summaryrefslogtreecommitdiff
path: root/net/sctp/output.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/sctp/output.c')
-rw-r--r--net/sctp/output.c131
1 files changed, 104 insertions, 27 deletions
diff --git a/net/sctp/output.c b/net/sctp/output.c
index 49b9f5f031a4..847639d542c0 100644
--- a/net/sctp/output.c
+++ b/net/sctp/output.c
@@ -80,6 +80,7 @@ struct sctp_packet *sctp_packet_config(struct sctp_packet *packet,
packet->has_cookie_echo = 0;
packet->has_sack = 0;
packet->has_auth = 0;
+ packet->has_data = 0;
packet->ipfragok = 0;
packet->auth = NULL;
@@ -124,6 +125,7 @@ struct sctp_packet *sctp_packet_init(struct sctp_packet *packet,
packet->has_cookie_echo = 0;
packet->has_sack = 0;
packet->has_auth = 0;
+ packet->has_data = 0;
packet->ipfragok = 0;
packet->malloced = 0;
packet->auth = NULL;
@@ -185,6 +187,39 @@ sctp_xmit_t sctp_packet_transmit_chunk(struct sctp_packet *packet,
return retval;
}
+/* Try to bundle an auth chunk into the packet. */
+static sctp_xmit_t sctp_packet_bundle_auth(struct sctp_packet *pkt,
+ struct sctp_chunk *chunk)
+{
+ struct sctp_association *asoc = pkt->transport->asoc;
+ struct sctp_chunk *auth;
+ sctp_xmit_t retval = SCTP_XMIT_OK;
+
+ /* if we don't have an association, we can't do authentication */
+ if (!asoc)
+ return retval;
+
+ /* See if this is an auth chunk we are bundling or if
+ * auth is already bundled.
+ */
+ if (chunk->chunk_hdr->type == SCTP_CID_AUTH || pkt->auth)
+ return retval;
+
+ /* if the peer did not request this chunk to be authenticated,
+ * don't do it
+ */
+ if (!chunk->auth)
+ return retval;
+
+ auth = sctp_make_auth(asoc);
+ if (!auth)
+ return retval;
+
+ retval = sctp_packet_append_chunk(pkt, auth);
+
+ return retval;
+}
+
/* Try to bundle a SACK with the packet. */
static sctp_xmit_t sctp_packet_bundle_sack(struct sctp_packet *pkt,
struct sctp_chunk *chunk)
@@ -231,12 +266,17 @@ sctp_xmit_t sctp_packet_append_chunk(struct sctp_packet *packet,
SCTP_DEBUG_PRINTK("%s: packet:%p chunk:%p\n", __FUNCTION__, packet,
chunk);
- retval = sctp_packet_bundle_sack(packet, chunk);
- psize = packet->size;
+ /* Try to bundle AUTH chunk */
+ retval = sctp_packet_bundle_auth(packet, chunk);
+ if (retval != SCTP_XMIT_OK)
+ goto finish;
+ /* Try to bundle SACK chunk */
+ retval = sctp_packet_bundle_sack(packet, chunk);
if (retval != SCTP_XMIT_OK)
goto finish;
+ psize = packet->size;
pmtu = ((packet->transport->asoc) ?
(packet->transport->asoc->pathmtu) :
(packet->transport->pathmtu));
@@ -245,10 +285,16 @@ sctp_xmit_t sctp_packet_append_chunk(struct sctp_packet *packet,
/* Decide if we need to fragment or resubmit later. */
if (too_big) {
- /* Both control chunks and data chunks with TSNs are
- * non-fragmentable.
+ /* It's OK to fragmet at IP level if any one of the following
+ * is true:
+ * 1. The packet is empty (meaning this chunk is greater
+ * the MTU)
+ * 2. The chunk we are adding is a control chunk
+ * 3. The packet doesn't have any data in it yet and data
+ * requires authentication.
*/
- if (sctp_packet_empty(packet) || !sctp_chunk_is_data(chunk)) {
+ if (sctp_packet_empty(packet) || !sctp_chunk_is_data(chunk) ||
+ (!packet->has_data && chunk->auth)) {
/* We no longer do re-fragmentation.
* Just fragment at the IP layer, if we
* actually hit this condition
@@ -270,16 +316,31 @@ append:
/* DATA is a special case since we must examine both rwnd and cwnd
* before we send DATA.
*/
- if (sctp_chunk_is_data(chunk)) {
+ switch (chunk->chunk_hdr->type) {
+ case SCTP_CID_DATA:
retval = sctp_packet_append_data(packet, chunk);
/* Disallow SACK bundling after DATA. */
packet->has_sack = 1;
+ /* Disallow AUTH bundling after DATA */
+ packet->has_auth = 1;
+ /* Let it be knows that packet has DATA in it */
+ packet->has_data = 1;
if (SCTP_XMIT_OK != retval)
goto finish;
- } else if (SCTP_CID_COOKIE_ECHO == chunk->chunk_hdr->type)
+ break;
+ case SCTP_CID_COOKIE_ECHO:
packet->has_cookie_echo = 1;
- else if (SCTP_CID_SACK == chunk->chunk_hdr->type)
+ break;
+
+ case SCTP_CID_SACK:
packet->has_sack = 1;
+ break;
+
+ case SCTP_CID_AUTH:
+ packet->has_auth = 1;
+ packet->auth = chunk;
+ break;
+ }
/* It is OK to send this chunk. */
list_add_tail(&chunk->list, &packet->chunk_list);
@@ -307,6 +368,8 @@ int sctp_packet_transmit(struct sctp_packet *packet)
int padding; /* How much padding do we need? */
__u8 has_data = 0;
struct dst_entry *dst = tp->dst;
+ unsigned char *auth = NULL; /* pointer to auth in skb data */
+ __u32 cksum_buf_len = sizeof(struct sctphdr);
SCTP_DEBUG_PRINTK("%s: packet:%p\n", __FUNCTION__, packet);
@@ -360,16 +423,6 @@ int sctp_packet_transmit(struct sctp_packet *packet)
sh->vtag = htonl(packet->vtag);
sh->checksum = 0;
- /* 2) Calculate the Adler-32 checksum of the whole packet,
- * including the SCTP common header and all the
- * chunks.
- *
- * Note: Adler-32 is no longer applicable, as has been replaced
- * by CRC32-C as described in <draft-ietf-tsvwg-sctpcsum-02.txt>.
- */
- if (!(dst->dev->features & NETIF_F_NO_CSUM))
- crc32 = sctp_start_cksum((__u8 *)sh, sizeof(struct sctphdr));
-
/**
* 6.10 Bundling
*
@@ -420,14 +473,16 @@ int sctp_packet_transmit(struct sctp_packet *packet)
if (padding)
memset(skb_put(chunk->skb, padding), 0, padding);
- if (dst->dev->features & NETIF_F_NO_CSUM)
- memcpy(skb_put(nskb, chunk->skb->len),
+ /* if this is the auth chunk that we are adding,
+ * store pointer where it will be added and put
+ * the auth into the packet.
+ */
+ if (chunk == packet->auth)
+ auth = skb_tail_pointer(nskb);
+
+ cksum_buf_len += chunk->skb->len;
+ memcpy(skb_put(nskb, chunk->skb->len),
chunk->skb->data, chunk->skb->len);
- else
- crc32 = sctp_update_copy_cksum(skb_put(nskb,
- chunk->skb->len),
- chunk->skb->data,
- chunk->skb->len, crc32);
SCTP_DEBUG_PRINTK("%s %p[%s] %s 0x%x, %s %d, %s %d, %s %d\n",
"*** Chunk", chunk,
@@ -449,9 +504,31 @@ int sctp_packet_transmit(struct sctp_packet *packet)
sctp_chunk_free(chunk);
}
- /* Perform final transformation on checksum. */
- if (!(dst->dev->features & NETIF_F_NO_CSUM))
+ /* SCTP-AUTH, Section 6.2
+ * The sender MUST calculate the MAC as described in RFC2104 [2]
+ * using the hash function H as described by the MAC Identifier and
+ * the shared association key K based on the endpoint pair shared key
+ * described by the shared key identifier. The 'data' used for the
+ * computation of the AUTH-chunk is given by the AUTH chunk with its
+ * HMAC field set to zero (as shown in Figure 6) followed by all
+ * chunks that are placed after the AUTH chunk in the SCTP packet.
+ */
+ if (auth)
+ sctp_auth_calculate_hmac(asoc, nskb,
+ (struct sctp_auth_chunk *)auth,
+ GFP_ATOMIC);
+
+ /* 2) Calculate the Adler-32 checksum of the whole packet,
+ * including the SCTP common header and all the
+ * chunks.
+ *
+ * Note: Adler-32 is no longer applicable, as has been replaced
+ * by CRC32-C as described in <draft-ietf-tsvwg-sctpcsum-02.txt>.
+ */
+ if (!(dst->dev->features & NETIF_F_NO_CSUM)) {
+ crc32 = sctp_start_cksum((__u8 *)sh, cksum_buf_len);
crc32 = sctp_end_cksum(crc32);
+ }
/* 3) Put the resultant value into the checksum field in the
* common header, and leave the rest of the bits unchanged.