1 /*- 2 * Copyright (c) 2001-2007, Cisco Systems, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * a) Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * b) Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the distribution. 13 * 14 * c) Neither the name of Cisco Systems, Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 20 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 28 * THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 /* $KAME: sctp_output.c,v 1.46 2005/03/06 16:04:17 itojun Exp $ */ 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 #include <netinet/sctp_os.h> 37 #include <sys/proc.h> 38 #include <netinet/sctp_var.h> 39 #include <netinet/sctp_sysctl.h> 40 #include <netinet/sctp_header.h> 41 #include <netinet/sctp_pcb.h> 42 #include <netinet/sctputil.h> 43 #include <netinet/sctp_output.h> 44 #include <netinet/sctp_uio.h> 45 #include <netinet/sctputil.h> 46 #include <netinet/sctp_auth.h> 47 #include <netinet/sctp_timer.h> 48 #include <netinet/sctp_asconf.h> 49 #include <netinet/sctp_indata.h> 50 #include <netinet/sctp_bsd_addr.h> 51 52 53 54 #define SCTP_MAX_GAPS_INARRAY 4 55 struct sack_track { 56 uint8_t right_edge; /* mergable on the right edge */ 57 uint8_t left_edge; /* mergable on the left edge */ 58 uint8_t num_entries; 59 uint8_t spare; 60 struct sctp_gap_ack_block gaps[SCTP_MAX_GAPS_INARRAY]; 61 }; 62 63 struct sack_track sack_array[256] = { 64 {0, 0, 0, 0, /* 0x00 */ 65 {{0, 0}, 66 {0, 0}, 67 {0, 0}, 68 {0, 0} 69 } 70 }, 71 {1, 0, 1, 0, /* 0x01 */ 72 {{0, 0}, 73 {0, 0}, 74 {0, 0}, 75 {0, 0} 76 } 77 }, 78 {0, 0, 1, 0, /* 0x02 */ 79 {{1, 1}, 80 {0, 0}, 81 {0, 0}, 82 {0, 0} 83 } 84 }, 85 {1, 0, 1, 0, /* 0x03 */ 86 {{0, 1}, 87 {0, 0}, 88 {0, 0}, 89 {0, 0} 90 } 91 }, 92 {0, 0, 1, 0, /* 0x04 */ 93 {{2, 2}, 94 {0, 0}, 95 {0, 0}, 96 {0, 0} 97 } 98 }, 99 {1, 0, 2, 0, /* 0x05 */ 100 {{0, 0}, 101 {2, 2}, 102 {0, 0}, 103 {0, 0} 104 } 105 }, 106 {0, 0, 1, 0, /* 0x06 */ 107 {{1, 2}, 108 {0, 0}, 109 {0, 0}, 110 {0, 0} 111 } 112 }, 113 {1, 0, 1, 0, /* 0x07 */ 114 {{0, 2}, 115 {0, 0}, 116 {0, 0}, 117 {0, 0} 118 } 119 }, 120 {0, 0, 1, 0, /* 0x08 */ 121 {{3, 3}, 122 {0, 0}, 123 {0, 0}, 124 {0, 0} 125 } 126 }, 127 {1, 0, 2, 0, /* 0x09 */ 128 {{0, 0}, 129 {3, 3}, 130 {0, 0}, 131 {0, 0} 132 } 133 }, 134 {0, 0, 2, 0, /* 0x0a */ 135 {{1, 1}, 136 {3, 3}, 137 {0, 0}, 138 {0, 0} 139 } 140 }, 141 {1, 0, 2, 0, /* 0x0b */ 142 {{0, 1}, 143 {3, 3}, 144 {0, 0}, 145 {0, 0} 146 } 147 }, 148 {0, 0, 1, 0, /* 0x0c */ 149 {{2, 3}, 150 {0, 0}, 151 {0, 0}, 152 {0, 0} 153 } 154 }, 155 {1, 0, 2, 0, /* 0x0d */ 156 {{0, 0}, 157 {2, 3}, 158 {0, 0}, 159 {0, 0} 160 } 161 }, 162 {0, 0, 1, 0, /* 0x0e */ 163 {{1, 3}, 164 {0, 0}, 165 {0, 0}, 166 {0, 0} 167 } 168 }, 169 {1, 0, 1, 0, /* 0x0f */ 170 {{0, 3}, 171 {0, 0}, 172 {0, 0}, 173 {0, 0} 174 } 175 }, 176 {0, 0, 1, 0, /* 0x10 */ 177 {{4, 4}, 178 {0, 0}, 179 {0, 0}, 180 {0, 0} 181 } 182 }, 183 {1, 0, 2, 0, /* 0x11 */ 184 {{0, 0}, 185 {4, 4}, 186 {0, 0}, 187 {0, 0} 188 } 189 }, 190 {0, 0, 2, 0, /* 0x12 */ 191 {{1, 1}, 192 {4, 4}, 193 {0, 0}, 194 {0, 0} 195 } 196 }, 197 {1, 0, 2, 0, /* 0x13 */ 198 {{0, 1}, 199 {4, 4}, 200 {0, 0}, 201 {0, 0} 202 } 203 }, 204 {0, 0, 2, 0, /* 0x14 */ 205 {{2, 2}, 206 {4, 4}, 207 {0, 0}, 208 {0, 0} 209 } 210 }, 211 {1, 0, 3, 0, /* 0x15 */ 212 {{0, 0}, 213 {2, 2}, 214 {4, 4}, 215 {0, 0} 216 } 217 }, 218 {0, 0, 2, 0, /* 0x16 */ 219 {{1, 2}, 220 {4, 4}, 221 {0, 0}, 222 {0, 0} 223 } 224 }, 225 {1, 0, 2, 0, /* 0x17 */ 226 {{0, 2}, 227 {4, 4}, 228 {0, 0}, 229 {0, 0} 230 } 231 }, 232 {0, 0, 1, 0, /* 0x18 */ 233 {{3, 4}, 234 {0, 0}, 235 {0, 0}, 236 {0, 0} 237 } 238 }, 239 {1, 0, 2, 0, /* 0x19 */ 240 {{0, 0}, 241 {3, 4}, 242 {0, 0}, 243 {0, 0} 244 } 245 }, 246 {0, 0, 2, 0, /* 0x1a */ 247 {{1, 1}, 248 {3, 4}, 249 {0, 0}, 250 {0, 0} 251 } 252 }, 253 {1, 0, 2, 0, /* 0x1b */ 254 {{0, 1}, 255 {3, 4}, 256 {0, 0}, 257 {0, 0} 258 } 259 }, 260 {0, 0, 1, 0, /* 0x1c */ 261 {{2, 4}, 262 {0, 0}, 263 {0, 0}, 264 {0, 0} 265 } 266 }, 267 {1, 0, 2, 0, /* 0x1d */ 268 {{0, 0}, 269 {2, 4}, 270 {0, 0}, 271 {0, 0} 272 } 273 }, 274 {0, 0, 1, 0, /* 0x1e */ 275 {{1, 4}, 276 {0, 0}, 277 {0, 0}, 278 {0, 0} 279 } 280 }, 281 {1, 0, 1, 0, /* 0x1f */ 282 {{0, 4}, 283 {0, 0}, 284 {0, 0}, 285 {0, 0} 286 } 287 }, 288 {0, 0, 1, 0, /* 0x20 */ 289 {{5, 5}, 290 {0, 0}, 291 {0, 0}, 292 {0, 0} 293 } 294 }, 295 {1, 0, 2, 0, /* 0x21 */ 296 {{0, 0}, 297 {5, 5}, 298 {0, 0}, 299 {0, 0} 300 } 301 }, 302 {0, 0, 2, 0, /* 0x22 */ 303 {{1, 1}, 304 {5, 5}, 305 {0, 0}, 306 {0, 0} 307 } 308 }, 309 {1, 0, 2, 0, /* 0x23 */ 310 {{0, 1}, 311 {5, 5}, 312 {0, 0}, 313 {0, 0} 314 } 315 }, 316 {0, 0, 2, 0, /* 0x24 */ 317 {{2, 2}, 318 {5, 5}, 319 {0, 0}, 320 {0, 0} 321 } 322 }, 323 {1, 0, 3, 0, /* 0x25 */ 324 {{0, 0}, 325 {2, 2}, 326 {5, 5}, 327 {0, 0} 328 } 329 }, 330 {0, 0, 2, 0, /* 0x26 */ 331 {{1, 2}, 332 {5, 5}, 333 {0, 0}, 334 {0, 0} 335 } 336 }, 337 {1, 0, 2, 0, /* 0x27 */ 338 {{0, 2}, 339 {5, 5}, 340 {0, 0}, 341 {0, 0} 342 } 343 }, 344 {0, 0, 2, 0, /* 0x28 */ 345 {{3, 3}, 346 {5, 5}, 347 {0, 0}, 348 {0, 0} 349 } 350 }, 351 {1, 0, 3, 0, /* 0x29 */ 352 {{0, 0}, 353 {3, 3}, 354 {5, 5}, 355 {0, 0} 356 } 357 }, 358 {0, 0, 3, 0, /* 0x2a */ 359 {{1, 1}, 360 {3, 3}, 361 {5, 5}, 362 {0, 0} 363 } 364 }, 365 {1, 0, 3, 0, /* 0x2b */ 366 {{0, 1}, 367 {3, 3}, 368 {5, 5}, 369 {0, 0} 370 } 371 }, 372 {0, 0, 2, 0, /* 0x2c */ 373 {{2, 3}, 374 {5, 5}, 375 {0, 0}, 376 {0, 0} 377 } 378 }, 379 {1, 0, 3, 0, /* 0x2d */ 380 {{0, 0}, 381 {2, 3}, 382 {5, 5}, 383 {0, 0} 384 } 385 }, 386 {0, 0, 2, 0, /* 0x2e */ 387 {{1, 3}, 388 {5, 5}, 389 {0, 0}, 390 {0, 0} 391 } 392 }, 393 {1, 0, 2, 0, /* 0x2f */ 394 {{0, 3}, 395 {5, 5}, 396 {0, 0}, 397 {0, 0} 398 } 399 }, 400 {0, 0, 1, 0, /* 0x30 */ 401 {{4, 5}, 402 {0, 0}, 403 {0, 0}, 404 {0, 0} 405 } 406 }, 407 {1, 0, 2, 0, /* 0x31 */ 408 {{0, 0}, 409 {4, 5}, 410 {0, 0}, 411 {0, 0} 412 } 413 }, 414 {0, 0, 2, 0, /* 0x32 */ 415 {{1, 1}, 416 {4, 5}, 417 {0, 0}, 418 {0, 0} 419 } 420 }, 421 {1, 0, 2, 0, /* 0x33 */ 422 {{0, 1}, 423 {4, 5}, 424 {0, 0}, 425 {0, 0} 426 } 427 }, 428 {0, 0, 2, 0, /* 0x34 */ 429 {{2, 2}, 430 {4, 5}, 431 {0, 0}, 432 {0, 0} 433 } 434 }, 435 {1, 0, 3, 0, /* 0x35 */ 436 {{0, 0}, 437 {2, 2}, 438 {4, 5}, 439 {0, 0} 440 } 441 }, 442 {0, 0, 2, 0, /* 0x36 */ 443 {{1, 2}, 444 {4, 5}, 445 {0, 0}, 446 {0, 0} 447 } 448 }, 449 {1, 0, 2, 0, /* 0x37 */ 450 {{0, 2}, 451 {4, 5}, 452 {0, 0}, 453 {0, 0} 454 } 455 }, 456 {0, 0, 1, 0, /* 0x38 */ 457 {{3, 5}, 458 {0, 0}, 459 {0, 0}, 460 {0, 0} 461 } 462 }, 463 {1, 0, 2, 0, /* 0x39 */ 464 {{0, 0}, 465 {3, 5}, 466 {0, 0}, 467 {0, 0} 468 } 469 }, 470 {0, 0, 2, 0, /* 0x3a */ 471 {{1, 1}, 472 {3, 5}, 473 {0, 0}, 474 {0, 0} 475 } 476 }, 477 {1, 0, 2, 0, /* 0x3b */ 478 {{0, 1}, 479 {3, 5}, 480 {0, 0}, 481 {0, 0} 482 } 483 }, 484 {0, 0, 1, 0, /* 0x3c */ 485 {{2, 5}, 486 {0, 0}, 487 {0, 0}, 488 {0, 0} 489 } 490 }, 491 {1, 0, 2, 0, /* 0x3d */ 492 {{0, 0}, 493 {2, 5}, 494 {0, 0}, 495 {0, 0} 496 } 497 }, 498 {0, 0, 1, 0, /* 0x3e */ 499 {{1, 5}, 500 {0, 0}, 501 {0, 0}, 502 {0, 0} 503 } 504 }, 505 {1, 0, 1, 0, /* 0x3f */ 506 {{0, 5}, 507 {0, 0}, 508 {0, 0}, 509 {0, 0} 510 } 511 }, 512 {0, 0, 1, 0, /* 0x40 */ 513 {{6, 6}, 514 {0, 0}, 515 {0, 0}, 516 {0, 0} 517 } 518 }, 519 {1, 0, 2, 0, /* 0x41 */ 520 {{0, 0}, 521 {6, 6}, 522 {0, 0}, 523 {0, 0} 524 } 525 }, 526 {0, 0, 2, 0, /* 0x42 */ 527 {{1, 1}, 528 {6, 6}, 529 {0, 0}, 530 {0, 0} 531 } 532 }, 533 {1, 0, 2, 0, /* 0x43 */ 534 {{0, 1}, 535 {6, 6}, 536 {0, 0}, 537 {0, 0} 538 } 539 }, 540 {0, 0, 2, 0, /* 0x44 */ 541 {{2, 2}, 542 {6, 6}, 543 {0, 0}, 544 {0, 0} 545 } 546 }, 547 {1, 0, 3, 0, /* 0x45 */ 548 {{0, 0}, 549 {2, 2}, 550 {6, 6}, 551 {0, 0} 552 } 553 }, 554 {0, 0, 2, 0, /* 0x46 */ 555 {{1, 2}, 556 {6, 6}, 557 {0, 0}, 558 {0, 0} 559 } 560 }, 561 {1, 0, 2, 0, /* 0x47 */ 562 {{0, 2}, 563 {6, 6}, 564 {0, 0}, 565 {0, 0} 566 } 567 }, 568 {0, 0, 2, 0, /* 0x48 */ 569 {{3, 3}, 570 {6, 6}, 571 {0, 0}, 572 {0, 0} 573 } 574 }, 575 {1, 0, 3, 0, /* 0x49 */ 576 {{0, 0}, 577 {3, 3}, 578 {6, 6}, 579 {0, 0} 580 } 581 }, 582 {0, 0, 3, 0, /* 0x4a */ 583 {{1, 1}, 584 {3, 3}, 585 {6, 6}, 586 {0, 0} 587 } 588 }, 589 {1, 0, 3, 0, /* 0x4b */ 590 {{0, 1}, 591 {3, 3}, 592 {6, 6}, 593 {0, 0} 594 } 595 }, 596 {0, 0, 2, 0, /* 0x4c */ 597 {{2, 3}, 598 {6, 6}, 599 {0, 0}, 600 {0, 0} 601 } 602 }, 603 {1, 0, 3, 0, /* 0x4d */ 604 {{0, 0}, 605 {2, 3}, 606 {6, 6}, 607 {0, 0} 608 } 609 }, 610 {0, 0, 2, 0, /* 0x4e */ 611 {{1, 3}, 612 {6, 6}, 613 {0, 0}, 614 {0, 0} 615 } 616 }, 617 {1, 0, 2, 0, /* 0x4f */ 618 {{0, 3}, 619 {6, 6}, 620 {0, 0}, 621 {0, 0} 622 } 623 }, 624 {0, 0, 2, 0, /* 0x50 */ 625 {{4, 4}, 626 {6, 6}, 627 {0, 0}, 628 {0, 0} 629 } 630 }, 631 {1, 0, 3, 0, /* 0x51 */ 632 {{0, 0}, 633 {4, 4}, 634 {6, 6}, 635 {0, 0} 636 } 637 }, 638 {0, 0, 3, 0, /* 0x52 */ 639 {{1, 1}, 640 {4, 4}, 641 {6, 6}, 642 {0, 0} 643 } 644 }, 645 {1, 0, 3, 0, /* 0x53 */ 646 {{0, 1}, 647 {4, 4}, 648 {6, 6}, 649 {0, 0} 650 } 651 }, 652 {0, 0, 3, 0, /* 0x54 */ 653 {{2, 2}, 654 {4, 4}, 655 {6, 6}, 656 {0, 0} 657 } 658 }, 659 {1, 0, 4, 0, /* 0x55 */ 660 {{0, 0}, 661 {2, 2}, 662 {4, 4}, 663 {6, 6} 664 } 665 }, 666 {0, 0, 3, 0, /* 0x56 */ 667 {{1, 2}, 668 {4, 4}, 669 {6, 6}, 670 {0, 0} 671 } 672 }, 673 {1, 0, 3, 0, /* 0x57 */ 674 {{0, 2}, 675 {4, 4}, 676 {6, 6}, 677 {0, 0} 678 } 679 }, 680 {0, 0, 2, 0, /* 0x58 */ 681 {{3, 4}, 682 {6, 6}, 683 {0, 0}, 684 {0, 0} 685 } 686 }, 687 {1, 0, 3, 0, /* 0x59 */ 688 {{0, 0}, 689 {3, 4}, 690 {6, 6}, 691 {0, 0} 692 } 693 }, 694 {0, 0, 3, 0, /* 0x5a */ 695 {{1, 1}, 696 {3, 4}, 697 {6, 6}, 698 {0, 0} 699 } 700 }, 701 {1, 0, 3, 0, /* 0x5b */ 702 {{0, 1}, 703 {3, 4}, 704 {6, 6}, 705 {0, 0} 706 } 707 }, 708 {0, 0, 2, 0, /* 0x5c */ 709 {{2, 4}, 710 {6, 6}, 711 {0, 0}, 712 {0, 0} 713 } 714 }, 715 {1, 0, 3, 0, /* 0x5d */ 716 {{0, 0}, 717 {2, 4}, 718 {6, 6}, 719 {0, 0} 720 } 721 }, 722 {0, 0, 2, 0, /* 0x5e */ 723 {{1, 4}, 724 {6, 6}, 725 {0, 0}, 726 {0, 0} 727 } 728 }, 729 {1, 0, 2, 0, /* 0x5f */ 730 {{0, 4}, 731 {6, 6}, 732 {0, 0}, 733 {0, 0} 734 } 735 }, 736 {0, 0, 1, 0, /* 0x60 */ 737 {{5, 6}, 738 {0, 0}, 739 {0, 0}, 740 {0, 0} 741 } 742 }, 743 {1, 0, 2, 0, /* 0x61 */ 744 {{0, 0}, 745 {5, 6}, 746 {0, 0}, 747 {0, 0} 748 } 749 }, 750 {0, 0, 2, 0, /* 0x62 */ 751 {{1, 1}, 752 {5, 6}, 753 {0, 0}, 754 {0, 0} 755 } 756 }, 757 {1, 0, 2, 0, /* 0x63 */ 758 {{0, 1}, 759 {5, 6}, 760 {0, 0}, 761 {0, 0} 762 } 763 }, 764 {0, 0, 2, 0, /* 0x64 */ 765 {{2, 2}, 766 {5, 6}, 767 {0, 0}, 768 {0, 0} 769 } 770 }, 771 {1, 0, 3, 0, /* 0x65 */ 772 {{0, 0}, 773 {2, 2}, 774 {5, 6}, 775 {0, 0} 776 } 777 }, 778 {0, 0, 2, 0, /* 0x66 */ 779 {{1, 2}, 780 {5, 6}, 781 {0, 0}, 782 {0, 0} 783 } 784 }, 785 {1, 0, 2, 0, /* 0x67 */ 786 {{0, 2}, 787 {5, 6}, 788 {0, 0}, 789 {0, 0} 790 } 791 }, 792 {0, 0, 2, 0, /* 0x68 */ 793 {{3, 3}, 794 {5, 6}, 795 {0, 0}, 796 {0, 0} 797 } 798 }, 799 {1, 0, 3, 0, /* 0x69 */ 800 {{0, 0}, 801 {3, 3}, 802 {5, 6}, 803 {0, 0} 804 } 805 }, 806 {0, 0, 3, 0, /* 0x6a */ 807 {{1, 1}, 808 {3, 3}, 809 {5, 6}, 810 {0, 0} 811 } 812 }, 813 {1, 0, 3, 0, /* 0x6b */ 814 {{0, 1}, 815 {3, 3}, 816 {5, 6}, 817 {0, 0} 818 } 819 }, 820 {0, 0, 2, 0, /* 0x6c */ 821 {{2, 3}, 822 {5, 6}, 823 {0, 0}, 824 {0, 0} 825 } 826 }, 827 {1, 0, 3, 0, /* 0x6d */ 828 {{0, 0}, 829 {2, 3}, 830 {5, 6}, 831 {0, 0} 832 } 833 }, 834 {0, 0, 2, 0, /* 0x6e */ 835 {{1, 3}, 836 {5, 6}, 837 {0, 0}, 838 {0, 0} 839 } 840 }, 841 {1, 0, 2, 0, /* 0x6f */ 842 {{0, 3}, 843 {5, 6}, 844 {0, 0}, 845 {0, 0} 846 } 847 }, 848 {0, 0, 1, 0, /* 0x70 */ 849 {{4, 6}, 850 {0, 0}, 851 {0, 0}, 852 {0, 0} 853 } 854 }, 855 {1, 0, 2, 0, /* 0x71 */ 856 {{0, 0}, 857 {4, 6}, 858 {0, 0}, 859 {0, 0} 860 } 861 }, 862 {0, 0, 2, 0, /* 0x72 */ 863 {{1, 1}, 864 {4, 6}, 865 {0, 0}, 866 {0, 0} 867 } 868 }, 869 {1, 0, 2, 0, /* 0x73 */ 870 {{0, 1}, 871 {4, 6}, 872 {0, 0}, 873 {0, 0} 874 } 875 }, 876 {0, 0, 2, 0, /* 0x74 */ 877 {{2, 2}, 878 {4, 6}, 879 {0, 0}, 880 {0, 0} 881 } 882 }, 883 {1, 0, 3, 0, /* 0x75 */ 884 {{0, 0}, 885 {2, 2}, 886 {4, 6}, 887 {0, 0} 888 } 889 }, 890 {0, 0, 2, 0, /* 0x76 */ 891 {{1, 2}, 892 {4, 6}, 893 {0, 0}, 894 {0, 0} 895 } 896 }, 897 {1, 0, 2, 0, /* 0x77 */ 898 {{0, 2}, 899 {4, 6}, 900 {0, 0}, 901 {0, 0} 902 } 903 }, 904 {0, 0, 1, 0, /* 0x78 */ 905 {{3, 6}, 906 {0, 0}, 907 {0, 0}, 908 {0, 0} 909 } 910 }, 911 {1, 0, 2, 0, /* 0x79 */ 912 {{0, 0}, 913 {3, 6}, 914 {0, 0}, 915 {0, 0} 916 } 917 }, 918 {0, 0, 2, 0, /* 0x7a */ 919 {{1, 1}, 920 {3, 6}, 921 {0, 0}, 922 {0, 0} 923 } 924 }, 925 {1, 0, 2, 0, /* 0x7b */ 926 {{0, 1}, 927 {3, 6}, 928 {0, 0}, 929 {0, 0} 930 } 931 }, 932 {0, 0, 1, 0, /* 0x7c */ 933 {{2, 6}, 934 {0, 0}, 935 {0, 0}, 936 {0, 0} 937 } 938 }, 939 {1, 0, 2, 0, /* 0x7d */ 940 {{0, 0}, 941 {2, 6}, 942 {0, 0}, 943 {0, 0} 944 } 945 }, 946 {0, 0, 1, 0, /* 0x7e */ 947 {{1, 6}, 948 {0, 0}, 949 {0, 0}, 950 {0, 0} 951 } 952 }, 953 {1, 0, 1, 0, /* 0x7f */ 954 {{0, 6}, 955 {0, 0}, 956 {0, 0}, 957 {0, 0} 958 } 959 }, 960 {0, 1, 1, 0, /* 0x80 */ 961 {{7, 7}, 962 {0, 0}, 963 {0, 0}, 964 {0, 0} 965 } 966 }, 967 {1, 1, 2, 0, /* 0x81 */ 968 {{0, 0}, 969 {7, 7}, 970 {0, 0}, 971 {0, 0} 972 } 973 }, 974 {0, 1, 2, 0, /* 0x82 */ 975 {{1, 1}, 976 {7, 7}, 977 {0, 0}, 978 {0, 0} 979 } 980 }, 981 {1, 1, 2, 0, /* 0x83 */ 982 {{0, 1}, 983 {7, 7}, 984 {0, 0}, 985 {0, 0} 986 } 987 }, 988 {0, 1, 2, 0, /* 0x84 */ 989 {{2, 2}, 990 {7, 7}, 991 {0, 0}, 992 {0, 0} 993 } 994 }, 995 {1, 1, 3, 0, /* 0x85 */ 996 {{0, 0}, 997 {2, 2}, 998 {7, 7}, 999 {0, 0} 1000 } 1001 }, 1002 {0, 1, 2, 0, /* 0x86 */ 1003 {{1, 2}, 1004 {7, 7}, 1005 {0, 0}, 1006 {0, 0} 1007 } 1008 }, 1009 {1, 1, 2, 0, /* 0x87 */ 1010 {{0, 2}, 1011 {7, 7}, 1012 {0, 0}, 1013 {0, 0} 1014 } 1015 }, 1016 {0, 1, 2, 0, /* 0x88 */ 1017 {{3, 3}, 1018 {7, 7}, 1019 {0, 0}, 1020 {0, 0} 1021 } 1022 }, 1023 {1, 1, 3, 0, /* 0x89 */ 1024 {{0, 0}, 1025 {3, 3}, 1026 {7, 7}, 1027 {0, 0} 1028 } 1029 }, 1030 {0, 1, 3, 0, /* 0x8a */ 1031 {{1, 1}, 1032 {3, 3}, 1033 {7, 7}, 1034 {0, 0} 1035 } 1036 }, 1037 {1, 1, 3, 0, /* 0x8b */ 1038 {{0, 1}, 1039 {3, 3}, 1040 {7, 7}, 1041 {0, 0} 1042 } 1043 }, 1044 {0, 1, 2, 0, /* 0x8c */ 1045 {{2, 3}, 1046 {7, 7}, 1047 {0, 0}, 1048 {0, 0} 1049 } 1050 }, 1051 {1, 1, 3, 0, /* 0x8d */ 1052 {{0, 0}, 1053 {2, 3}, 1054 {7, 7}, 1055 {0, 0} 1056 } 1057 }, 1058 {0, 1, 2, 0, /* 0x8e */ 1059 {{1, 3}, 1060 {7, 7}, 1061 {0, 0}, 1062 {0, 0} 1063 } 1064 }, 1065 {1, 1, 2, 0, /* 0x8f */ 1066 {{0, 3}, 1067 {7, 7}, 1068 {0, 0}, 1069 {0, 0} 1070 } 1071 }, 1072 {0, 1, 2, 0, /* 0x90 */ 1073 {{4, 4}, 1074 {7, 7}, 1075 {0, 0}, 1076 {0, 0} 1077 } 1078 }, 1079 {1, 1, 3, 0, /* 0x91 */ 1080 {{0, 0}, 1081 {4, 4}, 1082 {7, 7}, 1083 {0, 0} 1084 } 1085 }, 1086 {0, 1, 3, 0, /* 0x92 */ 1087 {{1, 1}, 1088 {4, 4}, 1089 {7, 7}, 1090 {0, 0} 1091 } 1092 }, 1093 {1, 1, 3, 0, /* 0x93 */ 1094 {{0, 1}, 1095 {4, 4}, 1096 {7, 7}, 1097 {0, 0} 1098 } 1099 }, 1100 {0, 1, 3, 0, /* 0x94 */ 1101 {{2, 2}, 1102 {4, 4}, 1103 {7, 7}, 1104 {0, 0} 1105 } 1106 }, 1107 {1, 1, 4, 0, /* 0x95 */ 1108 {{0, 0}, 1109 {2, 2}, 1110 {4, 4}, 1111 {7, 7} 1112 } 1113 }, 1114 {0, 1, 3, 0, /* 0x96 */ 1115 {{1, 2}, 1116 {4, 4}, 1117 {7, 7}, 1118 {0, 0} 1119 } 1120 }, 1121 {1, 1, 3, 0, /* 0x97 */ 1122 {{0, 2}, 1123 {4, 4}, 1124 {7, 7}, 1125 {0, 0} 1126 } 1127 }, 1128 {0, 1, 2, 0, /* 0x98 */ 1129 {{3, 4}, 1130 {7, 7}, 1131 {0, 0}, 1132 {0, 0} 1133 } 1134 }, 1135 {1, 1, 3, 0, /* 0x99 */ 1136 {{0, 0}, 1137 {3, 4}, 1138 {7, 7}, 1139 {0, 0} 1140 } 1141 }, 1142 {0, 1, 3, 0, /* 0x9a */ 1143 {{1, 1}, 1144 {3, 4}, 1145 {7, 7}, 1146 {0, 0} 1147 } 1148 }, 1149 {1, 1, 3, 0, /* 0x9b */ 1150 {{0, 1}, 1151 {3, 4}, 1152 {7, 7}, 1153 {0, 0} 1154 } 1155 }, 1156 {0, 1, 2, 0, /* 0x9c */ 1157 {{2, 4}, 1158 {7, 7}, 1159 {0, 0}, 1160 {0, 0} 1161 } 1162 }, 1163 {1, 1, 3, 0, /* 0x9d */ 1164 {{0, 0}, 1165 {2, 4}, 1166 {7, 7}, 1167 {0, 0} 1168 } 1169 }, 1170 {0, 1, 2, 0, /* 0x9e */ 1171 {{1, 4}, 1172 {7, 7}, 1173 {0, 0}, 1174 {0, 0} 1175 } 1176 }, 1177 {1, 1, 2, 0, /* 0x9f */ 1178 {{0, 4}, 1179 {7, 7}, 1180 {0, 0}, 1181 {0, 0} 1182 } 1183 }, 1184 {0, 1, 2, 0, /* 0xa0 */ 1185 {{5, 5}, 1186 {7, 7}, 1187 {0, 0}, 1188 {0, 0} 1189 } 1190 }, 1191 {1, 1, 3, 0, /* 0xa1 */ 1192 {{0, 0}, 1193 {5, 5}, 1194 {7, 7}, 1195 {0, 0} 1196 } 1197 }, 1198 {0, 1, 3, 0, /* 0xa2 */ 1199 {{1, 1}, 1200 {5, 5}, 1201 {7, 7}, 1202 {0, 0} 1203 } 1204 }, 1205 {1, 1, 3, 0, /* 0xa3 */ 1206 {{0, 1}, 1207 {5, 5}, 1208 {7, 7}, 1209 {0, 0} 1210 } 1211 }, 1212 {0, 1, 3, 0, /* 0xa4 */ 1213 {{2, 2}, 1214 {5, 5}, 1215 {7, 7}, 1216 {0, 0} 1217 } 1218 }, 1219 {1, 1, 4, 0, /* 0xa5 */ 1220 {{0, 0}, 1221 {2, 2}, 1222 {5, 5}, 1223 {7, 7} 1224 } 1225 }, 1226 {0, 1, 3, 0, /* 0xa6 */ 1227 {{1, 2}, 1228 {5, 5}, 1229 {7, 7}, 1230 {0, 0} 1231 } 1232 }, 1233 {1, 1, 3, 0, /* 0xa7 */ 1234 {{0, 2}, 1235 {5, 5}, 1236 {7, 7}, 1237 {0, 0} 1238 } 1239 }, 1240 {0, 1, 3, 0, /* 0xa8 */ 1241 {{3, 3}, 1242 {5, 5}, 1243 {7, 7}, 1244 {0, 0} 1245 } 1246 }, 1247 {1, 1, 4, 0, /* 0xa9 */ 1248 {{0, 0}, 1249 {3, 3}, 1250 {5, 5}, 1251 {7, 7} 1252 } 1253 }, 1254 {0, 1, 4, 0, /* 0xaa */ 1255 {{1, 1}, 1256 {3, 3}, 1257 {5, 5}, 1258 {7, 7} 1259 } 1260 }, 1261 {1, 1, 4, 0, /* 0xab */ 1262 {{0, 1}, 1263 {3, 3}, 1264 {5, 5}, 1265 {7, 7} 1266 } 1267 }, 1268 {0, 1, 3, 0, /* 0xac */ 1269 {{2, 3}, 1270 {5, 5}, 1271 {7, 7}, 1272 {0, 0} 1273 } 1274 }, 1275 {1, 1, 4, 0, /* 0xad */ 1276 {{0, 0}, 1277 {2, 3}, 1278 {5, 5}, 1279 {7, 7} 1280 } 1281 }, 1282 {0, 1, 3, 0, /* 0xae */ 1283 {{1, 3}, 1284 {5, 5}, 1285 {7, 7}, 1286 {0, 0} 1287 } 1288 }, 1289 {1, 1, 3, 0, /* 0xaf */ 1290 {{0, 3}, 1291 {5, 5}, 1292 {7, 7}, 1293 {0, 0} 1294 } 1295 }, 1296 {0, 1, 2, 0, /* 0xb0 */ 1297 {{4, 5}, 1298 {7, 7}, 1299 {0, 0}, 1300 {0, 0} 1301 } 1302 }, 1303 {1, 1, 3, 0, /* 0xb1 */ 1304 {{0, 0}, 1305 {4, 5}, 1306 {7, 7}, 1307 {0, 0} 1308 } 1309 }, 1310 {0, 1, 3, 0, /* 0xb2 */ 1311 {{1, 1}, 1312 {4, 5}, 1313 {7, 7}, 1314 {0, 0} 1315 } 1316 }, 1317 {1, 1, 3, 0, /* 0xb3 */ 1318 {{0, 1}, 1319 {4, 5}, 1320 {7, 7}, 1321 {0, 0} 1322 } 1323 }, 1324 {0, 1, 3, 0, /* 0xb4 */ 1325 {{2, 2}, 1326 {4, 5}, 1327 {7, 7}, 1328 {0, 0} 1329 } 1330 }, 1331 {1, 1, 4, 0, /* 0xb5 */ 1332 {{0, 0}, 1333 {2, 2}, 1334 {4, 5}, 1335 {7, 7} 1336 } 1337 }, 1338 {0, 1, 3, 0, /* 0xb6 */ 1339 {{1, 2}, 1340 {4, 5}, 1341 {7, 7}, 1342 {0, 0} 1343 } 1344 }, 1345 {1, 1, 3, 0, /* 0xb7 */ 1346 {{0, 2}, 1347 {4, 5}, 1348 {7, 7}, 1349 {0, 0} 1350 } 1351 }, 1352 {0, 1, 2, 0, /* 0xb8 */ 1353 {{3, 5}, 1354 {7, 7}, 1355 {0, 0}, 1356 {0, 0} 1357 } 1358 }, 1359 {1, 1, 3, 0, /* 0xb9 */ 1360 {{0, 0}, 1361 {3, 5}, 1362 {7, 7}, 1363 {0, 0} 1364 } 1365 }, 1366 {0, 1, 3, 0, /* 0xba */ 1367 {{1, 1}, 1368 {3, 5}, 1369 {7, 7}, 1370 {0, 0} 1371 } 1372 }, 1373 {1, 1, 3, 0, /* 0xbb */ 1374 {{0, 1}, 1375 {3, 5}, 1376 {7, 7}, 1377 {0, 0} 1378 } 1379 }, 1380 {0, 1, 2, 0, /* 0xbc */ 1381 {{2, 5}, 1382 {7, 7}, 1383 {0, 0}, 1384 {0, 0} 1385 } 1386 }, 1387 {1, 1, 3, 0, /* 0xbd */ 1388 {{0, 0}, 1389 {2, 5}, 1390 {7, 7}, 1391 {0, 0} 1392 } 1393 }, 1394 {0, 1, 2, 0, /* 0xbe */ 1395 {{1, 5}, 1396 {7, 7}, 1397 {0, 0}, 1398 {0, 0} 1399 } 1400 }, 1401 {1, 1, 2, 0, /* 0xbf */ 1402 {{0, 5}, 1403 {7, 7}, 1404 {0, 0}, 1405 {0, 0} 1406 } 1407 }, 1408 {0, 1, 1, 0, /* 0xc0 */ 1409 {{6, 7}, 1410 {0, 0}, 1411 {0, 0}, 1412 {0, 0} 1413 } 1414 }, 1415 {1, 1, 2, 0, /* 0xc1 */ 1416 {{0, 0}, 1417 {6, 7}, 1418 {0, 0}, 1419 {0, 0} 1420 } 1421 }, 1422 {0, 1, 2, 0, /* 0xc2 */ 1423 {{1, 1}, 1424 {6, 7}, 1425 {0, 0}, 1426 {0, 0} 1427 } 1428 }, 1429 {1, 1, 2, 0, /* 0xc3 */ 1430 {{0, 1}, 1431 {6, 7}, 1432 {0, 0}, 1433 {0, 0} 1434 } 1435 }, 1436 {0, 1, 2, 0, /* 0xc4 */ 1437 {{2, 2}, 1438 {6, 7}, 1439 {0, 0}, 1440 {0, 0} 1441 } 1442 }, 1443 {1, 1, 3, 0, /* 0xc5 */ 1444 {{0, 0}, 1445 {2, 2}, 1446 {6, 7}, 1447 {0, 0} 1448 } 1449 }, 1450 {0, 1, 2, 0, /* 0xc6 */ 1451 {{1, 2}, 1452 {6, 7}, 1453 {0, 0}, 1454 {0, 0} 1455 } 1456 }, 1457 {1, 1, 2, 0, /* 0xc7 */ 1458 {{0, 2}, 1459 {6, 7}, 1460 {0, 0}, 1461 {0, 0} 1462 } 1463 }, 1464 {0, 1, 2, 0, /* 0xc8 */ 1465 {{3, 3}, 1466 {6, 7}, 1467 {0, 0}, 1468 {0, 0} 1469 } 1470 }, 1471 {1, 1, 3, 0, /* 0xc9 */ 1472 {{0, 0}, 1473 {3, 3}, 1474 {6, 7}, 1475 {0, 0} 1476 } 1477 }, 1478 {0, 1, 3, 0, /* 0xca */ 1479 {{1, 1}, 1480 {3, 3}, 1481 {6, 7}, 1482 {0, 0} 1483 } 1484 }, 1485 {1, 1, 3, 0, /* 0xcb */ 1486 {{0, 1}, 1487 {3, 3}, 1488 {6, 7}, 1489 {0, 0} 1490 } 1491 }, 1492 {0, 1, 2, 0, /* 0xcc */ 1493 {{2, 3}, 1494 {6, 7}, 1495 {0, 0}, 1496 {0, 0} 1497 } 1498 }, 1499 {1, 1, 3, 0, /* 0xcd */ 1500 {{0, 0}, 1501 {2, 3}, 1502 {6, 7}, 1503 {0, 0} 1504 } 1505 }, 1506 {0, 1, 2, 0, /* 0xce */ 1507 {{1, 3}, 1508 {6, 7}, 1509 {0, 0}, 1510 {0, 0} 1511 } 1512 }, 1513 {1, 1, 2, 0, /* 0xcf */ 1514 {{0, 3}, 1515 {6, 7}, 1516 {0, 0}, 1517 {0, 0} 1518 } 1519 }, 1520 {0, 1, 2, 0, /* 0xd0 */ 1521 {{4, 4}, 1522 {6, 7}, 1523 {0, 0}, 1524 {0, 0} 1525 } 1526 }, 1527 {1, 1, 3, 0, /* 0xd1 */ 1528 {{0, 0}, 1529 {4, 4}, 1530 {6, 7}, 1531 {0, 0} 1532 } 1533 }, 1534 {0, 1, 3, 0, /* 0xd2 */ 1535 {{1, 1}, 1536 {4, 4}, 1537 {6, 7}, 1538 {0, 0} 1539 } 1540 }, 1541 {1, 1, 3, 0, /* 0xd3 */ 1542 {{0, 1}, 1543 {4, 4}, 1544 {6, 7}, 1545 {0, 0} 1546 } 1547 }, 1548 {0, 1, 3, 0, /* 0xd4 */ 1549 {{2, 2}, 1550 {4, 4}, 1551 {6, 7}, 1552 {0, 0} 1553 } 1554 }, 1555 {1, 1, 4, 0, /* 0xd5 */ 1556 {{0, 0}, 1557 {2, 2}, 1558 {4, 4}, 1559 {6, 7} 1560 } 1561 }, 1562 {0, 1, 3, 0, /* 0xd6 */ 1563 {{1, 2}, 1564 {4, 4}, 1565 {6, 7}, 1566 {0, 0} 1567 } 1568 }, 1569 {1, 1, 3, 0, /* 0xd7 */ 1570 {{0, 2}, 1571 {4, 4}, 1572 {6, 7}, 1573 {0, 0} 1574 } 1575 }, 1576 {0, 1, 2, 0, /* 0xd8 */ 1577 {{3, 4}, 1578 {6, 7}, 1579 {0, 0}, 1580 {0, 0} 1581 } 1582 }, 1583 {1, 1, 3, 0, /* 0xd9 */ 1584 {{0, 0}, 1585 {3, 4}, 1586 {6, 7}, 1587 {0, 0} 1588 } 1589 }, 1590 {0, 1, 3, 0, /* 0xda */ 1591 {{1, 1}, 1592 {3, 4}, 1593 {6, 7}, 1594 {0, 0} 1595 } 1596 }, 1597 {1, 1, 3, 0, /* 0xdb */ 1598 {{0, 1}, 1599 {3, 4}, 1600 {6, 7}, 1601 {0, 0} 1602 } 1603 }, 1604 {0, 1, 2, 0, /* 0xdc */ 1605 {{2, 4}, 1606 {6, 7}, 1607 {0, 0}, 1608 {0, 0} 1609 } 1610 }, 1611 {1, 1, 3, 0, /* 0xdd */ 1612 {{0, 0}, 1613 {2, 4}, 1614 {6, 7}, 1615 {0, 0} 1616 } 1617 }, 1618 {0, 1, 2, 0, /* 0xde */ 1619 {{1, 4}, 1620 {6, 7}, 1621 {0, 0}, 1622 {0, 0} 1623 } 1624 }, 1625 {1, 1, 2, 0, /* 0xdf */ 1626 {{0, 4}, 1627 {6, 7}, 1628 {0, 0}, 1629 {0, 0} 1630 } 1631 }, 1632 {0, 1, 1, 0, /* 0xe0 */ 1633 {{5, 7}, 1634 {0, 0}, 1635 {0, 0}, 1636 {0, 0} 1637 } 1638 }, 1639 {1, 1, 2, 0, /* 0xe1 */ 1640 {{0, 0}, 1641 {5, 7}, 1642 {0, 0}, 1643 {0, 0} 1644 } 1645 }, 1646 {0, 1, 2, 0, /* 0xe2 */ 1647 {{1, 1}, 1648 {5, 7}, 1649 {0, 0}, 1650 {0, 0} 1651 } 1652 }, 1653 {1, 1, 2, 0, /* 0xe3 */ 1654 {{0, 1}, 1655 {5, 7}, 1656 {0, 0}, 1657 {0, 0} 1658 } 1659 }, 1660 {0, 1, 2, 0, /* 0xe4 */ 1661 {{2, 2}, 1662 {5, 7}, 1663 {0, 0}, 1664 {0, 0} 1665 } 1666 }, 1667 {1, 1, 3, 0, /* 0xe5 */ 1668 {{0, 0}, 1669 {2, 2}, 1670 {5, 7}, 1671 {0, 0} 1672 } 1673 }, 1674 {0, 1, 2, 0, /* 0xe6 */ 1675 {{1, 2}, 1676 {5, 7}, 1677 {0, 0}, 1678 {0, 0} 1679 } 1680 }, 1681 {1, 1, 2, 0, /* 0xe7 */ 1682 {{0, 2}, 1683 {5, 7}, 1684 {0, 0}, 1685 {0, 0} 1686 } 1687 }, 1688 {0, 1, 2, 0, /* 0xe8 */ 1689 {{3, 3}, 1690 {5, 7}, 1691 {0, 0}, 1692 {0, 0} 1693 } 1694 }, 1695 {1, 1, 3, 0, /* 0xe9 */ 1696 {{0, 0}, 1697 {3, 3}, 1698 {5, 7}, 1699 {0, 0} 1700 } 1701 }, 1702 {0, 1, 3, 0, /* 0xea */ 1703 {{1, 1}, 1704 {3, 3}, 1705 {5, 7}, 1706 {0, 0} 1707 } 1708 }, 1709 {1, 1, 3, 0, /* 0xeb */ 1710 {{0, 1}, 1711 {3, 3}, 1712 {5, 7}, 1713 {0, 0} 1714 } 1715 }, 1716 {0, 1, 2, 0, /* 0xec */ 1717 {{2, 3}, 1718 {5, 7}, 1719 {0, 0}, 1720 {0, 0} 1721 } 1722 }, 1723 {1, 1, 3, 0, /* 0xed */ 1724 {{0, 0}, 1725 {2, 3}, 1726 {5, 7}, 1727 {0, 0} 1728 } 1729 }, 1730 {0, 1, 2, 0, /* 0xee */ 1731 {{1, 3}, 1732 {5, 7}, 1733 {0, 0}, 1734 {0, 0} 1735 } 1736 }, 1737 {1, 1, 2, 0, /* 0xef */ 1738 {{0, 3}, 1739 {5, 7}, 1740 {0, 0}, 1741 {0, 0} 1742 } 1743 }, 1744 {0, 1, 1, 0, /* 0xf0 */ 1745 {{4, 7}, 1746 {0, 0}, 1747 {0, 0}, 1748 {0, 0} 1749 } 1750 }, 1751 {1, 1, 2, 0, /* 0xf1 */ 1752 {{0, 0}, 1753 {4, 7}, 1754 {0, 0}, 1755 {0, 0} 1756 } 1757 }, 1758 {0, 1, 2, 0, /* 0xf2 */ 1759 {{1, 1}, 1760 {4, 7}, 1761 {0, 0}, 1762 {0, 0} 1763 } 1764 }, 1765 {1, 1, 2, 0, /* 0xf3 */ 1766 {{0, 1}, 1767 {4, 7}, 1768 {0, 0}, 1769 {0, 0} 1770 } 1771 }, 1772 {0, 1, 2, 0, /* 0xf4 */ 1773 {{2, 2}, 1774 {4, 7}, 1775 {0, 0}, 1776 {0, 0} 1777 } 1778 }, 1779 {1, 1, 3, 0, /* 0xf5 */ 1780 {{0, 0}, 1781 {2, 2}, 1782 {4, 7}, 1783 {0, 0} 1784 } 1785 }, 1786 {0, 1, 2, 0, /* 0xf6 */ 1787 {{1, 2}, 1788 {4, 7}, 1789 {0, 0}, 1790 {0, 0} 1791 } 1792 }, 1793 {1, 1, 2, 0, /* 0xf7 */ 1794 {{0, 2}, 1795 {4, 7}, 1796 {0, 0}, 1797 {0, 0} 1798 } 1799 }, 1800 {0, 1, 1, 0, /* 0xf8 */ 1801 {{3, 7}, 1802 {0, 0}, 1803 {0, 0}, 1804 {0, 0} 1805 } 1806 }, 1807 {1, 1, 2, 0, /* 0xf9 */ 1808 {{0, 0}, 1809 {3, 7}, 1810 {0, 0}, 1811 {0, 0} 1812 } 1813 }, 1814 {0, 1, 2, 0, /* 0xfa */ 1815 {{1, 1}, 1816 {3, 7}, 1817 {0, 0}, 1818 {0, 0} 1819 } 1820 }, 1821 {1, 1, 2, 0, /* 0xfb */ 1822 {{0, 1}, 1823 {3, 7}, 1824 {0, 0}, 1825 {0, 0} 1826 } 1827 }, 1828 {0, 1, 1, 0, /* 0xfc */ 1829 {{2, 7}, 1830 {0, 0}, 1831 {0, 0}, 1832 {0, 0} 1833 } 1834 }, 1835 {1, 1, 2, 0, /* 0xfd */ 1836 {{0, 0}, 1837 {2, 7}, 1838 {0, 0}, 1839 {0, 0} 1840 } 1841 }, 1842 {0, 1, 1, 0, /* 0xfe */ 1843 {{1, 7}, 1844 {0, 0}, 1845 {0, 0}, 1846 {0, 0} 1847 } 1848 }, 1849 {1, 1, 1, 0, /* 0xff */ 1850 {{0, 7}, 1851 {0, 0}, 1852 {0, 0}, 1853 {0, 0} 1854 } 1855 } 1856 }; 1857 1858 1859 int 1860 sctp_is_address_in_scope(struct sctp_ifa *ifa, 1861 int ipv4_addr_legal, 1862 int ipv6_addr_legal, 1863 int loopback_scope, 1864 int ipv4_local_scope, 1865 int local_scope, 1866 int site_scope, 1867 int do_update) 1868 { 1869 if ((loopback_scope == 0) && 1870 (ifa->ifn_p) && SCTP_IFN_IS_IFT_LOOP(ifa->ifn_p)) { 1871 /* 1872 * skip loopback if not in scope * 1873 */ 1874 return (0); 1875 } 1876 if ((ifa->address.sa.sa_family == AF_INET) && ipv4_addr_legal) { 1877 struct sockaddr_in *sin; 1878 1879 sin = (struct sockaddr_in *)&ifa->address.sin; 1880 if (sin->sin_addr.s_addr == 0) { 1881 /* not in scope , unspecified */ 1882 return (0); 1883 } 1884 if ((ipv4_local_scope == 0) && 1885 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 1886 /* private address not in scope */ 1887 return (0); 1888 } 1889 } else if ((ifa->address.sa.sa_family == AF_INET6) && ipv6_addr_legal) { 1890 struct sockaddr_in6 *sin6; 1891 1892 /* 1893 * Must update the flags, bummer, which means any IFA locks 1894 * must now be applied HERE <-> 1895 */ 1896 if (do_update) { 1897 sctp_gather_internal_ifa_flags(ifa); 1898 } 1899 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 1900 return (0); 1901 } 1902 /* ok to use deprecated addresses? */ 1903 sin6 = (struct sockaddr_in6 *)&ifa->address.sin6; 1904 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1905 /* skip unspecifed addresses */ 1906 return (0); 1907 } 1908 if ( /* (local_scope == 0) && */ 1909 (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) { 1910 return (0); 1911 } 1912 if ((site_scope == 0) && 1913 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 1914 return (0); 1915 } 1916 } else { 1917 return (0); 1918 } 1919 return (1); 1920 } 1921 1922 static struct mbuf * 1923 sctp_add_addr_to_mbuf(struct mbuf *m, struct sctp_ifa *ifa) 1924 { 1925 struct sctp_paramhdr *parmh; 1926 struct mbuf *mret; 1927 int len; 1928 1929 if (ifa->address.sa.sa_family == AF_INET) { 1930 len = sizeof(struct sctp_ipv4addr_param); 1931 } else if (ifa->address.sa.sa_family == AF_INET6) { 1932 len = sizeof(struct sctp_ipv6addr_param); 1933 } else { 1934 /* unknown type */ 1935 return (m); 1936 } 1937 if (M_TRAILINGSPACE(m) >= len) { 1938 /* easy side we just drop it on the end */ 1939 parmh = (struct sctp_paramhdr *)(SCTP_BUF_AT(m, SCTP_BUF_LEN(m))); 1940 mret = m; 1941 } else { 1942 /* Need more space */ 1943 mret = m; 1944 while (SCTP_BUF_NEXT(mret) != NULL) { 1945 mret = SCTP_BUF_NEXT(mret); 1946 } 1947 SCTP_BUF_NEXT(mret) = sctp_get_mbuf_for_msg(len, 0, M_DONTWAIT, 1, MT_DATA); 1948 if (SCTP_BUF_NEXT(mret) == NULL) { 1949 /* We are hosed, can't add more addresses */ 1950 return (m); 1951 } 1952 mret = SCTP_BUF_NEXT(mret); 1953 parmh = mtod(mret, struct sctp_paramhdr *); 1954 } 1955 /* now add the parameter */ 1956 if (ifa->address.sa.sa_family == AF_INET) { 1957 struct sctp_ipv4addr_param *ipv4p; 1958 struct sockaddr_in *sin; 1959 1960 sin = (struct sockaddr_in *)&ifa->address.sin; 1961 ipv4p = (struct sctp_ipv4addr_param *)parmh; 1962 parmh->param_type = htons(SCTP_IPV4_ADDRESS); 1963 parmh->param_length = htons(len); 1964 ipv4p->addr = sin->sin_addr.s_addr; 1965 SCTP_BUF_LEN(mret) += len; 1966 } else if (ifa->address.sa.sa_family == AF_INET6) { 1967 struct sctp_ipv6addr_param *ipv6p; 1968 struct sockaddr_in6 *sin6; 1969 1970 sin6 = (struct sockaddr_in6 *)&ifa->address.sin6; 1971 ipv6p = (struct sctp_ipv6addr_param *)parmh; 1972 parmh->param_type = htons(SCTP_IPV6_ADDRESS); 1973 parmh->param_length = htons(len); 1974 memcpy(ipv6p->addr, &sin6->sin6_addr, 1975 sizeof(ipv6p->addr)); 1976 /* clear embedded scope in the address */ 1977 in6_clearscope((struct in6_addr *)ipv6p->addr); 1978 SCTP_BUF_LEN(mret) += len; 1979 } else { 1980 return (m); 1981 } 1982 return (mret); 1983 } 1984 1985 1986 struct mbuf * 1987 sctp_add_addresses_to_i_ia(struct sctp_inpcb *inp, struct sctp_scoping *scope, 1988 struct mbuf *m_at, int cnt_inits_to) 1989 { 1990 struct sctp_vrf *vrf = NULL; 1991 int cnt, limit_out = 0, total_count; 1992 uint32_t vrf_id; 1993 1994 vrf_id = inp->def_vrf_id; 1995 SCTP_IPI_ADDR_LOCK(); 1996 vrf = sctp_find_vrf(vrf_id); 1997 if (vrf == NULL) { 1998 SCTP_IPI_ADDR_UNLOCK(); 1999 return (m_at); 2000 } 2001 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 2002 struct sctp_ifa *sctp_ifap; 2003 struct sctp_ifn *sctp_ifnp; 2004 2005 cnt = cnt_inits_to; 2006 if (vrf->total_ifa_count > SCTP_COUNT_LIMIT) { 2007 limit_out = 1; 2008 cnt = SCTP_ADDRESS_LIMIT; 2009 goto skip_count; 2010 } 2011 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) { 2012 if ((scope->loopback_scope == 0) && 2013 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) { 2014 /* 2015 * Skip loopback devices if loopback_scope 2016 * not set 2017 */ 2018 continue; 2019 } 2020 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { 2021 if (sctp_is_address_in_scope(sctp_ifap, 2022 scope->ipv4_addr_legal, 2023 scope->ipv6_addr_legal, 2024 scope->loopback_scope, 2025 scope->ipv4_local_scope, 2026 scope->local_scope, 2027 scope->site_scope, 1) == 0) { 2028 continue; 2029 } 2030 cnt++; 2031 if (cnt > SCTP_ADDRESS_LIMIT) { 2032 break; 2033 } 2034 } 2035 if (cnt > SCTP_ADDRESS_LIMIT) { 2036 break; 2037 } 2038 } 2039 skip_count: 2040 if (cnt > 1) { 2041 total_count = 0; 2042 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) { 2043 cnt = 0; 2044 if ((scope->loopback_scope == 0) && 2045 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) { 2046 /* 2047 * Skip loopback devices if 2048 * loopback_scope not set 2049 */ 2050 continue; 2051 } 2052 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { 2053 if (sctp_is_address_in_scope(sctp_ifap, 2054 scope->ipv4_addr_legal, 2055 scope->ipv6_addr_legal, 2056 scope->loopback_scope, 2057 scope->ipv4_local_scope, 2058 scope->local_scope, 2059 scope->site_scope, 0) == 0) { 2060 continue; 2061 } 2062 m_at = sctp_add_addr_to_mbuf(m_at, sctp_ifap); 2063 if (limit_out) { 2064 cnt++; 2065 total_count++; 2066 if (cnt >= 2) { 2067 /* 2068 * two from each 2069 * address 2070 */ 2071 break; 2072 } 2073 if (total_count > SCTP_ADDRESS_LIMIT) { 2074 /* No more addresses */ 2075 break; 2076 } 2077 } 2078 } 2079 } 2080 } 2081 } else { 2082 struct sctp_laddr *laddr; 2083 2084 cnt = cnt_inits_to; 2085 /* First, how many ? */ 2086 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2087 if (laddr->ifa == NULL) { 2088 continue; 2089 } 2090 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) 2091 /* 2092 * Address being deleted by the system, dont 2093 * list. 2094 */ 2095 continue; 2096 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2097 /* 2098 * Address being deleted on this ep don't 2099 * list. 2100 */ 2101 continue; 2102 } 2103 if (sctp_is_address_in_scope(laddr->ifa, 2104 scope->ipv4_addr_legal, 2105 scope->ipv6_addr_legal, 2106 scope->loopback_scope, 2107 scope->ipv4_local_scope, 2108 scope->local_scope, 2109 scope->site_scope, 1) == 0) { 2110 continue; 2111 } 2112 cnt++; 2113 } 2114 if (cnt > SCTP_ADDRESS_LIMIT) { 2115 limit_out = 1; 2116 } 2117 /* 2118 * To get through a NAT we only list addresses if we have 2119 * more than one. That way if you just bind a single address 2120 * we let the source of the init dictate our address. 2121 */ 2122 if (cnt > 1) { 2123 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2124 cnt = 0; 2125 if (laddr->ifa == NULL) { 2126 continue; 2127 } 2128 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) 2129 continue; 2130 2131 if (sctp_is_address_in_scope(laddr->ifa, 2132 scope->ipv4_addr_legal, 2133 scope->ipv6_addr_legal, 2134 scope->loopback_scope, 2135 scope->ipv4_local_scope, 2136 scope->local_scope, 2137 scope->site_scope, 0) == 0) { 2138 continue; 2139 } 2140 m_at = sctp_add_addr_to_mbuf(m_at, laddr->ifa); 2141 cnt++; 2142 if (cnt >= SCTP_ADDRESS_LIMIT) { 2143 break; 2144 } 2145 } 2146 } 2147 } 2148 SCTP_IPI_ADDR_UNLOCK(); 2149 return (m_at); 2150 } 2151 2152 static struct sctp_ifa * 2153 sctp_is_ifa_addr_prefered(struct sctp_ifa *ifa, 2154 uint8_t dest_is_loop, 2155 uint8_t dest_is_priv, 2156 sa_family_t fam) 2157 { 2158 uint8_t dest_is_global = 0; 2159 2160 /* 2161 * is_scope -> dest_is_priv is true if destination is a private 2162 * address 2163 */ 2164 /* dest_is_loop is true if destination is a loopback addresses */ 2165 2166 /* 2167 * Here we determine if its a prefered address. A prefered address 2168 * means it is the same scope or higher scope then the destination. 2169 * L = loopback, P = private, G = global 2170 * ----------------------------------------- src | dest | result 2171 * ---------------------------------------- L | L | yes 2172 * ----------------------------------------- P | L | 2173 * yes-v4 no-v6 ----------------------------------------- G | 2174 * L | yes-v4 no-v6 ----------------------------------------- L 2175 * | P | no ----------------------------------------- P | 2176 * P | yes ----------------------------------------- G | 2177 * P | no ----------------------------------------- L | G 2178 * | no ----------------------------------------- P | G | 2179 * no ----------------------------------------- G | G | 2180 * yes ----------------------------------------- 2181 */ 2182 2183 if (ifa->address.sa.sa_family != fam) { 2184 /* forget mis-matched family */ 2185 return (NULL); 2186 } 2187 if ((dest_is_priv == 0) && (dest_is_loop == 0)) { 2188 dest_is_global = 1; 2189 } 2190 #ifdef SCTP_DEBUG 2191 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 2192 printf("Is destination prefered:"); 2193 sctp_print_address(&ifa->address.sa); 2194 } 2195 #endif 2196 2197 /* Ok the address may be ok */ 2198 if (fam == AF_INET6) { 2199 /* ok to use deprecated addresses? */ 2200 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 2201 #ifdef SCTP_DEBUG 2202 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 2203 printf("NO:1\n"); 2204 } 2205 #endif 2206 return (NULL); 2207 } 2208 if (ifa->src_is_priv) { 2209 if (dest_is_loop) { 2210 #ifdef SCTP_DEBUG 2211 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 2212 printf("NO:2\n"); 2213 } 2214 #endif 2215 return (NULL); 2216 } 2217 } 2218 if (ifa->src_is_glob) { 2219 2220 if (dest_is_loop) { 2221 #ifdef SCTP_DEBUG 2222 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 2223 printf("NO:3\n"); 2224 } 2225 #endif 2226 return (NULL); 2227 } 2228 } 2229 } 2230 /* 2231 * Now that we know what is what, implement or table this could in 2232 * theory be done slicker (it used to be), but this is 2233 * straightforward and easier to validate :-) 2234 */ 2235 #ifdef SCTP_DEBUG 2236 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 2237 printf("src_loop:%d src_priv:%d src_glob:%d\n", 2238 ifa->src_is_loop, ifa->src_is_priv, 2239 ifa->src_is_glob); 2240 printf("dest_loop:%d dest_priv:%d dest_glob:%d\n", 2241 dest_is_loop, dest_is_priv, 2242 dest_is_global); 2243 } 2244 #endif 2245 2246 if ((ifa->src_is_loop) && (dest_is_priv)) { 2247 #ifdef SCTP_DEBUG 2248 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 2249 printf("NO:4\n"); 2250 } 2251 #endif 2252 return (NULL); 2253 } 2254 if ((ifa->src_is_glob) && (dest_is_priv)) { 2255 #ifdef SCTP_DEBUG 2256 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 2257 printf("NO:5\n"); 2258 } 2259 #endif 2260 return (NULL); 2261 } 2262 if ((ifa->src_is_loop) && (dest_is_global)) { 2263 #ifdef SCTP_DEBUG 2264 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 2265 printf("NO:6\n"); 2266 } 2267 #endif 2268 return (NULL); 2269 } 2270 if ((ifa->src_is_priv) && (dest_is_global)) { 2271 #ifdef SCTP_DEBUG 2272 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 2273 printf("NO:7\n"); 2274 } 2275 #endif 2276 return (NULL); 2277 } 2278 #ifdef SCTP_DEBUG 2279 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 2280 printf("YES\n"); 2281 } 2282 #endif 2283 /* its a prefered address */ 2284 return (ifa); 2285 } 2286 2287 static struct sctp_ifa * 2288 sctp_is_ifa_addr_acceptable(struct sctp_ifa *ifa, 2289 uint8_t dest_is_loop, 2290 uint8_t dest_is_priv, 2291 sa_family_t fam) 2292 { 2293 uint8_t dest_is_global = 0; 2294 2295 2296 /* 2297 * Here we determine if its a acceptable address. A acceptable 2298 * address means it is the same scope or higher scope but we can 2299 * allow for NAT which means its ok to have a global dest and a 2300 * private src. 2301 * 2302 * L = loopback, P = private, G = global 2303 * ----------------------------------------- src | dest | result 2304 * ----------------------------------------- L | L | yes 2305 * ----------------------------------------- P | L | 2306 * yes-v4 no-v6 ----------------------------------------- G | 2307 * L | yes ----------------------------------------- L | 2308 * P | no ----------------------------------------- P | P 2309 * | yes ----------------------------------------- G | P 2310 * | yes - May not work ----------------------------------------- 2311 * L | G | no ----------------------------------------- P 2312 * | G | yes - May not work 2313 * ----------------------------------------- G | G | yes 2314 * ----------------------------------------- 2315 */ 2316 2317 if (ifa->address.sa.sa_family != fam) { 2318 /* forget non matching family */ 2319 return (NULL); 2320 } 2321 /* Ok the address may be ok */ 2322 if ((dest_is_loop == 0) && (dest_is_priv == 0)) { 2323 dest_is_global = 1; 2324 } 2325 if (fam == AF_INET6) { 2326 /* ok to use deprecated addresses? */ 2327 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 2328 return (NULL); 2329 } 2330 if (ifa->src_is_priv) { 2331 /* Special case, linklocal to loop */ 2332 if (dest_is_loop) 2333 return (NULL); 2334 } 2335 } 2336 /* 2337 * Now that we know what is what, implement or table this could in 2338 * theory be done slicker (it used to be), but this is 2339 * straightforward and easier to validate :-) 2340 */ 2341 2342 if ((ifa->src_is_loop == 0) && (dest_is_priv)) { 2343 return (NULL); 2344 } 2345 if ((ifa->src_is_loop == 0) && (dest_is_global)) { 2346 return (NULL); 2347 } 2348 /* its an acceptable address */ 2349 return (ifa); 2350 } 2351 2352 int 2353 sctp_is_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa) 2354 { 2355 struct sctp_laddr *laddr; 2356 2357 if (stcb == NULL) { 2358 /* There are no restrictions, no TCB :-) */ 2359 return (0); 2360 } 2361 LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) { 2362 if (laddr->ifa == NULL) { 2363 #ifdef SCTP_DEBUG 2364 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 2365 printf("Help I have fallen and I can't get up!\n"); 2366 } 2367 #endif 2368 continue; 2369 } 2370 if (laddr->ifa == ifa) { 2371 /* Yes it is on the list */ 2372 return (1); 2373 } 2374 } 2375 return (0); 2376 } 2377 2378 2379 int 2380 sctp_is_addr_in_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa) 2381 { 2382 struct sctp_laddr *laddr; 2383 2384 if (ifa == NULL) 2385 return (0); 2386 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2387 if (laddr->ifa == NULL) { 2388 #ifdef SCTP_DEBUG 2389 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 2390 printf("Help I have fallen and I can't get up!\n"); 2391 } 2392 #endif 2393 continue; 2394 } 2395 if ((laddr->ifa == ifa) && laddr->action == 0) 2396 /* same pointer */ 2397 return (1); 2398 } 2399 return (0); 2400 } 2401 2402 2403 2404 static struct sctp_ifa * 2405 sctp_choose_boundspecific_inp(struct sctp_inpcb *inp, 2406 sctp_route_t * ro, 2407 uint32_t vrf_id, 2408 int non_asoc_addr_ok, 2409 uint8_t dest_is_priv, 2410 uint8_t dest_is_loop, 2411 sa_family_t fam) 2412 { 2413 struct sctp_laddr *laddr, *starting_point; 2414 void *ifn; 2415 int resettotop = 0; 2416 struct sctp_ifn *sctp_ifn; 2417 struct sctp_ifa *sctp_ifa, *sifa; 2418 struct sctp_vrf *vrf; 2419 uint32_t ifn_index; 2420 2421 vrf = sctp_find_vrf(vrf_id); 2422 if (vrf == NULL) 2423 return (NULL); 2424 2425 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2426 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2427 sctp_ifn = sctp_find_ifn(vrf, ifn, ifn_index); 2428 /* 2429 * first question, is the ifn we will emit on in our list, if so, we 2430 * want such an address. Note that we first looked for a prefered 2431 * address. 2432 */ 2433 if (sctp_ifn) { 2434 /* is a prefered one on the interface we route out? */ 2435 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2436 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2437 continue; 2438 sifa = sctp_is_ifa_addr_prefered(sctp_ifa, dest_is_loop, dest_is_priv, fam); 2439 if (sifa == NULL) 2440 continue; 2441 if (sctp_is_addr_in_ep(inp, sifa)) { 2442 atomic_add_int(&sifa->refcount, 1); 2443 return (sifa); 2444 } 2445 } 2446 } 2447 /* 2448 * ok, now we now need to find one on the list of the addresses. We 2449 * can't get one on the emitting interface so lets find first a 2450 * prefered one. If not that a acceptable one otherwise... we return 2451 * NULL. 2452 */ 2453 starting_point = inp->next_addr_touse; 2454 once_again: 2455 if (inp->next_addr_touse == NULL) { 2456 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list); 2457 resettotop = 1; 2458 } 2459 for (laddr = inp->next_addr_touse; laddr; laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2460 if (laddr->ifa == NULL) { 2461 /* address has been removed */ 2462 continue; 2463 } 2464 sifa = sctp_is_ifa_addr_prefered(laddr->ifa, dest_is_loop, dest_is_priv, fam); 2465 if (sifa == NULL) 2466 continue; 2467 atomic_add_int(&sifa->refcount, 1); 2468 return (sifa); 2469 } 2470 if (resettotop == 0) { 2471 inp->next_addr_touse = NULL; 2472 goto once_again; 2473 } 2474 inp->next_addr_touse = starting_point; 2475 resettotop = 0; 2476 once_again_too: 2477 if (inp->next_addr_touse == NULL) { 2478 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list); 2479 resettotop = 1; 2480 } 2481 /* ok, what about an acceptable address in the inp */ 2482 for (laddr = inp->next_addr_touse; laddr; laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2483 if (laddr->ifa == NULL) { 2484 /* address has been removed */ 2485 continue; 2486 } 2487 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop, dest_is_priv, fam); 2488 if (sifa == NULL) 2489 continue; 2490 atomic_add_int(&sifa->refcount, 1); 2491 return (sifa); 2492 } 2493 if (resettotop == 0) { 2494 inp->next_addr_touse = NULL; 2495 goto once_again_too; 2496 } 2497 /* 2498 * no address bound can be a source for the destination we are in 2499 * trouble 2500 */ 2501 return (NULL); 2502 } 2503 2504 2505 2506 static struct sctp_ifa * 2507 sctp_choose_boundspecific_stcb(struct sctp_inpcb *inp, 2508 struct sctp_tcb *stcb, 2509 struct sctp_nets *net, 2510 sctp_route_t * ro, 2511 uint32_t vrf_id, 2512 uint8_t dest_is_priv, 2513 uint8_t dest_is_loop, 2514 int non_asoc_addr_ok, 2515 sa_family_t fam) 2516 { 2517 struct sctp_laddr *laddr, *starting_point; 2518 void *ifn; 2519 struct sctp_ifn *sctp_ifn; 2520 struct sctp_ifa *sctp_ifa, *sifa; 2521 uint8_t start_at_beginning = 0; 2522 struct sctp_vrf *vrf; 2523 uint32_t ifn_index; 2524 2525 /* 2526 * first question, is the ifn we will emit on in our list, if so, we 2527 * want that one. 2528 */ 2529 vrf = sctp_find_vrf(vrf_id); 2530 if (vrf == NULL) 2531 return (NULL); 2532 2533 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2534 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2535 sctp_ifn = sctp_find_ifn(vrf, ifn, ifn_index); 2536 2537 /* 2538 * first question, is the ifn we will emit on in our list, if so, we 2539 * want that one.. First we look for a prefered. Second we go for an 2540 * acceptable. 2541 */ 2542 if (sctp_ifn) { 2543 /* first try for a prefered address on the ep */ 2544 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2545 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2546 continue; 2547 if (sctp_is_addr_in_ep(inp, sctp_ifa)) { 2548 sifa = sctp_is_ifa_addr_prefered(sctp_ifa, dest_is_loop, dest_is_priv, fam); 2549 if (sifa == NULL) 2550 continue; 2551 if ((non_asoc_addr_ok == 0) && 2552 (sctp_is_addr_restricted(stcb, sifa))) { 2553 /* on the no-no list */ 2554 continue; 2555 } 2556 atomic_add_int(&sifa->refcount, 1); 2557 return (sifa); 2558 } 2559 } 2560 /* next try for an acceptable address on the ep */ 2561 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2562 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2563 continue; 2564 if (sctp_is_addr_in_ep(inp, sctp_ifa)) { 2565 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, dest_is_priv, fam); 2566 if (sifa == NULL) 2567 continue; 2568 if ((non_asoc_addr_ok == 0) && 2569 (sctp_is_addr_restricted(stcb, sifa))) { 2570 /* on the no-no list */ 2571 continue; 2572 } 2573 atomic_add_int(&sifa->refcount, 1); 2574 return (sifa); 2575 } 2576 } 2577 2578 } 2579 /* 2580 * if we can't find one like that then we must look at all addresses 2581 * bound to pick one at first prefereable then secondly acceptable. 2582 */ 2583 starting_point = stcb->asoc.last_used_address; 2584 sctp_from_the_top: 2585 if (stcb->asoc.last_used_address == NULL) { 2586 start_at_beginning = 1; 2587 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 2588 } 2589 /* search beginning with the last used address */ 2590 for (laddr = stcb->asoc.last_used_address; laddr; 2591 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2592 if (laddr->ifa == NULL) { 2593 /* address has been removed */ 2594 continue; 2595 } 2596 sifa = sctp_is_ifa_addr_prefered(laddr->ifa, dest_is_loop, dest_is_priv, fam); 2597 if (sifa == NULL) 2598 continue; 2599 if ((non_asoc_addr_ok == 0) && 2600 (sctp_is_addr_restricted(stcb, sifa))) { 2601 /* on the no-no list */ 2602 continue; 2603 } 2604 stcb->asoc.last_used_address = laddr; 2605 atomic_add_int(&sifa->refcount, 1); 2606 return (sifa); 2607 2608 } 2609 if (start_at_beginning == 0) { 2610 stcb->asoc.last_used_address = NULL; 2611 goto sctp_from_the_top; 2612 } 2613 /* now try for any higher scope than the destination */ 2614 stcb->asoc.last_used_address = starting_point; 2615 start_at_beginning = 0; 2616 sctp_from_the_top2: 2617 if (stcb->asoc.last_used_address == NULL) { 2618 start_at_beginning = 1; 2619 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 2620 } 2621 /* search beginning with the last used address */ 2622 for (laddr = stcb->asoc.last_used_address; laddr; 2623 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2624 if (laddr->ifa == NULL) { 2625 /* address has been removed */ 2626 continue; 2627 } 2628 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop, dest_is_priv, fam); 2629 if (sifa == NULL) 2630 continue; 2631 if ((non_asoc_addr_ok == 0) && 2632 (sctp_is_addr_restricted(stcb, sifa))) { 2633 /* on the no-no list */ 2634 continue; 2635 } 2636 stcb->asoc.last_used_address = laddr; 2637 atomic_add_int(&sifa->refcount, 1); 2638 return (sifa); 2639 } 2640 if (start_at_beginning == 0) { 2641 stcb->asoc.last_used_address = NULL; 2642 goto sctp_from_the_top2; 2643 } 2644 return (NULL); 2645 } 2646 2647 static struct sctp_ifa * 2648 sctp_select_nth_prefered_addr_from_ifn_boundall(struct sctp_ifn *ifn, 2649 struct sctp_tcb *stcb, 2650 int non_asoc_addr_ok, 2651 uint8_t dest_is_loop, 2652 uint8_t dest_is_priv, 2653 int addr_wanted, 2654 sa_family_t fam) 2655 { 2656 struct sctp_ifa *ifa, *sifa; 2657 int num_eligible_addr = 0; 2658 2659 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) { 2660 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2661 continue; 2662 sifa = sctp_is_ifa_addr_prefered(ifa, dest_is_loop, dest_is_priv, fam); 2663 if (sifa == NULL) 2664 continue; 2665 if (stcb) { 2666 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, sifa)) { 2667 /* 2668 * It is restricted for some reason.. 2669 * probably not yet added. 2670 */ 2671 continue; 2672 } 2673 } 2674 if (num_eligible_addr >= addr_wanted) { 2675 return (sifa); 2676 } 2677 num_eligible_addr++; 2678 } 2679 return (NULL); 2680 } 2681 2682 2683 static int 2684 sctp_count_num_prefered_boundall(struct sctp_ifn *ifn, 2685 struct sctp_tcb *stcb, 2686 int non_asoc_addr_ok, 2687 uint8_t dest_is_loop, 2688 uint8_t dest_is_priv, 2689 sa_family_t fam) 2690 { 2691 struct sctp_ifa *ifa, *sifa; 2692 int num_eligible_addr = 0; 2693 2694 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) { 2695 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) { 2696 continue; 2697 } 2698 sifa = sctp_is_ifa_addr_prefered(ifa, dest_is_loop, dest_is_priv, fam); 2699 if (sifa == NULL) { 2700 continue; 2701 } 2702 if (stcb) { 2703 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, sifa)) { 2704 /* 2705 * It is restricted for some reason.. 2706 * probably not yet added. 2707 */ 2708 continue; 2709 } 2710 } 2711 num_eligible_addr++; 2712 } 2713 return (num_eligible_addr); 2714 } 2715 2716 static struct sctp_ifa * 2717 sctp_choose_boundall(struct sctp_inpcb *inp, 2718 struct sctp_tcb *stcb, 2719 struct sctp_nets *net, 2720 sctp_route_t * ro, 2721 uint32_t vrf_id, 2722 uint8_t dest_is_priv, 2723 uint8_t dest_is_loop, 2724 int non_asoc_addr_ok, 2725 sa_family_t fam) 2726 { 2727 int cur_addr_num = 0, num_prefered = 0; 2728 void *ifn; 2729 struct sctp_ifn *sctp_ifn, *looked_at = NULL, *emit_ifn; 2730 struct sctp_ifa *sctp_ifa, *sifa; 2731 uint32_t ifn_index; 2732 struct sctp_vrf *vrf; 2733 2734 /* 2735 * For boundall we can use any address in the association. If 2736 * non_asoc_addr_ok is set we can use any address (at least in 2737 * theory). So we look for prefered addresses first. If we find one, 2738 * we use it. Otherwise we next try to get an address on the 2739 * interface, which we should be able to do (unless non_asoc_addr_ok 2740 * is false and we are routed out that way). In these cases where we 2741 * can't use the address of the interface we go through all the 2742 * ifn's looking for an address we can use and fill that in. Punting 2743 * means we send back address 0, which will probably cause problems 2744 * actually since then IP will fill in the address of the route ifn, 2745 * which means we probably already rejected it.. i.e. here comes an 2746 * abort :-<. 2747 */ 2748 vrf = sctp_find_vrf(vrf_id); 2749 if (vrf == NULL) 2750 return (NULL); 2751 2752 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2753 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2754 2755 emit_ifn = looked_at = sctp_ifn = sctp_find_ifn(vrf, ifn, ifn_index); 2756 if (sctp_ifn == NULL) { 2757 /* ?? We don't have this guy ?? */ 2758 goto bound_all_plan_b; 2759 } 2760 if (net) { 2761 cur_addr_num = net->indx_of_eligible_next_to_use; 2762 } 2763 num_prefered = sctp_count_num_prefered_boundall(sctp_ifn, 2764 stcb, 2765 non_asoc_addr_ok, 2766 dest_is_loop, 2767 dest_is_priv, fam); 2768 #ifdef SCTP_DEBUG 2769 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 2770 printf("Found %d prefered source addresses\n", num_prefered); 2771 } 2772 #endif 2773 if (num_prefered == 0) { 2774 /* 2775 * no eligible addresses, we must use some other interface 2776 * address if we can find one. 2777 */ 2778 goto bound_all_plan_b; 2779 } 2780 /* 2781 * Ok we have num_eligible_addr set with how many we can use, this 2782 * may vary from call to call due to addresses being deprecated 2783 * etc.. 2784 */ 2785 if (cur_addr_num >= num_prefered) { 2786 cur_addr_num = 0; 2787 } 2788 /* 2789 * select the nth address from the list (where cur_addr_num is the 2790 * nth) and 0 is the first one, 1 is the second one etc... 2791 */ 2792 #ifdef SCTP_DEBUG 2793 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 2794 printf("cur_addr_num:%d\n", cur_addr_num); 2795 } 2796 #endif 2797 sctp_ifa = sctp_select_nth_prefered_addr_from_ifn_boundall(sctp_ifn, stcb, non_asoc_addr_ok, dest_is_loop, 2798 dest_is_priv, cur_addr_num, fam); 2799 2800 /* if sctp_ifa is NULL something changed??, fall to plan b. */ 2801 if (sctp_ifa) { 2802 atomic_add_int(&sctp_ifa->refcount, 1); 2803 if (net) { 2804 /* save off where the next one we will want */ 2805 net->indx_of_eligible_next_to_use = cur_addr_num + 1; 2806 } 2807 return (sctp_ifa); 2808 } 2809 /* 2810 * plan_b: Look at all interfaces and find a prefered address. If no 2811 * prefered fall through to plan_c. 2812 */ 2813 bound_all_plan_b: 2814 #ifdef SCTP_DEBUG 2815 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 2816 printf("Plan B?\n"); 2817 } 2818 #endif 2819 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 2820 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 2821 /* wrong base scope */ 2822 continue; 2823 } 2824 if ((sctp_ifn == looked_at) && looked_at) 2825 /* already looked at this guy */ 2826 continue; 2827 num_prefered = sctp_count_num_prefered_boundall(sctp_ifn, stcb, non_asoc_addr_ok, 2828 dest_is_loop, dest_is_priv, fam); 2829 #ifdef SCTP_DEBUG 2830 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 2831 printf("Found ifn:%p %d prefered source addresses\n", ifn, num_prefered); 2832 } 2833 #endif 2834 if (num_prefered == 0) { 2835 /* 2836 * None on this interface. 2837 */ 2838 continue; 2839 } 2840 #ifdef SCTP_DEBUG 2841 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 2842 printf("num prefered:%d on interface:%p cur_addr_num:%d\n", 2843 num_prefered, 2844 sctp_ifn, 2845 cur_addr_num); 2846 } 2847 #endif 2848 2849 /* 2850 * Ok we have num_eligible_addr set with how many we can 2851 * use, this may vary from call to call due to addresses 2852 * being deprecated etc.. 2853 */ 2854 if (cur_addr_num >= num_prefered) { 2855 cur_addr_num = 0; 2856 } 2857 sifa = sctp_select_nth_prefered_addr_from_ifn_boundall(sctp_ifn, stcb, non_asoc_addr_ok, dest_is_loop, 2858 dest_is_priv, cur_addr_num, fam); 2859 if (sifa == NULL) 2860 continue; 2861 if (net) { 2862 net->indx_of_eligible_next_to_use = cur_addr_num + 1; 2863 #ifdef SCTP_DEBUG 2864 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 2865 printf("we selected %d\n", cur_addr_num); 2866 printf("Source:"); 2867 sctp_print_address(&sifa->address.sa); 2868 printf("Dest:"); 2869 sctp_print_address(&net->ro._l_addr.sa); 2870 } 2871 #endif 2872 } 2873 atomic_add_int(&sifa->refcount, 1); 2874 return (sifa); 2875 2876 } 2877 2878 /* 2879 * plan_c: See if we have an acceptable address on the emit 2880 * interface 2881 */ 2882 #ifdef SCTP_DEBUG 2883 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 2884 printf("Plan C no prefered for Dest, acceptable for?\n"); 2885 } 2886 #endif 2887 2888 LIST_FOREACH(sctp_ifa, &emit_ifn->ifalist, next_ifa) { 2889 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2890 continue; 2891 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, dest_is_priv, fam); 2892 if (sifa == NULL) 2893 continue; 2894 if (stcb) { 2895 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, sifa)) { 2896 /* 2897 * It is restricted for some reason.. 2898 * probably not yet added. 2899 */ 2900 continue; 2901 } 2902 } 2903 atomic_add_int(&sifa->refcount, 1); 2904 return (sifa); 2905 } 2906 2907 /* 2908 * plan_d: We are in trouble. No prefered address on the emit 2909 * interface. And not even a perfered address on all interfaces. Go 2910 * out and see if we can find an acceptable address somewhere 2911 * amongst all interfaces. 2912 */ 2913 #ifdef SCTP_DEBUG 2914 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 2915 printf("Plan C fails plan D?\n"); 2916 } 2917 #endif 2918 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 2919 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 2920 /* wrong base scope */ 2921 continue; 2922 } 2923 if ((sctp_ifn == looked_at) && looked_at) 2924 /* already looked at this guy */ 2925 continue; 2926 2927 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2928 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2929 continue; 2930 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, dest_is_priv, fam); 2931 if (sifa == NULL) 2932 continue; 2933 if (stcb) { 2934 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, sifa)) { 2935 /* 2936 * It is restricted for some 2937 * reason.. probably not yet added. 2938 */ 2939 continue; 2940 } 2941 } 2942 atomic_add_int(&sifa->refcount, 1); 2943 return (sifa); 2944 } 2945 } 2946 /* 2947 * Ok we can find NO address to source from that is not on our 2948 * negative list and non_asoc_address is NOT ok, or its on our 2949 * negative list. We cant source to it :-( 2950 */ 2951 return (NULL); 2952 } 2953 2954 2955 2956 /* tcb may be NULL */ 2957 struct sctp_ifa * 2958 sctp_source_address_selection(struct sctp_inpcb *inp, 2959 struct sctp_tcb *stcb, 2960 sctp_route_t * ro, 2961 struct sctp_nets *net, 2962 int non_asoc_addr_ok, uint32_t vrf_id) 2963 { 2964 2965 struct sockaddr_in *to = (struct sockaddr_in *)&ro->ro_dst; 2966 struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&ro->ro_dst; 2967 struct sctp_ifa *answer; 2968 uint8_t dest_is_priv, dest_is_loop; 2969 int did_rtalloc = 0; 2970 sa_family_t fam; 2971 2972 /* 2973 * Rules: - Find the route if needed, cache if I can. - Look at 2974 * interface address in route, Is it in the bound list. If so we 2975 * have the best source. - If not we must rotate amongst the 2976 * addresses. 2977 * 2978 * Cavets and issues 2979 * 2980 * Do we need to pay attention to scope. We can have a private address 2981 * or a global address we are sourcing or sending to. So if we draw 2982 * it out zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 2983 * For V4 ------------------------------------------ source * 2984 * dest * result ----------------------------------------- <a> 2985 * Private * Global * NAT 2986 * ----------------------------------------- <b> Private * 2987 * Private * No problem ----------------------------------------- 2988 * <c> Global * Private * Huh, How will this work? 2989 * ----------------------------------------- <d> Global * 2990 * Global * No Problem ------------------------------------------ 2991 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz For V6 2992 * ------------------------------------------ source * dest * 2993 * result ----------------------------------------- <a> Linklocal * 2994 * Global * ----------------------------------------- <b> 2995 * Linklocal * Linklocal * No problem 2996 * ----------------------------------------- <c> Global * 2997 * Linklocal * Huh, How will this work? 2998 * ----------------------------------------- <d> Global * 2999 * Global * No Problem ------------------------------------------ 3000 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3001 * 3002 * And then we add to that what happens if there are multiple addresses 3003 * assigned to an interface. Remember the ifa on a ifn is a linked 3004 * list of addresses. So one interface can have more than one IP 3005 * address. What happens if we have both a private and a global 3006 * address? Do we then use context of destination to sort out which 3007 * one is best? And what about NAT's sending P->G may get you a NAT 3008 * translation, or should you select the G thats on the interface in 3009 * preference. 3010 * 3011 * Decisions: 3012 * 3013 * - count the number of addresses on the interface. - if its one, no 3014 * problem except case <c>. For <a> we will assume a NAT out there. 3015 * - if there are more than one, then we need to worry about scope P 3016 * or G. We should prefer G -> G and P -> P if possible. Then as a 3017 * secondary fall back to mixed types G->P being a last ditch one. - 3018 * The above all works for bound all, but bound specific we need to 3019 * use the same concept but instead only consider the bound 3020 * addresses. If the bound set is NOT assigned to the interface then 3021 * we must use rotation amongst the bound addresses.. 3022 * 3023 */ 3024 if (ro->ro_rt == NULL) { 3025 /* 3026 * Need a route to cache. 3027 * 3028 */ 3029 rtalloc_ign(ro, 0UL); 3030 did_rtalloc = 1; 3031 } 3032 if (ro->ro_rt == NULL) { 3033 return (NULL); 3034 } 3035 fam = to->sin_family; 3036 dest_is_priv = dest_is_loop = 0; 3037 /* Setup our scopes for the destination */ 3038 if (fam == AF_INET) { 3039 /* Scope based on outbound address */ 3040 if ((IN4_ISPRIVATE_ADDRESS(&to->sin_addr))) { 3041 dest_is_priv = 1; 3042 } else if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) { 3043 dest_is_loop = 1; 3044 if (net != NULL) { 3045 /* mark it as local */ 3046 net->addr_is_local = 1; 3047 } 3048 } 3049 } else if (fam == AF_INET6) { 3050 /* Scope based on outbound address */ 3051 if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr)) { 3052 /* 3053 * If the route goes to the loopback address OR the 3054 * address is a loopback address, we are loopback 3055 * scope. But we don't use dest_is_priv (link local 3056 * addresses). 3057 */ 3058 dest_is_loop = 1; 3059 if (net != NULL) { 3060 /* mark it as local */ 3061 net->addr_is_local = 1; 3062 } 3063 } else if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) { 3064 dest_is_priv = 1; 3065 } 3066 } 3067 #ifdef SCTP_DEBUG 3068 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 3069 printf("Select source for:"); 3070 sctp_print_address((struct sockaddr *)to); 3071 } 3072 #endif 3073 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3074 /* 3075 * When bound to all if the address list is set it is a 3076 * negative list. Addresses being added by asconf. 3077 */ 3078 answer = sctp_choose_boundall(inp, stcb, net, ro, vrf_id, 3079 dest_is_priv, 3080 dest_is_loop, 3081 non_asoc_addr_ok, 3082 fam); 3083 return (answer); 3084 } 3085 /* 3086 * Three possiblities here: 3087 * 3088 * a) stcb is NULL, which means we operate only from the list of 3089 * addresses (ifa's) bound to the endpoint and we care not about the 3090 * list. b) stcb is NOT-NULL, which means we have an assoc structure 3091 * and auto-asconf is on. This means that the list of addresses is a 3092 * NOT list. We use the list from the inp, but any listed address in 3093 * our list is NOT yet added. However if the non_asoc_addr_ok is set 3094 * we CAN use an address NOT available (i.e. being added). Its a 3095 * negative list. c) stcb is NOT-NULL, which means we have an assoc 3096 * structure and auto-asconf is off. This means that the list of 3097 * addresses is the ONLY addresses I can use.. its positive. 3098 * 3099 * Note we collapse b & c into the same function just like in the v6 3100 * address selection. 3101 */ 3102 if (stcb) { 3103 answer = sctp_choose_boundspecific_stcb(inp, stcb, net, ro, vrf_id, 3104 dest_is_priv, dest_is_loop, non_asoc_addr_ok, fam); 3105 3106 } else { 3107 answer = sctp_choose_boundspecific_inp(inp, ro, vrf_id, non_asoc_addr_ok, dest_is_priv, dest_is_loop, fam); 3108 3109 } 3110 return (answer); 3111 } 3112 3113 static int 3114 sctp_find_cmsg(int c_type, void *data, struct mbuf *control, int cpsize) 3115 { 3116 struct cmsghdr cmh; 3117 int tlen, at; 3118 3119 tlen = SCTP_BUF_LEN(control); 3120 at = 0; 3121 /* 3122 * Independent of how many mbufs, find the c_type inside the control 3123 * structure and copy out the data. 3124 */ 3125 while (at < tlen) { 3126 if ((tlen - at) < (int)CMSG_ALIGN(sizeof(cmh))) { 3127 /* not enough room for one more we are done. */ 3128 return (0); 3129 } 3130 m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh); 3131 if ((cmh.cmsg_len + at) > tlen) { 3132 /* 3133 * this is real messed up since there is not enough 3134 * data here to cover the cmsg header. We are done. 3135 */ 3136 return (0); 3137 } 3138 if ((cmh.cmsg_level == IPPROTO_SCTP) && 3139 (c_type == cmh.cmsg_type)) { 3140 /* found the one we want, copy it out */ 3141 at += CMSG_ALIGN(sizeof(struct cmsghdr)); 3142 if ((int)(cmh.cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr))) < cpsize) { 3143 /* 3144 * space of cmsg_len after header not big 3145 * enough 3146 */ 3147 return (0); 3148 } 3149 m_copydata(control, at, cpsize, data); 3150 return (1); 3151 } else { 3152 at += CMSG_ALIGN(cmh.cmsg_len); 3153 if (cmh.cmsg_len == 0) { 3154 break; 3155 } 3156 } 3157 } 3158 /* not found */ 3159 return (0); 3160 } 3161 3162 3163 struct mbuf * 3164 sctp_get_mbuf_for_msg(unsigned int space_needed, int want_header, 3165 int how, int allonebuf, int type) 3166 { 3167 struct mbuf *m = NULL; 3168 int aloc_size; 3169 int index = 0; 3170 int mbuf_threshold; 3171 3172 if (want_header) { 3173 MGETHDR(m, how, type); 3174 } else { 3175 MGET(m, how, type); 3176 } 3177 if (m == NULL) { 3178 return (NULL); 3179 } 3180 if (allonebuf == 0) 3181 mbuf_threshold = sctp_mbuf_threshold_count; 3182 else 3183 mbuf_threshold = 1; 3184 3185 3186 if (space_needed > (((mbuf_threshold - 1) * MLEN) + MHLEN)) { 3187 try_again: 3188 index = 4; 3189 if (space_needed <= MCLBYTES) { 3190 aloc_size = MCLBYTES; 3191 } else if (space_needed <= MJUMPAGESIZE) { 3192 aloc_size = MJUMPAGESIZE; 3193 index = 5; 3194 } else if (space_needed <= MJUM9BYTES) { 3195 aloc_size = MJUM9BYTES; 3196 index = 6; 3197 } else { 3198 aloc_size = MJUM16BYTES; 3199 index = 7; 3200 } 3201 m_cljget(m, how, aloc_size); 3202 if (m == NULL) { 3203 return (NULL); 3204 } 3205 if (SCTP_BUF_IS_EXTENDED(m) == 0) { 3206 if ((aloc_size != MCLBYTES) && 3207 (allonebuf == 0)) { 3208 aloc_size -= 10; 3209 goto try_again; 3210 } 3211 sctp_m_freem(m); 3212 return (NULL); 3213 } 3214 } 3215 SCTP_BUF_LEN(m) = 0; 3216 SCTP_BUF_NEXT(m) = SCTP_BUF_NEXT_PKT(m) = NULL; 3217 #ifdef SCTP_MBUF_LOGGING 3218 if (SCTP_BUF_IS_EXTENDED(m)) { 3219 sctp_log_mb(m, SCTP_MBUF_IALLOC); 3220 } 3221 #endif 3222 return (m); 3223 } 3224 3225 3226 static struct mbuf * 3227 sctp_add_cookie(struct sctp_inpcb *inp, struct mbuf *init, int init_offset, 3228 struct mbuf *initack, int initack_offset, struct sctp_state_cookie *stc_in) 3229 { 3230 struct mbuf *copy_init, *copy_initack, *m_at, *sig, *mret; 3231 struct sctp_state_cookie *stc; 3232 struct sctp_paramhdr *ph; 3233 uint8_t *signature; 3234 int sig_offset; 3235 uint16_t cookie_sz; 3236 3237 mret = NULL; 3238 3239 3240 mret = sctp_get_mbuf_for_msg((sizeof(struct sctp_state_cookie) + 3241 sizeof(struct sctp_paramhdr)), 0, M_DONTWAIT, 1, MT_DATA); 3242 if (mret == NULL) { 3243 return (NULL); 3244 } 3245 copy_init = SCTP_M_COPYM(init, init_offset, M_COPYALL, M_DONTWAIT); 3246 if (copy_init == NULL) { 3247 sctp_m_freem(mret); 3248 return (NULL); 3249 } 3250 copy_initack = SCTP_M_COPYM(initack, initack_offset, M_COPYALL, 3251 M_DONTWAIT); 3252 if (copy_initack == NULL) { 3253 sctp_m_freem(mret); 3254 sctp_m_freem(copy_init); 3255 return (NULL); 3256 } 3257 /* easy side we just drop it on the end */ 3258 ph = mtod(mret, struct sctp_paramhdr *); 3259 SCTP_BUF_LEN(mret) = sizeof(struct sctp_state_cookie) + 3260 sizeof(struct sctp_paramhdr); 3261 stc = (struct sctp_state_cookie *)((caddr_t)ph + 3262 sizeof(struct sctp_paramhdr)); 3263 ph->param_type = htons(SCTP_STATE_COOKIE); 3264 ph->param_length = 0; /* fill in at the end */ 3265 /* Fill in the stc cookie data */ 3266 *stc = *stc_in; 3267 3268 /* tack the INIT and then the INIT-ACK onto the chain */ 3269 cookie_sz = 0; 3270 m_at = mret; 3271 for (m_at = mret; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3272 cookie_sz += SCTP_BUF_LEN(m_at); 3273 if (SCTP_BUF_NEXT(m_at) == NULL) { 3274 SCTP_BUF_NEXT(m_at) = copy_init; 3275 break; 3276 } 3277 } 3278 3279 for (m_at = copy_init; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3280 cookie_sz += SCTP_BUF_LEN(m_at); 3281 if (SCTP_BUF_NEXT(m_at) == NULL) { 3282 SCTP_BUF_NEXT(m_at) = copy_initack; 3283 break; 3284 } 3285 } 3286 3287 for (m_at = copy_initack; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3288 cookie_sz += SCTP_BUF_LEN(m_at); 3289 if (SCTP_BUF_NEXT(m_at) == NULL) { 3290 break; 3291 } 3292 } 3293 sig = sctp_get_mbuf_for_msg(SCTP_SECRET_SIZE, 0, M_DONTWAIT, 1, MT_DATA); 3294 if (sig == NULL) { 3295 /* no space, so free the entire chain */ 3296 sctp_m_freem(mret); 3297 return (NULL); 3298 } 3299 SCTP_BUF_LEN(sig) = 0; 3300 SCTP_BUF_NEXT(m_at) = sig; 3301 sig_offset = 0; 3302 signature = (uint8_t *) (mtod(sig, caddr_t)+sig_offset); 3303 /* Time to sign the cookie */ 3304 sctp_hmac_m(SCTP_HMAC, 3305 (uint8_t *) inp->sctp_ep.secret_key[(int)(inp->sctp_ep.current_secret_number)], 3306 SCTP_SECRET_SIZE, mret, sizeof(struct sctp_paramhdr), 3307 (uint8_t *) signature); 3308 SCTP_BUF_LEN(sig) += SCTP_SIGNATURE_SIZE; 3309 cookie_sz += SCTP_SIGNATURE_SIZE; 3310 3311 ph->param_length = htons(cookie_sz); 3312 return (mret); 3313 } 3314 3315 3316 static __inline uint8_t 3317 sctp_get_ect(struct sctp_tcb *stcb, 3318 struct sctp_tmit_chunk *chk) 3319 { 3320 uint8_t this_random; 3321 3322 /* Huh? */ 3323 if (sctp_ecn_enable == 0) 3324 return (0); 3325 3326 if (sctp_ecn_nonce == 0) 3327 /* no nonce, always return ECT0 */ 3328 return (SCTP_ECT0_BIT); 3329 3330 if (stcb->asoc.peer_supports_ecn_nonce == 0) { 3331 /* Peer does NOT support it, so we send a ECT0 only */ 3332 return (SCTP_ECT0_BIT); 3333 } 3334 if (chk == NULL) 3335 return (SCTP_ECT0_BIT); 3336 3337 if (((stcb->asoc.hb_random_idx == 3) && 3338 (stcb->asoc.hb_ect_randombit > 7)) || 3339 (stcb->asoc.hb_random_idx > 3)) { 3340 uint32_t rndval; 3341 3342 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 3343 memcpy(stcb->asoc.hb_random_values, &rndval, 3344 sizeof(stcb->asoc.hb_random_values)); 3345 this_random = stcb->asoc.hb_random_values[0]; 3346 stcb->asoc.hb_random_idx = 0; 3347 stcb->asoc.hb_ect_randombit = 0; 3348 } else { 3349 if (stcb->asoc.hb_ect_randombit > 7) { 3350 stcb->asoc.hb_ect_randombit = 0; 3351 stcb->asoc.hb_random_idx++; 3352 } 3353 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx]; 3354 } 3355 if ((this_random >> stcb->asoc.hb_ect_randombit) & 0x01) { 3356 if (chk != NULL) 3357 /* ECN Nonce stuff */ 3358 chk->rec.data.ect_nonce = SCTP_ECT1_BIT; 3359 stcb->asoc.hb_ect_randombit++; 3360 return (SCTP_ECT1_BIT); 3361 } else { 3362 stcb->asoc.hb_ect_randombit++; 3363 return (SCTP_ECT0_BIT); 3364 } 3365 } 3366 3367 static int 3368 sctp_lowlevel_chunk_output(struct sctp_inpcb *inp, 3369 struct sctp_tcb *stcb, /* may be NULL */ 3370 struct sctp_nets *net, 3371 struct sockaddr *to, 3372 struct mbuf *m, 3373 uint32_t auth_offset, 3374 struct sctp_auth_chunk *auth, 3375 int nofragment_flag, 3376 int ecn_ok, 3377 struct sctp_tmit_chunk *chk, 3378 int out_of_asoc_ok) 3379 /* nofragment_flag to tell if IP_DF should be set (IPv4 only) */ 3380 { 3381 /* 3382 * Given a mbuf chain (via SCTP_BUF_NEXT()) that holds a packet 3383 * header WITH a SCTPHDR but no IP header, endpoint inp and sa 3384 * structure. - fill in the HMAC digest of any AUTH chunk in the 3385 * packet - calculate SCTP checksum and fill in - prepend a IP 3386 * address header - if boundall use INADDR_ANY - if boundspecific do 3387 * source address selection - set fragmentation option for ipV4 - On 3388 * return from IP output, check/adjust mtu size - of output 3389 * interface and smallest_mtu size as well. 3390 */ 3391 /* Will need ifdefs around this */ 3392 struct mbuf *o_pak; 3393 3394 struct sctphdr *sctphdr; 3395 int packet_length; 3396 int o_flgs; 3397 uint32_t csum; 3398 int ret; 3399 unsigned int have_mtu; 3400 uint32_t vrf_id; 3401 sctp_route_t *ro; 3402 3403 3404 if ((net) && (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE)) { 3405 sctp_m_freem(m); 3406 return (EFAULT); 3407 } 3408 if (stcb == NULL) { 3409 vrf_id = inp->def_vrf_id; 3410 } else { 3411 vrf_id = stcb->asoc.vrf_id; 3412 } 3413 3414 /* fill in the HMAC digest for any AUTH chunk in the packet */ 3415 if ((auth != NULL) && (stcb != NULL)) { 3416 sctp_fill_hmac_digest_m(m, auth_offset, auth, stcb); 3417 } 3418 /* Calculate the csum and fill in the length of the packet */ 3419 sctphdr = mtod(m, struct sctphdr *); 3420 have_mtu = 0; 3421 if (sctp_no_csum_on_loopback && 3422 (stcb) && 3423 (stcb->asoc.loopback_scope)) { 3424 sctphdr->checksum = 0; 3425 /* 3426 * This can probably now be taken out since my audit shows 3427 * no more bad pktlen's coming in. But we will wait a while 3428 * yet. 3429 */ 3430 packet_length = sctp_calculate_len(m); 3431 } else { 3432 sctphdr->checksum = 0; 3433 csum = sctp_calculate_sum(m, &packet_length, 0); 3434 sctphdr->checksum = csum; 3435 } 3436 3437 if (to->sa_family == AF_INET) { 3438 struct ip *ip = NULL; 3439 sctp_route_t iproute; 3440 uint8_t tos_value; 3441 3442 o_pak = SCTP_GET_HEADER_FOR_OUTPUT(sizeof(struct ip)); 3443 if (o_pak == NULL) { 3444 /* failed to prepend data, give up */ 3445 sctp_m_freem(m); 3446 return (ENOMEM); 3447 } 3448 SCTP_ALIGN_TO_END(o_pak, sizeof(struct ip)); 3449 SCTP_BUF_LEN(SCTP_HEADER_TO_CHAIN(o_pak)) = sizeof(struct ip); 3450 packet_length += sizeof(struct ip); 3451 SCTP_ATTACH_CHAIN(o_pak, m, packet_length); 3452 ip = mtod(SCTP_HEADER_TO_CHAIN(o_pak), struct ip *); 3453 ip->ip_v = IPVERSION; 3454 ip->ip_hl = (sizeof(struct ip) >> 2); 3455 if (net) { 3456 tos_value = net->tos_flowlabel & 0x000000ff; 3457 } else { 3458 tos_value = inp->ip_inp.inp.inp_ip_tos; 3459 } 3460 if (nofragment_flag) { 3461 #if defined(WITH_CONVERT_IP_OFF) || defined(__FreeBSD__) || defined(__APPLE__) 3462 ip->ip_off = IP_DF; 3463 #else 3464 ip->ip_off = htons(IP_DF); 3465 #endif 3466 } else 3467 ip->ip_off = 0; 3468 3469 3470 /* FreeBSD has a function for ip_id's */ 3471 ip->ip_id = ip_newid(); 3472 3473 ip->ip_ttl = inp->ip_inp.inp.inp_ip_ttl; 3474 ip->ip_len = SCTP_HEADER_LEN(o_pak); 3475 if (stcb) { 3476 if ((stcb->asoc.ecn_allowed) && ecn_ok) { 3477 /* Enable ECN */ 3478 ip->ip_tos = ((u_char)(tos_value & 0xfc) | sctp_get_ect(stcb, chk)); 3479 } else { 3480 /* No ECN */ 3481 ip->ip_tos = (u_char)(tos_value & 0xfc); 3482 } 3483 } else { 3484 /* no association at all */ 3485 ip->ip_tos = (tos_value & 0xfc); 3486 } 3487 ip->ip_p = IPPROTO_SCTP; 3488 ip->ip_sum = 0; 3489 if (net == NULL) { 3490 ro = &iproute; 3491 memset(&iproute, 0, sizeof(iproute)); 3492 memcpy(&ro->ro_dst, to, to->sa_len); 3493 } else { 3494 ro = (sctp_route_t *) & net->ro; 3495 } 3496 /* Now the address selection part */ 3497 ip->ip_dst.s_addr = ((struct sockaddr_in *)to)->sin_addr.s_addr; 3498 3499 /* call the routine to select the src address */ 3500 if (net) { 3501 if (net->src_addr_selected == 0) { 3502 /* Cache the source address */ 3503 net->ro._s_addr = sctp_source_address_selection(inp, stcb, 3504 ro, net, out_of_asoc_ok, vrf_id); 3505 if (net->ro._s_addr == NULL) { 3506 /* No route to host */ 3507 goto no_route; 3508 } 3509 net->src_addr_selected = 1; 3510 } 3511 ip->ip_src = net->ro._s_addr->address.sin.sin_addr; 3512 } else { 3513 struct sctp_ifa *_lsrc; 3514 3515 _lsrc = sctp_source_address_selection(inp, 3516 stcb, ro, net, out_of_asoc_ok, vrf_id); 3517 if (_lsrc == NULL) { 3518 goto no_route; 3519 } 3520 ip->ip_src = _lsrc->address.sin.sin_addr; 3521 sctp_free_ifa(_lsrc); 3522 } 3523 3524 /* 3525 * If source address selection fails and we find no route 3526 * then the ip_output should fail as well with a 3527 * NO_ROUTE_TO_HOST type error. We probably should catch 3528 * that somewhere and abort the association right away 3529 * (assuming this is an INIT being sent). 3530 */ 3531 if ((ro->ro_rt == NULL)) { 3532 /* 3533 * src addr selection failed to find a route (or 3534 * valid source addr), so we can't get there from 3535 * here (yet)! 3536 */ 3537 no_route: 3538 #ifdef SCTP_DEBUG 3539 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 3540 printf("low_level_output: dropped packet - no valid source addr\n"); 3541 if (net) { 3542 printf("Destination was "); 3543 sctp_print_address(&net->ro._l_addr.sa); 3544 } 3545 } 3546 #endif /* SCTP_DEBUG */ 3547 if (net) { 3548 if (net->dest_state & SCTP_ADDR_CONFIRMED) { 3549 if ((net->dest_state & SCTP_ADDR_REACHABLE) && stcb) { 3550 printf("no route takes interface %p down\n", net); 3551 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN, 3552 stcb, 3553 SCTP_FAILED_THRESHOLD, 3554 (void *)net); 3555 net->dest_state &= ~SCTP_ADDR_REACHABLE; 3556 net->dest_state |= SCTP_ADDR_NOT_REACHABLE; 3557 } 3558 } 3559 if (stcb) { 3560 if (net == stcb->asoc.primary_destination) { 3561 /* need a new primary */ 3562 struct sctp_nets *alt; 3563 3564 alt = sctp_find_alternate_net(stcb, net, 0); 3565 if (alt != net) { 3566 if (sctp_set_primary_addr(stcb, 3567 (struct sockaddr *)NULL, 3568 alt) == 0) { 3569 net->dest_state |= SCTP_ADDR_WAS_PRIMARY; 3570 if (net->ro._s_addr) { 3571 sctp_free_ifa(net->ro._s_addr); 3572 net->ro._s_addr = NULL; 3573 } 3574 net->src_addr_selected = 0; 3575 } 3576 } 3577 } 3578 } 3579 } 3580 sctp_m_freem(o_pak); 3581 return (EHOSTUNREACH); 3582 } else { 3583 have_mtu = ro->ro_rt->rt_ifp->if_mtu; 3584 } 3585 if (inp->sctp_socket) { 3586 o_flgs = (IP_RAWOUTPUT | (inp->sctp_socket->so_options & (SO_DONTROUTE | SO_BROADCAST))); 3587 } else { 3588 o_flgs = IP_RAWOUTPUT; 3589 } 3590 #ifdef SCTP_DEBUG 3591 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 3592 printf("Calling ipv4 output routine from low level src addr:%x\n", 3593 (uint32_t) (ntohl(ip->ip_src.s_addr))); 3594 printf("Destination is %x\n", (uint32_t) (ntohl(ip->ip_dst.s_addr))); 3595 printf("RTP route is %p through\n", ro->ro_rt); 3596 } 3597 #endif 3598 3599 if ((have_mtu) && (net) && (have_mtu > net->mtu)) { 3600 ro->ro_rt->rt_ifp->if_mtu = net->mtu; 3601 } 3602 if (ro != &iproute) { 3603 memcpy(&iproute, ro, sizeof(*ro)); 3604 } 3605 ret = ip_output(o_pak, inp->ip_inp.inp.inp_options, 3606 ro, o_flgs, inp->ip_inp.inp.inp_moptions 3607 ,(struct inpcb *)NULL 3608 ); 3609 if ((ro->ro_rt) && (have_mtu) && (net) && (have_mtu > net->mtu)) { 3610 ro->ro_rt->rt_ifp->if_mtu = have_mtu; 3611 } 3612 SCTP_STAT_INCR(sctps_sendpackets); 3613 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 3614 if (ret) 3615 SCTP_STAT_INCR(sctps_senderrors); 3616 #ifdef SCTP_DEBUG 3617 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 3618 printf("Ip output returns %d\n", ret); 3619 } 3620 #endif 3621 if (net == NULL) { 3622 /* free tempy routes */ 3623 if (ro->ro_rt) { 3624 RTFREE(ro->ro_rt); 3625 ro->ro_rt = NULL; 3626 } 3627 } else { 3628 /* PMTU check versus smallest asoc MTU goes here */ 3629 if (ro->ro_rt != NULL) { 3630 if (ro->ro_rt->rt_rmx.rmx_mtu && 3631 (stcb->asoc.smallest_mtu > ro->ro_rt->rt_rmx.rmx_mtu)) { 3632 sctp_mtu_size_reset(inp, &stcb->asoc, 3633 ro->ro_rt->rt_rmx.rmx_mtu); 3634 } 3635 } else { 3636 /* route was freed */ 3637 if (net->ro._s_addr && 3638 net->src_addr_selected) { 3639 sctp_free_ifa(net->ro._s_addr); 3640 net->ro._s_addr = NULL; 3641 } 3642 net->src_addr_selected = 0; 3643 } 3644 } 3645 return (ret); 3646 } 3647 #ifdef INET6 3648 else if (to->sa_family == AF_INET6) { 3649 uint32_t flowlabel; 3650 struct ip6_hdr *ip6h; 3651 3652 struct route_in6 ip6route; 3653 struct ifnet *ifp; 3654 u_char flowTop; 3655 uint16_t flowBottom; 3656 u_char tosBottom, tosTop; 3657 struct sockaddr_in6 *sin6, tmp, *lsa6, lsa6_tmp; 3658 struct sockaddr_in6 lsa6_storage; 3659 int prev_scope = 0; 3660 int error; 3661 u_short prev_port = 0; 3662 3663 if (net != NULL) { 3664 flowlabel = net->tos_flowlabel; 3665 } else { 3666 flowlabel = ((struct in6pcb *)inp)->in6p_flowinfo; 3667 } 3668 o_pak = SCTP_GET_HEADER_FOR_OUTPUT(sizeof(struct ip6_hdr)); 3669 if (o_pak == NULL) { 3670 /* failed to prepend data, give up */ 3671 sctp_m_freem(m); 3672 return (ENOMEM); 3673 } 3674 SCTP_ALIGN_TO_END(o_pak, sizeof(struct ip6_hdr)); 3675 3676 SCTP_BUF_LEN(SCTP_HEADER_TO_CHAIN(o_pak)) = sizeof(struct ip6_hdr); 3677 packet_length += sizeof(struct ip6_hdr); 3678 SCTP_ATTACH_CHAIN(o_pak, m, packet_length); 3679 ip6h = mtod(SCTP_HEADER_TO_CHAIN(o_pak), struct ip6_hdr *); 3680 /* 3681 * We assume here that inp_flow is in host byte order within 3682 * the TCB! 3683 */ 3684 flowBottom = flowlabel & 0x0000ffff; 3685 flowTop = ((flowlabel & 0x000f0000) >> 16); 3686 tosTop = (((flowlabel & 0xf0) >> 4) | IPV6_VERSION); 3687 /* protect *sin6 from overwrite */ 3688 sin6 = (struct sockaddr_in6 *)to; 3689 tmp = *sin6; 3690 sin6 = &tmp; 3691 3692 /* KAME hack: embed scopeid */ 3693 if (sa6_embedscope(sin6, ip6_use_defzone) != 0) 3694 return (EINVAL); 3695 if (net == NULL) { 3696 memset(&ip6route, 0, sizeof(ip6route)); 3697 ro = (sctp_route_t *) & ip6route; 3698 memcpy(&ro->ro_dst, sin6, sin6->sin6_len); 3699 } else { 3700 ro = (sctp_route_t *) & net->ro; 3701 } 3702 if (stcb != NULL) { 3703 if ((stcb->asoc.ecn_allowed) && ecn_ok) { 3704 /* Enable ECN */ 3705 tosBottom = (((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) | sctp_get_ect(stcb, chk)) << 4); 3706 } else { 3707 /* No ECN */ 3708 tosBottom = ((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) << 4); 3709 } 3710 } else { 3711 /* we could get no asoc if it is a O-O-T-B packet */ 3712 tosBottom = ((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) << 4); 3713 } 3714 ip6h->ip6_flow = htonl(((tosTop << 24) | ((tosBottom | flowTop) << 16) | flowBottom)); 3715 ip6h->ip6_nxt = IPPROTO_SCTP; 3716 ip6h->ip6_plen = (SCTP_HEADER_LEN(o_pak) - sizeof(struct ip6_hdr)); 3717 ip6h->ip6_dst = sin6->sin6_addr; 3718 3719 /* 3720 * Add SRC address selection here: we can only reuse to a 3721 * limited degree the kame src-addr-sel, since we can try 3722 * their selection but it may not be bound. 3723 */ 3724 bzero(&lsa6_tmp, sizeof(lsa6_tmp)); 3725 lsa6_tmp.sin6_family = AF_INET6; 3726 lsa6_tmp.sin6_len = sizeof(lsa6_tmp); 3727 lsa6 = &lsa6_tmp; 3728 if (net) { 3729 if (net->src_addr_selected == 0) { 3730 /* Cache the source address */ 3731 net->ro._s_addr = sctp_source_address_selection(inp, 3732 stcb, 3733 ro, 3734 net, 3735 out_of_asoc_ok, 3736 vrf_id); 3737 if (net->ro._s_addr == NULL) { 3738 #ifdef SCTP_DEBUG 3739 printf("V6:No route to host\n"); 3740 #endif 3741 goto no_route; 3742 } 3743 net->src_addr_selected = 1; 3744 } 3745 lsa6->sin6_addr = net->ro._s_addr->address.sin6.sin6_addr; 3746 } else { 3747 struct sctp_ifa *_lsrc; 3748 3749 _lsrc = sctp_source_address_selection(inp, stcb, ro, net, out_of_asoc_ok, vrf_id); 3750 if (_lsrc == NULL) { 3751 goto no_route; 3752 } 3753 lsa6->sin6_addr = _lsrc->address.sin6.sin6_addr; 3754 sctp_free_ifa(_lsrc); 3755 } 3756 lsa6->sin6_port = inp->sctp_lport; 3757 3758 if ((ro->ro_rt == NULL)) { 3759 /* 3760 * src addr selection failed to find a route (or 3761 * valid source addr), so we can't get there from 3762 * here! 3763 */ 3764 goto no_route; 3765 } 3766 /* 3767 * XXX: sa6 may not have a valid sin6_scope_id in the 3768 * non-SCOPEDROUTING case. 3769 */ 3770 bzero(&lsa6_storage, sizeof(lsa6_storage)); 3771 lsa6_storage.sin6_family = AF_INET6; 3772 lsa6_storage.sin6_len = sizeof(lsa6_storage); 3773 if ((error = sa6_recoverscope(&lsa6_storage)) != 0) { 3774 sctp_m_freem(o_pak); 3775 return (error); 3776 } 3777 /* XXX */ 3778 lsa6_storage.sin6_addr = lsa6->sin6_addr; 3779 lsa6_storage.sin6_port = inp->sctp_lport; 3780 lsa6 = &lsa6_storage; 3781 ip6h->ip6_src = lsa6->sin6_addr; 3782 3783 /* 3784 * We set the hop limit now since there is a good chance 3785 * that our ro pointer is now filled 3786 */ 3787 ip6h->ip6_hlim = in6_selecthlim((struct in6pcb *)&inp->ip_inp.inp, 3788 (ro ? 3789 (ro->ro_rt ? (ro->ro_rt->rt_ifp) : (NULL)) : 3790 (NULL))); 3791 o_flgs = 0; 3792 ifp = ro->ro_rt->rt_ifp; 3793 #ifdef SCTP_DEBUG 3794 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 3795 /* Copy to be sure something bad is not happening */ 3796 sin6->sin6_addr = ip6h->ip6_dst; 3797 lsa6->sin6_addr = ip6h->ip6_src; 3798 3799 printf("Calling ipv6 output routine from low level\n"); 3800 printf("src: "); 3801 sctp_print_address((struct sockaddr *)lsa6); 3802 printf("dst: "); 3803 sctp_print_address((struct sockaddr *)sin6); 3804 } 3805 #endif /* SCTP_DEBUG */ 3806 if (net) { 3807 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 3808 /* preserve the port and scope for link local send */ 3809 prev_scope = sin6->sin6_scope_id; 3810 prev_port = sin6->sin6_port; 3811 } 3812 ret = ip6_output(o_pak, ((struct in6pcb *)inp)->in6p_outputopts, 3813 (struct route_in6 *)ro, 3814 o_flgs, 3815 ((struct in6pcb *)inp)->in6p_moptions, 3816 &ifp 3817 ,NULL 3818 ); 3819 if (net) { 3820 /* for link local this must be done */ 3821 sin6->sin6_scope_id = prev_scope; 3822 sin6->sin6_port = prev_port; 3823 } 3824 #ifdef SCTP_DEBUG 3825 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 3826 printf("return from send is %d\n", ret); 3827 } 3828 #endif /* SCTP_DEBUG_OUTPUT */ 3829 SCTP_STAT_INCR(sctps_sendpackets); 3830 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 3831 if (ret) { 3832 SCTP_STAT_INCR(sctps_senderrors); 3833 } 3834 if (net == NULL) { 3835 /* Now if we had a temp route free it */ 3836 if (ro->ro_rt) { 3837 RTFREE(ro->ro_rt); 3838 } 3839 } else { 3840 /* PMTU check versus smallest asoc MTU goes here */ 3841 if (ro->ro_rt == NULL) { 3842 /* Route was freed */ 3843 3844 if (net->ro._s_addr && 3845 net->src_addr_selected) { 3846 sctp_free_ifa(net->ro._s_addr); 3847 net->ro._s_addr = NULL; 3848 } 3849 net->src_addr_selected = 0; 3850 } 3851 if (ro->ro_rt != NULL) { 3852 if (ro->ro_rt->rt_rmx.rmx_mtu && 3853 (stcb->asoc.smallest_mtu > ro->ro_rt->rt_rmx.rmx_mtu)) { 3854 sctp_mtu_size_reset(inp, 3855 &stcb->asoc, 3856 ro->ro_rt->rt_rmx.rmx_mtu); 3857 } 3858 } else if (ifp) { 3859 if (ND_IFINFO(ifp)->linkmtu && 3860 (stcb->asoc.smallest_mtu > ND_IFINFO(ifp)->linkmtu)) { 3861 sctp_mtu_size_reset(inp, 3862 &stcb->asoc, 3863 ND_IFINFO(ifp)->linkmtu); 3864 } 3865 } 3866 } 3867 return (ret); 3868 } 3869 #endif 3870 else { 3871 #ifdef SCTP_DEBUG 3872 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 3873 printf("Unknown protocol (TSNH) type %d\n", ((struct sockaddr *)to)->sa_family); 3874 } 3875 #endif 3876 sctp_m_freem(m); 3877 return (EFAULT); 3878 } 3879 } 3880 3881 3882 void 3883 sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb) 3884 { 3885 struct mbuf *m, *m_at, *m_last; 3886 struct sctp_nets *net; 3887 struct sctp_init_msg *initm; 3888 struct sctp_supported_addr_param *sup_addr; 3889 struct sctp_ecn_supported_param *ecn; 3890 struct sctp_prsctp_supported_param *prsctp; 3891 struct sctp_ecn_nonce_supported_param *ecn_nonce; 3892 struct sctp_supported_chunk_types_param *pr_supported; 3893 int cnt_inits_to = 0; 3894 int padval, ret; 3895 int num_ext; 3896 int p_len; 3897 3898 /* INIT's always go to the primary (and usually ONLY address) */ 3899 m_last = NULL; 3900 net = stcb->asoc.primary_destination; 3901 if (net == NULL) { 3902 net = TAILQ_FIRST(&stcb->asoc.nets); 3903 if (net == NULL) { 3904 /* TSNH */ 3905 return; 3906 } 3907 /* we confirm any address we send an INIT to */ 3908 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; 3909 sctp_set_primary_addr(stcb, NULL, net); 3910 } else { 3911 /* we confirm any address we send an INIT to */ 3912 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; 3913 } 3914 #ifdef SCTP_DEBUG 3915 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 3916 printf("Sending INIT\n"); 3917 } 3918 #endif 3919 if (((struct sockaddr *)&(net->ro._l_addr))->sa_family == AF_INET6) { 3920 /* 3921 * special hook, if we are sending to link local it will not 3922 * show up in our private address count. 3923 */ 3924 struct sockaddr_in6 *sin6l; 3925 3926 sin6l = &net->ro._l_addr.sin6; 3927 if (IN6_IS_ADDR_LINKLOCAL(&sin6l->sin6_addr)) 3928 cnt_inits_to = 1; 3929 } 3930 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 3931 /* This case should not happen */ 3932 return; 3933 } 3934 /* start the INIT timer */ 3935 if (sctp_timer_start(SCTP_TIMER_TYPE_INIT, inp, stcb, net)) { 3936 /* we are hosed since I can't start the INIT timer? */ 3937 return; 3938 } 3939 m = sctp_get_mbuf_for_msg(MCLBYTES, 1, M_DONTWAIT, 1, MT_DATA); 3940 if (m == NULL) { 3941 /* No memory, INIT timer will re-attempt. */ 3942 return; 3943 } 3944 SCTP_BUF_LEN(m) = sizeof(struct sctp_init_msg); 3945 /* Now lets put the SCTP header in place */ 3946 initm = mtod(m, struct sctp_init_msg *); 3947 initm->sh.src_port = inp->sctp_lport; 3948 initm->sh.dest_port = stcb->rport; 3949 initm->sh.v_tag = 0; 3950 initm->sh.checksum = 0; /* calculate later */ 3951 /* now the chunk header */ 3952 initm->msg.ch.chunk_type = SCTP_INITIATION; 3953 initm->msg.ch.chunk_flags = 0; 3954 /* fill in later from mbuf we build */ 3955 initm->msg.ch.chunk_length = 0; 3956 /* place in my tag */ 3957 initm->msg.init.initiate_tag = htonl(stcb->asoc.my_vtag); 3958 /* set up some of the credits. */ 3959 initm->msg.init.a_rwnd = htonl(max(SCTP_SB_LIMIT_RCV(inp->sctp_socket), 3960 SCTP_MINIMAL_RWND)); 3961 3962 initm->msg.init.num_outbound_streams = htons(stcb->asoc.pre_open_streams); 3963 initm->msg.init.num_inbound_streams = htons(stcb->asoc.max_inbound_streams); 3964 initm->msg.init.initial_tsn = htonl(stcb->asoc.init_seq_number); 3965 /* now the address restriction */ 3966 sup_addr = (struct sctp_supported_addr_param *)((caddr_t)initm + 3967 sizeof(*initm)); 3968 sup_addr->ph.param_type = htons(SCTP_SUPPORTED_ADDRTYPE); 3969 /* we support 2 types IPv6/IPv4 */ 3970 sup_addr->ph.param_length = htons(sizeof(*sup_addr) + 3971 sizeof(uint16_t)); 3972 sup_addr->addr_type[0] = htons(SCTP_IPV4_ADDRESS); 3973 sup_addr->addr_type[1] = htons(SCTP_IPV6_ADDRESS); 3974 SCTP_BUF_LEN(m) += sizeof(*sup_addr) + sizeof(uint16_t); 3975 3976 if (inp->sctp_ep.adaptation_layer_indicator) { 3977 struct sctp_adaptation_layer_indication *ali; 3978 3979 ali = (struct sctp_adaptation_layer_indication *)( 3980 (caddr_t)sup_addr + sizeof(*sup_addr) + sizeof(uint16_t)); 3981 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION); 3982 ali->ph.param_length = htons(sizeof(*ali)); 3983 ali->indication = ntohl(inp->sctp_ep.adaptation_layer_indicator); 3984 SCTP_BUF_LEN(m) += sizeof(*ali); 3985 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ali + 3986 sizeof(*ali)); 3987 } else { 3988 ecn = (struct sctp_ecn_supported_param *)((caddr_t)sup_addr + 3989 sizeof(*sup_addr) + sizeof(uint16_t)); 3990 } 3991 3992 /* now any cookie time extensions */ 3993 if (stcb->asoc.cookie_preserve_req) { 3994 struct sctp_cookie_perserve_param *cookie_preserve; 3995 3996 cookie_preserve = (struct sctp_cookie_perserve_param *)(ecn); 3997 cookie_preserve->ph.param_type = htons(SCTP_COOKIE_PRESERVE); 3998 cookie_preserve->ph.param_length = htons( 3999 sizeof(*cookie_preserve)); 4000 cookie_preserve->time = htonl(stcb->asoc.cookie_preserve_req); 4001 SCTP_BUF_LEN(m) += sizeof(*cookie_preserve); 4002 ecn = (struct sctp_ecn_supported_param *)( 4003 (caddr_t)cookie_preserve + sizeof(*cookie_preserve)); 4004 stcb->asoc.cookie_preserve_req = 0; 4005 } 4006 /* ECN parameter */ 4007 if (sctp_ecn_enable == 1) { 4008 ecn->ph.param_type = htons(SCTP_ECN_CAPABLE); 4009 ecn->ph.param_length = htons(sizeof(*ecn)); 4010 SCTP_BUF_LEN(m) += sizeof(*ecn); 4011 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn + 4012 sizeof(*ecn)); 4013 } else { 4014 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn); 4015 } 4016 /* And now tell the peer we do pr-sctp */ 4017 prsctp->ph.param_type = htons(SCTP_PRSCTP_SUPPORTED); 4018 prsctp->ph.param_length = htons(sizeof(*prsctp)); 4019 SCTP_BUF_LEN(m) += sizeof(*prsctp); 4020 4021 /* And now tell the peer we do all the extensions */ 4022 pr_supported = (struct sctp_supported_chunk_types_param *) 4023 ((caddr_t)prsctp + sizeof(*prsctp)); 4024 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT); 4025 num_ext = 0; 4026 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF; 4027 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK; 4028 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN; 4029 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED; 4030 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET; 4031 if (!sctp_auth_disable) 4032 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION; 4033 p_len = sizeof(*pr_supported) + num_ext; 4034 pr_supported->ph.param_length = htons(p_len); 4035 bzero((caddr_t)pr_supported + p_len, SCTP_SIZE32(p_len) - p_len); 4036 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4037 4038 /* ECN nonce: And now tell the peer we support ECN nonce */ 4039 if (sctp_ecn_nonce) { 4040 ecn_nonce = (struct sctp_ecn_nonce_supported_param *) 4041 ((caddr_t)pr_supported + SCTP_SIZE32(p_len)); 4042 ecn_nonce->ph.param_type = htons(SCTP_ECN_NONCE_SUPPORTED); 4043 ecn_nonce->ph.param_length = htons(sizeof(*ecn_nonce)); 4044 SCTP_BUF_LEN(m) += sizeof(*ecn_nonce); 4045 } 4046 /* add authentication parameters */ 4047 if (!sctp_auth_disable) { 4048 struct sctp_auth_random *random; 4049 struct sctp_auth_hmac_algo *hmacs; 4050 struct sctp_auth_chunk_list *chunks; 4051 4052 /* attach RANDOM parameter, if available */ 4053 if (stcb->asoc.authinfo.random != NULL) { 4054 random = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4055 p_len = sizeof(*random) + stcb->asoc.authinfo.random_len; 4056 #ifdef SCTP_AUTH_DRAFT_04 4057 random->ph.param_type = htons(SCTP_RANDOM); 4058 random->ph.param_length = htons(p_len); 4059 bcopy(stcb->asoc.authinfo.random->key, 4060 random->random_data, 4061 stcb->asoc.authinfo.random_len); 4062 #else 4063 /* random key already contains the header */ 4064 bcopy(stcb->asoc.authinfo.random->key, random, p_len); 4065 #endif 4066 /* zero out any padding required */ 4067 bzero((caddr_t)random + p_len, SCTP_SIZE32(p_len) - p_len); 4068 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4069 } 4070 /* add HMAC_ALGO parameter */ 4071 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4072 p_len = sctp_serialize_hmaclist(stcb->asoc.local_hmacs, 4073 (uint8_t *) hmacs->hmac_ids); 4074 if (p_len > 0) { 4075 p_len += sizeof(*hmacs); 4076 hmacs->ph.param_type = htons(SCTP_HMAC_LIST); 4077 hmacs->ph.param_length = htons(p_len); 4078 /* zero out any padding required */ 4079 bzero((caddr_t)hmacs + p_len, SCTP_SIZE32(p_len) - p_len); 4080 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4081 } 4082 /* add CHUNKS parameter */ 4083 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4084 p_len = sctp_serialize_auth_chunks(stcb->asoc.local_auth_chunks, 4085 chunks->chunk_types); 4086 if (p_len > 0) { 4087 p_len += sizeof(*chunks); 4088 chunks->ph.param_type = htons(SCTP_CHUNK_LIST); 4089 chunks->ph.param_length = htons(p_len); 4090 /* zero out any padding required */ 4091 bzero((caddr_t)chunks + p_len, SCTP_SIZE32(p_len) - p_len); 4092 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4093 } 4094 } 4095 m_at = m; 4096 /* now the addresses */ 4097 { 4098 struct sctp_scoping scp; 4099 4100 /* 4101 * To optimize this we could put the scoping stuff into a 4102 * structure and remove the individual uint8's from the 4103 * assoc structure. Then we could just sifa in the address 4104 * within the stcb.. but for now this is a quick hack to get 4105 * the address stuff teased apart. 4106 */ 4107 scp.ipv4_addr_legal = stcb->asoc.ipv4_addr_legal; 4108 scp.ipv6_addr_legal = stcb->asoc.ipv6_addr_legal; 4109 scp.loopback_scope = stcb->asoc.loopback_scope; 4110 scp.ipv4_local_scope = stcb->asoc.ipv4_local_scope; 4111 scp.local_scope = stcb->asoc.local_scope; 4112 scp.site_scope = stcb->asoc.site_scope; 4113 4114 m_at = sctp_add_addresses_to_i_ia(inp, &scp, m_at, cnt_inits_to); 4115 } 4116 4117 4118 /* calulate the size and update pkt header and chunk header */ 4119 p_len = 0; 4120 for (m_at = m; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 4121 if (SCTP_BUF_NEXT(m_at) == NULL) 4122 m_last = m_at; 4123 p_len += SCTP_BUF_LEN(m_at); 4124 } 4125 initm->msg.ch.chunk_length = htons((p_len - sizeof(struct sctphdr))); 4126 /* 4127 * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return 4128 * here since the timer will drive a retranmission. 4129 */ 4130 4131 /* I don't expect this to execute but we will be safe here */ 4132 padval = p_len % 4; 4133 if ((padval) && (m_last)) { 4134 /* 4135 * The compiler worries that m_last may not be set even 4136 * though I think it is impossible :-> however we add m_last 4137 * here just in case. 4138 */ 4139 int ret; 4140 4141 ret = sctp_add_pad_tombuf(m_last, (4 - padval)); 4142 if (ret) { 4143 /* Houston we have a problem, no space */ 4144 sctp_m_freem(m); 4145 return; 4146 } 4147 p_len += padval; 4148 } 4149 ret = sctp_lowlevel_chunk_output(inp, stcb, net, 4150 (struct sockaddr *)&net->ro._l_addr, 4151 m, 0, NULL, 0, 0, NULL, 0); 4152 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 4153 sctp_timer_start(SCTP_TIMER_TYPE_INIT, inp, stcb, net); 4154 SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 4155 } 4156 4157 struct mbuf * 4158 sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt, 4159 int param_offset, int *abort_processing, struct sctp_chunkhdr *cp) 4160 { 4161 /* 4162 * Given a mbuf containing an INIT or INIT-ACK with the param_offset 4163 * being equal to the beginning of the params i.e. (iphlen + 4164 * sizeof(struct sctp_init_msg) parse through the parameters to the 4165 * end of the mbuf verifying that all parameters are known. 4166 * 4167 * For unknown parameters build and return a mbuf with 4168 * UNRECOGNIZED_PARAMETER errors. If the flags indicate to stop 4169 * processing this chunk stop, and set *abort_processing to 1. 4170 * 4171 * By having param_offset be pre-set to where parameters begin it is 4172 * hoped that this routine may be reused in the future by new 4173 * features. 4174 */ 4175 struct sctp_paramhdr *phdr, params; 4176 4177 struct mbuf *mat, *op_err; 4178 char tempbuf[SCTP_CHUNK_BUFFER_SIZE]; 4179 int at, limit, pad_needed; 4180 uint16_t ptype, plen; 4181 int err_at; 4182 4183 *abort_processing = 0; 4184 mat = in_initpkt; 4185 err_at = 0; 4186 limit = ntohs(cp->chunk_length) - sizeof(struct sctp_init_chunk); 4187 at = param_offset; 4188 op_err = NULL; 4189 4190 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params)); 4191 while ((phdr != NULL) && ((size_t)limit >= sizeof(struct sctp_paramhdr))) { 4192 ptype = ntohs(phdr->param_type); 4193 plen = ntohs(phdr->param_length); 4194 limit -= SCTP_SIZE32(plen); 4195 if (plen < sizeof(struct sctp_paramhdr)) { 4196 #ifdef SCTP_DEBUG 4197 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 4198 printf("sctp_output.c:Impossible length in parameter < %d\n", plen); 4199 } 4200 #endif 4201 *abort_processing = 1; 4202 break; 4203 } 4204 /* 4205 * All parameters for all chunks that we know/understand are 4206 * listed here. We process them other places and make 4207 * appropriate stop actions per the upper bits. However this 4208 * is the generic routine processor's can call to get back 4209 * an operr.. to either incorporate (init-ack) or send. 4210 */ 4211 if ((ptype == SCTP_HEARTBEAT_INFO) || 4212 (ptype == SCTP_IPV4_ADDRESS) || 4213 (ptype == SCTP_IPV6_ADDRESS) || 4214 (ptype == SCTP_STATE_COOKIE) || 4215 (ptype == SCTP_UNRECOG_PARAM) || 4216 (ptype == SCTP_COOKIE_PRESERVE) || 4217 (ptype == SCTP_SUPPORTED_ADDRTYPE) || 4218 (ptype == SCTP_PRSCTP_SUPPORTED) || 4219 (ptype == SCTP_ADD_IP_ADDRESS) || 4220 (ptype == SCTP_DEL_IP_ADDRESS) || 4221 (ptype == SCTP_ECN_CAPABLE) || 4222 (ptype == SCTP_ULP_ADAPTATION) || 4223 (ptype == SCTP_ERROR_CAUSE_IND) || 4224 (ptype == SCTP_RANDOM) || 4225 (ptype == SCTP_CHUNK_LIST) || 4226 (ptype == SCTP_CHUNK_LIST) || 4227 (ptype == SCTP_SET_PRIM_ADDR) || 4228 (ptype == SCTP_SUCCESS_REPORT) || 4229 (ptype == SCTP_ULP_ADAPTATION) || 4230 (ptype == SCTP_SUPPORTED_CHUNK_EXT) || 4231 (ptype == SCTP_ECN_NONCE_SUPPORTED) 4232 ) { 4233 /* no skip it */ 4234 at += SCTP_SIZE32(plen); 4235 } else if (ptype == SCTP_HOSTNAME_ADDRESS) { 4236 /* We can NOT handle HOST NAME addresses!! */ 4237 int l_len; 4238 4239 #ifdef SCTP_DEBUG 4240 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 4241 printf("Can't handle hostname addresses.. abort processing\n"); 4242 } 4243 #endif 4244 *abort_processing = 1; 4245 if (op_err == NULL) { 4246 /* Ok need to try to get a mbuf */ 4247 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4248 l_len += plen; 4249 l_len += sizeof(struct sctp_paramhdr); 4250 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA); 4251 if (op_err) { 4252 SCTP_BUF_LEN(op_err) = 0; 4253 /* 4254 * pre-reserve space for ip and sctp 4255 * header and chunk hdr 4256 */ 4257 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 4258 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 4259 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 4260 } 4261 } 4262 if (op_err) { 4263 /* If we have space */ 4264 struct sctp_paramhdr s; 4265 4266 if (err_at % 4) { 4267 uint32_t cpthis = 0; 4268 4269 pad_needed = 4 - (err_at % 4); 4270 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 4271 err_at += pad_needed; 4272 } 4273 s.param_type = htons(SCTP_CAUSE_UNRESOLVABLE_ADDR); 4274 s.param_length = htons(sizeof(s) + plen); 4275 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 4276 err_at += sizeof(s); 4277 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, plen); 4278 if (phdr == NULL) { 4279 sctp_m_freem(op_err); 4280 /* 4281 * we are out of memory but we still 4282 * need to have a look at what to do 4283 * (the system is in trouble 4284 * though). 4285 */ 4286 return (NULL); 4287 } 4288 m_copyback(op_err, err_at, plen, (caddr_t)phdr); 4289 err_at += plen; 4290 } 4291 return (op_err); 4292 } else { 4293 /* 4294 * we do not recognize the parameter figure out what 4295 * we do. 4296 */ 4297 if ((ptype & 0x4000) == 0x4000) { 4298 /* Report bit is set?? */ 4299 if (op_err == NULL) { 4300 int l_len; 4301 4302 /* Ok need to try to get an mbuf */ 4303 l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 4304 l_len += plen; 4305 l_len += sizeof(struct sctp_paramhdr); 4306 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA); 4307 if (op_err) { 4308 SCTP_BUF_LEN(op_err) = 0; 4309 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 4310 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 4311 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 4312 } 4313 } 4314 if (op_err) { 4315 /* If we have space */ 4316 struct sctp_paramhdr s; 4317 4318 if (err_at % 4) { 4319 uint32_t cpthis = 0; 4320 4321 pad_needed = 4 - (err_at % 4); 4322 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 4323 err_at += pad_needed; 4324 } 4325 s.param_type = htons(SCTP_UNRECOG_PARAM); 4326 s.param_length = htons(sizeof(s) + plen); 4327 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 4328 err_at += sizeof(s); 4329 if (plen > sizeof(tempbuf)) { 4330 plen = sizeof(tempbuf); 4331 } 4332 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, plen); 4333 if (phdr == NULL) { 4334 sctp_m_freem(op_err); 4335 /* 4336 * we are out of memory but 4337 * we still need to have a 4338 * look at what to do (the 4339 * system is in trouble 4340 * though). 4341 */ 4342 goto more_processing; 4343 } 4344 m_copyback(op_err, err_at, plen, (caddr_t)phdr); 4345 err_at += plen; 4346 } 4347 } 4348 more_processing: 4349 if ((ptype & 0x8000) == 0x0000) { 4350 return (op_err); 4351 } else { 4352 /* skip this chunk and continue processing */ 4353 at += SCTP_SIZE32(plen); 4354 } 4355 4356 } 4357 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params)); 4358 } 4359 return (op_err); 4360 } 4361 4362 static int 4363 sctp_are_there_new_addresses(struct sctp_association *asoc, 4364 struct mbuf *in_initpkt, int iphlen, int offset) 4365 { 4366 /* 4367 * Given a INIT packet, look through the packet to verify that there 4368 * are NO new addresses. As we go through the parameters add reports 4369 * of any un-understood parameters that require an error. Also we 4370 * must return (1) to drop the packet if we see a un-understood 4371 * parameter that tells us to drop the chunk. 4372 */ 4373 struct sockaddr_in sin4, *sa4; 4374 struct sockaddr_in6 sin6, *sa6; 4375 struct sockaddr *sa_touse; 4376 struct sockaddr *sa; 4377 struct sctp_paramhdr *phdr, params; 4378 struct ip *iph; 4379 struct mbuf *mat; 4380 uint16_t ptype, plen; 4381 int err_at; 4382 uint8_t fnd; 4383 struct sctp_nets *net; 4384 4385 memset(&sin4, 0, sizeof(sin4)); 4386 memset(&sin6, 0, sizeof(sin6)); 4387 sin4.sin_family = AF_INET; 4388 sin4.sin_len = sizeof(sin4); 4389 sin6.sin6_family = AF_INET6; 4390 sin6.sin6_len = sizeof(sin6); 4391 4392 sa_touse = NULL; 4393 /* First what about the src address of the pkt ? */ 4394 iph = mtod(in_initpkt, struct ip *); 4395 if (iph->ip_v == IPVERSION) { 4396 /* source addr is IPv4 */ 4397 sin4.sin_addr = iph->ip_src; 4398 sa_touse = (struct sockaddr *)&sin4; 4399 } else if (iph->ip_v == (IPV6_VERSION >> 4)) { 4400 /* source addr is IPv6 */ 4401 struct ip6_hdr *ip6h; 4402 4403 ip6h = mtod(in_initpkt, struct ip6_hdr *); 4404 sin6.sin6_addr = ip6h->ip6_src; 4405 sa_touse = (struct sockaddr *)&sin6; 4406 } else { 4407 return (1); 4408 } 4409 4410 fnd = 0; 4411 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 4412 sa = (struct sockaddr *)&net->ro._l_addr; 4413 if (sa->sa_family == sa_touse->sa_family) { 4414 if (sa->sa_family == AF_INET) { 4415 sa4 = (struct sockaddr_in *)sa; 4416 if (sa4->sin_addr.s_addr == 4417 sin4.sin_addr.s_addr) { 4418 fnd = 1; 4419 break; 4420 } 4421 } else if (sa->sa_family == AF_INET6) { 4422 sa6 = (struct sockaddr_in6 *)sa; 4423 if (SCTP6_ARE_ADDR_EQUAL(&sa6->sin6_addr, 4424 &sin6.sin6_addr)) { 4425 fnd = 1; 4426 break; 4427 } 4428 } 4429 } 4430 } 4431 if (fnd == 0) { 4432 /* New address added! no need to look futher. */ 4433 return (1); 4434 } 4435 /* Ok so far lets munge through the rest of the packet */ 4436 mat = in_initpkt; 4437 err_at = 0; 4438 sa_touse = NULL; 4439 offset += sizeof(struct sctp_init_chunk); 4440 phdr = sctp_get_next_param(mat, offset, ¶ms, sizeof(params)); 4441 while (phdr) { 4442 ptype = ntohs(phdr->param_type); 4443 plen = ntohs(phdr->param_length); 4444 if (ptype == SCTP_IPV4_ADDRESS) { 4445 struct sctp_ipv4addr_param *p4, p4_buf; 4446 4447 phdr = sctp_get_next_param(mat, offset, 4448 (struct sctp_paramhdr *)&p4_buf, sizeof(p4_buf)); 4449 if (plen != sizeof(struct sctp_ipv4addr_param) || 4450 phdr == NULL) { 4451 return (1); 4452 } 4453 p4 = (struct sctp_ipv4addr_param *)phdr; 4454 sin4.sin_addr.s_addr = p4->addr; 4455 sa_touse = (struct sockaddr *)&sin4; 4456 } else if (ptype == SCTP_IPV6_ADDRESS) { 4457 struct sctp_ipv6addr_param *p6, p6_buf; 4458 4459 phdr = sctp_get_next_param(mat, offset, 4460 (struct sctp_paramhdr *)&p6_buf, sizeof(p6_buf)); 4461 if (plen != sizeof(struct sctp_ipv6addr_param) || 4462 phdr == NULL) { 4463 return (1); 4464 } 4465 p6 = (struct sctp_ipv6addr_param *)phdr; 4466 memcpy((caddr_t)&sin6.sin6_addr, p6->addr, 4467 sizeof(p6->addr)); 4468 sa_touse = (struct sockaddr *)&sin4; 4469 } 4470 if (sa_touse) { 4471 /* ok, sa_touse points to one to check */ 4472 fnd = 0; 4473 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 4474 sa = (struct sockaddr *)&net->ro._l_addr; 4475 if (sa->sa_family != sa_touse->sa_family) { 4476 continue; 4477 } 4478 if (sa->sa_family == AF_INET) { 4479 sa4 = (struct sockaddr_in *)sa; 4480 if (sa4->sin_addr.s_addr == 4481 sin4.sin_addr.s_addr) { 4482 fnd = 1; 4483 break; 4484 } 4485 } else if (sa->sa_family == AF_INET6) { 4486 sa6 = (struct sockaddr_in6 *)sa; 4487 if (SCTP6_ARE_ADDR_EQUAL( 4488 &sa6->sin6_addr, &sin6.sin6_addr)) { 4489 fnd = 1; 4490 break; 4491 } 4492 } 4493 } 4494 if (!fnd) { 4495 /* New addr added! no need to look further */ 4496 return (1); 4497 } 4498 } 4499 offset += SCTP_SIZE32(plen); 4500 phdr = sctp_get_next_param(mat, offset, ¶ms, sizeof(params)); 4501 } 4502 return (0); 4503 } 4504 4505 /* 4506 * Given a MBUF chain that was sent into us containing an INIT. Build a 4507 * INIT-ACK with COOKIE and send back. We assume that the in_initpkt has done 4508 * a pullup to include IPv6/4header, SCTP header and initial part of INIT 4509 * message (i.e. the struct sctp_init_msg). 4510 */ 4511 void 4512 sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 4513 struct mbuf *init_pkt, int iphlen, int offset, struct sctphdr *sh, 4514 struct sctp_init_chunk *init_chk) 4515 { 4516 struct sctp_association *asoc; 4517 struct mbuf *m, *m_at, *m_tmp, *m_cookie, *op_err, *m_last; 4518 struct sctp_init_msg *initackm_out; 4519 struct sctp_ecn_supported_param *ecn; 4520 struct sctp_prsctp_supported_param *prsctp; 4521 struct sctp_ecn_nonce_supported_param *ecn_nonce; 4522 struct sctp_supported_chunk_types_param *pr_supported; 4523 struct sockaddr_storage store; 4524 struct sockaddr_in *sin; 4525 struct sockaddr_in6 *sin6; 4526 sctp_route_t *ro; 4527 struct ip *iph; 4528 struct ip6_hdr *ip6; 4529 struct sockaddr *to; 4530 struct sctp_state_cookie stc; 4531 struct sctp_nets *net = NULL; 4532 int cnt_inits_to = 0; 4533 uint16_t his_limit, i_want; 4534 int abort_flag, padval, sz_of; 4535 int num_ext; 4536 int p_len; 4537 uint32_t vrf_id; 4538 4539 if (stcb) { 4540 asoc = &stcb->asoc; 4541 vrf_id = asoc->vrf_id; 4542 } else { 4543 vrf_id = inp->def_vrf_id; 4544 asoc = NULL; 4545 } 4546 m_last = NULL; 4547 if ((asoc != NULL) && 4548 (SCTP_GET_STATE(asoc) != SCTP_STATE_COOKIE_WAIT) && 4549 (sctp_are_there_new_addresses(asoc, init_pkt, iphlen, offset))) { 4550 /* new addresses, out of here in non-cookie-wait states */ 4551 /* 4552 * Send a ABORT, we don't add the new address error clause 4553 * though we even set the T bit and copy in the 0 tag.. this 4554 * looks no different than if no listener was present. 4555 */ 4556 sctp_send_abort(init_pkt, iphlen, sh, 0, NULL); 4557 return; 4558 } 4559 abort_flag = 0; 4560 op_err = sctp_arethere_unrecognized_parameters(init_pkt, 4561 (offset + sizeof(struct sctp_init_chunk)), 4562 &abort_flag, (struct sctp_chunkhdr *)init_chk); 4563 if (abort_flag) { 4564 sctp_send_abort(init_pkt, iphlen, sh, init_chk->init.initiate_tag, op_err); 4565 return; 4566 } 4567 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 4568 if (m == NULL) { 4569 /* No memory, INIT timer will re-attempt. */ 4570 if (op_err) 4571 sctp_m_freem(op_err); 4572 return; 4573 } 4574 SCTP_BUF_LEN(m) = sizeof(struct sctp_init_msg); 4575 4576 /* the time I built cookie */ 4577 SCTP_GETTIME_TIMEVAL(&stc.time_entered); 4578 4579 /* populate any tie tags */ 4580 if (asoc != NULL) { 4581 /* unlock before tag selections */ 4582 stc.tie_tag_my_vtag = asoc->my_vtag_nonce; 4583 stc.tie_tag_peer_vtag = asoc->peer_vtag_nonce; 4584 stc.cookie_life = asoc->cookie_life; 4585 net = asoc->primary_destination; 4586 } else { 4587 stc.tie_tag_my_vtag = 0; 4588 stc.tie_tag_peer_vtag = 0; 4589 /* life I will award this cookie */ 4590 stc.cookie_life = inp->sctp_ep.def_cookie_life; 4591 } 4592 4593 /* copy in the ports for later check */ 4594 stc.myport = sh->dest_port; 4595 stc.peerport = sh->src_port; 4596 4597 /* 4598 * If we wanted to honor cookie life extentions, we would add to 4599 * stc.cookie_life. For now we should NOT honor any extension 4600 */ 4601 stc.site_scope = stc.local_scope = stc.loopback_scope = 0; 4602 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 4603 struct inpcb *in_inp; 4604 4605 /* Its a V6 socket */ 4606 in_inp = (struct inpcb *)inp; 4607 stc.ipv6_addr_legal = 1; 4608 /* Now look at the binding flag to see if V4 will be legal */ 4609 if (SCTP_IPV6_V6ONLY(in_inp) == 0) { 4610 stc.ipv4_addr_legal = 1; 4611 } else { 4612 /* V4 addresses are NOT legal on the association */ 4613 stc.ipv4_addr_legal = 0; 4614 } 4615 } else { 4616 /* Its a V4 socket, no - V6 */ 4617 stc.ipv4_addr_legal = 1; 4618 stc.ipv6_addr_legal = 0; 4619 } 4620 4621 #ifdef SCTP_DONT_DO_PRIVADDR_SCOPE 4622 stc.ipv4_scope = 1; 4623 #else 4624 stc.ipv4_scope = 0; 4625 #endif 4626 /* now for scope setup */ 4627 memset((caddr_t)&store, 0, sizeof(store)); 4628 sin = (struct sockaddr_in *)&store; 4629 sin6 = (struct sockaddr_in6 *)&store; 4630 if (net == NULL) { 4631 to = (struct sockaddr *)&store; 4632 iph = mtod(init_pkt, struct ip *); 4633 if (iph->ip_v == IPVERSION) { 4634 struct sctp_ifa *addr; 4635 sctp_route_t iproute; 4636 4637 sin->sin_family = AF_INET; 4638 sin->sin_len = sizeof(struct sockaddr_in); 4639 sin->sin_port = sh->src_port; 4640 sin->sin_addr = iph->ip_src; 4641 /* lookup address */ 4642 stc.address[0] = sin->sin_addr.s_addr; 4643 stc.address[1] = 0; 4644 stc.address[2] = 0; 4645 stc.address[3] = 0; 4646 stc.addr_type = SCTP_IPV4_ADDRESS; 4647 /* local from address */ 4648 memset(&iproute, 0, sizeof(iproute)); 4649 ro = &iproute; 4650 memcpy(&ro->ro_dst, sin, sizeof(*sin)); 4651 addr = sctp_source_address_selection(inp, NULL, 4652 ro, NULL, 0, vrf_id); 4653 if (addr == NULL) 4654 return; 4655 4656 if (ro->ro_rt) { 4657 RTFREE(ro->ro_rt); 4658 ro->ro_rt = NULL; 4659 } 4660 stc.laddress[0] = addr->address.sin.sin_addr.s_addr; 4661 stc.laddress[1] = 0; 4662 stc.laddress[2] = 0; 4663 stc.laddress[3] = 0; 4664 stc.laddr_type = SCTP_IPV4_ADDRESS; 4665 /* scope_id is only for v6 */ 4666 stc.scope_id = 0; 4667 #ifndef SCTP_DONT_DO_PRIVADDR_SCOPE 4668 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 4669 stc.ipv4_scope = 1; 4670 } 4671 #else 4672 stc.ipv4_scope = 1; 4673 #endif /* SCTP_DONT_DO_PRIVADDR_SCOPE */ 4674 /* Must use the address in this case */ 4675 if (sctp_is_address_on_local_host((struct sockaddr *)sin, vrf_id)) { 4676 stc.loopback_scope = 1; 4677 stc.ipv4_scope = 1; 4678 stc.site_scope = 1; 4679 stc.local_scope = 0; 4680 } 4681 } else if (iph->ip_v == (IPV6_VERSION >> 4)) { 4682 struct sctp_ifa *addr; 4683 4684 struct route_in6 iproute6; 4685 4686 ip6 = mtod(init_pkt, struct ip6_hdr *); 4687 sin6->sin6_family = AF_INET6; 4688 sin6->sin6_len = sizeof(struct sockaddr_in6); 4689 sin6->sin6_port = sh->src_port; 4690 sin6->sin6_addr = ip6->ip6_src; 4691 /* lookup address */ 4692 memcpy(&stc.address, &sin6->sin6_addr, 4693 sizeof(struct in6_addr)); 4694 sin6->sin6_scope_id = 0; 4695 stc.addr_type = SCTP_IPV6_ADDRESS; 4696 stc.scope_id = 0; 4697 if (sctp_is_address_on_local_host((struct sockaddr *)sin6, vrf_id)) { 4698 stc.loopback_scope = 1; 4699 stc.local_scope = 0; 4700 stc.site_scope = 1; 4701 stc.ipv4_scope = 1; 4702 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 4703 /* 4704 * If the new destination is a LINK_LOCAL we 4705 * must have common both site and local 4706 * scope. Don't set local scope though since 4707 * we must depend on the source to be added 4708 * implicitly. We cannot assure just because 4709 * we share one link that all links are 4710 * common. 4711 */ 4712 stc.local_scope = 0; 4713 stc.site_scope = 1; 4714 stc.ipv4_scope = 1; 4715 /* 4716 * we start counting for the private address 4717 * stuff at 1. since the link local we 4718 * source from won't show up in our scoped 4719 * count. 4720 */ 4721 cnt_inits_to = 1; 4722 /* pull out the scope_id from incoming pkt */ 4723 /* FIX ME: does this have scope from rcvif? */ 4724 (void)sa6_recoverscope(sin6); 4725 4726 sa6_embedscope(sin6, ip6_use_defzone); 4727 stc.scope_id = sin6->sin6_scope_id; 4728 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) { 4729 /* 4730 * If the new destination is SITE_LOCAL then 4731 * we must have site scope in common. 4732 */ 4733 stc.site_scope = 1; 4734 } 4735 /* local from address */ 4736 memset(&iproute6, 0, sizeof(iproute6)); 4737 ro = (sctp_route_t *) & iproute6; 4738 memcpy(&ro->ro_dst, sin6, sizeof(*sin6)); 4739 addr = sctp_source_address_selection(inp, NULL, 4740 ro, NULL, 0, vrf_id); 4741 if (addr == NULL) 4742 return; 4743 4744 if (ro->ro_rt) { 4745 RTFREE(ro->ro_rt); 4746 ro->ro_rt = NULL; 4747 } 4748 memcpy(&stc.laddress, &addr->address.sin6.sin6_addr, sizeof(struct in6_addr)); 4749 stc.laddr_type = SCTP_IPV6_ADDRESS; 4750 } 4751 } else { 4752 /* set the scope per the existing tcb */ 4753 struct sctp_nets *lnet; 4754 4755 stc.loopback_scope = asoc->loopback_scope; 4756 stc.ipv4_scope = asoc->ipv4_local_scope; 4757 stc.site_scope = asoc->site_scope; 4758 stc.local_scope = asoc->local_scope; 4759 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) { 4760 if (lnet->ro._l_addr.sin6.sin6_family == AF_INET6) { 4761 if (IN6_IS_ADDR_LINKLOCAL(&lnet->ro._l_addr.sin6.sin6_addr)) { 4762 /* 4763 * if we have a LL address, start 4764 * counting at 1. 4765 */ 4766 cnt_inits_to = 1; 4767 } 4768 } 4769 } 4770 4771 /* use the net pointer */ 4772 to = (struct sockaddr *)&net->ro._l_addr; 4773 if (to->sa_family == AF_INET) { 4774 sin = (struct sockaddr_in *)to; 4775 stc.address[0] = sin->sin_addr.s_addr; 4776 stc.address[1] = 0; 4777 stc.address[2] = 0; 4778 stc.address[3] = 0; 4779 stc.addr_type = SCTP_IPV4_ADDRESS; 4780 if (net->src_addr_selected == 0) { 4781 /* 4782 * strange case here, the INIT should have 4783 * did the selection. 4784 */ 4785 net->ro._s_addr = sctp_source_address_selection(inp, 4786 stcb, (sctp_route_t *) & net->ro, 4787 net, 0, vrf_id); 4788 if (net->ro._s_addr == NULL) 4789 return; 4790 4791 net->src_addr_selected = 1; 4792 4793 } 4794 stc.laddress[0] = net->ro._s_addr->address.sin.sin_addr.s_addr; 4795 stc.laddress[1] = 0; 4796 stc.laddress[2] = 0; 4797 stc.laddress[3] = 0; 4798 stc.laddr_type = SCTP_IPV4_ADDRESS; 4799 } else if (to->sa_family == AF_INET6) { 4800 sin6 = (struct sockaddr_in6 *)to; 4801 memcpy(&stc.address, &sin6->sin6_addr, 4802 sizeof(struct in6_addr)); 4803 stc.addr_type = SCTP_IPV6_ADDRESS; 4804 if (net->src_addr_selected == 0) { 4805 /* 4806 * strange case here, the INIT should have 4807 * did the selection. 4808 */ 4809 net->ro._s_addr = sctp_source_address_selection(inp, 4810 stcb, (sctp_route_t *) & net->ro, 4811 net, 0, vrf_id); 4812 if (net->ro._s_addr == NULL) 4813 return; 4814 4815 net->src_addr_selected = 1; 4816 } 4817 memcpy(&stc.laddress, &net->ro._s_addr->address.sin6.sin6_addr, 4818 sizeof(struct in6_addr)); 4819 stc.laddr_type = SCTP_IPV6_ADDRESS; 4820 } 4821 } 4822 /* Now lets put the SCTP header in place */ 4823 initackm_out = mtod(m, struct sctp_init_msg *); 4824 initackm_out->sh.src_port = inp->sctp_lport; 4825 initackm_out->sh.dest_port = sh->src_port; 4826 initackm_out->sh.v_tag = init_chk->init.initiate_tag; 4827 /* Save it off for quick ref */ 4828 stc.peers_vtag = init_chk->init.initiate_tag; 4829 initackm_out->sh.checksum = 0; /* calculate later */ 4830 /* who are we */ 4831 memcpy(stc.identification, SCTP_VERSION_STRING, 4832 min(strlen(SCTP_VERSION_STRING), sizeof(stc.identification))); 4833 /* now the chunk header */ 4834 initackm_out->msg.ch.chunk_type = SCTP_INITIATION_ACK; 4835 initackm_out->msg.ch.chunk_flags = 0; 4836 /* fill in later from mbuf we build */ 4837 initackm_out->msg.ch.chunk_length = 0; 4838 /* place in my tag */ 4839 if ((asoc != NULL) && 4840 ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 4841 (SCTP_GET_STATE(asoc) == SCTP_STATE_INUSE) || 4842 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED))) { 4843 /* re-use the v-tags and init-seq here */ 4844 initackm_out->msg.init.initiate_tag = htonl(asoc->my_vtag); 4845 initackm_out->msg.init.initial_tsn = htonl(asoc->init_seq_number); 4846 } else { 4847 uint32_t vtag; 4848 4849 if (asoc) { 4850 atomic_add_int(&asoc->refcnt, 1); 4851 SCTP_TCB_UNLOCK(stcb); 4852 vtag = sctp_select_a_tag(inp); 4853 initackm_out->msg.init.initiate_tag = htonl(vtag); 4854 /* get a TSN to use too */ 4855 initackm_out->msg.init.initial_tsn = htonl(sctp_select_initial_TSN(&inp->sctp_ep)); 4856 SCTP_TCB_LOCK(stcb); 4857 atomic_add_int(&asoc->refcnt, -1); 4858 } else { 4859 vtag = sctp_select_a_tag(inp); 4860 initackm_out->msg.init.initiate_tag = htonl(vtag); 4861 /* get a TSN to use too */ 4862 initackm_out->msg.init.initial_tsn = htonl(sctp_select_initial_TSN(&inp->sctp_ep)); 4863 } 4864 } 4865 /* save away my tag to */ 4866 stc.my_vtag = initackm_out->msg.init.initiate_tag; 4867 4868 /* set up some of the credits. */ 4869 initackm_out->msg.init.a_rwnd = htonl(max(SCTP_SB_LIMIT_RCV(inp->sctp_socket), SCTP_MINIMAL_RWND)); 4870 /* set what I want */ 4871 his_limit = ntohs(init_chk->init.num_inbound_streams); 4872 /* choose what I want */ 4873 if (asoc != NULL) { 4874 if (asoc->streamoutcnt > inp->sctp_ep.pre_open_stream_count) { 4875 i_want = asoc->streamoutcnt; 4876 } else { 4877 i_want = inp->sctp_ep.pre_open_stream_count; 4878 } 4879 } else { 4880 i_want = inp->sctp_ep.pre_open_stream_count; 4881 } 4882 if (his_limit < i_want) { 4883 /* I Want more :< */ 4884 initackm_out->msg.init.num_outbound_streams = init_chk->init.num_inbound_streams; 4885 } else { 4886 /* I can have what I want :> */ 4887 initackm_out->msg.init.num_outbound_streams = htons(i_want); 4888 } 4889 /* tell him his limt. */ 4890 initackm_out->msg.init.num_inbound_streams = 4891 htons(inp->sctp_ep.max_open_streams_intome); 4892 /* setup the ECN pointer */ 4893 4894 if (inp->sctp_ep.adaptation_layer_indicator) { 4895 struct sctp_adaptation_layer_indication *ali; 4896 4897 ali = (struct sctp_adaptation_layer_indication *)( 4898 (caddr_t)initackm_out + sizeof(*initackm_out)); 4899 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION); 4900 ali->ph.param_length = htons(sizeof(*ali)); 4901 ali->indication = ntohl(inp->sctp_ep.adaptation_layer_indicator); 4902 SCTP_BUF_LEN(m) += sizeof(*ali); 4903 ecn = (struct sctp_ecn_supported_param *)((caddr_t)ali + 4904 sizeof(*ali)); 4905 } else { 4906 ecn = (struct sctp_ecn_supported_param *)( 4907 (caddr_t)initackm_out + sizeof(*initackm_out)); 4908 } 4909 4910 /* ECN parameter */ 4911 if (sctp_ecn_enable == 1) { 4912 ecn->ph.param_type = htons(SCTP_ECN_CAPABLE); 4913 ecn->ph.param_length = htons(sizeof(*ecn)); 4914 SCTP_BUF_LEN(m) += sizeof(*ecn); 4915 4916 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn + 4917 sizeof(*ecn)); 4918 } else { 4919 prsctp = (struct sctp_prsctp_supported_param *)((caddr_t)ecn); 4920 } 4921 /* And now tell the peer we do pr-sctp */ 4922 prsctp->ph.param_type = htons(SCTP_PRSCTP_SUPPORTED); 4923 prsctp->ph.param_length = htons(sizeof(*prsctp)); 4924 SCTP_BUF_LEN(m) += sizeof(*prsctp); 4925 4926 /* And now tell the peer we do all the extensions */ 4927 pr_supported = (struct sctp_supported_chunk_types_param *) 4928 ((caddr_t)prsctp + sizeof(*prsctp)); 4929 4930 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT); 4931 num_ext = 0; 4932 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF; 4933 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK; 4934 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN; 4935 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED; 4936 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET; 4937 if (!sctp_auth_disable) 4938 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION; 4939 p_len = sizeof(*pr_supported) + num_ext; 4940 pr_supported->ph.param_length = htons(p_len); 4941 bzero((caddr_t)pr_supported + p_len, SCTP_SIZE32(p_len) - p_len); 4942 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4943 4944 /* ECN nonce: And now tell the peer we support ECN nonce */ 4945 if (sctp_ecn_nonce) { 4946 ecn_nonce = (struct sctp_ecn_nonce_supported_param *) 4947 ((caddr_t)pr_supported + SCTP_SIZE32(p_len)); 4948 ecn_nonce->ph.param_type = htons(SCTP_ECN_NONCE_SUPPORTED); 4949 ecn_nonce->ph.param_length = htons(sizeof(*ecn_nonce)); 4950 SCTP_BUF_LEN(m) += sizeof(*ecn_nonce); 4951 } 4952 /* add authentication parameters */ 4953 if (!sctp_auth_disable) { 4954 struct sctp_auth_random *random; 4955 struct sctp_auth_hmac_algo *hmacs; 4956 struct sctp_auth_chunk_list *chunks; 4957 uint16_t random_len; 4958 4959 /* generate and add RANDOM parameter */ 4960 random_len = SCTP_AUTH_RANDOM_SIZE_DEFAULT; 4961 random = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4962 random->ph.param_type = htons(SCTP_RANDOM); 4963 p_len = sizeof(*random) + random_len; 4964 random->ph.param_length = htons(p_len); 4965 SCTP_READ_RANDOM(random->random_data, random_len); 4966 /* zero out any padding required */ 4967 bzero((caddr_t)random + p_len, SCTP_SIZE32(p_len) - p_len); 4968 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4969 4970 /* add HMAC_ALGO parameter */ 4971 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4972 p_len = sctp_serialize_hmaclist(inp->sctp_ep.local_hmacs, 4973 (uint8_t *) hmacs->hmac_ids); 4974 if (p_len > 0) { 4975 p_len += sizeof(*hmacs); 4976 hmacs->ph.param_type = htons(SCTP_HMAC_LIST); 4977 hmacs->ph.param_length = htons(p_len); 4978 /* zero out any padding required */ 4979 bzero((caddr_t)hmacs + p_len, SCTP_SIZE32(p_len) - p_len); 4980 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4981 } 4982 /* add CHUNKS parameter */ 4983 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 4984 p_len = sctp_serialize_auth_chunks(inp->sctp_ep.local_auth_chunks, 4985 chunks->chunk_types); 4986 if (p_len > 0) { 4987 p_len += sizeof(*chunks); 4988 chunks->ph.param_type = htons(SCTP_CHUNK_LIST); 4989 chunks->ph.param_length = htons(p_len); 4990 /* zero out any padding required */ 4991 bzero((caddr_t)chunks + p_len, SCTP_SIZE32(p_len) - p_len); 4992 SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); 4993 } 4994 } 4995 m_at = m; 4996 /* now the addresses */ 4997 { 4998 struct sctp_scoping scp; 4999 5000 /* 5001 * To optimize this we could put the scoping stuff into a 5002 * structure and remove the individual uint8's from the stc 5003 * structure. Then we could just sifa in the address within 5004 * the stc.. but for now this is a quick hack to get the 5005 * address stuff teased apart. 5006 */ 5007 scp.ipv4_addr_legal = stc.ipv4_addr_legal; 5008 scp.ipv6_addr_legal = stc.ipv6_addr_legal; 5009 scp.loopback_scope = stc.loopback_scope; 5010 scp.ipv4_local_scope = stc.ipv4_scope; 5011 scp.local_scope = stc.local_scope; 5012 scp.site_scope = stc.site_scope; 5013 m_at = sctp_add_addresses_to_i_ia(inp, &scp, m_at, cnt_inits_to); 5014 } 5015 5016 /* tack on the operational error if present */ 5017 if (op_err) { 5018 struct mbuf *ol; 5019 int llen; 5020 5021 llen = 0; 5022 ol = op_err; 5023 while (ol) { 5024 llen += SCTP_BUF_LEN(ol); 5025 ol = SCTP_BUF_NEXT(ol); 5026 } 5027 if (llen % 4) { 5028 /* must add a pad to the param */ 5029 uint32_t cpthis = 0; 5030 int padlen; 5031 5032 padlen = 4 - (llen % 4); 5033 m_copyback(op_err, llen, padlen, (caddr_t)&cpthis); 5034 } 5035 while (SCTP_BUF_NEXT(m_at) != NULL) { 5036 m_at = SCTP_BUF_NEXT(m_at); 5037 } 5038 SCTP_BUF_NEXT(m_at) = op_err; 5039 while (SCTP_BUF_NEXT(m_at) != NULL) { 5040 m_at = SCTP_BUF_NEXT(m_at); 5041 } 5042 } 5043 /* Get total size of init packet */ 5044 sz_of = SCTP_SIZE32(ntohs(init_chk->ch.chunk_length)); 5045 /* pre-calulate the size and update pkt header and chunk header */ 5046 p_len = 0; 5047 for (m_tmp = m; m_tmp; m_tmp = SCTP_BUF_NEXT(m_tmp)) { 5048 p_len += SCTP_BUF_LEN(m_tmp); 5049 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 5050 /* m_tmp should now point to last one */ 5051 break; 5052 } 5053 } 5054 /* 5055 * Figure now the size of the cookie. We know the size of the 5056 * INIT-ACK. The Cookie is going to be the size of INIT, INIT-ACK, 5057 * COOKIE-STRUCTURE and SIGNATURE. 5058 */ 5059 5060 /* 5061 * take our earlier INIT calc and add in the sz we just calculated 5062 * minus the size of the sctphdr (its not included in chunk size 5063 */ 5064 5065 /* add once for the INIT-ACK */ 5066 sz_of += (p_len - sizeof(struct sctphdr)); 5067 5068 /* add a second time for the INIT-ACK in the cookie */ 5069 sz_of += (p_len - sizeof(struct sctphdr)); 5070 5071 /* Now add the cookie header and cookie message struct */ 5072 sz_of += sizeof(struct sctp_state_cookie_param); 5073 /* ...and add the size of our signature */ 5074 sz_of += SCTP_SIGNATURE_SIZE; 5075 initackm_out->msg.ch.chunk_length = htons(sz_of); 5076 5077 /* Now we must build a cookie */ 5078 m_cookie = sctp_add_cookie(inp, init_pkt, offset, m, 5079 sizeof(struct sctphdr), &stc); 5080 if (m_cookie == NULL) { 5081 /* memory problem */ 5082 sctp_m_freem(m); 5083 return; 5084 } 5085 /* Now append the cookie to the end and update the space/size */ 5086 SCTP_BUF_NEXT(m_tmp) = m_cookie; 5087 for (; m_tmp; m_tmp = SCTP_BUF_NEXT(m_tmp)) { 5088 p_len += SCTP_BUF_LEN(m_tmp); 5089 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 5090 /* m_tmp should now point to last one */ 5091 m_last = m_tmp; 5092 break; 5093 } 5094 } 5095 5096 /* 5097 * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return 5098 * here since the timer will drive a retranmission. 5099 */ 5100 padval = p_len % 4; 5101 if ((padval) && (m_last)) { 5102 /* see my previous comments on m_last */ 5103 int ret; 5104 5105 ret = sctp_add_pad_tombuf(m_last, (4 - padval)); 5106 if (ret) { 5107 /* Houston we have a problem, no space */ 5108 sctp_m_freem(m); 5109 return; 5110 } 5111 p_len += padval; 5112 } 5113 sctp_lowlevel_chunk_output(inp, NULL, NULL, to, m, 0, NULL, 0, 0, 5114 NULL, 0); 5115 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 5116 } 5117 5118 5119 void 5120 sctp_insert_on_wheel(struct sctp_tcb *stcb, 5121 struct sctp_association *asoc, 5122 struct sctp_stream_out *strq, int holds_lock) 5123 { 5124 struct sctp_stream_out *stre, *strn; 5125 5126 if (holds_lock == 0) 5127 SCTP_TCB_SEND_LOCK(stcb); 5128 if ((strq->next_spoke.tqe_next) || 5129 (strq->next_spoke.tqe_prev)) { 5130 /* already on wheel */ 5131 goto outof_here; 5132 } 5133 stre = TAILQ_FIRST(&asoc->out_wheel); 5134 if (stre == NULL) { 5135 /* only one on wheel */ 5136 TAILQ_INSERT_HEAD(&asoc->out_wheel, strq, next_spoke); 5137 goto outof_here; 5138 } 5139 for (; stre; stre = strn) { 5140 strn = TAILQ_NEXT(stre, next_spoke); 5141 if (stre->stream_no > strq->stream_no) { 5142 TAILQ_INSERT_BEFORE(stre, strq, next_spoke); 5143 goto outof_here; 5144 } else if (stre->stream_no == strq->stream_no) { 5145 /* huh, should not happen */ 5146 goto outof_here; 5147 } else if (strn == NULL) { 5148 /* next one is null */ 5149 TAILQ_INSERT_AFTER(&asoc->out_wheel, stre, strq, 5150 next_spoke); 5151 } 5152 } 5153 outof_here: 5154 if (holds_lock == 0) 5155 SCTP_TCB_SEND_UNLOCK(stcb); 5156 5157 5158 } 5159 5160 static void 5161 sctp_remove_from_wheel(struct sctp_tcb *stcb, 5162 struct sctp_association *asoc, 5163 struct sctp_stream_out *strq) 5164 { 5165 /* take off and then setup so we know it is not on the wheel */ 5166 SCTP_TCB_SEND_LOCK(stcb); 5167 if (TAILQ_FIRST(&strq->outqueue)) { 5168 /* more was added */ 5169 SCTP_TCB_SEND_UNLOCK(stcb); 5170 return; 5171 } 5172 TAILQ_REMOVE(&asoc->out_wheel, strq, next_spoke); 5173 strq->next_spoke.tqe_next = NULL; 5174 strq->next_spoke.tqe_prev = NULL; 5175 SCTP_TCB_SEND_UNLOCK(stcb); 5176 } 5177 5178 static void 5179 sctp_prune_prsctp(struct sctp_tcb *stcb, 5180 struct sctp_association *asoc, 5181 struct sctp_sndrcvinfo *srcv, 5182 int dataout) 5183 { 5184 int freed_spc = 0; 5185 struct sctp_tmit_chunk *chk, *nchk; 5186 5187 SCTP_TCB_LOCK_ASSERT(stcb); 5188 if ((asoc->peer_supports_prsctp) && 5189 (asoc->sent_queue_cnt_removeable > 0)) { 5190 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 5191 /* 5192 * Look for chunks marked with the PR_SCTP flag AND 5193 * the buffer space flag. If the one being sent is 5194 * equal or greater priority then purge the old one 5195 * and free some space. 5196 */ 5197 if (PR_SCTP_BUF_ENABLED(chk->flags)) { 5198 /* 5199 * This one is PR-SCTP AND buffer space 5200 * limited type 5201 */ 5202 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { 5203 /* 5204 * Lower numbers equates to higher 5205 * priority so if the one we are 5206 * looking at has a larger or equal 5207 * priority we want to drop the data 5208 * and NOT retransmit it. 5209 */ 5210 if (chk->data) { 5211 /* 5212 * We release the book_size 5213 * if the mbuf is here 5214 */ 5215 int ret_spc; 5216 int cause; 5217 5218 if (chk->sent > SCTP_DATAGRAM_UNSENT) 5219 cause = SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_SENT; 5220 else 5221 cause = SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_UNSENT; 5222 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk, 5223 cause, 5224 &asoc->sent_queue); 5225 freed_spc += ret_spc; 5226 if (freed_spc >= dataout) { 5227 return; 5228 } 5229 } /* if chunk was present */ 5230 } /* if of sufficent priority */ 5231 } /* if chunk has enabled */ 5232 } /* tailqforeach */ 5233 5234 chk = TAILQ_FIRST(&asoc->send_queue); 5235 while (chk) { 5236 nchk = TAILQ_NEXT(chk, sctp_next); 5237 /* Here we must move to the sent queue and mark */ 5238 if (PR_SCTP_TTL_ENABLED(chk->flags)) { 5239 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { 5240 if (chk->data) { 5241 /* 5242 * We release the book_size 5243 * if the mbuf is here 5244 */ 5245 int ret_spc; 5246 5247 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk, 5248 SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_UNSENT, 5249 &asoc->send_queue); 5250 5251 freed_spc += ret_spc; 5252 if (freed_spc >= dataout) { 5253 return; 5254 } 5255 } /* end if chk->data */ 5256 } /* end if right class */ 5257 } /* end if chk pr-sctp */ 5258 chk = nchk; 5259 } /* end while (chk) */ 5260 } /* if enabled in asoc */ 5261 } 5262 5263 __inline int 5264 sctp_get_frag_point(struct sctp_tcb *stcb, 5265 struct sctp_association *asoc) 5266 { 5267 int siz, ovh; 5268 5269 /* 5270 * For endpoints that have both v6 and v4 addresses we must reserve 5271 * room for the ipv6 header, for those that are only dealing with V4 5272 * we use a larger frag point. 5273 */ 5274 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 5275 ovh = SCTP_MED_OVERHEAD; 5276 } else { 5277 ovh = SCTP_MED_V4_OVERHEAD; 5278 } 5279 5280 if (stcb->sctp_ep->sctp_frag_point > asoc->smallest_mtu) 5281 siz = asoc->smallest_mtu - ovh; 5282 else 5283 siz = (stcb->sctp_ep->sctp_frag_point - ovh); 5284 /* 5285 * if (siz > (MCLBYTES-sizeof(struct sctp_data_chunk))) { 5286 */ 5287 /* A data chunk MUST fit in a cluster */ 5288 /* siz = (MCLBYTES - sizeof(struct sctp_data_chunk)); */ 5289 /* } */ 5290 5291 /* adjust for an AUTH chunk if DATA requires auth */ 5292 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) 5293 siz -= sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 5294 5295 if (siz % 4) { 5296 /* make it an even word boundary please */ 5297 siz -= (siz % 4); 5298 } 5299 return (siz); 5300 } 5301 5302 static void 5303 sctp_set_prsctp_policy(struct sctp_tcb *stcb, 5304 struct sctp_stream_queue_pending *sp) 5305 { 5306 sp->pr_sctp_on = 0; 5307 if (stcb->asoc.peer_supports_prsctp) { 5308 /* 5309 * We assume that the user wants PR_SCTP_TTL if the user 5310 * provides a positive lifetime but does not specify any 5311 * PR_SCTP policy. This is a BAD assumption and causes 5312 * problems at least with the U-Vancovers MPI folks. I will 5313 * change this to be no policy means NO PR-SCTP. 5314 */ 5315 if (PR_SCTP_ENABLED(sp->sinfo_flags)) { 5316 sp->act_flags |= PR_SCTP_POLICY(sp->sinfo_flags); 5317 sp->pr_sctp_on = 1; 5318 } else { 5319 return; 5320 } 5321 switch (PR_SCTP_POLICY(sp->sinfo_flags)) { 5322 case CHUNK_FLAGS_PR_SCTP_BUF: 5323 /* 5324 * Time to live is a priority stored in tv_sec when 5325 * doing the buffer drop thing. 5326 */ 5327 sp->ts.tv_sec = sp->timetolive; 5328 sp->ts.tv_usec = 0; 5329 break; 5330 case CHUNK_FLAGS_PR_SCTP_TTL: 5331 { 5332 struct timeval tv; 5333 5334 SCTP_GETTIME_TIMEVAL(&sp->ts); 5335 tv.tv_sec = sp->timetolive / 1000; 5336 tv.tv_usec = (sp->timetolive * 1000) % 1000000; 5337 timevaladd(&sp->ts, &tv); 5338 } 5339 break; 5340 case CHUNK_FLAGS_PR_SCTP_RTX: 5341 /* 5342 * Time to live is a the number or retransmissions 5343 * stored in tv_sec. 5344 */ 5345 sp->ts.tv_sec = sp->timetolive; 5346 sp->ts.tv_usec = 0; 5347 break; 5348 default: 5349 #ifdef SCTP_DEBUG 5350 if (sctp_debug_on & SCTP_DEBUG_USRREQ1) { 5351 printf("Unknown PR_SCTP policy %u.\n", PR_SCTP_POLICY(sp->sinfo_flags)); 5352 } 5353 #endif 5354 break; 5355 } 5356 } 5357 } 5358 5359 static int 5360 sctp_msg_append(struct sctp_tcb *stcb, 5361 struct sctp_nets *net, 5362 struct mbuf *m, 5363 struct sctp_sndrcvinfo *srcv, int hold_stcb_lock) 5364 { 5365 int error = 0, holds_lock; 5366 struct mbuf *at; 5367 struct sctp_stream_queue_pending *sp = NULL; 5368 struct sctp_stream_out *strm; 5369 5370 /* 5371 * Given an mbuf chain, put it into the association send queue and 5372 * place it on the wheel 5373 */ 5374 holds_lock = hold_stcb_lock; 5375 if (srcv->sinfo_stream >= stcb->asoc.streamoutcnt) { 5376 /* Invalid stream number */ 5377 error = EINVAL; 5378 goto out_now; 5379 } 5380 if ((stcb->asoc.stream_locked) && 5381 (stcb->asoc.stream_locked_on != srcv->sinfo_stream)) { 5382 error = EAGAIN; 5383 goto out_now; 5384 } 5385 strm = &stcb->asoc.strmout[srcv->sinfo_stream]; 5386 /* Now can we send this? */ 5387 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_SENT) || 5388 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 5389 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 5390 (stcb->asoc.state & SCTP_STATE_SHUTDOWN_PENDING)) { 5391 /* got data while shutting down */ 5392 error = ECONNRESET; 5393 goto out_now; 5394 } 5395 sp = SCTP_ZONE_GET(sctppcbinfo.ipi_zone_strmoq, struct sctp_stream_queue_pending); 5396 if (sp == NULL) { 5397 error = ENOMEM; 5398 goto out_now; 5399 } 5400 SCTP_INCR_STRMOQ_COUNT(); 5401 sp->sinfo_flags = srcv->sinfo_flags; 5402 sp->timetolive = srcv->sinfo_timetolive; 5403 sp->ppid = srcv->sinfo_ppid; 5404 sp->context = srcv->sinfo_context; 5405 sp->strseq = 0; 5406 if (sp->sinfo_flags & SCTP_ADDR_OVER) { 5407 sp->net = net; 5408 sp->addr_over = 1; 5409 } else { 5410 sp->net = stcb->asoc.primary_destination; 5411 sp->addr_over = 0; 5412 } 5413 atomic_add_int(&sp->net->ref_count, 1); 5414 SCTP_GETTIME_TIMEVAL(&sp->ts); 5415 sp->stream = srcv->sinfo_stream; 5416 sp->msg_is_complete = 1; 5417 sp->some_taken = 0; 5418 sp->data = m; 5419 sp->tail_mbuf = NULL; 5420 sp->length = 0; 5421 at = m; 5422 sctp_set_prsctp_policy(stcb, sp); 5423 /* 5424 * We could in theory (for sendall) sifa the length in, but we would 5425 * still have to hunt through the chain since we need to setup the 5426 * tail_mbuf 5427 */ 5428 while (at) { 5429 if (SCTP_BUF_NEXT(at) == NULL) 5430 sp->tail_mbuf = at; 5431 sp->length += SCTP_BUF_LEN(at); 5432 at = SCTP_BUF_NEXT(at); 5433 } 5434 SCTP_TCB_SEND_LOCK(stcb); 5435 sctp_snd_sb_alloc(stcb, sp->length); 5436 stcb->asoc.stream_queue_cnt++; 5437 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next); 5438 if ((srcv->sinfo_flags & SCTP_UNORDERED) == 0) { 5439 sp->strseq = strm->next_sequence_sent; 5440 strm->next_sequence_sent++; 5441 } 5442 if ((strm->next_spoke.tqe_next == NULL) && 5443 (strm->next_spoke.tqe_prev == NULL)) { 5444 /* Not on wheel, insert */ 5445 sctp_insert_on_wheel(stcb, &stcb->asoc, strm, 1); 5446 } 5447 m = NULL; 5448 SCTP_TCB_SEND_UNLOCK(stcb); 5449 out_now: 5450 if (m) { 5451 sctp_m_freem(m); 5452 } 5453 return (error); 5454 } 5455 5456 5457 static struct mbuf * 5458 sctp_copy_mbufchain(struct mbuf *clonechain, 5459 struct mbuf *outchain, 5460 struct mbuf **endofchain, 5461 int can_take_mbuf, 5462 int sizeofcpy, 5463 uint8_t copy_by_ref) 5464 { 5465 struct mbuf *m; 5466 struct mbuf *appendchain; 5467 caddr_t cp; 5468 int len; 5469 5470 if (endofchain == NULL) { 5471 /* error */ 5472 error_out: 5473 if (outchain) 5474 sctp_m_freem(outchain); 5475 return (NULL); 5476 } 5477 if (can_take_mbuf) { 5478 appendchain = clonechain; 5479 } else { 5480 if (!copy_by_ref && (sizeofcpy <= ((((sctp_mbuf_threshold_count - 1) * MLEN) + MHLEN)))) { 5481 /* Its not in a cluster */ 5482 if (*endofchain == NULL) { 5483 /* lets get a mbuf cluster */ 5484 if (outchain == NULL) { 5485 /* This is the general case */ 5486 new_mbuf: 5487 outchain = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_HEADER); 5488 if (outchain == NULL) { 5489 goto error_out; 5490 } 5491 SCTP_BUF_LEN(outchain) = 0; 5492 *endofchain = outchain; 5493 /* get the prepend space */ 5494 SCTP_BUF_RESV_UF(outchain, (SCTP_FIRST_MBUF_RESV + 4)); 5495 } else { 5496 /* 5497 * We really should not get a NULL 5498 * in endofchain 5499 */ 5500 /* find end */ 5501 m = outchain; 5502 while (m) { 5503 if (SCTP_BUF_NEXT(m) == NULL) { 5504 *endofchain = m; 5505 break; 5506 } 5507 m = SCTP_BUF_NEXT(m); 5508 } 5509 /* sanity */ 5510 if (*endofchain == NULL) { 5511 /* 5512 * huh, TSNH XXX maybe we 5513 * should panic 5514 */ 5515 sctp_m_freem(outchain); 5516 goto new_mbuf; 5517 } 5518 } 5519 /* get the new end of length */ 5520 len = M_TRAILINGSPACE(*endofchain); 5521 } else { 5522 /* how much is left at the end? */ 5523 len = M_TRAILINGSPACE(*endofchain); 5524 } 5525 /* Find the end of the data, for appending */ 5526 cp = (mtod((*endofchain), caddr_t)+SCTP_BUF_LEN((*endofchain))); 5527 5528 /* Now lets copy it out */ 5529 if (len >= sizeofcpy) { 5530 /* It all fits, copy it in */ 5531 m_copydata(clonechain, 0, sizeofcpy, cp); 5532 SCTP_BUF_LEN((*endofchain)) += sizeofcpy; 5533 } else { 5534 /* fill up the end of the chain */ 5535 if (len > 0) { 5536 m_copydata(clonechain, 0, len, cp); 5537 SCTP_BUF_LEN((*endofchain)) += len; 5538 /* now we need another one */ 5539 sizeofcpy -= len; 5540 } 5541 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_HEADER); 5542 if (m == NULL) { 5543 /* We failed */ 5544 goto error_out; 5545 } 5546 SCTP_BUF_NEXT((*endofchain)) = m; 5547 *endofchain = m; 5548 cp = mtod((*endofchain), caddr_t); 5549 m_copydata(clonechain, len, sizeofcpy, cp); 5550 SCTP_BUF_LEN((*endofchain)) += sizeofcpy; 5551 } 5552 return (outchain); 5553 } else { 5554 /* copy the old fashion way */ 5555 appendchain = SCTP_M_COPYM(clonechain, 0, M_COPYALL, M_DONTWAIT); 5556 } 5557 } 5558 if (appendchain == NULL) { 5559 /* error */ 5560 if (outchain) 5561 sctp_m_freem(outchain); 5562 return (NULL); 5563 } 5564 if (outchain) { 5565 /* tack on to the end */ 5566 if (*endofchain != NULL) { 5567 SCTP_BUF_NEXT(((*endofchain))) = appendchain; 5568 } else { 5569 m = outchain; 5570 while (m) { 5571 if (SCTP_BUF_NEXT(m) == NULL) { 5572 SCTP_BUF_NEXT(m) = appendchain; 5573 break; 5574 } 5575 m = SCTP_BUF_NEXT(m); 5576 } 5577 } 5578 /* 5579 * save off the end and update the end-chain postion 5580 */ 5581 m = appendchain; 5582 while (m) { 5583 if (SCTP_BUF_NEXT(m) == NULL) { 5584 *endofchain = m; 5585 break; 5586 } 5587 m = SCTP_BUF_NEXT(m); 5588 } 5589 return (outchain); 5590 } else { 5591 /* save off the end and update the end-chain postion */ 5592 m = appendchain; 5593 while (m) { 5594 if (SCTP_BUF_NEXT(m) == NULL) { 5595 *endofchain = m; 5596 break; 5597 } 5598 m = SCTP_BUF_NEXT(m); 5599 } 5600 return (appendchain); 5601 } 5602 } 5603 5604 int 5605 sctp_med_chunk_output(struct sctp_inpcb *inp, 5606 struct sctp_tcb *stcb, 5607 struct sctp_association *asoc, 5608 int *num_out, 5609 int *reason_code, 5610 int control_only, int *cwnd_full, int from_where, 5611 struct timeval *now, int *now_filled, int frag_point); 5612 5613 static void 5614 sctp_sendall_iterator(struct sctp_inpcb *inp, struct sctp_tcb *stcb, void *ptr, 5615 uint32_t val) 5616 { 5617 struct sctp_copy_all *ca; 5618 struct mbuf *m; 5619 int ret = 0; 5620 int added_control = 0; 5621 int un_sent, do_chunk_output = 1; 5622 struct sctp_association *asoc; 5623 5624 ca = (struct sctp_copy_all *)ptr; 5625 if (ca->m == NULL) { 5626 return; 5627 } 5628 if (ca->inp != inp) { 5629 /* TSNH */ 5630 return; 5631 } 5632 if ((ca->m) && ca->sndlen) { 5633 m = SCTP_M_COPYM(ca->m, 0, M_COPYALL, M_DONTWAIT); 5634 if (m == NULL) { 5635 /* can't copy so we are done */ 5636 ca->cnt_failed++; 5637 return; 5638 } 5639 } else { 5640 m = NULL; 5641 } 5642 SCTP_TCB_LOCK_ASSERT(stcb); 5643 if (ca->sndrcv.sinfo_flags & SCTP_ABORT) { 5644 /* Abort this assoc with m as the user defined reason */ 5645 if (m) { 5646 struct sctp_paramhdr *ph; 5647 5648 SCTP_BUF_PREPEND(m, sizeof(struct sctp_paramhdr), M_DONTWAIT); 5649 if (m) { 5650 ph = mtod(m, struct sctp_paramhdr *); 5651 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT); 5652 ph->param_length = htons(ca->sndlen); 5653 } 5654 /* 5655 * We add one here to keep the assoc from 5656 * dis-appearing on us. 5657 */ 5658 atomic_add_int(&stcb->asoc.refcnt, 1); 5659 sctp_abort_an_association(inp, stcb, 5660 SCTP_RESPONSE_TO_USER_REQ, 5661 m); 5662 /* 5663 * sctp_abort_an_association calls sctp_free_asoc() 5664 * free association will NOT free it since we 5665 * incremented the refcnt .. we do this to prevent 5666 * it being freed and things getting tricky since we 5667 * could end up (from free_asoc) calling inpcb_free 5668 * which would get a recursive lock call to the 5669 * iterator lock.. But as a consequence of that the 5670 * stcb will return to us un-locked.. since 5671 * free_asoc returns with either no TCB or the TCB 5672 * unlocked, we must relock.. to unlock in the 5673 * iterator timer :-0 5674 */ 5675 SCTP_TCB_LOCK(stcb); 5676 atomic_add_int(&stcb->asoc.refcnt, -1); 5677 goto no_chunk_output; 5678 } 5679 } else { 5680 if (m) { 5681 ret = sctp_msg_append(stcb, stcb->asoc.primary_destination, m, 5682 &ca->sndrcv, 1); 5683 } 5684 asoc = &stcb->asoc; 5685 if (ca->sndrcv.sinfo_flags & SCTP_EOF) { 5686 /* shutdown this assoc */ 5687 if (TAILQ_EMPTY(&asoc->send_queue) && 5688 TAILQ_EMPTY(&asoc->sent_queue) && 5689 (asoc->stream_queue_cnt == 0)) { 5690 if (asoc->locked_on_sending) { 5691 goto abort_anyway; 5692 } 5693 /* 5694 * there is nothing queued to send, so I'm 5695 * done... 5696 */ 5697 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 5698 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 5699 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 5700 /* 5701 * only send SHUTDOWN the first time 5702 * through 5703 */ 5704 sctp_send_shutdown(stcb, stcb->asoc.primary_destination); 5705 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) { 5706 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 5707 } 5708 asoc->state = SCTP_STATE_SHUTDOWN_SENT; 5709 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, 5710 asoc->primary_destination); 5711 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 5712 asoc->primary_destination); 5713 added_control = 1; 5714 do_chunk_output = 0; 5715 } 5716 } else { 5717 /* 5718 * we still got (or just got) data to send, 5719 * so set SHUTDOWN_PENDING 5720 */ 5721 /* 5722 * XXX sockets draft says that SCTP_EOF 5723 * should be sent with no data. currently, 5724 * we will allow user data to be sent first 5725 * and move to SHUTDOWN-PENDING 5726 */ 5727 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 5728 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 5729 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 5730 if (asoc->locked_on_sending) { 5731 /* 5732 * Locked to send out the 5733 * data 5734 */ 5735 struct sctp_stream_queue_pending *sp; 5736 5737 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead); 5738 if (sp) { 5739 if ((sp->length == 0) && (sp->msg_is_complete == 0)) 5740 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT; 5741 } 5742 } 5743 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING; 5744 if (TAILQ_EMPTY(&asoc->send_queue) && 5745 TAILQ_EMPTY(&asoc->sent_queue) && 5746 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) { 5747 abort_anyway: 5748 atomic_add_int(&stcb->asoc.refcnt, 1); 5749 sctp_abort_an_association(stcb->sctp_ep, stcb, 5750 SCTP_RESPONSE_TO_USER_REQ, 5751 NULL); 5752 atomic_add_int(&stcb->asoc.refcnt, -1); 5753 goto no_chunk_output; 5754 } 5755 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 5756 asoc->primary_destination); 5757 } 5758 } 5759 5760 } 5761 } 5762 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 5763 ((stcb->asoc.chunks_on_out_queue - stcb->asoc.total_flight_count) * sizeof(struct sctp_data_chunk))); 5764 5765 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 5766 (stcb->asoc.total_flight > 0) && 5767 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD)) 5768 ) { 5769 do_chunk_output = 0; 5770 } 5771 if (do_chunk_output) 5772 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND); 5773 else if (added_control) { 5774 int num_out = 0, reason = 0, cwnd_full = 0, now_filled = 0; 5775 struct timeval now; 5776 int frag_point; 5777 5778 frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 5779 sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out, 5780 &reason, 1, &cwnd_full, 1, &now, &now_filled, frag_point); 5781 } 5782 no_chunk_output: 5783 if (ret) { 5784 ca->cnt_failed++; 5785 } else { 5786 ca->cnt_sent++; 5787 } 5788 } 5789 5790 static void 5791 sctp_sendall_completes(void *ptr, uint32_t val) 5792 { 5793 struct sctp_copy_all *ca; 5794 5795 ca = (struct sctp_copy_all *)ptr; 5796 /* 5797 * Do a notify here? Kacheong suggests that the notify be done at 5798 * the send time.. so you would push up a notification if any send 5799 * failed. Don't know if this is feasable since the only failures we 5800 * have is "memory" related and if you cannot get an mbuf to send 5801 * the data you surely can't get an mbuf to send up to notify the 5802 * user you can't send the data :-> 5803 */ 5804 5805 /* now free everything */ 5806 sctp_m_freem(ca->m); 5807 SCTP_FREE(ca); 5808 } 5809 5810 5811 #define MC_ALIGN(m, len) do { \ 5812 SCTP_BUF_RESV_UF(m, ((MCLBYTES - (len)) & ~(sizeof(long) - 1)); \ 5813 } while (0) 5814 5815 5816 5817 static struct mbuf * 5818 sctp_copy_out_all(struct uio *uio, int len) 5819 { 5820 struct mbuf *ret, *at; 5821 int left, willcpy, cancpy, error; 5822 5823 ret = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_WAIT, 1, MT_DATA); 5824 if (ret == NULL) { 5825 /* TSNH */ 5826 return (NULL); 5827 } 5828 left = len; 5829 SCTP_BUF_LEN(ret) = 0; 5830 /* save space for the data chunk header */ 5831 cancpy = M_TRAILINGSPACE(ret); 5832 willcpy = min(cancpy, left); 5833 at = ret; 5834 while (left > 0) { 5835 /* Align data to the end */ 5836 error = uiomove(mtod(at, caddr_t), willcpy, uio); 5837 if (error) { 5838 err_out_now: 5839 sctp_m_freem(at); 5840 return (NULL); 5841 } 5842 SCTP_BUF_LEN(at) = willcpy; 5843 SCTP_BUF_NEXT_PKT(at) = SCTP_BUF_NEXT(at) = 0; 5844 left -= willcpy; 5845 if (left > 0) { 5846 SCTP_BUF_NEXT(at) = sctp_get_mbuf_for_msg(left, 0, M_WAIT, 1, MT_DATA); 5847 if (SCTP_BUF_NEXT(at) == NULL) { 5848 goto err_out_now; 5849 } 5850 at = SCTP_BUF_NEXT(at); 5851 SCTP_BUF_LEN(at) = 0; 5852 cancpy = M_TRAILINGSPACE(at); 5853 willcpy = min(cancpy, left); 5854 } 5855 } 5856 return (ret); 5857 } 5858 5859 static int 5860 sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m, 5861 struct sctp_sndrcvinfo *srcv) 5862 { 5863 int ret; 5864 struct sctp_copy_all *ca; 5865 5866 SCTP_MALLOC(ca, struct sctp_copy_all *, sizeof(struct sctp_copy_all), 5867 "CopyAll"); 5868 if (ca == NULL) { 5869 sctp_m_freem(m); 5870 return (ENOMEM); 5871 } 5872 memset(ca, 0, sizeof(struct sctp_copy_all)); 5873 5874 ca->inp = inp; 5875 ca->sndrcv = *srcv; 5876 /* 5877 * take off the sendall flag, it would be bad if we failed to do 5878 * this :-0 5879 */ 5880 ca->sndrcv.sinfo_flags &= ~SCTP_SENDALL; 5881 /* get length and mbuf chain */ 5882 if (uio) { 5883 ca->sndlen = uio->uio_resid; 5884 ca->m = sctp_copy_out_all(uio, ca->sndlen); 5885 if (ca->m == NULL) { 5886 SCTP_FREE(ca); 5887 return (ENOMEM); 5888 } 5889 } else { 5890 /* Gather the length of the send */ 5891 struct mbuf *mat; 5892 5893 mat = m; 5894 ca->sndlen = 0; 5895 while (m) { 5896 ca->sndlen += SCTP_BUF_LEN(m); 5897 m = SCTP_BUF_NEXT(m); 5898 } 5899 ca->m = m; 5900 } 5901 ret = sctp_initiate_iterator(NULL, sctp_sendall_iterator, NULL, 5902 SCTP_PCB_ANY_FLAGS, SCTP_PCB_ANY_FEATURES, SCTP_ASOC_ANY_STATE, 5903 (void *)ca, 0, 5904 sctp_sendall_completes, inp, 1); 5905 if (ret) { 5906 #ifdef SCTP_DEBUG 5907 printf("Failed to initiate iterator for sendall\n"); 5908 #endif 5909 SCTP_FREE(ca); 5910 return (EFAULT); 5911 } 5912 return (0); 5913 } 5914 5915 5916 void 5917 sctp_toss_old_cookies(struct sctp_tcb *stcb, struct sctp_association *asoc) 5918 { 5919 struct sctp_tmit_chunk *chk, *nchk; 5920 5921 chk = TAILQ_FIRST(&asoc->control_send_queue); 5922 while (chk) { 5923 nchk = TAILQ_NEXT(chk, sctp_next); 5924 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) { 5925 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 5926 if (chk->data) { 5927 sctp_m_freem(chk->data); 5928 chk->data = NULL; 5929 } 5930 asoc->ctrl_queue_cnt--; 5931 if (chk->whoTo) 5932 sctp_free_remote_addr(chk->whoTo); 5933 sctp_free_a_chunk(stcb, chk); 5934 } 5935 chk = nchk; 5936 } 5937 } 5938 5939 void 5940 sctp_toss_old_asconf(struct sctp_tcb *stcb) 5941 { 5942 struct sctp_association *asoc; 5943 struct sctp_tmit_chunk *chk, *chk_tmp; 5944 5945 asoc = &stcb->asoc; 5946 for (chk = TAILQ_FIRST(&asoc->control_send_queue); chk != NULL; 5947 chk = chk_tmp) { 5948 /* get next chk */ 5949 chk_tmp = TAILQ_NEXT(chk, sctp_next); 5950 /* find SCTP_ASCONF chunk in queue (only one ever in queue) */ 5951 if (chk->rec.chunk_id.id == SCTP_ASCONF) { 5952 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 5953 if (chk->data) { 5954 sctp_m_freem(chk->data); 5955 chk->data = NULL; 5956 } 5957 asoc->ctrl_queue_cnt--; 5958 if (chk->whoTo) 5959 sctp_free_remote_addr(chk->whoTo); 5960 sctp_free_a_chunk(stcb, chk); 5961 } 5962 } 5963 } 5964 5965 5966 static __inline void 5967 sctp_clean_up_datalist(struct sctp_tcb *stcb, 5968 5969 struct sctp_association *asoc, 5970 struct sctp_tmit_chunk **data_list, 5971 int bundle_at, 5972 struct sctp_nets *net) 5973 { 5974 int i; 5975 struct sctp_tmit_chunk *tp1; 5976 5977 for (i = 0; i < bundle_at; i++) { 5978 /* off of the send queue */ 5979 if (i) { 5980 /* 5981 * Any chunk NOT 0 you zap the time chunk 0 gets 5982 * zapped or set based on if a RTO measurment is 5983 * needed. 5984 */ 5985 data_list[i]->do_rtt = 0; 5986 } 5987 /* record time */ 5988 data_list[i]->sent_rcv_time = net->last_sent_time; 5989 data_list[i]->rec.data.fast_retran_tsn = data_list[i]->rec.data.TSN_seq; 5990 TAILQ_REMOVE(&asoc->send_queue, 5991 data_list[i], 5992 sctp_next); 5993 /* on to the sent queue */ 5994 tp1 = TAILQ_LAST(&asoc->sent_queue, sctpchunk_listhead); 5995 if ((tp1) && (compare_with_wrap(tp1->rec.data.TSN_seq, 5996 data_list[i]->rec.data.TSN_seq, MAX_TSN))) { 5997 struct sctp_tmit_chunk *tpp; 5998 5999 /* need to move back */ 6000 back_up_more: 6001 tpp = TAILQ_PREV(tp1, sctpchunk_listhead, sctp_next); 6002 if (tpp == NULL) { 6003 TAILQ_INSERT_BEFORE(tp1, data_list[i], sctp_next); 6004 goto all_done; 6005 } 6006 tp1 = tpp; 6007 if (compare_with_wrap(tp1->rec.data.TSN_seq, 6008 data_list[i]->rec.data.TSN_seq, MAX_TSN)) { 6009 goto back_up_more; 6010 } 6011 TAILQ_INSERT_AFTER(&asoc->sent_queue, tp1, data_list[i], sctp_next); 6012 } else { 6013 TAILQ_INSERT_TAIL(&asoc->sent_queue, 6014 data_list[i], 6015 sctp_next); 6016 } 6017 all_done: 6018 /* This does not lower until the cum-ack passes it */ 6019 asoc->sent_queue_cnt++; 6020 asoc->send_queue_cnt--; 6021 if ((asoc->peers_rwnd <= 0) && 6022 (asoc->total_flight == 0) && 6023 (bundle_at == 1)) { 6024 /* Mark the chunk as being a window probe */ 6025 SCTP_STAT_INCR(sctps_windowprobed); 6026 } 6027 #ifdef SCTP_AUDITING_ENABLED 6028 sctp_audit_log(0xC2, 3); 6029 #endif 6030 data_list[i]->sent = SCTP_DATAGRAM_SENT; 6031 data_list[i]->snd_count = 1; 6032 data_list[i]->rec.data.chunk_was_revoked = 0; 6033 #ifdef SCTP_FLIGHT_LOGGING 6034 sctp_misc_ints(SCTP_FLIGHT_LOG_UP, 6035 data_list[i]->whoTo->flight_size, 6036 data_list[i]->book_size, 6037 (uintptr_t) stcb, 6038 data_list[i]->rec.data.TSN_seq); 6039 #endif 6040 net->flight_size += data_list[i]->book_size; 6041 asoc->total_flight += data_list[i]->book_size; 6042 asoc->total_flight_count++; 6043 #ifdef SCTP_LOG_RWND 6044 sctp_log_rwnd(SCTP_DECREASE_PEER_RWND, 6045 asoc->peers_rwnd, data_list[i]->send_size, sctp_peer_chunk_oh); 6046 #endif 6047 asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd, 6048 (uint32_t) (data_list[i]->send_size + sctp_peer_chunk_oh)); 6049 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) { 6050 /* SWS sender side engages */ 6051 asoc->peers_rwnd = 0; 6052 } 6053 } 6054 } 6055 6056 static __inline void 6057 sctp_clean_up_ctl(struct sctp_tcb *stcb, struct sctp_association *asoc) 6058 { 6059 struct sctp_tmit_chunk *chk, *nchk; 6060 6061 for (chk = TAILQ_FIRST(&asoc->control_send_queue); 6062 chk; chk = nchk) { 6063 nchk = TAILQ_NEXT(chk, sctp_next); 6064 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 6065 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) || 6066 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_ACK) || 6067 (chk->rec.chunk_id.id == SCTP_SHUTDOWN) || 6068 (chk->rec.chunk_id.id == SCTP_SHUTDOWN_ACK) || 6069 (chk->rec.chunk_id.id == SCTP_OPERATION_ERROR) || 6070 (chk->rec.chunk_id.id == SCTP_PACKET_DROPPED) || 6071 (chk->rec.chunk_id.id == SCTP_COOKIE_ACK) || 6072 (chk->rec.chunk_id.id == SCTP_ECN_CWR) || 6073 (chk->rec.chunk_id.id == SCTP_ASCONF_ACK)) { 6074 /* Stray chunks must be cleaned up */ 6075 clean_up_anyway: 6076 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 6077 if (chk->data) { 6078 sctp_m_freem(chk->data); 6079 chk->data = NULL; 6080 } 6081 asoc->ctrl_queue_cnt--; 6082 sctp_free_remote_addr(chk->whoTo); 6083 sctp_free_a_chunk(stcb, chk); 6084 } else if (chk->rec.chunk_id.id == SCTP_STREAM_RESET) { 6085 /* special handling, we must look into the param */ 6086 if (chk != asoc->str_reset) { 6087 goto clean_up_anyway; 6088 } 6089 } 6090 } 6091 } 6092 6093 6094 static __inline int 6095 sctp_can_we_split_this(struct sctp_tcb *stcb, 6096 struct sctp_stream_queue_pending *sp, 6097 int goal_mtu, int frag_point, int eeor_on) 6098 { 6099 /* 6100 * Make a decision on if I should split a msg into multiple parts. 6101 */ 6102 if (goal_mtu < sctp_min_split_point) { 6103 /* you don't want enough */ 6104 return (0); 6105 } 6106 if ((sp->length <= goal_mtu) || ((sp->length - goal_mtu) < sctp_min_residual)) { 6107 /* Sub-optimial residual don't split */ 6108 return (0); 6109 } 6110 if (sp->msg_is_complete == 0) { 6111 if (eeor_on) { 6112 /* 6113 * If we are doing EEOR we need to always send it if 6114 * its the entire thing. 6115 */ 6116 if (goal_mtu >= sp->length) 6117 return (sp->length); 6118 } else { 6119 if (goal_mtu >= sp->length) { 6120 /* 6121 * If we cannot fill the amount needed there 6122 * is no sense of splitting the chunk. 6123 */ 6124 return (0); 6125 } 6126 } 6127 /* 6128 * If we reach here sp->length is larger than the goal_mtu. 6129 * Do we wish to split it for the sake of packet putting 6130 * together? 6131 */ 6132 if (goal_mtu >= min(sctp_min_split_point, stcb->asoc.smallest_mtu)) { 6133 /* Its ok to split it */ 6134 return (min(goal_mtu, frag_point)); 6135 } 6136 } else { 6137 /* We can always split a complete message to make it fit */ 6138 if (goal_mtu >= sp->length) 6139 /* Take it all */ 6140 return (sp->length); 6141 6142 return (min(goal_mtu, frag_point)); 6143 } 6144 /* Nope, can't split */ 6145 return (0); 6146 6147 } 6148 6149 static int 6150 sctp_move_to_outqueue(struct sctp_tcb *stcb, struct sctp_nets *net, 6151 struct sctp_stream_out *strq, 6152 int goal_mtu, 6153 int frag_point, 6154 int *locked, 6155 int *giveup, 6156 int eeor_mode) 6157 { 6158 /* Move from the stream to the send_queue keeping track of the total */ 6159 struct sctp_association *asoc; 6160 struct sctp_stream_queue_pending *sp; 6161 struct sctp_tmit_chunk *chk; 6162 struct sctp_data_chunk *dchkh; 6163 int to_move; 6164 uint8_t rcv_flags = 0; 6165 uint8_t some_taken; 6166 uint8_t took_all = 0; 6167 6168 SCTP_TCB_LOCK_ASSERT(stcb); 6169 asoc = &stcb->asoc; 6170 sp = TAILQ_FIRST(&strq->outqueue); 6171 if (sp == NULL) { 6172 *locked = 0; 6173 SCTP_TCB_SEND_LOCK(stcb); 6174 if (strq->last_msg_incomplete) { 6175 printf("Huh? Stream:%d lm_in_c=%d but queue is NULL\n", 6176 strq->stream_no, strq->last_msg_incomplete); 6177 strq->last_msg_incomplete = 0; 6178 } 6179 SCTP_TCB_SEND_UNLOCK(stcb); 6180 return (0); 6181 } 6182 SCTP_TCB_SEND_LOCK(stcb); 6183 if ((sp->length == 0) && (sp->msg_is_complete == 0)) { 6184 /* Must wait for more data, must be last msg */ 6185 *locked = 1; 6186 *giveup = 1; 6187 SCTP_TCB_SEND_UNLOCK(stcb); 6188 return (0); 6189 } else if (sp->length == 0) { 6190 /* This should not happen */ 6191 panic("sp length is 0?"); 6192 } 6193 some_taken = sp->some_taken; 6194 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 6195 sp->msg_is_complete = 1; 6196 } 6197 if (sp->msg_is_complete) { 6198 /* The message is complete */ 6199 to_move = min(sp->length, frag_point); 6200 if (to_move == sp->length) { 6201 /* All of it fits in the MTU */ 6202 if (sp->some_taken) { 6203 rcv_flags |= SCTP_DATA_LAST_FRAG; 6204 } else { 6205 rcv_flags |= SCTP_DATA_NOT_FRAG; 6206 } 6207 } else { 6208 /* Not all of it fits, we fragment */ 6209 if (sp->some_taken == 0) { 6210 rcv_flags |= SCTP_DATA_FIRST_FRAG; 6211 } 6212 sp->some_taken = 1; 6213 } 6214 } else { 6215 to_move = sctp_can_we_split_this(stcb, sp, goal_mtu, 6216 frag_point, eeor_mode); 6217 if (to_move) { 6218 if (to_move >= sp->length) { 6219 to_move = sp->length; 6220 } 6221 if (sp->some_taken == 0) { 6222 rcv_flags |= SCTP_DATA_FIRST_FRAG; 6223 } 6224 sp->some_taken = 1; 6225 } else { 6226 if (sp->some_taken) { 6227 *locked = 1; 6228 } 6229 *giveup = 1; 6230 SCTP_TCB_SEND_UNLOCK(stcb); 6231 return (0); 6232 } 6233 } 6234 SCTP_TCB_SEND_UNLOCK(stcb); 6235 /* If we reach here, we can copy out a chunk */ 6236 sctp_alloc_a_chunk(stcb, chk); 6237 if (chk == NULL) { 6238 /* No chunk memory */ 6239 out_gu: 6240 *giveup = 1; 6241 return (0); 6242 } 6243 /* 6244 * Setup for unordered if needed by looking at the user sent info 6245 * flags. 6246 */ 6247 if (sp->sinfo_flags & SCTP_UNORDERED) { 6248 rcv_flags |= SCTP_DATA_UNORDERED; 6249 } 6250 /* clear out the chunk before setting up */ 6251 memset(chk, sizeof(*chk), 0); 6252 chk->rec.data.rcv_flags = rcv_flags; 6253 SCTP_TCB_SEND_LOCK(stcb); 6254 if (SCTP_BUF_IS_EXTENDED(sp->data)) { 6255 chk->copy_by_ref = 1; 6256 } else { 6257 chk->copy_by_ref = 0; 6258 } 6259 if (to_move >= sp->length) { 6260 /* we can steal the whole thing */ 6261 chk->data = sp->data; 6262 chk->last_mbuf = sp->tail_mbuf; 6263 /* register the stealing */ 6264 sp->data = sp->tail_mbuf = NULL; 6265 took_all = 1; 6266 } else { 6267 struct mbuf *m; 6268 6269 chk->data = SCTP_M_COPYM(sp->data, 0, to_move, M_DONTWAIT); 6270 chk->last_mbuf = NULL; 6271 if (chk->data == NULL) { 6272 sp->some_taken = some_taken; 6273 sctp_free_a_chunk(stcb, chk); 6274 SCTP_TCB_SEND_UNLOCK(stcb); 6275 goto out_gu; 6276 } 6277 /* Pull off the data */ 6278 m_adj(sp->data, to_move); 6279 /* Now lets work our way down and compact it */ 6280 m = sp->data; 6281 while (m && (SCTP_BUF_LEN(m) == 0)) { 6282 sp->data = SCTP_BUF_NEXT(m); 6283 SCTP_BUF_NEXT(m) = NULL; 6284 if (sp->tail_mbuf == m) { 6285 /* freeing tail */ 6286 sp->tail_mbuf = sp->data; 6287 } 6288 sctp_m_free(m); 6289 m = sp->data; 6290 } 6291 } 6292 if (to_move > sp->length) { 6293 panic("Huh, how can to_move be larger?"); 6294 } else { 6295 sp->length -= to_move; 6296 } 6297 6298 if (M_LEADINGSPACE(chk->data) < sizeof(struct sctp_data_chunk)) { 6299 /* Not enough room for a chunk header, get some */ 6300 struct mbuf *m; 6301 6302 m = sctp_get_mbuf_for_msg(1, 0, M_DONTWAIT, 0, MT_DATA); 6303 if (m == NULL) { 6304 /* 6305 * we're in trouble here. _PREPEND below will free 6306 * all the data if there is no leading space, so we 6307 * must put the data back and restore. 6308 */ 6309 if (took_all) { 6310 /* unsteal the data */ 6311 sp->data = chk->data; 6312 sp->tail_mbuf = chk->last_mbuf; 6313 } else { 6314 struct mbuf *m; 6315 6316 /* reassemble the data */ 6317 m = sp->data; 6318 sp->data = chk->data; 6319 SCTP_BUF_NEXT(sp->data) = m; 6320 } 6321 sp->some_taken = some_taken; 6322 sp->length += to_move; 6323 chk->data = NULL; 6324 sctp_free_a_chunk(stcb, chk); 6325 SCTP_TCB_SEND_UNLOCK(stcb); 6326 goto out_gu; 6327 } else { 6328 SCTP_BUF_LEN(m) = 0; 6329 SCTP_BUF_NEXT(m) = chk->data; 6330 chk->data = m; 6331 M_ALIGN(chk->data, 4); 6332 } 6333 } 6334 SCTP_BUF_PREPEND(chk->data, sizeof(struct sctp_data_chunk), M_DONTWAIT); 6335 if (chk->data == NULL) { 6336 /* HELP */ 6337 sctp_free_a_chunk(stcb, chk); 6338 SCTP_TCB_SEND_UNLOCK(stcb); 6339 goto out_gu; 6340 } 6341 sctp_snd_sb_alloc(stcb, sizeof(struct sctp_data_chunk)); 6342 chk->book_size = chk->send_size = (to_move + 6343 sizeof(struct sctp_data_chunk)); 6344 chk->book_size_scale = 0; 6345 chk->sent = SCTP_DATAGRAM_UNSENT; 6346 6347 /* 6348 * get last_mbuf and counts of mb useage This is ugly but hopefully 6349 * its only one mbuf. 6350 */ 6351 if (chk->last_mbuf == NULL) { 6352 chk->last_mbuf = chk->data; 6353 while (SCTP_BUF_NEXT(chk->last_mbuf) != NULL) { 6354 chk->last_mbuf = SCTP_BUF_NEXT(chk->last_mbuf); 6355 } 6356 } 6357 chk->flags = 0; 6358 chk->asoc = &stcb->asoc; 6359 chk->pad_inplace = 0; 6360 chk->no_fr_allowed = 0; 6361 chk->rec.data.stream_seq = sp->strseq; 6362 chk->rec.data.stream_number = sp->stream; 6363 chk->rec.data.payloadtype = sp->ppid; 6364 chk->rec.data.context = sp->context; 6365 chk->rec.data.doing_fast_retransmit = 0; 6366 chk->rec.data.ect_nonce = 0; /* ECN Nonce */ 6367 6368 chk->rec.data.timetodrop = sp->ts; 6369 chk->flags = sp->act_flags; 6370 chk->addr_over = sp->addr_over; 6371 6372 chk->whoTo = net; 6373 atomic_add_int(&chk->whoTo->ref_count, 1); 6374 6375 chk->rec.data.TSN_seq = atomic_fetchadd_int(&asoc->sending_seq, 1); 6376 #ifdef SCTP_LOG_SENDING_STR 6377 sctp_misc_ints(SCTP_STRMOUT_LOG_SEND, 6378 (uintptr_t) stcb, (uintptr_t) sp, 6379 (uint32_t) ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq), 6380 chk->rec.data.TSN_seq); 6381 #endif 6382 6383 dchkh = mtod(chk->data, struct sctp_data_chunk *); 6384 /* 6385 * Put the rest of the things in place now. Size was done earlier in 6386 * previous loop prior to padding. 6387 */ 6388 6389 #ifdef SCTP_ASOCLOG_OF_TSNS 6390 asoc->out_tsnlog[asoc->tsn_out_at].tsn = chk->rec.data.TSN_seq; 6391 asoc->out_tsnlog[asoc->tsn_out_at].strm = chk->rec.data.stream_number; 6392 asoc->out_tsnlog[asoc->tsn_out_at].seq = chk->rec.data.stream_seq; 6393 asoc->tsn_out_at++; 6394 if (asoc->tsn_out_at >= SCTP_TSN_LOG_SIZE) { 6395 asoc->tsn_out_at = 0; 6396 } 6397 #endif 6398 6399 dchkh->ch.chunk_type = SCTP_DATA; 6400 dchkh->ch.chunk_flags = chk->rec.data.rcv_flags; 6401 dchkh->dp.tsn = htonl(chk->rec.data.TSN_seq); 6402 dchkh->dp.stream_id = htons(strq->stream_no); 6403 dchkh->dp.stream_sequence = htons(chk->rec.data.stream_seq); 6404 dchkh->dp.protocol_id = chk->rec.data.payloadtype; 6405 dchkh->ch.chunk_length = htons(chk->send_size); 6406 /* Now advance the chk->send_size by the actual pad needed. */ 6407 if (chk->send_size < SCTP_SIZE32(chk->book_size)) { 6408 /* need a pad */ 6409 struct mbuf *lm; 6410 int pads; 6411 6412 pads = SCTP_SIZE32(chk->book_size) - chk->send_size; 6413 if (sctp_pad_lastmbuf(chk->data, pads, chk->last_mbuf) == 0) { 6414 chk->pad_inplace = 1; 6415 } 6416 if ((lm = SCTP_BUF_NEXT(chk->last_mbuf)) != NULL) { 6417 /* pad added an mbuf */ 6418 chk->last_mbuf = lm; 6419 } 6420 chk->send_size += pads; 6421 } 6422 /* We only re-set the policy if it is on */ 6423 if (sp->pr_sctp_on) { 6424 sctp_set_prsctp_policy(stcb, sp); 6425 } 6426 if (sp->msg_is_complete && (sp->length == 0)) { 6427 /* All done pull and kill the message */ 6428 asoc->stream_queue_cnt--; 6429 TAILQ_REMOVE(&strq->outqueue, sp, next); 6430 sctp_free_remote_addr(sp->net); 6431 if (sp->data) { 6432 sctp_m_freem(sp->data); 6433 sp->data = NULL; 6434 } 6435 sctp_free_a_strmoq(stcb, sp); 6436 6437 /* we can't be locked to it */ 6438 *locked = 0; 6439 stcb->asoc.locked_on_sending = NULL; 6440 } else { 6441 /* more to go, we are locked */ 6442 *locked = 1; 6443 } 6444 asoc->chunks_on_out_queue++; 6445 if (sp->pr_sctp_on) { 6446 asoc->pr_sctp_cnt++; 6447 chk->pr_sctp_on = 1; 6448 } else { 6449 chk->pr_sctp_on = 0; 6450 } 6451 TAILQ_INSERT_TAIL(&asoc->send_queue, chk, sctp_next); 6452 asoc->send_queue_cnt++; 6453 SCTP_TCB_SEND_UNLOCK(stcb); 6454 return (to_move); 6455 } 6456 6457 6458 static struct sctp_stream_out * 6459 sctp_select_a_stream(struct sctp_tcb *stcb, struct sctp_association *asoc) 6460 { 6461 struct sctp_stream_out *strq; 6462 6463 /* Find the next stream to use */ 6464 if (asoc->last_out_stream == NULL) { 6465 strq = asoc->last_out_stream = TAILQ_FIRST(&asoc->out_wheel); 6466 if (asoc->last_out_stream == NULL) { 6467 /* huh nothing on the wheel, TSNH */ 6468 return (NULL); 6469 } 6470 goto done_it; 6471 } 6472 strq = TAILQ_NEXT(asoc->last_out_stream, next_spoke); 6473 done_it: 6474 if (strq == NULL) { 6475 strq = asoc->last_out_stream = TAILQ_FIRST(&asoc->out_wheel); 6476 } 6477 return (strq); 6478 6479 } 6480 6481 static void 6482 sctp_fill_outqueue(struct sctp_tcb *stcb, 6483 struct sctp_nets *net, int frag_point, int eeor_mode) 6484 { 6485 struct sctp_association *asoc; 6486 struct sctp_stream_out *strq, *strqn, *strqt; 6487 int goal_mtu, moved_how_much, total_moved = 0; 6488 int locked, giveup; 6489 struct sctp_stream_queue_pending *sp; 6490 6491 SCTP_TCB_LOCK_ASSERT(stcb); 6492 asoc = &stcb->asoc; 6493 #ifdef INET6 6494 if (net->ro._l_addr.sin6.sin6_family == AF_INET6) { 6495 goal_mtu = net->mtu - SCTP_MIN_OVERHEAD; 6496 } else { 6497 /* ?? not sure what else to do */ 6498 goal_mtu = net->mtu - SCTP_MIN_V4_OVERHEAD; 6499 } 6500 #else 6501 goal_mtu = net->mtu - SCTP_MIN_OVERHEAD; 6502 mtu_fromwheel = 0; 6503 #endif 6504 /* Need an allowance for the data chunk header too */ 6505 goal_mtu -= sizeof(struct sctp_data_chunk); 6506 6507 /* must make even word boundary */ 6508 goal_mtu &= 0xfffffffc; 6509 if (asoc->locked_on_sending) { 6510 /* We are stuck on one stream until the message completes. */ 6511 strqn = strq = asoc->locked_on_sending; 6512 locked = 1; 6513 } else { 6514 strqn = strq = sctp_select_a_stream(stcb, asoc); 6515 locked = 0; 6516 } 6517 6518 while ((goal_mtu > 0) && strq) { 6519 sp = TAILQ_FIRST(&strq->outqueue); 6520 /* 6521 * If CMT is off, we must validate that the stream in 6522 * question has the first item pointed towards are network 6523 * destionation requested by the caller. Note that if we 6524 * turn out to be locked to a stream (assigning TSN's then 6525 * we must stop, since we cannot look for another stream 6526 * with data to send to that destination). In CMT's case, by 6527 * skipping this check, we will send one data packet towards 6528 * the requested net. 6529 */ 6530 if (sp == NULL) { 6531 break; 6532 } 6533 if ((sp->net != net) && (sctp_cmt_on_off == 0)) { 6534 /* none for this network */ 6535 if (locked) { 6536 break; 6537 } else { 6538 strq = sctp_select_a_stream(stcb, asoc); 6539 if (strq == NULL) 6540 /* none left */ 6541 break; 6542 if (strqn == strq) { 6543 /* I have circled */ 6544 break; 6545 } 6546 continue; 6547 } 6548 } 6549 giveup = 0; 6550 moved_how_much = sctp_move_to_outqueue(stcb, net, strq, goal_mtu, frag_point, &locked, 6551 &giveup, eeor_mode); 6552 asoc->last_out_stream = strq; 6553 if (locked) { 6554 asoc->locked_on_sending = strq; 6555 if ((moved_how_much == 0) || (giveup)) 6556 /* no more to move for now */ 6557 break; 6558 } else { 6559 asoc->locked_on_sending = NULL; 6560 strqt = sctp_select_a_stream(stcb, asoc); 6561 if (TAILQ_FIRST(&strq->outqueue) == NULL) { 6562 sctp_remove_from_wheel(stcb, asoc, strq); 6563 } 6564 if (giveup) { 6565 break; 6566 } 6567 strq = strqt; 6568 if (strq == NULL) { 6569 break; 6570 } 6571 } 6572 total_moved += moved_how_much; 6573 goal_mtu -= (moved_how_much + sizeof(struct sctp_data_chunk)); 6574 goal_mtu &= 0xfffffffc; 6575 } 6576 if (total_moved == 0) { 6577 if ((sctp_cmt_on_off == 0) && 6578 (net == stcb->asoc.primary_destination)) { 6579 /* ran dry for primary network net */ 6580 SCTP_STAT_INCR(sctps_primary_randry); 6581 } else if (sctp_cmt_on_off) { 6582 /* ran dry with CMT on */ 6583 SCTP_STAT_INCR(sctps_cmt_randry); 6584 } 6585 } 6586 } 6587 6588 __inline void 6589 sctp_fix_ecn_echo(struct sctp_association *asoc) 6590 { 6591 struct sctp_tmit_chunk *chk; 6592 6593 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 6594 if (chk->rec.chunk_id.id == SCTP_ECN_ECHO) { 6595 chk->sent = SCTP_DATAGRAM_UNSENT; 6596 } 6597 } 6598 } 6599 6600 static void 6601 sctp_move_to_an_alt(struct sctp_tcb *stcb, 6602 struct sctp_association *asoc, 6603 struct sctp_nets *net) 6604 { 6605 struct sctp_tmit_chunk *chk; 6606 struct sctp_nets *a_net; 6607 6608 SCTP_TCB_LOCK_ASSERT(stcb); 6609 a_net = sctp_find_alternate_net(stcb, net, 0); 6610 if ((a_net != net) && 6611 ((a_net->dest_state & SCTP_ADDR_REACHABLE) == SCTP_ADDR_REACHABLE)) { 6612 /* 6613 * We only proceed if a valid alternate is found that is not 6614 * this one and is reachable. Here we must move all chunks 6615 * queued in the send queue off of the destination address 6616 * to our alternate. 6617 */ 6618 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 6619 if (chk->whoTo == net) { 6620 /* Move the chunk to our alternate */ 6621 sctp_free_remote_addr(chk->whoTo); 6622 chk->whoTo = a_net; 6623 atomic_add_int(&a_net->ref_count, 1); 6624 } 6625 } 6626 } 6627 } 6628 6629 int 6630 sctp_med_chunk_output(struct sctp_inpcb *inp, 6631 struct sctp_tcb *stcb, 6632 struct sctp_association *asoc, 6633 int *num_out, 6634 int *reason_code, 6635 int control_only, int *cwnd_full, int from_where, 6636 struct timeval *now, int *now_filled, int frag_point) 6637 { 6638 /* 6639 * Ok this is the generic chunk service queue. we must do the 6640 * following: - Service the stream queue that is next, moving any 6641 * message (note I must get a complete message i.e. FIRST/MIDDLE and 6642 * LAST to the out queue in one pass) and assigning TSN's - Check to 6643 * see if the cwnd/rwnd allows any output, if so we go ahead and 6644 * fomulate and send the low level chunks. Making sure to combine 6645 * any control in the control chunk queue also. 6646 */ 6647 struct sctp_nets *net; 6648 struct mbuf *outchain, *endoutchain; 6649 struct sctp_tmit_chunk *chk, *nchk; 6650 struct sctphdr *shdr; 6651 6652 /* temp arrays for unlinking */ 6653 struct sctp_tmit_chunk *data_list[SCTP_MAX_DATA_BUNDLING]; 6654 int no_fragmentflg, error; 6655 int one_chunk, hbflag, skip_data_for_this_net; 6656 int asconf, cookie, no_out_cnt; 6657 int bundle_at, ctl_cnt, no_data_chunks, cwnd_full_ind, eeor_mode; 6658 unsigned int mtu, r_mtu, omtu, mx_mtu, to_out; 6659 struct sctp_nets *start_at, *old_startat = NULL, *send_start_at; 6660 int tsns_sent = 0; 6661 uint32_t auth_offset = 0; 6662 struct sctp_auth_chunk *auth = NULL; 6663 6664 *num_out = 0; 6665 cwnd_full_ind = 0; 6666 6667 if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) || 6668 (asoc->state & SCTP_STATE_SHUTDOWN_RECEIVED) || 6669 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR))) { 6670 eeor_mode = 1; 6671 } else { 6672 eeor_mode = 0; 6673 } 6674 ctl_cnt = no_out_cnt = asconf = cookie = 0; 6675 /* 6676 * First lets prime the pump. For each destination, if there is room 6677 * in the flight size, attempt to pull an MTU's worth out of the 6678 * stream queues into the general send_queue 6679 */ 6680 #ifdef SCTP_AUDITING_ENABLED 6681 sctp_audit_log(0xC2, 2); 6682 #endif 6683 SCTP_TCB_LOCK_ASSERT(stcb); 6684 hbflag = 0; 6685 if ((control_only) || (asoc->stream_reset_outstanding)) 6686 no_data_chunks = 1; 6687 else 6688 no_data_chunks = 0; 6689 6690 /* Nothing to possible to send? */ 6691 if (TAILQ_EMPTY(&asoc->control_send_queue) && 6692 TAILQ_EMPTY(&asoc->send_queue) && 6693 TAILQ_EMPTY(&asoc->out_wheel)) { 6694 *reason_code = 9; 6695 return (0); 6696 } 6697 if (asoc->peers_rwnd == 0) { 6698 /* No room in peers rwnd */ 6699 *cwnd_full = 1; 6700 *reason_code = 1; 6701 if (asoc->total_flight > 0) { 6702 /* we are allowed one chunk in flight */ 6703 no_data_chunks = 1; 6704 } 6705 } 6706 if ((no_data_chunks == 0) && (!TAILQ_EMPTY(&asoc->out_wheel))) { 6707 if (sctp_cmt_on_off) { 6708 /* 6709 * for CMT we start at the next one past the one we 6710 * last added data to. 6711 */ 6712 if (TAILQ_FIRST(&asoc->send_queue) != NULL) { 6713 goto skip_the_fill_from_streams; 6714 } 6715 if (asoc->last_net_data_came_from) { 6716 net = TAILQ_NEXT(asoc->last_net_data_came_from, sctp_next); 6717 if (net == NULL) { 6718 net = TAILQ_FIRST(&asoc->nets); 6719 } 6720 } else { 6721 /* back to start */ 6722 net = TAILQ_FIRST(&asoc->nets); 6723 } 6724 6725 } else { 6726 net = asoc->primary_destination; 6727 if (net == NULL) { 6728 /* TSNH */ 6729 net = TAILQ_FIRST(&asoc->nets); 6730 } 6731 } 6732 start_at = net; 6733 one_more_time: 6734 for (; net != NULL; net = TAILQ_NEXT(net, sctp_next)) { 6735 net->window_probe = 0; 6736 if (old_startat && (old_startat == net)) { 6737 break; 6738 } 6739 if ((sctp_cmt_on_off == 0) && (net->ref_count < 2)) { 6740 /* nothing can be in queue for this guy */ 6741 continue; 6742 } 6743 if (net->flight_size >= net->cwnd) { 6744 /* skip this network, no room */ 6745 cwnd_full_ind++; 6746 continue; 6747 } 6748 /* 6749 * @@@ JRI : this for loop we are in takes in each 6750 * net, if its's got space in cwnd and has data sent 6751 * to it (when CMT is off) then it calls 6752 * sctp_fill_outqueue for the net. This gets data on 6753 * the send queue for that network. 6754 * 6755 * In sctp_fill_outqueue TSN's are assigned and data is 6756 * copied out of the stream buffers. Note mostly 6757 * copy by reference (we hope). 6758 */ 6759 #ifdef SCTP_CWND_LOGGING 6760 sctp_log_cwnd(stcb, net, 0, SCTP_CWND_LOG_FILL_OUTQ_CALLED); 6761 #endif 6762 sctp_fill_outqueue(stcb, net, frag_point, eeor_mode); 6763 } 6764 if (start_at != TAILQ_FIRST(&asoc->nets)) { 6765 /* got to pick up the beginning stuff. */ 6766 old_startat = start_at; 6767 start_at = net = TAILQ_FIRST(&asoc->nets); 6768 goto one_more_time; 6769 } 6770 } 6771 skip_the_fill_from_streams: 6772 *cwnd_full = cwnd_full_ind; 6773 /* now service each destination and send out what we can for it */ 6774 /* Nothing to send? */ 6775 if ((TAILQ_FIRST(&asoc->control_send_queue) == NULL) && 6776 (TAILQ_FIRST(&asoc->send_queue) == NULL)) { 6777 *reason_code = 8; 6778 return (0); 6779 } 6780 chk = TAILQ_FIRST(&asoc->send_queue); 6781 if (chk) { 6782 send_start_at = chk->whoTo; 6783 } else { 6784 send_start_at = TAILQ_FIRST(&asoc->nets); 6785 } 6786 old_startat = NULL; 6787 again_one_more_time: 6788 for (net = send_start_at; net != NULL; net = TAILQ_NEXT(net, sctp_next)) { 6789 /* how much can we send? */ 6790 /* printf("Examine for sending net:%x\n", (uint32_t)net); */ 6791 if (old_startat && (old_startat == net)) { 6792 /* through list ocmpletely. */ 6793 break; 6794 } 6795 tsns_sent = 0; 6796 if (net->ref_count < 2) { 6797 /* 6798 * Ref-count of 1 so we cannot have data or control 6799 * queued to this address. Skip it. 6800 */ 6801 continue; 6802 } 6803 ctl_cnt = bundle_at = 0; 6804 endoutchain = outchain = NULL; 6805 no_fragmentflg = 1; 6806 one_chunk = 0; 6807 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) { 6808 skip_data_for_this_net = 1; 6809 } else { 6810 skip_data_for_this_net = 0; 6811 } 6812 if ((net->ro.ro_rt) && (net->ro.ro_rt->rt_ifp)) { 6813 /* 6814 * if we have a route and an ifp check to see if we 6815 * have room to send to this guy 6816 */ 6817 struct ifnet *ifp; 6818 6819 ifp = net->ro.ro_rt->rt_ifp; 6820 if ((ifp->if_snd.ifq_len + 2) >= ifp->if_snd.ifq_maxlen) { 6821 SCTP_STAT_INCR(sctps_ifnomemqueued); 6822 #ifdef SCTP_LOG_MAXBURST 6823 sctp_log_maxburst(stcb, net, ifp->if_snd.ifq_len, ifp->if_snd.ifq_maxlen, SCTP_MAX_IFP_APPLIED); 6824 #endif 6825 continue; 6826 } 6827 } 6828 if (((struct sockaddr *)&net->ro._l_addr)->sa_family == AF_INET) { 6829 mtu = net->mtu - (sizeof(struct ip) + sizeof(struct sctphdr)); 6830 } else { 6831 mtu = net->mtu - (sizeof(struct ip6_hdr) + sizeof(struct sctphdr)); 6832 } 6833 mx_mtu = mtu; 6834 to_out = 0; 6835 if (mtu > asoc->peers_rwnd) { 6836 if (asoc->total_flight > 0) { 6837 /* We have a packet in flight somewhere */ 6838 r_mtu = asoc->peers_rwnd; 6839 } else { 6840 /* We are always allowed to send one MTU out */ 6841 one_chunk = 1; 6842 r_mtu = mtu; 6843 } 6844 } else { 6845 r_mtu = mtu; 6846 } 6847 /************************/ 6848 /* Control transmission */ 6849 /************************/ 6850 /* Now first lets go through the control queue */ 6851 for (chk = TAILQ_FIRST(&asoc->control_send_queue); 6852 chk; chk = nchk) { 6853 nchk = TAILQ_NEXT(chk, sctp_next); 6854 if (chk->whoTo != net) { 6855 /* 6856 * No, not sent to the network we are 6857 * looking at 6858 */ 6859 continue; 6860 } 6861 if (chk->data == NULL) { 6862 continue; 6863 } 6864 if (chk->sent != SCTP_DATAGRAM_UNSENT) { 6865 /* 6866 * It must be unsent. Cookies and ASCONF's 6867 * hang around but there timers will force 6868 * when marked for resend. 6869 */ 6870 continue; 6871 } 6872 /* 6873 * if no AUTH is yet included and this chunk 6874 * requires it, make sure to account for it. We 6875 * don't apply the size until the AUTH chunk is 6876 * actually added below in case there is no room for 6877 * this chunk. NOTE: we overload the use of "omtu" 6878 * here 6879 */ 6880 if ((auth == NULL) && 6881 sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 6882 stcb->asoc.peer_auth_chunks)) { 6883 omtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 6884 } else 6885 omtu = 0; 6886 /* Here we do NOT factor the r_mtu */ 6887 if ((chk->send_size < (int)(mtu - omtu)) || 6888 (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) { 6889 /* 6890 * We probably should glom the mbuf chain 6891 * from the chk->data for control but the 6892 * problem is it becomes yet one more level 6893 * of tracking to do if for some reason 6894 * output fails. Then I have got to 6895 * reconstruct the merged control chain.. el 6896 * yucko.. for now we take the easy way and 6897 * do the copy 6898 */ 6899 /* 6900 * Add an AUTH chunk, if chunk requires it 6901 * save the offset into the chain for AUTH 6902 */ 6903 if ((auth == NULL) && 6904 (sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 6905 stcb->asoc.peer_auth_chunks))) { 6906 outchain = sctp_add_auth_chunk(outchain, 6907 &endoutchain, 6908 &auth, 6909 &auth_offset, 6910 stcb, 6911 chk->rec.chunk_id.id); 6912 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 6913 } 6914 outchain = sctp_copy_mbufchain(chk->data, outchain, &endoutchain, 6915 (int)chk->rec.chunk_id.can_take_data, 6916 chk->send_size, chk->copy_by_ref); 6917 if (outchain == NULL) { 6918 *reason_code = 8; 6919 return (ENOMEM); 6920 } 6921 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 6922 /* update our MTU size */ 6923 if (mtu > (chk->send_size + omtu)) 6924 mtu -= (chk->send_size + omtu); 6925 else 6926 mtu = 0; 6927 to_out += (chk->send_size + omtu); 6928 /* Do clear IP_DF ? */ 6929 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 6930 no_fragmentflg = 0; 6931 } 6932 if (chk->rec.chunk_id.can_take_data) 6933 chk->data = NULL; 6934 /* Mark things to be removed, if needed */ 6935 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 6936 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) || 6937 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_ACK) || 6938 (chk->rec.chunk_id.id == SCTP_SHUTDOWN) || 6939 (chk->rec.chunk_id.id == SCTP_SHUTDOWN_ACK) || 6940 (chk->rec.chunk_id.id == SCTP_OPERATION_ERROR) || 6941 (chk->rec.chunk_id.id == SCTP_COOKIE_ACK) || 6942 (chk->rec.chunk_id.id == SCTP_ECN_CWR) || 6943 (chk->rec.chunk_id.id == SCTP_PACKET_DROPPED) || 6944 (chk->rec.chunk_id.id == SCTP_ASCONF_ACK)) { 6945 6946 if (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) 6947 hbflag = 1; 6948 /* remove these chunks at the end */ 6949 if (chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) { 6950 /* turn off the timer */ 6951 if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) { 6952 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 6953 inp, stcb, net, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_1); 6954 } 6955 } 6956 ctl_cnt++; 6957 } else { 6958 /* 6959 * Other chunks, since they have 6960 * timers running (i.e. COOKIE or 6961 * ASCONF) we just "trust" that it 6962 * gets sent or retransmitted. 6963 */ 6964 ctl_cnt++; 6965 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) { 6966 cookie = 1; 6967 no_out_cnt = 1; 6968 } else if (chk->rec.chunk_id.id == SCTP_ASCONF) { 6969 /* 6970 * set hb flag since we can 6971 * use these for RTO 6972 */ 6973 hbflag = 1; 6974 asconf = 1; 6975 } 6976 chk->sent = SCTP_DATAGRAM_SENT; 6977 chk->snd_count++; 6978 } 6979 if (mtu == 0) { 6980 /* 6981 * Ok we are out of room but we can 6982 * output without effecting the 6983 * flight size since this little guy 6984 * is a control only packet. 6985 */ 6986 if (asconf) { 6987 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, net); 6988 asconf = 0; 6989 } 6990 if (cookie) { 6991 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, net); 6992 cookie = 0; 6993 } 6994 SCTP_BUF_PREPEND(outchain, sizeof(struct sctphdr), M_DONTWAIT); 6995 if (outchain == NULL) { 6996 /* no memory */ 6997 error = ENOBUFS; 6998 goto error_out_again; 6999 } 7000 shdr = mtod(outchain, struct sctphdr *); 7001 shdr->src_port = inp->sctp_lport; 7002 shdr->dest_port = stcb->rport; 7003 shdr->v_tag = htonl(stcb->asoc.peer_vtag); 7004 shdr->checksum = 0; 7005 auth_offset += sizeof(struct sctphdr); 7006 if ((error = sctp_lowlevel_chunk_output(inp, stcb, net, 7007 (struct sockaddr *)&net->ro._l_addr, 7008 outchain, auth_offset, auth, 7009 no_fragmentflg, 0, NULL, asconf))) { 7010 if (error == ENOBUFS) { 7011 asoc->ifp_had_enobuf = 1; 7012 } 7013 SCTP_STAT_INCR(sctps_lowlevelerr); 7014 if (from_where == 0) { 7015 SCTP_STAT_INCR(sctps_lowlevelerrusr); 7016 } 7017 error_out_again: 7018 /* error, could not output */ 7019 if (hbflag) { 7020 if (*now_filled == 0) { 7021 SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 7022 *now_filled = 1; 7023 *now = net->last_sent_time; 7024 } else { 7025 net->last_sent_time = *now; 7026 } 7027 hbflag = 0; 7028 } 7029 if (error == EHOSTUNREACH) { 7030 /* 7031 * Destination went 7032 * unreachable 7033 * during this send 7034 */ 7035 sctp_move_to_an_alt(stcb, asoc, net); 7036 } 7037 *reason_code = 7; 7038 continue; 7039 } else 7040 asoc->ifp_had_enobuf = 0; 7041 /* Only HB or ASCONF advances time */ 7042 if (hbflag) { 7043 if (*now_filled == 0) { 7044 SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 7045 *now_filled = 1; 7046 *now = net->last_sent_time; 7047 } else { 7048 net->last_sent_time = *now; 7049 } 7050 hbflag = 0; 7051 } 7052 /* 7053 * increase the number we sent, if a 7054 * cookie is sent we don't tell them 7055 * any was sent out. 7056 */ 7057 outchain = endoutchain = NULL; 7058 auth = NULL; 7059 auth_offset = 0; 7060 if (!no_out_cnt) 7061 *num_out += ctl_cnt; 7062 /* recalc a clean slate and setup */ 7063 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 7064 mtu = (net->mtu - SCTP_MIN_OVERHEAD); 7065 } else { 7066 mtu = (net->mtu - SCTP_MIN_V4_OVERHEAD); 7067 } 7068 to_out = 0; 7069 no_fragmentflg = 1; 7070 } 7071 } 7072 } 7073 /*********************/ 7074 /* Data transmission */ 7075 /*********************/ 7076 /* 7077 * if AUTH for DATA is required and no AUTH has been added 7078 * yet, account for this in the mtu now... if no data can be 7079 * bundled, this adjustment won't matter anyways since the 7080 * packet will be going out... 7081 */ 7082 if ((auth == NULL) && 7083 sctp_auth_is_required_chunk(SCTP_DATA, 7084 stcb->asoc.peer_auth_chunks)) { 7085 mtu -= sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 7086 } 7087 /* now lets add any data within the MTU constraints */ 7088 if (((struct sockaddr *)&net->ro._l_addr)->sa_family == AF_INET) { 7089 if (net->mtu > (sizeof(struct ip) + sizeof(struct sctphdr))) 7090 omtu = net->mtu - (sizeof(struct ip) + sizeof(struct sctphdr)); 7091 else 7092 omtu = 0; 7093 } else { 7094 if (net->mtu > (sizeof(struct ip6_hdr) + sizeof(struct sctphdr))) 7095 omtu = net->mtu - (sizeof(struct ip6_hdr) + sizeof(struct sctphdr)); 7096 else 7097 omtu = 0; 7098 } 7099 if ((((asoc->state & SCTP_STATE_OPEN) == SCTP_STATE_OPEN) && (skip_data_for_this_net == 0)) || 7100 (cookie)) { 7101 for (chk = TAILQ_FIRST(&asoc->send_queue); chk; chk = nchk) { 7102 if (no_data_chunks) { 7103 /* let only control go out */ 7104 *reason_code = 1; 7105 break; 7106 } 7107 if (net->flight_size >= net->cwnd) { 7108 /* skip this net, no room for data */ 7109 *reason_code = 2; 7110 break; 7111 } 7112 nchk = TAILQ_NEXT(chk, sctp_next); 7113 if (chk->whoTo != net) { 7114 /* No, not sent to this net */ 7115 continue; 7116 } 7117 if ((chk->send_size > omtu) && ((chk->flags & CHUNK_FLAGS_FRAGMENT_OK) == 0)) { 7118 /*- 7119 * strange, we have a chunk that is 7120 * to big for its destination and 7121 * yet no fragment ok flag. 7122 * Something went wrong when the 7123 * PMTU changed...we did not mark 7124 * this chunk for some reason?? I 7125 * will fix it here by letting IP 7126 * fragment it for now and printing 7127 * a warning. This really should not 7128 * happen ... 7129 */ 7130 #ifdef SCTP_DEBUG 7131 printf("Warning chunk of %d bytes > mtu:%d and yet PMTU disc missed\n", 7132 chk->send_size, mtu); 7133 #endif 7134 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 7135 } 7136 if (((chk->send_size <= mtu) && (chk->send_size <= r_mtu)) || 7137 ((chk->flags & CHUNK_FLAGS_FRAGMENT_OK) && (chk->send_size <= asoc->peers_rwnd))) { 7138 /* ok we will add this one */ 7139 7140 /* 7141 * Add an AUTH chunk, if chunk 7142 * requires it, save the offset into 7143 * the chain for AUTH 7144 */ 7145 if ((auth == NULL) && 7146 (sctp_auth_is_required_chunk(SCTP_DATA, 7147 stcb->asoc.peer_auth_chunks))) { 7148 7149 outchain = sctp_add_auth_chunk(outchain, 7150 &endoutchain, 7151 &auth, 7152 &auth_offset, 7153 stcb, 7154 SCTP_DATA); 7155 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 7156 } 7157 outchain = sctp_copy_mbufchain(chk->data, outchain, &endoutchain, 0, 7158 chk->send_size, chk->copy_by_ref); 7159 if (outchain == NULL) { 7160 #ifdef SCTP_DEBUG 7161 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 7162 printf("No memory?\n"); 7163 } 7164 #endif 7165 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 7166 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 7167 } 7168 *reason_code = 3; 7169 return (ENOMEM); 7170 } 7171 /* upate our MTU size */ 7172 /* Do clear IP_DF ? */ 7173 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 7174 no_fragmentflg = 0; 7175 } 7176 /* unsigned subtraction of mtu */ 7177 if (mtu > chk->send_size) 7178 mtu -= chk->send_size; 7179 else 7180 mtu = 0; 7181 /* unsigned subtraction of r_mtu */ 7182 if (r_mtu > chk->send_size) 7183 r_mtu -= chk->send_size; 7184 else 7185 r_mtu = 0; 7186 7187 to_out += chk->send_size; 7188 if (to_out > mx_mtu) { 7189 #ifdef INVARIANTS 7190 panic("Exceeding mtu of %d out size is %d", mx_mtu, to_out); 7191 #else 7192 printf("Exceeding mtu of %d out size is %d\n", 7193 mx_mtu, to_out); 7194 #endif 7195 } 7196 chk->window_probe = 0; 7197 data_list[bundle_at++] = chk; 7198 if (bundle_at >= SCTP_MAX_DATA_BUNDLING) { 7199 mtu = 0; 7200 break; 7201 } 7202 if (chk->sent == SCTP_DATAGRAM_UNSENT) { 7203 if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0) { 7204 SCTP_STAT_INCR_COUNTER64(sctps_outorderchunks); 7205 } else { 7206 SCTP_STAT_INCR_COUNTER64(sctps_outunorderchunks); 7207 } 7208 if (((chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) == SCTP_DATA_LAST_FRAG) && 7209 ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0)) 7210 /* 7211 * Count number of 7212 * user msg's that 7213 * were fragmented 7214 * we do this by 7215 * counting when we 7216 * see a LAST 7217 * fragment only. 7218 */ 7219 SCTP_STAT_INCR_COUNTER64(sctps_fragusrmsgs); 7220 } 7221 if ((mtu == 0) || (r_mtu == 0) || (one_chunk)) { 7222 if (one_chunk) { 7223 data_list[0]->window_probe = 1; 7224 net->window_probe = 1; 7225 } 7226 break; 7227 } 7228 } else { 7229 /* 7230 * Must be sent in order of the 7231 * TSN's (on a network) 7232 */ 7233 break; 7234 } 7235 } /* for (chunk gather loop for this net) */ 7236 } /* if asoc.state OPEN */ 7237 /* Is there something to send for this destination? */ 7238 if (outchain) { 7239 /* We may need to start a control timer or two */ 7240 if (asconf) { 7241 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, net); 7242 asconf = 0; 7243 } 7244 if (cookie) { 7245 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, net); 7246 cookie = 0; 7247 } 7248 /* must start a send timer if data is being sent */ 7249 if (bundle_at && (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer))) { 7250 /* 7251 * no timer running on this destination 7252 * restart it. 7253 */ 7254 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 7255 } 7256 /* Now send it, if there is anything to send :> */ 7257 SCTP_BUF_PREPEND(outchain, sizeof(struct sctphdr), M_DONTWAIT); 7258 if (outchain == NULL) { 7259 /* out of mbufs */ 7260 error = ENOBUFS; 7261 goto errored_send; 7262 } 7263 shdr = mtod(outchain, struct sctphdr *); 7264 shdr->src_port = inp->sctp_lport; 7265 shdr->dest_port = stcb->rport; 7266 shdr->v_tag = htonl(stcb->asoc.peer_vtag); 7267 shdr->checksum = 0; 7268 auth_offset += sizeof(struct sctphdr); 7269 if ((error = sctp_lowlevel_chunk_output(inp, 7270 stcb, 7271 net, 7272 (struct sockaddr *)&net->ro._l_addr, 7273 outchain, 7274 auth_offset, 7275 auth, 7276 no_fragmentflg, 7277 bundle_at, 7278 data_list[0], 7279 asconf))) { 7280 /* error, we could not output */ 7281 if (error == ENOBUFS) { 7282 asoc->ifp_had_enobuf = 1; 7283 } 7284 SCTP_STAT_INCR(sctps_lowlevelerr); 7285 if (from_where == 0) { 7286 SCTP_STAT_INCR(sctps_lowlevelerrusr); 7287 } 7288 errored_send: 7289 #ifdef SCTP_DEBUG 7290 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 7291 printf("Gak send error %d\n", error); 7292 } 7293 #endif 7294 if (hbflag) { 7295 if (*now_filled == 0) { 7296 SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 7297 *now_filled = 1; 7298 *now = net->last_sent_time; 7299 } else { 7300 net->last_sent_time = *now; 7301 } 7302 hbflag = 0; 7303 } 7304 if (error == EHOSTUNREACH) { 7305 /* 7306 * Destination went unreachable 7307 * during this send 7308 */ 7309 sctp_move_to_an_alt(stcb, asoc, net); 7310 } 7311 *reason_code = 6; 7312 /*- 7313 * I add this line to be paranoid. As far as 7314 * I can tell the continue, takes us back to 7315 * the top of the for, but just to make sure 7316 * I will reset these again here. 7317 */ 7318 ctl_cnt = bundle_at = 0; 7319 continue; /* This takes us back to the 7320 * for() for the nets. */ 7321 } else { 7322 asoc->ifp_had_enobuf = 0; 7323 } 7324 outchain = endoutchain = NULL; 7325 auth = NULL; 7326 auth_offset = 0; 7327 if (bundle_at || hbflag) { 7328 /* For data/asconf and hb set time */ 7329 if (*now_filled == 0) { 7330 SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 7331 *now_filled = 1; 7332 *now = net->last_sent_time; 7333 } else { 7334 net->last_sent_time = *now; 7335 } 7336 } 7337 if (!no_out_cnt) { 7338 *num_out += (ctl_cnt + bundle_at); 7339 } 7340 if (bundle_at) { 7341 /* setup for a RTO measurement */ 7342 tsns_sent = data_list[0]->rec.data.TSN_seq; 7343 7344 data_list[0]->do_rtt = 1; 7345 SCTP_STAT_INCR_BY(sctps_senddata, bundle_at); 7346 sctp_clean_up_datalist(stcb, asoc, data_list, bundle_at, net); 7347 if (sctp_early_fr) { 7348 if (net->flight_size < net->cwnd) { 7349 /* start or restart it */ 7350 if (SCTP_OS_TIMER_PENDING(&net->fr_timer.timer)) { 7351 sctp_timer_stop(SCTP_TIMER_TYPE_EARLYFR, inp, stcb, net, 7352 SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_2); 7353 } 7354 SCTP_STAT_INCR(sctps_earlyfrstrout); 7355 sctp_timer_start(SCTP_TIMER_TYPE_EARLYFR, inp, stcb, net); 7356 } else { 7357 /* stop it if its running */ 7358 if (SCTP_OS_TIMER_PENDING(&net->fr_timer.timer)) { 7359 SCTP_STAT_INCR(sctps_earlyfrstpout); 7360 sctp_timer_stop(SCTP_TIMER_TYPE_EARLYFR, inp, stcb, net, 7361 SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_3); 7362 } 7363 } 7364 } 7365 } 7366 if (one_chunk) { 7367 break; 7368 } 7369 } 7370 #ifdef SCTP_CWND_LOGGING 7371 sctp_log_cwnd(stcb, net, tsns_sent, SCTP_CWND_LOG_FROM_SEND); 7372 #endif 7373 } 7374 if (old_startat == NULL) { 7375 old_startat = send_start_at; 7376 send_start_at = TAILQ_FIRST(&asoc->nets); 7377 goto again_one_more_time; 7378 } 7379 /* 7380 * At the end there should be no NON timed chunks hanging on this 7381 * queue. 7382 */ 7383 #ifdef SCTP_CWND_LOGGING 7384 sctp_log_cwnd(stcb, net, *num_out, SCTP_CWND_LOG_FROM_SEND); 7385 #endif 7386 if ((*num_out == 0) && (*reason_code == 0)) { 7387 *reason_code = 4; 7388 } else { 7389 *reason_code = 5; 7390 } 7391 sctp_clean_up_ctl(stcb, asoc); 7392 return (0); 7393 } 7394 7395 void 7396 sctp_queue_op_err(struct sctp_tcb *stcb, struct mbuf *op_err) 7397 { 7398 /*- 7399 * Prepend a OPERATIONAL_ERROR chunk header and put on the end of 7400 * the control chunk queue. 7401 */ 7402 struct sctp_chunkhdr *hdr; 7403 struct sctp_tmit_chunk *chk; 7404 struct mbuf *mat; 7405 7406 SCTP_TCB_LOCK_ASSERT(stcb); 7407 sctp_alloc_a_chunk(stcb, chk); 7408 if (chk == NULL) { 7409 /* no memory */ 7410 sctp_m_freem(op_err); 7411 return; 7412 } 7413 chk->copy_by_ref = 0; 7414 SCTP_BUF_PREPEND(op_err, sizeof(struct sctp_chunkhdr), M_DONTWAIT); 7415 if (op_err == NULL) { 7416 sctp_free_a_chunk(stcb, chk); 7417 return; 7418 } 7419 chk->send_size = 0; 7420 mat = op_err; 7421 while (mat != NULL) { 7422 chk->send_size += SCTP_BUF_LEN(mat); 7423 mat = SCTP_BUF_NEXT(mat); 7424 } 7425 chk->rec.chunk_id.id = SCTP_OPERATION_ERROR; 7426 chk->rec.chunk_id.can_take_data = 1; 7427 chk->sent = SCTP_DATAGRAM_UNSENT; 7428 chk->snd_count = 0; 7429 chk->flags = 0; 7430 chk->asoc = &stcb->asoc; 7431 chk->data = op_err; 7432 chk->whoTo = chk->asoc->primary_destination; 7433 atomic_add_int(&chk->whoTo->ref_count, 1); 7434 hdr = mtod(op_err, struct sctp_chunkhdr *); 7435 hdr->chunk_type = SCTP_OPERATION_ERROR; 7436 hdr->chunk_flags = 0; 7437 hdr->chunk_length = htons(chk->send_size); 7438 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, 7439 chk, 7440 sctp_next); 7441 chk->asoc->ctrl_queue_cnt++; 7442 } 7443 7444 int 7445 sctp_send_cookie_echo(struct mbuf *m, 7446 int offset, 7447 struct sctp_tcb *stcb, 7448 struct sctp_nets *net) 7449 { 7450 /*- 7451 * pull out the cookie and put it at the front of the control chunk 7452 * queue. 7453 */ 7454 int at; 7455 struct mbuf *cookie; 7456 struct sctp_paramhdr parm, *phdr; 7457 struct sctp_chunkhdr *hdr; 7458 struct sctp_tmit_chunk *chk; 7459 uint16_t ptype, plen; 7460 7461 /* First find the cookie in the param area */ 7462 cookie = NULL; 7463 at = offset + sizeof(struct sctp_init_chunk); 7464 7465 SCTP_TCB_LOCK_ASSERT(stcb); 7466 do { 7467 phdr = sctp_get_next_param(m, at, &parm, sizeof(parm)); 7468 if (phdr == NULL) { 7469 return (-3); 7470 } 7471 ptype = ntohs(phdr->param_type); 7472 plen = ntohs(phdr->param_length); 7473 if (ptype == SCTP_STATE_COOKIE) { 7474 int pad; 7475 7476 /* found the cookie */ 7477 if ((pad = (plen % 4))) { 7478 plen += 4 - pad; 7479 } 7480 cookie = SCTP_M_COPYM(m, at, plen, M_DONTWAIT); 7481 if (cookie == NULL) { 7482 /* No memory */ 7483 return (-2); 7484 } 7485 break; 7486 } 7487 at += SCTP_SIZE32(plen); 7488 } while (phdr); 7489 if (cookie == NULL) { 7490 /* Did not find the cookie */ 7491 return (-3); 7492 } 7493 /* ok, we got the cookie lets change it into a cookie echo chunk */ 7494 7495 /* first the change from param to cookie */ 7496 hdr = mtod(cookie, struct sctp_chunkhdr *); 7497 hdr->chunk_type = SCTP_COOKIE_ECHO; 7498 hdr->chunk_flags = 0; 7499 /* get the chunk stuff now and place it in the FRONT of the queue */ 7500 sctp_alloc_a_chunk(stcb, chk); 7501 if (chk == NULL) { 7502 /* no memory */ 7503 sctp_m_freem(cookie); 7504 return (-5); 7505 } 7506 chk->copy_by_ref = 0; 7507 chk->send_size = plen; 7508 chk->rec.chunk_id.id = SCTP_COOKIE_ECHO; 7509 chk->rec.chunk_id.can_take_data = 0; 7510 chk->sent = SCTP_DATAGRAM_UNSENT; 7511 chk->snd_count = 0; 7512 chk->flags = 0; 7513 chk->asoc = &stcb->asoc; 7514 chk->data = cookie; 7515 chk->whoTo = chk->asoc->primary_destination; 7516 atomic_add_int(&chk->whoTo->ref_count, 1); 7517 TAILQ_INSERT_HEAD(&chk->asoc->control_send_queue, chk, sctp_next); 7518 chk->asoc->ctrl_queue_cnt++; 7519 return (0); 7520 } 7521 7522 void 7523 sctp_send_heartbeat_ack(struct sctp_tcb *stcb, 7524 struct mbuf *m, 7525 int offset, 7526 int chk_length, 7527 struct sctp_nets *net) 7528 { 7529 /* 7530 * take a HB request and make it into a HB ack and send it. 7531 */ 7532 struct mbuf *outchain; 7533 struct sctp_chunkhdr *chdr; 7534 struct sctp_tmit_chunk *chk; 7535 7536 7537 if (net == NULL) 7538 /* must have a net pointer */ 7539 return; 7540 7541 outchain = SCTP_M_COPYM(m, offset, chk_length, M_DONTWAIT); 7542 if (outchain == NULL) { 7543 /* gak out of memory */ 7544 return; 7545 } 7546 chdr = mtod(outchain, struct sctp_chunkhdr *); 7547 chdr->chunk_type = SCTP_HEARTBEAT_ACK; 7548 chdr->chunk_flags = 0; 7549 if (chk_length % 4) { 7550 /* need pad */ 7551 uint32_t cpthis = 0; 7552 int padlen; 7553 7554 padlen = 4 - (chk_length % 4); 7555 m_copyback(outchain, chk_length, padlen, (caddr_t)&cpthis); 7556 } 7557 sctp_alloc_a_chunk(stcb, chk); 7558 if (chk == NULL) { 7559 /* no memory */ 7560 sctp_m_freem(outchain); 7561 return; 7562 } 7563 chk->copy_by_ref = 0; 7564 chk->send_size = chk_length; 7565 chk->rec.chunk_id.id = SCTP_HEARTBEAT_ACK; 7566 chk->rec.chunk_id.can_take_data = 1; 7567 chk->sent = SCTP_DATAGRAM_UNSENT; 7568 chk->snd_count = 0; 7569 chk->flags = 0; 7570 chk->asoc = &stcb->asoc; 7571 chk->data = outchain; 7572 chk->whoTo = net; 7573 atomic_add_int(&chk->whoTo->ref_count, 1); 7574 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 7575 chk->asoc->ctrl_queue_cnt++; 7576 } 7577 7578 int 7579 sctp_send_cookie_ack(struct sctp_tcb *stcb) 7580 { 7581 /* formulate and queue a cookie-ack back to sender */ 7582 struct mbuf *cookie_ack; 7583 struct sctp_chunkhdr *hdr; 7584 struct sctp_tmit_chunk *chk; 7585 7586 cookie_ack = NULL; 7587 SCTP_TCB_LOCK_ASSERT(stcb); 7588 7589 cookie_ack = sctp_get_mbuf_for_msg(sizeof(struct sctp_chunkhdr), 0, M_DONTWAIT, 1, MT_HEADER); 7590 if (cookie_ack == NULL) { 7591 /* no mbuf's */ 7592 return (-1); 7593 } 7594 SCTP_BUF_RESV_UF(cookie_ack, SCTP_MIN_OVERHEAD); 7595 sctp_alloc_a_chunk(stcb, chk); 7596 if (chk == NULL) { 7597 /* no memory */ 7598 sctp_m_freem(cookie_ack); 7599 return (-1); 7600 } 7601 chk->copy_by_ref = 0; 7602 chk->send_size = sizeof(struct sctp_chunkhdr); 7603 chk->rec.chunk_id.id = SCTP_COOKIE_ACK; 7604 chk->rec.chunk_id.can_take_data = 1; 7605 chk->sent = SCTP_DATAGRAM_UNSENT; 7606 chk->snd_count = 0; 7607 chk->flags = 0; 7608 chk->asoc = &stcb->asoc; 7609 chk->data = cookie_ack; 7610 if (chk->asoc->last_control_chunk_from != NULL) { 7611 chk->whoTo = chk->asoc->last_control_chunk_from; 7612 } else { 7613 chk->whoTo = chk->asoc->primary_destination; 7614 } 7615 atomic_add_int(&chk->whoTo->ref_count, 1); 7616 hdr = mtod(cookie_ack, struct sctp_chunkhdr *); 7617 hdr->chunk_type = SCTP_COOKIE_ACK; 7618 hdr->chunk_flags = 0; 7619 hdr->chunk_length = htons(chk->send_size); 7620 SCTP_BUF_LEN(cookie_ack) = chk->send_size; 7621 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 7622 chk->asoc->ctrl_queue_cnt++; 7623 return (0); 7624 } 7625 7626 7627 int 7628 sctp_send_shutdown_ack(struct sctp_tcb *stcb, struct sctp_nets *net) 7629 { 7630 /* formulate and queue a SHUTDOWN-ACK back to the sender */ 7631 struct mbuf *m_shutdown_ack; 7632 struct sctp_shutdown_ack_chunk *ack_cp; 7633 struct sctp_tmit_chunk *chk; 7634 7635 m_shutdown_ack = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_ack_chunk), 0, M_DONTWAIT, 1, MT_HEADER); 7636 if (m_shutdown_ack == NULL) { 7637 /* no mbuf's */ 7638 return (-1); 7639 } 7640 SCTP_BUF_RESV_UF(m_shutdown_ack, SCTP_MIN_OVERHEAD); 7641 sctp_alloc_a_chunk(stcb, chk); 7642 if (chk == NULL) { 7643 /* no memory */ 7644 sctp_m_freem(m_shutdown_ack); 7645 return (-1); 7646 } 7647 chk->copy_by_ref = 0; 7648 7649 chk->send_size = sizeof(struct sctp_chunkhdr); 7650 chk->rec.chunk_id.id = SCTP_SHUTDOWN_ACK; 7651 chk->rec.chunk_id.can_take_data = 1; 7652 chk->sent = SCTP_DATAGRAM_UNSENT; 7653 chk->snd_count = 0; 7654 chk->flags = 0; 7655 chk->asoc = &stcb->asoc; 7656 chk->data = m_shutdown_ack; 7657 chk->whoTo = net; 7658 atomic_add_int(&net->ref_count, 1); 7659 7660 ack_cp = mtod(m_shutdown_ack, struct sctp_shutdown_ack_chunk *); 7661 ack_cp->ch.chunk_type = SCTP_SHUTDOWN_ACK; 7662 ack_cp->ch.chunk_flags = 0; 7663 ack_cp->ch.chunk_length = htons(chk->send_size); 7664 SCTP_BUF_LEN(m_shutdown_ack) = chk->send_size; 7665 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 7666 chk->asoc->ctrl_queue_cnt++; 7667 return (0); 7668 } 7669 7670 int 7671 sctp_send_shutdown(struct sctp_tcb *stcb, struct sctp_nets *net) 7672 { 7673 /* formulate and queue a SHUTDOWN to the sender */ 7674 struct mbuf *m_shutdown; 7675 struct sctp_shutdown_chunk *shutdown_cp; 7676 struct sctp_tmit_chunk *chk; 7677 7678 m_shutdown = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_chunk), 0, M_DONTWAIT, 1, MT_HEADER); 7679 if (m_shutdown == NULL) { 7680 /* no mbuf's */ 7681 return (-1); 7682 } 7683 SCTP_BUF_RESV_UF(m_shutdown, SCTP_MIN_OVERHEAD); 7684 sctp_alloc_a_chunk(stcb, chk); 7685 if (chk == NULL) { 7686 /* no memory */ 7687 sctp_m_freem(m_shutdown); 7688 return (-1); 7689 } 7690 chk->copy_by_ref = 0; 7691 chk->send_size = sizeof(struct sctp_shutdown_chunk); 7692 chk->rec.chunk_id.id = SCTP_SHUTDOWN; 7693 chk->rec.chunk_id.can_take_data = 1; 7694 chk->sent = SCTP_DATAGRAM_UNSENT; 7695 chk->snd_count = 0; 7696 chk->flags = 0; 7697 chk->asoc = &stcb->asoc; 7698 chk->data = m_shutdown; 7699 chk->whoTo = net; 7700 atomic_add_int(&net->ref_count, 1); 7701 7702 shutdown_cp = mtod(m_shutdown, struct sctp_shutdown_chunk *); 7703 shutdown_cp->ch.chunk_type = SCTP_SHUTDOWN; 7704 shutdown_cp->ch.chunk_flags = 0; 7705 shutdown_cp->ch.chunk_length = htons(chk->send_size); 7706 shutdown_cp->cumulative_tsn_ack = htonl(stcb->asoc.cumulative_tsn); 7707 SCTP_BUF_LEN(m_shutdown) = chk->send_size; 7708 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 7709 chk->asoc->ctrl_queue_cnt++; 7710 return (0); 7711 } 7712 7713 int 7714 sctp_send_asconf(struct sctp_tcb *stcb, struct sctp_nets *net) 7715 { 7716 /* 7717 * formulate and queue an ASCONF to the peer ASCONF parameters 7718 * should be queued on the assoc queue 7719 */ 7720 struct sctp_tmit_chunk *chk; 7721 struct mbuf *m_asconf; 7722 struct sctp_asconf_chunk *acp; 7723 int len; 7724 7725 7726 SCTP_TCB_LOCK_ASSERT(stcb); 7727 /* compose an ASCONF chunk, maximum length is PMTU */ 7728 m_asconf = sctp_compose_asconf(stcb, &len); 7729 if (m_asconf == NULL) { 7730 return (-1); 7731 } 7732 acp = mtod(m_asconf, struct sctp_asconf_chunk *); 7733 sctp_alloc_a_chunk(stcb, chk); 7734 if (chk == NULL) { 7735 /* no memory */ 7736 sctp_m_freem(m_asconf); 7737 return (-1); 7738 } 7739 chk->copy_by_ref = 0; 7740 chk->data = m_asconf; 7741 chk->send_size = len; 7742 chk->rec.chunk_id.id = SCTP_ASCONF; 7743 chk->rec.chunk_id.can_take_data = 0; 7744 chk->sent = SCTP_DATAGRAM_UNSENT; 7745 chk->snd_count = 0; 7746 chk->flags = 0; 7747 chk->asoc = &stcb->asoc; 7748 chk->whoTo = chk->asoc->primary_destination; 7749 atomic_add_int(&chk->whoTo->ref_count, 1); 7750 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 7751 chk->asoc->ctrl_queue_cnt++; 7752 return (0); 7753 } 7754 7755 int 7756 sctp_send_asconf_ack(struct sctp_tcb *stcb, uint32_t retrans) 7757 { 7758 /* 7759 * formulate and queue a asconf-ack back to sender the asconf-ack 7760 * must be stored in the tcb 7761 */ 7762 struct sctp_tmit_chunk *chk; 7763 struct mbuf *m_ack, *m; 7764 7765 SCTP_TCB_LOCK_ASSERT(stcb); 7766 /* is there a asconf-ack mbuf chain to send? */ 7767 if (stcb->asoc.last_asconf_ack_sent == NULL) { 7768 return (-1); 7769 } 7770 /* copy the asconf_ack */ 7771 m_ack = SCTP_M_COPYM(stcb->asoc.last_asconf_ack_sent, 0, M_COPYALL, M_DONTWAIT); 7772 if (m_ack == NULL) { 7773 /* couldn't copy it */ 7774 7775 return (-1); 7776 } 7777 sctp_alloc_a_chunk(stcb, chk); 7778 if (chk == NULL) { 7779 /* no memory */ 7780 if (m_ack) 7781 sctp_m_freem(m_ack); 7782 return (-1); 7783 } 7784 chk->copy_by_ref = 0; 7785 /* figure out where it goes to */ 7786 if (retrans) { 7787 /* we're doing a retransmission */ 7788 if (stcb->asoc.used_alt_asconfack > 2) { 7789 /* tried alternate nets already, go back */ 7790 chk->whoTo = NULL; 7791 } else { 7792 /* need to try and alternate net */ 7793 chk->whoTo = sctp_find_alternate_net(stcb, stcb->asoc.last_control_chunk_from, 0); 7794 stcb->asoc.used_alt_asconfack++; 7795 } 7796 if (chk->whoTo == NULL) { 7797 /* no alternate */ 7798 if (stcb->asoc.last_control_chunk_from == NULL) 7799 chk->whoTo = stcb->asoc.primary_destination; 7800 else 7801 chk->whoTo = stcb->asoc.last_control_chunk_from; 7802 stcb->asoc.used_alt_asconfack = 0; 7803 } 7804 } else { 7805 /* normal case */ 7806 if (stcb->asoc.last_control_chunk_from == NULL) 7807 chk->whoTo = stcb->asoc.primary_destination; 7808 else 7809 chk->whoTo = stcb->asoc.last_control_chunk_from; 7810 stcb->asoc.used_alt_asconfack = 0; 7811 } 7812 chk->data = m_ack; 7813 chk->send_size = 0; 7814 /* Get size */ 7815 m = m_ack; 7816 while (m) { 7817 chk->send_size += SCTP_BUF_LEN(m); 7818 m = SCTP_BUF_NEXT(m); 7819 } 7820 chk->rec.chunk_id.id = SCTP_ASCONF_ACK; 7821 chk->rec.chunk_id.can_take_data = 1; 7822 chk->sent = SCTP_DATAGRAM_UNSENT; 7823 chk->snd_count = 0; 7824 chk->flags = 0; 7825 chk->asoc = &stcb->asoc; 7826 atomic_add_int(&chk->whoTo->ref_count, 1); 7827 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 7828 chk->asoc->ctrl_queue_cnt++; 7829 return (0); 7830 } 7831 7832 7833 static int 7834 sctp_chunk_retransmission(struct sctp_inpcb *inp, 7835 struct sctp_tcb *stcb, 7836 struct sctp_association *asoc, 7837 int *cnt_out, struct timeval *now, int *now_filled, int *fr_done) 7838 { 7839 /*- 7840 * send out one MTU of retransmission. If fast_retransmit is 7841 * happening we ignore the cwnd. Otherwise we obey the cwnd and 7842 * rwnd. For a Cookie or Asconf in the control chunk queue we 7843 * retransmit them by themselves. 7844 * 7845 * For data chunks we will pick out the lowest TSN's in the sent_queue 7846 * marked for resend and bundle them all together (up to a MTU of 7847 * destination). The address to send to should have been 7848 * selected/changed where the retransmission was marked (i.e. in FR 7849 * or t3-timeout routines). 7850 */ 7851 struct sctp_tmit_chunk *data_list[SCTP_MAX_DATA_BUNDLING]; 7852 struct sctp_tmit_chunk *chk, *fwd; 7853 struct mbuf *m, *endofchain; 7854 struct sctphdr *shdr; 7855 int asconf; 7856 struct sctp_nets *net; 7857 uint32_t tsns_sent = 0; 7858 int no_fragmentflg, bundle_at, cnt_thru; 7859 unsigned int mtu; 7860 int error, i, one_chunk, fwd_tsn, ctl_cnt, tmr_started; 7861 struct sctp_auth_chunk *auth = NULL; 7862 uint32_t auth_offset = 0; 7863 uint32_t dmtu = 0; 7864 7865 SCTP_TCB_LOCK_ASSERT(stcb); 7866 tmr_started = ctl_cnt = bundle_at = error = 0; 7867 no_fragmentflg = 1; 7868 asconf = 0; 7869 fwd_tsn = 0; 7870 *cnt_out = 0; 7871 fwd = NULL; 7872 endofchain = m = NULL; 7873 #ifdef SCTP_AUDITING_ENABLED 7874 sctp_audit_log(0xC3, 1); 7875 #endif 7876 if (TAILQ_EMPTY(&asoc->sent_queue)) { 7877 #ifdef SCTP_DEBUG 7878 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 7879 printf("SCTP hits empty queue with cnt set to %d?\n", 7880 asoc->sent_queue_retran_cnt); 7881 } 7882 #endif 7883 asoc->sent_queue_cnt = 0; 7884 asoc->sent_queue_cnt_removeable = 0; 7885 } 7886 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 7887 if ((chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) || 7888 (chk->rec.chunk_id.id == SCTP_ASCONF) || 7889 (chk->rec.chunk_id.id == SCTP_STREAM_RESET) || 7890 (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN)) { 7891 if (chk->rec.chunk_id.id == SCTP_STREAM_RESET) { 7892 if (chk != asoc->str_reset) { 7893 /* 7894 * not eligible for retran if its 7895 * not ours 7896 */ 7897 continue; 7898 } 7899 } 7900 ctl_cnt++; 7901 if (chk->rec.chunk_id.id == SCTP_ASCONF) { 7902 no_fragmentflg = 1; 7903 asconf = 1; 7904 } 7905 if (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) { 7906 fwd_tsn = 1; 7907 fwd = chk; 7908 } 7909 /* 7910 * Add an AUTH chunk, if chunk requires it save the 7911 * offset into the chain for AUTH 7912 */ 7913 if ((auth == NULL) && 7914 (sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 7915 stcb->asoc.peer_auth_chunks))) { 7916 m = sctp_add_auth_chunk(m, &endofchain, 7917 &auth, &auth_offset, 7918 stcb, 7919 chk->rec.chunk_id.id); 7920 } 7921 m = sctp_copy_mbufchain(chk->data, m, &endofchain, 0, chk->send_size, chk->copy_by_ref); 7922 break; 7923 } 7924 } 7925 one_chunk = 0; 7926 cnt_thru = 0; 7927 /* do we have control chunks to retransmit? */ 7928 if (m != NULL) { 7929 /* Start a timer no matter if we suceed or fail */ 7930 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) { 7931 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, chk->whoTo); 7932 } else if (chk->rec.chunk_id.id == SCTP_ASCONF) 7933 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, chk->whoTo); 7934 7935 SCTP_BUF_PREPEND(m, sizeof(struct sctphdr), M_DONTWAIT); 7936 if (m == NULL) { 7937 return (ENOBUFS); 7938 } 7939 shdr = mtod(m, struct sctphdr *); 7940 shdr->src_port = inp->sctp_lport; 7941 shdr->dest_port = stcb->rport; 7942 shdr->v_tag = htonl(stcb->asoc.peer_vtag); 7943 shdr->checksum = 0; 7944 auth_offset += sizeof(struct sctphdr); 7945 chk->snd_count++; /* update our count */ 7946 7947 if ((error = sctp_lowlevel_chunk_output(inp, stcb, chk->whoTo, 7948 (struct sockaddr *)&chk->whoTo->ro._l_addr, m, auth_offset, 7949 auth, no_fragmentflg, 0, NULL, asconf))) { 7950 SCTP_STAT_INCR(sctps_lowlevelerr); 7951 return (error); 7952 } 7953 m = endofchain = NULL; 7954 auth = NULL; 7955 auth_offset = 0; 7956 /* 7957 * We don't want to mark the net->sent time here since this 7958 * we use this for HB and retrans cannot measure RTT 7959 */ 7960 /* SCTP_GETTIME_TIMEVAL(&chk->whoTo->last_sent_time); */ 7961 *cnt_out += 1; 7962 chk->sent = SCTP_DATAGRAM_SENT; 7963 sctp_ucount_decr(asoc->sent_queue_retran_cnt); 7964 if (fwd_tsn == 0) { 7965 return (0); 7966 } else { 7967 /* Clean up the fwd-tsn list */ 7968 sctp_clean_up_ctl(stcb, asoc); 7969 return (0); 7970 } 7971 } 7972 /* 7973 * Ok, it is just data retransmission we need to do or that and a 7974 * fwd-tsn with it all. 7975 */ 7976 if (TAILQ_EMPTY(&asoc->sent_queue)) { 7977 return (SCTP_RETRAN_DONE); 7978 } 7979 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED) || 7980 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT)) { 7981 /* not yet open, resend the cookie and that is it */ 7982 return (1); 7983 } 7984 #ifdef SCTP_AUDITING_ENABLED 7985 sctp_auditing(20, inp, stcb, NULL); 7986 #endif 7987 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 7988 if (chk->sent != SCTP_DATAGRAM_RESEND) { 7989 /* No, not sent to this net or not ready for rtx */ 7990 continue; 7991 7992 } 7993 if ((sctp_max_retran_chunk) && (chk->snd_count >= sctp_max_retran_chunk)) { 7994 /* Gak, we have exceeded max unlucky retran, abort! */ 7995 7996 #ifdef SCTP_DEBUG 7997 printf("Gak, chk->snd_count:%d >= max:%d - send abort\n", 7998 chk->snd_count, 7999 sctp_max_retran_chunk); 8000 #endif 8001 sctp_send_abort_tcb(stcb, NULL); 8002 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL); 8003 return (SCTP_RETRAN_EXIT); 8004 } 8005 /* pick up the net */ 8006 net = chk->whoTo; 8007 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 8008 mtu = (net->mtu - SCTP_MIN_OVERHEAD); 8009 } else { 8010 mtu = net->mtu - SCTP_MIN_V4_OVERHEAD; 8011 } 8012 8013 if ((asoc->peers_rwnd < mtu) && (asoc->total_flight > 0)) { 8014 /* No room in peers rwnd */ 8015 uint32_t tsn; 8016 8017 tsn = asoc->last_acked_seq + 1; 8018 if (tsn == chk->rec.data.TSN_seq) { 8019 /* 8020 * we make a special exception for this 8021 * case. The peer has no rwnd but is missing 8022 * the lowest chunk.. which is probably what 8023 * is holding up the rwnd. 8024 */ 8025 goto one_chunk_around; 8026 } 8027 return (1); 8028 } 8029 one_chunk_around: 8030 if (asoc->peers_rwnd < mtu) { 8031 one_chunk = 1; 8032 if ((asoc->peers_rwnd == 0) && 8033 (asoc->total_flight == 0)) { 8034 chk->window_probe = 1; 8035 chk->whoTo->window_probe = 1; 8036 } 8037 } 8038 #ifdef SCTP_AUDITING_ENABLED 8039 sctp_audit_log(0xC3, 2); 8040 #endif 8041 bundle_at = 0; 8042 m = NULL; 8043 net->fast_retran_ip = 0; 8044 if (chk->rec.data.doing_fast_retransmit == 0) { 8045 /* 8046 * if no FR in progress skip destination that have 8047 * flight_size > cwnd. 8048 */ 8049 if (net->flight_size >= net->cwnd) { 8050 continue; 8051 } 8052 } else { 8053 /* 8054 * Mark the destination net to have FR recovery 8055 * limits put on it. 8056 */ 8057 *fr_done = 1; 8058 net->fast_retran_ip = 1; 8059 } 8060 8061 /* 8062 * if no AUTH is yet included and this chunk requires it, 8063 * make sure to account for it. We don't apply the size 8064 * until the AUTH chunk is actually added below in case 8065 * there is no room for this chunk. 8066 */ 8067 if ((auth == NULL) && 8068 sctp_auth_is_required_chunk(SCTP_DATA, 8069 stcb->asoc.peer_auth_chunks)) { 8070 dmtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 8071 } else 8072 dmtu = 0; 8073 8074 if ((chk->send_size <= (mtu - dmtu)) || 8075 (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) { 8076 /* ok we will add this one */ 8077 if ((auth == NULL) && 8078 (sctp_auth_is_required_chunk(SCTP_DATA, 8079 stcb->asoc.peer_auth_chunks))) { 8080 m = sctp_add_auth_chunk(m, &endofchain, 8081 &auth, &auth_offset, 8082 stcb, SCTP_DATA); 8083 } 8084 m = sctp_copy_mbufchain(chk->data, m, &endofchain, 0, chk->send_size, chk->copy_by_ref); 8085 if (m == NULL) { 8086 return (ENOMEM); 8087 } 8088 /* Do clear IP_DF ? */ 8089 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 8090 no_fragmentflg = 0; 8091 } 8092 /* upate our MTU size */ 8093 if (mtu > (chk->send_size + dmtu)) 8094 mtu -= (chk->send_size + dmtu); 8095 else 8096 mtu = 0; 8097 data_list[bundle_at++] = chk; 8098 if (one_chunk && (asoc->total_flight <= 0)) { 8099 SCTP_STAT_INCR(sctps_windowprobed); 8100 } 8101 } 8102 if (one_chunk == 0) { 8103 /* 8104 * now are there anymore forward from chk to pick 8105 * up? 8106 */ 8107 fwd = TAILQ_NEXT(chk, sctp_next); 8108 while (fwd) { 8109 if (fwd->sent != SCTP_DATAGRAM_RESEND) { 8110 /* Nope, not for retran */ 8111 fwd = TAILQ_NEXT(fwd, sctp_next); 8112 continue; 8113 } 8114 if (fwd->whoTo != net) { 8115 /* Nope, not the net in question */ 8116 fwd = TAILQ_NEXT(fwd, sctp_next); 8117 continue; 8118 } 8119 if ((auth == NULL) && 8120 sctp_auth_is_required_chunk(SCTP_DATA, 8121 stcb->asoc.peer_auth_chunks)) { 8122 dmtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 8123 } else 8124 dmtu = 0; 8125 if (fwd->send_size <= (mtu - dmtu)) { 8126 if ((auth == NULL) && 8127 (sctp_auth_is_required_chunk(SCTP_DATA, 8128 stcb->asoc.peer_auth_chunks))) { 8129 m = sctp_add_auth_chunk(m, 8130 &endofchain, 8131 &auth, &auth_offset, 8132 stcb, 8133 SCTP_DATA); 8134 } 8135 m = sctp_copy_mbufchain(fwd->data, m, &endofchain, 0, fwd->send_size, fwd->copy_by_ref); 8136 if (m == NULL) { 8137 return (ENOMEM); 8138 } 8139 /* Do clear IP_DF ? */ 8140 if (fwd->flags & CHUNK_FLAGS_FRAGMENT_OK) { 8141 no_fragmentflg = 0; 8142 } 8143 /* upate our MTU size */ 8144 if (mtu > (fwd->send_size + dmtu)) 8145 mtu -= (fwd->send_size + dmtu); 8146 else 8147 mtu = 0; 8148 data_list[bundle_at++] = fwd; 8149 if (bundle_at >= SCTP_MAX_DATA_BUNDLING) { 8150 break; 8151 } 8152 fwd = TAILQ_NEXT(fwd, sctp_next); 8153 } else { 8154 /* can't fit so we are done */ 8155 break; 8156 } 8157 } 8158 } 8159 /* Is there something to send for this destination? */ 8160 if (m) { 8161 /* 8162 * No matter if we fail/or suceed we should start a 8163 * timer. A failure is like a lost IP packet :-) 8164 */ 8165 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 8166 /* 8167 * no timer running on this destination 8168 * restart it. 8169 */ 8170 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 8171 tmr_started = 1; 8172 } 8173 SCTP_BUF_PREPEND(m, sizeof(struct sctphdr), M_DONTWAIT); 8174 if (m == NULL) { 8175 return (ENOBUFS); 8176 } 8177 shdr = mtod(m, struct sctphdr *); 8178 shdr->src_port = inp->sctp_lport; 8179 shdr->dest_port = stcb->rport; 8180 shdr->v_tag = htonl(stcb->asoc.peer_vtag); 8181 shdr->checksum = 0; 8182 auth_offset += sizeof(struct sctphdr); 8183 /* Now lets send it, if there is anything to send :> */ 8184 if ((error = sctp_lowlevel_chunk_output(inp, stcb, net, 8185 (struct sockaddr *)&net->ro._l_addr, m, auth_offset, 8186 auth, no_fragmentflg, 0, NULL, asconf))) { 8187 /* error, we could not output */ 8188 SCTP_STAT_INCR(sctps_lowlevelerr); 8189 return (error); 8190 } 8191 m = endofchain = NULL; 8192 auth = NULL; 8193 auth_offset = 0; 8194 /* For HB's */ 8195 /* 8196 * We don't want to mark the net->sent time here 8197 * since this we use this for HB and retrans cannot 8198 * measure RTT 8199 */ 8200 /* SCTP_GETTIME_TIMEVAL(&net->last_sent_time); */ 8201 8202 /* For auto-close */ 8203 cnt_thru++; 8204 if (*now_filled == 0) { 8205 SCTP_GETTIME_TIMEVAL(&asoc->time_last_sent); 8206 *now = asoc->time_last_sent; 8207 *now_filled = 1; 8208 } else { 8209 asoc->time_last_sent = *now; 8210 } 8211 *cnt_out += bundle_at; 8212 #ifdef SCTP_AUDITING_ENABLED 8213 sctp_audit_log(0xC4, bundle_at); 8214 #endif 8215 if (bundle_at) { 8216 tsns_sent = data_list[0]->rec.data.TSN_seq; 8217 } 8218 for (i = 0; i < bundle_at; i++) { 8219 SCTP_STAT_INCR(sctps_sendretransdata); 8220 data_list[i]->sent = SCTP_DATAGRAM_SENT; 8221 /* 8222 * When we have a revoked data, and we 8223 * retransmit it, then we clear the revoked 8224 * flag since this flag dictates if we 8225 * subtracted from the fs 8226 */ 8227 if (data_list[i]->rec.data.chunk_was_revoked) { 8228 /* Deflate the cwnd */ 8229 data_list[i]->whoTo->cwnd -= data_list[i]->book_size; 8230 data_list[i]->rec.data.chunk_was_revoked = 0; 8231 } 8232 data_list[i]->snd_count++; 8233 sctp_ucount_decr(asoc->sent_queue_retran_cnt); 8234 /* record the time */ 8235 data_list[i]->sent_rcv_time = asoc->time_last_sent; 8236 if (data_list[i]->book_size_scale) { 8237 /* 8238 * need to double the book size on 8239 * this one 8240 */ 8241 data_list[i]->book_size_scale = 0; 8242 /* 8243 * Since we double the booksize, we 8244 * must also double the output queue 8245 * size, since this get shrunk when 8246 * we free by this amount. 8247 */ 8248 atomic_add_int(&((asoc)->total_output_queue_size), data_list[i]->book_size); 8249 data_list[i]->book_size *= 2; 8250 8251 8252 } else { 8253 sctp_ucount_incr(asoc->total_flight_count); 8254 #ifdef SCTP_LOG_RWND 8255 sctp_log_rwnd(SCTP_DECREASE_PEER_RWND, 8256 asoc->peers_rwnd, data_list[i]->send_size, sctp_peer_chunk_oh); 8257 #endif 8258 asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd, 8259 (uint32_t) (data_list[i]->send_size + 8260 sctp_peer_chunk_oh)); 8261 } 8262 #ifdef SCTP_FLIGHT_LOGGING 8263 sctp_misc_ints(SCTP_FLIGHT_LOG_UP, 8264 data_list[i]->whoTo->flight_size, 8265 data_list[i]->book_size, 8266 (uintptr_t) stcb, 8267 data_list[i]->rec.data.TSN_seq); 8268 #endif 8269 net->flight_size += data_list[i]->book_size; 8270 asoc->total_flight += data_list[i]->book_size; 8271 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) { 8272 /* SWS sender side engages */ 8273 asoc->peers_rwnd = 0; 8274 } 8275 if ((i == 0) && 8276 (data_list[i]->rec.data.doing_fast_retransmit)) { 8277 SCTP_STAT_INCR(sctps_sendfastretrans); 8278 if ((data_list[i] == TAILQ_FIRST(&asoc->sent_queue)) && 8279 (tmr_started == 0)) { 8280 /*- 8281 * ok we just fast-retrans'd 8282 * the lowest TSN, i.e the 8283 * first on the list. In 8284 * this case we want to give 8285 * some more time to get a 8286 * SACK back without a 8287 * t3-expiring. 8288 */ 8289 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, inp, stcb, net, 8290 SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_4); 8291 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 8292 } 8293 } 8294 } 8295 #ifdef SCTP_CWND_LOGGING 8296 sctp_log_cwnd(stcb, net, tsns_sent, SCTP_CWND_LOG_FROM_RESEND); 8297 #endif 8298 #ifdef SCTP_AUDITING_ENABLED 8299 sctp_auditing(21, inp, stcb, NULL); 8300 #endif 8301 } else { 8302 /* None will fit */ 8303 return (1); 8304 } 8305 if (asoc->sent_queue_retran_cnt <= 0) { 8306 /* all done we have no more to retran */ 8307 asoc->sent_queue_retran_cnt = 0; 8308 break; 8309 } 8310 if (one_chunk) { 8311 /* No more room in rwnd */ 8312 return (1); 8313 } 8314 /* stop the for loop here. we sent out a packet */ 8315 break; 8316 } 8317 return (0); 8318 } 8319 8320 8321 static int 8322 sctp_timer_validation(struct sctp_inpcb *inp, 8323 struct sctp_tcb *stcb, 8324 struct sctp_association *asoc, 8325 int ret) 8326 { 8327 struct sctp_nets *net; 8328 8329 /* Validate that a timer is running somewhere */ 8330 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 8331 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 8332 /* Here is a timer */ 8333 return (ret); 8334 } 8335 } 8336 SCTP_TCB_LOCK_ASSERT(stcb); 8337 /* Gak, we did not have a timer somewhere */ 8338 #ifdef SCTP_DEBUG 8339 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 8340 printf("Deadlock avoided starting timer on a dest at retran\n"); 8341 } 8342 #endif 8343 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, asoc->primary_destination); 8344 return (ret); 8345 } 8346 8347 int 8348 sctp_chunk_output(struct sctp_inpcb *inp, 8349 struct sctp_tcb *stcb, 8350 int from_where) 8351 { 8352 /*- 8353 * Ok this is the generic chunk service queue. we must do the 8354 * following: - See if there are retransmits pending, if so we must 8355 * do these first and return. - Service the stream queue that is 8356 * next, moving any message (note I must get a complete message i.e. 8357 * FIRST/MIDDLE and LAST to the out queue in one pass) and assigning 8358 * TSN's - Check to see if the cwnd/rwnd allows any output, if so we 8359 * go ahead and fomulate and send the low level chunks. Making sure 8360 * to combine any control in the control chunk queue also. 8361 */ 8362 struct sctp_association *asoc; 8363 struct sctp_nets *net; 8364 int error = 0, num_out = 0, tot_out = 0, ret = 0, reason_code = 0, 8365 burst_cnt = 0, burst_limit = 0; 8366 struct timeval now; 8367 int now_filled = 0; 8368 int cwnd_full = 0; 8369 int nagle_on = 0; 8370 int frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 8371 int un_sent = 0; 8372 int fr_done, tot_frs = 0; 8373 8374 asoc = &stcb->asoc; 8375 if (from_where == SCTP_OUTPUT_FROM_USR_SEND) { 8376 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NODELAY)) { 8377 nagle_on = 0; 8378 } else { 8379 nagle_on = 1; 8380 } 8381 } 8382 SCTP_TCB_LOCK_ASSERT(stcb); 8383 8384 un_sent = (stcb->asoc.total_output_queue_size - stcb->asoc.total_flight); 8385 8386 if ((un_sent <= 0) && 8387 (TAILQ_EMPTY(&asoc->control_send_queue)) && 8388 (asoc->sent_queue_retran_cnt == 0)) { 8389 /* Nothing to do unless there is something to be sent left */ 8390 return (error); 8391 } 8392 /* 8393 * Do we have something to send, data or control AND a sack timer 8394 * running, if so piggy-back the sack. 8395 */ 8396 if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) { 8397 sctp_send_sack(stcb); 8398 SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer); 8399 } 8400 while (asoc->sent_queue_retran_cnt) { 8401 /*- 8402 * Ok, it is retransmission time only, we send out only ONE 8403 * packet with a single call off to the retran code. 8404 */ 8405 if (from_where == SCTP_OUTPUT_FROM_COOKIE_ACK) { 8406 /*- 8407 *Special hook for handling cookiess discarded 8408 * by peer that carried data. Send cookie-ack only 8409 * and then the next call with get the retran's. 8410 */ 8411 (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1, 8412 &cwnd_full, from_where, 8413 &now, &now_filled, frag_point); 8414 return (0); 8415 } else if (from_where != SCTP_OUTPUT_FROM_HB_TMR) { 8416 /* if its not from a HB then do it */ 8417 fr_done = 0; 8418 ret = sctp_chunk_retransmission(inp, stcb, asoc, &num_out, &now, &now_filled, &fr_done); 8419 if (fr_done) { 8420 tot_frs++; 8421 } 8422 } else { 8423 /* 8424 * its from any other place, we don't allow retran 8425 * output (only control) 8426 */ 8427 ret = 1; 8428 } 8429 if (ret > 0) { 8430 /* Can't send anymore */ 8431 /*- 8432 * now lets push out control by calling med-level 8433 * output once. this assures that we WILL send HB's 8434 * if queued too. 8435 */ 8436 (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1, 8437 &cwnd_full, from_where, 8438 &now, &now_filled, frag_point); 8439 #ifdef SCTP_AUDITING_ENABLED 8440 sctp_auditing(8, inp, stcb, NULL); 8441 #endif 8442 return (sctp_timer_validation(inp, stcb, asoc, ret)); 8443 } 8444 if (ret < 0) { 8445 /*- 8446 * The count was off.. retran is not happening so do 8447 * the normal retransmission. 8448 */ 8449 #ifdef SCTP_AUDITING_ENABLED 8450 sctp_auditing(9, inp, stcb, NULL); 8451 #endif 8452 if (ret == SCTP_RETRAN_EXIT) { 8453 return (-1); 8454 } 8455 break; 8456 } 8457 if (from_where == SCTP_OUTPUT_FROM_T3) { 8458 /* Only one transmission allowed out of a timeout */ 8459 #ifdef SCTP_AUDITING_ENABLED 8460 sctp_auditing(10, inp, stcb, NULL); 8461 #endif 8462 /* Push out any control */ 8463 (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1, &cwnd_full, from_where, 8464 &now, &now_filled, frag_point); 8465 return (ret); 8466 } 8467 if (tot_frs > asoc->max_burst) { 8468 /* Hit FR burst limit */ 8469 return (0); 8470 } 8471 if ((num_out == 0) && (ret == 0)) { 8472 8473 /* No more retrans to send */ 8474 break; 8475 } 8476 } 8477 #ifdef SCTP_AUDITING_ENABLED 8478 sctp_auditing(12, inp, stcb, NULL); 8479 #endif 8480 /* Check for bad destinations, if they exist move chunks around. */ 8481 burst_limit = asoc->max_burst; 8482 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 8483 if ((net->dest_state & SCTP_ADDR_NOT_REACHABLE) == 8484 SCTP_ADDR_NOT_REACHABLE) { 8485 /*- 8486 * if possible move things off of this address we 8487 * still may send below due to the dormant state but 8488 * we try to find an alternate address to send to 8489 * and if we have one we move all queued data on the 8490 * out wheel to this alternate address. 8491 */ 8492 if (net->ref_count > 1) 8493 sctp_move_to_an_alt(stcb, asoc, net); 8494 } else { 8495 /*- 8496 * if ((asoc->sat_network) || (net->addr_is_local)) 8497 * { burst_limit = asoc->max_burst * 8498 * SCTP_SAT_NETWORK_BURST_INCR; } 8499 */ 8500 if (sctp_use_cwnd_based_maxburst) { 8501 if ((net->flight_size + (burst_limit * net->mtu)) < net->cwnd) { 8502 int old_cwnd; 8503 8504 if (net->ssthresh < net->cwnd) 8505 net->ssthresh = net->cwnd; 8506 old_cwnd = net->cwnd; 8507 net->cwnd = (net->flight_size + (burst_limit * net->mtu)); 8508 8509 #ifdef SCTP_CWND_MONITOR 8510 sctp_log_cwnd(stcb, net, (net->cwnd - old_cwnd), SCTP_CWND_LOG_FROM_BRST); 8511 #endif 8512 8513 #ifdef SCTP_LOG_MAXBURST 8514 sctp_log_maxburst(stcb, net, 0, burst_limit, SCTP_MAX_BURST_APPLIED); 8515 #endif 8516 SCTP_STAT_INCR(sctps_maxburstqueued); 8517 } 8518 net->fast_retran_ip = 0; 8519 } else { 8520 if (net->flight_size == 0) { 8521 /* Should be decaying the cwnd here */ 8522 ; 8523 } 8524 } 8525 } 8526 8527 } 8528 burst_cnt = 0; 8529 cwnd_full = 0; 8530 do { 8531 error = sctp_med_chunk_output(inp, stcb, asoc, &num_out, 8532 &reason_code, 0, &cwnd_full, from_where, 8533 &now, &now_filled, frag_point); 8534 if (error) { 8535 #ifdef SCTP_DEBUG 8536 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 8537 printf("Error %d was returned from med-c-op\n", error); 8538 } 8539 #endif 8540 #ifdef SCTP_LOG_MAXBURST 8541 sctp_log_maxburst(stcb, asoc->primary_destination, error, burst_cnt, SCTP_MAX_BURST_ERROR_STOP); 8542 #endif 8543 #ifdef SCTP_CWND_LOGGING 8544 sctp_log_cwnd(stcb, NULL, error, SCTP_SEND_NOW_COMPLETES); 8545 sctp_log_cwnd(stcb, NULL, 0xdeadbeef, SCTP_SEND_NOW_COMPLETES); 8546 #endif 8547 8548 break; 8549 } 8550 #ifdef SCTP_DEBUG 8551 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 8552 printf("m-c-o put out %d\n", num_out); 8553 } 8554 #endif 8555 tot_out += num_out; 8556 burst_cnt++; 8557 #ifdef SCTP_CWND_LOGGING 8558 sctp_log_cwnd(stcb, NULL, num_out, SCTP_SEND_NOW_COMPLETES); 8559 if (num_out == 0) { 8560 sctp_log_cwnd(stcb, NULL, reason_code, SCTP_SEND_NOW_COMPLETES); 8561 } 8562 #endif 8563 if (nagle_on) { 8564 /*- 8565 * When nagle is on, we look at how much is un_sent, then 8566 * if its smaller than an MTU and we have data in 8567 * flight we stop. 8568 */ 8569 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 8570 ((stcb->asoc.chunks_on_out_queue - stcb->asoc.total_flight_count) 8571 * sizeof(struct sctp_data_chunk))); 8572 if ((un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD)) && 8573 (stcb->asoc.total_flight > 0)) { 8574 break; 8575 } 8576 } 8577 if (TAILQ_EMPTY(&asoc->control_send_queue) && 8578 TAILQ_EMPTY(&asoc->send_queue) && 8579 TAILQ_EMPTY(&asoc->out_wheel)) { 8580 /* Nothing left to send */ 8581 break; 8582 } 8583 if ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) <= 0) { 8584 /* Nothing left to send */ 8585 break; 8586 } 8587 } while (num_out && (sctp_use_cwnd_based_maxburst || 8588 (burst_cnt < burst_limit))); 8589 8590 if (sctp_use_cwnd_based_maxburst == 0) { 8591 if (burst_cnt >= burst_limit) { 8592 SCTP_STAT_INCR(sctps_maxburstqueued); 8593 asoc->burst_limit_applied = 1; 8594 #ifdef SCTP_LOG_MAXBURST 8595 sctp_log_maxburst(stcb, asoc->primary_destination, 0, burst_cnt, SCTP_MAX_BURST_APPLIED); 8596 #endif 8597 } else { 8598 asoc->burst_limit_applied = 0; 8599 } 8600 } 8601 #ifdef SCTP_CWND_LOGGING 8602 sctp_log_cwnd(stcb, NULL, tot_out, SCTP_SEND_NOW_COMPLETES); 8603 #endif 8604 #ifdef SCTP_DEBUG 8605 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 8606 printf("Ok, we have put out %d chunks\n", tot_out); 8607 } 8608 #endif 8609 /*- 8610 * Now we need to clean up the control chunk chain if a ECNE is on 8611 * it. It must be marked as UNSENT again so next call will continue 8612 * to send it until such time that we get a CWR, to remove it. 8613 */ 8614 if (stcb->asoc.ecn_echo_cnt_onq) 8615 sctp_fix_ecn_echo(asoc); 8616 return (error); 8617 } 8618 8619 8620 int 8621 sctp_output(inp, m, addr, control, p, flags) 8622 struct sctp_inpcb *inp; 8623 struct mbuf *m; 8624 struct sockaddr *addr; 8625 struct mbuf *control; 8626 8627 struct thread *p; 8628 int flags; 8629 { 8630 if (inp == NULL) { 8631 return (EINVAL); 8632 } 8633 if (inp->sctp_socket == NULL) { 8634 return (EINVAL); 8635 } 8636 return (sctp_sosend(inp->sctp_socket, 8637 addr, 8638 (struct uio *)NULL, 8639 m, 8640 control, 8641 flags, 8642 p)); 8643 } 8644 8645 void 8646 send_forward_tsn(struct sctp_tcb *stcb, 8647 struct sctp_association *asoc) 8648 { 8649 struct sctp_tmit_chunk *chk; 8650 struct sctp_forward_tsn_chunk *fwdtsn; 8651 8652 SCTP_TCB_LOCK_ASSERT(stcb); 8653 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 8654 if (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) { 8655 /* mark it to unsent */ 8656 chk->sent = SCTP_DATAGRAM_UNSENT; 8657 chk->snd_count = 0; 8658 /* Do we correct its output location? */ 8659 if (chk->whoTo != asoc->primary_destination) { 8660 sctp_free_remote_addr(chk->whoTo); 8661 chk->whoTo = asoc->primary_destination; 8662 atomic_add_int(&chk->whoTo->ref_count, 1); 8663 } 8664 goto sctp_fill_in_rest; 8665 } 8666 } 8667 /* Ok if we reach here we must build one */ 8668 sctp_alloc_a_chunk(stcb, chk); 8669 if (chk == NULL) { 8670 return; 8671 } 8672 chk->copy_by_ref = 0; 8673 chk->rec.chunk_id.id = SCTP_FORWARD_CUM_TSN; 8674 chk->rec.chunk_id.can_take_data = 0; 8675 chk->asoc = asoc; 8676 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 8677 if (chk->data == NULL) { 8678 atomic_subtract_int(&chk->whoTo->ref_count, 1); 8679 sctp_free_a_chunk(stcb, chk); 8680 return; 8681 } 8682 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 8683 chk->sent = SCTP_DATAGRAM_UNSENT; 8684 chk->snd_count = 0; 8685 chk->whoTo = asoc->primary_destination; 8686 atomic_add_int(&chk->whoTo->ref_count, 1); 8687 TAILQ_INSERT_TAIL(&asoc->control_send_queue, chk, sctp_next); 8688 asoc->ctrl_queue_cnt++; 8689 sctp_fill_in_rest: 8690 /*- 8691 * Here we go through and fill out the part that deals with 8692 * stream/seq of the ones we skip. 8693 */ 8694 SCTP_BUF_LEN(chk->data) = 0; 8695 { 8696 struct sctp_tmit_chunk *at, *tp1, *last; 8697 struct sctp_strseq *strseq; 8698 unsigned int cnt_of_space, i, ovh; 8699 unsigned int space_needed; 8700 unsigned int cnt_of_skipped = 0; 8701 8702 TAILQ_FOREACH(at, &asoc->sent_queue, sctp_next) { 8703 if (at->sent != SCTP_FORWARD_TSN_SKIP) { 8704 /* no more to look at */ 8705 break; 8706 } 8707 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { 8708 /* We don't report these */ 8709 continue; 8710 } 8711 cnt_of_skipped++; 8712 } 8713 space_needed = (sizeof(struct sctp_forward_tsn_chunk) + 8714 (cnt_of_skipped * sizeof(struct sctp_strseq))); 8715 8716 cnt_of_space = M_TRAILINGSPACE(chk->data); 8717 8718 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 8719 ovh = SCTP_MIN_OVERHEAD; 8720 } else { 8721 ovh = SCTP_MIN_V4_OVERHEAD; 8722 } 8723 if (cnt_of_space > (asoc->smallest_mtu - ovh)) { 8724 /* trim to a mtu size */ 8725 cnt_of_space = asoc->smallest_mtu - ovh; 8726 } 8727 if (cnt_of_space < space_needed) { 8728 /*- 8729 * ok we must trim down the chunk by lowering the 8730 * advance peer ack point. 8731 */ 8732 cnt_of_skipped = (cnt_of_space - 8733 ((sizeof(struct sctp_forward_tsn_chunk)) / 8734 sizeof(struct sctp_strseq))); 8735 /*- 8736 * Go through and find the TSN that will be the one 8737 * we report. 8738 */ 8739 at = TAILQ_FIRST(&asoc->sent_queue); 8740 for (i = 0; i < cnt_of_skipped; i++) { 8741 tp1 = TAILQ_NEXT(at, sctp_next); 8742 at = tp1; 8743 } 8744 last = at; 8745 /*- 8746 * last now points to last one I can report, update 8747 * peer ack point 8748 */ 8749 asoc->advanced_peer_ack_point = last->rec.data.TSN_seq; 8750 space_needed -= (cnt_of_skipped * sizeof(struct sctp_strseq)); 8751 } 8752 chk->send_size = space_needed; 8753 /* Setup the chunk */ 8754 fwdtsn = mtod(chk->data, struct sctp_forward_tsn_chunk *); 8755 fwdtsn->ch.chunk_length = htons(chk->send_size); 8756 fwdtsn->ch.chunk_flags = 0; 8757 fwdtsn->ch.chunk_type = SCTP_FORWARD_CUM_TSN; 8758 fwdtsn->new_cumulative_tsn = htonl(asoc->advanced_peer_ack_point); 8759 chk->send_size = (sizeof(struct sctp_forward_tsn_chunk) + 8760 (cnt_of_skipped * sizeof(struct sctp_strseq))); 8761 SCTP_BUF_LEN(chk->data) = chk->send_size; 8762 fwdtsn++; 8763 /*- 8764 * Move pointer to after the fwdtsn and transfer to the 8765 * strseq pointer. 8766 */ 8767 strseq = (struct sctp_strseq *)fwdtsn; 8768 /*- 8769 * Now populate the strseq list. This is done blindly 8770 * without pulling out duplicate stream info. This is 8771 * inefficent but won't harm the process since the peer will 8772 * look at these in sequence and will thus release anything. 8773 * It could mean we exceed the PMTU and chop off some that 8774 * we could have included.. but this is unlikely (aka 1432/4 8775 * would mean 300+ stream seq's would have to be reported in 8776 * one FWD-TSN. With a bit of work we can later FIX this to 8777 * optimize and pull out duplcates.. but it does add more 8778 * overhead. So for now... not! 8779 */ 8780 at = TAILQ_FIRST(&asoc->sent_queue); 8781 for (i = 0; i < cnt_of_skipped; i++) { 8782 tp1 = TAILQ_NEXT(at, sctp_next); 8783 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { 8784 /* We don't report these */ 8785 i--; 8786 at = tp1; 8787 continue; 8788 } 8789 strseq->stream = ntohs(at->rec.data.stream_number); 8790 strseq->sequence = ntohs(at->rec.data.stream_seq); 8791 strseq++; 8792 at = tp1; 8793 } 8794 } 8795 return; 8796 8797 } 8798 8799 void 8800 sctp_send_sack(struct sctp_tcb *stcb) 8801 { 8802 /*- 8803 * Queue up a SACK in the control queue. We must first check to see 8804 * if a SACK is somehow on the control queue. If so, we will take 8805 * and and remove the old one. 8806 */ 8807 struct sctp_association *asoc; 8808 struct sctp_tmit_chunk *chk, *a_chk; 8809 struct sctp_sack_chunk *sack; 8810 struct sctp_gap_ack_block *gap_descriptor; 8811 struct sack_track *selector; 8812 int mergeable = 0; 8813 int offset; 8814 caddr_t limit; 8815 uint32_t *dup; 8816 int limit_reached = 0; 8817 unsigned int i, jstart, siz, j; 8818 unsigned int num_gap_blocks = 0, space; 8819 int num_dups = 0; 8820 int space_req; 8821 8822 8823 a_chk = NULL; 8824 asoc = &stcb->asoc; 8825 SCTP_TCB_LOCK_ASSERT(stcb); 8826 if (asoc->last_data_chunk_from == NULL) { 8827 /* Hmm we never received anything */ 8828 return; 8829 } 8830 sctp_set_rwnd(stcb, asoc); 8831 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 8832 if (chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) { 8833 /* Hmm, found a sack already on queue, remove it */ 8834 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 8835 asoc->ctrl_queue_cnt++; 8836 a_chk = chk; 8837 if (a_chk->data) { 8838 sctp_m_freem(a_chk->data); 8839 a_chk->data = NULL; 8840 } 8841 sctp_free_remote_addr(a_chk->whoTo); 8842 a_chk->whoTo = NULL; 8843 break; 8844 } 8845 } 8846 if (a_chk == NULL) { 8847 sctp_alloc_a_chunk(stcb, a_chk); 8848 if (a_chk == NULL) { 8849 /* No memory so we drop the idea, and set a timer */ 8850 if (stcb->asoc.delayed_ack) { 8851 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 8852 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_5); 8853 sctp_timer_start(SCTP_TIMER_TYPE_RECV, 8854 stcb->sctp_ep, stcb, NULL); 8855 } else { 8856 stcb->asoc.send_sack = 1; 8857 } 8858 return; 8859 } 8860 a_chk->copy_by_ref = 0; 8861 /* a_chk->rec.chunk_id.id = SCTP_SELECTIVE_ACK; */ 8862 a_chk->rec.chunk_id.id = SCTP_SELECTIVE_ACK; 8863 a_chk->rec.chunk_id.can_take_data = 1; 8864 } 8865 /* Clear our pkt counts */ 8866 asoc->data_pkts_seen = 0; 8867 8868 a_chk->asoc = asoc; 8869 a_chk->snd_count = 0; 8870 a_chk->send_size = 0; /* fill in later */ 8871 a_chk->sent = SCTP_DATAGRAM_UNSENT; 8872 8873 if ((asoc->numduptsns) || 8874 (asoc->last_data_chunk_from->dest_state & SCTP_ADDR_NOT_REACHABLE) 8875 ) { 8876 /*- 8877 * Ok, we have some duplicates or the destination for the 8878 * sack is unreachable, lets see if we can select an 8879 * alternate than asoc->last_data_chunk_from 8880 */ 8881 if ((!(asoc->last_data_chunk_from->dest_state & 8882 SCTP_ADDR_NOT_REACHABLE)) && 8883 (asoc->used_alt_onsack > asoc->numnets)) { 8884 /* We used an alt last time, don't this time */ 8885 a_chk->whoTo = NULL; 8886 } else { 8887 asoc->used_alt_onsack++; 8888 a_chk->whoTo = sctp_find_alternate_net(stcb, asoc->last_data_chunk_from, 0); 8889 } 8890 if (a_chk->whoTo == NULL) { 8891 /* Nope, no alternate */ 8892 a_chk->whoTo = asoc->last_data_chunk_from; 8893 asoc->used_alt_onsack = 0; 8894 } 8895 } else { 8896 /* 8897 * No duplicates so we use the last place we received data 8898 * from. 8899 */ 8900 asoc->used_alt_onsack = 0; 8901 a_chk->whoTo = asoc->last_data_chunk_from; 8902 } 8903 if (a_chk->whoTo) { 8904 atomic_add_int(&a_chk->whoTo->ref_count, 1); 8905 } 8906 if (asoc->highest_tsn_inside_map == asoc->cumulative_tsn) { 8907 /* no gaps */ 8908 space_req = sizeof(struct sctp_sack_chunk); 8909 } else { 8910 /* gaps get a cluster */ 8911 space_req = MCLBYTES; 8912 } 8913 /* Ok now lets formulate a MBUF with our sack */ 8914 a_chk->data = sctp_get_mbuf_for_msg(space_req, 0, M_DONTWAIT, 1, MT_DATA); 8915 if ((a_chk->data == NULL) || 8916 (a_chk->whoTo == NULL)) { 8917 /* rats, no mbuf memory */ 8918 if (a_chk->data) { 8919 /* was a problem with the destination */ 8920 sctp_m_freem(a_chk->data); 8921 a_chk->data = NULL; 8922 } 8923 if (a_chk->whoTo) 8924 atomic_subtract_int(&a_chk->whoTo->ref_count, 1); 8925 sctp_free_a_chunk(stcb, a_chk); 8926 if (stcb->asoc.delayed_ack) { 8927 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 8928 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_6); 8929 sctp_timer_start(SCTP_TIMER_TYPE_RECV, 8930 stcb->sctp_ep, stcb, NULL); 8931 } else { 8932 stcb->asoc.send_sack = 1; 8933 } 8934 return; 8935 } 8936 /* ok, lets go through and fill it in */ 8937 SCTP_BUF_RESV_UF(a_chk->data, SCTP_MIN_OVERHEAD); 8938 space = M_TRAILINGSPACE(a_chk->data); 8939 if (space > (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD)) { 8940 space = (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD); 8941 } 8942 limit = mtod(a_chk->data, caddr_t); 8943 limit += space; 8944 8945 sack = mtod(a_chk->data, struct sctp_sack_chunk *); 8946 sack->ch.chunk_type = SCTP_SELECTIVE_ACK; 8947 /* 0x01 is used by nonce for ecn */ 8948 if ((sctp_ecn_enable) && 8949 (sctp_ecn_nonce) && 8950 (asoc->peer_supports_ecn_nonce)) 8951 sack->ch.chunk_flags = (asoc->receiver_nonce_sum & SCTP_SACK_NONCE_SUM); 8952 else 8953 sack->ch.chunk_flags = 0; 8954 8955 if (sctp_cmt_on_off && sctp_cmt_use_dac) { 8956 /*- 8957 * CMT DAC algorithm: If 2 (i.e., 0x10) packets have been 8958 * received, then set high bit to 1, else 0. Reset 8959 * pkts_rcvd. 8960 */ 8961 sack->ch.chunk_flags |= (asoc->cmt_dac_pkts_rcvd << 6); 8962 asoc->cmt_dac_pkts_rcvd = 0; 8963 } 8964 sack->sack.cum_tsn_ack = htonl(asoc->cumulative_tsn); 8965 sack->sack.a_rwnd = htonl(asoc->my_rwnd); 8966 asoc->my_last_reported_rwnd = asoc->my_rwnd; 8967 8968 /* reset the readers interpretation */ 8969 stcb->freed_by_sorcv_sincelast = 0; 8970 8971 gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)sack + sizeof(struct sctp_sack_chunk)); 8972 8973 8974 siz = (((asoc->highest_tsn_inside_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 8975 if (asoc->cumulative_tsn < asoc->mapping_array_base_tsn) { 8976 offset = 1; 8977 /*- 8978 * cum-ack behind the mapping array, so we start and use all 8979 * entries. 8980 */ 8981 jstart = 0; 8982 } else { 8983 offset = asoc->mapping_array_base_tsn - asoc->cumulative_tsn; 8984 /*- 8985 * we skip the first one when the cum-ack is at or above the 8986 * mapping array base. 8987 */ 8988 jstart = 1; 8989 } 8990 if (compare_with_wrap(asoc->highest_tsn_inside_map, asoc->cumulative_tsn, MAX_TSN)) { 8991 /* we have a gap .. maybe */ 8992 for (i = 0; i < siz; i++) { 8993 selector = &sack_array[asoc->mapping_array[i]]; 8994 if (mergeable && selector->right_edge) { 8995 /* 8996 * Backup, left and right edges were ok to 8997 * merge. 8998 */ 8999 num_gap_blocks--; 9000 gap_descriptor--; 9001 } 9002 if (selector->num_entries == 0) 9003 mergeable = 0; 9004 else { 9005 for (j = jstart; j < selector->num_entries; j++) { 9006 if (mergeable && selector->right_edge) { 9007 /* 9008 * do a merge by NOT setting 9009 * the left side 9010 */ 9011 mergeable = 0; 9012 } else { 9013 /* 9014 * no merge, set the left 9015 * side 9016 */ 9017 mergeable = 0; 9018 gap_descriptor->start = htons((selector->gaps[j].start + offset)); 9019 } 9020 gap_descriptor->end = htons((selector->gaps[j].end + offset)); 9021 num_gap_blocks++; 9022 gap_descriptor++; 9023 if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) { 9024 /* no more room */ 9025 limit_reached = 1; 9026 break; 9027 } 9028 } 9029 if (selector->left_edge) { 9030 mergeable = 1; 9031 } 9032 } 9033 if (limit_reached) { 9034 /* Reached the limit stop */ 9035 break; 9036 } 9037 jstart = 0; 9038 offset += 8; 9039 } 9040 if (num_gap_blocks == 0) { 9041 /* reneged all chunks */ 9042 asoc->highest_tsn_inside_map = asoc->cumulative_tsn; 9043 } 9044 } 9045 /* now we must add any dups we are going to report. */ 9046 if ((limit_reached == 0) && (asoc->numduptsns)) { 9047 dup = (uint32_t *) gap_descriptor; 9048 for (i = 0; i < asoc->numduptsns; i++) { 9049 *dup = htonl(asoc->dup_tsns[i]); 9050 dup++; 9051 num_dups++; 9052 if (((caddr_t)dup + sizeof(uint32_t)) > limit) { 9053 /* no more room */ 9054 break; 9055 } 9056 } 9057 asoc->numduptsns = 0; 9058 } 9059 /* 9060 * now that the chunk is prepared queue it to the control chunk 9061 * queue. 9062 */ 9063 a_chk->send_size = (sizeof(struct sctp_sack_chunk) + 9064 (num_gap_blocks * sizeof(struct sctp_gap_ack_block)) + 9065 (num_dups * sizeof(int32_t))); 9066 SCTP_BUF_LEN(a_chk->data) = a_chk->send_size; 9067 sack->sack.num_gap_ack_blks = htons(num_gap_blocks); 9068 sack->sack.num_dup_tsns = htons(num_dups); 9069 sack->ch.chunk_length = htons(a_chk->send_size); 9070 TAILQ_INSERT_TAIL(&asoc->control_send_queue, a_chk, sctp_next); 9071 asoc->ctrl_queue_cnt++; 9072 asoc->send_sack = 0; 9073 SCTP_STAT_INCR(sctps_sendsacks); 9074 return; 9075 } 9076 9077 9078 void 9079 sctp_send_abort_tcb(struct sctp_tcb *stcb, struct mbuf *operr) 9080 { 9081 struct mbuf *m_abort; 9082 struct mbuf *m_out = NULL, *m_end = NULL; 9083 struct sctp_abort_chunk *abort = NULL; 9084 int sz; 9085 uint32_t auth_offset = 0; 9086 struct sctp_auth_chunk *auth = NULL; 9087 struct sctphdr *shdr; 9088 9089 /*- 9090 * Add an AUTH chunk, if chunk requires it and save the offset into 9091 * the chain for AUTH 9092 */ 9093 if (sctp_auth_is_required_chunk(SCTP_ABORT_ASSOCIATION, 9094 stcb->asoc.peer_auth_chunks)) { 9095 m_out = sctp_add_auth_chunk(m_out, &m_end, &auth, &auth_offset, 9096 stcb, SCTP_ABORT_ASSOCIATION); 9097 } 9098 SCTP_TCB_LOCK_ASSERT(stcb); 9099 m_abort = sctp_get_mbuf_for_msg(sizeof(struct sctp_abort_chunk), 0, M_DONTWAIT, 1, MT_HEADER); 9100 if (m_abort == NULL) { 9101 /* no mbuf's */ 9102 if (m_out) 9103 sctp_m_freem(m_out); 9104 return; 9105 } 9106 /* link in any error */ 9107 SCTP_BUF_NEXT(m_abort) = operr; 9108 sz = 0; 9109 if (operr) { 9110 struct mbuf *n; 9111 9112 n = operr; 9113 while (n) { 9114 sz += SCTP_BUF_LEN(n); 9115 n = SCTP_BUF_NEXT(n); 9116 } 9117 } 9118 SCTP_BUF_LEN(m_abort) = sizeof(*abort); 9119 if (m_out == NULL) { 9120 /* NO Auth chunk prepended, so reserve space in front */ 9121 SCTP_BUF_RESV_UF(m_abort, SCTP_MIN_OVERHEAD); 9122 m_out = m_abort; 9123 } else { 9124 /* Put AUTH chunk at the front of the chain */ 9125 SCTP_BUF_NEXT(m_end) = m_abort; 9126 } 9127 9128 /* fill in the ABORT chunk */ 9129 abort = mtod(m_abort, struct sctp_abort_chunk *); 9130 abort->ch.chunk_type = SCTP_ABORT_ASSOCIATION; 9131 abort->ch.chunk_flags = 0; 9132 abort->ch.chunk_length = htons(sizeof(*abort) + sz); 9133 9134 /* prepend and fill in the SCTP header */ 9135 SCTP_BUF_PREPEND(m_out, sizeof(struct sctphdr), M_DONTWAIT); 9136 if (m_out == NULL) { 9137 /* TSNH: no memory */ 9138 return; 9139 } 9140 shdr = mtod(m_out, struct sctphdr *); 9141 shdr->src_port = stcb->sctp_ep->sctp_lport; 9142 shdr->dest_port = stcb->rport; 9143 shdr->v_tag = htonl(stcb->asoc.peer_vtag); 9144 shdr->checksum = 0; 9145 auth_offset += sizeof(struct sctphdr); 9146 9147 sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, 9148 stcb->asoc.primary_destination, 9149 (struct sockaddr *)&stcb->asoc.primary_destination->ro._l_addr, 9150 m_out, auth_offset, auth, 1, 0, NULL, 0); 9151 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 9152 } 9153 9154 int 9155 sctp_send_shutdown_complete(struct sctp_tcb *stcb, 9156 struct sctp_nets *net) 9157 { 9158 /* formulate and SEND a SHUTDOWN-COMPLETE */ 9159 struct mbuf *m_shutdown_comp; 9160 struct sctp_shutdown_complete_msg *comp_cp; 9161 9162 m_shutdown_comp = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_complete_msg), 0, M_DONTWAIT, 1, MT_HEADER); 9163 if (m_shutdown_comp == NULL) { 9164 /* no mbuf's */ 9165 return (-1); 9166 } 9167 comp_cp = mtod(m_shutdown_comp, struct sctp_shutdown_complete_msg *); 9168 comp_cp->shut_cmp.ch.chunk_type = SCTP_SHUTDOWN_COMPLETE; 9169 comp_cp->shut_cmp.ch.chunk_flags = 0; 9170 comp_cp->shut_cmp.ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk)); 9171 comp_cp->sh.src_port = stcb->sctp_ep->sctp_lport; 9172 comp_cp->sh.dest_port = stcb->rport; 9173 comp_cp->sh.v_tag = htonl(stcb->asoc.peer_vtag); 9174 comp_cp->sh.checksum = 0; 9175 9176 SCTP_BUF_LEN(m_shutdown_comp) = sizeof(struct sctp_shutdown_complete_msg); 9177 sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, net, 9178 (struct sockaddr *)&net->ro._l_addr, 9179 m_shutdown_comp, 0, NULL, 1, 0, NULL, 0); 9180 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 9181 return (0); 9182 } 9183 9184 int 9185 sctp_send_shutdown_complete2(struct mbuf *m, int iphlen, struct sctphdr *sh) 9186 { 9187 /* formulate and SEND a SHUTDOWN-COMPLETE */ 9188 struct mbuf *o_pak; 9189 struct mbuf *mout; 9190 struct ip *iph, *iph_out; 9191 struct ip6_hdr *ip6, *ip6_out; 9192 int offset_out, len; 9193 struct sctp_shutdown_complete_msg *comp_cp; 9194 9195 /* Get room for the largest message */ 9196 len = (sizeof(struct ip6_hdr) + sizeof(struct sctp_shutdown_complete_msg)); 9197 9198 o_pak = SCTP_GET_HEADER_FOR_OUTPUT(len); 9199 if (o_pak == NULL) { 9200 /* no mbuf's */ 9201 return (-1); 9202 } 9203 mout = SCTP_HEADER_TO_CHAIN(o_pak); 9204 iph = mtod(m, struct ip *); 9205 iph_out = NULL; 9206 ip6_out = NULL; 9207 offset_out = 0; 9208 if (iph->ip_v == IPVERSION) { 9209 SCTP_BUF_LEN(mout) = sizeof(struct ip) + 9210 sizeof(struct sctp_shutdown_complete_msg); 9211 SCTP_BUF_NEXT(mout) = NULL; 9212 iph_out = mtod(mout, struct ip *); 9213 9214 /* Fill in the IP header for the ABORT */ 9215 iph_out->ip_v = IPVERSION; 9216 iph_out->ip_hl = (sizeof(struct ip) / 4); 9217 iph_out->ip_tos = (u_char)0; 9218 iph_out->ip_id = 0; 9219 iph_out->ip_off = 0; 9220 iph_out->ip_ttl = MAXTTL; 9221 iph_out->ip_p = IPPROTO_SCTP; 9222 iph_out->ip_src.s_addr = iph->ip_dst.s_addr; 9223 iph_out->ip_dst.s_addr = iph->ip_src.s_addr; 9224 9225 /* let IP layer calculate this */ 9226 iph_out->ip_sum = 0; 9227 offset_out += sizeof(*iph_out); 9228 comp_cp = (struct sctp_shutdown_complete_msg *)( 9229 (caddr_t)iph_out + offset_out); 9230 } else if (iph->ip_v == (IPV6_VERSION >> 4)) { 9231 ip6 = (struct ip6_hdr *)iph; 9232 SCTP_BUF_LEN(mout) = sizeof(struct ip6_hdr) + 9233 sizeof(struct sctp_shutdown_complete_msg); 9234 SCTP_BUF_NEXT(mout) = NULL; 9235 ip6_out = mtod(mout, struct ip6_hdr *); 9236 9237 /* Fill in the IPv6 header for the ABORT */ 9238 ip6_out->ip6_flow = ip6->ip6_flow; 9239 ip6_out->ip6_hlim = ip6_defhlim; 9240 ip6_out->ip6_nxt = IPPROTO_SCTP; 9241 ip6_out->ip6_src = ip6->ip6_dst; 9242 ip6_out->ip6_dst = ip6->ip6_src; 9243 /* 9244 * ?? The old code had both the iph len + payload, I think 9245 * this is wrong and would never have worked 9246 */ 9247 ip6_out->ip6_plen = sizeof(struct sctp_shutdown_complete_msg); 9248 offset_out += sizeof(*ip6_out); 9249 comp_cp = (struct sctp_shutdown_complete_msg *)( 9250 (caddr_t)ip6_out + offset_out); 9251 } else { 9252 /* Currently not supported. */ 9253 return (-1); 9254 } 9255 9256 SCTP_HEADER_LEN(o_pak) = SCTP_BUF_LEN(mout); 9257 /* Now copy in and fill in the ABORT tags etc. */ 9258 comp_cp->sh.src_port = sh->dest_port; 9259 comp_cp->sh.dest_port = sh->src_port; 9260 comp_cp->sh.checksum = 0; 9261 comp_cp->sh.v_tag = sh->v_tag; 9262 comp_cp->shut_cmp.ch.chunk_flags = SCTP_HAD_NO_TCB; 9263 comp_cp->shut_cmp.ch.chunk_type = SCTP_SHUTDOWN_COMPLETE; 9264 comp_cp->shut_cmp.ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk)); 9265 9266 /* add checksum */ 9267 if ((sctp_no_csum_on_loopback) && SCTP_IS_IT_LOOPBACK(o_pak)) { 9268 comp_cp->sh.checksum = 0; 9269 } else { 9270 comp_cp->sh.checksum = sctp_calculate_sum(mout, NULL, offset_out); 9271 } 9272 if (iph_out != NULL) { 9273 sctp_route_t ro; 9274 9275 bzero(&ro, sizeof ro); 9276 /* set IPv4 length */ 9277 iph_out->ip_len = SCTP_HEADER_LEN(o_pak); 9278 /* out it goes */ 9279 ip_output(o_pak, 0, &ro, IP_RAWOUTPUT, NULL 9280 ,NULL 9281 ); 9282 /* Free the route if we got one back */ 9283 if (ro.ro_rt) 9284 RTFREE(ro.ro_rt); 9285 } else if (ip6_out != NULL) { 9286 struct route_in6 ro; 9287 9288 bzero(&ro, sizeof(ro)); 9289 ip6_output(o_pak, NULL, &ro, 0, NULL, NULL 9290 ,NULL 9291 ); 9292 /* Free the route if we got one back */ 9293 if (ro.ro_rt) 9294 RTFREE(ro.ro_rt); 9295 } 9296 SCTP_STAT_INCR(sctps_sendpackets); 9297 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 9298 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 9299 return (0); 9300 } 9301 9302 static struct sctp_nets * 9303 sctp_select_hb_destination(struct sctp_tcb *stcb, struct timeval *now) 9304 { 9305 struct sctp_nets *net, *hnet; 9306 int ms_goneby, highest_ms, state_overide = 0; 9307 9308 SCTP_GETTIME_TIMEVAL(now); 9309 highest_ms = 0; 9310 hnet = NULL; 9311 SCTP_TCB_LOCK_ASSERT(stcb); 9312 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 9313 if ( 9314 ((net->dest_state & SCTP_ADDR_NOHB) && ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0)) || 9315 (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE) 9316 ) { 9317 /* 9318 * Skip this guy from consideration if HB is off AND 9319 * its confirmed 9320 */ 9321 continue; 9322 } 9323 if (sctp_destination_is_reachable(stcb, (struct sockaddr *)&net->ro._l_addr) == 0) { 9324 /* skip this dest net from consideration */ 9325 continue; 9326 } 9327 if (net->last_sent_time.tv_sec) { 9328 /* Sent to so we subtract */ 9329 ms_goneby = (now->tv_sec - net->last_sent_time.tv_sec) * 1000; 9330 } else 9331 /* Never been sent to */ 9332 ms_goneby = 0x7fffffff; 9333 /*- 9334 * When the address state is unconfirmed but still 9335 * considered reachable, we HB at a higher rate. Once it 9336 * goes confirmed OR reaches the "unreachable" state, thenw 9337 * we cut it back to HB at a more normal pace. 9338 */ 9339 if ((net->dest_state & (SCTP_ADDR_UNCONFIRMED | SCTP_ADDR_NOT_REACHABLE)) == SCTP_ADDR_UNCONFIRMED) { 9340 state_overide = 1; 9341 } else { 9342 state_overide = 0; 9343 } 9344 9345 if ((((unsigned int)ms_goneby >= net->RTO) || (state_overide)) && 9346 (ms_goneby > highest_ms)) { 9347 highest_ms = ms_goneby; 9348 hnet = net; 9349 } 9350 } 9351 if (hnet && 9352 ((hnet->dest_state & (SCTP_ADDR_UNCONFIRMED | SCTP_ADDR_NOT_REACHABLE)) == SCTP_ADDR_UNCONFIRMED)) { 9353 state_overide = 1; 9354 } else { 9355 state_overide = 0; 9356 } 9357 9358 if (highest_ms && (((unsigned int)highest_ms >= hnet->RTO) || state_overide)) { 9359 /*- 9360 * Found the one with longest delay bounds OR it is 9361 * unconfirmed and still not marked unreachable. 9362 */ 9363 #ifdef SCTP_DEBUG 9364 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 9365 printf("net:%p is the hb winner -", 9366 hnet); 9367 if (hnet) 9368 sctp_print_address((struct sockaddr *)&hnet->ro._l_addr); 9369 else 9370 printf(" none\n"); 9371 } 9372 #endif 9373 /* update the timer now */ 9374 hnet->last_sent_time = *now; 9375 return (hnet); 9376 } 9377 /* Nothing to HB */ 9378 return (NULL); 9379 } 9380 9381 int 9382 sctp_send_hb(struct sctp_tcb *stcb, int user_req, struct sctp_nets *u_net) 9383 { 9384 struct sctp_tmit_chunk *chk; 9385 struct sctp_nets *net; 9386 struct sctp_heartbeat_chunk *hb; 9387 struct timeval now; 9388 struct sockaddr_in *sin; 9389 struct sockaddr_in6 *sin6; 9390 9391 SCTP_TCB_LOCK_ASSERT(stcb); 9392 if (user_req == 0) { 9393 net = sctp_select_hb_destination(stcb, &now); 9394 if (net == NULL) { 9395 /*- 9396 * All our busy none to send to, just start the 9397 * timer again. 9398 */ 9399 if (stcb->asoc.state == 0) { 9400 return (0); 9401 } 9402 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, 9403 stcb->sctp_ep, 9404 stcb, 9405 net); 9406 return (0); 9407 } 9408 } else { 9409 net = u_net; 9410 if (net == NULL) { 9411 return (0); 9412 } 9413 SCTP_GETTIME_TIMEVAL(&now); 9414 } 9415 sin = (struct sockaddr_in *)&net->ro._l_addr; 9416 if (sin->sin_family != AF_INET) { 9417 if (sin->sin_family != AF_INET6) { 9418 /* huh */ 9419 return (0); 9420 } 9421 } 9422 sctp_alloc_a_chunk(stcb, chk); 9423 if (chk == NULL) { 9424 #ifdef SCTP_DEBUG 9425 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 9426 printf("Gak, can't get a chunk for hb\n"); 9427 } 9428 #endif 9429 return (0); 9430 } 9431 chk->copy_by_ref = 0; 9432 chk->rec.chunk_id.id = SCTP_HEARTBEAT_REQUEST; 9433 chk->rec.chunk_id.can_take_data = 1; 9434 chk->asoc = &stcb->asoc; 9435 chk->send_size = sizeof(struct sctp_heartbeat_chunk); 9436 9437 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER); 9438 if (chk->data == NULL) { 9439 sctp_free_a_chunk(stcb, chk); 9440 return (0); 9441 } 9442 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 9443 SCTP_BUF_LEN(chk->data) = chk->send_size; 9444 chk->sent = SCTP_DATAGRAM_UNSENT; 9445 chk->snd_count = 0; 9446 chk->whoTo = net; 9447 atomic_add_int(&chk->whoTo->ref_count, 1); 9448 /* Now we have a mbuf that we can fill in with the details */ 9449 hb = mtod(chk->data, struct sctp_heartbeat_chunk *); 9450 9451 /* fill out chunk header */ 9452 hb->ch.chunk_type = SCTP_HEARTBEAT_REQUEST; 9453 hb->ch.chunk_flags = 0; 9454 hb->ch.chunk_length = htons(chk->send_size); 9455 /* Fill out hb parameter */ 9456 hb->heartbeat.hb_info.ph.param_type = htons(SCTP_HEARTBEAT_INFO); 9457 hb->heartbeat.hb_info.ph.param_length = htons(sizeof(struct sctp_heartbeat_info_param)); 9458 hb->heartbeat.hb_info.time_value_1 = now.tv_sec; 9459 hb->heartbeat.hb_info.time_value_2 = now.tv_usec; 9460 /* Did our user request this one, put it in */ 9461 hb->heartbeat.hb_info.user_req = user_req; 9462 hb->heartbeat.hb_info.addr_family = sin->sin_family; 9463 hb->heartbeat.hb_info.addr_len = sin->sin_len; 9464 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) { 9465 /* 9466 * we only take from the entropy pool if the address is not 9467 * confirmed. 9468 */ 9469 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 9470 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 9471 } else { 9472 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = 0; 9473 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = 0; 9474 } 9475 if (sin->sin_family == AF_INET) { 9476 memcpy(hb->heartbeat.hb_info.address, &sin->sin_addr, sizeof(sin->sin_addr)); 9477 } else if (sin->sin_family == AF_INET6) { 9478 /* We leave the scope the way it is in our lookup table. */ 9479 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 9480 memcpy(hb->heartbeat.hb_info.address, &sin6->sin6_addr, sizeof(sin6->sin6_addr)); 9481 } else { 9482 /* huh compiler bug */ 9483 return (0); 9484 } 9485 /* ok we have a destination that needs a beat */ 9486 /* lets do the theshold management Qiaobing style */ 9487 9488 if (sctp_threshold_management(stcb->sctp_ep, stcb, net, 9489 stcb->asoc.max_send_times)) { 9490 /*- 9491 * we have lost the association, in a way this is 9492 * quite bad since we really are one less time since 9493 * we really did not send yet. This is the down side 9494 * to the Q's style as defined in the RFC and not my 9495 * alternate style defined in the RFC. 9496 */ 9497 atomic_subtract_int(&chk->whoTo->ref_count, 1); 9498 if (chk->data != NULL) { 9499 sctp_m_freem(chk->data); 9500 chk->data = NULL; 9501 } 9502 sctp_free_a_chunk(stcb, chk); 9503 return (-1); 9504 } 9505 net->hb_responded = 0; 9506 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 9507 stcb->asoc.ctrl_queue_cnt++; 9508 SCTP_STAT_INCR(sctps_sendheartbeat); 9509 /*- 9510 * Call directly med level routine to put out the chunk. It will 9511 * always tumble out control chunks aka HB but it may even tumble 9512 * out data too. 9513 */ 9514 return (1); 9515 } 9516 9517 void 9518 sctp_send_ecn_echo(struct sctp_tcb *stcb, struct sctp_nets *net, 9519 uint32_t high_tsn) 9520 { 9521 struct sctp_association *asoc; 9522 struct sctp_ecne_chunk *ecne; 9523 struct sctp_tmit_chunk *chk; 9524 9525 asoc = &stcb->asoc; 9526 SCTP_TCB_LOCK_ASSERT(stcb); 9527 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 9528 if (chk->rec.chunk_id.id == SCTP_ECN_ECHO) { 9529 /* found a previous ECN_ECHO update it if needed */ 9530 ecne = mtod(chk->data, struct sctp_ecne_chunk *); 9531 ecne->tsn = htonl(high_tsn); 9532 return; 9533 } 9534 } 9535 /* nope could not find one to update so we must build one */ 9536 sctp_alloc_a_chunk(stcb, chk); 9537 if (chk == NULL) { 9538 return; 9539 } 9540 chk->copy_by_ref = 0; 9541 SCTP_STAT_INCR(sctps_sendecne); 9542 chk->rec.chunk_id.id = SCTP_ECN_ECHO; 9543 chk->rec.chunk_id.can_take_data = 0; 9544 chk->asoc = &stcb->asoc; 9545 chk->send_size = sizeof(struct sctp_ecne_chunk); 9546 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER); 9547 if (chk->data == NULL) { 9548 sctp_free_a_chunk(stcb, chk); 9549 return; 9550 } 9551 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 9552 SCTP_BUF_LEN(chk->data) = chk->send_size; 9553 chk->sent = SCTP_DATAGRAM_UNSENT; 9554 chk->snd_count = 0; 9555 chk->whoTo = net; 9556 atomic_add_int(&chk->whoTo->ref_count, 1); 9557 stcb->asoc.ecn_echo_cnt_onq++; 9558 ecne = mtod(chk->data, struct sctp_ecne_chunk *); 9559 ecne->ch.chunk_type = SCTP_ECN_ECHO; 9560 ecne->ch.chunk_flags = 0; 9561 ecne->ch.chunk_length = htons(sizeof(struct sctp_ecne_chunk)); 9562 ecne->tsn = htonl(high_tsn); 9563 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 9564 asoc->ctrl_queue_cnt++; 9565 } 9566 9567 void 9568 sctp_send_packet_dropped(struct sctp_tcb *stcb, struct sctp_nets *net, 9569 struct mbuf *m, int iphlen, int bad_crc) 9570 { 9571 struct sctp_association *asoc; 9572 struct sctp_pktdrop_chunk *drp; 9573 struct sctp_tmit_chunk *chk; 9574 uint8_t *datap; 9575 int len; 9576 unsigned int small_one; 9577 struct ip *iph; 9578 9579 long spc; 9580 9581 asoc = &stcb->asoc; 9582 SCTP_TCB_LOCK_ASSERT(stcb); 9583 if (asoc->peer_supports_pktdrop == 0) { 9584 /*- 9585 * peer must declare support before I send one. 9586 */ 9587 return; 9588 } 9589 if (stcb->sctp_socket == NULL) { 9590 return; 9591 } 9592 sctp_alloc_a_chunk(stcb, chk); 9593 if (chk == NULL) { 9594 return; 9595 } 9596 chk->copy_by_ref = 0; 9597 iph = mtod(m, struct ip *); 9598 if (iph == NULL) { 9599 return; 9600 } 9601 if (iph->ip_v == IPVERSION) { 9602 /* IPv4 */ 9603 len = chk->send_size = iph->ip_len; 9604 } else { 9605 struct ip6_hdr *ip6h; 9606 9607 /* IPv6 */ 9608 ip6h = mtod(m, struct ip6_hdr *); 9609 len = chk->send_size = htons(ip6h->ip6_plen); 9610 } 9611 chk->asoc = &stcb->asoc; 9612 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 9613 if (chk->data == NULL) { 9614 jump_out: 9615 sctp_free_a_chunk(stcb, chk); 9616 return; 9617 } 9618 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 9619 drp = mtod(chk->data, struct sctp_pktdrop_chunk *); 9620 if (drp == NULL) { 9621 sctp_m_freem(chk->data); 9622 chk->data = NULL; 9623 goto jump_out; 9624 } 9625 small_one = asoc->smallest_mtu; 9626 if (small_one > MCLBYTES) { 9627 /* Only one cluster worth of data MAX */ 9628 small_one = MCLBYTES; 9629 } 9630 chk->book_size = SCTP_SIZE32((chk->send_size + sizeof(struct sctp_pktdrop_chunk) + 9631 sizeof(struct sctphdr) + SCTP_MED_OVERHEAD)); 9632 chk->book_size_scale = 0; 9633 if (chk->book_size > small_one) { 9634 drp->ch.chunk_flags = SCTP_PACKET_TRUNCATED; 9635 drp->trunc_len = htons(chk->send_size); 9636 chk->send_size = small_one - (SCTP_MED_OVERHEAD + 9637 sizeof(struct sctp_pktdrop_chunk) + 9638 sizeof(struct sctphdr)); 9639 len = chk->send_size; 9640 } else { 9641 /* no truncation needed */ 9642 drp->ch.chunk_flags = 0; 9643 drp->trunc_len = htons(0); 9644 } 9645 if (bad_crc) { 9646 drp->ch.chunk_flags |= SCTP_BADCRC; 9647 } 9648 chk->send_size += sizeof(struct sctp_pktdrop_chunk); 9649 SCTP_BUF_LEN(chk->data) = chk->send_size; 9650 chk->sent = SCTP_DATAGRAM_UNSENT; 9651 chk->snd_count = 0; 9652 if (net) { 9653 /* we should hit here */ 9654 chk->whoTo = net; 9655 } else { 9656 chk->whoTo = asoc->primary_destination; 9657 } 9658 atomic_add_int(&chk->whoTo->ref_count, 1); 9659 chk->rec.chunk_id.id = SCTP_PACKET_DROPPED; 9660 chk->rec.chunk_id.can_take_data = 1; 9661 drp->ch.chunk_type = SCTP_PACKET_DROPPED; 9662 drp->ch.chunk_length = htons(chk->send_size); 9663 spc = SCTP_SB_LIMIT_RCV(stcb->sctp_socket); 9664 if (spc < 0) { 9665 spc = 0; 9666 } 9667 drp->bottle_bw = htonl(spc); 9668 if (asoc->my_rwnd) { 9669 drp->current_onq = htonl(asoc->size_on_reasm_queue + 9670 asoc->size_on_all_streams + 9671 asoc->my_rwnd_control_len + 9672 stcb->sctp_socket->so_rcv.sb_cc); 9673 } else { 9674 /*- 9675 * If my rwnd is 0, possibly from mbuf depletion as well as 9676 * space used, tell the peer there is NO space aka onq == bw 9677 */ 9678 drp->current_onq = htonl(spc); 9679 } 9680 drp->reserved = 0; 9681 datap = drp->data; 9682 m_copydata(m, iphlen, len, (caddr_t)datap); 9683 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 9684 asoc->ctrl_queue_cnt++; 9685 } 9686 9687 void 9688 sctp_send_cwr(struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t high_tsn) 9689 { 9690 struct sctp_association *asoc; 9691 struct sctp_cwr_chunk *cwr; 9692 struct sctp_tmit_chunk *chk; 9693 9694 asoc = &stcb->asoc; 9695 SCTP_TCB_LOCK_ASSERT(stcb); 9696 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 9697 if (chk->rec.chunk_id.id == SCTP_ECN_CWR) { 9698 /* found a previous ECN_CWR update it if needed */ 9699 cwr = mtod(chk->data, struct sctp_cwr_chunk *); 9700 if (compare_with_wrap(high_tsn, ntohl(cwr->tsn), 9701 MAX_TSN)) { 9702 cwr->tsn = htonl(high_tsn); 9703 } 9704 return; 9705 } 9706 } 9707 /* nope could not find one to update so we must build one */ 9708 sctp_alloc_a_chunk(stcb, chk); 9709 if (chk == NULL) { 9710 return; 9711 } 9712 chk->copy_by_ref = 0; 9713 chk->rec.chunk_id.id = SCTP_ECN_CWR; 9714 chk->rec.chunk_id.can_take_data = 1; 9715 chk->asoc = &stcb->asoc; 9716 chk->send_size = sizeof(struct sctp_cwr_chunk); 9717 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_DONTWAIT, 1, MT_HEADER); 9718 if (chk->data == NULL) { 9719 sctp_free_a_chunk(stcb, chk); 9720 return; 9721 } 9722 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 9723 SCTP_BUF_LEN(chk->data) = chk->send_size; 9724 chk->sent = SCTP_DATAGRAM_UNSENT; 9725 chk->snd_count = 0; 9726 chk->whoTo = net; 9727 atomic_add_int(&chk->whoTo->ref_count, 1); 9728 cwr = mtod(chk->data, struct sctp_cwr_chunk *); 9729 cwr->ch.chunk_type = SCTP_ECN_CWR; 9730 cwr->ch.chunk_flags = 0; 9731 cwr->ch.chunk_length = htons(sizeof(struct sctp_cwr_chunk)); 9732 cwr->tsn = htonl(high_tsn); 9733 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 9734 asoc->ctrl_queue_cnt++; 9735 } 9736 9737 void 9738 sctp_add_stream_reset_out(struct sctp_tmit_chunk *chk, 9739 int number_entries, uint16_t * list, 9740 uint32_t seq, uint32_t resp_seq, uint32_t last_sent) 9741 { 9742 int len, old_len, i; 9743 struct sctp_stream_reset_out_request *req_out; 9744 struct sctp_chunkhdr *ch; 9745 9746 ch = mtod(chk->data, struct sctp_chunkhdr *); 9747 9748 9749 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 9750 9751 /* get to new offset for the param. */ 9752 req_out = (struct sctp_stream_reset_out_request *)((caddr_t)ch + len); 9753 /* now how long will this param be? */ 9754 len = (sizeof(struct sctp_stream_reset_out_request) + (sizeof(uint16_t) * number_entries)); 9755 req_out->ph.param_type = htons(SCTP_STR_RESET_OUT_REQUEST); 9756 req_out->ph.param_length = htons(len); 9757 req_out->request_seq = htonl(seq); 9758 req_out->response_seq = htonl(resp_seq); 9759 req_out->send_reset_at_tsn = htonl(last_sent); 9760 if (number_entries) { 9761 for (i = 0; i < number_entries; i++) { 9762 req_out->list_of_streams[i] = htons(list[i]); 9763 } 9764 } 9765 if (SCTP_SIZE32(len) > len) { 9766 /*- 9767 * Need to worry about the pad we may end up adding to the 9768 * end. This is easy since the struct is either aligned to 4 9769 * bytes or 2 bytes off. 9770 */ 9771 req_out->list_of_streams[number_entries] = 0; 9772 } 9773 /* now fix the chunk length */ 9774 ch->chunk_length = htons(len + old_len); 9775 chk->book_size = len + old_len; 9776 chk->book_size_scale = 0; 9777 chk->send_size = SCTP_SIZE32(chk->book_size); 9778 SCTP_BUF_LEN(chk->data) = chk->send_size; 9779 return; 9780 } 9781 9782 9783 void 9784 sctp_add_stream_reset_in(struct sctp_tmit_chunk *chk, 9785 int number_entries, uint16_t * list, 9786 uint32_t seq) 9787 { 9788 int len, old_len, i; 9789 struct sctp_stream_reset_in_request *req_in; 9790 struct sctp_chunkhdr *ch; 9791 9792 ch = mtod(chk->data, struct sctp_chunkhdr *); 9793 9794 9795 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 9796 9797 /* get to new offset for the param. */ 9798 req_in = (struct sctp_stream_reset_in_request *)((caddr_t)ch + len); 9799 /* now how long will this param be? */ 9800 len = (sizeof(struct sctp_stream_reset_in_request) + (sizeof(uint16_t) * number_entries)); 9801 req_in->ph.param_type = htons(SCTP_STR_RESET_IN_REQUEST); 9802 req_in->ph.param_length = htons(len); 9803 req_in->request_seq = htonl(seq); 9804 if (number_entries) { 9805 for (i = 0; i < number_entries; i++) { 9806 req_in->list_of_streams[i] = htons(list[i]); 9807 } 9808 } 9809 if (SCTP_SIZE32(len) > len) { 9810 /*- 9811 * Need to worry about the pad we may end up adding to the 9812 * end. This is easy since the struct is either aligned to 4 9813 * bytes or 2 bytes off. 9814 */ 9815 req_in->list_of_streams[number_entries] = 0; 9816 } 9817 /* now fix the chunk length */ 9818 ch->chunk_length = htons(len + old_len); 9819 chk->book_size = len + old_len; 9820 chk->book_size_scale = 0; 9821 chk->send_size = SCTP_SIZE32(chk->book_size); 9822 SCTP_BUF_LEN(chk->data) = chk->send_size; 9823 return; 9824 } 9825 9826 9827 void 9828 sctp_add_stream_reset_tsn(struct sctp_tmit_chunk *chk, 9829 uint32_t seq) 9830 { 9831 int len, old_len; 9832 struct sctp_stream_reset_tsn_request *req_tsn; 9833 struct sctp_chunkhdr *ch; 9834 9835 ch = mtod(chk->data, struct sctp_chunkhdr *); 9836 9837 9838 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 9839 9840 /* get to new offset for the param. */ 9841 req_tsn = (struct sctp_stream_reset_tsn_request *)((caddr_t)ch + len); 9842 /* now how long will this param be? */ 9843 len = sizeof(struct sctp_stream_reset_tsn_request); 9844 req_tsn->ph.param_type = htons(SCTP_STR_RESET_TSN_REQUEST); 9845 req_tsn->ph.param_length = htons(len); 9846 req_tsn->request_seq = htonl(seq); 9847 9848 /* now fix the chunk length */ 9849 ch->chunk_length = htons(len + old_len); 9850 chk->send_size = len + old_len; 9851 chk->book_size = SCTP_SIZE32(chk->send_size); 9852 chk->book_size_scale = 0; 9853 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); 9854 return; 9855 } 9856 9857 void 9858 sctp_add_stream_reset_result(struct sctp_tmit_chunk *chk, 9859 uint32_t resp_seq, uint32_t result) 9860 { 9861 int len, old_len; 9862 struct sctp_stream_reset_response *resp; 9863 struct sctp_chunkhdr *ch; 9864 9865 ch = mtod(chk->data, struct sctp_chunkhdr *); 9866 9867 9868 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 9869 9870 /* get to new offset for the param. */ 9871 resp = (struct sctp_stream_reset_response *)((caddr_t)ch + len); 9872 /* now how long will this param be? */ 9873 len = sizeof(struct sctp_stream_reset_response); 9874 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE); 9875 resp->ph.param_length = htons(len); 9876 resp->response_seq = htonl(resp_seq); 9877 resp->result = ntohl(result); 9878 9879 /* now fix the chunk length */ 9880 ch->chunk_length = htons(len + old_len); 9881 chk->book_size = len + old_len; 9882 chk->book_size_scale = 0; 9883 chk->send_size = SCTP_SIZE32(chk->book_size); 9884 SCTP_BUF_LEN(chk->data) = chk->send_size; 9885 return; 9886 9887 } 9888 9889 9890 void 9891 sctp_add_stream_reset_result_tsn(struct sctp_tmit_chunk *chk, 9892 uint32_t resp_seq, uint32_t result, 9893 uint32_t send_una, uint32_t recv_next) 9894 { 9895 int len, old_len; 9896 struct sctp_stream_reset_response_tsn *resp; 9897 struct sctp_chunkhdr *ch; 9898 9899 ch = mtod(chk->data, struct sctp_chunkhdr *); 9900 9901 9902 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 9903 9904 /* get to new offset for the param. */ 9905 resp = (struct sctp_stream_reset_response_tsn *)((caddr_t)ch + len); 9906 /* now how long will this param be? */ 9907 len = sizeof(struct sctp_stream_reset_response_tsn); 9908 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE); 9909 resp->ph.param_length = htons(len); 9910 resp->response_seq = htonl(resp_seq); 9911 resp->result = htonl(result); 9912 resp->senders_next_tsn = htonl(send_una); 9913 resp->receivers_next_tsn = htonl(recv_next); 9914 9915 /* now fix the chunk length */ 9916 ch->chunk_length = htons(len + old_len); 9917 chk->book_size = len + old_len; 9918 chk->send_size = SCTP_SIZE32(chk->book_size); 9919 chk->book_size_scale = 0; 9920 SCTP_BUF_LEN(chk->data) = chk->send_size; 9921 return; 9922 } 9923 9924 9925 int 9926 sctp_send_str_reset_req(struct sctp_tcb *stcb, 9927 int number_entries, uint16_t * list, 9928 uint8_t send_out_req, uint32_t resp_seq, 9929 uint8_t send_in_req, 9930 uint8_t send_tsn_req) 9931 { 9932 9933 struct sctp_association *asoc; 9934 struct sctp_tmit_chunk *chk; 9935 struct sctp_chunkhdr *ch; 9936 uint32_t seq; 9937 9938 asoc = &stcb->asoc; 9939 if (asoc->stream_reset_outstanding) { 9940 /*- 9941 * Already one pending, must get ACK back to clear the flag. 9942 */ 9943 return (EBUSY); 9944 } 9945 if ((send_out_req == 0) && (send_in_req == 0) && (send_tsn_req == 0)) { 9946 /* nothing to do */ 9947 return (EINVAL); 9948 } 9949 if (send_tsn_req && (send_out_req || send_in_req)) { 9950 /* error, can't do that */ 9951 return (EINVAL); 9952 } 9953 sctp_alloc_a_chunk(stcb, chk); 9954 if (chk == NULL) { 9955 return (ENOMEM); 9956 } 9957 chk->copy_by_ref = 0; 9958 chk->rec.chunk_id.id = SCTP_STREAM_RESET; 9959 chk->rec.chunk_id.can_take_data = 0; 9960 chk->asoc = &stcb->asoc; 9961 chk->book_size = sizeof(struct sctp_chunkhdr); 9962 chk->send_size = SCTP_SIZE32(chk->book_size); 9963 chk->book_size_scale = 0; 9964 9965 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 9966 if (chk->data == NULL) { 9967 sctp_free_a_chunk(stcb, chk); 9968 return (ENOMEM); 9969 } 9970 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 9971 9972 /* setup chunk parameters */ 9973 chk->sent = SCTP_DATAGRAM_UNSENT; 9974 chk->snd_count = 0; 9975 chk->whoTo = asoc->primary_destination; 9976 atomic_add_int(&chk->whoTo->ref_count, 1); 9977 9978 ch = mtod(chk->data, struct sctp_chunkhdr *); 9979 ch->chunk_type = SCTP_STREAM_RESET; 9980 ch->chunk_flags = 0; 9981 ch->chunk_length = htons(chk->book_size); 9982 SCTP_BUF_LEN(chk->data) = chk->send_size; 9983 9984 seq = stcb->asoc.str_reset_seq_out; 9985 if (send_out_req) { 9986 sctp_add_stream_reset_out(chk, number_entries, list, 9987 seq, resp_seq, (stcb->asoc.sending_seq - 1)); 9988 asoc->stream_reset_out_is_outstanding = 1; 9989 seq++; 9990 asoc->stream_reset_outstanding++; 9991 } 9992 if (send_in_req) { 9993 sctp_add_stream_reset_in(chk, number_entries, list, seq); 9994 asoc->stream_reset_outstanding++; 9995 } 9996 if (send_tsn_req) { 9997 sctp_add_stream_reset_tsn(chk, seq); 9998 asoc->stream_reset_outstanding++; 9999 } 10000 asoc->str_reset = chk; 10001 10002 /* insert the chunk for sending */ 10003 TAILQ_INSERT_TAIL(&asoc->control_send_queue, 10004 chk, 10005 sctp_next); 10006 asoc->ctrl_queue_cnt++; 10007 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo); 10008 return (0); 10009 } 10010 10011 void 10012 sctp_send_abort(struct mbuf *m, int iphlen, struct sctphdr *sh, uint32_t vtag, 10013 struct mbuf *err_cause) 10014 { 10015 /*- 10016 * Formulate the abort message, and send it back down. 10017 */ 10018 struct mbuf *o_pak; 10019 struct mbuf *mout; 10020 struct sctp_abort_msg *abm; 10021 struct ip *iph, *iph_out; 10022 struct ip6_hdr *ip6, *ip6_out; 10023 int iphlen_out; 10024 10025 /* don't respond to ABORT with ABORT */ 10026 if (sctp_is_there_an_abort_here(m, iphlen, &vtag)) { 10027 if (err_cause) 10028 sctp_m_freem(err_cause); 10029 return; 10030 } 10031 o_pak = SCTP_GET_HEADER_FOR_OUTPUT((sizeof(struct ip6_hdr) + sizeof(struct sctp_abort_msg))); 10032 if (o_pak == NULL) { 10033 if (err_cause) 10034 sctp_m_freem(err_cause); 10035 return; 10036 } 10037 mout = SCTP_HEADER_TO_CHAIN(o_pak); 10038 iph = mtod(m, struct ip *); 10039 iph_out = NULL; 10040 ip6_out = NULL; 10041 if (iph->ip_v == IPVERSION) { 10042 iph_out = mtod(mout, struct ip *); 10043 SCTP_BUF_LEN(mout) = sizeof(*iph_out) + sizeof(*abm); 10044 SCTP_BUF_NEXT(mout) = err_cause; 10045 10046 /* Fill in the IP header for the ABORT */ 10047 iph_out->ip_v = IPVERSION; 10048 iph_out->ip_hl = (sizeof(struct ip) / 4); 10049 iph_out->ip_tos = (u_char)0; 10050 iph_out->ip_id = 0; 10051 iph_out->ip_off = 0; 10052 iph_out->ip_ttl = MAXTTL; 10053 iph_out->ip_p = IPPROTO_SCTP; 10054 iph_out->ip_src.s_addr = iph->ip_dst.s_addr; 10055 iph_out->ip_dst.s_addr = iph->ip_src.s_addr; 10056 /* let IP layer calculate this */ 10057 iph_out->ip_sum = 0; 10058 10059 iphlen_out = sizeof(*iph_out); 10060 abm = (struct sctp_abort_msg *)((caddr_t)iph_out + iphlen_out); 10061 } else if (iph->ip_v == (IPV6_VERSION >> 4)) { 10062 ip6 = (struct ip6_hdr *)iph; 10063 ip6_out = mtod(mout, struct ip6_hdr *); 10064 SCTP_BUF_LEN(mout) = sizeof(*ip6_out) + sizeof(*abm); 10065 SCTP_BUF_NEXT(mout) = err_cause; 10066 10067 /* Fill in the IP6 header for the ABORT */ 10068 ip6_out->ip6_flow = ip6->ip6_flow; 10069 ip6_out->ip6_hlim = ip6_defhlim; 10070 ip6_out->ip6_nxt = IPPROTO_SCTP; 10071 ip6_out->ip6_src = ip6->ip6_dst; 10072 ip6_out->ip6_dst = ip6->ip6_src; 10073 10074 iphlen_out = sizeof(*ip6_out); 10075 abm = (struct sctp_abort_msg *)((caddr_t)ip6_out + iphlen_out); 10076 } else { 10077 /* Currently not supported */ 10078 return; 10079 } 10080 10081 abm->sh.src_port = sh->dest_port; 10082 abm->sh.dest_port = sh->src_port; 10083 abm->sh.checksum = 0; 10084 if (vtag == 0) { 10085 abm->sh.v_tag = sh->v_tag; 10086 abm->msg.ch.chunk_flags = SCTP_HAD_NO_TCB; 10087 } else { 10088 abm->sh.v_tag = htonl(vtag); 10089 abm->msg.ch.chunk_flags = 0; 10090 } 10091 abm->msg.ch.chunk_type = SCTP_ABORT_ASSOCIATION; 10092 10093 if (err_cause) { 10094 struct mbuf *m_tmp = err_cause; 10095 int err_len = 0; 10096 10097 /* get length of the err_cause chain */ 10098 while (m_tmp != NULL) { 10099 err_len += SCTP_BUF_LEN(m_tmp); 10100 m_tmp = SCTP_BUF_NEXT(m_tmp); 10101 } 10102 SCTP_HEADER_LEN(o_pak) = SCTP_BUF_LEN(mout) + err_len; 10103 if (err_len % 4) { 10104 /* need pad at end of chunk */ 10105 uint32_t cpthis = 0; 10106 int padlen; 10107 10108 padlen = 4 - (SCTP_HEADER_LEN(o_pak) % 4); 10109 m_copyback(mout, SCTP_HEADER_LEN(o_pak), padlen, (caddr_t)&cpthis); 10110 SCTP_HEADER_LEN(o_pak) += padlen; 10111 } 10112 abm->msg.ch.chunk_length = htons(sizeof(abm->msg.ch) + err_len); 10113 } else { 10114 SCTP_HEADER_LEN(mout) = SCTP_BUF_LEN(mout); 10115 abm->msg.ch.chunk_length = htons(sizeof(abm->msg.ch)); 10116 } 10117 10118 /* add checksum */ 10119 if ((sctp_no_csum_on_loopback) && SCTP_IS_IT_LOOPBACK(m)) { 10120 abm->sh.checksum = 0; 10121 } else { 10122 abm->sh.checksum = sctp_calculate_sum(mout, NULL, iphlen_out); 10123 } 10124 if (iph_out != NULL) { 10125 sctp_route_t ro; 10126 10127 /* zap the stack pointer to the route */ 10128 bzero(&ro, sizeof ro); 10129 #ifdef SCTP_DEBUG 10130 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 10131 printf("sctp_send_abort calling ip_output:\n"); 10132 sctp_print_address_pkt(iph_out, &abm->sh); 10133 } 10134 #endif 10135 /* set IPv4 length */ 10136 iph_out->ip_len = SCTP_HEADER_LEN(o_pak); 10137 /* out it goes */ 10138 (void)ip_output(o_pak, 0, &ro, IP_RAWOUTPUT, NULL 10139 ,NULL 10140 ); 10141 /* Free the route if we got one back */ 10142 if (ro.ro_rt) 10143 RTFREE(ro.ro_rt); 10144 } else if (ip6_out != NULL) { 10145 struct route_in6 ro; 10146 10147 /* zap the stack pointer to the route */ 10148 bzero(&ro, sizeof(ro)); 10149 #ifdef SCTP_DEBUG 10150 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 10151 printf("sctp_send_abort calling ip6_output:\n"); 10152 sctp_print_address_pkt((struct ip *)ip6_out, &abm->sh); 10153 } 10154 #endif 10155 ip6_out->ip6_plen = SCTP_HEADER_LEN(o_pak) - sizeof(*ip6_out); 10156 ip6_output(o_pak, NULL, &ro, 0, NULL, NULL 10157 ,NULL 10158 ); 10159 /* Free the route if we got one back */ 10160 if (ro.ro_rt) 10161 RTFREE(ro.ro_rt); 10162 } 10163 SCTP_STAT_INCR(sctps_sendpackets); 10164 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 10165 } 10166 10167 void 10168 sctp_send_operr_to(struct mbuf *m, int iphlen, 10169 struct mbuf *scm, 10170 uint32_t vtag) 10171 { 10172 struct mbuf *o_pak; 10173 struct sctphdr *ihdr; 10174 int retcode; 10175 struct sctphdr *ohdr; 10176 struct sctp_chunkhdr *ophdr; 10177 10178 struct ip *iph; 10179 10180 #ifdef SCTP_DEBUG 10181 struct sockaddr_in6 lsa6, fsa6; 10182 10183 #endif 10184 uint32_t val; 10185 struct mbuf *at; 10186 int len; 10187 10188 iph = mtod(m, struct ip *); 10189 ihdr = (struct sctphdr *)((caddr_t)iph + iphlen); 10190 10191 SCTP_BUF_PREPEND(scm, (sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr)), M_DONTWAIT); 10192 if (scm == NULL) { 10193 /* can't send because we can't add a mbuf */ 10194 return; 10195 } 10196 ohdr = mtod(scm, struct sctphdr *); 10197 ohdr->src_port = ihdr->dest_port; 10198 ohdr->dest_port = ihdr->src_port; 10199 ohdr->v_tag = vtag; 10200 ohdr->checksum = 0; 10201 ophdr = (struct sctp_chunkhdr *)(ohdr + 1); 10202 ophdr->chunk_type = SCTP_OPERATION_ERROR; 10203 ophdr->chunk_flags = 0; 10204 len = 0; 10205 at = scm; 10206 while (at) { 10207 len += SCTP_BUF_LEN(at); 10208 at = SCTP_BUF_NEXT(at); 10209 } 10210 10211 ophdr->chunk_length = htons(len - sizeof(struct sctphdr)); 10212 if (len % 4) { 10213 /* need padding */ 10214 uint32_t cpthis = 0; 10215 int padlen; 10216 10217 padlen = 4 - (len % 4); 10218 m_copyback(scm, len, padlen, (caddr_t)&cpthis); 10219 len += padlen; 10220 } 10221 if ((sctp_no_csum_on_loopback) && SCTP_IS_IT_LOOPBACK(m)) { 10222 val = 0; 10223 } else { 10224 val = sctp_calculate_sum(scm, NULL, 0); 10225 } 10226 ohdr->checksum = val; 10227 if (iph->ip_v == IPVERSION) { 10228 /* V4 */ 10229 struct ip *out; 10230 sctp_route_t ro; 10231 10232 o_pak = SCTP_GET_HEADER_FOR_OUTPUT(sizeof(struct ip)); 10233 if (o_pak == NULL) { 10234 sctp_m_freem(scm); 10235 return; 10236 } 10237 SCTP_BUF_LEN(SCTP_HEADER_TO_CHAIN(o_pak)) = sizeof(struct ip); 10238 len += sizeof(struct ip); 10239 SCTP_ATTACH_CHAIN(o_pak, scm, len); 10240 bzero(&ro, sizeof ro); 10241 out = mtod(SCTP_HEADER_TO_CHAIN(o_pak), struct ip *); 10242 out->ip_v = iph->ip_v; 10243 out->ip_hl = (sizeof(struct ip) / 4); 10244 out->ip_tos = iph->ip_tos; 10245 out->ip_id = iph->ip_id; 10246 out->ip_off = 0; 10247 out->ip_ttl = MAXTTL; 10248 out->ip_p = IPPROTO_SCTP; 10249 out->ip_sum = 0; 10250 out->ip_src = iph->ip_dst; 10251 out->ip_dst = iph->ip_src; 10252 out->ip_len = SCTP_HEADER_LEN(o_pak); 10253 retcode = ip_output(o_pak, 0, &ro, IP_RAWOUTPUT, NULL 10254 ,NULL 10255 ); 10256 SCTP_STAT_INCR(sctps_sendpackets); 10257 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 10258 /* Free the route if we got one back */ 10259 if (ro.ro_rt) 10260 RTFREE(ro.ro_rt); 10261 } else { 10262 /* V6 */ 10263 struct route_in6 ro; 10264 struct ip6_hdr *out6, *in6; 10265 10266 o_pak = SCTP_GET_HEADER_FOR_OUTPUT(sizeof(struct ip6_hdr)); 10267 if (o_pak == NULL) { 10268 sctp_m_freem(scm); 10269 return; 10270 } 10271 SCTP_BUF_LEN(SCTP_HEADER_TO_CHAIN(o_pak)) = sizeof(struct ip6_hdr); 10272 len += sizeof(struct ip6_hdr); 10273 SCTP_ATTACH_CHAIN(o_pak, scm, len); 10274 10275 bzero(&ro, sizeof ro); 10276 in6 = mtod(m, struct ip6_hdr *); 10277 out6 = mtod(SCTP_HEADER_TO_CHAIN(o_pak), struct ip6_hdr *); 10278 out6->ip6_flow = in6->ip6_flow; 10279 out6->ip6_hlim = ip6_defhlim; 10280 out6->ip6_nxt = IPPROTO_SCTP; 10281 out6->ip6_src = in6->ip6_dst; 10282 out6->ip6_dst = in6->ip6_src; 10283 out6->ip6_plen = len - sizeof(struct ip6_hdr); 10284 #ifdef SCTP_DEBUG 10285 bzero(&lsa6, sizeof(lsa6)); 10286 lsa6.sin6_len = sizeof(lsa6); 10287 lsa6.sin6_family = AF_INET6; 10288 lsa6.sin6_addr = out6->ip6_src; 10289 bzero(&fsa6, sizeof(fsa6)); 10290 fsa6.sin6_len = sizeof(fsa6); 10291 fsa6.sin6_family = AF_INET6; 10292 fsa6.sin6_addr = out6->ip6_dst; 10293 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 10294 printf("sctp_operr_to calling ipv6 output:\n"); 10295 printf("src: "); 10296 sctp_print_address((struct sockaddr *)&lsa6); 10297 printf("dst "); 10298 sctp_print_address((struct sockaddr *)&fsa6); 10299 } 10300 #endif /* SCTP_DEBUG */ 10301 ip6_output(o_pak, NULL, &ro, 0, NULL, NULL 10302 ,NULL 10303 ); 10304 SCTP_STAT_INCR(sctps_sendpackets); 10305 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 10306 /* Free the route if we got one back */ 10307 if (ro.ro_rt) 10308 RTFREE(ro.ro_rt); 10309 } 10310 } 10311 10312 10313 10314 static struct mbuf * 10315 sctp_copy_resume(struct sctp_stream_queue_pending *sp, 10316 struct uio *uio, 10317 struct sctp_sndrcvinfo *srcv, 10318 int max_send_len, 10319 int user_marks_eor, 10320 int *error, 10321 uint32_t * sndout, 10322 struct mbuf **new_tail) 10323 { 10324 int left, cancpy, willcpy; 10325 struct mbuf *m, *prev, *head; 10326 10327 left = min(uio->uio_resid, max_send_len); 10328 /* Always get a header just in case */ 10329 head = sctp_get_mbuf_for_msg(left, 0, M_WAIT, 0, MT_DATA); 10330 cancpy = M_TRAILINGSPACE(head); 10331 willcpy = min(cancpy, left); 10332 *error = uiomove(mtod(head, caddr_t), willcpy, uio); 10333 if (*error) { 10334 sctp_m_freem(head); 10335 return (NULL); 10336 } 10337 *sndout += willcpy; 10338 left -= willcpy; 10339 SCTP_BUF_LEN(head) = willcpy; 10340 m = head; 10341 *new_tail = head; 10342 while (left > 0) { 10343 /* move in user data */ 10344 SCTP_BUF_NEXT(m) = sctp_get_mbuf_for_msg(left, 0, M_WAIT, 0, MT_DATA); 10345 if (SCTP_BUF_NEXT(m) == NULL) { 10346 sctp_m_freem(head); 10347 *new_tail = NULL; 10348 *error = ENOMEM; 10349 return (NULL); 10350 } 10351 prev = m; 10352 m = SCTP_BUF_NEXT(m); 10353 cancpy = M_TRAILINGSPACE(m); 10354 willcpy = min(cancpy, left); 10355 *error = uiomove(mtod(m, caddr_t), willcpy, uio); 10356 if (*error) { 10357 sctp_m_freem(head); 10358 *new_tail = NULL; 10359 *error = EFAULT; 10360 return (NULL); 10361 } 10362 SCTP_BUF_LEN(m) = willcpy; 10363 left -= willcpy; 10364 *sndout += willcpy; 10365 *new_tail = m; 10366 if (left == 0) { 10367 SCTP_BUF_NEXT(m) = NULL; 10368 } 10369 } 10370 return (head); 10371 } 10372 10373 static int 10374 sctp_copy_one(struct sctp_stream_queue_pending *sp, 10375 struct uio *uio, 10376 int resv_upfront) 10377 { 10378 int left, cancpy, willcpy, error; 10379 struct mbuf *m, *head; 10380 int cpsz = 0; 10381 10382 /* First one gets a header */ 10383 left = sp->length; 10384 head = m = sctp_get_mbuf_for_msg((left + resv_upfront), 0, M_WAIT, 0, MT_DATA); 10385 if (m == NULL) { 10386 return (ENOMEM); 10387 } 10388 /*- 10389 * Add this one for m in now, that way if the alloc fails we won't 10390 * have a bad cnt. 10391 */ 10392 SCTP_BUF_RESV_UF(m, resv_upfront); 10393 cancpy = M_TRAILINGSPACE(m); 10394 willcpy = min(cancpy, left); 10395 while (left > 0) { 10396 /* move in user data */ 10397 error = uiomove(mtod(m, caddr_t), willcpy, uio); 10398 if (error) { 10399 sctp_m_freem(head); 10400 return (error); 10401 } 10402 SCTP_BUF_LEN(m) = willcpy; 10403 left -= willcpy; 10404 cpsz += willcpy; 10405 if (left > 0) { 10406 SCTP_BUF_NEXT(m) = sctp_get_mbuf_for_msg(left, 0, M_WAIT, 0, MT_DATA); 10407 if (SCTP_BUF_NEXT(m) == NULL) { 10408 /* 10409 * the head goes back to caller, he can free 10410 * the rest 10411 */ 10412 sctp_m_freem(head); 10413 return (ENOMEM); 10414 } 10415 m = SCTP_BUF_NEXT(m); 10416 cancpy = M_TRAILINGSPACE(m); 10417 willcpy = min(cancpy, left); 10418 } else { 10419 sp->tail_mbuf = m; 10420 SCTP_BUF_NEXT(m) = NULL; 10421 } 10422 } 10423 sp->data = head; 10424 sp->length = cpsz; 10425 return (0); 10426 } 10427 10428 10429 10430 static struct sctp_stream_queue_pending * 10431 sctp_copy_it_in(struct sctp_tcb *stcb, 10432 struct sctp_association *asoc, 10433 struct sctp_sndrcvinfo *srcv, 10434 struct uio *uio, 10435 struct sctp_nets *net, 10436 int max_send_len, 10437 int user_marks_eor, 10438 int *error, 10439 int non_blocking) 10440 { 10441 /*- 10442 * This routine must be very careful in its work. Protocol 10443 * processing is up and running so care must be taken to spl...() 10444 * when you need to do something that may effect the stcb/asoc. The 10445 * sb is locked however. When data is copied the protocol processing 10446 * should be enabled since this is a slower operation... 10447 */ 10448 struct sctp_stream_queue_pending *sp = NULL; 10449 int resv_in_first; 10450 10451 *error = 0; 10452 /* Unless E_EOR mode is on, we must make a send FIT in one call. */ 10453 if (((user_marks_eor == 0) && non_blocking) && 10454 (uio->uio_resid > SCTP_SB_LIMIT_SND(stcb->sctp_socket))) { 10455 /* It will NEVER fit */ 10456 *error = EMSGSIZE; 10457 goto out_now; 10458 } 10459 /* Now can we send this? */ 10460 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 10461 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 10462 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 10463 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 10464 /* got data while shutting down */ 10465 *error = ECONNRESET; 10466 goto out_now; 10467 } 10468 sp = SCTP_ZONE_GET(sctppcbinfo.ipi_zone_strmoq, struct sctp_stream_queue_pending); 10469 if (sp == NULL) { 10470 *error = ENOMEM; 10471 goto out_now; 10472 } 10473 SCTP_INCR_STRMOQ_COUNT(); 10474 sp->act_flags = 0; 10475 sp->sinfo_flags = srcv->sinfo_flags; 10476 sp->timetolive = srcv->sinfo_timetolive; 10477 sp->ppid = srcv->sinfo_ppid; 10478 sp->context = srcv->sinfo_context; 10479 sp->strseq = 0; 10480 SCTP_GETTIME_TIMEVAL(&sp->ts); 10481 10482 sp->stream = srcv->sinfo_stream; 10483 sp->length = min(uio->uio_resid, max_send_len); 10484 if ((sp->length == uio->uio_resid) && 10485 ((user_marks_eor == 0) || 10486 (srcv->sinfo_flags & SCTP_EOF) || 10487 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR))) 10488 ) { 10489 sp->msg_is_complete = 1; 10490 } else { 10491 sp->msg_is_complete = 0; 10492 } 10493 sp->some_taken = 0; 10494 resv_in_first = sizeof(struct sctp_data_chunk); 10495 sp->data = sp->tail_mbuf = NULL; 10496 *error = sctp_copy_one(sp, uio, resv_in_first); 10497 if (*error) { 10498 sctp_free_a_strmoq(stcb, sp); 10499 sp->data = NULL; 10500 sp->net = NULL; 10501 sp = NULL; 10502 } else { 10503 if (sp->sinfo_flags & SCTP_ADDR_OVER) { 10504 sp->net = net; 10505 sp->addr_over = 1; 10506 } else { 10507 sp->net = asoc->primary_destination; 10508 sp->addr_over = 0; 10509 } 10510 atomic_add_int(&sp->net->ref_count, 1); 10511 sctp_set_prsctp_policy(stcb, sp); 10512 } 10513 out_now: 10514 return (sp); 10515 } 10516 10517 10518 int 10519 sctp_sosend(struct socket *so, 10520 struct sockaddr *addr, 10521 struct uio *uio, 10522 struct mbuf *top, 10523 struct mbuf *control, 10524 int flags 10525 , 10526 struct thread *p 10527 ) 10528 { 10529 struct sctp_inpcb *inp; 10530 int error, use_rcvinfo = 0; 10531 struct sctp_sndrcvinfo srcv; 10532 10533 inp = (struct sctp_inpcb *)so->so_pcb; 10534 if (control) { 10535 /* process cmsg snd/rcv info (maybe a assoc-id) */ 10536 if (sctp_find_cmsg(SCTP_SNDRCV, (void *)&srcv, control, 10537 sizeof(srcv))) { 10538 /* got one */ 10539 use_rcvinfo = 1; 10540 } 10541 } 10542 error = sctp_lower_sosend(so, addr, uio, top, 10543 control, 10544 flags, 10545 use_rcvinfo, &srcv 10546 ,p 10547 ); 10548 return (error); 10549 } 10550 10551 10552 int 10553 sctp_lower_sosend(struct socket *so, 10554 struct sockaddr *addr, 10555 struct uio *uio, 10556 struct mbuf *i_pak, 10557 struct mbuf *control, 10558 int flags, 10559 int use_rcvinfo, 10560 struct sctp_sndrcvinfo *srcv, 10561 struct thread *p 10562 ) 10563 { 10564 unsigned int sndlen, max_len; 10565 int error, len; 10566 struct mbuf *top = NULL; 10567 10568 #if defined(__NetBSD__) || defined(__OpenBSD_) 10569 int s; 10570 10571 #endif 10572 int queue_only = 0, queue_only_for_init = 0; 10573 int free_cnt_applied = 0; 10574 int un_sent = 0; 10575 int now_filled = 0; 10576 struct sctp_block_entry be; 10577 struct sctp_inpcb *inp; 10578 struct sctp_tcb *stcb = NULL; 10579 struct timeval now; 10580 struct sctp_nets *net; 10581 struct sctp_association *asoc; 10582 struct sctp_inpcb *t_inp; 10583 int create_lock_applied = 0; 10584 int nagle_applies = 0; 10585 int some_on_control = 0; 10586 int got_all_of_the_send = 0; 10587 int hold_tcblock = 0; 10588 int non_blocking = 0; 10589 10590 error = 0; 10591 net = NULL; 10592 stcb = NULL; 10593 asoc = NULL; 10594 t_inp = inp = (struct sctp_inpcb *)so->so_pcb; 10595 if (inp == NULL) { 10596 error = EFAULT; 10597 goto out_unlocked; 10598 } 10599 atomic_add_int(&inp->total_sends, 1); 10600 if (uio) 10601 sndlen = uio->uio_resid; 10602 else { 10603 sndlen = SCTP_HEADER_LEN(i_pak); 10604 top = SCTP_HEADER_TO_CHAIN(i_pak); 10605 } 10606 10607 hold_tcblock = 0; 10608 10609 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 10610 (inp->sctp_socket->so_qlimit)) { 10611 /* The listener can NOT send */ 10612 error = EFAULT; 10613 goto out_unlocked; 10614 } 10615 if ((use_rcvinfo) && srcv) { 10616 if (INVALID_SINFO_FLAG(srcv->sinfo_flags) || PR_SCTP_INVALID_POLICY(srcv->sinfo_flags)) { 10617 error = EINVAL; 10618 goto out_unlocked; 10619 } 10620 if (srcv->sinfo_flags) 10621 SCTP_STAT_INCR(sctps_sends_with_flags); 10622 10623 if (srcv->sinfo_flags & SCTP_SENDALL) { 10624 /* its a sendall */ 10625 error = sctp_sendall(inp, uio, top, srcv); 10626 top = NULL; 10627 goto out_unlocked; 10628 } 10629 } 10630 /* now we must find the assoc */ 10631 if (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) { 10632 SCTP_INP_RLOCK(inp); 10633 stcb = LIST_FIRST(&inp->sctp_asoc_list); 10634 if (stcb == NULL) { 10635 SCTP_INP_RUNLOCK(inp); 10636 error = ENOTCONN; 10637 goto out_unlocked; 10638 } 10639 hold_tcblock = 0; 10640 SCTP_INP_RUNLOCK(inp); 10641 if (addr) 10642 /* Must locate the net structure if addr given */ 10643 net = sctp_findnet(stcb, addr); 10644 else 10645 net = stcb->asoc.primary_destination; 10646 10647 } else if (use_rcvinfo && srcv && srcv->sinfo_assoc_id) { 10648 stcb = sctp_findassociation_ep_asocid(inp, srcv->sinfo_assoc_id, 0); 10649 if (stcb) { 10650 if (addr) 10651 /* 10652 * Must locate the net structure if addr 10653 * given 10654 */ 10655 net = sctp_findnet(stcb, addr); 10656 else 10657 net = stcb->asoc.primary_destination; 10658 } 10659 hold_tcblock = 0; 10660 } else if (addr) { 10661 /*- 10662 * Since we did not use findep we must 10663 * increment it, and if we don't find a tcb 10664 * decrement it. 10665 */ 10666 SCTP_INP_WLOCK(inp); 10667 SCTP_INP_INCR_REF(inp); 10668 SCTP_INP_WUNLOCK(inp); 10669 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL); 10670 if (stcb == NULL) { 10671 SCTP_INP_WLOCK(inp); 10672 SCTP_INP_DECR_REF(inp); 10673 SCTP_INP_WUNLOCK(inp); 10674 } else { 10675 hold_tcblock = 1; 10676 } 10677 } 10678 if ((stcb == NULL) && (addr)) { 10679 /* Possible implicit send? */ 10680 SCTP_ASOC_CREATE_LOCK(inp); 10681 create_lock_applied = 1; 10682 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 10683 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 10684 /* Should I really unlock ? */ 10685 error = EFAULT; 10686 goto out_unlocked; 10687 10688 } 10689 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) && 10690 (addr->sa_family == AF_INET6)) { 10691 error = EINVAL; 10692 goto out_unlocked; 10693 } 10694 SCTP_INP_WLOCK(inp); 10695 SCTP_INP_INCR_REF(inp); 10696 SCTP_INP_WUNLOCK(inp); 10697 /* With the lock applied look again */ 10698 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL); 10699 if (stcb == NULL) { 10700 SCTP_INP_WLOCK(inp); 10701 SCTP_INP_DECR_REF(inp); 10702 SCTP_INP_WUNLOCK(inp); 10703 } else { 10704 hold_tcblock = 1; 10705 } 10706 } 10707 if (stcb == NULL) { 10708 if (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) { 10709 error = ENOTCONN; 10710 goto out_unlocked; 10711 } else if (addr == NULL) { 10712 error = ENOENT; 10713 goto out_unlocked; 10714 } else { 10715 /* 10716 * UDP style, we must go ahead and start the INIT 10717 * process 10718 */ 10719 uint32_t vrf_id; 10720 10721 if ((use_rcvinfo) && (srcv) && 10722 ((srcv->sinfo_flags & SCTP_ABORT) || 10723 ((srcv->sinfo_flags & SCTP_EOF) && 10724 (uio->uio_resid == 0)))) { 10725 /*- 10726 * User asks to abort a non-existant assoc, 10727 * or EOF a non-existant assoc with no data 10728 */ 10729 error = ENOENT; 10730 goto out_unlocked; 10731 } 10732 /* get an asoc/stcb struct */ 10733 10734 vrf_id = inp->def_vrf_id; 10735 stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id); 10736 if (stcb == NULL) { 10737 /* Error is setup for us in the call */ 10738 goto out_unlocked; 10739 } 10740 if (create_lock_applied) { 10741 SCTP_ASOC_CREATE_UNLOCK(inp); 10742 create_lock_applied = 0; 10743 } else { 10744 printf("Huh-3? create lock should have been on??\n"); 10745 } 10746 /* 10747 * Turn on queue only flag to prevent data from 10748 * being sent 10749 */ 10750 queue_only = 1; 10751 asoc = &stcb->asoc; 10752 asoc->state = SCTP_STATE_COOKIE_WAIT; 10753 SCTP_GETTIME_TIMEVAL(&asoc->time_entered); 10754 10755 /* initialize authentication params for the assoc */ 10756 sctp_initialize_auth_params(inp, stcb); 10757 10758 if (control) { 10759 /* 10760 * see if a init structure exists in cmsg 10761 * headers 10762 */ 10763 struct sctp_initmsg initm; 10764 int i; 10765 10766 if (sctp_find_cmsg(SCTP_INIT, (void *)&initm, control, 10767 sizeof(initm))) { 10768 /* 10769 * we have an INIT override of the 10770 * default 10771 */ 10772 if (initm.sinit_max_attempts) 10773 asoc->max_init_times = initm.sinit_max_attempts; 10774 if (initm.sinit_num_ostreams) 10775 asoc->pre_open_streams = initm.sinit_num_ostreams; 10776 if (initm.sinit_max_instreams) 10777 asoc->max_inbound_streams = initm.sinit_max_instreams; 10778 if (initm.sinit_max_init_timeo) 10779 asoc->initial_init_rto_max = initm.sinit_max_init_timeo; 10780 if (asoc->streamoutcnt < asoc->pre_open_streams) { 10781 /* Default is NOT correct */ 10782 #ifdef SCTP_DEBUG 10783 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 10784 printf("Ok, defout:%d pre_open:%d\n", 10785 asoc->streamoutcnt, asoc->pre_open_streams); 10786 } 10787 #endif 10788 SCTP_FREE(asoc->strmout); 10789 asoc->strmout = NULL; 10790 asoc->streamoutcnt = asoc->pre_open_streams; 10791 /* 10792 * What happens if this 10793 * fails? .. we panic ... 10794 */ 10795 { 10796 struct sctp_stream_out *tmp_str; 10797 int had_lock = 0; 10798 10799 if (hold_tcblock) { 10800 had_lock = 1; 10801 SCTP_TCB_UNLOCK(stcb); 10802 } 10803 SCTP_MALLOC(tmp_str, 10804 struct sctp_stream_out *, 10805 asoc->streamoutcnt * 10806 sizeof(struct sctp_stream_out), 10807 "StreamsOut"); 10808 if (had_lock) { 10809 SCTP_TCB_LOCK(stcb); 10810 } 10811 if (asoc->strmout == NULL) { 10812 asoc->strmout = tmp_str; 10813 } else { 10814 SCTP_FREE(asoc->strmout); 10815 asoc->strmout = tmp_str; 10816 } 10817 } 10818 for (i = 0; i < asoc->streamoutcnt; i++) { 10819 /*- 10820 * inbound side must be set 10821 * to 0xffff, also NOTE when 10822 * we get the INIT-ACK back 10823 * (for INIT sender) we MUST 10824 * reduce the count 10825 * (streamoutcnt) but first 10826 * check if we sent to any 10827 * of the upper streams that 10828 * were dropped (if some 10829 * were). Those that were 10830 * dropped must be notified 10831 * to the upper layer as 10832 * failed to send. 10833 */ 10834 asoc->strmout[i].next_sequence_sent = 0x0; 10835 TAILQ_INIT(&asoc->strmout[i].outqueue); 10836 asoc->strmout[i].stream_no = i; 10837 asoc->strmout[i].last_msg_incomplete = 0; 10838 asoc->strmout[i].next_spoke.tqe_next = 0; 10839 asoc->strmout[i].next_spoke.tqe_prev = 0; 10840 } 10841 } 10842 } 10843 } 10844 hold_tcblock = 1; 10845 /* out with the INIT */ 10846 queue_only_for_init = 1; 10847 /*- 10848 * we may want to dig in after this call and adjust the MTU 10849 * value. It defaulted to 1500 (constant) but the ro 10850 * structure may now have an update and thus we may need to 10851 * change it BEFORE we append the message. 10852 */ 10853 net = stcb->asoc.primary_destination; 10854 asoc = &stcb->asoc; 10855 } 10856 } 10857 if ((SCTP_SO_IS_NBIO(so) 10858 || (flags & MSG_NBIO) 10859 )) { 10860 non_blocking = 1; 10861 } 10862 asoc = &stcb->asoc; 10863 /* would we block? */ 10864 if (non_blocking) { 10865 if ((SCTP_SB_LIMIT_SND(so) < 10866 (sndlen + stcb->asoc.total_output_queue_size)) || 10867 (stcb->asoc.chunks_on_out_queue > 10868 sctp_max_chunks_on_queue)) { 10869 error = EWOULDBLOCK; 10870 atomic_add_int(&stcb->sctp_ep->total_nospaces, 1); 10871 goto out_unlocked; 10872 } 10873 } 10874 /* Keep the stcb from being freed under our feet */ 10875 atomic_add_int(&stcb->asoc.refcnt, 1); 10876 free_cnt_applied = 1; 10877 10878 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 10879 error = ECONNRESET; 10880 goto out_unlocked; 10881 } 10882 if (create_lock_applied) { 10883 SCTP_ASOC_CREATE_UNLOCK(inp); 10884 create_lock_applied = 0; 10885 } 10886 if (asoc->stream_reset_outstanding) { 10887 /* 10888 * Can't queue any data while stream reset is underway. 10889 */ 10890 error = EAGAIN; 10891 goto out_unlocked; 10892 } 10893 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 10894 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) { 10895 queue_only = 1; 10896 } 10897 if ((use_rcvinfo == 0) || (srcv == NULL)) { 10898 /* Grab the default stuff from the asoc */ 10899 srcv = &stcb->asoc.def_send; 10900 } 10901 /* we are now done with all control */ 10902 if (control) { 10903 sctp_m_freem(control); 10904 control = NULL; 10905 } 10906 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 10907 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 10908 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 10909 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 10910 if ((use_rcvinfo) && 10911 (srcv->sinfo_flags & SCTP_ABORT)) { 10912 ; 10913 } else { 10914 error = ECONNRESET; 10915 goto out_unlocked; 10916 } 10917 } 10918 /* Ok, we will attempt a msgsnd :> */ 10919 if (p) { 10920 p->td_proc->p_stats->p_ru.ru_msgsnd++; 10921 } 10922 if (stcb) { 10923 if (net && ((srcv->sinfo_flags & SCTP_ADDR_OVER))) { 10924 /* we take the override or the unconfirmed */ 10925 ; 10926 } else { 10927 net = stcb->asoc.primary_destination; 10928 } 10929 } 10930 if ((net->flight_size > net->cwnd) && (sctp_cmt_on_off == 0)) { 10931 /*- 10932 * CMT: Added check for CMT above. net above is the primary 10933 * dest. If CMT is ON, sender should always attempt to send 10934 * with the output routine sctp_fill_outqueue() that loops 10935 * through all destination addresses. Therefore, if CMT is 10936 * ON, queue_only is NOT set to 1 here, so that 10937 * sctp_chunk_output() can be called below. 10938 */ 10939 queue_only = 1; 10940 10941 } else if (asoc->ifp_had_enobuf) { 10942 SCTP_STAT_INCR(sctps_ifnomemqueued); 10943 if (net->flight_size > (net->mtu * 2)) 10944 queue_only = 1; 10945 asoc->ifp_had_enobuf = 0; 10946 } else { 10947 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 10948 ((stcb->asoc.chunks_on_out_queue - stcb->asoc.total_flight_count) * sizeof(struct sctp_data_chunk))); 10949 } 10950 /* Are we aborting? */ 10951 if (srcv->sinfo_flags & SCTP_ABORT) { 10952 struct mbuf *mm; 10953 int tot_demand, tot_out, max; 10954 10955 SCTP_STAT_INCR(sctps_sends_with_abort); 10956 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 10957 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) { 10958 /* It has to be up before we abort */ 10959 /* how big is the user initiated abort? */ 10960 error = EINVAL; 10961 goto out; 10962 } 10963 if (hold_tcblock) { 10964 SCTP_TCB_UNLOCK(stcb); 10965 hold_tcblock = 0; 10966 } 10967 if (top) { 10968 struct mbuf *cntm; 10969 10970 mm = sctp_get_mbuf_for_msg(1, 0, M_WAIT, 1, MT_DATA); 10971 10972 tot_out = 0; 10973 cntm = top; 10974 while (cntm) { 10975 tot_out += SCTP_BUF_LEN(cntm); 10976 cntm = SCTP_BUF_NEXT(cntm); 10977 } 10978 tot_demand = (tot_out + sizeof(struct sctp_paramhdr)); 10979 } else { 10980 /* Must fit in a MTU */ 10981 tot_out = uio->uio_resid; 10982 tot_demand = (tot_out + sizeof(struct sctp_paramhdr)); 10983 mm = sctp_get_mbuf_for_msg(tot_demand, 0, M_WAIT, 1, MT_DATA); 10984 } 10985 if (mm == NULL) { 10986 error = ENOMEM; 10987 goto out; 10988 } 10989 max = asoc->smallest_mtu - sizeof(struct sctp_paramhdr); 10990 max -= sizeof(struct sctp_abort_msg); 10991 if (tot_out > max) { 10992 tot_out = max; 10993 } 10994 if (mm) { 10995 struct sctp_paramhdr *ph; 10996 10997 /* now move forward the data pointer */ 10998 ph = mtod(mm, struct sctp_paramhdr *); 10999 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT); 11000 ph->param_length = htons((sizeof(struct sctp_paramhdr) + tot_out)); 11001 ph++; 11002 SCTP_BUF_LEN(mm) = tot_out + sizeof(struct sctp_paramhdr); 11003 if (top == NULL) { 11004 error = uiomove((caddr_t)ph, (int)tot_out, uio); 11005 if (error) { 11006 /*- 11007 * Here if we can't get his data we 11008 * still abort we just don't get to 11009 * send the users note :-0 11010 */ 11011 sctp_m_freem(mm); 11012 mm = NULL; 11013 } 11014 } else { 11015 SCTP_BUF_NEXT(mm) = top; 11016 } 11017 } 11018 if (hold_tcblock == 0) { 11019 SCTP_TCB_LOCK(stcb); 11020 hold_tcblock = 1; 11021 } 11022 atomic_add_int(&stcb->asoc.refcnt, -1); 11023 free_cnt_applied = 0; 11024 /* release this lock, otherwise we hang on ourselves */ 11025 sctp_abort_an_association(stcb->sctp_ep, stcb, 11026 SCTP_RESPONSE_TO_USER_REQ, 11027 mm); 11028 /* now relock the stcb so everything is sane */ 11029 hold_tcblock = 0; 11030 stcb = NULL; 11031 goto out_unlocked; 11032 } 11033 /* Calculate the maximum we can send */ 11034 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size) { 11035 max_len = SCTP_SB_LIMIT_SND(so) - stcb->asoc.total_output_queue_size; 11036 } else { 11037 max_len = 0; 11038 } 11039 if (hold_tcblock) { 11040 SCTP_TCB_UNLOCK(stcb); 11041 hold_tcblock = 0; 11042 } 11043 /* Is the stream no. valid? */ 11044 if (srcv->sinfo_stream >= asoc->streamoutcnt) { 11045 /* Invalid stream number */ 11046 error = EINVAL; 11047 goto out_unlocked; 11048 } 11049 if (asoc->strmout == NULL) { 11050 /* huh? software error */ 11051 error = EFAULT; 11052 goto out_unlocked; 11053 } 11054 len = 0; 11055 if (max_len < sctp_add_more_threshold) { 11056 /* No room right no ! */ 11057 SOCKBUF_LOCK(&so->so_snd); 11058 while (SCTP_SB_LIMIT_SND(so) < (stcb->asoc.total_output_queue_size + sctp_add_more_threshold)) { 11059 #ifdef SCTP_BLK_LOGGING 11060 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLKA, 11061 so, asoc, uio->uio_resid); 11062 #endif 11063 be.error = 0; 11064 stcb->block_entry = &be; 11065 error = sbwait(&so->so_snd); 11066 stcb->block_entry = NULL; 11067 if (error || so->so_error || be.error) { 11068 if (error == 0) { 11069 if (so->so_error) 11070 error = so->so_error; 11071 if (be.error) { 11072 error = be.error; 11073 } 11074 } 11075 SOCKBUF_UNLOCK(&so->so_snd); 11076 goto out_unlocked; 11077 } 11078 #ifdef SCTP_BLK_LOGGING 11079 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, 11080 so, asoc, stcb->asoc.total_output_queue_size); 11081 #endif 11082 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 11083 goto out_unlocked; 11084 } 11085 } 11086 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size) { 11087 max_len = SCTP_SB_LIMIT_SND(so) - stcb->asoc.total_output_queue_size; 11088 } else { 11089 max_len = 0; 11090 } 11091 SOCKBUF_UNLOCK(&so->so_snd); 11092 } 11093 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 11094 goto out_unlocked; 11095 } 11096 atomic_add_int(&stcb->total_sends, 1); 11097 if (top == NULL) { 11098 struct sctp_stream_queue_pending *sp; 11099 struct sctp_stream_out *strm; 11100 uint32_t sndout, initial_out; 11101 int user_marks_eor; 11102 11103 if (uio->uio_resid == 0) { 11104 if (srcv->sinfo_flags & SCTP_EOF) { 11105 got_all_of_the_send = 1; 11106 goto dataless_eof; 11107 } else { 11108 error = EINVAL; 11109 goto out; 11110 } 11111 } 11112 initial_out = uio->uio_resid; 11113 11114 if ((asoc->stream_locked) && 11115 (asoc->stream_locked_on != srcv->sinfo_stream)) { 11116 error = EAGAIN; 11117 goto out; 11118 } 11119 strm = &stcb->asoc.strmout[srcv->sinfo_stream]; 11120 user_marks_eor = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR); 11121 if (strm->last_msg_incomplete == 0) { 11122 do_a_copy_in: 11123 sp = sctp_copy_it_in(stcb, asoc, srcv, uio, net, max_len, user_marks_eor, &error, non_blocking); 11124 if ((sp == NULL) || (error)) { 11125 goto out; 11126 } 11127 SCTP_TCB_SEND_LOCK(stcb); 11128 if (sp->msg_is_complete) { 11129 strm->last_msg_incomplete = 0; 11130 asoc->stream_locked = 0; 11131 } else { 11132 /* 11133 * Just got locked to this guy in case of an 11134 * interupt. 11135 */ 11136 strm->last_msg_incomplete = 1; 11137 asoc->stream_locked = 1; 11138 asoc->stream_locked_on = srcv->sinfo_stream; 11139 } 11140 sctp_snd_sb_alloc(stcb, sp->length); 11141 11142 asoc->stream_queue_cnt++; 11143 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next); 11144 if ((srcv->sinfo_flags & SCTP_UNORDERED) == 0) { 11145 sp->strseq = strm->next_sequence_sent; 11146 #ifdef SCTP_LOG_SENDING_STR 11147 sctp_misc_ints(SCTP_STRMOUT_LOG_ASSIGN, 11148 (uintptr_t) stcb, (uintptr_t) sp, 11149 (uint32_t) ((srcv->sinfo_stream << 16) | sp->strseq), 0); 11150 #endif 11151 strm->next_sequence_sent++; 11152 } else { 11153 SCTP_STAT_INCR(sctps_sends_with_unord); 11154 } 11155 11156 if ((strm->next_spoke.tqe_next == NULL) && 11157 (strm->next_spoke.tqe_prev == NULL)) { 11158 /* Not on wheel, insert */ 11159 sctp_insert_on_wheel(stcb, asoc, strm, 1); 11160 } 11161 SCTP_TCB_SEND_UNLOCK(stcb); 11162 } else { 11163 sp = TAILQ_LAST(&strm->outqueue, sctp_streamhead); 11164 if (sp == NULL) { 11165 /* ???? Huh ??? last msg is gone */ 11166 #ifdef INVARIANTS 11167 panic("Warning: Last msg marked incomplete, yet nothing left?"); 11168 #else 11169 printf("Warning: Last msg marked incomplete, yet nothing left?\n"); 11170 strm->last_msg_incomplete = 0; 11171 #endif 11172 goto do_a_copy_in; 11173 11174 } 11175 } 11176 while (uio->uio_resid > 0) { 11177 /* How much room do we have? */ 11178 struct mbuf *new_tail, *mm; 11179 11180 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size) 11181 max_len = SCTP_SB_LIMIT_SND(so) - stcb->asoc.total_output_queue_size; 11182 else 11183 max_len = 0; 11184 11185 if ((max_len > sctp_add_more_threshold) || 11186 (uio->uio_resid && (uio->uio_resid < max_len))) { 11187 sndout = 0; 11188 new_tail = NULL; 11189 if (hold_tcblock) { 11190 SCTP_TCB_UNLOCK(stcb); 11191 hold_tcblock = 0; 11192 } 11193 mm = sctp_copy_resume(sp, uio, srcv, max_len, user_marks_eor, &error, &sndout, &new_tail); 11194 if ((mm == NULL) || error) { 11195 if (mm) { 11196 sctp_m_freem(mm); 11197 } 11198 goto out; 11199 } 11200 /* Update the mbuf and count */ 11201 SCTP_TCB_SEND_LOCK(stcb); 11202 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 11203 /* 11204 * we need to get out. Peer probably 11205 * aborted. 11206 */ 11207 sctp_m_freem(mm); 11208 if (stcb->asoc.state & SCTP_PCB_FLAGS_WAS_ABORTED) 11209 error = ECONNRESET; 11210 goto out; 11211 } 11212 if (sp->tail_mbuf) { 11213 /* tack it to the end */ 11214 SCTP_BUF_NEXT(sp->tail_mbuf) = mm; 11215 sp->tail_mbuf = new_tail; 11216 } else { 11217 /* A stolen mbuf */ 11218 sp->data = mm; 11219 sp->tail_mbuf = new_tail; 11220 } 11221 sctp_snd_sb_alloc(stcb, sndout); 11222 sp->length += sndout; 11223 len += sndout; 11224 /* Did we reach EOR? */ 11225 if ((uio->uio_resid == 0) && 11226 ((user_marks_eor == 0) || 11227 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR))) 11228 ) { 11229 sp->msg_is_complete = 1; 11230 } else { 11231 sp->msg_is_complete = 0; 11232 } 11233 SCTP_TCB_SEND_UNLOCK(stcb); 11234 } 11235 if (uio->uio_resid == 0) { 11236 /* got it all? */ 11237 continue; 11238 } 11239 /* PR-SCTP? */ 11240 if ((asoc->peer_supports_prsctp) && (asoc->sent_queue_cnt_removeable > 0)) { 11241 /* 11242 * This is ugly but we must assure locking 11243 * order 11244 */ 11245 if (hold_tcblock == 0) { 11246 SCTP_TCB_LOCK(stcb); 11247 hold_tcblock = 1; 11248 } 11249 sctp_prune_prsctp(stcb, asoc, srcv, sndlen); 11250 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size) 11251 max_len = SCTP_SB_LIMIT_SND(so) - stcb->asoc.total_output_queue_size; 11252 else 11253 max_len = 0; 11254 if (max_len > 0) { 11255 continue; 11256 } 11257 SCTP_TCB_UNLOCK(stcb); 11258 hold_tcblock = 0; 11259 } 11260 /* wait for space now */ 11261 if (non_blocking) { 11262 /* Non-blocking io in place out */ 11263 goto skip_out_eof; 11264 } 11265 if ((net->flight_size > net->cwnd) && 11266 (sctp_cmt_on_off == 0)) { 11267 queue_only = 1; 11268 11269 } else if (asoc->ifp_had_enobuf) { 11270 SCTP_STAT_INCR(sctps_ifnomemqueued); 11271 if (net->flight_size > (net->mtu * 2)) { 11272 queue_only = 1; 11273 } else { 11274 queue_only = 0; 11275 } 11276 asoc->ifp_had_enobuf = 0; 11277 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 11278 ((stcb->asoc.chunks_on_out_queue - stcb->asoc.total_flight_count) * 11279 sizeof(struct sctp_data_chunk))); 11280 } else { 11281 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 11282 ((stcb->asoc.chunks_on_out_queue - stcb->asoc.total_flight_count) * 11283 sizeof(struct sctp_data_chunk))); 11284 queue_only = 0; 11285 } 11286 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 11287 (stcb->asoc.total_flight > 0) && 11288 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD)) 11289 ) { 11290 11291 /*- 11292 * Ok, Nagle is set on and we have data outstanding. 11293 * Don't send anything and let SACKs drive out the 11294 * data unless wen have a "full" segment to send. 11295 */ 11296 #ifdef SCTP_NAGLE_LOGGING 11297 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED); 11298 #endif 11299 SCTP_STAT_INCR(sctps_naglequeued); 11300 nagle_applies = 1; 11301 } else { 11302 #ifdef SCTP_NAGLE_LOGGING 11303 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) 11304 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED); 11305 #endif 11306 SCTP_STAT_INCR(sctps_naglesent); 11307 nagle_applies = 0; 11308 } 11309 /* What about the INIT, send it maybe */ 11310 #ifdef SCTP_BLK_LOGGING 11311 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, queue_only_for_init, queue_only, nagle_applies, un_sent); 11312 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, stcb->asoc.total_output_queue_size, stcb->asoc.total_flight, 11313 stcb->asoc.chunks_on_out_queue, stcb->asoc.total_flight_count); 11314 #endif 11315 if (queue_only_for_init) { 11316 if (hold_tcblock == 0) { 11317 SCTP_TCB_LOCK(stcb); 11318 hold_tcblock = 1; 11319 } 11320 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) { 11321 /* a collision took us forward? */ 11322 queue_only_for_init = 0; 11323 queue_only = 0; 11324 } else { 11325 sctp_send_initiate(inp, stcb); 11326 stcb->asoc.state = SCTP_STATE_COOKIE_WAIT; 11327 queue_only_for_init = 0; 11328 queue_only = 1; 11329 } 11330 } 11331 if ((queue_only == 0) && (nagle_applies == 0) 11332 ) { 11333 /*- 11334 * need to start chunk output 11335 * before blocking.. note that if 11336 * a lock is already applied, then 11337 * the input via the net is happening 11338 * and I don't need to start output :-D 11339 */ 11340 if (hold_tcblock == 0) { 11341 if (SCTP_TCB_TRYLOCK(stcb)) { 11342 hold_tcblock = 1; 11343 sctp_chunk_output(inp, 11344 stcb, 11345 SCTP_OUTPUT_FROM_USR_SEND); 11346 11347 } 11348 } else { 11349 sctp_chunk_output(inp, 11350 stcb, 11351 SCTP_OUTPUT_FROM_USR_SEND); 11352 } 11353 if (hold_tcblock == 1) { 11354 SCTP_TCB_UNLOCK(stcb); 11355 hold_tcblock = 0; 11356 } 11357 } 11358 SOCKBUF_LOCK(&so->so_snd); 11359 /*- 11360 * This is a bit strange, but I think it will 11361 * work. The total_output_queue_size is locked and 11362 * protected by the TCB_LOCK, which we just released. 11363 * There is a race that can occur between releasing it 11364 * above, and me getting the socket lock, where sacks 11365 * come in but we have not put the SB_WAIT on the 11366 * so_snd buffer to get the wakeup. After the LOCK 11367 * is applied the sack_processing will also need to 11368 * LOCK the so->so_snd to do the actual sowwakeup(). So 11369 * once we have the socket buffer lock if we recheck the 11370 * size we KNOW we will get to sleep safely with the 11371 * wakeup flag in place. 11372 */ 11373 if (SCTP_SB_LIMIT_SND(so) < (stcb->asoc.total_output_queue_size + sctp_add_more_threshold)) { 11374 #ifdef SCTP_BLK_LOGGING 11375 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLK, 11376 so, asoc, uio->uio_resid); 11377 #endif 11378 be.error = 0; 11379 stcb->block_entry = &be; 11380 error = sbwait(&so->so_snd); 11381 stcb->block_entry = NULL; 11382 11383 if (error || so->so_error || be.error) { 11384 if (error == 0) { 11385 if (so->so_error) 11386 error = so->so_error; 11387 if (be.error) { 11388 error = be.error; 11389 } 11390 } 11391 SOCKBUF_UNLOCK(&so->so_snd); 11392 goto out_unlocked; 11393 } 11394 #ifdef SCTP_BLK_LOGGING 11395 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, 11396 so, asoc, stcb->asoc.total_output_queue_size); 11397 #endif 11398 } 11399 SOCKBUF_UNLOCK(&so->so_snd); 11400 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 11401 goto out_unlocked; 11402 } 11403 } 11404 SCTP_TCB_SEND_LOCK(stcb); 11405 if (sp->msg_is_complete == 0) { 11406 strm->last_msg_incomplete = 1; 11407 asoc->stream_locked = 1; 11408 asoc->stream_locked_on = srcv->sinfo_stream; 11409 } else { 11410 strm->last_msg_incomplete = 0; 11411 asoc->stream_locked = 0; 11412 } 11413 SCTP_TCB_SEND_UNLOCK(stcb); 11414 if (uio->uio_resid == 0) { 11415 got_all_of_the_send = 1; 11416 } 11417 } else if (top) { 11418 /* We send in a 0, since we do NOT have any locks */ 11419 error = sctp_msg_append(stcb, net, top, srcv, 0); 11420 top = NULL; 11421 } 11422 if (error) { 11423 goto out; 11424 } 11425 dataless_eof: 11426 /* EOF thing ? */ 11427 if ((srcv->sinfo_flags & SCTP_EOF) && 11428 (got_all_of_the_send == 1) && 11429 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE) 11430 ) { 11431 SCTP_STAT_INCR(sctps_sends_with_eof); 11432 error = 0; 11433 if (hold_tcblock == 0) { 11434 SCTP_TCB_LOCK(stcb); 11435 hold_tcblock = 1; 11436 } 11437 if (TAILQ_EMPTY(&asoc->send_queue) && 11438 TAILQ_EMPTY(&asoc->sent_queue) && 11439 (asoc->stream_queue_cnt == 0)) { 11440 if (asoc->locked_on_sending) { 11441 goto abort_anyway; 11442 } 11443 /* there is nothing queued to send, so I'm done... */ 11444 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 11445 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 11446 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 11447 /* only send SHUTDOWN the first time through */ 11448 sctp_send_shutdown(stcb, stcb->asoc.primary_destination); 11449 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) { 11450 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 11451 } 11452 asoc->state = SCTP_STATE_SHUTDOWN_SENT; 11453 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, 11454 asoc->primary_destination); 11455 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 11456 asoc->primary_destination); 11457 } 11458 } else { 11459 /*- 11460 * we still got (or just got) data to send, so set 11461 * SHUTDOWN_PENDING 11462 */ 11463 /*- 11464 * XXX sockets draft says that SCTP_EOF should be 11465 * sent with no data. currently, we will allow user 11466 * data to be sent first and move to 11467 * SHUTDOWN-PENDING 11468 */ 11469 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 11470 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 11471 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 11472 if (hold_tcblock == 0) { 11473 SCTP_TCB_LOCK(stcb); 11474 hold_tcblock = 1; 11475 } 11476 if (asoc->locked_on_sending) { 11477 /* Locked to send out the data */ 11478 struct sctp_stream_queue_pending *sp; 11479 11480 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead); 11481 if (sp) { 11482 if ((sp->length == 0) && (sp->msg_is_complete == 0)) 11483 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT; 11484 } 11485 } 11486 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING; 11487 if (TAILQ_EMPTY(&asoc->send_queue) && 11488 TAILQ_EMPTY(&asoc->sent_queue) && 11489 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) { 11490 abort_anyway: 11491 if (free_cnt_applied) { 11492 atomic_add_int(&stcb->asoc.refcnt, -1); 11493 free_cnt_applied = 0; 11494 } 11495 sctp_abort_an_association(stcb->sctp_ep, stcb, 11496 SCTP_RESPONSE_TO_USER_REQ, 11497 NULL); 11498 /* 11499 * now relock the stcb so everything 11500 * is sane 11501 */ 11502 hold_tcblock = 0; 11503 stcb = NULL; 11504 goto out; 11505 } 11506 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 11507 asoc->primary_destination); 11508 } 11509 } 11510 } 11511 skip_out_eof: 11512 if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue)) { 11513 some_on_control = 1; 11514 } 11515 if ((net->flight_size > net->cwnd) && 11516 (sctp_cmt_on_off == 0)) { 11517 queue_only = 1; 11518 } else if (asoc->ifp_had_enobuf) { 11519 SCTP_STAT_INCR(sctps_ifnomemqueued); 11520 if (net->flight_size > (net->mtu * 2)) { 11521 queue_only = 1; 11522 } else { 11523 queue_only = 0; 11524 } 11525 asoc->ifp_had_enobuf = 0; 11526 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 11527 ((stcb->asoc.chunks_on_out_queue - stcb->asoc.total_flight_count) * 11528 sizeof(struct sctp_data_chunk))); 11529 } else { 11530 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 11531 ((stcb->asoc.chunks_on_out_queue - stcb->asoc.total_flight_count) * 11532 sizeof(struct sctp_data_chunk))); 11533 queue_only = 0; 11534 } 11535 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 11536 (stcb->asoc.total_flight > 0) && 11537 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD)) 11538 ) { 11539 11540 /*- 11541 * Ok, Nagle is set on and we have data outstanding. 11542 * Don't send anything and let SACKs drive out the 11543 * data unless wen have a "full" segment to send. 11544 */ 11545 #ifdef SCTP_NAGLE_LOGGING 11546 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED); 11547 #endif 11548 SCTP_STAT_INCR(sctps_naglequeued); 11549 nagle_applies = 1; 11550 } else { 11551 #ifdef SCTP_NAGLE_LOGGING 11552 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) 11553 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED); 11554 #endif 11555 SCTP_STAT_INCR(sctps_naglesent); 11556 nagle_applies = 0; 11557 } 11558 if (queue_only_for_init) { 11559 if (hold_tcblock == 0) { 11560 SCTP_TCB_LOCK(stcb); 11561 hold_tcblock = 1; 11562 } 11563 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) { 11564 /* a collision took us forward? */ 11565 queue_only_for_init = 0; 11566 queue_only = 0; 11567 } else { 11568 sctp_send_initiate(inp, stcb); 11569 if (stcb->asoc.state & SCTP_STATE_SHUTDOWN_PENDING) 11570 stcb->asoc.state = SCTP_STATE_COOKIE_WAIT | 11571 SCTP_STATE_SHUTDOWN_PENDING; 11572 else 11573 stcb->asoc.state = SCTP_STATE_COOKIE_WAIT; 11574 queue_only_for_init = 0; 11575 queue_only = 1; 11576 } 11577 } 11578 if ((queue_only == 0) && (nagle_applies == 0) && (stcb->asoc.peers_rwnd && un_sent)) { 11579 /* we can attempt to send too. */ 11580 if (hold_tcblock == 0) { 11581 /* 11582 * If there is activity recv'ing sacks no need to 11583 * send 11584 */ 11585 if (SCTP_TCB_TRYLOCK(stcb)) { 11586 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND); 11587 hold_tcblock = 1; 11588 } 11589 } else { 11590 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND); 11591 } 11592 } else if ((queue_only == 0) && 11593 (stcb->asoc.peers_rwnd == 0) && 11594 (stcb->asoc.total_flight == 0)) { 11595 /* We get to have a probe outstanding */ 11596 if (hold_tcblock == 0) { 11597 hold_tcblock = 1; 11598 SCTP_TCB_LOCK(stcb); 11599 } 11600 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND); 11601 } else if (some_on_control) { 11602 int num_out, reason, cwnd_full, frag_point; 11603 11604 /* Here we do control only */ 11605 if (hold_tcblock == 0) { 11606 hold_tcblock = 1; 11607 SCTP_TCB_LOCK(stcb); 11608 } 11609 frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 11610 sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out, 11611 &reason, 1, &cwnd_full, 1, &now, &now_filled, frag_point); 11612 } 11613 #ifdef SCTP_DEBUG 11614 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 11615 printf("USR Send complete qo:%d prw:%d unsent:%d tf:%d cooq:%d toqs:%d \n", 11616 queue_only, stcb->asoc.peers_rwnd, un_sent, 11617 stcb->asoc.total_flight, stcb->asoc.chunks_on_out_queue, 11618 stcb->asoc.total_output_queue_size); 11619 } 11620 #endif 11621 out: 11622 out_unlocked: 11623 11624 if (create_lock_applied) { 11625 SCTP_ASOC_CREATE_UNLOCK(inp); 11626 create_lock_applied = 0; 11627 } 11628 if ((stcb) && hold_tcblock) { 11629 SCTP_TCB_UNLOCK(stcb); 11630 } 11631 if (stcb && free_cnt_applied) { 11632 atomic_add_int(&stcb->asoc.refcnt, -1); 11633 } 11634 #ifdef INVARIANTS 11635 if (stcb) { 11636 if (mtx_owned(&stcb->tcb_mtx)) { 11637 panic("Leaving with tcb mtx owned?"); 11638 } 11639 if (mtx_owned(&stcb->tcb_send_mtx)) { 11640 panic("Leaving with tcb send mtx owned?"); 11641 } 11642 } 11643 #endif 11644 if (top) { 11645 sctp_m_freem(top); 11646 } 11647 if (control) { 11648 sctp_m_freem(control); 11649 } 11650 return (error); 11651 } 11652 11653 11654 /* 11655 * generate an AUTHentication chunk, if required 11656 */ 11657 struct mbuf * 11658 sctp_add_auth_chunk(struct mbuf *m, struct mbuf **m_end, 11659 struct sctp_auth_chunk **auth_ret, uint32_t * offset, 11660 struct sctp_tcb *stcb, uint8_t chunk) 11661 { 11662 struct mbuf *m_auth; 11663 struct sctp_auth_chunk *auth; 11664 int chunk_len; 11665 11666 if ((m_end == NULL) || (auth_ret == NULL) || (offset == NULL) || 11667 (stcb == NULL)) 11668 return (m); 11669 11670 /* sysctl disabled auth? */ 11671 if (sctp_auth_disable) 11672 return (m); 11673 11674 /* peer doesn't do auth... */ 11675 if (!stcb->asoc.peer_supports_auth) { 11676 return (m); 11677 } 11678 /* does the requested chunk require auth? */ 11679 if (!sctp_auth_is_required_chunk(chunk, stcb->asoc.peer_auth_chunks)) { 11680 return (m); 11681 } 11682 m_auth = sctp_get_mbuf_for_msg(sizeof(*auth), 0, M_DONTWAIT, 1, MT_HEADER); 11683 if (m_auth == NULL) { 11684 /* no mbuf's */ 11685 return (m); 11686 } 11687 /* reserve some space if this will be the first mbuf */ 11688 if (m == NULL) 11689 SCTP_BUF_RESV_UF(m_auth, SCTP_MIN_OVERHEAD); 11690 /* fill in the AUTH chunk details */ 11691 auth = mtod(m_auth, struct sctp_auth_chunk *); 11692 bzero(auth, sizeof(*auth)); 11693 auth->ch.chunk_type = SCTP_AUTHENTICATION; 11694 auth->ch.chunk_flags = 0; 11695 chunk_len = sizeof(*auth) + 11696 sctp_get_hmac_digest_len(stcb->asoc.peer_hmac_id); 11697 auth->ch.chunk_length = htons(chunk_len); 11698 auth->hmac_id = htons(stcb->asoc.peer_hmac_id); 11699 /* key id and hmac digest will be computed and filled in upon send */ 11700 11701 /* save the offset where the auth was inserted into the chain */ 11702 if (m != NULL) { 11703 struct mbuf *cn; 11704 11705 *offset = 0; 11706 cn = m; 11707 while (cn) { 11708 *offset += SCTP_BUF_LEN(cn); 11709 cn = SCTP_BUF_NEXT(cn); 11710 } 11711 } else 11712 *offset = 0; 11713 11714 /* update length and return pointer to the auth chunk */ 11715 SCTP_BUF_LEN(m_auth) = chunk_len; 11716 m = sctp_copy_mbufchain(m_auth, m, m_end, 1, chunk_len, 0); 11717 if (auth_ret != NULL) 11718 *auth_ret = auth; 11719 11720 return (m); 11721 } 11722