1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved.
5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
10 *
11 * a) Redistributions of source code must retain the above copyright notice,
12 * this list of conditions and the following disclaimer.
13 *
14 * b) Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the distribution.
17 *
18 * c) Neither the name of Cisco Systems, Inc. nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
32 * THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35 #include <netinet/sctp_os.h>
36 #include <netinet/sctp_pcb.h>
37 #include <netinet/sctputil.h>
38 #include <netinet/sctp_var.h>
39 #include <netinet/sctp_sysctl.h>
40 #ifdef INET6
41 #include <netinet6/sctp6_var.h>
42 #endif
43 #include <netinet/sctp_header.h>
44 #include <netinet/sctp_output.h>
45 #include <netinet/sctp_uio.h>
46 #include <netinet/sctp_timer.h>
47 #include <netinet/sctp_indata.h>
48 #include <netinet/sctp_auth.h>
49 #include <netinet/sctp_asconf.h>
50 #include <netinet/sctp_bsd_addr.h>
51 #include <netinet/sctp_kdtrace.h>
52 #if defined(INET6) || defined(INET)
53 #include <netinet/tcp_var.h>
54 #endif
55 #include <netinet/udp.h>
56 #include <netinet/udp_var.h>
57 #include <sys/proc.h>
58 #ifdef INET6
59 #include <netinet/icmp6.h>
60 #endif
61
62 #ifndef KTR_SCTP
63 #define KTR_SCTP KTR_SUBSYS
64 #endif
65
66 extern const struct sctp_cc_functions sctp_cc_functions[];
67 extern const struct sctp_ss_functions sctp_ss_functions[];
68
69 void
sctp_sblog(struct sockbuf * sb,struct sctp_tcb * stcb,int from,int incr)70 sctp_sblog(struct sockbuf *sb, struct sctp_tcb *stcb, int from, int incr)
71 {
72 #if defined(SCTP_LOCAL_TRACE_BUF)
73 struct sctp_cwnd_log sctp_clog;
74
75 sctp_clog.x.sb.stcb = stcb;
76 sctp_clog.x.sb.so_sbcc = SCTP_SBAVAIL(sb);
77 if (stcb)
78 sctp_clog.x.sb.stcb_sbcc = stcb->asoc.sb_cc;
79 else
80 sctp_clog.x.sb.stcb_sbcc = 0;
81 sctp_clog.x.sb.incr = incr;
82 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
83 SCTP_LOG_EVENT_SB,
84 from,
85 sctp_clog.x.misc.log1,
86 sctp_clog.x.misc.log2,
87 sctp_clog.x.misc.log3,
88 sctp_clog.x.misc.log4);
89 #endif
90 }
91
92 void
sctp_log_closing(struct sctp_inpcb * inp,struct sctp_tcb * stcb,int16_t loc)93 sctp_log_closing(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int16_t loc)
94 {
95 #if defined(SCTP_LOCAL_TRACE_BUF)
96 struct sctp_cwnd_log sctp_clog;
97
98 sctp_clog.x.close.inp = (void *)inp;
99 sctp_clog.x.close.sctp_flags = inp->sctp_flags;
100 if (stcb) {
101 sctp_clog.x.close.stcb = (void *)stcb;
102 sctp_clog.x.close.state = (uint16_t)stcb->asoc.state;
103 } else {
104 sctp_clog.x.close.stcb = 0;
105 sctp_clog.x.close.state = 0;
106 }
107 sctp_clog.x.close.loc = loc;
108 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
109 SCTP_LOG_EVENT_CLOSE,
110 0,
111 sctp_clog.x.misc.log1,
112 sctp_clog.x.misc.log2,
113 sctp_clog.x.misc.log3,
114 sctp_clog.x.misc.log4);
115 #endif
116 }
117
118 void
rto_logging(struct sctp_nets * net,int from)119 rto_logging(struct sctp_nets *net, int from)
120 {
121 #if defined(SCTP_LOCAL_TRACE_BUF)
122 struct sctp_cwnd_log sctp_clog;
123
124 memset(&sctp_clog, 0, sizeof(sctp_clog));
125 sctp_clog.x.rto.net = (void *)net;
126 sctp_clog.x.rto.rtt = net->rtt / 1000;
127 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
128 SCTP_LOG_EVENT_RTT,
129 from,
130 sctp_clog.x.misc.log1,
131 sctp_clog.x.misc.log2,
132 sctp_clog.x.misc.log3,
133 sctp_clog.x.misc.log4);
134 #endif
135 }
136
137 void
sctp_log_strm_del_alt(struct sctp_tcb * stcb,uint32_t tsn,uint16_t sseq,uint16_t stream,int from)138 sctp_log_strm_del_alt(struct sctp_tcb *stcb, uint32_t tsn, uint16_t sseq, uint16_t stream, int from)
139 {
140 #if defined(SCTP_LOCAL_TRACE_BUF)
141 struct sctp_cwnd_log sctp_clog;
142
143 sctp_clog.x.strlog.stcb = stcb;
144 sctp_clog.x.strlog.n_tsn = tsn;
145 sctp_clog.x.strlog.n_sseq = sseq;
146 sctp_clog.x.strlog.e_tsn = 0;
147 sctp_clog.x.strlog.e_sseq = 0;
148 sctp_clog.x.strlog.strm = stream;
149 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
150 SCTP_LOG_EVENT_STRM,
151 from,
152 sctp_clog.x.misc.log1,
153 sctp_clog.x.misc.log2,
154 sctp_clog.x.misc.log3,
155 sctp_clog.x.misc.log4);
156 #endif
157 }
158
159 void
sctp_log_nagle_event(struct sctp_tcb * stcb,int action)160 sctp_log_nagle_event(struct sctp_tcb *stcb, int action)
161 {
162 #if defined(SCTP_LOCAL_TRACE_BUF)
163 struct sctp_cwnd_log sctp_clog;
164
165 sctp_clog.x.nagle.stcb = (void *)stcb;
166 sctp_clog.x.nagle.total_flight = stcb->asoc.total_flight;
167 sctp_clog.x.nagle.total_in_queue = stcb->asoc.total_output_queue_size;
168 sctp_clog.x.nagle.count_in_queue = stcb->asoc.chunks_on_out_queue;
169 sctp_clog.x.nagle.count_in_flight = stcb->asoc.total_flight_count;
170 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
171 SCTP_LOG_EVENT_NAGLE,
172 action,
173 sctp_clog.x.misc.log1,
174 sctp_clog.x.misc.log2,
175 sctp_clog.x.misc.log3,
176 sctp_clog.x.misc.log4);
177 #endif
178 }
179
180 void
sctp_log_sack(uint32_t old_cumack,uint32_t cumack,uint32_t tsn,uint16_t gaps,uint16_t dups,int from)181 sctp_log_sack(uint32_t old_cumack, uint32_t cumack, uint32_t tsn, uint16_t gaps, uint16_t dups, int from)
182 {
183 #if defined(SCTP_LOCAL_TRACE_BUF)
184 struct sctp_cwnd_log sctp_clog;
185
186 sctp_clog.x.sack.cumack = cumack;
187 sctp_clog.x.sack.oldcumack = old_cumack;
188 sctp_clog.x.sack.tsn = tsn;
189 sctp_clog.x.sack.numGaps = gaps;
190 sctp_clog.x.sack.numDups = dups;
191 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
192 SCTP_LOG_EVENT_SACK,
193 from,
194 sctp_clog.x.misc.log1,
195 sctp_clog.x.misc.log2,
196 sctp_clog.x.misc.log3,
197 sctp_clog.x.misc.log4);
198 #endif
199 }
200
201 void
sctp_log_map(uint32_t map,uint32_t cum,uint32_t high,int from)202 sctp_log_map(uint32_t map, uint32_t cum, uint32_t high, int from)
203 {
204 #if defined(SCTP_LOCAL_TRACE_BUF)
205 struct sctp_cwnd_log sctp_clog;
206
207 memset(&sctp_clog, 0, sizeof(sctp_clog));
208 sctp_clog.x.map.base = map;
209 sctp_clog.x.map.cum = cum;
210 sctp_clog.x.map.high = high;
211 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
212 SCTP_LOG_EVENT_MAP,
213 from,
214 sctp_clog.x.misc.log1,
215 sctp_clog.x.misc.log2,
216 sctp_clog.x.misc.log3,
217 sctp_clog.x.misc.log4);
218 #endif
219 }
220
221 void
sctp_log_fr(uint32_t biggest_tsn,uint32_t biggest_new_tsn,uint32_t tsn,int from)222 sctp_log_fr(uint32_t biggest_tsn, uint32_t biggest_new_tsn, uint32_t tsn, int from)
223 {
224 #if defined(SCTP_LOCAL_TRACE_BUF)
225 struct sctp_cwnd_log sctp_clog;
226
227 memset(&sctp_clog, 0, sizeof(sctp_clog));
228 sctp_clog.x.fr.largest_tsn = biggest_tsn;
229 sctp_clog.x.fr.largest_new_tsn = biggest_new_tsn;
230 sctp_clog.x.fr.tsn = tsn;
231 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
232 SCTP_LOG_EVENT_FR,
233 from,
234 sctp_clog.x.misc.log1,
235 sctp_clog.x.misc.log2,
236 sctp_clog.x.misc.log3,
237 sctp_clog.x.misc.log4);
238 #endif
239 }
240
241 #ifdef SCTP_MBUF_LOGGING
242 void
sctp_log_mb(struct mbuf * m,int from)243 sctp_log_mb(struct mbuf *m, int from)
244 {
245 #if defined(SCTP_LOCAL_TRACE_BUF)
246 struct sctp_cwnd_log sctp_clog;
247
248 sctp_clog.x.mb.mp = m;
249 sctp_clog.x.mb.mbuf_flags = (uint8_t)(SCTP_BUF_GET_FLAGS(m));
250 sctp_clog.x.mb.size = (uint16_t)(SCTP_BUF_LEN(m));
251 sctp_clog.x.mb.data = SCTP_BUF_AT(m, 0);
252 if (SCTP_BUF_IS_EXTENDED(m)) {
253 sctp_clog.x.mb.ext = SCTP_BUF_EXTEND_BASE(m);
254 sctp_clog.x.mb.refcnt = (uint8_t)(SCTP_BUF_EXTEND_REFCNT(m));
255 } else {
256 sctp_clog.x.mb.ext = 0;
257 sctp_clog.x.mb.refcnt = 0;
258 }
259 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
260 SCTP_LOG_EVENT_MBUF,
261 from,
262 sctp_clog.x.misc.log1,
263 sctp_clog.x.misc.log2,
264 sctp_clog.x.misc.log3,
265 sctp_clog.x.misc.log4);
266 #endif
267 }
268
269 void
sctp_log_mbc(struct mbuf * m,int from)270 sctp_log_mbc(struct mbuf *m, int from)
271 {
272 struct mbuf *mat;
273
274 for (mat = m; mat; mat = SCTP_BUF_NEXT(mat)) {
275 sctp_log_mb(mat, from);
276 }
277 }
278 #endif
279
280 void
sctp_log_strm_del(struct sctp_queued_to_read * control,struct sctp_queued_to_read * poschk,int from)281 sctp_log_strm_del(struct sctp_queued_to_read *control, struct sctp_queued_to_read *poschk, int from)
282 {
283 #if defined(SCTP_LOCAL_TRACE_BUF)
284 struct sctp_cwnd_log sctp_clog;
285
286 if (control == NULL) {
287 SCTP_PRINTF("Gak log of NULL?\n");
288 return;
289 }
290 sctp_clog.x.strlog.stcb = control->stcb;
291 sctp_clog.x.strlog.n_tsn = control->sinfo_tsn;
292 sctp_clog.x.strlog.n_sseq = (uint16_t)control->mid;
293 sctp_clog.x.strlog.strm = control->sinfo_stream;
294 if (poschk != NULL) {
295 sctp_clog.x.strlog.e_tsn = poschk->sinfo_tsn;
296 sctp_clog.x.strlog.e_sseq = (uint16_t)poschk->mid;
297 } else {
298 sctp_clog.x.strlog.e_tsn = 0;
299 sctp_clog.x.strlog.e_sseq = 0;
300 }
301 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
302 SCTP_LOG_EVENT_STRM,
303 from,
304 sctp_clog.x.misc.log1,
305 sctp_clog.x.misc.log2,
306 sctp_clog.x.misc.log3,
307 sctp_clog.x.misc.log4);
308 #endif
309 }
310
311 void
sctp_log_cwnd(struct sctp_tcb * stcb,struct sctp_nets * net,int augment,uint8_t from)312 sctp_log_cwnd(struct sctp_tcb *stcb, struct sctp_nets *net, int augment, uint8_t from)
313 {
314 #if defined(SCTP_LOCAL_TRACE_BUF)
315 struct sctp_cwnd_log sctp_clog;
316
317 sctp_clog.x.cwnd.net = net;
318 if (stcb->asoc.send_queue_cnt > 255)
319 sctp_clog.x.cwnd.cnt_in_send = 255;
320 else
321 sctp_clog.x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt;
322 if (stcb->asoc.stream_queue_cnt > 255)
323 sctp_clog.x.cwnd.cnt_in_str = 255;
324 else
325 sctp_clog.x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt;
326
327 if (net) {
328 sctp_clog.x.cwnd.cwnd_new_value = net->cwnd;
329 sctp_clog.x.cwnd.inflight = net->flight_size;
330 sctp_clog.x.cwnd.pseudo_cumack = net->pseudo_cumack;
331 sctp_clog.x.cwnd.meets_pseudo_cumack = net->new_pseudo_cumack;
332 sctp_clog.x.cwnd.need_new_pseudo_cumack = net->find_pseudo_cumack;
333 }
334 if (SCTP_CWNDLOG_PRESEND == from) {
335 sctp_clog.x.cwnd.meets_pseudo_cumack = stcb->asoc.peers_rwnd;
336 }
337 sctp_clog.x.cwnd.cwnd_augment = augment;
338 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
339 SCTP_LOG_EVENT_CWND,
340 from,
341 sctp_clog.x.misc.log1,
342 sctp_clog.x.misc.log2,
343 sctp_clog.x.misc.log3,
344 sctp_clog.x.misc.log4);
345 #endif
346 }
347
348 void
sctp_log_lock(struct sctp_inpcb * inp,struct sctp_tcb * stcb,uint8_t from)349 sctp_log_lock(struct sctp_inpcb *inp, struct sctp_tcb *stcb, uint8_t from)
350 {
351 #if defined(SCTP_LOCAL_TRACE_BUF)
352 struct sctp_cwnd_log sctp_clog;
353
354 memset(&sctp_clog, 0, sizeof(sctp_clog));
355 if (inp) {
356 sctp_clog.x.lock.sock = (void *)inp->sctp_socket;
357
358 } else {
359 sctp_clog.x.lock.sock = (void *)NULL;
360 }
361 sctp_clog.x.lock.inp = (void *)inp;
362 if (stcb) {
363 sctp_clog.x.lock.tcb_lock = mtx_owned(&stcb->tcb_mtx);
364 } else {
365 sctp_clog.x.lock.tcb_lock = SCTP_LOCK_UNKNOWN;
366 }
367 if (inp) {
368 sctp_clog.x.lock.inp_lock = mtx_owned(&inp->inp_mtx);
369 sctp_clog.x.lock.create_lock = mtx_owned(&inp->inp_create_mtx);
370 } else {
371 sctp_clog.x.lock.inp_lock = SCTP_LOCK_UNKNOWN;
372 sctp_clog.x.lock.create_lock = SCTP_LOCK_UNKNOWN;
373 }
374 sctp_clog.x.lock.info_lock = rw_wowned(&SCTP_BASE_INFO(ipi_ep_mtx));
375 if (inp && (inp->sctp_socket)) {
376 sctp_clog.x.lock.sock_lock = mtx_owned(SOCK_MTX(inp->sctp_socket));
377 sctp_clog.x.lock.sockrcvbuf_lock = mtx_owned(SOCKBUF_MTX(&inp->sctp_socket->so_rcv));
378 sctp_clog.x.lock.socksndbuf_lock = mtx_owned(SOCKBUF_MTX(&inp->sctp_socket->so_snd));
379 } else {
380 sctp_clog.x.lock.sock_lock = SCTP_LOCK_UNKNOWN;
381 sctp_clog.x.lock.sockrcvbuf_lock = SCTP_LOCK_UNKNOWN;
382 sctp_clog.x.lock.socksndbuf_lock = SCTP_LOCK_UNKNOWN;
383 }
384 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
385 SCTP_LOG_LOCK_EVENT,
386 from,
387 sctp_clog.x.misc.log1,
388 sctp_clog.x.misc.log2,
389 sctp_clog.x.misc.log3,
390 sctp_clog.x.misc.log4);
391 #endif
392 }
393
394 void
sctp_log_maxburst(struct sctp_tcb * stcb,struct sctp_nets * net,int error,int burst,uint8_t from)395 sctp_log_maxburst(struct sctp_tcb *stcb, struct sctp_nets *net, int error, int burst, uint8_t from)
396 {
397 #if defined(SCTP_LOCAL_TRACE_BUF)
398 struct sctp_cwnd_log sctp_clog;
399
400 memset(&sctp_clog, 0, sizeof(sctp_clog));
401 sctp_clog.x.cwnd.net = net;
402 sctp_clog.x.cwnd.cwnd_new_value = error;
403 sctp_clog.x.cwnd.inflight = net->flight_size;
404 sctp_clog.x.cwnd.cwnd_augment = burst;
405 if (stcb->asoc.send_queue_cnt > 255)
406 sctp_clog.x.cwnd.cnt_in_send = 255;
407 else
408 sctp_clog.x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt;
409 if (stcb->asoc.stream_queue_cnt > 255)
410 sctp_clog.x.cwnd.cnt_in_str = 255;
411 else
412 sctp_clog.x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt;
413 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
414 SCTP_LOG_EVENT_MAXBURST,
415 from,
416 sctp_clog.x.misc.log1,
417 sctp_clog.x.misc.log2,
418 sctp_clog.x.misc.log3,
419 sctp_clog.x.misc.log4);
420 #endif
421 }
422
423 void
sctp_log_rwnd(uint8_t from,uint32_t peers_rwnd,uint32_t snd_size,uint32_t overhead)424 sctp_log_rwnd(uint8_t from, uint32_t peers_rwnd, uint32_t snd_size, uint32_t overhead)
425 {
426 #if defined(SCTP_LOCAL_TRACE_BUF)
427 struct sctp_cwnd_log sctp_clog;
428
429 sctp_clog.x.rwnd.rwnd = peers_rwnd;
430 sctp_clog.x.rwnd.send_size = snd_size;
431 sctp_clog.x.rwnd.overhead = overhead;
432 sctp_clog.x.rwnd.new_rwnd = 0;
433 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
434 SCTP_LOG_EVENT_RWND,
435 from,
436 sctp_clog.x.misc.log1,
437 sctp_clog.x.misc.log2,
438 sctp_clog.x.misc.log3,
439 sctp_clog.x.misc.log4);
440 #endif
441 }
442
443 void
sctp_log_rwnd_set(uint8_t from,uint32_t peers_rwnd,uint32_t flight_size,uint32_t overhead,uint32_t a_rwndval)444 sctp_log_rwnd_set(uint8_t from, uint32_t peers_rwnd, uint32_t flight_size, uint32_t overhead, uint32_t a_rwndval)
445 {
446 #if defined(SCTP_LOCAL_TRACE_BUF)
447 struct sctp_cwnd_log sctp_clog;
448
449 sctp_clog.x.rwnd.rwnd = peers_rwnd;
450 sctp_clog.x.rwnd.send_size = flight_size;
451 sctp_clog.x.rwnd.overhead = overhead;
452 sctp_clog.x.rwnd.new_rwnd = a_rwndval;
453 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
454 SCTP_LOG_EVENT_RWND,
455 from,
456 sctp_clog.x.misc.log1,
457 sctp_clog.x.misc.log2,
458 sctp_clog.x.misc.log3,
459 sctp_clog.x.misc.log4);
460 #endif
461 }
462
463 #ifdef SCTP_MBCNT_LOGGING
464 static void
sctp_log_mbcnt(uint8_t from,uint32_t total_oq,uint32_t book,uint32_t total_mbcnt_q,uint32_t mbcnt)465 sctp_log_mbcnt(uint8_t from, uint32_t total_oq, uint32_t book, uint32_t total_mbcnt_q, uint32_t mbcnt)
466 {
467 #if defined(SCTP_LOCAL_TRACE_BUF)
468 struct sctp_cwnd_log sctp_clog;
469
470 sctp_clog.x.mbcnt.total_queue_size = total_oq;
471 sctp_clog.x.mbcnt.size_change = book;
472 sctp_clog.x.mbcnt.total_queue_mb_size = total_mbcnt_q;
473 sctp_clog.x.mbcnt.mbcnt_change = mbcnt;
474 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
475 SCTP_LOG_EVENT_MBCNT,
476 from,
477 sctp_clog.x.misc.log1,
478 sctp_clog.x.misc.log2,
479 sctp_clog.x.misc.log3,
480 sctp_clog.x.misc.log4);
481 #endif
482 }
483 #endif
484
485 void
sctp_misc_ints(uint8_t from,uint32_t a,uint32_t b,uint32_t c,uint32_t d)486 sctp_misc_ints(uint8_t from, uint32_t a, uint32_t b, uint32_t c, uint32_t d)
487 {
488 #if defined(SCTP_LOCAL_TRACE_BUF)
489 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
490 SCTP_LOG_MISC_EVENT,
491 from,
492 a, b, c, d);
493 #endif
494 }
495
496 void
sctp_wakeup_log(struct sctp_tcb * stcb,uint32_t wake_cnt,int from)497 sctp_wakeup_log(struct sctp_tcb *stcb, uint32_t wake_cnt, int from)
498 {
499 #if defined(SCTP_LOCAL_TRACE_BUF)
500 struct sctp_cwnd_log sctp_clog;
501
502 sctp_clog.x.wake.stcb = (void *)stcb;
503 sctp_clog.x.wake.wake_cnt = wake_cnt;
504 sctp_clog.x.wake.flight = stcb->asoc.total_flight_count;
505 sctp_clog.x.wake.send_q = stcb->asoc.send_queue_cnt;
506 sctp_clog.x.wake.sent_q = stcb->asoc.sent_queue_cnt;
507
508 if (stcb->asoc.stream_queue_cnt < 0xff)
509 sctp_clog.x.wake.stream_qcnt = (uint8_t)stcb->asoc.stream_queue_cnt;
510 else
511 sctp_clog.x.wake.stream_qcnt = 0xff;
512
513 if (stcb->asoc.chunks_on_out_queue < 0xff)
514 sctp_clog.x.wake.chunks_on_oque = (uint8_t)stcb->asoc.chunks_on_out_queue;
515 else
516 sctp_clog.x.wake.chunks_on_oque = 0xff;
517
518 sctp_clog.x.wake.sctpflags = 0;
519 /* set in the defered mode stuff */
520 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE)
521 sctp_clog.x.wake.sctpflags |= 1;
522 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT)
523 sctp_clog.x.wake.sctpflags |= 2;
524 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT)
525 sctp_clog.x.wake.sctpflags |= 4;
526 /* what about the sb */
527 if (stcb->sctp_socket) {
528 struct socket *so = stcb->sctp_socket;
529
530 sctp_clog.x.wake.sbflags = (uint8_t)((so->so_snd.sb_flags & 0x00ff));
531 } else {
532 sctp_clog.x.wake.sbflags = 0xff;
533 }
534 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
535 SCTP_LOG_EVENT_WAKE,
536 from,
537 sctp_clog.x.misc.log1,
538 sctp_clog.x.misc.log2,
539 sctp_clog.x.misc.log3,
540 sctp_clog.x.misc.log4);
541 #endif
542 }
543
544 void
sctp_log_block(uint8_t from,struct sctp_association * asoc,ssize_t sendlen)545 sctp_log_block(uint8_t from, struct sctp_association *asoc, ssize_t sendlen)
546 {
547 #if defined(SCTP_LOCAL_TRACE_BUF)
548 struct sctp_cwnd_log sctp_clog;
549
550 sctp_clog.x.blk.onsb = asoc->total_output_queue_size;
551 sctp_clog.x.blk.send_sent_qcnt = (uint16_t)(asoc->send_queue_cnt + asoc->sent_queue_cnt);
552 sctp_clog.x.blk.peer_rwnd = asoc->peers_rwnd;
553 sctp_clog.x.blk.stream_qcnt = (uint16_t)asoc->stream_queue_cnt;
554 sctp_clog.x.blk.chunks_on_oque = (uint16_t)asoc->chunks_on_out_queue;
555 sctp_clog.x.blk.flight_size = (uint16_t)(asoc->total_flight / 1024);
556 sctp_clog.x.blk.sndlen = (uint32_t)sendlen;
557 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x",
558 SCTP_LOG_EVENT_BLOCK,
559 from,
560 sctp_clog.x.misc.log1,
561 sctp_clog.x.misc.log2,
562 sctp_clog.x.misc.log3,
563 sctp_clog.x.misc.log4);
564 #endif
565 }
566
567 int
sctp_fill_stat_log(void * optval SCTP_UNUSED,size_t * optsize SCTP_UNUSED)568 sctp_fill_stat_log(void *optval SCTP_UNUSED, size_t *optsize SCTP_UNUSED)
569 {
570 /* May need to fix this if ktrdump does not work */
571 return (0);
572 }
573
574 #ifdef SCTP_AUDITING_ENABLED
575 uint8_t sctp_audit_data[SCTP_AUDIT_SIZE][2];
576 static int sctp_audit_indx = 0;
577
578 static
579 void
sctp_print_audit_report(void)580 sctp_print_audit_report(void)
581 {
582 int i;
583 int cnt;
584
585 cnt = 0;
586 for (i = sctp_audit_indx; i < SCTP_AUDIT_SIZE; i++) {
587 if ((sctp_audit_data[i][0] == 0xe0) &&
588 (sctp_audit_data[i][1] == 0x01)) {
589 cnt = 0;
590 SCTP_PRINTF("\n");
591 } else if (sctp_audit_data[i][0] == 0xf0) {
592 cnt = 0;
593 SCTP_PRINTF("\n");
594 } else if ((sctp_audit_data[i][0] == 0xc0) &&
595 (sctp_audit_data[i][1] == 0x01)) {
596 SCTP_PRINTF("\n");
597 cnt = 0;
598 }
599 SCTP_PRINTF("%2.2x%2.2x ", (uint32_t)sctp_audit_data[i][0],
600 (uint32_t)sctp_audit_data[i][1]);
601 cnt++;
602 if ((cnt % 14) == 0)
603 SCTP_PRINTF("\n");
604 }
605 for (i = 0; i < sctp_audit_indx; i++) {
606 if ((sctp_audit_data[i][0] == 0xe0) &&
607 (sctp_audit_data[i][1] == 0x01)) {
608 cnt = 0;
609 SCTP_PRINTF("\n");
610 } else if (sctp_audit_data[i][0] == 0xf0) {
611 cnt = 0;
612 SCTP_PRINTF("\n");
613 } else if ((sctp_audit_data[i][0] == 0xc0) &&
614 (sctp_audit_data[i][1] == 0x01)) {
615 SCTP_PRINTF("\n");
616 cnt = 0;
617 }
618 SCTP_PRINTF("%2.2x%2.2x ", (uint32_t)sctp_audit_data[i][0],
619 (uint32_t)sctp_audit_data[i][1]);
620 cnt++;
621 if ((cnt % 14) == 0)
622 SCTP_PRINTF("\n");
623 }
624 SCTP_PRINTF("\n");
625 }
626
627 void
sctp_auditing(int from,struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)628 sctp_auditing(int from, struct sctp_inpcb *inp, struct sctp_tcb *stcb,
629 struct sctp_nets *net)
630 {
631 int resend_cnt, tot_out, rep, tot_book_cnt;
632 struct sctp_nets *lnet;
633 struct sctp_tmit_chunk *chk;
634
635 sctp_audit_data[sctp_audit_indx][0] = 0xAA;
636 sctp_audit_data[sctp_audit_indx][1] = 0x000000ff & from;
637 sctp_audit_indx++;
638 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) {
639 sctp_audit_indx = 0;
640 }
641 if (inp == NULL) {
642 sctp_audit_data[sctp_audit_indx][0] = 0xAF;
643 sctp_audit_data[sctp_audit_indx][1] = 0x01;
644 sctp_audit_indx++;
645 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) {
646 sctp_audit_indx = 0;
647 }
648 return;
649 }
650 if (stcb == NULL) {
651 sctp_audit_data[sctp_audit_indx][0] = 0xAF;
652 sctp_audit_data[sctp_audit_indx][1] = 0x02;
653 sctp_audit_indx++;
654 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) {
655 sctp_audit_indx = 0;
656 }
657 return;
658 }
659 sctp_audit_data[sctp_audit_indx][0] = 0xA1;
660 sctp_audit_data[sctp_audit_indx][1] =
661 (0x000000ff & stcb->asoc.sent_queue_retran_cnt);
662 sctp_audit_indx++;
663 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) {
664 sctp_audit_indx = 0;
665 }
666 rep = 0;
667 tot_book_cnt = 0;
668 resend_cnt = tot_out = 0;
669 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) {
670 if (chk->sent == SCTP_DATAGRAM_RESEND) {
671 resend_cnt++;
672 } else if (chk->sent < SCTP_DATAGRAM_RESEND) {
673 tot_out += chk->book_size;
674 tot_book_cnt++;
675 }
676 }
677 if (resend_cnt != stcb->asoc.sent_queue_retran_cnt) {
678 sctp_audit_data[sctp_audit_indx][0] = 0xAF;
679 sctp_audit_data[sctp_audit_indx][1] = 0xA1;
680 sctp_audit_indx++;
681 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) {
682 sctp_audit_indx = 0;
683 }
684 SCTP_PRINTF("resend_cnt:%d asoc-tot:%d\n",
685 resend_cnt, stcb->asoc.sent_queue_retran_cnt);
686 rep = 1;
687 stcb->asoc.sent_queue_retran_cnt = resend_cnt;
688 sctp_audit_data[sctp_audit_indx][0] = 0xA2;
689 sctp_audit_data[sctp_audit_indx][1] =
690 (0x000000ff & stcb->asoc.sent_queue_retran_cnt);
691 sctp_audit_indx++;
692 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) {
693 sctp_audit_indx = 0;
694 }
695 }
696 if (tot_out != stcb->asoc.total_flight) {
697 sctp_audit_data[sctp_audit_indx][0] = 0xAF;
698 sctp_audit_data[sctp_audit_indx][1] = 0xA2;
699 sctp_audit_indx++;
700 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) {
701 sctp_audit_indx = 0;
702 }
703 rep = 1;
704 SCTP_PRINTF("tot_flt:%d asoc_tot:%d\n", tot_out,
705 (int)stcb->asoc.total_flight);
706 stcb->asoc.total_flight = tot_out;
707 }
708 if (tot_book_cnt != stcb->asoc.total_flight_count) {
709 sctp_audit_data[sctp_audit_indx][0] = 0xAF;
710 sctp_audit_data[sctp_audit_indx][1] = 0xA5;
711 sctp_audit_indx++;
712 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) {
713 sctp_audit_indx = 0;
714 }
715 rep = 1;
716 SCTP_PRINTF("tot_flt_book:%d\n", tot_book_cnt);
717
718 stcb->asoc.total_flight_count = tot_book_cnt;
719 }
720 tot_out = 0;
721 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) {
722 tot_out += lnet->flight_size;
723 }
724 if (tot_out != stcb->asoc.total_flight) {
725 sctp_audit_data[sctp_audit_indx][0] = 0xAF;
726 sctp_audit_data[sctp_audit_indx][1] = 0xA3;
727 sctp_audit_indx++;
728 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) {
729 sctp_audit_indx = 0;
730 }
731 rep = 1;
732 SCTP_PRINTF("real flight:%d net total was %d\n",
733 stcb->asoc.total_flight, tot_out);
734 /* now corrective action */
735 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) {
736 tot_out = 0;
737 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) {
738 if ((chk->whoTo == lnet) &&
739 (chk->sent < SCTP_DATAGRAM_RESEND)) {
740 tot_out += chk->book_size;
741 }
742 }
743 if (lnet->flight_size != tot_out) {
744 SCTP_PRINTF("net:%p flight was %d corrected to %d\n",
745 (void *)lnet, lnet->flight_size,
746 tot_out);
747 lnet->flight_size = tot_out;
748 }
749 }
750 }
751 if (rep) {
752 sctp_print_audit_report();
753 }
754 }
755
756 void
sctp_audit_log(uint8_t ev,uint8_t fd)757 sctp_audit_log(uint8_t ev, uint8_t fd)
758 {
759
760 sctp_audit_data[sctp_audit_indx][0] = ev;
761 sctp_audit_data[sctp_audit_indx][1] = fd;
762 sctp_audit_indx++;
763 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) {
764 sctp_audit_indx = 0;
765 }
766 }
767
768 #endif
769
770 /*
771 * The conversion from time to ticks and vice versa is done by rounding
772 * upwards. This way we can test in the code the time to be positive and
773 * know that this corresponds to a positive number of ticks.
774 */
775
776 uint32_t
sctp_msecs_to_ticks(uint32_t msecs)777 sctp_msecs_to_ticks(uint32_t msecs)
778 {
779 uint64_t temp;
780 uint32_t ticks;
781
782 if (hz == 1000) {
783 ticks = msecs;
784 } else {
785 temp = (((uint64_t)msecs * hz) + 999) / 1000;
786 if (temp > UINT32_MAX) {
787 ticks = UINT32_MAX;
788 } else {
789 ticks = (uint32_t)temp;
790 }
791 }
792 return (ticks);
793 }
794
795 uint32_t
sctp_ticks_to_msecs(uint32_t ticks)796 sctp_ticks_to_msecs(uint32_t ticks)
797 {
798 uint64_t temp;
799 uint32_t msecs;
800
801 if (hz == 1000) {
802 msecs = ticks;
803 } else {
804 temp = (((uint64_t)ticks * 1000) + (hz - 1)) / hz;
805 if (temp > UINT32_MAX) {
806 msecs = UINT32_MAX;
807 } else {
808 msecs = (uint32_t)temp;
809 }
810 }
811 return (msecs);
812 }
813
814 uint32_t
sctp_secs_to_ticks(uint32_t secs)815 sctp_secs_to_ticks(uint32_t secs)
816 {
817 uint64_t temp;
818 uint32_t ticks;
819
820 temp = (uint64_t)secs * hz;
821 if (temp > UINT32_MAX) {
822 ticks = UINT32_MAX;
823 } else {
824 ticks = (uint32_t)temp;
825 }
826 return (ticks);
827 }
828
829 uint32_t
sctp_ticks_to_secs(uint32_t ticks)830 sctp_ticks_to_secs(uint32_t ticks)
831 {
832 uint64_t temp;
833 uint32_t secs;
834
835 temp = ((uint64_t)ticks + (hz - 1)) / hz;
836 if (temp > UINT32_MAX) {
837 secs = UINT32_MAX;
838 } else {
839 secs = (uint32_t)temp;
840 }
841 return (secs);
842 }
843
844 /*
845 * sctp_stop_timers_for_shutdown() should be called
846 * when entering the SHUTDOWN_SENT or SHUTDOWN_ACK_SENT
847 * state to make sure that all timers are stopped.
848 */
849 void
sctp_stop_timers_for_shutdown(struct sctp_tcb * stcb)850 sctp_stop_timers_for_shutdown(struct sctp_tcb *stcb)
851 {
852 struct sctp_inpcb *inp;
853 struct sctp_nets *net;
854
855 inp = stcb->sctp_ep;
856
857 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, inp, stcb, NULL,
858 SCTP_FROM_SCTPUTIL + SCTP_LOC_12);
859 sctp_timer_stop(SCTP_TIMER_TYPE_STRRESET, inp, stcb, NULL,
860 SCTP_FROM_SCTPUTIL + SCTP_LOC_13);
861 sctp_timer_stop(SCTP_TIMER_TYPE_ASCONF, inp, stcb, NULL,
862 SCTP_FROM_SCTPUTIL + SCTP_LOC_14);
863 sctp_timer_stop(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL,
864 SCTP_FROM_SCTPUTIL + SCTP_LOC_15);
865 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
866 sctp_timer_stop(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net,
867 SCTP_FROM_SCTPUTIL + SCTP_LOC_16);
868 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net,
869 SCTP_FROM_SCTPUTIL + SCTP_LOC_17);
870 }
871 }
872
873 void
sctp_stop_association_timers(struct sctp_tcb * stcb,bool stop_assoc_kill_timer)874 sctp_stop_association_timers(struct sctp_tcb *stcb, bool stop_assoc_kill_timer)
875 {
876 struct sctp_inpcb *inp;
877 struct sctp_nets *net;
878
879 inp = stcb->sctp_ep;
880 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, inp, stcb, NULL,
881 SCTP_FROM_SCTPUTIL + SCTP_LOC_18);
882 sctp_timer_stop(SCTP_TIMER_TYPE_STRRESET, inp, stcb, NULL,
883 SCTP_FROM_SCTPUTIL + SCTP_LOC_19);
884 if (stop_assoc_kill_timer) {
885 sctp_timer_stop(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL,
886 SCTP_FROM_SCTPUTIL + SCTP_LOC_20);
887 }
888 sctp_timer_stop(SCTP_TIMER_TYPE_ASCONF, inp, stcb, NULL,
889 SCTP_FROM_SCTPUTIL + SCTP_LOC_21);
890 sctp_timer_stop(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL,
891 SCTP_FROM_SCTPUTIL + SCTP_LOC_22);
892 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWNGUARD, inp, stcb, NULL,
893 SCTP_FROM_SCTPUTIL + SCTP_LOC_23);
894 /* Mobility adaptation */
895 sctp_timer_stop(SCTP_TIMER_TYPE_PRIM_DELETED, inp, stcb, NULL,
896 SCTP_FROM_SCTPUTIL + SCTP_LOC_24);
897 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
898 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, inp, stcb, net,
899 SCTP_FROM_SCTPUTIL + SCTP_LOC_25);
900 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, stcb, net,
901 SCTP_FROM_SCTPUTIL + SCTP_LOC_26);
902 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, inp, stcb, net,
903 SCTP_FROM_SCTPUTIL + SCTP_LOC_27);
904 sctp_timer_stop(SCTP_TIMER_TYPE_COOKIE, inp, stcb, net,
905 SCTP_FROM_SCTPUTIL + SCTP_LOC_28);
906 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWNACK, inp, stcb, net,
907 SCTP_FROM_SCTPUTIL + SCTP_LOC_29);
908 sctp_timer_stop(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net,
909 SCTP_FROM_SCTPUTIL + SCTP_LOC_30);
910 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net,
911 SCTP_FROM_SCTPUTIL + SCTP_LOC_31);
912 }
913 }
914
915 /*
916 * A list of sizes based on typical mtu's, used only if next hop size not
917 * returned. These values MUST be multiples of 4 and MUST be ordered.
918 */
919 static uint32_t sctp_mtu_sizes[] = {
920 68,
921 296,
922 508,
923 512,
924 544,
925 576,
926 1004,
927 1492,
928 1500,
929 1536,
930 2000,
931 2048,
932 4352,
933 4464,
934 8168,
935 17912,
936 32000,
937 65532
938 };
939
940 /*
941 * Return the largest MTU in sctp_mtu_sizes smaller than val.
942 * If val is smaller than the minimum, just return the largest
943 * multiple of 4 smaller or equal to val.
944 * Ensure that the result is a multiple of 4.
945 */
946 uint32_t
sctp_get_prev_mtu(uint32_t val)947 sctp_get_prev_mtu(uint32_t val)
948 {
949 uint32_t i;
950
951 val &= 0xfffffffc;
952 if (val <= sctp_mtu_sizes[0]) {
953 return (val);
954 }
955 for (i = 1; i < (sizeof(sctp_mtu_sizes) / sizeof(uint32_t)); i++) {
956 if (val <= sctp_mtu_sizes[i]) {
957 break;
958 }
959 }
960 KASSERT((sctp_mtu_sizes[i - 1] & 0x00000003) == 0,
961 ("sctp_mtu_sizes[%u] not a multiple of 4", i - 1));
962 return (sctp_mtu_sizes[i - 1]);
963 }
964
965 /*
966 * Return the smallest MTU in sctp_mtu_sizes larger than val.
967 * If val is larger than the maximum, just return the largest multiple of 4 smaller
968 * or equal to val.
969 * Ensure that the result is a multiple of 4.
970 */
971 uint32_t
sctp_get_next_mtu(uint32_t val)972 sctp_get_next_mtu(uint32_t val)
973 {
974 /* select another MTU that is just bigger than this one */
975 uint32_t i;
976
977 val &= 0xfffffffc;
978 for (i = 0; i < (sizeof(sctp_mtu_sizes) / sizeof(uint32_t)); i++) {
979 if (val < sctp_mtu_sizes[i]) {
980 KASSERT((sctp_mtu_sizes[i] & 0x00000003) == 0,
981 ("sctp_mtu_sizes[%u] not a multiple of 4", i));
982 return (sctp_mtu_sizes[i]);
983 }
984 }
985 return (val);
986 }
987
988 void
sctp_fill_random_store(struct sctp_pcb * m)989 sctp_fill_random_store(struct sctp_pcb *m)
990 {
991 /*
992 * Here we use the MD5/SHA-1 to hash with our good randomNumbers and
993 * our counter. The result becomes our good random numbers and we
994 * then setup to give these out. Note that we do no locking to
995 * protect this. This is ok, since if competing folks call this we
996 * will get more gobbled gook in the random store which is what we
997 * want. There is a danger that two guys will use the same random
998 * numbers, but thats ok too since that is random as well :->
999 */
1000 m->store_at = 0;
1001 (void)sctp_hmac(SCTP_HMAC, (uint8_t *)m->random_numbers,
1002 sizeof(m->random_numbers), (uint8_t *)&m->random_counter,
1003 sizeof(m->random_counter), (uint8_t *)m->random_store);
1004 m->random_counter++;
1005 }
1006
1007 uint32_t
sctp_select_initial_TSN(struct sctp_pcb * inp)1008 sctp_select_initial_TSN(struct sctp_pcb *inp)
1009 {
1010 /*
1011 * A true implementation should use random selection process to get
1012 * the initial stream sequence number, using RFC1750 as a good
1013 * guideline
1014 */
1015 uint32_t x, *xp;
1016 uint8_t *p;
1017 int store_at, new_store;
1018
1019 if (inp->initial_sequence_debug != 0) {
1020 uint32_t ret;
1021
1022 ret = inp->initial_sequence_debug;
1023 inp->initial_sequence_debug++;
1024 return (ret);
1025 }
1026 retry:
1027 store_at = inp->store_at;
1028 new_store = store_at + sizeof(uint32_t);
1029 if (new_store >= (SCTP_SIGNATURE_SIZE - 3)) {
1030 new_store = 0;
1031 }
1032 if (!atomic_cmpset_int(&inp->store_at, store_at, new_store)) {
1033 goto retry;
1034 }
1035 if (new_store == 0) {
1036 /* Refill the random store */
1037 sctp_fill_random_store(inp);
1038 }
1039 p = &inp->random_store[store_at];
1040 xp = (uint32_t *)p;
1041 x = *xp;
1042 return (x);
1043 }
1044
1045 uint32_t
sctp_select_a_tag(struct sctp_inpcb * inp,uint16_t lport,uint16_t rport,int check)1046 sctp_select_a_tag(struct sctp_inpcb *inp, uint16_t lport, uint16_t rport, int check)
1047 {
1048 uint32_t x;
1049 struct timeval now;
1050
1051 if (check) {
1052 (void)SCTP_GETTIME_TIMEVAL(&now);
1053 }
1054 for (;;) {
1055 x = sctp_select_initial_TSN(&inp->sctp_ep);
1056 if (x == 0) {
1057 /* we never use 0 */
1058 continue;
1059 }
1060 if (!check || sctp_is_vtag_good(x, lport, rport, &now)) {
1061 break;
1062 }
1063 }
1064 return (x);
1065 }
1066
1067 int32_t
sctp_map_assoc_state(int kernel_state)1068 sctp_map_assoc_state(int kernel_state)
1069 {
1070 int32_t user_state;
1071
1072 if (kernel_state & SCTP_STATE_WAS_ABORTED) {
1073 user_state = SCTP_CLOSED;
1074 } else if (kernel_state & SCTP_STATE_SHUTDOWN_PENDING) {
1075 user_state = SCTP_SHUTDOWN_PENDING;
1076 } else {
1077 switch (kernel_state & SCTP_STATE_MASK) {
1078 case SCTP_STATE_EMPTY:
1079 user_state = SCTP_CLOSED;
1080 break;
1081 case SCTP_STATE_INUSE:
1082 user_state = SCTP_CLOSED;
1083 break;
1084 case SCTP_STATE_COOKIE_WAIT:
1085 user_state = SCTP_COOKIE_WAIT;
1086 break;
1087 case SCTP_STATE_COOKIE_ECHOED:
1088 user_state = SCTP_COOKIE_ECHOED;
1089 break;
1090 case SCTP_STATE_OPEN:
1091 user_state = SCTP_ESTABLISHED;
1092 break;
1093 case SCTP_STATE_SHUTDOWN_SENT:
1094 user_state = SCTP_SHUTDOWN_SENT;
1095 break;
1096 case SCTP_STATE_SHUTDOWN_RECEIVED:
1097 user_state = SCTP_SHUTDOWN_RECEIVED;
1098 break;
1099 case SCTP_STATE_SHUTDOWN_ACK_SENT:
1100 user_state = SCTP_SHUTDOWN_ACK_SENT;
1101 break;
1102 default:
1103 user_state = SCTP_CLOSED;
1104 break;
1105 }
1106 }
1107 return (user_state);
1108 }
1109
1110 int
sctp_init_asoc(struct sctp_inpcb * inp,struct sctp_tcb * stcb,uint32_t override_tag,uint32_t initial_tsn,uint32_t vrf_id,uint16_t o_strms)1111 sctp_init_asoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1112 uint32_t override_tag, uint32_t initial_tsn, uint32_t vrf_id,
1113 uint16_t o_strms)
1114 {
1115 struct sctp_association *asoc;
1116
1117 /*
1118 * Anything set to zero is taken care of by the allocation routine's
1119 * bzero
1120 */
1121
1122 /*
1123 * Up front select what scoping to apply on addresses I tell my peer
1124 * Not sure what to do with these right now, we will need to come up
1125 * with a way to set them. We may need to pass them through from the
1126 * caller in the sctp_aloc_assoc() function.
1127 */
1128 int i;
1129 #if defined(SCTP_DETAILED_STR_STATS)
1130 int j;
1131 #endif
1132
1133 asoc = &stcb->asoc;
1134 /* init all variables to a known value. */
1135 SCTP_SET_STATE(stcb, SCTP_STATE_INUSE);
1136 asoc->max_burst = inp->sctp_ep.max_burst;
1137 asoc->fr_max_burst = inp->sctp_ep.fr_max_burst;
1138 asoc->heart_beat_delay = sctp_ticks_to_msecs(inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_HEARTBEAT]);
1139 asoc->cookie_life = inp->sctp_ep.def_cookie_life;
1140 asoc->sctp_cmt_on_off = inp->sctp_cmt_on_off;
1141 asoc->ecn_supported = inp->ecn_supported;
1142 asoc->prsctp_supported = inp->prsctp_supported;
1143 asoc->auth_supported = inp->auth_supported;
1144 asoc->asconf_supported = inp->asconf_supported;
1145 asoc->reconfig_supported = inp->reconfig_supported;
1146 asoc->nrsack_supported = inp->nrsack_supported;
1147 asoc->pktdrop_supported = inp->pktdrop_supported;
1148 asoc->idata_supported = inp->idata_supported;
1149 asoc->sctp_cmt_pf = (uint8_t)0;
1150 asoc->sctp_frag_point = inp->sctp_frag_point;
1151 asoc->sctp_features = inp->sctp_features;
1152 asoc->default_dscp = inp->sctp_ep.default_dscp;
1153 asoc->max_cwnd = inp->max_cwnd;
1154 #ifdef INET6
1155 if (inp->sctp_ep.default_flowlabel) {
1156 asoc->default_flowlabel = inp->sctp_ep.default_flowlabel;
1157 } else {
1158 if (inp->ip_inp.inp.inp_flags & IN6P_AUTOFLOWLABEL) {
1159 asoc->default_flowlabel = sctp_select_initial_TSN(&inp->sctp_ep);
1160 asoc->default_flowlabel &= 0x000fffff;
1161 asoc->default_flowlabel |= 0x80000000;
1162 } else {
1163 asoc->default_flowlabel = 0;
1164 }
1165 }
1166 #endif
1167 asoc->sb_send_resv = 0;
1168 if (override_tag) {
1169 asoc->my_vtag = override_tag;
1170 } else {
1171 asoc->my_vtag = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 1);
1172 }
1173 /* Get the nonce tags */
1174 asoc->my_vtag_nonce = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 0);
1175 asoc->peer_vtag_nonce = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 0);
1176 asoc->vrf_id = vrf_id;
1177
1178 #ifdef SCTP_ASOCLOG_OF_TSNS
1179 asoc->tsn_in_at = 0;
1180 asoc->tsn_out_at = 0;
1181 asoc->tsn_in_wrapped = 0;
1182 asoc->tsn_out_wrapped = 0;
1183 asoc->cumack_log_at = 0;
1184 asoc->cumack_log_atsnt = 0;
1185 #endif
1186 #ifdef SCTP_FS_SPEC_LOG
1187 asoc->fs_index = 0;
1188 #endif
1189 asoc->refcnt = 0;
1190 asoc->assoc_up_sent = 0;
1191 if (override_tag) {
1192 asoc->init_seq_number = initial_tsn;
1193 } else {
1194 asoc->init_seq_number = sctp_select_initial_TSN(&inp->sctp_ep);
1195 }
1196 asoc->asconf_seq_out = asoc->init_seq_number;
1197 asoc->str_reset_seq_out = asoc->init_seq_number;
1198 asoc->sending_seq = asoc->init_seq_number;
1199 asoc->asconf_seq_out_acked = asoc->init_seq_number - 1;
1200 /* we are optimistic here */
1201 asoc->peer_supports_nat = 0;
1202 asoc->sent_queue_retran_cnt = 0;
1203
1204 /* for CMT */
1205 asoc->last_net_cmt_send_started = NULL;
1206
1207 asoc->last_acked_seq = asoc->init_seq_number - 1;
1208 asoc->advanced_peer_ack_point = asoc->init_seq_number - 1;
1209 asoc->asconf_seq_in = asoc->init_seq_number - 1;
1210
1211 /* here we are different, we hold the next one we expect */
1212 asoc->str_reset_seq_in = asoc->init_seq_number;
1213
1214 asoc->initial_init_rto_max = inp->sctp_ep.initial_init_rto_max;
1215 asoc->initial_rto = inp->sctp_ep.initial_rto;
1216
1217 asoc->default_mtu = inp->sctp_ep.default_mtu;
1218 asoc->max_init_times = inp->sctp_ep.max_init_times;
1219 asoc->max_send_times = inp->sctp_ep.max_send_times;
1220 asoc->def_net_failure = inp->sctp_ep.def_net_failure;
1221 asoc->def_net_pf_threshold = inp->sctp_ep.def_net_pf_threshold;
1222 asoc->free_chunk_cnt = 0;
1223
1224 asoc->iam_blocking = 0;
1225 asoc->context = inp->sctp_context;
1226 asoc->local_strreset_support = inp->local_strreset_support;
1227 asoc->def_send = inp->def_send;
1228 asoc->delayed_ack = sctp_ticks_to_msecs(inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_RECV]);
1229 asoc->sack_freq = inp->sctp_ep.sctp_sack_freq;
1230 asoc->pr_sctp_cnt = 0;
1231 asoc->total_output_queue_size = 0;
1232
1233 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
1234 asoc->scope.ipv6_addr_legal = 1;
1235 if (SCTP_IPV6_V6ONLY(inp) == 0) {
1236 asoc->scope.ipv4_addr_legal = 1;
1237 } else {
1238 asoc->scope.ipv4_addr_legal = 0;
1239 }
1240 } else {
1241 asoc->scope.ipv6_addr_legal = 0;
1242 asoc->scope.ipv4_addr_legal = 1;
1243 }
1244
1245 asoc->my_rwnd = max(SCTP_SB_LIMIT_RCV(inp->sctp_socket), SCTP_MINIMAL_RWND);
1246 asoc->peers_rwnd = SCTP_SB_LIMIT_RCV(inp->sctp_socket);
1247
1248 asoc->smallest_mtu = 0;
1249 asoc->minrto = inp->sctp_ep.sctp_minrto;
1250 asoc->maxrto = inp->sctp_ep.sctp_maxrto;
1251
1252 asoc->stream_locked_on = 0;
1253 asoc->ecn_echo_cnt_onq = 0;
1254 asoc->stream_locked = 0;
1255
1256 asoc->send_sack = 1;
1257
1258 LIST_INIT(&asoc->sctp_restricted_addrs);
1259
1260 TAILQ_INIT(&asoc->nets);
1261 TAILQ_INIT(&asoc->pending_reply_queue);
1262 TAILQ_INIT(&asoc->asconf_ack_sent);
1263 /* Setup to fill the hb random cache at first HB */
1264 asoc->hb_random_idx = 4;
1265
1266 asoc->sctp_autoclose_ticks = inp->sctp_ep.auto_close_time;
1267
1268 stcb->asoc.congestion_control_module = inp->sctp_ep.sctp_default_cc_module;
1269 stcb->asoc.cc_functions = sctp_cc_functions[inp->sctp_ep.sctp_default_cc_module];
1270
1271 stcb->asoc.stream_scheduling_module = inp->sctp_ep.sctp_default_ss_module;
1272 stcb->asoc.ss_functions = sctp_ss_functions[inp->sctp_ep.sctp_default_ss_module];
1273
1274 /*
1275 * Now the stream parameters, here we allocate space for all streams
1276 * that we request by default.
1277 */
1278 asoc->strm_realoutsize = asoc->streamoutcnt = asoc->pre_open_streams =
1279 o_strms;
1280 SCTP_MALLOC(asoc->strmout, struct sctp_stream_out *,
1281 asoc->streamoutcnt * sizeof(struct sctp_stream_out),
1282 SCTP_M_STRMO);
1283 if (asoc->strmout == NULL) {
1284 /* big trouble no memory */
1285 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM);
1286 return (ENOMEM);
1287 }
1288 SCTP_TCB_LOCK(stcb);
1289 for (i = 0; i < asoc->streamoutcnt; i++) {
1290 /*
1291 * inbound side must be set to 0xffff, also NOTE when we get
1292 * the INIT-ACK back (for INIT sender) we MUST reduce the
1293 * count (streamoutcnt) but first check if we sent to any of
1294 * the upper streams that were dropped (if some were). Those
1295 * that were dropped must be notified to the upper layer as
1296 * failed to send.
1297 */
1298 TAILQ_INIT(&asoc->strmout[i].outqueue);
1299 asoc->ss_functions.sctp_ss_init_stream(stcb, &asoc->strmout[i], NULL);
1300 asoc->strmout[i].chunks_on_queues = 0;
1301 #if defined(SCTP_DETAILED_STR_STATS)
1302 for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) {
1303 asoc->strmout[i].abandoned_sent[j] = 0;
1304 asoc->strmout[i].abandoned_unsent[j] = 0;
1305 }
1306 #else
1307 asoc->strmout[i].abandoned_sent[0] = 0;
1308 asoc->strmout[i].abandoned_unsent[0] = 0;
1309 #endif
1310 asoc->strmout[i].next_mid_ordered = 0;
1311 asoc->strmout[i].next_mid_unordered = 0;
1312 asoc->strmout[i].sid = i;
1313 asoc->strmout[i].last_msg_incomplete = 0;
1314 asoc->strmout[i].state = SCTP_STREAM_OPENING;
1315 }
1316 asoc->ss_functions.sctp_ss_init(stcb, asoc);
1317 SCTP_TCB_UNLOCK(stcb);
1318
1319 /* Now the mapping array */
1320 asoc->mapping_array_size = SCTP_INITIAL_MAPPING_ARRAY;
1321 SCTP_MALLOC(asoc->mapping_array, uint8_t *, asoc->mapping_array_size,
1322 SCTP_M_MAP);
1323 if (asoc->mapping_array == NULL) {
1324 SCTP_FREE(asoc->strmout, SCTP_M_STRMO);
1325 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM);
1326 return (ENOMEM);
1327 }
1328 memset(asoc->mapping_array, 0, asoc->mapping_array_size);
1329 SCTP_MALLOC(asoc->nr_mapping_array, uint8_t *, asoc->mapping_array_size,
1330 SCTP_M_MAP);
1331 if (asoc->nr_mapping_array == NULL) {
1332 SCTP_FREE(asoc->strmout, SCTP_M_STRMO);
1333 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP);
1334 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM);
1335 return (ENOMEM);
1336 }
1337 memset(asoc->nr_mapping_array, 0, asoc->mapping_array_size);
1338
1339 /* Now the init of the other outqueues */
1340 TAILQ_INIT(&asoc->free_chunks);
1341 TAILQ_INIT(&asoc->control_send_queue);
1342 TAILQ_INIT(&asoc->asconf_send_queue);
1343 TAILQ_INIT(&asoc->send_queue);
1344 TAILQ_INIT(&asoc->sent_queue);
1345 TAILQ_INIT(&asoc->resetHead);
1346 asoc->max_inbound_streams = inp->sctp_ep.max_open_streams_intome;
1347 TAILQ_INIT(&asoc->asconf_queue);
1348 /* authentication fields */
1349 asoc->authinfo.random = NULL;
1350 asoc->authinfo.active_keyid = 0;
1351 asoc->authinfo.assoc_key = NULL;
1352 asoc->authinfo.assoc_keyid = 0;
1353 asoc->authinfo.recv_key = NULL;
1354 asoc->authinfo.recv_keyid = 0;
1355 LIST_INIT(&asoc->shared_keys);
1356 asoc->marked_retrans = 0;
1357 asoc->port = inp->sctp_ep.port;
1358 asoc->timoinit = 0;
1359 asoc->timodata = 0;
1360 asoc->timosack = 0;
1361 asoc->timoshutdown = 0;
1362 asoc->timoheartbeat = 0;
1363 asoc->timocookie = 0;
1364 asoc->timoshutdownack = 0;
1365 (void)SCTP_GETTIME_TIMEVAL(&asoc->start_time);
1366 asoc->discontinuity_time = asoc->start_time;
1367 for (i = 0; i < SCTP_PR_SCTP_MAX + 1; i++) {
1368 asoc->abandoned_unsent[i] = 0;
1369 asoc->abandoned_sent[i] = 0;
1370 }
1371 /*
1372 * sa_ignore MEMLEAK {memory is put in the assoc mapping array and
1373 * freed later when the association is freed.
1374 */
1375 return (0);
1376 }
1377
1378 void
sctp_print_mapping_array(struct sctp_association * asoc)1379 sctp_print_mapping_array(struct sctp_association *asoc)
1380 {
1381 unsigned int i, limit;
1382
1383 SCTP_PRINTF("Mapping array size: %d, baseTSN: %8.8x, cumAck: %8.8x, highestTSN: (%8.8x, %8.8x).\n",
1384 asoc->mapping_array_size,
1385 asoc->mapping_array_base_tsn,
1386 asoc->cumulative_tsn,
1387 asoc->highest_tsn_inside_map,
1388 asoc->highest_tsn_inside_nr_map);
1389 for (limit = asoc->mapping_array_size; limit > 1; limit--) {
1390 if (asoc->mapping_array[limit - 1] != 0) {
1391 break;
1392 }
1393 }
1394 SCTP_PRINTF("Renegable mapping array (last %d entries are zero):\n", asoc->mapping_array_size - limit);
1395 for (i = 0; i < limit; i++) {
1396 SCTP_PRINTF("%2.2x%c", asoc->mapping_array[i], ((i + 1) % 16) ? ' ' : '\n');
1397 }
1398 if (limit % 16)
1399 SCTP_PRINTF("\n");
1400 for (limit = asoc->mapping_array_size; limit > 1; limit--) {
1401 if (asoc->nr_mapping_array[limit - 1]) {
1402 break;
1403 }
1404 }
1405 SCTP_PRINTF("Non renegable mapping array (last %d entries are zero):\n", asoc->mapping_array_size - limit);
1406 for (i = 0; i < limit; i++) {
1407 SCTP_PRINTF("%2.2x%c", asoc->nr_mapping_array[i], ((i + 1) % 16) ? ' ' : '\n');
1408 }
1409 if (limit % 16)
1410 SCTP_PRINTF("\n");
1411 }
1412
1413 int
sctp_expand_mapping_array(struct sctp_association * asoc,uint32_t needed)1414 sctp_expand_mapping_array(struct sctp_association *asoc, uint32_t needed)
1415 {
1416 /* mapping array needs to grow */
1417 uint8_t *new_array1, *new_array2;
1418 uint32_t new_size;
1419
1420 new_size = asoc->mapping_array_size + ((needed + 7) / 8 + SCTP_MAPPING_ARRAY_INCR);
1421 SCTP_MALLOC(new_array1, uint8_t *, new_size, SCTP_M_MAP);
1422 SCTP_MALLOC(new_array2, uint8_t *, new_size, SCTP_M_MAP);
1423 if ((new_array1 == NULL) || (new_array2 == NULL)) {
1424 /* can't get more, forget it */
1425 SCTP_PRINTF("No memory for expansion of SCTP mapping array %d\n", new_size);
1426 if (new_array1) {
1427 SCTP_FREE(new_array1, SCTP_M_MAP);
1428 }
1429 if (new_array2) {
1430 SCTP_FREE(new_array2, SCTP_M_MAP);
1431 }
1432 return (-1);
1433 }
1434 memset(new_array1, 0, new_size);
1435 memset(new_array2, 0, new_size);
1436 memcpy(new_array1, asoc->mapping_array, asoc->mapping_array_size);
1437 memcpy(new_array2, asoc->nr_mapping_array, asoc->mapping_array_size);
1438 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP);
1439 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP);
1440 asoc->mapping_array = new_array1;
1441 asoc->nr_mapping_array = new_array2;
1442 asoc->mapping_array_size = new_size;
1443 return (0);
1444 }
1445
1446 static void
sctp_iterator_work(struct sctp_iterator * it)1447 sctp_iterator_work(struct sctp_iterator *it)
1448 {
1449 struct epoch_tracker et;
1450 struct sctp_inpcb *tinp;
1451 int iteration_count = 0;
1452 int inp_skip = 0;
1453 int first_in = 1;
1454
1455 NET_EPOCH_ENTER(et);
1456 SCTP_INP_INFO_RLOCK();
1457 SCTP_ITERATOR_LOCK();
1458 sctp_it_ctl.cur_it = it;
1459 if (it->inp) {
1460 SCTP_INP_RLOCK(it->inp);
1461 SCTP_INP_DECR_REF(it->inp);
1462 }
1463 if (it->inp == NULL) {
1464 /* iterator is complete */
1465 done_with_iterator:
1466 sctp_it_ctl.cur_it = NULL;
1467 SCTP_ITERATOR_UNLOCK();
1468 SCTP_INP_INFO_RUNLOCK();
1469 if (it->function_atend != NULL) {
1470 (*it->function_atend) (it->pointer, it->val);
1471 }
1472 SCTP_FREE(it, SCTP_M_ITER);
1473 NET_EPOCH_EXIT(et);
1474 return;
1475 }
1476 select_a_new_ep:
1477 if (first_in) {
1478 first_in = 0;
1479 } else {
1480 SCTP_INP_RLOCK(it->inp);
1481 }
1482 while (((it->pcb_flags) &&
1483 ((it->inp->sctp_flags & it->pcb_flags) != it->pcb_flags)) ||
1484 ((it->pcb_features) &&
1485 ((it->inp->sctp_features & it->pcb_features) != it->pcb_features))) {
1486 /* endpoint flags or features don't match, so keep looking */
1487 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
1488 SCTP_INP_RUNLOCK(it->inp);
1489 goto done_with_iterator;
1490 }
1491 tinp = it->inp;
1492 it->inp = LIST_NEXT(it->inp, sctp_list);
1493 it->stcb = NULL;
1494 SCTP_INP_RUNLOCK(tinp);
1495 if (it->inp == NULL) {
1496 goto done_with_iterator;
1497 }
1498 SCTP_INP_RLOCK(it->inp);
1499 }
1500 /* now go through each assoc which is in the desired state */
1501 if (it->done_current_ep == 0) {
1502 if (it->function_inp != NULL)
1503 inp_skip = (*it->function_inp) (it->inp, it->pointer, it->val);
1504 it->done_current_ep = 1;
1505 }
1506 if (it->stcb == NULL) {
1507 /* run the per instance function */
1508 it->stcb = LIST_FIRST(&it->inp->sctp_asoc_list);
1509 }
1510 if ((inp_skip) || it->stcb == NULL) {
1511 if (it->function_inp_end != NULL) {
1512 inp_skip = (*it->function_inp_end) (it->inp,
1513 it->pointer,
1514 it->val);
1515 }
1516 SCTP_INP_RUNLOCK(it->inp);
1517 goto no_stcb;
1518 }
1519 while (it->stcb != NULL) {
1520 SCTP_TCB_LOCK(it->stcb);
1521 if (it->asoc_state && ((it->stcb->asoc.state & it->asoc_state) != it->asoc_state)) {
1522 /* not in the right state... keep looking */
1523 SCTP_TCB_UNLOCK(it->stcb);
1524 goto next_assoc;
1525 }
1526 /* see if we have limited out the iterator loop */
1527 iteration_count++;
1528 if (iteration_count > SCTP_ITERATOR_MAX_AT_ONCE) {
1529 /* Pause to let others grab the lock */
1530 atomic_add_int(&it->stcb->asoc.refcnt, 1);
1531 SCTP_TCB_UNLOCK(it->stcb);
1532 SCTP_INP_INCR_REF(it->inp);
1533 SCTP_INP_RUNLOCK(it->inp);
1534 SCTP_ITERATOR_UNLOCK();
1535 SCTP_INP_INFO_RUNLOCK();
1536 SCTP_INP_INFO_RLOCK();
1537 SCTP_ITERATOR_LOCK();
1538 if (sctp_it_ctl.iterator_flags) {
1539 /* We won't be staying here */
1540 SCTP_INP_DECR_REF(it->inp);
1541 atomic_subtract_int(&it->stcb->asoc.refcnt, 1);
1542 if (sctp_it_ctl.iterator_flags &
1543 SCTP_ITERATOR_STOP_CUR_IT) {
1544 sctp_it_ctl.iterator_flags &= ~SCTP_ITERATOR_STOP_CUR_IT;
1545 goto done_with_iterator;
1546 }
1547 if (sctp_it_ctl.iterator_flags &
1548 SCTP_ITERATOR_STOP_CUR_INP) {
1549 sctp_it_ctl.iterator_flags &= ~SCTP_ITERATOR_STOP_CUR_INP;
1550 goto no_stcb;
1551 }
1552 /* If we reach here huh? */
1553 SCTP_PRINTF("Unknown it ctl flag %x\n",
1554 sctp_it_ctl.iterator_flags);
1555 sctp_it_ctl.iterator_flags = 0;
1556 }
1557 SCTP_INP_RLOCK(it->inp);
1558 SCTP_INP_DECR_REF(it->inp);
1559 SCTP_TCB_LOCK(it->stcb);
1560 atomic_subtract_int(&it->stcb->asoc.refcnt, 1);
1561 iteration_count = 0;
1562 }
1563 KASSERT(it->inp == it->stcb->sctp_ep,
1564 ("%s: stcb %p does not belong to inp %p, but inp %p",
1565 __func__, it->stcb, it->inp, it->stcb->sctp_ep));
1566 SCTP_INP_RLOCK_ASSERT(it->inp);
1567 SCTP_TCB_LOCK_ASSERT(it->stcb);
1568
1569 /* run function on this one */
1570 (*it->function_assoc) (it->inp, it->stcb, it->pointer, it->val);
1571 SCTP_INP_RLOCK_ASSERT(it->inp);
1572 SCTP_TCB_LOCK_ASSERT(it->stcb);
1573
1574 /*
1575 * we lie here, it really needs to have its own type but
1576 * first I must verify that this won't effect things :-0
1577 */
1578 if (it->no_chunk_output == 0) {
1579 sctp_chunk_output(it->inp, it->stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED);
1580 SCTP_INP_RLOCK_ASSERT(it->inp);
1581 SCTP_TCB_LOCK_ASSERT(it->stcb);
1582 }
1583
1584 SCTP_TCB_UNLOCK(it->stcb);
1585 next_assoc:
1586 it->stcb = LIST_NEXT(it->stcb, sctp_tcblist);
1587 if (it->stcb == NULL) {
1588 /* Run last function */
1589 if (it->function_inp_end != NULL) {
1590 inp_skip = (*it->function_inp_end) (it->inp,
1591 it->pointer,
1592 it->val);
1593 }
1594 }
1595 }
1596 SCTP_INP_RUNLOCK(it->inp);
1597 no_stcb:
1598 /* done with all assocs on this endpoint, move on to next endpoint */
1599 it->done_current_ep = 0;
1600 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
1601 it->inp = NULL;
1602 } else {
1603 it->inp = LIST_NEXT(it->inp, sctp_list);
1604 }
1605 it->stcb = NULL;
1606 if (it->inp == NULL) {
1607 goto done_with_iterator;
1608 }
1609 goto select_a_new_ep;
1610 }
1611
1612 void
sctp_iterator_worker(void)1613 sctp_iterator_worker(void)
1614 {
1615 struct sctp_iterator *it;
1616
1617 /* This function is called with the WQ lock in place */
1618 sctp_it_ctl.iterator_running = 1;
1619 while ((it = TAILQ_FIRST(&sctp_it_ctl.iteratorhead)) != NULL) {
1620 /* now lets work on this one */
1621 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr);
1622 SCTP_IPI_ITERATOR_WQ_UNLOCK();
1623 CURVNET_SET(it->vn);
1624 sctp_iterator_work(it);
1625 CURVNET_RESTORE();
1626 SCTP_IPI_ITERATOR_WQ_LOCK();
1627 /* sa_ignore FREED_MEMORY */
1628 }
1629 sctp_it_ctl.iterator_running = 0;
1630 return;
1631 }
1632
1633 static void
sctp_handle_addr_wq(void)1634 sctp_handle_addr_wq(void)
1635 {
1636 /* deal with the ADDR wq from the rtsock calls */
1637 struct sctp_laddr *wi, *nwi;
1638 struct sctp_asconf_iterator *asc;
1639
1640 SCTP_MALLOC(asc, struct sctp_asconf_iterator *,
1641 sizeof(struct sctp_asconf_iterator), SCTP_M_ASC_IT);
1642 if (asc == NULL) {
1643 /* Try later, no memory */
1644 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ,
1645 (struct sctp_inpcb *)NULL,
1646 (struct sctp_tcb *)NULL,
1647 (struct sctp_nets *)NULL);
1648 return;
1649 }
1650 LIST_INIT(&asc->list_of_work);
1651 asc->cnt = 0;
1652
1653 LIST_FOREACH_SAFE(wi, &SCTP_BASE_INFO(addr_wq), sctp_nxt_addr, nwi) {
1654 LIST_REMOVE(wi, sctp_nxt_addr);
1655 LIST_INSERT_HEAD(&asc->list_of_work, wi, sctp_nxt_addr);
1656 asc->cnt++;
1657 }
1658
1659 if (asc->cnt == 0) {
1660 SCTP_FREE(asc, SCTP_M_ASC_IT);
1661 } else {
1662 int ret;
1663
1664 ret = sctp_initiate_iterator(sctp_asconf_iterator_ep,
1665 sctp_asconf_iterator_stcb,
1666 NULL, /* No ep end for boundall */
1667 SCTP_PCB_FLAGS_BOUNDALL,
1668 SCTP_PCB_ANY_FEATURES,
1669 SCTP_ASOC_ANY_STATE,
1670 (void *)asc, 0,
1671 sctp_asconf_iterator_end, NULL, 0);
1672 if (ret) {
1673 SCTP_PRINTF("Failed to initiate iterator for handle_addr_wq\n");
1674 /*
1675 * Freeing if we are stopping or put back on the
1676 * addr_wq.
1677 */
1678 if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) {
1679 sctp_asconf_iterator_end(asc, 0);
1680 } else {
1681 LIST_FOREACH(wi, &asc->list_of_work, sctp_nxt_addr) {
1682 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr);
1683 }
1684 SCTP_FREE(asc, SCTP_M_ASC_IT);
1685 }
1686 }
1687 }
1688 }
1689
1690 /*-
1691 * The following table shows which pointers for the inp, stcb, or net are
1692 * stored for each timer after it was started.
1693 *
1694 *|Name |Timer |inp |stcb|net |
1695 *|-----------------------------|-----------------------------|----|----|----|
1696 *|SCTP_TIMER_TYPE_SEND |net->rxt_timer |Yes |Yes |Yes |
1697 *|SCTP_TIMER_TYPE_INIT |net->rxt_timer |Yes |Yes |Yes |
1698 *|SCTP_TIMER_TYPE_RECV |stcb->asoc.dack_timer |Yes |Yes |No |
1699 *|SCTP_TIMER_TYPE_SHUTDOWN |net->rxt_timer |Yes |Yes |Yes |
1700 *|SCTP_TIMER_TYPE_HEARTBEAT |net->hb_timer |Yes |Yes |Yes |
1701 *|SCTP_TIMER_TYPE_COOKIE |net->rxt_timer |Yes |Yes |Yes |
1702 *|SCTP_TIMER_TYPE_NEWCOOKIE |inp->sctp_ep.signature_change|Yes |No |No |
1703 *|SCTP_TIMER_TYPE_PATHMTURAISE |net->pmtu_timer |Yes |Yes |Yes |
1704 *|SCTP_TIMER_TYPE_SHUTDOWNACK |net->rxt_timer |Yes |Yes |Yes |
1705 *|SCTP_TIMER_TYPE_ASCONF |stcb->asoc.asconf_timer |Yes |Yes |Yes |
1706 *|SCTP_TIMER_TYPE_SHUTDOWNGUARD|stcb->asoc.shut_guard_timer |Yes |Yes |No |
1707 *|SCTP_TIMER_TYPE_AUTOCLOSE |stcb->asoc.autoclose_timer |Yes |Yes |No |
1708 *|SCTP_TIMER_TYPE_STRRESET |stcb->asoc.strreset_timer |Yes |Yes |No |
1709 *|SCTP_TIMER_TYPE_INPKILL |inp->sctp_ep.signature_change|Yes |No |No |
1710 *|SCTP_TIMER_TYPE_ASOCKILL |stcb->asoc.strreset_timer |Yes |Yes |No |
1711 *|SCTP_TIMER_TYPE_ADDR_WQ |SCTP_BASE_INFO(addr_wq_timer)|No |No |No |
1712 *|SCTP_TIMER_TYPE_PRIM_DELETED |stcb->asoc.delete_prim_timer |Yes |Yes |No |
1713 */
1714
1715 void
sctp_timeout_handler(void * t)1716 sctp_timeout_handler(void *t)
1717 {
1718 struct epoch_tracker et;
1719 struct timeval tv;
1720 struct sctp_inpcb *inp;
1721 struct sctp_tcb *stcb;
1722 struct sctp_nets *net;
1723 struct sctp_timer *tmr;
1724 struct mbuf *op_err;
1725 int type;
1726 int i, secret;
1727 bool did_output, released_asoc_reference;
1728
1729 /*
1730 * If inp, stcb or net are not NULL, then references to these were
1731 * added when the timer was started, and must be released before
1732 * this function returns.
1733 */
1734 tmr = (struct sctp_timer *)t;
1735 inp = (struct sctp_inpcb *)tmr->ep;
1736 stcb = (struct sctp_tcb *)tmr->tcb;
1737 net = (struct sctp_nets *)tmr->net;
1738 CURVNET_SET((struct vnet *)tmr->vnet);
1739 NET_EPOCH_ENTER(et);
1740 released_asoc_reference = false;
1741
1742 #ifdef SCTP_AUDITING_ENABLED
1743 sctp_audit_log(0xF0, (uint8_t)tmr->type);
1744 sctp_auditing(3, inp, stcb, net);
1745 #endif
1746
1747 /* sanity checks... */
1748 KASSERT(tmr->self == NULL || tmr->self == tmr,
1749 ("sctp_timeout_handler: tmr->self corrupted"));
1750 KASSERT(SCTP_IS_TIMER_TYPE_VALID(tmr->type),
1751 ("sctp_timeout_handler: invalid timer type %d", tmr->type));
1752 type = tmr->type;
1753 KASSERT(stcb == NULL || stcb->sctp_ep == inp,
1754 ("sctp_timeout_handler of type %d: inp = %p, stcb->sctp_ep %p",
1755 type, stcb, stcb->sctp_ep));
1756 tmr->stopped_from = 0xa001;
1757 if ((stcb != NULL) && (stcb->asoc.state == SCTP_STATE_EMPTY)) {
1758 SCTPDBG(SCTP_DEBUG_TIMER2,
1759 "Timer type %d handler exiting due to CLOSED association.\n",
1760 type);
1761 goto out_decr;
1762 }
1763 tmr->stopped_from = 0xa002;
1764 SCTPDBG(SCTP_DEBUG_TIMER2, "Timer type %d goes off.\n", type);
1765 if (!SCTP_OS_TIMER_ACTIVE(&tmr->timer)) {
1766 SCTPDBG(SCTP_DEBUG_TIMER2,
1767 "Timer type %d handler exiting due to not being active.\n",
1768 type);
1769 goto out_decr;
1770 }
1771
1772 tmr->stopped_from = 0xa003;
1773 if (stcb) {
1774 SCTP_TCB_LOCK(stcb);
1775 /*
1776 * Release reference so that association can be freed if
1777 * necessary below. This is safe now that we have acquired
1778 * the lock.
1779 */
1780 atomic_subtract_int(&stcb->asoc.refcnt, 1);
1781 released_asoc_reference = true;
1782 if ((type != SCTP_TIMER_TYPE_ASOCKILL) &&
1783 ((stcb->asoc.state == SCTP_STATE_EMPTY) ||
1784 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED))) {
1785 SCTPDBG(SCTP_DEBUG_TIMER2,
1786 "Timer type %d handler exiting due to CLOSED association.\n",
1787 type);
1788 goto out;
1789 }
1790 } else if (inp != NULL) {
1791 SCTP_INP_WLOCK(inp);
1792 } else {
1793 SCTP_WQ_ADDR_LOCK();
1794 }
1795
1796 /* Record in stopped_from which timeout occurred. */
1797 tmr->stopped_from = type;
1798 /* mark as being serviced now */
1799 if (SCTP_OS_TIMER_PENDING(&tmr->timer)) {
1800 /*
1801 * Callout has been rescheduled.
1802 */
1803 goto out;
1804 }
1805 if (!SCTP_OS_TIMER_ACTIVE(&tmr->timer)) {
1806 /*
1807 * Not active, so no action.
1808 */
1809 goto out;
1810 }
1811 SCTP_OS_TIMER_DEACTIVATE(&tmr->timer);
1812
1813 /* call the handler for the appropriate timer type */
1814 switch (type) {
1815 case SCTP_TIMER_TYPE_SEND:
1816 KASSERT(inp != NULL && stcb != NULL && net != NULL,
1817 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
1818 type, inp, stcb, net));
1819 SCTP_STAT_INCR(sctps_timodata);
1820 stcb->asoc.timodata++;
1821 stcb->asoc.num_send_timers_up--;
1822 if (stcb->asoc.num_send_timers_up < 0) {
1823 stcb->asoc.num_send_timers_up = 0;
1824 }
1825 SCTP_TCB_LOCK_ASSERT(stcb);
1826 if (sctp_t3rxt_timer(inp, stcb, net)) {
1827 /* no need to unlock on tcb its gone */
1828
1829 goto out_decr;
1830 }
1831 SCTP_TCB_LOCK_ASSERT(stcb);
1832 #ifdef SCTP_AUDITING_ENABLED
1833 sctp_auditing(4, inp, stcb, net);
1834 #endif
1835 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED);
1836 did_output = true;
1837 if ((stcb->asoc.num_send_timers_up == 0) &&
1838 (stcb->asoc.sent_queue_cnt > 0)) {
1839 struct sctp_tmit_chunk *chk;
1840
1841 /*
1842 * Safeguard. If there on some on the sent queue
1843 * somewhere but no timers running something is
1844 * wrong... so we start a timer on the first chunk
1845 * on the send queue on whatever net it is sent to.
1846 */
1847 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) {
1848 if (chk->whoTo != NULL) {
1849 break;
1850 }
1851 }
1852 if (chk != NULL) {
1853 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, chk->whoTo);
1854 }
1855 }
1856 break;
1857 case SCTP_TIMER_TYPE_INIT:
1858 KASSERT(inp != NULL && stcb != NULL && net != NULL,
1859 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
1860 type, inp, stcb, net));
1861 SCTP_STAT_INCR(sctps_timoinit);
1862 stcb->asoc.timoinit++;
1863 if (sctp_t1init_timer(inp, stcb, net)) {
1864 /* no need to unlock on tcb its gone */
1865 goto out_decr;
1866 }
1867 did_output = false;
1868 break;
1869 case SCTP_TIMER_TYPE_RECV:
1870 KASSERT(inp != NULL && stcb != NULL && net == NULL,
1871 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
1872 type, inp, stcb, net));
1873 SCTP_STAT_INCR(sctps_timosack);
1874 stcb->asoc.timosack++;
1875 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED);
1876 #ifdef SCTP_AUDITING_ENABLED
1877 sctp_auditing(4, inp, stcb, NULL);
1878 #endif
1879 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SACK_TMR, SCTP_SO_NOT_LOCKED);
1880 did_output = true;
1881 break;
1882 case SCTP_TIMER_TYPE_SHUTDOWN:
1883 KASSERT(inp != NULL && stcb != NULL && net != NULL,
1884 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
1885 type, inp, stcb, net));
1886 SCTP_STAT_INCR(sctps_timoshutdown);
1887 stcb->asoc.timoshutdown++;
1888 if (sctp_shutdown_timer(inp, stcb, net)) {
1889 /* no need to unlock on tcb its gone */
1890 goto out_decr;
1891 }
1892 #ifdef SCTP_AUDITING_ENABLED
1893 sctp_auditing(4, inp, stcb, net);
1894 #endif
1895 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_TMR, SCTP_SO_NOT_LOCKED);
1896 did_output = true;
1897 break;
1898 case SCTP_TIMER_TYPE_HEARTBEAT:
1899 KASSERT(inp != NULL && stcb != NULL && net != NULL,
1900 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
1901 type, inp, stcb, net));
1902 SCTP_STAT_INCR(sctps_timoheartbeat);
1903 stcb->asoc.timoheartbeat++;
1904 if (sctp_heartbeat_timer(inp, stcb, net)) {
1905 /* no need to unlock on tcb its gone */
1906 goto out_decr;
1907 }
1908 #ifdef SCTP_AUDITING_ENABLED
1909 sctp_auditing(4, inp, stcb, net);
1910 #endif
1911 if ((net->dest_state & SCTP_ADDR_NOHB) == 0) {
1912 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net);
1913 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_HB_TMR, SCTP_SO_NOT_LOCKED);
1914 did_output = true;
1915 } else {
1916 did_output = false;
1917 }
1918 break;
1919 case SCTP_TIMER_TYPE_COOKIE:
1920 KASSERT(inp != NULL && stcb != NULL && net != NULL,
1921 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
1922 type, inp, stcb, net));
1923 SCTP_STAT_INCR(sctps_timocookie);
1924 stcb->asoc.timocookie++;
1925 if (sctp_cookie_timer(inp, stcb, net)) {
1926 /* no need to unlock on tcb its gone */
1927 goto out_decr;
1928 }
1929 #ifdef SCTP_AUDITING_ENABLED
1930 sctp_auditing(4, inp, stcb, net);
1931 #endif
1932 /*
1933 * We consider T3 and Cookie timer pretty much the same with
1934 * respect to where from in chunk_output.
1935 */
1936 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED);
1937 did_output = true;
1938 break;
1939 case SCTP_TIMER_TYPE_NEWCOOKIE:
1940 KASSERT(inp != NULL && stcb == NULL && net == NULL,
1941 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
1942 type, inp, stcb, net));
1943 SCTP_STAT_INCR(sctps_timosecret);
1944 (void)SCTP_GETTIME_TIMEVAL(&tv);
1945 inp->sctp_ep.time_of_secret_change = tv.tv_sec;
1946 inp->sctp_ep.last_secret_number =
1947 inp->sctp_ep.current_secret_number;
1948 inp->sctp_ep.current_secret_number++;
1949 if (inp->sctp_ep.current_secret_number >=
1950 SCTP_HOW_MANY_SECRETS) {
1951 inp->sctp_ep.current_secret_number = 0;
1952 }
1953 secret = (int)inp->sctp_ep.current_secret_number;
1954 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) {
1955 inp->sctp_ep.secret_key[secret][i] =
1956 sctp_select_initial_TSN(&inp->sctp_ep);
1957 }
1958 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL);
1959 did_output = false;
1960 break;
1961 case SCTP_TIMER_TYPE_PATHMTURAISE:
1962 KASSERT(inp != NULL && stcb != NULL && net != NULL,
1963 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
1964 type, inp, stcb, net));
1965 SCTP_STAT_INCR(sctps_timopathmtu);
1966 sctp_pathmtu_timer(inp, stcb, net);
1967 did_output = false;
1968 break;
1969 case SCTP_TIMER_TYPE_SHUTDOWNACK:
1970 KASSERT(inp != NULL && stcb != NULL && net != NULL,
1971 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
1972 type, inp, stcb, net));
1973 if (sctp_shutdownack_timer(inp, stcb, net)) {
1974 /* no need to unlock on tcb its gone */
1975 goto out_decr;
1976 }
1977 SCTP_STAT_INCR(sctps_timoshutdownack);
1978 stcb->asoc.timoshutdownack++;
1979 #ifdef SCTP_AUDITING_ENABLED
1980 sctp_auditing(4, inp, stcb, net);
1981 #endif
1982 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_ACK_TMR, SCTP_SO_NOT_LOCKED);
1983 did_output = true;
1984 break;
1985 case SCTP_TIMER_TYPE_ASCONF:
1986 KASSERT(inp != NULL && stcb != NULL && net != NULL,
1987 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
1988 type, inp, stcb, net));
1989 SCTP_STAT_INCR(sctps_timoasconf);
1990 if (sctp_asconf_timer(inp, stcb, net)) {
1991 /* no need to unlock on tcb its gone */
1992 goto out_decr;
1993 }
1994 #ifdef SCTP_AUDITING_ENABLED
1995 sctp_auditing(4, inp, stcb, net);
1996 #endif
1997 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_ASCONF_TMR, SCTP_SO_NOT_LOCKED);
1998 did_output = true;
1999 break;
2000 case SCTP_TIMER_TYPE_SHUTDOWNGUARD:
2001 KASSERT(inp != NULL && stcb != NULL && net == NULL,
2002 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
2003 type, inp, stcb, net));
2004 SCTP_STAT_INCR(sctps_timoshutdownguard);
2005 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
2006 "Shutdown guard timer expired");
2007 sctp_abort_an_association(inp, stcb, op_err, true, SCTP_SO_NOT_LOCKED);
2008 /* no need to unlock on tcb its gone */
2009 goto out_decr;
2010 case SCTP_TIMER_TYPE_AUTOCLOSE:
2011 KASSERT(inp != NULL && stcb != NULL && net == NULL,
2012 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
2013 type, inp, stcb, net));
2014 SCTP_STAT_INCR(sctps_timoautoclose);
2015 sctp_autoclose_timer(inp, stcb);
2016 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR, SCTP_SO_NOT_LOCKED);
2017 did_output = true;
2018 break;
2019 case SCTP_TIMER_TYPE_STRRESET:
2020 KASSERT(inp != NULL && stcb != NULL && net == NULL,
2021 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
2022 type, inp, stcb, net));
2023 SCTP_STAT_INCR(sctps_timostrmrst);
2024 if (sctp_strreset_timer(inp, stcb)) {
2025 /* no need to unlock on tcb its gone */
2026 goto out_decr;
2027 }
2028 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_STRRST_TMR, SCTP_SO_NOT_LOCKED);
2029 did_output = true;
2030 break;
2031 case SCTP_TIMER_TYPE_INPKILL:
2032 KASSERT(inp != NULL && stcb == NULL && net == NULL,
2033 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
2034 type, inp, stcb, net));
2035 SCTP_STAT_INCR(sctps_timoinpkill);
2036 /*
2037 * special case, take away our increment since WE are the
2038 * killer
2039 */
2040 sctp_timer_stop(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL,
2041 SCTP_FROM_SCTPUTIL + SCTP_LOC_3);
2042 SCTP_INP_DECR_REF(inp);
2043 SCTP_INP_WUNLOCK(inp);
2044 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT,
2045 SCTP_CALLED_FROM_INPKILL_TIMER);
2046 inp = NULL;
2047 goto out_decr;
2048 case SCTP_TIMER_TYPE_ASOCKILL:
2049 KASSERT(inp != NULL && stcb != NULL && net == NULL,
2050 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
2051 type, inp, stcb, net));
2052 SCTP_STAT_INCR(sctps_timoassockill);
2053 /* Can we free it yet? */
2054 sctp_timer_stop(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL,
2055 SCTP_FROM_SCTPUTIL + SCTP_LOC_1);
2056 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC,
2057 SCTP_FROM_SCTPUTIL + SCTP_LOC_2);
2058 /*
2059 * free asoc, always unlocks (or destroy's) so prevent
2060 * duplicate unlock or unlock of a free mtx :-0
2061 */
2062 stcb = NULL;
2063 goto out_decr;
2064 case SCTP_TIMER_TYPE_ADDR_WQ:
2065 KASSERT(inp == NULL && stcb == NULL && net == NULL,
2066 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
2067 type, inp, stcb, net));
2068 sctp_handle_addr_wq();
2069 did_output = true;
2070 break;
2071 case SCTP_TIMER_TYPE_PRIM_DELETED:
2072 KASSERT(inp != NULL && stcb != NULL && net == NULL,
2073 ("timeout of type %d: inp = %p, stcb = %p, net = %p",
2074 type, inp, stcb, net));
2075 SCTP_STAT_INCR(sctps_timodelprim);
2076 sctp_delete_prim_timer(inp, stcb);
2077 did_output = false;
2078 break;
2079 default:
2080 #ifdef INVARIANTS
2081 panic("Unknown timer type %d", type);
2082 #else
2083 goto out;
2084 #endif
2085 }
2086 #ifdef SCTP_AUDITING_ENABLED
2087 sctp_audit_log(0xF1, (uint8_t)type);
2088 if (inp != NULL)
2089 sctp_auditing(5, inp, stcb, net);
2090 #endif
2091 if (did_output && (stcb != NULL)) {
2092 /*
2093 * Now we need to clean up the control chunk chain if an
2094 * ECNE is on it. It must be marked as UNSENT again so next
2095 * call will continue to send it until such time that we get
2096 * a CWR, to remove it. It is, however, less likely that we
2097 * will find a ecn echo on the chain though.
2098 */
2099 sctp_fix_ecn_echo(&stcb->asoc);
2100 }
2101 out:
2102 if (stcb != NULL) {
2103 SCTP_TCB_UNLOCK(stcb);
2104 } else if (inp != NULL) {
2105 SCTP_INP_WUNLOCK(inp);
2106 } else {
2107 SCTP_WQ_ADDR_UNLOCK();
2108 }
2109
2110 out_decr:
2111 /* These reference counts were incremented in sctp_timer_start(). */
2112 if (inp != NULL) {
2113 SCTP_INP_DECR_REF(inp);
2114 }
2115 if ((stcb != NULL) && !released_asoc_reference) {
2116 atomic_subtract_int(&stcb->asoc.refcnt, 1);
2117 }
2118 if (net != NULL) {
2119 sctp_free_remote_addr(net);
2120 }
2121 SCTPDBG(SCTP_DEBUG_TIMER2, "Timer type %d handler finished.\n", type);
2122 CURVNET_RESTORE();
2123 NET_EPOCH_EXIT(et);
2124 }
2125
2126 /*-
2127 * The following table shows which parameters must be provided
2128 * when calling sctp_timer_start(). For parameters not being
2129 * provided, NULL must be used.
2130 *
2131 * |Name |inp |stcb|net |
2132 * |-----------------------------|----|----|----|
2133 * |SCTP_TIMER_TYPE_SEND |Yes |Yes |Yes |
2134 * |SCTP_TIMER_TYPE_INIT |Yes |Yes |Yes |
2135 * |SCTP_TIMER_TYPE_RECV |Yes |Yes |No |
2136 * |SCTP_TIMER_TYPE_SHUTDOWN |Yes |Yes |Yes |
2137 * |SCTP_TIMER_TYPE_HEARTBEAT |Yes |Yes |Yes |
2138 * |SCTP_TIMER_TYPE_COOKIE |Yes |Yes |Yes |
2139 * |SCTP_TIMER_TYPE_NEWCOOKIE |Yes |No |No |
2140 * |SCTP_TIMER_TYPE_PATHMTURAISE |Yes |Yes |Yes |
2141 * |SCTP_TIMER_TYPE_SHUTDOWNACK |Yes |Yes |Yes |
2142 * |SCTP_TIMER_TYPE_ASCONF |Yes |Yes |Yes |
2143 * |SCTP_TIMER_TYPE_SHUTDOWNGUARD|Yes |Yes |No |
2144 * |SCTP_TIMER_TYPE_AUTOCLOSE |Yes |Yes |No |
2145 * |SCTP_TIMER_TYPE_STRRESET |Yes |Yes |Yes |
2146 * |SCTP_TIMER_TYPE_INPKILL |Yes |No |No |
2147 * |SCTP_TIMER_TYPE_ASOCKILL |Yes |Yes |No |
2148 * |SCTP_TIMER_TYPE_ADDR_WQ |No |No |No |
2149 * |SCTP_TIMER_TYPE_PRIM_DELETED |Yes |Yes |No |
2150 *
2151 */
2152
2153 void
sctp_timer_start(int t_type,struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)2154 sctp_timer_start(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb,
2155 struct sctp_nets *net)
2156 {
2157 struct sctp_timer *tmr;
2158 uint32_t to_ticks;
2159 uint32_t rndval, jitter;
2160
2161 KASSERT(stcb == NULL || stcb->sctp_ep == inp,
2162 ("sctp_timer_start of type %d: inp = %p, stcb->sctp_ep %p",
2163 t_type, stcb, stcb->sctp_ep));
2164 tmr = NULL;
2165 if (stcb != NULL) {
2166 SCTP_TCB_LOCK_ASSERT(stcb);
2167 } else if (inp != NULL) {
2168 SCTP_INP_WLOCK_ASSERT(inp);
2169 } else {
2170 SCTP_WQ_ADDR_LOCK_ASSERT();
2171 }
2172 if (stcb != NULL) {
2173 /*
2174 * Don't restart timer on association that's about to be
2175 * killed.
2176 */
2177 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) &&
2178 (t_type != SCTP_TIMER_TYPE_ASOCKILL)) {
2179 SCTPDBG(SCTP_DEBUG_TIMER2,
2180 "Timer type %d not started: inp=%p, stcb=%p, net=%p (stcb deleted).\n",
2181 t_type, inp, stcb, net);
2182 return;
2183 }
2184 /* Don't restart timer on net that's been removed. */
2185 if (net != NULL && (net->dest_state & SCTP_ADDR_BEING_DELETED)) {
2186 SCTPDBG(SCTP_DEBUG_TIMER2,
2187 "Timer type %d not started: inp=%p, stcb=%p, net=%p (net deleted).\n",
2188 t_type, inp, stcb, net);
2189 return;
2190 }
2191 }
2192 switch (t_type) {
2193 case SCTP_TIMER_TYPE_SEND:
2194 /* Here we use the RTO timer. */
2195 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2196 #ifdef INVARIANTS
2197 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2198 t_type, inp, stcb, net);
2199 #else
2200 return;
2201 #endif
2202 }
2203 tmr = &net->rxt_timer;
2204 if (net->RTO == 0) {
2205 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto);
2206 } else {
2207 to_ticks = sctp_msecs_to_ticks(net->RTO);
2208 }
2209 break;
2210 case SCTP_TIMER_TYPE_INIT:
2211 /*
2212 * Here we use the INIT timer default usually about 1
2213 * second.
2214 */
2215 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2216 #ifdef INVARIANTS
2217 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2218 t_type, inp, stcb, net);
2219 #else
2220 return;
2221 #endif
2222 }
2223 tmr = &net->rxt_timer;
2224 if (net->RTO == 0) {
2225 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto);
2226 } else {
2227 to_ticks = sctp_msecs_to_ticks(net->RTO);
2228 }
2229 break;
2230 case SCTP_TIMER_TYPE_RECV:
2231 /*
2232 * Here we use the Delayed-Ack timer value from the inp,
2233 * usually about 200ms.
2234 */
2235 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) {
2236 #ifdef INVARIANTS
2237 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2238 t_type, inp, stcb, net);
2239 #else
2240 return;
2241 #endif
2242 }
2243 tmr = &stcb->asoc.dack_timer;
2244 to_ticks = sctp_msecs_to_ticks(stcb->asoc.delayed_ack);
2245 break;
2246 case SCTP_TIMER_TYPE_SHUTDOWN:
2247 /* Here we use the RTO of the destination. */
2248 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2249 #ifdef INVARIANTS
2250 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2251 t_type, inp, stcb, net);
2252 #else
2253 return;
2254 #endif
2255 }
2256 tmr = &net->rxt_timer;
2257 if (net->RTO == 0) {
2258 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto);
2259 } else {
2260 to_ticks = sctp_msecs_to_ticks(net->RTO);
2261 }
2262 break;
2263 case SCTP_TIMER_TYPE_HEARTBEAT:
2264 /*
2265 * The net is used here so that we can add in the RTO. Even
2266 * though we use a different timer. We also add the HB timer
2267 * PLUS a random jitter.
2268 */
2269 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2270 #ifdef INVARIANTS
2271 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2272 t_type, inp, stcb, net);
2273 #else
2274 return;
2275 #endif
2276 }
2277 if ((net->dest_state & SCTP_ADDR_NOHB) &&
2278 ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0)) {
2279 SCTPDBG(SCTP_DEBUG_TIMER2,
2280 "Timer type %d not started: inp=%p, stcb=%p, net=%p.\n",
2281 t_type, inp, stcb, net);
2282 return;
2283 }
2284 tmr = &net->hb_timer;
2285 if (net->RTO == 0) {
2286 to_ticks = stcb->asoc.initial_rto;
2287 } else {
2288 to_ticks = net->RTO;
2289 }
2290 if (!((net->dest_state & SCTP_ADDR_UNCONFIRMED) &&
2291 (net->dest_state & SCTP_ADDR_REACHABLE)) &&
2292 ((net->dest_state & SCTP_ADDR_PF) == 0)) {
2293 if (to_ticks > 1) {
2294 rndval = sctp_select_initial_TSN(&inp->sctp_ep);
2295 jitter = rndval % to_ticks;
2296 to_ticks >>= 1;
2297 if (jitter < (UINT32_MAX - to_ticks)) {
2298 to_ticks += jitter;
2299 } else {
2300 to_ticks = UINT32_MAX;
2301 }
2302 }
2303 if (net->heart_beat_delay < (UINT32_MAX - to_ticks)) {
2304 to_ticks += net->heart_beat_delay;
2305 } else {
2306 to_ticks = UINT32_MAX;
2307 }
2308 }
2309 /*
2310 * Now we must convert the to_ticks that are now in ms to
2311 * ticks.
2312 */
2313 to_ticks = sctp_msecs_to_ticks(to_ticks);
2314 break;
2315 case SCTP_TIMER_TYPE_COOKIE:
2316 /*
2317 * Here we can use the RTO timer from the network since one
2318 * RTT was complete. If a retransmission happened then we
2319 * will be using the RTO initial value.
2320 */
2321 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2322 #ifdef INVARIANTS
2323 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2324 t_type, inp, stcb, net);
2325 #else
2326 return;
2327 #endif
2328 }
2329 tmr = &net->rxt_timer;
2330 if (net->RTO == 0) {
2331 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto);
2332 } else {
2333 to_ticks = sctp_msecs_to_ticks(net->RTO);
2334 }
2335 break;
2336 case SCTP_TIMER_TYPE_NEWCOOKIE:
2337 /*
2338 * Nothing needed but the endpoint here usually about 60
2339 * minutes.
2340 */
2341 if ((inp == NULL) || (stcb != NULL) || (net != NULL)) {
2342 #ifdef INVARIANTS
2343 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2344 t_type, inp, stcb, net);
2345 #else
2346 return;
2347 #endif
2348 }
2349 tmr = &inp->sctp_ep.signature_change;
2350 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_SIGNATURE];
2351 break;
2352 case SCTP_TIMER_TYPE_PATHMTURAISE:
2353 /*
2354 * Here we use the value found in the EP for PMTUD, usually
2355 * about 10 minutes.
2356 */
2357 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2358 #ifdef INVARIANTS
2359 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2360 t_type, inp, stcb, net);
2361 #else
2362 return;
2363 #endif
2364 }
2365 if (net->dest_state & SCTP_ADDR_NO_PMTUD) {
2366 SCTPDBG(SCTP_DEBUG_TIMER2,
2367 "Timer type %d not started: inp=%p, stcb=%p, net=%p.\n",
2368 t_type, inp, stcb, net);
2369 return;
2370 }
2371 tmr = &net->pmtu_timer;
2372 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_PMTU];
2373 break;
2374 case SCTP_TIMER_TYPE_SHUTDOWNACK:
2375 /* Here we use the RTO of the destination. */
2376 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2377 #ifdef INVARIANTS
2378 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2379 t_type, inp, stcb, net);
2380 #else
2381 return;
2382 #endif
2383 }
2384 tmr = &net->rxt_timer;
2385 if (net->RTO == 0) {
2386 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto);
2387 } else {
2388 to_ticks = sctp_msecs_to_ticks(net->RTO);
2389 }
2390 break;
2391 case SCTP_TIMER_TYPE_ASCONF:
2392 /*
2393 * Here the timer comes from the stcb but its value is from
2394 * the net's RTO.
2395 */
2396 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2397 #ifdef INVARIANTS
2398 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2399 t_type, inp, stcb, net);
2400 #else
2401 return;
2402 #endif
2403 }
2404 tmr = &stcb->asoc.asconf_timer;
2405 if (net->RTO == 0) {
2406 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto);
2407 } else {
2408 to_ticks = sctp_msecs_to_ticks(net->RTO);
2409 }
2410 break;
2411 case SCTP_TIMER_TYPE_SHUTDOWNGUARD:
2412 /*
2413 * Here we use the endpoints shutdown guard timer usually
2414 * about 3 minutes.
2415 */
2416 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) {
2417 #ifdef INVARIANTS
2418 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2419 t_type, inp, stcb, net);
2420 #else
2421 return;
2422 #endif
2423 }
2424 tmr = &stcb->asoc.shut_guard_timer;
2425 if (inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN] == 0) {
2426 if (stcb->asoc.maxrto < UINT32_MAX / 5) {
2427 to_ticks = sctp_msecs_to_ticks(5 * stcb->asoc.maxrto);
2428 } else {
2429 to_ticks = sctp_msecs_to_ticks(UINT32_MAX);
2430 }
2431 } else {
2432 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN];
2433 }
2434 break;
2435 case SCTP_TIMER_TYPE_AUTOCLOSE:
2436 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) {
2437 #ifdef INVARIANTS
2438 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2439 t_type, inp, stcb, net);
2440 #else
2441 return;
2442 #endif
2443 }
2444 tmr = &stcb->asoc.autoclose_timer;
2445 to_ticks = stcb->asoc.sctp_autoclose_ticks;
2446 break;
2447 case SCTP_TIMER_TYPE_STRRESET:
2448 /*
2449 * Here the timer comes from the stcb but its value is from
2450 * the net's RTO.
2451 */
2452 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2453 #ifdef INVARIANTS
2454 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2455 t_type, inp, stcb, net);
2456 #else
2457 return;
2458 #endif
2459 }
2460 tmr = &stcb->asoc.strreset_timer;
2461 if (net->RTO == 0) {
2462 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto);
2463 } else {
2464 to_ticks = sctp_msecs_to_ticks(net->RTO);
2465 }
2466 break;
2467 case SCTP_TIMER_TYPE_INPKILL:
2468 /*
2469 * The inp is setup to die. We re-use the signature_change
2470 * timer since that has stopped and we are in the GONE
2471 * state.
2472 */
2473 if ((inp == NULL) || (stcb != NULL) || (net != NULL)) {
2474 #ifdef INVARIANTS
2475 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2476 t_type, inp, stcb, net);
2477 #else
2478 return;
2479 #endif
2480 }
2481 tmr = &inp->sctp_ep.signature_change;
2482 to_ticks = sctp_msecs_to_ticks(SCTP_INP_KILL_TIMEOUT);
2483 break;
2484 case SCTP_TIMER_TYPE_ASOCKILL:
2485 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) {
2486 #ifdef INVARIANTS
2487 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2488 t_type, inp, stcb, net);
2489 #else
2490 return;
2491 #endif
2492 }
2493 tmr = &stcb->asoc.strreset_timer;
2494 to_ticks = sctp_msecs_to_ticks(SCTP_ASOC_KILL_TIMEOUT);
2495 break;
2496 case SCTP_TIMER_TYPE_ADDR_WQ:
2497 if ((inp != NULL) || (stcb != NULL) || (net != NULL)) {
2498 #ifdef INVARIANTS
2499 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2500 t_type, inp, stcb, net);
2501 #else
2502 return;
2503 #endif
2504 }
2505 /* Only 1 tick away :-) */
2506 tmr = &SCTP_BASE_INFO(addr_wq_timer);
2507 to_ticks = SCTP_ADDRESS_TICK_DELAY;
2508 break;
2509 case SCTP_TIMER_TYPE_PRIM_DELETED:
2510 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) {
2511 #ifdef INVARIANTS
2512 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p",
2513 t_type, inp, stcb, net);
2514 #else
2515 return;
2516 #endif
2517 }
2518 tmr = &stcb->asoc.delete_prim_timer;
2519 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto);
2520 break;
2521 default:
2522 #ifdef INVARIANTS
2523 panic("Unknown timer type %d", t_type);
2524 #else
2525 return;
2526 #endif
2527 }
2528 KASSERT(tmr != NULL, ("tmr is NULL for timer type %d", t_type));
2529 KASSERT(to_ticks > 0, ("to_ticks == 0 for timer type %d", t_type));
2530 if (SCTP_OS_TIMER_PENDING(&tmr->timer)) {
2531 /*
2532 * We do NOT allow you to have it already running. If it is,
2533 * we leave the current one up unchanged.
2534 */
2535 SCTPDBG(SCTP_DEBUG_TIMER2,
2536 "Timer type %d already running: inp=%p, stcb=%p, net=%p.\n",
2537 t_type, inp, stcb, net);
2538 return;
2539 }
2540 /* At this point we can proceed. */
2541 if (t_type == SCTP_TIMER_TYPE_SEND) {
2542 stcb->asoc.num_send_timers_up++;
2543 }
2544 tmr->stopped_from = 0;
2545 tmr->type = t_type;
2546 tmr->ep = (void *)inp;
2547 tmr->tcb = (void *)stcb;
2548 if (t_type == SCTP_TIMER_TYPE_STRRESET) {
2549 tmr->net = NULL;
2550 } else {
2551 tmr->net = (void *)net;
2552 }
2553 tmr->self = (void *)tmr;
2554 tmr->vnet = (void *)curvnet;
2555 tmr->ticks = sctp_get_tick_count();
2556 if (SCTP_OS_TIMER_START(&tmr->timer, to_ticks, sctp_timeout_handler, tmr) == 0) {
2557 SCTPDBG(SCTP_DEBUG_TIMER2,
2558 "Timer type %d started: ticks=%u, inp=%p, stcb=%p, net=%p.\n",
2559 t_type, to_ticks, inp, stcb, net);
2560 /*
2561 * If this is a newly scheduled callout, as opposed to a
2562 * rescheduled one, increment relevant reference counts.
2563 */
2564 if (tmr->ep != NULL) {
2565 SCTP_INP_INCR_REF(inp);
2566 }
2567 if (tmr->tcb != NULL) {
2568 atomic_add_int(&stcb->asoc.refcnt, 1);
2569 }
2570 if (tmr->net != NULL) {
2571 atomic_add_int(&net->ref_count, 1);
2572 }
2573 } else {
2574 /*
2575 * This should not happen, since we checked for pending
2576 * above.
2577 */
2578 SCTPDBG(SCTP_DEBUG_TIMER2,
2579 "Timer type %d restarted: ticks=%u, inp=%p, stcb=%p, net=%p.\n",
2580 t_type, to_ticks, inp, stcb, net);
2581 }
2582 return;
2583 }
2584
2585 /*-
2586 * The following table shows which parameters must be provided
2587 * when calling sctp_timer_stop(). For parameters not being
2588 * provided, NULL must be used.
2589 *
2590 * |Name |inp |stcb|net |
2591 * |-----------------------------|----|----|----|
2592 * |SCTP_TIMER_TYPE_SEND |Yes |Yes |Yes |
2593 * |SCTP_TIMER_TYPE_INIT |Yes |Yes |Yes |
2594 * |SCTP_TIMER_TYPE_RECV |Yes |Yes |No |
2595 * |SCTP_TIMER_TYPE_SHUTDOWN |Yes |Yes |Yes |
2596 * |SCTP_TIMER_TYPE_HEARTBEAT |Yes |Yes |Yes |
2597 * |SCTP_TIMER_TYPE_COOKIE |Yes |Yes |Yes |
2598 * |SCTP_TIMER_TYPE_NEWCOOKIE |Yes |No |No |
2599 * |SCTP_TIMER_TYPE_PATHMTURAISE |Yes |Yes |Yes |
2600 * |SCTP_TIMER_TYPE_SHUTDOWNACK |Yes |Yes |Yes |
2601 * |SCTP_TIMER_TYPE_ASCONF |Yes |Yes |No |
2602 * |SCTP_TIMER_TYPE_SHUTDOWNGUARD|Yes |Yes |No |
2603 * |SCTP_TIMER_TYPE_AUTOCLOSE |Yes |Yes |No |
2604 * |SCTP_TIMER_TYPE_STRRESET |Yes |Yes |No |
2605 * |SCTP_TIMER_TYPE_INPKILL |Yes |No |No |
2606 * |SCTP_TIMER_TYPE_ASOCKILL |Yes |Yes |No |
2607 * |SCTP_TIMER_TYPE_ADDR_WQ |No |No |No |
2608 * |SCTP_TIMER_TYPE_PRIM_DELETED |Yes |Yes |No |
2609 *
2610 */
2611
2612 void
sctp_timer_stop(int t_type,struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net,uint32_t from)2613 sctp_timer_stop(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb,
2614 struct sctp_nets *net, uint32_t from)
2615 {
2616 struct sctp_timer *tmr;
2617
2618 KASSERT(stcb == NULL || stcb->sctp_ep == inp,
2619 ("sctp_timer_stop of type %d: inp = %p, stcb->sctp_ep %p",
2620 t_type, stcb, stcb->sctp_ep));
2621 if (stcb != NULL) {
2622 SCTP_TCB_LOCK_ASSERT(stcb);
2623 } else if (inp != NULL) {
2624 SCTP_INP_WLOCK_ASSERT(inp);
2625 } else {
2626 SCTP_WQ_ADDR_LOCK_ASSERT();
2627 }
2628 tmr = NULL;
2629 switch (t_type) {
2630 case SCTP_TIMER_TYPE_SEND:
2631 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2632 #ifdef INVARIANTS
2633 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2634 t_type, inp, stcb, net);
2635 #else
2636 return;
2637 #endif
2638 }
2639 tmr = &net->rxt_timer;
2640 break;
2641 case SCTP_TIMER_TYPE_INIT:
2642 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2643 #ifdef INVARIANTS
2644 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2645 t_type, inp, stcb, net);
2646 #else
2647 return;
2648 #endif
2649 }
2650 tmr = &net->rxt_timer;
2651 break;
2652 case SCTP_TIMER_TYPE_RECV:
2653 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) {
2654 #ifdef INVARIANTS
2655 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2656 t_type, inp, stcb, net);
2657 #else
2658 return;
2659 #endif
2660 }
2661 tmr = &stcb->asoc.dack_timer;
2662 break;
2663 case SCTP_TIMER_TYPE_SHUTDOWN:
2664 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2665 #ifdef INVARIANTS
2666 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2667 t_type, inp, stcb, net);
2668 #else
2669 return;
2670 #endif
2671 }
2672 tmr = &net->rxt_timer;
2673 break;
2674 case SCTP_TIMER_TYPE_HEARTBEAT:
2675 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2676 #ifdef INVARIANTS
2677 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2678 t_type, inp, stcb, net);
2679 #else
2680 return;
2681 #endif
2682 }
2683 tmr = &net->hb_timer;
2684 break;
2685 case SCTP_TIMER_TYPE_COOKIE:
2686 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2687 #ifdef INVARIANTS
2688 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2689 t_type, inp, stcb, net);
2690 #else
2691 return;
2692 #endif
2693 }
2694 tmr = &net->rxt_timer;
2695 break;
2696 case SCTP_TIMER_TYPE_NEWCOOKIE:
2697 if ((inp == NULL) || (stcb != NULL) || (net != NULL)) {
2698 #ifdef INVARIANTS
2699 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2700 t_type, inp, stcb, net);
2701 #else
2702 return;
2703 #endif
2704 }
2705 tmr = &inp->sctp_ep.signature_change;
2706 break;
2707 case SCTP_TIMER_TYPE_PATHMTURAISE:
2708 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2709 #ifdef INVARIANTS
2710 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2711 t_type, inp, stcb, net);
2712 #else
2713 return;
2714 #endif
2715 }
2716 tmr = &net->pmtu_timer;
2717 break;
2718 case SCTP_TIMER_TYPE_SHUTDOWNACK:
2719 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) {
2720 #ifdef INVARIANTS
2721 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2722 t_type, inp, stcb, net);
2723 #else
2724 return;
2725 #endif
2726 }
2727 tmr = &net->rxt_timer;
2728 break;
2729 case SCTP_TIMER_TYPE_ASCONF:
2730 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) {
2731 #ifdef INVARIANTS
2732 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2733 t_type, inp, stcb, net);
2734 #else
2735 return;
2736 #endif
2737 }
2738 tmr = &stcb->asoc.asconf_timer;
2739 break;
2740 case SCTP_TIMER_TYPE_SHUTDOWNGUARD:
2741 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) {
2742 #ifdef INVARIANTS
2743 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2744 t_type, inp, stcb, net);
2745 #else
2746 return;
2747 #endif
2748 }
2749 tmr = &stcb->asoc.shut_guard_timer;
2750 break;
2751 case SCTP_TIMER_TYPE_AUTOCLOSE:
2752 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) {
2753 #ifdef INVARIANTS
2754 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2755 t_type, inp, stcb, net);
2756 #else
2757 return;
2758 #endif
2759 }
2760 tmr = &stcb->asoc.autoclose_timer;
2761 break;
2762 case SCTP_TIMER_TYPE_STRRESET:
2763 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) {
2764 #ifdef INVARIANTS
2765 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2766 t_type, inp, stcb, net);
2767 #else
2768 return;
2769 #endif
2770 }
2771 tmr = &stcb->asoc.strreset_timer;
2772 break;
2773 case SCTP_TIMER_TYPE_INPKILL:
2774 /*
2775 * The inp is setup to die. We re-use the signature_change
2776 * timer since that has stopped and we are in the GONE
2777 * state.
2778 */
2779 if ((inp == NULL) || (stcb != NULL) || (net != NULL)) {
2780 #ifdef INVARIANTS
2781 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2782 t_type, inp, stcb, net);
2783 #else
2784 return;
2785 #endif
2786 }
2787 tmr = &inp->sctp_ep.signature_change;
2788 break;
2789 case SCTP_TIMER_TYPE_ASOCKILL:
2790 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) {
2791 #ifdef INVARIANTS
2792 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2793 t_type, inp, stcb, net);
2794 #else
2795 return;
2796 #endif
2797 }
2798 tmr = &stcb->asoc.strreset_timer;
2799 break;
2800 case SCTP_TIMER_TYPE_ADDR_WQ:
2801 if ((inp != NULL) || (stcb != NULL) || (net != NULL)) {
2802 #ifdef INVARIANTS
2803 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2804 t_type, inp, stcb, net);
2805 #else
2806 return;
2807 #endif
2808 }
2809 tmr = &SCTP_BASE_INFO(addr_wq_timer);
2810 break;
2811 case SCTP_TIMER_TYPE_PRIM_DELETED:
2812 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) {
2813 #ifdef INVARIANTS
2814 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p",
2815 t_type, inp, stcb, net);
2816 #else
2817 return;
2818 #endif
2819 }
2820 tmr = &stcb->asoc.delete_prim_timer;
2821 break;
2822 default:
2823 #ifdef INVARIANTS
2824 panic("Unknown timer type %d", t_type);
2825 #else
2826 return;
2827 #endif
2828 }
2829 KASSERT(tmr != NULL, ("tmr is NULL for timer type %d", t_type));
2830 if ((tmr->type != SCTP_TIMER_TYPE_NONE) &&
2831 (tmr->type != t_type)) {
2832 /*
2833 * Ok we have a timer that is under joint use. Cookie timer
2834 * per chance with the SEND timer. We therefore are NOT
2835 * running the timer that the caller wants stopped. So just
2836 * return.
2837 */
2838 SCTPDBG(SCTP_DEBUG_TIMER2,
2839 "Shared timer type %d not running: inp=%p, stcb=%p, net=%p.\n",
2840 t_type, inp, stcb, net);
2841 return;
2842 }
2843 if ((t_type == SCTP_TIMER_TYPE_SEND) && (stcb != NULL)) {
2844 stcb->asoc.num_send_timers_up--;
2845 if (stcb->asoc.num_send_timers_up < 0) {
2846 stcb->asoc.num_send_timers_up = 0;
2847 }
2848 }
2849 tmr->self = NULL;
2850 tmr->stopped_from = from;
2851 if (SCTP_OS_TIMER_STOP(&tmr->timer) == 1) {
2852 KASSERT(tmr->ep == inp,
2853 ("sctp_timer_stop of type %d: inp = %p, tmr->inp = %p",
2854 t_type, inp, tmr->ep));
2855 KASSERT(tmr->tcb == stcb,
2856 ("sctp_timer_stop of type %d: stcb = %p, tmr->stcb = %p",
2857 t_type, stcb, tmr->tcb));
2858 KASSERT(((t_type == SCTP_TIMER_TYPE_ASCONF) && (tmr->net != NULL)) ||
2859 ((t_type != SCTP_TIMER_TYPE_ASCONF) && (tmr->net == net)),
2860 ("sctp_timer_stop of type %d: net = %p, tmr->net = %p",
2861 t_type, net, tmr->net));
2862 SCTPDBG(SCTP_DEBUG_TIMER2,
2863 "Timer type %d stopped: inp=%p, stcb=%p, net=%p.\n",
2864 t_type, inp, stcb, net);
2865 /*
2866 * If the timer was actually stopped, decrement reference
2867 * counts that were incremented in sctp_timer_start().
2868 */
2869 if (tmr->ep != NULL) {
2870 tmr->ep = NULL;
2871 SCTP_INP_DECR_REF(inp);
2872 }
2873 if (tmr->tcb != NULL) {
2874 tmr->tcb = NULL;
2875 atomic_subtract_int(&stcb->asoc.refcnt, 1);
2876 }
2877 if (tmr->net != NULL) {
2878 struct sctp_nets *tmr_net;
2879
2880 /*
2881 * Can't use net, since it doesn't work for
2882 * SCTP_TIMER_TYPE_ASCONF.
2883 */
2884 tmr_net = tmr->net;
2885 tmr->net = NULL;
2886 sctp_free_remote_addr(tmr_net);
2887 }
2888 } else {
2889 SCTPDBG(SCTP_DEBUG_TIMER2,
2890 "Timer type %d not stopped: inp=%p, stcb=%p, net=%p.\n",
2891 t_type, inp, stcb, net);
2892 }
2893 return;
2894 }
2895
2896 uint32_t
sctp_calculate_len(struct mbuf * m)2897 sctp_calculate_len(struct mbuf *m)
2898 {
2899 struct mbuf *at;
2900 uint32_t tlen;
2901
2902 tlen = 0;
2903 for (at = m; at != NULL; at = SCTP_BUF_NEXT(at)) {
2904 tlen += SCTP_BUF_LEN(at);
2905 }
2906 return (tlen);
2907 }
2908
2909 /*
2910 * Given an association and starting time of the current RTT period, update
2911 * RTO in number of msecs. net should point to the current network.
2912 * Return 1, if an RTO update was performed, return 0 if no update was
2913 * performed due to invalid starting point.
2914 */
2915
2916 int
sctp_calculate_rto(struct sctp_tcb * stcb,struct sctp_association * asoc,struct sctp_nets * net,struct timeval * old,int rtt_from_sack)2917 sctp_calculate_rto(struct sctp_tcb *stcb,
2918 struct sctp_association *asoc,
2919 struct sctp_nets *net,
2920 struct timeval *old,
2921 int rtt_from_sack)
2922 {
2923 struct timeval now;
2924 uint64_t rtt_us; /* RTT in us */
2925 int32_t rtt; /* RTT in ms */
2926 uint32_t new_rto;
2927 int first_measure = 0;
2928
2929 /************************/
2930 /* 1. calculate new RTT */
2931 /************************/
2932 /* get the current time */
2933 if (stcb->asoc.use_precise_time) {
2934 (void)SCTP_GETPTIME_TIMEVAL(&now);
2935 } else {
2936 (void)SCTP_GETTIME_TIMEVAL(&now);
2937 }
2938 if ((old->tv_sec > now.tv_sec) ||
2939 ((old->tv_sec == now.tv_sec) && (old->tv_usec > now.tv_usec))) {
2940 /* The starting point is in the future. */
2941 return (0);
2942 }
2943 timevalsub(&now, old);
2944 rtt_us = (uint64_t)1000000 * (uint64_t)now.tv_sec + (uint64_t)now.tv_usec;
2945 if (rtt_us > SCTP_RTO_UPPER_BOUND * 1000) {
2946 /* The RTT is larger than a sane value. */
2947 return (0);
2948 }
2949 /* store the current RTT in us */
2950 net->rtt = rtt_us;
2951 /* compute rtt in ms */
2952 rtt = (int32_t)(net->rtt / 1000);
2953 if ((asoc->cc_functions.sctp_rtt_calculated) && (rtt_from_sack == SCTP_RTT_FROM_DATA)) {
2954 /*
2955 * Tell the CC module that a new update has just occurred
2956 * from a sack
2957 */
2958 (*asoc->cc_functions.sctp_rtt_calculated) (stcb, net, &now);
2959 }
2960 /*
2961 * Do we need to determine the lan? We do this only on sacks i.e.
2962 * RTT being determined from data not non-data (HB/INIT->INITACK).
2963 */
2964 if ((rtt_from_sack == SCTP_RTT_FROM_DATA) &&
2965 (net->lan_type == SCTP_LAN_UNKNOWN)) {
2966 if (net->rtt > SCTP_LOCAL_LAN_RTT) {
2967 net->lan_type = SCTP_LAN_INTERNET;
2968 } else {
2969 net->lan_type = SCTP_LAN_LOCAL;
2970 }
2971 }
2972
2973 /***************************/
2974 /* 2. update RTTVAR & SRTT */
2975 /***************************/
2976 /*-
2977 * Compute the scaled average lastsa and the
2978 * scaled variance lastsv as described in van Jacobson
2979 * Paper "Congestion Avoidance and Control", Annex A.
2980 *
2981 * (net->lastsa >> SCTP_RTT_SHIFT) is the srtt
2982 * (net->lastsv >> SCTP_RTT_VAR_SHIFT) is the rttvar
2983 */
2984 if (net->RTO_measured) {
2985 rtt -= (net->lastsa >> SCTP_RTT_SHIFT);
2986 net->lastsa += rtt;
2987 if (rtt < 0) {
2988 rtt = -rtt;
2989 }
2990 rtt -= (net->lastsv >> SCTP_RTT_VAR_SHIFT);
2991 net->lastsv += rtt;
2992 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RTTVAR_LOGGING_ENABLE) {
2993 rto_logging(net, SCTP_LOG_RTTVAR);
2994 }
2995 } else {
2996 /* First RTO measurement */
2997 net->RTO_measured = 1;
2998 first_measure = 1;
2999 net->lastsa = rtt << SCTP_RTT_SHIFT;
3000 net->lastsv = (rtt / 2) << SCTP_RTT_VAR_SHIFT;
3001 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RTTVAR_LOGGING_ENABLE) {
3002 rto_logging(net, SCTP_LOG_INITIAL_RTT);
3003 }
3004 }
3005 if (net->lastsv == 0) {
3006 net->lastsv = SCTP_CLOCK_GRANULARITY;
3007 }
3008 new_rto = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
3009 if ((new_rto > SCTP_SAT_NETWORK_MIN) &&
3010 (stcb->asoc.sat_network_lockout == 0)) {
3011 stcb->asoc.sat_network = 1;
3012 } else if ((!first_measure) && stcb->asoc.sat_network) {
3013 stcb->asoc.sat_network = 0;
3014 stcb->asoc.sat_network_lockout = 1;
3015 }
3016 /* bound it, per C6/C7 in Section 5.3.1 */
3017 if (new_rto < stcb->asoc.minrto) {
3018 new_rto = stcb->asoc.minrto;
3019 }
3020 if (new_rto > stcb->asoc.maxrto) {
3021 new_rto = stcb->asoc.maxrto;
3022 }
3023 net->RTO = new_rto;
3024 return (1);
3025 }
3026
3027 /*
3028 * return a pointer to a contiguous piece of data from the given mbuf chain
3029 * starting at 'off' for 'len' bytes. If the desired piece spans more than
3030 * one mbuf, a copy is made at 'ptr'. caller must ensure that the buffer size
3031 * is >= 'len' returns NULL if there there isn't 'len' bytes in the chain.
3032 */
3033 caddr_t
sctp_m_getptr(struct mbuf * m,int off,int len,uint8_t * in_ptr)3034 sctp_m_getptr(struct mbuf *m, int off, int len, uint8_t *in_ptr)
3035 {
3036 uint32_t count;
3037 uint8_t *ptr;
3038
3039 ptr = in_ptr;
3040 if ((off < 0) || (len <= 0))
3041 return (NULL);
3042
3043 /* find the desired start location */
3044 while ((m != NULL) && (off > 0)) {
3045 if (off < SCTP_BUF_LEN(m))
3046 break;
3047 off -= SCTP_BUF_LEN(m);
3048 m = SCTP_BUF_NEXT(m);
3049 }
3050 if (m == NULL)
3051 return (NULL);
3052
3053 /* is the current mbuf large enough (eg. contiguous)? */
3054 if ((SCTP_BUF_LEN(m) - off) >= len) {
3055 return (mtod(m, caddr_t)+off);
3056 } else {
3057 /* else, it spans more than one mbuf, so save a temp copy... */
3058 while ((m != NULL) && (len > 0)) {
3059 count = min(SCTP_BUF_LEN(m) - off, len);
3060 memcpy(ptr, mtod(m, caddr_t)+off, count);
3061 len -= count;
3062 ptr += count;
3063 off = 0;
3064 m = SCTP_BUF_NEXT(m);
3065 }
3066 if ((m == NULL) && (len > 0))
3067 return (NULL);
3068 else
3069 return ((caddr_t)in_ptr);
3070 }
3071 }
3072
3073 struct sctp_paramhdr *
sctp_get_next_param(struct mbuf * m,int offset,struct sctp_paramhdr * pull,int pull_limit)3074 sctp_get_next_param(struct mbuf *m,
3075 int offset,
3076 struct sctp_paramhdr *pull,
3077 int pull_limit)
3078 {
3079 /* This just provides a typed signature to Peter's Pull routine */
3080 return ((struct sctp_paramhdr *)sctp_m_getptr(m, offset, pull_limit,
3081 (uint8_t *)pull));
3082 }
3083
3084 struct mbuf *
sctp_add_pad_tombuf(struct mbuf * m,int padlen)3085 sctp_add_pad_tombuf(struct mbuf *m, int padlen)
3086 {
3087 struct mbuf *m_last;
3088 caddr_t dp;
3089
3090 if (padlen > 3) {
3091 return (NULL);
3092 }
3093 if (padlen <= M_TRAILINGSPACE(m)) {
3094 /*
3095 * The easy way. We hope the majority of the time we hit
3096 * here :)
3097 */
3098 m_last = m;
3099 } else {
3100 /* Hard way we must grow the mbuf chain */
3101 m_last = sctp_get_mbuf_for_msg(padlen, 0, M_NOWAIT, 1, MT_DATA);
3102 if (m_last == NULL) {
3103 return (NULL);
3104 }
3105 SCTP_BUF_LEN(m_last) = 0;
3106 SCTP_BUF_NEXT(m_last) = NULL;
3107 SCTP_BUF_NEXT(m) = m_last;
3108 }
3109 dp = mtod(m_last, caddr_t)+SCTP_BUF_LEN(m_last);
3110 SCTP_BUF_LEN(m_last) += padlen;
3111 memset(dp, 0, padlen);
3112 return (m_last);
3113 }
3114
3115 struct mbuf *
sctp_pad_lastmbuf(struct mbuf * m,int padval,struct mbuf * last_mbuf)3116 sctp_pad_lastmbuf(struct mbuf *m, int padval, struct mbuf *last_mbuf)
3117 {
3118 /* find the last mbuf in chain and pad it */
3119 struct mbuf *m_at;
3120
3121 if (last_mbuf != NULL) {
3122 return (sctp_add_pad_tombuf(last_mbuf, padval));
3123 } else {
3124 for (m_at = m; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
3125 if (SCTP_BUF_NEXT(m_at) == NULL) {
3126 return (sctp_add_pad_tombuf(m_at, padval));
3127 }
3128 }
3129 }
3130 return (NULL);
3131 }
3132
3133 static void
sctp_notify_assoc_change(uint16_t state,struct sctp_tcb * stcb,uint16_t error,struct sctp_abort_chunk * abort,bool from_peer,bool timedout,int so_locked)3134 sctp_notify_assoc_change(uint16_t state, struct sctp_tcb *stcb,
3135 uint16_t error, struct sctp_abort_chunk *abort,
3136 bool from_peer, bool timedout, int so_locked)
3137 {
3138 struct mbuf *m_notify;
3139 struct sctp_assoc_change *sac;
3140 struct sctp_queued_to_read *control;
3141 struct sctp_inpcb *inp;
3142 unsigned int notif_len;
3143 unsigned int i;
3144 uint16_t abort_len;
3145
3146 KASSERT(abort == NULL || from_peer,
3147 ("sctp_notify_assoc_change: ABORT chunk provided for local termination"));
3148 KASSERT(!from_peer || !timedout,
3149 ("sctp_notify_assoc_change: timeouts can only be local"));
3150 KASSERT(stcb != NULL, ("stcb == NULL"));
3151 SCTP_TCB_LOCK_ASSERT(stcb);
3152 inp = stcb->sctp_ep;
3153 SCTP_INP_READ_LOCK_ASSERT(inp);
3154
3155 if (sctp_stcb_is_feature_on(inp, stcb, SCTP_PCB_FLAGS_RECVASSOCEVNT)) {
3156 notif_len = (unsigned int)sizeof(struct sctp_assoc_change);
3157 if (abort != NULL) {
3158 abort_len = ntohs(abort->ch.chunk_length);
3159 /*
3160 * Only SCTP_CHUNK_BUFFER_SIZE are guaranteed to be
3161 * contiguous.
3162 */
3163 if (abort_len > SCTP_CHUNK_BUFFER_SIZE) {
3164 abort_len = SCTP_CHUNK_BUFFER_SIZE;
3165 }
3166 } else {
3167 abort_len = 0;
3168 }
3169 if ((state == SCTP_COMM_UP) || (state == SCTP_RESTART)) {
3170 notif_len += SCTP_ASSOC_SUPPORTS_MAX;
3171 } else if ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC)) {
3172 notif_len += abort_len;
3173 }
3174 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA);
3175 if (m_notify == NULL) {
3176 /* Retry with smaller value. */
3177 notif_len = (unsigned int)sizeof(struct sctp_assoc_change);
3178 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA);
3179 if (m_notify == NULL) {
3180 goto set_error;
3181 }
3182 }
3183 SCTP_BUF_NEXT(m_notify) = NULL;
3184 sac = mtod(m_notify, struct sctp_assoc_change *);
3185 memset(sac, 0, notif_len);
3186 sac->sac_type = SCTP_ASSOC_CHANGE;
3187 sac->sac_flags = 0;
3188 sac->sac_length = sizeof(struct sctp_assoc_change);
3189 sac->sac_state = state;
3190 sac->sac_error = error;
3191 if (state == SCTP_CANT_STR_ASSOC) {
3192 sac->sac_outbound_streams = 0;
3193 sac->sac_inbound_streams = 0;
3194 } else {
3195 sac->sac_outbound_streams = stcb->asoc.streamoutcnt;
3196 sac->sac_inbound_streams = stcb->asoc.streamincnt;
3197 }
3198 sac->sac_assoc_id = sctp_get_associd(stcb);
3199 if (notif_len > sizeof(struct sctp_assoc_change)) {
3200 if ((state == SCTP_COMM_UP) || (state == SCTP_RESTART)) {
3201 i = 0;
3202 if (stcb->asoc.prsctp_supported == 1) {
3203 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_PR;
3204 }
3205 if (stcb->asoc.auth_supported == 1) {
3206 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_AUTH;
3207 }
3208 if (stcb->asoc.asconf_supported == 1) {
3209 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_ASCONF;
3210 }
3211 if (stcb->asoc.idata_supported == 1) {
3212 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_INTERLEAVING;
3213 }
3214 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_MULTIBUF;
3215 if (stcb->asoc.reconfig_supported == 1) {
3216 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_RE_CONFIG;
3217 }
3218 sac->sac_length += i;
3219 } else if ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC)) {
3220 memcpy(sac->sac_info, abort, abort_len);
3221 sac->sac_length += abort_len;
3222 }
3223 }
3224 SCTP_BUF_LEN(m_notify) = sac->sac_length;
3225 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination,
3226 0, 0, stcb->asoc.context, 0, 0, 0,
3227 m_notify);
3228 if (control != NULL) {
3229 control->length = SCTP_BUF_LEN(m_notify);
3230 control->spec_flags = M_NOTIFICATION;
3231 /* not that we need this */
3232 control->tail_mbuf = m_notify;
3233 sctp_add_to_readq(inp, stcb, control,
3234 &stcb->sctp_socket->so_rcv, 1,
3235 SCTP_READ_LOCK_HELD, so_locked);
3236 } else {
3237 sctp_m_freem(m_notify);
3238 }
3239 }
3240 /*
3241 * For 1-to-1 style sockets, we send up and error when an ABORT
3242 * comes in.
3243 */
3244 set_error:
3245 if (((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
3246 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
3247 ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC))) {
3248 SOCK_LOCK(stcb->sctp_socket);
3249 if (from_peer) {
3250 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) {
3251 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNREFUSED);
3252 stcb->sctp_socket->so_error = ECONNREFUSED;
3253 } else {
3254 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNRESET);
3255 stcb->sctp_socket->so_error = ECONNRESET;
3256 }
3257 } else {
3258 if (timedout) {
3259 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ETIMEDOUT);
3260 stcb->sctp_socket->so_error = ETIMEDOUT;
3261 } else {
3262 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNABORTED);
3263 stcb->sctp_socket->so_error = ECONNABORTED;
3264 }
3265 }
3266 SOCK_UNLOCK(stcb->sctp_socket);
3267 }
3268 /* Wake ANY sleepers */
3269 if (((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
3270 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
3271 ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC))) {
3272 socantrcvmore(stcb->sctp_socket);
3273 }
3274 sorwakeup(stcb->sctp_socket);
3275 sowwakeup(stcb->sctp_socket);
3276 }
3277
3278 static void
sctp_notify_peer_addr_change(struct sctp_tcb * stcb,uint32_t state,struct sockaddr * sa,uint32_t error,int so_locked)3279 sctp_notify_peer_addr_change(struct sctp_tcb *stcb, uint32_t state,
3280 struct sockaddr *sa, uint32_t error, int so_locked)
3281 {
3282 struct mbuf *m_notify;
3283 struct sctp_paddr_change *spc;
3284 struct sctp_queued_to_read *control;
3285
3286 KASSERT(stcb != NULL, ("stcb == NULL"));
3287 SCTP_TCB_LOCK_ASSERT(stcb);
3288 SCTP_INP_READ_LOCK_ASSERT(stcb->sctp_ep);
3289
3290 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVPADDREVNT)) {
3291 /* event not enabled */
3292 return;
3293 }
3294
3295 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_paddr_change), 0, M_NOWAIT, 1, MT_DATA);
3296 if (m_notify == NULL)
3297 return;
3298 SCTP_BUF_LEN(m_notify) = 0;
3299 spc = mtod(m_notify, struct sctp_paddr_change *);
3300 memset(spc, 0, sizeof(struct sctp_paddr_change));
3301 spc->spc_type = SCTP_PEER_ADDR_CHANGE;
3302 spc->spc_flags = 0;
3303 spc->spc_length = sizeof(struct sctp_paddr_change);
3304 switch (sa->sa_family) {
3305 #ifdef INET
3306 case AF_INET:
3307 #ifdef INET6
3308 if (sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_NEEDS_MAPPED_V4)) {
3309 in6_sin_2_v4mapsin6((struct sockaddr_in *)sa,
3310 (struct sockaddr_in6 *)&spc->spc_aaddr);
3311 } else {
3312 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in));
3313 }
3314 #else
3315 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in));
3316 #endif
3317 break;
3318 #endif
3319 #ifdef INET6
3320 case AF_INET6:
3321 {
3322 struct sockaddr_in6 *sin6;
3323
3324 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in6));
3325
3326 sin6 = (struct sockaddr_in6 *)&spc->spc_aaddr;
3327 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) {
3328 if (sin6->sin6_scope_id == 0) {
3329 /* recover scope_id for user */
3330 (void)sa6_recoverscope(sin6);
3331 } else {
3332 /* clear embedded scope_id for user */
3333 in6_clearscope(&sin6->sin6_addr);
3334 }
3335 }
3336 break;
3337 }
3338 #endif
3339 default:
3340 /* TSNH */
3341 break;
3342 }
3343 spc->spc_state = state;
3344 spc->spc_error = error;
3345 spc->spc_assoc_id = sctp_get_associd(stcb);
3346
3347 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_paddr_change);
3348 SCTP_BUF_NEXT(m_notify) = NULL;
3349
3350 /* append to socket */
3351 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination,
3352 0, 0, stcb->asoc.context, 0, 0, 0,
3353 m_notify);
3354 if (control == NULL) {
3355 /* no memory */
3356 sctp_m_freem(m_notify);
3357 return;
3358 }
3359 control->length = SCTP_BUF_LEN(m_notify);
3360 control->spec_flags = M_NOTIFICATION;
3361 /* not that we need this */
3362 control->tail_mbuf = m_notify;
3363 sctp_add_to_readq(stcb->sctp_ep, stcb, control,
3364 &stcb->sctp_socket->so_rcv, 1,
3365 SCTP_READ_LOCK_HELD, so_locked);
3366 }
3367
3368 static void
sctp_notify_send_failed(struct sctp_tcb * stcb,uint8_t sent,uint32_t error,struct sctp_tmit_chunk * chk,int so_locked)3369 sctp_notify_send_failed(struct sctp_tcb *stcb, uint8_t sent, uint32_t error,
3370 struct sctp_tmit_chunk *chk, int so_locked)
3371 {
3372 struct mbuf *m_notify;
3373 struct sctp_send_failed *ssf;
3374 struct sctp_send_failed_event *ssfe;
3375 struct sctp_queued_to_read *control;
3376 struct sctp_chunkhdr *chkhdr;
3377 int notifhdr_len, chk_len, chkhdr_len, padding_len, payload_len;
3378
3379 KASSERT(stcb != NULL, ("stcb == NULL"));
3380 SCTP_TCB_LOCK_ASSERT(stcb);
3381 SCTP_INP_READ_LOCK_ASSERT(stcb->sctp_ep);
3382
3383 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSENDFAILEVNT) &&
3384 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) {
3385 /* event not enabled */
3386 return;
3387 }
3388
3389 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) {
3390 notifhdr_len = sizeof(struct sctp_send_failed_event);
3391 } else {
3392 notifhdr_len = sizeof(struct sctp_send_failed);
3393 }
3394 m_notify = sctp_get_mbuf_for_msg(notifhdr_len, 0, M_NOWAIT, 1, MT_DATA);
3395 if (m_notify == NULL)
3396 /* no space left */
3397 return;
3398 SCTP_BUF_LEN(m_notify) = notifhdr_len;
3399 if (stcb->asoc.idata_supported) {
3400 chkhdr_len = sizeof(struct sctp_idata_chunk);
3401 } else {
3402 chkhdr_len = sizeof(struct sctp_data_chunk);
3403 }
3404 /* Use some defaults in case we can't access the chunk header */
3405 if (chk->send_size >= chkhdr_len) {
3406 payload_len = chk->send_size - chkhdr_len;
3407 } else {
3408 payload_len = 0;
3409 }
3410 padding_len = 0;
3411 if (chk->data != NULL) {
3412 chkhdr = mtod(chk->data, struct sctp_chunkhdr *);
3413 if (chkhdr != NULL) {
3414 chk_len = ntohs(chkhdr->chunk_length);
3415 if ((chk_len >= chkhdr_len) &&
3416 (chk->send_size >= chk_len) &&
3417 (chk->send_size - chk_len < 4)) {
3418 padding_len = chk->send_size - chk_len;
3419 payload_len = chk->send_size - chkhdr_len - padding_len;
3420 }
3421 }
3422 }
3423 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) {
3424 ssfe = mtod(m_notify, struct sctp_send_failed_event *);
3425 memset(ssfe, 0, notifhdr_len);
3426 ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT;
3427 if (sent) {
3428 ssfe->ssfe_flags = SCTP_DATA_SENT;
3429 } else {
3430 ssfe->ssfe_flags = SCTP_DATA_UNSENT;
3431 }
3432 ssfe->ssfe_length = (uint32_t)(notifhdr_len + payload_len);
3433 ssfe->ssfe_error = error;
3434 /* not exactly what the user sent in, but should be close :) */
3435 ssfe->ssfe_info.snd_sid = chk->rec.data.sid;
3436 ssfe->ssfe_info.snd_flags = chk->rec.data.rcv_flags;
3437 ssfe->ssfe_info.snd_ppid = chk->rec.data.ppid;
3438 ssfe->ssfe_info.snd_context = chk->rec.data.context;
3439 ssfe->ssfe_info.snd_assoc_id = sctp_get_associd(stcb);
3440 ssfe->ssfe_assoc_id = sctp_get_associd(stcb);
3441 } else {
3442 ssf = mtod(m_notify, struct sctp_send_failed *);
3443 memset(ssf, 0, notifhdr_len);
3444 ssf->ssf_type = SCTP_SEND_FAILED;
3445 if (sent) {
3446 ssf->ssf_flags = SCTP_DATA_SENT;
3447 } else {
3448 ssf->ssf_flags = SCTP_DATA_UNSENT;
3449 }
3450 ssf->ssf_length = (uint32_t)(notifhdr_len + payload_len);
3451 ssf->ssf_error = error;
3452 /* not exactly what the user sent in, but should be close :) */
3453 ssf->ssf_info.sinfo_stream = chk->rec.data.sid;
3454 ssf->ssf_info.sinfo_ssn = (uint16_t)chk->rec.data.mid;
3455 ssf->ssf_info.sinfo_flags = chk->rec.data.rcv_flags;
3456 ssf->ssf_info.sinfo_ppid = chk->rec.data.ppid;
3457 ssf->ssf_info.sinfo_context = chk->rec.data.context;
3458 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb);
3459 ssf->ssf_assoc_id = sctp_get_associd(stcb);
3460 }
3461 if (chk->data != NULL) {
3462 /* Trim off the sctp chunk header (it should be there) */
3463 if (chk->send_size == chkhdr_len + payload_len + padding_len) {
3464 m_adj(chk->data, chkhdr_len);
3465 m_adj(chk->data, -padding_len);
3466 sctp_mbuf_crush(chk->data);
3467 chk->send_size -= (chkhdr_len + padding_len);
3468 }
3469 }
3470 SCTP_BUF_NEXT(m_notify) = chk->data;
3471 /* Steal off the mbuf */
3472 chk->data = NULL;
3473 /*
3474 * For this case, we check the actual socket buffer, since the assoc
3475 * is going away we don't want to overfill the socket buffer for a
3476 * non-reader
3477 */
3478 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) {
3479 sctp_m_freem(m_notify);
3480 return;
3481 }
3482 /* append to socket */
3483 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination,
3484 0, 0, stcb->asoc.context, 0, 0, 0,
3485 m_notify);
3486 if (control == NULL) {
3487 /* no memory */
3488 sctp_m_freem(m_notify);
3489 return;
3490 }
3491 control->length = SCTP_BUF_LEN(m_notify);
3492 control->spec_flags = M_NOTIFICATION;
3493 /* not that we need this */
3494 control->tail_mbuf = m_notify;
3495 sctp_add_to_readq(stcb->sctp_ep, stcb, control,
3496 &stcb->sctp_socket->so_rcv, 1,
3497 SCTP_READ_LOCK_HELD, so_locked);
3498 }
3499
3500 static void
sctp_notify_send_failed2(struct sctp_tcb * stcb,uint32_t error,struct sctp_stream_queue_pending * sp,int so_locked)3501 sctp_notify_send_failed2(struct sctp_tcb *stcb, uint32_t error,
3502 struct sctp_stream_queue_pending *sp, int so_locked)
3503 {
3504 struct mbuf *m_notify;
3505 struct sctp_send_failed *ssf;
3506 struct sctp_send_failed_event *ssfe;
3507 struct sctp_queued_to_read *control;
3508 int notifhdr_len;
3509
3510 KASSERT(stcb != NULL, ("stcb == NULL"));
3511 SCTP_TCB_LOCK_ASSERT(stcb);
3512 SCTP_INP_READ_LOCK_ASSERT(stcb->sctp_ep);
3513
3514 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSENDFAILEVNT) &&
3515 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) {
3516 /* event not enabled */
3517 return;
3518 }
3519
3520 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) {
3521 notifhdr_len = sizeof(struct sctp_send_failed_event);
3522 } else {
3523 notifhdr_len = sizeof(struct sctp_send_failed);
3524 }
3525 m_notify = sctp_get_mbuf_for_msg(notifhdr_len, 0, M_NOWAIT, 1, MT_DATA);
3526 if (m_notify == NULL) {
3527 /* no space left */
3528 return;
3529 }
3530 SCTP_BUF_LEN(m_notify) = notifhdr_len;
3531 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) {
3532 ssfe = mtod(m_notify, struct sctp_send_failed_event *);
3533 memset(ssfe, 0, notifhdr_len);
3534 ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT;
3535 ssfe->ssfe_flags = SCTP_DATA_UNSENT;
3536 ssfe->ssfe_length = (uint32_t)(notifhdr_len + sp->length);
3537 ssfe->ssfe_error = error;
3538 /* not exactly what the user sent in, but should be close :) */
3539 ssfe->ssfe_info.snd_sid = sp->sid;
3540 if (sp->some_taken) {
3541 ssfe->ssfe_info.snd_flags = SCTP_DATA_LAST_FRAG;
3542 } else {
3543 ssfe->ssfe_info.snd_flags = SCTP_DATA_NOT_FRAG;
3544 }
3545 ssfe->ssfe_info.snd_ppid = sp->ppid;
3546 ssfe->ssfe_info.snd_context = sp->context;
3547 ssfe->ssfe_info.snd_assoc_id = sctp_get_associd(stcb);
3548 ssfe->ssfe_assoc_id = sctp_get_associd(stcb);
3549 } else {
3550 ssf = mtod(m_notify, struct sctp_send_failed *);
3551 memset(ssf, 0, notifhdr_len);
3552 ssf->ssf_type = SCTP_SEND_FAILED;
3553 ssf->ssf_flags = SCTP_DATA_UNSENT;
3554 ssf->ssf_length = (uint32_t)(notifhdr_len + sp->length);
3555 ssf->ssf_error = error;
3556 /* not exactly what the user sent in, but should be close :) */
3557 ssf->ssf_info.sinfo_stream = sp->sid;
3558 ssf->ssf_info.sinfo_ssn = 0;
3559 if (sp->some_taken) {
3560 ssf->ssf_info.sinfo_flags = SCTP_DATA_LAST_FRAG;
3561 } else {
3562 ssf->ssf_info.sinfo_flags = SCTP_DATA_NOT_FRAG;
3563 }
3564 ssf->ssf_info.sinfo_ppid = sp->ppid;
3565 ssf->ssf_info.sinfo_context = sp->context;
3566 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb);
3567 ssf->ssf_assoc_id = sctp_get_associd(stcb);
3568 }
3569 SCTP_BUF_NEXT(m_notify) = sp->data;
3570
3571 /* Steal off the mbuf */
3572 sp->data = NULL;
3573 /*
3574 * For this case, we check the actual socket buffer, since the assoc
3575 * is going away we don't want to overfill the socket buffer for a
3576 * non-reader
3577 */
3578 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) {
3579 sctp_m_freem(m_notify);
3580 return;
3581 }
3582 /* append to socket */
3583 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination,
3584 0, 0, stcb->asoc.context, 0, 0, 0,
3585 m_notify);
3586 if (control == NULL) {
3587 /* no memory */
3588 sctp_m_freem(m_notify);
3589 return;
3590 }
3591 control->length = SCTP_BUF_LEN(m_notify);
3592 control->spec_flags = M_NOTIFICATION;
3593 /* not that we need this */
3594 control->tail_mbuf = m_notify;
3595 sctp_add_to_readq(stcb->sctp_ep, stcb, control,
3596 &stcb->sctp_socket->so_rcv, 1,
3597 SCTP_READ_LOCK_HELD, so_locked);
3598 }
3599
3600 static void
sctp_notify_adaptation_layer(struct sctp_tcb * stcb,int so_locked)3601 sctp_notify_adaptation_layer(struct sctp_tcb *stcb, int so_locked)
3602 {
3603 struct mbuf *m_notify;
3604 struct sctp_adaptation_event *sai;
3605 struct sctp_queued_to_read *control;
3606
3607 KASSERT(stcb != NULL, ("stcb == NULL"));
3608 SCTP_TCB_LOCK_ASSERT(stcb);
3609 SCTP_INP_READ_LOCK_ASSERT(stcb->sctp_ep);
3610
3611 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ADAPTATIONEVNT)) {
3612 /* event not enabled */
3613 return;
3614 }
3615
3616 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_adaption_event), 0, M_NOWAIT, 1, MT_DATA);
3617 if (m_notify == NULL)
3618 /* no space left */
3619 return;
3620 SCTP_BUF_LEN(m_notify) = 0;
3621 sai = mtod(m_notify, struct sctp_adaptation_event *);
3622 memset(sai, 0, sizeof(struct sctp_adaptation_event));
3623 sai->sai_type = SCTP_ADAPTATION_INDICATION;
3624 sai->sai_flags = 0;
3625 sai->sai_length = sizeof(struct sctp_adaptation_event);
3626 sai->sai_adaptation_ind = stcb->asoc.peers_adaptation;
3627 sai->sai_assoc_id = sctp_get_associd(stcb);
3628
3629 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_adaptation_event);
3630 SCTP_BUF_NEXT(m_notify) = NULL;
3631
3632 /* append to socket */
3633 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination,
3634 0, 0, stcb->asoc.context, 0, 0, 0,
3635 m_notify);
3636 if (control == NULL) {
3637 /* no memory */
3638 sctp_m_freem(m_notify);
3639 return;
3640 }
3641 control->length = SCTP_BUF_LEN(m_notify);
3642 control->spec_flags = M_NOTIFICATION;
3643 /* not that we need this */
3644 control->tail_mbuf = m_notify;
3645 sctp_add_to_readq(stcb->sctp_ep, stcb, control,
3646 &stcb->sctp_socket->so_rcv, 1,
3647 SCTP_READ_LOCK_HELD, so_locked);
3648 }
3649
3650 static void
sctp_notify_partial_delivery_indication(struct sctp_tcb * stcb,uint32_t error,struct sctp_queued_to_read * aborted_control,int so_locked)3651 sctp_notify_partial_delivery_indication(struct sctp_tcb *stcb, uint32_t error,
3652 struct sctp_queued_to_read *aborted_control,
3653 int so_locked)
3654 {
3655 struct mbuf *m_notify;
3656 struct sctp_pdapi_event *pdapi;
3657 struct sctp_queued_to_read *control;
3658 struct sockbuf *sb;
3659
3660 KASSERT(aborted_control != NULL, ("aborted_control is NULL"));
3661 KASSERT(stcb != NULL, ("stcb == NULL"));
3662 SCTP_TCB_LOCK_ASSERT(stcb);
3663 SCTP_INP_READ_LOCK_ASSERT(stcb->sctp_ep);
3664
3665 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_PDAPIEVNT)) {
3666 /* event not enabled */
3667 return;
3668 }
3669
3670 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_pdapi_event), 0, M_NOWAIT, 1, MT_DATA);
3671 if (m_notify == NULL)
3672 /* no space left */
3673 return;
3674 SCTP_BUF_LEN(m_notify) = 0;
3675 pdapi = mtod(m_notify, struct sctp_pdapi_event *);
3676 memset(pdapi, 0, sizeof(struct sctp_pdapi_event));
3677 pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT;
3678 pdapi->pdapi_flags = 0;
3679 pdapi->pdapi_length = sizeof(struct sctp_pdapi_event);
3680 pdapi->pdapi_indication = error;
3681 pdapi->pdapi_stream = aborted_control->sinfo_stream;
3682 pdapi->pdapi_seq = (uint16_t)aborted_control->mid;
3683 pdapi->pdapi_assoc_id = sctp_get_associd(stcb);
3684
3685 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_pdapi_event);
3686 SCTP_BUF_NEXT(m_notify) = NULL;
3687 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination,
3688 0, 0, stcb->asoc.context, 0, 0, 0,
3689 m_notify);
3690 if (control == NULL) {
3691 /* no memory */
3692 sctp_m_freem(m_notify);
3693 return;
3694 }
3695 control->length = SCTP_BUF_LEN(m_notify);
3696 control->spec_flags = M_NOTIFICATION;
3697 /* not that we need this */
3698 control->tail_mbuf = m_notify;
3699 sb = &stcb->sctp_socket->so_rcv;
3700 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) {
3701 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m_notify));
3702 }
3703 sctp_sballoc(stcb, sb, m_notify);
3704 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) {
3705 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0);
3706 }
3707 control->end_added = 1;
3708 TAILQ_INSERT_AFTER(&stcb->sctp_ep->read_queue, aborted_control, control, next);
3709 if (stcb->sctp_ep && stcb->sctp_socket) {
3710 /* This should always be the case */
3711 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket);
3712 }
3713 }
3714
3715 static void
sctp_notify_shutdown_event(struct sctp_tcb * stcb,int so_locked)3716 sctp_notify_shutdown_event(struct sctp_tcb *stcb, int so_locked)
3717 {
3718 struct mbuf *m_notify;
3719 struct sctp_shutdown_event *sse;
3720 struct sctp_queued_to_read *control;
3721
3722 KASSERT(stcb != NULL, ("stcb == NULL"));
3723 SCTP_TCB_LOCK_ASSERT(stcb);
3724 SCTP_INP_READ_LOCK_ASSERT(stcb->sctp_ep);
3725
3726 /*
3727 * For TCP model AND UDP connected sockets we will send an error up
3728 * when an SHUTDOWN completes
3729 */
3730 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
3731 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
3732 /* mark socket closed for read/write and wakeup! */
3733 socantsendmore(stcb->sctp_socket);
3734 }
3735
3736 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSHUTDOWNEVNT)) {
3737 /* event not enabled */
3738 return;
3739 }
3740
3741 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_event), 0, M_NOWAIT, 1, MT_DATA);
3742 if (m_notify == NULL)
3743 /* no space left */
3744 return;
3745 sse = mtod(m_notify, struct sctp_shutdown_event *);
3746 memset(sse, 0, sizeof(struct sctp_shutdown_event));
3747 sse->sse_type = SCTP_SHUTDOWN_EVENT;
3748 sse->sse_flags = 0;
3749 sse->sse_length = sizeof(struct sctp_shutdown_event);
3750 sse->sse_assoc_id = sctp_get_associd(stcb);
3751
3752 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_shutdown_event);
3753 SCTP_BUF_NEXT(m_notify) = NULL;
3754
3755 /* append to socket */
3756 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination,
3757 0, 0, stcb->asoc.context, 0, 0, 0,
3758 m_notify);
3759 if (control == NULL) {
3760 /* no memory */
3761 sctp_m_freem(m_notify);
3762 return;
3763 }
3764 control->length = SCTP_BUF_LEN(m_notify);
3765 control->spec_flags = M_NOTIFICATION;
3766 /* not that we need this */
3767 control->tail_mbuf = m_notify;
3768 sctp_add_to_readq(stcb->sctp_ep, stcb, control,
3769 &stcb->sctp_socket->so_rcv, 1,
3770 SCTP_READ_LOCK_HELD, so_locked);
3771 }
3772
3773 static void
sctp_notify_sender_dry_event(struct sctp_tcb * stcb,int so_locked)3774 sctp_notify_sender_dry_event(struct sctp_tcb *stcb, int so_locked)
3775 {
3776 struct mbuf *m_notify;
3777 struct sctp_sender_dry_event *event;
3778 struct sctp_queued_to_read *control;
3779
3780 KASSERT(stcb != NULL, ("stcb == NULL"));
3781 SCTP_TCB_LOCK_ASSERT(stcb);
3782 SCTP_INP_READ_LOCK_ASSERT(stcb->sctp_ep);
3783
3784 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DRYEVNT)) {
3785 /* event not enabled */
3786 return;
3787 }
3788
3789 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_sender_dry_event), 0, M_NOWAIT, 1, MT_DATA);
3790 if (m_notify == NULL) {
3791 /* no space left */
3792 return;
3793 }
3794 SCTP_BUF_LEN(m_notify) = 0;
3795 event = mtod(m_notify, struct sctp_sender_dry_event *);
3796 memset(event, 0, sizeof(struct sctp_sender_dry_event));
3797 event->sender_dry_type = SCTP_SENDER_DRY_EVENT;
3798 event->sender_dry_flags = 0;
3799 event->sender_dry_length = sizeof(struct sctp_sender_dry_event);
3800 event->sender_dry_assoc_id = sctp_get_associd(stcb);
3801
3802 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_sender_dry_event);
3803 SCTP_BUF_NEXT(m_notify) = NULL;
3804
3805 /* append to socket */
3806 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination,
3807 0, 0, stcb->asoc.context, 0, 0, 0,
3808 m_notify);
3809 if (control == NULL) {
3810 /* no memory */
3811 sctp_m_freem(m_notify);
3812 return;
3813 }
3814 control->length = SCTP_BUF_LEN(m_notify);
3815 control->spec_flags = M_NOTIFICATION;
3816 /* not that we need this */
3817 control->tail_mbuf = m_notify;
3818 sctp_add_to_readq(stcb->sctp_ep, stcb, control,
3819 &stcb->sctp_socket->so_rcv, 1,
3820 SCTP_READ_LOCK_HELD, so_locked);
3821 }
3822
3823 static void
sctp_notify_stream_reset_add(struct sctp_tcb * stcb,int flag,int so_locked)3824 sctp_notify_stream_reset_add(struct sctp_tcb *stcb, int flag, int so_locked)
3825 {
3826 struct mbuf *m_notify;
3827 struct sctp_queued_to_read *control;
3828 struct sctp_stream_change_event *stradd;
3829
3830 KASSERT(stcb != NULL, ("stcb == NULL"));
3831 SCTP_TCB_LOCK_ASSERT(stcb);
3832 SCTP_INP_READ_LOCK_ASSERT(stcb->sctp_ep);
3833
3834 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_CHANGEEVNT)) {
3835 /* event not enabled */
3836 return;
3837 }
3838
3839 if ((stcb->asoc.peer_req_out) && flag) {
3840 /* Peer made the request, don't tell the local user */
3841 stcb->asoc.peer_req_out = 0;
3842 return;
3843 }
3844 stcb->asoc.peer_req_out = 0;
3845 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_stream_change_event), 0, M_NOWAIT, 1, MT_DATA);
3846 if (m_notify == NULL)
3847 /* no space left */
3848 return;
3849 SCTP_BUF_LEN(m_notify) = 0;
3850 stradd = mtod(m_notify, struct sctp_stream_change_event *);
3851 memset(stradd, 0, sizeof(struct sctp_stream_change_event));
3852 stradd->strchange_type = SCTP_STREAM_CHANGE_EVENT;
3853 stradd->strchange_flags = flag;
3854 stradd->strchange_length = sizeof(struct sctp_stream_change_event);
3855 stradd->strchange_assoc_id = sctp_get_associd(stcb);
3856 stradd->strchange_instrms = stcb->asoc.streamincnt;
3857 stradd->strchange_outstrms = stcb->asoc.streamoutcnt;
3858 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_stream_change_event);
3859 SCTP_BUF_NEXT(m_notify) = NULL;
3860 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) {
3861 /* no space */
3862 sctp_m_freem(m_notify);
3863 return;
3864 }
3865 /* append to socket */
3866 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination,
3867 0, 0, stcb->asoc.context, 0, 0, 0,
3868 m_notify);
3869 if (control == NULL) {
3870 /* no memory */
3871 sctp_m_freem(m_notify);
3872 return;
3873 }
3874 control->length = SCTP_BUF_LEN(m_notify);
3875 control->spec_flags = M_NOTIFICATION;
3876 /* not that we need this */
3877 control->tail_mbuf = m_notify;
3878 sctp_add_to_readq(stcb->sctp_ep, stcb, control,
3879 &stcb->sctp_socket->so_rcv, 1,
3880 SCTP_READ_LOCK_HELD, so_locked);
3881 }
3882
3883 static void
sctp_notify_stream_reset_tsn(struct sctp_tcb * stcb,int flag,int so_locked)3884 sctp_notify_stream_reset_tsn(struct sctp_tcb *stcb, int flag, int so_locked)
3885 {
3886 struct mbuf *m_notify;
3887 struct sctp_queued_to_read *control;
3888 struct sctp_assoc_reset_event *strasoc;
3889
3890 KASSERT(stcb != NULL, ("stcb == NULL"));
3891 SCTP_TCB_LOCK_ASSERT(stcb);
3892 SCTP_INP_READ_LOCK_ASSERT(stcb->sctp_ep);
3893
3894 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ASSOC_RESETEVNT)) {
3895 /* event not enabled */
3896 return;
3897 }
3898
3899 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_reset_event), 0, M_NOWAIT, 1, MT_DATA);
3900 if (m_notify == NULL)
3901 /* no space left */
3902 return;
3903 SCTP_BUF_LEN(m_notify) = 0;
3904 strasoc = mtod(m_notify, struct sctp_assoc_reset_event *);
3905 memset(strasoc, 0, sizeof(struct sctp_assoc_reset_event));
3906 strasoc->assocreset_type = SCTP_ASSOC_RESET_EVENT;
3907 strasoc->assocreset_flags = flag;
3908 strasoc->assocreset_length = sizeof(struct sctp_assoc_reset_event);
3909 strasoc->assocreset_assoc_id = sctp_get_associd(stcb);
3910 strasoc->assocreset_local_tsn = stcb->asoc.sending_seq;
3911 strasoc->assocreset_remote_tsn = stcb->asoc.mapping_array_base_tsn + 1;
3912 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_assoc_reset_event);
3913 SCTP_BUF_NEXT(m_notify) = NULL;
3914 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) {
3915 /* no space */
3916 sctp_m_freem(m_notify);
3917 return;
3918 }
3919 /* append to socket */
3920 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination,
3921 0, 0, stcb->asoc.context, 0, 0, 0,
3922 m_notify);
3923 if (control == NULL) {
3924 /* no memory */
3925 sctp_m_freem(m_notify);
3926 return;
3927 }
3928 control->length = SCTP_BUF_LEN(m_notify);
3929 control->spec_flags = M_NOTIFICATION;
3930 /* not that we need this */
3931 control->tail_mbuf = m_notify;
3932 sctp_add_to_readq(stcb->sctp_ep, stcb, control,
3933 &stcb->sctp_socket->so_rcv, 1,
3934 SCTP_READ_LOCK_HELD, so_locked);
3935 }
3936
3937 static void
sctp_notify_stream_reset(struct sctp_tcb * stcb,int number_entries,uint16_t * list,int flag,int so_locked)3938 sctp_notify_stream_reset(struct sctp_tcb *stcb,
3939 int number_entries, uint16_t *list, int flag, int so_locked)
3940 {
3941 struct mbuf *m_notify;
3942 struct sctp_queued_to_read *control;
3943 struct sctp_stream_reset_event *strreset;
3944 int len;
3945
3946 KASSERT(stcb != NULL, ("stcb == NULL"));
3947 SCTP_TCB_LOCK_ASSERT(stcb);
3948 SCTP_INP_READ_LOCK_ASSERT(stcb->sctp_ep);
3949
3950 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_RESETEVNT)) {
3951 /* event not enabled */
3952 return;
3953 }
3954
3955 m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA);
3956 if (m_notify == NULL)
3957 /* no space left */
3958 return;
3959 SCTP_BUF_LEN(m_notify) = 0;
3960 len = sizeof(struct sctp_stream_reset_event) + (number_entries * sizeof(uint16_t));
3961 if (len > M_TRAILINGSPACE(m_notify)) {
3962 /* never enough room */
3963 sctp_m_freem(m_notify);
3964 return;
3965 }
3966 strreset = mtod(m_notify, struct sctp_stream_reset_event *);
3967 memset(strreset, 0, len);
3968 strreset->strreset_type = SCTP_STREAM_RESET_EVENT;
3969 strreset->strreset_flags = flag;
3970 strreset->strreset_length = len;
3971 strreset->strreset_assoc_id = sctp_get_associd(stcb);
3972 if (number_entries) {
3973 int i;
3974
3975 for (i = 0; i < number_entries; i++) {
3976 strreset->strreset_stream_list[i] = ntohs(list[i]);
3977 }
3978 }
3979 SCTP_BUF_LEN(m_notify) = len;
3980 SCTP_BUF_NEXT(m_notify) = NULL;
3981 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) {
3982 /* no space */
3983 sctp_m_freem(m_notify);
3984 return;
3985 }
3986 /* append to socket */
3987 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination,
3988 0, 0, stcb->asoc.context, 0, 0, 0,
3989 m_notify);
3990 if (control == NULL) {
3991 /* no memory */
3992 sctp_m_freem(m_notify);
3993 return;
3994 }
3995 control->length = SCTP_BUF_LEN(m_notify);
3996 control->spec_flags = M_NOTIFICATION;
3997 /* not that we need this */
3998 control->tail_mbuf = m_notify;
3999 sctp_add_to_readq(stcb->sctp_ep, stcb, control,
4000 &stcb->sctp_socket->so_rcv, 1,
4001 SCTP_READ_LOCK_HELD, so_locked);
4002 }
4003
4004 static void
sctp_notify_remote_error(struct sctp_tcb * stcb,uint16_t error,struct sctp_error_chunk * chunk,int so_locked)4005 sctp_notify_remote_error(struct sctp_tcb *stcb, uint16_t error,
4006 struct sctp_error_chunk *chunk, int so_locked)
4007 {
4008 struct mbuf *m_notify;
4009 struct sctp_remote_error *sre;
4010 struct sctp_queued_to_read *control;
4011 unsigned int notif_len;
4012 uint16_t chunk_len;
4013
4014 KASSERT(stcb != NULL, ("stcb == NULL"));
4015 SCTP_TCB_LOCK_ASSERT(stcb);
4016 SCTP_INP_READ_LOCK_ASSERT(stcb->sctp_ep);
4017
4018 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVPEERERR)) {
4019 return;
4020 }
4021
4022 if (chunk != NULL) {
4023 chunk_len = ntohs(chunk->ch.chunk_length);
4024 /*
4025 * Only SCTP_CHUNK_BUFFER_SIZE are guaranteed to be
4026 * contiguous.
4027 */
4028 if (chunk_len > SCTP_CHUNK_BUFFER_SIZE) {
4029 chunk_len = SCTP_CHUNK_BUFFER_SIZE;
4030 }
4031 } else {
4032 chunk_len = 0;
4033 }
4034 notif_len = (unsigned int)(sizeof(struct sctp_remote_error) + chunk_len);
4035 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA);
4036 if (m_notify == NULL) {
4037 /* Retry with smaller value. */
4038 notif_len = (unsigned int)sizeof(struct sctp_remote_error);
4039 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA);
4040 if (m_notify == NULL) {
4041 return;
4042 }
4043 }
4044 SCTP_BUF_NEXT(m_notify) = NULL;
4045 sre = mtod(m_notify, struct sctp_remote_error *);
4046 memset(sre, 0, notif_len);
4047 sre->sre_type = SCTP_REMOTE_ERROR;
4048 sre->sre_flags = 0;
4049 sre->sre_length = sizeof(struct sctp_remote_error);
4050 sre->sre_error = error;
4051 sre->sre_assoc_id = sctp_get_associd(stcb);
4052 if (notif_len > sizeof(struct sctp_remote_error)) {
4053 memcpy(sre->sre_data, chunk, chunk_len);
4054 sre->sre_length += chunk_len;
4055 }
4056 SCTP_BUF_LEN(m_notify) = sre->sre_length;
4057 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination,
4058 0, 0, stcb->asoc.context, 0, 0, 0,
4059 m_notify);
4060 if (control != NULL) {
4061 control->length = SCTP_BUF_LEN(m_notify);
4062 control->spec_flags = M_NOTIFICATION;
4063 /* not that we need this */
4064 control->tail_mbuf = m_notify;
4065 sctp_add_to_readq(stcb->sctp_ep, stcb, control,
4066 &stcb->sctp_socket->so_rcv, 1,
4067 SCTP_READ_LOCK_HELD, so_locked);
4068 } else {
4069 sctp_m_freem(m_notify);
4070 }
4071 }
4072
4073 void
sctp_ulp_notify(uint32_t notification,struct sctp_tcb * stcb,uint32_t error,void * data,int so_locked)4074 sctp_ulp_notify(uint32_t notification, struct sctp_tcb *stcb,
4075 uint32_t error, void *data, int so_locked)
4076 {
4077 struct sctp_inpcb *inp;
4078 struct sctp_nets *net;
4079
4080 KASSERT(stcb != NULL, ("stcb == NULL"));
4081 SCTP_TCB_LOCK_ASSERT(stcb);
4082
4083 inp = stcb->sctp_ep;
4084 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
4085 return;
4086 }
4087 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) ||
4088 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) {
4089 if ((notification == SCTP_NOTIFY_INTERFACE_DOWN) ||
4090 (notification == SCTP_NOTIFY_INTERFACE_UP) ||
4091 (notification == SCTP_NOTIFY_INTERFACE_CONFIRMED)) {
4092 /* Don't report these in front states */
4093 return;
4094 }
4095 }
4096 if (notification != SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION) {
4097 SCTP_INP_READ_LOCK(inp);
4098 }
4099 SCTP_INP_READ_LOCK_ASSERT(inp);
4100
4101 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
4102 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
4103 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_CANT_READ)) {
4104 SCTP_INP_READ_UNLOCK(inp);
4105 return;
4106 }
4107
4108 switch (notification) {
4109 case SCTP_NOTIFY_ASSOC_UP:
4110 if (stcb->asoc.assoc_up_sent == 0) {
4111 sctp_notify_assoc_change(SCTP_COMM_UP, stcb, error, NULL, false, false, so_locked);
4112 stcb->asoc.assoc_up_sent = 1;
4113 }
4114 if (stcb->asoc.adaptation_needed && (stcb->asoc.adaptation_sent == 0)) {
4115 sctp_notify_adaptation_layer(stcb, so_locked);
4116 }
4117 if (stcb->asoc.auth_supported == 0) {
4118 sctp_notify_authentication(stcb, SCTP_AUTH_NO_AUTH, 0, so_locked);
4119 }
4120 break;
4121 case SCTP_NOTIFY_ASSOC_DOWN:
4122 sctp_notify_assoc_change(SCTP_SHUTDOWN_COMP, stcb, error, NULL, false, false, so_locked);
4123 break;
4124 case SCTP_NOTIFY_INTERFACE_DOWN:
4125 net = (struct sctp_nets *)data;
4126 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_UNREACHABLE,
4127 &net->ro._l_addr.sa, error, so_locked);
4128 break;
4129 case SCTP_NOTIFY_INTERFACE_UP:
4130 net = (struct sctp_nets *)data;
4131 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_AVAILABLE,
4132 &net->ro._l_addr.sa, error, so_locked);
4133 break;
4134 case SCTP_NOTIFY_INTERFACE_CONFIRMED:
4135 net = (struct sctp_nets *)data;
4136 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_CONFIRMED,
4137 &net->ro._l_addr.sa, error, so_locked);
4138 break;
4139 case SCTP_NOTIFY_SPECIAL_SP_FAIL:
4140 sctp_notify_send_failed2(stcb, error,
4141 (struct sctp_stream_queue_pending *)data, so_locked);
4142 break;
4143 case SCTP_NOTIFY_SENT_DG_FAIL:
4144 sctp_notify_send_failed(stcb, 1, error,
4145 (struct sctp_tmit_chunk *)data, so_locked);
4146 break;
4147 case SCTP_NOTIFY_UNSENT_DG_FAIL:
4148 sctp_notify_send_failed(stcb, 0, error,
4149 (struct sctp_tmit_chunk *)data, so_locked);
4150 break;
4151 case SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION:
4152 sctp_notify_partial_delivery_indication(stcb, error,
4153 (struct sctp_queued_to_read *)data,
4154 so_locked);
4155 break;
4156 case SCTP_NOTIFY_ASSOC_LOC_ABORTED:
4157 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) ||
4158 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) {
4159 sctp_notify_assoc_change(SCTP_CANT_STR_ASSOC, stcb, error, data, false, false, so_locked);
4160 } else {
4161 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, data, false, false, so_locked);
4162 }
4163 break;
4164 case SCTP_NOTIFY_ASSOC_REM_ABORTED:
4165 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) ||
4166 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) {
4167 sctp_notify_assoc_change(SCTP_CANT_STR_ASSOC, stcb, error, data, true, false, so_locked);
4168 } else {
4169 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, data, true, false, so_locked);
4170 }
4171 break;
4172 case SCTP_NOTIFY_ASSOC_TIMEDOUT:
4173 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) ||
4174 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) {
4175 sctp_notify_assoc_change(SCTP_CANT_STR_ASSOC, stcb, error, data, false, true, so_locked);
4176 } else {
4177 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, data, false, true, so_locked);
4178 }
4179 break;
4180 case SCTP_NOTIFY_ASSOC_RESTART:
4181 sctp_notify_assoc_change(SCTP_RESTART, stcb, error, NULL, false, false, so_locked);
4182 if (stcb->asoc.auth_supported == 0) {
4183 sctp_notify_authentication(stcb, SCTP_AUTH_NO_AUTH, 0, so_locked);
4184 }
4185 break;
4186 case SCTP_NOTIFY_STR_RESET_SEND:
4187 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), SCTP_STREAM_RESET_OUTGOING_SSN, so_locked);
4188 break;
4189 case SCTP_NOTIFY_STR_RESET_RECV:
4190 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), SCTP_STREAM_RESET_INCOMING, so_locked);
4191 break;
4192 case SCTP_NOTIFY_STR_RESET_FAILED_OUT:
4193 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data),
4194 (SCTP_STREAM_RESET_OUTGOING_SSN | SCTP_STREAM_RESET_FAILED), so_locked);
4195 break;
4196 case SCTP_NOTIFY_STR_RESET_DENIED_OUT:
4197 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data),
4198 (SCTP_STREAM_RESET_OUTGOING_SSN | SCTP_STREAM_RESET_DENIED), so_locked);
4199 break;
4200 case SCTP_NOTIFY_STR_RESET_FAILED_IN:
4201 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data),
4202 (SCTP_STREAM_RESET_INCOMING | SCTP_STREAM_RESET_FAILED), so_locked);
4203 break;
4204 case SCTP_NOTIFY_STR_RESET_DENIED_IN:
4205 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data),
4206 (SCTP_STREAM_RESET_INCOMING | SCTP_STREAM_RESET_DENIED), so_locked);
4207 break;
4208 case SCTP_NOTIFY_STR_RESET_ADD:
4209 sctp_notify_stream_reset_add(stcb, error, so_locked);
4210 break;
4211 case SCTP_NOTIFY_STR_RESET_TSN:
4212 sctp_notify_stream_reset_tsn(stcb, error, so_locked);
4213 break;
4214 case SCTP_NOTIFY_ASCONF_ADD_IP:
4215 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_ADDED, data,
4216 error, so_locked);
4217 break;
4218 case SCTP_NOTIFY_ASCONF_DELETE_IP:
4219 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_REMOVED, data,
4220 error, so_locked);
4221 break;
4222 case SCTP_NOTIFY_ASCONF_SET_PRIMARY:
4223 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_MADE_PRIM, data,
4224 error, so_locked);
4225 break;
4226 case SCTP_NOTIFY_PEER_SHUTDOWN:
4227 sctp_notify_shutdown_event(stcb, so_locked);
4228 break;
4229 case SCTP_NOTIFY_AUTH_NEW_KEY:
4230 sctp_notify_authentication(stcb, SCTP_AUTH_NEW_KEY,
4231 *(uint16_t *)data, so_locked);
4232 break;
4233 case SCTP_NOTIFY_AUTH_FREE_KEY:
4234 sctp_notify_authentication(stcb, SCTP_AUTH_FREE_KEY,
4235 *(uint16_t *)data, so_locked);
4236 break;
4237 case SCTP_NOTIFY_NO_PEER_AUTH:
4238 sctp_notify_authentication(stcb, SCTP_AUTH_NO_AUTH,
4239 0, so_locked);
4240 break;
4241 case SCTP_NOTIFY_SENDER_DRY:
4242 sctp_notify_sender_dry_event(stcb, so_locked);
4243 break;
4244 case SCTP_NOTIFY_REMOTE_ERROR:
4245 sctp_notify_remote_error(stcb, error, data, so_locked);
4246 break;
4247 default:
4248 SCTPDBG(SCTP_DEBUG_UTIL1, "%s: unknown notification %xh (%u)\n",
4249 __func__, notification, notification);
4250 break;
4251 }
4252 if (notification != SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION) {
4253 SCTP_INP_READ_UNLOCK(inp);
4254 }
4255 }
4256
4257 void
sctp_report_all_outbound(struct sctp_tcb * stcb,uint16_t error,int so_locked)4258 sctp_report_all_outbound(struct sctp_tcb *stcb, uint16_t error, int so_locked)
4259 {
4260 struct sctp_association *asoc;
4261 struct sctp_stream_out *outs;
4262 struct sctp_tmit_chunk *chk, *nchk;
4263 struct sctp_stream_queue_pending *sp, *nsp;
4264 int i;
4265
4266 if (stcb == NULL) {
4267 return;
4268 }
4269 asoc = &stcb->asoc;
4270 if (asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) {
4271 /* already being freed */
4272 return;
4273 }
4274 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
4275 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
4276 (asoc->state & SCTP_STATE_CLOSED_SOCKET)) {
4277 return;
4278 }
4279 /* now through all the gunk freeing chunks */
4280 /* sent queue SHOULD be empty */
4281 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) {
4282 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next);
4283 asoc->sent_queue_cnt--;
4284 if (chk->sent != SCTP_DATAGRAM_NR_ACKED) {
4285 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) {
4286 asoc->strmout[chk->rec.data.sid].chunks_on_queues--;
4287 #ifdef INVARIANTS
4288 } else {
4289 panic("No chunks on the queues for sid %u.", chk->rec.data.sid);
4290 #endif
4291 }
4292 }
4293 if (chk->data != NULL) {
4294 sctp_free_bufspace(stcb, asoc, chk, 1);
4295 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb,
4296 error, chk, so_locked);
4297 if (chk->data) {
4298 sctp_m_freem(chk->data);
4299 chk->data = NULL;
4300 }
4301 }
4302 sctp_free_a_chunk(stcb, chk, so_locked);
4303 /* sa_ignore FREED_MEMORY */
4304 }
4305 /* pending send queue SHOULD be empty */
4306 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) {
4307 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next);
4308 asoc->send_queue_cnt--;
4309 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) {
4310 asoc->strmout[chk->rec.data.sid].chunks_on_queues--;
4311 #ifdef INVARIANTS
4312 } else {
4313 panic("No chunks on the queues for sid %u.", chk->rec.data.sid);
4314 #endif
4315 }
4316 if (chk->data != NULL) {
4317 sctp_free_bufspace(stcb, asoc, chk, 1);
4318 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb,
4319 error, chk, so_locked);
4320 if (chk->data) {
4321 sctp_m_freem(chk->data);
4322 chk->data = NULL;
4323 }
4324 }
4325 sctp_free_a_chunk(stcb, chk, so_locked);
4326 /* sa_ignore FREED_MEMORY */
4327 }
4328 for (i = 0; i < asoc->streamoutcnt; i++) {
4329 /* For each stream */
4330 outs = &asoc->strmout[i];
4331 /* clean up any sends there */
4332 TAILQ_FOREACH_SAFE(sp, &outs->outqueue, next, nsp) {
4333 atomic_subtract_int(&asoc->stream_queue_cnt, 1);
4334 TAILQ_REMOVE(&outs->outqueue, sp, next);
4335 stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, outs, sp);
4336 sctp_free_spbufspace(stcb, asoc, sp);
4337 if (sp->data) {
4338 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb,
4339 error, (void *)sp, so_locked);
4340 if (sp->data) {
4341 sctp_m_freem(sp->data);
4342 sp->data = NULL;
4343 sp->tail_mbuf = NULL;
4344 sp->length = 0;
4345 }
4346 }
4347 if (sp->net) {
4348 sctp_free_remote_addr(sp->net);
4349 sp->net = NULL;
4350 }
4351 /* Free the chunk */
4352 sctp_free_a_strmoq(stcb, sp, so_locked);
4353 /* sa_ignore FREED_MEMORY */
4354 }
4355 }
4356 }
4357
4358 void
sctp_abort_notification(struct sctp_tcb * stcb,bool from_peer,bool timeout,uint16_t error,struct sctp_abort_chunk * abort,int so_locked)4359 sctp_abort_notification(struct sctp_tcb *stcb, bool from_peer, bool timeout,
4360 uint16_t error, struct sctp_abort_chunk *abort,
4361 int so_locked)
4362 {
4363 if (stcb == NULL) {
4364 return;
4365 }
4366 SCTP_TCB_LOCK_ASSERT(stcb);
4367
4368 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) ||
4369 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) &&
4370 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) {
4371 sctp_pcb_add_flags(stcb->sctp_ep, SCTP_PCB_FLAGS_WAS_ABORTED);
4372 }
4373 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
4374 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
4375 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) {
4376 return;
4377 }
4378 SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_WAS_ABORTED);
4379 /* Tell them we lost the asoc */
4380 sctp_report_all_outbound(stcb, error, so_locked);
4381 if (from_peer) {
4382 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_REM_ABORTED, stcb, error, abort, so_locked);
4383 } else {
4384 if (timeout) {
4385 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_TIMEDOUT, stcb, error, abort, so_locked);
4386 } else {
4387 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_LOC_ABORTED, stcb, error, abort, so_locked);
4388 }
4389 }
4390 }
4391
4392 void
sctp_abort_association(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct mbuf * m,int iphlen,struct sockaddr * src,struct sockaddr * dst,struct sctphdr * sh,struct mbuf * op_err,uint8_t mflowtype,uint32_t mflowid,uint32_t vrf_id,uint16_t port)4393 sctp_abort_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
4394 struct mbuf *m, int iphlen,
4395 struct sockaddr *src, struct sockaddr *dst,
4396 struct sctphdr *sh, struct mbuf *op_err,
4397 uint8_t mflowtype, uint32_t mflowid,
4398 uint32_t vrf_id, uint16_t port)
4399 {
4400 struct sctp_gen_error_cause *cause;
4401 uint32_t vtag;
4402 uint16_t cause_code;
4403
4404 if (stcb != NULL) {
4405 vtag = stcb->asoc.peer_vtag;
4406 vrf_id = stcb->asoc.vrf_id;
4407 if (op_err != NULL) {
4408 /* Read the cause code from the error cause. */
4409 cause = mtod(op_err, struct sctp_gen_error_cause *);
4410 cause_code = ntohs(cause->code);
4411 } else {
4412 cause_code = 0;
4413 }
4414 } else {
4415 vtag = 0;
4416 }
4417 sctp_send_abort(m, iphlen, src, dst, sh, vtag, op_err,
4418 mflowtype, mflowid, inp->fibnum,
4419 vrf_id, port);
4420 if (stcb != NULL) {
4421 /* We have a TCB to abort, send notification too */
4422 sctp_abort_notification(stcb, false, false, cause_code, NULL, SCTP_SO_NOT_LOCKED);
4423 /* Ok, now lets free it */
4424 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
4425 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) ||
4426 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
4427 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4428 }
4429 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC,
4430 SCTP_FROM_SCTPUTIL + SCTP_LOC_4);
4431 }
4432 }
4433 #ifdef SCTP_ASOCLOG_OF_TSNS
4434 void
sctp_print_out_track_log(struct sctp_tcb * stcb)4435 sctp_print_out_track_log(struct sctp_tcb *stcb)
4436 {
4437 #ifdef NOSIY_PRINTS
4438 int i;
4439
4440 SCTP_PRINTF("Last ep reason:%x\n", stcb->sctp_ep->last_abort_code);
4441 SCTP_PRINTF("IN bound TSN log-aaa\n");
4442 if ((stcb->asoc.tsn_in_at == 0) && (stcb->asoc.tsn_in_wrapped == 0)) {
4443 SCTP_PRINTF("None rcvd\n");
4444 goto none_in;
4445 }
4446 if (stcb->asoc.tsn_in_wrapped) {
4447 for (i = stcb->asoc.tsn_in_at; i < SCTP_TSN_LOG_SIZE; i++) {
4448 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n",
4449 stcb->asoc.in_tsnlog[i].tsn,
4450 stcb->asoc.in_tsnlog[i].strm,
4451 stcb->asoc.in_tsnlog[i].seq,
4452 stcb->asoc.in_tsnlog[i].flgs,
4453 stcb->asoc.in_tsnlog[i].sz);
4454 }
4455 }
4456 if (stcb->asoc.tsn_in_at) {
4457 for (i = 0; i < stcb->asoc.tsn_in_at; i++) {
4458 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n",
4459 stcb->asoc.in_tsnlog[i].tsn,
4460 stcb->asoc.in_tsnlog[i].strm,
4461 stcb->asoc.in_tsnlog[i].seq,
4462 stcb->asoc.in_tsnlog[i].flgs,
4463 stcb->asoc.in_tsnlog[i].sz);
4464 }
4465 }
4466 none_in:
4467 SCTP_PRINTF("OUT bound TSN log-aaa\n");
4468 if ((stcb->asoc.tsn_out_at == 0) &&
4469 (stcb->asoc.tsn_out_wrapped == 0)) {
4470 SCTP_PRINTF("None sent\n");
4471 }
4472 if (stcb->asoc.tsn_out_wrapped) {
4473 for (i = stcb->asoc.tsn_out_at; i < SCTP_TSN_LOG_SIZE; i++) {
4474 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n",
4475 stcb->asoc.out_tsnlog[i].tsn,
4476 stcb->asoc.out_tsnlog[i].strm,
4477 stcb->asoc.out_tsnlog[i].seq,
4478 stcb->asoc.out_tsnlog[i].flgs,
4479 stcb->asoc.out_tsnlog[i].sz);
4480 }
4481 }
4482 if (stcb->asoc.tsn_out_at) {
4483 for (i = 0; i < stcb->asoc.tsn_out_at; i++) {
4484 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n",
4485 stcb->asoc.out_tsnlog[i].tsn,
4486 stcb->asoc.out_tsnlog[i].strm,
4487 stcb->asoc.out_tsnlog[i].seq,
4488 stcb->asoc.out_tsnlog[i].flgs,
4489 stcb->asoc.out_tsnlog[i].sz);
4490 }
4491 }
4492 #endif
4493 }
4494 #endif
4495
4496 void
sctp_abort_an_association(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct mbuf * op_err,bool timedout,int so_locked)4497 sctp_abort_an_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
4498 struct mbuf *op_err, bool timedout, int so_locked)
4499 {
4500 struct sctp_gen_error_cause *cause;
4501 uint16_t cause_code;
4502
4503 if (stcb == NULL) {
4504 /* Got to have a TCB */
4505 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4506 if (LIST_EMPTY(&inp->sctp_asoc_list)) {
4507 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT,
4508 SCTP_CALLED_DIRECTLY_NOCMPSET);
4509 }
4510 }
4511 return;
4512 }
4513 if (op_err != NULL) {
4514 /* Read the cause code from the error cause. */
4515 cause = mtod(op_err, struct sctp_gen_error_cause *);
4516 cause_code = ntohs(cause->code);
4517 } else {
4518 cause_code = 0;
4519 }
4520 /* notify the peer */
4521 sctp_send_abort_tcb(stcb, op_err, so_locked);
4522 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
4523 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) ||
4524 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
4525 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4526 }
4527 /* notify the ulp */
4528 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) {
4529 sctp_abort_notification(stcb, false, timedout, cause_code, NULL, so_locked);
4530 }
4531 /* now free the asoc */
4532 #ifdef SCTP_ASOCLOG_OF_TSNS
4533 sctp_print_out_track_log(stcb);
4534 #endif
4535 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC,
4536 SCTP_FROM_SCTPUTIL + SCTP_LOC_5);
4537 }
4538
4539 void
sctp_handle_ootb(struct mbuf * m,int iphlen,int offset,struct sockaddr * src,struct sockaddr * dst,struct sctphdr * sh,struct sctp_inpcb * inp,struct mbuf * cause,uint8_t mflowtype,uint32_t mflowid,uint16_t fibnum,uint32_t vrf_id,uint16_t port)4540 sctp_handle_ootb(struct mbuf *m, int iphlen, int offset,
4541 struct sockaddr *src, struct sockaddr *dst,
4542 struct sctphdr *sh, struct sctp_inpcb *inp,
4543 struct mbuf *cause,
4544 uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum,
4545 uint32_t vrf_id, uint16_t port)
4546 {
4547 struct sctp_chunkhdr *ch, chunk_buf;
4548 unsigned int chk_length;
4549 int contains_init_chunk;
4550
4551 SCTP_STAT_INCR_COUNTER32(sctps_outoftheblue);
4552 /* Generate a TO address for future reference */
4553 if (inp && (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) {
4554 if (LIST_EMPTY(&inp->sctp_asoc_list)) {
4555 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT,
4556 SCTP_CALLED_DIRECTLY_NOCMPSET);
4557 }
4558 }
4559 contains_init_chunk = 0;
4560 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset,
4561 sizeof(*ch), (uint8_t *)&chunk_buf);
4562 while (ch != NULL) {
4563 chk_length = ntohs(ch->chunk_length);
4564 if (chk_length < sizeof(*ch)) {
4565 /* break to abort land */
4566 break;
4567 }
4568 switch (ch->chunk_type) {
4569 case SCTP_INIT:
4570 contains_init_chunk = 1;
4571 break;
4572 case SCTP_PACKET_DROPPED:
4573 /* we don't respond to pkt-dropped */
4574 return;
4575 case SCTP_ABORT_ASSOCIATION:
4576 /* we don't respond with an ABORT to an ABORT */
4577 return;
4578 case SCTP_SHUTDOWN_COMPLETE:
4579 /*
4580 * we ignore it since we are not waiting for it and
4581 * peer is gone
4582 */
4583 return;
4584 case SCTP_SHUTDOWN_ACK:
4585 sctp_send_shutdown_complete2(src, dst, sh,
4586 mflowtype, mflowid, fibnum,
4587 vrf_id, port);
4588 return;
4589 default:
4590 break;
4591 }
4592 offset += SCTP_SIZE32(chk_length);
4593 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset,
4594 sizeof(*ch), (uint8_t *)&chunk_buf);
4595 }
4596 if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) ||
4597 ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) &&
4598 (contains_init_chunk == 0))) {
4599 sctp_send_abort(m, iphlen, src, dst, sh, 0, cause,
4600 mflowtype, mflowid, fibnum,
4601 vrf_id, port);
4602 }
4603 }
4604
4605 /*
4606 * check the inbound datagram to make sure there is not an abort inside it,
4607 * if there is return 1, else return 0.
4608 */
4609 int
sctp_is_there_an_abort_here(struct mbuf * m,int iphlen,uint32_t * vtag)4610 sctp_is_there_an_abort_here(struct mbuf *m, int iphlen, uint32_t *vtag)
4611 {
4612 struct sctp_chunkhdr *ch;
4613 struct sctp_init_chunk *init_chk, chunk_buf;
4614 int offset;
4615 unsigned int chk_length;
4616
4617 offset = iphlen + sizeof(struct sctphdr);
4618 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, sizeof(*ch),
4619 (uint8_t *)&chunk_buf);
4620 while (ch != NULL) {
4621 chk_length = ntohs(ch->chunk_length);
4622 if (chk_length < sizeof(*ch)) {
4623 /* packet is probably corrupt */
4624 break;
4625 }
4626 /* we seem to be ok, is it an abort? */
4627 if (ch->chunk_type == SCTP_ABORT_ASSOCIATION) {
4628 /* yep, tell them */
4629 return (1);
4630 }
4631 if ((ch->chunk_type == SCTP_INITIATION) ||
4632 (ch->chunk_type == SCTP_INITIATION_ACK)) {
4633 /* need to update the Vtag */
4634 init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m,
4635 offset, sizeof(struct sctp_init_chunk), (uint8_t *)&chunk_buf);
4636 if (init_chk != NULL) {
4637 *vtag = ntohl(init_chk->init.initiate_tag);
4638 }
4639 }
4640 /* Nope, move to the next chunk */
4641 offset += SCTP_SIZE32(chk_length);
4642 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset,
4643 sizeof(*ch), (uint8_t *)&chunk_buf);
4644 }
4645 return (0);
4646 }
4647
4648 /*
4649 * currently (2/02), ifa_addr embeds scope_id's and don't have sin6_scope_id
4650 * set (i.e. it's 0) so, create this function to compare link local scopes
4651 */
4652 #ifdef INET6
4653 uint32_t
sctp_is_same_scope(struct sockaddr_in6 * addr1,struct sockaddr_in6 * addr2)4654 sctp_is_same_scope(struct sockaddr_in6 *addr1, struct sockaddr_in6 *addr2)
4655 {
4656 struct sockaddr_in6 a, b;
4657
4658 /* save copies */
4659 a = *addr1;
4660 b = *addr2;
4661
4662 if (a.sin6_scope_id == 0)
4663 if (sa6_recoverscope(&a)) {
4664 /* can't get scope, so can't match */
4665 return (0);
4666 }
4667 if (b.sin6_scope_id == 0)
4668 if (sa6_recoverscope(&b)) {
4669 /* can't get scope, so can't match */
4670 return (0);
4671 }
4672 if (a.sin6_scope_id != b.sin6_scope_id)
4673 return (0);
4674
4675 return (1);
4676 }
4677
4678 /*
4679 * returns a sockaddr_in6 with embedded scope recovered and removed
4680 */
4681 struct sockaddr_in6 *
sctp_recover_scope(struct sockaddr_in6 * addr,struct sockaddr_in6 * store)4682 sctp_recover_scope(struct sockaddr_in6 *addr, struct sockaddr_in6 *store)
4683 {
4684 /* check and strip embedded scope junk */
4685 if (addr->sin6_family == AF_INET6) {
4686 if (IN6_IS_SCOPE_LINKLOCAL(&addr->sin6_addr)) {
4687 if (addr->sin6_scope_id == 0) {
4688 *store = *addr;
4689 if (!sa6_recoverscope(store)) {
4690 /* use the recovered scope */
4691 addr = store;
4692 }
4693 } else {
4694 /* else, return the original "to" addr */
4695 in6_clearscope(&addr->sin6_addr);
4696 }
4697 }
4698 }
4699 return (addr);
4700 }
4701 #endif
4702
4703 /*
4704 * are the two addresses the same? currently a "scopeless" check returns: 1
4705 * if same, 0 if not
4706 */
4707 int
sctp_cmpaddr(struct sockaddr * sa1,struct sockaddr * sa2)4708 sctp_cmpaddr(struct sockaddr *sa1, struct sockaddr *sa2)
4709 {
4710
4711 /* must be valid */
4712 if (sa1 == NULL || sa2 == NULL)
4713 return (0);
4714
4715 /* must be the same family */
4716 if (sa1->sa_family != sa2->sa_family)
4717 return (0);
4718
4719 switch (sa1->sa_family) {
4720 #ifdef INET6
4721 case AF_INET6:
4722 {
4723 /* IPv6 addresses */
4724 struct sockaddr_in6 *sin6_1, *sin6_2;
4725
4726 sin6_1 = (struct sockaddr_in6 *)sa1;
4727 sin6_2 = (struct sockaddr_in6 *)sa2;
4728 return (SCTP6_ARE_ADDR_EQUAL(sin6_1,
4729 sin6_2));
4730 }
4731 #endif
4732 #ifdef INET
4733 case AF_INET:
4734 {
4735 /* IPv4 addresses */
4736 struct sockaddr_in *sin_1, *sin_2;
4737
4738 sin_1 = (struct sockaddr_in *)sa1;
4739 sin_2 = (struct sockaddr_in *)sa2;
4740 return (sin_1->sin_addr.s_addr == sin_2->sin_addr.s_addr);
4741 }
4742 #endif
4743 default:
4744 /* we don't do these... */
4745 return (0);
4746 }
4747 }
4748
4749 void
sctp_print_address(struct sockaddr * sa)4750 sctp_print_address(struct sockaddr *sa)
4751 {
4752 #ifdef INET6
4753 char ip6buf[INET6_ADDRSTRLEN];
4754 #endif
4755
4756 switch (sa->sa_family) {
4757 #ifdef INET6
4758 case AF_INET6:
4759 {
4760 struct sockaddr_in6 *sin6;
4761
4762 sin6 = (struct sockaddr_in6 *)sa;
4763 SCTP_PRINTF("IPv6 address: %s:port:%d scope:%u\n",
4764 ip6_sprintf(ip6buf, &sin6->sin6_addr),
4765 ntohs(sin6->sin6_port),
4766 sin6->sin6_scope_id);
4767 break;
4768 }
4769 #endif
4770 #ifdef INET
4771 case AF_INET:
4772 {
4773 struct sockaddr_in *sin;
4774 unsigned char *p;
4775
4776 sin = (struct sockaddr_in *)sa;
4777 p = (unsigned char *)&sin->sin_addr;
4778 SCTP_PRINTF("IPv4 address: %u.%u.%u.%u:%d\n",
4779 p[0], p[1], p[2], p[3], ntohs(sin->sin_port));
4780 break;
4781 }
4782 #endif
4783 default:
4784 SCTP_PRINTF("?\n");
4785 break;
4786 }
4787 }
4788
4789 void
sctp_pull_off_control_to_new_inp(struct sctp_inpcb * old_inp,struct sctp_inpcb * new_inp,struct sctp_tcb * stcb,int waitflags)4790 sctp_pull_off_control_to_new_inp(struct sctp_inpcb *old_inp,
4791 struct sctp_inpcb *new_inp,
4792 struct sctp_tcb *stcb,
4793 int waitflags)
4794 {
4795 /*
4796 * go through our old INP and pull off any control structures that
4797 * belong to stcb and move then to the new inp.
4798 */
4799 struct socket *old_so, *new_so;
4800 struct sctp_queued_to_read *control, *nctl;
4801 struct sctp_readhead tmp_queue;
4802 struct mbuf *m;
4803 int error = 0;
4804
4805 old_so = old_inp->sctp_socket;
4806 new_so = new_inp->sctp_socket;
4807 TAILQ_INIT(&tmp_queue);
4808 error = SOCK_IO_RECV_LOCK(old_so, waitflags);
4809 if (error) {
4810 /*
4811 * Gak, can't get I/O lock, we have a problem. data will be
4812 * left stranded.. and we don't dare look at it since the
4813 * other thread may be reading something. Oh well, its a
4814 * screwed up app that does a peeloff OR a accept while
4815 * reading from the main socket... actually its only the
4816 * peeloff() case, since I think read will fail on a
4817 * listening socket..
4818 */
4819 return;
4820 }
4821 /* lock the socket buffers */
4822 SCTP_INP_READ_LOCK(old_inp);
4823 TAILQ_FOREACH_SAFE(control, &old_inp->read_queue, next, nctl) {
4824 /* Pull off all for out target stcb */
4825 if (control->stcb == stcb) {
4826 /* remove it we want it */
4827 TAILQ_REMOVE(&old_inp->read_queue, control, next);
4828 TAILQ_INSERT_TAIL(&tmp_queue, control, next);
4829 m = control->data;
4830 while (m) {
4831 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) {
4832 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m));
4833 }
4834 sctp_sbfree(control, stcb, &old_so->so_rcv, m);
4835 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) {
4836 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0);
4837 }
4838 m = SCTP_BUF_NEXT(m);
4839 }
4840 }
4841 }
4842 SCTP_INP_READ_UNLOCK(old_inp);
4843 /* Remove the recv-lock on the old socket */
4844 SOCK_IO_RECV_UNLOCK(old_so);
4845 /* Now we move them over to the new socket buffer */
4846 SCTP_INP_READ_LOCK(new_inp);
4847 TAILQ_FOREACH_SAFE(control, &tmp_queue, next, nctl) {
4848 TAILQ_INSERT_TAIL(&new_inp->read_queue, control, next);
4849 m = control->data;
4850 while (m) {
4851 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) {
4852 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m));
4853 }
4854 sctp_sballoc(stcb, &new_so->so_rcv, m);
4855 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) {
4856 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0);
4857 }
4858 m = SCTP_BUF_NEXT(m);
4859 }
4860 }
4861 SCTP_INP_READ_UNLOCK(new_inp);
4862 }
4863
4864 void
sctp_wakeup_the_read_socket(struct sctp_inpcb * inp,struct sctp_tcb * stcb,int so_locked SCTP_UNUSED)4865 sctp_wakeup_the_read_socket(struct sctp_inpcb *inp,
4866 struct sctp_tcb *stcb,
4867 int so_locked
4868 SCTP_UNUSED
4869 )
4870 {
4871 if ((inp != NULL) &&
4872 (inp->sctp_socket != NULL) &&
4873 (((inp->sctp_flags & (SCTP_PCB_FLAGS_TCPTYPE | SCTP_PCB_FLAGS_IN_TCPPOOL)) == 0) ||
4874 !SCTP_IS_LISTENING(inp))) {
4875 sctp_sorwakeup(inp, inp->sctp_socket);
4876 }
4877 }
4878
4879 void
sctp_add_to_readq(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_queued_to_read * control,struct sockbuf * sb,int end,int inp_read_lock_held,int so_locked)4880 sctp_add_to_readq(struct sctp_inpcb *inp,
4881 struct sctp_tcb *stcb,
4882 struct sctp_queued_to_read *control,
4883 struct sockbuf *sb,
4884 int end,
4885 int inp_read_lock_held,
4886 int so_locked)
4887 {
4888 /*
4889 * Here we must place the control on the end of the socket read
4890 * queue AND increment sb_cc so that select will work properly on
4891 * read.
4892 */
4893 struct mbuf *m, *prev = NULL;
4894
4895 if (inp == NULL) {
4896 /* Gak, TSNH!! */
4897 #ifdef INVARIANTS
4898 panic("Gak, inp NULL on add_to_readq");
4899 #endif
4900 return;
4901 }
4902 if (inp_read_lock_held == SCTP_READ_LOCK_NOT_HELD) {
4903 SCTP_INP_READ_LOCK(inp);
4904 }
4905 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_CANT_READ) {
4906 if (!control->on_strm_q) {
4907 sctp_free_remote_addr(control->whoFrom);
4908 if (control->data) {
4909 sctp_m_freem(control->data);
4910 control->data = NULL;
4911 }
4912 sctp_free_a_readq(stcb, control);
4913 }
4914 if (inp_read_lock_held == SCTP_READ_LOCK_NOT_HELD) {
4915 SCTP_INP_READ_UNLOCK(inp);
4916 }
4917 return;
4918 }
4919 if ((control->spec_flags & M_NOTIFICATION) == 0) {
4920 atomic_add_int(&inp->total_recvs, 1);
4921 if (!control->do_not_ref_stcb) {
4922 atomic_add_int(&stcb->total_recvs, 1);
4923 }
4924 }
4925 m = control->data;
4926 control->held_length = 0;
4927 control->length = 0;
4928 while (m != NULL) {
4929 if (SCTP_BUF_LEN(m) == 0) {
4930 /* Skip mbufs with NO length */
4931 if (prev == NULL) {
4932 /* First one */
4933 control->data = sctp_m_free(m);
4934 m = control->data;
4935 } else {
4936 SCTP_BUF_NEXT(prev) = sctp_m_free(m);
4937 m = SCTP_BUF_NEXT(prev);
4938 }
4939 if (m == NULL) {
4940 control->tail_mbuf = prev;
4941 }
4942 continue;
4943 }
4944 prev = m;
4945 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) {
4946 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m));
4947 }
4948 sctp_sballoc(stcb, sb, m);
4949 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) {
4950 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0);
4951 }
4952 atomic_add_int(&control->length, SCTP_BUF_LEN(m));
4953 m = SCTP_BUF_NEXT(m);
4954 }
4955 if (prev != NULL) {
4956 control->tail_mbuf = prev;
4957 } else {
4958 /* Everything got collapsed out?? */
4959 if (!control->on_strm_q) {
4960 sctp_free_remote_addr(control->whoFrom);
4961 sctp_free_a_readq(stcb, control);
4962 }
4963 if (inp_read_lock_held == 0)
4964 SCTP_INP_READ_UNLOCK(inp);
4965 return;
4966 }
4967 if (end) {
4968 control->end_added = 1;
4969 }
4970 TAILQ_INSERT_TAIL(&inp->read_queue, control, next);
4971 control->on_read_q = 1;
4972 if ((inp != NULL) && (inp->sctp_socket != NULL)) {
4973 sctp_wakeup_the_read_socket(inp, stcb, so_locked);
4974 }
4975 if (inp_read_lock_held == SCTP_READ_LOCK_NOT_HELD) {
4976 SCTP_INP_READ_UNLOCK(inp);
4977 }
4978 }
4979
4980 /*************HOLD THIS COMMENT FOR PATCH FILE OF
4981 *************ALTERNATE ROUTING CODE
4982 */
4983
4984 /*************HOLD THIS COMMENT FOR END OF PATCH FILE OF
4985 *************ALTERNATE ROUTING CODE
4986 */
4987
4988 struct mbuf *
sctp_generate_cause(uint16_t code,char * info)4989 sctp_generate_cause(uint16_t code, char *info)
4990 {
4991 struct mbuf *m;
4992 struct sctp_gen_error_cause *cause;
4993 size_t info_len;
4994 uint16_t len;
4995
4996 if ((code == 0) || (info == NULL)) {
4997 return (NULL);
4998 }
4999 info_len = strlen(info);
5000 if (info_len > (SCTP_MAX_CAUSE_LENGTH - sizeof(struct sctp_paramhdr))) {
5001 return (NULL);
5002 }
5003 len = (uint16_t)(sizeof(struct sctp_paramhdr) + info_len);
5004 m = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA);
5005 if (m != NULL) {
5006 SCTP_BUF_LEN(m) = len;
5007 cause = mtod(m, struct sctp_gen_error_cause *);
5008 cause->code = htons(code);
5009 cause->length = htons(len);
5010 memcpy(cause->info, info, info_len);
5011 }
5012 return (m);
5013 }
5014
5015 struct mbuf *
sctp_generate_no_user_data_cause(uint32_t tsn)5016 sctp_generate_no_user_data_cause(uint32_t tsn)
5017 {
5018 struct mbuf *m;
5019 struct sctp_error_no_user_data *no_user_data_cause;
5020 uint16_t len;
5021
5022 len = (uint16_t)sizeof(struct sctp_error_no_user_data);
5023 m = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA);
5024 if (m != NULL) {
5025 SCTP_BUF_LEN(m) = len;
5026 no_user_data_cause = mtod(m, struct sctp_error_no_user_data *);
5027 no_user_data_cause->cause.code = htons(SCTP_CAUSE_NO_USER_DATA);
5028 no_user_data_cause->cause.length = htons(len);
5029 no_user_data_cause->tsn = htonl(tsn);
5030 }
5031 return (m);
5032 }
5033
5034 void
sctp_free_bufspace(struct sctp_tcb * stcb,struct sctp_association * asoc,struct sctp_tmit_chunk * tp1,int chk_cnt)5035 sctp_free_bufspace(struct sctp_tcb *stcb, struct sctp_association *asoc,
5036 struct sctp_tmit_chunk *tp1, int chk_cnt)
5037 {
5038 if (tp1->data == NULL) {
5039 return;
5040 }
5041 atomic_subtract_int(&asoc->chunks_on_out_queue, chk_cnt);
5042 #ifdef SCTP_MBCNT_LOGGING
5043 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBCNT_LOGGING_ENABLE) {
5044 sctp_log_mbcnt(SCTP_LOG_MBCNT_DECREASE,
5045 asoc->total_output_queue_size,
5046 tp1->book_size,
5047 0,
5048 tp1->mbcnt);
5049 }
5050 #endif
5051 if (asoc->total_output_queue_size >= tp1->book_size) {
5052 atomic_subtract_int(&asoc->total_output_queue_size, tp1->book_size);
5053 } else {
5054 asoc->total_output_queue_size = 0;
5055 }
5056 if ((stcb->sctp_socket != NULL) &&
5057 (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) ||
5058 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)))) {
5059 SCTP_SB_DECR(&stcb->sctp_socket->so_snd, tp1->book_size);
5060 }
5061 }
5062
5063 int
sctp_release_pr_sctp_chunk(struct sctp_tcb * stcb,struct sctp_tmit_chunk * tp1,uint8_t sent,int so_locked)5064 sctp_release_pr_sctp_chunk(struct sctp_tcb *stcb, struct sctp_tmit_chunk *tp1,
5065 uint8_t sent, int so_locked)
5066 {
5067 struct sctp_stream_out *strq;
5068 struct sctp_tmit_chunk *chk = NULL, *tp2;
5069 struct sctp_stream_queue_pending *sp;
5070 uint32_t mid;
5071 uint16_t sid;
5072 uint8_t foundeom = 0;
5073 int ret_sz = 0;
5074 int notdone;
5075 int do_wakeup_routine = 0;
5076
5077 SCTP_TCB_LOCK_ASSERT(stcb);
5078
5079 sid = tp1->rec.data.sid;
5080 mid = tp1->rec.data.mid;
5081 if (sent || ((tp1->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0)) {
5082 stcb->asoc.abandoned_sent[0]++;
5083 stcb->asoc.abandoned_sent[PR_SCTP_POLICY(tp1->flags)]++;
5084 stcb->asoc.strmout[sid].abandoned_sent[0]++;
5085 #if defined(SCTP_DETAILED_STR_STATS)
5086 stcb->asoc.strmout[sid].abandoned_sent[PR_SCTP_POLICY(tp1->flags)]++;
5087 #endif
5088 } else {
5089 stcb->asoc.abandoned_unsent[0]++;
5090 stcb->asoc.abandoned_unsent[PR_SCTP_POLICY(tp1->flags)]++;
5091 stcb->asoc.strmout[sid].abandoned_unsent[0]++;
5092 #if defined(SCTP_DETAILED_STR_STATS)
5093 stcb->asoc.strmout[sid].abandoned_unsent[PR_SCTP_POLICY(tp1->flags)]++;
5094 #endif
5095 }
5096 do {
5097 ret_sz += tp1->book_size;
5098 if (tp1->data != NULL) {
5099 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
5100 sctp_flight_size_decrease(tp1);
5101 sctp_total_flight_decrease(stcb, tp1);
5102 }
5103 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1);
5104 stcb->asoc.peers_rwnd += tp1->send_size;
5105 stcb->asoc.peers_rwnd += SCTP_BASE_SYSCTL(sctp_peer_chunk_oh);
5106 if (sent) {
5107 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 0, tp1, so_locked);
5108 } else {
5109 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 0, tp1, so_locked);
5110 }
5111 if (tp1->data) {
5112 sctp_m_freem(tp1->data);
5113 tp1->data = NULL;
5114 }
5115 do_wakeup_routine = 1;
5116 if (PR_SCTP_BUF_ENABLED(tp1->flags)) {
5117 stcb->asoc.sent_queue_cnt_removeable--;
5118 }
5119 }
5120 tp1->sent = SCTP_FORWARD_TSN_SKIP;
5121 if ((tp1->rec.data.rcv_flags & SCTP_DATA_NOT_FRAG) ==
5122 SCTP_DATA_NOT_FRAG) {
5123 /* not frag'ed we ae done */
5124 notdone = 0;
5125 foundeom = 1;
5126 } else if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) {
5127 /* end of frag, we are done */
5128 notdone = 0;
5129 foundeom = 1;
5130 } else {
5131 /*
5132 * Its a begin or middle piece, we must mark all of
5133 * it
5134 */
5135 notdone = 1;
5136 tp1 = TAILQ_NEXT(tp1, sctp_next);
5137 }
5138 } while (tp1 && notdone);
5139 if (foundeom == 0) {
5140 /*
5141 * The multi-part message was scattered across the send and
5142 * sent queue.
5143 */
5144 TAILQ_FOREACH_SAFE(tp1, &stcb->asoc.send_queue, sctp_next, tp2) {
5145 if ((tp1->rec.data.sid != sid) ||
5146 (!SCTP_MID_EQ(stcb->asoc.idata_supported, tp1->rec.data.mid, mid))) {
5147 break;
5148 }
5149 /*
5150 * save to chk in case we have some on stream out
5151 * queue. If so and we have an un-transmitted one we
5152 * don't have to fudge the TSN.
5153 */
5154 chk = tp1;
5155 ret_sz += tp1->book_size;
5156 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1);
5157 if (sent) {
5158 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 0, tp1, so_locked);
5159 } else {
5160 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 0, tp1, so_locked);
5161 }
5162 if (tp1->data) {
5163 sctp_m_freem(tp1->data);
5164 tp1->data = NULL;
5165 }
5166 /* No flight involved here book the size to 0 */
5167 tp1->book_size = 0;
5168 if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) {
5169 foundeom = 1;
5170 }
5171 do_wakeup_routine = 1;
5172 tp1->sent = SCTP_FORWARD_TSN_SKIP;
5173 TAILQ_REMOVE(&stcb->asoc.send_queue, tp1, sctp_next);
5174 /*
5175 * on to the sent queue so we can wait for it to be
5176 * passed by.
5177 */
5178 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, tp1,
5179 sctp_next);
5180 stcb->asoc.send_queue_cnt--;
5181 stcb->asoc.sent_queue_cnt++;
5182 }
5183 }
5184 if (foundeom == 0) {
5185 /*
5186 * Still no eom found. That means there is stuff left on the
5187 * stream out queue.. yuck.
5188 */
5189 strq = &stcb->asoc.strmout[sid];
5190 sp = TAILQ_FIRST(&strq->outqueue);
5191 if (sp != NULL) {
5192 sp->discard_rest = 1;
5193 /*
5194 * We may need to put a chunk on the queue that
5195 * holds the TSN that would have been sent with the
5196 * LAST bit.
5197 */
5198 if (chk == NULL) {
5199 /* Yep, we have to */
5200 sctp_alloc_a_chunk(stcb, chk);
5201 if (chk == NULL) {
5202 /*
5203 * we are hosed. All we can do is
5204 * nothing.. which will cause an
5205 * abort if the peer is paying
5206 * attention.
5207 */
5208 goto oh_well;
5209 }
5210 memset(chk, 0, sizeof(*chk));
5211 chk->rec.data.rcv_flags = 0;
5212 chk->sent = SCTP_FORWARD_TSN_SKIP;
5213 chk->asoc = &stcb->asoc;
5214 if (stcb->asoc.idata_supported == 0) {
5215 if (sp->sinfo_flags & SCTP_UNORDERED) {
5216 chk->rec.data.mid = 0;
5217 } else {
5218 chk->rec.data.mid = strq->next_mid_ordered;
5219 }
5220 } else {
5221 if (sp->sinfo_flags & SCTP_UNORDERED) {
5222 chk->rec.data.mid = strq->next_mid_unordered;
5223 } else {
5224 chk->rec.data.mid = strq->next_mid_ordered;
5225 }
5226 }
5227 chk->rec.data.sid = sp->sid;
5228 chk->rec.data.ppid = sp->ppid;
5229 chk->rec.data.context = sp->context;
5230 chk->flags = sp->act_flags;
5231 chk->whoTo = NULL;
5232 chk->rec.data.tsn = atomic_fetchadd_int(&stcb->asoc.sending_seq, 1);
5233 strq->chunks_on_queues++;
5234 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, chk, sctp_next);
5235 stcb->asoc.sent_queue_cnt++;
5236 stcb->asoc.pr_sctp_cnt++;
5237 }
5238 chk->rec.data.rcv_flags |= SCTP_DATA_LAST_FRAG;
5239 if (sp->sinfo_flags & SCTP_UNORDERED) {
5240 chk->rec.data.rcv_flags |= SCTP_DATA_UNORDERED;
5241 }
5242 if (stcb->asoc.idata_supported == 0) {
5243 if ((sp->sinfo_flags & SCTP_UNORDERED) == 0) {
5244 strq->next_mid_ordered++;
5245 }
5246 } else {
5247 if (sp->sinfo_flags & SCTP_UNORDERED) {
5248 strq->next_mid_unordered++;
5249 } else {
5250 strq->next_mid_ordered++;
5251 }
5252 }
5253 oh_well:
5254 if (sp->data) {
5255 /*
5256 * Pull any data to free up the SB and allow
5257 * sender to "add more" while we will throw
5258 * away :-)
5259 */
5260 sctp_free_spbufspace(stcb, &stcb->asoc, sp);
5261 ret_sz += sp->length;
5262 do_wakeup_routine = 1;
5263 sp->some_taken = 1;
5264 sctp_m_freem(sp->data);
5265 sp->data = NULL;
5266 sp->tail_mbuf = NULL;
5267 sp->length = 0;
5268 }
5269 }
5270 }
5271 if (do_wakeup_routine) {
5272 sctp_sowwakeup(stcb->sctp_ep, stcb->sctp_socket);
5273 }
5274 return (ret_sz);
5275 }
5276
5277 /*
5278 * checks to see if the given address, sa, is one that is currently known by
5279 * the kernel note: can't distinguish the same address on multiple interfaces
5280 * and doesn't handle multiple addresses with different zone/scope id's note:
5281 * ifa_ifwithaddr() compares the entire sockaddr struct
5282 */
5283 struct sctp_ifa *
sctp_find_ifa_in_ep(struct sctp_inpcb * inp,struct sockaddr * addr,int holds_lock)5284 sctp_find_ifa_in_ep(struct sctp_inpcb *inp, struct sockaddr *addr,
5285 int holds_lock)
5286 {
5287 struct sctp_laddr *laddr;
5288
5289 if (holds_lock == 0) {
5290 SCTP_INP_RLOCK(inp);
5291 }
5292
5293 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
5294 if (laddr->ifa == NULL)
5295 continue;
5296 if (addr->sa_family != laddr->ifa->address.sa.sa_family)
5297 continue;
5298 #ifdef INET
5299 if (addr->sa_family == AF_INET) {
5300 if (((struct sockaddr_in *)addr)->sin_addr.s_addr ==
5301 laddr->ifa->address.sin.sin_addr.s_addr) {
5302 /* found him. */
5303 break;
5304 }
5305 }
5306 #endif
5307 #ifdef INET6
5308 if (addr->sa_family == AF_INET6) {
5309 if (SCTP6_ARE_ADDR_EQUAL((struct sockaddr_in6 *)addr,
5310 &laddr->ifa->address.sin6)) {
5311 /* found him. */
5312 break;
5313 }
5314 }
5315 #endif
5316 }
5317 if (holds_lock == 0) {
5318 SCTP_INP_RUNLOCK(inp);
5319 }
5320 if (laddr != NULL) {
5321 return (laddr->ifa);
5322 } else {
5323 return (NULL);
5324 }
5325 }
5326
5327 uint32_t
sctp_get_ifa_hash_val(struct sockaddr * addr)5328 sctp_get_ifa_hash_val(struct sockaddr *addr)
5329 {
5330 switch (addr->sa_family) {
5331 #ifdef INET
5332 case AF_INET:
5333 {
5334 struct sockaddr_in *sin;
5335
5336 sin = (struct sockaddr_in *)addr;
5337 return (sin->sin_addr.s_addr ^ (sin->sin_addr.s_addr >> 16));
5338 }
5339 #endif
5340 #ifdef INET6
5341 case AF_INET6:
5342 {
5343 struct sockaddr_in6 *sin6;
5344 uint32_t hash_of_addr;
5345
5346 sin6 = (struct sockaddr_in6 *)addr;
5347 hash_of_addr = (sin6->sin6_addr.s6_addr32[0] +
5348 sin6->sin6_addr.s6_addr32[1] +
5349 sin6->sin6_addr.s6_addr32[2] +
5350 sin6->sin6_addr.s6_addr32[3]);
5351 hash_of_addr = (hash_of_addr ^ (hash_of_addr >> 16));
5352 return (hash_of_addr);
5353 }
5354 #endif
5355 default:
5356 break;
5357 }
5358 return (0);
5359 }
5360
5361 struct sctp_ifa *
sctp_find_ifa_by_addr(struct sockaddr * addr,uint32_t vrf_id,int holds_lock)5362 sctp_find_ifa_by_addr(struct sockaddr *addr, uint32_t vrf_id, int holds_lock)
5363 {
5364 struct sctp_ifa *sctp_ifap;
5365 struct sctp_vrf *vrf;
5366 struct sctp_ifalist *hash_head;
5367 uint32_t hash_of_addr;
5368
5369 if (holds_lock == 0) {
5370 SCTP_IPI_ADDR_RLOCK();
5371 } else {
5372 SCTP_IPI_ADDR_LOCK_ASSERT();
5373 }
5374
5375 vrf = sctp_find_vrf(vrf_id);
5376 if (vrf == NULL) {
5377 if (holds_lock == 0)
5378 SCTP_IPI_ADDR_RUNLOCK();
5379 return (NULL);
5380 }
5381
5382 hash_of_addr = sctp_get_ifa_hash_val(addr);
5383
5384 hash_head = &vrf->vrf_addr_hash[(hash_of_addr & vrf->vrf_addr_hashmark)];
5385 if (hash_head == NULL) {
5386 SCTP_PRINTF("hash_of_addr:%x mask:%x table:%x - ",
5387 hash_of_addr, (uint32_t)vrf->vrf_addr_hashmark,
5388 (uint32_t)(hash_of_addr & vrf->vrf_addr_hashmark));
5389 sctp_print_address(addr);
5390 SCTP_PRINTF("No such bucket for address\n");
5391 if (holds_lock == 0)
5392 SCTP_IPI_ADDR_RUNLOCK();
5393
5394 return (NULL);
5395 }
5396 LIST_FOREACH(sctp_ifap, hash_head, next_bucket) {
5397 if (addr->sa_family != sctp_ifap->address.sa.sa_family)
5398 continue;
5399 #ifdef INET
5400 if (addr->sa_family == AF_INET) {
5401 if (((struct sockaddr_in *)addr)->sin_addr.s_addr ==
5402 sctp_ifap->address.sin.sin_addr.s_addr) {
5403 /* found him. */
5404 break;
5405 }
5406 }
5407 #endif
5408 #ifdef INET6
5409 if (addr->sa_family == AF_INET6) {
5410 if (SCTP6_ARE_ADDR_EQUAL((struct sockaddr_in6 *)addr,
5411 &sctp_ifap->address.sin6)) {
5412 /* found him. */
5413 break;
5414 }
5415 }
5416 #endif
5417 }
5418 if (holds_lock == 0)
5419 SCTP_IPI_ADDR_RUNLOCK();
5420 return (sctp_ifap);
5421 }
5422
5423 static void
sctp_user_rcvd(struct sctp_tcb * stcb,uint32_t * freed_so_far,int hold_rlock,uint32_t rwnd_req)5424 sctp_user_rcvd(struct sctp_tcb *stcb, uint32_t *freed_so_far, int hold_rlock,
5425 uint32_t rwnd_req)
5426 {
5427 /* User pulled some data, do we need a rwnd update? */
5428 struct epoch_tracker et;
5429 int r_unlocked = 0;
5430 uint32_t dif, rwnd;
5431 struct socket *so = NULL;
5432
5433 if (stcb == NULL)
5434 return;
5435
5436 atomic_add_int(&stcb->asoc.refcnt, 1);
5437
5438 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) ||
5439 (stcb->asoc.state & (SCTP_STATE_ABOUT_TO_BE_FREED | SCTP_STATE_SHUTDOWN_RECEIVED))) {
5440 /* Pre-check If we are freeing no update */
5441 goto no_lock;
5442 }
5443 SCTP_INP_INCR_REF(stcb->sctp_ep);
5444 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
5445 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
5446 goto out;
5447 }
5448 so = stcb->sctp_socket;
5449 if (so == NULL) {
5450 goto out;
5451 }
5452 atomic_add_int(&stcb->freed_by_sorcv_sincelast, *freed_so_far);
5453 /* Have you have freed enough to look */
5454 *freed_so_far = 0;
5455 /* Yep, its worth a look and the lock overhead */
5456
5457 /* Figure out what the rwnd would be */
5458 rwnd = sctp_calc_rwnd(stcb, &stcb->asoc);
5459 if (rwnd >= stcb->asoc.my_last_reported_rwnd) {
5460 dif = rwnd - stcb->asoc.my_last_reported_rwnd;
5461 } else {
5462 dif = 0;
5463 }
5464 if (dif >= rwnd_req) {
5465 if (hold_rlock) {
5466 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
5467 r_unlocked = 1;
5468 }
5469 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
5470 /*
5471 * One last check before we allow the guy possibly
5472 * to get in. There is a race, where the guy has not
5473 * reached the gate. In that case
5474 */
5475 goto out;
5476 }
5477 SCTP_TCB_LOCK(stcb);
5478 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
5479 /* No reports here */
5480 SCTP_TCB_UNLOCK(stcb);
5481 goto out;
5482 }
5483 SCTP_STAT_INCR(sctps_wu_sacks_sent);
5484 NET_EPOCH_ENTER(et);
5485 sctp_send_sack(stcb, SCTP_SO_LOCKED);
5486
5487 sctp_chunk_output(stcb->sctp_ep, stcb,
5488 SCTP_OUTPUT_FROM_USR_RCVD, SCTP_SO_LOCKED);
5489 /* make sure no timer is running */
5490 NET_EPOCH_EXIT(et);
5491 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL,
5492 SCTP_FROM_SCTPUTIL + SCTP_LOC_6);
5493 SCTP_TCB_UNLOCK(stcb);
5494 } else {
5495 /* Update how much we have pending */
5496 stcb->freed_by_sorcv_sincelast = dif;
5497 }
5498 out:
5499 if (so && r_unlocked && hold_rlock) {
5500 SCTP_INP_READ_LOCK(stcb->sctp_ep);
5501 }
5502
5503 SCTP_INP_DECR_REF(stcb->sctp_ep);
5504 no_lock:
5505 atomic_subtract_int(&stcb->asoc.refcnt, 1);
5506 return;
5507 }
5508
5509 int
sctp_sorecvmsg(struct socket * so,struct uio * uio,struct mbuf ** mp,struct sockaddr * from,int fromlen,int * msg_flags,struct sctp_sndrcvinfo * sinfo,int filling_sinfo)5510 sctp_sorecvmsg(struct socket *so,
5511 struct uio *uio,
5512 struct mbuf **mp,
5513 struct sockaddr *from,
5514 int fromlen,
5515 int *msg_flags,
5516 struct sctp_sndrcvinfo *sinfo,
5517 int filling_sinfo)
5518 {
5519 /*
5520 * MSG flags we will look at MSG_DONTWAIT - non-blocking IO.
5521 * MSG_PEEK - Look don't touch :-D (only valid with OUT mbuf copy
5522 * mp=NULL thus uio is the copy method to userland) MSG_WAITALL - ??
5523 * On the way out we may send out any combination of:
5524 * MSG_NOTIFICATION MSG_EOR
5525 *
5526 */
5527 struct sctp_inpcb *inp = NULL;
5528 ssize_t my_len = 0;
5529 ssize_t cp_len = 0;
5530 int error = 0;
5531 struct sctp_queued_to_read *control = NULL, *ctl = NULL, *nxt = NULL;
5532 struct mbuf *m = NULL;
5533 struct sctp_tcb *stcb = NULL;
5534 int wakeup_read_socket = 0;
5535 int freecnt_applied = 0;
5536 int out_flags = 0, in_flags = 0;
5537 int block_allowed = 1;
5538 uint32_t freed_so_far = 0;
5539 ssize_t copied_so_far = 0;
5540 int in_eeor_mode = 0;
5541 int no_rcv_needed = 0;
5542 uint32_t rwnd_req = 0;
5543 int hold_sblock = 0;
5544 int hold_rlock = 0;
5545 ssize_t slen = 0;
5546 uint32_t held_length = 0;
5547 int sockbuf_lock = 0;
5548
5549 if (uio == NULL) {
5550 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
5551 return (EINVAL);
5552 }
5553
5554 if (msg_flags) {
5555 in_flags = *msg_flags;
5556 if (in_flags & MSG_PEEK)
5557 SCTP_STAT_INCR(sctps_read_peeks);
5558 } else {
5559 in_flags = 0;
5560 }
5561 slen = uio->uio_resid;
5562
5563 /* Pull in and set up our int flags */
5564 if (in_flags & MSG_OOB) {
5565 /* Out of band's NOT supported */
5566 return (EOPNOTSUPP);
5567 }
5568 if ((in_flags & MSG_PEEK) && (mp != NULL)) {
5569 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
5570 return (EINVAL);
5571 }
5572 if ((in_flags & (MSG_DONTWAIT
5573 | MSG_NBIO
5574 )) ||
5575 SCTP_SO_IS_NBIO(so)) {
5576 block_allowed = 0;
5577 }
5578 /* setup the endpoint */
5579 inp = (struct sctp_inpcb *)so->so_pcb;
5580 if (inp == NULL) {
5581 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EFAULT);
5582 return (EFAULT);
5583 }
5584 rwnd_req = (SCTP_SB_LIMIT_RCV(so) >> SCTP_RWND_HIWAT_SHIFT);
5585 /* Must be at least a MTU's worth */
5586 if (rwnd_req < SCTP_MIN_RWND)
5587 rwnd_req = SCTP_MIN_RWND;
5588 in_eeor_mode = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR);
5589 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) {
5590 sctp_misc_ints(SCTP_SORECV_ENTER,
5591 rwnd_req, in_eeor_mode, SCTP_SBAVAIL(&so->so_rcv), (uint32_t)uio->uio_resid);
5592 }
5593 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) {
5594 sctp_misc_ints(SCTP_SORECV_ENTERPL,
5595 rwnd_req, block_allowed, SCTP_SBAVAIL(&so->so_rcv), (uint32_t)uio->uio_resid);
5596 }
5597
5598 error = SOCK_IO_RECV_LOCK(so, SBLOCKWAIT(in_flags));
5599 if (error) {
5600 goto release_unlocked;
5601 }
5602 sockbuf_lock = 1;
5603 restart:
5604
5605 restart_nosblocks:
5606 if (hold_sblock == 0) {
5607 SOCKBUF_LOCK(&so->so_rcv);
5608 hold_sblock = 1;
5609 }
5610 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
5611 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
5612 goto out;
5613 }
5614 if ((so->so_rcv.sb_state & SBS_CANTRCVMORE) && SCTP_SBAVAIL(&so->so_rcv) == 0) {
5615 if (so->so_error) {
5616 error = so->so_error;
5617 if ((in_flags & MSG_PEEK) == 0)
5618 so->so_error = 0;
5619 goto out;
5620 } else {
5621 if (SCTP_SBAVAIL(&so->so_rcv) == 0) {
5622 /* indicate EOF */
5623 error = 0;
5624 goto out;
5625 }
5626 }
5627 }
5628 if (SCTP_SBAVAIL(&so->so_rcv) <= held_length) {
5629 if (so->so_error) {
5630 error = so->so_error;
5631 if ((in_flags & MSG_PEEK) == 0) {
5632 so->so_error = 0;
5633 }
5634 goto out;
5635 }
5636 if ((SCTP_SBAVAIL(&so->so_rcv) == 0) &&
5637 ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
5638 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL))) {
5639 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0) {
5640 /*
5641 * For active open side clear flags for
5642 * re-use passive open is blocked by
5643 * connect.
5644 */
5645 if (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED) {
5646 /*
5647 * You were aborted, passive side
5648 * always hits here
5649 */
5650 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ECONNRESET);
5651 error = ECONNRESET;
5652 }
5653 so->so_state &= ~(SS_ISCONNECTING |
5654 SS_ISDISCONNECTING |
5655 SS_ISCONFIRMING |
5656 SS_ISCONNECTED);
5657 if (error == 0) {
5658 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) == 0) {
5659 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOTCONN);
5660 error = ENOTCONN;
5661 }
5662 }
5663 goto out;
5664 }
5665 }
5666 if (block_allowed) {
5667 error = sbwait(&so->so_rcv);
5668 if (error) {
5669 goto out;
5670 }
5671 held_length = 0;
5672 goto restart_nosblocks;
5673 } else {
5674 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EWOULDBLOCK);
5675 error = EWOULDBLOCK;
5676 goto out;
5677 }
5678 }
5679 if (hold_sblock == 1) {
5680 SOCKBUF_UNLOCK(&so->so_rcv);
5681 hold_sblock = 0;
5682 }
5683 /* we possibly have data we can read */
5684 /* sa_ignore FREED_MEMORY */
5685 control = TAILQ_FIRST(&inp->read_queue);
5686 if (control == NULL) {
5687 /*
5688 * This could be happening since the appender did the
5689 * increment but as not yet did the tailq insert onto the
5690 * read_queue
5691 */
5692 if (hold_rlock == 0) {
5693 SCTP_INP_READ_LOCK(inp);
5694 }
5695 control = TAILQ_FIRST(&inp->read_queue);
5696 if ((control == NULL) && (SCTP_SBAVAIL(&so->so_rcv) > 0)) {
5697 #ifdef INVARIANTS
5698 panic("Huh, its non zero and nothing on control?");
5699 #endif
5700 SCTP_SB_CLEAR(so->so_rcv);
5701 }
5702 SCTP_INP_READ_UNLOCK(inp);
5703 hold_rlock = 0;
5704 goto restart;
5705 }
5706
5707 if ((control->length == 0) &&
5708 (control->do_not_ref_stcb)) {
5709 /*
5710 * Clean up code for freeing assoc that left behind a
5711 * pdapi.. maybe a peer in EEOR that just closed after
5712 * sending and never indicated a EOR.
5713 */
5714 if (hold_rlock == 0) {
5715 hold_rlock = 1;
5716 SCTP_INP_READ_LOCK(inp);
5717 }
5718 control->held_length = 0;
5719 if (control->data) {
5720 /* Hmm there is data here .. fix */
5721 struct mbuf *m_tmp;
5722 int cnt = 0;
5723
5724 m_tmp = control->data;
5725 while (m_tmp) {
5726 cnt += SCTP_BUF_LEN(m_tmp);
5727 if (SCTP_BUF_NEXT(m_tmp) == NULL) {
5728 control->tail_mbuf = m_tmp;
5729 control->end_added = 1;
5730 }
5731 m_tmp = SCTP_BUF_NEXT(m_tmp);
5732 }
5733 control->length = cnt;
5734 } else {
5735 /* remove it */
5736 TAILQ_REMOVE(&inp->read_queue, control, next);
5737 /* Add back any hidden data */
5738 sctp_free_remote_addr(control->whoFrom);
5739 sctp_free_a_readq(stcb, control);
5740 }
5741 if (hold_rlock) {
5742 hold_rlock = 0;
5743 SCTP_INP_READ_UNLOCK(inp);
5744 }
5745 goto restart;
5746 }
5747 if ((control->length == 0) &&
5748 (control->end_added == 1)) {
5749 /*
5750 * Do we also need to check for (control->pdapi_aborted ==
5751 * 1)?
5752 */
5753 if (hold_rlock == 0) {
5754 hold_rlock = 1;
5755 SCTP_INP_READ_LOCK(inp);
5756 }
5757 TAILQ_REMOVE(&inp->read_queue, control, next);
5758 if (control->data) {
5759 #ifdef INVARIANTS
5760 panic("control->data not null but control->length == 0");
5761 #else
5762 SCTP_PRINTF("Strange, data left in the control buffer. Cleaning up.\n");
5763 sctp_m_freem(control->data);
5764 control->data = NULL;
5765 #endif
5766 }
5767 if (control->aux_data) {
5768 sctp_m_free(control->aux_data);
5769 control->aux_data = NULL;
5770 }
5771 #ifdef INVARIANTS
5772 if (control->on_strm_q) {
5773 panic("About to free ctl:%p so:%p and its in %d",
5774 control, so, control->on_strm_q);
5775 }
5776 #endif
5777 sctp_free_remote_addr(control->whoFrom);
5778 sctp_free_a_readq(stcb, control);
5779 if (hold_rlock) {
5780 hold_rlock = 0;
5781 SCTP_INP_READ_UNLOCK(inp);
5782 }
5783 goto restart;
5784 }
5785 if (control->length == 0) {
5786 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE)) &&
5787 (filling_sinfo)) {
5788 /* find a more suitable one then this */
5789 ctl = TAILQ_NEXT(control, next);
5790 while (ctl) {
5791 if ((ctl->stcb != control->stcb) && (ctl->length) &&
5792 (ctl->some_taken ||
5793 (ctl->spec_flags & M_NOTIFICATION) ||
5794 ((ctl->do_not_ref_stcb == 0) &&
5795 (ctl->stcb->asoc.strmin[ctl->sinfo_stream].delivery_started == 0)))
5796 ) {
5797 /*-
5798 * If we have a different TCB next, and there is data
5799 * present. If we have already taken some (pdapi), OR we can
5800 * ref the tcb and no delivery as started on this stream, we
5801 * take it. Note we allow a notification on a different
5802 * assoc to be delivered..
5803 */
5804 control = ctl;
5805 goto found_one;
5806 } else if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS)) &&
5807 (ctl->length) &&
5808 ((ctl->some_taken) ||
5809 ((ctl->do_not_ref_stcb == 0) &&
5810 ((ctl->spec_flags & M_NOTIFICATION) == 0) &&
5811 (ctl->stcb->asoc.strmin[ctl->sinfo_stream].delivery_started == 0)))) {
5812 /*-
5813 * If we have the same tcb, and there is data present, and we
5814 * have the strm interleave feature present. Then if we have
5815 * taken some (pdapi) or we can refer to tht tcb AND we have
5816 * not started a delivery for this stream, we can take it.
5817 * Note we do NOT allow a notification on the same assoc to
5818 * be delivered.
5819 */
5820 control = ctl;
5821 goto found_one;
5822 }
5823 ctl = TAILQ_NEXT(ctl, next);
5824 }
5825 }
5826 /*
5827 * if we reach here, not suitable replacement is available
5828 * <or> fragment interleave is NOT on. So stuff the sb_cc
5829 * into the our held count, and its time to sleep again.
5830 */
5831 held_length = SCTP_SBAVAIL(&so->so_rcv);
5832 control->held_length = SCTP_SBAVAIL(&so->so_rcv);
5833 goto restart;
5834 }
5835 /* Clear the held length since there is something to read */
5836 control->held_length = 0;
5837 found_one:
5838 /*
5839 * If we reach here, control has a some data for us to read off.
5840 * Note that stcb COULD be NULL.
5841 */
5842 if (hold_rlock == 0) {
5843 hold_rlock = 1;
5844 SCTP_INP_READ_LOCK(inp);
5845 }
5846 control->some_taken++;
5847 stcb = control->stcb;
5848 if (stcb) {
5849 if ((control->do_not_ref_stcb == 0) &&
5850 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED)) {
5851 if (freecnt_applied == 0)
5852 stcb = NULL;
5853 } else if (control->do_not_ref_stcb == 0) {
5854 /* you can't free it on me please */
5855 /*
5856 * The lock on the socket buffer protects us so the
5857 * free code will stop. But since we used the
5858 * socketbuf lock and the sender uses the tcb_lock
5859 * to increment, we need to use the atomic add to
5860 * the refcnt
5861 */
5862 if (freecnt_applied) {
5863 #ifdef INVARIANTS
5864 panic("refcnt already incremented");
5865 #else
5866 SCTP_PRINTF("refcnt already incremented?\n");
5867 #endif
5868 } else {
5869 atomic_add_int(&stcb->asoc.refcnt, 1);
5870 freecnt_applied = 1;
5871 }
5872 /*
5873 * Setup to remember how much we have not yet told
5874 * the peer our rwnd has opened up. Note we grab the
5875 * value from the tcb from last time. Note too that
5876 * sack sending clears this when a sack is sent,
5877 * which is fine. Once we hit the rwnd_req, we then
5878 * will go to the sctp_user_rcvd() that will not
5879 * lock until it KNOWs it MUST send a WUP-SACK.
5880 */
5881 freed_so_far = (uint32_t)stcb->freed_by_sorcv_sincelast;
5882 stcb->freed_by_sorcv_sincelast = 0;
5883 }
5884 }
5885 if (stcb &&
5886 ((control->spec_flags & M_NOTIFICATION) == 0) &&
5887 control->do_not_ref_stcb == 0) {
5888 stcb->asoc.strmin[control->sinfo_stream].delivery_started = 1;
5889 }
5890
5891 /* First lets get off the sinfo and sockaddr info */
5892 if ((sinfo != NULL) && (filling_sinfo != 0)) {
5893 sinfo->sinfo_stream = control->sinfo_stream;
5894 sinfo->sinfo_ssn = (uint16_t)control->mid;
5895 sinfo->sinfo_flags = control->sinfo_flags;
5896 sinfo->sinfo_ppid = control->sinfo_ppid;
5897 sinfo->sinfo_context = control->sinfo_context;
5898 sinfo->sinfo_timetolive = control->sinfo_timetolive;
5899 sinfo->sinfo_tsn = control->sinfo_tsn;
5900 sinfo->sinfo_cumtsn = control->sinfo_cumtsn;
5901 sinfo->sinfo_assoc_id = control->sinfo_assoc_id;
5902 nxt = TAILQ_NEXT(control, next);
5903 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO) ||
5904 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) {
5905 struct sctp_extrcvinfo *s_extra;
5906
5907 s_extra = (struct sctp_extrcvinfo *)sinfo;
5908 if ((nxt) &&
5909 (nxt->length)) {
5910 s_extra->serinfo_next_flags = SCTP_NEXT_MSG_AVAIL;
5911 if (nxt->sinfo_flags & SCTP_UNORDERED) {
5912 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_IS_UNORDERED;
5913 }
5914 if (nxt->spec_flags & M_NOTIFICATION) {
5915 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_IS_NOTIFICATION;
5916 }
5917 s_extra->serinfo_next_aid = nxt->sinfo_assoc_id;
5918 s_extra->serinfo_next_length = nxt->length;
5919 s_extra->serinfo_next_ppid = nxt->sinfo_ppid;
5920 s_extra->serinfo_next_stream = nxt->sinfo_stream;
5921 if (nxt->tail_mbuf != NULL) {
5922 if (nxt->end_added) {
5923 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_ISCOMPLETE;
5924 }
5925 }
5926 } else {
5927 /*
5928 * we explicitly 0 this, since the memcpy
5929 * got some other things beyond the older
5930 * sinfo_ that is on the control's structure
5931 * :-D
5932 */
5933 nxt = NULL;
5934 s_extra->serinfo_next_flags = SCTP_NO_NEXT_MSG;
5935 s_extra->serinfo_next_aid = 0;
5936 s_extra->serinfo_next_length = 0;
5937 s_extra->serinfo_next_ppid = 0;
5938 s_extra->serinfo_next_stream = 0;
5939 }
5940 }
5941 /*
5942 * update off the real current cum-ack, if we have an stcb.
5943 */
5944 if ((control->do_not_ref_stcb == 0) && stcb)
5945 sinfo->sinfo_cumtsn = stcb->asoc.cumulative_tsn;
5946 /*
5947 * mask off the high bits, we keep the actual chunk bits in
5948 * there.
5949 */
5950 sinfo->sinfo_flags &= 0x00ff;
5951 if ((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED) {
5952 sinfo->sinfo_flags |= SCTP_UNORDERED;
5953 }
5954 }
5955 #ifdef SCTP_ASOCLOG_OF_TSNS
5956 {
5957 int index, newindex;
5958 struct sctp_pcbtsn_rlog *entry;
5959
5960 do {
5961 index = inp->readlog_index;
5962 newindex = index + 1;
5963 if (newindex >= SCTP_READ_LOG_SIZE) {
5964 newindex = 0;
5965 }
5966 } while (atomic_cmpset_int(&inp->readlog_index, index, newindex) == 0);
5967 entry = &inp->readlog[index];
5968 entry->vtag = control->sinfo_assoc_id;
5969 entry->strm = control->sinfo_stream;
5970 entry->seq = (uint16_t)control->mid;
5971 entry->sz = control->length;
5972 entry->flgs = control->sinfo_flags;
5973 }
5974 #endif
5975 if ((fromlen > 0) && (from != NULL)) {
5976 union sctp_sockstore store;
5977 size_t len;
5978
5979 switch (control->whoFrom->ro._l_addr.sa.sa_family) {
5980 #ifdef INET6
5981 case AF_INET6:
5982 len = sizeof(struct sockaddr_in6);
5983 store.sin6 = control->whoFrom->ro._l_addr.sin6;
5984 store.sin6.sin6_port = control->port_from;
5985 break;
5986 #endif
5987 #ifdef INET
5988 case AF_INET:
5989 #ifdef INET6
5990 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NEEDS_MAPPED_V4)) {
5991 len = sizeof(struct sockaddr_in6);
5992 in6_sin_2_v4mapsin6(&control->whoFrom->ro._l_addr.sin,
5993 &store.sin6);
5994 store.sin6.sin6_port = control->port_from;
5995 } else {
5996 len = sizeof(struct sockaddr_in);
5997 store.sin = control->whoFrom->ro._l_addr.sin;
5998 store.sin.sin_port = control->port_from;
5999 }
6000 #else
6001 len = sizeof(struct sockaddr_in);
6002 store.sin = control->whoFrom->ro._l_addr.sin;
6003 store.sin.sin_port = control->port_from;
6004 #endif
6005 break;
6006 #endif
6007 default:
6008 len = 0;
6009 break;
6010 }
6011 memcpy(from, &store, min((size_t)fromlen, len));
6012 #ifdef INET6
6013 {
6014 struct sockaddr_in6 lsa6, *from6;
6015
6016 from6 = (struct sockaddr_in6 *)from;
6017 sctp_recover_scope_mac(from6, (&lsa6));
6018 }
6019 #endif
6020 }
6021 if (hold_rlock) {
6022 SCTP_INP_READ_UNLOCK(inp);
6023 hold_rlock = 0;
6024 }
6025 if (hold_sblock) {
6026 SOCKBUF_UNLOCK(&so->so_rcv);
6027 hold_sblock = 0;
6028 }
6029 /* now copy out what data we can */
6030 if (mp == NULL) {
6031 /* copy out each mbuf in the chain up to length */
6032 get_more_data:
6033 m = control->data;
6034 while (m) {
6035 /* Move out all we can */
6036 cp_len = uio->uio_resid;
6037 my_len = SCTP_BUF_LEN(m);
6038 if (cp_len > my_len) {
6039 /* not enough in this buf */
6040 cp_len = my_len;
6041 }
6042 if (hold_rlock) {
6043 SCTP_INP_READ_UNLOCK(inp);
6044 hold_rlock = 0;
6045 }
6046 if (cp_len > 0)
6047 error = uiomove(mtod(m, char *), (int)cp_len, uio);
6048 /* re-read */
6049 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
6050 goto release;
6051 }
6052
6053 if ((control->do_not_ref_stcb == 0) && stcb &&
6054 stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
6055 no_rcv_needed = 1;
6056 }
6057 if (error) {
6058 /* error we are out of here */
6059 goto release;
6060 }
6061 SCTP_INP_READ_LOCK(inp);
6062 hold_rlock = 1;
6063 if (cp_len == SCTP_BUF_LEN(m)) {
6064 if ((SCTP_BUF_NEXT(m) == NULL) &&
6065 (control->end_added)) {
6066 out_flags |= MSG_EOR;
6067 if ((control->do_not_ref_stcb == 0) &&
6068 (control->stcb != NULL) &&
6069 ((control->spec_flags & M_NOTIFICATION) == 0))
6070 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0;
6071 }
6072 if (control->spec_flags & M_NOTIFICATION) {
6073 out_flags |= MSG_NOTIFICATION;
6074 }
6075 /* we ate up the mbuf */
6076 if (in_flags & MSG_PEEK) {
6077 /* just looking */
6078 m = SCTP_BUF_NEXT(m);
6079 copied_so_far += cp_len;
6080 } else {
6081 /* dispose of the mbuf */
6082 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) {
6083 sctp_sblog(&so->so_rcv,
6084 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m));
6085 }
6086 sctp_sbfree(control, stcb, &so->so_rcv, m);
6087 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) {
6088 sctp_sblog(&so->so_rcv,
6089 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0);
6090 }
6091 copied_so_far += cp_len;
6092 freed_so_far += (uint32_t)cp_len;
6093 freed_so_far += MSIZE;
6094 atomic_subtract_int(&control->length, (int)cp_len);
6095 control->data = sctp_m_free(m);
6096 m = control->data;
6097 /*
6098 * been through it all, must hold sb
6099 * lock ok to null tail
6100 */
6101 if (control->data == NULL) {
6102 #ifdef INVARIANTS
6103 if ((control->end_added == 0) ||
6104 (TAILQ_NEXT(control, next) == NULL)) {
6105 /*
6106 * If the end is not
6107 * added, OR the
6108 * next is NOT null
6109 * we MUST have the
6110 * lock.
6111 */
6112 if (mtx_owned(&inp->inp_rdata_mtx) == 0) {
6113 panic("Hmm we don't own the lock?");
6114 }
6115 }
6116 #endif
6117 control->tail_mbuf = NULL;
6118 #ifdef INVARIANTS
6119 if ((control->end_added) && ((out_flags & MSG_EOR) == 0)) {
6120 panic("end_added, nothing left and no MSG_EOR");
6121 }
6122 #endif
6123 }
6124 }
6125 } else {
6126 /* Do we need to trim the mbuf? */
6127 if (control->spec_flags & M_NOTIFICATION) {
6128 out_flags |= MSG_NOTIFICATION;
6129 }
6130 if ((in_flags & MSG_PEEK) == 0) {
6131 SCTP_BUF_RESV_UF(m, cp_len);
6132 SCTP_BUF_LEN(m) -= (int)cp_len;
6133 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) {
6134 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, (int)cp_len);
6135 }
6136 SCTP_SB_DECR(&so->so_rcv, cp_len);
6137 if ((control->do_not_ref_stcb == 0) &&
6138 stcb) {
6139 atomic_subtract_int(&stcb->asoc.sb_cc, (int)cp_len);
6140 }
6141 copied_so_far += cp_len;
6142 freed_so_far += (uint32_t)cp_len;
6143 freed_so_far += MSIZE;
6144 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) {
6145 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb,
6146 SCTP_LOG_SBRESULT, 0);
6147 }
6148 atomic_subtract_int(&control->length, (int)cp_len);
6149 } else {
6150 copied_so_far += cp_len;
6151 }
6152 }
6153 if ((out_flags & MSG_EOR) || (uio->uio_resid == 0)) {
6154 break;
6155 }
6156 if (((stcb) && (in_flags & MSG_PEEK) == 0) &&
6157 (control->do_not_ref_stcb == 0) &&
6158 (freed_so_far >= rwnd_req)) {
6159 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req);
6160 }
6161 } /* end while(m) */
6162 /*
6163 * At this point we have looked at it all and we either have
6164 * a MSG_EOR/or read all the user wants... <OR>
6165 * control->length == 0.
6166 */
6167 if ((out_flags & MSG_EOR) && ((in_flags & MSG_PEEK) == 0)) {
6168 /* we are done with this control */
6169 if (control->length == 0) {
6170 if (control->data) {
6171 #ifdef INVARIANTS
6172 panic("control->data not null at read eor?");
6173 #else
6174 SCTP_PRINTF("Strange, data left in the control buffer .. invariants would panic?\n");
6175 sctp_m_freem(control->data);
6176 control->data = NULL;
6177 #endif
6178 }
6179 done_with_control:
6180 if (hold_rlock == 0) {
6181 SCTP_INP_READ_LOCK(inp);
6182 hold_rlock = 1;
6183 }
6184 TAILQ_REMOVE(&inp->read_queue, control, next);
6185 /* Add back any hidden data */
6186 if (control->held_length) {
6187 held_length = 0;
6188 control->held_length = 0;
6189 wakeup_read_socket = 1;
6190 }
6191 if (control->aux_data) {
6192 sctp_m_free(control->aux_data);
6193 control->aux_data = NULL;
6194 }
6195 no_rcv_needed = control->do_not_ref_stcb;
6196 sctp_free_remote_addr(control->whoFrom);
6197 control->data = NULL;
6198 #ifdef INVARIANTS
6199 if (control->on_strm_q) {
6200 panic("About to free ctl:%p so:%p and its in %d",
6201 control, so, control->on_strm_q);
6202 }
6203 #endif
6204 sctp_free_a_readq(stcb, control);
6205 control = NULL;
6206 if ((freed_so_far >= rwnd_req) &&
6207 (no_rcv_needed == 0))
6208 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req);
6209
6210 } else {
6211 /*
6212 * The user did not read all of this
6213 * message, turn off the returned MSG_EOR
6214 * since we are leaving more behind on the
6215 * control to read.
6216 */
6217 #ifdef INVARIANTS
6218 if (control->end_added &&
6219 (control->data == NULL) &&
6220 (control->tail_mbuf == NULL)) {
6221 panic("Gak, control->length is corrupt?");
6222 }
6223 #endif
6224 no_rcv_needed = control->do_not_ref_stcb;
6225 out_flags &= ~MSG_EOR;
6226 }
6227 }
6228 if (out_flags & MSG_EOR) {
6229 goto release;
6230 }
6231 if ((uio->uio_resid == 0) ||
6232 ((in_eeor_mode) &&
6233 (copied_so_far >= max(so->so_rcv.sb_lowat, 1)))) {
6234 goto release;
6235 }
6236 /*
6237 * If I hit here the receiver wants more and this message is
6238 * NOT done (pd-api). So two questions. Can we block? if not
6239 * we are done. Did the user NOT set MSG_WAITALL?
6240 */
6241 if (block_allowed == 0) {
6242 goto release;
6243 }
6244 /*
6245 * We need to wait for more data a few things: - We don't
6246 * release the I/O lock so we don't get someone else
6247 * reading. - We must be sure to account for the case where
6248 * what is added is NOT to our control when we wakeup.
6249 */
6250
6251 /*
6252 * Do we need to tell the transport a rwnd update might be
6253 * needed before we go to sleep?
6254 */
6255 if (((stcb) && (in_flags & MSG_PEEK) == 0) &&
6256 ((freed_so_far >= rwnd_req) &&
6257 (control->do_not_ref_stcb == 0) &&
6258 (no_rcv_needed == 0))) {
6259 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req);
6260 }
6261 wait_some_more:
6262 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
6263 goto release;
6264 }
6265
6266 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)
6267 goto release;
6268
6269 if (hold_rlock == 1) {
6270 SCTP_INP_READ_UNLOCK(inp);
6271 hold_rlock = 0;
6272 }
6273 if (hold_sblock == 0) {
6274 SOCKBUF_LOCK(&so->so_rcv);
6275 hold_sblock = 1;
6276 }
6277 if ((copied_so_far) && (control->length == 0) &&
6278 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE))) {
6279 goto release;
6280 }
6281 if (SCTP_SBAVAIL(&so->so_rcv) <= control->held_length) {
6282 error = sbwait(&so->so_rcv);
6283 if (error) {
6284 goto release;
6285 }
6286 control->held_length = 0;
6287 }
6288 if (hold_sblock) {
6289 SOCKBUF_UNLOCK(&so->so_rcv);
6290 hold_sblock = 0;
6291 }
6292 if (control->length == 0) {
6293 /* still nothing here */
6294 if (control->end_added == 1) {
6295 /* he aborted, or is done i.e.did a shutdown */
6296 out_flags |= MSG_EOR;
6297 if (control->pdapi_aborted) {
6298 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0))
6299 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0;
6300
6301 out_flags |= MSG_TRUNC;
6302 } else {
6303 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0))
6304 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0;
6305 }
6306 goto done_with_control;
6307 }
6308 if (SCTP_SBAVAIL(&so->so_rcv) > held_length) {
6309 control->held_length = SCTP_SBAVAIL(&so->so_rcv);
6310 held_length = 0;
6311 }
6312 goto wait_some_more;
6313 } else if (control->data == NULL) {
6314 /*
6315 * we must re-sync since data is probably being
6316 * added
6317 */
6318 SCTP_INP_READ_LOCK(inp);
6319 if ((control->length > 0) && (control->data == NULL)) {
6320 /*
6321 * big trouble.. we have the lock and its
6322 * corrupt?
6323 */
6324 #ifdef INVARIANTS
6325 panic("Impossible data==NULL length !=0");
6326 #endif
6327 out_flags |= MSG_EOR;
6328 out_flags |= MSG_TRUNC;
6329 control->length = 0;
6330 SCTP_INP_READ_UNLOCK(inp);
6331 goto done_with_control;
6332 }
6333 SCTP_INP_READ_UNLOCK(inp);
6334 /* We will fall around to get more data */
6335 }
6336 goto get_more_data;
6337 } else {
6338 /*-
6339 * Give caller back the mbuf chain,
6340 * store in uio_resid the length
6341 */
6342 wakeup_read_socket = 0;
6343 if ((control->end_added == 0) ||
6344 (TAILQ_NEXT(control, next) == NULL)) {
6345 /* Need to get rlock */
6346 if (hold_rlock == 0) {
6347 SCTP_INP_READ_LOCK(inp);
6348 hold_rlock = 1;
6349 }
6350 }
6351 if (control->end_added) {
6352 out_flags |= MSG_EOR;
6353 if ((control->do_not_ref_stcb == 0) &&
6354 (control->stcb != NULL) &&
6355 ((control->spec_flags & M_NOTIFICATION) == 0))
6356 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0;
6357 }
6358 if (control->spec_flags & M_NOTIFICATION) {
6359 out_flags |= MSG_NOTIFICATION;
6360 }
6361 uio->uio_resid = control->length;
6362 *mp = control->data;
6363 m = control->data;
6364 while (m) {
6365 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) {
6366 sctp_sblog(&so->so_rcv,
6367 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m));
6368 }
6369 sctp_sbfree(control, stcb, &so->so_rcv, m);
6370 freed_so_far += (uint32_t)SCTP_BUF_LEN(m);
6371 freed_so_far += MSIZE;
6372 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) {
6373 sctp_sblog(&so->so_rcv,
6374 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0);
6375 }
6376 m = SCTP_BUF_NEXT(m);
6377 }
6378 control->data = control->tail_mbuf = NULL;
6379 control->length = 0;
6380 if (out_flags & MSG_EOR) {
6381 /* Done with this control */
6382 goto done_with_control;
6383 }
6384 }
6385 release:
6386 if (hold_rlock == 1) {
6387 SCTP_INP_READ_UNLOCK(inp);
6388 hold_rlock = 0;
6389 }
6390 if (hold_sblock == 1) {
6391 SOCKBUF_UNLOCK(&so->so_rcv);
6392 hold_sblock = 0;
6393 }
6394
6395 SOCK_IO_RECV_UNLOCK(so);
6396 sockbuf_lock = 0;
6397
6398 release_unlocked:
6399 if (hold_sblock) {
6400 SOCKBUF_UNLOCK(&so->so_rcv);
6401 hold_sblock = 0;
6402 }
6403 if ((stcb) && (in_flags & MSG_PEEK) == 0) {
6404 if ((freed_so_far >= rwnd_req) &&
6405 (control && (control->do_not_ref_stcb == 0)) &&
6406 (no_rcv_needed == 0))
6407 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req);
6408 }
6409 out:
6410 if (msg_flags) {
6411 *msg_flags = out_flags;
6412 }
6413 if (((out_flags & MSG_EOR) == 0) &&
6414 ((in_flags & MSG_PEEK) == 0) &&
6415 (sinfo) &&
6416 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO) ||
6417 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO))) {
6418 struct sctp_extrcvinfo *s_extra;
6419
6420 s_extra = (struct sctp_extrcvinfo *)sinfo;
6421 s_extra->serinfo_next_flags = SCTP_NO_NEXT_MSG;
6422 }
6423 if (hold_rlock == 1) {
6424 SCTP_INP_READ_UNLOCK(inp);
6425 }
6426 if (hold_sblock) {
6427 SOCKBUF_UNLOCK(&so->so_rcv);
6428 }
6429 if (sockbuf_lock) {
6430 SOCK_IO_RECV_UNLOCK(so);
6431 }
6432
6433 if (freecnt_applied) {
6434 /*
6435 * The lock on the socket buffer protects us so the free
6436 * code will stop. But since we used the socketbuf lock and
6437 * the sender uses the tcb_lock to increment, we need to use
6438 * the atomic add to the refcnt.
6439 */
6440 if (stcb == NULL) {
6441 #ifdef INVARIANTS
6442 panic("stcb for refcnt has gone NULL?");
6443 goto stage_left;
6444 #else
6445 goto stage_left;
6446 #endif
6447 }
6448 /* Save the value back for next time */
6449 stcb->freed_by_sorcv_sincelast = freed_so_far;
6450 atomic_subtract_int(&stcb->asoc.refcnt, 1);
6451 }
6452 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) {
6453 if (stcb) {
6454 sctp_misc_ints(SCTP_SORECV_DONE,
6455 freed_so_far,
6456 (uint32_t)((uio) ? (slen - uio->uio_resid) : slen),
6457 stcb->asoc.my_rwnd,
6458 SCTP_SBAVAIL(&so->so_rcv));
6459 } else {
6460 sctp_misc_ints(SCTP_SORECV_DONE,
6461 freed_so_far,
6462 (uint32_t)((uio) ? (slen - uio->uio_resid) : slen),
6463 0,
6464 SCTP_SBAVAIL(&so->so_rcv));
6465 }
6466 }
6467 stage_left:
6468 if (wakeup_read_socket) {
6469 sctp_sorwakeup(inp, so);
6470 }
6471 return (error);
6472 }
6473
6474 #ifdef SCTP_MBUF_LOGGING
6475 struct mbuf *
sctp_m_free(struct mbuf * m)6476 sctp_m_free(struct mbuf *m)
6477 {
6478 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
6479 sctp_log_mb(m, SCTP_MBUF_IFREE);
6480 }
6481 return (m_free(m));
6482 }
6483
6484 void
sctp_m_freem(struct mbuf * mb)6485 sctp_m_freem(struct mbuf *mb)
6486 {
6487 while (mb != NULL)
6488 mb = sctp_m_free(mb);
6489 }
6490
6491 #endif
6492
6493 int
sctp_dynamic_set_primary(struct sockaddr * sa,uint32_t vrf_id)6494 sctp_dynamic_set_primary(struct sockaddr *sa, uint32_t vrf_id)
6495 {
6496 /*
6497 * Given a local address. For all associations that holds the
6498 * address, request a peer-set-primary.
6499 */
6500 struct sctp_ifa *ifa;
6501 struct sctp_laddr *wi;
6502
6503 ifa = sctp_find_ifa_by_addr(sa, vrf_id, SCTP_ADDR_NOT_LOCKED);
6504 if (ifa == NULL) {
6505 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EADDRNOTAVAIL);
6506 return (EADDRNOTAVAIL);
6507 }
6508 /*
6509 * Now that we have the ifa we must awaken the iterator with this
6510 * message.
6511 */
6512 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
6513 if (wi == NULL) {
6514 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOMEM);
6515 return (ENOMEM);
6516 }
6517 /* Now incr the count and int wi structure */
6518 SCTP_INCR_LADDR_COUNT();
6519 memset(wi, 0, sizeof(*wi));
6520 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time);
6521 wi->ifa = ifa;
6522 wi->action = SCTP_SET_PRIM_ADDR;
6523 atomic_add_int(&ifa->refcount, 1);
6524
6525 /* Now add it to the work queue */
6526 SCTP_WQ_ADDR_LOCK();
6527 /*
6528 * Should this really be a tailq? As it is we will process the
6529 * newest first :-0
6530 */
6531 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr);
6532 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ,
6533 (struct sctp_inpcb *)NULL,
6534 (struct sctp_tcb *)NULL,
6535 (struct sctp_nets *)NULL);
6536 SCTP_WQ_ADDR_UNLOCK();
6537 return (0);
6538 }
6539
6540 int
sctp_soreceive(struct socket * so,struct sockaddr ** psa,struct uio * uio,struct mbuf ** mp0,struct mbuf ** controlp,int * flagsp)6541 sctp_soreceive(struct socket *so,
6542 struct sockaddr **psa,
6543 struct uio *uio,
6544 struct mbuf **mp0,
6545 struct mbuf **controlp,
6546 int *flagsp)
6547 {
6548 int error, fromlen;
6549 uint8_t sockbuf[256];
6550 struct sockaddr *from;
6551 struct sctp_extrcvinfo sinfo;
6552 int filling_sinfo = 1;
6553 int flags;
6554 struct sctp_inpcb *inp;
6555
6556 inp = (struct sctp_inpcb *)so->so_pcb;
6557 /* pickup the assoc we are reading from */
6558 if (inp == NULL) {
6559 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6560 return (EINVAL);
6561 }
6562 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT) &&
6563 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVRCVINFO) &&
6564 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) ||
6565 (controlp == NULL)) {
6566 /* user does not want the sndrcv ctl */
6567 filling_sinfo = 0;
6568 }
6569 if (psa) {
6570 from = (struct sockaddr *)sockbuf;
6571 fromlen = sizeof(sockbuf);
6572 from->sa_len = 0;
6573 } else {
6574 from = NULL;
6575 fromlen = 0;
6576 }
6577
6578 if (filling_sinfo) {
6579 memset(&sinfo, 0, sizeof(struct sctp_extrcvinfo));
6580 }
6581 if (flagsp != NULL) {
6582 flags = *flagsp;
6583 } else {
6584 flags = 0;
6585 }
6586 error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, &flags,
6587 (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo);
6588 if (flagsp != NULL) {
6589 *flagsp = flags;
6590 }
6591 if (controlp != NULL) {
6592 /* copy back the sinfo in a CMSG format */
6593 if (filling_sinfo && ((flags & MSG_NOTIFICATION) == 0)) {
6594 *controlp = sctp_build_ctl_nchunk(inp,
6595 (struct sctp_sndrcvinfo *)&sinfo);
6596 } else {
6597 *controlp = NULL;
6598 }
6599 }
6600 if (psa) {
6601 /* copy back the address info */
6602 if (from && from->sa_len) {
6603 *psa = sodupsockaddr(from, M_NOWAIT);
6604 } else {
6605 *psa = NULL;
6606 }
6607 }
6608 return (error);
6609 }
6610
6611 int
sctp_connectx_helper_add(struct sctp_tcb * stcb,struct sockaddr * addr,int totaddr,int * error)6612 sctp_connectx_helper_add(struct sctp_tcb *stcb, struct sockaddr *addr,
6613 int totaddr, int *error)
6614 {
6615 int added = 0;
6616 int i;
6617 struct sctp_inpcb *inp;
6618 struct sockaddr *sa;
6619 size_t incr = 0;
6620 #ifdef INET
6621 struct sockaddr_in *sin;
6622 #endif
6623 #ifdef INET6
6624 struct sockaddr_in6 *sin6;
6625 #endif
6626
6627 sa = addr;
6628 inp = stcb->sctp_ep;
6629 *error = 0;
6630 for (i = 0; i < totaddr; i++) {
6631 switch (sa->sa_family) {
6632 #ifdef INET
6633 case AF_INET:
6634 incr = sizeof(struct sockaddr_in);
6635 sin = (struct sockaddr_in *)sa;
6636 if ((sin->sin_addr.s_addr == INADDR_ANY) ||
6637 (sin->sin_addr.s_addr == INADDR_BROADCAST) ||
6638 IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) {
6639 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6640 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC,
6641 SCTP_FROM_SCTPUTIL + SCTP_LOC_7);
6642 *error = EINVAL;
6643 goto out_now;
6644 }
6645 if (sctp_add_remote_addr(stcb, sa, NULL, stcb->asoc.port,
6646 SCTP_DONOT_SETSCOPE,
6647 SCTP_ADDR_IS_CONFIRMED)) {
6648 /* assoc gone no un-lock */
6649 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOBUFS);
6650 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC,
6651 SCTP_FROM_SCTPUTIL + SCTP_LOC_8);
6652 *error = ENOBUFS;
6653 goto out_now;
6654 }
6655 added++;
6656 break;
6657 #endif
6658 #ifdef INET6
6659 case AF_INET6:
6660 incr = sizeof(struct sockaddr_in6);
6661 sin6 = (struct sockaddr_in6 *)sa;
6662 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) ||
6663 IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {
6664 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6665 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC,
6666 SCTP_FROM_SCTPUTIL + SCTP_LOC_9);
6667 *error = EINVAL;
6668 goto out_now;
6669 }
6670 if (sctp_add_remote_addr(stcb, sa, NULL, stcb->asoc.port,
6671 SCTP_DONOT_SETSCOPE,
6672 SCTP_ADDR_IS_CONFIRMED)) {
6673 /* assoc gone no un-lock */
6674 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOBUFS);
6675 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC,
6676 SCTP_FROM_SCTPUTIL + SCTP_LOC_10);
6677 *error = ENOBUFS;
6678 goto out_now;
6679 }
6680 added++;
6681 break;
6682 #endif
6683 default:
6684 break;
6685 }
6686 sa = (struct sockaddr *)((caddr_t)sa + incr);
6687 }
6688 out_now:
6689 return (added);
6690 }
6691
6692 int
sctp_connectx_helper_find(struct sctp_inpcb * inp,struct sockaddr * addr,unsigned int totaddr,unsigned int * num_v4,unsigned int * num_v6,unsigned int limit)6693 sctp_connectx_helper_find(struct sctp_inpcb *inp, struct sockaddr *addr,
6694 unsigned int totaddr,
6695 unsigned int *num_v4, unsigned int *num_v6,
6696 unsigned int limit)
6697 {
6698 struct sockaddr *sa;
6699 struct sctp_tcb *stcb;
6700 unsigned int incr, at, i;
6701
6702 at = 0;
6703 sa = addr;
6704 *num_v6 = *num_v4 = 0;
6705 /* account and validate addresses */
6706 if (totaddr == 0) {
6707 return (EINVAL);
6708 }
6709 for (i = 0; i < totaddr; i++) {
6710 if (at + sizeof(struct sockaddr) > limit) {
6711 return (EINVAL);
6712 }
6713 switch (sa->sa_family) {
6714 #ifdef INET
6715 case AF_INET:
6716 incr = (unsigned int)sizeof(struct sockaddr_in);
6717 if (sa->sa_len != incr) {
6718 return (EINVAL);
6719 }
6720 (*num_v4) += 1;
6721 break;
6722 #endif
6723 #ifdef INET6
6724 case AF_INET6:
6725 {
6726 struct sockaddr_in6 *sin6;
6727
6728 incr = (unsigned int)sizeof(struct sockaddr_in6);
6729 if (sa->sa_len != incr) {
6730 return (EINVAL);
6731 }
6732 sin6 = (struct sockaddr_in6 *)sa;
6733 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
6734 /* Must be non-mapped for connectx */
6735 return (EINVAL);
6736 }
6737 (*num_v6) += 1;
6738 break;
6739 }
6740 #endif
6741 default:
6742 return (EINVAL);
6743 }
6744 if ((at + incr) > limit) {
6745 return (EINVAL);
6746 }
6747 SCTP_INP_INCR_REF(inp);
6748 stcb = sctp_findassociation_ep_addr(&inp, sa, NULL, NULL, NULL);
6749 if (stcb != NULL) {
6750 SCTP_TCB_UNLOCK(stcb);
6751 return (EALREADY);
6752 } else {
6753 SCTP_INP_DECR_REF(inp);
6754 }
6755 at += incr;
6756 sa = (struct sockaddr *)((caddr_t)sa + incr);
6757 }
6758 return (0);
6759 }
6760
6761 /*
6762 * sctp_bindx(ADD) for one address.
6763 * assumes all arguments are valid/checked by caller.
6764 */
6765 void
sctp_bindx_add_address(struct socket * so,struct sctp_inpcb * inp,struct sockaddr * sa,uint32_t vrf_id,int * error,void * p)6766 sctp_bindx_add_address(struct socket *so, struct sctp_inpcb *inp,
6767 struct sockaddr *sa, uint32_t vrf_id, int *error,
6768 void *p)
6769 {
6770 #if defined(INET) && defined(INET6)
6771 struct sockaddr_in sin;
6772 #endif
6773 #ifdef INET6
6774 struct sockaddr_in6 *sin6;
6775 #endif
6776 #ifdef INET
6777 struct sockaddr_in *sinp;
6778 #endif
6779 struct sockaddr *addr_to_use;
6780 struct sctp_inpcb *lep;
6781 uint16_t port;
6782
6783 /* see if we're bound all already! */
6784 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
6785 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6786 *error = EINVAL;
6787 return;
6788 }
6789 switch (sa->sa_family) {
6790 #ifdef INET6
6791 case AF_INET6:
6792 if (sa->sa_len != sizeof(struct sockaddr_in6)) {
6793 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6794 *error = EINVAL;
6795 return;
6796 }
6797 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) {
6798 /* can only bind v6 on PF_INET6 sockets */
6799 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6800 *error = EINVAL;
6801 return;
6802 }
6803 sin6 = (struct sockaddr_in6 *)sa;
6804 port = sin6->sin6_port;
6805 #ifdef INET
6806 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
6807 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
6808 SCTP_IPV6_V6ONLY(inp)) {
6809 /* can't bind v4-mapped on PF_INET sockets */
6810 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6811 *error = EINVAL;
6812 return;
6813 }
6814 in6_sin6_2_sin(&sin, sin6);
6815 addr_to_use = (struct sockaddr *)&sin;
6816 } else {
6817 addr_to_use = sa;
6818 }
6819 #else
6820 addr_to_use = sa;
6821 #endif
6822 break;
6823 #endif
6824 #ifdef INET
6825 case AF_INET:
6826 if (sa->sa_len != sizeof(struct sockaddr_in)) {
6827 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6828 *error = EINVAL;
6829 return;
6830 }
6831 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
6832 SCTP_IPV6_V6ONLY(inp)) {
6833 /* can't bind v4 on PF_INET sockets */
6834 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6835 *error = EINVAL;
6836 return;
6837 }
6838 sinp = (struct sockaddr_in *)sa;
6839 port = sinp->sin_port;
6840 addr_to_use = sa;
6841 break;
6842 #endif
6843 default:
6844 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6845 *error = EINVAL;
6846 return;
6847 }
6848 if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) {
6849 if (p == NULL) {
6850 /* Can't get proc for Net/Open BSD */
6851 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6852 *error = EINVAL;
6853 return;
6854 }
6855 *error = sctp_inpcb_bind(so, addr_to_use, NULL, p);
6856 return;
6857 }
6858 /* Validate the incoming port. */
6859 if ((port != 0) && (port != inp->sctp_lport)) {
6860 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6861 *error = EINVAL;
6862 return;
6863 }
6864 lep = sctp_pcb_findep(addr_to_use, 1, 0, vrf_id);
6865 if (lep == NULL) {
6866 /* add the address */
6867 *error = sctp_addr_mgmt_ep_sa(inp, addr_to_use,
6868 SCTP_ADD_IP_ADDRESS, vrf_id);
6869 } else {
6870 if (lep != inp) {
6871 *error = EADDRINUSE;
6872 }
6873 SCTP_INP_DECR_REF(lep);
6874 }
6875 }
6876
6877 /*
6878 * sctp_bindx(DELETE) for one address.
6879 * assumes all arguments are valid/checked by caller.
6880 */
6881 void
sctp_bindx_delete_address(struct sctp_inpcb * inp,struct sockaddr * sa,uint32_t vrf_id,int * error)6882 sctp_bindx_delete_address(struct sctp_inpcb *inp,
6883 struct sockaddr *sa, uint32_t vrf_id, int *error)
6884 {
6885 struct sockaddr *addr_to_use;
6886 #if defined(INET) && defined(INET6)
6887 struct sockaddr_in6 *sin6;
6888 struct sockaddr_in sin;
6889 #endif
6890
6891 /* see if we're bound all already! */
6892 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
6893 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6894 *error = EINVAL;
6895 return;
6896 }
6897 switch (sa->sa_family) {
6898 #ifdef INET6
6899 case AF_INET6:
6900 if (sa->sa_len != sizeof(struct sockaddr_in6)) {
6901 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6902 *error = EINVAL;
6903 return;
6904 }
6905 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) {
6906 /* can only bind v6 on PF_INET6 sockets */
6907 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6908 *error = EINVAL;
6909 return;
6910 }
6911 #ifdef INET
6912 sin6 = (struct sockaddr_in6 *)sa;
6913 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
6914 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
6915 SCTP_IPV6_V6ONLY(inp)) {
6916 /* can't bind mapped-v4 on PF_INET sockets */
6917 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6918 *error = EINVAL;
6919 return;
6920 }
6921 in6_sin6_2_sin(&sin, sin6);
6922 addr_to_use = (struct sockaddr *)&sin;
6923 } else {
6924 addr_to_use = sa;
6925 }
6926 #else
6927 addr_to_use = sa;
6928 #endif
6929 break;
6930 #endif
6931 #ifdef INET
6932 case AF_INET:
6933 if (sa->sa_len != sizeof(struct sockaddr_in)) {
6934 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6935 *error = EINVAL;
6936 return;
6937 }
6938 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
6939 SCTP_IPV6_V6ONLY(inp)) {
6940 /* can't bind v4 on PF_INET sockets */
6941 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6942 *error = EINVAL;
6943 return;
6944 }
6945 addr_to_use = sa;
6946 break;
6947 #endif
6948 default:
6949 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL);
6950 *error = EINVAL;
6951 return;
6952 }
6953 /* No lock required mgmt_ep_sa does its own locking. */
6954 *error = sctp_addr_mgmt_ep_sa(inp, addr_to_use, SCTP_DEL_IP_ADDRESS,
6955 vrf_id);
6956 }
6957
6958 /*
6959 * returns the valid local address count for an assoc, taking into account
6960 * all scoping rules
6961 */
6962 int
sctp_local_addr_count(struct sctp_tcb * stcb)6963 sctp_local_addr_count(struct sctp_tcb *stcb)
6964 {
6965 int loopback_scope;
6966 #if defined(INET)
6967 int ipv4_local_scope, ipv4_addr_legal;
6968 #endif
6969 #if defined(INET6)
6970 int local_scope, site_scope, ipv6_addr_legal;
6971 #endif
6972 struct sctp_vrf *vrf;
6973 struct sctp_ifn *sctp_ifn;
6974 struct sctp_ifa *sctp_ifa;
6975 int count = 0;
6976
6977 /* Turn on all the appropriate scopes */
6978 loopback_scope = stcb->asoc.scope.loopback_scope;
6979 #if defined(INET)
6980 ipv4_local_scope = stcb->asoc.scope.ipv4_local_scope;
6981 ipv4_addr_legal = stcb->asoc.scope.ipv4_addr_legal;
6982 #endif
6983 #if defined(INET6)
6984 local_scope = stcb->asoc.scope.local_scope;
6985 site_scope = stcb->asoc.scope.site_scope;
6986 ipv6_addr_legal = stcb->asoc.scope.ipv6_addr_legal;
6987 #endif
6988 SCTP_IPI_ADDR_RLOCK();
6989 vrf = sctp_find_vrf(stcb->asoc.vrf_id);
6990 if (vrf == NULL) {
6991 /* no vrf, no addresses */
6992 SCTP_IPI_ADDR_RUNLOCK();
6993 return (0);
6994 }
6995
6996 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
6997 /*
6998 * bound all case: go through all ifns on the vrf
6999 */
7000 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) {
7001 if ((loopback_scope == 0) &&
7002 SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) {
7003 continue;
7004 }
7005 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
7006 if (sctp_is_addr_restricted(stcb, sctp_ifa))
7007 continue;
7008 switch (sctp_ifa->address.sa.sa_family) {
7009 #ifdef INET
7010 case AF_INET:
7011 if (ipv4_addr_legal) {
7012 struct sockaddr_in *sin;
7013
7014 sin = &sctp_ifa->address.sin;
7015 if (sin->sin_addr.s_addr == 0) {
7016 /*
7017 * skip unspecified
7018 * addrs
7019 */
7020 continue;
7021 }
7022 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred,
7023 &sin->sin_addr) != 0) {
7024 continue;
7025 }
7026 if ((ipv4_local_scope == 0) &&
7027 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) {
7028 continue;
7029 }
7030 /* count this one */
7031 count++;
7032 } else {
7033 continue;
7034 }
7035 break;
7036 #endif
7037 #ifdef INET6
7038 case AF_INET6:
7039 if (ipv6_addr_legal) {
7040 struct sockaddr_in6 *sin6;
7041
7042 sin6 = &sctp_ifa->address.sin6;
7043 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
7044 continue;
7045 }
7046 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred,
7047 &sin6->sin6_addr) != 0) {
7048 continue;
7049 }
7050 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
7051 if (local_scope == 0)
7052 continue;
7053 if (sin6->sin6_scope_id == 0) {
7054 if (sa6_recoverscope(sin6) != 0)
7055 /*
7056 *
7057 * bad
7058 * link
7059 *
7060 * local
7061 *
7062 * address
7063 */
7064 continue;
7065 }
7066 }
7067 if ((site_scope == 0) &&
7068 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) {
7069 continue;
7070 }
7071 /* count this one */
7072 count++;
7073 }
7074 break;
7075 #endif
7076 default:
7077 /* TSNH */
7078 break;
7079 }
7080 }
7081 }
7082 } else {
7083 /*
7084 * subset bound case
7085 */
7086 struct sctp_laddr *laddr;
7087
7088 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list,
7089 sctp_nxt_addr) {
7090 if (sctp_is_addr_restricted(stcb, laddr->ifa)) {
7091 continue;
7092 }
7093 /* count this one */
7094 count++;
7095 }
7096 }
7097 SCTP_IPI_ADDR_RUNLOCK();
7098 return (count);
7099 }
7100
7101 #if defined(SCTP_LOCAL_TRACE_BUF)
7102
7103 void
sctp_log_trace(uint32_t subsys,const char * str SCTP_UNUSED,uint32_t a,uint32_t b,uint32_t c,uint32_t d,uint32_t e,uint32_t f)7104 sctp_log_trace(uint32_t subsys, const char *str SCTP_UNUSED, uint32_t a, uint32_t b, uint32_t c, uint32_t d, uint32_t e, uint32_t f)
7105 {
7106 uint32_t saveindex, newindex;
7107
7108 do {
7109 saveindex = SCTP_BASE_SYSCTL(sctp_log).index;
7110 if (saveindex >= SCTP_MAX_LOGGING_SIZE) {
7111 newindex = 1;
7112 } else {
7113 newindex = saveindex + 1;
7114 }
7115 } while (atomic_cmpset_int(&SCTP_BASE_SYSCTL(sctp_log).index, saveindex, newindex) == 0);
7116 if (saveindex >= SCTP_MAX_LOGGING_SIZE) {
7117 saveindex = 0;
7118 }
7119 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].timestamp = SCTP_GET_CYCLECOUNT;
7120 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].subsys = subsys;
7121 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[0] = a;
7122 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[1] = b;
7123 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[2] = c;
7124 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[3] = d;
7125 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[4] = e;
7126 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[5] = f;
7127 }
7128
7129 #endif
7130 static void
sctp_recv_udp_tunneled_packet(struct mbuf * m,int off,struct inpcb * inp,const struct sockaddr * sa SCTP_UNUSED,void * ctx SCTP_UNUSED)7131 sctp_recv_udp_tunneled_packet(struct mbuf *m, int off, struct inpcb *inp,
7132 const struct sockaddr *sa SCTP_UNUSED, void *ctx SCTP_UNUSED)
7133 {
7134 struct ip *iph;
7135 #ifdef INET6
7136 struct ip6_hdr *ip6;
7137 #endif
7138 struct mbuf *sp, *last;
7139 struct udphdr *uhdr;
7140 uint16_t port;
7141
7142 if ((m->m_flags & M_PKTHDR) == 0) {
7143 /* Can't handle one that is not a pkt hdr */
7144 goto out;
7145 }
7146 /* Pull the src port */
7147 iph = mtod(m, struct ip *);
7148 uhdr = (struct udphdr *)((caddr_t)iph + off);
7149 port = uhdr->uh_sport;
7150 /*
7151 * Split out the mbuf chain. Leave the IP header in m, place the
7152 * rest in the sp.
7153 */
7154 sp = m_split(m, off, M_NOWAIT);
7155 if (sp == NULL) {
7156 /* Gak, drop packet, we can't do a split */
7157 goto out;
7158 }
7159 if (sp->m_pkthdr.len < sizeof(struct udphdr) + sizeof(struct sctphdr)) {
7160 /* Gak, packet can't have an SCTP header in it - too small */
7161 m_freem(sp);
7162 goto out;
7163 }
7164 /* Now pull up the UDP header and SCTP header together */
7165 sp = m_pullup(sp, sizeof(struct udphdr) + sizeof(struct sctphdr));
7166 if (sp == NULL) {
7167 /* Gak pullup failed */
7168 goto out;
7169 }
7170 /* Trim out the UDP header */
7171 m_adj(sp, sizeof(struct udphdr));
7172
7173 /* Now reconstruct the mbuf chain */
7174 for (last = m; last->m_next; last = last->m_next);
7175 last->m_next = sp;
7176 m->m_pkthdr.len += sp->m_pkthdr.len;
7177 /*
7178 * The CSUM_DATA_VALID flags indicates that the HW checked the UDP
7179 * checksum and it was valid. Since CSUM_DATA_VALID ==
7180 * CSUM_SCTP_VALID this would imply that the HW also verified the
7181 * SCTP checksum. Therefore, clear the bit.
7182 */
7183 SCTPDBG(SCTP_DEBUG_CRCOFFLOAD,
7184 "sctp_recv_udp_tunneled_packet(): Packet of length %d received on %s with csum_flags 0x%b.\n",
7185 m->m_pkthdr.len,
7186 if_name(m->m_pkthdr.rcvif),
7187 (int)m->m_pkthdr.csum_flags, CSUM_BITS);
7188 m->m_pkthdr.csum_flags &= ~CSUM_DATA_VALID;
7189 iph = mtod(m, struct ip *);
7190 switch (iph->ip_v) {
7191 #ifdef INET
7192 case IPVERSION:
7193 iph->ip_len = htons(ntohs(iph->ip_len) - sizeof(struct udphdr));
7194 sctp_input_with_port(m, off, port);
7195 break;
7196 #endif
7197 #ifdef INET6
7198 case IPV6_VERSION >> 4:
7199 ip6 = mtod(m, struct ip6_hdr *);
7200 ip6->ip6_plen = htons(ntohs(ip6->ip6_plen) - sizeof(struct udphdr));
7201 sctp6_input_with_port(&m, &off, port);
7202 break;
7203 #endif
7204 default:
7205 goto out;
7206 break;
7207 }
7208 return;
7209 out:
7210 m_freem(m);
7211 }
7212
7213 #ifdef INET
7214 static void
sctp_recv_icmp_tunneled_packet(int cmd,struct sockaddr * sa,void * vip,void * ctx SCTP_UNUSED)7215 sctp_recv_icmp_tunneled_packet(int cmd, struct sockaddr *sa, void *vip, void *ctx SCTP_UNUSED)
7216 {
7217 struct ip *outer_ip, *inner_ip;
7218 struct sctphdr *sh;
7219 struct icmp *icmp;
7220 struct udphdr *udp;
7221 struct sctp_inpcb *inp;
7222 struct sctp_tcb *stcb;
7223 struct sctp_nets *net;
7224 struct sctp_init_chunk *ch;
7225 struct sockaddr_in src, dst;
7226 uint8_t type, code;
7227
7228 inner_ip = (struct ip *)vip;
7229 icmp = (struct icmp *)((caddr_t)inner_ip -
7230 (sizeof(struct icmp) - sizeof(struct ip)));
7231 outer_ip = (struct ip *)((caddr_t)icmp - sizeof(struct ip));
7232 if (ntohs(outer_ip->ip_len) <
7233 sizeof(struct ip) + 8 + (inner_ip->ip_hl << 2) + sizeof(struct udphdr) + 8) {
7234 return;
7235 }
7236 udp = (struct udphdr *)((caddr_t)inner_ip + (inner_ip->ip_hl << 2));
7237 sh = (struct sctphdr *)(udp + 1);
7238 memset(&src, 0, sizeof(struct sockaddr_in));
7239 src.sin_family = AF_INET;
7240 src.sin_len = sizeof(struct sockaddr_in);
7241 src.sin_port = sh->src_port;
7242 src.sin_addr = inner_ip->ip_src;
7243 memset(&dst, 0, sizeof(struct sockaddr_in));
7244 dst.sin_family = AF_INET;
7245 dst.sin_len = sizeof(struct sockaddr_in);
7246 dst.sin_port = sh->dest_port;
7247 dst.sin_addr = inner_ip->ip_dst;
7248 /*
7249 * 'dst' holds the dest of the packet that failed to be sent. 'src'
7250 * holds our local endpoint address. Thus we reverse the dst and the
7251 * src in the lookup.
7252 */
7253 inp = NULL;
7254 net = NULL;
7255 stcb = sctp_findassociation_addr_sa((struct sockaddr *)&dst,
7256 (struct sockaddr *)&src,
7257 &inp, &net, 1,
7258 SCTP_DEFAULT_VRFID);
7259 if ((stcb != NULL) &&
7260 (net != NULL) &&
7261 (inp != NULL)) {
7262 /* Check the UDP port numbers */
7263 if ((udp->uh_dport != net->port) ||
7264 (udp->uh_sport != htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)))) {
7265 SCTP_TCB_UNLOCK(stcb);
7266 return;
7267 }
7268 /* Check the verification tag */
7269 if (ntohl(sh->v_tag) != 0) {
7270 /*
7271 * This must be the verification tag used for
7272 * sending out packets. We don't consider packets
7273 * reflecting the verification tag.
7274 */
7275 if (ntohl(sh->v_tag) != stcb->asoc.peer_vtag) {
7276 SCTP_TCB_UNLOCK(stcb);
7277 return;
7278 }
7279 } else {
7280 if (ntohs(outer_ip->ip_len) >=
7281 sizeof(struct ip) +
7282 8 + (inner_ip->ip_hl << 2) + 8 + 20) {
7283 /*
7284 * In this case we can check if we got an
7285 * INIT chunk and if the initiate tag
7286 * matches.
7287 */
7288 ch = (struct sctp_init_chunk *)(sh + 1);
7289 if ((ch->ch.chunk_type != SCTP_INITIATION) ||
7290 (ntohl(ch->init.initiate_tag) != stcb->asoc.my_vtag)) {
7291 SCTP_TCB_UNLOCK(stcb);
7292 return;
7293 }
7294 } else {
7295 SCTP_TCB_UNLOCK(stcb);
7296 return;
7297 }
7298 }
7299 type = icmp->icmp_type;
7300 code = icmp->icmp_code;
7301 if ((type == ICMP_UNREACH) &&
7302 (code == ICMP_UNREACH_PORT)) {
7303 code = ICMP_UNREACH_PROTOCOL;
7304 }
7305 sctp_notify(inp, stcb, net, type, code,
7306 ntohs(inner_ip->ip_len),
7307 (uint32_t)ntohs(icmp->icmp_nextmtu));
7308 } else {
7309 if ((stcb == NULL) && (inp != NULL)) {
7310 /* reduce ref-count */
7311 SCTP_INP_WLOCK(inp);
7312 SCTP_INP_DECR_REF(inp);
7313 SCTP_INP_WUNLOCK(inp);
7314 }
7315 if (stcb) {
7316 SCTP_TCB_UNLOCK(stcb);
7317 }
7318 }
7319 return;
7320 }
7321 #endif
7322
7323 #ifdef INET6
7324 static void
sctp_recv_icmp6_tunneled_packet(int cmd,struct sockaddr * sa,void * d,void * ctx SCTP_UNUSED)7325 sctp_recv_icmp6_tunneled_packet(int cmd, struct sockaddr *sa, void *d, void *ctx SCTP_UNUSED)
7326 {
7327 struct ip6ctlparam *ip6cp;
7328 struct sctp_inpcb *inp;
7329 struct sctp_tcb *stcb;
7330 struct sctp_nets *net;
7331 struct sctphdr sh;
7332 struct udphdr udp;
7333 struct sockaddr_in6 src, dst;
7334 uint8_t type, code;
7335
7336 ip6cp = (struct ip6ctlparam *)d;
7337 /*
7338 * XXX: We assume that when IPV6 is non NULL, M and OFF are valid.
7339 */
7340 if (ip6cp->ip6c_m == NULL) {
7341 return;
7342 }
7343 /*
7344 * Check if we can safely examine the ports and the verification tag
7345 * of the SCTP common header.
7346 */
7347 if (ip6cp->ip6c_m->m_pkthdr.len <
7348 ip6cp->ip6c_off + sizeof(struct udphdr) + offsetof(struct sctphdr, checksum)) {
7349 return;
7350 }
7351 /* Copy out the UDP header. */
7352 memset(&udp, 0, sizeof(struct udphdr));
7353 m_copydata(ip6cp->ip6c_m,
7354 ip6cp->ip6c_off,
7355 sizeof(struct udphdr),
7356 (caddr_t)&udp);
7357 /* Copy out the port numbers and the verification tag. */
7358 memset(&sh, 0, sizeof(struct sctphdr));
7359 m_copydata(ip6cp->ip6c_m,
7360 ip6cp->ip6c_off + sizeof(struct udphdr),
7361 sizeof(uint16_t) + sizeof(uint16_t) + sizeof(uint32_t),
7362 (caddr_t)&sh);
7363 memset(&src, 0, sizeof(struct sockaddr_in6));
7364 src.sin6_family = AF_INET6;
7365 src.sin6_len = sizeof(struct sockaddr_in6);
7366 src.sin6_port = sh.src_port;
7367 src.sin6_addr = ip6cp->ip6c_ip6->ip6_src;
7368 if (in6_setscope(&src.sin6_addr, ip6cp->ip6c_m->m_pkthdr.rcvif, NULL) != 0) {
7369 return;
7370 }
7371 memset(&dst, 0, sizeof(struct sockaddr_in6));
7372 dst.sin6_family = AF_INET6;
7373 dst.sin6_len = sizeof(struct sockaddr_in6);
7374 dst.sin6_port = sh.dest_port;
7375 dst.sin6_addr = ip6cp->ip6c_ip6->ip6_dst;
7376 if (in6_setscope(&dst.sin6_addr, ip6cp->ip6c_m->m_pkthdr.rcvif, NULL) != 0) {
7377 return;
7378 }
7379 inp = NULL;
7380 net = NULL;
7381 stcb = sctp_findassociation_addr_sa((struct sockaddr *)&dst,
7382 (struct sockaddr *)&src,
7383 &inp, &net, 1, SCTP_DEFAULT_VRFID);
7384 if ((stcb != NULL) &&
7385 (net != NULL) &&
7386 (inp != NULL)) {
7387 /* Check the UDP port numbers */
7388 if ((udp.uh_dport != net->port) ||
7389 (udp.uh_sport != htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)))) {
7390 SCTP_TCB_UNLOCK(stcb);
7391 return;
7392 }
7393 /* Check the verification tag */
7394 if (ntohl(sh.v_tag) != 0) {
7395 /*
7396 * This must be the verification tag used for
7397 * sending out packets. We don't consider packets
7398 * reflecting the verification tag.
7399 */
7400 if (ntohl(sh.v_tag) != stcb->asoc.peer_vtag) {
7401 SCTP_TCB_UNLOCK(stcb);
7402 return;
7403 }
7404 } else {
7405 if (ip6cp->ip6c_m->m_pkthdr.len >=
7406 ip6cp->ip6c_off + sizeof(struct udphdr) +
7407 sizeof(struct sctphdr) +
7408 sizeof(struct sctp_chunkhdr) +
7409 offsetof(struct sctp_init, a_rwnd)) {
7410 /*
7411 * In this case we can check if we got an
7412 * INIT chunk and if the initiate tag
7413 * matches.
7414 */
7415 uint32_t initiate_tag;
7416 uint8_t chunk_type;
7417
7418 m_copydata(ip6cp->ip6c_m,
7419 ip6cp->ip6c_off +
7420 sizeof(struct udphdr) +
7421 sizeof(struct sctphdr),
7422 sizeof(uint8_t),
7423 (caddr_t)&chunk_type);
7424 m_copydata(ip6cp->ip6c_m,
7425 ip6cp->ip6c_off +
7426 sizeof(struct udphdr) +
7427 sizeof(struct sctphdr) +
7428 sizeof(struct sctp_chunkhdr),
7429 sizeof(uint32_t),
7430 (caddr_t)&initiate_tag);
7431 if ((chunk_type != SCTP_INITIATION) ||
7432 (ntohl(initiate_tag) != stcb->asoc.my_vtag)) {
7433 SCTP_TCB_UNLOCK(stcb);
7434 return;
7435 }
7436 } else {
7437 SCTP_TCB_UNLOCK(stcb);
7438 return;
7439 }
7440 }
7441 type = ip6cp->ip6c_icmp6->icmp6_type;
7442 code = ip6cp->ip6c_icmp6->icmp6_code;
7443 if ((type == ICMP6_DST_UNREACH) &&
7444 (code == ICMP6_DST_UNREACH_NOPORT)) {
7445 type = ICMP6_PARAM_PROB;
7446 code = ICMP6_PARAMPROB_NEXTHEADER;
7447 }
7448 sctp6_notify(inp, stcb, net, type, code,
7449 ntohl(ip6cp->ip6c_icmp6->icmp6_mtu));
7450 } else {
7451 if ((stcb == NULL) && (inp != NULL)) {
7452 /* reduce inp's ref-count */
7453 SCTP_INP_WLOCK(inp);
7454 SCTP_INP_DECR_REF(inp);
7455 SCTP_INP_WUNLOCK(inp);
7456 }
7457 if (stcb) {
7458 SCTP_TCB_UNLOCK(stcb);
7459 }
7460 }
7461 }
7462 #endif
7463
7464 void
sctp_over_udp_stop(void)7465 sctp_over_udp_stop(void)
7466 {
7467 /*
7468 * This function assumes sysctl caller holds sctp_sysctl_info_lock()
7469 * for writing!
7470 */
7471 #ifdef INET
7472 if (SCTP_BASE_INFO(udp4_tun_socket) != NULL) {
7473 soclose(SCTP_BASE_INFO(udp4_tun_socket));
7474 SCTP_BASE_INFO(udp4_tun_socket) = NULL;
7475 }
7476 #endif
7477 #ifdef INET6
7478 if (SCTP_BASE_INFO(udp6_tun_socket) != NULL) {
7479 soclose(SCTP_BASE_INFO(udp6_tun_socket));
7480 SCTP_BASE_INFO(udp6_tun_socket) = NULL;
7481 }
7482 #endif
7483 }
7484
7485 int
sctp_over_udp_start(void)7486 sctp_over_udp_start(void)
7487 {
7488 uint16_t port;
7489 int ret;
7490 #ifdef INET
7491 struct sockaddr_in sin;
7492 #endif
7493 #ifdef INET6
7494 struct sockaddr_in6 sin6;
7495 #endif
7496 /*
7497 * This function assumes sysctl caller holds sctp_sysctl_info_lock()
7498 * for writing!
7499 */
7500 port = SCTP_BASE_SYSCTL(sctp_udp_tunneling_port);
7501 if (ntohs(port) == 0) {
7502 /* Must have a port set */
7503 return (EINVAL);
7504 }
7505 #ifdef INET
7506 if (SCTP_BASE_INFO(udp4_tun_socket) != NULL) {
7507 /* Already running -- must stop first */
7508 return (EALREADY);
7509 }
7510 #endif
7511 #ifdef INET6
7512 if (SCTP_BASE_INFO(udp6_tun_socket) != NULL) {
7513 /* Already running -- must stop first */
7514 return (EALREADY);
7515 }
7516 #endif
7517 #ifdef INET
7518 if ((ret = socreate(PF_INET, &SCTP_BASE_INFO(udp4_tun_socket),
7519 SOCK_DGRAM, IPPROTO_UDP,
7520 curthread->td_ucred, curthread))) {
7521 sctp_over_udp_stop();
7522 return (ret);
7523 }
7524 /* Call the special UDP hook. */
7525 if ((ret = udp_set_kernel_tunneling(SCTP_BASE_INFO(udp4_tun_socket),
7526 sctp_recv_udp_tunneled_packet,
7527 sctp_recv_icmp_tunneled_packet,
7528 NULL))) {
7529 sctp_over_udp_stop();
7530 return (ret);
7531 }
7532 /* Ok, we have a socket, bind it to the port. */
7533 memset(&sin, 0, sizeof(struct sockaddr_in));
7534 sin.sin_len = sizeof(struct sockaddr_in);
7535 sin.sin_family = AF_INET;
7536 sin.sin_port = htons(port);
7537 if ((ret = sobind(SCTP_BASE_INFO(udp4_tun_socket),
7538 (struct sockaddr *)&sin, curthread))) {
7539 sctp_over_udp_stop();
7540 return (ret);
7541 }
7542 #endif
7543 #ifdef INET6
7544 if ((ret = socreate(PF_INET6, &SCTP_BASE_INFO(udp6_tun_socket),
7545 SOCK_DGRAM, IPPROTO_UDP,
7546 curthread->td_ucred, curthread))) {
7547 sctp_over_udp_stop();
7548 return (ret);
7549 }
7550 /* Call the special UDP hook. */
7551 if ((ret = udp_set_kernel_tunneling(SCTP_BASE_INFO(udp6_tun_socket),
7552 sctp_recv_udp_tunneled_packet,
7553 sctp_recv_icmp6_tunneled_packet,
7554 NULL))) {
7555 sctp_over_udp_stop();
7556 return (ret);
7557 }
7558 /* Ok, we have a socket, bind it to the port. */
7559 memset(&sin6, 0, sizeof(struct sockaddr_in6));
7560 sin6.sin6_len = sizeof(struct sockaddr_in6);
7561 sin6.sin6_family = AF_INET6;
7562 sin6.sin6_port = htons(port);
7563 if ((ret = sobind(SCTP_BASE_INFO(udp6_tun_socket),
7564 (struct sockaddr *)&sin6, curthread))) {
7565 sctp_over_udp_stop();
7566 return (ret);
7567 }
7568 #endif
7569 return (0);
7570 }
7571
7572 /*
7573 * sctp_min_mtu ()returns the minimum of all non-zero arguments.
7574 * If all arguments are zero, zero is returned.
7575 */
7576 uint32_t
sctp_min_mtu(uint32_t mtu1,uint32_t mtu2,uint32_t mtu3)7577 sctp_min_mtu(uint32_t mtu1, uint32_t mtu2, uint32_t mtu3)
7578 {
7579 if (mtu1 > 0) {
7580 if (mtu2 > 0) {
7581 if (mtu3 > 0) {
7582 return (min(mtu1, min(mtu2, mtu3)));
7583 } else {
7584 return (min(mtu1, mtu2));
7585 }
7586 } else {
7587 if (mtu3 > 0) {
7588 return (min(mtu1, mtu3));
7589 } else {
7590 return (mtu1);
7591 }
7592 }
7593 } else {
7594 if (mtu2 > 0) {
7595 if (mtu3 > 0) {
7596 return (min(mtu2, mtu3));
7597 } else {
7598 return (mtu2);
7599 }
7600 } else {
7601 return (mtu3);
7602 }
7603 }
7604 }
7605
7606 void
sctp_hc_set_mtu(union sctp_sockstore * addr,uint16_t fibnum,uint32_t mtu)7607 sctp_hc_set_mtu(union sctp_sockstore *addr, uint16_t fibnum, uint32_t mtu)
7608 {
7609 struct in_conninfo inc;
7610
7611 memset(&inc, 0, sizeof(struct in_conninfo));
7612 inc.inc_fibnum = fibnum;
7613 switch (addr->sa.sa_family) {
7614 #ifdef INET
7615 case AF_INET:
7616 inc.inc_faddr = addr->sin.sin_addr;
7617 break;
7618 #endif
7619 #ifdef INET6
7620 case AF_INET6:
7621 inc.inc_flags |= INC_ISIPV6;
7622 inc.inc6_faddr = addr->sin6.sin6_addr;
7623 break;
7624 #endif
7625 default:
7626 return;
7627 }
7628 tcp_hc_updatemtu(&inc, (u_long)mtu);
7629 }
7630
7631 uint32_t
sctp_hc_get_mtu(union sctp_sockstore * addr,uint16_t fibnum)7632 sctp_hc_get_mtu(union sctp_sockstore *addr, uint16_t fibnum)
7633 {
7634 struct in_conninfo inc;
7635
7636 memset(&inc, 0, sizeof(struct in_conninfo));
7637 inc.inc_fibnum = fibnum;
7638 switch (addr->sa.sa_family) {
7639 #ifdef INET
7640 case AF_INET:
7641 inc.inc_faddr = addr->sin.sin_addr;
7642 break;
7643 #endif
7644 #ifdef INET6
7645 case AF_INET6:
7646 inc.inc_flags |= INC_ISIPV6;
7647 inc.inc6_faddr = addr->sin6.sin6_addr;
7648 break;
7649 #endif
7650 default:
7651 return (0);
7652 }
7653 return ((uint32_t)tcp_hc_getmtu(&inc));
7654 }
7655
7656 void
sctp_set_state(struct sctp_tcb * stcb,int new_state)7657 sctp_set_state(struct sctp_tcb *stcb, int new_state)
7658 {
7659 #if defined(KDTRACE_HOOKS)
7660 int old_state = stcb->asoc.state;
7661 #endif
7662
7663 KASSERT((new_state & ~SCTP_STATE_MASK) == 0,
7664 ("sctp_set_state: Can't set substate (new_state = %x)",
7665 new_state));
7666 stcb->asoc.state = (stcb->asoc.state & ~SCTP_STATE_MASK) | new_state;
7667 if ((new_state == SCTP_STATE_SHUTDOWN_RECEIVED) ||
7668 (new_state == SCTP_STATE_SHUTDOWN_SENT) ||
7669 (new_state == SCTP_STATE_SHUTDOWN_ACK_SENT)) {
7670 SCTP_CLEAR_SUBSTATE(stcb, SCTP_STATE_SHUTDOWN_PENDING);
7671 }
7672 #if defined(KDTRACE_HOOKS)
7673 if (((old_state & SCTP_STATE_MASK) != new_state) &&
7674 !(((old_state & SCTP_STATE_MASK) == SCTP_STATE_EMPTY) &&
7675 (new_state == SCTP_STATE_INUSE))) {
7676 SCTP_PROBE6(state__change, NULL, stcb, NULL, stcb, NULL, old_state);
7677 }
7678 #endif
7679 }
7680
7681 void
sctp_add_substate(struct sctp_tcb * stcb,int substate)7682 sctp_add_substate(struct sctp_tcb *stcb, int substate)
7683 {
7684 #if defined(KDTRACE_HOOKS)
7685 int old_state = stcb->asoc.state;
7686 #endif
7687
7688 KASSERT((substate & SCTP_STATE_MASK) == 0,
7689 ("sctp_add_substate: Can't set state (substate = %x)",
7690 substate));
7691 stcb->asoc.state |= substate;
7692 #if defined(KDTRACE_HOOKS)
7693 if (((substate & SCTP_STATE_ABOUT_TO_BE_FREED) &&
7694 ((old_state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) ||
7695 ((substate & SCTP_STATE_SHUTDOWN_PENDING) &&
7696 ((old_state & SCTP_STATE_SHUTDOWN_PENDING) == 0))) {
7697 SCTP_PROBE6(state__change, NULL, stcb, NULL, stcb, NULL, old_state);
7698 }
7699 #endif
7700 }
7701