xref: /freebsd/sys/netinet/sctp_timer.c (revision 70e0bbedef95258a4dadc996d641a9bebd3f107d)
1 /*-
2  * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved.
3  * Copyright (c) 2008-2011, by Randall Stewart. All rights reserved.
4  * Copyright (c) 2008-2011, by Michael Tuexen. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions are met:
8  *
9  * a) Redistributions of source code must retain the above copyright notice,
10  *    this list of conditions and the following disclaimer.
11  *
12  * b) Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in
14  *    the documentation and/or other materials provided with the distribution.
15  *
16  * c) Neither the name of Cisco Systems, Inc. nor the names of its
17  *    contributors may be used to endorse or promote products derived
18  *    from this software without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
30  * THE POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 /* $KAME: sctp_timer.c,v 1.29 2005/03/06 16:04:18 itojun Exp $	 */
34 
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
37 
38 #define _IP_VHL
39 #include <netinet/sctp_os.h>
40 #include <netinet/sctp_pcb.h>
41 #ifdef INET6
42 #endif
43 #include <netinet/sctp_var.h>
44 #include <netinet/sctp_sysctl.h>
45 #include <netinet/sctp_timer.h>
46 #include <netinet/sctputil.h>
47 #include <netinet/sctp_output.h>
48 #include <netinet/sctp_header.h>
49 #include <netinet/sctp_indata.h>
50 #include <netinet/sctp_asconf.h>
51 #include <netinet/sctp_input.h>
52 #include <netinet/sctp.h>
53 #include <netinet/sctp_uio.h>
54 #include <netinet/udp.h>
55 
56 
57 void
58 sctp_audit_retranmission_queue(struct sctp_association *asoc)
59 {
60 	struct sctp_tmit_chunk *chk;
61 
62 	SCTPDBG(SCTP_DEBUG_TIMER4, "Audit invoked on send queue cnt:%d onqueue:%d\n",
63 	    asoc->sent_queue_retran_cnt,
64 	    asoc->sent_queue_cnt);
65 	asoc->sent_queue_retran_cnt = 0;
66 	asoc->sent_queue_cnt = 0;
67 	TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
68 		if (chk->sent == SCTP_DATAGRAM_RESEND) {
69 			sctp_ucount_incr(asoc->sent_queue_retran_cnt);
70 		}
71 		asoc->sent_queue_cnt++;
72 	}
73 	TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
74 		if (chk->sent == SCTP_DATAGRAM_RESEND) {
75 			sctp_ucount_incr(asoc->sent_queue_retran_cnt);
76 		}
77 	}
78 	TAILQ_FOREACH(chk, &asoc->asconf_send_queue, sctp_next) {
79 		if (chk->sent == SCTP_DATAGRAM_RESEND) {
80 			sctp_ucount_incr(asoc->sent_queue_retran_cnt);
81 		}
82 	}
83 	SCTPDBG(SCTP_DEBUG_TIMER4, "Audit completes retran:%d onqueue:%d\n",
84 	    asoc->sent_queue_retran_cnt,
85 	    asoc->sent_queue_cnt);
86 }
87 
88 int
89 sctp_threshold_management(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
90     struct sctp_nets *net, uint16_t threshold)
91 {
92 	if (net) {
93 		net->error_count++;
94 		SCTPDBG(SCTP_DEBUG_TIMER4, "Error count for %p now %d thresh:%d\n",
95 		    net, net->error_count,
96 		    net->failure_threshold);
97 		if (net->error_count > net->failure_threshold) {
98 			/* We had a threshold failure */
99 			if (net->dest_state & SCTP_ADDR_REACHABLE) {
100 				net->dest_state &= ~SCTP_ADDR_REACHABLE;
101 				net->dest_state &= ~SCTP_ADDR_REQ_PRIMARY;
102 				net->dest_state &= ~SCTP_ADDR_PF;
103 				sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN,
104 				    stcb,
105 				    SCTP_FAILED_THRESHOLD,
106 				    (void *)net, SCTP_SO_NOT_LOCKED);
107 			}
108 		} else if ((net->pf_threshold < net->failure_threshold) &&
109 		    (net->error_count > net->pf_threshold)) {
110 			if (!(net->dest_state & SCTP_ADDR_PF)) {
111 				net->dest_state |= SCTP_ADDR_PF;
112 				net->last_active = sctp_get_tick_count();
113 				sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
114 				sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_TIMER + SCTP_LOC_3);
115 				sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net);
116 			}
117 		}
118 	}
119 	if (stcb == NULL)
120 		return (0);
121 
122 	if (net) {
123 		if ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0) {
124 			if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
125 				sctp_misc_ints(SCTP_THRESHOLD_INCR,
126 				    stcb->asoc.overall_error_count,
127 				    (stcb->asoc.overall_error_count + 1),
128 				    SCTP_FROM_SCTP_TIMER,
129 				    __LINE__);
130 			}
131 			stcb->asoc.overall_error_count++;
132 		}
133 	} else {
134 		if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
135 			sctp_misc_ints(SCTP_THRESHOLD_INCR,
136 			    stcb->asoc.overall_error_count,
137 			    (stcb->asoc.overall_error_count + 1),
138 			    SCTP_FROM_SCTP_TIMER,
139 			    __LINE__);
140 		}
141 		stcb->asoc.overall_error_count++;
142 	}
143 	SCTPDBG(SCTP_DEBUG_TIMER4, "Overall error count for %p now %d thresh:%u state:%x\n",
144 	    &stcb->asoc, stcb->asoc.overall_error_count,
145 	    (uint32_t) threshold,
146 	    ((net == NULL) ? (uint32_t) 0 : (uint32_t) net->dest_state));
147 	/*
148 	 * We specifically do not do >= to give the assoc one more change
149 	 * before we fail it.
150 	 */
151 	if (stcb->asoc.overall_error_count > threshold) {
152 		/* Abort notification sends a ULP notify */
153 		struct mbuf *oper;
154 
155 		oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
156 		    0, M_DONTWAIT, 1, MT_DATA);
157 		if (oper) {
158 			struct sctp_paramhdr *ph;
159 			uint32_t *ippp;
160 
161 			SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
162 			    sizeof(uint32_t);
163 			ph = mtod(oper, struct sctp_paramhdr *);
164 			ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
165 			ph->param_length = htons(SCTP_BUF_LEN(oper));
166 			ippp = (uint32_t *) (ph + 1);
167 			*ippp = htonl(SCTP_FROM_SCTP_TIMER + SCTP_LOC_1);
168 		}
169 		inp->last_abort_code = SCTP_FROM_SCTP_TIMER + SCTP_LOC_1;
170 		sctp_abort_an_association(inp, stcb, SCTP_FAILED_THRESHOLD, oper, SCTP_SO_NOT_LOCKED);
171 		return (1);
172 	}
173 	return (0);
174 }
175 
176 /*
177  * sctp_find_alternate_net() returns a non-NULL pointer as long
178  * the argument net is non-NULL.
179  */
180 struct sctp_nets *
181 sctp_find_alternate_net(struct sctp_tcb *stcb,
182     struct sctp_nets *net,
183     int mode)
184 {
185 	/* Find and return an alternate network if possible */
186 	struct sctp_nets *alt, *mnet, *min_errors_net = NULL, *max_cwnd_net = NULL;
187 	int once;
188 
189 	/* JRS 5/14/07 - Initialize min_errors to an impossible value. */
190 	int min_errors = -1;
191 	uint32_t max_cwnd = 0;
192 
193 	if (stcb->asoc.numnets == 1) {
194 		/* No others but net */
195 		return (TAILQ_FIRST(&stcb->asoc.nets));
196 	}
197 	/*
198 	 * JRS 5/14/07 - If mode is set to 2, use the CMT PF find alternate
199 	 * net algorithm. This algorithm chooses the active destination (not
200 	 * in PF state) with the largest cwnd value. If all destinations are
201 	 * in PF state, unreachable, or unconfirmed, choose the desination
202 	 * that is in PF state with the lowest error count. In case of a
203 	 * tie, choose the destination that was most recently active.
204 	 */
205 	if (mode == 2) {
206 		TAILQ_FOREACH(mnet, &stcb->asoc.nets, sctp_next) {
207 			/*
208 			 * JRS 5/14/07 - If the destination is unreachable
209 			 * or unconfirmed, skip it.
210 			 */
211 			if (((mnet->dest_state & SCTP_ADDR_REACHABLE) != SCTP_ADDR_REACHABLE) ||
212 			    (mnet->dest_state & SCTP_ADDR_UNCONFIRMED)) {
213 				continue;
214 			}
215 			/*
216 			 * JRS 5/14/07 -  If the destination is reachable
217 			 * but in PF state, compare the error count of the
218 			 * destination to the minimum error count seen thus
219 			 * far. Store the destination with the lower error
220 			 * count.  If the error counts are equal, store the
221 			 * destination that was most recently active.
222 			 */
223 			if (mnet->dest_state & SCTP_ADDR_PF) {
224 				/*
225 				 * JRS 5/14/07 - If the destination under
226 				 * consideration is the current destination,
227 				 * work as if the error count is one higher.
228 				 * The actual error count will not be
229 				 * incremented until later in the t3
230 				 * handler.
231 				 */
232 				if (mnet == net) {
233 					if (min_errors == -1) {
234 						min_errors = mnet->error_count + 1;
235 						min_errors_net = mnet;
236 					} else if (mnet->error_count + 1 < min_errors) {
237 						min_errors = mnet->error_count + 1;
238 						min_errors_net = mnet;
239 					} else if (mnet->error_count + 1 == min_errors
240 					    && mnet->last_active > min_errors_net->last_active) {
241 						min_errors_net = mnet;
242 						min_errors = mnet->error_count + 1;
243 					}
244 					continue;
245 				} else {
246 					if (min_errors == -1) {
247 						min_errors = mnet->error_count;
248 						min_errors_net = mnet;
249 					} else if (mnet->error_count < min_errors) {
250 						min_errors = mnet->error_count;
251 						min_errors_net = mnet;
252 					} else if (mnet->error_count == min_errors
253 					    && mnet->last_active > min_errors_net->last_active) {
254 						min_errors_net = mnet;
255 						min_errors = mnet->error_count;
256 					}
257 					continue;
258 				}
259 			}
260 			/*
261 			 * JRS 5/14/07 - If the destination is reachable and
262 			 * not in PF state, compare the cwnd of the
263 			 * destination to the highest cwnd seen thus far.
264 			 * Store the destination with the higher cwnd value.
265 			 * If the cwnd values are equal, randomly choose one
266 			 * of the two destinations.
267 			 */
268 			if (max_cwnd < mnet->cwnd) {
269 				max_cwnd_net = mnet;
270 				max_cwnd = mnet->cwnd;
271 			} else if (max_cwnd == mnet->cwnd) {
272 				uint32_t rndval;
273 				uint8_t this_random;
274 
275 				if (stcb->asoc.hb_random_idx > 3) {
276 					rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
277 					memcpy(stcb->asoc.hb_random_values, &rndval, sizeof(stcb->asoc.hb_random_values));
278 					this_random = stcb->asoc.hb_random_values[0];
279 					stcb->asoc.hb_random_idx++;
280 					stcb->asoc.hb_ect_randombit = 0;
281 				} else {
282 					this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
283 					stcb->asoc.hb_random_idx++;
284 					stcb->asoc.hb_ect_randombit = 0;
285 				}
286 				if (this_random % 2 == 1) {
287 					max_cwnd_net = mnet;
288 					max_cwnd = mnet->cwnd;	/* Useless? */
289 				}
290 			}
291 		}
292 		if (max_cwnd_net == NULL) {
293 			if (min_errors_net == NULL) {
294 				return (net);
295 			}
296 			return (min_errors_net);
297 		} else {
298 			return (max_cwnd_net);
299 		}
300 	}
301 	/*
302 	 * JRS 5/14/07 - If mode is set to 1, use the CMT policy for
303 	 * choosing an alternate net.
304 	 */
305 	else if (mode == 1) {
306 		TAILQ_FOREACH(mnet, &stcb->asoc.nets, sctp_next) {
307 			if (((mnet->dest_state & SCTP_ADDR_REACHABLE) != SCTP_ADDR_REACHABLE) ||
308 			    (mnet->dest_state & SCTP_ADDR_UNCONFIRMED)) {
309 				/*
310 				 * will skip ones that are not-reachable or
311 				 * unconfirmed
312 				 */
313 				continue;
314 			}
315 			if (max_cwnd < mnet->cwnd) {
316 				max_cwnd_net = mnet;
317 				max_cwnd = mnet->cwnd;
318 			} else if (max_cwnd == mnet->cwnd) {
319 				uint32_t rndval;
320 				uint8_t this_random;
321 
322 				if (stcb->asoc.hb_random_idx > 3) {
323 					rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
324 					memcpy(stcb->asoc.hb_random_values, &rndval,
325 					    sizeof(stcb->asoc.hb_random_values));
326 					this_random = stcb->asoc.hb_random_values[0];
327 					stcb->asoc.hb_random_idx = 0;
328 					stcb->asoc.hb_ect_randombit = 0;
329 				} else {
330 					this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
331 					stcb->asoc.hb_random_idx++;
332 					stcb->asoc.hb_ect_randombit = 0;
333 				}
334 				if (this_random % 2) {
335 					max_cwnd_net = mnet;
336 					max_cwnd = mnet->cwnd;
337 				}
338 			}
339 		}
340 		if (max_cwnd_net) {
341 			return (max_cwnd_net);
342 		}
343 	}
344 	mnet = net;
345 	once = 0;
346 
347 	if (mnet == NULL) {
348 		mnet = TAILQ_FIRST(&stcb->asoc.nets);
349 		if (mnet == NULL) {
350 			return (NULL);
351 		}
352 	}
353 	do {
354 		alt = TAILQ_NEXT(mnet, sctp_next);
355 		if (alt == NULL) {
356 			once++;
357 			if (once > 1) {
358 				break;
359 			}
360 			alt = TAILQ_FIRST(&stcb->asoc.nets);
361 			if (alt == NULL) {
362 				return (NULL);
363 			}
364 		}
365 		if (alt->ro.ro_rt == NULL) {
366 			if (alt->ro._s_addr) {
367 				sctp_free_ifa(alt->ro._s_addr);
368 				alt->ro._s_addr = NULL;
369 			}
370 			alt->src_addr_selected = 0;
371 		}
372 		/* sa_ignore NO_NULL_CHK */
373 		if (((alt->dest_state & SCTP_ADDR_REACHABLE) == SCTP_ADDR_REACHABLE) &&
374 		    (alt->ro.ro_rt != NULL) &&
375 		    (!(alt->dest_state & SCTP_ADDR_UNCONFIRMED))) {
376 			/* Found a reachable address */
377 			break;
378 		}
379 		mnet = alt;
380 	} while (alt != NULL);
381 
382 	if (alt == NULL) {
383 		/* Case where NO insv network exists (dormant state) */
384 		/* we rotate destinations */
385 		once = 0;
386 		mnet = net;
387 		do {
388 			if (mnet == NULL) {
389 				return (TAILQ_FIRST(&stcb->asoc.nets));
390 			}
391 			alt = TAILQ_NEXT(mnet, sctp_next);
392 			if (alt == NULL) {
393 				once++;
394 				if (once > 1) {
395 					break;
396 				}
397 				alt = TAILQ_FIRST(&stcb->asoc.nets);
398 			}
399 			/* sa_ignore NO_NULL_CHK */
400 			if ((!(alt->dest_state & SCTP_ADDR_UNCONFIRMED)) &&
401 			    (alt != net)) {
402 				/* Found an alternate address */
403 				break;
404 			}
405 			mnet = alt;
406 		} while (alt != NULL);
407 	}
408 	if (alt == NULL) {
409 		return (net);
410 	}
411 	return (alt);
412 }
413 
414 static void
415 sctp_backoff_on_timeout(struct sctp_tcb *stcb,
416     struct sctp_nets *net,
417     int win_probe,
418     int num_marked, int num_abandoned)
419 {
420 	if (net->RTO == 0) {
421 		net->RTO = stcb->asoc.minrto;
422 	}
423 	net->RTO <<= 1;
424 	if (net->RTO > stcb->asoc.maxrto) {
425 		net->RTO = stcb->asoc.maxrto;
426 	}
427 	if ((win_probe == 0) && (num_marked || num_abandoned)) {
428 		/* We don't apply penalty to window probe scenarios */
429 		/* JRS - Use the congestion control given in the CC module */
430 		stcb->asoc.cc_functions.sctp_cwnd_update_after_timeout(stcb, net);
431 	}
432 }
433 
434 #ifndef INVARIANTS
435 static void
436 sctp_recover_sent_list(struct sctp_tcb *stcb)
437 {
438 	struct sctp_tmit_chunk *chk, *nchk;
439 	struct sctp_association *asoc;
440 
441 	asoc = &stcb->asoc;
442 	TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) {
443 		if (SCTP_TSN_GE(asoc->last_acked_seq, chk->rec.data.TSN_seq)) {
444 			SCTP_PRINTF("Found chk:%p tsn:%x <= last_acked_seq:%x\n",
445 			    chk, chk->rec.data.TSN_seq, asoc->last_acked_seq);
446 			TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next);
447 			if (chk->pr_sctp_on) {
448 				if (asoc->pr_sctp_cnt != 0)
449 					asoc->pr_sctp_cnt--;
450 			}
451 			if (chk->data) {
452 				/* sa_ignore NO_NULL_CHK */
453 				sctp_free_bufspace(stcb, asoc, chk, 1);
454 				sctp_m_freem(chk->data);
455 				chk->data = NULL;
456 				if (asoc->peer_supports_prsctp && PR_SCTP_BUF_ENABLED(chk->flags)) {
457 					asoc->sent_queue_cnt_removeable--;
458 				}
459 			}
460 			asoc->sent_queue_cnt--;
461 			sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
462 		}
463 	}
464 	SCTP_PRINTF("after recover order is as follows\n");
465 	TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
466 		SCTP_PRINTF("chk:%p TSN:%x\n", chk, chk->rec.data.TSN_seq);
467 	}
468 }
469 
470 #endif
471 
472 static int
473 sctp_mark_all_for_resend(struct sctp_tcb *stcb,
474     struct sctp_nets *net,
475     struct sctp_nets *alt,
476     int window_probe,
477     int *num_marked,
478     int *num_abandoned)
479 {
480 
481 	/*
482 	 * Mark all chunks (well not all) that were sent to *net for
483 	 * retransmission. Move them to alt for there destination as well...
484 	 * We only mark chunks that have been outstanding long enough to
485 	 * have received feed-back.
486 	 */
487 	struct sctp_tmit_chunk *chk, *nchk;
488 	struct sctp_nets *lnets;
489 	struct timeval now, min_wait, tv;
490 	int cur_rto;
491 	int cnt_abandoned;
492 	int audit_tf, num_mk, fir;
493 	unsigned int cnt_mk;
494 	uint32_t orig_flight, orig_tf;
495 	uint32_t tsnlast, tsnfirst;
496 	int recovery_cnt = 0;
497 
498 
499 	/* none in flight now */
500 	audit_tf = 0;
501 	fir = 0;
502 	/*
503 	 * figure out how long a data chunk must be pending before we can
504 	 * mark it ..
505 	 */
506 	(void)SCTP_GETTIME_TIMEVAL(&now);
507 	/* get cur rto in micro-seconds */
508 	cur_rto = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
509 	cur_rto *= 1000;
510 	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
511 		sctp_log_fr(cur_rto,
512 		    stcb->asoc.peers_rwnd,
513 		    window_probe,
514 		    SCTP_FR_T3_MARK_TIME);
515 		sctp_log_fr(net->flight_size, 0, 0, SCTP_FR_CWND_REPORT);
516 		sctp_log_fr(net->flight_size, net->cwnd, stcb->asoc.total_flight, SCTP_FR_CWND_REPORT);
517 	}
518 	tv.tv_sec = cur_rto / 1000000;
519 	tv.tv_usec = cur_rto % 1000000;
520 	min_wait = now;
521 	timevalsub(&min_wait, &tv);
522 	if (min_wait.tv_sec < 0 || min_wait.tv_usec < 0) {
523 		/*
524 		 * if we hit here, we don't have enough seconds on the clock
525 		 * to account for the RTO. We just let the lower seconds be
526 		 * the bounds and don't worry about it. This may mean we
527 		 * will mark a lot more than we should.
528 		 */
529 		min_wait.tv_sec = min_wait.tv_usec = 0;
530 	}
531 	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
532 		sctp_log_fr(cur_rto, now.tv_sec, now.tv_usec, SCTP_FR_T3_MARK_TIME);
533 		sctp_log_fr(0, min_wait.tv_sec, min_wait.tv_usec, SCTP_FR_T3_MARK_TIME);
534 	}
535 	/*
536 	 * Our rwnd will be incorrect here since we are not adding back the
537 	 * cnt * mbuf but we will fix that down below.
538 	 */
539 	orig_flight = net->flight_size;
540 	orig_tf = stcb->asoc.total_flight;
541 
542 	net->fast_retran_ip = 0;
543 	/* Now on to each chunk */
544 	cnt_abandoned = 0;
545 	num_mk = cnt_mk = 0;
546 	tsnfirst = tsnlast = 0;
547 #ifndef INVARIANTS
548 start_again:
549 #endif
550 	TAILQ_FOREACH_SAFE(chk, &stcb->asoc.sent_queue, sctp_next, nchk) {
551 		if (SCTP_TSN_GE(stcb->asoc.last_acked_seq, chk->rec.data.TSN_seq)) {
552 			/* Strange case our list got out of order? */
553 			SCTP_PRINTF("Our list is out of order? last_acked:%x chk:%x",
554 			    (unsigned int)stcb->asoc.last_acked_seq, (unsigned int)chk->rec.data.TSN_seq);
555 			recovery_cnt++;
556 #ifdef INVARIANTS
557 			panic("last acked >= chk on sent-Q");
558 #else
559 			SCTP_PRINTF("Recover attempts a restart cnt:%d\n", recovery_cnt);
560 			sctp_recover_sent_list(stcb);
561 			if (recovery_cnt < 10) {
562 				goto start_again;
563 			} else {
564 				SCTP_PRINTF("Recovery fails %d times??\n", recovery_cnt);
565 			}
566 #endif
567 		}
568 		if ((chk->whoTo == net) && (chk->sent < SCTP_DATAGRAM_ACKED)) {
569 			/*
570 			 * found one to mark: If it is less than
571 			 * DATAGRAM_ACKED it MUST not be a skipped or marked
572 			 * TSN but instead one that is either already set
573 			 * for retransmission OR one that needs
574 			 * retransmission.
575 			 */
576 
577 			/* validate its been outstanding long enough */
578 			if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
579 				sctp_log_fr(chk->rec.data.TSN_seq,
580 				    chk->sent_rcv_time.tv_sec,
581 				    chk->sent_rcv_time.tv_usec,
582 				    SCTP_FR_T3_MARK_TIME);
583 			}
584 			if ((chk->sent_rcv_time.tv_sec > min_wait.tv_sec) && (window_probe == 0)) {
585 				/*
586 				 * we have reached a chunk that was sent
587 				 * some seconds past our min.. forget it we
588 				 * will find no more to send.
589 				 */
590 				if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
591 					sctp_log_fr(0,
592 					    chk->sent_rcv_time.tv_sec,
593 					    chk->sent_rcv_time.tv_usec,
594 					    SCTP_FR_T3_STOPPED);
595 				}
596 				continue;
597 			} else if ((chk->sent_rcv_time.tv_sec == min_wait.tv_sec) &&
598 			    (window_probe == 0)) {
599 				/*
600 				 * we must look at the micro seconds to
601 				 * know.
602 				 */
603 				if (chk->sent_rcv_time.tv_usec >= min_wait.tv_usec) {
604 					/*
605 					 * ok it was sent after our boundary
606 					 * time.
607 					 */
608 					continue;
609 				}
610 			}
611 			if (stcb->asoc.peer_supports_prsctp && PR_SCTP_TTL_ENABLED(chk->flags)) {
612 				/* Is it expired? */
613 				if (timevalcmp(&now, &chk->rec.data.timetodrop, >)) {
614 					/* Yes so drop it */
615 					if (chk->data) {
616 						(void)sctp_release_pr_sctp_chunk(stcb,
617 						    chk,
618 						    (SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_SENT),
619 						    SCTP_SO_NOT_LOCKED);
620 						cnt_abandoned++;
621 					}
622 					continue;
623 				}
624 			}
625 			if (stcb->asoc.peer_supports_prsctp && PR_SCTP_RTX_ENABLED(chk->flags)) {
626 				/* Has it been retransmitted tv_sec times? */
627 				if (chk->snd_count > chk->rec.data.timetodrop.tv_sec) {
628 					if (chk->data) {
629 						(void)sctp_release_pr_sctp_chunk(stcb,
630 						    chk,
631 						    (SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_SENT),
632 						    SCTP_SO_NOT_LOCKED);
633 						cnt_abandoned++;
634 					}
635 					continue;
636 				}
637 			}
638 			if (chk->sent < SCTP_DATAGRAM_RESEND) {
639 				sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
640 				num_mk++;
641 				if (fir == 0) {
642 					fir = 1;
643 					tsnfirst = chk->rec.data.TSN_seq;
644 				}
645 				tsnlast = chk->rec.data.TSN_seq;
646 				if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
647 					sctp_log_fr(chk->rec.data.TSN_seq, chk->snd_count,
648 					    0, SCTP_FR_T3_MARKED);
649 				}
650 				if (chk->rec.data.chunk_was_revoked) {
651 					/* deflate the cwnd */
652 					chk->whoTo->cwnd -= chk->book_size;
653 					chk->rec.data.chunk_was_revoked = 0;
654 				}
655 				net->marked_retrans++;
656 				stcb->asoc.marked_retrans++;
657 				if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
658 					sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_RSND_TO,
659 					    chk->whoTo->flight_size,
660 					    chk->book_size,
661 					    (uintptr_t) chk->whoTo,
662 					    chk->rec.data.TSN_seq);
663 				}
664 				sctp_flight_size_decrease(chk);
665 				sctp_total_flight_decrease(stcb, chk);
666 				stcb->asoc.peers_rwnd += chk->send_size;
667 				stcb->asoc.peers_rwnd += SCTP_BASE_SYSCTL(sctp_peer_chunk_oh);
668 			}
669 			chk->sent = SCTP_DATAGRAM_RESEND;
670 			SCTP_STAT_INCR(sctps_markedretrans);
671 
672 			/* reset the TSN for striking and other FR stuff */
673 			chk->rec.data.doing_fast_retransmit = 0;
674 			/* Clear any time so NO RTT is being done */
675 
676 			if (chk->do_rtt) {
677 				if (chk->whoTo->rto_needed == 0) {
678 					chk->whoTo->rto_needed = 1;
679 				}
680 			}
681 			chk->do_rtt = 0;
682 			if (alt != net) {
683 				sctp_free_remote_addr(chk->whoTo);
684 				chk->no_fr_allowed = 1;
685 				chk->whoTo = alt;
686 				atomic_add_int(&alt->ref_count, 1);
687 			} else {
688 				chk->no_fr_allowed = 0;
689 				if (TAILQ_EMPTY(&stcb->asoc.send_queue)) {
690 					chk->rec.data.fast_retran_tsn = stcb->asoc.sending_seq;
691 				} else {
692 					chk->rec.data.fast_retran_tsn = (TAILQ_FIRST(&stcb->asoc.send_queue))->rec.data.TSN_seq;
693 				}
694 			}
695 			/*
696 			 * CMT: Do not allow FRs on retransmitted TSNs.
697 			 */
698 			if (stcb->asoc.sctp_cmt_on_off > 0) {
699 				chk->no_fr_allowed = 1;
700 			}
701 #ifdef THIS_SHOULD_NOT_BE_DONE
702 		} else if (chk->sent == SCTP_DATAGRAM_ACKED) {
703 			/* remember highest acked one */
704 			could_be_sent = chk;
705 #endif
706 		}
707 		if (chk->sent == SCTP_DATAGRAM_RESEND) {
708 			cnt_mk++;
709 		}
710 	}
711 	if ((orig_flight - net->flight_size) != (orig_tf - stcb->asoc.total_flight)) {
712 		/* we did not subtract the same things? */
713 		audit_tf = 1;
714 	}
715 	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
716 		sctp_log_fr(tsnfirst, tsnlast, num_mk, SCTP_FR_T3_TIMEOUT);
717 	}
718 #ifdef SCTP_DEBUG
719 	if (num_mk) {
720 		SCTPDBG(SCTP_DEBUG_TIMER1, "LAST TSN marked was %x\n",
721 		    tsnlast);
722 		SCTPDBG(SCTP_DEBUG_TIMER1, "Num marked for retransmission was %d peer-rwd:%ld\n",
723 		    num_mk, (u_long)stcb->asoc.peers_rwnd);
724 		SCTPDBG(SCTP_DEBUG_TIMER1, "LAST TSN marked was %x\n",
725 		    tsnlast);
726 		SCTPDBG(SCTP_DEBUG_TIMER1, "Num marked for retransmission was %d peer-rwd:%d\n",
727 		    num_mk,
728 		    (int)stcb->asoc.peers_rwnd);
729 	}
730 #endif
731 	*num_marked = num_mk;
732 	*num_abandoned = cnt_abandoned;
733 	/*
734 	 * Now check for a ECN Echo that may be stranded And include the
735 	 * cnt_mk'd to have all resends in the control queue.
736 	 */
737 	TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
738 		if (chk->sent == SCTP_DATAGRAM_RESEND) {
739 			cnt_mk++;
740 		}
741 		if ((chk->whoTo == net) &&
742 		    (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
743 			sctp_free_remote_addr(chk->whoTo);
744 			chk->whoTo = alt;
745 			if (chk->sent != SCTP_DATAGRAM_RESEND) {
746 				chk->sent = SCTP_DATAGRAM_RESEND;
747 				sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
748 				cnt_mk++;
749 			}
750 			atomic_add_int(&alt->ref_count, 1);
751 		}
752 	}
753 #ifdef THIS_SHOULD_NOT_BE_DONE
754 	if ((stcb->asoc.sent_queue_retran_cnt == 0) && (could_be_sent)) {
755 		/* fix it so we retransmit the highest acked anyway */
756 		sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
757 		cnt_mk++;
758 		could_be_sent->sent = SCTP_DATAGRAM_RESEND;
759 	}
760 #endif
761 	if (stcb->asoc.sent_queue_retran_cnt != cnt_mk) {
762 #ifdef INVARIANTS
763 		SCTP_PRINTF("Local Audit says there are %d for retran asoc cnt:%d we marked:%d this time\n",
764 		    cnt_mk, stcb->asoc.sent_queue_retran_cnt, num_mk);
765 #endif
766 #ifndef SCTP_AUDITING_ENABLED
767 		stcb->asoc.sent_queue_retran_cnt = cnt_mk;
768 #endif
769 	}
770 	if (audit_tf) {
771 		SCTPDBG(SCTP_DEBUG_TIMER4,
772 		    "Audit total flight due to negative value net:%p\n",
773 		    net);
774 		stcb->asoc.total_flight = 0;
775 		stcb->asoc.total_flight_count = 0;
776 		/* Clear all networks flight size */
777 		TAILQ_FOREACH(lnets, &stcb->asoc.nets, sctp_next) {
778 			lnets->flight_size = 0;
779 			SCTPDBG(SCTP_DEBUG_TIMER4,
780 			    "Net:%p c-f cwnd:%d ssthresh:%d\n",
781 			    lnets, lnets->cwnd, lnets->ssthresh);
782 		}
783 		TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) {
784 			if (chk->sent < SCTP_DATAGRAM_RESEND) {
785 				if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
786 					sctp_misc_ints(SCTP_FLIGHT_LOG_UP,
787 					    chk->whoTo->flight_size,
788 					    chk->book_size,
789 					    (uintptr_t) chk->whoTo,
790 					    chk->rec.data.TSN_seq);
791 				}
792 				sctp_flight_size_increase(chk);
793 				sctp_total_flight_increase(stcb, chk);
794 			}
795 		}
796 	}
797 	/* We return 1 if we only have a window probe outstanding */
798 	return (0);
799 }
800 
801 
802 int
803 sctp_t3rxt_timer(struct sctp_inpcb *inp,
804     struct sctp_tcb *stcb,
805     struct sctp_nets *net)
806 {
807 	struct sctp_nets *alt;
808 	int win_probe, num_mk, num_abandoned;
809 
810 	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
811 		sctp_log_fr(0, 0, 0, SCTP_FR_T3_TIMEOUT);
812 	}
813 	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
814 		struct sctp_nets *lnet;
815 
816 		TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) {
817 			if (net == lnet) {
818 				sctp_log_cwnd(stcb, lnet, 1, SCTP_CWND_LOG_FROM_T3);
819 			} else {
820 				sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_LOG_FROM_T3);
821 			}
822 		}
823 	}
824 	/* Find an alternate and mark those for retransmission */
825 	if ((stcb->asoc.peers_rwnd == 0) &&
826 	    (stcb->asoc.total_flight < net->mtu)) {
827 		SCTP_STAT_INCR(sctps_timowindowprobe);
828 		win_probe = 1;
829 	} else {
830 		win_probe = 0;
831 	}
832 
833 	if (win_probe == 0) {
834 		/* We don't do normal threshold management on window probes */
835 		if (sctp_threshold_management(inp, stcb, net,
836 		    stcb->asoc.max_send_times)) {
837 			/* Association was destroyed */
838 			return (1);
839 		} else {
840 			if (net != stcb->asoc.primary_destination) {
841 				/* send a immediate HB if our RTO is stale */
842 				struct timeval now;
843 				unsigned int ms_goneby;
844 
845 				(void)SCTP_GETTIME_TIMEVAL(&now);
846 				if (net->last_sent_time.tv_sec) {
847 					ms_goneby = (now.tv_sec - net->last_sent_time.tv_sec) * 1000;
848 				} else {
849 					ms_goneby = 0;
850 				}
851 				if ((net->dest_state & SCTP_ADDR_PF) == 0) {
852 					if ((ms_goneby > net->RTO) || (net->RTO == 0)) {
853 						/*
854 						 * no recent feed back in an
855 						 * RTO or more, request a
856 						 * RTT update
857 						 */
858 						sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
859 					}
860 				}
861 			}
862 		}
863 	} else {
864 		/*
865 		 * For a window probe we don't penalize the net's but only
866 		 * the association. This may fail it if SACKs are not coming
867 		 * back. If sack's are coming with rwnd locked at 0, we will
868 		 * continue to hold things waiting for rwnd to raise
869 		 */
870 		if (sctp_threshold_management(inp, stcb, NULL,
871 		    stcb->asoc.max_send_times)) {
872 			/* Association was destroyed */
873 			return (1);
874 		}
875 	}
876 	if (stcb->asoc.sctp_cmt_on_off > 0) {
877 		if (net->pf_threshold < net->failure_threshold) {
878 			alt = sctp_find_alternate_net(stcb, net, 2);
879 		} else {
880 			/*
881 			 * CMT: Using RTX_SSTHRESH policy for CMT. If CMT is
882 			 * being used, then pick dest with largest ssthresh
883 			 * for any retransmission.
884 			 */
885 			alt = sctp_find_alternate_net(stcb, net, 1);
886 			/*
887 			 * CUCv2: If a different dest is picked for the
888 			 * retransmission, then new (rtx-)pseudo_cumack
889 			 * needs to be tracked for orig dest. Let CUCv2
890 			 * track new (rtx-) pseudo-cumack always.
891 			 */
892 			net->find_pseudo_cumack = 1;
893 			net->find_rtx_pseudo_cumack = 1;
894 		}
895 	} else {
896 		alt = sctp_find_alternate_net(stcb, net, 0);
897 	}
898 
899 	num_mk = 0;
900 	num_abandoned = 0;
901 	(void)sctp_mark_all_for_resend(stcb, net, alt, win_probe,
902 	    &num_mk, &num_abandoned);
903 	/* FR Loss recovery just ended with the T3. */
904 	stcb->asoc.fast_retran_loss_recovery = 0;
905 
906 	/* CMT FR loss recovery ended with the T3 */
907 	net->fast_retran_loss_recovery = 0;
908 	if ((stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) &&
909 	    (net->flight_size == 0)) {
910 		(*stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) (stcb, net);
911 	}
912 	/*
913 	 * setup the sat loss recovery that prevents satellite cwnd advance.
914 	 */
915 	stcb->asoc.sat_t3_loss_recovery = 1;
916 	stcb->asoc.sat_t3_recovery_tsn = stcb->asoc.sending_seq;
917 
918 	/* Backoff the timer and cwnd */
919 	sctp_backoff_on_timeout(stcb, net, win_probe, num_mk, num_abandoned);
920 	if ((!(net->dest_state & SCTP_ADDR_REACHABLE)) ||
921 	    (net->dest_state & SCTP_ADDR_PF)) {
922 		/* Move all pending over too */
923 		sctp_move_chunks_from_net(stcb, net);
924 
925 		/*
926 		 * Get the address that failed, to force a new src address
927 		 * selecton and a route allocation.
928 		 */
929 		if (net->ro._s_addr) {
930 			sctp_free_ifa(net->ro._s_addr);
931 			net->ro._s_addr = NULL;
932 		}
933 		net->src_addr_selected = 0;
934 
935 		/* Force a route allocation too */
936 		if (net->ro.ro_rt) {
937 			RTFREE(net->ro.ro_rt);
938 			net->ro.ro_rt = NULL;
939 		}
940 		/* Was it our primary? */
941 		if ((stcb->asoc.primary_destination == net) && (alt != net)) {
942 			/*
943 			 * Yes, note it as such and find an alternate note:
944 			 * this means HB code must use this to resent the
945 			 * primary if it goes active AND if someone does a
946 			 * change-primary then this flag must be cleared
947 			 * from any net structures.
948 			 */
949 			if (stcb->asoc.alternate) {
950 				sctp_free_remote_addr(stcb->asoc.alternate);
951 			}
952 			stcb->asoc.alternate = alt;
953 			atomic_add_int(&stcb->asoc.alternate->ref_count, 1);
954 		}
955 	}
956 	/*
957 	 * Special case for cookie-echo'ed case, we don't do output but must
958 	 * await the COOKIE-ACK before retransmission
959 	 */
960 	if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_ECHOED) {
961 		/*
962 		 * Here we just reset the timer and start again since we
963 		 * have not established the asoc
964 		 */
965 		sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net);
966 		return (0);
967 	}
968 	if (stcb->asoc.peer_supports_prsctp) {
969 		struct sctp_tmit_chunk *lchk;
970 
971 		lchk = sctp_try_advance_peer_ack_point(stcb, &stcb->asoc);
972 		/* C3. See if we need to send a Fwd-TSN */
973 		if (SCTP_TSN_GT(stcb->asoc.advanced_peer_ack_point, stcb->asoc.last_acked_seq)) {
974 			send_forward_tsn(stcb, &stcb->asoc);
975 			if (lchk) {
976 				/* Assure a timer is up */
977 				sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, lchk->whoTo);
978 			}
979 		}
980 	}
981 	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_MONITOR_ENABLE) {
982 		sctp_log_cwnd(stcb, net, net->cwnd, SCTP_CWND_LOG_FROM_RTX);
983 	}
984 	return (0);
985 }
986 
987 int
988 sctp_t1init_timer(struct sctp_inpcb *inp,
989     struct sctp_tcb *stcb,
990     struct sctp_nets *net)
991 {
992 	/* bump the thresholds */
993 	if (stcb->asoc.delayed_connection) {
994 		/*
995 		 * special hook for delayed connection. The library did NOT
996 		 * complete the rest of its sends.
997 		 */
998 		stcb->asoc.delayed_connection = 0;
999 		sctp_send_initiate(inp, stcb, SCTP_SO_NOT_LOCKED);
1000 		return (0);
1001 	}
1002 	if (SCTP_GET_STATE((&stcb->asoc)) != SCTP_STATE_COOKIE_WAIT) {
1003 		return (0);
1004 	}
1005 	if (sctp_threshold_management(inp, stcb, net,
1006 	    stcb->asoc.max_init_times)) {
1007 		/* Association was destroyed */
1008 		return (1);
1009 	}
1010 	stcb->asoc.dropped_special_cnt = 0;
1011 	sctp_backoff_on_timeout(stcb, stcb->asoc.primary_destination, 1, 0, 0);
1012 	if (stcb->asoc.initial_init_rto_max < net->RTO) {
1013 		net->RTO = stcb->asoc.initial_init_rto_max;
1014 	}
1015 	if (stcb->asoc.numnets > 1) {
1016 		/* If we have more than one addr use it */
1017 		struct sctp_nets *alt;
1018 
1019 		alt = sctp_find_alternate_net(stcb, stcb->asoc.primary_destination, 0);
1020 		if (alt != stcb->asoc.primary_destination) {
1021 			sctp_move_chunks_from_net(stcb, stcb->asoc.primary_destination);
1022 			stcb->asoc.primary_destination = alt;
1023 		}
1024 	}
1025 	/* Send out a new init */
1026 	sctp_send_initiate(inp, stcb, SCTP_SO_NOT_LOCKED);
1027 	return (0);
1028 }
1029 
1030 /*
1031  * For cookie and asconf we actually need to find and mark for resend, then
1032  * increment the resend counter (after all the threshold management stuff of
1033  * course).
1034  */
1035 int
1036 sctp_cookie_timer(struct sctp_inpcb *inp,
1037     struct sctp_tcb *stcb,
1038     struct sctp_nets *net SCTP_UNUSED)
1039 {
1040 	struct sctp_nets *alt;
1041 	struct sctp_tmit_chunk *cookie;
1042 
1043 	/* first before all else we must find the cookie */
1044 	TAILQ_FOREACH(cookie, &stcb->asoc.control_send_queue, sctp_next) {
1045 		if (cookie->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
1046 			break;
1047 		}
1048 	}
1049 	if (cookie == NULL) {
1050 		if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_ECHOED) {
1051 			/* FOOBAR! */
1052 			struct mbuf *oper;
1053 
1054 			oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
1055 			    0, M_DONTWAIT, 1, MT_DATA);
1056 			if (oper) {
1057 				struct sctp_paramhdr *ph;
1058 				uint32_t *ippp;
1059 
1060 				SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
1061 				    sizeof(uint32_t);
1062 				ph = mtod(oper, struct sctp_paramhdr *);
1063 				ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1064 				ph->param_length = htons(SCTP_BUF_LEN(oper));
1065 				ippp = (uint32_t *) (ph + 1);
1066 				*ippp = htonl(SCTP_FROM_SCTP_TIMER + SCTP_LOC_3);
1067 			}
1068 			inp->last_abort_code = SCTP_FROM_SCTP_TIMER + SCTP_LOC_4;
1069 			sctp_abort_an_association(inp, stcb, SCTP_INTERNAL_ERROR,
1070 			    oper, SCTP_SO_NOT_LOCKED);
1071 		} else {
1072 #ifdef INVARIANTS
1073 			panic("Cookie timer expires in wrong state?");
1074 #else
1075 			SCTP_PRINTF("Strange in state %d not cookie-echoed yet c-e timer expires?\n", SCTP_GET_STATE(&stcb->asoc));
1076 			return (0);
1077 #endif
1078 		}
1079 		return (0);
1080 	}
1081 	/* Ok we found the cookie, threshold management next */
1082 	if (sctp_threshold_management(inp, stcb, cookie->whoTo,
1083 	    stcb->asoc.max_init_times)) {
1084 		/* Assoc is over */
1085 		return (1);
1086 	}
1087 	/*
1088 	 * cleared theshold management now lets backoff the address & select
1089 	 * an alternate
1090 	 */
1091 	stcb->asoc.dropped_special_cnt = 0;
1092 	sctp_backoff_on_timeout(stcb, cookie->whoTo, 1, 0, 0);
1093 	alt = sctp_find_alternate_net(stcb, cookie->whoTo, 0);
1094 	if (alt != cookie->whoTo) {
1095 		sctp_free_remote_addr(cookie->whoTo);
1096 		cookie->whoTo = alt;
1097 		atomic_add_int(&alt->ref_count, 1);
1098 	}
1099 	/* Now mark the retran info */
1100 	if (cookie->sent != SCTP_DATAGRAM_RESEND) {
1101 		sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1102 	}
1103 	cookie->sent = SCTP_DATAGRAM_RESEND;
1104 	/*
1105 	 * Now call the output routine to kick out the cookie again, Note we
1106 	 * don't mark any chunks for retran so that FR will need to kick in
1107 	 * to move these (or a send timer).
1108 	 */
1109 	return (0);
1110 }
1111 
1112 int
1113 sctp_strreset_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1114     struct sctp_nets *net)
1115 {
1116 	struct sctp_nets *alt;
1117 	struct sctp_tmit_chunk *strrst = NULL, *chk = NULL;
1118 
1119 	if (stcb->asoc.stream_reset_outstanding == 0) {
1120 		return (0);
1121 	}
1122 	/* find the existing STRRESET, we use the seq number we sent out on */
1123 	(void)sctp_find_stream_reset(stcb, stcb->asoc.str_reset_seq_out, &strrst);
1124 	if (strrst == NULL) {
1125 		return (0);
1126 	}
1127 	/* do threshold management */
1128 	if (sctp_threshold_management(inp, stcb, strrst->whoTo,
1129 	    stcb->asoc.max_send_times)) {
1130 		/* Assoc is over */
1131 		return (1);
1132 	}
1133 	/*
1134 	 * cleared theshold management now lets backoff the address & select
1135 	 * an alternate
1136 	 */
1137 	sctp_backoff_on_timeout(stcb, strrst->whoTo, 1, 0, 0);
1138 	alt = sctp_find_alternate_net(stcb, strrst->whoTo, 0);
1139 	sctp_free_remote_addr(strrst->whoTo);
1140 	strrst->whoTo = alt;
1141 	atomic_add_int(&alt->ref_count, 1);
1142 
1143 	/* See if a ECN Echo is also stranded */
1144 	TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
1145 		if ((chk->whoTo == net) &&
1146 		    (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
1147 			sctp_free_remote_addr(chk->whoTo);
1148 			if (chk->sent != SCTP_DATAGRAM_RESEND) {
1149 				chk->sent = SCTP_DATAGRAM_RESEND;
1150 				sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1151 			}
1152 			chk->whoTo = alt;
1153 			atomic_add_int(&alt->ref_count, 1);
1154 		}
1155 	}
1156 	if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
1157 		/*
1158 		 * If the address went un-reachable, we need to move to
1159 		 * alternates for ALL chk's in queue
1160 		 */
1161 		sctp_move_chunks_from_net(stcb, net);
1162 	}
1163 	/* mark the retran info */
1164 	if (strrst->sent != SCTP_DATAGRAM_RESEND)
1165 		sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1166 	strrst->sent = SCTP_DATAGRAM_RESEND;
1167 
1168 	/* restart the timer */
1169 	sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, inp, stcb, strrst->whoTo);
1170 	return (0);
1171 }
1172 
1173 int
1174 sctp_asconf_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1175     struct sctp_nets *net)
1176 {
1177 	struct sctp_nets *alt;
1178 	struct sctp_tmit_chunk *asconf, *chk;
1179 
1180 	/* is this a first send, or a retransmission? */
1181 	if (TAILQ_EMPTY(&stcb->asoc.asconf_send_queue)) {
1182 		/* compose a new ASCONF chunk and send it */
1183 		sctp_send_asconf(stcb, net, SCTP_ADDR_NOT_LOCKED);
1184 	} else {
1185 		/*
1186 		 * Retransmission of the existing ASCONF is needed
1187 		 */
1188 
1189 		/* find the existing ASCONF */
1190 		asconf = TAILQ_FIRST(&stcb->asoc.asconf_send_queue);
1191 		if (asconf == NULL) {
1192 			return (0);
1193 		}
1194 		/* do threshold management */
1195 		if (sctp_threshold_management(inp, stcb, asconf->whoTo,
1196 		    stcb->asoc.max_send_times)) {
1197 			/* Assoc is over */
1198 			return (1);
1199 		}
1200 		if (asconf->snd_count > stcb->asoc.max_send_times) {
1201 			/*
1202 			 * Something is rotten: our peer is not responding
1203 			 * to ASCONFs but apparently is to other chunks.
1204 			 * i.e. it is not properly handling the chunk type
1205 			 * upper bits. Mark this peer as ASCONF incapable
1206 			 * and cleanup.
1207 			 */
1208 			SCTPDBG(SCTP_DEBUG_TIMER1, "asconf_timer: Peer has not responded to our repeated ASCONFs\n");
1209 			sctp_asconf_cleanup(stcb, net);
1210 			return (0);
1211 		}
1212 		/*
1213 		 * cleared threshold management, so now backoff the net and
1214 		 * select an alternate
1215 		 */
1216 		sctp_backoff_on_timeout(stcb, asconf->whoTo, 1, 0, 0);
1217 		alt = sctp_find_alternate_net(stcb, asconf->whoTo, 0);
1218 		if (asconf->whoTo != alt) {
1219 			sctp_free_remote_addr(asconf->whoTo);
1220 			asconf->whoTo = alt;
1221 			atomic_add_int(&alt->ref_count, 1);
1222 		}
1223 		/* See if an ECN Echo is also stranded */
1224 		TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
1225 			if ((chk->whoTo == net) &&
1226 			    (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
1227 				sctp_free_remote_addr(chk->whoTo);
1228 				chk->whoTo = alt;
1229 				if (chk->sent != SCTP_DATAGRAM_RESEND) {
1230 					chk->sent = SCTP_DATAGRAM_RESEND;
1231 					sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1232 				}
1233 				atomic_add_int(&alt->ref_count, 1);
1234 			}
1235 		}
1236 		TAILQ_FOREACH(chk, &stcb->asoc.asconf_send_queue, sctp_next) {
1237 			if (chk->whoTo != alt) {
1238 				sctp_free_remote_addr(chk->whoTo);
1239 				chk->whoTo = alt;
1240 				atomic_add_int(&alt->ref_count, 1);
1241 			}
1242 			if (asconf->sent != SCTP_DATAGRAM_RESEND && chk->sent != SCTP_DATAGRAM_UNSENT)
1243 				sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1244 			chk->sent = SCTP_DATAGRAM_RESEND;
1245 		}
1246 		if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
1247 			/*
1248 			 * If the address went un-reachable, we need to move
1249 			 * to the alternate for ALL chunks in queue
1250 			 */
1251 			sctp_move_chunks_from_net(stcb, net);
1252 		}
1253 		/* mark the retran info */
1254 		if (asconf->sent != SCTP_DATAGRAM_RESEND)
1255 			sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1256 		asconf->sent = SCTP_DATAGRAM_RESEND;
1257 
1258 		/* send another ASCONF if any and we can do */
1259 		sctp_send_asconf(stcb, alt, SCTP_ADDR_NOT_LOCKED);
1260 	}
1261 	return (0);
1262 }
1263 
1264 /* Mobility adaptation */
1265 void
1266 sctp_delete_prim_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1267     struct sctp_nets *net SCTP_UNUSED)
1268 {
1269 	if (stcb->asoc.deleted_primary == NULL) {
1270 		SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: deleted_primary is not stored...\n");
1271 		sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
1272 		return;
1273 	}
1274 	SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: finished to keep deleted primary ");
1275 	SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, &stcb->asoc.deleted_primary->ro._l_addr.sa);
1276 	sctp_free_remote_addr(stcb->asoc.deleted_primary);
1277 	stcb->asoc.deleted_primary = NULL;
1278 	sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
1279 	return;
1280 }
1281 
1282 /*
1283  * For the shutdown and shutdown-ack, we do not keep one around on the
1284  * control queue. This means we must generate a new one and call the general
1285  * chunk output routine, AFTER having done threshold management.
1286  * It is assumed that net is non-NULL.
1287  */
1288 int
1289 sctp_shutdown_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1290     struct sctp_nets *net)
1291 {
1292 	struct sctp_nets *alt;
1293 
1294 	/* first threshold managment */
1295 	if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1296 		/* Assoc is over */
1297 		return (1);
1298 	}
1299 	sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1300 	/* second select an alternative */
1301 	alt = sctp_find_alternate_net(stcb, net, 0);
1302 
1303 	/* third generate a shutdown into the queue for out net */
1304 	sctp_send_shutdown(stcb, alt);
1305 
1306 	/* fourth restart timer */
1307 	sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, inp, stcb, alt);
1308 	return (0);
1309 }
1310 
1311 int
1312 sctp_shutdownack_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1313     struct sctp_nets *net)
1314 {
1315 	struct sctp_nets *alt;
1316 
1317 	/* first threshold managment */
1318 	if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1319 		/* Assoc is over */
1320 		return (1);
1321 	}
1322 	sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1323 	/* second select an alternative */
1324 	alt = sctp_find_alternate_net(stcb, net, 0);
1325 
1326 	/* third generate a shutdown into the queue for out net */
1327 	sctp_send_shutdown_ack(stcb, alt);
1328 
1329 	/* fourth restart timer */
1330 	sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK, inp, stcb, alt);
1331 	return (0);
1332 }
1333 
1334 static void
1335 sctp_audit_stream_queues_for_size(struct sctp_inpcb *inp,
1336     struct sctp_tcb *stcb)
1337 {
1338 	struct sctp_stream_queue_pending *sp;
1339 	unsigned int i, chks_in_queue = 0;
1340 	int being_filled = 0;
1341 
1342 	/*
1343 	 * This function is ONLY called when the send/sent queues are empty.
1344 	 */
1345 	if ((stcb == NULL) || (inp == NULL))
1346 		return;
1347 
1348 	if (stcb->asoc.sent_queue_retran_cnt) {
1349 		SCTP_PRINTF("Hmm, sent_queue_retran_cnt is non-zero %d\n",
1350 		    stcb->asoc.sent_queue_retran_cnt);
1351 		stcb->asoc.sent_queue_retran_cnt = 0;
1352 	}
1353 	if (stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, &stcb->asoc)) {
1354 		/* No stream scheduler information, initialize scheduler */
1355 		stcb->asoc.ss_functions.sctp_ss_init(stcb, &stcb->asoc, 0);
1356 		if (!stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, &stcb->asoc)) {
1357 			/* yep, we lost a stream or two */
1358 			SCTP_PRINTF("Found additional streams NOT managed by scheduler, corrected\n");
1359 		} else {
1360 			/* no streams lost */
1361 			stcb->asoc.total_output_queue_size = 0;
1362 		}
1363 	}
1364 	/* Check to see if some data queued, if so report it */
1365 	for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
1366 		if (!TAILQ_EMPTY(&stcb->asoc.strmout[i].outqueue)) {
1367 			TAILQ_FOREACH(sp, &stcb->asoc.strmout[i].outqueue, next) {
1368 				if (sp->msg_is_complete)
1369 					being_filled++;
1370 				chks_in_queue++;
1371 			}
1372 		}
1373 	}
1374 	if (chks_in_queue != stcb->asoc.stream_queue_cnt) {
1375 		SCTP_PRINTF("Hmm, stream queue cnt at %d I counted %d in stream out wheel\n",
1376 		    stcb->asoc.stream_queue_cnt, chks_in_queue);
1377 	}
1378 	if (chks_in_queue) {
1379 		/* call the output queue function */
1380 		sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED);
1381 		if ((TAILQ_EMPTY(&stcb->asoc.send_queue)) &&
1382 		    (TAILQ_EMPTY(&stcb->asoc.sent_queue))) {
1383 			/*
1384 			 * Probably should go in and make it go back through
1385 			 * and add fragments allowed
1386 			 */
1387 			if (being_filled == 0) {
1388 				SCTP_PRINTF("Still nothing moved %d chunks are stuck\n",
1389 				    chks_in_queue);
1390 			}
1391 		}
1392 	} else {
1393 		SCTP_PRINTF("Found no chunks on any queue tot:%lu\n",
1394 		    (u_long)stcb->asoc.total_output_queue_size);
1395 		stcb->asoc.total_output_queue_size = 0;
1396 	}
1397 }
1398 
1399 int
1400 sctp_heartbeat_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1401     struct sctp_nets *net)
1402 {
1403 	uint8_t net_was_pf;
1404 
1405 	if (net->dest_state & SCTP_ADDR_PF) {
1406 		net_was_pf = 1;
1407 	} else {
1408 		net_was_pf = 0;
1409 	}
1410 	if (net->hb_responded == 0) {
1411 		if (net->ro._s_addr) {
1412 			/*
1413 			 * Invalidate the src address if we did not get a
1414 			 * response last time.
1415 			 */
1416 			sctp_free_ifa(net->ro._s_addr);
1417 			net->ro._s_addr = NULL;
1418 			net->src_addr_selected = 0;
1419 		}
1420 		sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1421 		if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1422 			/* Assoc is over */
1423 			return (1);
1424 		}
1425 	}
1426 	/* Zero PBA, if it needs it */
1427 	if (net->partial_bytes_acked) {
1428 		net->partial_bytes_acked = 0;
1429 	}
1430 	if ((stcb->asoc.total_output_queue_size > 0) &&
1431 	    (TAILQ_EMPTY(&stcb->asoc.send_queue)) &&
1432 	    (TAILQ_EMPTY(&stcb->asoc.sent_queue))) {
1433 		sctp_audit_stream_queues_for_size(inp, stcb);
1434 	}
1435 	if (!(net->dest_state & SCTP_ADDR_NOHB) &&
1436 	    !((net_was_pf == 0) && (net->dest_state & SCTP_ADDR_PF))) {
1437 		/*
1438 		 * when move to PF during threshold mangement, a HB has been
1439 		 * queued in that routine
1440 		 */
1441 		sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
1442 	}
1443 	return (0);
1444 }
1445 
1446 void
1447 sctp_pathmtu_timer(struct sctp_inpcb *inp,
1448     struct sctp_tcb *stcb,
1449     struct sctp_nets *net)
1450 {
1451 	uint32_t next_mtu, mtu;
1452 
1453 	next_mtu = sctp_get_next_mtu(net->mtu);
1454 
1455 	if ((next_mtu > net->mtu) && (net->port == 0)) {
1456 		if ((net->src_addr_selected == 0) ||
1457 		    (net->ro._s_addr == NULL) ||
1458 		    (net->ro._s_addr->localifa_flags & SCTP_BEING_DELETED)) {
1459 			if ((net->ro._s_addr != NULL) && (net->ro._s_addr->localifa_flags & SCTP_BEING_DELETED)) {
1460 				sctp_free_ifa(net->ro._s_addr);
1461 				net->ro._s_addr = NULL;
1462 				net->src_addr_selected = 0;
1463 			} else if (net->ro._s_addr == NULL) {
1464 #if defined(INET6) && defined(SCTP_EMBEDDED_V6_SCOPE)
1465 				if (net->ro._l_addr.sa.sa_family == AF_INET6) {
1466 					struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1467 
1468 					/* KAME hack: embed scopeid */
1469 					(void)sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
1470 				}
1471 #endif
1472 
1473 				net->ro._s_addr = sctp_source_address_selection(inp,
1474 				    stcb,
1475 				    (sctp_route_t *) & net->ro,
1476 				    net, 0, stcb->asoc.vrf_id);
1477 #if defined(INET6) && defined(SCTP_EMBEDDED_V6_SCOPE)
1478 				if (net->ro._l_addr.sa.sa_family == AF_INET6) {
1479 					struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1480 
1481 					(void)sa6_recoverscope(sin6);
1482 				}
1483 #endif				/* INET6 */
1484 			}
1485 			if (net->ro._s_addr)
1486 				net->src_addr_selected = 1;
1487 		}
1488 		if (net->ro._s_addr) {
1489 			mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._s_addr.sa, net->ro.ro_rt);
1490 			if (net->port) {
1491 				mtu -= sizeof(struct udphdr);
1492 			}
1493 			if (mtu > next_mtu) {
1494 				net->mtu = next_mtu;
1495 			}
1496 		}
1497 	}
1498 	/* restart the timer */
1499 	sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net);
1500 }
1501 
1502 void
1503 sctp_autoclose_timer(struct sctp_inpcb *inp,
1504     struct sctp_tcb *stcb,
1505     struct sctp_nets *net)
1506 {
1507 	struct timeval tn, *tim_touse;
1508 	struct sctp_association *asoc;
1509 	int ticks_gone_by;
1510 
1511 	(void)SCTP_GETTIME_TIMEVAL(&tn);
1512 	if (stcb->asoc.sctp_autoclose_ticks &&
1513 	    sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1514 		/* Auto close is on */
1515 		asoc = &stcb->asoc;
1516 		/* pick the time to use */
1517 		if (asoc->time_last_rcvd.tv_sec >
1518 		    asoc->time_last_sent.tv_sec) {
1519 			tim_touse = &asoc->time_last_rcvd;
1520 		} else {
1521 			tim_touse = &asoc->time_last_sent;
1522 		}
1523 		/* Now has long enough transpired to autoclose? */
1524 		ticks_gone_by = SEC_TO_TICKS(tn.tv_sec - tim_touse->tv_sec);
1525 		if ((ticks_gone_by > 0) &&
1526 		    (ticks_gone_by >= (int)asoc->sctp_autoclose_ticks)) {
1527 			/*
1528 			 * autoclose time has hit, call the output routine,
1529 			 * which should do nothing just to be SURE we don't
1530 			 * have hanging data. We can then safely check the
1531 			 * queues and know that we are clear to send
1532 			 * shutdown
1533 			 */
1534 			sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR, SCTP_SO_NOT_LOCKED);
1535 			/* Are we clean? */
1536 			if (TAILQ_EMPTY(&asoc->send_queue) &&
1537 			    TAILQ_EMPTY(&asoc->sent_queue)) {
1538 				/*
1539 				 * there is nothing queued to send, so I'm
1540 				 * done...
1541 				 */
1542 				if (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) {
1543 					/* only send SHUTDOWN 1st time thru */
1544 					struct sctp_nets *netp;
1545 
1546 					if (stcb->asoc.alternate) {
1547 						netp = stcb->asoc.alternate;
1548 					} else {
1549 						netp = stcb->asoc.primary_destination;
1550 					}
1551 					sctp_send_shutdown(stcb, netp);
1552 					if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) ||
1553 					    (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
1554 						SCTP_STAT_DECR_GAUGE32(sctps_currestab);
1555 					}
1556 					SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
1557 					SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
1558 					sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
1559 					    stcb->sctp_ep, stcb,
1560 					    netp);
1561 					sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1562 					    stcb->sctp_ep, stcb,
1563 					    netp);
1564 				}
1565 			}
1566 		} else {
1567 			/*
1568 			 * No auto close at this time, reset t-o to check
1569 			 * later
1570 			 */
1571 			int tmp;
1572 
1573 			/* fool the timer startup to use the time left */
1574 			tmp = asoc->sctp_autoclose_ticks;
1575 			asoc->sctp_autoclose_ticks -= ticks_gone_by;
1576 			sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb,
1577 			    net);
1578 			/* restore the real tick value */
1579 			asoc->sctp_autoclose_ticks = tmp;
1580 		}
1581 	}
1582 }
1583