1 /*- 2 * Copyright (c) 2001-2006, Cisco Systems, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * a) Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * b) Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the distribution. 13 * 14 * c) Neither the name of Cisco Systems, Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 20 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 28 * THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 /* $KAME: sctputil.c,v 1.37 2005/03/07 23:26:09 itojun Exp $ */ 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 37 #include "opt_ipsec.h" 38 #include "opt_compat.h" 39 #include "opt_inet6.h" 40 #include "opt_inet.h" 41 #include "opt_sctp.h" 42 43 #include <sys/param.h> 44 #include <sys/systm.h> 45 #include <sys/fcntl.h> 46 #include <sys/lock.h> 47 #include <sys/malloc.h> 48 #include <sys/mbuf.h> 49 #include <sys/domain.h> 50 #include <sys/file.h> /* for struct knote */ 51 #include <sys/kernel.h> 52 #include <sys/event.h> 53 #include <sys/poll.h> 54 55 #include <sys/protosw.h> 56 #include <sys/socket.h> 57 #include <sys/socketvar.h> 58 #include <sys/proc.h> 59 #include <sys/kernel.h> 60 #include <sys/resourcevar.h> 61 #include <sys/signalvar.h> 62 #include <sys/sysctl.h> 63 #include <sys/uio.h> 64 #include <sys/jail.h> 65 66 #include <sys/callout.h> 67 68 #include <net/radix.h> 69 #include <net/route.h> 70 71 #ifdef INET6 72 #include <sys/domain.h> 73 #endif 74 75 #include <sys/limits.h> 76 #include <sys/mac.h> 77 #include <sys/mutex.h> 78 79 #include <net/if.h> 80 #include <net/if_types.h> 81 #include <net/route.h> 82 83 #include <netinet/in.h> 84 #include <netinet/in_systm.h> 85 #include <netinet/ip.h> 86 #include <netinet/in_pcb.h> 87 #include <netinet/in_var.h> 88 #include <netinet/ip_var.h> 89 90 #ifdef INET6 91 #include <netinet/ip6.h> 92 #include <netinet6/ip6_var.h> 93 94 #include <netinet6/in6_pcb.h> 95 96 #include <netinet6/scope6_var.h> 97 #endif /* INET6 */ 98 99 #ifdef IPSEC 100 #include <netinet6/ipsec.h> 101 #include <netkey/key.h> 102 #endif /* IPSEC */ 103 104 #include <netinet/sctp_os.h> 105 #include <netinet/sctp_pcb.h> 106 #include <netinet/sctputil.h> 107 #include <netinet/sctp_var.h> 108 #ifdef INET6 109 #include <netinet6/sctp6_var.h> 110 #endif 111 #include <netinet/sctp_header.h> 112 #include <netinet/sctp_output.h> 113 #include <netinet/sctp_uio.h> 114 #include <netinet/sctp_timer.h> 115 #include <netinet/sctp_crc32.h> 116 #include <netinet/sctp_indata.h>/* for sctp_deliver_data() */ 117 #include <netinet/sctp_auth.h> 118 #include <netinet/sctp_asconf.h> 119 120 extern int sctp_warm_the_crc32_table; 121 122 #define NUMBER_OF_MTU_SIZES 18 123 124 #ifdef SCTP_DEBUG 125 extern uint32_t sctp_debug_on; 126 127 #endif 128 129 130 #ifdef SCTP_STAT_LOGGING 131 int global_sctp_cwnd_log_at = 0; 132 int global_sctp_cwnd_log_rolled = 0; 133 struct sctp_cwnd_log sctp_clog[SCTP_STAT_LOG_SIZE]; 134 135 static uint32_t 136 sctp_get_time_of_event(void) 137 { 138 struct timeval now; 139 uint32_t timeval; 140 141 SCTP_GETPTIME_TIMEVAL(&now); 142 timeval = (now.tv_sec % 0x00000fff); 143 timeval <<= 20; 144 timeval |= now.tv_usec & 0xfffff; 145 return (timeval); 146 } 147 148 149 void 150 sctp_clr_stat_log(void) 151 { 152 global_sctp_cwnd_log_at = 0; 153 global_sctp_cwnd_log_rolled = 0; 154 } 155 156 157 void 158 sctp_sblog(struct sockbuf *sb, 159 struct sctp_tcb *stcb, int from, int incr) 160 { 161 int sctp_cwnd_log_at; 162 163 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 164 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 165 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 166 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_SB; 167 sctp_clog[sctp_cwnd_log_at].x.sb.stcb = stcb; 168 sctp_clog[sctp_cwnd_log_at].x.sb.so_sbcc = sb->sb_cc; 169 if (stcb) 170 sctp_clog[sctp_cwnd_log_at].x.sb.stcb_sbcc = stcb->asoc.sb_cc; 171 else 172 sctp_clog[sctp_cwnd_log_at].x.sb.stcb_sbcc = 0; 173 sctp_clog[sctp_cwnd_log_at].x.sb.incr = incr; 174 } 175 176 void 177 sctp_log_closing(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int16_t loc) 178 { 179 int sctp_cwnd_log_at; 180 181 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 182 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 183 sctp_clog[sctp_cwnd_log_at].from = 0; 184 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_CLOSE; 185 sctp_clog[sctp_cwnd_log_at].x.close.inp = (void *)inp; 186 sctp_clog[sctp_cwnd_log_at].x.close.sctp_flags = inp->sctp_flags; 187 if (stcb) { 188 sctp_clog[sctp_cwnd_log_at].x.close.stcb = (void *)stcb; 189 sctp_clog[sctp_cwnd_log_at].x.close.state = (uint16_t) stcb->asoc.state; 190 } else { 191 sctp_clog[sctp_cwnd_log_at].x.close.stcb = 0; 192 sctp_clog[sctp_cwnd_log_at].x.close.state = 0; 193 } 194 sctp_clog[sctp_cwnd_log_at].x.close.loc = loc; 195 } 196 197 198 void 199 rto_logging(struct sctp_nets *net, int from) 200 { 201 int sctp_cwnd_log_at; 202 203 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 204 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 205 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 206 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_RTT; 207 sctp_clog[sctp_cwnd_log_at].x.rto.net = (void *)net; 208 sctp_clog[sctp_cwnd_log_at].x.rto.rtt = net->prev_rtt; 209 sctp_clog[sctp_cwnd_log_at].x.rto.rttvar = net->rtt_variance; 210 sctp_clog[sctp_cwnd_log_at].x.rto.direction = net->rto_variance_dir; 211 } 212 213 void 214 sctp_log_strm_del_alt(struct sctp_tcb *stcb, uint32_t tsn, uint16_t sseq, uint16_t stream, int from) 215 { 216 int sctp_cwnd_log_at; 217 218 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 219 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 220 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 221 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_STRM; 222 sctp_clog[sctp_cwnd_log_at].x.strlog.stcb = stcb; 223 sctp_clog[sctp_cwnd_log_at].x.strlog.n_tsn = tsn; 224 sctp_clog[sctp_cwnd_log_at].x.strlog.n_sseq = sseq; 225 sctp_clog[sctp_cwnd_log_at].x.strlog.e_tsn = 0; 226 sctp_clog[sctp_cwnd_log_at].x.strlog.e_sseq = 0; 227 sctp_clog[sctp_cwnd_log_at].x.strlog.strm = stream; 228 } 229 230 void 231 sctp_log_nagle_event(struct sctp_tcb *stcb, int action) 232 { 233 int sctp_cwnd_log_at; 234 235 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 236 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 237 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) action; 238 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_NAGLE; 239 sctp_clog[sctp_cwnd_log_at].x.nagle.stcb = (void *)stcb; 240 sctp_clog[sctp_cwnd_log_at].x.nagle.total_flight = stcb->asoc.total_flight; 241 sctp_clog[sctp_cwnd_log_at].x.nagle.total_in_queue = stcb->asoc.total_output_queue_size; 242 sctp_clog[sctp_cwnd_log_at].x.nagle.count_in_queue = stcb->asoc.chunks_on_out_queue; 243 sctp_clog[sctp_cwnd_log_at].x.nagle.count_in_flight = stcb->asoc.total_flight_count; 244 } 245 246 247 void 248 sctp_log_sack(uint32_t old_cumack, uint32_t cumack, uint32_t tsn, uint16_t gaps, uint16_t dups, int from) 249 { 250 int sctp_cwnd_log_at; 251 252 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 253 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 254 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 255 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_SACK; 256 sctp_clog[sctp_cwnd_log_at].x.sack.cumack = cumack; 257 sctp_clog[sctp_cwnd_log_at].x.sack.oldcumack = old_cumack; 258 sctp_clog[sctp_cwnd_log_at].x.sack.tsn = tsn; 259 sctp_clog[sctp_cwnd_log_at].x.sack.numGaps = gaps; 260 sctp_clog[sctp_cwnd_log_at].x.sack.numDups = dups; 261 } 262 263 void 264 sctp_log_map(uint32_t map, uint32_t cum, uint32_t high, int from) 265 { 266 int sctp_cwnd_log_at; 267 268 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 269 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 270 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 271 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_MAP; 272 sctp_clog[sctp_cwnd_log_at].x.map.base = map; 273 sctp_clog[sctp_cwnd_log_at].x.map.cum = cum; 274 sctp_clog[sctp_cwnd_log_at].x.map.high = high; 275 } 276 277 void 278 sctp_log_fr(uint32_t biggest_tsn, uint32_t biggest_new_tsn, uint32_t tsn, 279 int from) 280 { 281 int sctp_cwnd_log_at; 282 283 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 284 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 285 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 286 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_FR; 287 sctp_clog[sctp_cwnd_log_at].x.fr.largest_tsn = biggest_tsn; 288 sctp_clog[sctp_cwnd_log_at].x.fr.largest_new_tsn = biggest_new_tsn; 289 sctp_clog[sctp_cwnd_log_at].x.fr.tsn = tsn; 290 } 291 292 293 void 294 sctp_log_mb(struct mbuf *m, int from) 295 { 296 int sctp_cwnd_log_at; 297 298 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 299 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 300 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 301 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_MBUF; 302 sctp_clog[sctp_cwnd_log_at].x.mb.mp = m; 303 sctp_clog[sctp_cwnd_log_at].x.mb.mbuf_flags = (uint8_t) (m->m_flags); 304 sctp_clog[sctp_cwnd_log_at].x.mb.size = (uint16_t) (m->m_len); 305 sctp_clog[sctp_cwnd_log_at].x.mb.data = m->m_data; 306 if (m->m_flags & M_EXT) { 307 sctp_clog[sctp_cwnd_log_at].x.mb.ext = m->m_ext.ext_buf; 308 sctp_clog[sctp_cwnd_log_at].x.mb.refcnt = (uint8_t) (*m->m_ext.ref_cnt); 309 } else { 310 sctp_clog[sctp_cwnd_log_at].x.mb.ext = 0; 311 sctp_clog[sctp_cwnd_log_at].x.mb.refcnt = 0; 312 } 313 } 314 315 316 void 317 sctp_log_strm_del(struct sctp_queued_to_read *control, struct sctp_queued_to_read *poschk, 318 int from) 319 { 320 int sctp_cwnd_log_at; 321 322 if (control == NULL) { 323 printf("Gak log of NULL?\n"); 324 return; 325 } 326 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 327 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 328 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 329 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_STRM; 330 sctp_clog[sctp_cwnd_log_at].x.strlog.stcb = control->stcb; 331 sctp_clog[sctp_cwnd_log_at].x.strlog.n_tsn = control->sinfo_tsn; 332 sctp_clog[sctp_cwnd_log_at].x.strlog.n_sseq = control->sinfo_ssn; 333 sctp_clog[sctp_cwnd_log_at].x.strlog.strm = control->sinfo_stream; 334 if (poschk != NULL) { 335 sctp_clog[sctp_cwnd_log_at].x.strlog.e_tsn = poschk->sinfo_tsn; 336 sctp_clog[sctp_cwnd_log_at].x.strlog.e_sseq = poschk->sinfo_ssn; 337 } else { 338 sctp_clog[sctp_cwnd_log_at].x.strlog.e_tsn = 0; 339 sctp_clog[sctp_cwnd_log_at].x.strlog.e_sseq = 0; 340 } 341 } 342 343 void 344 sctp_log_cwnd(struct sctp_tcb *stcb, struct sctp_nets *net, int augment, uint8_t from) 345 { 346 int sctp_cwnd_log_at; 347 348 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 349 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 350 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 351 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_CWND; 352 sctp_clog[sctp_cwnd_log_at].x.cwnd.net = net; 353 if (stcb->asoc.send_queue_cnt > 255) 354 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_send = 255; 355 else 356 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 357 if (stcb->asoc.stream_queue_cnt > 255) 358 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_str = 255; 359 else 360 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 361 362 if (net) { 363 sctp_clog[sctp_cwnd_log_at].x.cwnd.cwnd_new_value = net->cwnd; 364 sctp_clog[sctp_cwnd_log_at].x.cwnd.inflight = net->flight_size; 365 sctp_clog[sctp_cwnd_log_at].x.cwnd.pseudo_cumack = net->pseudo_cumack; 366 sctp_clog[sctp_cwnd_log_at].x.cwnd.meets_pseudo_cumack = net->new_pseudo_cumack; 367 sctp_clog[sctp_cwnd_log_at].x.cwnd.need_new_pseudo_cumack = net->find_pseudo_cumack; 368 } 369 if (SCTP_CWNDLOG_PRESEND == from) { 370 sctp_clog[sctp_cwnd_log_at].x.cwnd.meets_pseudo_cumack = stcb->asoc.peers_rwnd; 371 } 372 sctp_clog[sctp_cwnd_log_at].x.cwnd.cwnd_augment = augment; 373 } 374 375 void 376 sctp_log_lock(struct sctp_inpcb *inp, struct sctp_tcb *stcb, uint8_t from) 377 { 378 int sctp_cwnd_log_at; 379 380 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 381 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 382 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 383 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_LOCK_EVENT; 384 if (inp) { 385 sctp_clog[sctp_cwnd_log_at].x.lock.sock = (void *)inp->sctp_socket; 386 387 } else { 388 sctp_clog[sctp_cwnd_log_at].x.lock.sock = (void *)NULL; 389 } 390 sctp_clog[sctp_cwnd_log_at].x.lock.inp = (void *)inp; 391 if (stcb) { 392 sctp_clog[sctp_cwnd_log_at].x.lock.tcb_lock = mtx_owned(&stcb->tcb_mtx); 393 } else { 394 sctp_clog[sctp_cwnd_log_at].x.lock.tcb_lock = SCTP_LOCK_UNKNOWN; 395 } 396 if (inp) { 397 sctp_clog[sctp_cwnd_log_at].x.lock.inp_lock = mtx_owned(&inp->inp_mtx); 398 sctp_clog[sctp_cwnd_log_at].x.lock.create_lock = mtx_owned(&inp->inp_create_mtx); 399 } else { 400 sctp_clog[sctp_cwnd_log_at].x.lock.inp_lock = SCTP_LOCK_UNKNOWN; 401 sctp_clog[sctp_cwnd_log_at].x.lock.create_lock = SCTP_LOCK_UNKNOWN; 402 } 403 sctp_clog[sctp_cwnd_log_at].x.lock.info_lock = mtx_owned(&sctppcbinfo.ipi_ep_mtx); 404 if (inp->sctp_socket) { 405 sctp_clog[sctp_cwnd_log_at].x.lock.sock_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); 406 sctp_clog[sctp_cwnd_log_at].x.lock.sockrcvbuf_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); 407 sctp_clog[sctp_cwnd_log_at].x.lock.socksndbuf_lock = mtx_owned(&(inp->sctp_socket->so_snd.sb_mtx)); 408 } else { 409 sctp_clog[sctp_cwnd_log_at].x.lock.sock_lock = SCTP_LOCK_UNKNOWN; 410 sctp_clog[sctp_cwnd_log_at].x.lock.sockrcvbuf_lock = SCTP_LOCK_UNKNOWN; 411 sctp_clog[sctp_cwnd_log_at].x.lock.socksndbuf_lock = SCTP_LOCK_UNKNOWN; 412 } 413 } 414 415 void 416 sctp_log_maxburst(struct sctp_tcb *stcb, struct sctp_nets *net, int error, int burst, uint8_t from) 417 { 418 int sctp_cwnd_log_at; 419 420 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 421 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 422 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 423 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_MAXBURST; 424 sctp_clog[sctp_cwnd_log_at].x.cwnd.net = net; 425 sctp_clog[sctp_cwnd_log_at].x.cwnd.cwnd_new_value = error; 426 sctp_clog[sctp_cwnd_log_at].x.cwnd.inflight = net->flight_size; 427 sctp_clog[sctp_cwnd_log_at].x.cwnd.cwnd_augment = burst; 428 if (stcb->asoc.send_queue_cnt > 255) 429 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_send = 255; 430 else 431 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 432 if (stcb->asoc.stream_queue_cnt > 255) 433 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_str = 255; 434 else 435 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 436 } 437 438 void 439 sctp_log_rwnd(uint8_t from, uint32_t peers_rwnd, uint32_t snd_size, uint32_t overhead) 440 { 441 int sctp_cwnd_log_at; 442 443 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 444 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 445 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 446 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_RWND; 447 sctp_clog[sctp_cwnd_log_at].x.rwnd.rwnd = peers_rwnd; 448 sctp_clog[sctp_cwnd_log_at].x.rwnd.send_size = snd_size; 449 sctp_clog[sctp_cwnd_log_at].x.rwnd.overhead = overhead; 450 sctp_clog[sctp_cwnd_log_at].x.rwnd.new_rwnd = 0; 451 } 452 453 void 454 sctp_log_rwnd_set(uint8_t from, uint32_t peers_rwnd, uint32_t flight_size, uint32_t overhead, uint32_t a_rwndval) 455 { 456 int sctp_cwnd_log_at; 457 458 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 459 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 460 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 461 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_RWND; 462 sctp_clog[sctp_cwnd_log_at].x.rwnd.rwnd = peers_rwnd; 463 sctp_clog[sctp_cwnd_log_at].x.rwnd.send_size = flight_size; 464 sctp_clog[sctp_cwnd_log_at].x.rwnd.overhead = overhead; 465 sctp_clog[sctp_cwnd_log_at].x.rwnd.new_rwnd = a_rwndval; 466 } 467 468 void 469 sctp_log_mbcnt(uint8_t from, uint32_t total_oq, uint32_t book, uint32_t total_mbcnt_q, uint32_t mbcnt) 470 { 471 int sctp_cwnd_log_at; 472 473 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 474 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 475 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 476 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_MBCNT; 477 sctp_clog[sctp_cwnd_log_at].x.mbcnt.total_queue_size = total_oq; 478 sctp_clog[sctp_cwnd_log_at].x.mbcnt.size_change = book; 479 sctp_clog[sctp_cwnd_log_at].x.mbcnt.total_queue_mb_size = total_mbcnt_q; 480 sctp_clog[sctp_cwnd_log_at].x.mbcnt.mbcnt_change = mbcnt; 481 } 482 483 void 484 sctp_misc_ints(uint8_t from, uint32_t a, uint32_t b, uint32_t c, uint32_t d) 485 { 486 int sctp_cwnd_log_at; 487 488 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 489 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 490 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 491 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_MISC_EVENT; 492 sctp_clog[sctp_cwnd_log_at].x.misc.log1 = a; 493 sctp_clog[sctp_cwnd_log_at].x.misc.log2 = b; 494 sctp_clog[sctp_cwnd_log_at].x.misc.log3 = c; 495 sctp_clog[sctp_cwnd_log_at].x.misc.log4 = d; 496 } 497 498 void 499 sctp_wakeup_log(struct sctp_tcb *stcb, uint32_t cumtsn, uint32_t wake_cnt, int from) 500 { 501 int sctp_cwnd_log_at; 502 503 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 504 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 505 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 506 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_WAKE; 507 sctp_clog[sctp_cwnd_log_at].x.wake.stcb = (void *)stcb; 508 sctp_clog[sctp_cwnd_log_at].x.wake.wake_cnt = wake_cnt; 509 sctp_clog[sctp_cwnd_log_at].x.wake.flight = stcb->asoc.total_flight_count; 510 sctp_clog[sctp_cwnd_log_at].x.wake.send_q = stcb->asoc.send_queue_cnt; 511 sctp_clog[sctp_cwnd_log_at].x.wake.sent_q = stcb->asoc.sent_queue_cnt; 512 513 if (stcb->asoc.stream_queue_cnt < 0xff) 514 sctp_clog[sctp_cwnd_log_at].x.wake.stream_qcnt = (uint8_t) stcb->asoc.stream_queue_cnt; 515 else 516 sctp_clog[sctp_cwnd_log_at].x.wake.stream_qcnt = 0xff; 517 518 if (stcb->asoc.chunks_on_out_queue < 0xff) 519 sctp_clog[sctp_cwnd_log_at].x.wake.chunks_on_oque = (uint8_t) stcb->asoc.chunks_on_out_queue; 520 else 521 sctp_clog[sctp_cwnd_log_at].x.wake.chunks_on_oque = 0xff; 522 523 sctp_clog[sctp_cwnd_log_at].x.wake.sctpflags = 0; 524 /* set in the defered mode stuff */ 525 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE) 526 sctp_clog[sctp_cwnd_log_at].x.wake.sctpflags |= 1; 527 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT) 528 sctp_clog[sctp_cwnd_log_at].x.wake.sctpflags |= 2; 529 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT) 530 sctp_clog[sctp_cwnd_log_at].x.wake.sctpflags |= 4; 531 /* what about the sb */ 532 if (stcb->sctp_socket) { 533 struct socket *so = stcb->sctp_socket; 534 535 sctp_clog[sctp_cwnd_log_at].x.wake.sbflags = (uint8_t) ((so->so_snd.sb_flags & 0x00ff)); 536 } else { 537 sctp_clog[sctp_cwnd_log_at].x.wake.sbflags = 0xff; 538 } 539 } 540 541 void 542 sctp_log_block(uint8_t from, struct socket *so, struct sctp_association *asoc, int sendlen) 543 { 544 int sctp_cwnd_log_at; 545 546 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 547 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 548 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 549 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_BLOCK; 550 sctp_clog[sctp_cwnd_log_at].x.blk.onsb = asoc->total_output_queue_size; 551 sctp_clog[sctp_cwnd_log_at].x.blk.send_sent_qcnt = (uint16_t) (asoc->send_queue_cnt + asoc->sent_queue_cnt); 552 sctp_clog[sctp_cwnd_log_at].x.blk.peer_rwnd = asoc->peers_rwnd; 553 sctp_clog[sctp_cwnd_log_at].x.blk.stream_qcnt = (uint16_t) asoc->stream_queue_cnt; 554 sctp_clog[sctp_cwnd_log_at].x.blk.chunks_on_oque = (uint16_t) asoc->chunks_on_out_queue; 555 sctp_clog[sctp_cwnd_log_at].x.blk.flight_size = (uint16_t) (asoc->total_flight / 1024); 556 sctp_clog[sctp_cwnd_log_at].x.blk.sndlen = sendlen; 557 } 558 559 int 560 sctp_fill_stat_log(struct mbuf *m) 561 { 562 int sctp_cwnd_log_at; 563 struct sctp_cwnd_log_req *req; 564 size_t size_limit; 565 int num, i, at, cnt_out = 0; 566 567 if (m == NULL) 568 return (EINVAL); 569 570 size_limit = (m->m_len - sizeof(struct sctp_cwnd_log_req)); 571 if (size_limit < sizeof(struct sctp_cwnd_log)) { 572 return (EINVAL); 573 } 574 sctp_cwnd_log_at = global_sctp_cwnd_log_at; 575 req = mtod(m, struct sctp_cwnd_log_req *); 576 num = size_limit / sizeof(struct sctp_cwnd_log); 577 if (global_sctp_cwnd_log_rolled) { 578 req->num_in_log = SCTP_STAT_LOG_SIZE; 579 } else { 580 req->num_in_log = sctp_cwnd_log_at; 581 /* 582 * if the log has not rolled, we don't let you have old 583 * data. 584 */ 585 if (req->end_at > sctp_cwnd_log_at) { 586 req->end_at = sctp_cwnd_log_at; 587 } 588 } 589 if ((num < SCTP_STAT_LOG_SIZE) && 590 ((global_sctp_cwnd_log_rolled) || (sctp_cwnd_log_at > num))) { 591 /* we can't return all of it */ 592 if (((req->start_at == 0) && (req->end_at == 0)) || 593 (req->start_at >= SCTP_STAT_LOG_SIZE) || 594 (req->end_at >= SCTP_STAT_LOG_SIZE)) { 595 /* No user request or user is wacked. */ 596 req->num_ret = num; 597 req->end_at = sctp_cwnd_log_at - 1; 598 if ((sctp_cwnd_log_at - num) < 0) { 599 int cc; 600 601 cc = num - sctp_cwnd_log_at; 602 req->start_at = SCTP_STAT_LOG_SIZE - cc; 603 } else { 604 req->start_at = sctp_cwnd_log_at - num; 605 } 606 } else { 607 /* a user request */ 608 int cc; 609 610 if (req->start_at > req->end_at) { 611 cc = (SCTP_STAT_LOG_SIZE - req->start_at) + 612 (req->end_at + 1); 613 } else { 614 615 cc = (req->end_at - req->start_at) + 1; 616 } 617 if (cc < num) { 618 num = cc; 619 } 620 req->num_ret = num; 621 } 622 } else { 623 /* We can return all of it */ 624 req->start_at = 0; 625 req->end_at = sctp_cwnd_log_at - 1; 626 req->num_ret = sctp_cwnd_log_at; 627 } 628 #ifdef INVARIANTS 629 if (req->num_ret > num) { 630 panic("Bad statlog get?"); 631 } 632 #endif 633 for (i = 0, at = req->start_at; i < req->num_ret; i++) { 634 req->log[i] = sctp_clog[at]; 635 cnt_out++; 636 at++; 637 if (at >= SCTP_STAT_LOG_SIZE) 638 at = 0; 639 } 640 m->m_len = (cnt_out * sizeof(struct sctp_cwnd_log)) + sizeof(struct sctp_cwnd_log_req); 641 return (0); 642 } 643 644 #endif 645 646 #ifdef SCTP_AUDITING_ENABLED 647 uint8_t sctp_audit_data[SCTP_AUDIT_SIZE][2]; 648 static int sctp_audit_indx = 0; 649 650 static 651 void 652 sctp_print_audit_report(void) 653 { 654 int i; 655 int cnt; 656 657 cnt = 0; 658 for (i = sctp_audit_indx; i < SCTP_AUDIT_SIZE; i++) { 659 if ((sctp_audit_data[i][0] == 0xe0) && 660 (sctp_audit_data[i][1] == 0x01)) { 661 cnt = 0; 662 printf("\n"); 663 } else if (sctp_audit_data[i][0] == 0xf0) { 664 cnt = 0; 665 printf("\n"); 666 } else if ((sctp_audit_data[i][0] == 0xc0) && 667 (sctp_audit_data[i][1] == 0x01)) { 668 printf("\n"); 669 cnt = 0; 670 } 671 printf("%2.2x%2.2x ", (uint32_t) sctp_audit_data[i][0], 672 (uint32_t) sctp_audit_data[i][1]); 673 cnt++; 674 if ((cnt % 14) == 0) 675 printf("\n"); 676 } 677 for (i = 0; i < sctp_audit_indx; i++) { 678 if ((sctp_audit_data[i][0] == 0xe0) && 679 (sctp_audit_data[i][1] == 0x01)) { 680 cnt = 0; 681 printf("\n"); 682 } else if (sctp_audit_data[i][0] == 0xf0) { 683 cnt = 0; 684 printf("\n"); 685 } else if ((sctp_audit_data[i][0] == 0xc0) && 686 (sctp_audit_data[i][1] == 0x01)) { 687 printf("\n"); 688 cnt = 0; 689 } 690 printf("%2.2x%2.2x ", (uint32_t) sctp_audit_data[i][0], 691 (uint32_t) sctp_audit_data[i][1]); 692 cnt++; 693 if ((cnt % 14) == 0) 694 printf("\n"); 695 } 696 printf("\n"); 697 } 698 699 void 700 sctp_auditing(int from, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 701 struct sctp_nets *net) 702 { 703 int resend_cnt, tot_out, rep, tot_book_cnt; 704 struct sctp_nets *lnet; 705 struct sctp_tmit_chunk *chk; 706 707 sctp_audit_data[sctp_audit_indx][0] = 0xAA; 708 sctp_audit_data[sctp_audit_indx][1] = 0x000000ff & from; 709 sctp_audit_indx++; 710 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 711 sctp_audit_indx = 0; 712 } 713 if (inp == NULL) { 714 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 715 sctp_audit_data[sctp_audit_indx][1] = 0x01; 716 sctp_audit_indx++; 717 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 718 sctp_audit_indx = 0; 719 } 720 return; 721 } 722 if (stcb == NULL) { 723 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 724 sctp_audit_data[sctp_audit_indx][1] = 0x02; 725 sctp_audit_indx++; 726 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 727 sctp_audit_indx = 0; 728 } 729 return; 730 } 731 sctp_audit_data[sctp_audit_indx][0] = 0xA1; 732 sctp_audit_data[sctp_audit_indx][1] = 733 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 734 sctp_audit_indx++; 735 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 736 sctp_audit_indx = 0; 737 } 738 rep = 0; 739 tot_book_cnt = 0; 740 resend_cnt = tot_out = 0; 741 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 742 if (chk->sent == SCTP_DATAGRAM_RESEND) { 743 resend_cnt++; 744 } else if (chk->sent < SCTP_DATAGRAM_RESEND) { 745 tot_out += chk->book_size; 746 tot_book_cnt++; 747 } 748 } 749 if (resend_cnt != stcb->asoc.sent_queue_retran_cnt) { 750 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 751 sctp_audit_data[sctp_audit_indx][1] = 0xA1; 752 sctp_audit_indx++; 753 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 754 sctp_audit_indx = 0; 755 } 756 printf("resend_cnt:%d asoc-tot:%d\n", 757 resend_cnt, stcb->asoc.sent_queue_retran_cnt); 758 rep = 1; 759 stcb->asoc.sent_queue_retran_cnt = resend_cnt; 760 sctp_audit_data[sctp_audit_indx][0] = 0xA2; 761 sctp_audit_data[sctp_audit_indx][1] = 762 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 763 sctp_audit_indx++; 764 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 765 sctp_audit_indx = 0; 766 } 767 } 768 if (tot_out != stcb->asoc.total_flight) { 769 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 770 sctp_audit_data[sctp_audit_indx][1] = 0xA2; 771 sctp_audit_indx++; 772 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 773 sctp_audit_indx = 0; 774 } 775 rep = 1; 776 printf("tot_flt:%d asoc_tot:%d\n", tot_out, 777 (int)stcb->asoc.total_flight); 778 stcb->asoc.total_flight = tot_out; 779 } 780 if (tot_book_cnt != stcb->asoc.total_flight_count) { 781 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 782 sctp_audit_data[sctp_audit_indx][1] = 0xA5; 783 sctp_audit_indx++; 784 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 785 sctp_audit_indx = 0; 786 } 787 rep = 1; 788 printf("tot_flt_book:%d\n", tot_book); 789 790 stcb->asoc.total_flight_count = tot_book_cnt; 791 } 792 tot_out = 0; 793 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 794 tot_out += lnet->flight_size; 795 } 796 if (tot_out != stcb->asoc.total_flight) { 797 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 798 sctp_audit_data[sctp_audit_indx][1] = 0xA3; 799 sctp_audit_indx++; 800 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 801 sctp_audit_indx = 0; 802 } 803 rep = 1; 804 printf("real flight:%d net total was %d\n", 805 stcb->asoc.total_flight, tot_out); 806 /* now corrective action */ 807 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 808 809 tot_out = 0; 810 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 811 if ((chk->whoTo == lnet) && 812 (chk->sent < SCTP_DATAGRAM_RESEND)) { 813 tot_out += chk->book_size; 814 } 815 } 816 if (lnet->flight_size != tot_out) { 817 printf("net:%x flight was %d corrected to %d\n", 818 (uint32_t) lnet, lnet->flight_size, tot_out); 819 lnet->flight_size = tot_out; 820 } 821 } 822 } 823 if (rep) { 824 sctp_print_audit_report(); 825 } 826 } 827 828 void 829 sctp_audit_log(uint8_t ev, uint8_t fd) 830 { 831 int s; 832 833 s = splnet(); 834 sctp_audit_data[sctp_audit_indx][0] = ev; 835 sctp_audit_data[sctp_audit_indx][1] = fd; 836 sctp_audit_indx++; 837 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 838 sctp_audit_indx = 0; 839 } 840 splx(s); 841 } 842 843 #endif 844 845 /* 846 * a list of sizes based on typical mtu's, used only if next hop size not 847 * returned. 848 */ 849 static int sctp_mtu_sizes[] = { 850 68, 851 296, 852 508, 853 512, 854 544, 855 576, 856 1006, 857 1492, 858 1500, 859 1536, 860 2002, 861 2048, 862 4352, 863 4464, 864 8166, 865 17914, 866 32000, 867 65535 868 }; 869 870 void 871 sctp_stop_timers_for_shutdown(struct sctp_tcb *stcb) 872 { 873 struct sctp_association *asoc; 874 struct sctp_nets *net; 875 876 asoc = &stcb->asoc; 877 878 callout_stop(&asoc->hb_timer.timer); 879 callout_stop(&asoc->dack_timer.timer); 880 callout_stop(&asoc->strreset_timer.timer); 881 callout_stop(&asoc->asconf_timer.timer); 882 callout_stop(&asoc->autoclose_timer.timer); 883 callout_stop(&asoc->delayed_event_timer.timer); 884 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 885 callout_stop(&net->fr_timer.timer); 886 callout_stop(&net->pmtu_timer.timer); 887 } 888 } 889 890 int 891 find_next_best_mtu(int totsz) 892 { 893 int i, perfer; 894 895 /* 896 * if we are in here we must find the next best fit based on the 897 * size of the dg that failed to be sent. 898 */ 899 perfer = 0; 900 for (i = 0; i < NUMBER_OF_MTU_SIZES; i++) { 901 if (totsz < sctp_mtu_sizes[i]) { 902 perfer = i - 1; 903 if (perfer < 0) 904 perfer = 0; 905 break; 906 } 907 } 908 return (sctp_mtu_sizes[perfer]); 909 } 910 911 void 912 sctp_fill_random_store(struct sctp_pcb *m) 913 { 914 /* 915 * Here we use the MD5/SHA-1 to hash with our good randomNumbers and 916 * our counter. The result becomes our good random numbers and we 917 * then setup to give these out. Note that we do no locking to 918 * protect this. This is ok, since if competing folks call this we 919 * will get more gobbled gook in the random store whic is what we 920 * want. There is a danger that two guys will use the same random 921 * numbers, but thats ok too since that is random as well :-> 922 */ 923 m->store_at = 0; 924 sctp_hmac(SCTP_HMAC, (uint8_t *) m->random_numbers, 925 sizeof(m->random_numbers), (uint8_t *) & m->random_counter, 926 sizeof(m->random_counter), (uint8_t *) m->random_store); 927 m->random_counter++; 928 } 929 930 uint32_t 931 sctp_select_initial_TSN(struct sctp_pcb *m) 932 { 933 /* 934 * A true implementation should use random selection process to get 935 * the initial stream sequence number, using RFC1750 as a good 936 * guideline 937 */ 938 u_long x, *xp; 939 uint8_t *p; 940 941 if (m->initial_sequence_debug != 0) { 942 uint32_t ret; 943 944 ret = m->initial_sequence_debug; 945 m->initial_sequence_debug++; 946 return (ret); 947 } 948 if ((m->store_at + sizeof(u_long)) > SCTP_SIGNATURE_SIZE) { 949 /* Refill the random store */ 950 sctp_fill_random_store(m); 951 } 952 p = &m->random_store[(int)m->store_at]; 953 xp = (u_long *)p; 954 x = *xp; 955 m->store_at += sizeof(u_long); 956 return (x); 957 } 958 959 uint32_t 960 sctp_select_a_tag(struct sctp_inpcb *m) 961 { 962 u_long x, not_done; 963 struct timeval now; 964 965 SCTP_GETTIME_TIMEVAL(&now); 966 not_done = 1; 967 while (not_done) { 968 x = sctp_select_initial_TSN(&m->sctp_ep); 969 if (x == 0) { 970 /* we never use 0 */ 971 continue; 972 } 973 if (sctp_is_vtag_good(m, x, &now)) { 974 not_done = 0; 975 } 976 } 977 return (x); 978 } 979 980 981 int 982 sctp_init_asoc(struct sctp_inpcb *m, struct sctp_association *asoc, 983 int for_a_init, uint32_t override_tag) 984 { 985 /* 986 * Anything set to zero is taken care of by the allocation routine's 987 * bzero 988 */ 989 990 /* 991 * Up front select what scoping to apply on addresses I tell my peer 992 * Not sure what to do with these right now, we will need to come up 993 * with a way to set them. We may need to pass them through from the 994 * caller in the sctp_aloc_assoc() function. 995 */ 996 int i; 997 998 /* init all variables to a known value. */ 999 asoc->state = SCTP_STATE_INUSE; 1000 asoc->max_burst = m->sctp_ep.max_burst; 1001 asoc->heart_beat_delay = TICKS_TO_MSEC(m->sctp_ep.sctp_timeoutticks[SCTP_TIMER_HEARTBEAT]); 1002 asoc->cookie_life = m->sctp_ep.def_cookie_life; 1003 asoc->sctp_cmt_on_off = (uint8_t) sctp_cmt_on_off; 1004 #ifdef AF_INET 1005 asoc->default_tos = m->ip_inp.inp.inp_ip_tos; 1006 #else 1007 asoc->default_tos = 0; 1008 #endif 1009 1010 #ifdef AF_INET6 1011 asoc->default_flowlabel = ((struct in6pcb *)m)->in6p_flowinfo; 1012 #else 1013 asoc->default_flowlabel = 0; 1014 #endif 1015 if (override_tag) { 1016 struct timeval now; 1017 1018 if (sctp_is_vtag_good(m, override_tag, &now)) { 1019 asoc->my_vtag = override_tag; 1020 } else { 1021 return (ENOMEM); 1022 } 1023 1024 } else { 1025 asoc->my_vtag = sctp_select_a_tag(m); 1026 } 1027 /* Get the nonce tags */ 1028 asoc->my_vtag_nonce = sctp_select_a_tag(m); 1029 asoc->peer_vtag_nonce = sctp_select_a_tag(m); 1030 1031 if (sctp_is_feature_on(m, SCTP_PCB_FLAGS_DONOT_HEARTBEAT)) 1032 asoc->hb_is_disabled = 1; 1033 else 1034 asoc->hb_is_disabled = 0; 1035 1036 asoc->refcnt = 0; 1037 asoc->assoc_up_sent = 0; 1038 asoc->assoc_id = asoc->my_vtag; 1039 asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number = asoc->sending_seq = 1040 sctp_select_initial_TSN(&m->sctp_ep); 1041 /* we are optimisitic here */ 1042 asoc->peer_supports_pktdrop = 1; 1043 1044 asoc->sent_queue_retran_cnt = 0; 1045 1046 /* for CMT */ 1047 asoc->last_net_data_came_from = NULL; 1048 1049 /* This will need to be adjusted */ 1050 asoc->last_cwr_tsn = asoc->init_seq_number - 1; 1051 asoc->last_acked_seq = asoc->init_seq_number - 1; 1052 asoc->advanced_peer_ack_point = asoc->last_acked_seq; 1053 asoc->asconf_seq_in = asoc->last_acked_seq; 1054 1055 /* here we are different, we hold the next one we expect */ 1056 asoc->str_reset_seq_in = asoc->last_acked_seq + 1; 1057 1058 asoc->initial_init_rto_max = m->sctp_ep.initial_init_rto_max; 1059 asoc->initial_rto = m->sctp_ep.initial_rto; 1060 1061 asoc->max_init_times = m->sctp_ep.max_init_times; 1062 asoc->max_send_times = m->sctp_ep.max_send_times; 1063 asoc->def_net_failure = m->sctp_ep.def_net_failure; 1064 asoc->free_chunk_cnt = 0; 1065 1066 asoc->iam_blocking = 0; 1067 /* ECN Nonce initialization */ 1068 asoc->context = m->sctp_context; 1069 asoc->def_send = m->def_send; 1070 asoc->ecn_nonce_allowed = 0; 1071 asoc->receiver_nonce_sum = 1; 1072 asoc->nonce_sum_expect_base = 1; 1073 asoc->nonce_sum_check = 1; 1074 asoc->nonce_resync_tsn = 0; 1075 asoc->nonce_wait_for_ecne = 0; 1076 asoc->nonce_wait_tsn = 0; 1077 asoc->delayed_ack = TICKS_TO_MSEC(m->sctp_ep.sctp_timeoutticks[SCTP_TIMER_RECV]); 1078 asoc->pr_sctp_cnt = 0; 1079 asoc->total_output_queue_size = 0; 1080 1081 if (m->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 1082 struct in6pcb *inp6; 1083 1084 1085 /* Its a V6 socket */ 1086 inp6 = (struct in6pcb *)m; 1087 asoc->ipv6_addr_legal = 1; 1088 /* Now look at the binding flag to see if V4 will be legal */ 1089 if ( 1090 (inp6->inp_flags & IN6P_IPV6_V6ONLY) 1091 == 0) { 1092 asoc->ipv4_addr_legal = 1; 1093 } else { 1094 /* V4 addresses are NOT legal on the association */ 1095 asoc->ipv4_addr_legal = 0; 1096 } 1097 } else { 1098 /* Its a V4 socket, no - V6 */ 1099 asoc->ipv4_addr_legal = 1; 1100 asoc->ipv6_addr_legal = 0; 1101 } 1102 1103 1104 asoc->my_rwnd = max(m->sctp_socket->so_rcv.sb_hiwat, SCTP_MINIMAL_RWND); 1105 asoc->peers_rwnd = m->sctp_socket->so_rcv.sb_hiwat; 1106 1107 asoc->smallest_mtu = m->sctp_frag_point; 1108 asoc->minrto = m->sctp_ep.sctp_minrto; 1109 asoc->maxrto = m->sctp_ep.sctp_maxrto; 1110 1111 asoc->locked_on_sending = NULL; 1112 asoc->stream_locked_on = 0; 1113 asoc->ecn_echo_cnt_onq = 0; 1114 asoc->stream_locked = 0; 1115 1116 LIST_INIT(&asoc->sctp_local_addr_list); 1117 TAILQ_INIT(&asoc->nets); 1118 TAILQ_INIT(&asoc->pending_reply_queue); 1119 asoc->last_asconf_ack_sent = NULL; 1120 /* Setup to fill the hb random cache at first HB */ 1121 asoc->hb_random_idx = 4; 1122 1123 asoc->sctp_autoclose_ticks = m->sctp_ep.auto_close_time; 1124 1125 /* 1126 * Now the stream parameters, here we allocate space for all streams 1127 * that we request by default. 1128 */ 1129 asoc->streamoutcnt = asoc->pre_open_streams = 1130 m->sctp_ep.pre_open_stream_count; 1131 SCTP_MALLOC(asoc->strmout, struct sctp_stream_out *, 1132 asoc->streamoutcnt * sizeof(struct sctp_stream_out), 1133 "StreamsOut"); 1134 if (asoc->strmout == NULL) { 1135 /* big trouble no memory */ 1136 return (ENOMEM); 1137 } 1138 for (i = 0; i < asoc->streamoutcnt; i++) { 1139 /* 1140 * inbound side must be set to 0xffff, also NOTE when we get 1141 * the INIT-ACK back (for INIT sender) we MUST reduce the 1142 * count (streamoutcnt) but first check if we sent to any of 1143 * the upper streams that were dropped (if some were). Those 1144 * that were dropped must be notified to the upper layer as 1145 * failed to send. 1146 */ 1147 asoc->strmout[i].next_sequence_sent = 0x0; 1148 TAILQ_INIT(&asoc->strmout[i].outqueue); 1149 asoc->strmout[i].stream_no = i; 1150 asoc->strmout[i].last_msg_incomplete = 0; 1151 asoc->strmout[i].next_spoke.tqe_next = 0; 1152 asoc->strmout[i].next_spoke.tqe_prev = 0; 1153 } 1154 /* Now the mapping array */ 1155 asoc->mapping_array_size = SCTP_INITIAL_MAPPING_ARRAY; 1156 SCTP_MALLOC(asoc->mapping_array, uint8_t *, asoc->mapping_array_size, 1157 "MappingArray"); 1158 if (asoc->mapping_array == NULL) { 1159 SCTP_FREE(asoc->strmout); 1160 return (ENOMEM); 1161 } 1162 memset(asoc->mapping_array, 0, asoc->mapping_array_size); 1163 /* Now the init of the other outqueues */ 1164 TAILQ_INIT(&asoc->free_chunks); 1165 TAILQ_INIT(&asoc->free_strmoq); 1166 TAILQ_INIT(&asoc->out_wheel); 1167 TAILQ_INIT(&asoc->control_send_queue); 1168 TAILQ_INIT(&asoc->send_queue); 1169 TAILQ_INIT(&asoc->sent_queue); 1170 TAILQ_INIT(&asoc->reasmqueue); 1171 TAILQ_INIT(&asoc->resetHead); 1172 asoc->max_inbound_streams = m->sctp_ep.max_open_streams_intome; 1173 TAILQ_INIT(&asoc->asconf_queue); 1174 /* authentication fields */ 1175 asoc->authinfo.random = NULL; 1176 asoc->authinfo.assoc_key = NULL; 1177 asoc->authinfo.assoc_keyid = 0; 1178 asoc->authinfo.recv_key = NULL; 1179 asoc->authinfo.recv_keyid = 0; 1180 LIST_INIT(&asoc->shared_keys); 1181 1182 return (0); 1183 } 1184 1185 int 1186 sctp_expand_mapping_array(struct sctp_association *asoc) 1187 { 1188 /* mapping array needs to grow */ 1189 uint8_t *new_array; 1190 uint16_t new_size; 1191 1192 new_size = asoc->mapping_array_size + SCTP_MAPPING_ARRAY_INCR; 1193 SCTP_MALLOC(new_array, uint8_t *, new_size, "MappingArray"); 1194 if (new_array == NULL) { 1195 /* can't get more, forget it */ 1196 printf("No memory for expansion of SCTP mapping array %d\n", 1197 new_size); 1198 return (-1); 1199 } 1200 memset(new_array, 0, new_size); 1201 memcpy(new_array, asoc->mapping_array, asoc->mapping_array_size); 1202 SCTP_FREE(asoc->mapping_array); 1203 asoc->mapping_array = new_array; 1204 asoc->mapping_array_size = new_size; 1205 return (0); 1206 } 1207 1208 extern unsigned int sctp_early_fr_msec; 1209 1210 static void 1211 sctp_handle_addr_wq(void) 1212 { 1213 /* deal with the ADDR wq from the rtsock calls */ 1214 struct sctp_laddr *wi; 1215 1216 SCTP_IPI_ADDR_LOCK(); 1217 wi = LIST_FIRST(&sctppcbinfo.addr_wq); 1218 if (wi == NULL) { 1219 SCTP_IPI_ADDR_UNLOCK(); 1220 return; 1221 } 1222 LIST_REMOVE(wi, sctp_nxt_addr); 1223 if (!LIST_EMPTY(&sctppcbinfo.addr_wq)) { 1224 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 1225 (struct sctp_inpcb *)NULL, 1226 (struct sctp_tcb *)NULL, 1227 (struct sctp_nets *)NULL); 1228 } 1229 SCTP_IPI_ADDR_UNLOCK(); 1230 if (wi->action == RTM_ADD) { 1231 sctp_add_ip_address(wi->ifa); 1232 } else if (wi->action == RTM_DELETE) { 1233 sctp_delete_ip_address(wi->ifa); 1234 } 1235 IFAFREE(wi->ifa); 1236 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_laddr, wi); 1237 SCTP_DECR_LADDR_COUNT(); 1238 } 1239 1240 void 1241 sctp_timeout_handler(void *t) 1242 { 1243 struct sctp_inpcb *inp; 1244 struct sctp_tcb *stcb; 1245 struct sctp_nets *net; 1246 struct sctp_timer *tmr; 1247 int s, did_output; 1248 struct sctp_iterator *it = NULL; 1249 1250 1251 s = splnet(); 1252 tmr = (struct sctp_timer *)t; 1253 inp = (struct sctp_inpcb *)tmr->ep; 1254 stcb = (struct sctp_tcb *)tmr->tcb; 1255 net = (struct sctp_nets *)tmr->net; 1256 did_output = 1; 1257 1258 #ifdef SCTP_AUDITING_ENABLED 1259 sctp_audit_log(0xF0, (uint8_t) tmr->type); 1260 sctp_auditing(3, inp, stcb, net); 1261 #endif 1262 1263 /* sanity checks... */ 1264 if (tmr->self != (void *)tmr) { 1265 /* 1266 * printf("Stale SCTP timer fired (%p), ignoring...\n", 1267 * tmr); 1268 */ 1269 splx(s); 1270 return; 1271 } 1272 tmr->stopped_from = 0xa001; 1273 if (!SCTP_IS_TIMER_TYPE_VALID(tmr->type)) { 1274 /* 1275 * printf("SCTP timer fired with invalid type: 0x%x\n", 1276 * tmr->type); 1277 */ 1278 splx(s); 1279 return; 1280 } 1281 tmr->stopped_from = 0xa002; 1282 if ((tmr->type != SCTP_TIMER_TYPE_ADDR_WQ) && (inp == NULL)) { 1283 splx(s); 1284 return; 1285 } 1286 /* if this is an iterator timeout, get the struct and clear inp */ 1287 tmr->stopped_from = 0xa003; 1288 if (tmr->type == SCTP_TIMER_TYPE_ITERATOR) { 1289 it = (struct sctp_iterator *)inp; 1290 inp = NULL; 1291 } 1292 if (inp) { 1293 SCTP_INP_INCR_REF(inp); 1294 if ((inp->sctp_socket == 0) && 1295 ((tmr->type != SCTP_TIMER_TYPE_INPKILL) && 1296 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWN) && 1297 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNACK) && 1298 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNGUARD) && 1299 (tmr->type != SCTP_TIMER_TYPE_ASOCKILL)) 1300 ) { 1301 splx(s); 1302 SCTP_INP_DECR_REF(inp); 1303 return; 1304 } 1305 } 1306 tmr->stopped_from = 0xa004; 1307 if (stcb) { 1308 if (stcb->asoc.state == 0) { 1309 splx(s); 1310 if (inp) { 1311 SCTP_INP_DECR_REF(inp); 1312 } 1313 return; 1314 } 1315 } 1316 tmr->stopped_from = 0xa005; 1317 #ifdef SCTP_DEBUG 1318 if (sctp_debug_on & SCTP_DEBUG_TIMER1) { 1319 printf("Timer type %d goes off\n", tmr->type); 1320 } 1321 #endif /* SCTP_DEBUG */ 1322 if (!callout_active(&tmr->timer)) { 1323 splx(s); 1324 if (inp) { 1325 SCTP_INP_DECR_REF(inp); 1326 } 1327 return; 1328 } 1329 tmr->stopped_from = 0xa006; 1330 /* record in stopped what t-o occured */ 1331 tmr->stopped_from = tmr->type; 1332 1333 if (stcb) { 1334 atomic_add_int(&stcb->asoc.refcnt, 1); 1335 SCTP_TCB_LOCK(stcb); 1336 atomic_add_int(&stcb->asoc.refcnt, -1); 1337 } 1338 /* mark as being serviced now */ 1339 callout_deactivate(&tmr->timer); 1340 1341 /* call the handler for the appropriate timer type */ 1342 switch (tmr->type) { 1343 case SCTP_TIMER_TYPE_ADDR_WQ: 1344 sctp_handle_addr_wq(); 1345 break; 1346 case SCTP_TIMER_TYPE_ITERATOR: 1347 SCTP_STAT_INCR(sctps_timoiterator); 1348 sctp_iterator_timer(it); 1349 break; 1350 case SCTP_TIMER_TYPE_SEND: 1351 SCTP_STAT_INCR(sctps_timodata); 1352 stcb->asoc.num_send_timers_up--; 1353 if (stcb->asoc.num_send_timers_up < 0) { 1354 stcb->asoc.num_send_timers_up = 0; 1355 } 1356 if (sctp_t3rxt_timer(inp, stcb, net)) { 1357 /* no need to unlock on tcb its gone */ 1358 1359 goto out_decr; 1360 } 1361 #ifdef SCTP_AUDITING_ENABLED 1362 sctp_auditing(4, inp, stcb, net); 1363 #endif 1364 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3); 1365 if ((stcb->asoc.num_send_timers_up == 0) && 1366 (stcb->asoc.sent_queue_cnt > 0) 1367 ) { 1368 struct sctp_tmit_chunk *chk; 1369 1370 /* 1371 * safeguard. If there on some on the sent queue 1372 * somewhere but no timers running something is 1373 * wrong... so we start a timer on the first chunk 1374 * on the send queue on whatever net it is sent to. 1375 */ 1376 chk = TAILQ_FIRST(&stcb->asoc.sent_queue); 1377 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, 1378 chk->whoTo); 1379 } 1380 break; 1381 case SCTP_TIMER_TYPE_INIT: 1382 SCTP_STAT_INCR(sctps_timoinit); 1383 if (sctp_t1init_timer(inp, stcb, net)) { 1384 /* no need to unlock on tcb its gone */ 1385 goto out_decr; 1386 } 1387 /* We do output but not here */ 1388 did_output = 0; 1389 break; 1390 case SCTP_TIMER_TYPE_RECV: 1391 SCTP_STAT_INCR(sctps_timosack); 1392 sctp_send_sack(stcb); 1393 #ifdef SCTP_AUDITING_ENABLED 1394 sctp_auditing(4, inp, stcb, net); 1395 #endif 1396 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SACK_TMR); 1397 break; 1398 case SCTP_TIMER_TYPE_SHUTDOWN: 1399 if (sctp_shutdown_timer(inp, stcb, net)) { 1400 /* no need to unlock on tcb its gone */ 1401 goto out_decr; 1402 } 1403 SCTP_STAT_INCR(sctps_timoshutdown); 1404 #ifdef SCTP_AUDITING_ENABLED 1405 sctp_auditing(4, inp, stcb, net); 1406 #endif 1407 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_TMR); 1408 break; 1409 case SCTP_TIMER_TYPE_HEARTBEAT: 1410 { 1411 struct sctp_nets *net; 1412 int cnt_of_unconf = 0; 1413 1414 SCTP_STAT_INCR(sctps_timoheartbeat); 1415 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1416 if ((net->dest_state & SCTP_ADDR_UNCONFIRMED) && 1417 (net->dest_state & SCTP_ADDR_REACHABLE)) { 1418 cnt_of_unconf++; 1419 } 1420 } 1421 if (cnt_of_unconf == 0) { 1422 if (sctp_heartbeat_timer(inp, stcb, net, cnt_of_unconf)) { 1423 /* no need to unlock on tcb its gone */ 1424 goto out_decr; 1425 } 1426 } 1427 #ifdef SCTP_AUDITING_ENABLED 1428 sctp_auditing(4, inp, stcb, net); 1429 #endif 1430 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, 1431 stcb, net); 1432 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_HB_TMR); 1433 } 1434 break; 1435 case SCTP_TIMER_TYPE_COOKIE: 1436 if (sctp_cookie_timer(inp, stcb, net)) { 1437 /* no need to unlock on tcb its gone */ 1438 goto out_decr; 1439 } 1440 SCTP_STAT_INCR(sctps_timocookie); 1441 #ifdef SCTP_AUDITING_ENABLED 1442 sctp_auditing(4, inp, stcb, net); 1443 #endif 1444 /* 1445 * We consider T3 and Cookie timer pretty much the same with 1446 * respect to where from in chunk_output. 1447 */ 1448 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3); 1449 break; 1450 case SCTP_TIMER_TYPE_NEWCOOKIE: 1451 { 1452 struct timeval tv; 1453 int i, secret; 1454 1455 SCTP_STAT_INCR(sctps_timosecret); 1456 SCTP_GETTIME_TIMEVAL(&tv); 1457 SCTP_INP_WLOCK(inp); 1458 inp->sctp_ep.time_of_secret_change = tv.tv_sec; 1459 inp->sctp_ep.last_secret_number = 1460 inp->sctp_ep.current_secret_number; 1461 inp->sctp_ep.current_secret_number++; 1462 if (inp->sctp_ep.current_secret_number >= 1463 SCTP_HOW_MANY_SECRETS) { 1464 inp->sctp_ep.current_secret_number = 0; 1465 } 1466 secret = (int)inp->sctp_ep.current_secret_number; 1467 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) { 1468 inp->sctp_ep.secret_key[secret][i] = 1469 sctp_select_initial_TSN(&inp->sctp_ep); 1470 } 1471 SCTP_INP_WUNLOCK(inp); 1472 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, stcb, net); 1473 } 1474 did_output = 0; 1475 break; 1476 case SCTP_TIMER_TYPE_PATHMTURAISE: 1477 SCTP_STAT_INCR(sctps_timopathmtu); 1478 sctp_pathmtu_timer(inp, stcb, net); 1479 did_output = 0; 1480 break; 1481 case SCTP_TIMER_TYPE_SHUTDOWNACK: 1482 if (sctp_shutdownack_timer(inp, stcb, net)) { 1483 /* no need to unlock on tcb its gone */ 1484 goto out_decr; 1485 } 1486 SCTP_STAT_INCR(sctps_timoshutdownack); 1487 #ifdef SCTP_AUDITING_ENABLED 1488 sctp_auditing(4, inp, stcb, net); 1489 #endif 1490 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_ACK_TMR); 1491 break; 1492 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 1493 SCTP_STAT_INCR(sctps_timoshutdownguard); 1494 sctp_abort_an_association(inp, stcb, 1495 SCTP_SHUTDOWN_GUARD_EXPIRES, NULL); 1496 /* no need to unlock on tcb its gone */ 1497 goto out_decr; 1498 break; 1499 1500 case SCTP_TIMER_TYPE_STRRESET: 1501 if (sctp_strreset_timer(inp, stcb, net)) { 1502 /* no need to unlock on tcb its gone */ 1503 goto out_decr; 1504 } 1505 SCTP_STAT_INCR(sctps_timostrmrst); 1506 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_STRRST_TMR); 1507 break; 1508 case SCTP_TIMER_TYPE_EARLYFR: 1509 /* Need to do FR of things for net */ 1510 SCTP_STAT_INCR(sctps_timoearlyfr); 1511 sctp_early_fr_timer(inp, stcb, net); 1512 break; 1513 case SCTP_TIMER_TYPE_ASCONF: 1514 if (sctp_asconf_timer(inp, stcb, net)) { 1515 /* no need to unlock on tcb its gone */ 1516 goto out_decr; 1517 } 1518 SCTP_STAT_INCR(sctps_timoasconf); 1519 #ifdef SCTP_AUDITING_ENABLED 1520 sctp_auditing(4, inp, stcb, net); 1521 #endif 1522 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_ASCONF_TMR); 1523 break; 1524 1525 case SCTP_TIMER_TYPE_AUTOCLOSE: 1526 SCTP_STAT_INCR(sctps_timoautoclose); 1527 sctp_autoclose_timer(inp, stcb, net); 1528 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR); 1529 did_output = 0; 1530 break; 1531 case SCTP_TIMER_TYPE_ASOCKILL: 1532 SCTP_STAT_INCR(sctps_timoassockill); 1533 /* Can we free it yet? */ 1534 SCTP_INP_DECR_REF(inp); 1535 sctp_timer_stop(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL, SCTP_FROM_SCTPUTIL + SCTP_LOC_1); 1536 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTPUTIL + SCTP_LOC_2); 1537 /* 1538 * free asoc, always unlocks (or destroy's) so prevent 1539 * duplicate unlock or unlock of a free mtx :-0 1540 */ 1541 stcb = NULL; 1542 goto out_no_decr; 1543 break; 1544 case SCTP_TIMER_TYPE_INPKILL: 1545 SCTP_STAT_INCR(sctps_timoinpkill); 1546 /* 1547 * special case, take away our increment since WE are the 1548 * killer 1549 */ 1550 SCTP_INP_DECR_REF(inp); 1551 sctp_timer_stop(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL, SCTP_FROM_SCTPUTIL + SCTP_LOC_3); 1552 sctp_inpcb_free(inp, 1, 0); 1553 goto out_no_decr; 1554 break; 1555 default: 1556 #ifdef SCTP_DEBUG 1557 if (sctp_debug_on & SCTP_DEBUG_TIMER1) { 1558 printf("sctp_timeout_handler:unknown timer %d\n", 1559 tmr->type); 1560 } 1561 #endif /* SCTP_DEBUG */ 1562 break; 1563 }; 1564 #ifdef SCTP_AUDITING_ENABLED 1565 sctp_audit_log(0xF1, (uint8_t) tmr->type); 1566 if (inp) 1567 sctp_auditing(5, inp, stcb, net); 1568 #endif 1569 if ((did_output) && stcb) { 1570 /* 1571 * Now we need to clean up the control chunk chain if an 1572 * ECNE is on it. It must be marked as UNSENT again so next 1573 * call will continue to send it until such time that we get 1574 * a CWR, to remove it. It is, however, less likely that we 1575 * will find a ecn echo on the chain though. 1576 */ 1577 sctp_fix_ecn_echo(&stcb->asoc); 1578 } 1579 if (stcb) { 1580 SCTP_TCB_UNLOCK(stcb); 1581 } 1582 out_decr: 1583 if (inp) { 1584 SCTP_INP_DECR_REF(inp); 1585 } 1586 out_no_decr: 1587 1588 #ifdef SCTP_DEBUG 1589 if (sctp_debug_on & SCTP_DEBUG_TIMER1) { 1590 printf("Timer now complete (type %d)\n", tmr->type); 1591 } 1592 #endif /* SCTP_DEBUG */ 1593 splx(s); 1594 if (inp) { 1595 } 1596 } 1597 1598 int 1599 sctp_timer_start(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 1600 struct sctp_nets *net) 1601 { 1602 int to_ticks; 1603 struct sctp_timer *tmr; 1604 1605 1606 if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && 1607 (inp == NULL)) 1608 return (EFAULT); 1609 1610 to_ticks = 0; 1611 1612 tmr = NULL; 1613 if (stcb) { 1614 SCTP_TCB_LOCK_ASSERT(stcb); 1615 } 1616 switch (t_type) { 1617 case SCTP_TIMER_TYPE_ADDR_WQ: 1618 /* Only 1 tick away :-) */ 1619 tmr = &sctppcbinfo.addr_wq_timer; 1620 to_ticks = 1; 1621 break; 1622 case SCTP_TIMER_TYPE_ITERATOR: 1623 { 1624 struct sctp_iterator *it; 1625 1626 it = (struct sctp_iterator *)inp; 1627 tmr = &it->tmr; 1628 to_ticks = SCTP_ITERATOR_TICKS; 1629 } 1630 break; 1631 case SCTP_TIMER_TYPE_SEND: 1632 /* Here we use the RTO timer */ 1633 { 1634 int rto_val; 1635 1636 if ((stcb == NULL) || (net == NULL)) { 1637 return (EFAULT); 1638 } 1639 tmr = &net->rxt_timer; 1640 if (net->RTO == 0) { 1641 rto_val = stcb->asoc.initial_rto; 1642 } else { 1643 rto_val = net->RTO; 1644 } 1645 to_ticks = MSEC_TO_TICKS(rto_val); 1646 } 1647 break; 1648 case SCTP_TIMER_TYPE_INIT: 1649 /* 1650 * Here we use the INIT timer default usually about 1 1651 * minute. 1652 */ 1653 if ((stcb == NULL) || (net == NULL)) { 1654 return (EFAULT); 1655 } 1656 tmr = &net->rxt_timer; 1657 if (net->RTO == 0) { 1658 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 1659 } else { 1660 to_ticks = MSEC_TO_TICKS(net->RTO); 1661 } 1662 break; 1663 case SCTP_TIMER_TYPE_RECV: 1664 /* 1665 * Here we use the Delayed-Ack timer value from the inp 1666 * ususually about 200ms. 1667 */ 1668 if (stcb == NULL) { 1669 return (EFAULT); 1670 } 1671 tmr = &stcb->asoc.dack_timer; 1672 to_ticks = MSEC_TO_TICKS(stcb->asoc.delayed_ack); 1673 break; 1674 case SCTP_TIMER_TYPE_SHUTDOWN: 1675 /* Here we use the RTO of the destination. */ 1676 if ((stcb == NULL) || (net == NULL)) { 1677 return (EFAULT); 1678 } 1679 if (net->RTO == 0) { 1680 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 1681 } else { 1682 to_ticks = MSEC_TO_TICKS(net->RTO); 1683 } 1684 tmr = &net->rxt_timer; 1685 break; 1686 case SCTP_TIMER_TYPE_HEARTBEAT: 1687 /* 1688 * the net is used here so that we can add in the RTO. Even 1689 * though we use a different timer. We also add the HB timer 1690 * PLUS a random jitter. 1691 */ 1692 if (stcb == NULL) { 1693 return (EFAULT); 1694 } { 1695 uint32_t rndval; 1696 uint8_t this_random; 1697 int cnt_of_unconf = 0; 1698 struct sctp_nets *lnet; 1699 1700 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 1701 if ((lnet->dest_state & SCTP_ADDR_UNCONFIRMED) && 1702 (lnet->dest_state & SCTP_ADDR_REACHABLE)) { 1703 cnt_of_unconf++; 1704 } 1705 } 1706 if (cnt_of_unconf) { 1707 lnet = NULL; 1708 sctp_heartbeat_timer(inp, stcb, lnet, cnt_of_unconf); 1709 } 1710 if (stcb->asoc.hb_random_idx > 3) { 1711 rndval = sctp_select_initial_TSN(&inp->sctp_ep); 1712 memcpy(stcb->asoc.hb_random_values, &rndval, 1713 sizeof(stcb->asoc.hb_random_values)); 1714 this_random = stcb->asoc.hb_random_values[0]; 1715 stcb->asoc.hb_random_idx = 0; 1716 stcb->asoc.hb_ect_randombit = 0; 1717 } else { 1718 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx]; 1719 stcb->asoc.hb_random_idx++; 1720 stcb->asoc.hb_ect_randombit = 0; 1721 } 1722 /* 1723 * this_random will be 0 - 256 ms RTO is in ms. 1724 */ 1725 if ((stcb->asoc.hb_is_disabled) && 1726 (cnt_of_unconf == 0)) { 1727 return (0); 1728 } 1729 if (net) { 1730 struct sctp_nets *lnet; 1731 int delay; 1732 1733 delay = stcb->asoc.heart_beat_delay; 1734 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 1735 if ((lnet->dest_state & SCTP_ADDR_UNCONFIRMED) && 1736 ((lnet->dest_state & SCTP_ADDR_OUT_OF_SCOPE) == 0) && 1737 (lnet->dest_state & SCTP_ADDR_REACHABLE)) { 1738 delay = 0; 1739 } 1740 } 1741 if (net->RTO == 0) { 1742 /* Never been checked */ 1743 to_ticks = this_random + stcb->asoc.initial_rto + delay; 1744 } else { 1745 /* set rto_val to the ms */ 1746 to_ticks = delay + net->RTO + this_random; 1747 } 1748 } else { 1749 if (cnt_of_unconf) { 1750 to_ticks = this_random + stcb->asoc.initial_rto; 1751 } else { 1752 to_ticks = stcb->asoc.heart_beat_delay + this_random + stcb->asoc.initial_rto; 1753 } 1754 } 1755 /* 1756 * Now we must convert the to_ticks that are now in 1757 * ms to ticks. 1758 */ 1759 to_ticks = MSEC_TO_TICKS(to_ticks); 1760 tmr = &stcb->asoc.hb_timer; 1761 } 1762 break; 1763 case SCTP_TIMER_TYPE_COOKIE: 1764 /* 1765 * Here we can use the RTO timer from the network since one 1766 * RTT was compelete. If a retran happened then we will be 1767 * using the RTO initial value. 1768 */ 1769 if ((stcb == NULL) || (net == NULL)) { 1770 return (EFAULT); 1771 } 1772 if (net->RTO == 0) { 1773 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 1774 } else { 1775 to_ticks = MSEC_TO_TICKS(net->RTO); 1776 } 1777 tmr = &net->rxt_timer; 1778 break; 1779 case SCTP_TIMER_TYPE_NEWCOOKIE: 1780 /* 1781 * nothing needed but the endpoint here ususually about 60 1782 * minutes. 1783 */ 1784 tmr = &inp->sctp_ep.signature_change; 1785 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_SIGNATURE]; 1786 break; 1787 case SCTP_TIMER_TYPE_ASOCKILL: 1788 if (stcb == NULL) { 1789 return (EFAULT); 1790 } 1791 tmr = &stcb->asoc.strreset_timer; 1792 to_ticks = MSEC_TO_TICKS(SCTP_ASOC_KILL_TIMEOUT); 1793 break; 1794 case SCTP_TIMER_TYPE_INPKILL: 1795 /* 1796 * The inp is setup to die. We re-use the signature_chage 1797 * timer since that has stopped and we are in the GONE 1798 * state. 1799 */ 1800 tmr = &inp->sctp_ep.signature_change; 1801 to_ticks = MSEC_TO_TICKS(SCTP_INP_KILL_TIMEOUT); 1802 break; 1803 case SCTP_TIMER_TYPE_PATHMTURAISE: 1804 /* 1805 * Here we use the value found in the EP for PMTU ususually 1806 * about 10 minutes. 1807 */ 1808 if (stcb == NULL) { 1809 return (EFAULT); 1810 } 1811 if (net == NULL) { 1812 return (EFAULT); 1813 } 1814 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_PMTU]; 1815 tmr = &net->pmtu_timer; 1816 break; 1817 case SCTP_TIMER_TYPE_SHUTDOWNACK: 1818 /* Here we use the RTO of the destination */ 1819 if ((stcb == NULL) || (net == NULL)) { 1820 return (EFAULT); 1821 } 1822 if (net->RTO == 0) { 1823 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 1824 } else { 1825 to_ticks = MSEC_TO_TICKS(net->RTO); 1826 } 1827 tmr = &net->rxt_timer; 1828 break; 1829 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 1830 /* 1831 * Here we use the endpoints shutdown guard timer usually 1832 * about 3 minutes. 1833 */ 1834 if (stcb == NULL) { 1835 return (EFAULT); 1836 } 1837 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN]; 1838 tmr = &stcb->asoc.shut_guard_timer; 1839 break; 1840 case SCTP_TIMER_TYPE_STRRESET: 1841 /* 1842 * Here the timer comes from the inp but its value is from 1843 * the RTO. 1844 */ 1845 if ((stcb == NULL) || (net == NULL)) { 1846 return (EFAULT); 1847 } 1848 if (net->RTO == 0) { 1849 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 1850 } else { 1851 to_ticks = MSEC_TO_TICKS(net->RTO); 1852 } 1853 tmr = &stcb->asoc.strreset_timer; 1854 break; 1855 1856 case SCTP_TIMER_TYPE_EARLYFR: 1857 { 1858 unsigned int msec; 1859 1860 if ((stcb == NULL) || (net == NULL)) { 1861 return (EFAULT); 1862 } 1863 if (net->flight_size > net->cwnd) { 1864 /* no need to start */ 1865 return (0); 1866 } 1867 SCTP_STAT_INCR(sctps_earlyfrstart); 1868 if (net->lastsa == 0) { 1869 /* Hmm no rtt estimate yet? */ 1870 msec = stcb->asoc.initial_rto >> 2; 1871 } else { 1872 msec = ((net->lastsa >> 2) + net->lastsv) >> 1; 1873 } 1874 if (msec < sctp_early_fr_msec) { 1875 msec = sctp_early_fr_msec; 1876 if (msec < SCTP_MINFR_MSEC_FLOOR) { 1877 msec = SCTP_MINFR_MSEC_FLOOR; 1878 } 1879 } 1880 to_ticks = MSEC_TO_TICKS(msec); 1881 tmr = &net->fr_timer; 1882 } 1883 break; 1884 case SCTP_TIMER_TYPE_ASCONF: 1885 /* 1886 * Here the timer comes from the inp but its value is from 1887 * the RTO. 1888 */ 1889 if ((stcb == NULL) || (net == NULL)) { 1890 return (EFAULT); 1891 } 1892 if (net->RTO == 0) { 1893 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 1894 } else { 1895 to_ticks = MSEC_TO_TICKS(net->RTO); 1896 } 1897 tmr = &stcb->asoc.asconf_timer; 1898 break; 1899 case SCTP_TIMER_TYPE_AUTOCLOSE: 1900 if (stcb == NULL) { 1901 return (EFAULT); 1902 } 1903 if (stcb->asoc.sctp_autoclose_ticks == 0) { 1904 /* 1905 * Really an error since stcb is NOT set to 1906 * autoclose 1907 */ 1908 return (0); 1909 } 1910 to_ticks = stcb->asoc.sctp_autoclose_ticks; 1911 tmr = &stcb->asoc.autoclose_timer; 1912 break; 1913 default: 1914 #ifdef SCTP_DEBUG 1915 if (sctp_debug_on & SCTP_DEBUG_TIMER1) { 1916 printf("sctp_timer_start:Unknown timer type %d\n", 1917 t_type); 1918 } 1919 #endif /* SCTP_DEBUG */ 1920 return (EFAULT); 1921 break; 1922 }; 1923 if ((to_ticks <= 0) || (tmr == NULL)) { 1924 #ifdef SCTP_DEBUG 1925 if (sctp_debug_on & SCTP_DEBUG_TIMER1) { 1926 printf("sctp_timer_start:%d:software error to_ticks:%d tmr:%p not set ??\n", 1927 t_type, to_ticks, tmr); 1928 } 1929 #endif /* SCTP_DEBUG */ 1930 return (EFAULT); 1931 } 1932 if (callout_pending(&tmr->timer)) { 1933 /* 1934 * we do NOT allow you to have it already running. if it is 1935 * we leave the current one up unchanged 1936 */ 1937 return (EALREADY); 1938 } 1939 /* At this point we can proceed */ 1940 if (t_type == SCTP_TIMER_TYPE_SEND) { 1941 stcb->asoc.num_send_timers_up++; 1942 } 1943 tmr->stopped_from = 0; 1944 tmr->type = t_type; 1945 tmr->ep = (void *)inp; 1946 tmr->tcb = (void *)stcb; 1947 tmr->net = (void *)net; 1948 tmr->self = (void *)tmr; 1949 tmr->ticks = ticks; 1950 callout_reset(&tmr->timer, to_ticks, sctp_timeout_handler, tmr); 1951 return (0); 1952 } 1953 1954 int 1955 sctp_timer_stop(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 1956 struct sctp_nets *net, uint32_t from) 1957 { 1958 struct sctp_timer *tmr; 1959 1960 if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && 1961 (inp == NULL)) 1962 return (EFAULT); 1963 1964 tmr = NULL; 1965 if (stcb) { 1966 SCTP_TCB_LOCK_ASSERT(stcb); 1967 } 1968 switch (t_type) { 1969 case SCTP_TIMER_TYPE_ADDR_WQ: 1970 tmr = &sctppcbinfo.addr_wq_timer; 1971 break; 1972 case SCTP_TIMER_TYPE_EARLYFR: 1973 if ((stcb == NULL) || (net == NULL)) { 1974 return (EFAULT); 1975 } 1976 tmr = &net->fr_timer; 1977 SCTP_STAT_INCR(sctps_earlyfrstop); 1978 break; 1979 case SCTP_TIMER_TYPE_ITERATOR: 1980 { 1981 struct sctp_iterator *it; 1982 1983 it = (struct sctp_iterator *)inp; 1984 tmr = &it->tmr; 1985 } 1986 break; 1987 case SCTP_TIMER_TYPE_SEND: 1988 if ((stcb == NULL) || (net == NULL)) { 1989 return (EFAULT); 1990 } 1991 tmr = &net->rxt_timer; 1992 break; 1993 case SCTP_TIMER_TYPE_INIT: 1994 if ((stcb == NULL) || (net == NULL)) { 1995 return (EFAULT); 1996 } 1997 tmr = &net->rxt_timer; 1998 break; 1999 case SCTP_TIMER_TYPE_RECV: 2000 if (stcb == NULL) { 2001 return (EFAULT); 2002 } 2003 tmr = &stcb->asoc.dack_timer; 2004 break; 2005 case SCTP_TIMER_TYPE_SHUTDOWN: 2006 if ((stcb == NULL) || (net == NULL)) { 2007 return (EFAULT); 2008 } 2009 tmr = &net->rxt_timer; 2010 break; 2011 case SCTP_TIMER_TYPE_HEARTBEAT: 2012 if (stcb == NULL) { 2013 return (EFAULT); 2014 } 2015 tmr = &stcb->asoc.hb_timer; 2016 break; 2017 case SCTP_TIMER_TYPE_COOKIE: 2018 if ((stcb == NULL) || (net == NULL)) { 2019 return (EFAULT); 2020 } 2021 tmr = &net->rxt_timer; 2022 break; 2023 case SCTP_TIMER_TYPE_NEWCOOKIE: 2024 /* nothing needed but the endpoint here */ 2025 tmr = &inp->sctp_ep.signature_change; 2026 /* 2027 * We re-use the newcookie timer for the INP kill timer. We 2028 * must assure that we do not kill it by accident. 2029 */ 2030 break; 2031 case SCTP_TIMER_TYPE_ASOCKILL: 2032 /* 2033 * Stop the asoc kill timer. 2034 */ 2035 if (stcb == NULL) { 2036 return (EFAULT); 2037 } 2038 tmr = &stcb->asoc.strreset_timer; 2039 break; 2040 2041 case SCTP_TIMER_TYPE_INPKILL: 2042 /* 2043 * The inp is setup to die. We re-use the signature_chage 2044 * timer since that has stopped and we are in the GONE 2045 * state. 2046 */ 2047 tmr = &inp->sctp_ep.signature_change; 2048 break; 2049 case SCTP_TIMER_TYPE_PATHMTURAISE: 2050 if ((stcb == NULL) || (net == NULL)) { 2051 return (EFAULT); 2052 } 2053 tmr = &net->pmtu_timer; 2054 break; 2055 case SCTP_TIMER_TYPE_SHUTDOWNACK: 2056 if ((stcb == NULL) || (net == NULL)) { 2057 return (EFAULT); 2058 } 2059 tmr = &net->rxt_timer; 2060 break; 2061 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 2062 if (stcb == NULL) { 2063 return (EFAULT); 2064 } 2065 tmr = &stcb->asoc.shut_guard_timer; 2066 break; 2067 case SCTP_TIMER_TYPE_STRRESET: 2068 if (stcb == NULL) { 2069 return (EFAULT); 2070 } 2071 tmr = &stcb->asoc.strreset_timer; 2072 break; 2073 case SCTP_TIMER_TYPE_ASCONF: 2074 if (stcb == NULL) { 2075 return (EFAULT); 2076 } 2077 tmr = &stcb->asoc.asconf_timer; 2078 break; 2079 case SCTP_TIMER_TYPE_AUTOCLOSE: 2080 if (stcb == NULL) { 2081 return (EFAULT); 2082 } 2083 tmr = &stcb->asoc.autoclose_timer; 2084 break; 2085 default: 2086 #ifdef SCTP_DEBUG 2087 if (sctp_debug_on & SCTP_DEBUG_TIMER1) { 2088 printf("sctp_timer_stop:Unknown timer type %d\n", 2089 t_type); 2090 } 2091 #endif /* SCTP_DEBUG */ 2092 break; 2093 }; 2094 if (tmr == NULL) { 2095 return (EFAULT); 2096 } 2097 if ((tmr->type != t_type) && tmr->type) { 2098 /* 2099 * Ok we have a timer that is under joint use. Cookie timer 2100 * per chance with the SEND timer. We therefore are NOT 2101 * running the timer that the caller wants stopped. So just 2102 * return. 2103 */ 2104 return (0); 2105 } 2106 if (t_type == SCTP_TIMER_TYPE_SEND) { 2107 stcb->asoc.num_send_timers_up--; 2108 if (stcb->asoc.num_send_timers_up < 0) { 2109 stcb->asoc.num_send_timers_up = 0; 2110 } 2111 } 2112 tmr->self = NULL; 2113 tmr->stopped_from = from; 2114 callout_stop(&tmr->timer); 2115 return (0); 2116 } 2117 2118 #ifdef SCTP_USE_ADLER32 2119 static uint32_t 2120 update_adler32(uint32_t adler, uint8_t * buf, int32_t len) 2121 { 2122 uint32_t s1 = adler & 0xffff; 2123 uint32_t s2 = (adler >> 16) & 0xffff; 2124 int n; 2125 2126 for (n = 0; n < len; n++, buf++) { 2127 /* s1 = (s1 + buf[n]) % BASE */ 2128 /* first we add */ 2129 s1 = (s1 + *buf); 2130 /* 2131 * now if we need to, we do a mod by subtracting. It seems a 2132 * bit faster since I really will only ever do one subtract 2133 * at the MOST, since buf[n] is a max of 255. 2134 */ 2135 if (s1 >= SCTP_ADLER32_BASE) { 2136 s1 -= SCTP_ADLER32_BASE; 2137 } 2138 /* s2 = (s2 + s1) % BASE */ 2139 /* first we add */ 2140 s2 = (s2 + s1); 2141 /* 2142 * again, it is more efficent (it seems) to subtract since 2143 * the most s2 will ever be is (BASE-1 + BASE-1) in the 2144 * worse case. This would then be (2 * BASE) - 2, which will 2145 * still only do one subtract. On Intel this is much better 2146 * to do this way and avoid the divide. Have not -pg'd on 2147 * sparc. 2148 */ 2149 if (s2 >= SCTP_ADLER32_BASE) { 2150 s2 -= SCTP_ADLER32_BASE; 2151 } 2152 } 2153 /* Return the adler32 of the bytes buf[0..len-1] */ 2154 return ((s2 << 16) + s1); 2155 } 2156 2157 #endif 2158 2159 2160 uint32_t 2161 sctp_calculate_len(struct mbuf *m) 2162 { 2163 uint32_t tlen = 0; 2164 struct mbuf *at; 2165 2166 at = m; 2167 while (at) { 2168 tlen += at->m_len; 2169 at = at->m_next; 2170 } 2171 return (tlen); 2172 } 2173 2174 #if defined(SCTP_WITH_NO_CSUM) 2175 2176 uint32_t 2177 sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset) 2178 { 2179 /* 2180 * given a mbuf chain with a packetheader offset by 'offset' 2181 * pointing at a sctphdr (with csum set to 0) go through the chain 2182 * of m_next's and calculate the SCTP checksum. This is currently 2183 * Adler32 but will change to CRC32x soon. Also has a side bonus 2184 * calculate the total length of the mbuf chain. Note: if offset is 2185 * greater than the total mbuf length, checksum=1, pktlen=0 is 2186 * returned (ie. no real error code) 2187 */ 2188 if (pktlen == NULL) 2189 return (0); 2190 *pktlen = sctp_calculate_len(m); 2191 return (0); 2192 } 2193 2194 #elif defined(SCTP_USE_INCHKSUM) 2195 2196 #include <machine/in_cksum.h> 2197 2198 uint32_t 2199 sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset) 2200 { 2201 /* 2202 * given a mbuf chain with a packetheader offset by 'offset' 2203 * pointing at a sctphdr (with csum set to 0) go through the chain 2204 * of m_next's and calculate the SCTP checksum. This is currently 2205 * Adler32 but will change to CRC32x soon. Also has a side bonus 2206 * calculate the total length of the mbuf chain. Note: if offset is 2207 * greater than the total mbuf length, checksum=1, pktlen=0 is 2208 * returned (ie. no real error code) 2209 */ 2210 int32_t tlen = 0; 2211 struct mbuf *at; 2212 uint32_t the_sum, retsum; 2213 2214 at = m; 2215 while (at) { 2216 tlen += at->m_len; 2217 at = at->m_next; 2218 } 2219 the_sum = (uint32_t) (in_cksum_skip(m, tlen, offset)); 2220 if (pktlen != NULL) 2221 *pktlen = (tlen - offset); 2222 retsum = htons(the_sum); 2223 return (the_sum); 2224 } 2225 2226 #else 2227 2228 uint32_t 2229 sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset) 2230 { 2231 /* 2232 * given a mbuf chain with a packetheader offset by 'offset' 2233 * pointing at a sctphdr (with csum set to 0) go through the chain 2234 * of m_next's and calculate the SCTP checksum. This is currently 2235 * Adler32 but will change to CRC32x soon. Also has a side bonus 2236 * calculate the total length of the mbuf chain. Note: if offset is 2237 * greater than the total mbuf length, checksum=1, pktlen=0 is 2238 * returned (ie. no real error code) 2239 */ 2240 int32_t tlen = 0; 2241 2242 #ifdef SCTP_USE_ADLER32 2243 uint32_t base = 1L; 2244 2245 #else 2246 uint32_t base = 0xffffffff; 2247 2248 #endif /* SCTP_USE_ADLER32 */ 2249 struct mbuf *at; 2250 2251 at = m; 2252 /* find the correct mbuf and offset into mbuf */ 2253 while ((at != NULL) && (offset > (uint32_t) at->m_len)) { 2254 offset -= at->m_len; /* update remaining offset left */ 2255 at = at->m_next; 2256 } 2257 while (at != NULL) { 2258 if ((at->m_len - offset) > 0) { 2259 #ifdef SCTP_USE_ADLER32 2260 base = update_adler32(base, 2261 (unsigned char *)(at->m_data + offset), 2262 (unsigned int)(at->m_len - offset)); 2263 #else 2264 if ((at->m_len - offset) < 4) { 2265 /* Use old method if less than 4 bytes */ 2266 base = old_update_crc32(base, 2267 (unsigned char *)(at->m_data + offset), 2268 (unsigned int)(at->m_len - offset)); 2269 } else { 2270 base = update_crc32(base, 2271 (unsigned char *)(at->m_data + offset), 2272 (unsigned int)(at->m_len - offset)); 2273 } 2274 #endif /* SCTP_USE_ADLER32 */ 2275 tlen += at->m_len - offset; 2276 /* we only offset once into the first mbuf */ 2277 } 2278 if (offset) { 2279 if (offset < at->m_len) 2280 offset = 0; 2281 else 2282 offset -= at->m_len; 2283 } 2284 at = at->m_next; 2285 } 2286 if (pktlen != NULL) { 2287 *pktlen = tlen; 2288 } 2289 #ifdef SCTP_USE_ADLER32 2290 /* Adler32 */ 2291 base = htonl(base); 2292 #else 2293 /* CRC-32c */ 2294 base = sctp_csum_finalize(base); 2295 #endif 2296 return (base); 2297 } 2298 2299 2300 #endif 2301 2302 void 2303 sctp_mtu_size_reset(struct sctp_inpcb *inp, 2304 struct sctp_association *asoc, u_long mtu) 2305 { 2306 /* 2307 * Reset the P-MTU size on this association, this involves changing 2308 * the asoc MTU, going through ANY chunk+overhead larger than mtu to 2309 * allow the DF flag to be cleared. 2310 */ 2311 struct sctp_tmit_chunk *chk; 2312 unsigned int eff_mtu, ovh; 2313 2314 asoc->smallest_mtu = mtu; 2315 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 2316 ovh = SCTP_MIN_OVERHEAD; 2317 } else { 2318 ovh = SCTP_MIN_V4_OVERHEAD; 2319 } 2320 eff_mtu = mtu - ovh; 2321 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 2322 2323 if (chk->send_size > eff_mtu) { 2324 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2325 } 2326 } 2327 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 2328 if (chk->send_size > eff_mtu) { 2329 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2330 } 2331 } 2332 } 2333 2334 2335 /* 2336 * given an association and starting time of the current RTT period return 2337 * RTO in number of usecs net should point to the current network 2338 */ 2339 uint32_t 2340 sctp_calculate_rto(struct sctp_tcb *stcb, 2341 struct sctp_association *asoc, 2342 struct sctp_nets *net, 2343 struct timeval *old) 2344 { 2345 /* 2346 * given an association and the starting time of the current RTT 2347 * period (in value1/value2) return RTO in number of usecs. 2348 */ 2349 int calc_time = 0; 2350 int o_calctime; 2351 unsigned int new_rto = 0; 2352 int first_measure = 0; 2353 struct timeval now; 2354 2355 /************************/ 2356 /* 1. calculate new RTT */ 2357 /************************/ 2358 /* get the current time */ 2359 SCTP_GETTIME_TIMEVAL(&now); 2360 /* compute the RTT value */ 2361 if ((u_long)now.tv_sec > (u_long)old->tv_sec) { 2362 calc_time = ((u_long)now.tv_sec - (u_long)old->tv_sec) * 1000; 2363 if ((u_long)now.tv_usec > (u_long)old->tv_usec) { 2364 calc_time += (((u_long)now.tv_usec - 2365 (u_long)old->tv_usec) / 1000); 2366 } else if ((u_long)now.tv_usec < (u_long)old->tv_usec) { 2367 /* Borrow 1,000ms from current calculation */ 2368 calc_time -= 1000; 2369 /* Add in the slop over */ 2370 calc_time += ((int)now.tv_usec / 1000); 2371 /* Add in the pre-second ms's */ 2372 calc_time += (((int)1000000 - (int)old->tv_usec) / 1000); 2373 } 2374 } else if ((u_long)now.tv_sec == (u_long)old->tv_sec) { 2375 if ((u_long)now.tv_usec > (u_long)old->tv_usec) { 2376 calc_time = ((u_long)now.tv_usec - 2377 (u_long)old->tv_usec) / 1000; 2378 } else if ((u_long)now.tv_usec < (u_long)old->tv_usec) { 2379 /* impossible .. garbage in nothing out */ 2380 return (((net->lastsa >> 2) + net->lastsv) >> 1); 2381 } else if ((u_long)now.tv_usec == (u_long)old->tv_usec) { 2382 /* 2383 * We have to have 1 usec :-D this must be the 2384 * loopback. 2385 */ 2386 calc_time = 1; 2387 } else { 2388 /* impossible .. garbage in nothing out */ 2389 return (((net->lastsa >> 2) + net->lastsv) >> 1); 2390 } 2391 } else { 2392 /* Clock wrapped? */ 2393 return (((net->lastsa >> 2) + net->lastsv) >> 1); 2394 } 2395 /***************************/ 2396 /* 2. update RTTVAR & SRTT */ 2397 /***************************/ 2398 o_calctime = calc_time; 2399 /* this is Van Jacobson's integer version */ 2400 if (net->RTO) { 2401 calc_time -= (net->lastsa >> 3); 2402 if ((int)net->prev_rtt > o_calctime) { 2403 net->rtt_variance = net->prev_rtt - o_calctime; 2404 /* decreasing */ 2405 net->rto_variance_dir = 0; 2406 } else { 2407 /* increasing */ 2408 net->rtt_variance = o_calctime - net->prev_rtt; 2409 net->rto_variance_dir = 1; 2410 } 2411 #ifdef SCTP_RTTVAR_LOGGING 2412 rto_logging(net, SCTP_LOG_RTTVAR); 2413 #endif 2414 net->prev_rtt = o_calctime; 2415 net->lastsa += calc_time; 2416 if (calc_time < 0) { 2417 calc_time = -calc_time; 2418 } 2419 calc_time -= (net->lastsv >> 2); 2420 net->lastsv += calc_time; 2421 if (net->lastsv == 0) { 2422 net->lastsv = SCTP_CLOCK_GRANULARITY; 2423 } 2424 } else { 2425 /* First RTO measurment */ 2426 net->lastsa = calc_time; 2427 net->lastsv = calc_time >> 1; 2428 first_measure = 1; 2429 net->rto_variance_dir = 1; 2430 net->prev_rtt = o_calctime; 2431 net->rtt_variance = 0; 2432 #ifdef SCTP_RTTVAR_LOGGING 2433 rto_logging(net, SCTP_LOG_INITIAL_RTT); 2434 #endif 2435 } 2436 new_rto = ((net->lastsa >> 2) + net->lastsv) >> 1; 2437 if ((new_rto > SCTP_SAT_NETWORK_MIN) && 2438 (stcb->asoc.sat_network_lockout == 0)) { 2439 stcb->asoc.sat_network = 1; 2440 } else if ((!first_measure) && stcb->asoc.sat_network) { 2441 stcb->asoc.sat_network = 0; 2442 stcb->asoc.sat_network_lockout = 1; 2443 } 2444 /* bound it, per C6/C7 in Section 5.3.1 */ 2445 if (new_rto < stcb->asoc.minrto) { 2446 new_rto = stcb->asoc.minrto; 2447 } 2448 if (new_rto > stcb->asoc.maxrto) { 2449 new_rto = stcb->asoc.maxrto; 2450 } 2451 /* we are now returning the RTT Smoothed */ 2452 return ((uint32_t) new_rto); 2453 } 2454 2455 2456 /* 2457 * return a pointer to a contiguous piece of data from the given mbuf chain 2458 * starting at 'off' for 'len' bytes. If the desired piece spans more than 2459 * one mbuf, a copy is made at 'ptr'. caller must ensure that the buffer size 2460 * is >= 'len' returns NULL if there there isn't 'len' bytes in the chain. 2461 */ 2462 __inline caddr_t 2463 sctp_m_getptr(struct mbuf *m, int off, int len, uint8_t * in_ptr) 2464 { 2465 uint32_t count; 2466 uint8_t *ptr; 2467 2468 ptr = in_ptr; 2469 if ((off < 0) || (len <= 0)) 2470 return (NULL); 2471 2472 /* find the desired start location */ 2473 while ((m != NULL) && (off > 0)) { 2474 if (off < m->m_len) 2475 break; 2476 off -= m->m_len; 2477 m = m->m_next; 2478 } 2479 if (m == NULL) 2480 return (NULL); 2481 2482 /* is the current mbuf large enough (eg. contiguous)? */ 2483 if ((m->m_len - off) >= len) { 2484 return (mtod(m, caddr_t)+off); 2485 } else { 2486 /* else, it spans more than one mbuf, so save a temp copy... */ 2487 while ((m != NULL) && (len > 0)) { 2488 count = min(m->m_len - off, len); 2489 bcopy(mtod(m, caddr_t)+off, ptr, count); 2490 len -= count; 2491 ptr += count; 2492 off = 0; 2493 m = m->m_next; 2494 } 2495 if ((m == NULL) && (len > 0)) 2496 return (NULL); 2497 else 2498 return ((caddr_t)in_ptr); 2499 } 2500 } 2501 2502 2503 struct sctp_paramhdr * 2504 sctp_get_next_param(struct mbuf *m, 2505 int offset, 2506 struct sctp_paramhdr *pull, 2507 int pull_limit) 2508 { 2509 /* This just provides a typed signature to Peter's Pull routine */ 2510 return ((struct sctp_paramhdr *)sctp_m_getptr(m, offset, pull_limit, 2511 (uint8_t *) pull)); 2512 } 2513 2514 2515 int 2516 sctp_add_pad_tombuf(struct mbuf *m, int padlen) 2517 { 2518 /* 2519 * add padlen bytes of 0 filled padding to the end of the mbuf. If 2520 * padlen is > 3 this routine will fail. 2521 */ 2522 uint8_t *dp; 2523 int i; 2524 2525 if (padlen > 3) { 2526 return (ENOBUFS); 2527 } 2528 if (M_TRAILINGSPACE(m)) { 2529 /* 2530 * The easy way. We hope the majority of the time we hit 2531 * here :) 2532 */ 2533 dp = (uint8_t *) (mtod(m, caddr_t)+m->m_len); 2534 m->m_len += padlen; 2535 } else { 2536 /* Hard way we must grow the mbuf */ 2537 struct mbuf *tmp; 2538 2539 tmp = sctp_get_mbuf_for_msg(padlen, 0, M_DONTWAIT, 1, MT_DATA); 2540 if (tmp == NULL) { 2541 /* Out of space GAK! we are in big trouble. */ 2542 return (ENOSPC); 2543 } 2544 /* setup and insert in middle */ 2545 tmp->m_next = m->m_next; 2546 tmp->m_len = padlen; 2547 m->m_next = tmp; 2548 dp = mtod(tmp, uint8_t *); 2549 } 2550 /* zero out the pad */ 2551 for (i = 0; i < padlen; i++) { 2552 *dp = 0; 2553 dp++; 2554 } 2555 return (0); 2556 } 2557 2558 int 2559 sctp_pad_lastmbuf(struct mbuf *m, int padval, struct mbuf *last_mbuf) 2560 { 2561 /* find the last mbuf in chain and pad it */ 2562 struct mbuf *m_at; 2563 2564 m_at = m; 2565 if (last_mbuf) { 2566 return (sctp_add_pad_tombuf(last_mbuf, padval)); 2567 } else { 2568 while (m_at) { 2569 if (m_at->m_next == NULL) { 2570 return (sctp_add_pad_tombuf(m_at, padval)); 2571 } 2572 m_at = m_at->m_next; 2573 } 2574 } 2575 return (EFAULT); 2576 } 2577 2578 int sctp_asoc_change_wake = 0; 2579 2580 static void 2581 sctp_notify_assoc_change(uint32_t event, struct sctp_tcb *stcb, 2582 uint32_t error, void *data) 2583 { 2584 struct mbuf *m_notify; 2585 struct sctp_assoc_change *sac; 2586 struct sctp_queued_to_read *control; 2587 2588 /* 2589 * First if we are are going down dump everything we can to the 2590 * socket rcv queue. 2591 */ 2592 2593 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 2594 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 2595 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) 2596 ) { 2597 /* If the socket is gone we are out of here */ 2598 return; 2599 } 2600 /* 2601 * For TCP model AND UDP connected sockets we will send an error up 2602 * when an ABORT comes in. 2603 */ 2604 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 2605 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && 2606 (event == SCTP_COMM_LOST)) { 2607 if (TAILQ_EMPTY(&stcb->sctp_ep->read_queue)) { 2608 stcb->sctp_socket->so_error = ECONNRESET; 2609 } 2610 /* Wake ANY sleepers */ 2611 sorwakeup(stcb->sctp_socket); 2612 sowwakeup(stcb->sctp_socket); 2613 sctp_asoc_change_wake++; 2614 } 2615 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVASSOCEVNT)) { 2616 /* event not enabled */ 2617 return; 2618 } 2619 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_change), 1, M_DONTWAIT, 1, MT_DATA); 2620 if (m_notify == NULL) 2621 /* no space left */ 2622 return; 2623 m_notify->m_len = 0; 2624 2625 sac = mtod(m_notify, struct sctp_assoc_change *); 2626 sac->sac_type = SCTP_ASSOC_CHANGE; 2627 sac->sac_flags = 0; 2628 sac->sac_length = sizeof(struct sctp_assoc_change); 2629 sac->sac_state = event; 2630 sac->sac_error = error; 2631 /* XXX verify these stream counts */ 2632 sac->sac_outbound_streams = stcb->asoc.streamoutcnt; 2633 sac->sac_inbound_streams = stcb->asoc.streamincnt; 2634 sac->sac_assoc_id = sctp_get_associd(stcb); 2635 m_notify->m_flags |= M_EOR | M_NOTIFICATION; 2636 m_notify->m_pkthdr.len = sizeof(struct sctp_assoc_change); 2637 m_notify->m_pkthdr.rcvif = 0; 2638 m_notify->m_len = sizeof(struct sctp_assoc_change); 2639 m_notify->m_next = NULL; 2640 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2641 0, 0, 0, 0, 0, 0, 2642 m_notify); 2643 if (control == NULL) { 2644 /* no memory */ 2645 sctp_m_freem(m_notify); 2646 return; 2647 } 2648 control->length = m_notify->m_len; 2649 /* not that we need this */ 2650 control->tail_mbuf = m_notify; 2651 sctp_add_to_readq(stcb->sctp_ep, stcb, 2652 control, 2653 &stcb->sctp_socket->so_rcv, 1); 2654 if (event == SCTP_COMM_LOST) { 2655 /* Wake up any sleeper */ 2656 sctp_sowwakeup(stcb->sctp_ep, stcb->sctp_socket); 2657 } 2658 } 2659 2660 static void 2661 sctp_notify_peer_addr_change(struct sctp_tcb *stcb, uint32_t state, 2662 struct sockaddr *sa, uint32_t error) 2663 { 2664 struct mbuf *m_notify; 2665 struct sctp_paddr_change *spc; 2666 struct sctp_queued_to_read *control; 2667 2668 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVPADDREVNT)) 2669 /* event not enabled */ 2670 return; 2671 2672 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_paddr_change), 1, M_DONTWAIT, 1, MT_DATA); 2673 if (m_notify == NULL) 2674 return; 2675 m_notify->m_len = 0; 2676 spc = mtod(m_notify, struct sctp_paddr_change *); 2677 spc->spc_type = SCTP_PEER_ADDR_CHANGE; 2678 spc->spc_flags = 0; 2679 spc->spc_length = sizeof(struct sctp_paddr_change); 2680 if (sa->sa_family == AF_INET) { 2681 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in)); 2682 } else { 2683 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in6)); 2684 } 2685 spc->spc_state = state; 2686 spc->spc_error = error; 2687 spc->spc_assoc_id = sctp_get_associd(stcb); 2688 2689 m_notify->m_flags |= M_EOR | M_NOTIFICATION; 2690 m_notify->m_pkthdr.len = sizeof(struct sctp_paddr_change); 2691 m_notify->m_pkthdr.rcvif = 0; 2692 m_notify->m_len = sizeof(struct sctp_paddr_change); 2693 m_notify->m_next = NULL; 2694 2695 /* append to socket */ 2696 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2697 0, 0, 0, 0, 0, 0, 2698 m_notify); 2699 if (control == NULL) { 2700 /* no memory */ 2701 sctp_m_freem(m_notify); 2702 return; 2703 } 2704 control->length = m_notify->m_len; 2705 /* not that we need this */ 2706 control->tail_mbuf = m_notify; 2707 sctp_add_to_readq(stcb->sctp_ep, stcb, 2708 control, 2709 &stcb->sctp_socket->so_rcv, 1); 2710 } 2711 2712 2713 static void 2714 sctp_notify_send_failed(struct sctp_tcb *stcb, uint32_t error, 2715 struct sctp_tmit_chunk *chk) 2716 { 2717 struct mbuf *m_notify; 2718 struct sctp_send_failed *ssf; 2719 struct sctp_queued_to_read *control; 2720 int length; 2721 2722 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVSENDFAILEVNT)) 2723 /* event not enabled */ 2724 return; 2725 2726 length = sizeof(struct sctp_send_failed) + chk->send_size; 2727 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_send_failed), 1, M_DONTWAIT, 1, MT_DATA); 2728 if (m_notify == NULL) 2729 /* no space left */ 2730 return; 2731 m_notify->m_len = 0; 2732 ssf = mtod(m_notify, struct sctp_send_failed *); 2733 ssf->ssf_type = SCTP_SEND_FAILED; 2734 if (error == SCTP_NOTIFY_DATAGRAM_UNSENT) 2735 ssf->ssf_flags = SCTP_DATA_UNSENT; 2736 else 2737 ssf->ssf_flags = SCTP_DATA_SENT; 2738 ssf->ssf_length = length; 2739 ssf->ssf_error = error; 2740 /* not exactly what the user sent in, but should be close :) */ 2741 ssf->ssf_info.sinfo_stream = chk->rec.data.stream_number; 2742 ssf->ssf_info.sinfo_ssn = chk->rec.data.stream_seq; 2743 ssf->ssf_info.sinfo_flags = chk->rec.data.rcv_flags; 2744 ssf->ssf_info.sinfo_ppid = chk->rec.data.payloadtype; 2745 ssf->ssf_info.sinfo_context = chk->rec.data.context; 2746 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 2747 ssf->ssf_assoc_id = sctp_get_associd(stcb); 2748 m_notify->m_next = chk->data; 2749 m_notify->m_flags |= M_NOTIFICATION; 2750 m_notify->m_pkthdr.len = length; 2751 m_notify->m_pkthdr.rcvif = 0; 2752 m_notify->m_len = sizeof(struct sctp_send_failed); 2753 2754 /* Steal off the mbuf */ 2755 chk->data = NULL; 2756 /* 2757 * For this case, we check the actual socket buffer, since the assoc 2758 * is going away we don't want to overfill the socket buffer for a 2759 * non-reader 2760 */ 2761 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < m_notify->m_len) { 2762 sctp_m_freem(m_notify); 2763 return; 2764 } 2765 /* append to socket */ 2766 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2767 0, 0, 0, 0, 0, 0, 2768 m_notify); 2769 if (control == NULL) { 2770 /* no memory */ 2771 sctp_m_freem(m_notify); 2772 return; 2773 } 2774 sctp_add_to_readq(stcb->sctp_ep, stcb, 2775 control, 2776 &stcb->sctp_socket->so_rcv, 1); 2777 } 2778 2779 2780 static void 2781 sctp_notify_send_failed2(struct sctp_tcb *stcb, uint32_t error, 2782 struct sctp_stream_queue_pending *sp) 2783 { 2784 struct mbuf *m_notify; 2785 struct sctp_send_failed *ssf; 2786 struct sctp_queued_to_read *control; 2787 int length; 2788 2789 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVSENDFAILEVNT)) 2790 /* event not enabled */ 2791 return; 2792 2793 length = sizeof(struct sctp_send_failed) + sp->length; 2794 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_adaption_event), 1, M_DONTWAIT, 1, MT_DATA); 2795 if (m_notify == NULL) 2796 /* no space left */ 2797 return; 2798 m_notify->m_len = 0; 2799 ssf = mtod(m_notify, struct sctp_send_failed *); 2800 ssf->ssf_type = SCTP_SEND_FAILED; 2801 if (error == SCTP_NOTIFY_DATAGRAM_UNSENT) 2802 ssf->ssf_flags = SCTP_DATA_UNSENT; 2803 else 2804 ssf->ssf_flags = SCTP_DATA_SENT; 2805 ssf->ssf_length = length; 2806 ssf->ssf_error = error; 2807 /* not exactly what the user sent in, but should be close :) */ 2808 ssf->ssf_info.sinfo_stream = sp->stream; 2809 ssf->ssf_info.sinfo_ssn = sp->strseq; 2810 ssf->ssf_info.sinfo_flags = sp->sinfo_flags; 2811 ssf->ssf_info.sinfo_ppid = sp->ppid; 2812 ssf->ssf_info.sinfo_context = sp->context; 2813 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 2814 ssf->ssf_assoc_id = sctp_get_associd(stcb); 2815 m_notify->m_next = sp->data; 2816 m_notify->m_flags |= M_NOTIFICATION; 2817 m_notify->m_pkthdr.len = length; 2818 m_notify->m_pkthdr.rcvif = 0; 2819 m_notify->m_len = sizeof(struct sctp_send_failed); 2820 2821 /* Steal off the mbuf */ 2822 sp->data = NULL; 2823 /* 2824 * For this case, we check the actual socket buffer, since the assoc 2825 * is going away we don't want to overfill the socket buffer for a 2826 * non-reader 2827 */ 2828 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < m_notify->m_len) { 2829 sctp_m_freem(m_notify); 2830 return; 2831 } 2832 /* append to socket */ 2833 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2834 0, 0, 0, 0, 0, 0, 2835 m_notify); 2836 if (control == NULL) { 2837 /* no memory */ 2838 sctp_m_freem(m_notify); 2839 return; 2840 } 2841 sctp_add_to_readq(stcb->sctp_ep, stcb, 2842 control, 2843 &stcb->sctp_socket->so_rcv, 1); 2844 } 2845 2846 2847 2848 static void 2849 sctp_notify_adaptation_layer(struct sctp_tcb *stcb, 2850 uint32_t error) 2851 { 2852 struct mbuf *m_notify; 2853 struct sctp_adaptation_event *sai; 2854 struct sctp_queued_to_read *control; 2855 2856 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_ADAPTATIONEVNT)) 2857 /* event not enabled */ 2858 return; 2859 2860 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_adaption_event), 1, M_DONTWAIT, 1, MT_DATA); 2861 if (m_notify == NULL) 2862 /* no space left */ 2863 return; 2864 m_notify->m_len = 0; 2865 sai = mtod(m_notify, struct sctp_adaptation_event *); 2866 sai->sai_type = SCTP_ADAPTATION_INDICATION; 2867 sai->sai_flags = 0; 2868 sai->sai_length = sizeof(struct sctp_adaptation_event); 2869 sai->sai_adaptation_ind = error; 2870 sai->sai_assoc_id = sctp_get_associd(stcb); 2871 2872 m_notify->m_flags |= M_EOR | M_NOTIFICATION; 2873 m_notify->m_pkthdr.len = sizeof(struct sctp_adaptation_event); 2874 m_notify->m_pkthdr.rcvif = 0; 2875 m_notify->m_len = sizeof(struct sctp_adaptation_event); 2876 m_notify->m_next = NULL; 2877 2878 /* append to socket */ 2879 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2880 0, 0, 0, 0, 0, 0, 2881 m_notify); 2882 if (control == NULL) { 2883 /* no memory */ 2884 sctp_m_freem(m_notify); 2885 return; 2886 } 2887 control->length = m_notify->m_len; 2888 /* not that we need this */ 2889 control->tail_mbuf = m_notify; 2890 sctp_add_to_readq(stcb->sctp_ep, stcb, 2891 control, 2892 &stcb->sctp_socket->so_rcv, 1); 2893 } 2894 2895 /* This always must be called with the read-queue LOCKED in the INP */ 2896 void 2897 sctp_notify_partial_delivery_indication(struct sctp_tcb *stcb, 2898 uint32_t error, int nolock) 2899 { 2900 struct mbuf *m_notify; 2901 struct sctp_pdapi_event *pdapi; 2902 struct sctp_queued_to_read *control; 2903 struct sockbuf *sb; 2904 2905 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_PDAPIEVNT)) 2906 /* event not enabled */ 2907 return; 2908 2909 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_pdapi_event), 1, M_DONTWAIT, 1, MT_DATA); 2910 if (m_notify == NULL) 2911 /* no space left */ 2912 return; 2913 m_notify->m_len = 0; 2914 pdapi = mtod(m_notify, struct sctp_pdapi_event *); 2915 pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT; 2916 pdapi->pdapi_flags = 0; 2917 pdapi->pdapi_length = sizeof(struct sctp_pdapi_event); 2918 pdapi->pdapi_indication = error; 2919 pdapi->pdapi_assoc_id = sctp_get_associd(stcb); 2920 2921 m_notify->m_flags |= M_EOR | M_NOTIFICATION; 2922 m_notify->m_pkthdr.len = sizeof(struct sctp_pdapi_event); 2923 m_notify->m_pkthdr.rcvif = 0; 2924 m_notify->m_len = sizeof(struct sctp_pdapi_event); 2925 m_notify->m_next = NULL; 2926 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2927 0, 0, 0, 0, 0, 0, 2928 m_notify); 2929 if (control == NULL) { 2930 /* no memory */ 2931 sctp_m_freem(m_notify); 2932 return; 2933 } 2934 control->length = m_notify->m_len; 2935 /* not that we need this */ 2936 control->tail_mbuf = m_notify; 2937 control->held_length = 0; 2938 control->length = 0; 2939 if (nolock == 0) { 2940 SCTP_INP_READ_LOCK(stcb->sctp_ep); 2941 } 2942 sb = &stcb->sctp_socket->so_rcv; 2943 #ifdef SCTP_SB_LOGGING 2944 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, m_notify->m_len); 2945 #endif 2946 sctp_sballoc(stcb, sb, m_notify); 2947 #ifdef SCTP_SB_LOGGING 2948 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 2949 #endif 2950 atomic_add_int(&control->length, m_notify->m_len); 2951 control->end_added = 1; 2952 if (stcb->asoc.control_pdapi) 2953 TAILQ_INSERT_AFTER(&stcb->sctp_ep->read_queue, stcb->asoc.control_pdapi, control, next); 2954 else { 2955 /* we really should not see this case */ 2956 TAILQ_INSERT_TAIL(&stcb->sctp_ep->read_queue, control, next); 2957 } 2958 if (nolock == 0) { 2959 SCTP_INP_READ_UNLOCK(stcb->sctp_ep); 2960 } 2961 if (stcb->sctp_ep && stcb->sctp_socket) { 2962 /* This should always be the case */ 2963 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket); 2964 } 2965 } 2966 2967 static void 2968 sctp_notify_shutdown_event(struct sctp_tcb *stcb) 2969 { 2970 struct mbuf *m_notify; 2971 struct sctp_shutdown_event *sse; 2972 struct sctp_queued_to_read *control; 2973 2974 /* 2975 * For TCP model AND UDP connected sockets we will send an error up 2976 * when an SHUTDOWN completes 2977 */ 2978 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 2979 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 2980 /* mark socket closed for read/write and wakeup! */ 2981 socantsendmore(stcb->sctp_socket); 2982 } 2983 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVSHUTDOWNEVNT)) 2984 /* event not enabled */ 2985 return; 2986 2987 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_event), 1, M_DONTWAIT, 1, MT_DATA); 2988 if (m_notify == NULL) 2989 /* no space left */ 2990 return; 2991 m_notify->m_len = 0; 2992 sse = mtod(m_notify, struct sctp_shutdown_event *); 2993 sse->sse_type = SCTP_SHUTDOWN_EVENT; 2994 sse->sse_flags = 0; 2995 sse->sse_length = sizeof(struct sctp_shutdown_event); 2996 sse->sse_assoc_id = sctp_get_associd(stcb); 2997 2998 m_notify->m_flags |= M_EOR | M_NOTIFICATION; 2999 m_notify->m_pkthdr.len = sizeof(struct sctp_shutdown_event); 3000 m_notify->m_pkthdr.rcvif = 0; 3001 m_notify->m_len = sizeof(struct sctp_shutdown_event); 3002 m_notify->m_next = NULL; 3003 3004 /* append to socket */ 3005 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3006 0, 0, 0, 0, 0, 0, 3007 m_notify); 3008 if (control == NULL) { 3009 /* no memory */ 3010 sctp_m_freem(m_notify); 3011 return; 3012 } 3013 control->length = m_notify->m_len; 3014 /* not that we need this */ 3015 control->tail_mbuf = m_notify; 3016 sctp_add_to_readq(stcb->sctp_ep, stcb, 3017 control, 3018 &stcb->sctp_socket->so_rcv, 1); 3019 } 3020 3021 static void 3022 sctp_notify_stream_reset(struct sctp_tcb *stcb, 3023 int number_entries, uint16_t * list, int flag) 3024 { 3025 struct mbuf *m_notify; 3026 struct sctp_queued_to_read *control; 3027 struct sctp_stream_reset_event *strreset; 3028 int len; 3029 3030 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_STREAM_RESETEVNT)) 3031 /* event not enabled */ 3032 return; 3033 3034 m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 1, M_DONTWAIT, 1, MT_DATA); 3035 if (m_notify == NULL) 3036 /* no space left */ 3037 return; 3038 m_notify->m_len = 0; 3039 len = sizeof(struct sctp_stream_reset_event) + (number_entries * sizeof(uint16_t)); 3040 if (len > M_TRAILINGSPACE(m_notify)) { 3041 /* never enough room */ 3042 sctp_m_freem(m_notify); 3043 return; 3044 } 3045 strreset = mtod(m_notify, struct sctp_stream_reset_event *); 3046 strreset->strreset_type = SCTP_STREAM_RESET_EVENT; 3047 if (number_entries == 0) { 3048 strreset->strreset_flags = flag | SCTP_STRRESET_ALL_STREAMS; 3049 } else { 3050 strreset->strreset_flags = flag | SCTP_STRRESET_STREAM_LIST; 3051 } 3052 strreset->strreset_length = len; 3053 strreset->strreset_assoc_id = sctp_get_associd(stcb); 3054 if (number_entries) { 3055 int i; 3056 3057 for (i = 0; i < number_entries; i++) { 3058 strreset->strreset_list[i] = ntohs(list[i]); 3059 } 3060 } 3061 m_notify->m_flags |= M_EOR | M_NOTIFICATION; 3062 m_notify->m_pkthdr.len = len; 3063 m_notify->m_pkthdr.rcvif = 0; 3064 m_notify->m_len = len; 3065 m_notify->m_next = NULL; 3066 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < m_notify->m_len) { 3067 /* no space */ 3068 sctp_m_freem(m_notify); 3069 return; 3070 } 3071 /* append to socket */ 3072 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3073 0, 0, 0, 0, 0, 0, 3074 m_notify); 3075 if (control == NULL) { 3076 /* no memory */ 3077 sctp_m_freem(m_notify); 3078 return; 3079 } 3080 control->length = m_notify->m_len; 3081 /* not that we need this */ 3082 control->tail_mbuf = m_notify; 3083 sctp_add_to_readq(stcb->sctp_ep, stcb, 3084 control, 3085 &stcb->sctp_socket->so_rcv, 1); 3086 } 3087 3088 3089 void 3090 sctp_ulp_notify(uint32_t notification, struct sctp_tcb *stcb, 3091 uint32_t error, void *data) 3092 { 3093 if (stcb == NULL) { 3094 /* unlikely but */ 3095 return; 3096 } 3097 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3098 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3099 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) 3100 ) { 3101 /* No notifications up when we are in a no socket state */ 3102 return; 3103 } 3104 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 3105 /* Can't send up to a closed socket any notifications */ 3106 return; 3107 } 3108 if (stcb && (stcb->asoc.assoc_up_sent == 0) && (notification != SCTP_NOTIFY_ASSOC_UP)) { 3109 if ((notification != SCTP_NOTIFY_ASSOC_DOWN) && 3110 (notification != SCTP_NOTIFY_ASSOC_ABORTED) && 3111 (notification != SCTP_NOTIFY_SPECIAL_SP_FAIL) && 3112 (notification != SCTP_NOTIFY_DG_FAIL) && 3113 (notification != SCTP_NOTIFY_PEER_SHUTDOWN)) { 3114 sctp_notify_assoc_change(SCTP_COMM_UP, stcb, 0, NULL); 3115 stcb->asoc.assoc_up_sent = 1; 3116 } 3117 } 3118 switch (notification) { 3119 case SCTP_NOTIFY_ASSOC_UP: 3120 if (stcb->asoc.assoc_up_sent == 0) { 3121 sctp_notify_assoc_change(SCTP_COMM_UP, stcb, error, NULL); 3122 stcb->asoc.assoc_up_sent = 1; 3123 } 3124 break; 3125 case SCTP_NOTIFY_ASSOC_DOWN: 3126 sctp_notify_assoc_change(SCTP_SHUTDOWN_COMP, stcb, error, NULL); 3127 break; 3128 case SCTP_NOTIFY_INTERFACE_DOWN: 3129 { 3130 struct sctp_nets *net; 3131 3132 net = (struct sctp_nets *)data; 3133 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_UNREACHABLE, 3134 (struct sockaddr *)&net->ro._l_addr, error); 3135 break; 3136 } 3137 case SCTP_NOTIFY_INTERFACE_UP: 3138 { 3139 struct sctp_nets *net; 3140 3141 net = (struct sctp_nets *)data; 3142 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_AVAILABLE, 3143 (struct sockaddr *)&net->ro._l_addr, error); 3144 break; 3145 } 3146 case SCTP_NOTIFY_INTERFACE_CONFIRMED: 3147 { 3148 struct sctp_nets *net; 3149 3150 net = (struct sctp_nets *)data; 3151 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_CONFIRMED, 3152 (struct sockaddr *)&net->ro._l_addr, error); 3153 break; 3154 } 3155 case SCTP_NOTIFY_SPECIAL_SP_FAIL: 3156 sctp_notify_send_failed2(stcb, error, 3157 (struct sctp_stream_queue_pending *)data); 3158 break; 3159 case SCTP_NOTIFY_DG_FAIL: 3160 sctp_notify_send_failed(stcb, error, 3161 (struct sctp_tmit_chunk *)data); 3162 break; 3163 case SCTP_NOTIFY_ADAPTATION_INDICATION: 3164 /* Here the error is the adaptation indication */ 3165 sctp_notify_adaptation_layer(stcb, error); 3166 break; 3167 case SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION: 3168 sctp_notify_partial_delivery_indication(stcb, error, 0); 3169 break; 3170 case SCTP_NOTIFY_STRDATA_ERR: 3171 break; 3172 case SCTP_NOTIFY_ASSOC_ABORTED: 3173 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, NULL); 3174 break; 3175 case SCTP_NOTIFY_PEER_OPENED_STREAM: 3176 break; 3177 case SCTP_NOTIFY_STREAM_OPENED_OK: 3178 break; 3179 case SCTP_NOTIFY_ASSOC_RESTART: 3180 sctp_notify_assoc_change(SCTP_RESTART, stcb, error, data); 3181 break; 3182 case SCTP_NOTIFY_HB_RESP: 3183 break; 3184 case SCTP_NOTIFY_STR_RESET_SEND: 3185 sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), SCTP_STRRESET_OUTBOUND_STR); 3186 break; 3187 case SCTP_NOTIFY_STR_RESET_RECV: 3188 sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), SCTP_STRRESET_INBOUND_STR); 3189 break; 3190 case SCTP_NOTIFY_STR_RESET_FAILED_OUT: 3191 sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), (SCTP_STRRESET_OUTBOUND_STR | SCTP_STRRESET_INBOUND_STR)); 3192 break; 3193 3194 case SCTP_NOTIFY_STR_RESET_FAILED_IN: 3195 sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), (SCTP_STRRESET_INBOUND_STR | SCTP_STRRESET_INBOUND_STR)); 3196 break; 3197 3198 case SCTP_NOTIFY_ASCONF_ADD_IP: 3199 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_ADDED, data, 3200 error); 3201 break; 3202 case SCTP_NOTIFY_ASCONF_DELETE_IP: 3203 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_REMOVED, data, 3204 error); 3205 break; 3206 case SCTP_NOTIFY_ASCONF_SET_PRIMARY: 3207 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_MADE_PRIM, data, 3208 error); 3209 break; 3210 case SCTP_NOTIFY_ASCONF_SUCCESS: 3211 break; 3212 case SCTP_NOTIFY_ASCONF_FAILED: 3213 break; 3214 case SCTP_NOTIFY_PEER_SHUTDOWN: 3215 sctp_notify_shutdown_event(stcb); 3216 break; 3217 case SCTP_NOTIFY_AUTH_NEW_KEY: 3218 sctp_notify_authentication(stcb, SCTP_AUTH_NEWKEY, error, 3219 (uint16_t) (uintptr_t) data); 3220 break; 3221 #if 0 3222 case SCTP_NOTIFY_AUTH_KEY_CONFLICT: 3223 sctp_notify_authentication(stcb, SCTP_AUTH_KEY_CONFLICT, 3224 error, (uint16_t) (uintptr_t) data); 3225 break; 3226 #endif /* not yet? remove? */ 3227 3228 3229 default: 3230 #ifdef SCTP_DEBUG 3231 if (sctp_debug_on & SCTP_DEBUG_UTIL1) { 3232 printf("NOTIFY: unknown notification %xh (%u)\n", 3233 notification, notification); 3234 } 3235 #endif /* SCTP_DEBUG */ 3236 break; 3237 } /* end switch */ 3238 } 3239 3240 void 3241 sctp_report_all_outbound(struct sctp_tcb *stcb, int holds_lock) 3242 { 3243 struct sctp_association *asoc; 3244 struct sctp_stream_out *outs; 3245 struct sctp_tmit_chunk *chk; 3246 struct sctp_stream_queue_pending *sp; 3247 int i; 3248 3249 asoc = &stcb->asoc; 3250 3251 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3252 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3253 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 3254 return; 3255 } 3256 /* now through all the gunk freeing chunks */ 3257 if (holds_lock == 0) 3258 SCTP_TCB_SEND_LOCK(stcb); 3259 for (i = 0; i < stcb->asoc.streamoutcnt; i++) { 3260 /* For each stream */ 3261 outs = &stcb->asoc.strmout[i]; 3262 /* clean up any sends there */ 3263 stcb->asoc.locked_on_sending = NULL; 3264 sp = TAILQ_FIRST(&outs->outqueue); 3265 while (sp) { 3266 stcb->asoc.stream_queue_cnt--; 3267 TAILQ_REMOVE(&outs->outqueue, sp, next); 3268 sctp_free_spbufspace(stcb, asoc, sp); 3269 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb, 3270 SCTP_NOTIFY_DATAGRAM_UNSENT, (void *)sp); 3271 if (sp->data) { 3272 sctp_m_freem(sp->data); 3273 sp->data = NULL; 3274 } 3275 if (sp->net) 3276 sctp_free_remote_addr(sp->net); 3277 sp->net = NULL; 3278 /* Free the chunk */ 3279 sctp_free_a_strmoq(stcb, sp); 3280 sp = TAILQ_FIRST(&outs->outqueue); 3281 } 3282 } 3283 3284 /* pending send queue SHOULD be empty */ 3285 if (!TAILQ_EMPTY(&asoc->send_queue)) { 3286 chk = TAILQ_FIRST(&asoc->send_queue); 3287 while (chk) { 3288 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); 3289 if (chk->data) { 3290 /* 3291 * trim off the sctp chunk header(it should 3292 * be there) 3293 */ 3294 if (chk->send_size >= sizeof(struct sctp_data_chunk)) { 3295 m_adj(chk->data, sizeof(struct sctp_data_chunk)); 3296 sctp_mbuf_crush(chk->data); 3297 } 3298 } 3299 sctp_free_bufspace(stcb, asoc, chk, 1); 3300 sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb, SCTP_NOTIFY_DATAGRAM_UNSENT, chk); 3301 if (chk->data) { 3302 sctp_m_freem(chk->data); 3303 chk->data = NULL; 3304 } 3305 if (chk->whoTo) 3306 sctp_free_remote_addr(chk->whoTo); 3307 chk->whoTo = NULL; 3308 sctp_free_a_chunk(stcb, chk); 3309 chk = TAILQ_FIRST(&asoc->send_queue); 3310 } 3311 } 3312 /* sent queue SHOULD be empty */ 3313 if (!TAILQ_EMPTY(&asoc->sent_queue)) { 3314 chk = TAILQ_FIRST(&asoc->sent_queue); 3315 while (chk) { 3316 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next); 3317 if (chk->data) { 3318 /* 3319 * trim off the sctp chunk header(it should 3320 * be there) 3321 */ 3322 if (chk->send_size >= sizeof(struct sctp_data_chunk)) { 3323 m_adj(chk->data, sizeof(struct sctp_data_chunk)); 3324 sctp_mbuf_crush(chk->data); 3325 } 3326 } 3327 sctp_free_bufspace(stcb, asoc, chk, 1); 3328 sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb, 3329 SCTP_NOTIFY_DATAGRAM_SENT, chk); 3330 if (chk->data) { 3331 sctp_m_freem(chk->data); 3332 chk->data = NULL; 3333 } 3334 if (chk->whoTo) 3335 sctp_free_remote_addr(chk->whoTo); 3336 chk->whoTo = NULL; 3337 sctp_free_a_chunk(stcb, chk); 3338 chk = TAILQ_FIRST(&asoc->sent_queue); 3339 } 3340 } 3341 if (holds_lock == 0) 3342 SCTP_TCB_SEND_UNLOCK(stcb); 3343 } 3344 3345 void 3346 sctp_abort_notification(struct sctp_tcb *stcb, int error) 3347 { 3348 3349 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3350 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3351 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 3352 return; 3353 } 3354 /* Tell them we lost the asoc */ 3355 sctp_report_all_outbound(stcb, 1); 3356 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || 3357 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 3358 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) { 3359 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_WAS_ABORTED; 3360 } 3361 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_ABORTED, stcb, error, NULL); 3362 } 3363 3364 void 3365 sctp_abort_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 3366 struct mbuf *m, int iphlen, struct sctphdr *sh, struct mbuf *op_err) 3367 { 3368 uint32_t vtag; 3369 3370 vtag = 0; 3371 if (stcb != NULL) { 3372 /* We have a TCB to abort, send notification too */ 3373 vtag = stcb->asoc.peer_vtag; 3374 sctp_abort_notification(stcb, 0); 3375 } 3376 sctp_send_abort(m, iphlen, sh, vtag, op_err); 3377 if (stcb != NULL) { 3378 /* Ok, now lets free it */ 3379 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTPUTIL + SCTP_LOC_4); 3380 } else { 3381 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 3382 if (LIST_FIRST(&inp->sctp_asoc_list) == NULL) { 3383 sctp_inpcb_free(inp, 1, 0); 3384 } 3385 } 3386 } 3387 } 3388 3389 void 3390 sctp_abort_an_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 3391 int error, struct mbuf *op_err) 3392 { 3393 uint32_t vtag; 3394 3395 if (stcb == NULL) { 3396 /* Got to have a TCB */ 3397 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 3398 if (LIST_FIRST(&inp->sctp_asoc_list) == NULL) { 3399 sctp_inpcb_free(inp, 1, 0); 3400 } 3401 } 3402 return; 3403 } 3404 vtag = stcb->asoc.peer_vtag; 3405 /* notify the ulp */ 3406 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) 3407 sctp_abort_notification(stcb, error); 3408 /* notify the peer */ 3409 sctp_send_abort_tcb(stcb, op_err); 3410 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 3411 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) || 3412 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 3413 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 3414 } 3415 /* now free the asoc */ 3416 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTPUTIL + SCTP_LOC_5); 3417 } 3418 3419 void 3420 sctp_handle_ootb(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh, 3421 struct sctp_inpcb *inp, struct mbuf *op_err) 3422 { 3423 struct sctp_chunkhdr *ch, chunk_buf; 3424 unsigned int chk_length; 3425 3426 SCTP_STAT_INCR_COUNTER32(sctps_outoftheblue); 3427 /* Generate a TO address for future reference */ 3428 if (inp && (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) { 3429 if (LIST_FIRST(&inp->sctp_asoc_list) == NULL) { 3430 sctp_inpcb_free(inp, 1, 0); 3431 } 3432 } 3433 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 3434 sizeof(*ch), (uint8_t *) & chunk_buf); 3435 while (ch != NULL) { 3436 chk_length = ntohs(ch->chunk_length); 3437 if (chk_length < sizeof(*ch)) { 3438 /* break to abort land */ 3439 break; 3440 } 3441 switch (ch->chunk_type) { 3442 case SCTP_PACKET_DROPPED: 3443 /* we don't respond to pkt-dropped */ 3444 return; 3445 case SCTP_ABORT_ASSOCIATION: 3446 /* we don't respond with an ABORT to an ABORT */ 3447 return; 3448 case SCTP_SHUTDOWN_COMPLETE: 3449 /* 3450 * we ignore it since we are not waiting for it and 3451 * peer is gone 3452 */ 3453 return; 3454 case SCTP_SHUTDOWN_ACK: 3455 sctp_send_shutdown_complete2(m, iphlen, sh); 3456 return; 3457 default: 3458 break; 3459 } 3460 offset += SCTP_SIZE32(chk_length); 3461 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 3462 sizeof(*ch), (uint8_t *) & chunk_buf); 3463 } 3464 sctp_send_abort(m, iphlen, sh, 0, op_err); 3465 } 3466 3467 /* 3468 * check the inbound datagram to make sure there is not an abort inside it, 3469 * if there is return 1, else return 0. 3470 */ 3471 int 3472 sctp_is_there_an_abort_here(struct mbuf *m, int iphlen, uint32_t * vtagfill) 3473 { 3474 struct sctp_chunkhdr *ch; 3475 struct sctp_init_chunk *init_chk, chunk_buf; 3476 int offset; 3477 unsigned int chk_length; 3478 3479 offset = iphlen + sizeof(struct sctphdr); 3480 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, sizeof(*ch), 3481 (uint8_t *) & chunk_buf); 3482 while (ch != NULL) { 3483 chk_length = ntohs(ch->chunk_length); 3484 if (chk_length < sizeof(*ch)) { 3485 /* packet is probably corrupt */ 3486 break; 3487 } 3488 /* we seem to be ok, is it an abort? */ 3489 if (ch->chunk_type == SCTP_ABORT_ASSOCIATION) { 3490 /* yep, tell them */ 3491 return (1); 3492 } 3493 if (ch->chunk_type == SCTP_INITIATION) { 3494 /* need to update the Vtag */ 3495 init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m, 3496 offset, sizeof(*init_chk), (uint8_t *) & chunk_buf); 3497 if (init_chk != NULL) { 3498 *vtagfill = ntohl(init_chk->init.initiate_tag); 3499 } 3500 } 3501 /* Nope, move to the next chunk */ 3502 offset += SCTP_SIZE32(chk_length); 3503 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 3504 sizeof(*ch), (uint8_t *) & chunk_buf); 3505 } 3506 return (0); 3507 } 3508 3509 /* 3510 * currently (2/02), ifa_addr embeds scope_id's and don't have sin6_scope_id 3511 * set (i.e. it's 0) so, create this function to compare link local scopes 3512 */ 3513 uint32_t 3514 sctp_is_same_scope(struct sockaddr_in6 *addr1, struct sockaddr_in6 *addr2) 3515 { 3516 struct sockaddr_in6 a, b; 3517 3518 /* save copies */ 3519 a = *addr1; 3520 b = *addr2; 3521 3522 if (a.sin6_scope_id == 0) 3523 if (sa6_recoverscope(&a)) { 3524 /* can't get scope, so can't match */ 3525 return (0); 3526 } 3527 if (b.sin6_scope_id == 0) 3528 if (sa6_recoverscope(&b)) { 3529 /* can't get scope, so can't match */ 3530 return (0); 3531 } 3532 if (a.sin6_scope_id != b.sin6_scope_id) 3533 return (0); 3534 3535 return (1); 3536 } 3537 3538 /* 3539 * returns a sockaddr_in6 with embedded scope recovered and removed 3540 */ 3541 struct sockaddr_in6 * 3542 sctp_recover_scope(struct sockaddr_in6 *addr, struct sockaddr_in6 *store) 3543 { 3544 3545 /* check and strip embedded scope junk */ 3546 if (addr->sin6_family == AF_INET6) { 3547 if (IN6_IS_SCOPE_LINKLOCAL(&addr->sin6_addr)) { 3548 if (addr->sin6_scope_id == 0) { 3549 *store = *addr; 3550 if (!sa6_recoverscope(store)) { 3551 /* use the recovered scope */ 3552 addr = store; 3553 } 3554 /* else, return the original "to" addr */ 3555 } 3556 } 3557 } 3558 return (addr); 3559 } 3560 3561 /* 3562 * are the two addresses the same? currently a "scopeless" check returns: 1 3563 * if same, 0 if not 3564 */ 3565 __inline int 3566 sctp_cmpaddr(struct sockaddr *sa1, struct sockaddr *sa2) 3567 { 3568 3569 /* must be valid */ 3570 if (sa1 == NULL || sa2 == NULL) 3571 return (0); 3572 3573 /* must be the same family */ 3574 if (sa1->sa_family != sa2->sa_family) 3575 return (0); 3576 3577 if (sa1->sa_family == AF_INET6) { 3578 /* IPv6 addresses */ 3579 struct sockaddr_in6 *sin6_1, *sin6_2; 3580 3581 sin6_1 = (struct sockaddr_in6 *)sa1; 3582 sin6_2 = (struct sockaddr_in6 *)sa2; 3583 return (SCTP6_ARE_ADDR_EQUAL(&sin6_1->sin6_addr, 3584 &sin6_2->sin6_addr)); 3585 } else if (sa1->sa_family == AF_INET) { 3586 /* IPv4 addresses */ 3587 struct sockaddr_in *sin_1, *sin_2; 3588 3589 sin_1 = (struct sockaddr_in *)sa1; 3590 sin_2 = (struct sockaddr_in *)sa2; 3591 return (sin_1->sin_addr.s_addr == sin_2->sin_addr.s_addr); 3592 } else { 3593 /* we don't do these... */ 3594 return (0); 3595 } 3596 } 3597 3598 void 3599 sctp_print_address(struct sockaddr *sa) 3600 { 3601 3602 if (sa->sa_family == AF_INET6) { 3603 struct sockaddr_in6 *sin6; 3604 char ip6buf[INET6_ADDRSTRLEN]; 3605 3606 sin6 = (struct sockaddr_in6 *)sa; 3607 printf("IPv6 address: %s:%d scope:%u\n", 3608 ip6_sprintf(ip6buf, &sin6->sin6_addr), 3609 ntohs(sin6->sin6_port), 3610 sin6->sin6_scope_id); 3611 } else if (sa->sa_family == AF_INET) { 3612 struct sockaddr_in *sin; 3613 unsigned char *p; 3614 3615 sin = (struct sockaddr_in *)sa; 3616 p = (unsigned char *)&sin->sin_addr; 3617 printf("IPv4 address: %u.%u.%u.%u:%d\n", 3618 p[0], p[1], p[2], p[3], ntohs(sin->sin_port)); 3619 } else { 3620 printf("?\n"); 3621 } 3622 } 3623 3624 void 3625 sctp_print_address_pkt(struct ip *iph, struct sctphdr *sh) 3626 { 3627 if (iph->ip_v == IPVERSION) { 3628 struct sockaddr_in lsa, fsa; 3629 3630 bzero(&lsa, sizeof(lsa)); 3631 lsa.sin_len = sizeof(lsa); 3632 lsa.sin_family = AF_INET; 3633 lsa.sin_addr = iph->ip_src; 3634 lsa.sin_port = sh->src_port; 3635 bzero(&fsa, sizeof(fsa)); 3636 fsa.sin_len = sizeof(fsa); 3637 fsa.sin_family = AF_INET; 3638 fsa.sin_addr = iph->ip_dst; 3639 fsa.sin_port = sh->dest_port; 3640 printf("src: "); 3641 sctp_print_address((struct sockaddr *)&lsa); 3642 printf("dest: "); 3643 sctp_print_address((struct sockaddr *)&fsa); 3644 } else if (iph->ip_v == (IPV6_VERSION >> 4)) { 3645 struct ip6_hdr *ip6; 3646 struct sockaddr_in6 lsa6, fsa6; 3647 3648 ip6 = (struct ip6_hdr *)iph; 3649 bzero(&lsa6, sizeof(lsa6)); 3650 lsa6.sin6_len = sizeof(lsa6); 3651 lsa6.sin6_family = AF_INET6; 3652 lsa6.sin6_addr = ip6->ip6_src; 3653 lsa6.sin6_port = sh->src_port; 3654 bzero(&fsa6, sizeof(fsa6)); 3655 fsa6.sin6_len = sizeof(fsa6); 3656 fsa6.sin6_family = AF_INET6; 3657 fsa6.sin6_addr = ip6->ip6_dst; 3658 fsa6.sin6_port = sh->dest_port; 3659 printf("src: "); 3660 sctp_print_address((struct sockaddr *)&lsa6); 3661 printf("dest: "); 3662 sctp_print_address((struct sockaddr *)&fsa6); 3663 } 3664 } 3665 3666 #if defined(HAVE_SCTP_SO_LASTRECORD) 3667 3668 /* cloned from uipc_socket.c */ 3669 3670 #define SCTP_SBLINKRECORD(sb, m0) do { \ 3671 if ((sb)->sb_lastrecord != NULL) \ 3672 (sb)->sb_lastrecord->m_nextpkt = (m0); \ 3673 else \ 3674 (sb)->sb_mb = (m0); \ 3675 (sb)->sb_lastrecord = (m0); \ 3676 } while (/*CONSTCOND*/0) 3677 #endif 3678 3679 void 3680 sctp_pull_off_control_to_new_inp(struct sctp_inpcb *old_inp, 3681 struct sctp_inpcb *new_inp, 3682 struct sctp_tcb *stcb) 3683 { 3684 /* 3685 * go through our old INP and pull off any control structures that 3686 * belong to stcb and move then to the new inp. 3687 */ 3688 struct socket *old_so, *new_so; 3689 struct sctp_queued_to_read *control, *nctl; 3690 struct sctp_readhead tmp_queue; 3691 struct mbuf *m; 3692 int error; 3693 3694 old_so = old_inp->sctp_socket; 3695 new_so = new_inp->sctp_socket; 3696 TAILQ_INIT(&tmp_queue); 3697 3698 SOCKBUF_LOCK(&(old_so->so_rcv)); 3699 3700 error = sblock(&old_so->so_rcv, 0); 3701 3702 SOCKBUF_UNLOCK(&(old_so->so_rcv)); 3703 if (error) { 3704 /* 3705 * Gak, can't get sblock, we have a problem. data will be 3706 * left stranded.. and we don't dare look at it since the 3707 * other thread may be reading something. Oh well, its a 3708 * screwed up app that does a peeloff OR a accept while 3709 * reading from the main socket... actually its only the 3710 * peeloff() case, since I think read will fail on a 3711 * listening socket.. 3712 */ 3713 return; 3714 } 3715 /* lock the socket buffers */ 3716 SCTP_INP_READ_LOCK(old_inp); 3717 control = TAILQ_FIRST(&old_inp->read_queue); 3718 /* Pull off all for out target stcb */ 3719 while (control) { 3720 nctl = TAILQ_NEXT(control, next); 3721 if (control->stcb == stcb) { 3722 /* remove it we want it */ 3723 TAILQ_REMOVE(&old_inp->read_queue, control, next); 3724 TAILQ_INSERT_TAIL(&tmp_queue, control, next); 3725 m = control->data; 3726 while (m) { 3727 #ifdef SCTP_SB_LOGGING 3728 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, m->m_len); 3729 #endif 3730 sctp_sbfree(control, stcb, &old_so->so_rcv, m); 3731 #ifdef SCTP_SB_LOGGING 3732 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 3733 #endif 3734 m = m->m_next; 3735 } 3736 } 3737 control = nctl; 3738 } 3739 SCTP_INP_READ_UNLOCK(old_inp); 3740 3741 /* Remove the sb-lock on the old socket */ 3742 SOCKBUF_LOCK(&(old_so->so_rcv)); 3743 3744 sbunlock(&old_so->so_rcv); 3745 SOCKBUF_UNLOCK(&(old_so->so_rcv)); 3746 3747 /* Now we move them over to the new socket buffer */ 3748 control = TAILQ_FIRST(&tmp_queue); 3749 SCTP_INP_READ_LOCK(new_inp); 3750 while (control) { 3751 nctl = TAILQ_NEXT(control, next); 3752 TAILQ_INSERT_TAIL(&new_inp->read_queue, control, next); 3753 m = control->data; 3754 while (m) { 3755 #ifdef SCTP_SB_LOGGING 3756 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, m->m_len); 3757 #endif 3758 sctp_sballoc(stcb, &new_so->so_rcv, m); 3759 #ifdef SCTP_SB_LOGGING 3760 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 3761 #endif 3762 m = m->m_next; 3763 } 3764 control = nctl; 3765 } 3766 SCTP_INP_READ_UNLOCK(new_inp); 3767 } 3768 3769 3770 void 3771 sctp_add_to_readq(struct sctp_inpcb *inp, 3772 struct sctp_tcb *stcb, 3773 struct sctp_queued_to_read *control, 3774 struct sockbuf *sb, 3775 int end) 3776 { 3777 /* 3778 * Here we must place the control on the end of the socket read 3779 * queue AND increment sb_cc so that select will work properly on 3780 * read. 3781 */ 3782 struct mbuf *m, *prev = NULL; 3783 3784 if (inp == NULL) { 3785 /* Gak, TSNH!! */ 3786 #ifdef INVARIANTS 3787 panic("Gak, inp NULL on add_to_readq"); 3788 #endif 3789 return; 3790 } 3791 SCTP_INP_READ_LOCK(inp); 3792 atomic_add_int(&inp->total_recvs, 1); 3793 atomic_add_int(&stcb->total_recvs, 1); 3794 m = control->data; 3795 control->held_length = 0; 3796 control->length = 0; 3797 while (m) { 3798 if (m->m_len == 0) { 3799 /* Skip mbufs with NO length */ 3800 if (prev == NULL) { 3801 /* First one */ 3802 control->data = sctp_m_free(m); 3803 m = control->data; 3804 } else { 3805 prev->m_next = sctp_m_free(m); 3806 m = prev->m_next; 3807 } 3808 if (m == NULL) { 3809 control->tail_mbuf = prev;; 3810 } 3811 continue; 3812 } 3813 prev = m; 3814 #ifdef SCTP_SB_LOGGING 3815 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, m->m_len); 3816 #endif 3817 sctp_sballoc(stcb, sb, m); 3818 #ifdef SCTP_SB_LOGGING 3819 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 3820 #endif 3821 atomic_add_int(&control->length, m->m_len); 3822 m = m->m_next; 3823 } 3824 if (prev != NULL) { 3825 control->tail_mbuf = prev; 3826 if (end) { 3827 prev->m_flags |= M_EOR; 3828 } 3829 } else { 3830 return; 3831 } 3832 if (end) { 3833 control->end_added = 1; 3834 } 3835 TAILQ_INSERT_TAIL(&inp->read_queue, control, next); 3836 SCTP_INP_READ_UNLOCK(inp); 3837 if (inp && inp->sctp_socket) { 3838 sctp_sorwakeup(inp, inp->sctp_socket); 3839 } 3840 } 3841 3842 3843 int 3844 sctp_append_to_readq(struct sctp_inpcb *inp, 3845 struct sctp_tcb *stcb, 3846 struct sctp_queued_to_read *control, 3847 struct mbuf *m, 3848 int end, 3849 int ctls_cumack, 3850 struct sockbuf *sb) 3851 { 3852 /* 3853 * A partial delivery API event is underway. OR we are appending on 3854 * the reassembly queue. 3855 * 3856 * If PDAPI this means we need to add m to the end of the data. 3857 * Increase the length in the control AND increment the sb_cc. 3858 * Otherwise sb is NULL and all we need to do is put it at the end 3859 * of the mbuf chain. 3860 */ 3861 int len = 0; 3862 struct mbuf *mm, *tail = NULL, *prev = NULL; 3863 3864 if (inp) { 3865 SCTP_INP_READ_LOCK(inp); 3866 } 3867 if (control == NULL) { 3868 get_out: 3869 if (inp) { 3870 SCTP_INP_READ_UNLOCK(inp); 3871 } 3872 return (-1); 3873 } 3874 if ((control->tail_mbuf) && 3875 (control->tail_mbuf->m_flags & M_EOR)) { 3876 /* huh this one is complete? */ 3877 goto get_out; 3878 } 3879 mm = m; 3880 if (mm == NULL) { 3881 goto get_out; 3882 } 3883 while (mm) { 3884 if (mm->m_len == 0) { 3885 /* Skip mbufs with NO lenght */ 3886 if (prev == NULL) { 3887 /* First one */ 3888 m = sctp_m_free(mm); 3889 mm = m; 3890 } else { 3891 prev->m_next = sctp_m_free(mm); 3892 mm = prev->m_next; 3893 } 3894 continue; 3895 } 3896 prev = mm; 3897 len += mm->m_len; 3898 if (sb) { 3899 #ifdef SCTP_SB_LOGGING 3900 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, mm->m_len); 3901 #endif 3902 sctp_sballoc(stcb, sb, mm); 3903 #ifdef SCTP_SB_LOGGING 3904 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 3905 #endif 3906 } 3907 mm = mm->m_next; 3908 } 3909 if (prev) { 3910 tail = prev; 3911 } else { 3912 /* Really there should always be a prev */ 3913 if (m == NULL) { 3914 /* Huh nothing left? */ 3915 #ifdef INVARIANTS 3916 panic("Nothing left to add?"); 3917 #else 3918 goto get_out; 3919 #endif 3920 } 3921 tail = m; 3922 } 3923 if (end) { 3924 /* message is complete */ 3925 tail->m_flags |= M_EOR; 3926 if (control == stcb->asoc.control_pdapi) { 3927 stcb->asoc.control_pdapi = NULL; 3928 } 3929 control->held_length = 0; 3930 control->end_added = 1; 3931 } 3932 atomic_add_int(&control->length, len); 3933 if (control->tail_mbuf) { 3934 /* append */ 3935 control->tail_mbuf->m_next = m; 3936 control->tail_mbuf = tail; 3937 } else { 3938 /* nothing there */ 3939 #ifdef INVARIANTS 3940 if (control->data != NULL) { 3941 panic("This should NOT happen"); 3942 } 3943 #endif 3944 control->data = m; 3945 control->tail_mbuf = tail; 3946 } 3947 /* 3948 * When we are appending in partial delivery, the cum-ack is used 3949 * for the actual pd-api highest tsn on this mbuf. The true cum-ack 3950 * is populated in the outbound sinfo structure from the true cumack 3951 * if the association exists... 3952 */ 3953 control->sinfo_tsn = control->sinfo_cumtsn = ctls_cumack; 3954 if (inp) { 3955 SCTP_INP_READ_UNLOCK(inp); 3956 } 3957 if (inp && inp->sctp_socket) { 3958 sctp_sorwakeup(inp, inp->sctp_socket); 3959 } 3960 return (0); 3961 } 3962 3963 3964 3965 /*************HOLD THIS COMMENT FOR PATCH FILE OF 3966 *************ALTERNATE ROUTING CODE 3967 */ 3968 3969 /*************HOLD THIS COMMENT FOR END OF PATCH FILE OF 3970 *************ALTERNATE ROUTING CODE 3971 */ 3972 3973 struct mbuf * 3974 sctp_generate_invmanparam(int err) 3975 { 3976 /* Return a MBUF with a invalid mandatory parameter */ 3977 struct mbuf *m; 3978 3979 m = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr), 0, M_DONTWAIT, 1, MT_DATA); 3980 if (m) { 3981 struct sctp_paramhdr *ph; 3982 3983 m->m_len = sizeof(struct sctp_paramhdr); 3984 ph = mtod(m, struct sctp_paramhdr *); 3985 ph->param_length = htons(sizeof(struct sctp_paramhdr)); 3986 ph->param_type = htons(err); 3987 } 3988 return (m); 3989 } 3990 3991 #ifdef SCTP_MBCNT_LOGGING 3992 void 3993 sctp_free_bufspace(struct sctp_tcb *stcb, struct sctp_association *asoc, 3994 struct sctp_tmit_chunk *tp1, int chk_cnt) 3995 { 3996 if (tp1->data == NULL) { 3997 return; 3998 } 3999 asoc->chunks_on_out_queue -= chk_cnt; 4000 sctp_log_mbcnt(SCTP_LOG_MBCNT_DECREASE, 4001 asoc->total_output_queue_size, 4002 tp1->book_size, 4003 0, 4004 tp1->mbcnt); 4005 if (asoc->total_output_queue_size >= tp1->book_size) { 4006 asoc->total_output_queue_size -= tp1->book_size; 4007 } else { 4008 asoc->total_output_queue_size = 0; 4009 } 4010 4011 if (stcb->sctp_socket && (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) || 4012 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)))) { 4013 if (stcb->sctp_socket->so_snd.sb_cc >= tp1->book_size) { 4014 stcb->sctp_socket->so_snd.sb_cc -= tp1->book_size; 4015 } else { 4016 stcb->sctp_socket->so_snd.sb_cc = 0; 4017 4018 } 4019 } 4020 } 4021 4022 #endif 4023 4024 int 4025 sctp_release_pr_sctp_chunk(struct sctp_tcb *stcb, struct sctp_tmit_chunk *tp1, 4026 int reason, struct sctpchunk_listhead *queue) 4027 { 4028 int ret_sz = 0; 4029 int notdone; 4030 uint8_t foundeom = 0; 4031 4032 do { 4033 ret_sz += tp1->book_size; 4034 tp1->sent = SCTP_FORWARD_TSN_SKIP; 4035 if (tp1->data) { 4036 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1); 4037 sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb, reason, tp1); 4038 sctp_m_freem(tp1->data); 4039 tp1->data = NULL; 4040 sctp_sowwakeup(stcb->sctp_ep, stcb->sctp_socket); 4041 } 4042 if (PR_SCTP_BUF_ENABLED(tp1->flags)) { 4043 stcb->asoc.sent_queue_cnt_removeable--; 4044 } 4045 if (queue == &stcb->asoc.send_queue) { 4046 TAILQ_REMOVE(&stcb->asoc.send_queue, tp1, sctp_next); 4047 /* on to the sent queue */ 4048 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, tp1, 4049 sctp_next); 4050 stcb->asoc.sent_queue_cnt++; 4051 } 4052 if ((tp1->rec.data.rcv_flags & SCTP_DATA_NOT_FRAG) == 4053 SCTP_DATA_NOT_FRAG) { 4054 /* not frag'ed we ae done */ 4055 notdone = 0; 4056 foundeom = 1; 4057 } else if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { 4058 /* end of frag, we are done */ 4059 notdone = 0; 4060 foundeom = 1; 4061 } else { 4062 /* 4063 * Its a begin or middle piece, we must mark all of 4064 * it 4065 */ 4066 notdone = 1; 4067 tp1 = TAILQ_NEXT(tp1, sctp_next); 4068 } 4069 } while (tp1 && notdone); 4070 if ((foundeom == 0) && (queue == &stcb->asoc.sent_queue)) { 4071 /* 4072 * The multi-part message was scattered across the send and 4073 * sent queue. 4074 */ 4075 tp1 = TAILQ_FIRST(&stcb->asoc.send_queue); 4076 /* 4077 * recurse throught the send_queue too, starting at the 4078 * beginning. 4079 */ 4080 if (tp1) { 4081 ret_sz += sctp_release_pr_sctp_chunk(stcb, tp1, reason, 4082 &stcb->asoc.send_queue); 4083 } else { 4084 printf("hmm, nothing on the send queue and no EOM?\n"); 4085 } 4086 } 4087 return (ret_sz); 4088 } 4089 4090 /* 4091 * checks to see if the given address, sa, is one that is currently known by 4092 * the kernel note: can't distinguish the same address on multiple interfaces 4093 * and doesn't handle multiple addresses with different zone/scope id's note: 4094 * ifa_ifwithaddr() compares the entire sockaddr struct 4095 */ 4096 struct ifaddr * 4097 sctp_find_ifa_by_addr(struct sockaddr *sa) 4098 { 4099 struct ifnet *ifn; 4100 struct ifaddr *ifa; 4101 4102 /* go through all our known interfaces */ 4103 TAILQ_FOREACH(ifn, &ifnet, if_list) { 4104 /* go through each interface addresses */ 4105 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 4106 /* correct family? */ 4107 if (ifa->ifa_addr->sa_family != sa->sa_family) 4108 continue; 4109 4110 #ifdef INET6 4111 if (ifa->ifa_addr->sa_family == AF_INET6) { 4112 /* IPv6 address */ 4113 struct sockaddr_in6 *sin1, *sin2, sin6_tmp; 4114 4115 sin1 = (struct sockaddr_in6 *)ifa->ifa_addr; 4116 if (IN6_IS_SCOPE_LINKLOCAL(&sin1->sin6_addr)) { 4117 /* create a copy and clear scope */ 4118 memcpy(&sin6_tmp, sin1, 4119 sizeof(struct sockaddr_in6)); 4120 sin1 = &sin6_tmp; 4121 in6_clearscope(&sin1->sin6_addr); 4122 } 4123 sin2 = (struct sockaddr_in6 *)sa; 4124 if (memcmp(&sin1->sin6_addr, &sin2->sin6_addr, 4125 sizeof(struct in6_addr)) == 0) { 4126 /* found it */ 4127 return (ifa); 4128 } 4129 } else 4130 #endif 4131 if (ifa->ifa_addr->sa_family == AF_INET) { 4132 /* IPv4 address */ 4133 struct sockaddr_in *sin1, *sin2; 4134 4135 sin1 = (struct sockaddr_in *)ifa->ifa_addr; 4136 sin2 = (struct sockaddr_in *)sa; 4137 if (sin1->sin_addr.s_addr == 4138 sin2->sin_addr.s_addr) { 4139 /* found it */ 4140 return (ifa); 4141 } 4142 } 4143 /* else, not AF_INET or AF_INET6, so skip */ 4144 } /* end foreach ifa */ 4145 } /* end foreach ifn */ 4146 /* not found! */ 4147 return (NULL); 4148 } 4149 4150 4151 4152 4153 4154 4155 4156 4157 static void 4158 sctp_user_rcvd(struct sctp_tcb *stcb, int *freed_so_far, int hold_rlock, 4159 uint32_t rwnd_req) 4160 { 4161 /* User pulled some data, do we need a rwnd update? */ 4162 int r_unlocked = 0; 4163 uint32_t dif, rwnd; 4164 struct socket *so = NULL; 4165 4166 if (stcb == NULL) 4167 return; 4168 4169 atomic_add_int(&stcb->asoc.refcnt, 1); 4170 4171 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 4172 /* Pre-check If we are freeing no update */ 4173 goto no_lock; 4174 } 4175 SCTP_INP_INCR_REF(stcb->sctp_ep); 4176 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 4177 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 4178 goto out; 4179 } 4180 so = stcb->sctp_socket; 4181 if (so == NULL) { 4182 goto out; 4183 } 4184 atomic_add_int(&stcb->freed_by_sorcv_sincelast, *freed_so_far); 4185 /* Have you have freed enough to look */ 4186 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4187 sctp_misc_ints(SCTP_ENTER_USER_RECV, 4188 (stcb->asoc.my_rwnd - stcb->asoc.my_last_reported_rwnd), 4189 *freed_so_far, 4190 stcb->freed_by_sorcv_sincelast, 4191 rwnd_req); 4192 #endif 4193 *freed_so_far = 0; 4194 /* Yep, its worth a look and the lock overhead */ 4195 4196 /* Figure out what the rwnd would be */ 4197 rwnd = sctp_calc_rwnd(stcb, &stcb->asoc); 4198 if (rwnd >= stcb->asoc.my_last_reported_rwnd) { 4199 dif = rwnd - stcb->asoc.my_last_reported_rwnd; 4200 } else { 4201 dif = 0; 4202 } 4203 if (dif >= rwnd_req) { 4204 if (hold_rlock) { 4205 SCTP_INP_READ_UNLOCK(stcb->sctp_ep); 4206 r_unlocked = 1; 4207 } 4208 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 4209 /* 4210 * One last check before we allow the guy possibly 4211 * to get in. There is a race, where the guy has not 4212 * reached the gate. In that case 4213 */ 4214 goto out; 4215 } 4216 SCTP_TCB_LOCK(stcb); 4217 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 4218 /* No reports here */ 4219 SCTP_TCB_UNLOCK(stcb); 4220 goto out; 4221 } 4222 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4223 sctp_misc_ints(SCTP_USER_RECV_SACKS, 4224 stcb->asoc.my_rwnd, 4225 stcb->asoc.my_last_reported_rwnd, 4226 stcb->freed_by_sorcv_sincelast, 4227 dif); 4228 #endif 4229 SCTP_STAT_INCR(sctps_wu_sacks_sent); 4230 sctp_send_sack(stcb); 4231 sctp_chunk_output(stcb->sctp_ep, stcb, 4232 SCTP_OUTPUT_FROM_USR_RCVD); 4233 /* make sure no timer is running */ 4234 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTPUTIL + SCTP_LOC_6); 4235 SCTP_TCB_UNLOCK(stcb); 4236 } else { 4237 /* Update how much we have pending */ 4238 stcb->freed_by_sorcv_sincelast = dif; 4239 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4240 sctp_misc_ints(SCTP_USER_RECV_SACKS, 4241 stcb->asoc.my_rwnd, 4242 stcb->asoc.my_last_reported_rwnd, 4243 stcb->freed_by_sorcv_sincelast, 4244 0); 4245 #endif 4246 } 4247 out: 4248 if (so && r_unlocked && hold_rlock) { 4249 SCTP_INP_READ_LOCK(stcb->sctp_ep); 4250 } 4251 SCTP_INP_DECR_REF(stcb->sctp_ep); 4252 no_lock: 4253 atomic_add_int(&stcb->asoc.refcnt, -1); 4254 return; 4255 } 4256 4257 int 4258 sctp_sorecvmsg(struct socket *so, 4259 struct uio *uio, 4260 struct mbuf **mp, 4261 struct sockaddr *from, 4262 int fromlen, 4263 int *msg_flags, 4264 struct sctp_sndrcvinfo *sinfo, 4265 int filling_sinfo) 4266 { 4267 /* 4268 * MSG flags we will look at MSG_DONTWAIT - non-blocking IO. 4269 * MSG_PEEK - Look don't touch :-D (only valid with OUT mbuf copy 4270 * mp=NULL thus uio is the copy method to userland) MSG_WAITALL - ?? 4271 * On the way out we may send out any combination of: 4272 * MSG_NOTIFICATION MSG_EOR 4273 * 4274 */ 4275 struct sctp_inpcb *inp = NULL; 4276 int my_len = 0; 4277 int cp_len = 0, error = 0; 4278 struct sctp_queued_to_read *control = NULL, *ctl = NULL, *nxt = NULL; 4279 struct mbuf *m = NULL, *embuf = NULL; 4280 struct sctp_tcb *stcb = NULL; 4281 int wakeup_read_socket = 0; 4282 int freecnt_applied = 0; 4283 int out_flags = 0, in_flags = 0; 4284 int block_allowed = 1; 4285 int freed_so_far = 0; 4286 int copied_so_far = 0; 4287 int s, in_eeor_mode = 0; 4288 int no_rcv_needed = 0; 4289 uint32_t rwnd_req = 0; 4290 int hold_sblock = 0; 4291 int hold_rlock = 0; 4292 int alen = 0, slen = 0; 4293 int held_length = 0; 4294 4295 if (msg_flags) { 4296 in_flags = *msg_flags; 4297 } else { 4298 in_flags = 0; 4299 } 4300 slen = uio->uio_resid; 4301 /* Pull in and set up our int flags */ 4302 if (in_flags & MSG_OOB) { 4303 /* Out of band's NOT supported */ 4304 return (EOPNOTSUPP); 4305 } 4306 if ((in_flags & MSG_PEEK) && (mp != NULL)) { 4307 return (EINVAL); 4308 } 4309 if ((in_flags & (MSG_DONTWAIT 4310 | MSG_NBIO 4311 )) || 4312 (so->so_state & SS_NBIO)) { 4313 block_allowed = 0; 4314 } 4315 /* setup the endpoint */ 4316 inp = (struct sctp_inpcb *)so->so_pcb; 4317 if (inp == NULL) { 4318 return (EFAULT); 4319 } 4320 s = splnet(); 4321 rwnd_req = (so->so_rcv.sb_hiwat >> SCTP_RWND_HIWAT_SHIFT); 4322 /* Must be at least a MTU's worth */ 4323 if (rwnd_req < SCTP_MIN_RWND) 4324 rwnd_req = SCTP_MIN_RWND; 4325 in_eeor_mode = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR); 4326 #ifdef SCTP_RECV_RWND_LOGGING 4327 sctp_misc_ints(SCTP_SORECV_ENTER, 4328 rwnd_req, in_eeor_mode, so->so_rcv.sb_cc, uio->uio_resid); 4329 #endif 4330 SOCKBUF_LOCK(&so->so_rcv); 4331 hold_sblock = 1; 4332 #ifdef SCTP_RECV_RWND_LOGGING 4333 sctp_misc_ints(SCTP_SORECV_ENTERPL, 4334 rwnd_req, block_allowed, so->so_rcv.sb_cc, uio->uio_resid); 4335 #endif 4336 4337 4338 error = sblock(&so->so_rcv, (block_allowed ? M_WAITOK : 0)); 4339 if (error) { 4340 goto release_unlocked; 4341 } 4342 restart: 4343 if (hold_sblock == 0) { 4344 SOCKBUF_LOCK(&so->so_rcv); 4345 hold_sblock = 1; 4346 } 4347 sbunlock(&so->so_rcv); 4348 4349 restart_nosblocks: 4350 if (hold_sblock == 0) { 4351 SOCKBUF_LOCK(&so->so_rcv); 4352 hold_sblock = 1; 4353 } 4354 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 4355 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 4356 goto out; 4357 } 4358 if (so->so_error || so->so_rcv.sb_state & SBS_CANTRCVMORE) { 4359 if (so->so_error) { 4360 error = so->so_error; 4361 } else { 4362 error = ENOTCONN; 4363 } 4364 goto out; 4365 } 4366 if ((so->so_rcv.sb_cc <= held_length) && block_allowed) { 4367 /* we need to wait for data */ 4368 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4369 sctp_misc_ints(SCTP_SORECV_BLOCKSA, 4370 0, 0, so->so_rcv.sb_cc, uio->uio_resid); 4371 #endif 4372 if ((so->so_rcv.sb_cc == 0) && 4373 ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 4374 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL))) { 4375 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0) { 4376 /* 4377 * For active open side clear flags for 4378 * re-use passive open is blocked by 4379 * connect. 4380 */ 4381 if (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED) { 4382 /* 4383 * You were aborted, passive side 4384 * always hits here 4385 */ 4386 error = ECONNRESET; 4387 /* 4388 * You get this once if you are 4389 * active open side 4390 */ 4391 if (!(inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 4392 /* 4393 * Remove flag if on the 4394 * active open side 4395 */ 4396 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAS_ABORTED; 4397 } 4398 } 4399 so->so_state &= ~(SS_ISCONNECTING | 4400 SS_ISDISCONNECTING | 4401 SS_ISCONFIRMING | 4402 SS_ISCONNECTED); 4403 if (error == 0) { 4404 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) == 0) { 4405 error = ENOTCONN; 4406 } else { 4407 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAS_CONNECTED; 4408 } 4409 } 4410 goto out; 4411 } 4412 } 4413 error = sbwait(&so->so_rcv); 4414 if (error) { 4415 goto out; 4416 } 4417 held_length = 0; 4418 goto restart_nosblocks; 4419 } else if (so->so_rcv.sb_cc == 0) { 4420 error = EWOULDBLOCK; 4421 goto out; 4422 } 4423 error = sblock(&so->so_rcv, (block_allowed ? M_WAITOK : 0)); 4424 /* we possibly have data we can read */ 4425 control = TAILQ_FIRST(&inp->read_queue); 4426 if (control == NULL) { 4427 /* 4428 * This could be happening since the appender did the 4429 * increment but as not yet did the tailq insert onto the 4430 * read_queue 4431 */ 4432 if (hold_rlock == 0) { 4433 SCTP_INP_READ_LOCK(inp); 4434 hold_rlock = 1; 4435 } 4436 control = TAILQ_FIRST(&inp->read_queue); 4437 if ((control == NULL) && (so->so_rcv.sb_cc != 0)) { 4438 #ifdef INVARIANTS 4439 panic("Huh, its non zero and nothing on control?"); 4440 #endif 4441 so->so_rcv.sb_cc = 0; 4442 } 4443 SCTP_INP_READ_UNLOCK(inp); 4444 hold_rlock = 0; 4445 goto restart; 4446 } 4447 if ((control->length == 0) && 4448 (control->do_not_ref_stcb)) { 4449 /* 4450 * Clean up code for freeing assoc that left behind a 4451 * pdapi.. maybe a peer in EEOR that just closed after 4452 * sending and never indicated a EOR. 4453 */ 4454 if (hold_rlock == 0) { 4455 hold_rlock = 1; 4456 SCTP_INP_READ_LOCK(inp); 4457 } 4458 control->held_length = 0; 4459 if (control->data) { 4460 /* Hmm there is data here .. fix */ 4461 struct mbuf *m; 4462 int cnt = 0; 4463 4464 m = control->data; 4465 while (m) { 4466 cnt += m->m_len; 4467 if (m->m_next == NULL) { 4468 control->tail_mbuf = m; 4469 m->m_flags |= M_EOR; 4470 control->end_added = 1; 4471 } 4472 m = m->m_next; 4473 } 4474 control->length = cnt; 4475 } else { 4476 /* remove it */ 4477 TAILQ_REMOVE(&inp->read_queue, control, next); 4478 /* Add back any hiddend data */ 4479 sctp_free_remote_addr(control->whoFrom); 4480 sctp_free_a_readq(stcb, control); 4481 } 4482 if (hold_rlock) { 4483 hold_rlock = 0; 4484 SCTP_INP_READ_UNLOCK(inp); 4485 } 4486 goto restart; 4487 } 4488 if (control->length == 0) { 4489 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE)) && 4490 (filling_sinfo)) { 4491 /* find a more suitable one then this */ 4492 ctl = TAILQ_NEXT(control, next); 4493 while (ctl) { 4494 if ((ctl->stcb != control->stcb) && (ctl->length)) { 4495 /* found one */ 4496 control = ctl; 4497 goto found_one; 4498 } 4499 ctl = TAILQ_NEXT(ctl, next); 4500 } 4501 } 4502 /* 4503 * if we reach here, not suitable replacement is available 4504 * <or> fragment interleave is NOT on. So stuff the sb_cc 4505 * into the our held count, and its time to sleep again. 4506 */ 4507 held_length = so->so_rcv.sb_cc; 4508 control->held_length = so->so_rcv.sb_cc; 4509 goto restart; 4510 } 4511 /* Clear the held length since there is something to read */ 4512 control->held_length = 0; 4513 if (hold_rlock) { 4514 SCTP_INP_READ_UNLOCK(inp); 4515 hold_rlock = 0; 4516 } 4517 found_one: 4518 /* 4519 * If we reach here, control has a some data for us to read off. 4520 * Note that stcb COULD be NULL. 4521 */ 4522 if (hold_sblock) { 4523 SOCKBUF_UNLOCK(&so->so_rcv); 4524 hold_sblock = 0; 4525 } 4526 stcb = control->stcb; 4527 if (stcb) { 4528 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) && 4529 (control->do_not_ref_stcb == 0)) { 4530 if (freecnt_applied == 0) 4531 stcb = NULL; 4532 } else if (control->do_not_ref_stcb == 0) { 4533 /* you can't free it on me please */ 4534 /* 4535 * The lock on the socket buffer protects us so the 4536 * free code will stop. But since we used the 4537 * socketbuf lock and the sender uses the tcb_lock 4538 * to increment, we need to use the atomic add to 4539 * the refcnt 4540 */ 4541 atomic_add_int(&stcb->asoc.refcnt, 1); 4542 freecnt_applied = 1; 4543 /* 4544 * Setup to remember how much we have not yet told 4545 * the peer our rwnd has opened up. Note we grab the 4546 * value from the tcb from last time. Note too that 4547 * sack sending clears this when a sack is sent.. 4548 * which is fine. Once we hit the rwnd_req, we then 4549 * will go to the sctp_user_rcvd() that will not 4550 * lock until it KNOWs it MUST send a WUP-SACK. 4551 * 4552 */ 4553 freed_so_far = stcb->freed_by_sorcv_sincelast; 4554 stcb->freed_by_sorcv_sincelast = 0; 4555 } 4556 } 4557 /* First lets get off the sinfo and sockaddr info */ 4558 if ((sinfo) && filling_sinfo) { 4559 memcpy(sinfo, control, sizeof(struct sctp_nonpad_sndrcvinfo)); 4560 nxt = TAILQ_NEXT(control, next); 4561 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO)) { 4562 struct sctp_extrcvinfo *s_extra; 4563 4564 s_extra = (struct sctp_extrcvinfo *)sinfo; 4565 if (nxt) { 4566 s_extra->next_flags = SCTP_NEXT_MSG_AVAIL; 4567 if (nxt->sinfo_flags & SCTP_UNORDERED) { 4568 s_extra->next_flags |= SCTP_NEXT_MSG_IS_UNORDERED; 4569 } 4570 s_extra->next_asocid = nxt->sinfo_assoc_id; 4571 s_extra->next_length = nxt->length; 4572 s_extra->next_ppid = nxt->sinfo_ppid; 4573 s_extra->next_stream = nxt->sinfo_stream; 4574 if (nxt->tail_mbuf != NULL) { 4575 if (nxt->tail_mbuf->m_flags & M_EOR) { 4576 s_extra->next_flags |= SCTP_NEXT_MSG_ISCOMPLETE; 4577 } 4578 } 4579 } else { 4580 /* 4581 * we explicitly 0 this, since the memcpy 4582 * got some other things beyond the older 4583 * sinfo_ that is on the control's structure 4584 * :-D 4585 */ 4586 s_extra->next_flags = SCTP_NO_NEXT_MSG; 4587 s_extra->next_asocid = 0; 4588 s_extra->next_length = 0; 4589 s_extra->next_ppid = 0; 4590 s_extra->next_stream = 0; 4591 } 4592 } 4593 /* 4594 * update off the real current cum-ack, if we have an stcb. 4595 */ 4596 if (stcb) 4597 sinfo->sinfo_cumtsn = stcb->asoc.cumulative_tsn; 4598 /* 4599 * mask off the high bits, we keep the actual chunk bits in 4600 * there. 4601 */ 4602 sinfo->sinfo_flags &= 0x00ff; 4603 } 4604 if (fromlen && from) { 4605 struct sockaddr *to; 4606 4607 #ifdef AF_INET 4608 cp_len = min(fromlen, control->whoFrom->ro._l_addr.sin.sin_len); 4609 memcpy(from, &control->whoFrom->ro._l_addr, cp_len); 4610 ((struct sockaddr_in *)from)->sin_port = control->port_from; 4611 #else 4612 /* No AF_INET use AF_INET6 */ 4613 cp_len = min(fromlen, control->whoFrom->ro._l_addr.sin6.sin6_len); 4614 memcpy(from, &control->whoFrom->ro._l_addr, cp_len); 4615 ((struct sockaddr_in6 *)from)->sin6_port = control->port_from; 4616 #endif 4617 4618 to = from; 4619 #if defined(AF_INET) && defined(AF_INET6) 4620 if ((inp->sctp_flags & SCTP_PCB_FLAGS_NEEDS_MAPPED_V4) && 4621 (to->sa_family == AF_INET) && 4622 ((size_t)fromlen >= sizeof(struct sockaddr_in6))) { 4623 struct sockaddr_in *sin; 4624 struct sockaddr_in6 sin6; 4625 4626 sin = (struct sockaddr_in *)to; 4627 bzero(&sin6, sizeof(sin6)); 4628 sin6.sin6_family = AF_INET6; 4629 sin6.sin6_len = sizeof(struct sockaddr_in6); 4630 sin6.sin6_addr.s6_addr16[2] = 0xffff; 4631 bcopy(&sin->sin_addr, 4632 &sin6.sin6_addr.s6_addr16[3], 4633 sizeof(sin6.sin6_addr.s6_addr16[3])); 4634 sin6.sin6_port = sin->sin_port; 4635 memcpy(from, (caddr_t)&sin6, sizeof(sin6)); 4636 } 4637 #endif 4638 #if defined(AF_INET6) 4639 { 4640 struct sockaddr_in6 lsa6, *to6; 4641 4642 to6 = (struct sockaddr_in6 *)to; 4643 sctp_recover_scope_mac(to6, (&lsa6)); 4644 4645 } 4646 #endif 4647 } 4648 /* now copy out what data we can */ 4649 if (mp == NULL) { 4650 /* copy out each mbuf in the chain up to length */ 4651 get_more_data: 4652 m = control->data; 4653 while (m) { 4654 /* Move out all we can */ 4655 cp_len = (int)uio->uio_resid; 4656 my_len = (int)m->m_len; 4657 if (cp_len > my_len) { 4658 /* not enough in this buf */ 4659 cp_len = my_len; 4660 } 4661 if (hold_rlock) { 4662 SCTP_INP_READ_UNLOCK(inp); 4663 hold_rlock = 0; 4664 } 4665 splx(s); 4666 if (cp_len > 0) 4667 error = uiomove(mtod(m, char *), cp_len, uio); 4668 s = splnet(); 4669 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4670 sctp_misc_ints(SCTP_SORCV_DOESCPY, 4671 so->so_rcv.sb_cc, 4672 cp_len, 4673 0, 4674 0); 4675 #endif 4676 /* re-read */ 4677 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 4678 goto release; 4679 } 4680 if (stcb && 4681 stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 4682 no_rcv_needed = 1; 4683 } 4684 if (error) { 4685 /* error we are out of here */ 4686 goto release; 4687 } 4688 if ((m->m_next == NULL) && 4689 (cp_len >= m->m_len) && 4690 ((control->end_added == 0) || 4691 (control->end_added && (TAILQ_NEXT(control, next) == NULL))) 4692 ) { 4693 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4694 sctp_misc_ints(SCTP_SORCV_DOESLCK, 4695 so->so_rcv.sb_cc, 4696 cp_len, 4697 m->m_len, 4698 control->length); 4699 #endif 4700 SCTP_INP_READ_LOCK(inp); 4701 hold_rlock = 1; 4702 } 4703 if (cp_len == m->m_len) { 4704 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4705 sctp_misc_ints(SCTP_SORCV_DOESADJ, 4706 so->so_rcv.sb_cc, 4707 control->length, 4708 cp_len, 4709 0); 4710 #endif 4711 if (m->m_flags & M_EOR) { 4712 out_flags |= MSG_EOR; 4713 } 4714 if (m->m_flags & M_NOTIFICATION) { 4715 out_flags |= MSG_NOTIFICATION; 4716 } 4717 /* we ate up the mbuf */ 4718 if (in_flags & MSG_PEEK) { 4719 /* just looking */ 4720 m = m->m_next; 4721 copied_so_far += cp_len; 4722 } else { 4723 /* dispose of the mbuf */ 4724 #ifdef SCTP_SB_LOGGING 4725 sctp_sblog(&so->so_rcv, 4726 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, m->m_len); 4727 #endif 4728 sctp_sbfree(control, stcb, &so->so_rcv, m); 4729 #ifdef SCTP_SB_LOGGING 4730 sctp_sblog(&so->so_rcv, 4731 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4732 #endif 4733 embuf = m; 4734 copied_so_far += cp_len; 4735 freed_so_far += cp_len; 4736 alen = atomic_fetchadd_int(&control->length, -(cp_len)); 4737 if (alen < cp_len) { 4738 panic("Control length goes negative?"); 4739 } 4740 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4741 sctp_misc_ints(SCTP_SORCV_PASSBF, 4742 so->so_rcv.sb_cc, 4743 control->length, 4744 0, 4745 0); 4746 #endif 4747 control->data = sctp_m_free(m); 4748 m = control->data; 4749 /* 4750 * been through it all, must hold sb 4751 * lock ok to null tail 4752 */ 4753 if (control->data == NULL) { 4754 #ifdef INVARIANTS 4755 if ((control->end_added == 0) || 4756 (TAILQ_NEXT(control, next) == NULL)) { 4757 /* 4758 * If the end is not 4759 * added, OR the 4760 * next is NOT null 4761 * we MUST have the 4762 * lock. 4763 */ 4764 if (mtx_owned(&inp->inp_rdata_mtx) == 0) { 4765 panic("Hmm we don't own the lock?"); 4766 } 4767 } 4768 #endif 4769 control->tail_mbuf = NULL; 4770 #ifdef INVARIANTS 4771 if ((control->end_added) && ((out_flags & MSG_EOR) == 0)) { 4772 panic("end_added, nothing left and no MSG_EOR"); 4773 } 4774 #endif 4775 } 4776 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4777 sctp_misc_ints(SCTP_SORCV_ADJD, 4778 so->so_rcv.sb_cc, 4779 control->length, 4780 0, 4781 0); 4782 #endif 4783 } 4784 } else { 4785 /* Do we need to trim the mbuf? */ 4786 if (m->m_flags & M_NOTIFICATION) { 4787 out_flags |= MSG_NOTIFICATION; 4788 } 4789 if ((in_flags & MSG_PEEK) == 0) { 4790 if (out_flags & MSG_NOTIFICATION) { 4791 /* 4792 * remark this one with the 4793 * notify flag, they read 4794 * only part of the 4795 * notification. 4796 */ 4797 m->m_flags |= M_NOTIFICATION; 4798 } 4799 m->m_data += cp_len; 4800 m->m_len -= cp_len; 4801 #ifdef SCTP_SB_LOGGING 4802 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, cp_len); 4803 #endif 4804 atomic_subtract_int(&so->so_rcv.sb_cc, cp_len); 4805 if (stcb) { 4806 atomic_subtract_int(&stcb->asoc.sb_cc, cp_len); 4807 } 4808 copied_so_far += cp_len; 4809 embuf = m; 4810 freed_so_far += cp_len; 4811 #ifdef SCTP_SB_LOGGING 4812 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, 4813 SCTP_LOG_SBRESULT, 0); 4814 #endif 4815 alen = atomic_fetchadd_int(&control->length, -(cp_len)); 4816 if (alen < cp_len) { 4817 panic("Control length goes negative2?"); 4818 } 4819 } else { 4820 copied_so_far += cp_len; 4821 } 4822 } 4823 if ((out_flags & MSG_EOR) || 4824 (uio->uio_resid == 0) 4825 ) { 4826 break; 4827 } 4828 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 4829 (control->do_not_ref_stcb == 0) && 4830 (freed_so_far >= rwnd_req)) { 4831 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 4832 } 4833 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4834 sctp_misc_ints(SCTP_SORCV_BOTWHILE, 4835 so->so_rcv.sb_cc, 4836 control->length, 4837 0, 4838 0); 4839 #endif 4840 4841 } /* end while(m) */ 4842 /* 4843 * At this point we have looked at it all and we either have 4844 * a MSG_EOR/or read all the user wants... <OR> 4845 * control->length == 0. 4846 */ 4847 if ((out_flags & MSG_EOR) && 4848 ((in_flags & MSG_PEEK) == 0)) { 4849 /* we are done with this control */ 4850 if (control->length == 0) { 4851 if (control->data) { 4852 #ifdef INVARIANTS 4853 panic("control->data not null at read eor?"); 4854 #else 4855 printf("Strange, data left in the control buffer .. invarients would panic?\n"); 4856 sctp_m_freem(control->data); 4857 control->data = NULL; 4858 #endif 4859 } 4860 done_with_control: 4861 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4862 sctp_misc_ints(SCTP_SORCV_FREECTL, 4863 so->so_rcv.sb_cc, 4864 0, 4865 0, 4866 0); 4867 #endif 4868 if (TAILQ_NEXT(control, next) == NULL) { 4869 /* 4870 * If we don't have a next we need a 4871 * lock, if there is a next interupt 4872 * is filling ahead of us and we 4873 * don't need a lock to remove this 4874 * guy (which is the head of the 4875 * queue). 4876 */ 4877 if (hold_rlock == 0) { 4878 SCTP_INP_READ_LOCK(inp); 4879 hold_rlock = 1; 4880 } 4881 } 4882 TAILQ_REMOVE(&inp->read_queue, control, next); 4883 /* Add back any hiddend data */ 4884 if (control->held_length) { 4885 held_length = 0; 4886 control->held_length = 0; 4887 wakeup_read_socket = 1; 4888 } 4889 no_rcv_needed = control->do_not_ref_stcb; 4890 sctp_free_remote_addr(control->whoFrom); 4891 control->data = NULL; 4892 sctp_free_a_readq(stcb, control); 4893 control = NULL; 4894 if ((freed_so_far >= rwnd_req) && (no_rcv_needed == 0)) 4895 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 4896 4897 } else { 4898 /* 4899 * The user did not read all of this 4900 * message, turn off the returned MSG_EOR 4901 * since we are leaving more behind on the 4902 * control to read. 4903 */ 4904 #ifdef INVARIANTS 4905 if (control->end_added && (control->data == NULL) && 4906 (control->tail_mbuf == NULL)) { 4907 panic("Gak, control->length is corrupt?"); 4908 } 4909 #endif 4910 no_rcv_needed = control->do_not_ref_stcb; 4911 out_flags &= ~MSG_EOR; 4912 } 4913 } 4914 if (out_flags & MSG_EOR) { 4915 goto release; 4916 } 4917 if ((uio->uio_resid == 0) || 4918 ((in_eeor_mode) && (copied_so_far >= max(so->so_rcv.sb_lowat, 1))) 4919 ) { 4920 goto release; 4921 } 4922 /* 4923 * If I hit here the receiver wants more and this message is 4924 * NOT done (pd-api). So two questions. Can we block? if not 4925 * we are done. Did the user NOT set MSG_WAITALL? 4926 */ 4927 if (block_allowed == 0) { 4928 goto release; 4929 } 4930 /* 4931 * We need to wait for more data a few things: - We don't 4932 * sbunlock() so we don't get someone else reading. - We 4933 * must be sure to account for the case where what is added 4934 * is NOT to our control when we wakeup. 4935 */ 4936 4937 /* 4938 * Do we need to tell the transport a rwnd update might be 4939 * needed before we go to sleep? 4940 */ 4941 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 4942 ((freed_so_far >= rwnd_req) && 4943 (control->do_not_ref_stcb == 0) && 4944 (no_rcv_needed == 0))) { 4945 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 4946 } 4947 wait_some_more: 4948 if (so->so_error || so->so_rcv.sb_state & SBS_CANTRCVMORE) { 4949 goto release; 4950 } 4951 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) 4952 goto release; 4953 4954 if (hold_rlock == 1) { 4955 SCTP_INP_READ_UNLOCK(inp); 4956 hold_rlock = 0; 4957 } 4958 if (hold_sblock == 0) { 4959 SOCKBUF_LOCK(&so->so_rcv); 4960 hold_sblock = 1; 4961 } 4962 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4963 if (stcb) 4964 sctp_misc_ints(SCTP_SORECV_BLOCKSB, 4965 freed_so_far, 4966 stcb->asoc.my_rwnd, 4967 so->so_rcv.sb_cc, 4968 uio->uio_resid); 4969 else 4970 sctp_misc_ints(SCTP_SORECV_BLOCKSB, 4971 freed_so_far, 4972 0, 4973 so->so_rcv.sb_cc, 4974 uio->uio_resid); 4975 #endif 4976 if (so->so_rcv.sb_cc <= control->held_length) { 4977 error = sbwait(&so->so_rcv); 4978 if (error) { 4979 goto release; 4980 } 4981 control->held_length = 0; 4982 } 4983 if (hold_sblock) { 4984 SOCKBUF_UNLOCK(&so->so_rcv); 4985 hold_sblock = 0; 4986 } 4987 if (control->length == 0) { 4988 /* still nothing here */ 4989 if (control->end_added == 1) { 4990 /* he aborted, or is done i.e.did a shutdown */ 4991 out_flags |= MSG_EOR; 4992 if (control->pdapi_aborted) 4993 out_flags |= MSG_TRUNC; 4994 goto done_with_control; 4995 } 4996 if (so->so_rcv.sb_cc > held_length) { 4997 control->held_length = so->so_rcv.sb_cc; 4998 held_length = 0; 4999 } 5000 goto wait_some_more; 5001 } else if (control->data == NULL) { 5002 /* 5003 * we must re-sync since data is probably being 5004 * added 5005 */ 5006 SCTP_INP_READ_LOCK(inp); 5007 if ((control->length > 0) && (control->data == NULL)) { 5008 /* 5009 * big trouble.. we have the lock and its 5010 * corrupt? 5011 */ 5012 panic("Impossible data==NULL length !=0"); 5013 } 5014 SCTP_INP_READ_UNLOCK(inp); 5015 /* We will fall around to get more data */ 5016 } 5017 goto get_more_data; 5018 } else { 5019 /* copy out the mbuf chain */ 5020 get_more_data2: 5021 /* 5022 * Do we have a uio, I doubt it if so we grab the size from 5023 * it, if not you get it all 5024 */ 5025 if (uio) 5026 cp_len = uio->uio_resid; 5027 else 5028 cp_len = control->length; 5029 5030 if ((uint32_t) cp_len >= control->length) { 5031 /* easy way */ 5032 if ((control->end_added == 0) || 5033 (TAILQ_NEXT(control, next) == NULL)) { 5034 /* Need to get rlock */ 5035 if (hold_rlock == 0) { 5036 SCTP_INP_READ_LOCK(inp); 5037 hold_rlock = 1; 5038 } 5039 } 5040 if (control->tail_mbuf->m_flags & M_EOR) { 5041 out_flags |= MSG_EOR; 5042 } 5043 if (control->data->m_flags & M_NOTIFICATION) { 5044 out_flags |= MSG_NOTIFICATION; 5045 } 5046 if (uio) 5047 uio->uio_resid -= control->length; 5048 *mp = control->data; 5049 m = control->data; 5050 while (m) { 5051 #ifdef SCTP_SB_LOGGING 5052 sctp_sblog(&so->so_rcv, 5053 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, m->m_len); 5054 #endif 5055 sctp_sbfree(control, stcb, &so->so_rcv, m); 5056 freed_so_far += m->m_len; 5057 #ifdef SCTP_SB_LOGGING 5058 sctp_sblog(&so->so_rcv, 5059 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 5060 #endif 5061 m = m->m_next; 5062 } 5063 control->data = control->tail_mbuf = NULL; 5064 control->length = 0; 5065 if (out_flags & MSG_EOR) { 5066 /* Done with this control */ 5067 goto done_with_control; 5068 } 5069 /* still more to do with this conntrol */ 5070 /* do we really support msg_waitall here? */ 5071 if ((block_allowed == 0) || 5072 ((in_flags & MSG_WAITALL) == 0)) { 5073 goto release; 5074 } 5075 wait_some_more2: 5076 if (so->so_error || so->so_rcv.sb_state & SBS_CANTRCVMORE) 5077 goto release; 5078 if (hold_rlock == 1) { 5079 SCTP_INP_READ_UNLOCK(inp); 5080 hold_rlock = 0; 5081 } 5082 if (hold_sblock == 0) { 5083 SOCKBUF_LOCK(&so->so_rcv); 5084 hold_sblock = 1; 5085 } 5086 if (so->so_rcv.sb_cc <= control->held_length) { 5087 error = sbwait(&so->so_rcv); 5088 if (error) { 5089 goto release; 5090 } 5091 } 5092 if (hold_sblock) { 5093 SOCKBUF_UNLOCK(&so->so_rcv); 5094 hold_sblock = 0; 5095 } 5096 if (control->length == 0) { 5097 /* still nothing here */ 5098 if (control->end_added == 1) { 5099 /* 5100 * he aborted, or is done i.e. 5101 * shutdown 5102 */ 5103 out_flags |= MSG_EOR; 5104 if (control->pdapi_aborted) 5105 out_flags |= MSG_TRUNC; 5106 goto done_with_control; 5107 } 5108 if (so->so_rcv.sb_cc > held_length) { 5109 control->held_length = so->so_rcv.sb_cc; 5110 /* 5111 * We don't use held_length while 5112 * getting a message 5113 */ 5114 held_length = 0; 5115 } 5116 goto wait_some_more2; 5117 } 5118 goto get_more_data2; 5119 } else { 5120 /* hard way mbuf by mbuf */ 5121 m = control->data; 5122 if (control->end_added == 0) { 5123 /* need the rlock */ 5124 if (hold_rlock == 0) { 5125 SCTP_INP_READ_LOCK(inp); 5126 hold_rlock = 1; 5127 } 5128 } 5129 if (m->m_flags & M_NOTIFICATION) { 5130 out_flags |= MSG_NOTIFICATION; 5131 } 5132 while ((m) && (cp_len > 0)) { 5133 if (cp_len >= m->m_len) { 5134 *mp = m; 5135 atomic_subtract_int(&control->length, m->m_len); 5136 if (uio) 5137 uio->uio_resid -= m->m_len; 5138 cp_len -= m->m_len; 5139 control->data = m->m_next; 5140 m->m_next = NULL; 5141 #ifdef SCTP_SB_LOGGING 5142 sctp_sblog(&so->so_rcv, 5143 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, m->m_len); 5144 #endif 5145 sctp_sbfree(control, stcb, &so->so_rcv, m); 5146 freed_so_far += m->m_len; 5147 #ifdef SCTP_SB_LOGGING 5148 sctp_sblog(&so->so_rcv, 5149 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 5150 #endif 5151 mp = &m->m_next; 5152 m = control->data; 5153 } else { 5154 /* 5155 * got all he wants and its part of 5156 * this mbuf only. 5157 */ 5158 if (uio) 5159 uio->uio_resid -= m->m_len; 5160 cp_len -= m->m_len; 5161 if (hold_rlock) { 5162 SCTP_INP_READ_UNLOCK(inp); 5163 hold_rlock = 0; 5164 } 5165 if (hold_sblock) { 5166 SOCKBUF_UNLOCK(&so->so_rcv); 5167 hold_sblock = 0; 5168 } 5169 splx(s); 5170 *mp = sctp_m_copym(m, 0, cp_len, 5171 M_TRYWAIT 5172 ); 5173 s = splnet(); 5174 #ifdef SCTP_LOCK_LOGGING 5175 sctp_log_lock(inp, stcb, SCTP_LOG_LOCK_SOCKBUF_R); 5176 #endif 5177 if (hold_sblock == 0) { 5178 SOCKBUF_LOCK(&so->so_rcv); 5179 hold_sblock = 1; 5180 } 5181 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) 5182 goto release; 5183 5184 if (stcb && 5185 stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5186 no_rcv_needed = 1; 5187 } 5188 m->m_data += cp_len; 5189 m->m_len -= cp_len; 5190 #ifdef SCTP_SB_LOGGING 5191 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, cp_len); 5192 #endif 5193 freed_so_far += cp_len; 5194 atomic_subtract_int(&so->so_rcv.sb_cc, cp_len); 5195 if (stcb) { 5196 atomic_subtract_int(&stcb->asoc.sb_cc, cp_len); 5197 if ((freed_so_far >= rwnd_req) && 5198 (control->do_not_ref_stcb == 0) && 5199 (no_rcv_needed == 0)) 5200 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5201 } 5202 #ifdef SCTP_SB_LOGGING 5203 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, 5204 SCTP_LOG_SBRESULT, 0); 5205 #endif 5206 if (out_flags & MSG_NOTIFICATION) { 5207 /* 5208 * remark the first mbuf if 5209 * they took a partial read. 5210 */ 5211 control->data->m_flags |= M_NOTIFICATION; 5212 } 5213 goto release; 5214 } 5215 } 5216 } 5217 } 5218 release: 5219 if (hold_rlock == 1) { 5220 SCTP_INP_READ_UNLOCK(inp); 5221 hold_rlock = 0; 5222 } 5223 if (hold_sblock == 0) { 5224 SOCKBUF_LOCK(&so->so_rcv); 5225 hold_sblock = 1; 5226 } 5227 sbunlock(&so->so_rcv); 5228 5229 release_unlocked: 5230 if (hold_sblock) { 5231 SOCKBUF_UNLOCK(&so->so_rcv); 5232 hold_sblock = 0; 5233 } 5234 if ((stcb) && (in_flags & MSG_PEEK) == 0) { 5235 if ((freed_so_far >= rwnd_req) && 5236 (control && (control->do_not_ref_stcb == 0)) && 5237 (no_rcv_needed == 0)) 5238 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5239 } 5240 if (msg_flags) 5241 *msg_flags |= out_flags; 5242 out: 5243 if (hold_rlock == 1) { 5244 SCTP_INP_READ_UNLOCK(inp); 5245 hold_rlock = 0; 5246 } 5247 if (hold_sblock) { 5248 SOCKBUF_UNLOCK(&so->so_rcv); 5249 hold_sblock = 0; 5250 } 5251 if (freecnt_applied) { 5252 /* 5253 * The lock on the socket buffer protects us so the free 5254 * code will stop. But since we used the socketbuf lock and 5255 * the sender uses the tcb_lock to increment, we need to use 5256 * the atomic add to the refcnt. 5257 */ 5258 if (stcb == NULL) { 5259 panic("stcb for refcnt has gone NULL?"); 5260 } 5261 atomic_add_int(&stcb->asoc.refcnt, -1); 5262 freecnt_applied = 0; 5263 /* Save the value back for next time */ 5264 stcb->freed_by_sorcv_sincelast = freed_so_far; 5265 } 5266 splx(s); 5267 #ifdef SCTP_RECV_RWND_LOGGING 5268 if (stcb) { 5269 sctp_misc_ints(SCTP_SORECV_DONE, 5270 freed_so_far, 5271 ((uio) ? (slen - uio->uio_resid) : slen), 5272 stcb->asoc.my_rwnd, 5273 so->so_rcv.sb_cc); 5274 } else { 5275 sctp_misc_ints(SCTP_SORECV_DONE, 5276 freed_so_far, 5277 ((uio) ? (slen - uio->uio_resid) : slen), 5278 0, 5279 so->so_rcv.sb_cc); 5280 } 5281 #endif 5282 if (wakeup_read_socket) { 5283 sctp_sorwakeup(inp, so); 5284 } 5285 return (error); 5286 } 5287 5288 5289 #ifdef SCTP_MBUF_LOGGING 5290 struct mbuf * 5291 sctp_m_free(struct mbuf *m) 5292 { 5293 if (m->m_flags & M_EXT) { 5294 sctp_log_mb(m, SCTP_MBUF_IFREE); 5295 } 5296 return (m_free(m)); 5297 } 5298 5299 void 5300 sctp_m_freem(struct mbuf *mb) 5301 { 5302 while (mb != NULL) 5303 mb = sctp_m_free(mb); 5304 } 5305 5306 #endif 5307 5308 5309 int 5310 sctp_soreceive(so, psa, uio, mp0, controlp, flagsp) 5311 struct socket *so; 5312 struct sockaddr **psa; 5313 struct uio *uio; 5314 struct mbuf **mp0; 5315 struct mbuf **controlp; 5316 int *flagsp; 5317 { 5318 int error, fromlen; 5319 uint8_t sockbuf[256]; 5320 struct sockaddr *from; 5321 struct sctp_extrcvinfo sinfo; 5322 int filling_sinfo = 1; 5323 struct sctp_inpcb *inp; 5324 5325 inp = (struct sctp_inpcb *)so->so_pcb; 5326 /* pickup the assoc we are reading from */ 5327 if (inp == NULL) { 5328 return (EINVAL); 5329 } 5330 if ((sctp_is_feature_off(inp, 5331 SCTP_PCB_FLAGS_RECVDATAIOEVNT)) || 5332 (controlp == NULL)) { 5333 /* user does not want the sndrcv ctl */ 5334 filling_sinfo = 0; 5335 } 5336 if (psa) { 5337 from = (struct sockaddr *)sockbuf; 5338 fromlen = sizeof(sockbuf); 5339 from->sa_len = 0; 5340 } else { 5341 from = NULL; 5342 fromlen = 0; 5343 } 5344 5345 error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, flagsp, 5346 (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo); 5347 if ((controlp) && (filling_sinfo)) { 5348 /* copy back the sinfo in a CMSG format */ 5349 if (filling_sinfo) 5350 *controlp = sctp_build_ctl_nchunk(inp, 5351 (struct sctp_sndrcvinfo *)&sinfo); 5352 else 5353 *controlp = NULL; 5354 } 5355 if (psa) { 5356 /* copy back the address info */ 5357 if (from && from->sa_len) { 5358 *psa = sodupsockaddr(from, M_NOWAIT); 5359 } else { 5360 *psa = NULL; 5361 } 5362 } 5363 return (error); 5364 } 5365