xref: /freebsd/sys/netinet/sctp_timer.c (revision e3514747256465c52c3b2aedc9795f52c0d3efe9)
1 /*-
2  * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved.
3  * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
4  * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions are met:
8  *
9  * a) Redistributions of source code must retain the above copyright notice,
10  *    this list of conditions and the following disclaimer.
11  *
12  * b) Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in
14  *    the documentation and/or other materials provided with the distribution.
15  *
16  * c) Neither the name of Cisco Systems, Inc. nor the names of its
17  *    contributors may be used to endorse or promote products derived
18  *    from this software without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
30  * THE POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
35 
36 #define _IP_VHL
37 #include <netinet/sctp_os.h>
38 #include <netinet/sctp_pcb.h>
39 #ifdef INET6
40 #endif
41 #include <netinet/sctp_var.h>
42 #include <netinet/sctp_sysctl.h>
43 #include <netinet/sctp_timer.h>
44 #include <netinet/sctputil.h>
45 #include <netinet/sctp_output.h>
46 #include <netinet/sctp_header.h>
47 #include <netinet/sctp_indata.h>
48 #include <netinet/sctp_asconf.h>
49 #include <netinet/sctp_input.h>
50 #include <netinet/sctp.h>
51 #include <netinet/sctp_uio.h>
52 #if defined(INET) || defined(INET6)
53 #include <netinet/udp.h>
54 #endif
55 
56 
57 void
58 sctp_audit_retranmission_queue(struct sctp_association *asoc)
59 {
60 	struct sctp_tmit_chunk *chk;
61 
62 	SCTPDBG(SCTP_DEBUG_TIMER4, "Audit invoked on send queue cnt:%d onqueue:%d\n",
63 	    asoc->sent_queue_retran_cnt,
64 	    asoc->sent_queue_cnt);
65 	asoc->sent_queue_retran_cnt = 0;
66 	asoc->sent_queue_cnt = 0;
67 	TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
68 		if (chk->sent == SCTP_DATAGRAM_RESEND) {
69 			sctp_ucount_incr(asoc->sent_queue_retran_cnt);
70 		}
71 		asoc->sent_queue_cnt++;
72 	}
73 	TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
74 		if (chk->sent == SCTP_DATAGRAM_RESEND) {
75 			sctp_ucount_incr(asoc->sent_queue_retran_cnt);
76 		}
77 	}
78 	TAILQ_FOREACH(chk, &asoc->asconf_send_queue, sctp_next) {
79 		if (chk->sent == SCTP_DATAGRAM_RESEND) {
80 			sctp_ucount_incr(asoc->sent_queue_retran_cnt);
81 		}
82 	}
83 	SCTPDBG(SCTP_DEBUG_TIMER4, "Audit completes retran:%d onqueue:%d\n",
84 	    asoc->sent_queue_retran_cnt,
85 	    asoc->sent_queue_cnt);
86 }
87 
88 static int
89 sctp_threshold_management(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
90     struct sctp_nets *net, uint16_t threshold)
91 {
92 	if (net) {
93 		net->error_count++;
94 		SCTPDBG(SCTP_DEBUG_TIMER4, "Error count for %p now %d thresh:%d\n",
95 		    (void *)net, net->error_count,
96 		    net->failure_threshold);
97 		if (net->error_count > net->failure_threshold) {
98 			/* We had a threshold failure */
99 			if (net->dest_state & SCTP_ADDR_REACHABLE) {
100 				net->dest_state &= ~SCTP_ADDR_REACHABLE;
101 				net->dest_state &= ~SCTP_ADDR_REQ_PRIMARY;
102 				net->dest_state &= ~SCTP_ADDR_PF;
103 				sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN,
104 				    stcb, 0,
105 				    (void *)net, SCTP_SO_NOT_LOCKED);
106 			}
107 		} else if ((net->pf_threshold < net->failure_threshold) &&
108 		    (net->error_count > net->pf_threshold)) {
109 			if (!(net->dest_state & SCTP_ADDR_PF)) {
110 				net->dest_state |= SCTP_ADDR_PF;
111 				net->last_active = sctp_get_tick_count();
112 				sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
113 				sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT,
114 				    inp, stcb, net,
115 				    SCTP_FROM_SCTP_TIMER + SCTP_LOC_1);
116 				sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net);
117 			}
118 		}
119 	}
120 	if (stcb == NULL)
121 		return (0);
122 
123 	if (net) {
124 		if ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0) {
125 			if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
126 				sctp_misc_ints(SCTP_THRESHOLD_INCR,
127 				    stcb->asoc.overall_error_count,
128 				    (stcb->asoc.overall_error_count + 1),
129 				    SCTP_FROM_SCTP_TIMER,
130 				    __LINE__);
131 			}
132 			stcb->asoc.overall_error_count++;
133 		}
134 	} else {
135 		if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
136 			sctp_misc_ints(SCTP_THRESHOLD_INCR,
137 			    stcb->asoc.overall_error_count,
138 			    (stcb->asoc.overall_error_count + 1),
139 			    SCTP_FROM_SCTP_TIMER,
140 			    __LINE__);
141 		}
142 		stcb->asoc.overall_error_count++;
143 	}
144 	SCTPDBG(SCTP_DEBUG_TIMER4, "Overall error count for %p now %d thresh:%u state:%x\n",
145 	    (void *)&stcb->asoc, stcb->asoc.overall_error_count,
146 	    (uint32_t)threshold,
147 	    ((net == NULL) ? (uint32_t)0 : (uint32_t)net->dest_state));
148 	/*
149 	 * We specifically do not do >= to give the assoc one more change
150 	 * before we fail it.
151 	 */
152 	if (stcb->asoc.overall_error_count > threshold) {
153 		/* Abort notification sends a ULP notify */
154 		struct mbuf *op_err;
155 
156 		op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
157 		    "Association error counter exceeded");
158 		inp->last_abort_code = SCTP_FROM_SCTP_TIMER + SCTP_LOC_2;
159 		sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
160 		return (1);
161 	}
162 	return (0);
163 }
164 
165 /*
166  * sctp_find_alternate_net() returns a non-NULL pointer as long
167  * the argument net is non-NULL.
168  */
169 struct sctp_nets *
170 sctp_find_alternate_net(struct sctp_tcb *stcb,
171     struct sctp_nets *net,
172     int mode)
173 {
174 	/* Find and return an alternate network if possible */
175 	struct sctp_nets *alt, *mnet, *min_errors_net = NULL, *max_cwnd_net = NULL;
176 	int once;
177 
178 	/* JRS 5/14/07 - Initialize min_errors to an impossible value. */
179 	int min_errors = -1;
180 	uint32_t max_cwnd = 0;
181 
182 	if (stcb->asoc.numnets == 1) {
183 		/* No others but net */
184 		return (TAILQ_FIRST(&stcb->asoc.nets));
185 	}
186 	/*
187 	 * JRS 5/14/07 - If mode is set to 2, use the CMT PF find alternate
188 	 * net algorithm. This algorithm chooses the active destination (not
189 	 * in PF state) with the largest cwnd value. If all destinations are
190 	 * in PF state, unreachable, or unconfirmed, choose the desination
191 	 * that is in PF state with the lowest error count. In case of a
192 	 * tie, choose the destination that was most recently active.
193 	 */
194 	if (mode == 2) {
195 		TAILQ_FOREACH(mnet, &stcb->asoc.nets, sctp_next) {
196 			/*
197 			 * JRS 5/14/07 - If the destination is unreachable
198 			 * or unconfirmed, skip it.
199 			 */
200 			if (((mnet->dest_state & SCTP_ADDR_REACHABLE) != SCTP_ADDR_REACHABLE) ||
201 			    (mnet->dest_state & SCTP_ADDR_UNCONFIRMED)) {
202 				continue;
203 			}
204 			/*
205 			 * JRS 5/14/07 -  If the destination is reachable
206 			 * but in PF state, compare the error count of the
207 			 * destination to the minimum error count seen thus
208 			 * far. Store the destination with the lower error
209 			 * count.  If the error counts are equal, store the
210 			 * destination that was most recently active.
211 			 */
212 			if (mnet->dest_state & SCTP_ADDR_PF) {
213 				/*
214 				 * JRS 5/14/07 - If the destination under
215 				 * consideration is the current destination,
216 				 * work as if the error count is one higher.
217 				 * The actual error count will not be
218 				 * incremented until later in the t3
219 				 * handler.
220 				 */
221 				if (mnet == net) {
222 					if (min_errors == -1) {
223 						min_errors = mnet->error_count + 1;
224 						min_errors_net = mnet;
225 					} else if (mnet->error_count + 1 < min_errors) {
226 						min_errors = mnet->error_count + 1;
227 						min_errors_net = mnet;
228 					} else if (mnet->error_count + 1 == min_errors
229 					    && mnet->last_active > min_errors_net->last_active) {
230 						min_errors_net = mnet;
231 						min_errors = mnet->error_count + 1;
232 					}
233 					continue;
234 				} else {
235 					if (min_errors == -1) {
236 						min_errors = mnet->error_count;
237 						min_errors_net = mnet;
238 					} else if (mnet->error_count < min_errors) {
239 						min_errors = mnet->error_count;
240 						min_errors_net = mnet;
241 					} else if (mnet->error_count == min_errors
242 					    && mnet->last_active > min_errors_net->last_active) {
243 						min_errors_net = mnet;
244 						min_errors = mnet->error_count;
245 					}
246 					continue;
247 				}
248 			}
249 			/*
250 			 * JRS 5/14/07 - If the destination is reachable and
251 			 * not in PF state, compare the cwnd of the
252 			 * destination to the highest cwnd seen thus far.
253 			 * Store the destination with the higher cwnd value.
254 			 * If the cwnd values are equal, randomly choose one
255 			 * of the two destinations.
256 			 */
257 			if (max_cwnd < mnet->cwnd) {
258 				max_cwnd_net = mnet;
259 				max_cwnd = mnet->cwnd;
260 			} else if (max_cwnd == mnet->cwnd) {
261 				uint32_t rndval;
262 				uint8_t this_random;
263 
264 				if (stcb->asoc.hb_random_idx > 3) {
265 					rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
266 					memcpy(stcb->asoc.hb_random_values, &rndval, sizeof(stcb->asoc.hb_random_values));
267 					this_random = stcb->asoc.hb_random_values[0];
268 					stcb->asoc.hb_random_idx++;
269 					stcb->asoc.hb_ect_randombit = 0;
270 				} else {
271 					this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
272 					stcb->asoc.hb_random_idx++;
273 					stcb->asoc.hb_ect_randombit = 0;
274 				}
275 				if (this_random % 2 == 1) {
276 					max_cwnd_net = mnet;
277 					max_cwnd = mnet->cwnd;	/* Useless? */
278 				}
279 			}
280 		}
281 		if (max_cwnd_net == NULL) {
282 			if (min_errors_net == NULL) {
283 				return (net);
284 			}
285 			return (min_errors_net);
286 		} else {
287 			return (max_cwnd_net);
288 		}
289 	}			/* JRS 5/14/07 - If mode is set to 1, use the
290 				 * CMT policy for choosing an alternate net. */
291 	else if (mode == 1) {
292 		TAILQ_FOREACH(mnet, &stcb->asoc.nets, sctp_next) {
293 			if (((mnet->dest_state & SCTP_ADDR_REACHABLE) != SCTP_ADDR_REACHABLE) ||
294 			    (mnet->dest_state & SCTP_ADDR_UNCONFIRMED)) {
295 				/*
296 				 * will skip ones that are not-reachable or
297 				 * unconfirmed
298 				 */
299 				continue;
300 			}
301 			if (max_cwnd < mnet->cwnd) {
302 				max_cwnd_net = mnet;
303 				max_cwnd = mnet->cwnd;
304 			} else if (max_cwnd == mnet->cwnd) {
305 				uint32_t rndval;
306 				uint8_t this_random;
307 
308 				if (stcb->asoc.hb_random_idx > 3) {
309 					rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
310 					memcpy(stcb->asoc.hb_random_values, &rndval,
311 					    sizeof(stcb->asoc.hb_random_values));
312 					this_random = stcb->asoc.hb_random_values[0];
313 					stcb->asoc.hb_random_idx = 0;
314 					stcb->asoc.hb_ect_randombit = 0;
315 				} else {
316 					this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
317 					stcb->asoc.hb_random_idx++;
318 					stcb->asoc.hb_ect_randombit = 0;
319 				}
320 				if (this_random % 2) {
321 					max_cwnd_net = mnet;
322 					max_cwnd = mnet->cwnd;
323 				}
324 			}
325 		}
326 		if (max_cwnd_net) {
327 			return (max_cwnd_net);
328 		}
329 	}
330 	mnet = net;
331 	once = 0;
332 
333 	if (mnet == NULL) {
334 		mnet = TAILQ_FIRST(&stcb->asoc.nets);
335 		if (mnet == NULL) {
336 			return (NULL);
337 		}
338 	}
339 	for (;;) {
340 		alt = TAILQ_NEXT(mnet, sctp_next);
341 		if (alt == NULL) {
342 			once++;
343 			if (once > 1) {
344 				break;
345 			}
346 			alt = TAILQ_FIRST(&stcb->asoc.nets);
347 			if (alt == NULL) {
348 				return (NULL);
349 			}
350 		}
351 		if (alt->ro.ro_rt == NULL) {
352 			if (alt->ro._s_addr) {
353 				sctp_free_ifa(alt->ro._s_addr);
354 				alt->ro._s_addr = NULL;
355 			}
356 			alt->src_addr_selected = 0;
357 		}
358 		if (((alt->dest_state & SCTP_ADDR_REACHABLE) == SCTP_ADDR_REACHABLE) &&
359 		    (alt->ro.ro_rt != NULL) &&
360 		    (!(alt->dest_state & SCTP_ADDR_UNCONFIRMED))) {
361 			/* Found a reachable address */
362 			break;
363 		}
364 		mnet = alt;
365 	}
366 
367 	if (alt == NULL) {
368 		/* Case where NO insv network exists (dormant state) */
369 		/* we rotate destinations */
370 		once = 0;
371 		mnet = net;
372 		for (;;) {
373 			if (mnet == NULL) {
374 				return (TAILQ_FIRST(&stcb->asoc.nets));
375 			}
376 			alt = TAILQ_NEXT(mnet, sctp_next);
377 			if (alt == NULL) {
378 				once++;
379 				if (once > 1) {
380 					break;
381 				}
382 				alt = TAILQ_FIRST(&stcb->asoc.nets);
383 				if (alt == NULL) {
384 					break;
385 				}
386 			}
387 			if ((!(alt->dest_state & SCTP_ADDR_UNCONFIRMED)) &&
388 			    (alt != net)) {
389 				/* Found an alternate address */
390 				break;
391 			}
392 			mnet = alt;
393 		}
394 	}
395 	if (alt == NULL) {
396 		return (net);
397 	}
398 	return (alt);
399 }
400 
401 static void
402 sctp_backoff_on_timeout(struct sctp_tcb *stcb,
403     struct sctp_nets *net,
404     int win_probe,
405     int num_marked, int num_abandoned)
406 {
407 	if (net->RTO == 0) {
408 		if (net->RTO_measured) {
409 			net->RTO = stcb->asoc.minrto;
410 		} else {
411 			net->RTO = stcb->asoc.initial_rto;
412 		}
413 	}
414 	net->RTO <<= 1;
415 	if (net->RTO > stcb->asoc.maxrto) {
416 		net->RTO = stcb->asoc.maxrto;
417 	}
418 	if ((win_probe == 0) && (num_marked || num_abandoned)) {
419 		/* We don't apply penalty to window probe scenarios */
420 		/* JRS - Use the congestion control given in the CC module */
421 		stcb->asoc.cc_functions.sctp_cwnd_update_after_timeout(stcb, net);
422 	}
423 }
424 
425 #ifndef INVARIANTS
426 static void
427 sctp_recover_sent_list(struct sctp_tcb *stcb)
428 {
429 	struct sctp_tmit_chunk *chk, *nchk;
430 	struct sctp_association *asoc;
431 
432 	asoc = &stcb->asoc;
433 	TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) {
434 		if (SCTP_TSN_GE(asoc->last_acked_seq, chk->rec.data.tsn)) {
435 			SCTP_PRINTF("Found chk:%p tsn:%x <= last_acked_seq:%x\n",
436 			    (void *)chk, chk->rec.data.tsn, asoc->last_acked_seq);
437 			if (chk->sent != SCTP_DATAGRAM_NR_ACKED) {
438 				if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) {
439 					asoc->strmout[chk->rec.data.sid].chunks_on_queues--;
440 				}
441 			}
442 			if ((asoc->strmout[chk->rec.data.sid].chunks_on_queues == 0) &&
443 			    (asoc->strmout[chk->rec.data.sid].state == SCTP_STREAM_RESET_PENDING) &&
444 			    TAILQ_EMPTY(&asoc->strmout[chk->rec.data.sid].outqueue)) {
445 				asoc->trigger_reset = 1;
446 			}
447 			TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next);
448 			if (PR_SCTP_ENABLED(chk->flags)) {
449 				if (asoc->pr_sctp_cnt != 0)
450 					asoc->pr_sctp_cnt--;
451 			}
452 			if (chk->data) {
453 				/* sa_ignore NO_NULL_CHK */
454 				sctp_free_bufspace(stcb, asoc, chk, 1);
455 				sctp_m_freem(chk->data);
456 				chk->data = NULL;
457 				if (asoc->prsctp_supported && PR_SCTP_BUF_ENABLED(chk->flags)) {
458 					asoc->sent_queue_cnt_removeable--;
459 				}
460 			}
461 			asoc->sent_queue_cnt--;
462 			sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
463 		}
464 	}
465 	SCTP_PRINTF("after recover order is as follows\n");
466 	TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
467 		SCTP_PRINTF("chk:%p TSN:%x\n", (void *)chk, chk->rec.data.tsn);
468 	}
469 }
470 #endif
471 
472 static int
473 sctp_mark_all_for_resend(struct sctp_tcb *stcb,
474     struct sctp_nets *net,
475     struct sctp_nets *alt,
476     int window_probe,
477     int *num_marked,
478     int *num_abandoned)
479 {
480 
481 	/*
482 	 * Mark all chunks (well not all) that were sent to *net for
483 	 * retransmission. Move them to alt for there destination as well...
484 	 * We only mark chunks that have been outstanding long enough to
485 	 * have received feed-back.
486 	 */
487 	struct sctp_tmit_chunk *chk, *nchk;
488 	struct sctp_nets *lnets;
489 	struct timeval now, min_wait, tv;
490 	int cur_rto;
491 	int cnt_abandoned;
492 	int audit_tf, num_mk, fir;
493 	unsigned int cnt_mk;
494 	uint32_t orig_flight, orig_tf;
495 	uint32_t tsnlast, tsnfirst;
496 	int recovery_cnt = 0;
497 
498 
499 	/* none in flight now */
500 	audit_tf = 0;
501 	fir = 0;
502 	/*
503 	 * figure out how long a data chunk must be pending before we can
504 	 * mark it ..
505 	 */
506 	(void)SCTP_GETTIME_TIMEVAL(&now);
507 	/* get cur rto in micro-seconds */
508 	cur_rto = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
509 	cur_rto *= 1000;
510 	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
511 		sctp_log_fr(cur_rto,
512 		    stcb->asoc.peers_rwnd,
513 		    window_probe,
514 		    SCTP_FR_T3_MARK_TIME);
515 		sctp_log_fr(net->flight_size, 0, 0, SCTP_FR_CWND_REPORT);
516 		sctp_log_fr(net->flight_size, net->cwnd, stcb->asoc.total_flight, SCTP_FR_CWND_REPORT);
517 	}
518 	tv.tv_sec = cur_rto / 1000000;
519 	tv.tv_usec = cur_rto % 1000000;
520 	min_wait = now;
521 	timevalsub(&min_wait, &tv);
522 	if (min_wait.tv_sec < 0 || min_wait.tv_usec < 0) {
523 		/*
524 		 * if we hit here, we don't have enough seconds on the clock
525 		 * to account for the RTO. We just let the lower seconds be
526 		 * the bounds and don't worry about it. This may mean we
527 		 * will mark a lot more than we should.
528 		 */
529 		min_wait.tv_sec = min_wait.tv_usec = 0;
530 	}
531 	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
532 		sctp_log_fr(cur_rto, now.tv_sec, now.tv_usec, SCTP_FR_T3_MARK_TIME);
533 		sctp_log_fr(0, min_wait.tv_sec, min_wait.tv_usec, SCTP_FR_T3_MARK_TIME);
534 	}
535 	/*
536 	 * Our rwnd will be incorrect here since we are not adding back the
537 	 * cnt * mbuf but we will fix that down below.
538 	 */
539 	orig_flight = net->flight_size;
540 	orig_tf = stcb->asoc.total_flight;
541 
542 	net->fast_retran_ip = 0;
543 	/* Now on to each chunk */
544 	cnt_abandoned = 0;
545 	num_mk = cnt_mk = 0;
546 	tsnfirst = tsnlast = 0;
547 #ifndef INVARIANTS
548 start_again:
549 #endif
550 	TAILQ_FOREACH_SAFE(chk, &stcb->asoc.sent_queue, sctp_next, nchk) {
551 		if (SCTP_TSN_GE(stcb->asoc.last_acked_seq, chk->rec.data.tsn)) {
552 			/* Strange case our list got out of order? */
553 			SCTP_PRINTF("Our list is out of order? last_acked:%x chk:%x\n",
554 			    (unsigned int)stcb->asoc.last_acked_seq, (unsigned int)chk->rec.data.tsn);
555 			recovery_cnt++;
556 #ifdef INVARIANTS
557 			panic("last acked >= chk on sent-Q");
558 #else
559 			SCTP_PRINTF("Recover attempts a restart cnt:%d\n", recovery_cnt);
560 			sctp_recover_sent_list(stcb);
561 			if (recovery_cnt < 10) {
562 				goto start_again;
563 			} else {
564 				SCTP_PRINTF("Recovery fails %d times??\n", recovery_cnt);
565 			}
566 #endif
567 		}
568 		if ((chk->whoTo == net) && (chk->sent < SCTP_DATAGRAM_ACKED)) {
569 			/*
570 			 * found one to mark: If it is less than
571 			 * DATAGRAM_ACKED it MUST not be a skipped or marked
572 			 * TSN but instead one that is either already set
573 			 * for retransmission OR one that needs
574 			 * retransmission.
575 			 */
576 
577 			/* validate its been outstanding long enough */
578 			if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
579 				sctp_log_fr(chk->rec.data.tsn,
580 				    chk->sent_rcv_time.tv_sec,
581 				    chk->sent_rcv_time.tv_usec,
582 				    SCTP_FR_T3_MARK_TIME);
583 			}
584 			if ((chk->sent_rcv_time.tv_sec > min_wait.tv_sec) && (window_probe == 0)) {
585 				/*
586 				 * we have reached a chunk that was sent
587 				 * some seconds past our min.. forget it we
588 				 * will find no more to send.
589 				 */
590 				if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
591 					sctp_log_fr(0,
592 					    chk->sent_rcv_time.tv_sec,
593 					    chk->sent_rcv_time.tv_usec,
594 					    SCTP_FR_T3_STOPPED);
595 				}
596 				continue;
597 			} else if ((chk->sent_rcv_time.tv_sec == min_wait.tv_sec) &&
598 			    (window_probe == 0)) {
599 				/*
600 				 * we must look at the micro seconds to
601 				 * know.
602 				 */
603 				if (chk->sent_rcv_time.tv_usec >= min_wait.tv_usec) {
604 					/*
605 					 * ok it was sent after our boundary
606 					 * time.
607 					 */
608 					continue;
609 				}
610 			}
611 			if (stcb->asoc.prsctp_supported && PR_SCTP_TTL_ENABLED(chk->flags)) {
612 				/* Is it expired? */
613 				if (timevalcmp(&now, &chk->rec.data.timetodrop, >)) {
614 					/* Yes so drop it */
615 					if (chk->data) {
616 						(void)sctp_release_pr_sctp_chunk(stcb,
617 						    chk,
618 						    1,
619 						    SCTP_SO_NOT_LOCKED);
620 						cnt_abandoned++;
621 					}
622 					continue;
623 				}
624 			}
625 			if (stcb->asoc.prsctp_supported && PR_SCTP_RTX_ENABLED(chk->flags)) {
626 				/* Has it been retransmitted tv_sec times? */
627 				if (chk->snd_count > chk->rec.data.timetodrop.tv_sec) {
628 					if (chk->data) {
629 						(void)sctp_release_pr_sctp_chunk(stcb,
630 						    chk,
631 						    1,
632 						    SCTP_SO_NOT_LOCKED);
633 						cnt_abandoned++;
634 					}
635 					continue;
636 				}
637 			}
638 			if (chk->sent < SCTP_DATAGRAM_RESEND) {
639 				sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
640 				num_mk++;
641 				if (fir == 0) {
642 					fir = 1;
643 					tsnfirst = chk->rec.data.tsn;
644 				}
645 				tsnlast = chk->rec.data.tsn;
646 				if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
647 					sctp_log_fr(chk->rec.data.tsn, chk->snd_count,
648 					    0, SCTP_FR_T3_MARKED);
649 				}
650 				if (chk->rec.data.chunk_was_revoked) {
651 					/* deflate the cwnd */
652 					chk->whoTo->cwnd -= chk->book_size;
653 					chk->rec.data.chunk_was_revoked = 0;
654 				}
655 				net->marked_retrans++;
656 				stcb->asoc.marked_retrans++;
657 				if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
658 					sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_RSND_TO,
659 					    chk->whoTo->flight_size,
660 					    chk->book_size,
661 					    (uint32_t)(uintptr_t)chk->whoTo,
662 					    chk->rec.data.tsn);
663 				}
664 				sctp_flight_size_decrease(chk);
665 				sctp_total_flight_decrease(stcb, chk);
666 				stcb->asoc.peers_rwnd += chk->send_size;
667 				stcb->asoc.peers_rwnd += SCTP_BASE_SYSCTL(sctp_peer_chunk_oh);
668 			}
669 			chk->sent = SCTP_DATAGRAM_RESEND;
670 			chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
671 			SCTP_STAT_INCR(sctps_markedretrans);
672 
673 			/* reset the TSN for striking and other FR stuff */
674 			chk->rec.data.doing_fast_retransmit = 0;
675 			/* Clear any time so NO RTT is being done */
676 
677 			if (chk->do_rtt) {
678 				if (chk->whoTo->rto_needed == 0) {
679 					chk->whoTo->rto_needed = 1;
680 				}
681 			}
682 			chk->do_rtt = 0;
683 			if (alt != net) {
684 				sctp_free_remote_addr(chk->whoTo);
685 				chk->no_fr_allowed = 1;
686 				chk->whoTo = alt;
687 				atomic_add_int(&alt->ref_count, 1);
688 			} else {
689 				chk->no_fr_allowed = 0;
690 				if (TAILQ_EMPTY(&stcb->asoc.send_queue)) {
691 					chk->rec.data.fast_retran_tsn = stcb->asoc.sending_seq;
692 				} else {
693 					chk->rec.data.fast_retran_tsn = (TAILQ_FIRST(&stcb->asoc.send_queue))->rec.data.tsn;
694 				}
695 			}
696 			/*
697 			 * CMT: Do not allow FRs on retransmitted TSNs.
698 			 */
699 			if (stcb->asoc.sctp_cmt_on_off > 0) {
700 				chk->no_fr_allowed = 1;
701 			}
702 #ifdef THIS_SHOULD_NOT_BE_DONE
703 		} else if (chk->sent == SCTP_DATAGRAM_ACKED) {
704 			/* remember highest acked one */
705 			could_be_sent = chk;
706 #endif
707 		}
708 		if (chk->sent == SCTP_DATAGRAM_RESEND) {
709 			cnt_mk++;
710 		}
711 	}
712 	if ((orig_flight - net->flight_size) != (orig_tf - stcb->asoc.total_flight)) {
713 		/* we did not subtract the same things? */
714 		audit_tf = 1;
715 	}
716 	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
717 		sctp_log_fr(tsnfirst, tsnlast, num_mk, SCTP_FR_T3_TIMEOUT);
718 	}
719 #ifdef SCTP_DEBUG
720 	if (num_mk) {
721 		SCTPDBG(SCTP_DEBUG_TIMER1, "LAST TSN marked was %x\n",
722 		    tsnlast);
723 		SCTPDBG(SCTP_DEBUG_TIMER1, "Num marked for retransmission was %d peer-rwd:%u\n",
724 		    num_mk,
725 		    stcb->asoc.peers_rwnd);
726 	}
727 #endif
728 	*num_marked = num_mk;
729 	*num_abandoned = cnt_abandoned;
730 	/*
731 	 * Now check for a ECN Echo that may be stranded And include the
732 	 * cnt_mk'd to have all resends in the control queue.
733 	 */
734 	TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
735 		if (chk->sent == SCTP_DATAGRAM_RESEND) {
736 			cnt_mk++;
737 		}
738 		if ((chk->whoTo == net) &&
739 		    (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
740 			sctp_free_remote_addr(chk->whoTo);
741 			chk->whoTo = alt;
742 			if (chk->sent != SCTP_DATAGRAM_RESEND) {
743 				chk->sent = SCTP_DATAGRAM_RESEND;
744 				chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
745 				sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
746 				cnt_mk++;
747 			}
748 			atomic_add_int(&alt->ref_count, 1);
749 		}
750 	}
751 #ifdef THIS_SHOULD_NOT_BE_DONE
752 	if ((stcb->asoc.sent_queue_retran_cnt == 0) && (could_be_sent)) {
753 		/* fix it so we retransmit the highest acked anyway */
754 		sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
755 		cnt_mk++;
756 		could_be_sent->sent = SCTP_DATAGRAM_RESEND;
757 	}
758 #endif
759 	if (stcb->asoc.sent_queue_retran_cnt != cnt_mk) {
760 #ifdef INVARIANTS
761 		SCTP_PRINTF("Local Audit says there are %d for retran asoc cnt:%d we marked:%d this time\n",
762 		    cnt_mk, stcb->asoc.sent_queue_retran_cnt, num_mk);
763 #endif
764 #ifndef SCTP_AUDITING_ENABLED
765 		stcb->asoc.sent_queue_retran_cnt = cnt_mk;
766 #endif
767 	}
768 	if (audit_tf) {
769 		SCTPDBG(SCTP_DEBUG_TIMER4,
770 		    "Audit total flight due to negative value net:%p\n",
771 		    (void *)net);
772 		stcb->asoc.total_flight = 0;
773 		stcb->asoc.total_flight_count = 0;
774 		/* Clear all networks flight size */
775 		TAILQ_FOREACH(lnets, &stcb->asoc.nets, sctp_next) {
776 			lnets->flight_size = 0;
777 			SCTPDBG(SCTP_DEBUG_TIMER4,
778 			    "Net:%p c-f cwnd:%d ssthresh:%d\n",
779 			    (void *)lnets, lnets->cwnd, lnets->ssthresh);
780 		}
781 		TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) {
782 			if (chk->sent < SCTP_DATAGRAM_RESEND) {
783 				if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
784 					sctp_misc_ints(SCTP_FLIGHT_LOG_UP,
785 					    chk->whoTo->flight_size,
786 					    chk->book_size,
787 					    (uint32_t)(uintptr_t)chk->whoTo,
788 					    chk->rec.data.tsn);
789 				}
790 				sctp_flight_size_increase(chk);
791 				sctp_total_flight_increase(stcb, chk);
792 			}
793 		}
794 	}
795 	/* We return 1 if we only have a window probe outstanding */
796 	return (0);
797 }
798 
799 
800 int
801 sctp_t3rxt_timer(struct sctp_inpcb *inp,
802     struct sctp_tcb *stcb,
803     struct sctp_nets *net)
804 {
805 	struct sctp_nets *alt;
806 	int win_probe, num_mk, num_abandoned;
807 
808 	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
809 		sctp_log_fr(0, 0, 0, SCTP_FR_T3_TIMEOUT);
810 	}
811 	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
812 		struct sctp_nets *lnet;
813 
814 		TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) {
815 			if (net == lnet) {
816 				sctp_log_cwnd(stcb, lnet, 1, SCTP_CWND_LOG_FROM_T3);
817 			} else {
818 				sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_LOG_FROM_T3);
819 			}
820 		}
821 	}
822 	/* Find an alternate and mark those for retransmission */
823 	if ((stcb->asoc.peers_rwnd == 0) &&
824 	    (stcb->asoc.total_flight < net->mtu)) {
825 		SCTP_STAT_INCR(sctps_timowindowprobe);
826 		win_probe = 1;
827 	} else {
828 		win_probe = 0;
829 	}
830 
831 	if (win_probe == 0) {
832 		/* We don't do normal threshold management on window probes */
833 		if (sctp_threshold_management(inp, stcb, net,
834 		    stcb->asoc.max_send_times)) {
835 			/* Association was destroyed */
836 			return (1);
837 		} else {
838 			if (net != stcb->asoc.primary_destination) {
839 				/* send a immediate HB if our RTO is stale */
840 				struct timeval now;
841 				unsigned int ms_goneby;
842 
843 				(void)SCTP_GETTIME_TIMEVAL(&now);
844 				if (net->last_sent_time.tv_sec) {
845 					ms_goneby = (now.tv_sec - net->last_sent_time.tv_sec) * 1000;
846 				} else {
847 					ms_goneby = 0;
848 				}
849 				if ((net->dest_state & SCTP_ADDR_PF) == 0) {
850 					if ((ms_goneby > net->RTO) || (net->RTO == 0)) {
851 						/*
852 						 * no recent feed back in an
853 						 * RTO or more, request a
854 						 * RTT update
855 						 */
856 						sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
857 					}
858 				}
859 			}
860 		}
861 	} else {
862 		/*
863 		 * For a window probe we don't penalize the net's but only
864 		 * the association. This may fail it if SACKs are not coming
865 		 * back. If sack's are coming with rwnd locked at 0, we will
866 		 * continue to hold things waiting for rwnd to raise
867 		 */
868 		if (sctp_threshold_management(inp, stcb, NULL,
869 		    stcb->asoc.max_send_times)) {
870 			/* Association was destroyed */
871 			return (1);
872 		}
873 	}
874 	if (stcb->asoc.sctp_cmt_on_off > 0) {
875 		if (net->pf_threshold < net->failure_threshold) {
876 			alt = sctp_find_alternate_net(stcb, net, 2);
877 		} else {
878 			/*
879 			 * CMT: Using RTX_SSTHRESH policy for CMT. If CMT is
880 			 * being used, then pick dest with largest ssthresh
881 			 * for any retransmission.
882 			 */
883 			alt = sctp_find_alternate_net(stcb, net, 1);
884 			/*
885 			 * CUCv2: If a different dest is picked for the
886 			 * retransmission, then new (rtx-)pseudo_cumack
887 			 * needs to be tracked for orig dest. Let CUCv2
888 			 * track new (rtx-) pseudo-cumack always.
889 			 */
890 			net->find_pseudo_cumack = 1;
891 			net->find_rtx_pseudo_cumack = 1;
892 		}
893 	} else {
894 		alt = sctp_find_alternate_net(stcb, net, 0);
895 	}
896 
897 	num_mk = 0;
898 	num_abandoned = 0;
899 	(void)sctp_mark_all_for_resend(stcb, net, alt, win_probe,
900 	    &num_mk, &num_abandoned);
901 	/* FR Loss recovery just ended with the T3. */
902 	stcb->asoc.fast_retran_loss_recovery = 0;
903 
904 	/* CMT FR loss recovery ended with the T3 */
905 	net->fast_retran_loss_recovery = 0;
906 	if ((stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) &&
907 	    (net->flight_size == 0)) {
908 		(*stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) (stcb, net);
909 	}
910 	/*
911 	 * setup the sat loss recovery that prevents satellite cwnd advance.
912 	 */
913 	stcb->asoc.sat_t3_loss_recovery = 1;
914 	stcb->asoc.sat_t3_recovery_tsn = stcb->asoc.sending_seq;
915 
916 	/* Backoff the timer and cwnd */
917 	sctp_backoff_on_timeout(stcb, net, win_probe, num_mk, num_abandoned);
918 	if ((!(net->dest_state & SCTP_ADDR_REACHABLE)) ||
919 	    (net->dest_state & SCTP_ADDR_PF)) {
920 		/* Move all pending over too */
921 		sctp_move_chunks_from_net(stcb, net);
922 
923 		/*
924 		 * Get the address that failed, to force a new src address
925 		 * selecton and a route allocation.
926 		 */
927 		if (net->ro._s_addr) {
928 			sctp_free_ifa(net->ro._s_addr);
929 			net->ro._s_addr = NULL;
930 		}
931 		net->src_addr_selected = 0;
932 
933 		/* Force a route allocation too */
934 		if (net->ro.ro_rt) {
935 			RTFREE(net->ro.ro_rt);
936 			net->ro.ro_rt = NULL;
937 		}
938 		/* Was it our primary? */
939 		if ((stcb->asoc.primary_destination == net) && (alt != net)) {
940 			/*
941 			 * Yes, note it as such and find an alternate note:
942 			 * this means HB code must use this to resent the
943 			 * primary if it goes active AND if someone does a
944 			 * change-primary then this flag must be cleared
945 			 * from any net structures.
946 			 */
947 			if (stcb->asoc.alternate) {
948 				sctp_free_remote_addr(stcb->asoc.alternate);
949 			}
950 			stcb->asoc.alternate = alt;
951 			atomic_add_int(&stcb->asoc.alternate->ref_count, 1);
952 		}
953 	}
954 	/*
955 	 * Special case for cookie-echo'ed case, we don't do output but must
956 	 * await the COOKIE-ACK before retransmission
957 	 */
958 	if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_ECHOED) {
959 		/*
960 		 * Here we just reset the timer and start again since we
961 		 * have not established the asoc
962 		 */
963 		sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net);
964 		return (0);
965 	}
966 	if (stcb->asoc.prsctp_supported) {
967 		struct sctp_tmit_chunk *lchk;
968 
969 		lchk = sctp_try_advance_peer_ack_point(stcb, &stcb->asoc);
970 		/* C3. See if we need to send a Fwd-TSN */
971 		if (SCTP_TSN_GT(stcb->asoc.advanced_peer_ack_point, stcb->asoc.last_acked_seq)) {
972 			send_forward_tsn(stcb, &stcb->asoc);
973 			if (lchk) {
974 				/* Assure a timer is up */
975 				sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, lchk->whoTo);
976 			}
977 		}
978 	}
979 	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_MONITOR_ENABLE) {
980 		sctp_log_cwnd(stcb, net, net->cwnd, SCTP_CWND_LOG_FROM_RTX);
981 	}
982 	return (0);
983 }
984 
985 int
986 sctp_t1init_timer(struct sctp_inpcb *inp,
987     struct sctp_tcb *stcb,
988     struct sctp_nets *net)
989 {
990 	/* bump the thresholds */
991 	if (stcb->asoc.delayed_connection) {
992 		/*
993 		 * special hook for delayed connection. The library did NOT
994 		 * complete the rest of its sends.
995 		 */
996 		stcb->asoc.delayed_connection = 0;
997 		sctp_send_initiate(inp, stcb, SCTP_SO_NOT_LOCKED);
998 		return (0);
999 	}
1000 	if (SCTP_GET_STATE((&stcb->asoc)) != SCTP_STATE_COOKIE_WAIT) {
1001 		return (0);
1002 	}
1003 	if (sctp_threshold_management(inp, stcb, net,
1004 	    stcb->asoc.max_init_times)) {
1005 		/* Association was destroyed */
1006 		return (1);
1007 	}
1008 	stcb->asoc.dropped_special_cnt = 0;
1009 	sctp_backoff_on_timeout(stcb, stcb->asoc.primary_destination, 1, 0, 0);
1010 	if (stcb->asoc.initial_init_rto_max < net->RTO) {
1011 		net->RTO = stcb->asoc.initial_init_rto_max;
1012 	}
1013 	if (stcb->asoc.numnets > 1) {
1014 		/* If we have more than one addr use it */
1015 		struct sctp_nets *alt;
1016 
1017 		alt = sctp_find_alternate_net(stcb, stcb->asoc.primary_destination, 0);
1018 		if (alt != stcb->asoc.primary_destination) {
1019 			sctp_move_chunks_from_net(stcb, stcb->asoc.primary_destination);
1020 			stcb->asoc.primary_destination = alt;
1021 		}
1022 	}
1023 	/* Send out a new init */
1024 	sctp_send_initiate(inp, stcb, SCTP_SO_NOT_LOCKED);
1025 	return (0);
1026 }
1027 
1028 /*
1029  * For cookie and asconf we actually need to find and mark for resend, then
1030  * increment the resend counter (after all the threshold management stuff of
1031  * course).
1032  */
1033 int
1034 sctp_cookie_timer(struct sctp_inpcb *inp,
1035     struct sctp_tcb *stcb,
1036     struct sctp_nets *net SCTP_UNUSED)
1037 {
1038 	struct sctp_nets *alt;
1039 	struct sctp_tmit_chunk *cookie;
1040 
1041 	/* first before all else we must find the cookie */
1042 	TAILQ_FOREACH(cookie, &stcb->asoc.control_send_queue, sctp_next) {
1043 		if (cookie->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
1044 			break;
1045 		}
1046 	}
1047 	if (cookie == NULL) {
1048 		if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_ECHOED) {
1049 			/* FOOBAR! */
1050 			struct mbuf *op_err;
1051 
1052 			op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
1053 			    "Cookie timer expired, but no cookie");
1054 			inp->last_abort_code = SCTP_FROM_SCTP_TIMER + SCTP_LOC_3;
1055 			sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
1056 		} else {
1057 #ifdef INVARIANTS
1058 			panic("Cookie timer expires in wrong state?");
1059 #else
1060 			SCTP_PRINTF("Strange in state %d not cookie-echoed yet c-e timer expires?\n", SCTP_GET_STATE(&stcb->asoc));
1061 			return (0);
1062 #endif
1063 		}
1064 		return (0);
1065 	}
1066 	/* Ok we found the cookie, threshold management next */
1067 	if (sctp_threshold_management(inp, stcb, cookie->whoTo,
1068 	    stcb->asoc.max_init_times)) {
1069 		/* Assoc is over */
1070 		return (1);
1071 	}
1072 	/*
1073 	 * Cleared threshold management, now lets backoff the address and
1074 	 * select an alternate
1075 	 */
1076 	stcb->asoc.dropped_special_cnt = 0;
1077 	sctp_backoff_on_timeout(stcb, cookie->whoTo, 1, 0, 0);
1078 	alt = sctp_find_alternate_net(stcb, cookie->whoTo, 0);
1079 	if (alt != cookie->whoTo) {
1080 		sctp_free_remote_addr(cookie->whoTo);
1081 		cookie->whoTo = alt;
1082 		atomic_add_int(&alt->ref_count, 1);
1083 	}
1084 	/* Now mark the retran info */
1085 	if (cookie->sent != SCTP_DATAGRAM_RESEND) {
1086 		sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1087 	}
1088 	cookie->sent = SCTP_DATAGRAM_RESEND;
1089 	cookie->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1090 	/*
1091 	 * Now call the output routine to kick out the cookie again, Note we
1092 	 * don't mark any chunks for retran so that FR will need to kick in
1093 	 * to move these (or a send timer).
1094 	 */
1095 	return (0);
1096 }
1097 
1098 int
1099 sctp_strreset_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1100     struct sctp_nets *net)
1101 {
1102 	struct sctp_nets *alt;
1103 	struct sctp_tmit_chunk *strrst = NULL, *chk = NULL;
1104 
1105 	if (stcb->asoc.stream_reset_outstanding == 0) {
1106 		return (0);
1107 	}
1108 	/* find the existing STRRESET, we use the seq number we sent out on */
1109 	(void)sctp_find_stream_reset(stcb, stcb->asoc.str_reset_seq_out, &strrst);
1110 	if (strrst == NULL) {
1111 		return (0);
1112 	}
1113 	/* do threshold management */
1114 	if (sctp_threshold_management(inp, stcb, strrst->whoTo,
1115 	    stcb->asoc.max_send_times)) {
1116 		/* Assoc is over */
1117 		return (1);
1118 	}
1119 	/*
1120 	 * Cleared threshold management, now lets backoff the address and
1121 	 * select an alternate
1122 	 */
1123 	sctp_backoff_on_timeout(stcb, strrst->whoTo, 1, 0, 0);
1124 	alt = sctp_find_alternate_net(stcb, strrst->whoTo, 0);
1125 	sctp_free_remote_addr(strrst->whoTo);
1126 	strrst->whoTo = alt;
1127 	atomic_add_int(&alt->ref_count, 1);
1128 
1129 	/* See if a ECN Echo is also stranded */
1130 	TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
1131 		if ((chk->whoTo == net) &&
1132 		    (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
1133 			sctp_free_remote_addr(chk->whoTo);
1134 			if (chk->sent != SCTP_DATAGRAM_RESEND) {
1135 				chk->sent = SCTP_DATAGRAM_RESEND;
1136 				chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1137 				sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1138 			}
1139 			chk->whoTo = alt;
1140 			atomic_add_int(&alt->ref_count, 1);
1141 		}
1142 	}
1143 	if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
1144 		/*
1145 		 * If the address went un-reachable, we need to move to
1146 		 * alternates for ALL chk's in queue
1147 		 */
1148 		sctp_move_chunks_from_net(stcb, net);
1149 	}
1150 	/* mark the retran info */
1151 	if (strrst->sent != SCTP_DATAGRAM_RESEND)
1152 		sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1153 	strrst->sent = SCTP_DATAGRAM_RESEND;
1154 	strrst->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1155 
1156 	/* restart the timer */
1157 	sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, inp, stcb, strrst->whoTo);
1158 	return (0);
1159 }
1160 
1161 int
1162 sctp_asconf_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1163     struct sctp_nets *net)
1164 {
1165 	struct sctp_nets *alt;
1166 	struct sctp_tmit_chunk *asconf, *chk;
1167 
1168 	/* is this a first send, or a retransmission? */
1169 	if (TAILQ_EMPTY(&stcb->asoc.asconf_send_queue)) {
1170 		/* compose a new ASCONF chunk and send it */
1171 		sctp_send_asconf(stcb, net, SCTP_ADDR_NOT_LOCKED);
1172 	} else {
1173 		/*
1174 		 * Retransmission of the existing ASCONF is needed
1175 		 */
1176 
1177 		/* find the existing ASCONF */
1178 		asconf = TAILQ_FIRST(&stcb->asoc.asconf_send_queue);
1179 		if (asconf == NULL) {
1180 			return (0);
1181 		}
1182 		/* do threshold management */
1183 		if (sctp_threshold_management(inp, stcb, asconf->whoTo,
1184 		    stcb->asoc.max_send_times)) {
1185 			/* Assoc is over */
1186 			return (1);
1187 		}
1188 		if (asconf->snd_count > stcb->asoc.max_send_times) {
1189 			/*
1190 			 * Something is rotten: our peer is not responding
1191 			 * to ASCONFs but apparently is to other chunks.
1192 			 * i.e. it is not properly handling the chunk type
1193 			 * upper bits. Mark this peer as ASCONF incapable
1194 			 * and cleanup.
1195 			 */
1196 			SCTPDBG(SCTP_DEBUG_TIMER1, "asconf_timer: Peer has not responded to our repeated ASCONFs\n");
1197 			sctp_asconf_cleanup(stcb, net);
1198 			return (0);
1199 		}
1200 		/*
1201 		 * cleared threshold management, so now backoff the net and
1202 		 * select an alternate
1203 		 */
1204 		sctp_backoff_on_timeout(stcb, asconf->whoTo, 1, 0, 0);
1205 		alt = sctp_find_alternate_net(stcb, asconf->whoTo, 0);
1206 		if (asconf->whoTo != alt) {
1207 			sctp_free_remote_addr(asconf->whoTo);
1208 			asconf->whoTo = alt;
1209 			atomic_add_int(&alt->ref_count, 1);
1210 		}
1211 		/* See if an ECN Echo is also stranded */
1212 		TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
1213 			if ((chk->whoTo == net) &&
1214 			    (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
1215 				sctp_free_remote_addr(chk->whoTo);
1216 				chk->whoTo = alt;
1217 				if (chk->sent != SCTP_DATAGRAM_RESEND) {
1218 					chk->sent = SCTP_DATAGRAM_RESEND;
1219 					chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1220 					sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1221 				}
1222 				atomic_add_int(&alt->ref_count, 1);
1223 			}
1224 		}
1225 		TAILQ_FOREACH(chk, &stcb->asoc.asconf_send_queue, sctp_next) {
1226 			if (chk->whoTo != alt) {
1227 				sctp_free_remote_addr(chk->whoTo);
1228 				chk->whoTo = alt;
1229 				atomic_add_int(&alt->ref_count, 1);
1230 			}
1231 			if (asconf->sent != SCTP_DATAGRAM_RESEND && chk->sent != SCTP_DATAGRAM_UNSENT)
1232 				sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1233 			chk->sent = SCTP_DATAGRAM_RESEND;
1234 			chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1235 		}
1236 		if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
1237 			/*
1238 			 * If the address went un-reachable, we need to move
1239 			 * to the alternate for ALL chunks in queue
1240 			 */
1241 			sctp_move_chunks_from_net(stcb, net);
1242 		}
1243 		/* mark the retran info */
1244 		if (asconf->sent != SCTP_DATAGRAM_RESEND)
1245 			sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1246 		asconf->sent = SCTP_DATAGRAM_RESEND;
1247 		asconf->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1248 
1249 		/* send another ASCONF if any and we can do */
1250 		sctp_send_asconf(stcb, alt, SCTP_ADDR_NOT_LOCKED);
1251 	}
1252 	return (0);
1253 }
1254 
1255 /* Mobility adaptation */
1256 void
1257 sctp_delete_prim_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1258     struct sctp_nets *net SCTP_UNUSED)
1259 {
1260 	if (stcb->asoc.deleted_primary == NULL) {
1261 		SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: deleted_primary is not stored...\n");
1262 		sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
1263 		return;
1264 	}
1265 	SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: finished to keep deleted primary ");
1266 	SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, &stcb->asoc.deleted_primary->ro._l_addr.sa);
1267 	sctp_free_remote_addr(stcb->asoc.deleted_primary);
1268 	stcb->asoc.deleted_primary = NULL;
1269 	sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
1270 	return;
1271 }
1272 
1273 /*
1274  * For the shutdown and shutdown-ack, we do not keep one around on the
1275  * control queue. This means we must generate a new one and call the general
1276  * chunk output routine, AFTER having done threshold management.
1277  * It is assumed that net is non-NULL.
1278  */
1279 int
1280 sctp_shutdown_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1281     struct sctp_nets *net)
1282 {
1283 	struct sctp_nets *alt;
1284 
1285 	/* first threshold management */
1286 	if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1287 		/* Assoc is over */
1288 		return (1);
1289 	}
1290 	sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1291 	/* second select an alternative */
1292 	alt = sctp_find_alternate_net(stcb, net, 0);
1293 
1294 	/* third generate a shutdown into the queue for out net */
1295 	sctp_send_shutdown(stcb, alt);
1296 
1297 	/* fourth restart timer */
1298 	sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, inp, stcb, alt);
1299 	return (0);
1300 }
1301 
1302 int
1303 sctp_shutdownack_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1304     struct sctp_nets *net)
1305 {
1306 	struct sctp_nets *alt;
1307 
1308 	/* first threshold management */
1309 	if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1310 		/* Assoc is over */
1311 		return (1);
1312 	}
1313 	sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1314 	/* second select an alternative */
1315 	alt = sctp_find_alternate_net(stcb, net, 0);
1316 
1317 	/* third generate a shutdown into the queue for out net */
1318 	sctp_send_shutdown_ack(stcb, alt);
1319 
1320 	/* fourth restart timer */
1321 	sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK, inp, stcb, alt);
1322 	return (0);
1323 }
1324 
1325 static void
1326 sctp_audit_stream_queues_for_size(struct sctp_inpcb *inp,
1327     struct sctp_tcb *stcb)
1328 {
1329 	struct sctp_stream_queue_pending *sp;
1330 	unsigned int i, chks_in_queue = 0;
1331 	int being_filled = 0;
1332 
1333 	/*
1334 	 * This function is ONLY called when the send/sent queues are empty.
1335 	 */
1336 	if ((stcb == NULL) || (inp == NULL))
1337 		return;
1338 
1339 	if (stcb->asoc.sent_queue_retran_cnt) {
1340 		SCTP_PRINTF("Hmm, sent_queue_retran_cnt is non-zero %d\n",
1341 		    stcb->asoc.sent_queue_retran_cnt);
1342 		stcb->asoc.sent_queue_retran_cnt = 0;
1343 	}
1344 	if (stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, &stcb->asoc)) {
1345 		/* No stream scheduler information, initialize scheduler */
1346 		stcb->asoc.ss_functions.sctp_ss_init(stcb, &stcb->asoc, 0);
1347 		if (!stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, &stcb->asoc)) {
1348 			/* yep, we lost a stream or two */
1349 			SCTP_PRINTF("Found additional streams NOT managed by scheduler, corrected\n");
1350 		} else {
1351 			/* no streams lost */
1352 			stcb->asoc.total_output_queue_size = 0;
1353 		}
1354 	}
1355 	/* Check to see if some data queued, if so report it */
1356 	for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
1357 		if (!TAILQ_EMPTY(&stcb->asoc.strmout[i].outqueue)) {
1358 			TAILQ_FOREACH(sp, &stcb->asoc.strmout[i].outqueue, next) {
1359 				if (sp->msg_is_complete)
1360 					being_filled++;
1361 				chks_in_queue++;
1362 			}
1363 		}
1364 	}
1365 	if (chks_in_queue != stcb->asoc.stream_queue_cnt) {
1366 		SCTP_PRINTF("Hmm, stream queue cnt at %d I counted %d in stream out wheel\n",
1367 		    stcb->asoc.stream_queue_cnt, chks_in_queue);
1368 	}
1369 	if (chks_in_queue) {
1370 		/* call the output queue function */
1371 		sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED);
1372 		if ((TAILQ_EMPTY(&stcb->asoc.send_queue)) &&
1373 		    (TAILQ_EMPTY(&stcb->asoc.sent_queue))) {
1374 			/*
1375 			 * Probably should go in and make it go back through
1376 			 * and add fragments allowed
1377 			 */
1378 			if (being_filled == 0) {
1379 				SCTP_PRINTF("Still nothing moved %d chunks are stuck\n",
1380 				    chks_in_queue);
1381 			}
1382 		}
1383 	} else {
1384 		SCTP_PRINTF("Found no chunks on any queue tot:%lu\n",
1385 		    (u_long)stcb->asoc.total_output_queue_size);
1386 		stcb->asoc.total_output_queue_size = 0;
1387 	}
1388 }
1389 
1390 int
1391 sctp_heartbeat_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1392     struct sctp_nets *net)
1393 {
1394 	uint8_t net_was_pf;
1395 
1396 	if (net->dest_state & SCTP_ADDR_PF) {
1397 		net_was_pf = 1;
1398 	} else {
1399 		net_was_pf = 0;
1400 	}
1401 	if (net->hb_responded == 0) {
1402 		if (net->ro._s_addr) {
1403 			/*
1404 			 * Invalidate the src address if we did not get a
1405 			 * response last time.
1406 			 */
1407 			sctp_free_ifa(net->ro._s_addr);
1408 			net->ro._s_addr = NULL;
1409 			net->src_addr_selected = 0;
1410 		}
1411 		sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1412 		if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1413 			/* Assoc is over */
1414 			return (1);
1415 		}
1416 	}
1417 	/* Zero PBA, if it needs it */
1418 	if (net->partial_bytes_acked) {
1419 		net->partial_bytes_acked = 0;
1420 	}
1421 	if ((stcb->asoc.total_output_queue_size > 0) &&
1422 	    (TAILQ_EMPTY(&stcb->asoc.send_queue)) &&
1423 	    (TAILQ_EMPTY(&stcb->asoc.sent_queue))) {
1424 		sctp_audit_stream_queues_for_size(inp, stcb);
1425 	}
1426 	if (!(net->dest_state & SCTP_ADDR_NOHB) &&
1427 	    !((net_was_pf == 0) && (net->dest_state & SCTP_ADDR_PF))) {
1428 		/*
1429 		 * when move to PF during threshold mangement, a HB has been
1430 		 * queued in that routine
1431 		 */
1432 		uint32_t ms_gone_by;
1433 
1434 		if ((net->last_sent_time.tv_sec > 0) ||
1435 		    (net->last_sent_time.tv_usec > 0)) {
1436 			struct timeval diff;
1437 
1438 			SCTP_GETTIME_TIMEVAL(&diff);
1439 			timevalsub(&diff, &net->last_sent_time);
1440 			ms_gone_by = (uint32_t)(diff.tv_sec * 1000) +
1441 			    (uint32_t)(diff.tv_usec / 1000);
1442 		} else {
1443 			ms_gone_by = 0xffffffff;
1444 		}
1445 		if ((ms_gone_by >= net->heart_beat_delay) ||
1446 		    (net->dest_state & SCTP_ADDR_PF)) {
1447 			sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
1448 		}
1449 	}
1450 	return (0);
1451 }
1452 
1453 void
1454 sctp_pathmtu_timer(struct sctp_inpcb *inp,
1455     struct sctp_tcb *stcb,
1456     struct sctp_nets *net)
1457 {
1458 	uint32_t next_mtu, mtu;
1459 
1460 	next_mtu = sctp_get_next_mtu(net->mtu);
1461 
1462 	if ((next_mtu > net->mtu) && (net->port == 0)) {
1463 		if ((net->src_addr_selected == 0) ||
1464 		    (net->ro._s_addr == NULL) ||
1465 		    (net->ro._s_addr->localifa_flags & SCTP_BEING_DELETED)) {
1466 			if ((net->ro._s_addr != NULL) && (net->ro._s_addr->localifa_flags & SCTP_BEING_DELETED)) {
1467 				sctp_free_ifa(net->ro._s_addr);
1468 				net->ro._s_addr = NULL;
1469 				net->src_addr_selected = 0;
1470 			} else if (net->ro._s_addr == NULL) {
1471 #if defined(INET6) && defined(SCTP_EMBEDDED_V6_SCOPE)
1472 				if (net->ro._l_addr.sa.sa_family == AF_INET6) {
1473 					struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1474 
1475 					/* KAME hack: embed scopeid */
1476 					(void)sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
1477 				}
1478 #endif
1479 
1480 				net->ro._s_addr = sctp_source_address_selection(inp,
1481 				    stcb,
1482 				    (sctp_route_t *)&net->ro,
1483 				    net, 0, stcb->asoc.vrf_id);
1484 #if defined(INET6) && defined(SCTP_EMBEDDED_V6_SCOPE)
1485 				if (net->ro._l_addr.sa.sa_family == AF_INET6) {
1486 					struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1487 
1488 					(void)sa6_recoverscope(sin6);
1489 				}
1490 #endif				/* INET6 */
1491 			}
1492 			if (net->ro._s_addr)
1493 				net->src_addr_selected = 1;
1494 		}
1495 		if (net->ro._s_addr) {
1496 			mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._s_addr.sa, net->ro.ro_rt);
1497 #if defined(INET) || defined(INET6)
1498 			if (net->port) {
1499 				mtu -= sizeof(struct udphdr);
1500 			}
1501 #endif
1502 			if (mtu > next_mtu) {
1503 				net->mtu = next_mtu;
1504 			} else {
1505 				net->mtu = mtu;
1506 			}
1507 		}
1508 	}
1509 	/* restart the timer */
1510 	sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net);
1511 }
1512 
1513 void
1514 sctp_autoclose_timer(struct sctp_inpcb *inp,
1515     struct sctp_tcb *stcb,
1516     struct sctp_nets *net)
1517 {
1518 	struct timeval tn, *tim_touse;
1519 	struct sctp_association *asoc;
1520 	int ticks_gone_by;
1521 
1522 	(void)SCTP_GETTIME_TIMEVAL(&tn);
1523 	if (stcb->asoc.sctp_autoclose_ticks &&
1524 	    sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1525 		/* Auto close is on */
1526 		asoc = &stcb->asoc;
1527 		/* pick the time to use */
1528 		if (asoc->time_last_rcvd.tv_sec >
1529 		    asoc->time_last_sent.tv_sec) {
1530 			tim_touse = &asoc->time_last_rcvd;
1531 		} else {
1532 			tim_touse = &asoc->time_last_sent;
1533 		}
1534 		/* Now has long enough transpired to autoclose? */
1535 		ticks_gone_by = SEC_TO_TICKS(tn.tv_sec - tim_touse->tv_sec);
1536 		if ((ticks_gone_by > 0) &&
1537 		    (ticks_gone_by >= (int)asoc->sctp_autoclose_ticks)) {
1538 			/*
1539 			 * autoclose time has hit, call the output routine,
1540 			 * which should do nothing just to be SURE we don't
1541 			 * have hanging data. We can then safely check the
1542 			 * queues and know that we are clear to send
1543 			 * shutdown
1544 			 */
1545 			sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR, SCTP_SO_NOT_LOCKED);
1546 			/* Are we clean? */
1547 			if (TAILQ_EMPTY(&asoc->send_queue) &&
1548 			    TAILQ_EMPTY(&asoc->sent_queue)) {
1549 				/*
1550 				 * there is nothing queued to send, so I'm
1551 				 * done...
1552 				 */
1553 				if (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) {
1554 					/* only send SHUTDOWN 1st time thru */
1555 					struct sctp_nets *netp;
1556 
1557 					if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) ||
1558 					    (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
1559 						SCTP_STAT_DECR_GAUGE32(sctps_currestab);
1560 					}
1561 					SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
1562 					SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
1563 					sctp_stop_timers_for_shutdown(stcb);
1564 					if (stcb->asoc.alternate) {
1565 						netp = stcb->asoc.alternate;
1566 					} else {
1567 						netp = stcb->asoc.primary_destination;
1568 					}
1569 					sctp_send_shutdown(stcb, netp);
1570 					sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
1571 					    stcb->sctp_ep, stcb,
1572 					    netp);
1573 					sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1574 					    stcb->sctp_ep, stcb,
1575 					    netp);
1576 				}
1577 			}
1578 		} else {
1579 			/*
1580 			 * No auto close at this time, reset t-o to check
1581 			 * later
1582 			 */
1583 			int tmp;
1584 
1585 			/* fool the timer startup to use the time left */
1586 			tmp = asoc->sctp_autoclose_ticks;
1587 			asoc->sctp_autoclose_ticks -= ticks_gone_by;
1588 			sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb,
1589 			    net);
1590 			/* restore the real tick value */
1591 			asoc->sctp_autoclose_ticks = tmp;
1592 		}
1593 	}
1594 }
1595