2 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved.
3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * a) Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
12 * b) Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the distribution.
16 * c) Neither the name of Cisco Systems, Inc. nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
30 * THE POSSIBILITY OF SUCH DAMAGE.
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <netinet/sctp_os.h>
37 #include <netinet/sctp_var.h>
38 #include <netinet/sctp_sysctl.h>
39 #include <netinet/sctp_pcb.h>
40 #include <netinet/sctp_header.h>
41 #include <netinet/sctputil.h>
42 #include <netinet/sctp_output.h>
43 #include <netinet/sctp_input.h>
44 #include <netinet/sctp_auth.h>
45 #include <netinet/sctp_indata.h>
46 #include <netinet/sctp_asconf.h>
47 #include <netinet/sctp_bsd_addr.h>
48 #include <netinet/sctp_timer.h>
49 #include <netinet/sctp_crc32.h>
50 #if defined(INET) || defined(INET6)
51 #include <netinet/udp.h>
58 sctp_stop_all_cookie_timers(struct sctp_tcb
*stcb
)
60 struct sctp_nets
*net
;
63 * This now not only stops all cookie timers it also stops any INIT
64 * timers as well. This will make sure that the timers are stopped
65 * in all collision cases.
67 SCTP_TCB_LOCK_ASSERT(stcb
);
68 TAILQ_FOREACH(net
, &stcb
->asoc
.nets
, sctp_next
) {
69 if (net
->rxt_timer
.type
== SCTP_TIMER_TYPE_COOKIE
) {
70 sctp_timer_stop(SCTP_TIMER_TYPE_COOKIE
,
73 net
, SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_1
);
74 } else if (net
->rxt_timer
.type
== SCTP_TIMER_TYPE_INIT
) {
75 sctp_timer_stop(SCTP_TIMER_TYPE_INIT
,
78 net
, SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_2
);
85 sctp_handle_init(struct mbuf
*m
, int iphlen
, int offset
,
86 struct sockaddr
*src
, struct sockaddr
*dst
, struct sctphdr
*sh
,
87 struct sctp_init_chunk
*cp
, struct sctp_inpcb
*inp
,
88 struct sctp_tcb
*stcb
, struct sctp_nets
*net
, int *abort_no_unlock
,
89 uint8_t mflowtype
, uint32_t mflowid
,
90 uint32_t vrf_id
, uint16_t port
)
92 struct sctp_init
*init
;
95 SCTPDBG(SCTP_DEBUG_INPUT2
, "sctp_handle_init: handling INIT tcb:%p\n",
100 /* validate length */
101 if (ntohs(cp
->ch
.chunk_length
) < sizeof(struct sctp_init_chunk
)) {
102 op_err
= sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM
, "");
103 sctp_abort_association(inp
, stcb
, m
, iphlen
, src
, dst
, sh
, op_err
,
107 *abort_no_unlock
= 1;
110 /* validate parameters */
112 if (init
->initiate_tag
== 0) {
113 /* protocol error... send abort */
114 op_err
= sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM
, "");
115 sctp_abort_association(inp
, stcb
, m
, iphlen
, src
, dst
, sh
, op_err
,
119 *abort_no_unlock
= 1;
122 if (ntohl(init
->a_rwnd
) < SCTP_MIN_RWND
) {
123 /* invalid parameter... send abort */
124 op_err
= sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM
, "");
125 sctp_abort_association(inp
, stcb
, m
, iphlen
, src
, dst
, sh
, op_err
,
129 *abort_no_unlock
= 1;
132 if (init
->num_inbound_streams
== 0) {
133 /* protocol error... send abort */
134 op_err
= sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM
, "");
135 sctp_abort_association(inp
, stcb
, m
, iphlen
, src
, dst
, sh
, op_err
,
139 *abort_no_unlock
= 1;
142 if (init
->num_outbound_streams
== 0) {
143 /* protocol error... send abort */
144 op_err
= sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM
, "");
145 sctp_abort_association(inp
, stcb
, m
, iphlen
, src
, dst
, sh
, op_err
,
149 *abort_no_unlock
= 1;
152 if (sctp_validate_init_auth_params(m
, offset
+ sizeof(*cp
),
153 offset
+ ntohs(cp
->ch
.chunk_length
))) {
154 /* auth parameter(s) error... send abort */
155 op_err
= sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code
),
156 "Problem with AUTH parameters");
157 sctp_abort_association(inp
, stcb
, m
, iphlen
, src
, dst
, sh
, op_err
,
161 *abort_no_unlock
= 1;
165 * We are only accepting if we have a socket with positive
168 if ((stcb
== NULL
) &&
169 ((inp
->sctp_flags
& SCTP_PCB_FLAGS_SOCKET_GONE
) ||
170 (inp
->sctp_flags
& SCTP_PCB_FLAGS_SOCKET_ALLGONE
) ||
171 (inp
->sctp_socket
== NULL
) ||
172 (inp
->sctp_socket
->so_qlimit
== 0))) {
174 * FIX ME ?? What about TCP model and we have a
175 * match/restart case? Actually no fix is needed. the lookup
176 * will always find the existing assoc so stcb would not be
177 * NULL. It may be questionable to do this since we COULD
178 * just send back the INIT-ACK and hope that the app did
179 * accept()'s by the time the COOKIE was sent. But there is
180 * a price to pay for COOKIE generation and I don't want to
181 * pay it on the chance that the app will actually do some
182 * accepts(). The App just looses and should NOT be in this
185 if (SCTP_BASE_SYSCTL(sctp_blackhole
) == 0) {
186 op_err
= sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code
),
188 sctp_send_abort(m
, iphlen
, src
, dst
, sh
, 0, op_err
,
189 mflowtype
, mflowid
, inp
->fibnum
,
194 if ((stcb
!= NULL
) &&
195 (SCTP_GET_STATE(&stcb
->asoc
) == SCTP_STATE_SHUTDOWN_ACK_SENT
)) {
196 SCTPDBG(SCTP_DEBUG_INPUT3
, "sctp_handle_init: sending SHUTDOWN-ACK\n");
197 sctp_send_shutdown_ack(stcb
, NULL
);
198 sctp_chunk_output(inp
, stcb
, SCTP_OUTPUT_FROM_CONTROL_PROC
, SCTP_SO_NOT_LOCKED
);
200 SCTPDBG(SCTP_DEBUG_INPUT3
, "sctp_handle_init: sending INIT-ACK\n");
201 sctp_send_initiate_ack(inp
, stcb
, net
, m
, iphlen
, offset
,
205 ((stcb
== NULL
) ? SCTP_HOLDS_LOCK
: SCTP_NOT_LOCKED
));
209 SCTP_INP_RUNLOCK(inp
);
214 * process peer "INIT/INIT-ACK" chunk returns value < 0 on error
218 sctp_is_there_unsent_data(struct sctp_tcb
*stcb
, int so_locked
219 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING)
226 struct sctp_stream_queue_pending
*sp
;
227 struct sctp_association
*asoc
;
230 * This function returns the number of streams that have true unsent
231 * data on them. Note that as it looks through it will clean up any
232 * places that have old data that has been sent but left at top of
236 SCTP_TCB_SEND_LOCK(stcb
);
237 if (!stcb
->asoc
.ss_functions
.sctp_ss_is_empty(stcb
, asoc
)) {
238 /* Check to see if some data queued */
239 for (i
= 0; i
< stcb
->asoc
.streamoutcnt
; i
++) {
240 /* sa_ignore FREED_MEMORY */
241 sp
= TAILQ_FIRST(&stcb
->asoc
.strmout
[i
].outqueue
);
245 if ((sp
->msg_is_complete
) &&
247 (sp
->sender_all_done
)) {
249 * We are doing differed cleanup. Last time
250 * through when we took all the data the
251 * sender_all_done was not set.
253 if (sp
->put_last_out
== 0) {
254 SCTP_PRINTF("Gak, put out entire msg with NO end!-1\n");
255 SCTP_PRINTF("sender_done:%d len:%d msg_comp:%d put_last_out:%d\n",
261 atomic_subtract_int(&stcb
->asoc
.stream_queue_cnt
, 1);
262 TAILQ_REMOVE(&stcb
->asoc
.strmout
[i
].outqueue
, sp
, next
);
264 sctp_free_remote_addr(sp
->net
);
268 sctp_m_freem(sp
->data
);
271 sctp_free_a_strmoq(stcb
, sp
, so_locked
);
278 SCTP_TCB_SEND_UNLOCK(stcb
);
279 return (unsent_data
);
283 sctp_process_init(struct sctp_init_chunk
*cp
, struct sctp_tcb
*stcb
)
285 struct sctp_init
*init
;
286 struct sctp_association
*asoc
;
287 struct sctp_nets
*lnet
;
292 /* save off parameters */
293 asoc
->peer_vtag
= ntohl(init
->initiate_tag
);
294 asoc
->peers_rwnd
= ntohl(init
->a_rwnd
);
296 asoc
->highest_tsn_inside_map
= asoc
->asconf_seq_in
= ntohl(init
->initial_tsn
) - 1;
298 if (!TAILQ_EMPTY(&asoc
->nets
)) {
299 /* update any ssthresh's that may have a default */
300 TAILQ_FOREACH(lnet
, &asoc
->nets
, sctp_next
) {
301 lnet
->ssthresh
= asoc
->peers_rwnd
;
302 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & (SCTP_CWND_MONITOR_ENABLE
| SCTP_CWND_LOGGING_ENABLE
)) {
303 sctp_log_cwnd(stcb
, lnet
, 0, SCTP_CWND_INITIALIZATION
);
307 SCTP_TCB_SEND_LOCK(stcb
);
308 if (asoc
->pre_open_streams
> ntohs(init
->num_inbound_streams
)) {
310 struct sctp_stream_out
*outs
;
311 struct sctp_stream_queue_pending
*sp
, *nsp
;
312 struct sctp_tmit_chunk
*chk
, *nchk
;
314 /* abandon the upper streams */
315 newcnt
= ntohs(init
->num_inbound_streams
);
316 TAILQ_FOREACH_SAFE(chk
, &asoc
->send_queue
, sctp_next
, nchk
) {
317 if (chk
->rec
.data
.stream_number
>= newcnt
) {
318 TAILQ_REMOVE(&asoc
->send_queue
, chk
, sctp_next
);
319 asoc
->send_queue_cnt
--;
320 if (asoc
->strmout
[chk
->rec
.data
.stream_number
].chunks_on_queues
> 0) {
321 asoc
->strmout
[chk
->rec
.data
.stream_number
].chunks_on_queues
--;
324 panic("No chunks on the queues for sid %u.", chk
->rec
.data
.stream_number
);
327 if (chk
->data
!= NULL
) {
328 sctp_free_bufspace(stcb
, asoc
, chk
, 1);
329 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL
, stcb
,
330 0, chk
, SCTP_SO_NOT_LOCKED
);
332 sctp_m_freem(chk
->data
);
336 sctp_free_a_chunk(stcb
, chk
, SCTP_SO_NOT_LOCKED
);
337 /* sa_ignore FREED_MEMORY */
341 for (i
= newcnt
; i
< asoc
->pre_open_streams
; i
++) {
342 outs
= &asoc
->strmout
[i
];
343 TAILQ_FOREACH_SAFE(sp
, &outs
->outqueue
, next
, nsp
) {
344 TAILQ_REMOVE(&outs
->outqueue
, sp
, next
);
345 asoc
->stream_queue_cnt
--;
346 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL
,
347 stcb
, 0, sp
, SCTP_SO_NOT_LOCKED
);
349 sctp_m_freem(sp
->data
);
353 sctp_free_remote_addr(sp
->net
);
357 sctp_free_a_strmoq(stcb
, sp
, SCTP_SO_NOT_LOCKED
);
358 /* sa_ignore FREED_MEMORY */
360 outs
->state
= SCTP_STREAM_CLOSED
;
363 /* cut back the count */
364 asoc
->pre_open_streams
= newcnt
;
366 SCTP_TCB_SEND_UNLOCK(stcb
);
367 asoc
->streamoutcnt
= asoc
->pre_open_streams
;
369 for (i
= 0; i
< asoc
->streamoutcnt
; i
++) {
370 asoc
->strmout
[i
].state
= SCTP_STREAM_OPEN
;
373 /* EY - nr_sack: initialize highest tsn in nr_mapping_array */
374 asoc
->highest_tsn_inside_nr_map
= asoc
->highest_tsn_inside_map
;
375 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_MAP_LOGGING_ENABLE
) {
376 sctp_log_map(0, 5, asoc
->highest_tsn_inside_map
, SCTP_MAP_SLIDE_RESULT
);
378 /* This is the next one we expect */
379 asoc
->str_reset_seq_in
= asoc
->asconf_seq_in
+ 1;
381 asoc
->mapping_array_base_tsn
= ntohl(init
->initial_tsn
);
382 asoc
->tsn_last_delivered
= asoc
->cumulative_tsn
= asoc
->asconf_seq_in
;
384 asoc
->advanced_peer_ack_point
= asoc
->last_acked_seq
;
385 /* open the requested streams */
387 if (asoc
->strmin
!= NULL
) {
388 /* Free the old ones */
389 for (i
= 0; i
< asoc
->streamincnt
; i
++) {
390 sctp_clean_up_stream(stcb
, &asoc
->strmin
[i
].inqueue
);
391 sctp_clean_up_stream(stcb
, &asoc
->strmin
[i
].uno_inqueue
);
393 SCTP_FREE(asoc
->strmin
, SCTP_M_STRMI
);
395 if (asoc
->max_inbound_streams
> ntohs(init
->num_outbound_streams
)) {
396 asoc
->streamincnt
= ntohs(init
->num_outbound_streams
);
398 asoc
->streamincnt
= asoc
->max_inbound_streams
;
400 SCTP_MALLOC(asoc
->strmin
, struct sctp_stream_in
*, asoc
->streamincnt
*
401 sizeof(struct sctp_stream_in
), SCTP_M_STRMI
);
402 if (asoc
->strmin
== NULL
) {
403 /* we didn't get memory for the streams! */
404 SCTPDBG(SCTP_DEBUG_INPUT2
, "process_init: couldn't get memory for the streams!\n");
407 for (i
= 0; i
< asoc
->streamincnt
; i
++) {
408 asoc
->strmin
[i
].stream_no
= i
;
409 asoc
->strmin
[i
].last_sequence_delivered
= 0xffffffff;
410 TAILQ_INIT(&asoc
->strmin
[i
].inqueue
);
411 TAILQ_INIT(&asoc
->strmin
[i
].uno_inqueue
);
412 asoc
->strmin
[i
].pd_api_started
= 0;
413 asoc
->strmin
[i
].delivery_started
= 0;
416 * load_address_from_init will put the addresses into the
417 * association when the COOKIE is processed or the INIT-ACK is
418 * processed. Both types of COOKIE's existing and new call this
419 * routine. It will remove addresses that are no longer in the
420 * association (for the restarting case where addresses are
421 * removed). Up front when the INIT arrives we will discard it if it
422 * is a restart and new addresses have been added.
424 /* sa_ignore MEMLEAK */
429 * INIT-ACK message processing/consumption returns value < 0 on error
432 sctp_process_init_ack(struct mbuf
*m
, int iphlen
, int offset
,
433 struct sockaddr
*src
, struct sockaddr
*dst
, struct sctphdr
*sh
,
434 struct sctp_init_ack_chunk
*cp
, struct sctp_tcb
*stcb
,
435 struct sctp_nets
*net
, int *abort_no_unlock
,
436 uint8_t mflowtype
, uint32_t mflowid
,
439 struct sctp_association
*asoc
;
441 int retval
, abort_flag
;
442 uint32_t initack_limit
;
443 int nat_friendly
= 0;
445 /* First verify that we have no illegal param's */
448 op_err
= sctp_arethere_unrecognized_parameters(m
,
449 (offset
+ sizeof(struct sctp_init_chunk
)),
450 &abort_flag
, (struct sctp_chunkhdr
*)cp
, &nat_friendly
);
452 /* Send an abort and notify peer */
453 sctp_abort_an_association(stcb
->sctp_ep
, stcb
, op_err
, SCTP_SO_NOT_LOCKED
);
454 *abort_no_unlock
= 1;
458 asoc
->peer_supports_nat
= (uint8_t) nat_friendly
;
459 /* process the peer's parameters in the INIT-ACK */
460 retval
= sctp_process_init((struct sctp_init_chunk
*)cp
, stcb
);
464 initack_limit
= offset
+ ntohs(cp
->ch
.chunk_length
);
465 /* load all addresses */
466 if ((retval
= sctp_load_addresses_from_init(stcb
, m
,
467 (offset
+ sizeof(struct sctp_init_chunk
)), initack_limit
,
468 src
, dst
, NULL
, stcb
->asoc
.port
))) {
469 op_err
= sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code
),
470 "Problem with address parameters");
471 SCTPDBG(SCTP_DEBUG_INPUT1
,
472 "Load addresses from INIT causes an abort %d\n",
474 sctp_abort_association(stcb
->sctp_ep
, stcb
, m
, iphlen
,
475 src
, dst
, sh
, op_err
,
478 *abort_no_unlock
= 1;
481 /* if the peer doesn't support asconf, flush the asconf queue */
482 if (asoc
->asconf_supported
== 0) {
483 struct sctp_asconf_addr
*param
, *nparam
;
485 TAILQ_FOREACH_SAFE(param
, &asoc
->asconf_queue
, next
, nparam
) {
486 TAILQ_REMOVE(&asoc
->asconf_queue
, param
, next
);
487 SCTP_FREE(param
, SCTP_M_ASC_ADDR
);
490 stcb
->asoc
.peer_hmac_id
= sctp_negotiate_hmacid(stcb
->asoc
.peer_hmacs
,
491 stcb
->asoc
.local_hmacs
);
493 sctp_queue_op_err(stcb
, op_err
);
494 /* queuing will steal away the mbuf chain to the out queue */
497 /* extract the cookie and queue it to "echo" it back... */
498 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_THRESHOLD_LOGGING
) {
499 sctp_misc_ints(SCTP_THRESHOLD_CLEAR
,
500 stcb
->asoc
.overall_error_count
,
502 SCTP_FROM_SCTP_INPUT
,
505 stcb
->asoc
.overall_error_count
= 0;
506 net
->error_count
= 0;
509 * Cancel the INIT timer, We do this first before queueing the
510 * cookie. We always cancel at the primary to assue that we are
511 * canceling the timer started by the INIT which always goes to the
514 sctp_timer_stop(SCTP_TIMER_TYPE_INIT
, stcb
->sctp_ep
, stcb
,
515 asoc
->primary_destination
, SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_3
);
517 /* calculate the RTO */
518 net
->RTO
= sctp_calculate_rto(stcb
, asoc
, net
, &asoc
->time_entered
, sctp_align_safe_nocopy
,
519 SCTP_RTT_FROM_NON_DATA
);
520 retval
= sctp_send_cookie_echo(m
, offset
, stcb
, net
);
523 * No cookie, we probably should send a op error. But in any
524 * case if there is no cookie in the INIT-ACK, we can
525 * abandon the peer, its broke.
530 len
= (uint16_t) (sizeof(struct sctp_error_missing_param
) + sizeof(uint16_t));
531 /* We abort with an error of missing mandatory param */
532 op_err
= sctp_get_mbuf_for_msg(len
, 0, M_NOWAIT
, 1, MT_DATA
);
533 if (op_err
!= NULL
) {
534 struct sctp_error_missing_param
*cause
;
536 SCTP_BUF_LEN(op_err
) = len
;
537 cause
= mtod(op_err
, struct sctp_error_missing_param
*);
538 /* Subtract the reserved param */
539 cause
->cause
.code
= htons(SCTP_CAUSE_MISSING_PARAM
);
540 cause
->cause
.length
= htons(len
);
541 cause
->num_missing_params
= htonl(1);
542 cause
->type
[0] = htons(SCTP_STATE_COOKIE
);
544 sctp_abort_association(stcb
->sctp_ep
, stcb
, m
, iphlen
,
545 src
, dst
, sh
, op_err
,
548 *abort_no_unlock
= 1;
556 sctp_handle_heartbeat_ack(struct sctp_heartbeat_chunk
*cp
,
557 struct sctp_tcb
*stcb
, struct sctp_nets
*net
)
559 union sctp_sockstore store
;
560 struct sctp_nets
*r_net
, *f_net
;
563 uint16_t old_error_counter
;
565 if (ntohs(cp
->ch
.chunk_length
) != sizeof(struct sctp_heartbeat_chunk
)) {
569 memset(&store
, 0, sizeof(store
));
570 switch (cp
->heartbeat
.hb_info
.addr_family
) {
573 if (cp
->heartbeat
.hb_info
.addr_len
== sizeof(struct sockaddr_in
)) {
574 store
.sin
.sin_family
= cp
->heartbeat
.hb_info
.addr_family
;
575 store
.sin
.sin_len
= cp
->heartbeat
.hb_info
.addr_len
;
576 store
.sin
.sin_port
= stcb
->rport
;
577 memcpy(&store
.sin
.sin_addr
, cp
->heartbeat
.hb_info
.address
,
578 sizeof(store
.sin
.sin_addr
));
586 if (cp
->heartbeat
.hb_info
.addr_len
== sizeof(struct sockaddr_in6
)) {
587 store
.sin6
.sin6_family
= cp
->heartbeat
.hb_info
.addr_family
;
588 store
.sin6
.sin6_len
= cp
->heartbeat
.hb_info
.addr_len
;
589 store
.sin6
.sin6_port
= stcb
->rport
;
590 memcpy(&store
.sin6
.sin6_addr
, cp
->heartbeat
.hb_info
.address
, sizeof(struct in6_addr
));
599 r_net
= sctp_findnet(stcb
, &store
.sa
);
601 SCTPDBG(SCTP_DEBUG_INPUT1
, "Huh? I can't find the address I sent it to, discard\n");
604 if ((r_net
&& (r_net
->dest_state
& SCTP_ADDR_UNCONFIRMED
)) &&
605 (r_net
->heartbeat_random1
== cp
->heartbeat
.hb_info
.random_value1
) &&
606 (r_net
->heartbeat_random2
== cp
->heartbeat
.hb_info
.random_value2
)) {
608 * If the its a HB and it's random value is correct when can
609 * confirm the destination.
611 r_net
->dest_state
&= ~SCTP_ADDR_UNCONFIRMED
;
612 if (r_net
->dest_state
& SCTP_ADDR_REQ_PRIMARY
) {
613 stcb
->asoc
.primary_destination
= r_net
;
614 r_net
->dest_state
&= ~SCTP_ADDR_REQ_PRIMARY
;
615 f_net
= TAILQ_FIRST(&stcb
->asoc
.nets
);
616 if (f_net
!= r_net
) {
618 * first one on the list is NOT the primary
619 * sctp_cmpaddr() is much more efficient if
620 * the primary is the first on the list,
623 TAILQ_REMOVE(&stcb
->asoc
.nets
, r_net
, sctp_next
);
624 TAILQ_INSERT_HEAD(&stcb
->asoc
.nets
, r_net
, sctp_next
);
628 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED
,
629 stcb
, 0, (void *)r_net
, SCTP_SO_NOT_LOCKED
);
630 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT
, stcb
->sctp_ep
, stcb
,
631 r_net
, SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_4
);
632 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT
, stcb
->sctp_ep
, stcb
, r_net
);
634 old_error_counter
= r_net
->error_count
;
635 r_net
->error_count
= 0;
636 r_net
->hb_responded
= 1;
637 tv
.tv_sec
= cp
->heartbeat
.hb_info
.time_value_1
;
638 tv
.tv_usec
= cp
->heartbeat
.hb_info
.time_value_2
;
639 /* Now lets do a RTO with this */
640 r_net
->RTO
= sctp_calculate_rto(stcb
, &stcb
->asoc
, r_net
, &tv
, sctp_align_safe_nocopy
,
641 SCTP_RTT_FROM_NON_DATA
);
642 if (!(r_net
->dest_state
& SCTP_ADDR_REACHABLE
)) {
643 r_net
->dest_state
|= SCTP_ADDR_REACHABLE
;
644 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP
, stcb
,
645 0, (void *)r_net
, SCTP_SO_NOT_LOCKED
);
647 if (r_net
->dest_state
& SCTP_ADDR_PF
) {
648 r_net
->dest_state
&= ~SCTP_ADDR_PF
;
649 stcb
->asoc
.cc_functions
.sctp_cwnd_update_exit_pf(stcb
, net
);
651 if (old_error_counter
> 0) {
652 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT
, stcb
->sctp_ep
,
653 stcb
, r_net
, SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_5
);
654 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT
, stcb
->sctp_ep
, stcb
, r_net
);
656 if (r_net
== stcb
->asoc
.primary_destination
) {
657 if (stcb
->asoc
.alternate
) {
658 /* release the alternate, primary is good */
659 sctp_free_remote_addr(stcb
->asoc
.alternate
);
660 stcb
->asoc
.alternate
= NULL
;
663 /* Mobility adaptation */
665 if ((sctp_is_mobility_feature_on(stcb
->sctp_ep
,
666 SCTP_MOBILITY_BASE
) ||
667 sctp_is_mobility_feature_on(stcb
->sctp_ep
,
668 SCTP_MOBILITY_FASTHANDOFF
)) &&
669 sctp_is_mobility_feature_on(stcb
->sctp_ep
,
670 SCTP_MOBILITY_PRIM_DELETED
)) {
672 sctp_timer_stop(SCTP_TIMER_TYPE_PRIM_DELETED
,
673 stcb
->sctp_ep
, stcb
, NULL
,
674 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_6
);
675 if (sctp_is_mobility_feature_on(stcb
->sctp_ep
,
676 SCTP_MOBILITY_FASTHANDOFF
)) {
677 sctp_assoc_immediate_retrans(stcb
,
678 stcb
->asoc
.primary_destination
);
680 if (sctp_is_mobility_feature_on(stcb
->sctp_ep
,
681 SCTP_MOBILITY_BASE
)) {
682 sctp_move_chunks_from_net(stcb
,
683 stcb
->asoc
.deleted_primary
);
685 sctp_delete_prim_timer(stcb
->sctp_ep
, stcb
,
686 stcb
->asoc
.deleted_primary
);
692 sctp_handle_nat_colliding_state(struct sctp_tcb
*stcb
)
695 * return 0 means we want you to proceed with the abort non-zero
696 * means no abort processing
698 struct sctpasochead
*head
;
700 if (SCTP_GET_STATE(&stcb
->asoc
) == SCTP_STATE_COOKIE_WAIT
) {
701 /* generate a new vtag and send init */
702 LIST_REMOVE(stcb
, sctp_asocs
);
703 stcb
->asoc
.my_vtag
= sctp_select_a_tag(stcb
->sctp_ep
, stcb
->sctp_ep
->sctp_lport
, stcb
->rport
, 1);
704 head
= &SCTP_BASE_INFO(sctp_asochash
)[SCTP_PCBHASH_ASOC(stcb
->asoc
.my_vtag
, SCTP_BASE_INFO(hashasocmark
))];
706 * put it in the bucket in the vtag hash of assoc's for the
709 LIST_INSERT_HEAD(head
, stcb
, sctp_asocs
);
710 sctp_send_initiate(stcb
->sctp_ep
, stcb
, SCTP_SO_NOT_LOCKED
);
713 if (SCTP_GET_STATE(&stcb
->asoc
) == SCTP_STATE_COOKIE_ECHOED
) {
715 * treat like a case where the cookie expired i.e.: - dump
716 * current cookie. - generate a new vtag. - resend init.
718 /* generate a new vtag and send init */
719 LIST_REMOVE(stcb
, sctp_asocs
);
720 stcb
->asoc
.state
&= ~SCTP_STATE_COOKIE_ECHOED
;
721 stcb
->asoc
.state
|= SCTP_STATE_COOKIE_WAIT
;
722 sctp_stop_all_cookie_timers(stcb
);
723 sctp_toss_old_cookies(stcb
, &stcb
->asoc
);
724 stcb
->asoc
.my_vtag
= sctp_select_a_tag(stcb
->sctp_ep
, stcb
->sctp_ep
->sctp_lport
, stcb
->rport
, 1);
725 head
= &SCTP_BASE_INFO(sctp_asochash
)[SCTP_PCBHASH_ASOC(stcb
->asoc
.my_vtag
, SCTP_BASE_INFO(hashasocmark
))];
727 * put it in the bucket in the vtag hash of assoc's for the
730 LIST_INSERT_HEAD(head
, stcb
, sctp_asocs
);
731 sctp_send_initiate(stcb
->sctp_ep
, stcb
, SCTP_SO_NOT_LOCKED
);
738 sctp_handle_nat_missing_state(struct sctp_tcb
*stcb
,
739 struct sctp_nets
*net
)
742 * return 0 means we want you to proceed with the abort non-zero
743 * means no abort processing
745 if (stcb
->asoc
.auth_supported
== 0) {
746 SCTPDBG(SCTP_DEBUG_INPUT2
, "sctp_handle_nat_missing_state: Peer does not support AUTH, cannot send an asconf\n");
749 sctp_asconf_send_nat_state_update(stcb
, net
);
755 sctp_handle_abort(struct sctp_abort_chunk
*abort
,
756 struct sctp_tcb
*stcb
, struct sctp_nets
*net
)
758 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
765 SCTPDBG(SCTP_DEBUG_INPUT2
, "sctp_handle_abort: handling ABORT\n");
769 len
= ntohs(abort
->ch
.chunk_length
);
770 if (len
> sizeof(struct sctp_chunkhdr
)) {
772 * Need to check the cause codes for our two magic nat
773 * aborts which don't kill the assoc necessarily.
775 struct sctp_gen_error_cause
*cause
;
777 cause
= (struct sctp_gen_error_cause
*)(abort
+ 1);
778 error
= ntohs(cause
->code
);
779 if (error
== SCTP_CAUSE_NAT_COLLIDING_STATE
) {
780 SCTPDBG(SCTP_DEBUG_INPUT2
, "Received Colliding state abort flags:%x\n",
781 abort
->ch
.chunk_flags
);
782 if (sctp_handle_nat_colliding_state(stcb
)) {
785 } else if (error
== SCTP_CAUSE_NAT_MISSING_STATE
) {
786 SCTPDBG(SCTP_DEBUG_INPUT2
, "Received missing state abort flags:%x\n",
787 abort
->ch
.chunk_flags
);
788 if (sctp_handle_nat_missing_state(stcb
, net
)) {
795 /* stop any receive timers */
796 sctp_timer_stop(SCTP_TIMER_TYPE_RECV
, stcb
->sctp_ep
, stcb
, net
,
797 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_7
);
798 /* notify user of the abort and clean up... */
799 sctp_abort_notification(stcb
, 1, error
, abort
, SCTP_SO_NOT_LOCKED
);
801 SCTP_STAT_INCR_COUNTER32(sctps_aborted
);
802 if ((SCTP_GET_STATE(&stcb
->asoc
) == SCTP_STATE_OPEN
) ||
803 (SCTP_GET_STATE(&stcb
->asoc
) == SCTP_STATE_SHUTDOWN_RECEIVED
)) {
804 SCTP_STAT_DECR_GAUGE32(sctps_currestab
);
806 #ifdef SCTP_ASOCLOG_OF_TSNS
807 sctp_print_out_track_log(stcb
);
809 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
810 so
= SCTP_INP_SO(stcb
->sctp_ep
);
811 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
812 SCTP_TCB_UNLOCK(stcb
);
813 SCTP_SOCKET_LOCK(so
, 1);
815 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
817 stcb
->asoc
.state
|= SCTP_STATE_WAS_ABORTED
;
818 (void)sctp_free_assoc(stcb
->sctp_ep
, stcb
, SCTP_NORMAL_PROC
,
819 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_8
);
820 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
821 SCTP_SOCKET_UNLOCK(so
, 1);
823 SCTPDBG(SCTP_DEBUG_INPUT2
, "sctp_handle_abort: finished\n");
827 sctp_start_net_timers(struct sctp_tcb
*stcb
)
829 uint32_t cnt_hb_sent
;
830 struct sctp_nets
*net
;
833 TAILQ_FOREACH(net
, &stcb
->asoc
.nets
, sctp_next
) {
835 * For each network start: 1) A pmtu timer. 2) A HB timer 3)
836 * If the dest in unconfirmed send a hb as well if under
837 * max_hb_burst have been sent.
839 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE
, stcb
->sctp_ep
, stcb
, net
);
840 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT
, stcb
->sctp_ep
, stcb
, net
);
841 if ((net
->dest_state
& SCTP_ADDR_UNCONFIRMED
) &&
842 (cnt_hb_sent
< SCTP_BASE_SYSCTL(sctp_hb_maxburst
))) {
843 sctp_send_hb(stcb
, net
, SCTP_SO_NOT_LOCKED
);
848 sctp_chunk_output(stcb
->sctp_ep
, stcb
,
849 SCTP_OUTPUT_FROM_COOKIE_ACK
,
856 sctp_handle_shutdown(struct sctp_shutdown_chunk
*cp
,
857 struct sctp_tcb
*stcb
, struct sctp_nets
*net
, int *abort_flag
)
859 struct sctp_association
*asoc
;
860 int some_on_streamwheel
;
863 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
868 SCTPDBG(SCTP_DEBUG_INPUT2
,
869 "sctp_handle_shutdown: handling SHUTDOWN\n");
873 if ((SCTP_GET_STATE(asoc
) == SCTP_STATE_COOKIE_WAIT
) ||
874 (SCTP_GET_STATE(asoc
) == SCTP_STATE_COOKIE_ECHOED
)) {
877 if (ntohs(cp
->ch
.chunk_length
) != sizeof(struct sctp_shutdown_chunk
)) {
878 /* Shutdown NOT the expected size */
881 old_state
= SCTP_GET_STATE(asoc
);
882 sctp_update_acked(stcb
, cp
, abort_flag
);
886 if (asoc
->control_pdapi
) {
888 * With a normal shutdown we assume the end of last record.
890 SCTP_INP_READ_LOCK(stcb
->sctp_ep
);
891 if (asoc
->control_pdapi
->on_strm_q
) {
892 struct sctp_stream_in
*strm
;
894 strm
= &asoc
->strmin
[asoc
->control_pdapi
->sinfo_stream
];
895 if (asoc
->control_pdapi
->on_strm_q
== SCTP_ON_UNORDERED
) {
897 TAILQ_REMOVE(&strm
->uno_inqueue
, asoc
->control_pdapi
, next_instrm
);
898 asoc
->control_pdapi
->on_strm_q
= 0;
899 } else if (asoc
->control_pdapi
->on_strm_q
== SCTP_ON_ORDERED
) {
901 TAILQ_REMOVE(&strm
->inqueue
, asoc
->control_pdapi
, next_instrm
);
902 asoc
->control_pdapi
->on_strm_q
= 0;
905 panic("Unknown state on ctrl:%p on_strm_q:%d",
907 asoc
->control_pdapi
->on_strm_q
);
911 asoc
->control_pdapi
->end_added
= 1;
912 asoc
->control_pdapi
->pdapi_aborted
= 1;
913 asoc
->control_pdapi
= NULL
;
914 SCTP_INP_READ_UNLOCK(stcb
->sctp_ep
);
915 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
916 so
= SCTP_INP_SO(stcb
->sctp_ep
);
917 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
918 SCTP_TCB_UNLOCK(stcb
);
919 SCTP_SOCKET_LOCK(so
, 1);
921 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
922 if (stcb
->asoc
.state
& SCTP_STATE_CLOSED_SOCKET
) {
923 /* assoc was freed while we were unlocked */
924 SCTP_SOCKET_UNLOCK(so
, 1);
928 if (stcb
->sctp_socket
) {
929 sctp_sorwakeup(stcb
->sctp_ep
, stcb
->sctp_socket
);
931 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
932 SCTP_SOCKET_UNLOCK(so
, 1);
935 /* goto SHUTDOWN_RECEIVED state to block new requests */
936 if (stcb
->sctp_socket
) {
937 if ((SCTP_GET_STATE(asoc
) != SCTP_STATE_SHUTDOWN_RECEIVED
) &&
938 (SCTP_GET_STATE(asoc
) != SCTP_STATE_SHUTDOWN_ACK_SENT
) &&
939 (SCTP_GET_STATE(asoc
) != SCTP_STATE_SHUTDOWN_SENT
)) {
940 SCTP_SET_STATE(asoc
, SCTP_STATE_SHUTDOWN_RECEIVED
);
941 SCTP_CLEAR_SUBSTATE(asoc
, SCTP_STATE_SHUTDOWN_PENDING
);
943 * notify upper layer that peer has initiated a
946 sctp_ulp_notify(SCTP_NOTIFY_PEER_SHUTDOWN
, stcb
, 0, NULL
, SCTP_SO_NOT_LOCKED
);
949 (void)SCTP_GETTIME_TIMEVAL(&asoc
->time_entered
);
952 if (SCTP_GET_STATE(asoc
) == SCTP_STATE_SHUTDOWN_SENT
) {
954 * stop the shutdown timer, since we WILL move to
957 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN
, stcb
->sctp_ep
, stcb
,
958 net
, SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_9
);
960 /* Now is there unsent data on a stream somewhere? */
961 some_on_streamwheel
= sctp_is_there_unsent_data(stcb
, SCTP_SO_NOT_LOCKED
);
963 if (!TAILQ_EMPTY(&asoc
->send_queue
) ||
964 !TAILQ_EMPTY(&asoc
->sent_queue
) ||
965 some_on_streamwheel
) {
966 /* By returning we will push more data out */
969 /* no outstanding data to send, so move on... */
970 /* send SHUTDOWN-ACK */
971 /* move to SHUTDOWN-ACK-SENT state */
972 if ((SCTP_GET_STATE(asoc
) == SCTP_STATE_OPEN
) ||
973 (SCTP_GET_STATE(asoc
) == SCTP_STATE_SHUTDOWN_RECEIVED
)) {
974 SCTP_STAT_DECR_GAUGE32(sctps_currestab
);
976 SCTP_CLEAR_SUBSTATE(asoc
, SCTP_STATE_SHUTDOWN_PENDING
);
977 if (SCTP_GET_STATE(asoc
) != SCTP_STATE_SHUTDOWN_ACK_SENT
) {
978 SCTP_SET_STATE(asoc
, SCTP_STATE_SHUTDOWN_ACK_SENT
);
979 sctp_stop_timers_for_shutdown(stcb
);
980 sctp_send_shutdown_ack(stcb
, net
);
981 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK
,
982 stcb
->sctp_ep
, stcb
, net
);
983 } else if (old_state
== SCTP_STATE_SHUTDOWN_ACK_SENT
) {
984 sctp_send_shutdown_ack(stcb
, net
);
990 sctp_handle_shutdown_ack(struct sctp_shutdown_ack_chunk
*cp SCTP_UNUSED
,
991 struct sctp_tcb
*stcb
,
992 struct sctp_nets
*net
)
994 struct sctp_association
*asoc
;
996 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
999 so
= SCTP_INP_SO(stcb
->sctp_ep
);
1001 SCTPDBG(SCTP_DEBUG_INPUT2
,
1002 "sctp_handle_shutdown_ack: handling SHUTDOWN ACK\n");
1007 /* process according to association state */
1008 if ((SCTP_GET_STATE(asoc
) == SCTP_STATE_COOKIE_WAIT
) ||
1009 (SCTP_GET_STATE(asoc
) == SCTP_STATE_COOKIE_ECHOED
)) {
1010 /* unexpected SHUTDOWN-ACK... do OOTB handling... */
1011 sctp_send_shutdown_complete(stcb
, net
, 1);
1012 SCTP_TCB_UNLOCK(stcb
);
1015 if ((SCTP_GET_STATE(asoc
) != SCTP_STATE_SHUTDOWN_SENT
) &&
1016 (SCTP_GET_STATE(asoc
) != SCTP_STATE_SHUTDOWN_ACK_SENT
)) {
1017 /* unexpected SHUTDOWN-ACK... so ignore... */
1018 SCTP_TCB_UNLOCK(stcb
);
1021 if (asoc
->control_pdapi
) {
1023 * With a normal shutdown we assume the end of last record.
1025 SCTP_INP_READ_LOCK(stcb
->sctp_ep
);
1026 asoc
->control_pdapi
->end_added
= 1;
1027 asoc
->control_pdapi
->pdapi_aborted
= 1;
1028 asoc
->control_pdapi
= NULL
;
1029 SCTP_INP_READ_UNLOCK(stcb
->sctp_ep
);
1030 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1031 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
1032 SCTP_TCB_UNLOCK(stcb
);
1033 SCTP_SOCKET_LOCK(so
, 1);
1034 SCTP_TCB_LOCK(stcb
);
1035 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
1036 if (stcb
->asoc
.state
& SCTP_STATE_CLOSED_SOCKET
) {
1037 /* assoc was freed while we were unlocked */
1038 SCTP_SOCKET_UNLOCK(so
, 1);
1042 sctp_sorwakeup(stcb
->sctp_ep
, stcb
->sctp_socket
);
1043 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1044 SCTP_SOCKET_UNLOCK(so
, 1);
1048 if (!TAILQ_EMPTY(&asoc
->send_queue
) ||
1049 !TAILQ_EMPTY(&asoc
->sent_queue
) ||
1050 !stcb
->asoc
.ss_functions
.sctp_ss_is_empty(stcb
, asoc
)) {
1051 panic("Queues are not empty when handling SHUTDOWN-ACK");
1054 /* stop the timer */
1055 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN
, stcb
->sctp_ep
, stcb
, net
,
1056 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_10
);
1057 /* send SHUTDOWN-COMPLETE */
1058 sctp_send_shutdown_complete(stcb
, net
, 0);
1059 /* notify upper layer protocol */
1060 if (stcb
->sctp_socket
) {
1061 if ((stcb
->sctp_ep
->sctp_flags
& SCTP_PCB_FLAGS_TCPTYPE
) ||
1062 (stcb
->sctp_ep
->sctp_flags
& SCTP_PCB_FLAGS_IN_TCPPOOL
)) {
1063 stcb
->sctp_socket
->so_snd
.sb_cc
= 0;
1065 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN
, stcb
, 0, NULL
, SCTP_SO_NOT_LOCKED
);
1067 SCTP_STAT_INCR_COUNTER32(sctps_shutdown
);
1068 /* free the TCB but first save off the ep */
1069 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1070 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
1071 SCTP_TCB_UNLOCK(stcb
);
1072 SCTP_SOCKET_LOCK(so
, 1);
1073 SCTP_TCB_LOCK(stcb
);
1074 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
1076 (void)sctp_free_assoc(stcb
->sctp_ep
, stcb
, SCTP_NORMAL_PROC
,
1077 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_11
);
1078 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1079 SCTP_SOCKET_UNLOCK(so
, 1);
1084 * Skip past the param header and then we will find the chunk that caused the
1085 * problem. There are two possibilities ASCONF or FWD-TSN other than that and
1086 * our peer must be broken.
1089 sctp_process_unrecog_chunk(struct sctp_tcb
*stcb
, struct sctp_paramhdr
*phdr
,
1090 struct sctp_nets
*net
)
1092 struct sctp_chunkhdr
*chk
;
1094 chk
= (struct sctp_chunkhdr
*)((caddr_t
)phdr
+ sizeof(*phdr
));
1095 switch (chk
->chunk_type
) {
1096 case SCTP_ASCONF_ACK
:
1098 sctp_asconf_cleanup(stcb
, net
);
1100 case SCTP_IFORWARD_CUM_TSN
:
1101 case SCTP_FORWARD_CUM_TSN
:
1102 stcb
->asoc
.prsctp_supported
= 0;
1105 SCTPDBG(SCTP_DEBUG_INPUT2
,
1106 "Peer does not support chunk type %d(%x)??\n",
1107 chk
->chunk_type
, (uint32_t) chk
->chunk_type
);
1113 * Skip past the param header and then we will find the param that caused the
1114 * problem. There are a number of param's in a ASCONF OR the prsctp param
1115 * these will turn of specific features.
1116 * XXX: Is this the right thing to do?
1119 sctp_process_unrecog_param(struct sctp_tcb
*stcb
, struct sctp_paramhdr
*phdr
)
1121 struct sctp_paramhdr
*pbad
;
1124 switch (ntohs(pbad
->param_type
)) {
1126 case SCTP_PRSCTP_SUPPORTED
:
1127 stcb
->asoc
.prsctp_supported
= 0;
1129 case SCTP_SUPPORTED_CHUNK_EXT
:
1131 /* draft-ietf-tsvwg-addip-sctp */
1132 case SCTP_HAS_NAT_SUPPORT
:
1133 stcb
->asoc
.peer_supports_nat
= 0;
1135 case SCTP_ADD_IP_ADDRESS
:
1136 case SCTP_DEL_IP_ADDRESS
:
1137 case SCTP_SET_PRIM_ADDR
:
1138 stcb
->asoc
.asconf_supported
= 0;
1140 case SCTP_SUCCESS_REPORT
:
1141 case SCTP_ERROR_CAUSE_IND
:
1142 SCTPDBG(SCTP_DEBUG_INPUT2
, "Huh, the peer does not support success? or error cause?\n");
1143 SCTPDBG(SCTP_DEBUG_INPUT2
,
1144 "Turning off ASCONF to this strange peer\n");
1145 stcb
->asoc
.asconf_supported
= 0;
1148 SCTPDBG(SCTP_DEBUG_INPUT2
,
1149 "Peer does not support param type %d(%x)??\n",
1150 pbad
->param_type
, (uint32_t) pbad
->param_type
);
1156 sctp_handle_error(struct sctp_chunkhdr
*ch
,
1157 struct sctp_tcb
*stcb
, struct sctp_nets
*net
)
1160 struct sctp_paramhdr
*phdr
;
1161 uint16_t error
, error_type
;
1163 struct sctp_association
*asoc
;
1166 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1171 /* parse through all of the errors and process */
1173 phdr
= (struct sctp_paramhdr
*)((caddr_t
)ch
+
1174 sizeof(struct sctp_chunkhdr
));
1175 chklen
= ntohs(ch
->chunk_length
) - sizeof(struct sctp_chunkhdr
);
1177 while ((size_t)chklen
>= sizeof(struct sctp_paramhdr
)) {
1178 /* Process an Error Cause */
1179 error_type
= ntohs(phdr
->param_type
);
1180 error_len
= ntohs(phdr
->param_length
);
1181 if ((error_len
> chklen
) || (error_len
== 0)) {
1182 /* invalid param length for this param */
1183 SCTPDBG(SCTP_DEBUG_INPUT1
, "Bogus length in error param- chunk left:%d errorlen:%d\n",
1188 /* report the first error cause */
1191 switch (error_type
) {
1192 case SCTP_CAUSE_INVALID_STREAM
:
1193 case SCTP_CAUSE_MISSING_PARAM
:
1194 case SCTP_CAUSE_INVALID_PARAM
:
1195 case SCTP_CAUSE_NO_USER_DATA
:
1196 SCTPDBG(SCTP_DEBUG_INPUT1
, "Software error we got a %d back? We have a bug :/ (or do they?)\n",
1199 case SCTP_CAUSE_NAT_COLLIDING_STATE
:
1200 SCTPDBG(SCTP_DEBUG_INPUT2
, "Received Colliding state abort flags:%x\n",
1202 if (sctp_handle_nat_colliding_state(stcb
)) {
1206 case SCTP_CAUSE_NAT_MISSING_STATE
:
1207 SCTPDBG(SCTP_DEBUG_INPUT2
, "Received missing state abort flags:%x\n",
1209 if (sctp_handle_nat_missing_state(stcb
, net
)) {
1213 case SCTP_CAUSE_STALE_COOKIE
:
1215 * We only act if we have echoed a cookie and are
1218 if (SCTP_GET_STATE(asoc
) == SCTP_STATE_COOKIE_ECHOED
) {
1221 p
= (int *)((caddr_t
)phdr
+ sizeof(*phdr
));
1222 /* Save the time doubled */
1223 asoc
->cookie_preserve_req
= ntohl(*p
) << 1;
1224 asoc
->stale_cookie_count
++;
1225 if (asoc
->stale_cookie_count
>
1226 asoc
->max_init_times
) {
1227 sctp_abort_notification(stcb
, 0, 0, NULL
, SCTP_SO_NOT_LOCKED
);
1228 /* now free the asoc */
1229 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1230 so
= SCTP_INP_SO(stcb
->sctp_ep
);
1231 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
1232 SCTP_TCB_UNLOCK(stcb
);
1233 SCTP_SOCKET_LOCK(so
, 1);
1234 SCTP_TCB_LOCK(stcb
);
1235 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
1237 (void)sctp_free_assoc(stcb
->sctp_ep
, stcb
, SCTP_NORMAL_PROC
,
1238 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_12
);
1239 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1240 SCTP_SOCKET_UNLOCK(so
, 1);
1244 /* blast back to INIT state */
1245 sctp_toss_old_cookies(stcb
, &stcb
->asoc
);
1246 asoc
->state
&= ~SCTP_STATE_COOKIE_ECHOED
;
1247 asoc
->state
|= SCTP_STATE_COOKIE_WAIT
;
1248 sctp_stop_all_cookie_timers(stcb
);
1249 sctp_send_initiate(stcb
->sctp_ep
, stcb
, SCTP_SO_NOT_LOCKED
);
1252 case SCTP_CAUSE_UNRESOLVABLE_ADDR
:
1254 * Nothing we can do here, we don't do hostname
1255 * addresses so if the peer does not like my IPv6
1256 * (or IPv4 for that matter) it does not matter. If
1257 * they don't support that type of address, they can
1258 * NOT possibly get that packet type... i.e. with no
1259 * IPv6 you can't receive a IPv6 packet. so we can
1260 * safely ignore this one. If we ever added support
1261 * for HOSTNAME Addresses, then we would need to do
1265 case SCTP_CAUSE_UNRECOG_CHUNK
:
1266 sctp_process_unrecog_chunk(stcb
, phdr
, net
);
1268 case SCTP_CAUSE_UNRECOG_PARAM
:
1269 sctp_process_unrecog_param(stcb
, phdr
);
1271 case SCTP_CAUSE_COOKIE_IN_SHUTDOWN
:
1273 * We ignore this since the timer will drive out a
1274 * new cookie anyway and there timer will drive us
1275 * to send a SHUTDOWN_COMPLETE. We can't send one
1276 * here since we don't have their tag.
1279 case SCTP_CAUSE_DELETING_LAST_ADDR
:
1280 case SCTP_CAUSE_RESOURCE_SHORTAGE
:
1281 case SCTP_CAUSE_DELETING_SRC_ADDR
:
1283 * We should NOT get these here, but in a
1286 SCTPDBG(SCTP_DEBUG_INPUT2
, "Peer sends ASCONF errors in a Operational Error?<%d>?\n",
1289 case SCTP_CAUSE_OUT_OF_RESC
:
1291 * And what, pray tell do we do with the fact that
1292 * the peer is out of resources? Not really sure we
1293 * could do anything but abort. I suspect this
1294 * should have came WITH an abort instead of in a
1299 SCTPDBG(SCTP_DEBUG_INPUT1
, "sctp_handle_error: unknown error type = 0x%xh\n",
1303 adjust
= SCTP_SIZE32(error_len
);
1305 phdr
= (struct sctp_paramhdr
*)((caddr_t
)phdr
+ adjust
);
1307 sctp_ulp_notify(SCTP_NOTIFY_REMOTE_ERROR
, stcb
, error
, ch
, SCTP_SO_NOT_LOCKED
);
1312 sctp_handle_init_ack(struct mbuf
*m
, int iphlen
, int offset
,
1313 struct sockaddr
*src
, struct sockaddr
*dst
, struct sctphdr
*sh
,
1314 struct sctp_init_ack_chunk
*cp
, struct sctp_tcb
*stcb
,
1315 struct sctp_nets
*net
, int *abort_no_unlock
,
1316 uint8_t mflowtype
, uint32_t mflowid
,
1319 struct sctp_init_ack
*init_ack
;
1320 struct mbuf
*op_err
;
1322 SCTPDBG(SCTP_DEBUG_INPUT2
,
1323 "sctp_handle_init_ack: handling INIT-ACK\n");
1326 SCTPDBG(SCTP_DEBUG_INPUT2
,
1327 "sctp_handle_init_ack: TCB is null\n");
1330 if (ntohs(cp
->ch
.chunk_length
) < sizeof(struct sctp_init_ack_chunk
)) {
1331 /* Invalid length */
1332 op_err
= sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM
, "");
1333 sctp_abort_association(stcb
->sctp_ep
, stcb
, m
, iphlen
,
1334 src
, dst
, sh
, op_err
,
1337 *abort_no_unlock
= 1;
1340 init_ack
= &cp
->init
;
1341 /* validate parameters */
1342 if (init_ack
->initiate_tag
== 0) {
1343 /* protocol error... send an abort */
1344 op_err
= sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM
, "");
1345 sctp_abort_association(stcb
->sctp_ep
, stcb
, m
, iphlen
,
1346 src
, dst
, sh
, op_err
,
1349 *abort_no_unlock
= 1;
1352 if (ntohl(init_ack
->a_rwnd
) < SCTP_MIN_RWND
) {
1353 /* protocol error... send an abort */
1354 op_err
= sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM
, "");
1355 sctp_abort_association(stcb
->sctp_ep
, stcb
, m
, iphlen
,
1356 src
, dst
, sh
, op_err
,
1359 *abort_no_unlock
= 1;
1362 if (init_ack
->num_inbound_streams
== 0) {
1363 /* protocol error... send an abort */
1364 op_err
= sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM
, "");
1365 sctp_abort_association(stcb
->sctp_ep
, stcb
, m
, iphlen
,
1366 src
, dst
, sh
, op_err
,
1369 *abort_no_unlock
= 1;
1372 if (init_ack
->num_outbound_streams
== 0) {
1373 /* protocol error... send an abort */
1374 op_err
= sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM
, "");
1375 sctp_abort_association(stcb
->sctp_ep
, stcb
, m
, iphlen
,
1376 src
, dst
, sh
, op_err
,
1379 *abort_no_unlock
= 1;
1382 /* process according to association state... */
1383 switch (stcb
->asoc
.state
& SCTP_STATE_MASK
) {
1384 case SCTP_STATE_COOKIE_WAIT
:
1385 /* this is the expected state for this chunk */
1386 /* process the INIT-ACK parameters */
1387 if (stcb
->asoc
.primary_destination
->dest_state
&
1388 SCTP_ADDR_UNCONFIRMED
) {
1390 * The primary is where we sent the INIT, we can
1391 * always consider it confirmed when the INIT-ACK is
1392 * returned. Do this before we load addresses
1395 stcb
->asoc
.primary_destination
->dest_state
&=
1396 ~SCTP_ADDR_UNCONFIRMED
;
1397 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED
,
1398 stcb
, 0, (void *)stcb
->asoc
.primary_destination
, SCTP_SO_NOT_LOCKED
);
1400 if (sctp_process_init_ack(m
, iphlen
, offset
, src
, dst
, sh
, cp
, stcb
,
1401 net
, abort_no_unlock
,
1404 /* error in parsing parameters */
1407 /* update our state */
1408 SCTPDBG(SCTP_DEBUG_INPUT2
, "moving to COOKIE-ECHOED state\n");
1409 SCTP_SET_STATE(&stcb
->asoc
, SCTP_STATE_COOKIE_ECHOED
);
1411 /* reset the RTO calc */
1412 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_THRESHOLD_LOGGING
) {
1413 sctp_misc_ints(SCTP_THRESHOLD_CLEAR
,
1414 stcb
->asoc
.overall_error_count
,
1416 SCTP_FROM_SCTP_INPUT
,
1419 stcb
->asoc
.overall_error_count
= 0;
1420 (void)SCTP_GETTIME_TIMEVAL(&stcb
->asoc
.time_entered
);
1422 * collapse the init timer back in case of a exponential
1425 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE
, stcb
->sctp_ep
,
1428 * the send at the end of the inbound data processing will
1429 * cause the cookie to be sent
1432 case SCTP_STATE_SHUTDOWN_SENT
:
1433 /* incorrect state... discard */
1435 case SCTP_STATE_COOKIE_ECHOED
:
1436 /* incorrect state... discard */
1438 case SCTP_STATE_OPEN
:
1439 /* incorrect state... discard */
1441 case SCTP_STATE_EMPTY
:
1442 case SCTP_STATE_INUSE
:
1444 /* incorrect state... discard */
1448 SCTPDBG(SCTP_DEBUG_INPUT1
, "Leaving handle-init-ack end\n");
1452 static struct sctp_tcb
*
1453 sctp_process_cookie_new(struct mbuf
*m
, int iphlen
, int offset
,
1454 struct sockaddr
*src
, struct sockaddr
*dst
,
1455 struct sctphdr
*sh
, struct sctp_state_cookie
*cookie
, int cookie_len
,
1456 struct sctp_inpcb
*inp
, struct sctp_nets
**netp
,
1457 struct sockaddr
*init_src
, int *notification
,
1458 int auth_skipped
, uint32_t auth_offset
, uint32_t auth_len
,
1459 uint8_t mflowtype
, uint32_t mflowid
,
1460 uint32_t vrf_id
, uint16_t port
);
1464 * handle a state cookie for an existing association m: input packet mbuf
1465 * chain-- assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a
1466 * "split" mbuf and the cookie signature does not exist offset: offset into
1467 * mbuf to the cookie-echo chunk
1469 static struct sctp_tcb
*
1470 sctp_process_cookie_existing(struct mbuf
*m
, int iphlen
, int offset
,
1471 struct sockaddr
*src
, struct sockaddr
*dst
,
1472 struct sctphdr
*sh
, struct sctp_state_cookie
*cookie
, int cookie_len
,
1473 struct sctp_inpcb
*inp
, struct sctp_tcb
*stcb
, struct sctp_nets
**netp
,
1474 struct sockaddr
*init_src
, int *notification
,
1475 int auth_skipped
, uint32_t auth_offset
, uint32_t auth_len
,
1476 uint8_t mflowtype
, uint32_t mflowid
,
1477 uint32_t vrf_id
, uint16_t port
)
1479 struct sctp_association
*asoc
;
1480 struct sctp_init_chunk
*init_cp
, init_buf
;
1481 struct sctp_init_ack_chunk
*initack_cp
, initack_buf
;
1482 struct sctp_nets
*net
;
1483 struct mbuf
*op_err
;
1484 int init_offset
, initack_offset
, i
;
1489 #if defined(SCTP_DETAILED_STR_STATS)
1495 /* I know that the TCB is non-NULL from the caller */
1497 for (how_indx
= 0; how_indx
< sizeof(asoc
->cookie_how
); how_indx
++) {
1498 if (asoc
->cookie_how
[how_indx
] == 0)
1501 if (how_indx
< sizeof(asoc
->cookie_how
)) {
1502 asoc
->cookie_how
[how_indx
] = 1;
1504 if (SCTP_GET_STATE(asoc
) == SCTP_STATE_SHUTDOWN_ACK_SENT
) {
1505 /* SHUTDOWN came in after sending INIT-ACK */
1506 sctp_send_shutdown_ack(stcb
, stcb
->asoc
.primary_destination
);
1507 op_err
= sctp_generate_cause(SCTP_CAUSE_COOKIE_IN_SHUTDOWN
, "");
1508 sctp_send_operr_to(src
, dst
, sh
, cookie
->peers_vtag
, op_err
,
1509 mflowtype
, mflowid
, inp
->fibnum
,
1511 if (how_indx
< sizeof(asoc
->cookie_how
))
1512 asoc
->cookie_how
[how_indx
] = 2;
1516 * find and validate the INIT chunk in the cookie (peer's info) the
1517 * INIT should start after the cookie-echo header struct (chunk
1518 * header, state cookie header struct)
1520 init_offset
= offset
+= sizeof(struct sctp_cookie_echo_chunk
);
1522 init_cp
= (struct sctp_init_chunk
*)
1523 sctp_m_getptr(m
, init_offset
, sizeof(struct sctp_init_chunk
),
1524 (uint8_t *) & init_buf
);
1525 if (init_cp
== NULL
) {
1526 /* could not pull a INIT chunk in cookie */
1529 if (init_cp
->ch
.chunk_type
!= SCTP_INITIATION
) {
1533 * find and validate the INIT-ACK chunk in the cookie (my info) the
1534 * INIT-ACK follows the INIT chunk
1536 initack_offset
= init_offset
+ SCTP_SIZE32(ntohs(init_cp
->ch
.chunk_length
));
1537 initack_cp
= (struct sctp_init_ack_chunk
*)
1538 sctp_m_getptr(m
, initack_offset
, sizeof(struct sctp_init_ack_chunk
),
1539 (uint8_t *) & initack_buf
);
1540 if (initack_cp
== NULL
) {
1541 /* could not pull INIT-ACK chunk in cookie */
1544 if (initack_cp
->ch
.chunk_type
!= SCTP_INITIATION_ACK
) {
1547 if ((ntohl(initack_cp
->init
.initiate_tag
) == asoc
->my_vtag
) &&
1548 (ntohl(init_cp
->init
.initiate_tag
) == asoc
->peer_vtag
)) {
1550 * case D in Section 5.2.4 Table 2: MMAA process accordingly
1551 * to get into the OPEN state
1553 if (ntohl(initack_cp
->init
.initial_tsn
) != asoc
->init_seq_number
) {
1555 * Opps, this means that we somehow generated two vtag's
1556 * the same. I.e. we did:
1558 * <---INIT(tag=a)------
1559 * ----INIT-ACK(tag=t)-->
1560 * ----INIT(tag=t)------> *1
1561 * <---INIT-ACK(tag=a)---
1562 * <----CE(tag=t)------------- *2
1564 * At point *1 we should be generating a different
1565 * tag t'. Which means we would throw away the CE and send
1566 * ours instead. Basically this is case C (throw away side).
1568 if (how_indx
< sizeof(asoc
->cookie_how
))
1569 asoc
->cookie_how
[how_indx
] = 17;
1573 switch (SCTP_GET_STATE(asoc
)) {
1574 case SCTP_STATE_COOKIE_WAIT
:
1575 case SCTP_STATE_COOKIE_ECHOED
:
1577 * INIT was sent but got a COOKIE_ECHO with the
1578 * correct tags... just accept it...but we must
1579 * process the init so that we can make sure we have
1580 * the right seq no's.
1582 /* First we must process the INIT !! */
1583 retval
= sctp_process_init(init_cp
, stcb
);
1585 if (how_indx
< sizeof(asoc
->cookie_how
))
1586 asoc
->cookie_how
[how_indx
] = 3;
1589 /* we have already processed the INIT so no problem */
1590 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT
, inp
,
1592 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_13
);
1593 sctp_timer_stop(SCTP_TIMER_TYPE_INIT
, inp
,
1595 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_14
);
1596 /* update current state */
1597 if (SCTP_GET_STATE(asoc
) == SCTP_STATE_COOKIE_ECHOED
)
1598 SCTP_STAT_INCR_COUNTER32(sctps_activeestab
);
1600 SCTP_STAT_INCR_COUNTER32(sctps_collisionestab
);
1602 SCTP_SET_STATE(asoc
, SCTP_STATE_OPEN
);
1603 if (asoc
->state
& SCTP_STATE_SHUTDOWN_PENDING
) {
1604 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD
,
1605 stcb
->sctp_ep
, stcb
, asoc
->primary_destination
);
1607 SCTP_STAT_INCR_GAUGE32(sctps_currestab
);
1608 sctp_stop_all_cookie_timers(stcb
);
1609 if (((stcb
->sctp_ep
->sctp_flags
& SCTP_PCB_FLAGS_TCPTYPE
) ||
1610 (stcb
->sctp_ep
->sctp_flags
& SCTP_PCB_FLAGS_IN_TCPPOOL
)) &&
1611 (inp
->sctp_socket
->so_qlimit
== 0)
1613 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1618 * Here is where collision would go if we
1619 * did a connect() and instead got a
1620 * init/init-ack/cookie done before the
1621 * init-ack came back..
1623 stcb
->sctp_ep
->sctp_flags
|=
1624 SCTP_PCB_FLAGS_CONNECTED
;
1625 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1626 so
= SCTP_INP_SO(stcb
->sctp_ep
);
1627 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
1628 SCTP_TCB_UNLOCK(stcb
);
1629 SCTP_SOCKET_LOCK(so
, 1);
1630 SCTP_TCB_LOCK(stcb
);
1631 atomic_add_int(&stcb
->asoc
.refcnt
, -1);
1632 if (stcb
->asoc
.state
& SCTP_STATE_CLOSED_SOCKET
) {
1633 SCTP_SOCKET_UNLOCK(so
, 1);
1637 soisconnected(stcb
->sctp_socket
);
1638 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1639 SCTP_SOCKET_UNLOCK(so
, 1);
1642 /* notify upper layer */
1643 *notification
= SCTP_NOTIFY_ASSOC_UP
;
1645 * since we did not send a HB make sure we don't
1648 net
->hb_responded
= 1;
1649 net
->RTO
= sctp_calculate_rto(stcb
, asoc
, net
,
1650 &cookie
->time_entered
,
1651 sctp_align_unsafe_makecopy
,
1652 SCTP_RTT_FROM_NON_DATA
);
1654 if (stcb
->asoc
.sctp_autoclose_ticks
&&
1655 (sctp_is_feature_on(inp
, SCTP_PCB_FLAGS_AUTOCLOSE
))) {
1656 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE
,
1662 * we're in the OPEN state (or beyond), so peer must
1663 * have simply lost the COOKIE-ACK
1667 sctp_stop_all_cookie_timers(stcb
);
1669 * We ignore the return code here.. not sure if we should
1670 * somehow abort.. but we do have an existing asoc. This
1671 * really should not fail.
1673 if (sctp_load_addresses_from_init(stcb
, m
,
1674 init_offset
+ sizeof(struct sctp_init_chunk
),
1675 initack_offset
, src
, dst
, init_src
, stcb
->asoc
.port
)) {
1676 if (how_indx
< sizeof(asoc
->cookie_how
))
1677 asoc
->cookie_how
[how_indx
] = 4;
1680 /* respond with a COOKIE-ACK */
1681 sctp_toss_old_cookies(stcb
, asoc
);
1682 sctp_send_cookie_ack(stcb
);
1683 if (how_indx
< sizeof(asoc
->cookie_how
))
1684 asoc
->cookie_how
[how_indx
] = 5;
1687 if (ntohl(initack_cp
->init
.initiate_tag
) != asoc
->my_vtag
&&
1688 ntohl(init_cp
->init
.initiate_tag
) == asoc
->peer_vtag
&&
1689 cookie
->tie_tag_my_vtag
== 0 &&
1690 cookie
->tie_tag_peer_vtag
== 0) {
1692 * case C in Section 5.2.4 Table 2: XMOO silently discard
1694 if (how_indx
< sizeof(asoc
->cookie_how
))
1695 asoc
->cookie_how
[how_indx
] = 6;
1699 * If nat support, and the below and stcb is established, send back
1700 * a ABORT(colliding state) if we are established.
1702 if ((SCTP_GET_STATE(asoc
) == SCTP_STATE_OPEN
) &&
1703 (asoc
->peer_supports_nat
) &&
1704 ((ntohl(initack_cp
->init
.initiate_tag
) == asoc
->my_vtag
) &&
1705 ((ntohl(init_cp
->init
.initiate_tag
) != asoc
->peer_vtag
) ||
1706 (asoc
->peer_vtag
== 0)))) {
1708 * Special case - Peer's support nat. We may have two init's
1709 * that we gave out the same tag on since one was not
1710 * established.. i.e. we get INIT from host-1 behind the nat
1711 * and we respond tag-a, we get a INIT from host-2 behind
1712 * the nat and we get tag-a again. Then we bring up host-1
1713 * (or 2's) assoc, Then comes the cookie from hsot-2 (or 1).
1714 * Now we have colliding state. We must send an abort here
1715 * with colliding state indication.
1717 op_err
= sctp_generate_cause(SCTP_CAUSE_NAT_COLLIDING_STATE
, "");
1718 sctp_send_abort(m
, iphlen
, src
, dst
, sh
, 0, op_err
,
1719 mflowtype
, mflowid
, inp
->fibnum
,
1723 if ((ntohl(initack_cp
->init
.initiate_tag
) == asoc
->my_vtag
) &&
1724 ((ntohl(init_cp
->init
.initiate_tag
) != asoc
->peer_vtag
) ||
1725 (asoc
->peer_vtag
== 0))) {
1727 * case B in Section 5.2.4 Table 2: MXAA or MOAA my info
1728 * should be ok, re-accept peer info
1730 if (ntohl(initack_cp
->init
.initial_tsn
) != asoc
->init_seq_number
) {
1732 * Extension of case C. If we hit this, then the
1733 * random number generator returned the same vtag
1734 * when we first sent our INIT-ACK and when we later
1735 * sent our INIT. The side with the seq numbers that
1736 * are different will be the one that normnally
1737 * would have hit case C. This in effect "extends"
1738 * our vtags in this collision case to be 64 bits.
1739 * The same collision could occur aka you get both
1740 * vtag and seq number the same twice in a row.. but
1741 * is much less likely. If it did happen then we
1742 * would proceed through and bring up the assoc.. we
1743 * may end up with the wrong stream setup however..
1744 * which would be bad.. but there is no way to
1745 * tell.. until we send on a stream that does not
1748 if (how_indx
< sizeof(asoc
->cookie_how
))
1749 asoc
->cookie_how
[how_indx
] = 7;
1753 if (how_indx
< sizeof(asoc
->cookie_how
))
1754 asoc
->cookie_how
[how_indx
] = 8;
1755 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT
, inp
, stcb
, net
,
1756 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_15
);
1757 sctp_stop_all_cookie_timers(stcb
);
1759 * since we did not send a HB make sure we don't double
1762 net
->hb_responded
= 1;
1763 if (stcb
->asoc
.sctp_autoclose_ticks
&&
1764 sctp_is_feature_on(inp
, SCTP_PCB_FLAGS_AUTOCLOSE
)) {
1765 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE
, inp
, stcb
,
1768 asoc
->my_rwnd
= ntohl(initack_cp
->init
.a_rwnd
);
1769 asoc
->pre_open_streams
= ntohs(initack_cp
->init
.num_outbound_streams
);
1771 if (ntohl(init_cp
->init
.initiate_tag
) != asoc
->peer_vtag
) {
1773 * Ok the peer probably discarded our data (if we
1774 * echoed a cookie+data). So anything on the
1775 * sent_queue should be marked for retransmit, we
1776 * may not get something to kick us so it COULD
1777 * still take a timeout to move these.. but it can't
1778 * hurt to mark them.
1780 struct sctp_tmit_chunk
*chk
;
1782 TAILQ_FOREACH(chk
, &stcb
->asoc
.sent_queue
, sctp_next
) {
1783 if (chk
->sent
< SCTP_DATAGRAM_RESEND
) {
1784 chk
->sent
= SCTP_DATAGRAM_RESEND
;
1785 sctp_flight_size_decrease(chk
);
1786 sctp_total_flight_decrease(stcb
, chk
);
1787 sctp_ucount_incr(stcb
->asoc
.sent_queue_retran_cnt
);
1793 /* process the INIT info (peer's info) */
1794 retval
= sctp_process_init(init_cp
, stcb
);
1796 if (how_indx
< sizeof(asoc
->cookie_how
))
1797 asoc
->cookie_how
[how_indx
] = 9;
1800 if (sctp_load_addresses_from_init(stcb
, m
,
1801 init_offset
+ sizeof(struct sctp_init_chunk
),
1802 initack_offset
, src
, dst
, init_src
, stcb
->asoc
.port
)) {
1803 if (how_indx
< sizeof(asoc
->cookie_how
))
1804 asoc
->cookie_how
[how_indx
] = 10;
1807 if ((asoc
->state
& SCTP_STATE_COOKIE_WAIT
) ||
1808 (asoc
->state
& SCTP_STATE_COOKIE_ECHOED
)) {
1809 *notification
= SCTP_NOTIFY_ASSOC_UP
;
1811 if (((stcb
->sctp_ep
->sctp_flags
& SCTP_PCB_FLAGS_TCPTYPE
) ||
1812 (stcb
->sctp_ep
->sctp_flags
& SCTP_PCB_FLAGS_IN_TCPPOOL
)) &&
1813 (inp
->sctp_socket
->so_qlimit
== 0)) {
1814 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1818 stcb
->sctp_ep
->sctp_flags
|=
1819 SCTP_PCB_FLAGS_CONNECTED
;
1820 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1821 so
= SCTP_INP_SO(stcb
->sctp_ep
);
1822 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
1823 SCTP_TCB_UNLOCK(stcb
);
1824 SCTP_SOCKET_LOCK(so
, 1);
1825 SCTP_TCB_LOCK(stcb
);
1826 atomic_add_int(&stcb
->asoc
.refcnt
, -1);
1827 if (stcb
->asoc
.state
& SCTP_STATE_CLOSED_SOCKET
) {
1828 SCTP_SOCKET_UNLOCK(so
, 1);
1832 soisconnected(stcb
->sctp_socket
);
1833 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1834 SCTP_SOCKET_UNLOCK(so
, 1);
1837 if (SCTP_GET_STATE(asoc
) == SCTP_STATE_COOKIE_ECHOED
)
1838 SCTP_STAT_INCR_COUNTER32(sctps_activeestab
);
1840 SCTP_STAT_INCR_COUNTER32(sctps_collisionestab
);
1841 SCTP_STAT_INCR_GAUGE32(sctps_currestab
);
1842 } else if (SCTP_GET_STATE(asoc
) == SCTP_STATE_OPEN
) {
1843 SCTP_STAT_INCR_COUNTER32(sctps_restartestab
);
1845 SCTP_STAT_INCR_COUNTER32(sctps_collisionestab
);
1847 SCTP_SET_STATE(asoc
, SCTP_STATE_OPEN
);
1848 if (asoc
->state
& SCTP_STATE_SHUTDOWN_PENDING
) {
1849 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD
,
1850 stcb
->sctp_ep
, stcb
, asoc
->primary_destination
);
1852 sctp_stop_all_cookie_timers(stcb
);
1853 sctp_toss_old_cookies(stcb
, asoc
);
1854 sctp_send_cookie_ack(stcb
);
1857 * only if we have retrans set do we do this. What
1858 * this call does is get only the COOKIE-ACK out and
1859 * then when we return the normal call to
1860 * sctp_chunk_output will get the retrans out behind
1863 sctp_chunk_output(inp
, stcb
, SCTP_OUTPUT_FROM_COOKIE_ACK
, SCTP_SO_NOT_LOCKED
);
1865 if (how_indx
< sizeof(asoc
->cookie_how
))
1866 asoc
->cookie_how
[how_indx
] = 11;
1870 if ((ntohl(initack_cp
->init
.initiate_tag
) != asoc
->my_vtag
&&
1871 ntohl(init_cp
->init
.initiate_tag
) != asoc
->peer_vtag
) &&
1872 cookie
->tie_tag_my_vtag
== asoc
->my_vtag_nonce
&&
1873 cookie
->tie_tag_peer_vtag
== asoc
->peer_vtag_nonce
&&
1874 cookie
->tie_tag_peer_vtag
!= 0) {
1875 struct sctpasochead
*head
;
1877 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1882 if (asoc
->peer_supports_nat
) {
1884 * This is a gross gross hack. Just call the
1885 * cookie_new code since we are allowing a duplicate
1886 * association. I hope this works...
1888 return (sctp_process_cookie_new(m
, iphlen
, offset
, src
, dst
,
1889 sh
, cookie
, cookie_len
,
1890 inp
, netp
, init_src
, notification
,
1891 auth_skipped
, auth_offset
, auth_len
,
1896 * case A in Section 5.2.4 Table 2: XXMM (peer restarted)
1899 if (how_indx
< sizeof(asoc
->cookie_how
))
1900 asoc
->cookie_how
[how_indx
] = 12;
1901 sctp_timer_stop(SCTP_TIMER_TYPE_INIT
, inp
, stcb
, net
,
1902 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_16
);
1903 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT
, inp
, stcb
, net
,
1904 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_17
);
1906 /* notify upper layer */
1907 *notification
= SCTP_NOTIFY_ASSOC_RESTART
;
1908 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
1909 if ((SCTP_GET_STATE(asoc
) != SCTP_STATE_OPEN
) &&
1910 (SCTP_GET_STATE(asoc
) != SCTP_STATE_SHUTDOWN_RECEIVED
) &&
1911 (SCTP_GET_STATE(asoc
) != SCTP_STATE_SHUTDOWN_SENT
)) {
1912 SCTP_STAT_INCR_GAUGE32(sctps_currestab
);
1914 if (SCTP_GET_STATE(asoc
) == SCTP_STATE_OPEN
) {
1915 SCTP_STAT_INCR_GAUGE32(sctps_restartestab
);
1916 } else if (SCTP_GET_STATE(asoc
) != SCTP_STATE_SHUTDOWN_SENT
) {
1917 SCTP_STAT_INCR_GAUGE32(sctps_collisionestab
);
1919 if (asoc
->state
& SCTP_STATE_SHUTDOWN_PENDING
) {
1920 SCTP_SET_STATE(asoc
, SCTP_STATE_OPEN
);
1921 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD
,
1922 stcb
->sctp_ep
, stcb
, asoc
->primary_destination
);
1924 } else if (!(asoc
->state
& SCTP_STATE_SHUTDOWN_SENT
)) {
1925 /* move to OPEN state, if not in SHUTDOWN_SENT */
1926 SCTP_SET_STATE(asoc
, SCTP_STATE_OPEN
);
1928 asoc
->pre_open_streams
=
1929 ntohs(initack_cp
->init
.num_outbound_streams
);
1930 asoc
->init_seq_number
= ntohl(initack_cp
->init
.initial_tsn
);
1931 asoc
->sending_seq
= asoc
->asconf_seq_out
= asoc
->str_reset_seq_out
= asoc
->init_seq_number
;
1932 asoc
->asconf_seq_out_acked
= asoc
->asconf_seq_out
- 1;
1934 asoc
->asconf_seq_in
= asoc
->last_acked_seq
= asoc
->init_seq_number
- 1;
1936 asoc
->str_reset_seq_in
= asoc
->init_seq_number
;
1938 asoc
->advanced_peer_ack_point
= asoc
->last_acked_seq
;
1939 if (asoc
->mapping_array
) {
1940 memset(asoc
->mapping_array
, 0,
1941 asoc
->mapping_array_size
);
1943 if (asoc
->nr_mapping_array
) {
1944 memset(asoc
->nr_mapping_array
, 0,
1945 asoc
->mapping_array_size
);
1947 SCTP_TCB_UNLOCK(stcb
);
1948 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1949 so
= SCTP_INP_SO(stcb
->sctp_ep
);
1950 SCTP_SOCKET_LOCK(so
, 1);
1952 SCTP_INP_INFO_WLOCK();
1953 SCTP_INP_WLOCK(stcb
->sctp_ep
);
1954 SCTP_TCB_LOCK(stcb
);
1955 atomic_add_int(&stcb
->asoc
.refcnt
, -1);
1956 /* send up all the data */
1957 SCTP_TCB_SEND_LOCK(stcb
);
1959 sctp_report_all_outbound(stcb
, 0, 1, SCTP_SO_LOCKED
);
1960 for (i
= 0; i
< stcb
->asoc
.streamoutcnt
; i
++) {
1961 stcb
->asoc
.strmout
[i
].chunks_on_queues
= 0;
1962 #if defined(SCTP_DETAILED_STR_STATS)
1963 for (j
= 0; j
< SCTP_PR_SCTP_MAX
+ 1; j
++) {
1964 asoc
->strmout
[i
].abandoned_sent
[j
] = 0;
1965 asoc
->strmout
[i
].abandoned_unsent
[j
] = 0;
1968 asoc
->strmout
[i
].abandoned_sent
[0] = 0;
1969 asoc
->strmout
[i
].abandoned_unsent
[0] = 0;
1971 stcb
->asoc
.strmout
[i
].stream_no
= i
;
1972 stcb
->asoc
.strmout
[i
].next_mid_ordered
= 0;
1973 stcb
->asoc
.strmout
[i
].next_mid_unordered
= 0;
1974 stcb
->asoc
.strmout
[i
].last_msg_incomplete
= 0;
1976 /* process the INIT-ACK info (my info) */
1977 asoc
->my_vtag
= ntohl(initack_cp
->init
.initiate_tag
);
1978 asoc
->my_rwnd
= ntohl(initack_cp
->init
.a_rwnd
);
1980 /* pull from vtag hash */
1981 LIST_REMOVE(stcb
, sctp_asocs
);
1982 /* re-insert to new vtag position */
1983 head
= &SCTP_BASE_INFO(sctp_asochash
)[SCTP_PCBHASH_ASOC(stcb
->asoc
.my_vtag
,
1984 SCTP_BASE_INFO(hashasocmark
))];
1986 * put it in the bucket in the vtag hash of assoc's for the
1989 LIST_INSERT_HEAD(head
, stcb
, sctp_asocs
);
1991 SCTP_TCB_SEND_UNLOCK(stcb
);
1992 SCTP_INP_WUNLOCK(stcb
->sctp_ep
);
1993 SCTP_INP_INFO_WUNLOCK();
1994 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1995 SCTP_SOCKET_UNLOCK(so
, 1);
1997 asoc
->total_flight
= 0;
1998 asoc
->total_flight_count
= 0;
1999 /* process the INIT info (peer's info) */
2000 retval
= sctp_process_init(init_cp
, stcb
);
2002 if (how_indx
< sizeof(asoc
->cookie_how
))
2003 asoc
->cookie_how
[how_indx
] = 13;
2008 * since we did not send a HB make sure we don't double
2011 net
->hb_responded
= 1;
2013 if (sctp_load_addresses_from_init(stcb
, m
,
2014 init_offset
+ sizeof(struct sctp_init_chunk
),
2015 initack_offset
, src
, dst
, init_src
, stcb
->asoc
.port
)) {
2016 if (how_indx
< sizeof(asoc
->cookie_how
))
2017 asoc
->cookie_how
[how_indx
] = 14;
2021 /* respond with a COOKIE-ACK */
2022 sctp_stop_all_cookie_timers(stcb
);
2023 sctp_toss_old_cookies(stcb
, asoc
);
2024 sctp_send_cookie_ack(stcb
);
2025 if (how_indx
< sizeof(asoc
->cookie_how
))
2026 asoc
->cookie_how
[how_indx
] = 15;
2030 if (how_indx
< sizeof(asoc
->cookie_how
))
2031 asoc
->cookie_how
[how_indx
] = 16;
2032 /* all other cases... */
2038 * handle a state cookie for a new association m: input packet mbuf chain--
2039 * assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a "split" mbuf
2040 * and the cookie signature does not exist offset: offset into mbuf to the
2041 * cookie-echo chunk length: length of the cookie chunk to: where the init
2042 * was from returns a new TCB
2044 static struct sctp_tcb
*
2045 sctp_process_cookie_new(struct mbuf
*m
, int iphlen
, int offset
,
2046 struct sockaddr
*src
, struct sockaddr
*dst
,
2047 struct sctphdr
*sh
, struct sctp_state_cookie
*cookie
, int cookie_len
,
2048 struct sctp_inpcb
*inp
, struct sctp_nets
**netp
,
2049 struct sockaddr
*init_src
, int *notification
,
2050 int auth_skipped
, uint32_t auth_offset
, uint32_t auth_len
,
2051 uint8_t mflowtype
, uint32_t mflowid
,
2052 uint32_t vrf_id
, uint16_t port
)
2054 struct sctp_tcb
*stcb
;
2055 struct sctp_init_chunk
*init_cp
, init_buf
;
2056 struct sctp_init_ack_chunk
*initack_cp
, initack_buf
;
2057 union sctp_sockstore store
;
2058 struct sctp_association
*asoc
;
2059 int init_offset
, initack_offset
, initack_limit
;
2062 uint8_t auth_chunk_buf
[SCTP_PARAM_BUFFER_SIZE
];
2064 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2067 so
= SCTP_INP_SO(inp
);
2071 * find and validate the INIT chunk in the cookie (peer's info) the
2072 * INIT should start after the cookie-echo header struct (chunk
2073 * header, state cookie header struct)
2075 init_offset
= offset
+ sizeof(struct sctp_cookie_echo_chunk
);
2076 init_cp
= (struct sctp_init_chunk
*)
2077 sctp_m_getptr(m
, init_offset
, sizeof(struct sctp_init_chunk
),
2078 (uint8_t *) & init_buf
);
2079 if (init_cp
== NULL
) {
2080 /* could not pull a INIT chunk in cookie */
2081 SCTPDBG(SCTP_DEBUG_INPUT1
,
2082 "process_cookie_new: could not pull INIT chunk hdr\n");
2085 if (init_cp
->ch
.chunk_type
!= SCTP_INITIATION
) {
2086 SCTPDBG(SCTP_DEBUG_INPUT1
, "HUH? process_cookie_new: could not find INIT chunk!\n");
2089 initack_offset
= init_offset
+ SCTP_SIZE32(ntohs(init_cp
->ch
.chunk_length
));
2091 * find and validate the INIT-ACK chunk in the cookie (my info) the
2092 * INIT-ACK follows the INIT chunk
2094 initack_cp
= (struct sctp_init_ack_chunk
*)
2095 sctp_m_getptr(m
, initack_offset
, sizeof(struct sctp_init_ack_chunk
),
2096 (uint8_t *) & initack_buf
);
2097 if (initack_cp
== NULL
) {
2098 /* could not pull INIT-ACK chunk in cookie */
2099 SCTPDBG(SCTP_DEBUG_INPUT1
, "process_cookie_new: could not pull INIT-ACK chunk hdr\n");
2102 if (initack_cp
->ch
.chunk_type
!= SCTP_INITIATION_ACK
) {
2106 * NOTE: We can't use the INIT_ACK's chk_length to determine the
2107 * "initack_limit" value. This is because the chk_length field
2108 * includes the length of the cookie, but the cookie is omitted when
2109 * the INIT and INIT_ACK are tacked onto the cookie...
2111 initack_limit
= offset
+ cookie_len
;
2114 * now that we know the INIT/INIT-ACK are in place, create a new TCB
2119 * Here we do a trick, we set in NULL for the proc/thread argument.
2120 * We do this since in effect we only use the p argument when the
2121 * socket is unbound and we must do an implicit bind. Since we are
2122 * getting a cookie, we cannot be unbound.
2124 stcb
= sctp_aloc_assoc(inp
, init_src
, &error
,
2125 ntohl(initack_cp
->init
.initiate_tag
), vrf_id
,
2126 ntohs(initack_cp
->init
.num_outbound_streams
),
2128 (struct thread
*)NULL
2131 struct mbuf
*op_err
;
2133 /* memory problem? */
2134 SCTPDBG(SCTP_DEBUG_INPUT1
,
2135 "process_cookie_new: no room for another TCB!\n");
2136 op_err
= sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC
, "");
2137 sctp_abort_association(inp
, (struct sctp_tcb
*)NULL
, m
, iphlen
,
2138 src
, dst
, sh
, op_err
,
2143 /* get the correct sctp_nets */
2145 *netp
= sctp_findnet(stcb
, init_src
);
2148 /* get scope variables out of cookie */
2149 asoc
->scope
.ipv4_local_scope
= cookie
->ipv4_scope
;
2150 asoc
->scope
.site_scope
= cookie
->site_scope
;
2151 asoc
->scope
.local_scope
= cookie
->local_scope
;
2152 asoc
->scope
.loopback_scope
= cookie
->loopback_scope
;
2154 if ((asoc
->scope
.ipv4_addr_legal
!= cookie
->ipv4_addr_legal
) ||
2155 (asoc
->scope
.ipv6_addr_legal
!= cookie
->ipv6_addr_legal
)) {
2156 struct mbuf
*op_err
;
2159 * Houston we have a problem. The EP changed while the
2160 * cookie was in flight. Only recourse is to abort the
2163 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
2164 op_err
= sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC
, "");
2165 sctp_abort_association(inp
, (struct sctp_tcb
*)NULL
, m
, iphlen
,
2166 src
, dst
, sh
, op_err
,
2169 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2170 SCTP_TCB_UNLOCK(stcb
);
2171 SCTP_SOCKET_LOCK(so
, 1);
2172 SCTP_TCB_LOCK(stcb
);
2174 (void)sctp_free_assoc(inp
, stcb
, SCTP_NORMAL_PROC
,
2175 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_18
);
2176 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2177 SCTP_SOCKET_UNLOCK(so
, 1);
2179 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
2182 /* process the INIT-ACK info (my info) */
2183 asoc
->my_vtag
= ntohl(initack_cp
->init
.initiate_tag
);
2184 asoc
->my_rwnd
= ntohl(initack_cp
->init
.a_rwnd
);
2185 asoc
->pre_open_streams
= ntohs(initack_cp
->init
.num_outbound_streams
);
2186 asoc
->init_seq_number
= ntohl(initack_cp
->init
.initial_tsn
);
2187 asoc
->sending_seq
= asoc
->asconf_seq_out
= asoc
->str_reset_seq_out
= asoc
->init_seq_number
;
2188 asoc
->asconf_seq_out_acked
= asoc
->asconf_seq_out
- 1;
2189 asoc
->asconf_seq_in
= asoc
->last_acked_seq
= asoc
->init_seq_number
- 1;
2190 asoc
->str_reset_seq_in
= asoc
->init_seq_number
;
2192 asoc
->advanced_peer_ack_point
= asoc
->last_acked_seq
;
2194 /* process the INIT info (peer's info) */
2196 retval
= sctp_process_init(init_cp
, stcb
);
2200 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
2201 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2202 SCTP_TCB_UNLOCK(stcb
);
2203 SCTP_SOCKET_LOCK(so
, 1);
2204 SCTP_TCB_LOCK(stcb
);
2206 (void)sctp_free_assoc(inp
, stcb
, SCTP_NORMAL_PROC
,
2207 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_19
);
2208 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2209 SCTP_SOCKET_UNLOCK(so
, 1);
2211 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
2214 /* load all addresses */
2215 if (sctp_load_addresses_from_init(stcb
, m
,
2216 init_offset
+ sizeof(struct sctp_init_chunk
), initack_offset
,
2217 src
, dst
, init_src
, port
)) {
2218 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
2219 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2220 SCTP_TCB_UNLOCK(stcb
);
2221 SCTP_SOCKET_LOCK(so
, 1);
2222 SCTP_TCB_LOCK(stcb
);
2224 (void)sctp_free_assoc(inp
, stcb
, SCTP_NORMAL_PROC
,
2225 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_20
);
2226 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2227 SCTP_SOCKET_UNLOCK(so
, 1);
2229 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
2233 * verify any preceding AUTH chunk that was skipped
2235 /* pull the local authentication parameters from the cookie/init-ack */
2236 sctp_auth_get_cookie_params(stcb
, m
,
2237 initack_offset
+ sizeof(struct sctp_init_ack_chunk
),
2238 initack_limit
- (initack_offset
+ sizeof(struct sctp_init_ack_chunk
)));
2240 struct sctp_auth_chunk
*auth
;
2242 auth
= (struct sctp_auth_chunk
*)
2243 sctp_m_getptr(m
, auth_offset
, auth_len
, auth_chunk_buf
);
2244 if ((auth
== NULL
) || sctp_handle_auth(stcb
, auth
, m
, auth_offset
)) {
2245 /* auth HMAC failed, dump the assoc and packet */
2246 SCTPDBG(SCTP_DEBUG_AUTH1
,
2247 "COOKIE-ECHO: AUTH failed\n");
2248 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
2249 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2250 SCTP_TCB_UNLOCK(stcb
);
2251 SCTP_SOCKET_LOCK(so
, 1);
2252 SCTP_TCB_LOCK(stcb
);
2254 (void)sctp_free_assoc(inp
, stcb
, SCTP_NORMAL_PROC
,
2255 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_21
);
2256 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2257 SCTP_SOCKET_UNLOCK(so
, 1);
2259 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
2262 /* remaining chunks checked... good to go */
2263 stcb
->asoc
.authenticated
= 1;
2266 /* update current state */
2267 SCTPDBG(SCTP_DEBUG_INPUT2
, "moving to OPEN state\n");
2268 SCTP_SET_STATE(asoc
, SCTP_STATE_OPEN
);
2269 if (asoc
->state
& SCTP_STATE_SHUTDOWN_PENDING
) {
2270 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD
,
2271 stcb
->sctp_ep
, stcb
, asoc
->primary_destination
);
2273 sctp_stop_all_cookie_timers(stcb
);
2274 SCTP_STAT_INCR_COUNTER32(sctps_passiveestab
);
2275 SCTP_STAT_INCR_GAUGE32(sctps_currestab
);
2278 * if we're doing ASCONFs, check to see if we have any new local
2279 * addresses that need to get added to the peer (eg. addresses
2280 * changed while cookie echo in flight). This needs to be done
2281 * after we go to the OPEN state to do the correct asconf
2282 * processing. else, make sure we have the correct addresses in our
2286 /* warning, we re-use sin, sin6, sa_store here! */
2287 /* pull in local_address (our "from" address) */
2288 switch (cookie
->laddr_type
) {
2290 case SCTP_IPV4_ADDRESS
:
2291 /* source addr is IPv4 */
2292 memset(&store
.sin
, 0, sizeof(struct sockaddr_in
));
2293 store
.sin
.sin_family
= AF_INET
;
2294 store
.sin
.sin_len
= sizeof(struct sockaddr_in
);
2295 store
.sin
.sin_addr
.s_addr
= cookie
->laddress
[0];
2299 case SCTP_IPV6_ADDRESS
:
2300 /* source addr is IPv6 */
2301 memset(&store
.sin6
, 0, sizeof(struct sockaddr_in6
));
2302 store
.sin6
.sin6_family
= AF_INET6
;
2303 store
.sin6
.sin6_len
= sizeof(struct sockaddr_in6
);
2304 store
.sin6
.sin6_scope_id
= cookie
->scope_id
;
2305 memcpy(&store
.sin6
.sin6_addr
, cookie
->laddress
, sizeof(struct in6_addr
));
2309 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
2310 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2311 SCTP_TCB_UNLOCK(stcb
);
2312 SCTP_SOCKET_LOCK(so
, 1);
2313 SCTP_TCB_LOCK(stcb
);
2315 (void)sctp_free_assoc(inp
, stcb
, SCTP_NORMAL_PROC
,
2316 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_22
);
2317 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2318 SCTP_SOCKET_UNLOCK(so
, 1);
2320 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
2324 /* set up to notify upper layer */
2325 *notification
= SCTP_NOTIFY_ASSOC_UP
;
2326 if (((stcb
->sctp_ep
->sctp_flags
& SCTP_PCB_FLAGS_TCPTYPE
) ||
2327 (stcb
->sctp_ep
->sctp_flags
& SCTP_PCB_FLAGS_IN_TCPPOOL
)) &&
2328 (inp
->sctp_socket
->so_qlimit
== 0)) {
2330 * This is an endpoint that called connect() how it got a
2331 * cookie that is NEW is a bit of a mystery. It must be that
2332 * the INIT was sent, but before it got there.. a complete
2333 * INIT/INIT-ACK/COOKIE arrived. But of course then it
2334 * should have went to the other code.. not here.. oh well..
2335 * a bit of protection is worth having..
2337 stcb
->sctp_ep
->sctp_flags
|= SCTP_PCB_FLAGS_CONNECTED
;
2338 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2339 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
2340 SCTP_TCB_UNLOCK(stcb
);
2341 SCTP_SOCKET_LOCK(so
, 1);
2342 SCTP_TCB_LOCK(stcb
);
2343 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
2344 if (stcb
->asoc
.state
& SCTP_STATE_CLOSED_SOCKET
) {
2345 SCTP_SOCKET_UNLOCK(so
, 1);
2349 soisconnected(stcb
->sctp_socket
);
2350 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2351 SCTP_SOCKET_UNLOCK(so
, 1);
2353 } else if ((stcb
->sctp_ep
->sctp_flags
& SCTP_PCB_FLAGS_TCPTYPE
) &&
2354 (inp
->sctp_socket
->so_qlimit
)) {
2356 * We don't want to do anything with this one. Since it is
2357 * the listening guy. The timer will get started for
2358 * accepted connections in the caller.
2362 /* since we did not send a HB make sure we don't double things */
2363 if ((netp
) && (*netp
))
2364 (*netp
)->hb_responded
= 1;
2366 if (stcb
->asoc
.sctp_autoclose_ticks
&&
2367 sctp_is_feature_on(inp
, SCTP_PCB_FLAGS_AUTOCLOSE
)) {
2368 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE
, inp
, stcb
, NULL
);
2370 (void)SCTP_GETTIME_TIMEVAL(&stcb
->asoc
.time_entered
);
2371 if ((netp
!= NULL
) && (*netp
!= NULL
)) {
2372 /* calculate the RTT and set the encaps port */
2373 (*netp
)->RTO
= sctp_calculate_rto(stcb
, asoc
, *netp
,
2374 &cookie
->time_entered
, sctp_align_unsafe_makecopy
,
2375 SCTP_RTT_FROM_NON_DATA
);
2377 /* respond with a COOKIE-ACK */
2378 sctp_send_cookie_ack(stcb
);
2381 * check the address lists for any ASCONFs that need to be sent
2382 * AFTER the cookie-ack is sent
2384 sctp_check_address_list(stcb
, m
,
2385 initack_offset
+ sizeof(struct sctp_init_ack_chunk
),
2386 initack_limit
- (initack_offset
+ sizeof(struct sctp_init_ack_chunk
)),
2387 &store
.sa
, cookie
->local_scope
, cookie
->site_scope
,
2388 cookie
->ipv4_scope
, cookie
->loopback_scope
);
2395 * CODE LIKE THIS NEEDS TO RUN IF the peer supports the NAT extension, i.e
2396 * we NEED to make sure we are not already using the vtag. If so we
2397 * need to send back an ABORT-TRY-AGAIN-WITH-NEW-TAG No middle box bit!
2398 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(tag,
2399 SCTP_BASE_INFO(hashasocmark))];
2400 LIST_FOREACH(stcb, head, sctp_asocs) {
2401 if ((stcb->asoc.my_vtag == tag) && (stcb->rport == rport) && (inp == stcb->sctp_ep)) {
2402 -- SEND ABORT - TRY AGAIN --
2408 * handles a COOKIE-ECHO message stcb: modified to either a new or left as
2409 * existing (non-NULL) TCB
2411 static struct mbuf
*
2412 sctp_handle_cookie_echo(struct mbuf
*m
, int iphlen
, int offset
,
2413 struct sockaddr
*src
, struct sockaddr
*dst
,
2414 struct sctphdr
*sh
, struct sctp_cookie_echo_chunk
*cp
,
2415 struct sctp_inpcb
**inp_p
, struct sctp_tcb
**stcb
, struct sctp_nets
**netp
,
2416 int auth_skipped
, uint32_t auth_offset
, uint32_t auth_len
,
2417 struct sctp_tcb
**locked_tcb
,
2418 uint8_t mflowtype
, uint32_t mflowid
,
2419 uint32_t vrf_id
, uint16_t port
)
2421 struct sctp_state_cookie
*cookie
;
2422 struct sctp_tcb
*l_stcb
= *stcb
;
2423 struct sctp_inpcb
*l_inp
;
2424 struct sockaddr
*to
;
2425 struct sctp_pcb
*ep
;
2427 uint8_t calc_sig
[SCTP_SIGNATURE_SIZE
], tmp_sig
[SCTP_SIGNATURE_SIZE
];
2429 uint8_t cookie_ok
= 0;
2430 unsigned int sig_offset
, cookie_offset
;
2431 unsigned int cookie_len
;
2433 struct timeval time_expires
;
2434 int notification
= 0;
2435 struct sctp_nets
*netl
;
2436 int had_a_existing_tcb
= 0;
2437 int send_int_conf
= 0;
2440 struct sockaddr_in sin
;
2444 struct sockaddr_in6 sin6
;
2448 SCTPDBG(SCTP_DEBUG_INPUT2
,
2449 "sctp_handle_cookie: handling COOKIE-ECHO\n");
2451 if (inp_p
== NULL
) {
2454 cookie
= &cp
->cookie
;
2455 cookie_offset
= offset
+ sizeof(struct sctp_chunkhdr
);
2456 cookie_len
= ntohs(cp
->ch
.chunk_length
);
2458 if ((cookie
->peerport
!= sh
->src_port
) ||
2459 (cookie
->myport
!= sh
->dest_port
) ||
2460 (cookie
->my_vtag
!= sh
->v_tag
)) {
2462 * invalid ports or bad tag. Note that we always leave the
2463 * v_tag in the header in network order and when we stored
2464 * it in the my_vtag slot we also left it in network order.
2465 * This maintains the match even though it may be in the
2466 * opposite byte order of the machine :->
2470 if (cookie_len
< sizeof(struct sctp_cookie_echo_chunk
) +
2471 sizeof(struct sctp_init_chunk
) +
2472 sizeof(struct sctp_init_ack_chunk
) + SCTP_SIGNATURE_SIZE
) {
2473 /* cookie too small */
2477 * split off the signature into its own mbuf (since it should not be
2478 * calculated in the sctp_hmac_m() call).
2480 sig_offset
= offset
+ cookie_len
- SCTP_SIGNATURE_SIZE
;
2481 m_sig
= m_split(m
, sig_offset
, M_NOWAIT
);
2482 if (m_sig
== NULL
) {
2483 /* out of memory or ?? */
2486 #ifdef SCTP_MBUF_LOGGING
2487 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_MBUF_LOGGING_ENABLE
) {
2488 sctp_log_mbc(m_sig
, SCTP_MBUF_SPLIT
);
2493 * compute the signature/digest for the cookie
2495 ep
= &(*inp_p
)->sctp_ep
;
2498 SCTP_TCB_UNLOCK(l_stcb
);
2500 SCTP_INP_RLOCK(l_inp
);
2502 SCTP_TCB_LOCK(l_stcb
);
2504 /* which cookie is it? */
2505 if ((cookie
->time_entered
.tv_sec
< (long)ep
->time_of_secret_change
) &&
2506 (ep
->current_secret_number
!= ep
->last_secret_number
)) {
2507 /* it's the old cookie */
2508 (void)sctp_hmac_m(SCTP_HMAC
,
2509 (uint8_t *) ep
->secret_key
[(int)ep
->last_secret_number
],
2510 SCTP_SECRET_SIZE
, m
, cookie_offset
, calc_sig
, 0);
2512 /* it's the current cookie */
2513 (void)sctp_hmac_m(SCTP_HMAC
,
2514 (uint8_t *) ep
->secret_key
[(int)ep
->current_secret_number
],
2515 SCTP_SECRET_SIZE
, m
, cookie_offset
, calc_sig
, 0);
2517 /* get the signature */
2518 SCTP_INP_RUNLOCK(l_inp
);
2519 sig
= (uint8_t *) sctp_m_getptr(m_sig
, 0, SCTP_SIGNATURE_SIZE
, (uint8_t *) & tmp_sig
);
2521 /* couldn't find signature */
2522 sctp_m_freem(m_sig
);
2525 /* compare the received digest with the computed digest */
2526 if (memcmp(calc_sig
, sig
, SCTP_SIGNATURE_SIZE
) != 0) {
2527 /* try the old cookie? */
2528 if ((cookie
->time_entered
.tv_sec
== (long)ep
->time_of_secret_change
) &&
2529 (ep
->current_secret_number
!= ep
->last_secret_number
)) {
2530 /* compute digest with old */
2531 (void)sctp_hmac_m(SCTP_HMAC
,
2532 (uint8_t *) ep
->secret_key
[(int)ep
->last_secret_number
],
2533 SCTP_SECRET_SIZE
, m
, cookie_offset
, calc_sig
, 0);
2535 if (memcmp(calc_sig
, sig
, SCTP_SIGNATURE_SIZE
) == 0)
2543 * Now before we continue we must reconstruct our mbuf so that
2544 * normal processing of any other chunks will work.
2550 while (SCTP_BUF_NEXT(m_at
) != NULL
) {
2551 m_at
= SCTP_BUF_NEXT(m_at
);
2553 SCTP_BUF_NEXT(m_at
) = m_sig
;
2556 if (cookie_ok
== 0) {
2557 SCTPDBG(SCTP_DEBUG_INPUT2
, "handle_cookie_echo: cookie signature validation failed!\n");
2558 SCTPDBG(SCTP_DEBUG_INPUT2
,
2559 "offset = %u, cookie_offset = %u, sig_offset = %u\n",
2560 (uint32_t) offset
, cookie_offset
, sig_offset
);
2564 * check the cookie timestamps to be sure it's not stale
2566 (void)SCTP_GETTIME_TIMEVAL(&now
);
2567 /* Expire time is in Ticks, so we convert to seconds */
2568 time_expires
.tv_sec
= cookie
->time_entered
.tv_sec
+ TICKS_TO_SEC(cookie
->cookie_life
);
2569 time_expires
.tv_usec
= cookie
->time_entered
.tv_usec
;
2571 * TODO sctp_constants.h needs alternative time macros when _KERNEL
2574 if (timevalcmp(&now
, &time_expires
, >)) {
2575 /* cookie is stale! */
2576 struct mbuf
*op_err
;
2577 struct sctp_error_stale_cookie
*cause
;
2580 op_err
= sctp_get_mbuf_for_msg(sizeof(struct sctp_error_stale_cookie
),
2581 0, M_NOWAIT
, 1, MT_DATA
);
2582 if (op_err
== NULL
) {
2587 SCTP_BUF_LEN(op_err
) = sizeof(struct sctp_error_stale_cookie
);
2588 cause
= mtod(op_err
, struct sctp_error_stale_cookie
*);
2589 cause
->cause
.code
= htons(SCTP_CAUSE_STALE_COOKIE
);
2590 cause
->cause
.length
= htons((sizeof(struct sctp_paramhdr
) +
2591 (sizeof(uint32_t))));
2592 /* seconds to usec */
2593 tim
= (now
.tv_sec
- time_expires
.tv_sec
) * 1000000;
2596 tim
= now
.tv_usec
- cookie
->time_entered
.tv_usec
;
2597 cause
->stale_time
= htonl(tim
);
2598 sctp_send_operr_to(src
, dst
, sh
, cookie
->peers_vtag
, op_err
,
2599 mflowtype
, mflowid
, l_inp
->fibnum
,
2604 * Now we must see with the lookup address if we have an existing
2605 * asoc. This will only happen if we were in the COOKIE-WAIT state
2606 * and a INIT collided with us and somewhere the peer sent the
2607 * cookie on another address besides the single address our assoc
2608 * had for him. In this case we will have one of the tie-tags set at
2609 * least AND the address field in the cookie can be used to look it
2613 switch (cookie
->addr_type
) {
2615 case SCTP_IPV6_ADDRESS
:
2616 memset(&sin6
, 0, sizeof(sin6
));
2617 sin6
.sin6_family
= AF_INET6
;
2618 sin6
.sin6_len
= sizeof(sin6
);
2619 sin6
.sin6_port
= sh
->src_port
;
2620 sin6
.sin6_scope_id
= cookie
->scope_id
;
2621 memcpy(&sin6
.sin6_addr
.s6_addr
, cookie
->address
,
2622 sizeof(sin6
.sin6_addr
.s6_addr
));
2623 to
= (struct sockaddr
*)&sin6
;
2627 case SCTP_IPV4_ADDRESS
:
2628 memset(&sin
, 0, sizeof(sin
));
2629 sin
.sin_family
= AF_INET
;
2630 sin
.sin_len
= sizeof(sin
);
2631 sin
.sin_port
= sh
->src_port
;
2632 sin
.sin_addr
.s_addr
= cookie
->address
[0];
2633 to
= (struct sockaddr
*)&sin
;
2637 /* This should not happen */
2640 if (*stcb
== NULL
) {
2641 /* Yep, lets check */
2642 *stcb
= sctp_findassociation_ep_addr(inp_p
, to
, netp
, dst
, NULL
);
2643 if (*stcb
== NULL
) {
2645 * We should have only got back the same inp. If we
2646 * got back a different ep we have a problem. The
2647 * original findep got back l_inp and now
2649 if (l_inp
!= *inp_p
) {
2650 SCTP_PRINTF("Bad problem find_ep got a diff inp then special_locate?\n");
2653 if (*locked_tcb
== NULL
) {
2655 * In this case we found the assoc only
2656 * after we locked the create lock. This
2657 * means we are in a colliding case and we
2658 * must make sure that we unlock the tcb if
2659 * its one of the cases where we throw away
2660 * the incoming packets.
2662 *locked_tcb
= *stcb
;
2665 * We must also increment the inp ref count
2666 * since the ref_count flags was set when we
2667 * did not find the TCB, now we found it
2668 * which reduces the refcount.. we must
2669 * raise it back out to balance it all :-)
2671 SCTP_INP_INCR_REF((*stcb
)->sctp_ep
);
2672 if ((*stcb
)->sctp_ep
!= l_inp
) {
2673 SCTP_PRINTF("Huh? ep:%p diff then l_inp:%p?\n",
2674 (void *)(*stcb
)->sctp_ep
, (void *)l_inp
);
2679 cookie_len
-= SCTP_SIGNATURE_SIZE
;
2680 if (*stcb
== NULL
) {
2681 /* this is the "normal" case... get a new TCB */
2682 *stcb
= sctp_process_cookie_new(m
, iphlen
, offset
, src
, dst
, sh
,
2683 cookie
, cookie_len
, *inp_p
,
2684 netp
, to
, ¬ification
,
2685 auth_skipped
, auth_offset
, auth_len
,
2689 /* this is abnormal... cookie-echo on existing TCB */
2690 had_a_existing_tcb
= 1;
2691 *stcb
= sctp_process_cookie_existing(m
, iphlen
, offset
,
2693 cookie
, cookie_len
, *inp_p
, *stcb
, netp
, to
,
2694 ¬ification
, auth_skipped
, auth_offset
, auth_len
,
2699 if (*stcb
== NULL
) {
2700 /* still no TCB... must be bad cookie-echo */
2703 if (*netp
!= NULL
) {
2704 (*netp
)->flowtype
= mflowtype
;
2705 (*netp
)->flowid
= mflowid
;
2708 * Ok, we built an association so confirm the address we sent the
2711 netl
= sctp_findnet(*stcb
, to
);
2713 * This code should in theory NOT run but
2716 /* TSNH! Huh, why do I need to add this address here? */
2717 if (sctp_add_remote_addr(*stcb
, to
, NULL
, port
,
2718 SCTP_DONOT_SETSCOPE
, SCTP_IN_COOKIE_PROC
)) {
2721 netl
= sctp_findnet(*stcb
, to
);
2724 if (netl
->dest_state
& SCTP_ADDR_UNCONFIRMED
) {
2725 netl
->dest_state
&= ~SCTP_ADDR_UNCONFIRMED
;
2726 (void)sctp_set_primary_addr((*stcb
), (struct sockaddr
*)NULL
,
2731 sctp_start_net_timers(*stcb
);
2732 if ((*inp_p
)->sctp_flags
& SCTP_PCB_FLAGS_TCPTYPE
) {
2733 if (!had_a_existing_tcb
||
2734 (((*inp_p
)->sctp_flags
& SCTP_PCB_FLAGS_CONNECTED
) == 0)) {
2736 * If we have a NEW cookie or the connect never
2737 * reached the connected state during collision we
2738 * must do the TCP accept thing.
2740 struct socket
*so
, *oso
;
2741 struct sctp_inpcb
*inp
;
2743 if (notification
== SCTP_NOTIFY_ASSOC_RESTART
) {
2745 * For a restart we will keep the same
2746 * socket, no need to do anything. I THINK!!
2748 sctp_ulp_notify(notification
, *stcb
, 0, NULL
, SCTP_SO_NOT_LOCKED
);
2749 if (send_int_conf
) {
2750 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED
,
2751 (*stcb
), 0, (void *)netl
, SCTP_SO_NOT_LOCKED
);
2755 oso
= (*inp_p
)->sctp_socket
;
2756 atomic_add_int(&(*stcb
)->asoc
.refcnt
, 1);
2757 SCTP_TCB_UNLOCK((*stcb
));
2758 CURVNET_SET(oso
->so_vnet
);
2759 so
= sonewconn(oso
, 0
2762 SCTP_TCB_LOCK((*stcb
));
2763 atomic_subtract_int(&(*stcb
)->asoc
.refcnt
, 1);
2766 struct mbuf
*op_err
;
2768 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2769 struct socket
*pcb_so
;
2772 /* Too many sockets */
2773 SCTPDBG(SCTP_DEBUG_INPUT1
, "process_cookie_new: no room for another socket!\n");
2774 op_err
= sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC
, "");
2775 sctp_abort_association(*inp_p
, NULL
, m
, iphlen
,
2776 src
, dst
, sh
, op_err
,
2779 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2780 pcb_so
= SCTP_INP_SO(*inp_p
);
2781 atomic_add_int(&(*stcb
)->asoc
.refcnt
, 1);
2782 SCTP_TCB_UNLOCK((*stcb
));
2783 SCTP_SOCKET_LOCK(pcb_so
, 1);
2784 SCTP_TCB_LOCK((*stcb
));
2785 atomic_subtract_int(&(*stcb
)->asoc
.refcnt
, 1);
2787 (void)sctp_free_assoc(*inp_p
, *stcb
, SCTP_NORMAL_PROC
,
2788 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_23
);
2789 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2790 SCTP_SOCKET_UNLOCK(pcb_so
, 1);
2794 inp
= (struct sctp_inpcb
*)so
->so_pcb
;
2795 SCTP_INP_INCR_REF(inp
);
2797 * We add the unbound flag here so that if we get an
2798 * soabort() before we get the move_pcb done, we
2799 * will properly cleanup.
2801 inp
->sctp_flags
= (SCTP_PCB_FLAGS_TCPTYPE
|
2802 SCTP_PCB_FLAGS_CONNECTED
|
2803 SCTP_PCB_FLAGS_IN_TCPPOOL
|
2804 SCTP_PCB_FLAGS_UNBOUND
|
2805 (SCTP_PCB_COPY_FLAGS
& (*inp_p
)->sctp_flags
) |
2806 SCTP_PCB_FLAGS_DONT_WAKE
);
2807 inp
->sctp_features
= (*inp_p
)->sctp_features
;
2808 inp
->sctp_mobility_features
= (*inp_p
)->sctp_mobility_features
;
2809 inp
->sctp_socket
= so
;
2810 inp
->sctp_frag_point
= (*inp_p
)->sctp_frag_point
;
2811 inp
->max_cwnd
= (*inp_p
)->max_cwnd
;
2812 inp
->sctp_cmt_on_off
= (*inp_p
)->sctp_cmt_on_off
;
2813 inp
->ecn_supported
= (*inp_p
)->ecn_supported
;
2814 inp
->prsctp_supported
= (*inp_p
)->prsctp_supported
;
2815 inp
->auth_supported
= (*inp_p
)->auth_supported
;
2816 inp
->asconf_supported
= (*inp_p
)->asconf_supported
;
2817 inp
->reconfig_supported
= (*inp_p
)->reconfig_supported
;
2818 inp
->nrsack_supported
= (*inp_p
)->nrsack_supported
;
2819 inp
->pktdrop_supported
= (*inp_p
)->pktdrop_supported
;
2820 inp
->partial_delivery_point
= (*inp_p
)->partial_delivery_point
;
2821 inp
->sctp_context
= (*inp_p
)->sctp_context
;
2822 inp
->local_strreset_support
= (*inp_p
)->local_strreset_support
;
2823 inp
->fibnum
= (*inp_p
)->fibnum
;
2824 inp
->inp_starting_point_for_iterator
= NULL
;
2826 * copy in the authentication parameters from the
2829 if (inp
->sctp_ep
.local_hmacs
)
2830 sctp_free_hmaclist(inp
->sctp_ep
.local_hmacs
);
2831 inp
->sctp_ep
.local_hmacs
=
2832 sctp_copy_hmaclist((*inp_p
)->sctp_ep
.local_hmacs
);
2833 if (inp
->sctp_ep
.local_auth_chunks
)
2834 sctp_free_chunklist(inp
->sctp_ep
.local_auth_chunks
);
2835 inp
->sctp_ep
.local_auth_chunks
=
2836 sctp_copy_chunklist((*inp_p
)->sctp_ep
.local_auth_chunks
);
2839 * Now we must move it from one hash table to
2840 * another and get the tcb in the right place.
2844 * This is where the one-2-one socket is put into
2845 * the accept state waiting for the accept!
2848 (*stcb
)->asoc
.state
|= SCTP_STATE_IN_ACCEPT_QUEUE
;
2850 sctp_move_pcb_and_assoc(*inp_p
, inp
, *stcb
);
2852 atomic_add_int(&(*stcb
)->asoc
.refcnt
, 1);
2853 SCTP_TCB_UNLOCK((*stcb
));
2855 sctp_pull_off_control_to_new_inp((*inp_p
), inp
, *stcb
,
2857 SCTP_TCB_LOCK((*stcb
));
2858 atomic_subtract_int(&(*stcb
)->asoc
.refcnt
, 1);
2862 * now we must check to see if we were aborted while
2863 * the move was going on and the lock/unlock
2866 if (inp
->sctp_flags
& SCTP_PCB_FLAGS_SOCKET_GONE
) {
2868 * yep it was, we leave the assoc attached
2869 * to the socket since the sctp_inpcb_free()
2870 * call will send an abort for us.
2872 SCTP_INP_DECR_REF(inp
);
2875 SCTP_INP_DECR_REF(inp
);
2876 /* Switch over to the new guy */
2878 sctp_ulp_notify(notification
, *stcb
, 0, NULL
, SCTP_SO_NOT_LOCKED
);
2879 if (send_int_conf
) {
2880 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED
,
2881 (*stcb
), 0, (void *)netl
, SCTP_SO_NOT_LOCKED
);
2884 * Pull it from the incomplete queue and wake the
2887 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2888 atomic_add_int(&(*stcb
)->asoc
.refcnt
, 1);
2889 SCTP_TCB_UNLOCK((*stcb
));
2890 SCTP_SOCKET_LOCK(so
, 1);
2893 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2894 SCTP_TCB_LOCK((*stcb
));
2895 atomic_subtract_int(&(*stcb
)->asoc
.refcnt
, 1);
2896 SCTP_SOCKET_UNLOCK(so
, 1);
2902 sctp_ulp_notify(notification
, *stcb
, 0, NULL
, SCTP_SO_NOT_LOCKED
);
2904 if (send_int_conf
) {
2905 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED
,
2906 (*stcb
), 0, (void *)netl
, SCTP_SO_NOT_LOCKED
);
2912 sctp_handle_cookie_ack(struct sctp_cookie_ack_chunk
*cp SCTP_UNUSED
,
2913 struct sctp_tcb
*stcb
, struct sctp_nets
*net
)
2915 /* cp must not be used, others call this without a c-ack :-) */
2916 struct sctp_association
*asoc
;
2918 SCTPDBG(SCTP_DEBUG_INPUT2
,
2919 "sctp_handle_cookie_ack: handling COOKIE-ACK\n");
2920 if ((stcb
== NULL
) || (net
== NULL
)) {
2925 sctp_stop_all_cookie_timers(stcb
);
2926 /* process according to association state */
2927 if (SCTP_GET_STATE(asoc
) == SCTP_STATE_COOKIE_ECHOED
) {
2928 /* state change only needed when I am in right state */
2929 SCTPDBG(SCTP_DEBUG_INPUT2
, "moving to OPEN state\n");
2930 SCTP_SET_STATE(asoc
, SCTP_STATE_OPEN
);
2931 sctp_start_net_timers(stcb
);
2932 if (asoc
->state
& SCTP_STATE_SHUTDOWN_PENDING
) {
2933 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD
,
2934 stcb
->sctp_ep
, stcb
, asoc
->primary_destination
);
2938 SCTP_STAT_INCR_COUNTER32(sctps_activeestab
);
2939 SCTP_STAT_INCR_GAUGE32(sctps_currestab
);
2940 if (asoc
->overall_error_count
== 0) {
2941 net
->RTO
= sctp_calculate_rto(stcb
, asoc
, net
,
2942 &asoc
->time_entered
, sctp_align_safe_nocopy
,
2943 SCTP_RTT_FROM_NON_DATA
);
2945 (void)SCTP_GETTIME_TIMEVAL(&asoc
->time_entered
);
2946 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_UP
, stcb
, 0, NULL
, SCTP_SO_NOT_LOCKED
);
2947 if ((stcb
->sctp_ep
->sctp_flags
& SCTP_PCB_FLAGS_TCPTYPE
) ||
2948 (stcb
->sctp_ep
->sctp_flags
& SCTP_PCB_FLAGS_IN_TCPPOOL
)) {
2949 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2953 stcb
->sctp_ep
->sctp_flags
|= SCTP_PCB_FLAGS_CONNECTED
;
2954 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2955 so
= SCTP_INP_SO(stcb
->sctp_ep
);
2956 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
2957 SCTP_TCB_UNLOCK(stcb
);
2958 SCTP_SOCKET_LOCK(so
, 1);
2959 SCTP_TCB_LOCK(stcb
);
2960 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
2962 if ((stcb
->asoc
.state
& SCTP_STATE_CLOSED_SOCKET
) == 0) {
2963 soisconnected(stcb
->sctp_socket
);
2965 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
2966 SCTP_SOCKET_UNLOCK(so
, 1);
2970 * since we did not send a HB make sure we don't double
2973 net
->hb_responded
= 1;
2975 if (stcb
->asoc
.state
& SCTP_STATE_CLOSED_SOCKET
) {
2977 * We don't need to do the asconf thing, nor hb or
2978 * autoclose if the socket is closed.
2982 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT
, stcb
->sctp_ep
,
2986 if (stcb
->asoc
.sctp_autoclose_ticks
&&
2987 sctp_is_feature_on(stcb
->sctp_ep
, SCTP_PCB_FLAGS_AUTOCLOSE
)) {
2988 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE
,
2989 stcb
->sctp_ep
, stcb
, NULL
);
2992 * send ASCONF if parameters are pending and ASCONFs are
2993 * allowed (eg. addresses changed when init/cookie echo were
2996 if ((sctp_is_feature_on(stcb
->sctp_ep
, SCTP_PCB_FLAGS_DO_ASCONF
)) &&
2997 (stcb
->asoc
.asconf_supported
== 1) &&
2998 (!TAILQ_EMPTY(&stcb
->asoc
.asconf_queue
))) {
2999 #ifdef SCTP_TIMER_BASED_ASCONF
3000 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF
,
3001 stcb
->sctp_ep
, stcb
,
3002 stcb
->asoc
.primary_destination
);
3004 sctp_send_asconf(stcb
, stcb
->asoc
.primary_destination
,
3005 SCTP_ADDR_NOT_LOCKED
);
3010 /* Toss the cookie if I can */
3011 sctp_toss_old_cookies(stcb
, asoc
);
3012 if (!TAILQ_EMPTY(&asoc
->sent_queue
)) {
3013 /* Restart the timer if we have pending data */
3014 struct sctp_tmit_chunk
*chk
;
3016 chk
= TAILQ_FIRST(&asoc
->sent_queue
);
3017 sctp_timer_start(SCTP_TIMER_TYPE_SEND
, stcb
->sctp_ep
, stcb
, chk
->whoTo
);
3022 sctp_handle_ecn_echo(struct sctp_ecne_chunk
*cp
,
3023 struct sctp_tcb
*stcb
)
3025 struct sctp_nets
*net
;
3026 struct sctp_tmit_chunk
*lchk
;
3027 struct sctp_ecne_chunk bkup
;
3028 uint8_t override_bit
;
3029 uint32_t tsn
, window_data_tsn
;
3031 unsigned int pkt_cnt
;
3033 len
= ntohs(cp
->ch
.chunk_length
);
3034 if ((len
!= sizeof(struct sctp_ecne_chunk
)) &&
3035 (len
!= sizeof(struct old_sctp_ecne_chunk
))) {
3038 if (len
== sizeof(struct old_sctp_ecne_chunk
)) {
3039 /* Its the old format */
3040 memcpy(&bkup
, cp
, sizeof(struct old_sctp_ecne_chunk
));
3041 bkup
.num_pkts_since_cwr
= htonl(1);
3044 SCTP_STAT_INCR(sctps_recvecne
);
3045 tsn
= ntohl(cp
->tsn
);
3046 pkt_cnt
= ntohl(cp
->num_pkts_since_cwr
);
3047 lchk
= TAILQ_LAST(&stcb
->asoc
.send_queue
, sctpchunk_listhead
);
3049 window_data_tsn
= stcb
->asoc
.sending_seq
- 1;
3051 window_data_tsn
= lchk
->rec
.data
.TSN_seq
;
3054 /* Find where it was sent to if possible. */
3056 TAILQ_FOREACH(lchk
, &stcb
->asoc
.sent_queue
, sctp_next
) {
3057 if (lchk
->rec
.data
.TSN_seq
== tsn
) {
3059 net
->ecn_prev_cwnd
= lchk
->rec
.data
.cwnd_at_send
;
3062 if (SCTP_TSN_GT(lchk
->rec
.data
.TSN_seq
, tsn
)) {
3068 * What to do. A previous send of a CWR was possibly lost.
3069 * See how old it is, we may have it marked on the actual
3072 TAILQ_FOREACH(net
, &stcb
->asoc
.nets
, sctp_next
) {
3073 if (tsn
== net
->last_cwr_tsn
) {
3074 /* Found him, send it off */
3080 * If we reach here, we need to send a special CWR
3081 * that says hey, we did this a long time ago and
3082 * you lost the response.
3084 net
= TAILQ_FIRST(&stcb
->asoc
.nets
);
3089 override_bit
= SCTP_CWR_REDUCE_OVERRIDE
;
3096 if (SCTP_TSN_GT(tsn
, net
->cwr_window_tsn
) &&
3097 ((override_bit
& SCTP_CWR_REDUCE_OVERRIDE
) == 0)) {
3099 * JRS - Use the congestion control given in the pluggable
3102 stcb
->asoc
.cc_functions
.sctp_cwnd_update_after_ecn_echo(stcb
, net
, 0, pkt_cnt
);
3104 * We reduce once every RTT. So we will only lower cwnd at
3105 * the next sending seq i.e. the window_data_tsn
3107 net
->cwr_window_tsn
= window_data_tsn
;
3108 net
->ecn_ce_pkt_cnt
+= pkt_cnt
;
3109 net
->lost_cnt
= pkt_cnt
;
3110 net
->last_cwr_tsn
= tsn
;
3112 override_bit
|= SCTP_CWR_IN_SAME_WINDOW
;
3113 if (SCTP_TSN_GT(tsn
, net
->last_cwr_tsn
) &&
3114 ((override_bit
& SCTP_CWR_REDUCE_OVERRIDE
) == 0)) {
3116 * Another loss in the same window update how many
3117 * marks/packets lost we have had.
3121 if (pkt_cnt
> net
->lost_cnt
) {
3122 /* Should be the case */
3123 cnt
= (pkt_cnt
- net
->lost_cnt
);
3124 net
->ecn_ce_pkt_cnt
+= cnt
;
3126 net
->lost_cnt
= pkt_cnt
;
3127 net
->last_cwr_tsn
= tsn
;
3129 * Most CC functions will ignore this call, since we
3130 * are in-window yet of the initial CE the peer saw.
3132 stcb
->asoc
.cc_functions
.sctp_cwnd_update_after_ecn_echo(stcb
, net
, 1, cnt
);
3136 * We always send a CWR this way if our previous one was lost our
3137 * peer will get an update, or if it is not time again to reduce we
3138 * still get the cwr to the peer. Note we set the override when we
3139 * could not find the TSN on the chunk or the destination network.
3141 sctp_send_cwr(stcb
, net
, net
->last_cwr_tsn
, override_bit
);
3145 sctp_handle_ecn_cwr(struct sctp_cwr_chunk
*cp
, struct sctp_tcb
*stcb
, struct sctp_nets
*net
)
3148 * Here we get a CWR from the peer. We must look in the outqueue and
3149 * make sure that we have a covered ECNE in the control chunk part.
3152 struct sctp_tmit_chunk
*chk
;
3153 struct sctp_ecne_chunk
*ecne
;
3157 cwr_tsn
= ntohl(cp
->tsn
);
3158 override
= cp
->ch
.chunk_flags
& SCTP_CWR_REDUCE_OVERRIDE
;
3159 TAILQ_FOREACH(chk
, &stcb
->asoc
.control_send_queue
, sctp_next
) {
3160 if (chk
->rec
.chunk_id
.id
!= SCTP_ECN_ECHO
) {
3163 if ((override
== 0) && (chk
->whoTo
!= net
)) {
3164 /* Must be from the right src unless override is set */
3167 ecne
= mtod(chk
->data
, struct sctp_ecne_chunk
*);
3168 if (SCTP_TSN_GE(cwr_tsn
, ntohl(ecne
->tsn
))) {
3169 /* this covers this ECNE, we can remove it */
3170 stcb
->asoc
.ecn_echo_cnt_onq
--;
3171 TAILQ_REMOVE(&stcb
->asoc
.control_send_queue
, chk
,
3173 sctp_m_freem(chk
->data
);
3175 stcb
->asoc
.ctrl_queue_cnt
--;
3176 sctp_free_a_chunk(stcb
, chk
, SCTP_SO_NOT_LOCKED
);
3177 if (override
== 0) {
3185 sctp_handle_shutdown_complete(struct sctp_shutdown_complete_chunk
*cp SCTP_UNUSED
,
3186 struct sctp_tcb
*stcb
, struct sctp_nets
*net
)
3188 struct sctp_association
*asoc
;
3190 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3195 SCTPDBG(SCTP_DEBUG_INPUT2
,
3196 "sctp_handle_shutdown_complete: handling SHUTDOWN-COMPLETE\n");
3201 /* process according to association state */
3202 if (SCTP_GET_STATE(asoc
) != SCTP_STATE_SHUTDOWN_ACK_SENT
) {
3203 /* unexpected SHUTDOWN-COMPLETE... so ignore... */
3204 SCTPDBG(SCTP_DEBUG_INPUT2
,
3205 "sctp_handle_shutdown_complete: not in SCTP_STATE_SHUTDOWN_ACK_SENT --- ignore\n");
3206 SCTP_TCB_UNLOCK(stcb
);
3209 /* notify upper layer protocol */
3210 if (stcb
->sctp_socket
) {
3211 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN
, stcb
, 0, NULL
, SCTP_SO_NOT_LOCKED
);
3214 if (!TAILQ_EMPTY(&asoc
->send_queue
) ||
3215 !TAILQ_EMPTY(&asoc
->sent_queue
) ||
3216 !stcb
->asoc
.ss_functions
.sctp_ss_is_empty(stcb
, asoc
)) {
3217 panic("Queues are not empty when handling SHUTDOWN-COMPLETE");
3220 /* stop the timer */
3221 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWNACK
, stcb
->sctp_ep
, stcb
, net
,
3222 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_24
);
3223 SCTP_STAT_INCR_COUNTER32(sctps_shutdown
);
3225 SCTPDBG(SCTP_DEBUG_INPUT2
,
3226 "sctp_handle_shutdown_complete: calls free-asoc\n");
3227 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3228 so
= SCTP_INP_SO(stcb
->sctp_ep
);
3229 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
3230 SCTP_TCB_UNLOCK(stcb
);
3231 SCTP_SOCKET_LOCK(so
, 1);
3232 SCTP_TCB_LOCK(stcb
);
3233 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
3235 (void)sctp_free_assoc(stcb
->sctp_ep
, stcb
, SCTP_NORMAL_PROC
,
3236 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_25
);
3237 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3238 SCTP_SOCKET_UNLOCK(so
, 1);
3244 process_chunk_drop(struct sctp_tcb
*stcb
, struct sctp_chunk_desc
*desc
,
3245 struct sctp_nets
*net
, uint8_t flg
)
3247 switch (desc
->chunk_type
) {
3249 /* find the tsn to resend (possibly */
3252 struct sctp_tmit_chunk
*tp1
;
3254 tsn
= ntohl(desc
->tsn_ifany
);
3255 TAILQ_FOREACH(tp1
, &stcb
->asoc
.sent_queue
, sctp_next
) {
3256 if (tp1
->rec
.data
.TSN_seq
== tsn
) {
3260 if (SCTP_TSN_GT(tp1
->rec
.data
.TSN_seq
, tsn
)) {
3268 * Do it the other way , aka without paying
3269 * attention to queue seq order.
3271 SCTP_STAT_INCR(sctps_pdrpdnfnd
);
3272 TAILQ_FOREACH(tp1
, &stcb
->asoc
.sent_queue
, sctp_next
) {
3273 if (tp1
->rec
.data
.TSN_seq
== tsn
) {
3280 SCTP_STAT_INCR(sctps_pdrptsnnf
);
3282 if ((tp1
) && (tp1
->sent
< SCTP_DATAGRAM_ACKED
)) {
3285 if (((flg
& SCTP_BADCRC
) == 0) &&
3286 ((flg
& SCTP_FROM_MIDDLE_BOX
) == 0)) {
3289 if ((stcb
->asoc
.peers_rwnd
== 0) &&
3290 ((flg
& SCTP_FROM_MIDDLE_BOX
) == 0)) {
3291 SCTP_STAT_INCR(sctps_pdrpdiwnp
);
3294 if (stcb
->asoc
.peers_rwnd
== 0 &&
3295 (flg
& SCTP_FROM_MIDDLE_BOX
)) {
3296 SCTP_STAT_INCR(sctps_pdrpdizrw
);
3299 ddp
= (uint8_t *) (mtod(tp1
->data
, caddr_t
)+
3300 sizeof(struct sctp_data_chunk
));
3304 for (iii
= 0; iii
< sizeof(desc
->data_bytes
);
3306 if (ddp
[iii
] != desc
->data_bytes
[iii
]) {
3307 SCTP_STAT_INCR(sctps_pdrpbadd
);
3315 * this guy had a RTO calculation
3316 * pending on it, cancel it
3318 if (tp1
->whoTo
->rto_needed
== 0) {
3319 tp1
->whoTo
->rto_needed
= 1;
3323 SCTP_STAT_INCR(sctps_pdrpmark
);
3324 if (tp1
->sent
!= SCTP_DATAGRAM_RESEND
)
3325 sctp_ucount_incr(stcb
->asoc
.sent_queue_retran_cnt
);
3327 * mark it as if we were doing a FR, since
3328 * we will be getting gap ack reports behind
3329 * the info from the router.
3331 tp1
->rec
.data
.doing_fast_retransmit
= 1;
3333 * mark the tsn with what sequences can
3336 if (TAILQ_EMPTY(&stcb
->asoc
.send_queue
)) {
3337 tp1
->rec
.data
.fast_retran_tsn
= stcb
->asoc
.sending_seq
;
3339 tp1
->rec
.data
.fast_retran_tsn
= (TAILQ_FIRST(&stcb
->asoc
.send_queue
))->rec
.data
.TSN_seq
;
3342 /* restart the timer */
3343 sctp_timer_stop(SCTP_TIMER_TYPE_SEND
, stcb
->sctp_ep
,
3345 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_26
);
3346 sctp_timer_start(SCTP_TIMER_TYPE_SEND
, stcb
->sctp_ep
,
3349 /* fix counts and things */
3350 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_FLIGHT_LOGGING_ENABLE
) {
3351 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_PDRP
,
3352 tp1
->whoTo
->flight_size
,
3354 (uint32_t) (uintptr_t) stcb
,
3355 tp1
->rec
.data
.TSN_seq
);
3357 if (tp1
->sent
< SCTP_DATAGRAM_RESEND
) {
3358 sctp_flight_size_decrease(tp1
);
3359 sctp_total_flight_decrease(stcb
, tp1
);
3361 tp1
->sent
= SCTP_DATAGRAM_RESEND
;
3367 TAILQ_FOREACH(tp1
, &stcb
->asoc
.sent_queue
, sctp_next
) {
3368 if (tp1
->sent
== SCTP_DATAGRAM_RESEND
)
3371 TAILQ_FOREACH(tp1
, &stcb
->asoc
.control_send_queue
,
3373 if (tp1
->sent
== SCTP_DATAGRAM_RESEND
)
3376 if (audit
!= stcb
->asoc
.sent_queue_retran_cnt
) {
3377 SCTP_PRINTF("**Local Audit finds cnt:%d asoc cnt:%d\n",
3378 audit
, stcb
->asoc
.sent_queue_retran_cnt
);
3379 #ifndef SCTP_AUDITING_ENABLED
3380 stcb
->asoc
.sent_queue_retran_cnt
= audit
;
3388 struct sctp_tmit_chunk
*asconf
;
3390 TAILQ_FOREACH(asconf
, &stcb
->asoc
.control_send_queue
,
3392 if (asconf
->rec
.chunk_id
.id
== SCTP_ASCONF
) {
3397 if (asconf
->sent
!= SCTP_DATAGRAM_RESEND
)
3398 sctp_ucount_incr(stcb
->asoc
.sent_queue_retran_cnt
);
3399 asconf
->sent
= SCTP_DATAGRAM_RESEND
;
3400 asconf
->snd_count
--;
3404 case SCTP_INITIATION
:
3405 /* resend the INIT */
3406 stcb
->asoc
.dropped_special_cnt
++;
3407 if (stcb
->asoc
.dropped_special_cnt
< SCTP_RETRY_DROPPED_THRESH
) {
3409 * If we can get it in, in a few attempts we do
3410 * this, otherwise we let the timer fire.
3412 sctp_timer_stop(SCTP_TIMER_TYPE_INIT
, stcb
->sctp_ep
,
3414 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_27
);
3415 sctp_send_initiate(stcb
->sctp_ep
, stcb
, SCTP_SO_NOT_LOCKED
);
3418 case SCTP_SELECTIVE_ACK
:
3419 case SCTP_NR_SELECTIVE_ACK
:
3420 /* resend the sack */
3421 sctp_send_sack(stcb
, SCTP_SO_NOT_LOCKED
);
3423 case SCTP_HEARTBEAT_REQUEST
:
3424 /* resend a demand HB */
3425 if ((stcb
->asoc
.overall_error_count
+ 3) < stcb
->asoc
.max_send_times
) {
3427 * Only retransmit if we KNOW we wont destroy the
3430 sctp_send_hb(stcb
, net
, SCTP_SO_NOT_LOCKED
);
3434 sctp_send_shutdown(stcb
, net
);
3436 case SCTP_SHUTDOWN_ACK
:
3437 sctp_send_shutdown_ack(stcb
, net
);
3439 case SCTP_COOKIE_ECHO
:
3441 struct sctp_tmit_chunk
*cookie
;
3444 TAILQ_FOREACH(cookie
, &stcb
->asoc
.control_send_queue
,
3446 if (cookie
->rec
.chunk_id
.id
== SCTP_COOKIE_ECHO
) {
3451 if (cookie
->sent
!= SCTP_DATAGRAM_RESEND
)
3452 sctp_ucount_incr(stcb
->asoc
.sent_queue_retran_cnt
);
3453 cookie
->sent
= SCTP_DATAGRAM_RESEND
;
3454 sctp_stop_all_cookie_timers(stcb
);
3458 case SCTP_COOKIE_ACK
:
3459 sctp_send_cookie_ack(stcb
);
3461 case SCTP_ASCONF_ACK
:
3462 /* resend last asconf ack */
3463 sctp_send_asconf_ack(stcb
);
3465 case SCTP_IFORWARD_CUM_TSN
:
3466 case SCTP_FORWARD_CUM_TSN
:
3467 send_forward_tsn(stcb
, &stcb
->asoc
);
3469 /* can't do anything with these */
3470 case SCTP_PACKET_DROPPED
:
3471 case SCTP_INITIATION_ACK
: /* this should not happen */
3472 case SCTP_HEARTBEAT_ACK
:
3473 case SCTP_ABORT_ASSOCIATION
:
3474 case SCTP_OPERATION_ERROR
:
3475 case SCTP_SHUTDOWN_COMPLETE
:
3485 sctp_reset_in_stream(struct sctp_tcb
*stcb
, uint32_t number_entries
, uint16_t * list
)
3491 * We set things to 0xffffffff since this is the last delivered
3492 * sequence and we will be sending in 0 after the reset.
3495 if (number_entries
) {
3496 for (i
= 0; i
< number_entries
; i
++) {
3497 temp
= ntohs(list
[i
]);
3498 if (temp
>= stcb
->asoc
.streamincnt
) {
3501 stcb
->asoc
.strmin
[temp
].last_sequence_delivered
= 0xffffffff;
3505 for (i
= 0; i
< stcb
->asoc
.streamincnt
; i
++) {
3506 stcb
->asoc
.strmin
[i
].last_sequence_delivered
= 0xffffffff;
3509 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_RECV
, stcb
, number_entries
, (void *)list
, SCTP_SO_NOT_LOCKED
);
3513 sctp_reset_out_streams(struct sctp_tcb
*stcb
, uint32_t number_entries
, uint16_t * list
)
3518 if (number_entries
> 0) {
3519 for (i
= 0; i
< number_entries
; i
++) {
3520 temp
= ntohs(list
[i
]);
3521 if (temp
>= stcb
->asoc
.streamoutcnt
) {
3522 /* no such stream */
3525 stcb
->asoc
.strmout
[temp
].next_mid_ordered
= 0;
3526 stcb
->asoc
.strmout
[temp
].next_mid_unordered
= 0;
3529 for (i
= 0; i
< stcb
->asoc
.streamoutcnt
; i
++) {
3530 stcb
->asoc
.strmout
[i
].next_mid_ordered
= 0;
3531 stcb
->asoc
.strmout
[i
].next_mid_unordered
= 0;
3534 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_SEND
, stcb
, number_entries
, (void *)list
, SCTP_SO_NOT_LOCKED
);
3538 sctp_reset_clear_pending(struct sctp_tcb
*stcb
, uint32_t number_entries
, uint16_t * list
)
3543 if (number_entries
> 0) {
3544 for (i
= 0; i
< number_entries
; i
++) {
3545 temp
= ntohs(list
[i
]);
3546 if (temp
>= stcb
->asoc
.streamoutcnt
) {
3547 /* no such stream */
3550 stcb
->asoc
.strmout
[temp
].state
= SCTP_STREAM_OPEN
;
3553 for (i
= 0; i
< stcb
->asoc
.streamoutcnt
; i
++) {
3554 stcb
->asoc
.strmout
[i
].state
= SCTP_STREAM_OPEN
;
3560 struct sctp_stream_reset_request
*
3561 sctp_find_stream_reset(struct sctp_tcb
*stcb
, uint32_t seq
, struct sctp_tmit_chunk
**bchk
)
3563 struct sctp_association
*asoc
;
3564 struct sctp_chunkhdr
*ch
;
3565 struct sctp_stream_reset_request
*r
;
3566 struct sctp_tmit_chunk
*chk
;
3570 if (TAILQ_EMPTY(&stcb
->asoc
.control_send_queue
)) {
3571 asoc
->stream_reset_outstanding
= 0;
3574 if (stcb
->asoc
.str_reset
== NULL
) {
3575 asoc
->stream_reset_outstanding
= 0;
3578 chk
= stcb
->asoc
.str_reset
;
3579 if (chk
->data
== NULL
) {
3583 /* he wants a copy of the chk pointer */
3586 clen
= chk
->send_size
;
3587 ch
= mtod(chk
->data
, struct sctp_chunkhdr
*);
3588 r
= (struct sctp_stream_reset_request
*)(ch
+ 1);
3589 if (ntohl(r
->request_seq
) == seq
) {
3593 len
= SCTP_SIZE32(ntohs(r
->ph
.param_length
));
3594 if (clen
> (len
+ (int)sizeof(struct sctp_chunkhdr
))) {
3595 /* move to the next one, there can only be a max of two */
3596 r
= (struct sctp_stream_reset_request
*)((caddr_t
)r
+ len
);
3597 if (ntohl(r
->request_seq
) == seq
) {
3601 /* that seq is not here */
3606 sctp_clean_up_stream_reset(struct sctp_tcb
*stcb
)
3608 struct sctp_association
*asoc
;
3609 struct sctp_tmit_chunk
*chk
= stcb
->asoc
.str_reset
;
3611 if (stcb
->asoc
.str_reset
== NULL
) {
3616 sctp_timer_stop(SCTP_TIMER_TYPE_STRRESET
, stcb
->sctp_ep
, stcb
,
3617 chk
->whoTo
, SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_28
);
3618 TAILQ_REMOVE(&asoc
->control_send_queue
,
3622 sctp_m_freem(chk
->data
);
3625 asoc
->ctrl_queue_cnt
--;
3626 sctp_free_a_chunk(stcb
, chk
, SCTP_SO_NOT_LOCKED
);
3627 /* sa_ignore NO_NULL_CHK */
3628 stcb
->asoc
.str_reset
= NULL
;
3633 sctp_handle_stream_reset_response(struct sctp_tcb
*stcb
,
3634 uint32_t seq
, uint32_t action
,
3635 struct sctp_stream_reset_response
*respin
)
3639 struct sctp_association
*asoc
= &stcb
->asoc
;
3640 struct sctp_tmit_chunk
*chk
;
3641 struct sctp_stream_reset_request
*req_param
;
3642 struct sctp_stream_reset_out_request
*req_out_param
;
3643 struct sctp_stream_reset_in_request
*req_in_param
;
3644 uint32_t number_entries
;
3646 if (asoc
->stream_reset_outstanding
== 0) {
3650 if (seq
== stcb
->asoc
.str_reset_seq_out
) {
3651 req_param
= sctp_find_stream_reset(stcb
, seq
, &chk
);
3652 if (req_param
!= NULL
) {
3653 stcb
->asoc
.str_reset_seq_out
++;
3654 type
= ntohs(req_param
->ph
.param_type
);
3655 lparm_len
= ntohs(req_param
->ph
.param_length
);
3656 if (type
== SCTP_STR_RESET_OUT_REQUEST
) {
3659 req_out_param
= (struct sctp_stream_reset_out_request
*)req_param
;
3660 number_entries
= (lparm_len
- sizeof(struct sctp_stream_reset_out_request
)) / sizeof(uint16_t);
3661 asoc
->stream_reset_out_is_outstanding
= 0;
3662 if (asoc
->stream_reset_outstanding
)
3663 asoc
->stream_reset_outstanding
--;
3664 if (action
== SCTP_STREAM_RESET_RESULT_PERFORMED
) {
3666 sctp_reset_out_streams(stcb
, number_entries
, req_out_param
->list_of_streams
);
3667 } else if (action
== SCTP_STREAM_RESET_RESULT_DENIED
) {
3668 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_DENIED_OUT
, stcb
, number_entries
, req_out_param
->list_of_streams
, SCTP_SO_NOT_LOCKED
);
3669 } else if (action
== SCTP_STREAM_RESET_RESULT_IN_PROGRESS
) {
3671 * Set it up so we don't stop
3674 asoc
->stream_reset_outstanding
++;
3675 stcb
->asoc
.str_reset_seq_out
--;
3676 asoc
->stream_reset_out_is_outstanding
= 1;
3679 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_OUT
, stcb
, number_entries
, req_out_param
->list_of_streams
, SCTP_SO_NOT_LOCKED
);
3681 if (no_clear
== 0) {
3682 sctp_reset_clear_pending(stcb
, number_entries
, req_out_param
->list_of_streams
);
3684 } else if (type
== SCTP_STR_RESET_IN_REQUEST
) {
3685 req_in_param
= (struct sctp_stream_reset_in_request
*)req_param
;
3686 number_entries
= (lparm_len
- sizeof(struct sctp_stream_reset_in_request
)) / sizeof(uint16_t);
3687 if (asoc
->stream_reset_outstanding
)
3688 asoc
->stream_reset_outstanding
--;
3689 if (action
== SCTP_STREAM_RESET_RESULT_DENIED
) {
3690 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_DENIED_IN
, stcb
,
3691 number_entries
, req_in_param
->list_of_streams
, SCTP_SO_NOT_LOCKED
);
3692 } else if (action
!= SCTP_STREAM_RESET_RESULT_PERFORMED
) {
3693 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_IN
, stcb
,
3694 number_entries
, req_in_param
->list_of_streams
, SCTP_SO_NOT_LOCKED
);
3696 } else if (type
== SCTP_STR_RESET_ADD_OUT_STREAMS
) {
3697 /* Ok we now may have more streams */
3700 num_stream
= stcb
->asoc
.strm_pending_add_size
;
3701 if (num_stream
> (stcb
->asoc
.strm_realoutsize
- stcb
->asoc
.streamoutcnt
)) {
3703 num_stream
= stcb
->asoc
.strm_realoutsize
- stcb
->asoc
.streamoutcnt
;
3705 stcb
->asoc
.strm_pending_add_size
= 0;
3706 if (asoc
->stream_reset_outstanding
)
3707 asoc
->stream_reset_outstanding
--;
3708 if (action
== SCTP_STREAM_RESET_RESULT_PERFORMED
) {
3709 /* Put the new streams into effect */
3712 for (i
= asoc
->streamoutcnt
; i
< (asoc
->streamoutcnt
+ num_stream
); i
++) {
3713 asoc
->strmout
[i
].state
= SCTP_STREAM_OPEN
;
3715 asoc
->streamoutcnt
+= num_stream
;
3716 sctp_notify_stream_reset_add(stcb
, stcb
->asoc
.streamincnt
, stcb
->asoc
.streamoutcnt
, 0);
3717 } else if (action
== SCTP_STREAM_RESET_RESULT_DENIED
) {
3718 sctp_notify_stream_reset_add(stcb
, stcb
->asoc
.streamincnt
, stcb
->asoc
.streamoutcnt
,
3719 SCTP_STREAM_CHANGE_DENIED
);
3721 sctp_notify_stream_reset_add(stcb
, stcb
->asoc
.streamincnt
, stcb
->asoc
.streamoutcnt
,
3722 SCTP_STREAM_CHANGE_FAILED
);
3724 } else if (type
== SCTP_STR_RESET_ADD_IN_STREAMS
) {
3725 if (asoc
->stream_reset_outstanding
)
3726 asoc
->stream_reset_outstanding
--;
3727 if (action
== SCTP_STREAM_RESET_RESULT_DENIED
) {
3728 sctp_notify_stream_reset_add(stcb
, stcb
->asoc
.streamincnt
, stcb
->asoc
.streamoutcnt
,
3729 SCTP_STREAM_CHANGE_DENIED
);
3730 } else if (action
!= SCTP_STREAM_RESET_RESULT_PERFORMED
) {
3731 sctp_notify_stream_reset_add(stcb
, stcb
->asoc
.streamincnt
, stcb
->asoc
.streamoutcnt
,
3732 SCTP_STREAM_CHANGE_FAILED
);
3734 } else if (type
== SCTP_STR_RESET_TSN_REQUEST
) {
3736 * a) Adopt the new in tsn.
3738 * c) Adopt the new out-tsn
3740 struct sctp_stream_reset_response_tsn
*resp
;
3741 struct sctp_forward_tsn_chunk fwdtsn
;
3744 if (respin
== NULL
) {
3748 if (ntohs(respin
->ph
.param_length
) < sizeof(struct sctp_stream_reset_response_tsn
)) {
3751 if (action
== SCTP_STREAM_RESET_RESULT_PERFORMED
) {
3752 resp
= (struct sctp_stream_reset_response_tsn
*)respin
;
3753 asoc
->stream_reset_outstanding
--;
3754 fwdtsn
.ch
.chunk_length
= htons(sizeof(struct sctp_forward_tsn_chunk
));
3755 fwdtsn
.ch
.chunk_type
= SCTP_FORWARD_CUM_TSN
;
3756 fwdtsn
.new_cumulative_tsn
= htonl(ntohl(resp
->senders_next_tsn
) - 1);
3757 sctp_handle_forward_tsn(stcb
, &fwdtsn
, &abort_flag
, NULL
, 0);
3761 stcb
->asoc
.highest_tsn_inside_map
= (ntohl(resp
->senders_next_tsn
) - 1);
3762 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_MAP_LOGGING_ENABLE
) {
3763 sctp_log_map(0, 7, asoc
->highest_tsn_inside_map
, SCTP_MAP_SLIDE_RESULT
);
3765 stcb
->asoc
.tsn_last_delivered
= stcb
->asoc
.cumulative_tsn
= stcb
->asoc
.highest_tsn_inside_map
;
3766 stcb
->asoc
.mapping_array_base_tsn
= ntohl(resp
->senders_next_tsn
);
3767 memset(stcb
->asoc
.mapping_array
, 0, stcb
->asoc
.mapping_array_size
);
3769 stcb
->asoc
.highest_tsn_inside_nr_map
= stcb
->asoc
.highest_tsn_inside_map
;
3770 memset(stcb
->asoc
.nr_mapping_array
, 0, stcb
->asoc
.mapping_array_size
);
3772 stcb
->asoc
.sending_seq
= ntohl(resp
->receivers_next_tsn
);
3773 stcb
->asoc
.last_acked_seq
= stcb
->asoc
.cumulative_tsn
;
3775 sctp_reset_out_streams(stcb
, 0, (uint16_t *) NULL
);
3776 sctp_reset_in_stream(stcb
, 0, (uint16_t *) NULL
);
3777 sctp_notify_stream_reset_tsn(stcb
, stcb
->asoc
.sending_seq
, (stcb
->asoc
.mapping_array_base_tsn
+ 1), 0);
3778 } else if (action
== SCTP_STREAM_RESET_RESULT_DENIED
) {
3779 sctp_notify_stream_reset_tsn(stcb
, stcb
->asoc
.sending_seq
, (stcb
->asoc
.mapping_array_base_tsn
+ 1),
3780 SCTP_ASSOC_RESET_DENIED
);
3782 sctp_notify_stream_reset_tsn(stcb
, stcb
->asoc
.sending_seq
, (stcb
->asoc
.mapping_array_base_tsn
+ 1),
3783 SCTP_ASSOC_RESET_FAILED
);
3786 /* get rid of the request and get the request flags */
3787 if (asoc
->stream_reset_outstanding
== 0) {
3788 sctp_clean_up_stream_reset(stcb
);
3792 if (asoc
->stream_reset_outstanding
== 0) {
3793 sctp_send_stream_reset_out_if_possible(stcb
, SCTP_SO_NOT_LOCKED
);
3799 sctp_handle_str_reset_request_in(struct sctp_tcb
*stcb
,
3800 struct sctp_tmit_chunk
*chk
,
3801 struct sctp_stream_reset_in_request
*req
, int trunc
)
3809 * peer wants me to send a str-reset to him for my outgoing seq's if
3812 struct sctp_association
*asoc
= &stcb
->asoc
;
3814 seq
= ntohl(req
->request_seq
);
3815 if (asoc
->str_reset_seq_in
== seq
) {
3816 asoc
->last_reset_action
[1] = asoc
->last_reset_action
[0];
3817 if (!(asoc
->local_strreset_support
& SCTP_ENABLE_RESET_STREAM_REQ
)) {
3818 asoc
->last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_DENIED
;
3820 /* Can't do it, since they exceeded our buffer size */
3821 asoc
->last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_DENIED
;
3822 } else if (stcb
->asoc
.stream_reset_out_is_outstanding
== 0) {
3823 len
= ntohs(req
->ph
.param_length
);
3824 number_entries
= ((len
- sizeof(struct sctp_stream_reset_in_request
)) / sizeof(uint16_t));
3825 if (number_entries
) {
3826 for (i
= 0; i
< number_entries
; i
++) {
3827 temp
= ntohs(req
->list_of_streams
[i
]);
3828 if (temp
>= stcb
->asoc
.streamoutcnt
) {
3829 asoc
->last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_DENIED
;
3832 req
->list_of_streams
[i
] = temp
;
3834 for (i
= 0; i
< number_entries
; i
++) {
3835 if (stcb
->asoc
.strmout
[req
->list_of_streams
[i
]].state
== SCTP_STREAM_OPEN
) {
3836 stcb
->asoc
.strmout
[req
->list_of_streams
[i
]].state
= SCTP_STREAM_RESET_PENDING
;
3841 for (i
= 0; i
< stcb
->asoc
.streamoutcnt
; i
++) {
3842 if (stcb
->asoc
.strmout
[i
].state
== SCTP_STREAM_OPEN
)
3843 stcb
->asoc
.strmout
[i
].state
= SCTP_STREAM_RESET_PENDING
;
3846 asoc
->last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_PERFORMED
;
3848 /* Can't do it, since we have sent one out */
3849 asoc
->last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_ERR_IN_PROGRESS
;
3852 sctp_add_stream_reset_result(chk
, seq
, asoc
->last_reset_action
[0]);
3853 asoc
->str_reset_seq_in
++;
3854 } else if (asoc
->str_reset_seq_in
- 1 == seq
) {
3855 sctp_add_stream_reset_result(chk
, seq
, asoc
->last_reset_action
[0]);
3856 } else if (asoc
->str_reset_seq_in
- 2 == seq
) {
3857 sctp_add_stream_reset_result(chk
, seq
, asoc
->last_reset_action
[1]);
3859 sctp_add_stream_reset_result(chk
, seq
, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO
);
3861 sctp_send_stream_reset_out_if_possible(stcb
, SCTP_SO_NOT_LOCKED
);
3865 sctp_handle_str_reset_request_tsn(struct sctp_tcb
*stcb
,
3866 struct sctp_tmit_chunk
*chk
,
3867 struct sctp_stream_reset_tsn_request
*req
)
3869 /* reset all in and out and update the tsn */
3871 * A) reset my str-seq's on in and out. B) Select a receive next,
3872 * and set cum-ack to it. Also process this selected number as a
3873 * fwd-tsn as well. C) set in the response my next sending seq.
3875 struct sctp_forward_tsn_chunk fwdtsn
;
3876 struct sctp_association
*asoc
= &stcb
->asoc
;
3880 seq
= ntohl(req
->request_seq
);
3881 if (asoc
->str_reset_seq_in
== seq
) {
3882 asoc
->last_reset_action
[1] = stcb
->asoc
.last_reset_action
[0];
3883 if (!(asoc
->local_strreset_support
& SCTP_ENABLE_CHANGE_ASSOC_REQ
)) {
3884 asoc
->last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_DENIED
;
3886 fwdtsn
.ch
.chunk_length
= htons(sizeof(struct sctp_forward_tsn_chunk
));
3887 fwdtsn
.ch
.chunk_type
= SCTP_FORWARD_CUM_TSN
;
3888 fwdtsn
.ch
.chunk_flags
= 0;
3889 fwdtsn
.new_cumulative_tsn
= htonl(stcb
->asoc
.highest_tsn_inside_map
+ 1);
3890 sctp_handle_forward_tsn(stcb
, &fwdtsn
, &abort_flag
, NULL
, 0);
3894 asoc
->highest_tsn_inside_map
+= SCTP_STREAM_RESET_TSN_DELTA
;
3895 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_MAP_LOGGING_ENABLE
) {
3896 sctp_log_map(0, 10, asoc
->highest_tsn_inside_map
, SCTP_MAP_SLIDE_RESULT
);
3898 asoc
->tsn_last_delivered
= asoc
->cumulative_tsn
= asoc
->highest_tsn_inside_map
;
3899 asoc
->mapping_array_base_tsn
= asoc
->highest_tsn_inside_map
+ 1;
3900 memset(asoc
->mapping_array
, 0, asoc
->mapping_array_size
);
3901 asoc
->highest_tsn_inside_nr_map
= asoc
->highest_tsn_inside_map
;
3902 memset(asoc
->nr_mapping_array
, 0, asoc
->mapping_array_size
);
3903 atomic_add_int(&asoc
->sending_seq
, 1);
3904 /* save off historical data for retrans */
3905 asoc
->last_sending_seq
[1] = asoc
->last_sending_seq
[0];
3906 asoc
->last_sending_seq
[0] = asoc
->sending_seq
;
3907 asoc
->last_base_tsnsent
[1] = asoc
->last_base_tsnsent
[0];
3908 asoc
->last_base_tsnsent
[0] = asoc
->mapping_array_base_tsn
;
3909 sctp_reset_out_streams(stcb
, 0, (uint16_t *) NULL
);
3910 sctp_reset_in_stream(stcb
, 0, (uint16_t *) NULL
);
3911 asoc
->last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_PERFORMED
;
3912 sctp_notify_stream_reset_tsn(stcb
, asoc
->sending_seq
, (asoc
->mapping_array_base_tsn
+ 1), 0);
3914 sctp_add_stream_reset_result_tsn(chk
, seq
, asoc
->last_reset_action
[0],
3915 asoc
->last_sending_seq
[0], asoc
->last_base_tsnsent
[0]);
3916 asoc
->str_reset_seq_in
++;
3917 } else if (asoc
->str_reset_seq_in
- 1 == seq
) {
3918 sctp_add_stream_reset_result_tsn(chk
, seq
, asoc
->last_reset_action
[0],
3919 asoc
->last_sending_seq
[0], asoc
->last_base_tsnsent
[0]);
3920 } else if (asoc
->str_reset_seq_in
- 2 == seq
) {
3921 sctp_add_stream_reset_result_tsn(chk
, seq
, asoc
->last_reset_action
[1],
3922 asoc
->last_sending_seq
[1], asoc
->last_base_tsnsent
[1]);
3924 sctp_add_stream_reset_result(chk
, seq
, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO
);
3930 sctp_handle_str_reset_request_out(struct sctp_tcb
*stcb
,
3931 struct sctp_tmit_chunk
*chk
,
3932 struct sctp_stream_reset_out_request
*req
, int trunc
)
3935 int number_entries
, len
;
3936 struct sctp_association
*asoc
= &stcb
->asoc
;
3938 seq
= ntohl(req
->request_seq
);
3940 /* now if its not a duplicate we process it */
3941 if (asoc
->str_reset_seq_in
== seq
) {
3942 len
= ntohs(req
->ph
.param_length
);
3943 number_entries
= ((len
- sizeof(struct sctp_stream_reset_out_request
)) / sizeof(uint16_t));
3945 * the sender is resetting, handle the list issue.. we must
3946 * a) verify if we can do the reset, if so no problem b) If
3947 * we can't do the reset we must copy the request. c) queue
3948 * it, and setup the data in processor to trigger it off
3949 * when needed and dequeue all the queued data.
3951 tsn
= ntohl(req
->send_reset_at_tsn
);
3953 /* move the reset action back one */
3954 asoc
->last_reset_action
[1] = asoc
->last_reset_action
[0];
3955 if (!(asoc
->local_strreset_support
& SCTP_ENABLE_RESET_STREAM_REQ
)) {
3956 asoc
->last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_DENIED
;
3958 asoc
->last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_DENIED
;
3959 } else if (SCTP_TSN_GE(asoc
->cumulative_tsn
, tsn
)) {
3960 /* we can do it now */
3961 sctp_reset_in_stream(stcb
, number_entries
, req
->list_of_streams
);
3962 asoc
->last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_PERFORMED
;
3965 * we must queue it up and thus wait for the TSN's
3966 * to arrive that are at or before tsn
3968 struct sctp_stream_reset_list
*liste
;
3971 siz
= sizeof(struct sctp_stream_reset_list
) + (number_entries
* sizeof(uint16_t));
3972 SCTP_MALLOC(liste
, struct sctp_stream_reset_list
*,
3973 siz
, SCTP_M_STRESET
);
3974 if (liste
== NULL
) {
3975 /* gak out of memory */
3976 asoc
->last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_DENIED
;
3977 sctp_add_stream_reset_result(chk
, seq
, asoc
->last_reset_action
[0]);
3982 liste
->number_entries
= number_entries
;
3983 memcpy(&liste
->list_of_streams
, req
->list_of_streams
, number_entries
* sizeof(uint16_t));
3984 TAILQ_INSERT_TAIL(&asoc
->resetHead
, liste
, next_resp
);
3985 asoc
->last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_IN_PROGRESS
;
3987 sctp_add_stream_reset_result(chk
, seq
, asoc
->last_reset_action
[0]);
3988 asoc
->str_reset_seq_in
++;
3989 } else if ((asoc
->str_reset_seq_in
- 1) == seq
) {
3991 * one seq back, just echo back last action since my
3992 * response was lost.
3994 sctp_add_stream_reset_result(chk
, seq
, asoc
->last_reset_action
[0]);
3995 } else if ((asoc
->str_reset_seq_in
- 2) == seq
) {
3997 * two seq back, just echo back last action since my
3998 * response was lost.
4000 sctp_add_stream_reset_result(chk
, seq
, asoc
->last_reset_action
[1]);
4002 sctp_add_stream_reset_result(chk
, seq
, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO
);
4007 sctp_handle_str_reset_add_strm(struct sctp_tcb
*stcb
, struct sctp_tmit_chunk
*chk
,
4008 struct sctp_stream_reset_add_strm
*str_add
)
4011 * Peer is requesting to add more streams. If its within our
4012 * max-streams we will allow it.
4014 uint32_t num_stream
, i
;
4016 struct sctp_association
*asoc
= &stcb
->asoc
;
4017 struct sctp_queued_to_read
*ctl
, *nctl
;
4019 /* Get the number. */
4020 seq
= ntohl(str_add
->request_seq
);
4021 num_stream
= ntohs(str_add
->number_of_streams
);
4022 /* Now what would be the new total? */
4023 if (asoc
->str_reset_seq_in
== seq
) {
4024 num_stream
+= stcb
->asoc
.streamincnt
;
4025 stcb
->asoc
.last_reset_action
[1] = stcb
->asoc
.last_reset_action
[0];
4026 if (!(asoc
->local_strreset_support
& SCTP_ENABLE_CHANGE_ASSOC_REQ
)) {
4027 asoc
->last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_DENIED
;
4028 } else if ((num_stream
> stcb
->asoc
.max_inbound_streams
) ||
4029 (num_stream
> 0xffff)) {
4030 /* We must reject it they ask for to many */
4032 stcb
->asoc
.last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_DENIED
;
4034 /* Ok, we can do that :-) */
4035 struct sctp_stream_in
*oldstrm
;
4037 /* save off the old */
4038 oldstrm
= stcb
->asoc
.strmin
;
4039 SCTP_MALLOC(stcb
->asoc
.strmin
, struct sctp_stream_in
*,
4040 (num_stream
* sizeof(struct sctp_stream_in
)),
4042 if (stcb
->asoc
.strmin
== NULL
) {
4043 stcb
->asoc
.strmin
= oldstrm
;
4046 /* copy off the old data */
4047 for (i
= 0; i
< stcb
->asoc
.streamincnt
; i
++) {
4048 TAILQ_INIT(&stcb
->asoc
.strmin
[i
].inqueue
);
4049 TAILQ_INIT(&stcb
->asoc
.strmin
[i
].uno_inqueue
);
4050 stcb
->asoc
.strmin
[i
].stream_no
= i
;
4051 stcb
->asoc
.strmin
[i
].last_sequence_delivered
= oldstrm
[i
].last_sequence_delivered
;
4052 stcb
->asoc
.strmin
[i
].delivery_started
= oldstrm
[i
].delivery_started
;
4053 stcb
->asoc
.strmin
[i
].pd_api_started
= oldstrm
[i
].pd_api_started
;
4054 /* now anything on those queues? */
4055 TAILQ_FOREACH_SAFE(ctl
, &oldstrm
[i
].inqueue
, next_instrm
, nctl
) {
4056 TAILQ_REMOVE(&oldstrm
[i
].inqueue
, ctl
, next_instrm
);
4057 TAILQ_INSERT_TAIL(&stcb
->asoc
.strmin
[i
].inqueue
, ctl
, next_instrm
);
4059 TAILQ_FOREACH_SAFE(ctl
, &oldstrm
[i
].uno_inqueue
, next_instrm
, nctl
) {
4060 TAILQ_REMOVE(&oldstrm
[i
].uno_inqueue
, ctl
, next_instrm
);
4061 TAILQ_INSERT_TAIL(&stcb
->asoc
.strmin
[i
].uno_inqueue
, ctl
, next_instrm
);
4064 /* Init the new streams */
4065 for (i
= stcb
->asoc
.streamincnt
; i
< num_stream
; i
++) {
4066 TAILQ_INIT(&stcb
->asoc
.strmin
[i
].inqueue
);
4067 TAILQ_INIT(&stcb
->asoc
.strmin
[i
].uno_inqueue
);
4068 stcb
->asoc
.strmin
[i
].stream_no
= i
;
4069 stcb
->asoc
.strmin
[i
].last_sequence_delivered
= 0xffffffff;
4070 stcb
->asoc
.strmin
[i
].pd_api_started
= 0;
4071 stcb
->asoc
.strmin
[i
].delivery_started
= 0;
4073 SCTP_FREE(oldstrm
, SCTP_M_STRMI
);
4074 /* update the size */
4075 stcb
->asoc
.streamincnt
= num_stream
;
4076 stcb
->asoc
.last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_PERFORMED
;
4077 sctp_notify_stream_reset_add(stcb
, stcb
->asoc
.streamincnt
, stcb
->asoc
.streamoutcnt
, 0);
4079 sctp_add_stream_reset_result(chk
, seq
, asoc
->last_reset_action
[0]);
4080 asoc
->str_reset_seq_in
++;
4081 } else if ((asoc
->str_reset_seq_in
- 1) == seq
) {
4083 * one seq back, just echo back last action since my
4084 * response was lost.
4086 sctp_add_stream_reset_result(chk
, seq
, asoc
->last_reset_action
[0]);
4087 } else if ((asoc
->str_reset_seq_in
- 2) == seq
) {
4089 * two seq back, just echo back last action since my
4090 * response was lost.
4092 sctp_add_stream_reset_result(chk
, seq
, asoc
->last_reset_action
[1]);
4094 sctp_add_stream_reset_result(chk
, seq
, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO
);
4100 sctp_handle_str_reset_add_out_strm(struct sctp_tcb
*stcb
, struct sctp_tmit_chunk
*chk
,
4101 struct sctp_stream_reset_add_strm
*str_add
)
4104 * Peer is requesting to add more streams. If its within our
4105 * max-streams we will allow it.
4107 uint16_t num_stream
;
4109 struct sctp_association
*asoc
= &stcb
->asoc
;
4111 /* Get the number. */
4112 seq
= ntohl(str_add
->request_seq
);
4113 num_stream
= ntohs(str_add
->number_of_streams
);
4114 /* Now what would be the new total? */
4115 if (asoc
->str_reset_seq_in
== seq
) {
4116 stcb
->asoc
.last_reset_action
[1] = stcb
->asoc
.last_reset_action
[0];
4117 if (!(asoc
->local_strreset_support
& SCTP_ENABLE_CHANGE_ASSOC_REQ
)) {
4118 asoc
->last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_DENIED
;
4119 } else if (stcb
->asoc
.stream_reset_outstanding
) {
4120 /* We must reject it we have something pending */
4121 stcb
->asoc
.last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_ERR_IN_PROGRESS
;
4123 /* Ok, we can do that :-) */
4126 mychk
= stcb
->asoc
.streamoutcnt
;
4127 mychk
+= num_stream
;
4128 if (mychk
< 0x10000) {
4129 stcb
->asoc
.last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_PERFORMED
;
4130 if (sctp_send_str_reset_req(stcb
, 0, NULL
, 0, 0, 1, num_stream
, 0, 1)) {
4131 stcb
->asoc
.last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_DENIED
;
4134 stcb
->asoc
.last_reset_action
[0] = SCTP_STREAM_RESET_RESULT_DENIED
;
4137 sctp_add_stream_reset_result(chk
, seq
, stcb
->asoc
.last_reset_action
[0]);
4138 asoc
->str_reset_seq_in
++;
4139 } else if ((asoc
->str_reset_seq_in
- 1) == seq
) {
4141 * one seq back, just echo back last action since my
4142 * response was lost.
4144 sctp_add_stream_reset_result(chk
, seq
, asoc
->last_reset_action
[0]);
4145 } else if ((asoc
->str_reset_seq_in
- 2) == seq
) {
4147 * two seq back, just echo back last action since my
4148 * response was lost.
4150 sctp_add_stream_reset_result(chk
, seq
, asoc
->last_reset_action
[1]);
4152 sctp_add_stream_reset_result(chk
, seq
, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO
);
4157 __attribute__((noinline
))
4160 sctp_handle_stream_reset(struct sctp_tcb
*stcb
, struct mbuf
*m
, int offset
,
4161 struct sctp_chunkhdr
*ch_req
)
4163 uint16_t remaining_length
, param_len
, ptype
;
4164 struct sctp_paramhdr pstore
;
4165 uint8_t cstore
[SCTP_CHUNK_BUFFER_SIZE
];
4169 struct sctp_tmit_chunk
*chk
;
4170 struct sctp_chunkhdr
*ch
;
4171 struct sctp_paramhdr
*ph
;
4175 /* now it may be a reset or a reset-response */
4176 remaining_length
= ntohs(ch_req
->chunk_length
) - sizeof(struct sctp_chunkhdr
);
4178 /* setup for adding the response */
4179 sctp_alloc_a_chunk(stcb
, chk
);
4183 chk
->copy_by_ref
= 0;
4184 chk
->rec
.chunk_id
.id
= SCTP_STREAM_RESET
;
4185 chk
->rec
.chunk_id
.can_take_data
= 0;
4187 chk
->asoc
= &stcb
->asoc
;
4188 chk
->no_fr_allowed
= 0;
4189 chk
->book_size
= chk
->send_size
= sizeof(struct sctp_chunkhdr
);
4190 chk
->book_size_scale
= 0;
4191 chk
->data
= sctp_get_mbuf_for_msg(MCLBYTES
, 0, M_NOWAIT
, 1, MT_DATA
);
4192 if (chk
->data
== NULL
) {
4195 sctp_m_freem(chk
->data
);
4198 sctp_free_a_chunk(stcb
, chk
, SCTP_SO_NOT_LOCKED
);
4201 SCTP_BUF_RESV_UF(chk
->data
, SCTP_MIN_OVERHEAD
);
4203 /* setup chunk parameters */
4204 chk
->sent
= SCTP_DATAGRAM_UNSENT
;
4208 ch
= mtod(chk
->data
, struct sctp_chunkhdr
*);
4209 ch
->chunk_type
= SCTP_STREAM_RESET
;
4210 ch
->chunk_flags
= 0;
4211 ch
->chunk_length
= htons(chk
->send_size
);
4212 SCTP_BUF_LEN(chk
->data
) = SCTP_SIZE32(chk
->send_size
);
4213 offset
+= sizeof(struct sctp_chunkhdr
);
4214 while (remaining_length
>= sizeof(struct sctp_paramhdr
)) {
4215 ph
= (struct sctp_paramhdr
*)sctp_m_getptr(m
, offset
, sizeof(pstore
), (uint8_t *) & pstore
);
4220 param_len
= ntohs(ph
->param_length
);
4221 if ((param_len
> remaining_length
) ||
4222 (param_len
< (sizeof(struct sctp_paramhdr
) + sizeof(uint32_t)))) {
4223 /* bad parameter length */
4226 ph
= (struct sctp_paramhdr
*)sctp_m_getptr(m
, offset
, min(param_len
, sizeof(cstore
)),
4227 (uint8_t *) & cstore
);
4232 ptype
= ntohs(ph
->param_type
);
4234 if (param_len
> sizeof(cstore
)) {
4239 if (num_param
> SCTP_MAX_RESET_PARAMS
) {
4240 /* hit the max of parameters already sorry.. */
4243 if (ptype
== SCTP_STR_RESET_OUT_REQUEST
) {
4244 struct sctp_stream_reset_out_request
*req_out
;
4246 if (param_len
< sizeof(struct sctp_stream_reset_out_request
)) {
4249 req_out
= (struct sctp_stream_reset_out_request
*)ph
;
4251 if (stcb
->asoc
.stream_reset_outstanding
) {
4252 seq
= ntohl(req_out
->response_seq
);
4253 if (seq
== stcb
->asoc
.str_reset_seq_out
) {
4255 (void)sctp_handle_stream_reset_response(stcb
, seq
, SCTP_STREAM_RESET_RESULT_PERFORMED
, NULL
);
4258 sctp_handle_str_reset_request_out(stcb
, chk
, req_out
, trunc
);
4259 } else if (ptype
== SCTP_STR_RESET_ADD_OUT_STREAMS
) {
4260 struct sctp_stream_reset_add_strm
*str_add
;
4262 if (param_len
< sizeof(struct sctp_stream_reset_add_strm
)) {
4265 str_add
= (struct sctp_stream_reset_add_strm
*)ph
;
4267 sctp_handle_str_reset_add_strm(stcb
, chk
, str_add
);
4268 } else if (ptype
== SCTP_STR_RESET_ADD_IN_STREAMS
) {
4269 struct sctp_stream_reset_add_strm
*str_add
;
4271 if (param_len
< sizeof(struct sctp_stream_reset_add_strm
)) {
4274 str_add
= (struct sctp_stream_reset_add_strm
*)ph
;
4276 sctp_handle_str_reset_add_out_strm(stcb
, chk
, str_add
);
4277 } else if (ptype
== SCTP_STR_RESET_IN_REQUEST
) {
4278 struct sctp_stream_reset_in_request
*req_in
;
4281 req_in
= (struct sctp_stream_reset_in_request
*)ph
;
4282 sctp_handle_str_reset_request_in(stcb
, chk
, req_in
, trunc
);
4283 } else if (ptype
== SCTP_STR_RESET_TSN_REQUEST
) {
4284 struct sctp_stream_reset_tsn_request
*req_tsn
;
4287 req_tsn
= (struct sctp_stream_reset_tsn_request
*)ph
;
4288 if (sctp_handle_str_reset_request_tsn(stcb
, chk
, req_tsn
)) {
4290 goto strres_nochunk
;
4294 } else if (ptype
== SCTP_STR_RESET_RESPONSE
) {
4295 struct sctp_stream_reset_response
*resp
;
4298 if (param_len
< sizeof(struct sctp_stream_reset_response
)) {
4301 resp
= (struct sctp_stream_reset_response
*)ph
;
4302 seq
= ntohl(resp
->response_seq
);
4303 result
= ntohl(resp
->result
);
4304 if (sctp_handle_stream_reset_response(stcb
, seq
, result
, resp
)) {
4306 goto strres_nochunk
;
4311 offset
+= SCTP_SIZE32(param_len
);
4312 if (remaining_length
>= SCTP_SIZE32(param_len
)) {
4313 remaining_length
-= SCTP_SIZE32(param_len
);
4315 remaining_length
= 0;
4319 /* we have no response free the stuff */
4320 goto strres_nochunk
;
4322 /* ok we have a chunk to link in */
4323 TAILQ_INSERT_TAIL(&stcb
->asoc
.control_send_queue
,
4326 stcb
->asoc
.ctrl_queue_cnt
++;
4331 * Handle a router or endpoints report of a packet loss, there are two ways
4332 * to handle this, either we get the whole packet and must disect it
4333 * ourselves (possibly with truncation and or corruption) or it is a summary
4334 * from a middle box that did the disectting for us.
4337 sctp_handle_packet_dropped(struct sctp_pktdrop_chunk
*cp
,
4338 struct sctp_tcb
*stcb
, struct sctp_nets
*net
, uint32_t limit
)
4340 uint32_t bottle_bw
, on_queue
;
4344 struct sctp_chunk_desc desc
;
4345 struct sctp_chunkhdr
*ch
;
4347 chlen
= ntohs(cp
->ch
.chunk_length
);
4348 chlen
-= sizeof(struct sctp_pktdrop_chunk
);
4349 /* XXX possible chlen underflow */
4352 if (cp
->ch
.chunk_flags
& SCTP_FROM_MIDDLE_BOX
)
4353 SCTP_STAT_INCR(sctps_pdrpbwrpt
);
4355 ch
= (struct sctp_chunkhdr
*)(cp
->data
+ sizeof(struct sctphdr
));
4356 chlen
-= sizeof(struct sctphdr
);
4357 /* XXX possible chlen underflow */
4358 memset(&desc
, 0, sizeof(desc
));
4360 trunc_len
= (uint16_t) ntohs(cp
->trunc_len
);
4361 if (trunc_len
> limit
) {
4364 /* now the chunks themselves */
4365 while ((ch
!= NULL
) && (chlen
>= sizeof(struct sctp_chunkhdr
))) {
4366 desc
.chunk_type
= ch
->chunk_type
;
4367 /* get amount we need to move */
4368 at
= ntohs(ch
->chunk_length
);
4369 if (at
< sizeof(struct sctp_chunkhdr
)) {
4370 /* corrupt chunk, maybe at the end? */
4371 SCTP_STAT_INCR(sctps_pdrpcrupt
);
4374 if (trunc_len
== 0) {
4375 /* we are supposed to have all of it */
4377 /* corrupt skip it */
4378 SCTP_STAT_INCR(sctps_pdrpcrupt
);
4382 /* is there enough of it left ? */
4383 if (desc
.chunk_type
== SCTP_DATA
) {
4384 if (chlen
< (sizeof(struct sctp_data_chunk
) +
4385 sizeof(desc
.data_bytes
))) {
4389 if (chlen
< sizeof(struct sctp_chunkhdr
)) {
4394 if (desc
.chunk_type
== SCTP_DATA
) {
4395 /* can we get out the tsn? */
4396 if ((cp
->ch
.chunk_flags
& SCTP_FROM_MIDDLE_BOX
))
4397 SCTP_STAT_INCR(sctps_pdrpmbda
);
4399 if (chlen
>= (sizeof(struct sctp_data_chunk
) + sizeof(uint32_t))) {
4401 struct sctp_data_chunk
*dcp
;
4405 dcp
= (struct sctp_data_chunk
*)ch
;
4406 ddp
= (uint8_t *) (dcp
+ 1);
4407 for (iii
= 0; iii
< sizeof(desc
.data_bytes
); iii
++) {
4408 desc
.data_bytes
[iii
] = ddp
[iii
];
4410 desc
.tsn_ifany
= dcp
->dp
.tsn
;
4412 /* nope we are done. */
4413 SCTP_STAT_INCR(sctps_pdrpnedat
);
4417 if ((cp
->ch
.chunk_flags
& SCTP_FROM_MIDDLE_BOX
))
4418 SCTP_STAT_INCR(sctps_pdrpmbct
);
4421 if (process_chunk_drop(stcb
, &desc
, net
, cp
->ch
.chunk_flags
)) {
4422 SCTP_STAT_INCR(sctps_pdrppdbrk
);
4425 if (SCTP_SIZE32(at
) > chlen
) {
4428 chlen
-= SCTP_SIZE32(at
);
4429 if (chlen
< sizeof(struct sctp_chunkhdr
)) {
4430 /* done, none left */
4433 ch
= (struct sctp_chunkhdr
*)((caddr_t
)ch
+ SCTP_SIZE32(at
));
4435 /* Now update any rwnd --- possibly */
4436 if ((cp
->ch
.chunk_flags
& SCTP_FROM_MIDDLE_BOX
) == 0) {
4437 /* From a peer, we get a rwnd report */
4440 SCTP_STAT_INCR(sctps_pdrpfehos
);
4442 bottle_bw
= ntohl(cp
->bottle_bw
);
4443 on_queue
= ntohl(cp
->current_onq
);
4444 if (bottle_bw
&& on_queue
) {
4445 /* a rwnd report is in here */
4446 if (bottle_bw
> on_queue
)
4447 a_rwnd
= bottle_bw
- on_queue
;
4452 stcb
->asoc
.peers_rwnd
= 0;
4454 if (a_rwnd
> stcb
->asoc
.total_flight
) {
4455 stcb
->asoc
.peers_rwnd
=
4456 a_rwnd
- stcb
->asoc
.total_flight
;
4458 stcb
->asoc
.peers_rwnd
= 0;
4460 if (stcb
->asoc
.peers_rwnd
<
4461 stcb
->sctp_ep
->sctp_ep
.sctp_sws_sender
) {
4462 /* SWS sender side engages */
4463 stcb
->asoc
.peers_rwnd
= 0;
4468 SCTP_STAT_INCR(sctps_pdrpfmbox
);
4471 /* now middle boxes in sat networks get a cwnd bump */
4472 if ((cp
->ch
.chunk_flags
& SCTP_FROM_MIDDLE_BOX
) &&
4473 (stcb
->asoc
.sat_t3_loss_recovery
== 0) &&
4474 (stcb
->asoc
.sat_network
)) {
4476 * This is debatable but for sat networks it makes sense
4477 * Note if a T3 timer has went off, we will prohibit any
4478 * changes to cwnd until we exit the t3 loss recovery.
4480 stcb
->asoc
.cc_functions
.sctp_cwnd_update_after_packet_dropped(stcb
,
4481 net
, cp
, &bottle_bw
, &on_queue
);
4486 * handles all control chunks in a packet inputs: - m: mbuf chain, assumed to
4487 * still contain IP/SCTP header - stcb: is the tcb found for this packet -
4488 * offset: offset into the mbuf chain to first chunkhdr - length: is the
4489 * length of the complete packet outputs: - length: modified to remaining
4490 * length after control processing - netp: modified to new sctp_nets after
4491 * cookie-echo processing - return NULL to discard the packet (ie. no asoc,
4492 * bad packet,...) otherwise return the tcb for this packet
4495 __attribute__((noinline
))
4497 static struct sctp_tcb
*
4498 sctp_process_control(struct mbuf
*m
, int iphlen
, int *offset
, int length
,
4499 struct sockaddr
*src
, struct sockaddr
*dst
,
4500 struct sctphdr
*sh
, struct sctp_chunkhdr
*ch
, struct sctp_inpcb
*inp
,
4501 struct sctp_tcb
*stcb
, struct sctp_nets
**netp
, int *fwd_tsn_seen
,
4502 uint8_t mflowtype
, uint32_t mflowid
, uint16_t fibnum
,
4503 uint32_t vrf_id
, uint16_t port
)
4505 struct sctp_association
*asoc
;
4506 struct mbuf
*op_err
;
4507 char msg
[SCTP_DIAG_INFO_LEN
];
4509 int num_chunks
= 0; /* number of control chunks processed */
4510 uint32_t chk_length
;
4512 int abort_no_unlock
= 0;
4516 * How big should this be, and should it be alloc'd? Lets try the
4517 * d-mtu-ceiling for now (2k) and that should hopefully work ...
4518 * until we get into jumbo grams and such..
4520 uint8_t chunk_buf
[SCTP_CHUNK_BUFFER_SIZE
];
4521 struct sctp_tcb
*locked_tcb
= stcb
;
4523 uint32_t auth_offset
= 0, auth_len
= 0;
4524 int auth_skipped
= 0;
4527 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4532 SCTPDBG(SCTP_DEBUG_INPUT1
, "sctp_process_control: iphlen=%u, offset=%u, length=%u stcb:%p\n",
4533 iphlen
, *offset
, length
, (void *)stcb
);
4535 /* validate chunk header length... */
4536 if (ntohs(ch
->chunk_length
) < sizeof(*ch
)) {
4537 SCTPDBG(SCTP_DEBUG_INPUT1
, "Invalid header length %d\n",
4538 ntohs(ch
->chunk_length
));
4540 SCTP_TCB_UNLOCK(locked_tcb
);
4545 * validate the verification tag
4547 vtag_in
= ntohl(sh
->v_tag
);
4550 SCTP_TCB_LOCK_ASSERT(locked_tcb
);
4552 if (ch
->chunk_type
== SCTP_INITIATION
) {
4553 SCTPDBG(SCTP_DEBUG_INPUT1
, "Its an INIT of len:%d vtag:%x\n",
4554 ntohs(ch
->chunk_length
), vtag_in
);
4556 /* protocol error- silently discard... */
4557 SCTP_STAT_INCR(sctps_badvtag
);
4559 SCTP_TCB_UNLOCK(locked_tcb
);
4563 } else if (ch
->chunk_type
!= SCTP_COOKIE_ECHO
) {
4565 * If there is no stcb, skip the AUTH chunk and process
4566 * later after a stcb is found (to validate the lookup was
4569 if ((ch
->chunk_type
== SCTP_AUTHENTICATION
) &&
4571 (inp
->auth_supported
== 1)) {
4572 /* save this chunk for later processing */
4574 auth_offset
= *offset
;
4575 auth_len
= ntohs(ch
->chunk_length
);
4577 /* (temporarily) move past this chunk */
4578 *offset
+= SCTP_SIZE32(auth_len
);
4579 if (*offset
>= length
) {
4580 /* no more data left in the mbuf chain */
4583 SCTP_TCB_UNLOCK(locked_tcb
);
4587 ch
= (struct sctp_chunkhdr
*)sctp_m_getptr(m
, *offset
,
4588 sizeof(struct sctp_chunkhdr
), chunk_buf
);
4594 SCTP_TCB_UNLOCK(locked_tcb
);
4598 if (ch
->chunk_type
== SCTP_COOKIE_ECHO
) {
4599 goto process_control_chunks
;
4602 * first check if it's an ASCONF with an unknown src addr we
4603 * need to look inside to find the association
4605 if (ch
->chunk_type
== SCTP_ASCONF
&& stcb
== NULL
) {
4606 struct sctp_chunkhdr
*asconf_ch
= ch
;
4607 uint32_t asconf_offset
= 0, asconf_len
= 0;
4609 /* inp's refcount may be reduced */
4610 SCTP_INP_INCR_REF(inp
);
4612 asconf_offset
= *offset
;
4614 asconf_len
= ntohs(asconf_ch
->chunk_length
);
4615 if (asconf_len
< sizeof(struct sctp_asconf_paramhdr
))
4617 stcb
= sctp_findassociation_ep_asconf(m
,
4620 sh
, &inp
, netp
, vrf_id
);
4623 asconf_offset
+= SCTP_SIZE32(asconf_len
);
4624 asconf_ch
= (struct sctp_chunkhdr
*)sctp_m_getptr(m
, asconf_offset
,
4625 sizeof(struct sctp_chunkhdr
), chunk_buf
);
4626 } while (asconf_ch
!= NULL
&& asconf_ch
->chunk_type
== SCTP_ASCONF
);
4629 * reduce inp's refcount if not reduced in
4630 * sctp_findassociation_ep_asconf().
4632 SCTP_INP_DECR_REF(inp
);
4637 /* now go back and verify any auth chunk to be sure */
4638 if (auth_skipped
&& (stcb
!= NULL
)) {
4639 struct sctp_auth_chunk
*auth
;
4641 auth
= (struct sctp_auth_chunk
*)
4642 sctp_m_getptr(m
, auth_offset
,
4643 auth_len
, chunk_buf
);
4646 if ((auth
== NULL
) || sctp_handle_auth(stcb
, auth
, m
,
4648 /* auth HMAC failed so dump it */
4651 SCTP_TCB_UNLOCK(locked_tcb
);
4655 /* remaining chunks are HMAC checked */
4656 stcb
->asoc
.authenticated
= 1;
4661 snprintf(msg
, sizeof(msg
), "OOTB, %s:%d at %s", __FILE__
, __LINE__
, __func__
);
4662 op_err
= sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code
),
4664 /* no association, so it's out of the blue... */
4665 sctp_handle_ootb(m
, iphlen
, *offset
, src
, dst
, sh
, inp
, op_err
,
4666 mflowtype
, mflowid
, inp
->fibnum
,
4670 SCTP_TCB_UNLOCK(locked_tcb
);
4675 /* ABORT and SHUTDOWN can use either v_tag... */
4676 if ((ch
->chunk_type
== SCTP_ABORT_ASSOCIATION
) ||
4677 (ch
->chunk_type
== SCTP_SHUTDOWN_COMPLETE
) ||
4678 (ch
->chunk_type
== SCTP_PACKET_DROPPED
)) {
4679 /* Take the T-bit always into account. */
4680 if ((((ch
->chunk_flags
& SCTP_HAD_NO_TCB
) == 0) &&
4681 (vtag_in
== asoc
->my_vtag
)) ||
4682 (((ch
->chunk_flags
& SCTP_HAD_NO_TCB
) == SCTP_HAD_NO_TCB
) &&
4683 (vtag_in
== asoc
->peer_vtag
))) {
4686 /* drop this packet... */
4687 SCTP_STAT_INCR(sctps_badvtag
);
4689 SCTP_TCB_UNLOCK(locked_tcb
);
4693 } else if (ch
->chunk_type
== SCTP_SHUTDOWN_ACK
) {
4694 if (vtag_in
!= asoc
->my_vtag
) {
4696 * this could be a stale SHUTDOWN-ACK or the
4697 * peer never got the SHUTDOWN-COMPLETE and
4698 * is still hung; we have started a new asoc
4699 * but it won't complete until the shutdown
4703 SCTP_TCB_UNLOCK(locked_tcb
);
4705 snprintf(msg
, sizeof(msg
), "OOTB, %s:%d at %s", __FILE__
, __LINE__
, __func__
);
4706 op_err
= sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code
),
4708 sctp_handle_ootb(m
, iphlen
, *offset
, src
, dst
,
4710 mflowtype
, mflowid
, fibnum
,
4715 /* for all other chunks, vtag must match */
4716 if (vtag_in
!= asoc
->my_vtag
) {
4717 /* invalid vtag... */
4718 SCTPDBG(SCTP_DEBUG_INPUT3
,
4719 "invalid vtag: %xh, expect %xh\n",
4720 vtag_in
, asoc
->my_vtag
);
4721 SCTP_STAT_INCR(sctps_badvtag
);
4723 SCTP_TCB_UNLOCK(locked_tcb
);
4729 } /* end if !SCTP_COOKIE_ECHO */
4731 * process all control chunks...
4733 if (((ch
->chunk_type
== SCTP_SELECTIVE_ACK
) ||
4734 (ch
->chunk_type
== SCTP_NR_SELECTIVE_ACK
) ||
4735 (ch
->chunk_type
== SCTP_HEARTBEAT_REQUEST
)) &&
4736 (SCTP_GET_STATE(&stcb
->asoc
) == SCTP_STATE_COOKIE_ECHOED
)) {
4737 /* implied cookie-ack.. we must have lost the ack */
4738 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_THRESHOLD_LOGGING
) {
4739 sctp_misc_ints(SCTP_THRESHOLD_CLEAR
,
4740 stcb
->asoc
.overall_error_count
,
4742 SCTP_FROM_SCTP_INPUT
,
4745 stcb
->asoc
.overall_error_count
= 0;
4746 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk
*)ch
, stcb
,
4749 process_control_chunks
:
4750 while (IS_SCTP_CONTROL(ch
)) {
4751 /* validate chunk length */
4752 chk_length
= ntohs(ch
->chunk_length
);
4753 SCTPDBG(SCTP_DEBUG_INPUT2
, "sctp_process_control: processing a chunk type=%u, len=%u\n",
4754 ch
->chunk_type
, chk_length
);
4755 SCTP_LTRACE_CHK(inp
, stcb
, ch
->chunk_type
, chk_length
);
4756 if (chk_length
< sizeof(*ch
) ||
4757 (*offset
+ (int)chk_length
) > length
) {
4760 SCTP_TCB_UNLOCK(locked_tcb
);
4764 SCTP_STAT_INCR_COUNTER64(sctps_incontrolchunks
);
4766 * INIT-ACK only gets the init ack "header" portion only
4767 * because we don't have to process the peer's COOKIE. All
4768 * others get a complete chunk.
4770 if ((ch
->chunk_type
== SCTP_INITIATION_ACK
) ||
4771 (ch
->chunk_type
== SCTP_INITIATION
)) {
4772 /* get an init-ack chunk */
4773 ch
= (struct sctp_chunkhdr
*)sctp_m_getptr(m
, *offset
,
4774 sizeof(struct sctp_init_ack_chunk
), chunk_buf
);
4778 SCTP_TCB_UNLOCK(locked_tcb
);
4783 /* For cookies and all other chunks. */
4784 if (chk_length
> sizeof(chunk_buf
)) {
4786 * use just the size of the chunk buffer so
4787 * the front part of our chunks fit in
4788 * contiguous space up to the chunk buffer
4789 * size (508 bytes). For chunks that need to
4790 * get more than that they must use the
4791 * sctp_m_getptr() function or other means
4792 * (e.g. know how to parse mbuf chains).
4793 * Cookies do this already.
4795 ch
= (struct sctp_chunkhdr
*)sctp_m_getptr(m
, *offset
,
4796 (sizeof(chunk_buf
) - 4),
4801 SCTP_TCB_UNLOCK(locked_tcb
);
4806 /* We can fit it all */
4807 ch
= (struct sctp_chunkhdr
*)sctp_m_getptr(m
, *offset
,
4808 chk_length
, chunk_buf
);
4810 SCTP_PRINTF("sctp_process_control: Can't get the all data....\n");
4813 SCTP_TCB_UNLOCK(locked_tcb
);
4820 /* Save off the last place we got a control from */
4822 if (((netp
!= NULL
) && (*netp
!= NULL
)) || (ch
->chunk_type
== SCTP_ASCONF
)) {
4824 * allow last_control to be NULL if
4825 * ASCONF... ASCONF processing will find the
4828 if ((netp
!= NULL
) && (*netp
!= NULL
))
4829 stcb
->asoc
.last_control_chunk_from
= *netp
;
4832 #ifdef SCTP_AUDITING_ENABLED
4833 sctp_audit_log(0xB0, ch
->chunk_type
);
4836 /* check to see if this chunk required auth, but isn't */
4837 if ((stcb
!= NULL
) &&
4838 (stcb
->asoc
.auth_supported
== 1) &&
4839 sctp_auth_is_required_chunk(ch
->chunk_type
, stcb
->asoc
.local_auth_chunks
) &&
4840 !stcb
->asoc
.authenticated
) {
4841 /* "silently" ignore */
4842 SCTP_STAT_INCR(sctps_recvauthmissing
);
4845 switch (ch
->chunk_type
) {
4846 case SCTP_INITIATION
:
4847 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_INIT\n");
4848 /* The INIT chunk must be the only chunk. */
4849 if ((num_chunks
> 1) ||
4850 (length
- *offset
> (int)SCTP_SIZE32(chk_length
))) {
4851 /* RFC 4960 requires that no ABORT is sent */
4854 SCTP_TCB_UNLOCK(locked_tcb
);
4858 /* Honor our resource limit. */
4859 if (chk_length
> SCTP_LARGEST_INIT_ACCEPTED
) {
4860 op_err
= sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC
, "");
4861 sctp_abort_association(inp
, stcb
, m
, iphlen
,
4862 src
, dst
, sh
, op_err
,
4868 sctp_handle_init(m
, iphlen
, *offset
, src
, dst
, sh
,
4869 (struct sctp_init_chunk
*)ch
, inp
,
4870 stcb
, *netp
, &abort_no_unlock
,
4874 if ((!abort_no_unlock
) && (locked_tcb
)) {
4875 SCTP_TCB_UNLOCK(locked_tcb
);
4879 case SCTP_PAD_CHUNK
:
4881 case SCTP_INITIATION_ACK
:
4882 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_INIT-ACK\n");
4883 if (inp
->sctp_flags
& SCTP_PCB_FLAGS_SOCKET_GONE
) {
4884 /* We are not interested anymore */
4885 if ((stcb
) && (stcb
->asoc
.total_output_queue_size
)) {
4888 if ((locked_tcb
!= NULL
) && (locked_tcb
!= stcb
)) {
4890 SCTP_TCB_UNLOCK(locked_tcb
);
4894 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4895 so
= SCTP_INP_SO(inp
);
4896 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
4897 SCTP_TCB_UNLOCK(stcb
);
4898 SCTP_SOCKET_LOCK(so
, 1);
4899 SCTP_TCB_LOCK(stcb
);
4900 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
4902 (void)sctp_free_assoc(inp
, stcb
, SCTP_NORMAL_PROC
,
4903 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_29
);
4904 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4905 SCTP_SOCKET_UNLOCK(so
, 1);
4911 /* The INIT-ACK chunk must be the only chunk. */
4912 if ((num_chunks
> 1) ||
4913 (length
- *offset
> (int)SCTP_SIZE32(chk_length
))) {
4916 SCTP_TCB_UNLOCK(locked_tcb
);
4920 if ((netp
) && (*netp
)) {
4921 ret
= sctp_handle_init_ack(m
, iphlen
, *offset
,
4923 (struct sctp_init_ack_chunk
*)ch
,
4932 if (abort_no_unlock
) {
4936 * Special case, I must call the output routine to
4937 * get the cookie echoed
4939 if ((stcb
!= NULL
) && (ret
== 0)) {
4940 sctp_chunk_output(stcb
->sctp_ep
, stcb
, SCTP_OUTPUT_FROM_CONTROL_PROC
, SCTP_SO_NOT_LOCKED
);
4943 SCTP_TCB_UNLOCK(locked_tcb
);
4947 case SCTP_SELECTIVE_ACK
:
4949 struct sctp_sack_chunk
*sack
;
4951 uint32_t a_rwnd
, cum_ack
;
4952 uint16_t num_seg
, num_dup
;
4954 int offset_seg
, offset_dup
;
4956 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_SACK\n");
4957 SCTP_STAT_INCR(sctps_recvsacks
);
4959 SCTPDBG(SCTP_DEBUG_INDATA1
, "No stcb when processing SACK chunk\n");
4962 if (chk_length
< sizeof(struct sctp_sack_chunk
)) {
4963 SCTPDBG(SCTP_DEBUG_INDATA1
, "Bad size on SACK chunk, too small\n");
4966 if (SCTP_GET_STATE(&stcb
->asoc
) == SCTP_STATE_SHUTDOWN_ACK_SENT
) {
4968 * If we have sent a shutdown-ack, we will pay no
4969 * attention to a sack sent in to us since
4970 * we don't care anymore.
4974 sack
= (struct sctp_sack_chunk
*)ch
;
4975 flags
= ch
->chunk_flags
;
4976 cum_ack
= ntohl(sack
->sack
.cum_tsn_ack
);
4977 num_seg
= ntohs(sack
->sack
.num_gap_ack_blks
);
4978 num_dup
= ntohs(sack
->sack
.num_dup_tsns
);
4979 a_rwnd
= (uint32_t) ntohl(sack
->sack
.a_rwnd
);
4980 if (sizeof(struct sctp_sack_chunk
) +
4981 num_seg
* sizeof(struct sctp_gap_ack_block
) +
4982 num_dup
* sizeof(uint32_t) != chk_length
) {
4983 SCTPDBG(SCTP_DEBUG_INDATA1
, "Bad size of SACK chunk\n");
4986 offset_seg
= *offset
+ sizeof(struct sctp_sack_chunk
);
4987 offset_dup
= offset_seg
+ num_seg
* sizeof(struct sctp_gap_ack_block
);
4988 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_SACK process cum_ack:%x num_seg:%d a_rwnd:%d\n",
4989 cum_ack
, num_seg
, a_rwnd
);
4990 stcb
->asoc
.seen_a_sack_this_pkt
= 1;
4991 if ((stcb
->asoc
.pr_sctp_cnt
== 0) &&
4993 SCTP_TSN_GE(cum_ack
, stcb
->asoc
.last_acked_seq
) &&
4994 (stcb
->asoc
.saw_sack_with_frags
== 0) &&
4995 (stcb
->asoc
.saw_sack_with_nr_frags
== 0) &&
4996 (!TAILQ_EMPTY(&stcb
->asoc
.sent_queue
))
4999 * We have a SIMPLE sack having no
5000 * prior segments and data on sent
5001 * queue to be acked.. Use the
5002 * faster path sack processing. We
5003 * also allow window update sacks
5004 * with no missing segments to go
5007 sctp_express_handle_sack(stcb
, cum_ack
, a_rwnd
, &abort_now
, ecne_seen
);
5010 sctp_handle_sack(m
, offset_seg
, offset_dup
, stcb
,
5011 num_seg
, 0, num_dup
, &abort_now
, flags
,
5012 cum_ack
, a_rwnd
, ecne_seen
);
5015 /* ABORT signal from sack processing */
5019 if (TAILQ_EMPTY(&stcb
->asoc
.send_queue
) &&
5020 TAILQ_EMPTY(&stcb
->asoc
.sent_queue
) &&
5021 (stcb
->asoc
.stream_queue_cnt
== 0)) {
5022 sctp_ulp_notify(SCTP_NOTIFY_SENDER_DRY
, stcb
, 0, NULL
, SCTP_SO_NOT_LOCKED
);
5027 * EY - nr_sack: If the received chunk is an
5030 case SCTP_NR_SELECTIVE_ACK
:
5032 struct sctp_nr_sack_chunk
*nr_sack
;
5034 uint32_t a_rwnd
, cum_ack
;
5035 uint16_t num_seg
, num_nr_seg
, num_dup
;
5037 int offset_seg
, offset_dup
;
5039 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_NR_SACK\n");
5040 SCTP_STAT_INCR(sctps_recvsacks
);
5042 SCTPDBG(SCTP_DEBUG_INDATA1
, "No stcb when processing NR-SACK chunk\n");
5045 if (stcb
->asoc
.nrsack_supported
== 0) {
5048 if (chk_length
< sizeof(struct sctp_nr_sack_chunk
)) {
5049 SCTPDBG(SCTP_DEBUG_INDATA1
, "Bad size on NR-SACK chunk, too small\n");
5052 if (SCTP_GET_STATE(&stcb
->asoc
) == SCTP_STATE_SHUTDOWN_ACK_SENT
) {
5054 * If we have sent a shutdown-ack, we will pay no
5055 * attention to a sack sent in to us since
5056 * we don't care anymore.
5060 nr_sack
= (struct sctp_nr_sack_chunk
*)ch
;
5061 flags
= ch
->chunk_flags
;
5062 cum_ack
= ntohl(nr_sack
->nr_sack
.cum_tsn_ack
);
5063 num_seg
= ntohs(nr_sack
->nr_sack
.num_gap_ack_blks
);
5064 num_nr_seg
= ntohs(nr_sack
->nr_sack
.num_nr_gap_ack_blks
);
5065 num_dup
= ntohs(nr_sack
->nr_sack
.num_dup_tsns
);
5066 a_rwnd
= (uint32_t) ntohl(nr_sack
->nr_sack
.a_rwnd
);
5067 if (sizeof(struct sctp_nr_sack_chunk
) +
5068 (num_seg
+ num_nr_seg
) * sizeof(struct sctp_gap_ack_block
) +
5069 num_dup
* sizeof(uint32_t) != chk_length
) {
5070 SCTPDBG(SCTP_DEBUG_INDATA1
, "Bad size of NR_SACK chunk\n");
5073 offset_seg
= *offset
+ sizeof(struct sctp_nr_sack_chunk
);
5074 offset_dup
= offset_seg
+ num_seg
* sizeof(struct sctp_gap_ack_block
);
5075 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_NR_SACK process cum_ack:%x num_seg:%d a_rwnd:%d\n",
5076 cum_ack
, num_seg
, a_rwnd
);
5077 stcb
->asoc
.seen_a_sack_this_pkt
= 1;
5078 if ((stcb
->asoc
.pr_sctp_cnt
== 0) &&
5079 (num_seg
== 0) && (num_nr_seg
== 0) &&
5080 SCTP_TSN_GE(cum_ack
, stcb
->asoc
.last_acked_seq
) &&
5081 (stcb
->asoc
.saw_sack_with_frags
== 0) &&
5082 (stcb
->asoc
.saw_sack_with_nr_frags
== 0) &&
5083 (!TAILQ_EMPTY(&stcb
->asoc
.sent_queue
))) {
5085 * We have a SIMPLE sack having no
5086 * prior segments and data on sent
5087 * queue to be acked. Use the faster
5088 * path sack processing. We also
5089 * allow window update sacks with no
5090 * missing segments to go this way
5093 sctp_express_handle_sack(stcb
, cum_ack
, a_rwnd
,
5094 &abort_now
, ecne_seen
);
5097 sctp_handle_sack(m
, offset_seg
, offset_dup
, stcb
,
5098 num_seg
, num_nr_seg
, num_dup
, &abort_now
, flags
,
5099 cum_ack
, a_rwnd
, ecne_seen
);
5102 /* ABORT signal from sack processing */
5106 if (TAILQ_EMPTY(&stcb
->asoc
.send_queue
) &&
5107 TAILQ_EMPTY(&stcb
->asoc
.sent_queue
) &&
5108 (stcb
->asoc
.stream_queue_cnt
== 0)) {
5109 sctp_ulp_notify(SCTP_NOTIFY_SENDER_DRY
, stcb
, 0, NULL
, SCTP_SO_NOT_LOCKED
);
5114 case SCTP_HEARTBEAT_REQUEST
:
5115 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_HEARTBEAT\n");
5116 if ((stcb
) && netp
&& *netp
) {
5117 SCTP_STAT_INCR(sctps_recvheartbeat
);
5118 sctp_send_heartbeat_ack(stcb
, m
, *offset
,
5121 /* He's alive so give him credit */
5122 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_THRESHOLD_LOGGING
) {
5123 sctp_misc_ints(SCTP_THRESHOLD_CLEAR
,
5124 stcb
->asoc
.overall_error_count
,
5126 SCTP_FROM_SCTP_INPUT
,
5129 stcb
->asoc
.overall_error_count
= 0;
5132 case SCTP_HEARTBEAT_ACK
:
5133 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_HEARTBEAT-ACK\n");
5134 if ((stcb
== NULL
) || (chk_length
!= sizeof(struct sctp_heartbeat_chunk
))) {
5138 SCTP_TCB_UNLOCK(locked_tcb
);
5142 /* He's alive so give him credit */
5143 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_THRESHOLD_LOGGING
) {
5144 sctp_misc_ints(SCTP_THRESHOLD_CLEAR
,
5145 stcb
->asoc
.overall_error_count
,
5147 SCTP_FROM_SCTP_INPUT
,
5150 stcb
->asoc
.overall_error_count
= 0;
5151 SCTP_STAT_INCR(sctps_recvheartbeatack
);
5153 sctp_handle_heartbeat_ack((struct sctp_heartbeat_chunk
*)ch
,
5156 case SCTP_ABORT_ASSOCIATION
:
5157 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_ABORT, stcb %p\n",
5159 if ((stcb
) && netp
&& *netp
)
5160 sctp_handle_abort((struct sctp_abort_chunk
*)ch
,
5166 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_SHUTDOWN, stcb %p\n",
5168 if ((stcb
== NULL
) || (chk_length
!= sizeof(struct sctp_shutdown_chunk
))) {
5171 SCTP_TCB_UNLOCK(locked_tcb
);
5175 if (netp
&& *netp
) {
5178 sctp_handle_shutdown((struct sctp_shutdown_chunk
*)ch
,
5179 stcb
, *netp
, &abort_flag
);
5186 case SCTP_SHUTDOWN_ACK
:
5187 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_SHUTDOWN-ACK, stcb %p\n", (void *)stcb
);
5188 if ((stcb
) && (netp
) && (*netp
))
5189 sctp_handle_shutdown_ack((struct sctp_shutdown_ack_chunk
*)ch
, stcb
, *netp
);
5194 case SCTP_OPERATION_ERROR
:
5195 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_OP-ERR\n");
5196 if ((stcb
) && netp
&& *netp
&& sctp_handle_error(ch
, stcb
, *netp
) < 0) {
5201 case SCTP_COOKIE_ECHO
:
5202 SCTPDBG(SCTP_DEBUG_INPUT3
,
5203 "SCTP_COOKIE-ECHO, stcb %p\n", (void *)stcb
);
5204 if ((stcb
) && (stcb
->asoc
.total_output_queue_size
)) {
5207 if (inp
->sctp_flags
& SCTP_PCB_FLAGS_SOCKET_GONE
) {
5208 /* We are not interested anymore */
5211 SCTP_TCB_UNLOCK(stcb
);
5218 * First are we accepting? We do this again here
5219 * since it is possible that a previous endpoint WAS
5220 * listening responded to a INIT-ACK and then
5221 * closed. We opened and bound.. and are now no
5225 if ((stcb
== NULL
) && (inp
->sctp_socket
->so_qlen
>= inp
->sctp_socket
->so_qlimit
)) {
5226 if ((inp
->sctp_flags
& SCTP_PCB_FLAGS_TCPTYPE
) &&
5227 (SCTP_BASE_SYSCTL(sctp_abort_if_one_2_one_hits_limit
))) {
5228 op_err
= sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC
, "");
5229 sctp_abort_association(inp
, stcb
, m
, iphlen
,
5230 src
, dst
, sh
, op_err
,
5237 struct mbuf
*ret_buf
;
5238 struct sctp_inpcb
*linp
;
5247 SCTP_ASOC_CREATE_LOCK(linp
);
5248 if ((inp
->sctp_flags
& SCTP_PCB_FLAGS_SOCKET_GONE
) ||
5249 (inp
->sctp_flags
& SCTP_PCB_FLAGS_SOCKET_ALLGONE
)) {
5250 SCTP_ASOC_CREATE_UNLOCK(linp
);
5256 sctp_handle_cookie_echo(m
, iphlen
,
5260 (struct sctp_cookie_echo_chunk
*)ch
,
5274 SCTP_ASOC_CREATE_UNLOCK(linp
);
5276 if (ret_buf
== NULL
) {
5278 SCTP_TCB_UNLOCK(locked_tcb
);
5280 SCTPDBG(SCTP_DEBUG_INPUT3
,
5281 "GAK, null buffer\n");
5285 /* if AUTH skipped, see if it verified... */
5290 if (!TAILQ_EMPTY(&stcb
->asoc
.sent_queue
)) {
5292 * Restart the timer if we have
5295 struct sctp_tmit_chunk
*chk
;
5297 chk
= TAILQ_FIRST(&stcb
->asoc
.sent_queue
);
5298 sctp_timer_start(SCTP_TIMER_TYPE_SEND
, stcb
->sctp_ep
, stcb
, chk
->whoTo
);
5302 case SCTP_COOKIE_ACK
:
5303 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_COOKIE-ACK, stcb %p\n", (void *)stcb
);
5304 if ((stcb
== NULL
) || chk_length
!= sizeof(struct sctp_cookie_ack_chunk
)) {
5306 SCTP_TCB_UNLOCK(locked_tcb
);
5310 if (inp
->sctp_flags
& SCTP_PCB_FLAGS_SOCKET_GONE
) {
5311 /* We are not interested anymore */
5312 if ((stcb
) && (stcb
->asoc
.total_output_queue_size
)) {
5315 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
5316 so
= SCTP_INP_SO(inp
);
5317 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
5318 SCTP_TCB_UNLOCK(stcb
);
5319 SCTP_SOCKET_LOCK(so
, 1);
5320 SCTP_TCB_LOCK(stcb
);
5321 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
5323 (void)sctp_free_assoc(inp
, stcb
, SCTP_NORMAL_PROC
,
5324 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_30
);
5325 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
5326 SCTP_SOCKET_UNLOCK(so
, 1);
5332 /* He's alive so give him credit */
5333 if ((stcb
) && netp
&& *netp
) {
5334 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_THRESHOLD_LOGGING
) {
5335 sctp_misc_ints(SCTP_THRESHOLD_CLEAR
,
5336 stcb
->asoc
.overall_error_count
,
5338 SCTP_FROM_SCTP_INPUT
,
5341 stcb
->asoc
.overall_error_count
= 0;
5342 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk
*)ch
, stcb
, *netp
);
5346 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_ECN-ECHO\n");
5347 /* He's alive so give him credit */
5348 if ((stcb
== NULL
) || (chk_length
!= sizeof(struct sctp_ecne_chunk
))) {
5351 SCTP_TCB_UNLOCK(locked_tcb
);
5357 if (stcb
->asoc
.ecn_supported
== 0) {
5360 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_THRESHOLD_LOGGING
) {
5361 sctp_misc_ints(SCTP_THRESHOLD_CLEAR
,
5362 stcb
->asoc
.overall_error_count
,
5364 SCTP_FROM_SCTP_INPUT
,
5367 stcb
->asoc
.overall_error_count
= 0;
5368 sctp_handle_ecn_echo((struct sctp_ecne_chunk
*)ch
,
5374 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_ECN-CWR\n");
5375 /* He's alive so give him credit */
5376 if ((stcb
== NULL
) || (chk_length
!= sizeof(struct sctp_cwr_chunk
))) {
5379 SCTP_TCB_UNLOCK(locked_tcb
);
5385 if (stcb
->asoc
.ecn_supported
== 0) {
5388 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_THRESHOLD_LOGGING
) {
5389 sctp_misc_ints(SCTP_THRESHOLD_CLEAR
,
5390 stcb
->asoc
.overall_error_count
,
5392 SCTP_FROM_SCTP_INPUT
,
5395 stcb
->asoc
.overall_error_count
= 0;
5396 sctp_handle_ecn_cwr((struct sctp_cwr_chunk
*)ch
, stcb
, *netp
);
5399 case SCTP_SHUTDOWN_COMPLETE
:
5400 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_SHUTDOWN-COMPLETE, stcb %p\n", (void *)stcb
);
5401 /* must be first and only chunk */
5402 if ((num_chunks
> 1) ||
5403 (length
- *offset
> (int)SCTP_SIZE32(chk_length
))) {
5406 SCTP_TCB_UNLOCK(locked_tcb
);
5410 if ((stcb
) && netp
&& *netp
) {
5411 sctp_handle_shutdown_complete((struct sctp_shutdown_complete_chunk
*)ch
,
5418 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_ASCONF\n");
5419 /* He's alive so give him credit */
5421 if (stcb
->asoc
.asconf_supported
== 0) {
5424 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_THRESHOLD_LOGGING
) {
5425 sctp_misc_ints(SCTP_THRESHOLD_CLEAR
,
5426 stcb
->asoc
.overall_error_count
,
5428 SCTP_FROM_SCTP_INPUT
,
5431 stcb
->asoc
.overall_error_count
= 0;
5432 sctp_handle_asconf(m
, *offset
, src
,
5433 (struct sctp_asconf_chunk
*)ch
, stcb
, asconf_cnt
== 0);
5437 case SCTP_ASCONF_ACK
:
5438 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_ASCONF-ACK\n");
5439 if (chk_length
< sizeof(struct sctp_asconf_ack_chunk
)) {
5442 SCTP_TCB_UNLOCK(locked_tcb
);
5447 if ((stcb
) && netp
&& *netp
) {
5448 if (stcb
->asoc
.asconf_supported
== 0) {
5451 /* He's alive so give him credit */
5452 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_THRESHOLD_LOGGING
) {
5453 sctp_misc_ints(SCTP_THRESHOLD_CLEAR
,
5454 stcb
->asoc
.overall_error_count
,
5456 SCTP_FROM_SCTP_INPUT
,
5459 stcb
->asoc
.overall_error_count
= 0;
5460 sctp_handle_asconf_ack(m
, *offset
,
5461 (struct sctp_asconf_ack_chunk
*)ch
, stcb
, *netp
, &abort_no_unlock
);
5462 if (abort_no_unlock
)
5466 case SCTP_FORWARD_CUM_TSN
:
5467 case SCTP_IFORWARD_CUM_TSN
:
5468 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_FWD-TSN\n");
5469 if (chk_length
< sizeof(struct sctp_forward_tsn_chunk
)) {
5472 SCTP_TCB_UNLOCK(locked_tcb
);
5477 /* He's alive so give him credit */
5481 if (stcb
->asoc
.prsctp_supported
== 0) {
5484 stcb
->asoc
.overall_error_count
= 0;
5485 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_THRESHOLD_LOGGING
) {
5486 sctp_misc_ints(SCTP_THRESHOLD_CLEAR
,
5487 stcb
->asoc
.overall_error_count
,
5489 SCTP_FROM_SCTP_INPUT
,
5493 if (inp
->sctp_flags
& SCTP_PCB_FLAGS_SOCKET_GONE
) {
5494 /* We are not interested anymore */
5495 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
5496 so
= SCTP_INP_SO(inp
);
5497 atomic_add_int(&stcb
->asoc
.refcnt
, 1);
5498 SCTP_TCB_UNLOCK(stcb
);
5499 SCTP_SOCKET_LOCK(so
, 1);
5500 SCTP_TCB_LOCK(stcb
);
5501 atomic_subtract_int(&stcb
->asoc
.refcnt
, 1);
5503 (void)sctp_free_assoc(inp
, stcb
, SCTP_NORMAL_PROC
,
5504 SCTP_FROM_SCTP_INPUT
+ SCTP_LOC_31
);
5505 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
5506 SCTP_SOCKET_UNLOCK(so
, 1);
5511 sctp_handle_forward_tsn(stcb
,
5512 (struct sctp_forward_tsn_chunk
*)ch
, &abort_flag
, m
, *offset
);
5517 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_THRESHOLD_LOGGING
) {
5518 sctp_misc_ints(SCTP_THRESHOLD_CLEAR
,
5519 stcb
->asoc
.overall_error_count
,
5521 SCTP_FROM_SCTP_INPUT
,
5524 stcb
->asoc
.overall_error_count
= 0;
5529 case SCTP_STREAM_RESET
:
5530 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_STREAM_RESET\n");
5531 if (((stcb
== NULL
) || (ch
== NULL
) || (chk_length
< sizeof(struct sctp_stream_reset_tsn_req
)))) {
5534 SCTP_TCB_UNLOCK(locked_tcb
);
5539 if (stcb
->asoc
.reconfig_supported
== 0) {
5542 if (sctp_handle_stream_reset(stcb
, m
, *offset
, ch
)) {
5543 /* stop processing */
5548 case SCTP_PACKET_DROPPED
:
5549 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_PACKET_DROPPED\n");
5550 /* re-get it all please */
5551 if (chk_length
< sizeof(struct sctp_pktdrop_chunk
)) {
5554 SCTP_TCB_UNLOCK(locked_tcb
);
5559 if (ch
&& (stcb
) && netp
&& (*netp
)) {
5560 if (stcb
->asoc
.pktdrop_supported
== 0) {
5563 sctp_handle_packet_dropped((struct sctp_pktdrop_chunk
*)ch
,
5565 min(chk_length
, (sizeof(chunk_buf
) - 4)));
5569 case SCTP_AUTHENTICATION
:
5570 SCTPDBG(SCTP_DEBUG_INPUT3
, "SCTP_AUTHENTICATION\n");
5572 /* save the first AUTH for later processing */
5573 if (auth_skipped
== 0) {
5574 auth_offset
= *offset
;
5575 auth_len
= chk_length
;
5578 /* skip this chunk (temporarily) */
5581 if (stcb
->asoc
.auth_supported
== 0) {
5584 if ((chk_length
< (sizeof(struct sctp_auth_chunk
))) ||
5585 (chk_length
> (sizeof(struct sctp_auth_chunk
) +
5586 SCTP_AUTH_DIGEST_LEN_MAX
))) {
5589 SCTP_TCB_UNLOCK(locked_tcb
);
5594 if (got_auth
== 1) {
5595 /* skip this chunk... it's already auth'd */
5599 if ((ch
== NULL
) || sctp_handle_auth(stcb
, (struct sctp_auth_chunk
*)ch
,
5601 /* auth HMAC failed so dump the packet */
5605 /* remaining chunks are HMAC checked */
5606 stcb
->asoc
.authenticated
= 1;
5612 /* it's an unknown chunk! */
5613 if ((ch
->chunk_type
& 0x40) && (stcb
!= NULL
)) {
5614 struct sctp_gen_error_cause
*cause
;
5617 op_err
= sctp_get_mbuf_for_msg(sizeof(struct sctp_gen_error_cause
),
5618 0, M_NOWAIT
, 1, MT_DATA
);
5619 if (op_err
!= NULL
) {
5620 len
= min(SCTP_SIZE32(chk_length
), (uint32_t) (length
- *offset
));
5621 cause
= mtod(op_err
, struct sctp_gen_error_cause
*);
5622 cause
->code
= htons(SCTP_CAUSE_UNRECOG_CHUNK
);
5623 cause
->length
= htons((uint16_t) (len
+ sizeof(struct sctp_gen_error_cause
)));
5624 SCTP_BUF_LEN(op_err
) = sizeof(struct sctp_gen_error_cause
);
5625 SCTP_BUF_NEXT(op_err
) = SCTP_M_COPYM(m
, *offset
, len
, M_NOWAIT
);
5626 if (SCTP_BUF_NEXT(op_err
) != NULL
) {
5627 #ifdef SCTP_MBUF_LOGGING
5628 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_MBUF_LOGGING_ENABLE
) {
5629 sctp_log_mbc(SCTP_BUF_NEXT(op_err
), SCTP_MBUF_ICOPY
);
5632 sctp_queue_op_err(stcb
, op_err
);
5634 sctp_m_freem(op_err
);
5638 if ((ch
->chunk_type
& 0x80) == 0) {
5639 /* discard this packet */
5642 } /* else skip this bad chunk and continue... */
5644 } /* switch (ch->chunk_type) */
5648 /* get the next chunk */
5649 *offset
+= SCTP_SIZE32(chk_length
);
5650 if (*offset
>= length
) {
5651 /* no more data left in the mbuf chain */
5654 ch
= (struct sctp_chunkhdr
*)sctp_m_getptr(m
, *offset
,
5655 sizeof(struct sctp_chunkhdr
), chunk_buf
);
5658 SCTP_TCB_UNLOCK(locked_tcb
);
5665 if (asconf_cnt
> 0 && stcb
!= NULL
) {
5666 sctp_send_asconf_ack(stcb
);
5673 * common input chunk processing (v4 and v6)
5676 sctp_common_input_processing(struct mbuf
**mm
, int iphlen
, int offset
, int length
,
5677 struct sockaddr
*src
, struct sockaddr
*dst
,
5678 struct sctphdr
*sh
, struct sctp_chunkhdr
*ch
,
5679 #if !defined(SCTP_WITH_NO_CSUM)
5680 uint8_t compute_crc
,
5683 uint8_t mflowtype
, uint32_t mflowid
, uint16_t fibnum
,
5684 uint32_t vrf_id
, uint16_t port
)
5687 int fwd_tsn_seen
= 0, data_processed
= 0;
5688 struct mbuf
*m
= *mm
, *op_err
;
5689 char msg
[SCTP_DIAG_INFO_LEN
];
5691 int cnt_ctrl_ready
= 0;
5692 struct sctp_inpcb
*inp
= NULL
, *inp_decr
= NULL
;
5693 struct sctp_tcb
*stcb
= NULL
;
5694 struct sctp_nets
*net
= NULL
;
5696 SCTP_STAT_INCR(sctps_recvdatagrams
);
5697 #ifdef SCTP_AUDITING_ENABLED
5698 sctp_audit_log(0xE0, 1);
5699 sctp_auditing(0, inp
, stcb
, net
);
5701 #if !defined(SCTP_WITH_NO_CSUM)
5702 if (compute_crc
!= 0) {
5703 uint32_t check
, calc_check
;
5705 check
= sh
->checksum
;
5707 calc_check
= sctp_calculate_cksum(m
, iphlen
);
5708 sh
->checksum
= check
;
5709 if (calc_check
!= check
) {
5710 SCTPDBG(SCTP_DEBUG_INPUT1
, "Bad CSUM on SCTP packet calc_check:%x check:%x m:%p mlen:%d iphlen:%d\n",
5711 calc_check
, check
, (void *)m
, length
, iphlen
);
5712 stcb
= sctp_findassociation_addr(m
, offset
, src
, dst
,
5713 sh
, ch
, &inp
, &net
, vrf_id
);
5714 #if defined(INET) || defined(INET6)
5715 if ((ch
->chunk_type
!= SCTP_INITIATION
) &&
5716 (net
!= NULL
) && (net
->port
!= port
)) {
5717 if (net
->port
== 0) {
5718 /* UDP encapsulation turned on. */
5719 net
->mtu
-= sizeof(struct udphdr
);
5720 if (stcb
->asoc
.smallest_mtu
> net
->mtu
) {
5721 sctp_pathmtu_adjustment(stcb
, net
->mtu
);
5723 } else if (port
== 0) {
5724 /* UDP encapsulation turned off. */
5725 net
->mtu
+= sizeof(struct udphdr
);
5726 /* XXX Update smallest_mtu */
5732 net
->flowtype
= mflowtype
;
5733 net
->flowid
= mflowid
;
5735 if ((inp
!= NULL
) && (stcb
!= NULL
)) {
5736 sctp_send_packet_dropped(stcb
, net
, m
, length
, iphlen
, 1);
5737 sctp_chunk_output(inp
, stcb
, SCTP_OUTPUT_FROM_INPUT_ERROR
, SCTP_SO_NOT_LOCKED
);
5738 } else if ((inp
!= NULL
) && (stcb
== NULL
)) {
5741 SCTP_STAT_INCR(sctps_badsum
);
5742 SCTP_STAT_INCR_COUNTER32(sctps_checksumerrors
);
5747 /* Destination port of 0 is illegal, based on RFC4960. */
5748 if (sh
->dest_port
== 0) {
5749 SCTP_STAT_INCR(sctps_hdrops
);
5752 stcb
= sctp_findassociation_addr(m
, offset
, src
, dst
,
5753 sh
, ch
, &inp
, &net
, vrf_id
);
5754 #if defined(INET) || defined(INET6)
5755 if ((ch
->chunk_type
!= SCTP_INITIATION
) &&
5756 (net
!= NULL
) && (net
->port
!= port
)) {
5757 if (net
->port
== 0) {
5758 /* UDP encapsulation turned on. */
5759 net
->mtu
-= sizeof(struct udphdr
);
5760 if (stcb
->asoc
.smallest_mtu
> net
->mtu
) {
5761 sctp_pathmtu_adjustment(stcb
, net
->mtu
);
5763 } else if (port
== 0) {
5764 /* UDP encapsulation turned off. */
5765 net
->mtu
+= sizeof(struct udphdr
);
5766 /* XXX Update smallest_mtu */
5772 net
->flowtype
= mflowtype
;
5773 net
->flowid
= mflowid
;
5776 SCTP_STAT_INCR(sctps_noport
);
5777 if (badport_bandlim(BANDLIM_SCTP_OOTB
) < 0) {
5780 if (ch
->chunk_type
== SCTP_SHUTDOWN_ACK
) {
5781 sctp_send_shutdown_complete2(src
, dst
, sh
,
5782 mflowtype
, mflowid
, fibnum
,
5786 if (ch
->chunk_type
== SCTP_SHUTDOWN_COMPLETE
) {
5789 if (ch
->chunk_type
!= SCTP_ABORT_ASSOCIATION
) {
5790 if ((SCTP_BASE_SYSCTL(sctp_blackhole
) == 0) ||
5791 ((SCTP_BASE_SYSCTL(sctp_blackhole
) == 1) &&
5792 (ch
->chunk_type
!= SCTP_INIT
))) {
5793 op_err
= sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code
),
5795 sctp_send_abort(m
, iphlen
, src
, dst
,
5797 mflowtype
, mflowid
, fibnum
,
5802 } else if (stcb
== NULL
) {
5807 * I very much doubt any of the IPSEC stuff will work but I have no
5808 * idea, so I will leave it in place.
5811 switch (dst
->sa_family
) {
5814 if (ipsec4_in_reject(m
, &inp
->ip_inp
.inp
)) {
5815 SCTP_STAT_INCR(sctps_hdrops
);
5822 if (ipsec6_in_reject(m
, &inp
->ip_inp
.inp
)) {
5823 SCTP_STAT_INCR(sctps_hdrops
);
5833 SCTPDBG(SCTP_DEBUG_INPUT1
, "Ok, Common input processing called, m:%p iphlen:%d offset:%d length:%d stcb:%p\n",
5834 (void *)m
, iphlen
, offset
, length
, (void *)stcb
);
5836 /* always clear this before beginning a packet */
5837 stcb
->asoc
.authenticated
= 0;
5838 stcb
->asoc
.seen_a_sack_this_pkt
= 0;
5839 SCTPDBG(SCTP_DEBUG_INPUT1
, "stcb:%p state:%x\n",
5840 (void *)stcb
, stcb
->asoc
.state
);
5842 if ((stcb
->asoc
.state
& SCTP_STATE_WAS_ABORTED
) ||
5843 (stcb
->asoc
.state
& SCTP_STATE_ABOUT_TO_BE_FREED
)) {
5845 * If we hit here, we had a ref count
5846 * up when the assoc was aborted and the
5847 * timer is clearing out the assoc, we should
5848 * NOT respond to any packet.. its OOTB.
5850 SCTP_TCB_UNLOCK(stcb
);
5852 snprintf(msg
, sizeof(msg
), "OOTB, %s:%d at %s", __FILE__
, __LINE__
, __func__
);
5853 op_err
= sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code
),
5855 sctp_handle_ootb(m
, iphlen
, offset
, src
, dst
, sh
, inp
, op_err
,
5856 mflowtype
, mflowid
, inp
->fibnum
,
5861 if (IS_SCTP_CONTROL(ch
)) {
5862 /* process the control portion of the SCTP packet */
5863 /* sa_ignore NO_NULL_CHK */
5864 stcb
= sctp_process_control(m
, iphlen
, &offset
, length
,
5866 inp
, stcb
, &net
, &fwd_tsn_seen
,
5867 mflowtype
, mflowid
, fibnum
,
5871 * This covers us if the cookie-echo was there and
5872 * it changes our INP.
5874 inp
= stcb
->sctp_ep
;
5875 #if defined(INET) || defined(INET6)
5876 if ((ch
->chunk_type
!= SCTP_INITIATION
) &&
5877 (net
!= NULL
) && (net
->port
!= port
)) {
5878 if (net
->port
== 0) {
5879 /* UDP encapsulation turned on. */
5880 net
->mtu
-= sizeof(struct udphdr
);
5881 if (stcb
->asoc
.smallest_mtu
> net
->mtu
) {
5882 sctp_pathmtu_adjustment(stcb
, net
->mtu
);
5884 } else if (port
== 0) {
5885 /* UDP encapsulation turned off. */
5886 net
->mtu
+= sizeof(struct udphdr
);
5887 /* XXX Update smallest_mtu */
5895 * no control chunks, so pre-process DATA chunks (these
5896 * checks are taken care of by control processing)
5900 * if DATA only packet, and auth is required, then punt...
5901 * can't have authenticated without any AUTH (control)
5904 if ((stcb
!= NULL
) &&
5905 (stcb
->asoc
.auth_supported
== 1) &&
5906 sctp_auth_is_required_chunk(SCTP_DATA
, stcb
->asoc
.local_auth_chunks
)) {
5907 /* "silently" ignore */
5908 SCTP_STAT_INCR(sctps_recvauthmissing
);
5912 /* out of the blue DATA chunk */
5913 snprintf(msg
, sizeof(msg
), "OOTB, %s:%d at %s", __FILE__
, __LINE__
, __func__
);
5914 op_err
= sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code
),
5916 sctp_handle_ootb(m
, iphlen
, offset
, src
, dst
, sh
, inp
, op_err
,
5917 mflowtype
, mflowid
, fibnum
,
5921 if (stcb
->asoc
.my_vtag
!= ntohl(sh
->v_tag
)) {
5922 /* v_tag mismatch! */
5923 SCTP_STAT_INCR(sctps_badvtag
);
5930 * no valid TCB for this packet, or we found it's a bad
5931 * packet while processing control, or we're done with this
5932 * packet (done or skip rest of data), so we drop it...
5937 * DATA chunk processing
5939 /* plow through the data chunks while length > offset */
5942 * Rest should be DATA only. Check authentication state if AUTH for
5945 if ((length
> offset
) &&
5947 (stcb
->asoc
.auth_supported
== 1) &&
5948 sctp_auth_is_required_chunk(SCTP_DATA
, stcb
->asoc
.local_auth_chunks
) &&
5949 !stcb
->asoc
.authenticated
) {
5950 /* "silently" ignore */
5951 SCTP_STAT_INCR(sctps_recvauthmissing
);
5952 SCTPDBG(SCTP_DEBUG_AUTH1
,
5953 "Data chunk requires AUTH, skipped\n");
5956 if (length
> offset
) {
5960 * First check to make sure our state is correct. We would
5961 * not get here unless we really did have a tag, so we don't
5962 * abort if this happens, just dump the chunk silently.
5964 switch (SCTP_GET_STATE(&stcb
->asoc
)) {
5965 case SCTP_STATE_COOKIE_ECHOED
:
5967 * we consider data with valid tags in this state
5968 * shows us the cookie-ack was lost. Imply it was
5971 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_THRESHOLD_LOGGING
) {
5972 sctp_misc_ints(SCTP_THRESHOLD_CLEAR
,
5973 stcb
->asoc
.overall_error_count
,
5975 SCTP_FROM_SCTP_INPUT
,
5978 stcb
->asoc
.overall_error_count
= 0;
5979 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk
*)ch
, stcb
, net
);
5981 case SCTP_STATE_COOKIE_WAIT
:
5983 * We consider OOTB any data sent during asoc setup.
5985 snprintf(msg
, sizeof(msg
), "OOTB, %s:%d at %s", __FILE__
, __LINE__
, __func__
);
5986 op_err
= sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code
),
5988 sctp_handle_ootb(m
, iphlen
, offset
, src
, dst
, sh
, inp
, op_err
,
5989 mflowtype
, mflowid
, inp
->fibnum
,
5992 /* sa_ignore NOTREACHED */
5994 case SCTP_STATE_EMPTY
: /* should not happen */
5995 case SCTP_STATE_INUSE
: /* should not happen */
5996 case SCTP_STATE_SHUTDOWN_RECEIVED
: /* This is a peer error */
5997 case SCTP_STATE_SHUTDOWN_ACK_SENT
:
6000 /* sa_ignore NOTREACHED */
6002 case SCTP_STATE_OPEN
:
6003 case SCTP_STATE_SHUTDOWN_SENT
:
6006 /* plow through the data chunks while length > offset */
6007 retval
= sctp_process_data(mm
, iphlen
, &offset
, length
,
6008 inp
, stcb
, net
, &high_tsn
);
6011 * The association aborted, NO UNLOCK needed since
6012 * the association is destroyed.
6019 * Anything important needs to have been m_copy'ed in
6023 /* take care of ecn */
6024 if ((data_processed
== 1) &&
6025 (stcb
->asoc
.ecn_supported
== 1) &&
6026 ((ecn_bits
& SCTP_CE_BITS
) == SCTP_CE_BITS
)) {
6027 /* Yep, we need to add a ECNE */
6028 sctp_send_ecn_echo(stcb
, net
, high_tsn
);
6030 if ((data_processed
== 0) && (fwd_tsn_seen
)) {
6032 uint32_t highest_tsn
;
6034 if (SCTP_TSN_GT(stcb
->asoc
.highest_tsn_inside_nr_map
, stcb
->asoc
.highest_tsn_inside_map
)) {
6035 highest_tsn
= stcb
->asoc
.highest_tsn_inside_nr_map
;
6037 highest_tsn
= stcb
->asoc
.highest_tsn_inside_map
;
6039 was_a_gap
= SCTP_TSN_GT(highest_tsn
, stcb
->asoc
.cumulative_tsn
);
6040 stcb
->asoc
.send_sack
= 1;
6041 sctp_sack_check(stcb
, was_a_gap
);
6042 } else if (fwd_tsn_seen
) {
6043 stcb
->asoc
.send_sack
= 1;
6045 /* trigger send of any chunks in queue... */
6047 #ifdef SCTP_AUDITING_ENABLED
6048 sctp_audit_log(0xE0, 2);
6049 sctp_auditing(1, inp
, stcb
, net
);
6051 SCTPDBG(SCTP_DEBUG_INPUT1
,
6052 "Check for chunk output prw:%d tqe:%d tf=%d\n",
6053 stcb
->asoc
.peers_rwnd
,
6054 TAILQ_EMPTY(&stcb
->asoc
.control_send_queue
),
6055 stcb
->asoc
.total_flight
);
6056 un_sent
= (stcb
->asoc
.total_output_queue_size
- stcb
->asoc
.total_flight
);
6057 if (!TAILQ_EMPTY(&stcb
->asoc
.control_send_queue
)) {
6058 cnt_ctrl_ready
= stcb
->asoc
.ctrl_queue_cnt
- stcb
->asoc
.ecn_echo_cnt_onq
;
6060 if (!TAILQ_EMPTY(&stcb
->asoc
.asconf_send_queue
) ||
6062 stcb
->asoc
.trigger_reset
||
6064 (stcb
->asoc
.peers_rwnd
> 0 ||
6065 (stcb
->asoc
.peers_rwnd
<= 0 && stcb
->asoc
.total_flight
== 0)))) {
6066 SCTPDBG(SCTP_DEBUG_INPUT3
, "Calling chunk OUTPUT\n");
6067 sctp_chunk_output(inp
, stcb
, SCTP_OUTPUT_FROM_CONTROL_PROC
, SCTP_SO_NOT_LOCKED
);
6068 SCTPDBG(SCTP_DEBUG_INPUT3
, "chunk OUTPUT returns\n");
6070 #ifdef SCTP_AUDITING_ENABLED
6071 sctp_audit_log(0xE0, 3);
6072 sctp_auditing(2, inp
, stcb
, net
);
6076 SCTP_TCB_UNLOCK(stcb
);
6078 if (inp_decr
!= NULL
) {
6079 /* reduce ref-count */
6080 SCTP_INP_WLOCK(inp_decr
);
6081 SCTP_INP_DECR_REF(inp_decr
);
6082 SCTP_INP_WUNLOCK(inp_decr
);
6089 sctp_input_with_port(struct mbuf
*i_pak
, int off
, uint16_t port
)
6093 uint32_t vrf_id
= 0;
6095 struct sockaddr_in src
, dst
;
6098 struct sctp_chunkhdr
*ch
;
6101 #if !defined(SCTP_WITH_NO_CSUM)
6102 uint8_t compute_crc
;
6110 if (SCTP_GET_PKT_VRFID(i_pak
, vrf_id
)) {
6111 SCTP_RELEASE_PKT(i_pak
);
6114 m
= SCTP_HEADER_TO_CHAIN(i_pak
);
6115 #ifdef SCTP_MBUF_LOGGING
6116 /* Log in any input mbufs */
6117 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_MBUF_LOGGING_ENABLE
) {
6118 sctp_log_mbc(m
, SCTP_MBUF_INPUT
);
6121 #ifdef SCTP_PACKET_LOGGING
6122 if (SCTP_BASE_SYSCTL(sctp_logging_level
) & SCTP_LAST_PACKET_TRACING
) {
6126 SCTPDBG(SCTP_DEBUG_CRCOFFLOAD
,
6127 "sctp_input(): Packet of length %d received on %s with csum_flags 0x%b.\n",
6129 if_name(m
->m_pkthdr
.rcvif
),
6130 (int)m
->m_pkthdr
.csum_flags
, CSUM_BITS
);
6131 mflowid
= m
->m_pkthdr
.flowid
;
6132 mflowtype
= M_HASHTYPE_GET(m
);
6133 fibnum
= M_GETFIB(m
);
6134 SCTP_STAT_INCR(sctps_recvpackets
);
6135 SCTP_STAT_INCR_COUNTER64(sctps_inpackets
);
6136 /* Get IP, SCTP, and first chunk header together in the first mbuf. */
6137 offset
= iphlen
+ sizeof(struct sctphdr
) + sizeof(struct sctp_chunkhdr
);
6138 if (SCTP_BUF_LEN(m
) < offset
) {
6139 if ((m
= m_pullup(m
, offset
)) == NULL
) {
6140 SCTP_STAT_INCR(sctps_hdrops
);
6144 ip
= mtod(m
, struct ip
*);
6145 sh
= (struct sctphdr
*)((caddr_t
)ip
+ iphlen
);
6146 ch
= (struct sctp_chunkhdr
*)((caddr_t
)sh
+ sizeof(struct sctphdr
));
6147 offset
-= sizeof(struct sctp_chunkhdr
);
6148 memset(&src
, 0, sizeof(struct sockaddr_in
));
6149 src
.sin_family
= AF_INET
;
6150 src
.sin_len
= sizeof(struct sockaddr_in
);
6151 src
.sin_port
= sh
->src_port
;
6152 src
.sin_addr
= ip
->ip_src
;
6153 memset(&dst
, 0, sizeof(struct sockaddr_in
));
6154 dst
.sin_family
= AF_INET
;
6155 dst
.sin_len
= sizeof(struct sockaddr_in
);
6156 dst
.sin_port
= sh
->dest_port
;
6157 dst
.sin_addr
= ip
->ip_dst
;
6158 length
= ntohs(ip
->ip_len
);
6159 /* Validate mbuf chain length with IP payload length. */
6160 if (SCTP_HEADER_LEN(m
) != length
) {
6161 SCTPDBG(SCTP_DEBUG_INPUT1
,
6162 "sctp_input() length:%d reported length:%d\n", length
, SCTP_HEADER_LEN(m
));
6163 SCTP_STAT_INCR(sctps_hdrops
);
6166 /* SCTP does not allow broadcasts or multicasts */
6167 if (IN_MULTICAST(ntohl(dst
.sin_addr
.s_addr
))) {
6170 if (SCTP_IS_IT_BROADCAST(dst
.sin_addr
, m
)) {
6173 ecn_bits
= ip
->ip_tos
;
6174 #if defined(SCTP_WITH_NO_CSUM)
6175 SCTP_STAT_INCR(sctps_recvnocrc
);
6177 if (m
->m_pkthdr
.csum_flags
& CSUM_SCTP_VALID
) {
6178 SCTP_STAT_INCR(sctps_recvhwcrc
);
6181 SCTP_STAT_INCR(sctps_recvswcrc
);
6185 sctp_common_input_processing(&m
, iphlen
, offset
, length
,
6186 (struct sockaddr
*)&src
,
6187 (struct sockaddr
*)&dst
,
6189 #if !defined(SCTP_WITH_NO_CSUM)
6193 mflowtype
, mflowid
, fibnum
,
6202 #if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP)
6203 extern int *sctp_cpuarry
;
6208 sctp_input(struct mbuf
**mp
, int *offp
, int proto SCTP_UNUSED
)
6215 #if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP)
6221 uint32_t flowid
, tag
;
6223 if (M_HASHTYPE_GET(m
) != M_HASHTYPE_NONE
) {
6224 flowid
= m
->m_pkthdr
.flowid
;
6227 * No flow id built by lower layers fix it so we
6230 offset
= off
+ sizeof(struct sctphdr
);
6231 if (SCTP_BUF_LEN(m
) < offset
) {
6232 if ((m
= m_pullup(m
, offset
)) == NULL
) {
6233 SCTP_STAT_INCR(sctps_hdrops
);
6234 return (IPPROTO_DONE
);
6237 ip
= mtod(m
, struct ip
*);
6238 sh
= (struct sctphdr
*)((caddr_t
)ip
+ off
);
6239 tag
= htonl(sh
->v_tag
);
6240 flowid
= tag
^ ntohs(sh
->dest_port
) ^ ntohs(sh
->src_port
);
6241 m
->m_pkthdr
.flowid
= flowid
;
6242 M_HASHTYPE_SET(m
, M_HASHTYPE_OPAQUE_HASH
);
6244 cpu_to_use
= sctp_cpuarry
[flowid
% mp_ncpus
];
6245 sctp_queue_to_mcore(m
, off
, cpu_to_use
);
6246 return (IPPROTO_DONE
);
6249 sctp_input_with_port(m
, off
, 0);
6250 return (IPPROTO_DONE
);