[SCTP]: sctp_transport_{init,new}() switched to net-endian.

[~andy/linux] / net / sctp / sm_statefuns.c
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c

index 9e58144f4851129b7b9c6465c597a3a00bea0b46..c5362638d67257868d936a1ab6f2848209c60a8c 100644 (file)
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -93,7 +93,7 @@ static sctp_disposition_t sctp_sf_shut_8_4_5(const struct sctp_endpoint *ep,
  static struct sctp_sackhdr *sctp_sm_pull_sack(struct sctp_chunk *chunk);
  
  static sctp_disposition_t sctp_stop_t1_and_abort(sctp_cmd_seq_t *commands,
-                                          __u16 error, int sk_err,
+                                          __be16 error, int sk_err,
                                            const struct sctp_association *asoc,
                                            struct sctp_transport *transport);
  
@@ -187,10 +187,9 @@ sctp_disposition_t sctp_sf_do_4_C(const struct sctp_endpoint *ep,
          */
         ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_SHUTDOWN_COMP,
                                              0, 0, 0, GFP_ATOMIC);
-       if (!ev)
-               goto nomem;
-
-       sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
+       if (ev)
+               sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
+                               SCTP_ULPEVENT(ev));
  
         /* Upon reception of the SHUTDOWN COMPLETE chunk the endpoint
          * will verify that it is in SHUTDOWN-ACK-SENT state, if it is
@@ -215,9 +214,6 @@ sctp_disposition_t sctp_sf_do_4_C(const struct sctp_endpoint *ep,
         sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
  
         return SCTP_DISPOSITION_DELETE_TCB;
-
-nomem:
-       return SCTP_DISPOSITION_NOMEM;
  }
  
  /*
@@ -347,8 +343,6 @@ sctp_disposition_t sctp_sf_do_5_1B_init(const struct sctp_endpoint *ep,
                                GFP_ATOMIC))
                 goto nomem_init;
  
-       sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
-
         /* B) "Z" shall respond immediately with an INIT ACK chunk.  */
  
         /* If there are errors need to be reported for unknown parameters,
@@ -360,11 +354,11 @@ sctp_disposition_t sctp_sf_do_5_1B_init(const struct sctp_endpoint *ep,
                         sizeof(sctp_chunkhdr_t);
  
         if (sctp_assoc_set_bind_addr_from_ep(new_asoc, GFP_ATOMIC) < 0)
-               goto nomem_ack;
+               goto nomem_init;
  
         repl = sctp_make_init_ack(new_asoc, chunk, GFP_ATOMIC, len);
         if (!repl)
-               goto nomem_ack;
+               goto nomem_init;
  
         /* If there are errors need to be reported for unknown parameters,
          * include them in the outgoing INIT ACK as "Unrecognized parameter"
@@ -388,6 +382,8 @@ sctp_disposition_t sctp_sf_do_5_1B_init(const struct sctp_endpoint *ep,
                 sctp_chunk_free(err_chunk);
         }
  
+       sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
+
         sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
  
         /*
@@ -400,12 +396,11 @@ sctp_disposition_t sctp_sf_do_5_1B_init(const struct sctp_endpoint *ep,
  
         return SCTP_DISPOSITION_DELETE_TCB;
  
-nomem_ack:
-       if (err_chunk)
-               sctp_chunk_free(err_chunk);
  nomem_init:
         sctp_association_free(new_asoc);
  nomem:
+       if (err_chunk)
+               sctp_chunk_free(err_chunk);
         return SCTP_DISPOSITION_NOMEM;
  }
  
@@ -448,7 +443,7 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
         __u32 init_tag;
         struct sctp_chunk *err_chunk;
         struct sctp_packet *packet;
-       __u16 error;
+       sctp_error_t error;
  
         if (!sctp_vtag_verify(chunk, asoc))
                 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
@@ -600,9 +595,10 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
         struct sctp_association *new_asoc;
         sctp_init_chunk_t *peer_init;
         struct sctp_chunk *repl;
-       struct sctp_ulpevent *ev;
+       struct sctp_ulpevent *ev, *ai_ev = NULL;
         int error = 0;
         struct sctp_chunk *err_chk_p;
+       union sctp_addr tmp;
  
         /* If the packet is an OOTB packet which is temporarily on the
          * control endpoint, respond with an ABORT.
@@ -659,20 +655,10 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
                 };
         }
  
-       sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
-       sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
-                       SCTP_STATE(SCTP_STATE_ESTABLISHED));
-       SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
-       SCTP_INC_STATS(SCTP_MIB_PASSIVEESTABS);
-       sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
-
-       if (new_asoc->autoclose)
-               sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
-                               SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
-
-       sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
  
-       /* Re-build the bind address for the association is done in
+       /* Delay state machine commands until later.
+        *
+        * Re-build the bind address for the association is done in
          * the sctp_unpack_cookie() already.
          */
         /* This is a brand-new association, so these are not yet side
@@ -680,16 +666,15 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
          */
         peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
  
+       flip_to_h(&tmp, &chunk->subh.cookie_hdr->c.peer_addr);
         if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
-                              &chunk->subh.cookie_hdr->c.peer_addr,
+                              &tmp,
                                peer_init, GFP_ATOMIC))
                 goto nomem_init;
  
         repl = sctp_make_cookie_ack(new_asoc, chunk);
         if (!repl)
-               goto nomem_repl;
-
-       sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
+               goto nomem_init;
  
         /* RFC 2960 5.1 Normal Establishment of an Association
          *
@@ -704,28 +689,53 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
         if (!ev)
                 goto nomem_ev;
  
-       sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
-
         /* Sockets API Draft Section 5.3.1.6    
          * When a peer sends a Adaption Layer Indication parameter , SCTP
          * delivers this notification to inform the application that of the
          * peers requested adaption layer.
          */
         if (new_asoc->peer.adaption_ind) {
-               ev = sctp_ulpevent_make_adaption_indication(new_asoc,
+               ai_ev = sctp_ulpevent_make_adaption_indication(new_asoc,
                                                             GFP_ATOMIC);
-               if (!ev)
-                       goto nomem_ev;
+               if (!ai_ev)
+                       goto nomem_aiev;
+       }
+
+       /* Add all the state machine commands now since we've created
+        * everything.  This way we don't introduce memory corruptions
+        * during side-effect processing and correclty count established
+        * associations.
+        */
+       sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc));
+       sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
+                       SCTP_STATE(SCTP_STATE_ESTABLISHED));
+       SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
+       SCTP_INC_STATS(SCTP_MIB_PASSIVEESTABS);
+       sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL());
+
+       if (new_asoc->autoclose)
+               sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START,
+                               SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE));
  
+       sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
+
+       /* This will send the COOKIE ACK */
+       sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
+
+       /* Queue the ASSOC_CHANGE event */
+       sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
+
+       /* Send up the Adaptation Layer Indication event */
+       if (ai_ev)
                 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
-                               SCTP_ULPEVENT(ev));
-       }
+                               SCTP_ULPEVENT(ai_ev));
  
         return SCTP_DISPOSITION_CONSUME;
  
+nomem_aiev:
+       sctp_ulpevent_free(ev);
  nomem_ev:
         sctp_chunk_free(repl);
-nomem_repl:
  nomem_init:
         sctp_association_free(new_asoc);
  nomem:
@@ -846,6 +856,7 @@ static sctp_disposition_t sctp_sf_heartbeat(const struct sctp_endpoint *ep,
         hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t));
         hbinfo.daddr = transport->ipaddr;
         hbinfo.sent_at = jiffies;
+       hbinfo.hb_nonce = transport->hb_nonce;
  
         /* Send a heartbeat to our peer.  */
         paylen = sizeof(sctp_sender_hb_info_t);
@@ -877,7 +888,7 @@ sctp_disposition_t sctp_sf_sendbeat_8_3(const struct sctp_endpoint *ep,
                                 SCTP_ERROR(ETIMEDOUT));
                 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
                 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
-                               SCTP_U32(SCTP_ERROR_NO_ERROR));
+                               SCTP_PERR(SCTP_ERROR_NO_ERROR));
                 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
                 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
                 return SCTP_DISPOSITION_DELETE_TCB;
@@ -1048,6 +1059,10 @@ sctp_disposition_t sctp_sf_backbeat_8_3(const struct sctp_endpoint *ep,
                 return SCTP_DISPOSITION_DISCARD;
         }
  
+       /* Validate the 64-bit random nonce. */
+       if (hbinfo->hb_nonce != link->hb_nonce)
+               return SCTP_DISPOSITION_DISCARD;
+
         max_interval = link->hbinterval + link->rto;
  
         /* Check if the timestamp looks valid.  */
@@ -1166,7 +1181,7 @@ static int sctp_sf_check_restart_addrs(const struct sctp_association *new_asoc,
  
         /* If a new address was added, ABORT the sender. */
         if (!found && new_addr) {
-               sctp_sf_send_restart_abort(&new_addr->ipaddr, init, commands);
+               sctp_sf_send_restart_abort(&new_addr->ipaddr_h, init, commands);
         }
  
         /* Return success if all addresses were found. */
@@ -1355,10 +1370,8 @@ static sctp_disposition_t sctp_sf_do_unexpected_init(
         if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
                                sctp_source(chunk),
                                (sctp_init_chunk_t *)chunk->chunk_hdr,
-                              GFP_ATOMIC)) {
-               retval = SCTP_DISPOSITION_NOMEM;
-               goto nomem_init;
-       }
+                              GFP_ATOMIC))
+               goto nomem;
  
         /* Make sure no new addresses are being added during the
          * restart.   Do not do this check for COOKIE-WAIT state,
@@ -1369,7 +1382,7 @@ static sctp_disposition_t sctp_sf_do_unexpected_init(
                 if (!sctp_sf_check_restart_addrs(new_asoc, asoc, chunk,
                                                  commands)) {
                         retval = SCTP_DISPOSITION_CONSUME;
-                       goto cleanup_asoc;
+                       goto nomem_retval;
                 }
         }
  
@@ -1425,17 +1438,17 @@ static sctp_disposition_t sctp_sf_do_unexpected_init(
         sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
         retval = SCTP_DISPOSITION_CONSUME;
  
+       return retval;
+
+nomem:
+       retval = SCTP_DISPOSITION_NOMEM;
+nomem_retval:
+       if (new_asoc)
+               sctp_association_free(new_asoc);
  cleanup:
         if (err_chunk)
                 sctp_chunk_free(err_chunk);
         return retval;
-nomem:
-       retval = SCTP_DISPOSITION_NOMEM;
-       goto cleanup;
-nomem_init:
-cleanup_asoc:
-       sctp_association_free(new_asoc);
-       goto cleanup;
  }
  
  /*
@@ -1606,15 +1619,10 @@ static sctp_disposition_t sctp_sf_do_dupcook_a(const struct sctp_endpoint *ep,
          */
         sctp_add_cmd_sf(commands, SCTP_CMD_PURGE_OUTQUEUE, SCTP_NULL());
  
-       /* Update the content of current association. */
-       sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc));
-
         repl = sctp_make_cookie_ack(new_asoc, chunk);
         if (!repl)
                 goto nomem;
  
-       sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
-
         /* Report association restart to upper layer. */
         ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_RESTART, 0,
                                              new_asoc->c.sinit_num_ostreams,
@@ -1623,6 +1631,9 @@ static sctp_disposition_t sctp_sf_do_dupcook_a(const struct sctp_endpoint *ep,
         if (!ev)
                 goto nomem_ev;
  
+       /* Update the content of current association. */
+       sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc));
+       sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
         sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
         return SCTP_DISPOSITION_CONSUME;
  
@@ -1746,7 +1757,7 @@ static sctp_disposition_t sctp_sf_do_dupcook_d(const struct sctp_endpoint *ep,
                                         sctp_cmd_seq_t *commands,
                                         struct sctp_association *new_asoc)
  {
-       struct sctp_ulpevent *ev = NULL;
+       struct sctp_ulpevent *ev = NULL, *ai_ev = NULL;
         struct sctp_chunk *repl;
  
         /* Clarification from Implementor's Guide:
@@ -1773,29 +1784,25 @@ static sctp_disposition_t sctp_sf_do_dupcook_d(const struct sctp_endpoint *ep,
                  * SCTP user upon reception of a valid COOKIE
                  * ECHO chunk.
                  */
-               ev = sctp_ulpevent_make_assoc_change(new_asoc, 0,
+               ev = sctp_ulpevent_make_assoc_change(asoc, 0,
                                              SCTP_COMM_UP, 0,
-                                            new_asoc->c.sinit_num_ostreams,
-                                            new_asoc->c.sinit_max_instreams,
+                                            asoc->c.sinit_num_ostreams,
+                                            asoc->c.sinit_max_instreams,
                                               GFP_ATOMIC);
                 if (!ev)
                         goto nomem;
-               sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
-                               SCTP_ULPEVENT(ev));
  
                 /* Sockets API Draft Section 5.3.1.6
                  * When a peer sends a Adaption Layer Indication parameter,
                  * SCTP delivers this notification to inform the application
                  * that of the peers requested adaption layer.
                  */
-               if (new_asoc->peer.adaption_ind) {
-                       ev = sctp_ulpevent_make_adaption_indication(new_asoc,
+               if (asoc->peer.adaption_ind) {
+                       ai_ev = sctp_ulpevent_make_adaption_indication(asoc,
                                                                  GFP_ATOMIC);
-                       if (!ev)
+                       if (!ai_ev)
                                 goto nomem;
  
-                       sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
-                                       SCTP_ULPEVENT(ev));
                 }
         }
         sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
@@ -1804,12 +1811,21 @@ static sctp_disposition_t sctp_sf_do_dupcook_d(const struct sctp_endpoint *ep,
         if (!repl)
                 goto nomem;
  
+       if (ev)
+               sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
+                               SCTP_ULPEVENT(ev));
+       if (ai_ev)
+               sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
+                                       SCTP_ULPEVENT(ai_ev));
+
         sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl));
         sctp_add_cmd_sf(commands, SCTP_CMD_TRANSMIT, SCTP_NULL());
  
         return SCTP_DISPOSITION_CONSUME;
  
  nomem:
+       if (ai_ev)
+               sctp_ulpevent_free(ai_ev);
         if (ev)
                 sctp_ulpevent_free(ev);
         return SCTP_DISPOSITION_NOMEM;
@@ -2124,7 +2140,7 @@ static sctp_disposition_t sctp_sf_do_5_2_6_stale(const struct sctp_endpoint *ep,
                 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
                                 SCTP_ERROR(ETIMEDOUT));
                 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
-                               SCTP_U32(SCTP_ERROR_STALE_COOKIE));
+                               SCTP_PERR(SCTP_ERROR_STALE_COOKIE));
                 return SCTP_DISPOSITION_DELETE_TCB;
         }
  
@@ -2236,7 +2252,7 @@ sctp_disposition_t sctp_sf_do_9_1_abort(const struct sctp_endpoint *ep,
  {
         struct sctp_chunk *chunk = arg;
         unsigned len;
-       __u16 error = SCTP_ERROR_NO_ERROR;
+       __be16 error = SCTP_ERROR_NO_ERROR;
  
         if (!sctp_vtag_verify_either(chunk, asoc))
                 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
@@ -2261,7 +2277,7 @@ sctp_disposition_t sctp_sf_do_9_1_abort(const struct sctp_endpoint *ep,
  
         sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNRESET));
         /* ASSOC_FAILED will DELETE_TCB. */
-       sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_U32(error));
+       sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_PERR(error));
         SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
         SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
  
@@ -2281,7 +2297,7 @@ sctp_disposition_t sctp_sf_cookie_wait_abort(const struct sctp_endpoint *ep,
  {
         struct sctp_chunk *chunk = arg;
         unsigned len;
-       __u16 error = SCTP_ERROR_NO_ERROR;
+       __be16 error = SCTP_ERROR_NO_ERROR;
  
         if (!sctp_vtag_verify_either(chunk, asoc))
                 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
@@ -2343,7 +2359,7 @@ sctp_disposition_t sctp_sf_cookie_echoed_abort(const struct sctp_endpoint *ep,
   * This is common code called by several sctp_sf_*_abort() functions above.
   */
  static sctp_disposition_t sctp_stop_t1_and_abort(sctp_cmd_seq_t *commands,
-                                          __u16 error, int sk_err,
+                                          __be16 error, int sk_err,
                                            const struct sctp_association *asoc,
                                            struct sctp_transport *transport)
  {
@@ -2356,7 +2372,7 @@ static sctp_disposition_t sctp_stop_t1_and_abort(sctp_cmd_seq_t *commands,
         sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(sk_err));
         /* CMD_INIT_FAILED will DELETE_TCB. */
         sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
-                       SCTP_U32(error));
+                       SCTP_PERR(error));
         return SCTP_DISPOSITION_ABORT;
  }
  
@@ -2658,9 +2674,11 @@ sctp_disposition_t sctp_sf_eat_data_6_2(const struct sctp_endpoint *ep,
                 break;
         case SCTP_IERROR_HIGH_TSN:
         case SCTP_IERROR_BAD_STREAM:
+               SCTP_INC_STATS(SCTP_MIB_IN_DATA_CHUNK_DISCARDS);
                 goto discard_noforce;
         case SCTP_IERROR_DUP_TSN:
         case SCTP_IERROR_IGNORE_TSN:
+               SCTP_INC_STATS(SCTP_MIB_IN_DATA_CHUNK_DISCARDS);
                 goto discard_force;
         case SCTP_IERROR_NO_DATA:
                 goto consume;
@@ -3012,7 +3030,6 @@ sctp_disposition_t sctp_sf_do_9_2_final(const struct sctp_endpoint *ep,
         if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
                 return sctp_sf_violation_chunklen(ep, asoc, type, arg,
                                                   commands);
-
         /* 10.2 H) SHUTDOWN COMPLETE notification
          *
          * When SCTP completes the shutdown procedures (section 9.2) this
@@ -3023,6 +3040,14 @@ sctp_disposition_t sctp_sf_do_9_2_final(const struct sctp_endpoint *ep,
         if (!ev)
                 goto nomem;
  
+       /* ...send a SHUTDOWN COMPLETE chunk to its peer, */
+       reply = sctp_make_shutdown_complete(asoc, chunk);
+       if (!reply)
+               goto nomem_chunk;
+
+       /* Do all the commands now (after allocation), so that we
+        * have consistent state if memory allocation failes
+        */
         sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
  
         /* Upon the receipt of the SHUTDOWN ACK, the SHUTDOWN sender shall
@@ -3034,11 +3059,6 @@ sctp_disposition_t sctp_sf_do_9_2_final(const struct sctp_endpoint *ep,
         sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
                         SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD));
  
-       /* ...send a SHUTDOWN COMPLETE chunk to its peer, */
-       reply = sctp_make_shutdown_complete(asoc, chunk);
-       if (!reply)
-               goto nomem;
-
         sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
                         SCTP_STATE(SCTP_STATE_CLOSED));
         SCTP_INC_STATS(SCTP_MIB_SHUTDOWNS);
@@ -3049,6 +3069,8 @@ sctp_disposition_t sctp_sf_do_9_2_final(const struct sctp_endpoint *ep,
         sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
         return SCTP_DISPOSITION_DELETE_TCB;
  
+nomem_chunk:
+       sctp_ulpevent_free(ev);
  nomem:
         return SCTP_DISPOSITION_NOMEM;
  }
@@ -3340,7 +3362,7 @@ sctp_disposition_t sctp_sf_do_asconf_ack(const struct sctp_endpoint *ep,
                 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
                                 SCTP_ERROR(ECONNABORTED));
                 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
-                               SCTP_U32(SCTP_ERROR_ASCONF_ACK));
+                               SCTP_PERR(SCTP_ERROR_ASCONF_ACK));
                 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
                 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
                 return SCTP_DISPOSITION_ABORT;
@@ -3368,7 +3390,7 @@ sctp_disposition_t sctp_sf_do_asconf_ack(const struct sctp_endpoint *ep,
                 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
                                 SCTP_ERROR(ECONNABORTED));
                 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
-                               SCTP_U32(SCTP_ERROR_ASCONF_ACK));
+                               SCTP_PERR(SCTP_ERROR_ASCONF_ACK));
                 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
                 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
                 return SCTP_DISPOSITION_ABORT;
@@ -3647,6 +3669,7 @@ sctp_disposition_t sctp_sf_pdiscard(const struct sctp_endpoint *ep,
                                     void *arg,
                                     sctp_cmd_seq_t *commands)
  {
+       SCTP_INC_STATS(SCTP_MIB_IN_PKT_DISCARDS);
         sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET, SCTP_NULL());
  
         return SCTP_DISPOSITION_CONSUME;
@@ -3722,12 +3745,12 @@ static sctp_disposition_t sctp_sf_violation_chunklen(
                 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
                                 SCTP_ERROR(ECONNREFUSED));
                 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
-                               SCTP_U32(SCTP_ERROR_PROTO_VIOLATION));
+                               SCTP_PERR(SCTP_ERROR_PROTO_VIOLATION));
         } else {
                 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
                                 SCTP_ERROR(ECONNABORTED));
                 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
-                               SCTP_U32(SCTP_ERROR_PROTO_VIOLATION));
+                               SCTP_PERR(SCTP_ERROR_PROTO_VIOLATION));
                 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
         }
  
@@ -4026,18 +4049,12 @@ sctp_disposition_t sctp_sf_do_9_1_prm_abort(
          * from its upper layer, but retransmits data to the far end
          * if necessary to fill gaps.
          */
-       struct msghdr *msg = arg;
-       struct sctp_chunk *abort;
+       struct sctp_chunk *abort = arg;
         sctp_disposition_t retval;
  
         retval = SCTP_DISPOSITION_CONSUME;
  
-       /* Generate ABORT chunk to send the peer.  */
-       abort = sctp_make_abort_user(asoc, NULL, msg);
-       if (!abort)
-               retval = SCTP_DISPOSITION_NOMEM;
-       else
-               sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
+       sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
  
         /* Even if we can't send the ABORT due to low memory delete the
          * TCB.  This is a departure from our typical NOMEM handling.
@@ -4047,7 +4064,7 @@ sctp_disposition_t sctp_sf_do_9_1_prm_abort(
                         SCTP_ERROR(ECONNABORTED));
         /* Delete the established association. */
         sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
-                       SCTP_U32(SCTP_ERROR_USER_ABORT));
+                       SCTP_PERR(SCTP_ERROR_USER_ABORT));
  
         SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
         SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
@@ -4161,8 +4178,7 @@ sctp_disposition_t sctp_sf_cookie_wait_prm_abort(
         void *arg,
         sctp_cmd_seq_t *commands)
  {
-       struct msghdr *msg = arg;
-       struct sctp_chunk *abort;
+       struct sctp_chunk *abort = arg;
         sctp_disposition_t retval;
  
         /* Stop T1-init timer */
@@ -4170,12 +4186,7 @@ sctp_disposition_t sctp_sf_cookie_wait_prm_abort(
                         SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
         retval = SCTP_DISPOSITION_CONSUME;
  
-       /* Generate ABORT chunk to send the peer */
-       abort = sctp_make_abort_user(asoc, NULL, msg);
-       if (!abort)
-               retval = SCTP_DISPOSITION_NOMEM;
-       else
-               sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
+       sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
  
         sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
                         SCTP_STATE(SCTP_STATE_CLOSED));
@@ -4190,7 +4201,7 @@ sctp_disposition_t sctp_sf_cookie_wait_prm_abort(
                         SCTP_ERROR(ECONNREFUSED));
         /* Delete the established association. */
         sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
-                       SCTP_U32(SCTP_ERROR_USER_ABORT));
+                       SCTP_PERR(SCTP_ERROR_USER_ABORT));
  
         return retval;
  }
@@ -4555,12 +4566,14 @@ sctp_disposition_t sctp_sf_do_6_3_3_rtx(const struct sctp_endpoint *ep,
  {
         struct sctp_transport *transport = arg;
  
+       SCTP_INC_STATS(SCTP_MIB_T3_RTX_EXPIREDS);
+
         if (asoc->overall_error_count >= asoc->max_retrans) {
                 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
                                 SCTP_ERROR(ETIMEDOUT));
                 /* CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
                 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
-                               SCTP_U32(SCTP_ERROR_NO_ERROR));
+                               SCTP_PERR(SCTP_ERROR_NO_ERROR));
                 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
                 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
                 return SCTP_DISPOSITION_DELETE_TCB;
@@ -4623,6 +4636,7 @@ sctp_disposition_t sctp_sf_do_6_2_sack(const struct sctp_endpoint *ep,
                                        void *arg,
                                        sctp_cmd_seq_t *commands)
  {
+       SCTP_INC_STATS(SCTP_MIB_DELAY_SACK_EXPIREDS);
         sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE());
         return SCTP_DISPOSITION_CONSUME;
  }
@@ -4657,6 +4671,7 @@ sctp_disposition_t sctp_sf_t1_init_timer_expire(const struct sctp_endpoint *ep,
         int attempts = asoc->init_err_counter + 1;
  
         SCTP_DEBUG_PRINTK("Timer T1 expired (INIT).\n");
+       SCTP_INC_STATS(SCTP_MIB_T1_INIT_EXPIREDS);
  
         if (attempts <= asoc->max_init_attempts) {
                 bp = (struct sctp_bind_addr *) &asoc->base.bind_addr;
@@ -4680,7 +4695,7 @@ sctp_disposition_t sctp_sf_t1_init_timer_expire(const struct sctp_endpoint *ep,
                 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
                                 SCTP_ERROR(ETIMEDOUT));
                 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
-                               SCTP_U32(SCTP_ERROR_NO_ERROR));
+                               SCTP_PERR(SCTP_ERROR_NO_ERROR));
                 return SCTP_DISPOSITION_DELETE_TCB;
         }
  
@@ -4716,6 +4731,7 @@ sctp_disposition_t sctp_sf_t1_cookie_timer_expire(const struct sctp_endpoint *ep
         int attempts = asoc->init_err_counter + 1;
  
         SCTP_DEBUG_PRINTK("Timer T1 expired (COOKIE-ECHO).\n");
+       SCTP_INC_STATS(SCTP_MIB_T1_COOKIE_EXPIREDS);
  
         if (attempts <= asoc->max_init_attempts) {
                 repl = sctp_make_cookie_echo(asoc, NULL);
@@ -4731,7 +4747,7 @@ sctp_disposition_t sctp_sf_t1_cookie_timer_expire(const struct sctp_endpoint *ep
                 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
                                 SCTP_ERROR(ETIMEDOUT));
                 sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED,
-                               SCTP_U32(SCTP_ERROR_NO_ERROR));
+                               SCTP_PERR(SCTP_ERROR_NO_ERROR));
                 return SCTP_DISPOSITION_DELETE_TCB;
         }
  
@@ -4760,12 +4776,14 @@ sctp_disposition_t sctp_sf_t2_timer_expire(const struct sctp_endpoint *ep,
         struct sctp_chunk *reply = NULL;
  
         SCTP_DEBUG_PRINTK("Timer T2 expired.\n");
+       SCTP_INC_STATS(SCTP_MIB_T2_SHUTDOWN_EXPIREDS);
+
         if (asoc->overall_error_count >= asoc->max_retrans) {
                 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
                                 SCTP_ERROR(ETIMEDOUT));
                 /* Note:  CMD_ASSOC_FAILED calls CMD_DELETE_TCB. */
                 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
-                               SCTP_U32(SCTP_ERROR_NO_ERROR));
+                               SCTP_PERR(SCTP_ERROR_NO_ERROR));
                 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
                 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
                 return SCTP_DISPOSITION_DELETE_TCB;
@@ -4821,6 +4839,8 @@ sctp_disposition_t sctp_sf_t4_timer_expire(
         struct sctp_chunk *chunk = asoc->addip_last_asconf;
         struct sctp_transport *transport = chunk->transport;
  
+       SCTP_INC_STATS(SCTP_MIB_T4_RTO_EXPIREDS);
+
         /* ADDIP 4.1 B1) Increment the error counters and perform path failure
          * detection on the appropriate destination address as defined in
          * RFC2960 [5] section 8.1 and 8.2.
@@ -4841,7 +4861,7 @@ sctp_disposition_t sctp_sf_t4_timer_expire(
                 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
                                 SCTP_ERROR(ETIMEDOUT));
                 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
-                               SCTP_U32(SCTP_ERROR_NO_ERROR));
+                               SCTP_PERR(SCTP_ERROR_NO_ERROR));
                 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
                 SCTP_INC_STATS(SCTP_MIB_CURRESTAB);
                 return SCTP_DISPOSITION_ABORT;
@@ -4887,6 +4907,7 @@ sctp_disposition_t sctp_sf_t5_timer_expire(const struct sctp_endpoint *ep,
         struct sctp_chunk *reply = NULL;
  
         SCTP_DEBUG_PRINTK("Timer T5 expired.\n");
+       SCTP_INC_STATS(SCTP_MIB_T5_SHUTDOWN_GUARD_EXPIREDS);
  
         reply = sctp_make_abort(asoc, NULL, 0);
         if (!reply)
@@ -4896,7 +4917,7 @@ sctp_disposition_t sctp_sf_t5_timer_expire(const struct sctp_endpoint *ep,
         sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
                         SCTP_ERROR(ETIMEDOUT));
         sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
-                       SCTP_U32(SCTP_ERROR_NO_ERROR));
+                       SCTP_PERR(SCTP_ERROR_NO_ERROR));
  
         return SCTP_DISPOSITION_DELETE_TCB;
  nomem:
@@ -4917,6 +4938,8 @@ sctp_disposition_t sctp_sf_autoclose_timer_expire(
  {
         int disposition;
  
+       SCTP_INC_STATS(SCTP_MIB_AUTOCLOSE_EXPIREDS);
+
         /* From 9.2 Shutdown of an Association
          * Upon receipt of the SHUTDOWN primitive from its upper
          * layer, the endpoint enters SHUTDOWN-PENDING state and
@@ -5082,6 +5105,7 @@ static struct sctp_packet *sctp_ootb_pkt_new(const struct sctp_association *asoc
         __u16 sport;
         __u16 dport;
         __u32 vtag;
+       union sctp_addr tmp;
  
         /* Get the source and destination port from the inbound packet.  */
         sport = ntohs(chunk->sctp_hdr->dest);
@@ -5112,7 +5136,8 @@ static struct sctp_packet *sctp_ootb_pkt_new(const struct sctp_association *asoc
         }
  
         /* Make a transport for the bucket, Eliza... */
-       transport = sctp_transport_new(sctp_source(chunk), GFP_ATOMIC);
+       flip_to_n(&tmp, sctp_source(chunk));
+       transport = sctp_transport_new(&tmp, GFP_ATOMIC);
         if (!transport)
                 goto nomem;
  
@@ -5278,7 +5303,6 @@ static int sctp_eat_data(const struct sctp_association *asoc,
         datalen -= sizeof(sctp_data_chunk_t);
  
         deliver = SCTP_CMD_CHUNK_ULP;
-       chunk->data_accepted = 1;
  
         /* Think about partial delivery. */
         if ((datalen >= asoc->rwnd) && (!asoc->ulpq.pd_mode)) {
@@ -5345,7 +5369,7 @@ static int sctp_eat_data(const struct sctp_association *asoc,
                 sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR,
                                 SCTP_ERROR(ECONNABORTED));
                 sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED,
-                               SCTP_U32(SCTP_ERROR_NO_DATA));
+                               SCTP_PERR(SCTP_ERROR_NO_DATA));
                 SCTP_INC_STATS(SCTP_MIB_ABORTEDS);
                 SCTP_DEC_STATS(SCTP_MIB_CURRESTAB);
                 return SCTP_IERROR_NO_DATA;
@@ -5357,6 +5381,8 @@ static int sctp_eat_data(const struct sctp_association *asoc,
         if (SCTP_CMD_CHUNK_ULP == deliver)
                 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_TSN, SCTP_U32(tsn));
  
+       chunk->data_accepted = 1;
+
         /* Note: Some chunks may get overcounted (if we drop) or overcounted
          * if we renege and the chunk arrives again.
          */