sctp_state_t state;
        int error = 0;
+       int first_time = 1;     /* is this the first time through the looop */
 
        if (ep->base.dead)
                return;
@@ -339,6 +412,29 @@ static void sctp_endpoint_bh_rcv(struct sctp_endpoint *ep)
        while (NULL != (chunk = sctp_inq_pop(inqueue))) {
                subtype = SCTP_ST_CHUNK(chunk->chunk_hdr->type);
 
+               /* If the first chunk in the packet is AUTH, do special
+                * processing specified in Section 6.3 of SCTP-AUTH spec
+                */
+               if (first_time && (subtype.chunk == SCTP_CID_AUTH)) {
+                       struct sctp_chunkhdr *next_hdr;
+
+                       next_hdr = sctp_inq_peek(inqueue);
+                       if (!next_hdr)
+                               goto normal;
+
+                       /* If the next chunk is COOKIE-ECHO, skip the AUTH
+                        * chunk while saving a pointer to it so we can do
+                        * Authentication later (during cookie-echo
+                        * processing).
+                        */
+                       if (next_hdr->type == SCTP_CID_COOKIE_ECHO) {
+                               chunk->auth_chunk = skb_clone(chunk->skb,
+                                                               GFP_ATOMIC);
+                               chunk->auth = 1;
+                               continue;
+                       }
+               }
+normal:
                /* We might have grown an association since last we
                 * looked, so try again.
                 *
@@ -346,16 +442,16 @@ static void sctp_endpoint_bh_rcv(struct sctp_endpoint *ep)
                 * COOKIE-ECHO chunk.
                 */
                if (NULL == chunk->asoc) {
-                       union sctp_addr tmp;
-                       flip_to_n(&tmp, sctp_source(chunk));
                        asoc = sctp_endpoint_lookup_assoc(ep,
-                                                         &tmp,
+                                                         sctp_source(chunk),
                                                          &transport);
                        chunk->asoc = asoc;
                        chunk->transport = transport;
                }
 
                state = asoc ? asoc->state : SCTP_STATE_CLOSED;
+               if (sctp_auth_recv_cid(subtype.chunk, asoc) && !chunk->auth)
+                       continue;
 
                /* Remember where the last DATA chunk came from so we
                 * know where to send the SACK.
@@ -369,7 +465,7 @@ static void sctp_endpoint_bh_rcv(struct sctp_endpoint *ep)
                        chunk->transport->last_time_heard = jiffies;
 
                error = sctp_do_sm(SCTP_EVENT_T_CHUNK, subtype, state,
-                                   ep, asoc, chunk, GFP_ATOMIC);
+                                  ep, asoc, chunk, GFP_ATOMIC);
 
                if (error && chunk)
                        chunk->pdiscard = 1;
@@ -379,5 +475,8 @@ static void sctp_endpoint_bh_rcv(struct sctp_endpoint *ep)
                 */
                if (!sctp_sk(sk)->ep)
                        break;
+
+               if (first_time)
+                       first_time = 0;
        }
 }