1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* SCTP kernel implementation
3 * Copyright (c) 1999-2000 Cisco, Inc.
4 * Copyright (c) 1999-2001 Motorola, Inc.
5 * Copyright (c) 2001-2003 International Business Machines Corp.
6 * Copyright (c) 2001 Intel Corp.
7 * Copyright (c) 2001 La Monte H.P. Yarroll
8 *
9 * This file is part of the SCTP kernel implementation
10 *
11 * This module provides the abstraction for an SCTP transport representing
12 * a remote transport address. For local transport addresses, we just use
13 * union sctp_addr.
14 *
15 * Please send any bug reports or fixes you make to the
16 * email address(es):
17 * lksctp developers <linux-sctp@vger.kernel.org>
18 *
19 * Written or modified by:
20 * La Monte H.P. Yarroll <piggy@acm.org>
21 * Karl Knutson <karl@athena.chicago.il.us>
22 * Jon Grimm <jgrimm@us.ibm.com>
23 * Xingang Guo <xingang.guo@intel.com>
24 * Hui Huang <hui.huang@nokia.com>
25 * Sridhar Samudrala <sri@us.ibm.com>
26 * Ardelle Fan <ardelle.fan@intel.com>
27 */
28
29 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
30
31 #include <linux/slab.h>
32 #include <linux/types.h>
33 #include <linux/random.h>
34 #include <net/sctp/sctp.h>
35 #include <net/sctp/sm.h>
36
37 /* 1st Level Abstractions. */
38
39 /* Initialize a new transport from provided memory. */
sctp_transport_init(struct net * net,struct sctp_transport * peer,const union sctp_addr * addr,gfp_t gfp)40 static void sctp_transport_init(struct net *net,
41 struct sctp_transport *peer,
42 const union sctp_addr *addr,
43 gfp_t gfp)
44 {
45 /* Copy in the address. */
46 peer->af_specific = sctp_get_af_specific(addr->sa.sa_family);
47 memcpy(&peer->ipaddr, addr, peer->af_specific->sockaddr_len);
48 memset(&peer->saddr, 0, sizeof(union sctp_addr));
49
50 peer->sack_generation = 0;
51
52 /* From 6.3.1 RTO Calculation:
53 *
54 * C1) Until an RTT measurement has been made for a packet sent to the
55 * given destination transport address, set RTO to the protocol
56 * parameter 'RTO.Initial'.
57 */
58 peer->rto = msecs_to_jiffies(net->sctp.rto_initial);
59
60 peer->last_time_heard = 0;
61 peer->last_time_ecne_reduced = jiffies;
62
63 peer->param_flags = SPP_HB_DISABLE |
64 SPP_PMTUD_ENABLE |
65 SPP_SACKDELAY_ENABLE;
66
67 /* Initialize the default path max_retrans. */
68 peer->pathmaxrxt = net->sctp.max_retrans_path;
69 peer->pf_retrans = net->sctp.pf_retrans;
70
71 INIT_LIST_HEAD(&peer->transmitted);
72 INIT_LIST_HEAD(&peer->send_ready);
73 INIT_LIST_HEAD(&peer->transports);
74
75 timer_setup(&peer->T3_rtx_timer, sctp_generate_t3_rtx_event, 0);
76 timer_setup(&peer->hb_timer, sctp_generate_heartbeat_event, 0);
77 timer_setup(&peer->reconf_timer, sctp_generate_reconf_event, 0);
78 timer_setup(&peer->probe_timer, sctp_generate_probe_event, 0);
79 timer_setup(&peer->proto_unreach_timer,
80 sctp_generate_proto_unreach_event, 0);
81
82 /* Initialize the 64-bit random nonce sent with heartbeat. */
83 get_random_bytes(&peer->hb_nonce, sizeof(peer->hb_nonce));
84
85 refcount_set(&peer->refcnt, 1);
86 }
87
88 /* Allocate and initialize a new transport. */
sctp_transport_new(struct net * net,const union sctp_addr * addr,gfp_t gfp)89 struct sctp_transport *sctp_transport_new(struct net *net,
90 const union sctp_addr *addr,
91 gfp_t gfp)
92 {
93 struct sctp_transport *transport;
94
95 transport = kzalloc(sizeof(*transport), gfp);
96 if (!transport)
97 return NULL;
98
99 sctp_transport_init(net, transport, addr, gfp);
100
101 SCTP_DBG_OBJCNT_INC(transport);
102
103 return transport;
104 }
105
106 /* This transport is no longer needed. Free up if possible, or
107 * delay until it last reference count.
108 */
sctp_transport_free(struct sctp_transport * transport)109 void sctp_transport_free(struct sctp_transport *transport)
110 {
111 transport->dead = 1;
112
113 /* Try to delete the heartbeat timer. */
114 if (timer_delete(&transport->hb_timer))
115 sctp_transport_put(transport);
116
117 /* Delete the T3_rtx timer if it's active.
118 * There is no point in not doing this now and letting
119 * structure hang around in memory since we know
120 * the transport is going away.
121 */
122 if (timer_delete(&transport->T3_rtx_timer))
123 sctp_transport_put(transport);
124
125 if (timer_delete(&transport->reconf_timer))
126 sctp_transport_put(transport);
127
128 if (timer_delete(&transport->probe_timer))
129 sctp_transport_put(transport);
130
131 /* Delete the ICMP proto unreachable timer if it's active. */
132 if (timer_delete(&transport->proto_unreach_timer))
133 sctp_transport_put(transport);
134
135 sctp_transport_put(transport);
136 }
137
sctp_transport_destroy_rcu(struct rcu_head * head)138 static void sctp_transport_destroy_rcu(struct rcu_head *head)
139 {
140 struct sctp_transport *transport;
141
142 transport = container_of(head, struct sctp_transport, rcu);
143
144 dst_release(transport->dst);
145 kfree(transport);
146 SCTP_DBG_OBJCNT_DEC(transport);
147 }
148
149 /* Destroy the transport data structure.
150 * Assumes there are no more users of this structure.
151 */
sctp_transport_destroy(struct sctp_transport * transport)152 static void sctp_transport_destroy(struct sctp_transport *transport)
153 {
154 if (unlikely(refcount_read(&transport->refcnt))) {
155 WARN(1, "Attempt to destroy undead transport %p!\n", transport);
156 return;
157 }
158
159 sctp_packet_free(&transport->packet);
160
161 if (transport->asoc)
162 sctp_association_put(transport->asoc);
163
164 call_rcu(&transport->rcu, sctp_transport_destroy_rcu);
165 }
166
167 /* Start T3_rtx timer if it is not already running and update the heartbeat
168 * timer. This routine is called every time a DATA chunk is sent.
169 */
sctp_transport_reset_t3_rtx(struct sctp_transport * transport)170 void sctp_transport_reset_t3_rtx(struct sctp_transport *transport)
171 {
172 /* RFC 2960 6.3.2 Retransmission Timer Rules
173 *
174 * R1) Every time a DATA chunk is sent to any address(including a
175 * retransmission), if the T3-rtx timer of that address is not running
176 * start it running so that it will expire after the RTO of that
177 * address.
178 */
179
180 if (!timer_pending(&transport->T3_rtx_timer))
181 if (!mod_timer(&transport->T3_rtx_timer,
182 jiffies + transport->rto))
183 sctp_transport_hold(transport);
184 }
185
sctp_transport_reset_hb_timer(struct sctp_transport * transport)186 void sctp_transport_reset_hb_timer(struct sctp_transport *transport)
187 {
188 unsigned long expires;
189
190 /* When a data chunk is sent, reset the heartbeat interval. */
191 expires = jiffies + sctp_transport_timeout(transport);
192 if (!mod_timer(&transport->hb_timer,
193 expires + get_random_u32_below(transport->rto)))
194 sctp_transport_hold(transport);
195 }
196
sctp_transport_reset_reconf_timer(struct sctp_transport * transport)197 void sctp_transport_reset_reconf_timer(struct sctp_transport *transport)
198 {
199 if (!timer_pending(&transport->reconf_timer))
200 if (!mod_timer(&transport->reconf_timer,
201 jiffies + transport->rto))
202 sctp_transport_hold(transport);
203 }
204
sctp_transport_reset_probe_timer(struct sctp_transport * transport)205 void sctp_transport_reset_probe_timer(struct sctp_transport *transport)
206 {
207 if (!mod_timer(&transport->probe_timer,
208 jiffies + transport->probe_interval))
209 sctp_transport_hold(transport);
210 }
211
sctp_transport_reset_raise_timer(struct sctp_transport * transport)212 void sctp_transport_reset_raise_timer(struct sctp_transport *transport)
213 {
214 if (!mod_timer(&transport->probe_timer,
215 jiffies + transport->probe_interval * 30))
216 sctp_transport_hold(transport);
217 }
218
219 /* This transport has been assigned to an association.
220 * Initialize fields from the association or from the sock itself.
221 * Register the reference count in the association.
222 */
sctp_transport_set_owner(struct sctp_transport * transport,struct sctp_association * asoc)223 void sctp_transport_set_owner(struct sctp_transport *transport,
224 struct sctp_association *asoc)
225 {
226 transport->asoc = asoc;
227 sctp_association_hold(asoc);
228 }
229
230 /* Initialize the pmtu of a transport. */
sctp_transport_pmtu(struct sctp_transport * transport,struct sock * sk)231 void sctp_transport_pmtu(struct sctp_transport *transport, struct sock *sk)
232 {
233 /* If we don't have a fresh route, look one up */
234 if (!transport->dst || READ_ONCE(transport->dst->obsolete)) {
235 sctp_transport_dst_release(transport);
236 transport->af_specific->get_dst(transport, &transport->saddr,
237 &transport->fl, sk);
238 }
239
240 if (transport->param_flags & SPP_PMTUD_DISABLE) {
241 struct sctp_association *asoc = transport->asoc;
242
243 if (!transport->pathmtu && asoc && asoc->pathmtu)
244 transport->pathmtu = asoc->pathmtu;
245 if (transport->pathmtu)
246 return;
247 }
248
249 if (transport->dst)
250 transport->pathmtu = sctp_dst_mtu(transport->dst);
251 else
252 transport->pathmtu = SCTP_DEFAULT_MAXSEGMENT;
253
254 sctp_transport_pl_update(transport);
255 }
256
sctp_transport_pl_send(struct sctp_transport * t)257 void sctp_transport_pl_send(struct sctp_transport *t)
258 {
259 if (t->pl.probe_count < SCTP_MAX_PROBES)
260 goto out;
261
262 t->pl.probe_count = 0;
263 if (t->pl.state == SCTP_PL_BASE) {
264 if (t->pl.probe_size == SCTP_BASE_PLPMTU) { /* BASE_PLPMTU Confirmation Failed */
265 t->pl.state = SCTP_PL_ERROR; /* Base -> Error */
266
267 t->pl.pmtu = SCTP_BASE_PLPMTU;
268 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
269 sctp_assoc_sync_pmtu(t->asoc);
270 }
271 } else if (t->pl.state == SCTP_PL_SEARCH) {
272 if (t->pl.pmtu == t->pl.probe_size) { /* Black Hole Detected */
273 t->pl.state = SCTP_PL_BASE; /* Search -> Base */
274 t->pl.probe_size = SCTP_BASE_PLPMTU;
275 t->pl.probe_high = 0;
276
277 t->pl.pmtu = SCTP_BASE_PLPMTU;
278 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
279 sctp_assoc_sync_pmtu(t->asoc);
280 } else { /* Normal probe failure. */
281 t->pl.probe_high = t->pl.probe_size;
282 t->pl.probe_size = t->pl.pmtu;
283 }
284 } else if (t->pl.state == SCTP_PL_COMPLETE) {
285 if (t->pl.pmtu == t->pl.probe_size) { /* Black Hole Detected */
286 t->pl.state = SCTP_PL_BASE; /* Search Complete -> Base */
287 t->pl.probe_size = SCTP_BASE_PLPMTU;
288
289 t->pl.pmtu = SCTP_BASE_PLPMTU;
290 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
291 sctp_assoc_sync_pmtu(t->asoc);
292 }
293 }
294
295 out:
296 pr_debug("%s: PLPMTUD: transport: %p, state: %d, pmtu: %d, size: %d, high: %d\n",
297 __func__, t, t->pl.state, t->pl.pmtu, t->pl.probe_size, t->pl.probe_high);
298 t->pl.probe_count++;
299 }
300
sctp_transport_pl_recv(struct sctp_transport * t)301 bool sctp_transport_pl_recv(struct sctp_transport *t)
302 {
303 pr_debug("%s: PLPMTUD: transport: %p, state: %d, pmtu: %d, size: %d, high: %d\n",
304 __func__, t, t->pl.state, t->pl.pmtu, t->pl.probe_size, t->pl.probe_high);
305
306 t->pl.pmtu = t->pl.probe_size;
307 t->pl.probe_count = 0;
308 if (t->pl.state == SCTP_PL_BASE) {
309 t->pl.state = SCTP_PL_SEARCH; /* Base -> Search */
310 t->pl.probe_size += SCTP_PL_BIG_STEP;
311 } else if (t->pl.state == SCTP_PL_ERROR) {
312 t->pl.state = SCTP_PL_SEARCH; /* Error -> Search */
313
314 t->pl.pmtu = t->pl.probe_size;
315 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
316 sctp_assoc_sync_pmtu(t->asoc);
317 t->pl.probe_size += SCTP_PL_BIG_STEP;
318 } else if (t->pl.state == SCTP_PL_SEARCH) {
319 if (!t->pl.probe_high) {
320 if (t->pl.probe_size < SCTP_MAX_PLPMTU) {
321 t->pl.probe_size = min(t->pl.probe_size + SCTP_PL_BIG_STEP,
322 SCTP_MAX_PLPMTU);
323 return false;
324 }
325 t->pl.probe_high = SCTP_MAX_PLPMTU;
326 }
327 t->pl.probe_size += SCTP_PL_MIN_STEP;
328 if (t->pl.probe_size >= t->pl.probe_high) {
329 t->pl.probe_high = 0;
330 t->pl.state = SCTP_PL_COMPLETE; /* Search -> Search Complete */
331
332 t->pl.probe_size = t->pl.pmtu;
333 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
334 sctp_assoc_sync_pmtu(t->asoc);
335 sctp_transport_reset_raise_timer(t);
336 }
337 } else if (t->pl.state == SCTP_PL_COMPLETE) {
338 /* Raise probe_size again after 30 * interval in Search Complete */
339 t->pl.state = SCTP_PL_SEARCH; /* Search Complete -> Search */
340 t->pl.probe_size = min(t->pl.probe_size + SCTP_PL_MIN_STEP, SCTP_MAX_PLPMTU);
341 }
342
343 return t->pl.state == SCTP_PL_COMPLETE;
344 }
345
sctp_transport_pl_toobig(struct sctp_transport * t,u32 pmtu)346 static bool sctp_transport_pl_toobig(struct sctp_transport *t, u32 pmtu)
347 {
348 pr_debug("%s: PLPMTUD: transport: %p, state: %d, pmtu: %d, size: %d, ptb: %d\n",
349 __func__, t, t->pl.state, t->pl.pmtu, t->pl.probe_size, pmtu);
350
351 if (pmtu < SCTP_MIN_PLPMTU || pmtu >= t->pl.probe_size)
352 return false;
353
354 if (t->pl.state == SCTP_PL_BASE) {
355 if (pmtu >= SCTP_MIN_PLPMTU && pmtu < SCTP_BASE_PLPMTU) {
356 t->pl.state = SCTP_PL_ERROR; /* Base -> Error */
357
358 t->pl.pmtu = SCTP_BASE_PLPMTU;
359 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
360 return true;
361 }
362 } else if (t->pl.state == SCTP_PL_SEARCH) {
363 if (pmtu >= SCTP_BASE_PLPMTU && pmtu < t->pl.pmtu) {
364 t->pl.state = SCTP_PL_BASE; /* Search -> Base */
365 t->pl.probe_size = SCTP_BASE_PLPMTU;
366 t->pl.probe_count = 0;
367
368 t->pl.probe_high = 0;
369 t->pl.pmtu = SCTP_BASE_PLPMTU;
370 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
371 return true;
372 } else if (pmtu > t->pl.pmtu && pmtu < t->pl.probe_size) {
373 t->pl.probe_size = pmtu;
374 t->pl.probe_count = 0;
375 }
376 } else if (t->pl.state == SCTP_PL_COMPLETE) {
377 if (pmtu >= SCTP_BASE_PLPMTU && pmtu < t->pl.pmtu) {
378 t->pl.state = SCTP_PL_BASE; /* Complete -> Base */
379 t->pl.probe_size = SCTP_BASE_PLPMTU;
380 t->pl.probe_count = 0;
381
382 t->pl.probe_high = 0;
383 t->pl.pmtu = SCTP_BASE_PLPMTU;
384 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
385 sctp_transport_reset_probe_timer(t);
386 return true;
387 }
388 }
389
390 return false;
391 }
392
sctp_transport_update_pmtu(struct sctp_transport * t,u32 pmtu)393 bool sctp_transport_update_pmtu(struct sctp_transport *t, u32 pmtu)
394 {
395 struct sock *sk = t->asoc->base.sk;
396 struct dst_entry *dst;
397 bool change = true;
398
399 if (unlikely(pmtu < SCTP_DEFAULT_MINSEGMENT)) {
400 pr_warn_ratelimited("%s: Reported pmtu %d too low, using default minimum of %d\n",
401 __func__, pmtu, SCTP_DEFAULT_MINSEGMENT);
402 /* Use default minimum segment instead */
403 pmtu = SCTP_DEFAULT_MINSEGMENT;
404 }
405 pmtu = SCTP_TRUNC4(pmtu);
406
407 if (sctp_transport_pl_enabled(t))
408 return sctp_transport_pl_toobig(t, pmtu - sctp_transport_pl_hlen(t));
409
410 dst = sctp_transport_dst_check(t);
411 if (dst) {
412 struct sctp_pf *pf = sctp_get_pf_specific(dst->ops->family);
413 union sctp_addr addr;
414
415 pf->af->from_sk(&addr, sk);
416 pf->to_sk_daddr(&t->ipaddr, sk);
417 dst->ops->update_pmtu(dst, sk, NULL, pmtu, true);
418 pf->to_sk_daddr(&addr, sk);
419
420 dst = sctp_transport_dst_check(t);
421 }
422
423 if (!dst) {
424 t->af_specific->get_dst(t, &t->saddr, &t->fl, sk);
425 dst = t->dst;
426 }
427
428 if (dst) {
429 /* Re-fetch, as under layers may have a higher minimum size */
430 pmtu = sctp_dst_mtu(dst);
431 change = t->pathmtu != pmtu;
432 }
433 t->pathmtu = pmtu;
434
435 return change;
436 }
437
438 /* Caches the dst entry and source address for a transport's destination
439 * address.
440 */
sctp_transport_route(struct sctp_transport * transport,union sctp_addr * saddr,struct sctp_sock * opt)441 void sctp_transport_route(struct sctp_transport *transport,
442 union sctp_addr *saddr, struct sctp_sock *opt)
443 {
444 struct sctp_association *asoc = transport->asoc;
445 struct sctp_af *af = transport->af_specific;
446
447 sctp_transport_dst_release(transport);
448 af->get_dst(transport, saddr, &transport->fl, sctp_opt2sk(opt));
449
450 if (saddr)
451 memcpy(&transport->saddr, saddr, sizeof(union sctp_addr));
452 else
453 af->get_saddr(opt, transport, &transport->fl);
454
455 sctp_transport_pmtu(transport, sctp_opt2sk(opt));
456
457 /* Initialize sk->sk_rcv_saddr, if the transport is the
458 * association's active path for getsockname().
459 */
460 if (transport->dst && asoc &&
461 (!asoc->peer.primary_path || transport == asoc->peer.active_path))
462 opt->pf->to_sk_saddr(&transport->saddr, asoc->base.sk);
463 }
464
465 /* Hold a reference to a transport. */
sctp_transport_hold(struct sctp_transport * transport)466 int sctp_transport_hold(struct sctp_transport *transport)
467 {
468 return refcount_inc_not_zero(&transport->refcnt);
469 }
470
471 /* Release a reference to a transport and clean up
472 * if there are no more references.
473 */
sctp_transport_put(struct sctp_transport * transport)474 void sctp_transport_put(struct sctp_transport *transport)
475 {
476 if (refcount_dec_and_test(&transport->refcnt))
477 sctp_transport_destroy(transport);
478 }
479
480 /* Update transport's RTO based on the newly calculated RTT. */
sctp_transport_update_rto(struct sctp_transport * tp,__u32 rtt)481 void sctp_transport_update_rto(struct sctp_transport *tp, __u32 rtt)
482 {
483 if (unlikely(!tp->rto_pending))
484 /* We should not be doing any RTO updates unless rto_pending is set. */
485 pr_debug("%s: rto_pending not set on transport %p!\n", __func__, tp);
486
487 if (tp->rttvar || tp->srtt) {
488 struct net *net = tp->asoc->base.net;
489 unsigned int rto_beta, rto_alpha;
490 /* 6.3.1 C3) When a new RTT measurement R' is made, set
491 * RTTVAR <- (1 - RTO.Beta) * RTTVAR + RTO.Beta * |SRTT - R'|
492 * SRTT <- (1 - RTO.Alpha) * SRTT + RTO.Alpha * R'
493 */
494
495 /* Note: The above algorithm has been rewritten to
496 * express rto_beta and rto_alpha as inverse powers
497 * of two.
498 * For example, assuming the default value of RTO.Alpha of
499 * 1/8, rto_alpha would be expressed as 3.
500 */
501 rto_beta = READ_ONCE(net->sctp.rto_beta);
502 if (rto_beta < 32)
503 tp->rttvar = tp->rttvar - (tp->rttvar >> rto_beta)
504 + (((__u32)abs((__s64)tp->srtt - (__s64)rtt)) >> rto_beta);
505 rto_alpha = READ_ONCE(net->sctp.rto_alpha);
506 if (rto_alpha < 32)
507 tp->srtt = tp->srtt - (tp->srtt >> rto_alpha)
508 + (rtt >> rto_alpha);
509 } else {
510 /* 6.3.1 C2) When the first RTT measurement R is made, set
511 * SRTT <- R, RTTVAR <- R/2.
512 */
513 tp->srtt = rtt;
514 tp->rttvar = rtt >> 1;
515 }
516
517 /* 6.3.1 G1) Whenever RTTVAR is computed, if RTTVAR = 0, then
518 * adjust RTTVAR <- G, where G is the CLOCK GRANULARITY.
519 */
520 if (tp->rttvar == 0)
521 tp->rttvar = SCTP_CLOCK_GRANULARITY;
522
523 /* 6.3.1 C3) After the computation, update RTO <- SRTT + 4 * RTTVAR. */
524 tp->rto = tp->srtt + (tp->rttvar << 2);
525
526 /* 6.3.1 C6) Whenever RTO is computed, if it is less than RTO.Min
527 * seconds then it is rounded up to RTO.Min seconds.
528 */
529 if (tp->rto < tp->asoc->rto_min)
530 tp->rto = tp->asoc->rto_min;
531
532 /* 6.3.1 C7) A maximum value may be placed on RTO provided it is
533 * at least RTO.max seconds.
534 */
535 if (tp->rto > tp->asoc->rto_max)
536 tp->rto = tp->asoc->rto_max;
537
538 sctp_max_rto(tp->asoc, tp);
539 tp->rtt = rtt;
540
541 /* Reset rto_pending so that a new RTT measurement is started when a
542 * new data chunk is sent.
543 */
544 tp->rto_pending = 0;
545
546 pr_debug("%s: transport:%p, rtt:%d, srtt:%d rttvar:%d, rto:%ld\n",
547 __func__, tp, rtt, tp->srtt, tp->rttvar, tp->rto);
548 }
549
550 /* This routine updates the transport's cwnd and partial_bytes_acked
551 * parameters based on the bytes acked in the received SACK.
552 */
sctp_transport_raise_cwnd(struct sctp_transport * transport,__u32 sack_ctsn,__u32 bytes_acked)553 void sctp_transport_raise_cwnd(struct sctp_transport *transport,
554 __u32 sack_ctsn, __u32 bytes_acked)
555 {
556 struct sctp_association *asoc = transport->asoc;
557 __u32 cwnd, ssthresh, flight_size, pba, pmtu;
558
559 cwnd = transport->cwnd;
560 flight_size = transport->flight_size;
561
562 /* See if we need to exit Fast Recovery first */
563 if (asoc->fast_recovery &&
564 TSN_lte(asoc->fast_recovery_exit, sack_ctsn))
565 asoc->fast_recovery = 0;
566
567 ssthresh = transport->ssthresh;
568 pba = transport->partial_bytes_acked;
569 pmtu = transport->asoc->pathmtu;
570
571 if (cwnd <= ssthresh) {
572 /* RFC 4960 7.2.1
573 * o When cwnd is less than or equal to ssthresh, an SCTP
574 * endpoint MUST use the slow-start algorithm to increase
575 * cwnd only if the current congestion window is being fully
576 * utilized, an incoming SACK advances the Cumulative TSN
577 * Ack Point, and the data sender is not in Fast Recovery.
578 * Only when these three conditions are met can the cwnd be
579 * increased; otherwise, the cwnd MUST not be increased.
580 * If these conditions are met, then cwnd MUST be increased
581 * by, at most, the lesser of 1) the total size of the
582 * previously outstanding DATA chunk(s) acknowledged, and
583 * 2) the destination's path MTU. This upper bound protects
584 * against the ACK-Splitting attack outlined in [SAVAGE99].
585 */
586 if (asoc->fast_recovery)
587 return;
588
589 /* The appropriate cwnd increase algorithm is performed
590 * if, and only if the congestion window is being fully
591 * utilized. Note that RFC4960 Errata 3.22 removed the
592 * other condition on ctsn moving.
593 */
594 if (flight_size < cwnd)
595 return;
596
597 if (bytes_acked > pmtu)
598 cwnd += pmtu;
599 else
600 cwnd += bytes_acked;
601
602 pr_debug("%s: slow start: transport:%p, bytes_acked:%d, "
603 "cwnd:%d, ssthresh:%d, flight_size:%d, pba:%d\n",
604 __func__, transport, bytes_acked, cwnd, ssthresh,
605 flight_size, pba);
606 } else {
607 /* RFC 2960 7.2.2 Whenever cwnd is greater than ssthresh,
608 * upon each SACK arrival, increase partial_bytes_acked
609 * by the total number of bytes of all new chunks
610 * acknowledged in that SACK including chunks
611 * acknowledged by the new Cumulative TSN Ack and by Gap
612 * Ack Blocks. (updated by RFC4960 Errata 3.22)
613 *
614 * When partial_bytes_acked is greater than cwnd and
615 * before the arrival of the SACK the sender had less
616 * bytes of data outstanding than cwnd (i.e., before
617 * arrival of the SACK, flightsize was less than cwnd),
618 * reset partial_bytes_acked to cwnd. (RFC 4960 Errata
619 * 3.26)
620 *
621 * When partial_bytes_acked is equal to or greater than
622 * cwnd and before the arrival of the SACK the sender
623 * had cwnd or more bytes of data outstanding (i.e.,
624 * before arrival of the SACK, flightsize was greater
625 * than or equal to cwnd), partial_bytes_acked is reset
626 * to (partial_bytes_acked - cwnd). Next, cwnd is
627 * increased by MTU. (RFC 4960 Errata 3.12)
628 */
629 pba += bytes_acked;
630 if (pba > cwnd && flight_size < cwnd)
631 pba = cwnd;
632 if (pba >= cwnd && flight_size >= cwnd) {
633 pba = pba - cwnd;
634 cwnd += pmtu;
635 }
636
637 pr_debug("%s: congestion avoidance: transport:%p, "
638 "bytes_acked:%d, cwnd:%d, ssthresh:%d, "
639 "flight_size:%d, pba:%d\n", __func__,
640 transport, bytes_acked, cwnd, ssthresh,
641 flight_size, pba);
642 }
643
644 transport->cwnd = cwnd;
645 transport->partial_bytes_acked = pba;
646 }
647
648 /* This routine is used to lower the transport's cwnd when congestion is
649 * detected.
650 */
sctp_transport_lower_cwnd(struct sctp_transport * transport,enum sctp_lower_cwnd reason)651 void sctp_transport_lower_cwnd(struct sctp_transport *transport,
652 enum sctp_lower_cwnd reason)
653 {
654 struct sctp_association *asoc = transport->asoc;
655
656 switch (reason) {
657 case SCTP_LOWER_CWND_T3_RTX:
658 /* RFC 2960 Section 7.2.3, sctpimpguide
659 * When the T3-rtx timer expires on an address, SCTP should
660 * perform slow start by:
661 * ssthresh = max(cwnd/2, 4*MTU)
662 * cwnd = 1*MTU
663 * partial_bytes_acked = 0
664 */
665 transport->ssthresh = max(transport->cwnd/2,
666 4*asoc->pathmtu);
667 transport->cwnd = asoc->pathmtu;
668
669 /* T3-rtx also clears fast recovery */
670 asoc->fast_recovery = 0;
671 break;
672
673 case SCTP_LOWER_CWND_FAST_RTX:
674 /* RFC 2960 7.2.4 Adjust the ssthresh and cwnd of the
675 * destination address(es) to which the missing DATA chunks
676 * were last sent, according to the formula described in
677 * Section 7.2.3.
678 *
679 * RFC 2960 7.2.3, sctpimpguide Upon detection of packet
680 * losses from SACK (see Section 7.2.4), An endpoint
681 * should do the following:
682 * ssthresh = max(cwnd/2, 4*MTU)
683 * cwnd = ssthresh
684 * partial_bytes_acked = 0
685 */
686 if (asoc->fast_recovery)
687 return;
688
689 /* Mark Fast recovery */
690 asoc->fast_recovery = 1;
691 asoc->fast_recovery_exit = asoc->next_tsn - 1;
692
693 transport->ssthresh = max(transport->cwnd/2,
694 4*asoc->pathmtu);
695 transport->cwnd = transport->ssthresh;
696 break;
697
698 case SCTP_LOWER_CWND_ECNE:
699 /* RFC 2481 Section 6.1.2.
700 * If the sender receives an ECN-Echo ACK packet
701 * then the sender knows that congestion was encountered in the
702 * network on the path from the sender to the receiver. The
703 * indication of congestion should be treated just as a
704 * congestion loss in non-ECN Capable TCP. That is, the TCP
705 * source halves the congestion window "cwnd" and reduces the
706 * slow start threshold "ssthresh".
707 * A critical condition is that TCP does not react to
708 * congestion indications more than once every window of
709 * data (or more loosely more than once every round-trip time).
710 */
711 if (time_after(jiffies, transport->last_time_ecne_reduced +
712 transport->rtt)) {
713 transport->ssthresh = max(transport->cwnd/2,
714 4*asoc->pathmtu);
715 transport->cwnd = transport->ssthresh;
716 transport->last_time_ecne_reduced = jiffies;
717 }
718 break;
719
720 case SCTP_LOWER_CWND_INACTIVE:
721 /* RFC 2960 Section 7.2.1, sctpimpguide
722 * When the endpoint does not transmit data on a given
723 * transport address, the cwnd of the transport address
724 * should be adjusted to max(cwnd/2, 4*MTU) per RTO.
725 * NOTE: Although the draft recommends that this check needs
726 * to be done every RTO interval, we do it every hearbeat
727 * interval.
728 */
729 transport->cwnd = max(transport->cwnd/2,
730 4*asoc->pathmtu);
731 /* RFC 4960 Errata 3.27.2: also adjust sshthresh */
732 transport->ssthresh = transport->cwnd;
733 break;
734 }
735
736 transport->partial_bytes_acked = 0;
737
738 pr_debug("%s: transport:%p, reason:%d, cwnd:%d, ssthresh:%d\n",
739 __func__, transport, reason, transport->cwnd,
740 transport->ssthresh);
741 }
742
743 /* Apply Max.Burst limit to the congestion window:
744 * sctpimpguide-05 2.14.2
745 * D) When the time comes for the sender to
746 * transmit new DATA chunks, the protocol parameter Max.Burst MUST
747 * first be applied to limit how many new DATA chunks may be sent.
748 * The limit is applied by adjusting cwnd as follows:
749 * if ((flightsize+ Max.Burst * MTU) < cwnd)
750 * cwnd = flightsize + Max.Burst * MTU
751 */
752
sctp_transport_burst_limited(struct sctp_transport * t)753 void sctp_transport_burst_limited(struct sctp_transport *t)
754 {
755 struct sctp_association *asoc = t->asoc;
756 u32 old_cwnd = t->cwnd;
757 u32 max_burst_bytes;
758
759 if (t->burst_limited || asoc->max_burst == 0)
760 return;
761
762 max_burst_bytes = t->flight_size + (asoc->max_burst * asoc->pathmtu);
763 if (max_burst_bytes < old_cwnd) {
764 t->cwnd = max_burst_bytes;
765 t->burst_limited = old_cwnd;
766 }
767 }
768
769 /* Restore the old cwnd congestion window, after the burst had it's
770 * desired effect.
771 */
sctp_transport_burst_reset(struct sctp_transport * t)772 void sctp_transport_burst_reset(struct sctp_transport *t)
773 {
774 if (t->burst_limited) {
775 t->cwnd = t->burst_limited;
776 t->burst_limited = 0;
777 }
778 }
779
780 /* What is the next timeout value for this transport? */
sctp_transport_timeout(struct sctp_transport * trans)781 unsigned long sctp_transport_timeout(struct sctp_transport *trans)
782 {
783 /* RTO + timer slack +/- 50% of RTO */
784 unsigned long timeout = trans->rto >> 1;
785
786 if (trans->state != SCTP_UNCONFIRMED &&
787 trans->state != SCTP_PF)
788 timeout += trans->hbinterval;
789
790 return max_t(unsigned long, timeout, HZ / 5);
791 }
792
793 /* Reset transport variables to their initial values */
sctp_transport_reset(struct sctp_transport * t)794 void sctp_transport_reset(struct sctp_transport *t)
795 {
796 struct sctp_association *asoc = t->asoc;
797
798 /* RFC 2960 (bis), Section 5.2.4
799 * All the congestion control parameters (e.g., cwnd, ssthresh)
800 * related to this peer MUST be reset to their initial values
801 * (see Section 6.2.1)
802 */
803 t->cwnd = min(4*asoc->pathmtu, max_t(__u32, 2*asoc->pathmtu, 4380));
804 t->burst_limited = 0;
805 t->ssthresh = asoc->peer.i.a_rwnd;
806 t->rto = asoc->rto_initial;
807 sctp_max_rto(asoc, t);
808 t->rtt = 0;
809 t->srtt = 0;
810 t->rttvar = 0;
811
812 /* Reset these additional variables so that we have a clean slate. */
813 t->partial_bytes_acked = 0;
814 t->flight_size = 0;
815 t->error_count = 0;
816 t->rto_pending = 0;
817 t->hb_sent = 0;
818
819 /* Initialize the state information for SFR-CACC */
820 t->cacc.changeover_active = 0;
821 t->cacc.cycling_changeover = 0;
822 t->cacc.next_tsn_at_change = 0;
823 t->cacc.cacc_saw_newack = 0;
824 }
825
826 /* Schedule retransmission on the given transport */
sctp_transport_immediate_rtx(struct sctp_transport * t)827 void sctp_transport_immediate_rtx(struct sctp_transport *t)
828 {
829 /* Stop pending T3_rtx_timer */
830 if (timer_delete(&t->T3_rtx_timer))
831 sctp_transport_put(t);
832
833 sctp_retransmit(&t->asoc->outqueue, t, SCTP_RTXR_T3_RTX);
834 if (!timer_pending(&t->T3_rtx_timer)) {
835 if (!mod_timer(&t->T3_rtx_timer, jiffies + t->rto))
836 sctp_transport_hold(t);
837 }
838 }
839
840 /* Drop dst */
sctp_transport_dst_release(struct sctp_transport * t)841 void sctp_transport_dst_release(struct sctp_transport *t)
842 {
843 dst_release(t->dst);
844 t->dst = NULL;
845 t->dst_pending_confirm = 0;
846 }
847
848 /* Schedule neighbour confirm */
sctp_transport_dst_confirm(struct sctp_transport * t)849 void sctp_transport_dst_confirm(struct sctp_transport *t)
850 {
851 t->dst_pending_confirm = 1;
852 }
853