net: constify struct net_protocol
[linux-2.6.git] / net / sctp / endpointola.c
index 544b750..905fda5 100644 (file)
@@ -1,4 +1,4 @@
-/* SCTP kernel reference Implementation
+/* SCTP kernel implementation
  * Copyright (c) 1999-2000 Cisco, Inc.
  * Copyright (c) 1999-2001 Motorola, Inc.
  * Copyright (c) 2001-2002 International Business Machines, Corp.
@@ -6,21 +6,17 @@
  * Copyright (c) 2001 Nokia, Inc.
  * Copyright (c) 2001 La Monte H.P. Yarroll
  *
- * This file is part of the SCTP kernel reference Implementation
+ * This file is part of the SCTP kernel implementation
  *
  * This abstraction represents an SCTP endpoint.
  *
- * This file is part of the implementation of the add-IP extension,
- * based on <draft-ietf-tsvwg-addip-sctp-02.txt> June 29, 2001,
- * for the SCTP kernel reference Implementation.
- *
- * The SCTP reference implementation is free software;
+ * The SCTP implementation is free software;
  * you can redistribute it and/or modify it under the terms of
  * the GNU General Public License as published by
  * the Free Software Foundation; either version 2, or (at your option)
  * any later version.
  *
- * The SCTP reference implementation is distributed in the hope that it
+ * The SCTP implementation is distributed in the hope that it
  * will be useful, but WITHOUT ANY WARRANTY; without even the implied
  *                 ************************
  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
@@ -50,7 +46,6 @@
  */
 
 #include <linux/types.h>
-#include <linux/sched.h>
 #include <linux/slab.h>
 #include <linux/in.h>
 #include <linux/random.h>      /* get_random_bytes() */
 #include <net/sctp/sm.h>
 
 /* Forward declarations for internal helpers. */
-static void sctp_endpoint_bh_rcv(struct sctp_endpoint *ep);
+static void sctp_endpoint_bh_rcv(struct work_struct *work);
 
 /*
  * Initialize the base fields of the endpoint structure.
  */
 static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
-                                               struct sock *sk, int gfp)
+                                               struct sock *sk,
+                                               gfp_t gfp)
 {
-       struct sctp_sock *sp = sctp_sk(sk);
+       struct sctp_hmac_algo_param *auth_hmacs = NULL;
+       struct sctp_chunks_param *auth_chunks = NULL;
+       struct sctp_shared_key *null_key;
+       int err;
+
        memset(ep, 0, sizeof(struct sctp_endpoint));
 
+       ep->digest = kzalloc(SCTP_SIGNATURE_SIZE, gfp);
+       if (!ep->digest)
+               return NULL;
+
+       if (sctp_auth_enable) {
+               /* Allocate space for HMACS and CHUNKS authentication
+                * variables.  There are arrays that we encode directly
+                * into parameters to make the rest of the operations easier.
+                */
+               auth_hmacs = kzalloc(sizeof(sctp_hmac_algo_param_t) +
+                               sizeof(__u16) * SCTP_AUTH_NUM_HMACS, gfp);
+               if (!auth_hmacs)
+                       goto nomem;
+
+               auth_chunks = kzalloc(sizeof(sctp_chunks_param_t) +
+                                       SCTP_NUM_CHUNK_TYPES, gfp);
+               if (!auth_chunks)
+                       goto nomem;
+
+               /* Initialize the HMACS parameter.
+                * SCTP-AUTH: Section 3.3
+                *    Every endpoint supporting SCTP chunk authentication MUST
+                *    support the HMAC based on the SHA-1 algorithm.
+                */
+               auth_hmacs->param_hdr.type = SCTP_PARAM_HMAC_ALGO;
+               auth_hmacs->param_hdr.length =
+                                       htons(sizeof(sctp_paramhdr_t) + 2);
+               auth_hmacs->hmac_ids[0] = htons(SCTP_AUTH_HMAC_ID_SHA1);
+
+               /* Initialize the CHUNKS parameter */
+               auth_chunks->param_hdr.type = SCTP_PARAM_CHUNKS;
+               auth_chunks->param_hdr.length = htons(sizeof(sctp_paramhdr_t));
+
+               /* If the Add-IP functionality is enabled, we must
+                * authenticate, ASCONF and ASCONF-ACK chunks
+                */
+               if (sctp_addip_enable) {
+                       auth_chunks->chunks[0] = SCTP_CID_ASCONF;
+                       auth_chunks->chunks[1] = SCTP_CID_ASCONF_ACK;
+                       auth_chunks->param_hdr.length =
+                                       htons(sizeof(sctp_paramhdr_t) + 2);
+               }
+       }
+
        /* Initialize the base structure. */
        /* What type of endpoint are we?  */
        ep->base.type = SCTP_EP_TYPE_SOCKET;
@@ -85,12 +129,10 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
        sctp_inq_init(&ep->base.inqueue);
 
        /* Set its top-half handler */
-       sctp_inq_set_th_handler(&ep->base.inqueue,
-                               (void (*)(void *))sctp_endpoint_bh_rcv, ep);
+       sctp_inq_set_th_handler(&ep->base.inqueue, sctp_endpoint_bh_rcv);
 
        /* Initialize the bind addr area */
        sctp_bind_addr_init(&ep->base.bind_addr, 0);
-       rwlock_init(&ep->base.addr_lock);
 
        /* Remember who we are attached to.  */
        ep->base.sk = sk;
@@ -99,48 +141,56 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
        /* Create the lists of associations.  */
        INIT_LIST_HEAD(&ep->asocs);
 
-       /* Set up the base timeout information.  */
-       ep->timeouts[SCTP_EVENT_TIMEOUT_NONE] = 0;
-       ep->timeouts[SCTP_EVENT_TIMEOUT_T1_COOKIE] =
-               SCTP_DEFAULT_TIMEOUT_T1_COOKIE;
-       ep->timeouts[SCTP_EVENT_TIMEOUT_T1_INIT] =
-               SCTP_DEFAULT_TIMEOUT_T1_INIT;
-       ep->timeouts[SCTP_EVENT_TIMEOUT_T2_SHUTDOWN] =
-               msecs_to_jiffies(sp->rtoinfo.srto_initial);
-       ep->timeouts[SCTP_EVENT_TIMEOUT_T3_RTX] = 0;
-       ep->timeouts[SCTP_EVENT_TIMEOUT_T4_RTO] = 0;
-
-       /* sctpimpguide-05 Section 2.12.2
-        * If the 'T5-shutdown-guard' timer is used, it SHOULD be set to the
-        * recommended value of 5 times 'RTO.Max'.
-        */
-        ep->timeouts[SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD]
-               = 5 * msecs_to_jiffies(sp->rtoinfo.srto_max);
-
-       ep->timeouts[SCTP_EVENT_TIMEOUT_HEARTBEAT] =
-               SCTP_DEFAULT_TIMEOUT_HEARTBEAT;
-       ep->timeouts[SCTP_EVENT_TIMEOUT_SACK] =
-               SCTP_DEFAULT_TIMEOUT_SACK;
-       ep->timeouts[SCTP_EVENT_TIMEOUT_AUTOCLOSE] =
-               sp->autoclose * HZ;
-
        /* Use SCTP specific send buffer space queues.  */
+       ep->sndbuf_policy = sctp_sndbuf_policy;
+
        sk->sk_write_space = sctp_write_space;
        sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
 
+       /* Get the receive buffer policy for this endpoint */
+       ep->rcvbuf_policy = sctp_rcvbuf_policy;
+
        /* Initialize the secret key used with cookie. */
        get_random_bytes(&ep->secret_key[0], SCTP_SECRET_SIZE);
        ep->last_key = ep->current_key = 0;
        ep->key_changed_at = jiffies;
 
-       ep->debug_name = "unnamedEndpoint";
+       /* SCTP-AUTH extensions*/
+       INIT_LIST_HEAD(&ep->endpoint_shared_keys);
+       null_key = sctp_auth_shkey_create(0, GFP_KERNEL);
+       if (!null_key)
+               goto nomem;
+
+       list_add(&null_key->key_list, &ep->endpoint_shared_keys);
+
+       /* Allocate and initialize transorms arrays for suported HMACs. */
+       err = sctp_auth_init_hmacs(ep, gfp);
+       if (err)
+               goto nomem_hmacs;
+
+       /* Add the null key to the endpoint shared keys list and
+        * set the hmcas and chunks pointers.
+        */
+       ep->auth_hmacs_list = auth_hmacs;
+       ep->auth_chunk_list = auth_chunks;
+
        return ep;
+
+nomem_hmacs:
+       sctp_auth_destroy_keys(&ep->endpoint_shared_keys);
+nomem:
+       /* Free all allocations */
+       kfree(auth_hmacs);
+       kfree(auth_chunks);
+       kfree(ep->digest);
+       return NULL;
+
 }
 
 /* Create a sctp_endpoint with all that boring stuff initialized.
  * Returns NULL if there isn't enough memory.
  */
-struct sctp_endpoint *sctp_endpoint_new(struct sock *sk, int gfp)
+struct sctp_endpoint *sctp_endpoint_new(struct sock *sk, gfp_t gfp)
 {
        struct sctp_endpoint *ep;
 
@@ -166,6 +216,13 @@ void sctp_endpoint_add_asoc(struct sctp_endpoint *ep,
 {
        struct sock *sk = ep->base.sk;
 
+       /* If this is a temporary association, don't bother
+        * since we'll be removing it shortly and don't
+        * want anyone to find it anyway.
+        */
+       if (asoc->temp)
+               return;
+
        /* Now just add it to our list of asocs */
        list_add_tail(&asoc->asocs, &ep->asocs);
 
@@ -180,6 +237,12 @@ void sctp_endpoint_add_asoc(struct sctp_endpoint *ep,
 void sctp_endpoint_free(struct sctp_endpoint *ep)
 {
        ep->base.dead = 1;
+
+       ep->base.sk->sk_state = SCTP_SS_CLOSED;
+
+       /* Unlink this endpoint, so we can't find it again! */
+       sctp_unhash_endpoint(ep);
+
        sctp_endpoint_put(ep);
 }
 
@@ -188,14 +251,21 @@ static void sctp_endpoint_destroy(struct sctp_endpoint *ep)
 {
        SCTP_ASSERT(ep->base.dead, "Endpoint is not dead", return);
 
-       ep->base.sk->sk_state = SCTP_SS_CLOSED;
+       /* Free up the HMAC transform. */
+       crypto_free_hash(sctp_sk(ep->base.sk)->hmac);
 
-       /* Unlink this endpoint, so we can't find it again! */
-       sctp_unhash_endpoint(ep);
+       /* Free the digest buffer */
+       kfree(ep->digest);
 
-       /* Free up the HMAC transform. */
-       if (sctp_sk(ep->base.sk)->hmac)
-               sctp_crypto_free_tfm(sctp_sk(ep->base.sk)->hmac);
+       /* SCTP-AUTH: Free up AUTH releated data such as shared keys
+        * chunks and hmacs arrays that were allocated
+        */
+       sctp_auth_destroy_keys(&ep->endpoint_shared_keys);
+       kfree(ep->auth_hmacs_list);
+       kfree(ep->auth_chunk_list);
+
+       /* AUTH - Free any allocated HMAC transform containers */
+       sctp_auth_destroy_hmacs(ep->auth_hmacs);
 
        /* Cleanup. */
        sctp_inq_free(&ep->base.inqueue);
@@ -235,21 +305,14 @@ void sctp_endpoint_put(struct sctp_endpoint *ep)
 struct sctp_endpoint *sctp_endpoint_is_match(struct sctp_endpoint *ep,
                                               const union sctp_addr *laddr)
 {
-       struct sctp_endpoint *retval;
+       struct sctp_endpoint *retval = NULL;
 
-       sctp_read_lock(&ep->base.addr_lock);
-       if (ep->base.bind_addr.port == laddr->v4.sin_port) {
+       if (htons(ep->base.bind_addr.port) == laddr->v4.sin_port) {
                if (sctp_bind_addr_match(&ep->base.bind_addr, laddr,
-                                        sctp_sk(ep->base.sk))) {
+                                        sctp_sk(ep->base.sk)))
                        retval = ep;
-                       goto out;
-               }
        }
 
-       retval = NULL;
-
-out:
-       sctp_read_unlock(&ep->base.addr_lock);
        return retval;
 }
 
@@ -262,26 +325,35 @@ static struct sctp_association *__sctp_endpoint_lookup_assoc(
        const union sctp_addr *paddr,
        struct sctp_transport **transport)
 {
+       struct sctp_association *asoc = NULL;
+       struct sctp_transport *t = NULL;
+       struct sctp_hashbucket *head;
+       struct sctp_ep_common *epb;
+       struct hlist_node *node;
+       int hash;
        int rport;
-       struct sctp_association *asoc;
-       struct list_head *pos;
-
-       rport = paddr->v4.sin_port;
 
-       list_for_each(pos, &ep->asocs) {
-               asoc = list_entry(pos, struct sctp_association, asocs);
-               if (rport == asoc->peer.port) {
-                       sctp_read_lock(&asoc->base.addr_lock);
-                       *transport = sctp_assoc_lookup_paddr(asoc, paddr);
-                       sctp_read_unlock(&asoc->base.addr_lock);
-
-                       if (*transport)
-                               return asoc;
+       *transport = NULL;
+       rport = ntohs(paddr->v4.sin_port);
+
+       hash = sctp_assoc_hashfn(ep->base.bind_addr.port, rport);
+       head = &sctp_assoc_hashtable[hash];
+       read_lock(&head->lock);
+       sctp_for_each_hentry(epb, node, &head->chain) {
+               asoc = sctp_assoc(epb);
+               if (asoc->ep != ep || rport != asoc->peer.port)
+                       goto next;
+
+               t = sctp_assoc_lookup_paddr(asoc, paddr);
+               if (t) {
+                       *transport = t;
+                       break;
                }
+next:
+               asoc = NULL;
        }
-
-       *transport = NULL;
-       return NULL;
+       read_unlock(&head->lock);
+       return asoc;
 }
 
 /* Lookup association on an endpoint based on a peer address.  BH-safe.  */
@@ -305,20 +377,17 @@ struct sctp_association *sctp_endpoint_lookup_assoc(
 int sctp_endpoint_is_peeled_off(struct sctp_endpoint *ep,
                                const union sctp_addr *paddr)
 {
-       struct list_head *pos;
        struct sctp_sockaddr_entry *addr;
        struct sctp_bind_addr *bp;
 
-       sctp_read_lock(&ep->base.addr_lock);
        bp = &ep->base.bind_addr;
-       list_for_each(pos, &bp->address_list) {
-               addr = list_entry(pos, struct sctp_sockaddr_entry, list);
-               if (sctp_has_association(&addr->a, paddr)) {
-                       sctp_read_unlock(&ep->base.addr_lock);
+       /* This function is called with the socket lock held,
+        * so the address_list can not change.
+        */
+       list_for_each_entry(addr, &bp->address_list, list) {
+               if (sctp_has_association(&addr->a, paddr))
                        return 1;
-               }
        }
-       sctp_read_unlock(&ep->base.addr_lock);
 
        return 0;
 }
@@ -326,8 +395,11 @@ int sctp_endpoint_is_peeled_off(struct sctp_endpoint *ep,
 /* Do delayed input processing.  This is scheduled by sctp_rcv().
  * This may be called on BH or task time.
  */
-static void sctp_endpoint_bh_rcv(struct sctp_endpoint *ep)
+static void sctp_endpoint_bh_rcv(struct work_struct *work)
 {
+       struct sctp_endpoint *ep =
+               container_of(work, struct sctp_endpoint,
+                            base.inqueue.immediate);
        struct sctp_association *asoc;
        struct sock *sk;
        struct sctp_transport *transport;
@@ -336,6 +408,7 @@ static void sctp_endpoint_bh_rcv(struct sctp_endpoint *ep)
        sctp_subtype_t subtype;
        sctp_state_t state;
        int error = 0;
+       int first_time = 1;     /* is this the first time through the looop */
 
        if (ep->base.dead)
                return;
@@ -347,6 +420,29 @@ static void sctp_endpoint_bh_rcv(struct sctp_endpoint *ep)
        while (NULL != (chunk = sctp_inq_pop(inqueue))) {
                subtype = SCTP_ST_CHUNK(chunk->chunk_hdr->type);
 
+               /* If the first chunk in the packet is AUTH, do special
+                * processing specified in Section 6.3 of SCTP-AUTH spec
+                */
+               if (first_time && (subtype.chunk == SCTP_CID_AUTH)) {
+                       struct sctp_chunkhdr *next_hdr;
+
+                       next_hdr = sctp_inq_peek(inqueue);
+                       if (!next_hdr)
+                               goto normal;
+
+                       /* If the next chunk is COOKIE-ECHO, skip the AUTH
+                        * chunk while saving a pointer to it so we can do
+                        * Authentication later (during cookie-echo
+                        * processing).
+                        */
+                       if (next_hdr->type == SCTP_CID_COOKIE_ECHO) {
+                               chunk->auth_chunk = skb_clone(chunk->skb,
+                                                               GFP_ATOMIC);
+                               chunk->auth = 1;
+                               continue;
+                       }
+               }
+normal:
                /* We might have grown an association since last we
                 * looked, so try again.
                 *
@@ -362,6 +458,8 @@ static void sctp_endpoint_bh_rcv(struct sctp_endpoint *ep)
                }
 
                state = asoc ? asoc->state : SCTP_STATE_CLOSED;
+               if (sctp_auth_recv_cid(subtype.chunk, asoc) && !chunk->auth)
+                       continue;
 
                /* Remember where the last DATA chunk came from so we
                 * know where to send the SACK.
@@ -375,7 +473,7 @@ static void sctp_endpoint_bh_rcv(struct sctp_endpoint *ep)
                        chunk->transport->last_time_heard = jiffies;
 
                error = sctp_do_sm(SCTP_EVENT_T_CHUNK, subtype, state,
-                                   ep, asoc, chunk, GFP_ATOMIC);
+                                  ep, asoc, chunk, GFP_ATOMIC);
 
                if (error && chunk)
                        chunk->pdiscard = 1;
@@ -385,5 +483,8 @@ static void sctp_endpoint_bh_rcv(struct sctp_endpoint *ep)
                 */
                if (!sctp_sk(sk)->ep)
                        break;
+
+               if (first_time)
+                       first_time = 0;
        }
 }