1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved.
5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
10 *
11 * a) Redistributions of source code must retain the above copyright notice,
12 * this list of conditions and the following disclaimer.
13 *
14 * b) Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the distribution.
17 *
18 * c) Neither the name of Cisco Systems, Inc. nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
32 * THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35 #define _IP_VHL
36 #include <netinet/sctp_os.h>
37 #include <netinet/sctp_pcb.h>
38 #include <netinet/sctp_var.h>
39 #include <netinet/sctp_sysctl.h>
40 #include <netinet/sctp_timer.h>
41 #include <netinet/sctputil.h>
42 #include <netinet/sctp_output.h>
43 #include <netinet/sctp_header.h>
44 #include <netinet/sctp_indata.h>
45 #include <netinet/sctp_asconf.h>
46 #include <netinet/sctp_input.h>
47 #include <netinet/sctp.h>
48 #include <netinet/sctp_uio.h>
49 #if defined(INET) || defined(INET6)
50 #include <netinet/udp.h>
51 #endif
52
53 void
sctp_audit_retranmission_queue(struct sctp_association * asoc)54 sctp_audit_retranmission_queue(struct sctp_association *asoc)
55 {
56 struct sctp_tmit_chunk *chk;
57
58 SCTPDBG(SCTP_DEBUG_TIMER4, "Audit invoked on send queue cnt:%d onqueue:%d\n",
59 asoc->sent_queue_retran_cnt,
60 asoc->sent_queue_cnt);
61 asoc->sent_queue_retran_cnt = 0;
62 asoc->sent_queue_cnt = 0;
63 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
64 if (chk->sent == SCTP_DATAGRAM_RESEND) {
65 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
66 }
67 asoc->sent_queue_cnt++;
68 }
69 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
70 if (chk->sent == SCTP_DATAGRAM_RESEND) {
71 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
72 }
73 }
74 TAILQ_FOREACH(chk, &asoc->asconf_send_queue, sctp_next) {
75 if (chk->sent == SCTP_DATAGRAM_RESEND) {
76 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
77 }
78 }
79 SCTPDBG(SCTP_DEBUG_TIMER4, "Audit completes retran:%d onqueue:%d\n",
80 asoc->sent_queue_retran_cnt,
81 asoc->sent_queue_cnt);
82 }
83
84 static int
sctp_threshold_management(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net,uint16_t threshold)85 sctp_threshold_management(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
86 struct sctp_nets *net, uint16_t threshold)
87 {
88 KASSERT(stcb != NULL, ("stcb is NULL"));
89 SCTP_TCB_LOCK_ASSERT(stcb);
90
91 if (net != NULL) {
92 net->error_count++;
93 SCTPDBG(SCTP_DEBUG_TIMER4, "Error count for %p now %d thresh:%d\n",
94 (void *)net, net->error_count,
95 net->failure_threshold);
96 if (net->error_count > net->failure_threshold) {
97 /* We had a threshold failure */
98 if (net->dest_state & SCTP_ADDR_REACHABLE) {
99 net->dest_state &= ~SCTP_ADDR_REACHABLE;
100 net->dest_state &= ~SCTP_ADDR_REQ_PRIMARY;
101 net->dest_state &= ~SCTP_ADDR_PF;
102 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN,
103 stcb, 0,
104 (void *)net, SCTP_SO_NOT_LOCKED);
105 }
106 } else if ((net->pf_threshold < net->failure_threshold) &&
107 (net->error_count > net->pf_threshold)) {
108 if ((net->dest_state & SCTP_ADDR_PF) == 0) {
109 net->dest_state |= SCTP_ADDR_PF;
110 net->last_active = sctp_get_tick_count();
111 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
112 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT,
113 inp, stcb, net,
114 SCTP_FROM_SCTP_TIMER + SCTP_LOC_1);
115 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net);
116 }
117 }
118 if ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0) {
119 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
120 sctp_misc_ints(SCTP_THRESHOLD_INCR,
121 stcb->asoc.overall_error_count,
122 (stcb->asoc.overall_error_count + 1),
123 SCTP_FROM_SCTP_TIMER,
124 __LINE__);
125 }
126 stcb->asoc.overall_error_count++;
127 }
128 } else {
129 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
130 sctp_misc_ints(SCTP_THRESHOLD_INCR,
131 stcb->asoc.overall_error_count,
132 (stcb->asoc.overall_error_count + 1),
133 SCTP_FROM_SCTP_TIMER,
134 __LINE__);
135 }
136 stcb->asoc.overall_error_count++;
137 }
138 SCTPDBG(SCTP_DEBUG_TIMER4, "Overall error count for %p now %d thresh:%u state:%x\n",
139 (void *)&stcb->asoc, stcb->asoc.overall_error_count,
140 (uint32_t)threshold,
141 ((net == NULL) ? (uint32_t)0 : (uint32_t)net->dest_state));
142 /*
143 * We specifically do not do >= to give the assoc one more change
144 * before we fail it.
145 */
146 if (stcb->asoc.overall_error_count > threshold) {
147 /* Abort notification sends a ULP notify */
148 struct mbuf *op_err;
149
150 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
151 "Association error counter exceeded");
152 inp->last_abort_code = SCTP_FROM_SCTP_TIMER + SCTP_LOC_2;
153 sctp_abort_an_association(inp, stcb, op_err, true, SCTP_SO_NOT_LOCKED);
154 return (1);
155 }
156 return (0);
157 }
158
159 /*
160 * sctp_find_alternate_net() returns a non-NULL pointer as long as there
161 * exists nets, which are not being deleted.
162 */
163 struct sctp_nets *
sctp_find_alternate_net(struct sctp_tcb * stcb,struct sctp_nets * net,int mode)164 sctp_find_alternate_net(struct sctp_tcb *stcb,
165 struct sctp_nets *net,
166 int mode)
167 {
168 /* Find and return an alternate network if possible */
169 struct sctp_nets *alt, *mnet, *min_errors_net = NULL, *max_cwnd_net = NULL;
170 bool looped;
171
172 /* JRS 5/14/07 - Initialize min_errors to an impossible value. */
173 int min_errors = -1;
174 uint32_t max_cwnd = 0;
175
176 if (stcb->asoc.numnets == 1) {
177 /* No selection can be made. */
178 return (TAILQ_FIRST(&stcb->asoc.nets));
179 }
180 /*
181 * JRS 5/14/07 - If mode is set to 2, use the CMT PF find alternate
182 * net algorithm. This algorithm chooses the active destination (not
183 * in PF state) with the largest cwnd value. If all destinations are
184 * in PF state, unreachable, or unconfirmed, choose the destination
185 * that is in PF state with the lowest error count. In case of a
186 * tie, choose the destination that was most recently active.
187 */
188 if (mode == 2) {
189 TAILQ_FOREACH(mnet, &stcb->asoc.nets, sctp_next) {
190 /*
191 * JRS 5/14/07 - If the destination is unreachable
192 * or unconfirmed, skip it.
193 */
194 if (((mnet->dest_state & SCTP_ADDR_REACHABLE) != SCTP_ADDR_REACHABLE) ||
195 (mnet->dest_state & SCTP_ADDR_UNCONFIRMED)) {
196 continue;
197 }
198 /*
199 * JRS 5/14/07 - If the destination is reachable
200 * but in PF state, compare the error count of the
201 * destination to the minimum error count seen thus
202 * far. Store the destination with the lower error
203 * count. If the error counts are equal, store the
204 * destination that was most recently active.
205 */
206 if (mnet->dest_state & SCTP_ADDR_PF) {
207 /*
208 * JRS 5/14/07 - If the destination under
209 * consideration is the current destination,
210 * work as if the error count is one higher.
211 * The actual error count will not be
212 * incremented until later in the t3
213 * handler.
214 */
215 if (mnet == net) {
216 if (min_errors == -1) {
217 min_errors = mnet->error_count + 1;
218 min_errors_net = mnet;
219 } else if (mnet->error_count + 1 < min_errors) {
220 min_errors = mnet->error_count + 1;
221 min_errors_net = mnet;
222 } else if (mnet->error_count + 1 == min_errors
223 && mnet->last_active > min_errors_net->last_active) {
224 min_errors_net = mnet;
225 min_errors = mnet->error_count + 1;
226 }
227 continue;
228 } else {
229 if (min_errors == -1) {
230 min_errors = mnet->error_count;
231 min_errors_net = mnet;
232 } else if (mnet->error_count < min_errors) {
233 min_errors = mnet->error_count;
234 min_errors_net = mnet;
235 } else if (mnet->error_count == min_errors
236 && mnet->last_active > min_errors_net->last_active) {
237 min_errors_net = mnet;
238 min_errors = mnet->error_count;
239 }
240 continue;
241 }
242 }
243 /*
244 * JRS 5/14/07 - If the destination is reachable and
245 * not in PF state, compare the cwnd of the
246 * destination to the highest cwnd seen thus far.
247 * Store the destination with the higher cwnd value.
248 * If the cwnd values are equal, randomly choose one
249 * of the two destinations.
250 */
251 if (max_cwnd < mnet->cwnd) {
252 max_cwnd_net = mnet;
253 max_cwnd = mnet->cwnd;
254 } else if (max_cwnd == mnet->cwnd) {
255 uint32_t rndval;
256 uint8_t this_random;
257
258 if (stcb->asoc.hb_random_idx > 3) {
259 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
260 memcpy(stcb->asoc.hb_random_values, &rndval, sizeof(stcb->asoc.hb_random_values));
261 this_random = stcb->asoc.hb_random_values[0];
262 stcb->asoc.hb_random_idx++;
263 stcb->asoc.hb_ect_randombit = 0;
264 } else {
265 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
266 stcb->asoc.hb_random_idx++;
267 stcb->asoc.hb_ect_randombit = 0;
268 }
269 if (this_random % 2 == 1) {
270 max_cwnd_net = mnet;
271 max_cwnd = mnet->cwnd; /* Useless? */
272 }
273 }
274 }
275 if (max_cwnd_net == NULL) {
276 if (min_errors_net == NULL) {
277 return (net);
278 }
279 return (min_errors_net);
280 } else {
281 return (max_cwnd_net);
282 }
283 } /* JRS 5/14/07 - If mode is set to 1, use the
284 * CMT policy for choosing an alternate net. */
285 else if (mode == 1) {
286 TAILQ_FOREACH(mnet, &stcb->asoc.nets, sctp_next) {
287 if (((mnet->dest_state & SCTP_ADDR_REACHABLE) != SCTP_ADDR_REACHABLE) ||
288 (mnet->dest_state & SCTP_ADDR_UNCONFIRMED)) {
289 /*
290 * will skip ones that are not-reachable or
291 * unconfirmed
292 */
293 continue;
294 }
295 if (max_cwnd < mnet->cwnd) {
296 max_cwnd_net = mnet;
297 max_cwnd = mnet->cwnd;
298 } else if (max_cwnd == mnet->cwnd) {
299 uint32_t rndval;
300 uint8_t this_random;
301
302 if (stcb->asoc.hb_random_idx > 3) {
303 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
304 memcpy(stcb->asoc.hb_random_values, &rndval,
305 sizeof(stcb->asoc.hb_random_values));
306 this_random = stcb->asoc.hb_random_values[0];
307 stcb->asoc.hb_random_idx = 0;
308 stcb->asoc.hb_ect_randombit = 0;
309 } else {
310 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
311 stcb->asoc.hb_random_idx++;
312 stcb->asoc.hb_ect_randombit = 0;
313 }
314 if (this_random % 2) {
315 max_cwnd_net = mnet;
316 max_cwnd = mnet->cwnd;
317 }
318 }
319 }
320 if (max_cwnd_net) {
321 return (max_cwnd_net);
322 }
323 }
324 /* Look for an alternate net, which is active. */
325 if ((net != NULL) && ((net->dest_state & SCTP_ADDR_BEING_DELETED) == 0)) {
326 alt = TAILQ_NEXT(net, sctp_next);
327 } else {
328 alt = TAILQ_FIRST(&stcb->asoc.nets);
329 }
330 looped = false;
331 for (;;) {
332 if (alt == NULL) {
333 if (!looped) {
334 alt = TAILQ_FIRST(&stcb->asoc.nets);
335 looped = true;
336 }
337 /* Definitely out of candidates. */
338 if (alt == NULL) {
339 break;
340 }
341 }
342 if (alt->ro.ro_nh == NULL) {
343 if (alt->ro._s_addr) {
344 sctp_free_ifa(alt->ro._s_addr);
345 alt->ro._s_addr = NULL;
346 }
347 alt->src_addr_selected = 0;
348 }
349 if (((alt->dest_state & SCTP_ADDR_REACHABLE) == SCTP_ADDR_REACHABLE) &&
350 (alt->ro.ro_nh != NULL) &&
351 ((alt->dest_state & SCTP_ADDR_UNCONFIRMED) == 0) &&
352 (alt != net)) {
353 /* Found an alternate net, which is reachable. */
354 break;
355 }
356 alt = TAILQ_NEXT(alt, sctp_next);
357 }
358
359 if (alt == NULL) {
360 /*
361 * In case no active alternate net has been found, look for
362 * an alternate net, which is confirmed.
363 */
364 if ((net != NULL) && ((net->dest_state & SCTP_ADDR_BEING_DELETED) == 0)) {
365 alt = TAILQ_NEXT(net, sctp_next);
366 } else {
367 alt = TAILQ_FIRST(&stcb->asoc.nets);
368 }
369 looped = false;
370 for (;;) {
371 if (alt == NULL) {
372 if (!looped) {
373 alt = TAILQ_FIRST(&stcb->asoc.nets);
374 looped = true;
375 }
376 /* Definitely out of candidates. */
377 if (alt == NULL) {
378 break;
379 }
380 }
381 if (((alt->dest_state & SCTP_ADDR_UNCONFIRMED) == 0) &&
382 (alt != net)) {
383 /*
384 * Found an alternate net, which is
385 * confirmed.
386 */
387 break;
388 }
389 alt = TAILQ_NEXT(alt, sctp_next);
390 }
391 }
392 if (alt == NULL) {
393 /*
394 * In case no confirmed alternate net has been found, just
395 * return net, if it is not being deleted. In the other case
396 * just return the first net.
397 */
398 if ((net != NULL) && ((net->dest_state & SCTP_ADDR_BEING_DELETED) == 0)) {
399 alt = net;
400 }
401 if (alt == NULL) {
402 alt = TAILQ_FIRST(&stcb->asoc.nets);
403 }
404 }
405 return (alt);
406 }
407
408 static void
sctp_backoff_on_timeout(struct sctp_tcb * stcb,struct sctp_nets * net,int win_probe,int num_marked,int num_abandoned)409 sctp_backoff_on_timeout(struct sctp_tcb *stcb,
410 struct sctp_nets *net,
411 int win_probe,
412 int num_marked, int num_abandoned)
413 {
414 if (net->RTO == 0) {
415 if (net->RTO_measured) {
416 net->RTO = stcb->asoc.minrto;
417 } else {
418 net->RTO = stcb->asoc.initial_rto;
419 }
420 }
421 net->RTO <<= 1;
422 if (net->RTO > stcb->asoc.maxrto) {
423 net->RTO = stcb->asoc.maxrto;
424 }
425 if ((win_probe == 0) && (num_marked || num_abandoned)) {
426 /* We don't apply penalty to window probe scenarios */
427 /* JRS - Use the congestion control given in the CC module */
428 stcb->asoc.cc_functions.sctp_cwnd_update_after_timeout(stcb, net);
429 }
430 }
431
432 #ifndef INVARIANTS
433 static void
sctp_recover_sent_list(struct sctp_tcb * stcb)434 sctp_recover_sent_list(struct sctp_tcb *stcb)
435 {
436 struct sctp_tmit_chunk *chk, *nchk;
437 struct sctp_association *asoc;
438
439 asoc = &stcb->asoc;
440 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) {
441 if (SCTP_TSN_GE(asoc->last_acked_seq, chk->rec.data.tsn)) {
442 SCTP_PRINTF("Found chk:%p tsn:%x <= last_acked_seq:%x\n",
443 (void *)chk, chk->rec.data.tsn, asoc->last_acked_seq);
444 if (chk->sent != SCTP_DATAGRAM_NR_ACKED) {
445 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) {
446 asoc->strmout[chk->rec.data.sid].chunks_on_queues--;
447 }
448 }
449 if ((asoc->strmout[chk->rec.data.sid].chunks_on_queues == 0) &&
450 (asoc->strmout[chk->rec.data.sid].state == SCTP_STREAM_RESET_PENDING) &&
451 TAILQ_EMPTY(&asoc->strmout[chk->rec.data.sid].outqueue)) {
452 asoc->trigger_reset = 1;
453 }
454 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next);
455 if (PR_SCTP_ENABLED(chk->flags)) {
456 if (asoc->pr_sctp_cnt != 0)
457 asoc->pr_sctp_cnt--;
458 }
459 if (chk->data) {
460 /* sa_ignore NO_NULL_CHK */
461 sctp_free_bufspace(stcb, asoc, chk, 1);
462 sctp_m_freem(chk->data);
463 chk->data = NULL;
464 if (asoc->prsctp_supported && PR_SCTP_BUF_ENABLED(chk->flags)) {
465 asoc->sent_queue_cnt_removeable--;
466 }
467 }
468 asoc->sent_queue_cnt--;
469 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
470 }
471 }
472 SCTP_PRINTF("after recover order is as follows\n");
473 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
474 SCTP_PRINTF("chk:%p TSN:%x\n", (void *)chk, chk->rec.data.tsn);
475 }
476 }
477 #endif
478
479 static int
sctp_mark_all_for_resend(struct sctp_tcb * stcb,struct sctp_nets * net,struct sctp_nets * alt,int window_probe,int * num_marked,int * num_abandoned)480 sctp_mark_all_for_resend(struct sctp_tcb *stcb,
481 struct sctp_nets *net,
482 struct sctp_nets *alt,
483 int window_probe,
484 int *num_marked,
485 int *num_abandoned)
486 {
487
488 /*
489 * Mark all chunks (well not all) that were sent to *net for
490 * retransmission. Move them to alt for there destination as well...
491 * We only mark chunks that have been outstanding long enough to
492 * have received feed-back.
493 */
494 struct sctp_tmit_chunk *chk, *nchk;
495 struct sctp_nets *lnets;
496 struct timeval now, min_wait, tv;
497 int cur_rto;
498 int cnt_abandoned;
499 int audit_tf, num_mk, fir;
500 unsigned int cnt_mk;
501 uint32_t orig_flight, orig_tf;
502 uint32_t tsnlast, tsnfirst;
503 #ifndef INVARIANTS
504 int recovery_cnt = 0;
505 #endif
506
507 /* none in flight now */
508 audit_tf = 0;
509 fir = 0;
510 /*
511 * figure out how long a data chunk must be pending before we can
512 * mark it ..
513 */
514 (void)SCTP_GETTIME_TIMEVAL(&now);
515 /* get cur rto in micro-seconds */
516 cur_rto = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
517 cur_rto *= 1000;
518 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
519 sctp_log_fr(cur_rto,
520 stcb->asoc.peers_rwnd,
521 window_probe,
522 SCTP_FR_T3_MARK_TIME);
523 sctp_log_fr(net->flight_size, 0, 0, SCTP_FR_CWND_REPORT);
524 sctp_log_fr(net->flight_size, net->cwnd, stcb->asoc.total_flight, SCTP_FR_CWND_REPORT);
525 }
526 tv.tv_sec = cur_rto / 1000000;
527 tv.tv_usec = cur_rto % 1000000;
528 min_wait = now;
529 timevalsub(&min_wait, &tv);
530 if (min_wait.tv_sec < 0 || min_wait.tv_usec < 0) {
531 /*
532 * if we hit here, we don't have enough seconds on the clock
533 * to account for the RTO. We just let the lower seconds be
534 * the bounds and don't worry about it. This may mean we
535 * will mark a lot more than we should.
536 */
537 min_wait.tv_sec = min_wait.tv_usec = 0;
538 }
539 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
540 sctp_log_fr(cur_rto, (uint32_t)now.tv_sec, now.tv_usec, SCTP_FR_T3_MARK_TIME);
541 sctp_log_fr(0, (uint32_t)min_wait.tv_sec, min_wait.tv_usec, SCTP_FR_T3_MARK_TIME);
542 }
543 /*
544 * Our rwnd will be incorrect here since we are not adding back the
545 * cnt * mbuf but we will fix that down below.
546 */
547 orig_flight = net->flight_size;
548 orig_tf = stcb->asoc.total_flight;
549
550 net->fast_retran_ip = 0;
551 /* Now on to each chunk */
552 cnt_abandoned = 0;
553 num_mk = cnt_mk = 0;
554 tsnfirst = tsnlast = 0;
555 #ifndef INVARIANTS
556 start_again:
557 #endif
558 TAILQ_FOREACH_SAFE(chk, &stcb->asoc.sent_queue, sctp_next, nchk) {
559 if (SCTP_TSN_GE(stcb->asoc.last_acked_seq, chk->rec.data.tsn)) {
560 /* Strange case our list got out of order? */
561 SCTP_PRINTF("Our list is out of order? last_acked:%x chk:%x\n",
562 (unsigned int)stcb->asoc.last_acked_seq, (unsigned int)chk->rec.data.tsn);
563 #ifdef INVARIANTS
564 panic("last acked >= chk on sent-Q");
565 #else
566 recovery_cnt++;
567 SCTP_PRINTF("Recover attempts a restart cnt:%d\n", recovery_cnt);
568 sctp_recover_sent_list(stcb);
569 if (recovery_cnt < 10) {
570 goto start_again;
571 } else {
572 SCTP_PRINTF("Recovery fails %d times??\n", recovery_cnt);
573 }
574 #endif
575 }
576 if ((chk->whoTo == net) && (chk->sent < SCTP_DATAGRAM_ACKED)) {
577 /*
578 * found one to mark: If it is less than
579 * DATAGRAM_ACKED it MUST not be a skipped or marked
580 * TSN but instead one that is either already set
581 * for retransmission OR one that needs
582 * retransmission.
583 */
584
585 /* validate its been outstanding long enough */
586 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
587 sctp_log_fr(chk->rec.data.tsn,
588 (uint32_t)chk->sent_rcv_time.tv_sec,
589 chk->sent_rcv_time.tv_usec,
590 SCTP_FR_T3_MARK_TIME);
591 }
592 if ((chk->sent_rcv_time.tv_sec > min_wait.tv_sec) && (window_probe == 0)) {
593 /*
594 * we have reached a chunk that was sent
595 * some seconds past our min.. forget it we
596 * will find no more to send.
597 */
598 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
599 sctp_log_fr(0,
600 (uint32_t)chk->sent_rcv_time.tv_sec,
601 chk->sent_rcv_time.tv_usec,
602 SCTP_FR_T3_STOPPED);
603 }
604 continue;
605 } else if ((chk->sent_rcv_time.tv_sec == min_wait.tv_sec) &&
606 (window_probe == 0)) {
607 /*
608 * we must look at the micro seconds to
609 * know.
610 */
611 if (chk->sent_rcv_time.tv_usec >= min_wait.tv_usec) {
612 /*
613 * ok it was sent after our boundary
614 * time.
615 */
616 continue;
617 }
618 }
619 if (stcb->asoc.prsctp_supported && PR_SCTP_TTL_ENABLED(chk->flags)) {
620 /* Is it expired? */
621 if (timevalcmp(&now, &chk->rec.data.timetodrop, >)) {
622 /* Yes so drop it */
623 if (chk->data) {
624 (void)sctp_release_pr_sctp_chunk(stcb,
625 chk,
626 1,
627 SCTP_SO_NOT_LOCKED);
628 cnt_abandoned++;
629 }
630 continue;
631 }
632 }
633 if (stcb->asoc.prsctp_supported && PR_SCTP_RTX_ENABLED(chk->flags)) {
634 /* Has it been retransmitted tv_sec times? */
635 if (chk->snd_count > chk->rec.data.timetodrop.tv_sec) {
636 if (chk->data) {
637 (void)sctp_release_pr_sctp_chunk(stcb,
638 chk,
639 1,
640 SCTP_SO_NOT_LOCKED);
641 cnt_abandoned++;
642 }
643 continue;
644 }
645 }
646 if (chk->sent < SCTP_DATAGRAM_RESEND) {
647 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
648 num_mk++;
649 if (fir == 0) {
650 fir = 1;
651 tsnfirst = chk->rec.data.tsn;
652 }
653 tsnlast = chk->rec.data.tsn;
654 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
655 sctp_log_fr(chk->rec.data.tsn, chk->snd_count,
656 0, SCTP_FR_T3_MARKED);
657 }
658
659 if (chk->rec.data.chunk_was_revoked) {
660 /* deflate the cwnd */
661 chk->whoTo->cwnd -= chk->book_size;
662 chk->rec.data.chunk_was_revoked = 0;
663 }
664 net->marked_retrans++;
665 stcb->asoc.marked_retrans++;
666 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
667 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_RSND_TO,
668 chk->whoTo->flight_size,
669 chk->book_size,
670 (uint32_t)(uintptr_t)chk->whoTo,
671 chk->rec.data.tsn);
672 }
673 sctp_flight_size_decrease(chk);
674 sctp_total_flight_decrease(stcb, chk);
675 stcb->asoc.peers_rwnd += chk->send_size;
676 stcb->asoc.peers_rwnd += SCTP_BASE_SYSCTL(sctp_peer_chunk_oh);
677 }
678 chk->sent = SCTP_DATAGRAM_RESEND;
679 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
680 SCTP_STAT_INCR(sctps_markedretrans);
681
682 /* reset the TSN for striking and other FR stuff */
683 chk->rec.data.doing_fast_retransmit = 0;
684 /* Clear any time so NO RTT is being done */
685
686 if (chk->do_rtt) {
687 if (chk->whoTo->rto_needed == 0) {
688 chk->whoTo->rto_needed = 1;
689 }
690 }
691 chk->do_rtt = 0;
692 if (alt != net) {
693 sctp_free_remote_addr(chk->whoTo);
694 chk->no_fr_allowed = 1;
695 chk->whoTo = alt;
696 atomic_add_int(&alt->ref_count, 1);
697 } else {
698 chk->no_fr_allowed = 0;
699 if (TAILQ_EMPTY(&stcb->asoc.send_queue)) {
700 chk->rec.data.fast_retran_tsn = stcb->asoc.sending_seq;
701 } else {
702 chk->rec.data.fast_retran_tsn = (TAILQ_FIRST(&stcb->asoc.send_queue))->rec.data.tsn;
703 }
704 }
705 /*
706 * CMT: Do not allow FRs on retransmitted TSNs.
707 */
708 if (stcb->asoc.sctp_cmt_on_off > 0) {
709 chk->no_fr_allowed = 1;
710 }
711 #ifdef THIS_SHOULD_NOT_BE_DONE
712 } else if (chk->sent == SCTP_DATAGRAM_ACKED) {
713 /* remember highest acked one */
714 could_be_sent = chk;
715 #endif
716 }
717 if (chk->sent == SCTP_DATAGRAM_RESEND) {
718 cnt_mk++;
719 }
720 }
721 if ((orig_flight - net->flight_size) != (orig_tf - stcb->asoc.total_flight)) {
722 /* we did not subtract the same things? */
723 audit_tf = 1;
724 }
725
726 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
727 sctp_log_fr(tsnfirst, tsnlast, num_mk, SCTP_FR_T3_TIMEOUT);
728 }
729 #ifdef SCTP_DEBUG
730 if (num_mk) {
731 SCTPDBG(SCTP_DEBUG_TIMER1, "LAST TSN marked was %x\n",
732 tsnlast);
733 SCTPDBG(SCTP_DEBUG_TIMER1, "Num marked for retransmission was %d peer-rwd:%u\n",
734 num_mk,
735 stcb->asoc.peers_rwnd);
736 }
737 #endif
738 *num_marked = num_mk;
739 *num_abandoned = cnt_abandoned;
740 /*
741 * Now check for a ECN Echo that may be stranded And include the
742 * cnt_mk'd to have all resends in the control queue.
743 */
744 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
745 if (chk->sent == SCTP_DATAGRAM_RESEND) {
746 cnt_mk++;
747 }
748 if ((chk->whoTo == net) &&
749 (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
750 sctp_free_remote_addr(chk->whoTo);
751 chk->whoTo = alt;
752 if (chk->sent != SCTP_DATAGRAM_RESEND) {
753 chk->sent = SCTP_DATAGRAM_RESEND;
754 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
755 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
756 cnt_mk++;
757 }
758 atomic_add_int(&alt->ref_count, 1);
759 }
760 }
761 #ifdef THIS_SHOULD_NOT_BE_DONE
762 if ((stcb->asoc.sent_queue_retran_cnt == 0) && (could_be_sent)) {
763 /* fix it so we retransmit the highest acked anyway */
764 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
765 cnt_mk++;
766 could_be_sent->sent = SCTP_DATAGRAM_RESEND;
767 }
768 #endif
769 if (stcb->asoc.sent_queue_retran_cnt != cnt_mk) {
770 #ifdef INVARIANTS
771 SCTP_PRINTF("Local Audit says there are %d for retran asoc cnt:%d we marked:%d this time\n",
772 cnt_mk, stcb->asoc.sent_queue_retran_cnt, num_mk);
773 #endif
774 #ifndef SCTP_AUDITING_ENABLED
775 stcb->asoc.sent_queue_retran_cnt = cnt_mk;
776 #endif
777 }
778 if (audit_tf) {
779 SCTPDBG(SCTP_DEBUG_TIMER4,
780 "Audit total flight due to negative value net:%p\n",
781 (void *)net);
782 stcb->asoc.total_flight = 0;
783 stcb->asoc.total_flight_count = 0;
784 /* Clear all networks flight size */
785 TAILQ_FOREACH(lnets, &stcb->asoc.nets, sctp_next) {
786 lnets->flight_size = 0;
787 SCTPDBG(SCTP_DEBUG_TIMER4,
788 "Net:%p c-f cwnd:%d ssthresh:%d\n",
789 (void *)lnets, lnets->cwnd, lnets->ssthresh);
790 }
791 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) {
792 if (chk->sent < SCTP_DATAGRAM_RESEND) {
793 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
794 sctp_misc_ints(SCTP_FLIGHT_LOG_UP,
795 chk->whoTo->flight_size,
796 chk->book_size,
797 (uint32_t)(uintptr_t)chk->whoTo,
798 chk->rec.data.tsn);
799 }
800
801 sctp_flight_size_increase(chk);
802 sctp_total_flight_increase(stcb, chk);
803 }
804 }
805 }
806 /* We return 1 if we only have a window probe outstanding */
807 return (0);
808 }
809
810 int
sctp_t3rxt_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)811 sctp_t3rxt_timer(struct sctp_inpcb *inp,
812 struct sctp_tcb *stcb,
813 struct sctp_nets *net)
814 {
815 struct sctp_nets *alt;
816 int win_probe, num_mk, num_abandoned;
817
818 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
819 sctp_log_fr(0, 0, 0, SCTP_FR_T3_TIMEOUT);
820 }
821 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
822 struct sctp_nets *lnet;
823
824 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) {
825 if (net == lnet) {
826 sctp_log_cwnd(stcb, lnet, 1, SCTP_CWND_LOG_FROM_T3);
827 } else {
828 sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_LOG_FROM_T3);
829 }
830 }
831 }
832 /* Find an alternate and mark those for retransmission */
833 if ((stcb->asoc.peers_rwnd == 0) &&
834 (stcb->asoc.total_flight < net->mtu)) {
835 SCTP_STAT_INCR(sctps_timowindowprobe);
836 win_probe = 1;
837 } else {
838 win_probe = 0;
839 }
840
841 if (win_probe == 0) {
842 /* We don't do normal threshold management on window probes */
843 if (sctp_threshold_management(inp, stcb, net,
844 stcb->asoc.max_send_times)) {
845 /* Association was destroyed */
846 return (1);
847 } else {
848 if (net != stcb->asoc.primary_destination) {
849 /* send a immediate HB if our RTO is stale */
850 struct timeval now;
851 uint32_t ms_goneby;
852
853 (void)SCTP_GETTIME_TIMEVAL(&now);
854 if (net->last_sent_time.tv_sec) {
855 ms_goneby = (uint32_t)(now.tv_sec - net->last_sent_time.tv_sec) * 1000;
856 } else {
857 ms_goneby = 0;
858 }
859 if ((net->dest_state & SCTP_ADDR_PF) == 0) {
860 if ((ms_goneby > net->RTO) || (net->RTO == 0)) {
861 /*
862 * no recent feed back in an
863 * RTO or more, request a
864 * RTT update
865 */
866 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
867 }
868 }
869 }
870 }
871 } else {
872 /*
873 * For a window probe we don't penalize the net's but only
874 * the association. This may fail it if SACKs are not coming
875 * back. If sack's are coming with rwnd locked at 0, we will
876 * continue to hold things waiting for rwnd to raise
877 */
878 if (sctp_threshold_management(inp, stcb, NULL,
879 stcb->asoc.max_send_times)) {
880 /* Association was destroyed */
881 return (1);
882 }
883 }
884 if (stcb->asoc.sctp_cmt_on_off > 0) {
885 if (net->pf_threshold < net->failure_threshold) {
886 alt = sctp_find_alternate_net(stcb, net, 2);
887 } else {
888 /*
889 * CMT: Using RTX_SSTHRESH policy for CMT. If CMT is
890 * being used, then pick dest with largest ssthresh
891 * for any retransmission.
892 */
893 alt = sctp_find_alternate_net(stcb, net, 1);
894 /*
895 * CUCv2: If a different dest is picked for the
896 * retransmission, then new (rtx-)pseudo_cumack
897 * needs to be tracked for orig dest. Let CUCv2
898 * track new (rtx-) pseudo-cumack always.
899 */
900 net->find_pseudo_cumack = 1;
901 net->find_rtx_pseudo_cumack = 1;
902 }
903 } else {
904 alt = sctp_find_alternate_net(stcb, net, 0);
905 }
906
907 num_mk = 0;
908 num_abandoned = 0;
909 (void)sctp_mark_all_for_resend(stcb, net, alt, win_probe,
910 &num_mk, &num_abandoned);
911 /* FR Loss recovery just ended with the T3. */
912 stcb->asoc.fast_retran_loss_recovery = 0;
913
914 /* CMT FR loss recovery ended with the T3 */
915 net->fast_retran_loss_recovery = 0;
916 if ((stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) &&
917 (net->flight_size == 0)) {
918 (*stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) (stcb, net);
919 }
920
921 /*
922 * setup the sat loss recovery that prevents satellite cwnd advance.
923 */
924 stcb->asoc.sat_t3_loss_recovery = 1;
925 stcb->asoc.sat_t3_recovery_tsn = stcb->asoc.sending_seq;
926
927 /* Backoff the timer and cwnd */
928 sctp_backoff_on_timeout(stcb, net, win_probe, num_mk, num_abandoned);
929 if (((net->dest_state & SCTP_ADDR_REACHABLE) == 0) ||
930 (net->dest_state & SCTP_ADDR_PF)) {
931 /* Move all pending over too */
932 sctp_move_chunks_from_net(stcb, net);
933
934 /*
935 * Get the address that failed, to force a new src address
936 * selection and a route allocation.
937 */
938 if (net->ro._s_addr != NULL) {
939 sctp_free_ifa(net->ro._s_addr);
940 net->ro._s_addr = NULL;
941 }
942 net->src_addr_selected = 0;
943
944 /* Force a route allocation too */
945 RO_NHFREE(&net->ro);
946
947 /* Was it our primary? */
948 if ((stcb->asoc.primary_destination == net) && (alt != net)) {
949 /*
950 * Yes, note it as such and find an alternate note:
951 * this means HB code must use this to resent the
952 * primary if it goes active AND if someone does a
953 * change-primary then this flag must be cleared
954 * from any net structures.
955 */
956 if (stcb->asoc.alternate != NULL) {
957 sctp_free_remote_addr(stcb->asoc.alternate);
958 }
959 stcb->asoc.alternate = alt;
960 atomic_add_int(&stcb->asoc.alternate->ref_count, 1);
961 }
962 }
963 /*
964 * Special case for cookie-echo'ed case, we don't do output but must
965 * await the COOKIE-ACK before retransmission
966 */
967 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) {
968 /*
969 * Here we just reset the timer and start again since we
970 * have not established the asoc
971 */
972 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net);
973 return (0);
974 }
975 if (stcb->asoc.prsctp_supported) {
976 struct sctp_tmit_chunk *lchk;
977
978 lchk = sctp_try_advance_peer_ack_point(stcb, &stcb->asoc);
979 /* C3. See if we need to send a Fwd-TSN */
980 if (SCTP_TSN_GT(stcb->asoc.advanced_peer_ack_point, stcb->asoc.last_acked_seq)) {
981 send_forward_tsn(stcb, &stcb->asoc);
982 for (; lchk != NULL; lchk = TAILQ_NEXT(lchk, sctp_next)) {
983 if (lchk->whoTo != NULL) {
984 break;
985 }
986 }
987 if (lchk != NULL) {
988 /* Assure a timer is up */
989 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, lchk->whoTo);
990 }
991 }
992 }
993 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_MONITOR_ENABLE) {
994 sctp_log_cwnd(stcb, net, net->cwnd, SCTP_CWND_LOG_FROM_RTX);
995 }
996 return (0);
997 }
998
999 int
sctp_t1init_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1000 sctp_t1init_timer(struct sctp_inpcb *inp,
1001 struct sctp_tcb *stcb,
1002 struct sctp_nets *net)
1003 {
1004 /* bump the thresholds */
1005 if (stcb->asoc.delayed_connection) {
1006 /*
1007 * special hook for delayed connection. The library did NOT
1008 * complete the rest of its sends.
1009 */
1010 stcb->asoc.delayed_connection = 0;
1011 sctp_send_initiate(inp, stcb, SCTP_SO_NOT_LOCKED);
1012 return (0);
1013 }
1014 if (SCTP_GET_STATE(stcb) != SCTP_STATE_COOKIE_WAIT) {
1015 return (0);
1016 }
1017 if (sctp_threshold_management(inp, stcb, net,
1018 stcb->asoc.max_init_times)) {
1019 /* Association was destroyed */
1020 return (1);
1021 }
1022 stcb->asoc.dropped_special_cnt = 0;
1023 sctp_backoff_on_timeout(stcb, stcb->asoc.primary_destination, 1, 0, 0);
1024 if (stcb->asoc.initial_init_rto_max < net->RTO) {
1025 net->RTO = stcb->asoc.initial_init_rto_max;
1026 }
1027 if (stcb->asoc.numnets > 1) {
1028 /* If we have more than one addr use it */
1029 struct sctp_nets *alt;
1030
1031 alt = sctp_find_alternate_net(stcb, stcb->asoc.primary_destination, 0);
1032 if (alt != stcb->asoc.primary_destination) {
1033 sctp_move_chunks_from_net(stcb, stcb->asoc.primary_destination);
1034 stcb->asoc.primary_destination = alt;
1035 }
1036 }
1037 /* Send out a new init */
1038 sctp_send_initiate(inp, stcb, SCTP_SO_NOT_LOCKED);
1039 return (0);
1040 }
1041
1042 /*
1043 * For cookie and asconf we actually need to find and mark for resend, then
1044 * increment the resend counter (after all the threshold management stuff of
1045 * course).
1046 */
1047 int
sctp_cookie_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net SCTP_UNUSED)1048 sctp_cookie_timer(struct sctp_inpcb *inp,
1049 struct sctp_tcb *stcb,
1050 struct sctp_nets *net SCTP_UNUSED)
1051 {
1052 struct sctp_nets *alt;
1053 struct sctp_tmit_chunk *cookie;
1054
1055 /* first before all else we must find the cookie */
1056 TAILQ_FOREACH(cookie, &stcb->asoc.control_send_queue, sctp_next) {
1057 if (cookie->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
1058 break;
1059 }
1060 }
1061 if (cookie == NULL) {
1062 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) {
1063 /* FOOBAR! */
1064 struct mbuf *op_err;
1065
1066 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
1067 "Cookie timer expired, but no cookie");
1068 inp->last_abort_code = SCTP_FROM_SCTP_TIMER + SCTP_LOC_3;
1069 sctp_abort_an_association(inp, stcb, op_err, false, SCTP_SO_NOT_LOCKED);
1070 } else {
1071 #ifdef INVARIANTS
1072 panic("Cookie timer expires in wrong state?");
1073 #else
1074 SCTP_PRINTF("Strange in state %d not cookie-echoed yet c-e timer expires?\n", SCTP_GET_STATE(stcb));
1075 return (0);
1076 #endif
1077 }
1078 return (0);
1079 }
1080 /* Ok we found the cookie, threshold management next */
1081 if (sctp_threshold_management(inp, stcb, cookie->whoTo,
1082 stcb->asoc.max_init_times)) {
1083 /* Assoc is over */
1084 return (1);
1085 }
1086 /*
1087 * Cleared threshold management, now lets backoff the address and
1088 * select an alternate
1089 */
1090 stcb->asoc.dropped_special_cnt = 0;
1091 sctp_backoff_on_timeout(stcb, cookie->whoTo, 1, 0, 0);
1092 alt = sctp_find_alternate_net(stcb, cookie->whoTo, 0);
1093 if (alt != cookie->whoTo) {
1094 sctp_free_remote_addr(cookie->whoTo);
1095 cookie->whoTo = alt;
1096 atomic_add_int(&alt->ref_count, 1);
1097 }
1098 /* Now mark the retran info */
1099 if (cookie->sent != SCTP_DATAGRAM_RESEND) {
1100 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1101 }
1102 cookie->sent = SCTP_DATAGRAM_RESEND;
1103 cookie->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1104 /*
1105 * Now call the output routine to kick out the cookie again, Note we
1106 * don't mark any chunks for retran so that FR will need to kick in
1107 * to move these (or a send timer).
1108 */
1109 return (0);
1110 }
1111
1112 int
sctp_strreset_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb)1113 sctp_strreset_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1114 {
1115 struct sctp_nets *alt, *net;
1116 struct sctp_tmit_chunk *strrst = NULL, *chk = NULL;
1117
1118 if (stcb->asoc.stream_reset_outstanding == 0) {
1119 return (0);
1120 }
1121 /* find the existing STRRESET, we use the seq number we sent out on */
1122 (void)sctp_find_stream_reset(stcb, stcb->asoc.str_reset_seq_out, &strrst);
1123 if (strrst == NULL) {
1124 return (0);
1125 }
1126 net = strrst->whoTo;
1127 /* do threshold management */
1128 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1129 /* Assoc is over */
1130 return (1);
1131 }
1132 /*
1133 * Cleared threshold management, now lets backoff the address and
1134 * select an alternate
1135 */
1136 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1137 alt = sctp_find_alternate_net(stcb, net, 0);
1138 strrst->whoTo = alt;
1139 atomic_add_int(&alt->ref_count, 1);
1140
1141 /* See if a ECN Echo is also stranded */
1142 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
1143 if ((chk->whoTo == net) &&
1144 (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
1145 sctp_free_remote_addr(chk->whoTo);
1146 if (chk->sent != SCTP_DATAGRAM_RESEND) {
1147 chk->sent = SCTP_DATAGRAM_RESEND;
1148 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1149 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1150 }
1151 chk->whoTo = alt;
1152 atomic_add_int(&alt->ref_count, 1);
1153 }
1154 }
1155 if ((net->dest_state & SCTP_ADDR_REACHABLE) == 0) {
1156 /*
1157 * If the address went un-reachable, we need to move to
1158 * alternates for ALL chk's in queue
1159 */
1160 sctp_move_chunks_from_net(stcb, net);
1161 }
1162 sctp_free_remote_addr(net);
1163
1164 /* mark the retran info */
1165 if (strrst->sent != SCTP_DATAGRAM_RESEND)
1166 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1167 strrst->sent = SCTP_DATAGRAM_RESEND;
1168 strrst->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1169
1170 /* restart the timer */
1171 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, inp, stcb, alt);
1172 return (0);
1173 }
1174
1175 int
sctp_asconf_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1176 sctp_asconf_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1177 struct sctp_nets *net)
1178 {
1179 struct sctp_nets *alt;
1180 struct sctp_tmit_chunk *asconf, *chk;
1181
1182 /* is this a first send, or a retransmission? */
1183 if (TAILQ_EMPTY(&stcb->asoc.asconf_send_queue)) {
1184 /* compose a new ASCONF chunk and send it */
1185 sctp_send_asconf(stcb, net, SCTP_ADDR_NOT_LOCKED);
1186 } else {
1187 /*
1188 * Retransmission of the existing ASCONF is needed
1189 */
1190
1191 /* find the existing ASCONF */
1192 asconf = TAILQ_FIRST(&stcb->asoc.asconf_send_queue);
1193 if (asconf == NULL) {
1194 return (0);
1195 }
1196 net = asconf->whoTo;
1197 /* do threshold management */
1198 if (sctp_threshold_management(inp, stcb, net,
1199 stcb->asoc.max_send_times)) {
1200 /* Assoc is over */
1201 return (1);
1202 }
1203 if (asconf->snd_count > stcb->asoc.max_send_times) {
1204 /*
1205 * Something is rotten: our peer is not responding
1206 * to ASCONFs but apparently is to other chunks.
1207 * i.e. it is not properly handling the chunk type
1208 * upper bits. Mark this peer as ASCONF incapable
1209 * and cleanup.
1210 */
1211 SCTPDBG(SCTP_DEBUG_TIMER1, "asconf_timer: Peer has not responded to our repeated ASCONFs\n");
1212 sctp_asconf_cleanup(stcb);
1213 return (0);
1214 }
1215 /*
1216 * cleared threshold management, so now backoff the net and
1217 * select an alternate
1218 */
1219 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1220 alt = sctp_find_alternate_net(stcb, net, 0);
1221 if (asconf->whoTo != alt) {
1222 asconf->whoTo = alt;
1223 atomic_add_int(&alt->ref_count, 1);
1224 }
1225
1226 /* See if an ECN Echo is also stranded */
1227 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
1228 if ((chk->whoTo == net) &&
1229 (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
1230 sctp_free_remote_addr(chk->whoTo);
1231 chk->whoTo = alt;
1232 if (chk->sent != SCTP_DATAGRAM_RESEND) {
1233 chk->sent = SCTP_DATAGRAM_RESEND;
1234 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1235 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1236 }
1237 atomic_add_int(&alt->ref_count, 1);
1238 }
1239 }
1240 TAILQ_FOREACH(chk, &stcb->asoc.asconf_send_queue, sctp_next) {
1241 if (chk->whoTo != alt) {
1242 sctp_free_remote_addr(chk->whoTo);
1243 chk->whoTo = alt;
1244 atomic_add_int(&alt->ref_count, 1);
1245 }
1246 if (asconf->sent != SCTP_DATAGRAM_RESEND && chk->sent != SCTP_DATAGRAM_UNSENT)
1247 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1248 chk->sent = SCTP_DATAGRAM_RESEND;
1249 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1250 }
1251 if ((net->dest_state & SCTP_ADDR_REACHABLE) == 0) {
1252 /*
1253 * If the address went un-reachable, we need to move
1254 * to the alternate for ALL chunks in queue
1255 */
1256 sctp_move_chunks_from_net(stcb, net);
1257 }
1258 sctp_free_remote_addr(net);
1259
1260 /* mark the retran info */
1261 if (asconf->sent != SCTP_DATAGRAM_RESEND)
1262 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1263 asconf->sent = SCTP_DATAGRAM_RESEND;
1264 asconf->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1265
1266 /* send another ASCONF if any and we can do */
1267 sctp_send_asconf(stcb, alt, SCTP_ADDR_NOT_LOCKED);
1268 }
1269 return (0);
1270 }
1271
1272 /* Mobility adaptation */
1273 void
sctp_delete_prim_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb)1274 sctp_delete_prim_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1275 {
1276 if (stcb->asoc.deleted_primary == NULL) {
1277 SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: deleted_primary is not stored...\n");
1278 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
1279 return;
1280 }
1281 SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: finished to keep deleted primary ");
1282 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, &stcb->asoc.deleted_primary->ro._l_addr.sa);
1283 sctp_free_remote_addr(stcb->asoc.deleted_primary);
1284 stcb->asoc.deleted_primary = NULL;
1285 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
1286 return;
1287 }
1288
1289 /*
1290 * For the shutdown and shutdown-ack, we do not keep one around on the
1291 * control queue. This means we must generate a new one and call the general
1292 * chunk output routine, AFTER having done threshold management.
1293 * It is assumed that net is non-NULL.
1294 */
1295 int
sctp_shutdown_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1296 sctp_shutdown_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1297 struct sctp_nets *net)
1298 {
1299 struct sctp_nets *alt;
1300
1301 /* first threshold management */
1302 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1303 /* Assoc is over */
1304 return (1);
1305 }
1306 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1307 /* second select an alternative */
1308 alt = sctp_find_alternate_net(stcb, net, 0);
1309
1310 /* third generate a shutdown into the queue for out net */
1311 sctp_send_shutdown(stcb, alt);
1312
1313 /* fourth restart timer */
1314 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, inp, stcb, alt);
1315 return (0);
1316 }
1317
1318 int
sctp_shutdownack_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1319 sctp_shutdownack_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1320 struct sctp_nets *net)
1321 {
1322 struct sctp_nets *alt;
1323
1324 /* first threshold management */
1325 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1326 /* Assoc is over */
1327 return (1);
1328 }
1329 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1330 /* second select an alternative */
1331 alt = sctp_find_alternate_net(stcb, net, 0);
1332
1333 /* third generate a shutdown into the queue for out net */
1334 sctp_send_shutdown_ack(stcb, alt);
1335
1336 /* fourth restart timer */
1337 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK, inp, stcb, alt);
1338 return (0);
1339 }
1340
1341 static void
sctp_audit_stream_queues_for_size(struct sctp_inpcb * inp,struct sctp_tcb * stcb)1342 sctp_audit_stream_queues_for_size(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1343 {
1344 struct sctp_stream_queue_pending *sp;
1345 unsigned int i, chks_in_queue = 0;
1346 int being_filled = 0;
1347
1348 KASSERT(inp != NULL, ("inp is NULL"));
1349 KASSERT(stcb != NULL, ("stcb is NULL"));
1350 SCTP_TCB_LOCK_ASSERT(stcb);
1351 KASSERT(TAILQ_EMPTY(&stcb->asoc.send_queue), ("send_queue not empty"));
1352 KASSERT(TAILQ_EMPTY(&stcb->asoc.sent_queue), ("sent_queue not empty"));
1353
1354 if (stcb->asoc.sent_queue_retran_cnt) {
1355 SCTP_PRINTF("Hmm, sent_queue_retran_cnt is non-zero %d\n",
1356 stcb->asoc.sent_queue_retran_cnt);
1357 stcb->asoc.sent_queue_retran_cnt = 0;
1358 }
1359 if (stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, &stcb->asoc)) {
1360 /* No stream scheduler information, initialize scheduler */
1361 stcb->asoc.ss_functions.sctp_ss_init(stcb, &stcb->asoc);
1362 if (!stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, &stcb->asoc)) {
1363 /* yep, we lost a stream or two */
1364 SCTP_PRINTF("Found additional streams NOT managed by scheduler, corrected\n");
1365 } else {
1366 /* no streams lost */
1367 stcb->asoc.total_output_queue_size = 0;
1368 }
1369 }
1370 /* Check to see if some data queued, if so report it */
1371 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
1372 if (!TAILQ_EMPTY(&stcb->asoc.strmout[i].outqueue)) {
1373 TAILQ_FOREACH(sp, &stcb->asoc.strmout[i].outqueue, next) {
1374 if (sp->msg_is_complete)
1375 being_filled++;
1376 chks_in_queue++;
1377 }
1378 }
1379 }
1380 if (chks_in_queue != stcb->asoc.stream_queue_cnt) {
1381 SCTP_PRINTF("Hmm, stream queue cnt at %d I counted %d in stream out wheel\n",
1382 stcb->asoc.stream_queue_cnt, chks_in_queue);
1383 }
1384 if (chks_in_queue) {
1385 /* call the output queue function */
1386 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED);
1387 if ((TAILQ_EMPTY(&stcb->asoc.send_queue)) &&
1388 (TAILQ_EMPTY(&stcb->asoc.sent_queue))) {
1389 /*
1390 * Probably should go in and make it go back through
1391 * and add fragments allowed
1392 */
1393 if (being_filled == 0) {
1394 SCTP_PRINTF("Still nothing moved %d chunks are stuck\n",
1395 chks_in_queue);
1396 }
1397 }
1398 } else {
1399 SCTP_PRINTF("Found no chunks on any queue tot:%lu\n",
1400 (u_long)stcb->asoc.total_output_queue_size);
1401 stcb->asoc.total_output_queue_size = 0;
1402 }
1403 }
1404
1405 int
sctp_heartbeat_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1406 sctp_heartbeat_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1407 struct sctp_nets *net)
1408 {
1409 bool net_was_pf;
1410
1411 net_was_pf = (net->dest_state & SCTP_ADDR_PF) != 0;
1412 if (net->hb_responded == 0) {
1413 if (net->ro._s_addr != NULL) {
1414 /*
1415 * Invalidate the src address if we did not get a
1416 * response last time.
1417 */
1418 sctp_free_ifa(net->ro._s_addr);
1419 net->ro._s_addr = NULL;
1420 net->src_addr_selected = 0;
1421 }
1422 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1423 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1424 /* Assoc is over */
1425 return (1);
1426 }
1427 }
1428 /* Zero PBA, if it needs it */
1429 if (net->partial_bytes_acked > 0) {
1430 net->partial_bytes_acked = 0;
1431 }
1432 if ((stcb->asoc.total_output_queue_size > 0) &&
1433 (TAILQ_EMPTY(&stcb->asoc.send_queue)) &&
1434 (TAILQ_EMPTY(&stcb->asoc.sent_queue))) {
1435 sctp_audit_stream_queues_for_size(inp, stcb);
1436 }
1437 if ((((net->dest_state & SCTP_ADDR_NOHB) == 0) ||
1438 (net->dest_state & SCTP_ADDR_UNCONFIRMED)) &&
1439 (net_was_pf || ((net->dest_state & SCTP_ADDR_PF) == 0))) {
1440 /*
1441 * When moving to PF during threshold management, a HB has
1442 * been queued in that routine.
1443 */
1444 uint32_t ms_gone_by;
1445
1446 if ((net->last_sent_time.tv_sec > 0) ||
1447 (net->last_sent_time.tv_usec > 0)) {
1448 struct timeval diff;
1449
1450 SCTP_GETTIME_TIMEVAL(&diff);
1451 timevalsub(&diff, &net->last_sent_time);
1452 ms_gone_by = (uint32_t)(diff.tv_sec * 1000) +
1453 (uint32_t)(diff.tv_usec / 1000);
1454 } else {
1455 ms_gone_by = 0xffffffff;
1456 }
1457 if ((ms_gone_by >= net->heart_beat_delay) ||
1458 (net->dest_state & SCTP_ADDR_UNCONFIRMED) ||
1459 (net->dest_state & SCTP_ADDR_PF)) {
1460 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
1461 }
1462 }
1463 return (0);
1464 }
1465
1466 void
sctp_pathmtu_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1467 sctp_pathmtu_timer(struct sctp_inpcb *inp,
1468 struct sctp_tcb *stcb,
1469 struct sctp_nets *net)
1470 {
1471 uint32_t next_mtu, mtu;
1472
1473 next_mtu = sctp_get_next_mtu(net->mtu);
1474
1475 if ((next_mtu > net->mtu) && (net->port == 0)) {
1476 if ((net->src_addr_selected == 0) ||
1477 (net->ro._s_addr == NULL) ||
1478 (net->ro._s_addr->localifa_flags & SCTP_BEING_DELETED)) {
1479 if ((net->ro._s_addr != NULL) && (net->ro._s_addr->localifa_flags & SCTP_BEING_DELETED)) {
1480 sctp_free_ifa(net->ro._s_addr);
1481 net->ro._s_addr = NULL;
1482 net->src_addr_selected = 0;
1483 } else if (net->ro._s_addr == NULL) {
1484 #if defined(INET6) && defined(SCTP_EMBEDDED_V6_SCOPE)
1485 if (net->ro._l_addr.sa.sa_family == AF_INET6) {
1486 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1487
1488 /* KAME hack: embed scopeid */
1489 (void)sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
1490 }
1491 #endif
1492
1493 net->ro._s_addr = sctp_source_address_selection(inp,
1494 stcb,
1495 (sctp_route_t *)&net->ro,
1496 net, 0, stcb->asoc.vrf_id);
1497 #if defined(INET6) && defined(SCTP_EMBEDDED_V6_SCOPE)
1498 if (net->ro._l_addr.sa.sa_family == AF_INET6) {
1499 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1500
1501 (void)sa6_recoverscope(sin6);
1502 }
1503 #endif /* INET6 */
1504 }
1505 if (net->ro._s_addr)
1506 net->src_addr_selected = 1;
1507 }
1508 if (net->ro._s_addr) {
1509 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._s_addr.sa, net->ro.ro_nh);
1510 #if defined(INET) || defined(INET6)
1511 if (net->port) {
1512 mtu -= sizeof(struct udphdr);
1513 }
1514 #endif
1515 if (mtu > next_mtu) {
1516 net->mtu = next_mtu;
1517 } else {
1518 net->mtu = mtu;
1519 }
1520 }
1521 }
1522 /* restart the timer */
1523 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net);
1524 }
1525
1526 void
sctp_autoclose_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb)1527 sctp_autoclose_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1528 {
1529 struct timeval tn, *tim_touse;
1530 struct sctp_association *asoc;
1531 uint32_t ticks_gone_by;
1532
1533 (void)SCTP_GETTIME_TIMEVAL(&tn);
1534 if (stcb->asoc.sctp_autoclose_ticks > 0 &&
1535 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1536 /* Auto close is on */
1537 asoc = &stcb->asoc;
1538 /* pick the time to use */
1539 if (asoc->time_last_rcvd.tv_sec >
1540 asoc->time_last_sent.tv_sec) {
1541 tim_touse = &asoc->time_last_rcvd;
1542 } else {
1543 tim_touse = &asoc->time_last_sent;
1544 }
1545 /* Now has long enough transpired to autoclose? */
1546 ticks_gone_by = sctp_secs_to_ticks((uint32_t)(tn.tv_sec - tim_touse->tv_sec));
1547 if (ticks_gone_by >= asoc->sctp_autoclose_ticks) {
1548 /*
1549 * autoclose time has hit, call the output routine,
1550 * which should do nothing just to be SURE we don't
1551 * have hanging data. We can then safely check the
1552 * queues and know that we are clear to send
1553 * shutdown
1554 */
1555 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR, SCTP_SO_NOT_LOCKED);
1556 /* Are we clean? */
1557 if (TAILQ_EMPTY(&asoc->send_queue) &&
1558 TAILQ_EMPTY(&asoc->sent_queue)) {
1559 /*
1560 * there is nothing queued to send, so I'm
1561 * done...
1562 */
1563 if (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) {
1564 /* only send SHUTDOWN 1st time thru */
1565 struct sctp_nets *net;
1566
1567 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) ||
1568 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
1569 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
1570 }
1571 SCTP_SET_STATE(stcb, SCTP_STATE_SHUTDOWN_SENT);
1572 sctp_stop_timers_for_shutdown(stcb);
1573 if (stcb->asoc.alternate) {
1574 net = stcb->asoc.alternate;
1575 } else {
1576 net = stcb->asoc.primary_destination;
1577 }
1578 sctp_send_shutdown(stcb, net);
1579 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
1580 stcb->sctp_ep, stcb, net);
1581 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1582 stcb->sctp_ep, stcb, NULL);
1583 }
1584 }
1585 } else {
1586 /*
1587 * No auto close at this time, reset t-o to check
1588 * later
1589 */
1590 uint32_t tmp;
1591
1592 /* fool the timer startup to use the time left */
1593 tmp = asoc->sctp_autoclose_ticks;
1594 asoc->sctp_autoclose_ticks -= ticks_gone_by;
1595 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL);
1596 /* restore the real tick value */
1597 asoc->sctp_autoclose_ticks = tmp;
1598 }
1599 }
1600 }
1601