1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved.
5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
10 *
11 * a) Redistributions of source code must retain the above copyright notice,
12 * this list of conditions and the following disclaimer.
13 *
14 * b) Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the distribution.
17 *
18 * c) Neither the name of Cisco Systems, Inc. nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
32 * THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35 #define _IP_VHL
36 #include <netinet/sctp_os.h>
37 #include <netinet/sctp_pcb.h>
38
39 #include <netinet/sctp_var.h>
40 #include <netinet/sctp_sysctl.h>
41 #include <netinet/sctp_timer.h>
42 #include <netinet/sctputil.h>
43 #include <netinet/sctp_output.h>
44 #include <netinet/sctp_header.h>
45 #include <netinet/sctp_indata.h>
46 #include <netinet/sctp_asconf.h>
47 #include <netinet/sctp_input.h>
48 #include <netinet/sctp.h>
49 #include <netinet/sctp_uio.h>
50 #if defined(INET) || defined(INET6)
51 #include <netinet/udp.h>
52 #endif
53
54 void
sctp_audit_retranmission_queue(struct sctp_association * asoc)55 sctp_audit_retranmission_queue(struct sctp_association *asoc)
56 {
57 struct sctp_tmit_chunk *chk;
58
59 SCTPDBG(SCTP_DEBUG_TIMER4, "Audit invoked on send queue cnt:%d onqueue:%d\n",
60 asoc->sent_queue_retran_cnt,
61 asoc->sent_queue_cnt);
62 asoc->sent_queue_retran_cnt = 0;
63 asoc->sent_queue_cnt = 0;
64 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
65 if (chk->sent == SCTP_DATAGRAM_RESEND) {
66 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
67 }
68 asoc->sent_queue_cnt++;
69 }
70 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
71 if (chk->sent == SCTP_DATAGRAM_RESEND) {
72 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
73 }
74 }
75 TAILQ_FOREACH(chk, &asoc->asconf_send_queue, sctp_next) {
76 if (chk->sent == SCTP_DATAGRAM_RESEND) {
77 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
78 }
79 }
80 SCTPDBG(SCTP_DEBUG_TIMER4, "Audit completes retran:%d onqueue:%d\n",
81 asoc->sent_queue_retran_cnt,
82 asoc->sent_queue_cnt);
83 }
84
85 static int
sctp_threshold_management(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net,uint16_t threshold)86 sctp_threshold_management(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
87 struct sctp_nets *net, uint16_t threshold)
88 {
89 KASSERT(stcb != NULL, ("stcb is NULL"));
90 SCTP_TCB_LOCK_ASSERT(stcb);
91
92 if (net != NULL) {
93 net->error_count++;
94 SCTPDBG(SCTP_DEBUG_TIMER4, "Error count for %p now %d thresh:%d\n",
95 (void *)net, net->error_count,
96 net->failure_threshold);
97 if (net->error_count > net->failure_threshold) {
98 /* We had a threshold failure */
99 if (net->dest_state & SCTP_ADDR_REACHABLE) {
100 net->dest_state &= ~SCTP_ADDR_REACHABLE;
101 net->dest_state &= ~SCTP_ADDR_REQ_PRIMARY;
102 net->dest_state &= ~SCTP_ADDR_PF;
103 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN,
104 stcb, 0,
105 (void *)net, SCTP_SO_NOT_LOCKED);
106 }
107 } else if ((net->pf_threshold < net->failure_threshold) &&
108 (net->error_count > net->pf_threshold)) {
109 if ((net->dest_state & SCTP_ADDR_PF) == 0) {
110 net->dest_state |= SCTP_ADDR_PF;
111 net->last_active = sctp_get_tick_count();
112 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
113 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT,
114 inp, stcb, net,
115 SCTP_FROM_SCTP_TIMER + SCTP_LOC_1);
116 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net);
117 }
118 }
119 if ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0) {
120 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
121 sctp_misc_ints(SCTP_THRESHOLD_INCR,
122 stcb->asoc.overall_error_count,
123 (stcb->asoc.overall_error_count + 1),
124 SCTP_FROM_SCTP_TIMER,
125 __LINE__);
126 }
127 stcb->asoc.overall_error_count++;
128 }
129 } else {
130 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
131 sctp_misc_ints(SCTP_THRESHOLD_INCR,
132 stcb->asoc.overall_error_count,
133 (stcb->asoc.overall_error_count + 1),
134 SCTP_FROM_SCTP_TIMER,
135 __LINE__);
136 }
137 stcb->asoc.overall_error_count++;
138 }
139 SCTPDBG(SCTP_DEBUG_TIMER4, "Overall error count for %p now %d thresh:%u state:%x\n",
140 (void *)&stcb->asoc, stcb->asoc.overall_error_count,
141 (uint32_t)threshold,
142 ((net == NULL) ? (uint32_t)0 : (uint32_t)net->dest_state));
143 /*
144 * We specifically do not do >= to give the assoc one more change
145 * before we fail it.
146 */
147 if (stcb->asoc.overall_error_count > threshold) {
148 /* Abort notification sends a ULP notify */
149 struct mbuf *op_err;
150
151 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
152 "Association error counter exceeded");
153 inp->last_abort_code = SCTP_FROM_SCTP_TIMER + SCTP_LOC_2;
154 sctp_abort_an_association(inp, stcb, op_err, true, SCTP_SO_NOT_LOCKED);
155 return (1);
156 }
157 return (0);
158 }
159
160 /*
161 * sctp_find_alternate_net() returns a non-NULL pointer as long as there
162 * exists nets, which are not being deleted.
163 */
164 struct sctp_nets *
sctp_find_alternate_net(struct sctp_tcb * stcb,struct sctp_nets * net,int mode)165 sctp_find_alternate_net(struct sctp_tcb *stcb,
166 struct sctp_nets *net,
167 int mode)
168 {
169 /* Find and return an alternate network if possible */
170 struct sctp_nets *alt, *mnet, *min_errors_net = NULL, *max_cwnd_net = NULL;
171 bool looped;
172
173 /* JRS 5/14/07 - Initialize min_errors to an impossible value. */
174 int min_errors = -1;
175 uint32_t max_cwnd = 0;
176
177 if (stcb->asoc.numnets == 1) {
178 /* No selection can be made. */
179 return (TAILQ_FIRST(&stcb->asoc.nets));
180 }
181 /*
182 * JRS 5/14/07 - If mode is set to 2, use the CMT PF find alternate
183 * net algorithm. This algorithm chooses the active destination (not
184 * in PF state) with the largest cwnd value. If all destinations are
185 * in PF state, unreachable, or unconfirmed, choose the destination
186 * that is in PF state with the lowest error count. In case of a
187 * tie, choose the destination that was most recently active.
188 */
189 if (mode == 2) {
190 TAILQ_FOREACH(mnet, &stcb->asoc.nets, sctp_next) {
191 /*
192 * JRS 5/14/07 - If the destination is unreachable
193 * or unconfirmed, skip it.
194 */
195 if (((mnet->dest_state & SCTP_ADDR_REACHABLE) != SCTP_ADDR_REACHABLE) ||
196 (mnet->dest_state & SCTP_ADDR_UNCONFIRMED)) {
197 continue;
198 }
199 /*
200 * JRS 5/14/07 - If the destination is reachable
201 * but in PF state, compare the error count of the
202 * destination to the minimum error count seen thus
203 * far. Store the destination with the lower error
204 * count. If the error counts are equal, store the
205 * destination that was most recently active.
206 */
207 if (mnet->dest_state & SCTP_ADDR_PF) {
208 /*
209 * JRS 5/14/07 - If the destination under
210 * consideration is the current destination,
211 * work as if the error count is one higher.
212 * The actual error count will not be
213 * incremented until later in the t3
214 * handler.
215 */
216 if (mnet == net) {
217 if (min_errors == -1) {
218 min_errors = mnet->error_count + 1;
219 min_errors_net = mnet;
220 } else if (mnet->error_count + 1 < min_errors) {
221 min_errors = mnet->error_count + 1;
222 min_errors_net = mnet;
223 } else if (mnet->error_count + 1 == min_errors
224 && mnet->last_active > min_errors_net->last_active) {
225 min_errors_net = mnet;
226 min_errors = mnet->error_count + 1;
227 }
228 continue;
229 } else {
230 if (min_errors == -1) {
231 min_errors = mnet->error_count;
232 min_errors_net = mnet;
233 } else if (mnet->error_count < min_errors) {
234 min_errors = mnet->error_count;
235 min_errors_net = mnet;
236 } else if (mnet->error_count == min_errors
237 && mnet->last_active > min_errors_net->last_active) {
238 min_errors_net = mnet;
239 min_errors = mnet->error_count;
240 }
241 continue;
242 }
243 }
244 /*
245 * JRS 5/14/07 - If the destination is reachable and
246 * not in PF state, compare the cwnd of the
247 * destination to the highest cwnd seen thus far.
248 * Store the destination with the higher cwnd value.
249 * If the cwnd values are equal, randomly choose one
250 * of the two destinations.
251 */
252 if (max_cwnd < mnet->cwnd) {
253 max_cwnd_net = mnet;
254 max_cwnd = mnet->cwnd;
255 } else if (max_cwnd == mnet->cwnd) {
256 uint32_t rndval;
257 uint8_t this_random;
258
259 if (stcb->asoc.hb_random_idx > 3) {
260 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
261 memcpy(stcb->asoc.hb_random_values, &rndval, sizeof(stcb->asoc.hb_random_values));
262 this_random = stcb->asoc.hb_random_values[0];
263 stcb->asoc.hb_random_idx++;
264 stcb->asoc.hb_ect_randombit = 0;
265 } else {
266 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
267 stcb->asoc.hb_random_idx++;
268 stcb->asoc.hb_ect_randombit = 0;
269 }
270 if (this_random % 2 == 1) {
271 max_cwnd_net = mnet;
272 max_cwnd = mnet->cwnd; /* Useless? */
273 }
274 }
275 }
276 if (max_cwnd_net == NULL) {
277 if (min_errors_net == NULL) {
278 return (net);
279 }
280 return (min_errors_net);
281 } else {
282 return (max_cwnd_net);
283 }
284 } /* JRS 5/14/07 - If mode is set to 1, use the
285 * CMT policy for choosing an alternate net. */
286 else if (mode == 1) {
287 TAILQ_FOREACH(mnet, &stcb->asoc.nets, sctp_next) {
288 if (((mnet->dest_state & SCTP_ADDR_REACHABLE) != SCTP_ADDR_REACHABLE) ||
289 (mnet->dest_state & SCTP_ADDR_UNCONFIRMED)) {
290 /*
291 * will skip ones that are not-reachable or
292 * unconfirmed
293 */
294 continue;
295 }
296 if (max_cwnd < mnet->cwnd) {
297 max_cwnd_net = mnet;
298 max_cwnd = mnet->cwnd;
299 } else if (max_cwnd == mnet->cwnd) {
300 uint32_t rndval;
301 uint8_t this_random;
302
303 if (stcb->asoc.hb_random_idx > 3) {
304 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
305 memcpy(stcb->asoc.hb_random_values, &rndval,
306 sizeof(stcb->asoc.hb_random_values));
307 this_random = stcb->asoc.hb_random_values[0];
308 stcb->asoc.hb_random_idx = 0;
309 stcb->asoc.hb_ect_randombit = 0;
310 } else {
311 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
312 stcb->asoc.hb_random_idx++;
313 stcb->asoc.hb_ect_randombit = 0;
314 }
315 if (this_random % 2) {
316 max_cwnd_net = mnet;
317 max_cwnd = mnet->cwnd;
318 }
319 }
320 }
321 if (max_cwnd_net) {
322 return (max_cwnd_net);
323 }
324 }
325 /* Look for an alternate net, which is active. */
326 if ((net != NULL) && ((net->dest_state & SCTP_ADDR_BEING_DELETED) == 0)) {
327 alt = TAILQ_NEXT(net, sctp_next);
328 } else {
329 alt = TAILQ_FIRST(&stcb->asoc.nets);
330 }
331 looped = false;
332 for (;;) {
333 if (alt == NULL) {
334 if (!looped) {
335 alt = TAILQ_FIRST(&stcb->asoc.nets);
336 looped = true;
337 }
338 /* Definitely out of candidates. */
339 if (alt == NULL) {
340 break;
341 }
342 }
343 if (alt->ro.ro_nh == NULL) {
344 if (alt->ro._s_addr) {
345 sctp_free_ifa(alt->ro._s_addr);
346 alt->ro._s_addr = NULL;
347 }
348 alt->src_addr_selected = 0;
349 }
350 if (((alt->dest_state & SCTP_ADDR_REACHABLE) == SCTP_ADDR_REACHABLE) &&
351 (alt->ro.ro_nh != NULL) &&
352 ((alt->dest_state & SCTP_ADDR_UNCONFIRMED) == 0) &&
353 (alt != net)) {
354 /* Found an alternate net, which is reachable. */
355 break;
356 }
357 alt = TAILQ_NEXT(alt, sctp_next);
358 }
359
360 if (alt == NULL) {
361 /*
362 * In case no active alternate net has been found, look for
363 * an alternate net, which is confirmed.
364 */
365 if ((net != NULL) && ((net->dest_state & SCTP_ADDR_BEING_DELETED) == 0)) {
366 alt = TAILQ_NEXT(net, sctp_next);
367 } else {
368 alt = TAILQ_FIRST(&stcb->asoc.nets);
369 }
370 looped = false;
371 for (;;) {
372 if (alt == NULL) {
373 if (!looped) {
374 alt = TAILQ_FIRST(&stcb->asoc.nets);
375 looped = true;
376 }
377 /* Definitely out of candidates. */
378 if (alt == NULL) {
379 break;
380 }
381 }
382 if (((alt->dest_state & SCTP_ADDR_UNCONFIRMED) == 0) &&
383 (alt != net)) {
384 /*
385 * Found an alternate net, which is
386 * confirmed.
387 */
388 break;
389 }
390 alt = TAILQ_NEXT(alt, sctp_next);
391 }
392 }
393 if (alt == NULL) {
394 /*
395 * In case no confirmed alternate net has been found, just
396 * return net, if it is not being deleted. In the other case
397 * just return the first net.
398 */
399 if ((net != NULL) && ((net->dest_state & SCTP_ADDR_BEING_DELETED) == 0)) {
400 alt = net;
401 }
402 if (alt == NULL) {
403 alt = TAILQ_FIRST(&stcb->asoc.nets);
404 }
405 }
406 return (alt);
407 }
408
409 static void
sctp_backoff_on_timeout(struct sctp_tcb * stcb,struct sctp_nets * net,int win_probe,int num_marked,int num_abandoned)410 sctp_backoff_on_timeout(struct sctp_tcb *stcb,
411 struct sctp_nets *net,
412 int win_probe,
413 int num_marked, int num_abandoned)
414 {
415 if (net->RTO == 0) {
416 if (net->RTO_measured) {
417 net->RTO = stcb->asoc.minrto;
418 } else {
419 net->RTO = stcb->asoc.initial_rto;
420 }
421 }
422 net->RTO <<= 1;
423 if (net->RTO > stcb->asoc.maxrto) {
424 net->RTO = stcb->asoc.maxrto;
425 }
426 if ((win_probe == 0) && (num_marked || num_abandoned)) {
427 /* We don't apply penalty to window probe scenarios */
428 /* JRS - Use the congestion control given in the CC module */
429 stcb->asoc.cc_functions.sctp_cwnd_update_after_timeout(stcb, net);
430 }
431 }
432
433 #ifndef INVARIANTS
434 static void
sctp_recover_sent_list(struct sctp_tcb * stcb)435 sctp_recover_sent_list(struct sctp_tcb *stcb)
436 {
437 struct sctp_tmit_chunk *chk, *nchk;
438 struct sctp_association *asoc;
439
440 asoc = &stcb->asoc;
441 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) {
442 if (SCTP_TSN_GE(asoc->last_acked_seq, chk->rec.data.tsn)) {
443 SCTP_PRINTF("Found chk:%p tsn:%x <= last_acked_seq:%x\n",
444 (void *)chk, chk->rec.data.tsn, asoc->last_acked_seq);
445 if (chk->sent != SCTP_DATAGRAM_NR_ACKED) {
446 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) {
447 asoc->strmout[chk->rec.data.sid].chunks_on_queues--;
448 }
449 }
450 if ((asoc->strmout[chk->rec.data.sid].chunks_on_queues == 0) &&
451 (asoc->strmout[chk->rec.data.sid].state == SCTP_STREAM_RESET_PENDING) &&
452 TAILQ_EMPTY(&asoc->strmout[chk->rec.data.sid].outqueue)) {
453 asoc->trigger_reset = 1;
454 }
455 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next);
456 if (PR_SCTP_ENABLED(chk->flags)) {
457 if (asoc->pr_sctp_cnt != 0)
458 asoc->pr_sctp_cnt--;
459 }
460 if (chk->data) {
461 /* sa_ignore NO_NULL_CHK */
462 sctp_free_bufspace(stcb, asoc, chk, 1);
463 sctp_m_freem(chk->data);
464 chk->data = NULL;
465 if (asoc->prsctp_supported && PR_SCTP_BUF_ENABLED(chk->flags)) {
466 asoc->sent_queue_cnt_removeable--;
467 }
468 }
469 asoc->sent_queue_cnt--;
470 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
471 }
472 }
473 SCTP_PRINTF("after recover order is as follows\n");
474 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
475 SCTP_PRINTF("chk:%p TSN:%x\n", (void *)chk, chk->rec.data.tsn);
476 }
477 }
478 #endif
479
480 static int
sctp_mark_all_for_resend(struct sctp_tcb * stcb,struct sctp_nets * net,struct sctp_nets * alt,int window_probe,int * num_marked,int * num_abandoned)481 sctp_mark_all_for_resend(struct sctp_tcb *stcb,
482 struct sctp_nets *net,
483 struct sctp_nets *alt,
484 int window_probe,
485 int *num_marked,
486 int *num_abandoned)
487 {
488
489 /*
490 * Mark all chunks (well not all) that were sent to *net for
491 * retransmission. Move them to alt for there destination as well...
492 * We only mark chunks that have been outstanding long enough to
493 * have received feed-back.
494 */
495 struct sctp_tmit_chunk *chk, *nchk;
496 struct sctp_nets *lnets;
497 struct timeval now, min_wait, tv;
498 int cur_rto;
499 int cnt_abandoned;
500 int audit_tf, num_mk, fir;
501 unsigned int cnt_mk;
502 uint32_t orig_flight, orig_tf;
503 uint32_t tsnlast, tsnfirst;
504 #ifndef INVARIANTS
505 int recovery_cnt = 0;
506 #endif
507
508 /* none in flight now */
509 audit_tf = 0;
510 fir = 0;
511 /*
512 * figure out how long a data chunk must be pending before we can
513 * mark it ..
514 */
515 (void)SCTP_GETTIME_TIMEVAL(&now);
516 /* get cur rto in micro-seconds */
517 cur_rto = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
518 cur_rto *= 1000;
519 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
520 sctp_log_fr(cur_rto,
521 stcb->asoc.peers_rwnd,
522 window_probe,
523 SCTP_FR_T3_MARK_TIME);
524 sctp_log_fr(net->flight_size, 0, 0, SCTP_FR_CWND_REPORT);
525 sctp_log_fr(net->flight_size, net->cwnd, stcb->asoc.total_flight, SCTP_FR_CWND_REPORT);
526 }
527 tv.tv_sec = cur_rto / 1000000;
528 tv.tv_usec = cur_rto % 1000000;
529 min_wait = now;
530 timevalsub(&min_wait, &tv);
531 if (min_wait.tv_sec < 0 || min_wait.tv_usec < 0) {
532 /*
533 * if we hit here, we don't have enough seconds on the clock
534 * to account for the RTO. We just let the lower seconds be
535 * the bounds and don't worry about it. This may mean we
536 * will mark a lot more than we should.
537 */
538 min_wait.tv_sec = min_wait.tv_usec = 0;
539 }
540 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
541 sctp_log_fr(cur_rto, (uint32_t)now.tv_sec, now.tv_usec, SCTP_FR_T3_MARK_TIME);
542 sctp_log_fr(0, (uint32_t)min_wait.tv_sec, min_wait.tv_usec, SCTP_FR_T3_MARK_TIME);
543 }
544 /*
545 * Our rwnd will be incorrect here since we are not adding back the
546 * cnt * mbuf but we will fix that down below.
547 */
548 orig_flight = net->flight_size;
549 orig_tf = stcb->asoc.total_flight;
550
551 net->fast_retran_ip = 0;
552 /* Now on to each chunk */
553 cnt_abandoned = 0;
554 num_mk = cnt_mk = 0;
555 tsnfirst = tsnlast = 0;
556 #ifndef INVARIANTS
557 start_again:
558 #endif
559 TAILQ_FOREACH_SAFE(chk, &stcb->asoc.sent_queue, sctp_next, nchk) {
560 if (SCTP_TSN_GE(stcb->asoc.last_acked_seq, chk->rec.data.tsn)) {
561 /* Strange case our list got out of order? */
562 SCTP_PRINTF("Our list is out of order? last_acked:%x chk:%x\n",
563 (unsigned int)stcb->asoc.last_acked_seq, (unsigned int)chk->rec.data.tsn);
564 #ifdef INVARIANTS
565 panic("last acked >= chk on sent-Q");
566 #else
567 recovery_cnt++;
568 SCTP_PRINTF("Recover attempts a restart cnt:%d\n", recovery_cnt);
569 sctp_recover_sent_list(stcb);
570 if (recovery_cnt < 10) {
571 goto start_again;
572 } else {
573 SCTP_PRINTF("Recovery fails %d times??\n", recovery_cnt);
574 }
575 #endif
576 }
577 if ((chk->whoTo == net) && (chk->sent < SCTP_DATAGRAM_ACKED)) {
578 /*
579 * found one to mark: If it is less than
580 * DATAGRAM_ACKED it MUST not be a skipped or marked
581 * TSN but instead one that is either already set
582 * for retransmission OR one that needs
583 * retransmission.
584 */
585
586 /* validate its been outstanding long enough */
587 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
588 sctp_log_fr(chk->rec.data.tsn,
589 (uint32_t)chk->sent_rcv_time.tv_sec,
590 chk->sent_rcv_time.tv_usec,
591 SCTP_FR_T3_MARK_TIME);
592 }
593 if ((chk->sent_rcv_time.tv_sec > min_wait.tv_sec) && (window_probe == 0)) {
594 /*
595 * we have reached a chunk that was sent
596 * some seconds past our min.. forget it we
597 * will find no more to send.
598 */
599 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
600 sctp_log_fr(0,
601 (uint32_t)chk->sent_rcv_time.tv_sec,
602 chk->sent_rcv_time.tv_usec,
603 SCTP_FR_T3_STOPPED);
604 }
605 continue;
606 } else if ((chk->sent_rcv_time.tv_sec == min_wait.tv_sec) &&
607 (window_probe == 0)) {
608 /*
609 * we must look at the micro seconds to
610 * know.
611 */
612 if (chk->sent_rcv_time.tv_usec >= min_wait.tv_usec) {
613 /*
614 * ok it was sent after our boundary
615 * time.
616 */
617 continue;
618 }
619 }
620 if (stcb->asoc.prsctp_supported && PR_SCTP_TTL_ENABLED(chk->flags)) {
621 /* Is it expired? */
622 if (timevalcmp(&now, &chk->rec.data.timetodrop, >)) {
623 /* Yes so drop it */
624 if (chk->data) {
625 (void)sctp_release_pr_sctp_chunk(stcb,
626 chk,
627 1,
628 SCTP_SO_NOT_LOCKED);
629 cnt_abandoned++;
630 }
631 continue;
632 }
633 }
634 if (stcb->asoc.prsctp_supported && PR_SCTP_RTX_ENABLED(chk->flags)) {
635 /* Has it been retransmitted tv_sec times? */
636 if (chk->snd_count > chk->rec.data.timetodrop.tv_sec) {
637 if (chk->data) {
638 (void)sctp_release_pr_sctp_chunk(stcb,
639 chk,
640 1,
641 SCTP_SO_NOT_LOCKED);
642 cnt_abandoned++;
643 }
644 continue;
645 }
646 }
647 if (chk->sent < SCTP_DATAGRAM_RESEND) {
648 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
649 num_mk++;
650 if (fir == 0) {
651 fir = 1;
652 tsnfirst = chk->rec.data.tsn;
653 }
654 tsnlast = chk->rec.data.tsn;
655 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
656 sctp_log_fr(chk->rec.data.tsn, chk->snd_count,
657 0, SCTP_FR_T3_MARKED);
658 }
659
660 if (chk->rec.data.chunk_was_revoked) {
661 /* deflate the cwnd */
662 chk->whoTo->cwnd -= chk->book_size;
663 chk->rec.data.chunk_was_revoked = 0;
664 }
665 net->marked_retrans++;
666 stcb->asoc.marked_retrans++;
667 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
668 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_RSND_TO,
669 chk->whoTo->flight_size,
670 chk->book_size,
671 (uint32_t)(uintptr_t)chk->whoTo,
672 chk->rec.data.tsn);
673 }
674 sctp_flight_size_decrease(chk);
675 sctp_total_flight_decrease(stcb, chk);
676 stcb->asoc.peers_rwnd += chk->send_size;
677 stcb->asoc.peers_rwnd += SCTP_BASE_SYSCTL(sctp_peer_chunk_oh);
678 }
679 chk->sent = SCTP_DATAGRAM_RESEND;
680 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
681 SCTP_STAT_INCR(sctps_markedretrans);
682
683 /* reset the TSN for striking and other FR stuff */
684 chk->rec.data.doing_fast_retransmit = 0;
685 /* Clear any time so NO RTT is being done */
686
687 if (chk->do_rtt) {
688 if (chk->whoTo->rto_needed == 0) {
689 chk->whoTo->rto_needed = 1;
690 }
691 }
692 chk->do_rtt = 0;
693 if (alt != net) {
694 sctp_free_remote_addr(chk->whoTo);
695 chk->no_fr_allowed = 1;
696 chk->whoTo = alt;
697 atomic_add_int(&alt->ref_count, 1);
698 } else {
699 chk->no_fr_allowed = 0;
700 if (TAILQ_EMPTY(&stcb->asoc.send_queue)) {
701 chk->rec.data.fast_retran_tsn = stcb->asoc.sending_seq;
702 } else {
703 chk->rec.data.fast_retran_tsn = (TAILQ_FIRST(&stcb->asoc.send_queue))->rec.data.tsn;
704 }
705 }
706 /*
707 * CMT: Do not allow FRs on retransmitted TSNs.
708 */
709 if (stcb->asoc.sctp_cmt_on_off > 0) {
710 chk->no_fr_allowed = 1;
711 }
712 #ifdef THIS_SHOULD_NOT_BE_DONE
713 } else if (chk->sent == SCTP_DATAGRAM_ACKED) {
714 /* remember highest acked one */
715 could_be_sent = chk;
716 #endif
717 }
718 if (chk->sent == SCTP_DATAGRAM_RESEND) {
719 cnt_mk++;
720 }
721 }
722 if ((orig_flight - net->flight_size) != (orig_tf - stcb->asoc.total_flight)) {
723 /* we did not subtract the same things? */
724 audit_tf = 1;
725 }
726
727 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
728 sctp_log_fr(tsnfirst, tsnlast, num_mk, SCTP_FR_T3_TIMEOUT);
729 }
730 #ifdef SCTP_DEBUG
731 if (num_mk) {
732 SCTPDBG(SCTP_DEBUG_TIMER1, "LAST TSN marked was %x\n",
733 tsnlast);
734 SCTPDBG(SCTP_DEBUG_TIMER1, "Num marked for retransmission was %d peer-rwd:%u\n",
735 num_mk,
736 stcb->asoc.peers_rwnd);
737 }
738 #endif
739 *num_marked = num_mk;
740 *num_abandoned = cnt_abandoned;
741 /*
742 * Now check for a ECN Echo that may be stranded And include the
743 * cnt_mk'd to have all resends in the control queue.
744 */
745 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
746 if (chk->sent == SCTP_DATAGRAM_RESEND) {
747 cnt_mk++;
748 }
749 if ((chk->whoTo == net) &&
750 (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
751 sctp_free_remote_addr(chk->whoTo);
752 chk->whoTo = alt;
753 if (chk->sent != SCTP_DATAGRAM_RESEND) {
754 chk->sent = SCTP_DATAGRAM_RESEND;
755 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
756 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
757 cnt_mk++;
758 }
759 atomic_add_int(&alt->ref_count, 1);
760 }
761 }
762 #ifdef THIS_SHOULD_NOT_BE_DONE
763 if ((stcb->asoc.sent_queue_retran_cnt == 0) && (could_be_sent)) {
764 /* fix it so we retransmit the highest acked anyway */
765 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
766 cnt_mk++;
767 could_be_sent->sent = SCTP_DATAGRAM_RESEND;
768 }
769 #endif
770 if (stcb->asoc.sent_queue_retran_cnt != cnt_mk) {
771 #ifdef INVARIANTS
772 SCTP_PRINTF("Local Audit says there are %d for retran asoc cnt:%d we marked:%d this time\n",
773 cnt_mk, stcb->asoc.sent_queue_retran_cnt, num_mk);
774 #endif
775 #ifndef SCTP_AUDITING_ENABLED
776 stcb->asoc.sent_queue_retran_cnt = cnt_mk;
777 #endif
778 }
779 if (audit_tf) {
780 SCTPDBG(SCTP_DEBUG_TIMER4,
781 "Audit total flight due to negative value net:%p\n",
782 (void *)net);
783 stcb->asoc.total_flight = 0;
784 stcb->asoc.total_flight_count = 0;
785 /* Clear all networks flight size */
786 TAILQ_FOREACH(lnets, &stcb->asoc.nets, sctp_next) {
787 lnets->flight_size = 0;
788 SCTPDBG(SCTP_DEBUG_TIMER4,
789 "Net:%p c-f cwnd:%d ssthresh:%d\n",
790 (void *)lnets, lnets->cwnd, lnets->ssthresh);
791 }
792 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) {
793 if (chk->sent < SCTP_DATAGRAM_RESEND) {
794 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
795 sctp_misc_ints(SCTP_FLIGHT_LOG_UP,
796 chk->whoTo->flight_size,
797 chk->book_size,
798 (uint32_t)(uintptr_t)chk->whoTo,
799 chk->rec.data.tsn);
800 }
801
802 sctp_flight_size_increase(chk);
803 sctp_total_flight_increase(stcb, chk);
804 }
805 }
806 }
807 /* We return 1 if we only have a window probe outstanding */
808 return (0);
809 }
810
811 int
sctp_t3rxt_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)812 sctp_t3rxt_timer(struct sctp_inpcb *inp,
813 struct sctp_tcb *stcb,
814 struct sctp_nets *net)
815 {
816 struct sctp_nets *alt;
817 int win_probe, num_mk, num_abandoned;
818
819 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
820 sctp_log_fr(0, 0, 0, SCTP_FR_T3_TIMEOUT);
821 }
822 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
823 struct sctp_nets *lnet;
824
825 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) {
826 if (net == lnet) {
827 sctp_log_cwnd(stcb, lnet, 1, SCTP_CWND_LOG_FROM_T3);
828 } else {
829 sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_LOG_FROM_T3);
830 }
831 }
832 }
833 /* Find an alternate and mark those for retransmission */
834 if ((stcb->asoc.peers_rwnd == 0) &&
835 (stcb->asoc.total_flight < net->mtu)) {
836 SCTP_STAT_INCR(sctps_timowindowprobe);
837 win_probe = 1;
838 } else {
839 win_probe = 0;
840 }
841
842 if (win_probe == 0) {
843 /* We don't do normal threshold management on window probes */
844 if (sctp_threshold_management(inp, stcb, net,
845 stcb->asoc.max_send_times)) {
846 /* Association was destroyed */
847 return (1);
848 } else {
849 if (net != stcb->asoc.primary_destination) {
850 /* send a immediate HB if our RTO is stale */
851 struct timeval now;
852 uint32_t ms_goneby;
853
854 (void)SCTP_GETTIME_TIMEVAL(&now);
855 if (net->last_sent_time.tv_sec) {
856 ms_goneby = (uint32_t)(now.tv_sec - net->last_sent_time.tv_sec) * 1000;
857 } else {
858 ms_goneby = 0;
859 }
860 if ((net->dest_state & SCTP_ADDR_PF) == 0) {
861 if ((ms_goneby > net->RTO) || (net->RTO == 0)) {
862 /*
863 * no recent feed back in an
864 * RTO or more, request a
865 * RTT update
866 */
867 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
868 }
869 }
870 }
871 }
872 } else {
873 /*
874 * For a window probe we don't penalize the net's but only
875 * the association. This may fail it if SACKs are not coming
876 * back. If sack's are coming with rwnd locked at 0, we will
877 * continue to hold things waiting for rwnd to raise
878 */
879 if (sctp_threshold_management(inp, stcb, NULL,
880 stcb->asoc.max_send_times)) {
881 /* Association was destroyed */
882 return (1);
883 }
884 }
885 if (stcb->asoc.sctp_cmt_on_off > 0) {
886 if (net->pf_threshold < net->failure_threshold) {
887 alt = sctp_find_alternate_net(stcb, net, 2);
888 } else {
889 /*
890 * CMT: Using RTX_SSTHRESH policy for CMT. If CMT is
891 * being used, then pick dest with largest ssthresh
892 * for any retransmission.
893 */
894 alt = sctp_find_alternate_net(stcb, net, 1);
895 /*
896 * CUCv2: If a different dest is picked for the
897 * retransmission, then new (rtx-)pseudo_cumack
898 * needs to be tracked for orig dest. Let CUCv2
899 * track new (rtx-) pseudo-cumack always.
900 */
901 net->find_pseudo_cumack = 1;
902 net->find_rtx_pseudo_cumack = 1;
903 }
904 } else {
905 alt = sctp_find_alternate_net(stcb, net, 0);
906 }
907
908 num_mk = 0;
909 num_abandoned = 0;
910 (void)sctp_mark_all_for_resend(stcb, net, alt, win_probe,
911 &num_mk, &num_abandoned);
912 /* FR Loss recovery just ended with the T3. */
913 stcb->asoc.fast_retran_loss_recovery = 0;
914
915 /* CMT FR loss recovery ended with the T3 */
916 net->fast_retran_loss_recovery = 0;
917 if ((stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) &&
918 (net->flight_size == 0)) {
919 (*stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) (stcb, net);
920 }
921
922 /*
923 * setup the sat loss recovery that prevents satellite cwnd advance.
924 */
925 stcb->asoc.sat_t3_loss_recovery = 1;
926 stcb->asoc.sat_t3_recovery_tsn = stcb->asoc.sending_seq;
927
928 /* Backoff the timer and cwnd */
929 sctp_backoff_on_timeout(stcb, net, win_probe, num_mk, num_abandoned);
930 if (((net->dest_state & SCTP_ADDR_REACHABLE) == 0) ||
931 (net->dest_state & SCTP_ADDR_PF)) {
932 /* Move all pending over too */
933 sctp_move_chunks_from_net(stcb, net);
934
935 /*
936 * Get the address that failed, to force a new src address
937 * selection and a route allocation.
938 */
939 if (net->ro._s_addr != NULL) {
940 sctp_free_ifa(net->ro._s_addr);
941 net->ro._s_addr = NULL;
942 }
943 net->src_addr_selected = 0;
944
945 /* Force a route allocation too */
946 RO_NHFREE(&net->ro);
947
948 /* Was it our primary? */
949 if ((stcb->asoc.primary_destination == net) && (alt != net)) {
950 /*
951 * Yes, note it as such and find an alternate note:
952 * this means HB code must use this to resent the
953 * primary if it goes active AND if someone does a
954 * change-primary then this flag must be cleared
955 * from any net structures.
956 */
957 if (stcb->asoc.alternate != NULL) {
958 sctp_free_remote_addr(stcb->asoc.alternate);
959 }
960 stcb->asoc.alternate = alt;
961 atomic_add_int(&stcb->asoc.alternate->ref_count, 1);
962 }
963 }
964 /*
965 * Special case for cookie-echo'ed case, we don't do output but must
966 * await the COOKIE-ACK before retransmission
967 */
968 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) {
969 /*
970 * Here we just reset the timer and start again since we
971 * have not established the asoc
972 */
973 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net);
974 return (0);
975 }
976 if (stcb->asoc.prsctp_supported) {
977 struct sctp_tmit_chunk *lchk;
978
979 lchk = sctp_try_advance_peer_ack_point(stcb, &stcb->asoc);
980 /* C3. See if we need to send a Fwd-TSN */
981 if (SCTP_TSN_GT(stcb->asoc.advanced_peer_ack_point, stcb->asoc.last_acked_seq)) {
982 send_forward_tsn(stcb, &stcb->asoc);
983 for (; lchk != NULL; lchk = TAILQ_NEXT(lchk, sctp_next)) {
984 if (lchk->whoTo != NULL) {
985 break;
986 }
987 }
988 if (lchk != NULL) {
989 /* Assure a timer is up */
990 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, lchk->whoTo);
991 }
992 }
993 }
994 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_MONITOR_ENABLE) {
995 sctp_log_cwnd(stcb, net, net->cwnd, SCTP_CWND_LOG_FROM_RTX);
996 }
997 return (0);
998 }
999
1000 int
sctp_t1init_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1001 sctp_t1init_timer(struct sctp_inpcb *inp,
1002 struct sctp_tcb *stcb,
1003 struct sctp_nets *net)
1004 {
1005 /* bump the thresholds */
1006 if (stcb->asoc.delayed_connection) {
1007 /*
1008 * special hook for delayed connection. The library did NOT
1009 * complete the rest of its sends.
1010 */
1011 stcb->asoc.delayed_connection = 0;
1012 sctp_send_initiate(inp, stcb, SCTP_SO_NOT_LOCKED);
1013 return (0);
1014 }
1015 if (SCTP_GET_STATE(stcb) != SCTP_STATE_COOKIE_WAIT) {
1016 return (0);
1017 }
1018 if (sctp_threshold_management(inp, stcb, net,
1019 stcb->asoc.max_init_times)) {
1020 /* Association was destroyed */
1021 return (1);
1022 }
1023 stcb->asoc.dropped_special_cnt = 0;
1024 sctp_backoff_on_timeout(stcb, stcb->asoc.primary_destination, 1, 0, 0);
1025 if (stcb->asoc.initial_init_rto_max < net->RTO) {
1026 net->RTO = stcb->asoc.initial_init_rto_max;
1027 }
1028 if (stcb->asoc.numnets > 1) {
1029 /* If we have more than one addr use it */
1030 struct sctp_nets *alt;
1031
1032 alt = sctp_find_alternate_net(stcb, stcb->asoc.primary_destination, 0);
1033 if (alt != stcb->asoc.primary_destination) {
1034 sctp_move_chunks_from_net(stcb, stcb->asoc.primary_destination);
1035 stcb->asoc.primary_destination = alt;
1036 }
1037 }
1038 /* Send out a new init */
1039 sctp_send_initiate(inp, stcb, SCTP_SO_NOT_LOCKED);
1040 return (0);
1041 }
1042
1043 /*
1044 * For cookie and asconf we actually need to find and mark for resend, then
1045 * increment the resend counter (after all the threshold management stuff of
1046 * course).
1047 */
1048 int
sctp_cookie_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net SCTP_UNUSED)1049 sctp_cookie_timer(struct sctp_inpcb *inp,
1050 struct sctp_tcb *stcb,
1051 struct sctp_nets *net SCTP_UNUSED)
1052 {
1053 struct sctp_nets *alt;
1054 struct sctp_tmit_chunk *cookie;
1055
1056 /* first before all else we must find the cookie */
1057 TAILQ_FOREACH(cookie, &stcb->asoc.control_send_queue, sctp_next) {
1058 if (cookie->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
1059 break;
1060 }
1061 }
1062 if (cookie == NULL) {
1063 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) {
1064 /* FOOBAR! */
1065 struct mbuf *op_err;
1066
1067 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
1068 "Cookie timer expired, but no cookie");
1069 inp->last_abort_code = SCTP_FROM_SCTP_TIMER + SCTP_LOC_3;
1070 sctp_abort_an_association(inp, stcb, op_err, false, SCTP_SO_NOT_LOCKED);
1071 } else {
1072 #ifdef INVARIANTS
1073 panic("Cookie timer expires in wrong state?");
1074 #else
1075 SCTP_PRINTF("Strange in state %d not cookie-echoed yet c-e timer expires?\n", SCTP_GET_STATE(stcb));
1076 return (0);
1077 #endif
1078 }
1079 return (0);
1080 }
1081 /* Ok we found the cookie, threshold management next */
1082 if (sctp_threshold_management(inp, stcb, cookie->whoTo,
1083 stcb->asoc.max_init_times)) {
1084 /* Assoc is over */
1085 return (1);
1086 }
1087 /*
1088 * Cleared threshold management, now lets backoff the address and
1089 * select an alternate
1090 */
1091 stcb->asoc.dropped_special_cnt = 0;
1092 sctp_backoff_on_timeout(stcb, cookie->whoTo, 1, 0, 0);
1093 alt = sctp_find_alternate_net(stcb, cookie->whoTo, 0);
1094 if (alt != cookie->whoTo) {
1095 sctp_free_remote_addr(cookie->whoTo);
1096 cookie->whoTo = alt;
1097 atomic_add_int(&alt->ref_count, 1);
1098 }
1099 /* Now mark the retran info */
1100 if (cookie->sent != SCTP_DATAGRAM_RESEND) {
1101 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1102 }
1103 cookie->sent = SCTP_DATAGRAM_RESEND;
1104 cookie->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1105 /*
1106 * Now call the output routine to kick out the cookie again, Note we
1107 * don't mark any chunks for retran so that FR will need to kick in
1108 * to move these (or a send timer).
1109 */
1110 return (0);
1111 }
1112
1113 int
sctp_strreset_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb)1114 sctp_strreset_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1115 {
1116 struct sctp_nets *alt, *net;
1117 struct sctp_tmit_chunk *strrst = NULL, *chk = NULL;
1118
1119 if (stcb->asoc.stream_reset_outstanding == 0) {
1120 return (0);
1121 }
1122 /* find the existing STRRESET, we use the seq number we sent out on */
1123 (void)sctp_find_stream_reset(stcb, stcb->asoc.str_reset_seq_out, &strrst);
1124 if (strrst == NULL) {
1125 return (0);
1126 }
1127 net = strrst->whoTo;
1128 /* do threshold management */
1129 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1130 /* Assoc is over */
1131 return (1);
1132 }
1133 /*
1134 * Cleared threshold management, now lets backoff the address and
1135 * select an alternate
1136 */
1137 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1138 alt = sctp_find_alternate_net(stcb, net, 0);
1139 strrst->whoTo = alt;
1140 atomic_add_int(&alt->ref_count, 1);
1141
1142 /* See if a ECN Echo is also stranded */
1143 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
1144 if ((chk->whoTo == net) &&
1145 (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
1146 sctp_free_remote_addr(chk->whoTo);
1147 if (chk->sent != SCTP_DATAGRAM_RESEND) {
1148 chk->sent = SCTP_DATAGRAM_RESEND;
1149 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1150 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1151 }
1152 chk->whoTo = alt;
1153 atomic_add_int(&alt->ref_count, 1);
1154 }
1155 }
1156 if ((net->dest_state & SCTP_ADDR_REACHABLE) == 0) {
1157 /*
1158 * If the address went un-reachable, we need to move to
1159 * alternates for ALL chk's in queue
1160 */
1161 sctp_move_chunks_from_net(stcb, net);
1162 }
1163 sctp_free_remote_addr(net);
1164
1165 /* mark the retran info */
1166 if (strrst->sent != SCTP_DATAGRAM_RESEND)
1167 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1168 strrst->sent = SCTP_DATAGRAM_RESEND;
1169 strrst->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1170
1171 /* restart the timer */
1172 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, inp, stcb, alt);
1173 return (0);
1174 }
1175
1176 int
sctp_asconf_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1177 sctp_asconf_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1178 struct sctp_nets *net)
1179 {
1180 struct sctp_nets *alt;
1181 struct sctp_tmit_chunk *asconf, *chk;
1182
1183 /* is this a first send, or a retransmission? */
1184 if (TAILQ_EMPTY(&stcb->asoc.asconf_send_queue)) {
1185 /* compose a new ASCONF chunk and send it */
1186 sctp_send_asconf(stcb, net, SCTP_ADDR_NOT_LOCKED);
1187 } else {
1188 /*
1189 * Retransmission of the existing ASCONF is needed
1190 */
1191
1192 /* find the existing ASCONF */
1193 asconf = TAILQ_FIRST(&stcb->asoc.asconf_send_queue);
1194 if (asconf == NULL) {
1195 return (0);
1196 }
1197 net = asconf->whoTo;
1198 /* do threshold management */
1199 if (sctp_threshold_management(inp, stcb, net,
1200 stcb->asoc.max_send_times)) {
1201 /* Assoc is over */
1202 return (1);
1203 }
1204 if (asconf->snd_count > stcb->asoc.max_send_times) {
1205 /*
1206 * Something is rotten: our peer is not responding
1207 * to ASCONFs but apparently is to other chunks.
1208 * i.e. it is not properly handling the chunk type
1209 * upper bits. Mark this peer as ASCONF incapable
1210 * and cleanup.
1211 */
1212 SCTPDBG(SCTP_DEBUG_TIMER1, "asconf_timer: Peer has not responded to our repeated ASCONFs\n");
1213 sctp_asconf_cleanup(stcb);
1214 return (0);
1215 }
1216 /*
1217 * cleared threshold management, so now backoff the net and
1218 * select an alternate
1219 */
1220 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1221 alt = sctp_find_alternate_net(stcb, net, 0);
1222 if (asconf->whoTo != alt) {
1223 asconf->whoTo = alt;
1224 atomic_add_int(&alt->ref_count, 1);
1225 }
1226
1227 /* See if an ECN Echo is also stranded */
1228 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
1229 if ((chk->whoTo == net) &&
1230 (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
1231 sctp_free_remote_addr(chk->whoTo);
1232 chk->whoTo = alt;
1233 if (chk->sent != SCTP_DATAGRAM_RESEND) {
1234 chk->sent = SCTP_DATAGRAM_RESEND;
1235 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1236 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1237 }
1238 atomic_add_int(&alt->ref_count, 1);
1239 }
1240 }
1241 TAILQ_FOREACH(chk, &stcb->asoc.asconf_send_queue, sctp_next) {
1242 if (chk->whoTo != alt) {
1243 sctp_free_remote_addr(chk->whoTo);
1244 chk->whoTo = alt;
1245 atomic_add_int(&alt->ref_count, 1);
1246 }
1247 if (asconf->sent != SCTP_DATAGRAM_RESEND && chk->sent != SCTP_DATAGRAM_UNSENT)
1248 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1249 chk->sent = SCTP_DATAGRAM_RESEND;
1250 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1251 }
1252 if ((net->dest_state & SCTP_ADDR_REACHABLE) == 0) {
1253 /*
1254 * If the address went un-reachable, we need to move
1255 * to the alternate for ALL chunks in queue
1256 */
1257 sctp_move_chunks_from_net(stcb, net);
1258 }
1259 sctp_free_remote_addr(net);
1260
1261 /* mark the retran info */
1262 if (asconf->sent != SCTP_DATAGRAM_RESEND)
1263 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1264 asconf->sent = SCTP_DATAGRAM_RESEND;
1265 asconf->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1266
1267 /* send another ASCONF if any and we can do */
1268 sctp_send_asconf(stcb, alt, SCTP_ADDR_NOT_LOCKED);
1269 }
1270 return (0);
1271 }
1272
1273 /* Mobility adaptation */
1274 void
sctp_delete_prim_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb)1275 sctp_delete_prim_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1276 {
1277 if (stcb->asoc.deleted_primary == NULL) {
1278 SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: deleted_primary is not stored...\n");
1279 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
1280 return;
1281 }
1282 SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: finished to keep deleted primary ");
1283 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, &stcb->asoc.deleted_primary->ro._l_addr.sa);
1284 sctp_free_remote_addr(stcb->asoc.deleted_primary);
1285 stcb->asoc.deleted_primary = NULL;
1286 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
1287 return;
1288 }
1289
1290 /*
1291 * For the shutdown and shutdown-ack, we do not keep one around on the
1292 * control queue. This means we must generate a new one and call the general
1293 * chunk output routine, AFTER having done threshold management.
1294 * It is assumed that net is non-NULL.
1295 */
1296 int
sctp_shutdown_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1297 sctp_shutdown_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1298 struct sctp_nets *net)
1299 {
1300 struct sctp_nets *alt;
1301
1302 /* first threshold management */
1303 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1304 /* Assoc is over */
1305 return (1);
1306 }
1307 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1308 /* second select an alternative */
1309 alt = sctp_find_alternate_net(stcb, net, 0);
1310
1311 /* third generate a shutdown into the queue for out net */
1312 sctp_send_shutdown(stcb, alt);
1313
1314 /* fourth restart timer */
1315 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, inp, stcb, alt);
1316 return (0);
1317 }
1318
1319 int
sctp_shutdownack_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1320 sctp_shutdownack_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1321 struct sctp_nets *net)
1322 {
1323 struct sctp_nets *alt;
1324
1325 /* first threshold management */
1326 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1327 /* Assoc is over */
1328 return (1);
1329 }
1330 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1331 /* second select an alternative */
1332 alt = sctp_find_alternate_net(stcb, net, 0);
1333
1334 /* third generate a shutdown into the queue for out net */
1335 sctp_send_shutdown_ack(stcb, alt);
1336
1337 /* fourth restart timer */
1338 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK, inp, stcb, alt);
1339 return (0);
1340 }
1341
1342 static void
sctp_audit_stream_queues_for_size(struct sctp_inpcb * inp,struct sctp_tcb * stcb)1343 sctp_audit_stream_queues_for_size(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1344 {
1345 struct sctp_stream_queue_pending *sp;
1346 unsigned int i, chks_in_queue = 0;
1347 int being_filled = 0;
1348
1349 KASSERT(inp != NULL, ("inp is NULL"));
1350 KASSERT(stcb != NULL, ("stcb is NULL"));
1351 SCTP_TCB_LOCK_ASSERT(stcb);
1352 KASSERT(TAILQ_EMPTY(&stcb->asoc.send_queue), ("send_queue not empty"));
1353 KASSERT(TAILQ_EMPTY(&stcb->asoc.sent_queue), ("sent_queue not empty"));
1354
1355 if (stcb->asoc.sent_queue_retran_cnt) {
1356 SCTP_PRINTF("Hmm, sent_queue_retran_cnt is non-zero %d\n",
1357 stcb->asoc.sent_queue_retran_cnt);
1358 stcb->asoc.sent_queue_retran_cnt = 0;
1359 }
1360 if (stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, &stcb->asoc)) {
1361 /* No stream scheduler information, initialize scheduler */
1362 stcb->asoc.ss_functions.sctp_ss_init(stcb, &stcb->asoc);
1363 if (!stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, &stcb->asoc)) {
1364 /* yep, we lost a stream or two */
1365 SCTP_PRINTF("Found additional streams NOT managed by scheduler, corrected\n");
1366 } else {
1367 /* no streams lost */
1368 stcb->asoc.total_output_queue_size = 0;
1369 }
1370 }
1371 /* Check to see if some data queued, if so report it */
1372 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
1373 if (!TAILQ_EMPTY(&stcb->asoc.strmout[i].outqueue)) {
1374 TAILQ_FOREACH(sp, &stcb->asoc.strmout[i].outqueue, next) {
1375 if (sp->msg_is_complete)
1376 being_filled++;
1377 chks_in_queue++;
1378 }
1379 }
1380 }
1381 if (chks_in_queue != stcb->asoc.stream_queue_cnt) {
1382 SCTP_PRINTF("Hmm, stream queue cnt at %d I counted %d in stream out wheel\n",
1383 stcb->asoc.stream_queue_cnt, chks_in_queue);
1384 }
1385 if (chks_in_queue) {
1386 /* call the output queue function */
1387 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED);
1388 if ((TAILQ_EMPTY(&stcb->asoc.send_queue)) &&
1389 (TAILQ_EMPTY(&stcb->asoc.sent_queue))) {
1390 /*
1391 * Probably should go in and make it go back through
1392 * and add fragments allowed
1393 */
1394 if (being_filled == 0) {
1395 SCTP_PRINTF("Still nothing moved %d chunks are stuck\n",
1396 chks_in_queue);
1397 }
1398 }
1399 } else {
1400 SCTP_PRINTF("Found no chunks on any queue tot:%lu\n",
1401 (u_long)stcb->asoc.total_output_queue_size);
1402 stcb->asoc.total_output_queue_size = 0;
1403 }
1404 }
1405
1406 int
sctp_heartbeat_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1407 sctp_heartbeat_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1408 struct sctp_nets *net)
1409 {
1410 bool net_was_pf;
1411
1412 net_was_pf = (net->dest_state & SCTP_ADDR_PF) != 0;
1413 if (net->hb_responded == 0) {
1414 if (net->ro._s_addr != NULL) {
1415 /*
1416 * Invalidate the src address if we did not get a
1417 * response last time.
1418 */
1419 sctp_free_ifa(net->ro._s_addr);
1420 net->ro._s_addr = NULL;
1421 net->src_addr_selected = 0;
1422 }
1423 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1424 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1425 /* Assoc is over */
1426 return (1);
1427 }
1428 }
1429 /* Zero PBA, if it needs it */
1430 if (net->partial_bytes_acked > 0) {
1431 net->partial_bytes_acked = 0;
1432 }
1433 if ((stcb->asoc.total_output_queue_size > 0) &&
1434 (TAILQ_EMPTY(&stcb->asoc.send_queue)) &&
1435 (TAILQ_EMPTY(&stcb->asoc.sent_queue))) {
1436 sctp_audit_stream_queues_for_size(inp, stcb);
1437 }
1438 if ((((net->dest_state & SCTP_ADDR_NOHB) == 0) ||
1439 (net->dest_state & SCTP_ADDR_UNCONFIRMED)) &&
1440 (net_was_pf || ((net->dest_state & SCTP_ADDR_PF) == 0))) {
1441 /*
1442 * When moving to PF during threshold management, a HB has
1443 * been queued in that routine.
1444 */
1445 uint32_t ms_gone_by;
1446
1447 if ((net->last_sent_time.tv_sec > 0) ||
1448 (net->last_sent_time.tv_usec > 0)) {
1449 struct timeval diff;
1450
1451 SCTP_GETTIME_TIMEVAL(&diff);
1452 timevalsub(&diff, &net->last_sent_time);
1453 ms_gone_by = (uint32_t)(diff.tv_sec * 1000) +
1454 (uint32_t)(diff.tv_usec / 1000);
1455 } else {
1456 ms_gone_by = 0xffffffff;
1457 }
1458 if ((ms_gone_by >= net->heart_beat_delay) ||
1459 (net->dest_state & SCTP_ADDR_UNCONFIRMED) ||
1460 (net->dest_state & SCTP_ADDR_PF)) {
1461 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
1462 }
1463 }
1464 return (0);
1465 }
1466
1467 void
sctp_pathmtu_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1468 sctp_pathmtu_timer(struct sctp_inpcb *inp,
1469 struct sctp_tcb *stcb,
1470 struct sctp_nets *net)
1471 {
1472 uint32_t next_mtu, mtu;
1473
1474 next_mtu = sctp_get_next_mtu(net->mtu);
1475
1476 if ((next_mtu > net->mtu) && (net->port == 0)) {
1477 if ((net->src_addr_selected == 0) ||
1478 (net->ro._s_addr == NULL) ||
1479 (net->ro._s_addr->localifa_flags & SCTP_BEING_DELETED)) {
1480 if ((net->ro._s_addr != NULL) && (net->ro._s_addr->localifa_flags & SCTP_BEING_DELETED)) {
1481 sctp_free_ifa(net->ro._s_addr);
1482 net->ro._s_addr = NULL;
1483 net->src_addr_selected = 0;
1484 } else if (net->ro._s_addr == NULL) {
1485 #if defined(INET6) && defined(SCTP_EMBEDDED_V6_SCOPE)
1486 if (net->ro._l_addr.sa.sa_family == AF_INET6) {
1487 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1488
1489 /* KAME hack: embed scopeid */
1490 (void)sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
1491 }
1492 #endif
1493
1494 net->ro._s_addr = sctp_source_address_selection(inp,
1495 stcb,
1496 (sctp_route_t *)&net->ro,
1497 net, 0, stcb->asoc.vrf_id);
1498 #if defined(INET6) && defined(SCTP_EMBEDDED_V6_SCOPE)
1499 if (net->ro._l_addr.sa.sa_family == AF_INET6) {
1500 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1501
1502 (void)sa6_recoverscope(sin6);
1503 }
1504 #endif /* INET6 */
1505 }
1506 if (net->ro._s_addr)
1507 net->src_addr_selected = 1;
1508 }
1509 if (net->ro._s_addr) {
1510 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._s_addr.sa, net->ro.ro_nh);
1511 #if defined(INET) || defined(INET6)
1512 if (net->port) {
1513 mtu -= sizeof(struct udphdr);
1514 }
1515 #endif
1516 if (mtu > next_mtu) {
1517 net->mtu = next_mtu;
1518 } else {
1519 net->mtu = mtu;
1520 }
1521 }
1522 }
1523 /* restart the timer */
1524 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net);
1525 }
1526
1527 void
sctp_autoclose_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb)1528 sctp_autoclose_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1529 {
1530 struct timeval tn, *tim_touse;
1531 struct sctp_association *asoc;
1532 uint32_t ticks_gone_by;
1533
1534 (void)SCTP_GETTIME_TIMEVAL(&tn);
1535 if (stcb->asoc.sctp_autoclose_ticks > 0 &&
1536 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1537 /* Auto close is on */
1538 asoc = &stcb->asoc;
1539 /* pick the time to use */
1540 if (asoc->time_last_rcvd.tv_sec >
1541 asoc->time_last_sent.tv_sec) {
1542 tim_touse = &asoc->time_last_rcvd;
1543 } else {
1544 tim_touse = &asoc->time_last_sent;
1545 }
1546 /* Now has long enough transpired to autoclose? */
1547 ticks_gone_by = sctp_secs_to_ticks((uint32_t)(tn.tv_sec - tim_touse->tv_sec));
1548 if (ticks_gone_by >= asoc->sctp_autoclose_ticks) {
1549 /*
1550 * autoclose time has hit, call the output routine,
1551 * which should do nothing just to be SURE we don't
1552 * have hanging data. We can then safely check the
1553 * queues and know that we are clear to send
1554 * shutdown
1555 */
1556 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR, SCTP_SO_NOT_LOCKED);
1557 /* Are we clean? */
1558 if (TAILQ_EMPTY(&asoc->send_queue) &&
1559 TAILQ_EMPTY(&asoc->sent_queue)) {
1560 /*
1561 * there is nothing queued to send, so I'm
1562 * done...
1563 */
1564 if (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) {
1565 /* only send SHUTDOWN 1st time thru */
1566 struct sctp_nets *net;
1567
1568 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) ||
1569 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
1570 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
1571 }
1572 SCTP_SET_STATE(stcb, SCTP_STATE_SHUTDOWN_SENT);
1573 sctp_stop_timers_for_shutdown(stcb);
1574 if (stcb->asoc.alternate) {
1575 net = stcb->asoc.alternate;
1576 } else {
1577 net = stcb->asoc.primary_destination;
1578 }
1579 sctp_send_shutdown(stcb, net);
1580 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
1581 stcb->sctp_ep, stcb, net);
1582 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1583 stcb->sctp_ep, stcb, NULL);
1584 }
1585 }
1586 } else {
1587 /*
1588 * No auto close at this time, reset t-o to check
1589 * later
1590 */
1591 uint32_t tmp;
1592
1593 /* fool the timer startup to use the time left */
1594 tmp = asoc->sctp_autoclose_ticks;
1595 asoc->sctp_autoclose_ticks -= ticks_gone_by;
1596 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL);
1597 /* restore the real tick value */
1598 asoc->sctp_autoclose_ticks = tmp;
1599 }
1600 }
1601 }
1602