SUNRPC: don't map EKEYEXPIRED to EACCES in call_refreshresult
[linux-3.10.git] / net / sctp / sm_make_chunk.c
index fa2ba54..cf579e7 100644 (file)
@@ -1,22 +1,22 @@
-/* SCTP kernel reference Implementation
+/* SCTP kernel implementation
  * (C) Copyright IBM Corp. 2001, 2004
  * Copyright (c) 1999-2000 Cisco, Inc.
  * Copyright (c) 1999-2001 Motorola, Inc.
  * Copyright (c) 2001-2002 Intel Corp.
  *
- * This file is part of the SCTP kernel reference Implementation
+ * This file is part of the SCTP kernel implementation
  *
  * These functions work with the state functions in sctp_sm_statefuns.c
  * to implement the state operations.  These functions implement the
  * steps which require modifying existing data structures.
  *
- * The SCTP reference implementation is free software;
+ * This SCTP implementation is free software;
  * you can redistribute it and/or modify it under the terms of
  * the GNU General Public License as published by
  * the Free Software Foundation; either version 2, or (at your option)
  * any later version.
  *
- * The SCTP reference implementation is distributed in the hope that it
+ * This SCTP implementation is distributed in the hope that it
  * will be useful, but WITHOUT ANY WARRANTY; without even the implied
  *                 ************************
  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  * be incorporated into the next SCTP release.
  */
 
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
 #include <linux/types.h>
 #include <linux/kernel.h>
 #include <linux/ip.h>
 #include <linux/ipv6.h>
 #include <linux/net.h>
 #include <linux/inet.h>
-#include <asm/scatterlist.h>
+#include <linux/scatterlist.h>
 #include <linux/crypto.h>
+#include <linux/slab.h>
 #include <net/sock.h>
 
 #include <linux/skbuff.h>
@@ -77,6 +80,8 @@ static int sctp_process_param(struct sctp_association *asoc,
                              union sctp_params param,
                              const union sctp_addr *peer_addr,
                              gfp_t gfp);
+static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
+                             const void *data);
 
 /* What was the inbound interface for this chunk? */
 int sctp_chunk_iif(const struct sctp_chunk *chunk)
@@ -98,14 +103,14 @@ int sctp_chunk_iif(const struct sctp_chunk *chunk)
  */
 static const struct sctp_paramhdr ecap_param = {
        SCTP_PARAM_ECN_CAPABLE,
-       __constant_htons(sizeof(struct sctp_paramhdr)),
+       cpu_to_be16(sizeof(struct sctp_paramhdr)),
 };
 static const struct sctp_paramhdr prsctp_param = {
        SCTP_PARAM_FWD_TSN_SUPPORT,
-       __constant_htons(sizeof(struct sctp_paramhdr)),
+       cpu_to_be16(sizeof(struct sctp_paramhdr)),
 };
 
-/* A helper to initialize to initialize an op error inside a
+/* A helper to initialize an op error inside a
  * provided chunk, as most cause codes will be embedded inside an
  * abort chunk.
  */
@@ -122,6 +127,29 @@ void  sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code,
        chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err);
 }
 
+/* A helper to initialize an op error inside a
+ * provided chunk, as most cause codes will be embedded inside an
+ * abort chunk.  Differs from sctp_init_cause in that it won't oops
+ * if there isn't enough space in the op error chunk
+ */
+static int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code,
+                     size_t paylen)
+{
+       sctp_errhdr_t err;
+       __u16 len;
+
+       /* Cause code constants are now defined in network order.  */
+       err.cause = cause_code;
+       len = sizeof(sctp_errhdr_t) + paylen;
+       err.length  = htons(len);
+
+       if (skb_tailroom(chunk->skb) < len)
+               return -ENOSPC;
+       chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk,
+                                                    sizeof(sctp_errhdr_t),
+                                                    &err);
+       return 0;
+}
 /* 3.3.2 Initiation (INIT) (1)
  *
  * This chunk is used to initiate a SCTP association between two
@@ -170,6 +198,7 @@ struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
                             const struct sctp_bind_addr *bp,
                             gfp_t gfp, int vparam_len)
 {
+       struct net *net = sock_net(asoc->base.sk);
        sctp_inithdr_t init;
        union sctp_params addrs;
        size_t chunksize;
@@ -205,45 +234,47 @@ struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
        sp = sctp_sk(asoc->base.sk);
        num_types = sp->pf->supported_addrs(sp, types);
 
-       chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types);
+       chunksize = sizeof(init) + addrs_len;
+       chunksize += WORD_ROUND(SCTP_SAT_LEN(num_types));
        chunksize += sizeof(ecap_param);
-       if (sctp_prsctp_enable) {
+
+       if (net->sctp.prsctp_enable)
                chunksize += sizeof(prsctp_param);
-               extensions[num_ext] = SCTP_CID_FWD_TSN;
-               num_ext += 1;
-       }
+
        /* ADDIP: Section 4.2.7:
         *  An implementation supporting this extension [ADDIP] MUST list
         *  the ASCONF,the ASCONF-ACK, and the AUTH  chunks in its INIT and
         *  INIT-ACK parameters.
         */
-       if (sctp_addip_enable) {
+       if (net->sctp.addip_enable) {
                extensions[num_ext] = SCTP_CID_ASCONF;
                extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
                num_ext += 2;
        }
 
-       chunksize += sizeof(aiparam);
+       if (sp->adaptation_ind)
+               chunksize += sizeof(aiparam);
+
        chunksize += vparam_len;
 
        /* Account for AUTH related parameters */
-       if (sctp_auth_enable) {
+       if (net->sctp.auth_enable) {
                /* Add random parameter length*/
                chunksize += sizeof(asoc->c.auth_random);
 
                /* Add HMACS parameter length if any were defined */
                auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs;
                if (auth_hmacs->length)
-                       chunksize += ntohs(auth_hmacs->length);
+                       chunksize += WORD_ROUND(ntohs(auth_hmacs->length));
                else
                        auth_hmacs = NULL;
 
                /* Add CHUNKS parameter length */
                auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks;
                if (auth_chunks->length)
-                       chunksize += ntohs(auth_chunks->length);
+                       chunksize += WORD_ROUND(ntohs(auth_chunks->length));
                else
-                       auth_hmacs = NULL;
+                       auth_chunks = NULL;
 
                extensions[num_ext] = SCTP_CID_AUTH;
                num_ext += 1;
@@ -251,7 +282,8 @@ struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
 
        /* If we have any extensions to report, account for that */
        if (num_ext)
-               chunksize += sizeof(sctp_supported_ext_param_t) + num_ext;
+               chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) +
+                                       num_ext);
 
        /* RFC 2960 3.3.2 Initiation (INIT) (1)
         *
@@ -288,7 +320,7 @@ struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
 
        sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
 
-       /* Add the supported extensions paramter.  Be nice and add this
+       /* Add the supported extensions parameter.  Be nice and add this
         * fist before addiding the parameters for the extensions themselves
         */
        if (num_ext) {
@@ -297,19 +329,21 @@ struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
                            htons(sizeof(sctp_supported_ext_param_t) + num_ext);
                sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t),
                                &ext_param);
-               sctp_addto_chunk(retval, num_ext, extensions);
+               sctp_addto_param(retval, num_ext, extensions);
        }
 
-       if (sctp_prsctp_enable)
+       if (net->sctp.prsctp_enable)
                sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
 
-       aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
-       aiparam.param_hdr.length = htons(sizeof(aiparam));
-       aiparam.adaptation_ind = htonl(sp->adaptation_ind);
-       sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
+       if (sp->adaptation_ind) {
+               aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
+               aiparam.param_hdr.length = htons(sizeof(aiparam));
+               aiparam.adaptation_ind = htonl(sp->adaptation_ind);
+               sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
+       }
 
        /* Add SCTP-AUTH chunks to the parameter list */
-       if (sctp_auth_enable) {
+       if (net->sctp.auth_enable) {
                sctp_addto_chunk(retval, sizeof(asoc->c.auth_random),
                                 asoc->c.auth_random);
                if (auth_hmacs)
@@ -331,6 +365,7 @@ struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
        sctp_inithdr_t initack;
        struct sctp_chunk *retval;
        union sctp_params addrs;
+       struct sctp_sock *sp;
        int addrs_len;
        sctp_cookie_param_t *cookie;
        int cookie_len;
@@ -365,27 +400,24 @@ struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
        /* Calculate the total size of allocation, include the reserved
         * space for reporting unknown parameters if it is specified.
         */
+       sp = sctp_sk(asoc->base.sk);
        chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len;
 
        /* Tell peer that we'll do ECN only if peer advertised such cap.  */
        if (asoc->peer.ecn_capable)
                chunksize += sizeof(ecap_param);
 
-       /* Tell peer that we'll do PR-SCTP only if peer advertised.  */
-       if (asoc->peer.prsctp_capable) {
+       if (asoc->peer.prsctp_capable)
                chunksize += sizeof(prsctp_param);
-               extensions[num_ext] = SCTP_CID_FWD_TSN;
-               num_ext += 1;
-       }
 
-       if (sctp_addip_enable) {
+       if (asoc->peer.asconf_capable) {
                extensions[num_ext] = SCTP_CID_ASCONF;
                extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
                num_ext += 2;
        }
 
-       chunksize += sizeof(ext_param) + num_ext;
-       chunksize += sizeof(aiparam);
+       if (sp->adaptation_ind)
+               chunksize += sizeof(aiparam);
 
        if (asoc->peer.auth_capable) {
                auth_random = (sctp_paramhdr_t *)asoc->c.auth_random;
@@ -393,13 +425,13 @@ struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
 
                auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs;
                if (auth_hmacs->length)
-                       chunksize += ntohs(auth_hmacs->length);
+                       chunksize += WORD_ROUND(ntohs(auth_hmacs->length));
                else
                        auth_hmacs = NULL;
 
                auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks;
                if (auth_chunks->length)
-                       chunksize += ntohs(auth_chunks->length);
+                       chunksize += WORD_ROUND(ntohs(auth_chunks->length));
                else
                        auth_chunks = NULL;
 
@@ -407,15 +439,26 @@ struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
                num_ext += 1;
        }
 
+       if (num_ext)
+               chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) +
+                                       num_ext);
+
        /* Now allocate and fill out the chunk.  */
        retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize);
        if (!retval)
                goto nomem_chunk;
 
-       /* Per the advice in RFC 2960 6.4, send this reply to
-        * the source of the INIT packet.
+       /* RFC 2960 6.4 Multi-homed SCTP Endpoints
+        *
+        * An endpoint SHOULD transmit reply chunks (e.g., SACK,
+        * HEARTBEAT ACK, * etc.) to the same destination transport
+        * address from which it received the DATA or control chunk
+        * to which it is replying.
+        *
+        * [INIT ACK back to where the INIT came from.]
         */
        retval->transport = chunk->transport;
+
        retval->subh.init_hdr =
                sctp_addto_chunk(retval, sizeof(initack), &initack);
        retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v);
@@ -428,15 +471,17 @@ struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
                            htons(sizeof(sctp_supported_ext_param_t) + num_ext);
                sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t),
                                 &ext_param);
-               sctp_addto_chunk(retval, num_ext, extensions);
+               sctp_addto_param(retval, num_ext, extensions);
        }
        if (asoc->peer.prsctp_capable)
                sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
 
-       aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
-       aiparam.param_hdr.length = htons(sizeof(aiparam));
-       aiparam.adaptation_ind = htonl(sctp_sk(asoc->base.sk)->adaptation_ind);
-       sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
+       if (sp->adaptation_ind) {
+               aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
+               aiparam.param_hdr.length = htons(sizeof(aiparam));
+               aiparam.adaptation_ind = htonl(sp->adaptation_ind);
+               sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
+       }
 
        if (asoc->peer.auth_capable) {
                sctp_addto_chunk(retval, ntohs(auth_random->length),
@@ -452,18 +497,6 @@ struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
        /* We need to remove the const qualifier at this point.  */
        retval->asoc = (struct sctp_association *) asoc;
 
-       /* RFC 2960 6.4 Multi-homed SCTP Endpoints
-        *
-        * An endpoint SHOULD transmit reply chunks (e.g., SACK,
-        * HEARTBEAT ACK, * etc.) to the same destination transport
-        * address from which it received the DATA or control chunk
-        * to which it is replying.
-        *
-        * [INIT ACK back to where the INIT came from.]
-        */
-       if (chunk)
-               retval->transport = chunk->transport;
-
 nomem_chunk:
        kfree(cookie);
 nomem_cookie:
@@ -702,13 +735,17 @@ struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc)
        int len;
        __u32 ctsn;
        __u16 num_gabs, num_dup_tsns;
+       struct sctp_association *aptr = (struct sctp_association *)asoc;
        struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
+       struct sctp_gap_ack_block gabs[SCTP_MAX_GABS];
+       struct sctp_transport *trans;
 
+       memset(gabs, 0, sizeof(gabs));
        ctsn = sctp_tsnmap_get_ctsn(map);
        SCTP_DEBUG_PRINTK("sackCTSNAck sent:  0x%x.\n", ctsn);
 
        /* How much room is needed in the chunk? */
-       num_gabs = sctp_tsnmap_num_gabs(map);
+       num_gabs = sctp_tsnmap_num_gabs(map, gabs);
        num_dup_tsns = sctp_tsnmap_num_dups(map);
 
        /* Initialize the SACK header.  */
@@ -764,13 +801,28 @@ struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc)
        /* Add the gap ack block information.   */
        if (num_gabs)
                sctp_addto_chunk(retval, sizeof(__u32) * num_gabs,
-                                sctp_tsnmap_get_gabs(map));
+                                gabs);
 
        /* Add the duplicate TSN information.  */
-       if (num_dup_tsns)
+       if (num_dup_tsns) {
+               aptr->stats.idupchunks += num_dup_tsns;
                sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns,
                                 sctp_tsnmap_get_dups(map));
-
+       }
+       /* Once we have a sack generated, check to see what our sack
+        * generation is, if its 0, reset the transports to 0, and reset
+        * the association generation to 1
+        *
+        * The idea is that zero is never used as a valid generation for the
+        * association so no transport will match after a wrap event like this,
+        * Until the next sack
+        */
+       if (++aptr->peer.sack_generation == 0) {
+               list_for_each_entry(trans, &asoc->peer.transport_addr_list,
+                                   transports)
+                       trans->sack_generation = 0;
+               aptr->peer.sack_generation = 1;
+       }
 nodata:
        return retval;
 }
@@ -977,7 +1029,10 @@ static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
 
        target = skb_put(chunk->skb, len);
 
-       memcpy(target, data, len);
+       if (data)
+               memcpy(target, data, len);
+       else
+               memset(target, 0, len);
 
        /* Adjust the chunk length field.  */
        chunk->chunk_hdr->length = htons(chunklen + len);
@@ -1013,22 +1068,72 @@ end:
        return retval;
 }
 
+struct sctp_chunk *sctp_make_violation_paramlen(
+       const struct sctp_association *asoc,
+       const struct sctp_chunk *chunk,
+       struct sctp_paramhdr *param)
+{
+       struct sctp_chunk *retval;
+       static const char error[] = "The following parameter had invalid length:";
+       size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) +
+                               sizeof(sctp_paramhdr_t);
+
+       retval = sctp_make_abort(asoc, chunk, payload_len);
+       if (!retval)
+               goto nodata;
+
+       sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION,
+                       sizeof(error) + sizeof(sctp_paramhdr_t));
+       sctp_addto_chunk(retval, sizeof(error), error);
+       sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param);
+
+nodata:
+       return retval;
+}
+
+struct sctp_chunk *sctp_make_violation_max_retrans(
+       const struct sctp_association *asoc,
+       const struct sctp_chunk *chunk)
+{
+       struct sctp_chunk *retval;
+       static const char error[] = "Association exceeded its max_retans count";
+       size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t);
+
+       retval = sctp_make_abort(asoc, chunk, payload_len);
+       if (!retval)
+               goto nodata;
+
+       sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error));
+       sctp_addto_chunk(retval, sizeof(error), error);
+
+nodata:
+       return retval;
+}
+
 /* Make a HEARTBEAT chunk.  */
 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc,
-                                 const struct sctp_transport *transport,
-                                 const void *payload, const size_t paylen)
+                                 const struct sctp_transport *transport)
 {
-       struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT,
-                                                   0, paylen);
+       struct sctp_chunk *retval;
+       sctp_sender_hb_info_t hbinfo;
+
+       retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 0, sizeof(hbinfo));
 
        if (!retval)
                goto nodata;
 
+       hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO;
+       hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t));
+       hbinfo.daddr = transport->ipaddr;
+       hbinfo.sent_at = jiffies;
+       hbinfo.hb_nonce = transport->hb_nonce;
+
        /* Cast away the 'const', as this is just telling the chunk
         * what transport it belongs to.
         */
        retval->transport = (struct sctp_transport *) transport;
-       retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload);
+       retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo),
+                                               &hbinfo);
 
 nodata:
        return retval;
@@ -1092,20 +1197,40 @@ nodata:
        return retval;
 }
 
+/* Create an Operation Error chunk of a fixed size,
+ * specifically, max(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT)
+ * This is a helper function to allocate an error chunk for
+ * for those invalid parameter codes in which we may not want
+ * to report all the errors, if the incoming chunk is large
+ */
+static inline struct sctp_chunk *sctp_make_op_error_fixed(
+       const struct sctp_association *asoc,
+       const struct sctp_chunk *chunk)
+{
+       size_t size = asoc ? asoc->pathmtu : 0;
+
+       if (!size)
+               size = SCTP_DEFAULT_MAXSEGMENT;
+
+       return sctp_make_op_error_space(asoc, chunk, size);
+}
+
 /* Create an Operation Error chunk.  */
 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc,
                                 const struct sctp_chunk *chunk,
                                 __be16 cause_code, const void *payload,
-                                size_t paylen)
+                                size_t paylen, size_t reserve_tail)
 {
        struct sctp_chunk *retval;
 
-       retval = sctp_make_op_error_space(asoc, chunk, paylen);
+       retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail);
        if (!retval)
                goto nodata;
 
-       sctp_init_cause(retval, cause_code, paylen);
+       sctp_init_cause(retval, cause_code, paylen + reserve_tail);
        sctp_addto_chunk(retval, paylen, payload);
+       if (reserve_tail)
+               sctp_addto_param(retval, reserve_tail, NULL);
 
 nodata:
        return retval;
@@ -1171,7 +1296,6 @@ struct sctp_chunk *sctp_chunkify(struct sk_buff *skb,
        INIT_LIST_HEAD(&retval->list);
        retval->skb             = skb;
        retval->asoc            = (struct sctp_association *)asoc;
-       retval->resent          = 0;
        retval->has_tsn         = 0;
        retval->has_ssn         = 0;
        retval->rtt_in_progress = 0;
@@ -1189,7 +1313,7 @@ struct sctp_chunk *sctp_chunkify(struct sk_buff *skb,
         */
        retval->tsn_missing_report = 0;
        retval->tsn_gap_acked = 0;
-       retval->fast_retransmit = 0;
+       retval->fast_retransmit = SCTP_CAN_FRTX;
 
        /* If this is a fragmented message, track all fragments
         * of the message (for SEND_FAILED).
@@ -1276,6 +1400,9 @@ nodata:
 /* Release the memory occupied by a chunk.  */
 static void sctp_chunk_destroy(struct sctp_chunk *chunk)
 {
+       BUG_ON(!list_empty(&chunk->list));
+       list_del_init(&chunk->transmitted_list);
+
        /* Free the chunk skb data and the SCTP_chunk stub itself. */
        dev_kfree_skb(chunk->skb);
 
@@ -1286,9 +1413,6 @@ static void sctp_chunk_destroy(struct sctp_chunk *chunk)
 /* Possibly, free the chunk.  */
 void sctp_chunk_free(struct sctp_chunk *chunk)
 {
-       BUG_ON(!list_empty(&chunk->list));
-       list_del_init(&chunk->transmitted_list);
-
        /* Release our reference on the message tracker. */
        if (chunk->msg)
                sctp_datamsg_put(chunk->msg);
@@ -1332,6 +1456,18 @@ void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data)
        return target;
 }
 
+/* Append bytes to the end of a chunk. Returns NULL if there isn't sufficient
+ * space in the chunk
+ */
+void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk,
+                            int len, const void *data)
+{
+       if (skb_tailroom(chunk->skb) >= len)
+               return sctp_addto_chunk(chunk, len, data);
+       else
+               return NULL;
+}
+
 /* Append bytes from user space to the end of a chunk.  Will panic if
  * chunk is not big enough.
  * Returns a kernel err value.
@@ -1453,8 +1589,6 @@ static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
        struct sctp_signed_cookie *cookie;
        struct scatterlist sg;
        int headersize, bodysize;
-       unsigned int keylen;
-       char *key;
 
        /* Header size is static data prior to the actual cookie, including
         * any padding.
@@ -1513,15 +1647,12 @@ static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
                struct hash_desc desc;
 
                /* Sign the message.  */
-               sg.page = virt_to_page(&cookie->c);
-               sg.offset = (unsigned long)(&cookie->c) % PAGE_SIZE;
-               sg.length = bodysize;
-               keylen = SCTP_SECRET_SIZE;
-               key = (char *)ep->secret_key[ep->current_key];
+               sg_init_one(&sg, &cookie->c, bodysize);
                desc.tfm = sctp_sk(ep->base.sk)->hmac;
                desc.flags = 0;
 
-               if (crypto_hash_setkey(desc.tfm, key, keylen) ||
+               if (crypto_hash_setkey(desc.tfm, ep->secret_key,
+                                      sizeof(ep->secret_key)) ||
                    crypto_hash_digest(&desc, &sg, bodysize, cookie->signature))
                        goto free_cookie;
        }
@@ -1548,8 +1679,7 @@ struct sctp_association *sctp_unpack_cookie(
        int headersize, bodysize, fixed_size;
        __u8 *digest = ep->digest;
        struct scatterlist sg;
-       unsigned int keylen, len;
-       char *key;
+       unsigned int len;
        sctp_scope_t scope;
        struct sk_buff *skb = chunk->skb;
        struct timeval tv;
@@ -1584,36 +1714,21 @@ struct sctp_association *sctp_unpack_cookie(
                goto no_hmac;
 
        /* Check the signature.  */
-       keylen = SCTP_SECRET_SIZE;
-       sg.page = virt_to_page(bear_cookie);
-       sg.offset = (unsigned long)(bear_cookie) % PAGE_SIZE;
-       sg.length = bodysize;
-       key = (char *)ep->secret_key[ep->current_key];
+       sg_init_one(&sg, bear_cookie, bodysize);
        desc.tfm = sctp_sk(ep->base.sk)->hmac;
        desc.flags = 0;
 
        memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
-       if (crypto_hash_setkey(desc.tfm, key, keylen) ||
+       if (crypto_hash_setkey(desc.tfm, ep->secret_key,
+                              sizeof(ep->secret_key)) ||
            crypto_hash_digest(&desc, &sg, bodysize, digest)) {
                *error = -SCTP_IERROR_NOMEM;
                goto fail;
        }
 
        if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
-               /* Try the previous key. */
-               key = (char *)ep->secret_key[ep->last_key];
-               memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
-               if (crypto_hash_setkey(desc.tfm, key, keylen) ||
-                   crypto_hash_digest(&desc, &sg, bodysize, digest)) {
-                       *error = -SCTP_IERROR_NOMEM;
-                       goto fail;
-               }
-
-               if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
-                       /* Yikes!  Still bad signature! */
-                       *error = -SCTP_IERROR_BAD_SIG;
-                       goto fail;
-               }
+               *error = -SCTP_IERROR_BAD_SIG;
+               goto fail;
        }
 
 no_hmac:
@@ -1697,8 +1812,8 @@ no_hmac:
 
        /* Also, add the destination address. */
        if (list_empty(&retval->base.bind_addr.address_list)) {
-               sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1,
-                               GFP_ATOMIC);
+               sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest,
+                               SCTP_ADDR_SRC, GFP_ATOMIC);
        }
 
        retval->next_tsn = retval->c.initial_tsn;
@@ -1732,7 +1847,7 @@ malformed:
 struct __sctp_missing {
        __be32 num_missing;
        __be16 type;
-}  __attribute__((packed));
+}  __packed;
 
 /*
  * Report a missing mandatory parameter.
@@ -1787,21 +1902,14 @@ static int sctp_process_inv_paramlength(const struct sctp_association *asoc,
                                        const struct sctp_chunk *chunk,
                                        struct sctp_chunk **errp)
 {
-       char            error[] = "The following parameter had invalid length:";
-       size_t          payload_len = WORD_ROUND(sizeof(error)) +
-                                               sizeof(sctp_paramhdr_t);
-
+       /* This is a fatal error.  Any accumulated non-fatal errors are
+        * not reported.
+        */
+       if (*errp)
+               sctp_chunk_free(*errp);
 
        /* Create an error chunk and fill it in with our payload. */
-       if (!*errp)
-               *errp = sctp_make_op_error_space(asoc, chunk, payload_len);
-
-       if (*errp) {
-               sctp_init_cause(*errp, SCTP_ERROR_PROTO_VIOLATION,
-                               sizeof(error) + sizeof(sctp_paramhdr_t));
-               sctp_addto_chunk(*errp, sizeof(error), error);
-               sctp_addto_param(*errp, sizeof(sctp_paramhdr_t), param);
-       }
+       *errp = sctp_make_violation_paramlen(asoc, chunk, param);
 
        return 0;
 }
@@ -1817,9 +1925,15 @@ static int sctp_process_hn_param(const struct sctp_association *asoc,
 {
        __u16 len = ntohs(param.p->length);
 
-       /* Make an ERROR chunk. */
-       if (!*errp)
-               *errp = sctp_make_op_error_space(asoc, chunk, len);
+       /* Processing of the HOST_NAME parameter will generate an
+        * ABORT.  If we've accumulated any non-fatal errors, they
+        * would be unrecognized parameters and we should not include
+        * them in the ABORT.
+        */
+       if (*errp)
+               sctp_chunk_free(*errp);
+
+       *errp = sctp_make_op_error_space(asoc, chunk, len);
 
        if (*errp) {
                sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len);
@@ -1830,16 +1944,50 @@ static int sctp_process_hn_param(const struct sctp_association *asoc,
        return 0;
 }
 
+static int sctp_verify_ext_param(struct net *net, union sctp_params param)
+{
+       __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
+       int have_auth = 0;
+       int have_asconf = 0;
+       int i;
+
+       for (i = 0; i < num_ext; i++) {
+               switch (param.ext->chunks[i]) {
+                   case SCTP_CID_AUTH:
+                           have_auth = 1;
+                           break;
+                   case SCTP_CID_ASCONF:
+                   case SCTP_CID_ASCONF_ACK:
+                           have_asconf = 1;
+                           break;
+               }
+       }
+
+       /* ADD-IP Security: The draft requires us to ABORT or ignore the
+        * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not.  Do this
+        * only if ADD-IP is turned on and we are not backward-compatible
+        * mode.
+        */
+       if (net->sctp.addip_noauth)
+               return 1;
+
+       if (net->sctp.addip_enable && !have_auth && have_asconf)
+               return 0;
+
+       return 1;
+}
+
 static void sctp_process_ext_param(struct sctp_association *asoc,
                                    union sctp_params param)
 {
+       struct net *net = sock_net(asoc->base.sk);
        __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
        int i;
 
        for (i = 0; i < num_ext; i++) {
                switch (param.ext->chunks[i]) {
                    case SCTP_CID_FWD_TSN:
-                           if (sctp_prsctp_enable &&
+                           if (net->sctp.prsctp_enable &&
                                !asoc->peer.prsctp_capable)
                                    asoc->peer.prsctp_capable = 1;
                            break;
@@ -1847,11 +1995,14 @@ static void sctp_process_ext_param(struct sctp_association *asoc,
                            /* if the peer reports AUTH, assume that he
                             * supports AUTH.
                             */
-                           asoc->peer.auth_capable = 1;
+                           if (net->sctp.auth_enable)
+                                   asoc->peer.auth_capable = 1;
                            break;
                    case SCTP_CID_ASCONF:
                    case SCTP_CID_ASCONF_ACK:
-                           /* don't need to do anything for ASCONF */
+                           if (net->sctp.addip_enable)
+                                   asoc->peer.asconf_capable = 1;
+                           break;
                    default:
                            break;
                }
@@ -1865,79 +2016,61 @@ static void sctp_process_ext_param(struct sctp_association *asoc,
  * taken if the processing endpoint does not recognize the
  * Parameter Type.
  *
- * 00 - Stop processing this SCTP chunk and discard it,
- *     do not process any further chunks within it.
+ * 00 - Stop processing this parameter; do not process any further
+ *     parameters within this chunk
  *
- * 01 - Stop processing this SCTP chunk and discard it,
- *     do not process any further chunks within it, and report
- *     the unrecognized parameter in an 'Unrecognized
- *     Parameter Type' (in either an ERROR or in the INIT ACK).
+ * 01 - Stop processing this parameter, do not process any further
+ *     parameters within this chunk, and report the unrecognized
+ *     parameter in an 'Unrecognized Parameter' ERROR chunk.
  *
  * 10 - Skip this parameter and continue processing.
  *
  * 11 - Skip this parameter and continue processing but
  *     report the unrecognized parameter in an
- *     'Unrecognized Parameter Type' (in either an ERROR or in
- *     the INIT ACK).
+ *     'Unrecognized Parameter' ERROR chunk.
  *
  * Return value:
- *     0 - discard the chunk
- *     1 - continue with the chunk
+ *     SCTP_IERROR_NO_ERROR - continue with the chunk
+ *     SCTP_IERROR_ERROR    - stop and report an error.
+ *     SCTP_IERROR_NOMEME   - out of memory.
  */
-static int sctp_process_unk_param(const struct sctp_association *asoc,
-                                 union sctp_params param,
-                                 struct sctp_chunk *chunk,
-                                 struct sctp_chunk **errp)
+static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc,
+                                           union sctp_params param,
+                                           struct sctp_chunk *chunk,
+                                           struct sctp_chunk **errp)
 {
-       int retval = 1;
+       int retval = SCTP_IERROR_NO_ERROR;
 
        switch (param.p->type & SCTP_PARAM_ACTION_MASK) {
        case SCTP_PARAM_ACTION_DISCARD:
-               retval =  0;
-               break;
-       case SCTP_PARAM_ACTION_DISCARD_ERR:
-               retval =  0;
-               /* Make an ERROR chunk, preparing enough room for
-                * returning multiple unknown parameters.
-                */
-               if (NULL == *errp)
-                       *errp = sctp_make_op_error_space(asoc, chunk,
-                                       ntohs(chunk->chunk_hdr->length));
-
-               if (*errp) {
-                       sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM,
-                                       WORD_ROUND(ntohs(param.p->length)));
-                       sctp_addto_chunk(*errp,
-                                       WORD_ROUND(ntohs(param.p->length)),
-                                       param.v);
-               }
-
+               retval =  SCTP_IERROR_ERROR;
                break;
        case SCTP_PARAM_ACTION_SKIP:
                break;
+       case SCTP_PARAM_ACTION_DISCARD_ERR:
+               retval =  SCTP_IERROR_ERROR;
+               /* Fall through */
        case SCTP_PARAM_ACTION_SKIP_ERR:
                /* Make an ERROR chunk, preparing enough room for
                 * returning multiple unknown parameters.
                 */
                if (NULL == *errp)
-                       *errp = sctp_make_op_error_space(asoc, chunk,
-                                       ntohs(chunk->chunk_hdr->length));
+                       *errp = sctp_make_op_error_fixed(asoc, chunk);
 
                if (*errp) {
-                       sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM,
-                                       WORD_ROUND(ntohs(param.p->length)));
-                       sctp_addto_chunk(*errp,
-                                       WORD_ROUND(ntohs(param.p->length)),
-                                       param.v);
+                       if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM,
+                                       WORD_ROUND(ntohs(param.p->length))))
+                               sctp_addto_chunk_fixed(*errp,
+                                               WORD_ROUND(ntohs(param.p->length)),
+                                               param.v);
                } else {
                        /* If there is no memory for generating the ERROR
                         * report as specified, an ABORT will be triggered
                         * to the peer and the association won't be
                         * established.
                         */
-                       retval = 0;
+                       retval = SCTP_IERROR_NOMEM;
                }
-
                break;
        default:
                break;
@@ -1946,18 +2079,24 @@ static int sctp_process_unk_param(const struct sctp_association *asoc,
        return retval;
 }
 
-/* Find unrecognized parameters in the chunk.
+/* Verify variable length parameters
  * Return values:
- *     0 - discard the chunk
- *     1 - continue with the chunk
+ *     SCTP_IERROR_ABORT - trigger an ABORT
+ *     SCTP_IERROR_NOMEM - out of memory (abort)
+ *     SCTP_IERROR_ERROR - stop processing, trigger an ERROR
+ *     SCTP_IERROR_NO_ERROR - continue with the chunk
  */
-static int sctp_verify_param(const struct sctp_association *asoc,
-                            union sctp_params param,
-                            sctp_cid_t cid,
-                            struct sctp_chunk *chunk,
-                            struct sctp_chunk **err_chunk)
+static sctp_ierror_t sctp_verify_param(struct net *net,
+                                       const struct sctp_association *asoc,
+                                       union sctp_params param,
+                                       sctp_cid_t cid,
+                                       struct sctp_chunk *chunk,
+                                       struct sctp_chunk **err_chunk)
 {
-       int retval = 1;
+       struct sctp_hmac_algo_param *hmacs;
+       int retval = SCTP_IERROR_NO_ERROR;
+       __u16 n_elt, id = 0;
+       int i;
 
        /* FIXME - This routine is not looking at each parameter per the
         * chunk type, i.e., unrecognized parameters should be further
@@ -1974,20 +2113,31 @@ static int sctp_verify_param(const struct sctp_association *asoc,
        case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
        case SCTP_PARAM_ECN_CAPABLE:
        case SCTP_PARAM_ADAPTATION_LAYER_IND:
+               break;
+
        case SCTP_PARAM_SUPPORTED_EXT:
+               if (!sctp_verify_ext_param(net, param))
+                       return SCTP_IERROR_ABORT;
                break;
 
+       case SCTP_PARAM_SET_PRIMARY:
+               if (net->sctp.addip_enable)
+                       break;
+               goto fallthrough;
+
        case SCTP_PARAM_HOST_NAME_ADDRESS:
                /* Tell the peer, we won't support this param.  */
-               return sctp_process_hn_param(asoc, param, chunk, err_chunk);
+               sctp_process_hn_param(asoc, param, chunk, err_chunk);
+               retval = SCTP_IERROR_ABORT;
+               break;
 
        case SCTP_PARAM_FWD_TSN_SUPPORT:
-               if (sctp_prsctp_enable)
+               if (net->sctp.prsctp_enable)
                        break;
                goto fallthrough;
 
        case SCTP_PARAM_RANDOM:
-               if (!sctp_auth_enable)
+               if (!net->sctp.auth_enable)
                        goto fallthrough;
 
                /* SCTP-AUTH: Secion 6.1
@@ -1996,13 +2146,15 @@ static int sctp_verify_param(const struct sctp_association *asoc,
                 * cause 'Protocol Violation'.
                 */
                if (SCTP_AUTH_RANDOM_LENGTH !=
-                       ntohs(param.p->length) - sizeof(sctp_paramhdr_t))
-                       return sctp_process_inv_paramlength(asoc, param.p,
+                       ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) {
+                       sctp_process_inv_paramlength(asoc, param.p,
                                                        chunk, err_chunk);
+                       retval = SCTP_IERROR_ABORT;
+               }
                break;
 
        case SCTP_PARAM_CHUNKS:
-               if (!sctp_auth_enable)
+               if (!net->sctp.auth_enable)
                        goto fallthrough;
 
                /* SCTP-AUTH: Section 3.2
@@ -2010,28 +2162,49 @@ static int sctp_verify_param(const struct sctp_association *asoc,
                 *  INIT-ACK chunk if the sender wants to receive authenticated
                 *  chunks.  Its maximum length is 260 bytes.
                 */
-               if (260 < ntohs(param.p->length))
-                       return sctp_process_inv_paramlength(asoc, param.p,
-                                                       chunk, err_chunk);
+               if (260 < ntohs(param.p->length)) {
+                       sctp_process_inv_paramlength(asoc, param.p,
+                                                    chunk, err_chunk);
+                       retval = SCTP_IERROR_ABORT;
+               }
                break;
 
        case SCTP_PARAM_HMAC_ALGO:
-               if (!sctp_auth_enable)
-                       break;
-               /* Fall Through */
+               if (!net->sctp.auth_enable)
+                       goto fallthrough;
+
+               hmacs = (struct sctp_hmac_algo_param *)param.p;
+               n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1;
+
+               /* SCTP-AUTH: Section 6.1
+                * The HMAC algorithm based on SHA-1 MUST be supported and
+                * included in the HMAC-ALGO parameter.
+                */
+               for (i = 0; i < n_elt; i++) {
+                       id = ntohs(hmacs->hmac_ids[i]);
+
+                       if (id == SCTP_AUTH_HMAC_ID_SHA1)
+                               break;
+               }
+
+               if (id != SCTP_AUTH_HMAC_ID_SHA1) {
+                       sctp_process_inv_paramlength(asoc, param.p, chunk,
+                                                    err_chunk);
+                       retval = SCTP_IERROR_ABORT;
+               }
+               break;
 fallthrough:
        default:
                SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n",
                                ntohs(param.p->type), cid);
-               return sctp_process_unk_param(asoc, param, chunk, err_chunk);
-
+               retval = sctp_process_unk_param(asoc, param, chunk, err_chunk);
                break;
        }
        return retval;
 }
 
 /* Verify the INIT packet before we process it.  */
-int sctp_verify_init(const struct sctp_association *asoc,
+int sctp_verify_init(struct net *net, const struct sctp_association *asoc,
                     sctp_cid_t cid,
                     sctp_init_chunk_t *peer_init,
                     struct sctp_chunk *chunk,
@@ -2039,6 +2212,7 @@ int sctp_verify_init(const struct sctp_association *asoc,
 {
        union sctp_params param;
        int has_cookie = 0;
+       int result;
 
        /* Verify stream values are non-zero. */
        if ((0 == peer_init->init_hdr.num_outbound_streams) ||
@@ -2046,8 +2220,7 @@ int sctp_verify_init(const struct sctp_association *asoc,
            (0 == peer_init->init_hdr.init_tag) ||
            (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) {
 
-               sctp_process_inv_mandatory(asoc, chunk, errp);
-               return 0;
+               return sctp_process_inv_mandatory(asoc, chunk, errp);
        }
 
        /* Check for missing mandatory parameters.  */
@@ -2065,29 +2238,29 @@ int sctp_verify_init(const struct sctp_association *asoc,
         * VIOLATION error.  We build the ERROR chunk here and let the normal
         * error handling code build and send the packet.
         */
-       if (param.v != (void*)chunk->chunk_end) {
-               sctp_process_inv_paramlength(asoc, param.p, chunk, errp);
-               return 0;
-       }
+       if (param.v != (void*)chunk->chunk_end)
+               return sctp_process_inv_paramlength(asoc, param.p, chunk, errp);
 
        /* The only missing mandatory param possible today is
         * the state cookie for an INIT-ACK chunk.
         */
-       if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) {
-               sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE,
-                                          chunk, errp);
-               return 0;
-       }
-
-       /* Find unrecognized parameters. */
+       if ((SCTP_CID_INIT_ACK == cid) && !has_cookie)
+               return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE,
+                                                 chunk, errp);
 
+       /* Verify all the variable length parameters */
        sctp_walk_params(param, peer_init, init_hdr.params) {
 
-               if (!sctp_verify_param(asoc, param, cid, chunk, errp)) {
-                       if (SCTP_PARAM_HOST_NAME_ADDRESS == param.p->type)
+               result = sctp_verify_param(net, asoc, param, cid, chunk, errp);
+               switch (result) {
+                   case SCTP_IERROR_ABORT:
+                   case SCTP_IERROR_NOMEM:
                                return 0;
-                       else
+                   case SCTP_IERROR_ERROR:
                                return 1;
+                   case SCTP_IERROR_NO_ERROR:
+                   default:
+                               break;
                }
 
        } /* for (loop through all parameters) */
@@ -2099,14 +2272,18 @@ int sctp_verify_init(const struct sctp_association *asoc,
  * Returns 0 on failure, else success.
  * FIXME:  This is an association method.
  */
-int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid,
+int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk,
                      const union sctp_addr *peer_addr,
                      sctp_init_chunk_t *peer_init, gfp_t gfp)
 {
+       struct net *net = sock_net(asoc->base.sk);
        union sctp_params param;
        struct sctp_transport *transport;
        struct list_head *pos, *temp;
+       struct sctp_af *af;
+       union sctp_addr addr;
        char *cookie;
+       int src_match = 0;
 
        /* We must include the address that the INIT packet came from.
         * This is the only address that matters for an INIT packet.
@@ -2118,18 +2295,31 @@ int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid,
         * added as the primary transport.  The source address seems to
         * be a a better choice than any of the embedded addresses.
         */
-       if (peer_addr) {
-               if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE))
-                       goto nomem;
-       }
+       if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE))
+               goto nomem;
+
+       if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr))
+               src_match = 1;
 
        /* Process the initialization parameters.  */
        sctp_walk_params(param, peer_init, init_hdr.params) {
+               if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
+                   param.p->type == SCTP_PARAM_IPV6_ADDRESS)) {
+                       af = sctp_get_af_specific(param_type2af(param.p->type));
+                       af->from_addr_param(&addr, param.addr,
+                                           chunk->sctp_hdr->source, 0);
+                       if (sctp_cmp_addr_exact(sctp_source(chunk), &addr))
+                               src_match = 1;
+               }
 
                if (!sctp_process_param(asoc, param, peer_addr, gfp))
                        goto clean_up;
        }
 
+       /* source address of chunk may not match any valid address */
+       if (!src_match)
+               goto clean_up;
+
        /* AUTH: After processing the parameters, make sure that we
         * have all the required info to potentially do authentications.
         */
@@ -2137,6 +2327,21 @@ int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid,
                                        !asoc->peer.peer_hmacs))
                asoc->peer.auth_capable = 0;
 
+       /* In a non-backward compatible mode, if the peer claims
+        * support for ADD-IP but not AUTH,  the ADD-IP spec states
+        * that we MUST ABORT the association. Section 6.  The section
+        * also give us an option to silently ignore the packet, which
+        * is what we'll do here.
+        */
+       if (!net->sctp.addip_noauth &&
+            (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) {
+               asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP |
+                                                 SCTP_PARAM_DEL_IP |
+                                                 SCTP_PARAM_SET_PRIMARY);
+               asoc->peer.asconf_capable = 0;
+               goto clean_up;
+       }
+
        /* Walk list of transports, removing transports in the UNKNOWN state. */
        list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
                transport = list_entry(pos, struct sctp_transport, transports);
@@ -2192,14 +2397,15 @@ int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid,
         * high (for example, implementations MAY use the size of the receiver
         * advertised window).
         */
-       list_for_each(pos, &asoc->peer.transport_addr_list) {
-               transport = list_entry(pos, struct sctp_transport, transports);
+       list_for_each_entry(transport, &asoc->peer.transport_addr_list,
+                       transports) {
                transport->ssthresh = asoc->peer.i.a_rwnd;
        }
 
        /* Set up the TSN tracking pieces.  */
-       sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_SIZE,
-                        asoc->peer.i.initial_tsn);
+       if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
+                               asoc->peer.i.initial_tsn, gfp))
+               goto clean_up;
 
        /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number
         *
@@ -2242,12 +2448,10 @@ clean_up:
        /* Release the transport structures. */
        list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
                transport = list_entry(pos, struct sctp_transport, transports);
-               list_del_init(pos);
-               sctp_transport_free(transport);
+               if (transport->state != SCTP_ACTIVE)
+                       sctp_assoc_rm_peer(asoc, transport);
        }
 
-       asoc->peer.transport_count = 0;
-
 nomem:
        return 0;
 }
@@ -2269,6 +2473,7 @@ static int sctp_process_param(struct sctp_association *asoc,
                              const union sctp_addr *peer_addr,
                              gfp_t gfp)
 {
+       struct net *net = sock_net(asoc->base.sk);
        union sctp_addr addr;
        int i;
        __u16 sat;
@@ -2276,6 +2481,8 @@ static int sctp_process_param(struct sctp_association *asoc,
        sctp_scope_t scope;
        time_t stale;
        struct sctp_af *af;
+       union sctp_addr_param *addr_param;
+       struct sctp_transport *t;
 
        /* We maintain all INIT parameters in network byte order all the
         * time.  This allows us to not worry about whether the parameters
@@ -2285,18 +2492,23 @@ static int sctp_process_param(struct sctp_association *asoc,
        case SCTP_PARAM_IPV6_ADDRESS:
                if (PF_INET6 != asoc->base.sk->sk_family)
                        break;
-               /* Fall through. */
+               goto do_addr_param;
+
        case SCTP_PARAM_IPV4_ADDRESS:
+               /* v4 addresses are not allowed on v6-only socket */
+               if (ipv6_only_sock(asoc->base.sk))
+                       break;
+do_addr_param:
                af = sctp_get_af_specific(param_type2af(param.p->type));
                af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0);
                scope = sctp_scope(peer_addr);
-               if (sctp_in_scope(&addr, scope))
+               if (sctp_in_scope(net, &addr, scope))
                        if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED))
                                return 0;
                break;
 
        case SCTP_PARAM_COOKIE_PRESERVATIVE:
-               if (!sctp_cookie_preserve_enable)
+               if (!net->sctp.cookie_preserve_enable)
                        break;
 
                stale = ntohl(param.life->lifespan_increment);
@@ -2319,6 +2531,14 @@ static int sctp_process_param(struct sctp_association *asoc,
                asoc->peer.ipv4_address = 0;
                asoc->peer.ipv6_address = 0;
 
+               /* Assume that peer supports the address family
+                * by which it sends a packet.
+                */
+               if (peer_addr->sa.sa_family == AF_INET6)
+                       asoc->peer.ipv6_address = 1;
+               else if (peer_addr->sa.sa_family == AF_INET)
+                       asoc->peer.ipv4_address = 1;
+
                /* Cycle through address types; avoid divide by 0. */
                sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
                if (sat)
@@ -2331,7 +2551,8 @@ static int sctp_process_param(struct sctp_association *asoc,
                                break;
 
                        case SCTP_PARAM_IPV6_ADDRESS:
-                               asoc->peer.ipv6_address = 1;
+                               if (PF_INET6 == asoc->base.sk->sk_family)
+                                       asoc->peer.ipv6_address = 1;
                                break;
 
                        case SCTP_PARAM_HOST_NAME_ADDRESS:
@@ -2363,7 +2584,30 @@ static int sctp_process_param(struct sctp_association *asoc,
                break;
 
        case SCTP_PARAM_ADAPTATION_LAYER_IND:
-               asoc->peer.adaptation_ind = param.aind->adaptation_ind;
+               asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind);
+               break;
+
+       case SCTP_PARAM_SET_PRIMARY:
+               if (!net->sctp.addip_enable)
+                       goto fall_through;
+
+               addr_param = param.v + sizeof(sctp_addip_param_t);
+
+               af = sctp_get_af_specific(param_type2af(param.p->type));
+               af->from_addr_param(&addr, addr_param,
+                                   htons(asoc->peer.port), 0);
+
+               /* if the address is invalid, we can't process it.
+                * XXX: see spec for what to do.
+                */
+               if (!af->addr_valid(&addr, NULL, NULL))
+                       break;
+
+               t = sctp_assoc_lookup_paddr(asoc, &addr);
+               if (!t)
+                       break;
+
+               sctp_assoc_set_primary(asoc, t);
                break;
 
        case SCTP_PARAM_SUPPORTED_EXT:
@@ -2371,7 +2615,7 @@ static int sctp_process_param(struct sctp_association *asoc,
                break;
 
        case SCTP_PARAM_FWD_TSN_SUPPORT:
-               if (sctp_prsctp_enable) {
+               if (net->sctp.prsctp_enable) {
                        asoc->peer.prsctp_capable = 1;
                        break;
                }
@@ -2379,7 +2623,7 @@ static int sctp_process_param(struct sctp_association *asoc,
                goto fall_through;
 
        case SCTP_PARAM_RANDOM:
-               if (!sctp_auth_enable)
+               if (!net->sctp.auth_enable)
                        goto fall_through;
 
                /* Save peer's random parameter */
@@ -2392,7 +2636,7 @@ static int sctp_process_param(struct sctp_association *asoc,
                break;
 
        case SCTP_PARAM_HMAC_ALGO:
-               if (!sctp_auth_enable)
+               if (!net->sctp.auth_enable)
                        goto fall_through;
 
                /* Save peer's HMAC list */
@@ -2408,7 +2652,7 @@ static int sctp_process_param(struct sctp_association *asoc,
                break;
 
        case SCTP_PARAM_CHUNKS:
-               if (!sctp_auth_enable)
+               if (!net->sctp.auth_enable)
                        goto fall_through;
 
                asoc->peer.peer_chunks = kmemdup(param.p,
@@ -2548,11 +2792,12 @@ struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc,
        int                     addr_param_len = 0;
        int                     totallen = 0;
        int                     i;
+       int                     del_pickup = 0;
 
        /* Get total length of all the address parameters. */
        addr_buf = addrs;
        for (i = 0; i < addrcnt; i++) {
-               addr = (union sctp_addr *)addr_buf;
+               addr = addr_buf;
                af = sctp_get_af_specific(addr->v4.sin_family);
                addr_param_len = af->to_addr_param(addr, &addr_param);
 
@@ -2560,6 +2805,13 @@ struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc,
                totallen += addr_param_len;
 
                addr_buf += af->sockaddr_len;
+               if (asoc->asconf_addr_del_pending && !del_pickup) {
+                       /* reuse the parameter length from the same scope one */
+                       totallen += paramlen;
+                       totallen += addr_param_len;
+                       del_pickup = 1;
+                       SCTP_DEBUG_PRINTK("mkasconf_update_ip: picked same-scope del_pending addr, totallen for all addresses is %d\n", totallen);
+               }
        }
 
        /* Create an asconf chunk with the required length. */
@@ -2570,7 +2822,7 @@ struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc,
        /* Add the address parameters to the asconf chunk. */
        addr_buf = addrs;
        for (i = 0; i < addrcnt; i++) {
-               addr = (union sctp_addr *)addr_buf;
+               addr = addr_buf;
                af = sctp_get_af_specific(addr->v4.sin_family);
                addr_param_len = af->to_addr_param(addr, &addr_param);
                param.param_hdr.type = flags;
@@ -2582,6 +2834,17 @@ struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc,
 
                addr_buf += af->sockaddr_len;
        }
+       if (flags == SCTP_PARAM_ADD_IP && del_pickup) {
+               addr = asoc->asconf_addr_del_pending;
+               af = sctp_get_af_specific(addr->v4.sin_family);
+               addr_param_len = af->to_addr_param(addr, &addr_param);
+               param.param_hdr.type = SCTP_PARAM_DEL_IP;
+               param.param_hdr.length = htons(paramlen + addr_param_len);
+               param.crr_id = i;
+
+               sctp_addto_chunk(retval, paramlen, &param);
+               sctp_addto_chunk(retval, addr_param_len, &addr_param);
+       }
        return retval;
 }
 
@@ -2717,19 +2980,51 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
        struct sctp_transport *peer;
        struct sctp_af *af;
        union sctp_addr addr;
-       struct list_head *pos;
        union sctp_addr_param *addr_param;
 
-       addr_param = (union sctp_addr_param *)
-                       ((void *)asconf_param + sizeof(sctp_addip_param_t));
+       addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t);
 
-       af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type));
+       if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP &&
+           asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP &&
+           asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY)
+               return SCTP_ERROR_UNKNOWN_PARAM;
+
+       switch (addr_param->p.type) {
+       case SCTP_PARAM_IPV6_ADDRESS:
+               if (!asoc->peer.ipv6_address)
+                       return SCTP_ERROR_DNS_FAILED;
+               break;
+       case SCTP_PARAM_IPV4_ADDRESS:
+               if (!asoc->peer.ipv4_address)
+                       return SCTP_ERROR_DNS_FAILED;
+               break;
+       default:
+               return SCTP_ERROR_DNS_FAILED;
+       }
+
+       af = sctp_get_af_specific(param_type2af(addr_param->p.type));
        if (unlikely(!af))
-               return SCTP_ERROR_INV_PARAM;
+               return SCTP_ERROR_DNS_FAILED;
 
        af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0);
+
+       /* ADDIP 4.2.1  This parameter MUST NOT contain a broadcast
+        * or multicast address.
+        * (note: wildcard is permitted and requires special handling so
+        *  make sure we check for that)
+        */
+       if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb))
+               return SCTP_ERROR_DNS_FAILED;
+
        switch (asconf_param->param_hdr.type) {
        case SCTP_PARAM_ADD_IP:
+               /* Section 4.2.1:
+                * If the address 0.0.0.0 or ::0 is provided, the source
+                * address of the packet MUST be added.
+                */
+               if (af->is_any(&addr))
+                       memcpy(&addr, &asconf->source, sizeof(addr));
+
                /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address
                 * request and does not have the local resources to add this
                 * new address to the association, it MUST return an Error
@@ -2744,6 +3039,7 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
                /* Start the heartbeat timer. */
                if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer)))
                        sctp_transport_hold(peer);
+               asoc->new_transport = peer;
                break;
        case SCTP_PARAM_DEL_IP:
                /* ADDIP 4.3 D7) If a request is received to delete the
@@ -2751,8 +3047,7 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
                 * MUST send an Error Cause TLV with the error cause set to the
                 * new error code 'Request to Delete Last Remaining IP Address'.
                 */
-               pos = asoc->peer.transport_addr_list.next;
-               if (pos->next == &asoc->peer.transport_addr_list)
+               if (asoc->peer.transport_count == 1)
                        return SCTP_ERROR_DEL_LAST_IP;
 
                /* ADDIP 4.3 D8) If a request is received to delete an IP
@@ -2762,21 +3057,36 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
                 * an Error Cause TLV set to the new error code 'Request to
                 * Delete Source IP Address'
                 */
-               if (sctp_cmp_addr_exact(sctp_source(asconf), &addr))
+               if (sctp_cmp_addr_exact(&asconf->source, &addr))
                        return SCTP_ERROR_DEL_SRC_IP;
 
-               sctp_assoc_del_peer(asoc, &addr);
+               /* Section 4.2.2
+                * If the address 0.0.0.0 or ::0 is provided, all
+                * addresses of the peer except the source address of the
+                * packet MUST be deleted.
+                */
+               if (af->is_any(&addr)) {
+                       sctp_assoc_set_primary(asoc, asconf->transport);
+                       sctp_assoc_del_nonprimary_peers(asoc,
+                                                       asconf->transport);
+               } else
+                       sctp_assoc_del_peer(asoc, &addr);
                break;
        case SCTP_PARAM_SET_PRIMARY:
+               /* ADDIP Section 4.2.4
+                * If the address 0.0.0.0 or ::0 is provided, the receiver
+                * MAY mark the source address of the packet as its
+                * primary.
+                */
+               if (af->is_any(&addr))
+                       memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
+
                peer = sctp_assoc_lookup_paddr(asoc, &addr);
                if (!peer)
-                       return SCTP_ERROR_INV_PARAM;
+                       return SCTP_ERROR_DNS_FAILED;
 
                sctp_assoc_set_primary(asoc, peer);
                break;
-       default:
-               return SCTP_ERROR_INV_PARAM;
-               break;
        }
 
        return SCTP_ERROR_NO_ERROR;
@@ -2841,10 +3151,11 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
 
        __be16  err_code;
        int     length = 0;
-       int     chunk_len = asconf->skb->len;
+       int     chunk_len;
        __u32   serial;
        int     all_param_pass = 1;
 
+       chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
        hdr = (sctp_addiphdr_t *)asconf->skb->data;
        serial = ntohl(hdr->serial);
 
@@ -2854,18 +3165,18 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
        chunk_len -= length;
 
        /* Skip the address parameter and store a pointer to the first
-        * asconf paramter.
+        * asconf parameter.
         */
-       length = ntohs(addr_param->v4.param_hdr.length);
-       asconf_param = (sctp_addip_param_t *)((void *)addr_param + length);
+       length = ntohs(addr_param->p.length);
+       asconf_param = (void *)addr_param + length;
        chunk_len -= length;
 
        /* create an ASCONF_ACK chunk.
         * Based on the definitions of parameters, we know that the size of
-        * ASCONF_ACK parameters are less than or equal to the twice of ASCONF
-        * paramters.
+        * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF
+        * parameters.
         */
-       asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2);
+       asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4);
        if (!asconf_ack)
                goto done;
 
@@ -2898,8 +3209,7 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
 
                /* Move to the next ASCONF param. */
                length = ntohs(asconf_param->param_hdr.length);
-               asconf_param = (sctp_addip_param_t *)((void *)asconf_param +
-                                                     length);
+               asconf_param = (void *)asconf_param + length;
                chunk_len -= length;
        }
 
@@ -2910,34 +3220,29 @@ done:
         * after freeing the reference to old asconf ack if any.
         */
        if (asconf_ack) {
-               if (asoc->addip_last_asconf_ack)
-                       sctp_chunk_free(asoc->addip_last_asconf_ack);
-
                sctp_chunk_hold(asconf_ack);
-               asoc->addip_last_asconf_ack = asconf_ack;
+               list_add_tail(&asconf_ack->transmitted_list,
+                             &asoc->asconf_ack_list);
        }
 
        return asconf_ack;
 }
 
 /* Process a asconf parameter that is successfully acked. */
-static int sctp_asconf_param_success(struct sctp_association *asoc,
+static void sctp_asconf_param_success(struct sctp_association *asoc,
                                     sctp_addip_param_t *asconf_param)
 {
        struct sctp_af *af;
        union sctp_addr addr;
        struct sctp_bind_addr *bp = &asoc->base.bind_addr;
        union sctp_addr_param *addr_param;
-       struct list_head *pos;
        struct sctp_transport *transport;
        struct sctp_sockaddr_entry *saddr;
-       int retval = 0;
 
-       addr_param = (union sctp_addr_param *)
-                       ((void *)asconf_param + sizeof(sctp_addip_param_t));
+       addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t);
 
        /* We have checked the packet before, so we do not check again. */
-       af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type));
+       af = sctp_get_af_specific(param_type2af(addr_param->p.type));
        af->from_addr_param(&addr, addr_param, htons(bp->port), 0);
 
        switch (asconf_param->param_hdr.type) {
@@ -2945,26 +3250,36 @@ static int sctp_asconf_param_success(struct sctp_association *asoc,
                /* This is always done in BH context with a socket lock
                 * held, so the list can not change.
                 */
+               local_bh_disable();
                list_for_each_entry(saddr, &bp->address_list, list) {
                        if (sctp_cmp_addr_exact(&saddr->a, &addr))
-                               saddr->use_as_src = 1;
+                               saddr->state = SCTP_ADDR_SRC;
+               }
+               local_bh_enable();
+               list_for_each_entry(transport, &asoc->peer.transport_addr_list,
+                               transports) {
+                       dst_release(transport->dst);
+                       transport->dst = NULL;
                }
                break;
        case SCTP_PARAM_DEL_IP:
-               retval = sctp_del_bind_addr(bp, &addr, call_rcu_bh);
-               list_for_each(pos, &asoc->peer.transport_addr_list) {
-                       transport = list_entry(pos, struct sctp_transport,
-                                                transports);
+               local_bh_disable();
+               sctp_del_bind_addr(bp, &addr);
+               if (asoc->asconf_addr_del_pending != NULL &&
+                   sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) {
+                       kfree(asoc->asconf_addr_del_pending);
+                       asoc->asconf_addr_del_pending = NULL;
+               }
+               local_bh_enable();
+               list_for_each_entry(transport, &asoc->peer.transport_addr_list,
+                               transports) {
                        dst_release(transport->dst);
-                       sctp_transport_route(transport, NULL,
-                                            sctp_sk(asoc->base.sk));
+                       transport->dst = NULL;
                }
                break;
        default:
                break;
        }
-
-       return retval;
 }
 
 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk
@@ -2983,7 +3298,7 @@ static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
        sctp_addip_param_t      *asconf_ack_param;
        sctp_errhdr_t           *err_param;
        int                     length;
-       int                     asconf_ack_len = asconf_ack->skb->len;
+       int                     asconf_ack_len;
        __be16                  err_code;
 
        if (no_err)
@@ -2991,6 +3306,9 @@ static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
        else
                err_code = SCTP_ERROR_REQ_REFUSED;
 
+       asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) -
+                            sizeof(sctp_chunkhdr_t);
+
        /* Skip the addiphdr from the asconf_ack chunk and store a pointer to
         * the first asconf_ack parameter.
         */
@@ -3006,8 +3324,7 @@ static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
                                return SCTP_ERROR_NO_ERROR;
                        case SCTP_PARAM_ERR_CAUSE:
                                length = sizeof(sctp_addip_param_t);
-                               err_param = (sctp_errhdr_t *)
-                                          ((void *)asconf_ack_param + length);
+                               err_param = (void *)asconf_ack_param + length;
                                asconf_ack_len -= length;
                                if (asconf_ack_len > 0)
                                        return err_param->cause;
@@ -3020,8 +3337,7 @@ static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
                }
 
                length = ntohs(asconf_ack_param->param_hdr.length);
-               asconf_ack_param = (sctp_addip_param_t *)
-                                       ((void *)asconf_ack_param + length);
+               asconf_ack_param = (void *)asconf_ack_param + length;
                asconf_ack_len -= length;
        }
 
@@ -3050,10 +3366,10 @@ int sctp_process_asconf_ack(struct sctp_association *asoc,
        asconf_len -= length;
 
        /* Skip the address parameter in the last asconf sent and store a
-        * pointer to the first asconf paramter.
+        * pointer to the first asconf parameter.
         */
-       length = ntohs(addr_param->v4.param_hdr.length);
-       asconf_param = (sctp_addip_param_t *)((void *)addr_param + length);
+       length = ntohs(addr_param->p.length);
+       asconf_param = (void *)addr_param + length;
        asconf_len -= length;
 
        /* ADDIP 4.1
@@ -3078,14 +3394,14 @@ int sctp_process_asconf_ack(struct sctp_association *asoc,
 
                switch (err_code) {
                case SCTP_ERROR_NO_ERROR:
-                       retval = sctp_asconf_param_success(asoc, asconf_param);
+                       sctp_asconf_param_success(asoc, asconf_param);
                        break;
 
                case SCTP_ERROR_RSRC_LOW:
                        retval = 1;
                        break;
 
-               case SCTP_ERROR_INV_PARAM:
+               case SCTP_ERROR_UNKNOWN_PARAM:
                        /* Disable sending this type of asconf parameter in
                         * future.
                         */
@@ -3104,30 +3420,20 @@ int sctp_process_asconf_ack(struct sctp_association *asoc,
                 * one.
                 */
                length = ntohs(asconf_param->param_hdr.length);
-               asconf_param = (sctp_addip_param_t *)((void *)asconf_param +
-                                                     length);
+               asconf_param = (void *)asconf_param + length;
                asconf_len -= length;
        }
 
+       if (no_err && asoc->src_out_of_asoc_ok) {
+               asoc->src_out_of_asoc_ok = 0;
+               sctp_transport_immediate_rtx(asoc->peer.primary_path);
+       }
+
        /* Free the cached last sent asconf chunk. */
+       list_del_init(&asconf->transmitted_list);
        sctp_chunk_free(asconf);
        asoc->addip_last_asconf = NULL;
 
-       /* Send the next asconf chunk from the addip chunk queue. */
-       if (!list_empty(&asoc->addip_chunk_list)) {
-               struct list_head *entry = asoc->addip_chunk_list.next;
-               asconf = list_entry(entry, struct sctp_chunk, list);
-
-               list_del_init(entry);
-
-               /* Hold the chunk until an ASCONF_ACK is received. */
-               sctp_chunk_hold(asconf);
-               if (sctp_primitive_ASCONF(asoc, asconf))
-                       sctp_chunk_free(asconf);
-               else
-                       asoc->addip_last_asconf = asconf;
-       }
-
        return retval;
 }
 
@@ -3137,7 +3443,6 @@ struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc,
                                    struct sctp_fwdtsn_skip *skiplist)
 {
        struct sctp_chunk *retval = NULL;
-       struct sctp_fwdtsn_chunk *ftsn_chunk;
        struct sctp_fwdtsn_hdr ftsn_hdr;
        struct sctp_fwdtsn_skip skip;
        size_t hint;
@@ -3150,8 +3455,6 @@ struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc,
        if (!retval)
                return NULL;
 
-       ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr;
-
        ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn);
        retval->subh.fwdtsn_hdr =
                sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr);