1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * a) Redistributions of source code must retain the above copyright notice, 12 * this list of conditions and the following disclaimer. 13 * 14 * b) Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the distribution. 17 * 18 * c) Neither the name of Cisco Systems, Inc. nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 32 * THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include <sys/cdefs.h> 36 __FBSDID("$FreeBSD$"); 37 38 #include <netinet/sctp_os.h> 39 #include <netinet/sctp_pcb.h> 40 #include <netinet/sctputil.h> 41 #include <netinet/sctp_var.h> 42 #include <netinet/sctp_sysctl.h> 43 #ifdef INET6 44 #include <netinet6/sctp6_var.h> 45 #endif 46 #include <netinet/sctp_header.h> 47 #include <netinet/sctp_output.h> 48 #include <netinet/sctp_uio.h> 49 #include <netinet/sctp_timer.h> 50 #include <netinet/sctp_indata.h> 51 #include <netinet/sctp_auth.h> 52 #include <netinet/sctp_asconf.h> 53 #include <netinet/sctp_bsd_addr.h> 54 #include <netinet/sctp_kdtrace.h> 55 #if defined(INET6) || defined(INET) 56 #include <netinet/tcp_var.h> 57 #endif 58 #include <netinet/udp.h> 59 #include <netinet/udp_var.h> 60 #include <sys/proc.h> 61 #ifdef INET6 62 #include <netinet/icmp6.h> 63 #endif 64 65 66 #ifndef KTR_SCTP 67 #define KTR_SCTP KTR_SUBSYS 68 #endif 69 70 extern const struct sctp_cc_functions sctp_cc_functions[]; 71 extern const struct sctp_ss_functions sctp_ss_functions[]; 72 73 void 74 sctp_sblog(struct sockbuf *sb, struct sctp_tcb *stcb, int from, int incr) 75 { 76 #if defined(SCTP_LOCAL_TRACE_BUF) 77 struct sctp_cwnd_log sctp_clog; 78 79 sctp_clog.x.sb.stcb = stcb; 80 sctp_clog.x.sb.so_sbcc = sb->sb_cc; 81 if (stcb) 82 sctp_clog.x.sb.stcb_sbcc = stcb->asoc.sb_cc; 83 else 84 sctp_clog.x.sb.stcb_sbcc = 0; 85 sctp_clog.x.sb.incr = incr; 86 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 87 SCTP_LOG_EVENT_SB, 88 from, 89 sctp_clog.x.misc.log1, 90 sctp_clog.x.misc.log2, 91 sctp_clog.x.misc.log3, 92 sctp_clog.x.misc.log4); 93 #endif 94 } 95 96 void 97 sctp_log_closing(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int16_t loc) 98 { 99 #if defined(SCTP_LOCAL_TRACE_BUF) 100 struct sctp_cwnd_log sctp_clog; 101 102 sctp_clog.x.close.inp = (void *)inp; 103 sctp_clog.x.close.sctp_flags = inp->sctp_flags; 104 if (stcb) { 105 sctp_clog.x.close.stcb = (void *)stcb; 106 sctp_clog.x.close.state = (uint16_t)stcb->asoc.state; 107 } else { 108 sctp_clog.x.close.stcb = 0; 109 sctp_clog.x.close.state = 0; 110 } 111 sctp_clog.x.close.loc = loc; 112 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 113 SCTP_LOG_EVENT_CLOSE, 114 0, 115 sctp_clog.x.misc.log1, 116 sctp_clog.x.misc.log2, 117 sctp_clog.x.misc.log3, 118 sctp_clog.x.misc.log4); 119 #endif 120 } 121 122 void 123 rto_logging(struct sctp_nets *net, int from) 124 { 125 #if defined(SCTP_LOCAL_TRACE_BUF) 126 struct sctp_cwnd_log sctp_clog; 127 128 memset(&sctp_clog, 0, sizeof(sctp_clog)); 129 sctp_clog.x.rto.net = (void *)net; 130 sctp_clog.x.rto.rtt = net->rtt / 1000; 131 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 132 SCTP_LOG_EVENT_RTT, 133 from, 134 sctp_clog.x.misc.log1, 135 sctp_clog.x.misc.log2, 136 sctp_clog.x.misc.log3, 137 sctp_clog.x.misc.log4); 138 #endif 139 } 140 141 void 142 sctp_log_strm_del_alt(struct sctp_tcb *stcb, uint32_t tsn, uint16_t sseq, uint16_t stream, int from) 143 { 144 #if defined(SCTP_LOCAL_TRACE_BUF) 145 struct sctp_cwnd_log sctp_clog; 146 147 sctp_clog.x.strlog.stcb = stcb; 148 sctp_clog.x.strlog.n_tsn = tsn; 149 sctp_clog.x.strlog.n_sseq = sseq; 150 sctp_clog.x.strlog.e_tsn = 0; 151 sctp_clog.x.strlog.e_sseq = 0; 152 sctp_clog.x.strlog.strm = stream; 153 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 154 SCTP_LOG_EVENT_STRM, 155 from, 156 sctp_clog.x.misc.log1, 157 sctp_clog.x.misc.log2, 158 sctp_clog.x.misc.log3, 159 sctp_clog.x.misc.log4); 160 #endif 161 } 162 163 void 164 sctp_log_nagle_event(struct sctp_tcb *stcb, int action) 165 { 166 #if defined(SCTP_LOCAL_TRACE_BUF) 167 struct sctp_cwnd_log sctp_clog; 168 169 sctp_clog.x.nagle.stcb = (void *)stcb; 170 sctp_clog.x.nagle.total_flight = stcb->asoc.total_flight; 171 sctp_clog.x.nagle.total_in_queue = stcb->asoc.total_output_queue_size; 172 sctp_clog.x.nagle.count_in_queue = stcb->asoc.chunks_on_out_queue; 173 sctp_clog.x.nagle.count_in_flight = stcb->asoc.total_flight_count; 174 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 175 SCTP_LOG_EVENT_NAGLE, 176 action, 177 sctp_clog.x.misc.log1, 178 sctp_clog.x.misc.log2, 179 sctp_clog.x.misc.log3, 180 sctp_clog.x.misc.log4); 181 #endif 182 } 183 184 void 185 sctp_log_sack(uint32_t old_cumack, uint32_t cumack, uint32_t tsn, uint16_t gaps, uint16_t dups, int from) 186 { 187 #if defined(SCTP_LOCAL_TRACE_BUF) 188 struct sctp_cwnd_log sctp_clog; 189 190 sctp_clog.x.sack.cumack = cumack; 191 sctp_clog.x.sack.oldcumack = old_cumack; 192 sctp_clog.x.sack.tsn = tsn; 193 sctp_clog.x.sack.numGaps = gaps; 194 sctp_clog.x.sack.numDups = dups; 195 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 196 SCTP_LOG_EVENT_SACK, 197 from, 198 sctp_clog.x.misc.log1, 199 sctp_clog.x.misc.log2, 200 sctp_clog.x.misc.log3, 201 sctp_clog.x.misc.log4); 202 #endif 203 } 204 205 void 206 sctp_log_map(uint32_t map, uint32_t cum, uint32_t high, int from) 207 { 208 #if defined(SCTP_LOCAL_TRACE_BUF) 209 struct sctp_cwnd_log sctp_clog; 210 211 memset(&sctp_clog, 0, sizeof(sctp_clog)); 212 sctp_clog.x.map.base = map; 213 sctp_clog.x.map.cum = cum; 214 sctp_clog.x.map.high = high; 215 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 216 SCTP_LOG_EVENT_MAP, 217 from, 218 sctp_clog.x.misc.log1, 219 sctp_clog.x.misc.log2, 220 sctp_clog.x.misc.log3, 221 sctp_clog.x.misc.log4); 222 #endif 223 } 224 225 void 226 sctp_log_fr(uint32_t biggest_tsn, uint32_t biggest_new_tsn, uint32_t tsn, int from) 227 { 228 #if defined(SCTP_LOCAL_TRACE_BUF) 229 struct sctp_cwnd_log sctp_clog; 230 231 memset(&sctp_clog, 0, sizeof(sctp_clog)); 232 sctp_clog.x.fr.largest_tsn = biggest_tsn; 233 sctp_clog.x.fr.largest_new_tsn = biggest_new_tsn; 234 sctp_clog.x.fr.tsn = tsn; 235 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 236 SCTP_LOG_EVENT_FR, 237 from, 238 sctp_clog.x.misc.log1, 239 sctp_clog.x.misc.log2, 240 sctp_clog.x.misc.log3, 241 sctp_clog.x.misc.log4); 242 #endif 243 } 244 245 #ifdef SCTP_MBUF_LOGGING 246 void 247 sctp_log_mb(struct mbuf *m, int from) 248 { 249 #if defined(SCTP_LOCAL_TRACE_BUF) 250 struct sctp_cwnd_log sctp_clog; 251 252 sctp_clog.x.mb.mp = m; 253 sctp_clog.x.mb.mbuf_flags = (uint8_t)(SCTP_BUF_GET_FLAGS(m)); 254 sctp_clog.x.mb.size = (uint16_t)(SCTP_BUF_LEN(m)); 255 sctp_clog.x.mb.data = SCTP_BUF_AT(m, 0); 256 if (SCTP_BUF_IS_EXTENDED(m)) { 257 sctp_clog.x.mb.ext = SCTP_BUF_EXTEND_BASE(m); 258 sctp_clog.x.mb.refcnt = (uint8_t)(SCTP_BUF_EXTEND_REFCNT(m)); 259 } else { 260 sctp_clog.x.mb.ext = 0; 261 sctp_clog.x.mb.refcnt = 0; 262 } 263 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 264 SCTP_LOG_EVENT_MBUF, 265 from, 266 sctp_clog.x.misc.log1, 267 sctp_clog.x.misc.log2, 268 sctp_clog.x.misc.log3, 269 sctp_clog.x.misc.log4); 270 #endif 271 } 272 273 void 274 sctp_log_mbc(struct mbuf *m, int from) 275 { 276 struct mbuf *mat; 277 278 for (mat = m; mat; mat = SCTP_BUF_NEXT(mat)) { 279 sctp_log_mb(mat, from); 280 } 281 } 282 #endif 283 284 void 285 sctp_log_strm_del(struct sctp_queued_to_read *control, struct sctp_queued_to_read *poschk, int from) 286 { 287 #if defined(SCTP_LOCAL_TRACE_BUF) 288 struct sctp_cwnd_log sctp_clog; 289 290 if (control == NULL) { 291 SCTP_PRINTF("Gak log of NULL?\n"); 292 return; 293 } 294 sctp_clog.x.strlog.stcb = control->stcb; 295 sctp_clog.x.strlog.n_tsn = control->sinfo_tsn; 296 sctp_clog.x.strlog.n_sseq = (uint16_t)control->mid; 297 sctp_clog.x.strlog.strm = control->sinfo_stream; 298 if (poschk != NULL) { 299 sctp_clog.x.strlog.e_tsn = poschk->sinfo_tsn; 300 sctp_clog.x.strlog.e_sseq = (uint16_t)poschk->mid; 301 } else { 302 sctp_clog.x.strlog.e_tsn = 0; 303 sctp_clog.x.strlog.e_sseq = 0; 304 } 305 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 306 SCTP_LOG_EVENT_STRM, 307 from, 308 sctp_clog.x.misc.log1, 309 sctp_clog.x.misc.log2, 310 sctp_clog.x.misc.log3, 311 sctp_clog.x.misc.log4); 312 #endif 313 } 314 315 void 316 sctp_log_cwnd(struct sctp_tcb *stcb, struct sctp_nets *net, int augment, uint8_t from) 317 { 318 #if defined(SCTP_LOCAL_TRACE_BUF) 319 struct sctp_cwnd_log sctp_clog; 320 321 sctp_clog.x.cwnd.net = net; 322 if (stcb->asoc.send_queue_cnt > 255) 323 sctp_clog.x.cwnd.cnt_in_send = 255; 324 else 325 sctp_clog.x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 326 if (stcb->asoc.stream_queue_cnt > 255) 327 sctp_clog.x.cwnd.cnt_in_str = 255; 328 else 329 sctp_clog.x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 330 331 if (net) { 332 sctp_clog.x.cwnd.cwnd_new_value = net->cwnd; 333 sctp_clog.x.cwnd.inflight = net->flight_size; 334 sctp_clog.x.cwnd.pseudo_cumack = net->pseudo_cumack; 335 sctp_clog.x.cwnd.meets_pseudo_cumack = net->new_pseudo_cumack; 336 sctp_clog.x.cwnd.need_new_pseudo_cumack = net->find_pseudo_cumack; 337 } 338 if (SCTP_CWNDLOG_PRESEND == from) { 339 sctp_clog.x.cwnd.meets_pseudo_cumack = stcb->asoc.peers_rwnd; 340 } 341 sctp_clog.x.cwnd.cwnd_augment = augment; 342 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 343 SCTP_LOG_EVENT_CWND, 344 from, 345 sctp_clog.x.misc.log1, 346 sctp_clog.x.misc.log2, 347 sctp_clog.x.misc.log3, 348 sctp_clog.x.misc.log4); 349 #endif 350 } 351 352 void 353 sctp_log_lock(struct sctp_inpcb *inp, struct sctp_tcb *stcb, uint8_t from) 354 { 355 #if defined(SCTP_LOCAL_TRACE_BUF) 356 struct sctp_cwnd_log sctp_clog; 357 358 memset(&sctp_clog, 0, sizeof(sctp_clog)); 359 if (inp) { 360 sctp_clog.x.lock.sock = (void *)inp->sctp_socket; 361 362 } else { 363 sctp_clog.x.lock.sock = (void *)NULL; 364 } 365 sctp_clog.x.lock.inp = (void *)inp; 366 if (stcb) { 367 sctp_clog.x.lock.tcb_lock = mtx_owned(&stcb->tcb_mtx); 368 } else { 369 sctp_clog.x.lock.tcb_lock = SCTP_LOCK_UNKNOWN; 370 } 371 if (inp) { 372 sctp_clog.x.lock.inp_lock = mtx_owned(&inp->inp_mtx); 373 sctp_clog.x.lock.create_lock = mtx_owned(&inp->inp_create_mtx); 374 } else { 375 sctp_clog.x.lock.inp_lock = SCTP_LOCK_UNKNOWN; 376 sctp_clog.x.lock.create_lock = SCTP_LOCK_UNKNOWN; 377 } 378 sctp_clog.x.lock.info_lock = rw_wowned(&SCTP_BASE_INFO(ipi_ep_mtx)); 379 if (inp && (inp->sctp_socket)) { 380 sctp_clog.x.lock.sock_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); 381 sctp_clog.x.lock.sockrcvbuf_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); 382 sctp_clog.x.lock.socksndbuf_lock = mtx_owned(&(inp->sctp_socket->so_snd.sb_mtx)); 383 } else { 384 sctp_clog.x.lock.sock_lock = SCTP_LOCK_UNKNOWN; 385 sctp_clog.x.lock.sockrcvbuf_lock = SCTP_LOCK_UNKNOWN; 386 sctp_clog.x.lock.socksndbuf_lock = SCTP_LOCK_UNKNOWN; 387 } 388 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 389 SCTP_LOG_LOCK_EVENT, 390 from, 391 sctp_clog.x.misc.log1, 392 sctp_clog.x.misc.log2, 393 sctp_clog.x.misc.log3, 394 sctp_clog.x.misc.log4); 395 #endif 396 } 397 398 void 399 sctp_log_maxburst(struct sctp_tcb *stcb, struct sctp_nets *net, int error, int burst, uint8_t from) 400 { 401 #if defined(SCTP_LOCAL_TRACE_BUF) 402 struct sctp_cwnd_log sctp_clog; 403 404 memset(&sctp_clog, 0, sizeof(sctp_clog)); 405 sctp_clog.x.cwnd.net = net; 406 sctp_clog.x.cwnd.cwnd_new_value = error; 407 sctp_clog.x.cwnd.inflight = net->flight_size; 408 sctp_clog.x.cwnd.cwnd_augment = burst; 409 if (stcb->asoc.send_queue_cnt > 255) 410 sctp_clog.x.cwnd.cnt_in_send = 255; 411 else 412 sctp_clog.x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 413 if (stcb->asoc.stream_queue_cnt > 255) 414 sctp_clog.x.cwnd.cnt_in_str = 255; 415 else 416 sctp_clog.x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 417 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 418 SCTP_LOG_EVENT_MAXBURST, 419 from, 420 sctp_clog.x.misc.log1, 421 sctp_clog.x.misc.log2, 422 sctp_clog.x.misc.log3, 423 sctp_clog.x.misc.log4); 424 #endif 425 } 426 427 void 428 sctp_log_rwnd(uint8_t from, uint32_t peers_rwnd, uint32_t snd_size, uint32_t overhead) 429 { 430 #if defined(SCTP_LOCAL_TRACE_BUF) 431 struct sctp_cwnd_log sctp_clog; 432 433 sctp_clog.x.rwnd.rwnd = peers_rwnd; 434 sctp_clog.x.rwnd.send_size = snd_size; 435 sctp_clog.x.rwnd.overhead = overhead; 436 sctp_clog.x.rwnd.new_rwnd = 0; 437 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 438 SCTP_LOG_EVENT_RWND, 439 from, 440 sctp_clog.x.misc.log1, 441 sctp_clog.x.misc.log2, 442 sctp_clog.x.misc.log3, 443 sctp_clog.x.misc.log4); 444 #endif 445 } 446 447 void 448 sctp_log_rwnd_set(uint8_t from, uint32_t peers_rwnd, uint32_t flight_size, uint32_t overhead, uint32_t a_rwndval) 449 { 450 #if defined(SCTP_LOCAL_TRACE_BUF) 451 struct sctp_cwnd_log sctp_clog; 452 453 sctp_clog.x.rwnd.rwnd = peers_rwnd; 454 sctp_clog.x.rwnd.send_size = flight_size; 455 sctp_clog.x.rwnd.overhead = overhead; 456 sctp_clog.x.rwnd.new_rwnd = a_rwndval; 457 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 458 SCTP_LOG_EVENT_RWND, 459 from, 460 sctp_clog.x.misc.log1, 461 sctp_clog.x.misc.log2, 462 sctp_clog.x.misc.log3, 463 sctp_clog.x.misc.log4); 464 #endif 465 } 466 467 #ifdef SCTP_MBCNT_LOGGING 468 static void 469 sctp_log_mbcnt(uint8_t from, uint32_t total_oq, uint32_t book, uint32_t total_mbcnt_q, uint32_t mbcnt) 470 { 471 #if defined(SCTP_LOCAL_TRACE_BUF) 472 struct sctp_cwnd_log sctp_clog; 473 474 sctp_clog.x.mbcnt.total_queue_size = total_oq; 475 sctp_clog.x.mbcnt.size_change = book; 476 sctp_clog.x.mbcnt.total_queue_mb_size = total_mbcnt_q; 477 sctp_clog.x.mbcnt.mbcnt_change = mbcnt; 478 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 479 SCTP_LOG_EVENT_MBCNT, 480 from, 481 sctp_clog.x.misc.log1, 482 sctp_clog.x.misc.log2, 483 sctp_clog.x.misc.log3, 484 sctp_clog.x.misc.log4); 485 #endif 486 } 487 #endif 488 489 void 490 sctp_misc_ints(uint8_t from, uint32_t a, uint32_t b, uint32_t c, uint32_t d) 491 { 492 #if defined(SCTP_LOCAL_TRACE_BUF) 493 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 494 SCTP_LOG_MISC_EVENT, 495 from, 496 a, b, c, d); 497 #endif 498 } 499 500 void 501 sctp_wakeup_log(struct sctp_tcb *stcb, uint32_t wake_cnt, int from) 502 { 503 #if defined(SCTP_LOCAL_TRACE_BUF) 504 struct sctp_cwnd_log sctp_clog; 505 506 sctp_clog.x.wake.stcb = (void *)stcb; 507 sctp_clog.x.wake.wake_cnt = wake_cnt; 508 sctp_clog.x.wake.flight = stcb->asoc.total_flight_count; 509 sctp_clog.x.wake.send_q = stcb->asoc.send_queue_cnt; 510 sctp_clog.x.wake.sent_q = stcb->asoc.sent_queue_cnt; 511 512 if (stcb->asoc.stream_queue_cnt < 0xff) 513 sctp_clog.x.wake.stream_qcnt = (uint8_t)stcb->asoc.stream_queue_cnt; 514 else 515 sctp_clog.x.wake.stream_qcnt = 0xff; 516 517 if (stcb->asoc.chunks_on_out_queue < 0xff) 518 sctp_clog.x.wake.chunks_on_oque = (uint8_t)stcb->asoc.chunks_on_out_queue; 519 else 520 sctp_clog.x.wake.chunks_on_oque = 0xff; 521 522 sctp_clog.x.wake.sctpflags = 0; 523 /* set in the defered mode stuff */ 524 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE) 525 sctp_clog.x.wake.sctpflags |= 1; 526 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT) 527 sctp_clog.x.wake.sctpflags |= 2; 528 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT) 529 sctp_clog.x.wake.sctpflags |= 4; 530 /* what about the sb */ 531 if (stcb->sctp_socket) { 532 struct socket *so = stcb->sctp_socket; 533 534 sctp_clog.x.wake.sbflags = (uint8_t)((so->so_snd.sb_flags & 0x00ff)); 535 } else { 536 sctp_clog.x.wake.sbflags = 0xff; 537 } 538 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 539 SCTP_LOG_EVENT_WAKE, 540 from, 541 sctp_clog.x.misc.log1, 542 sctp_clog.x.misc.log2, 543 sctp_clog.x.misc.log3, 544 sctp_clog.x.misc.log4); 545 #endif 546 } 547 548 void 549 sctp_log_block(uint8_t from, struct sctp_association *asoc, ssize_t sendlen) 550 { 551 #if defined(SCTP_LOCAL_TRACE_BUF) 552 struct sctp_cwnd_log sctp_clog; 553 554 sctp_clog.x.blk.onsb = asoc->total_output_queue_size; 555 sctp_clog.x.blk.send_sent_qcnt = (uint16_t)(asoc->send_queue_cnt + asoc->sent_queue_cnt); 556 sctp_clog.x.blk.peer_rwnd = asoc->peers_rwnd; 557 sctp_clog.x.blk.stream_qcnt = (uint16_t)asoc->stream_queue_cnt; 558 sctp_clog.x.blk.chunks_on_oque = (uint16_t)asoc->chunks_on_out_queue; 559 sctp_clog.x.blk.flight_size = (uint16_t)(asoc->total_flight / 1024); 560 sctp_clog.x.blk.sndlen = (uint32_t)sendlen; 561 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 562 SCTP_LOG_EVENT_BLOCK, 563 from, 564 sctp_clog.x.misc.log1, 565 sctp_clog.x.misc.log2, 566 sctp_clog.x.misc.log3, 567 sctp_clog.x.misc.log4); 568 #endif 569 } 570 571 int 572 sctp_fill_stat_log(void *optval SCTP_UNUSED, size_t *optsize SCTP_UNUSED) 573 { 574 /* May need to fix this if ktrdump does not work */ 575 return (0); 576 } 577 578 #ifdef SCTP_AUDITING_ENABLED 579 uint8_t sctp_audit_data[SCTP_AUDIT_SIZE][2]; 580 static int sctp_audit_indx = 0; 581 582 static 583 void 584 sctp_print_audit_report(void) 585 { 586 int i; 587 int cnt; 588 589 cnt = 0; 590 for (i = sctp_audit_indx; i < SCTP_AUDIT_SIZE; i++) { 591 if ((sctp_audit_data[i][0] == 0xe0) && 592 (sctp_audit_data[i][1] == 0x01)) { 593 cnt = 0; 594 SCTP_PRINTF("\n"); 595 } else if (sctp_audit_data[i][0] == 0xf0) { 596 cnt = 0; 597 SCTP_PRINTF("\n"); 598 } else if ((sctp_audit_data[i][0] == 0xc0) && 599 (sctp_audit_data[i][1] == 0x01)) { 600 SCTP_PRINTF("\n"); 601 cnt = 0; 602 } 603 SCTP_PRINTF("%2.2x%2.2x ", (uint32_t)sctp_audit_data[i][0], 604 (uint32_t)sctp_audit_data[i][1]); 605 cnt++; 606 if ((cnt % 14) == 0) 607 SCTP_PRINTF("\n"); 608 } 609 for (i = 0; i < sctp_audit_indx; i++) { 610 if ((sctp_audit_data[i][0] == 0xe0) && 611 (sctp_audit_data[i][1] == 0x01)) { 612 cnt = 0; 613 SCTP_PRINTF("\n"); 614 } else if (sctp_audit_data[i][0] == 0xf0) { 615 cnt = 0; 616 SCTP_PRINTF("\n"); 617 } else if ((sctp_audit_data[i][0] == 0xc0) && 618 (sctp_audit_data[i][1] == 0x01)) { 619 SCTP_PRINTF("\n"); 620 cnt = 0; 621 } 622 SCTP_PRINTF("%2.2x%2.2x ", (uint32_t)sctp_audit_data[i][0], 623 (uint32_t)sctp_audit_data[i][1]); 624 cnt++; 625 if ((cnt % 14) == 0) 626 SCTP_PRINTF("\n"); 627 } 628 SCTP_PRINTF("\n"); 629 } 630 631 void 632 sctp_auditing(int from, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 633 struct sctp_nets *net) 634 { 635 int resend_cnt, tot_out, rep, tot_book_cnt; 636 struct sctp_nets *lnet; 637 struct sctp_tmit_chunk *chk; 638 639 sctp_audit_data[sctp_audit_indx][0] = 0xAA; 640 sctp_audit_data[sctp_audit_indx][1] = 0x000000ff & from; 641 sctp_audit_indx++; 642 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 643 sctp_audit_indx = 0; 644 } 645 if (inp == NULL) { 646 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 647 sctp_audit_data[sctp_audit_indx][1] = 0x01; 648 sctp_audit_indx++; 649 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 650 sctp_audit_indx = 0; 651 } 652 return; 653 } 654 if (stcb == NULL) { 655 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 656 sctp_audit_data[sctp_audit_indx][1] = 0x02; 657 sctp_audit_indx++; 658 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 659 sctp_audit_indx = 0; 660 } 661 return; 662 } 663 sctp_audit_data[sctp_audit_indx][0] = 0xA1; 664 sctp_audit_data[sctp_audit_indx][1] = 665 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 666 sctp_audit_indx++; 667 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 668 sctp_audit_indx = 0; 669 } 670 rep = 0; 671 tot_book_cnt = 0; 672 resend_cnt = tot_out = 0; 673 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 674 if (chk->sent == SCTP_DATAGRAM_RESEND) { 675 resend_cnt++; 676 } else if (chk->sent < SCTP_DATAGRAM_RESEND) { 677 tot_out += chk->book_size; 678 tot_book_cnt++; 679 } 680 } 681 if (resend_cnt != stcb->asoc.sent_queue_retran_cnt) { 682 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 683 sctp_audit_data[sctp_audit_indx][1] = 0xA1; 684 sctp_audit_indx++; 685 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 686 sctp_audit_indx = 0; 687 } 688 SCTP_PRINTF("resend_cnt:%d asoc-tot:%d\n", 689 resend_cnt, stcb->asoc.sent_queue_retran_cnt); 690 rep = 1; 691 stcb->asoc.sent_queue_retran_cnt = resend_cnt; 692 sctp_audit_data[sctp_audit_indx][0] = 0xA2; 693 sctp_audit_data[sctp_audit_indx][1] = 694 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 695 sctp_audit_indx++; 696 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 697 sctp_audit_indx = 0; 698 } 699 } 700 if (tot_out != stcb->asoc.total_flight) { 701 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 702 sctp_audit_data[sctp_audit_indx][1] = 0xA2; 703 sctp_audit_indx++; 704 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 705 sctp_audit_indx = 0; 706 } 707 rep = 1; 708 SCTP_PRINTF("tot_flt:%d asoc_tot:%d\n", tot_out, 709 (int)stcb->asoc.total_flight); 710 stcb->asoc.total_flight = tot_out; 711 } 712 if (tot_book_cnt != stcb->asoc.total_flight_count) { 713 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 714 sctp_audit_data[sctp_audit_indx][1] = 0xA5; 715 sctp_audit_indx++; 716 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 717 sctp_audit_indx = 0; 718 } 719 rep = 1; 720 SCTP_PRINTF("tot_flt_book:%d\n", tot_book_cnt); 721 722 stcb->asoc.total_flight_count = tot_book_cnt; 723 } 724 tot_out = 0; 725 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 726 tot_out += lnet->flight_size; 727 } 728 if (tot_out != stcb->asoc.total_flight) { 729 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 730 sctp_audit_data[sctp_audit_indx][1] = 0xA3; 731 sctp_audit_indx++; 732 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 733 sctp_audit_indx = 0; 734 } 735 rep = 1; 736 SCTP_PRINTF("real flight:%d net total was %d\n", 737 stcb->asoc.total_flight, tot_out); 738 /* now corrective action */ 739 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 740 741 tot_out = 0; 742 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 743 if ((chk->whoTo == lnet) && 744 (chk->sent < SCTP_DATAGRAM_RESEND)) { 745 tot_out += chk->book_size; 746 } 747 } 748 if (lnet->flight_size != tot_out) { 749 SCTP_PRINTF("net:%p flight was %d corrected to %d\n", 750 (void *)lnet, lnet->flight_size, 751 tot_out); 752 lnet->flight_size = tot_out; 753 } 754 } 755 } 756 if (rep) { 757 sctp_print_audit_report(); 758 } 759 } 760 761 void 762 sctp_audit_log(uint8_t ev, uint8_t fd) 763 { 764 765 sctp_audit_data[sctp_audit_indx][0] = ev; 766 sctp_audit_data[sctp_audit_indx][1] = fd; 767 sctp_audit_indx++; 768 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 769 sctp_audit_indx = 0; 770 } 771 } 772 773 #endif 774 775 /* 776 * sctp_stop_timers_for_shutdown() should be called 777 * when entering the SHUTDOWN_SENT or SHUTDOWN_ACK_SENT 778 * state to make sure that all timers are stopped. 779 */ 780 void 781 sctp_stop_timers_for_shutdown(struct sctp_tcb *stcb) 782 { 783 struct sctp_inpcb *inp; 784 struct sctp_nets *net; 785 786 inp = stcb->sctp_ep; 787 788 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, inp, stcb, NULL, 789 SCTP_FROM_SCTPUTIL + SCTP_LOC_12); 790 sctp_timer_stop(SCTP_TIMER_TYPE_STRRESET, inp, stcb, NULL, 791 SCTP_FROM_SCTPUTIL + SCTP_LOC_13); 792 sctp_timer_stop(SCTP_TIMER_TYPE_ASCONF, inp, stcb, NULL, 793 SCTP_FROM_SCTPUTIL + SCTP_LOC_14); 794 sctp_timer_stop(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL, 795 SCTP_FROM_SCTPUTIL + SCTP_LOC_15); 796 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 797 sctp_timer_stop(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net, 798 SCTP_FROM_SCTPUTIL + SCTP_LOC_16); 799 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, 800 SCTP_FROM_SCTPUTIL + SCTP_LOC_17); 801 } 802 } 803 804 void 805 sctp_stop_association_timers(struct sctp_tcb *stcb, bool stop_assoc_kill_timer) 806 { 807 struct sctp_inpcb *inp; 808 struct sctp_nets *net; 809 810 inp = stcb->sctp_ep; 811 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, inp, stcb, NULL, 812 SCTP_FROM_SCTPUTIL + SCTP_LOC_18); 813 sctp_timer_stop(SCTP_TIMER_TYPE_STRRESET, inp, stcb, NULL, 814 SCTP_FROM_SCTPUTIL + SCTP_LOC_19); 815 if (stop_assoc_kill_timer) { 816 sctp_timer_stop(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL, 817 SCTP_FROM_SCTPUTIL + SCTP_LOC_20); 818 } 819 sctp_timer_stop(SCTP_TIMER_TYPE_ASCONF, inp, stcb, NULL, 820 SCTP_FROM_SCTPUTIL + SCTP_LOC_21); 821 sctp_timer_stop(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL, 822 SCTP_FROM_SCTPUTIL + SCTP_LOC_22); 823 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWNGUARD, inp, stcb, NULL, 824 SCTP_FROM_SCTPUTIL + SCTP_LOC_23); 825 /* Mobility adaptation */ 826 sctp_timer_stop(SCTP_TIMER_TYPE_PRIM_DELETED, inp, stcb, NULL, 827 SCTP_FROM_SCTPUTIL + SCTP_LOC_24); 828 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 829 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, inp, stcb, net, 830 SCTP_FROM_SCTPUTIL + SCTP_LOC_25); 831 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, stcb, net, 832 SCTP_FROM_SCTPUTIL + SCTP_LOC_26); 833 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, inp, stcb, net, 834 SCTP_FROM_SCTPUTIL + SCTP_LOC_27); 835 sctp_timer_stop(SCTP_TIMER_TYPE_COOKIE, inp, stcb, net, 836 SCTP_FROM_SCTPUTIL + SCTP_LOC_28); 837 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWNACK, inp, stcb, net, 838 SCTP_FROM_SCTPUTIL + SCTP_LOC_29); 839 sctp_timer_stop(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net, 840 SCTP_FROM_SCTPUTIL + SCTP_LOC_30); 841 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, 842 SCTP_FROM_SCTPUTIL + SCTP_LOC_31); 843 } 844 } 845 846 /* 847 * A list of sizes based on typical mtu's, used only if next hop size not 848 * returned. These values MUST be multiples of 4 and MUST be ordered. 849 */ 850 static uint32_t sctp_mtu_sizes[] = { 851 68, 852 296, 853 508, 854 512, 855 544, 856 576, 857 1004, 858 1492, 859 1500, 860 1536, 861 2000, 862 2048, 863 4352, 864 4464, 865 8166, 866 17912, 867 32000, 868 65532 869 }; 870 871 /* 872 * Return the largest MTU in sctp_mtu_sizes smaller than val. 873 * If val is smaller than the minimum, just return the largest 874 * multiple of 4 smaller or equal to val. 875 * Ensure that the result is a multiple of 4. 876 */ 877 uint32_t 878 sctp_get_prev_mtu(uint32_t val) 879 { 880 uint32_t i; 881 882 val &= 0xfffffffc; 883 if (val <= sctp_mtu_sizes[0]) { 884 return (val); 885 } 886 for (i = 1; i < (sizeof(sctp_mtu_sizes) / sizeof(uint32_t)); i++) { 887 if (val <= sctp_mtu_sizes[i]) { 888 break; 889 } 890 } 891 KASSERT((sctp_mtu_sizes[i - 1] & 0x00000003) == 0, 892 ("sctp_mtu_sizes[%u] not a multiple of 4", i - 1)); 893 return (sctp_mtu_sizes[i - 1]); 894 } 895 896 /* 897 * Return the smallest MTU in sctp_mtu_sizes larger than val. 898 * If val is larger than the maximum, just return the largest multiple of 4 smaller 899 * or equal to val. 900 * Ensure that the result is a multiple of 4. 901 */ 902 uint32_t 903 sctp_get_next_mtu(uint32_t val) 904 { 905 /* select another MTU that is just bigger than this one */ 906 uint32_t i; 907 908 val &= 0xfffffffc; 909 for (i = 0; i < (sizeof(sctp_mtu_sizes) / sizeof(uint32_t)); i++) { 910 if (val < sctp_mtu_sizes[i]) { 911 KASSERT((sctp_mtu_sizes[i] & 0x00000003) == 0, 912 ("sctp_mtu_sizes[%u] not a multiple of 4", i)); 913 return (sctp_mtu_sizes[i]); 914 } 915 } 916 return (val); 917 } 918 919 void 920 sctp_fill_random_store(struct sctp_pcb *m) 921 { 922 /* 923 * Here we use the MD5/SHA-1 to hash with our good randomNumbers and 924 * our counter. The result becomes our good random numbers and we 925 * then setup to give these out. Note that we do no locking to 926 * protect this. This is ok, since if competing folks call this we 927 * will get more gobbled gook in the random store which is what we 928 * want. There is a danger that two guys will use the same random 929 * numbers, but thats ok too since that is random as well :-> 930 */ 931 m->store_at = 0; 932 (void)sctp_hmac(SCTP_HMAC, (uint8_t *)m->random_numbers, 933 sizeof(m->random_numbers), (uint8_t *)&m->random_counter, 934 sizeof(m->random_counter), (uint8_t *)m->random_store); 935 m->random_counter++; 936 } 937 938 uint32_t 939 sctp_select_initial_TSN(struct sctp_pcb *inp) 940 { 941 /* 942 * A true implementation should use random selection process to get 943 * the initial stream sequence number, using RFC1750 as a good 944 * guideline 945 */ 946 uint32_t x, *xp; 947 uint8_t *p; 948 int store_at, new_store; 949 950 if (inp->initial_sequence_debug != 0) { 951 uint32_t ret; 952 953 ret = inp->initial_sequence_debug; 954 inp->initial_sequence_debug++; 955 return (ret); 956 } 957 retry: 958 store_at = inp->store_at; 959 new_store = store_at + sizeof(uint32_t); 960 if (new_store >= (SCTP_SIGNATURE_SIZE - 3)) { 961 new_store = 0; 962 } 963 if (!atomic_cmpset_int(&inp->store_at, store_at, new_store)) { 964 goto retry; 965 } 966 if (new_store == 0) { 967 /* Refill the random store */ 968 sctp_fill_random_store(inp); 969 } 970 p = &inp->random_store[store_at]; 971 xp = (uint32_t *)p; 972 x = *xp; 973 return (x); 974 } 975 976 uint32_t 977 sctp_select_a_tag(struct sctp_inpcb *inp, uint16_t lport, uint16_t rport, int check) 978 { 979 uint32_t x; 980 struct timeval now; 981 982 if (check) { 983 (void)SCTP_GETTIME_TIMEVAL(&now); 984 } 985 for (;;) { 986 x = sctp_select_initial_TSN(&inp->sctp_ep); 987 if (x == 0) { 988 /* we never use 0 */ 989 continue; 990 } 991 if (!check || sctp_is_vtag_good(x, lport, rport, &now)) { 992 break; 993 } 994 } 995 return (x); 996 } 997 998 int32_t 999 sctp_map_assoc_state(int kernel_state) 1000 { 1001 int32_t user_state; 1002 1003 if (kernel_state & SCTP_STATE_WAS_ABORTED) { 1004 user_state = SCTP_CLOSED; 1005 } else if (kernel_state & SCTP_STATE_SHUTDOWN_PENDING) { 1006 user_state = SCTP_SHUTDOWN_PENDING; 1007 } else { 1008 switch (kernel_state & SCTP_STATE_MASK) { 1009 case SCTP_STATE_EMPTY: 1010 user_state = SCTP_CLOSED; 1011 break; 1012 case SCTP_STATE_INUSE: 1013 user_state = SCTP_CLOSED; 1014 break; 1015 case SCTP_STATE_COOKIE_WAIT: 1016 user_state = SCTP_COOKIE_WAIT; 1017 break; 1018 case SCTP_STATE_COOKIE_ECHOED: 1019 user_state = SCTP_COOKIE_ECHOED; 1020 break; 1021 case SCTP_STATE_OPEN: 1022 user_state = SCTP_ESTABLISHED; 1023 break; 1024 case SCTP_STATE_SHUTDOWN_SENT: 1025 user_state = SCTP_SHUTDOWN_SENT; 1026 break; 1027 case SCTP_STATE_SHUTDOWN_RECEIVED: 1028 user_state = SCTP_SHUTDOWN_RECEIVED; 1029 break; 1030 case SCTP_STATE_SHUTDOWN_ACK_SENT: 1031 user_state = SCTP_SHUTDOWN_ACK_SENT; 1032 break; 1033 default: 1034 user_state = SCTP_CLOSED; 1035 break; 1036 } 1037 } 1038 return (user_state); 1039 } 1040 1041 int 1042 sctp_init_asoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 1043 uint32_t override_tag, uint32_t vrf_id, uint16_t o_strms) 1044 { 1045 struct sctp_association *asoc; 1046 1047 /* 1048 * Anything set to zero is taken care of by the allocation routine's 1049 * bzero 1050 */ 1051 1052 /* 1053 * Up front select what scoping to apply on addresses I tell my peer 1054 * Not sure what to do with these right now, we will need to come up 1055 * with a way to set them. We may need to pass them through from the 1056 * caller in the sctp_aloc_assoc() function. 1057 */ 1058 int i; 1059 #if defined(SCTP_DETAILED_STR_STATS) 1060 int j; 1061 #endif 1062 1063 asoc = &stcb->asoc; 1064 /* init all variables to a known value. */ 1065 SCTP_SET_STATE(stcb, SCTP_STATE_INUSE); 1066 asoc->max_burst = inp->sctp_ep.max_burst; 1067 asoc->fr_max_burst = inp->sctp_ep.fr_max_burst; 1068 asoc->heart_beat_delay = TICKS_TO_MSEC(inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_HEARTBEAT]); 1069 asoc->cookie_life = inp->sctp_ep.def_cookie_life; 1070 asoc->sctp_cmt_on_off = inp->sctp_cmt_on_off; 1071 asoc->ecn_supported = inp->ecn_supported; 1072 asoc->prsctp_supported = inp->prsctp_supported; 1073 asoc->idata_supported = inp->idata_supported; 1074 asoc->auth_supported = inp->auth_supported; 1075 asoc->asconf_supported = inp->asconf_supported; 1076 asoc->reconfig_supported = inp->reconfig_supported; 1077 asoc->nrsack_supported = inp->nrsack_supported; 1078 asoc->pktdrop_supported = inp->pktdrop_supported; 1079 asoc->idata_supported = inp->idata_supported; 1080 asoc->sctp_cmt_pf = (uint8_t)0; 1081 asoc->sctp_frag_point = inp->sctp_frag_point; 1082 asoc->sctp_features = inp->sctp_features; 1083 asoc->default_dscp = inp->sctp_ep.default_dscp; 1084 asoc->max_cwnd = inp->max_cwnd; 1085 #ifdef INET6 1086 if (inp->sctp_ep.default_flowlabel) { 1087 asoc->default_flowlabel = inp->sctp_ep.default_flowlabel; 1088 } else { 1089 if (inp->ip_inp.inp.inp_flags & IN6P_AUTOFLOWLABEL) { 1090 asoc->default_flowlabel = sctp_select_initial_TSN(&inp->sctp_ep); 1091 asoc->default_flowlabel &= 0x000fffff; 1092 asoc->default_flowlabel |= 0x80000000; 1093 } else { 1094 asoc->default_flowlabel = 0; 1095 } 1096 } 1097 #endif 1098 asoc->sb_send_resv = 0; 1099 if (override_tag) { 1100 asoc->my_vtag = override_tag; 1101 } else { 1102 asoc->my_vtag = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 1); 1103 } 1104 /* Get the nonce tags */ 1105 asoc->my_vtag_nonce = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 0); 1106 asoc->peer_vtag_nonce = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 0); 1107 asoc->vrf_id = vrf_id; 1108 1109 #ifdef SCTP_ASOCLOG_OF_TSNS 1110 asoc->tsn_in_at = 0; 1111 asoc->tsn_out_at = 0; 1112 asoc->tsn_in_wrapped = 0; 1113 asoc->tsn_out_wrapped = 0; 1114 asoc->cumack_log_at = 0; 1115 asoc->cumack_log_atsnt = 0; 1116 #endif 1117 #ifdef SCTP_FS_SPEC_LOG 1118 asoc->fs_index = 0; 1119 #endif 1120 asoc->refcnt = 0; 1121 asoc->assoc_up_sent = 0; 1122 asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number = asoc->sending_seq = 1123 sctp_select_initial_TSN(&inp->sctp_ep); 1124 asoc->asconf_seq_out_acked = asoc->asconf_seq_out - 1; 1125 /* we are optimisitic here */ 1126 asoc->peer_supports_nat = 0; 1127 asoc->sent_queue_retran_cnt = 0; 1128 1129 /* for CMT */ 1130 asoc->last_net_cmt_send_started = NULL; 1131 1132 /* This will need to be adjusted */ 1133 asoc->last_acked_seq = asoc->init_seq_number - 1; 1134 asoc->advanced_peer_ack_point = asoc->last_acked_seq; 1135 asoc->asconf_seq_in = asoc->last_acked_seq; 1136 1137 /* here we are different, we hold the next one we expect */ 1138 asoc->str_reset_seq_in = asoc->last_acked_seq + 1; 1139 1140 asoc->initial_init_rto_max = inp->sctp_ep.initial_init_rto_max; 1141 asoc->initial_rto = inp->sctp_ep.initial_rto; 1142 1143 asoc->default_mtu = inp->sctp_ep.default_mtu; 1144 asoc->max_init_times = inp->sctp_ep.max_init_times; 1145 asoc->max_send_times = inp->sctp_ep.max_send_times; 1146 asoc->def_net_failure = inp->sctp_ep.def_net_failure; 1147 asoc->def_net_pf_threshold = inp->sctp_ep.def_net_pf_threshold; 1148 asoc->free_chunk_cnt = 0; 1149 1150 asoc->iam_blocking = 0; 1151 asoc->context = inp->sctp_context; 1152 asoc->local_strreset_support = inp->local_strreset_support; 1153 asoc->def_send = inp->def_send; 1154 asoc->delayed_ack = TICKS_TO_MSEC(inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_RECV]); 1155 asoc->sack_freq = inp->sctp_ep.sctp_sack_freq; 1156 asoc->pr_sctp_cnt = 0; 1157 asoc->total_output_queue_size = 0; 1158 1159 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 1160 asoc->scope.ipv6_addr_legal = 1; 1161 if (SCTP_IPV6_V6ONLY(inp) == 0) { 1162 asoc->scope.ipv4_addr_legal = 1; 1163 } else { 1164 asoc->scope.ipv4_addr_legal = 0; 1165 } 1166 } else { 1167 asoc->scope.ipv6_addr_legal = 0; 1168 asoc->scope.ipv4_addr_legal = 1; 1169 } 1170 1171 asoc->my_rwnd = max(SCTP_SB_LIMIT_RCV(inp->sctp_socket), SCTP_MINIMAL_RWND); 1172 asoc->peers_rwnd = SCTP_SB_LIMIT_RCV(inp->sctp_socket); 1173 1174 asoc->smallest_mtu = inp->sctp_frag_point; 1175 asoc->minrto = inp->sctp_ep.sctp_minrto; 1176 asoc->maxrto = inp->sctp_ep.sctp_maxrto; 1177 1178 asoc->stream_locked_on = 0; 1179 asoc->ecn_echo_cnt_onq = 0; 1180 asoc->stream_locked = 0; 1181 1182 asoc->send_sack = 1; 1183 1184 LIST_INIT(&asoc->sctp_restricted_addrs); 1185 1186 TAILQ_INIT(&asoc->nets); 1187 TAILQ_INIT(&asoc->pending_reply_queue); 1188 TAILQ_INIT(&asoc->asconf_ack_sent); 1189 /* Setup to fill the hb random cache at first HB */ 1190 asoc->hb_random_idx = 4; 1191 1192 asoc->sctp_autoclose_ticks = inp->sctp_ep.auto_close_time; 1193 1194 stcb->asoc.congestion_control_module = inp->sctp_ep.sctp_default_cc_module; 1195 stcb->asoc.cc_functions = sctp_cc_functions[inp->sctp_ep.sctp_default_cc_module]; 1196 1197 stcb->asoc.stream_scheduling_module = inp->sctp_ep.sctp_default_ss_module; 1198 stcb->asoc.ss_functions = sctp_ss_functions[inp->sctp_ep.sctp_default_ss_module]; 1199 1200 /* 1201 * Now the stream parameters, here we allocate space for all streams 1202 * that we request by default. 1203 */ 1204 asoc->strm_realoutsize = asoc->streamoutcnt = asoc->pre_open_streams = 1205 o_strms; 1206 SCTP_MALLOC(asoc->strmout, struct sctp_stream_out *, 1207 asoc->streamoutcnt * sizeof(struct sctp_stream_out), 1208 SCTP_M_STRMO); 1209 if (asoc->strmout == NULL) { 1210 /* big trouble no memory */ 1211 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1212 return (ENOMEM); 1213 } 1214 for (i = 0; i < asoc->streamoutcnt; i++) { 1215 /* 1216 * inbound side must be set to 0xffff, also NOTE when we get 1217 * the INIT-ACK back (for INIT sender) we MUST reduce the 1218 * count (streamoutcnt) but first check if we sent to any of 1219 * the upper streams that were dropped (if some were). Those 1220 * that were dropped must be notified to the upper layer as 1221 * failed to send. 1222 */ 1223 asoc->strmout[i].next_mid_ordered = 0; 1224 asoc->strmout[i].next_mid_unordered = 0; 1225 TAILQ_INIT(&asoc->strmout[i].outqueue); 1226 asoc->strmout[i].chunks_on_queues = 0; 1227 #if defined(SCTP_DETAILED_STR_STATS) 1228 for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) { 1229 asoc->strmout[i].abandoned_sent[j] = 0; 1230 asoc->strmout[i].abandoned_unsent[j] = 0; 1231 } 1232 #else 1233 asoc->strmout[i].abandoned_sent[0] = 0; 1234 asoc->strmout[i].abandoned_unsent[0] = 0; 1235 #endif 1236 asoc->strmout[i].sid = i; 1237 asoc->strmout[i].last_msg_incomplete = 0; 1238 asoc->strmout[i].state = SCTP_STREAM_OPENING; 1239 asoc->ss_functions.sctp_ss_init_stream(stcb, &asoc->strmout[i], NULL); 1240 } 1241 asoc->ss_functions.sctp_ss_init(stcb, asoc, 0); 1242 1243 /* Now the mapping array */ 1244 asoc->mapping_array_size = SCTP_INITIAL_MAPPING_ARRAY; 1245 SCTP_MALLOC(asoc->mapping_array, uint8_t *, asoc->mapping_array_size, 1246 SCTP_M_MAP); 1247 if (asoc->mapping_array == NULL) { 1248 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 1249 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1250 return (ENOMEM); 1251 } 1252 memset(asoc->mapping_array, 0, asoc->mapping_array_size); 1253 SCTP_MALLOC(asoc->nr_mapping_array, uint8_t *, asoc->mapping_array_size, 1254 SCTP_M_MAP); 1255 if (asoc->nr_mapping_array == NULL) { 1256 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 1257 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 1258 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1259 return (ENOMEM); 1260 } 1261 memset(asoc->nr_mapping_array, 0, asoc->mapping_array_size); 1262 1263 /* Now the init of the other outqueues */ 1264 TAILQ_INIT(&asoc->free_chunks); 1265 TAILQ_INIT(&asoc->control_send_queue); 1266 TAILQ_INIT(&asoc->asconf_send_queue); 1267 TAILQ_INIT(&asoc->send_queue); 1268 TAILQ_INIT(&asoc->sent_queue); 1269 TAILQ_INIT(&asoc->resetHead); 1270 asoc->max_inbound_streams = inp->sctp_ep.max_open_streams_intome; 1271 TAILQ_INIT(&asoc->asconf_queue); 1272 /* authentication fields */ 1273 asoc->authinfo.random = NULL; 1274 asoc->authinfo.active_keyid = 0; 1275 asoc->authinfo.assoc_key = NULL; 1276 asoc->authinfo.assoc_keyid = 0; 1277 asoc->authinfo.recv_key = NULL; 1278 asoc->authinfo.recv_keyid = 0; 1279 LIST_INIT(&asoc->shared_keys); 1280 asoc->marked_retrans = 0; 1281 asoc->port = inp->sctp_ep.port; 1282 asoc->timoinit = 0; 1283 asoc->timodata = 0; 1284 asoc->timosack = 0; 1285 asoc->timoshutdown = 0; 1286 asoc->timoheartbeat = 0; 1287 asoc->timocookie = 0; 1288 asoc->timoshutdownack = 0; 1289 (void)SCTP_GETTIME_TIMEVAL(&asoc->start_time); 1290 asoc->discontinuity_time = asoc->start_time; 1291 for (i = 0; i < SCTP_PR_SCTP_MAX + 1; i++) { 1292 asoc->abandoned_unsent[i] = 0; 1293 asoc->abandoned_sent[i] = 0; 1294 } 1295 /* 1296 * sa_ignore MEMLEAK {memory is put in the assoc mapping array and 1297 * freed later when the association is freed. 1298 */ 1299 return (0); 1300 } 1301 1302 void 1303 sctp_print_mapping_array(struct sctp_association *asoc) 1304 { 1305 unsigned int i, limit; 1306 1307 SCTP_PRINTF("Mapping array size: %d, baseTSN: %8.8x, cumAck: %8.8x, highestTSN: (%8.8x, %8.8x).\n", 1308 asoc->mapping_array_size, 1309 asoc->mapping_array_base_tsn, 1310 asoc->cumulative_tsn, 1311 asoc->highest_tsn_inside_map, 1312 asoc->highest_tsn_inside_nr_map); 1313 for (limit = asoc->mapping_array_size; limit > 1; limit--) { 1314 if (asoc->mapping_array[limit - 1] != 0) { 1315 break; 1316 } 1317 } 1318 SCTP_PRINTF("Renegable mapping array (last %d entries are zero):\n", asoc->mapping_array_size - limit); 1319 for (i = 0; i < limit; i++) { 1320 SCTP_PRINTF("%2.2x%c", asoc->mapping_array[i], ((i + 1) % 16) ? ' ' : '\n'); 1321 } 1322 if (limit % 16) 1323 SCTP_PRINTF("\n"); 1324 for (limit = asoc->mapping_array_size; limit > 1; limit--) { 1325 if (asoc->nr_mapping_array[limit - 1]) { 1326 break; 1327 } 1328 } 1329 SCTP_PRINTF("Non renegable mapping array (last %d entries are zero):\n", asoc->mapping_array_size - limit); 1330 for (i = 0; i < limit; i++) { 1331 SCTP_PRINTF("%2.2x%c", asoc->nr_mapping_array[i], ((i + 1) % 16) ? ' ' : '\n'); 1332 } 1333 if (limit % 16) 1334 SCTP_PRINTF("\n"); 1335 } 1336 1337 int 1338 sctp_expand_mapping_array(struct sctp_association *asoc, uint32_t needed) 1339 { 1340 /* mapping array needs to grow */ 1341 uint8_t *new_array1, *new_array2; 1342 uint32_t new_size; 1343 1344 new_size = asoc->mapping_array_size + ((needed + 7) / 8 + SCTP_MAPPING_ARRAY_INCR); 1345 SCTP_MALLOC(new_array1, uint8_t *, new_size, SCTP_M_MAP); 1346 SCTP_MALLOC(new_array2, uint8_t *, new_size, SCTP_M_MAP); 1347 if ((new_array1 == NULL) || (new_array2 == NULL)) { 1348 /* can't get more, forget it */ 1349 SCTP_PRINTF("No memory for expansion of SCTP mapping array %d\n", new_size); 1350 if (new_array1) { 1351 SCTP_FREE(new_array1, SCTP_M_MAP); 1352 } 1353 if (new_array2) { 1354 SCTP_FREE(new_array2, SCTP_M_MAP); 1355 } 1356 return (-1); 1357 } 1358 memset(new_array1, 0, new_size); 1359 memset(new_array2, 0, new_size); 1360 memcpy(new_array1, asoc->mapping_array, asoc->mapping_array_size); 1361 memcpy(new_array2, asoc->nr_mapping_array, asoc->mapping_array_size); 1362 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 1363 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP); 1364 asoc->mapping_array = new_array1; 1365 asoc->nr_mapping_array = new_array2; 1366 asoc->mapping_array_size = new_size; 1367 return (0); 1368 } 1369 1370 1371 static void 1372 sctp_iterator_work(struct sctp_iterator *it) 1373 { 1374 int iteration_count = 0; 1375 int inp_skip = 0; 1376 int first_in = 1; 1377 struct sctp_inpcb *tinp; 1378 1379 SCTP_INP_INFO_RLOCK(); 1380 SCTP_ITERATOR_LOCK(); 1381 sctp_it_ctl.cur_it = it; 1382 if (it->inp) { 1383 SCTP_INP_RLOCK(it->inp); 1384 SCTP_INP_DECR_REF(it->inp); 1385 } 1386 if (it->inp == NULL) { 1387 /* iterator is complete */ 1388 done_with_iterator: 1389 sctp_it_ctl.cur_it = NULL; 1390 SCTP_ITERATOR_UNLOCK(); 1391 SCTP_INP_INFO_RUNLOCK(); 1392 if (it->function_atend != NULL) { 1393 (*it->function_atend) (it->pointer, it->val); 1394 } 1395 SCTP_FREE(it, SCTP_M_ITER); 1396 return; 1397 } 1398 select_a_new_ep: 1399 if (first_in) { 1400 first_in = 0; 1401 } else { 1402 SCTP_INP_RLOCK(it->inp); 1403 } 1404 while (((it->pcb_flags) && 1405 ((it->inp->sctp_flags & it->pcb_flags) != it->pcb_flags)) || 1406 ((it->pcb_features) && 1407 ((it->inp->sctp_features & it->pcb_features) != it->pcb_features))) { 1408 /* endpoint flags or features don't match, so keep looking */ 1409 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 1410 SCTP_INP_RUNLOCK(it->inp); 1411 goto done_with_iterator; 1412 } 1413 tinp = it->inp; 1414 it->inp = LIST_NEXT(it->inp, sctp_list); 1415 SCTP_INP_RUNLOCK(tinp); 1416 if (it->inp == NULL) { 1417 goto done_with_iterator; 1418 } 1419 SCTP_INP_RLOCK(it->inp); 1420 } 1421 /* now go through each assoc which is in the desired state */ 1422 if (it->done_current_ep == 0) { 1423 if (it->function_inp != NULL) 1424 inp_skip = (*it->function_inp) (it->inp, it->pointer, it->val); 1425 it->done_current_ep = 1; 1426 } 1427 if (it->stcb == NULL) { 1428 /* run the per instance function */ 1429 it->stcb = LIST_FIRST(&it->inp->sctp_asoc_list); 1430 } 1431 if ((inp_skip) || it->stcb == NULL) { 1432 if (it->function_inp_end != NULL) { 1433 inp_skip = (*it->function_inp_end) (it->inp, 1434 it->pointer, 1435 it->val); 1436 } 1437 SCTP_INP_RUNLOCK(it->inp); 1438 goto no_stcb; 1439 } 1440 while (it->stcb) { 1441 SCTP_TCB_LOCK(it->stcb); 1442 if (it->asoc_state && ((it->stcb->asoc.state & it->asoc_state) != it->asoc_state)) { 1443 /* not in the right state... keep looking */ 1444 SCTP_TCB_UNLOCK(it->stcb); 1445 goto next_assoc; 1446 } 1447 /* see if we have limited out the iterator loop */ 1448 iteration_count++; 1449 if (iteration_count > SCTP_ITERATOR_MAX_AT_ONCE) { 1450 /* Pause to let others grab the lock */ 1451 atomic_add_int(&it->stcb->asoc.refcnt, 1); 1452 SCTP_TCB_UNLOCK(it->stcb); 1453 SCTP_INP_INCR_REF(it->inp); 1454 SCTP_INP_RUNLOCK(it->inp); 1455 SCTP_ITERATOR_UNLOCK(); 1456 SCTP_INP_INFO_RUNLOCK(); 1457 SCTP_INP_INFO_RLOCK(); 1458 SCTP_ITERATOR_LOCK(); 1459 if (sctp_it_ctl.iterator_flags) { 1460 /* We won't be staying here */ 1461 SCTP_INP_DECR_REF(it->inp); 1462 atomic_add_int(&it->stcb->asoc.refcnt, -1); 1463 if (sctp_it_ctl.iterator_flags & 1464 SCTP_ITERATOR_STOP_CUR_IT) { 1465 sctp_it_ctl.iterator_flags &= ~SCTP_ITERATOR_STOP_CUR_IT; 1466 goto done_with_iterator; 1467 } 1468 if (sctp_it_ctl.iterator_flags & 1469 SCTP_ITERATOR_STOP_CUR_INP) { 1470 sctp_it_ctl.iterator_flags &= ~SCTP_ITERATOR_STOP_CUR_INP; 1471 goto no_stcb; 1472 } 1473 /* If we reach here huh? */ 1474 SCTP_PRINTF("Unknown it ctl flag %x\n", 1475 sctp_it_ctl.iterator_flags); 1476 sctp_it_ctl.iterator_flags = 0; 1477 } 1478 SCTP_INP_RLOCK(it->inp); 1479 SCTP_INP_DECR_REF(it->inp); 1480 SCTP_TCB_LOCK(it->stcb); 1481 atomic_add_int(&it->stcb->asoc.refcnt, -1); 1482 iteration_count = 0; 1483 } 1484 1485 /* run function on this one */ 1486 (*it->function_assoc) (it->inp, it->stcb, it->pointer, it->val); 1487 1488 /* 1489 * we lie here, it really needs to have its own type but 1490 * first I must verify that this won't effect things :-0 1491 */ 1492 if (it->no_chunk_output == 0) 1493 sctp_chunk_output(it->inp, it->stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1494 1495 SCTP_TCB_UNLOCK(it->stcb); 1496 next_assoc: 1497 it->stcb = LIST_NEXT(it->stcb, sctp_tcblist); 1498 if (it->stcb == NULL) { 1499 /* Run last function */ 1500 if (it->function_inp_end != NULL) { 1501 inp_skip = (*it->function_inp_end) (it->inp, 1502 it->pointer, 1503 it->val); 1504 } 1505 } 1506 } 1507 SCTP_INP_RUNLOCK(it->inp); 1508 no_stcb: 1509 /* done with all assocs on this endpoint, move on to next endpoint */ 1510 it->done_current_ep = 0; 1511 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 1512 it->inp = NULL; 1513 } else { 1514 it->inp = LIST_NEXT(it->inp, sctp_list); 1515 } 1516 if (it->inp == NULL) { 1517 goto done_with_iterator; 1518 } 1519 goto select_a_new_ep; 1520 } 1521 1522 void 1523 sctp_iterator_worker(void) 1524 { 1525 struct sctp_iterator *it; 1526 1527 /* This function is called with the WQ lock in place */ 1528 sctp_it_ctl.iterator_running = 1; 1529 while ((it = TAILQ_FIRST(&sctp_it_ctl.iteratorhead)) != NULL) { 1530 /* now lets work on this one */ 1531 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr); 1532 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 1533 CURVNET_SET(it->vn); 1534 sctp_iterator_work(it); 1535 CURVNET_RESTORE(); 1536 SCTP_IPI_ITERATOR_WQ_LOCK(); 1537 /* sa_ignore FREED_MEMORY */ 1538 } 1539 sctp_it_ctl.iterator_running = 0; 1540 return; 1541 } 1542 1543 1544 static void 1545 sctp_handle_addr_wq(void) 1546 { 1547 /* deal with the ADDR wq from the rtsock calls */ 1548 struct sctp_laddr *wi, *nwi; 1549 struct sctp_asconf_iterator *asc; 1550 1551 SCTP_MALLOC(asc, struct sctp_asconf_iterator *, 1552 sizeof(struct sctp_asconf_iterator), SCTP_M_ASC_IT); 1553 if (asc == NULL) { 1554 /* Try later, no memory */ 1555 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 1556 (struct sctp_inpcb *)NULL, 1557 (struct sctp_tcb *)NULL, 1558 (struct sctp_nets *)NULL); 1559 return; 1560 } 1561 LIST_INIT(&asc->list_of_work); 1562 asc->cnt = 0; 1563 1564 LIST_FOREACH_SAFE(wi, &SCTP_BASE_INFO(addr_wq), sctp_nxt_addr, nwi) { 1565 LIST_REMOVE(wi, sctp_nxt_addr); 1566 LIST_INSERT_HEAD(&asc->list_of_work, wi, sctp_nxt_addr); 1567 asc->cnt++; 1568 } 1569 1570 if (asc->cnt == 0) { 1571 SCTP_FREE(asc, SCTP_M_ASC_IT); 1572 } else { 1573 int ret; 1574 1575 ret = sctp_initiate_iterator(sctp_asconf_iterator_ep, 1576 sctp_asconf_iterator_stcb, 1577 NULL, /* No ep end for boundall */ 1578 SCTP_PCB_FLAGS_BOUNDALL, 1579 SCTP_PCB_ANY_FEATURES, 1580 SCTP_ASOC_ANY_STATE, 1581 (void *)asc, 0, 1582 sctp_asconf_iterator_end, NULL, 0); 1583 if (ret) { 1584 SCTP_PRINTF("Failed to initiate iterator for handle_addr_wq\n"); 1585 /* 1586 * Freeing if we are stopping or put back on the 1587 * addr_wq. 1588 */ 1589 if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) { 1590 sctp_asconf_iterator_end(asc, 0); 1591 } else { 1592 LIST_FOREACH(wi, &asc->list_of_work, sctp_nxt_addr) { 1593 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); 1594 } 1595 SCTP_FREE(asc, SCTP_M_ASC_IT); 1596 } 1597 } 1598 } 1599 } 1600 1601 void 1602 sctp_timeout_handler(void *t) 1603 { 1604 struct sctp_inpcb *inp; 1605 struct sctp_tcb *stcb; 1606 struct sctp_nets *net; 1607 struct sctp_timer *tmr; 1608 struct mbuf *op_err; 1609 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 1610 struct socket *so; 1611 #endif 1612 int did_output; 1613 int type; 1614 1615 tmr = (struct sctp_timer *)t; 1616 inp = (struct sctp_inpcb *)tmr->ep; 1617 stcb = (struct sctp_tcb *)tmr->tcb; 1618 net = (struct sctp_nets *)tmr->net; 1619 CURVNET_SET((struct vnet *)tmr->vnet); 1620 did_output = 1; 1621 1622 #ifdef SCTP_AUDITING_ENABLED 1623 sctp_audit_log(0xF0, (uint8_t)tmr->type); 1624 sctp_auditing(3, inp, stcb, net); 1625 #endif 1626 1627 /* sanity checks... */ 1628 if (tmr->self != (void *)tmr) { 1629 /* 1630 * SCTP_PRINTF("Stale SCTP timer fired (%p), ignoring...\n", 1631 * (void *)tmr); 1632 */ 1633 CURVNET_RESTORE(); 1634 return; 1635 } 1636 tmr->stopped_from = 0xa001; 1637 if (!SCTP_IS_TIMER_TYPE_VALID(tmr->type)) { 1638 /* 1639 * SCTP_PRINTF("SCTP timer fired with invalid type: 0x%x\n", 1640 * tmr->type); 1641 */ 1642 CURVNET_RESTORE(); 1643 return; 1644 } 1645 tmr->stopped_from = 0xa002; 1646 if ((tmr->type != SCTP_TIMER_TYPE_ADDR_WQ) && (inp == NULL)) { 1647 CURVNET_RESTORE(); 1648 return; 1649 } 1650 /* if this is an iterator timeout, get the struct and clear inp */ 1651 tmr->stopped_from = 0xa003; 1652 if (inp) { 1653 SCTP_INP_INCR_REF(inp); 1654 if ((inp->sctp_socket == NULL) && 1655 ((tmr->type != SCTP_TIMER_TYPE_INPKILL) && 1656 (tmr->type != SCTP_TIMER_TYPE_INIT) && 1657 (tmr->type != SCTP_TIMER_TYPE_SEND) && 1658 (tmr->type != SCTP_TIMER_TYPE_RECV) && 1659 (tmr->type != SCTP_TIMER_TYPE_HEARTBEAT) && 1660 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWN) && 1661 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNACK) && 1662 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNGUARD) && 1663 (tmr->type != SCTP_TIMER_TYPE_ASOCKILL))) { 1664 SCTP_INP_DECR_REF(inp); 1665 CURVNET_RESTORE(); 1666 return; 1667 } 1668 } 1669 tmr->stopped_from = 0xa004; 1670 if (stcb) { 1671 atomic_add_int(&stcb->asoc.refcnt, 1); 1672 if (stcb->asoc.state == 0) { 1673 atomic_add_int(&stcb->asoc.refcnt, -1); 1674 if (inp) { 1675 SCTP_INP_DECR_REF(inp); 1676 } 1677 CURVNET_RESTORE(); 1678 return; 1679 } 1680 } 1681 type = tmr->type; 1682 tmr->stopped_from = 0xa005; 1683 SCTPDBG(SCTP_DEBUG_TIMER1, "Timer type %d goes off\n", type); 1684 if (!SCTP_OS_TIMER_ACTIVE(&tmr->timer)) { 1685 if (inp) { 1686 SCTP_INP_DECR_REF(inp); 1687 } 1688 if (stcb) { 1689 atomic_add_int(&stcb->asoc.refcnt, -1); 1690 } 1691 CURVNET_RESTORE(); 1692 return; 1693 } 1694 tmr->stopped_from = 0xa006; 1695 1696 if (stcb) { 1697 SCTP_TCB_LOCK(stcb); 1698 atomic_add_int(&stcb->asoc.refcnt, -1); 1699 if ((type != SCTP_TIMER_TYPE_ASOCKILL) && 1700 ((stcb->asoc.state == 0) || 1701 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED))) { 1702 SCTP_TCB_UNLOCK(stcb); 1703 if (inp) { 1704 SCTP_INP_DECR_REF(inp); 1705 } 1706 CURVNET_RESTORE(); 1707 return; 1708 } 1709 } else if (inp != NULL) { 1710 if (type != SCTP_TIMER_TYPE_INPKILL) { 1711 SCTP_INP_WLOCK(inp); 1712 } 1713 } else { 1714 SCTP_WQ_ADDR_LOCK(); 1715 } 1716 /* record in stopped what t-o occurred */ 1717 tmr->stopped_from = type; 1718 1719 /* mark as being serviced now */ 1720 if (SCTP_OS_TIMER_PENDING(&tmr->timer)) { 1721 /* 1722 * Callout has been rescheduled. 1723 */ 1724 goto get_out; 1725 } 1726 if (!SCTP_OS_TIMER_ACTIVE(&tmr->timer)) { 1727 /* 1728 * Not active, so no action. 1729 */ 1730 goto get_out; 1731 } 1732 SCTP_OS_TIMER_DEACTIVATE(&tmr->timer); 1733 1734 /* call the handler for the appropriate timer type */ 1735 switch (type) { 1736 case SCTP_TIMER_TYPE_ADDR_WQ: 1737 sctp_handle_addr_wq(); 1738 break; 1739 case SCTP_TIMER_TYPE_SEND: 1740 if ((stcb == NULL) || (inp == NULL)) { 1741 break; 1742 } 1743 SCTP_STAT_INCR(sctps_timodata); 1744 stcb->asoc.timodata++; 1745 stcb->asoc.num_send_timers_up--; 1746 if (stcb->asoc.num_send_timers_up < 0) { 1747 stcb->asoc.num_send_timers_up = 0; 1748 } 1749 SCTP_TCB_LOCK_ASSERT(stcb); 1750 if (sctp_t3rxt_timer(inp, stcb, net)) { 1751 /* no need to unlock on tcb its gone */ 1752 1753 goto out_decr; 1754 } 1755 SCTP_TCB_LOCK_ASSERT(stcb); 1756 #ifdef SCTP_AUDITING_ENABLED 1757 sctp_auditing(4, inp, stcb, net); 1758 #endif 1759 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1760 if ((stcb->asoc.num_send_timers_up == 0) && 1761 (stcb->asoc.sent_queue_cnt > 0)) { 1762 struct sctp_tmit_chunk *chk; 1763 1764 /* 1765 * safeguard. If there on some on the sent queue 1766 * somewhere but no timers running something is 1767 * wrong... so we start a timer on the first chunk 1768 * on the send queue on whatever net it is sent to. 1769 */ 1770 chk = TAILQ_FIRST(&stcb->asoc.sent_queue); 1771 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, 1772 chk->whoTo); 1773 } 1774 break; 1775 case SCTP_TIMER_TYPE_INIT: 1776 if ((stcb == NULL) || (inp == NULL)) { 1777 break; 1778 } 1779 SCTP_STAT_INCR(sctps_timoinit); 1780 stcb->asoc.timoinit++; 1781 if (sctp_t1init_timer(inp, stcb, net)) { 1782 /* no need to unlock on tcb its gone */ 1783 goto out_decr; 1784 } 1785 /* We do output but not here */ 1786 did_output = 0; 1787 break; 1788 case SCTP_TIMER_TYPE_RECV: 1789 if ((stcb == NULL) || (inp == NULL)) { 1790 break; 1791 } 1792 SCTP_STAT_INCR(sctps_timosack); 1793 stcb->asoc.timosack++; 1794 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED); 1795 #ifdef SCTP_AUDITING_ENABLED 1796 sctp_auditing(4, inp, stcb, net); 1797 #endif 1798 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SACK_TMR, SCTP_SO_NOT_LOCKED); 1799 break; 1800 case SCTP_TIMER_TYPE_SHUTDOWN: 1801 if ((stcb == NULL) || (inp == NULL)) { 1802 break; 1803 } 1804 if (sctp_shutdown_timer(inp, stcb, net)) { 1805 /* no need to unlock on tcb its gone */ 1806 goto out_decr; 1807 } 1808 SCTP_STAT_INCR(sctps_timoshutdown); 1809 stcb->asoc.timoshutdown++; 1810 #ifdef SCTP_AUDITING_ENABLED 1811 sctp_auditing(4, inp, stcb, net); 1812 #endif 1813 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_TMR, SCTP_SO_NOT_LOCKED); 1814 break; 1815 case SCTP_TIMER_TYPE_HEARTBEAT: 1816 if ((stcb == NULL) || (inp == NULL) || (net == NULL)) { 1817 break; 1818 } 1819 SCTP_STAT_INCR(sctps_timoheartbeat); 1820 stcb->asoc.timoheartbeat++; 1821 if (sctp_heartbeat_timer(inp, stcb, net)) { 1822 /* no need to unlock on tcb its gone */ 1823 goto out_decr; 1824 } 1825 #ifdef SCTP_AUDITING_ENABLED 1826 sctp_auditing(4, inp, stcb, net); 1827 #endif 1828 if (!(net->dest_state & SCTP_ADDR_NOHB)) { 1829 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net); 1830 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_HB_TMR, SCTP_SO_NOT_LOCKED); 1831 } 1832 break; 1833 case SCTP_TIMER_TYPE_COOKIE: 1834 if ((stcb == NULL) || (inp == NULL)) { 1835 break; 1836 } 1837 1838 if (sctp_cookie_timer(inp, stcb, net)) { 1839 /* no need to unlock on tcb its gone */ 1840 goto out_decr; 1841 } 1842 SCTP_STAT_INCR(sctps_timocookie); 1843 stcb->asoc.timocookie++; 1844 #ifdef SCTP_AUDITING_ENABLED 1845 sctp_auditing(4, inp, stcb, net); 1846 #endif 1847 /* 1848 * We consider T3 and Cookie timer pretty much the same with 1849 * respect to where from in chunk_output. 1850 */ 1851 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1852 break; 1853 case SCTP_TIMER_TYPE_NEWCOOKIE: 1854 { 1855 struct timeval tv; 1856 int i, secret; 1857 1858 if (inp == NULL) { 1859 break; 1860 } 1861 SCTP_STAT_INCR(sctps_timosecret); 1862 (void)SCTP_GETTIME_TIMEVAL(&tv); 1863 inp->sctp_ep.time_of_secret_change = tv.tv_sec; 1864 inp->sctp_ep.last_secret_number = 1865 inp->sctp_ep.current_secret_number; 1866 inp->sctp_ep.current_secret_number++; 1867 if (inp->sctp_ep.current_secret_number >= 1868 SCTP_HOW_MANY_SECRETS) { 1869 inp->sctp_ep.current_secret_number = 0; 1870 } 1871 secret = (int)inp->sctp_ep.current_secret_number; 1872 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) { 1873 inp->sctp_ep.secret_key[secret][i] = 1874 sctp_select_initial_TSN(&inp->sctp_ep); 1875 } 1876 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, stcb, net); 1877 } 1878 did_output = 0; 1879 break; 1880 case SCTP_TIMER_TYPE_PATHMTURAISE: 1881 if ((stcb == NULL) || (inp == NULL)) { 1882 break; 1883 } 1884 SCTP_STAT_INCR(sctps_timopathmtu); 1885 sctp_pathmtu_timer(inp, stcb, net); 1886 did_output = 0; 1887 break; 1888 case SCTP_TIMER_TYPE_SHUTDOWNACK: 1889 if ((stcb == NULL) || (inp == NULL)) { 1890 break; 1891 } 1892 if (sctp_shutdownack_timer(inp, stcb, net)) { 1893 /* no need to unlock on tcb its gone */ 1894 goto out_decr; 1895 } 1896 SCTP_STAT_INCR(sctps_timoshutdownack); 1897 stcb->asoc.timoshutdownack++; 1898 #ifdef SCTP_AUDITING_ENABLED 1899 sctp_auditing(4, inp, stcb, net); 1900 #endif 1901 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_ACK_TMR, SCTP_SO_NOT_LOCKED); 1902 break; 1903 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 1904 if ((stcb == NULL) || (inp == NULL)) { 1905 break; 1906 } 1907 SCTP_STAT_INCR(sctps_timoshutdownguard); 1908 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), 1909 "Shutdown guard timer expired"); 1910 sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); 1911 /* no need to unlock on tcb its gone */ 1912 goto out_decr; 1913 1914 case SCTP_TIMER_TYPE_STRRESET: 1915 if ((stcb == NULL) || (inp == NULL)) { 1916 break; 1917 } 1918 if (sctp_strreset_timer(inp, stcb, net)) { 1919 /* no need to unlock on tcb its gone */ 1920 goto out_decr; 1921 } 1922 SCTP_STAT_INCR(sctps_timostrmrst); 1923 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_STRRST_TMR, SCTP_SO_NOT_LOCKED); 1924 break; 1925 case SCTP_TIMER_TYPE_ASCONF: 1926 if ((stcb == NULL) || (inp == NULL)) { 1927 break; 1928 } 1929 if (sctp_asconf_timer(inp, stcb, net)) { 1930 /* no need to unlock on tcb its gone */ 1931 goto out_decr; 1932 } 1933 SCTP_STAT_INCR(sctps_timoasconf); 1934 #ifdef SCTP_AUDITING_ENABLED 1935 sctp_auditing(4, inp, stcb, net); 1936 #endif 1937 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_ASCONF_TMR, SCTP_SO_NOT_LOCKED); 1938 break; 1939 case SCTP_TIMER_TYPE_PRIM_DELETED: 1940 if ((stcb == NULL) || (inp == NULL)) { 1941 break; 1942 } 1943 sctp_delete_prim_timer(inp, stcb, net); 1944 SCTP_STAT_INCR(sctps_timodelprim); 1945 break; 1946 1947 case SCTP_TIMER_TYPE_AUTOCLOSE: 1948 if ((stcb == NULL) || (inp == NULL)) { 1949 break; 1950 } 1951 SCTP_STAT_INCR(sctps_timoautoclose); 1952 sctp_autoclose_timer(inp, stcb, net); 1953 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR, SCTP_SO_NOT_LOCKED); 1954 did_output = 0; 1955 break; 1956 case SCTP_TIMER_TYPE_ASOCKILL: 1957 if ((stcb == NULL) || (inp == NULL)) { 1958 break; 1959 } 1960 SCTP_STAT_INCR(sctps_timoassockill); 1961 /* Can we free it yet? */ 1962 SCTP_INP_DECR_REF(inp); 1963 sctp_timer_stop(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL, 1964 SCTP_FROM_SCTPUTIL + SCTP_LOC_1); 1965 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 1966 so = SCTP_INP_SO(inp); 1967 atomic_add_int(&stcb->asoc.refcnt, 1); 1968 SCTP_TCB_UNLOCK(stcb); 1969 SCTP_SOCKET_LOCK(so, 1); 1970 SCTP_TCB_LOCK(stcb); 1971 atomic_subtract_int(&stcb->asoc.refcnt, 1); 1972 #endif 1973 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 1974 SCTP_FROM_SCTPUTIL + SCTP_LOC_2); 1975 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 1976 SCTP_SOCKET_UNLOCK(so, 1); 1977 #endif 1978 /* 1979 * free asoc, always unlocks (or destroy's) so prevent 1980 * duplicate unlock or unlock of a free mtx :-0 1981 */ 1982 stcb = NULL; 1983 goto out_no_decr; 1984 case SCTP_TIMER_TYPE_INPKILL: 1985 SCTP_STAT_INCR(sctps_timoinpkill); 1986 if (inp == NULL) { 1987 break; 1988 } 1989 /* 1990 * special case, take away our increment since WE are the 1991 * killer 1992 */ 1993 SCTP_INP_DECR_REF(inp); 1994 sctp_timer_stop(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL, 1995 SCTP_FROM_SCTPUTIL + SCTP_LOC_3); 1996 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 1997 SCTP_CALLED_FROM_INPKILL_TIMER); 1998 inp = NULL; 1999 goto out_no_decr; 2000 default: 2001 SCTPDBG(SCTP_DEBUG_TIMER1, "sctp_timeout_handler:unknown timer %d\n", 2002 type); 2003 break; 2004 } 2005 #ifdef SCTP_AUDITING_ENABLED 2006 sctp_audit_log(0xF1, (uint8_t)type); 2007 if (inp) 2008 sctp_auditing(5, inp, stcb, net); 2009 #endif 2010 if ((did_output) && stcb) { 2011 /* 2012 * Now we need to clean up the control chunk chain if an 2013 * ECNE is on it. It must be marked as UNSENT again so next 2014 * call will continue to send it until such time that we get 2015 * a CWR, to remove it. It is, however, less likely that we 2016 * will find a ecn echo on the chain though. 2017 */ 2018 sctp_fix_ecn_echo(&stcb->asoc); 2019 } 2020 get_out: 2021 if (stcb) { 2022 SCTP_TCB_UNLOCK(stcb); 2023 } else if (inp != NULL) { 2024 SCTP_INP_WUNLOCK(inp); 2025 } else { 2026 SCTP_WQ_ADDR_UNLOCK(); 2027 } 2028 2029 out_decr: 2030 if (inp) { 2031 SCTP_INP_DECR_REF(inp); 2032 } 2033 2034 out_no_decr: 2035 SCTPDBG(SCTP_DEBUG_TIMER1, "Timer now complete (type = %d)\n", type); 2036 CURVNET_RESTORE(); 2037 } 2038 2039 void 2040 sctp_timer_start(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 2041 struct sctp_nets *net) 2042 { 2043 uint32_t to_ticks; 2044 struct sctp_timer *tmr; 2045 2046 if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && (inp == NULL)) 2047 return; 2048 2049 tmr = NULL; 2050 if (stcb) { 2051 SCTP_TCB_LOCK_ASSERT(stcb); 2052 } 2053 /* Don't restart timer on net that's been removed. */ 2054 if (net != NULL && (net->dest_state & SCTP_ADDR_BEING_DELETED)) { 2055 return; 2056 } 2057 switch (t_type) { 2058 case SCTP_TIMER_TYPE_ADDR_WQ: 2059 /* Only 1 tick away :-) */ 2060 tmr = &SCTP_BASE_INFO(addr_wq_timer); 2061 to_ticks = SCTP_ADDRESS_TICK_DELAY; 2062 break; 2063 case SCTP_TIMER_TYPE_SEND: 2064 /* Here we use the RTO timer */ 2065 { 2066 int rto_val; 2067 2068 if ((stcb == NULL) || (net == NULL)) { 2069 return; 2070 } 2071 tmr = &net->rxt_timer; 2072 if (net->RTO == 0) { 2073 rto_val = stcb->asoc.initial_rto; 2074 } else { 2075 rto_val = net->RTO; 2076 } 2077 to_ticks = MSEC_TO_TICKS(rto_val); 2078 } 2079 break; 2080 case SCTP_TIMER_TYPE_INIT: 2081 /* 2082 * Here we use the INIT timer default usually about 1 2083 * minute. 2084 */ 2085 if ((stcb == NULL) || (net == NULL)) { 2086 return; 2087 } 2088 tmr = &net->rxt_timer; 2089 if (net->RTO == 0) { 2090 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2091 } else { 2092 to_ticks = MSEC_TO_TICKS(net->RTO); 2093 } 2094 break; 2095 case SCTP_TIMER_TYPE_RECV: 2096 /* 2097 * Here we use the Delayed-Ack timer value from the inp 2098 * ususually about 200ms. 2099 */ 2100 if (stcb == NULL) { 2101 return; 2102 } 2103 tmr = &stcb->asoc.dack_timer; 2104 to_ticks = MSEC_TO_TICKS(stcb->asoc.delayed_ack); 2105 break; 2106 case SCTP_TIMER_TYPE_SHUTDOWN: 2107 /* Here we use the RTO of the destination. */ 2108 if ((stcb == NULL) || (net == NULL)) { 2109 return; 2110 } 2111 if (net->RTO == 0) { 2112 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2113 } else { 2114 to_ticks = MSEC_TO_TICKS(net->RTO); 2115 } 2116 tmr = &net->rxt_timer; 2117 break; 2118 case SCTP_TIMER_TYPE_HEARTBEAT: 2119 /* 2120 * the net is used here so that we can add in the RTO. Even 2121 * though we use a different timer. We also add the HB timer 2122 * PLUS a random jitter. 2123 */ 2124 if ((stcb == NULL) || (net == NULL)) { 2125 return; 2126 } else { 2127 uint32_t rndval; 2128 uint32_t jitter; 2129 2130 if ((net->dest_state & SCTP_ADDR_NOHB) && 2131 !(net->dest_state & SCTP_ADDR_UNCONFIRMED)) { 2132 return; 2133 } 2134 if (net->RTO == 0) { 2135 to_ticks = stcb->asoc.initial_rto; 2136 } else { 2137 to_ticks = net->RTO; 2138 } 2139 rndval = sctp_select_initial_TSN(&inp->sctp_ep); 2140 jitter = rndval % to_ticks; 2141 if (jitter >= (to_ticks >> 1)) { 2142 to_ticks = to_ticks + (jitter - (to_ticks >> 1)); 2143 } else { 2144 to_ticks = to_ticks - jitter; 2145 } 2146 if (!(net->dest_state & SCTP_ADDR_UNCONFIRMED) && 2147 !(net->dest_state & SCTP_ADDR_PF)) { 2148 to_ticks += net->heart_beat_delay; 2149 } 2150 /* 2151 * Now we must convert the to_ticks that are now in 2152 * ms to ticks. 2153 */ 2154 to_ticks = MSEC_TO_TICKS(to_ticks); 2155 tmr = &net->hb_timer; 2156 } 2157 break; 2158 case SCTP_TIMER_TYPE_COOKIE: 2159 /* 2160 * Here we can use the RTO timer from the network since one 2161 * RTT was compelete. If a retran happened then we will be 2162 * using the RTO initial value. 2163 */ 2164 if ((stcb == NULL) || (net == NULL)) { 2165 return; 2166 } 2167 if (net->RTO == 0) { 2168 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2169 } else { 2170 to_ticks = MSEC_TO_TICKS(net->RTO); 2171 } 2172 tmr = &net->rxt_timer; 2173 break; 2174 case SCTP_TIMER_TYPE_NEWCOOKIE: 2175 /* 2176 * nothing needed but the endpoint here ususually about 60 2177 * minutes. 2178 */ 2179 tmr = &inp->sctp_ep.signature_change; 2180 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_SIGNATURE]; 2181 break; 2182 case SCTP_TIMER_TYPE_ASOCKILL: 2183 if (stcb == NULL) { 2184 return; 2185 } 2186 tmr = &stcb->asoc.strreset_timer; 2187 to_ticks = MSEC_TO_TICKS(SCTP_ASOC_KILL_TIMEOUT); 2188 break; 2189 case SCTP_TIMER_TYPE_INPKILL: 2190 /* 2191 * The inp is setup to die. We re-use the signature_chage 2192 * timer since that has stopped and we are in the GONE 2193 * state. 2194 */ 2195 tmr = &inp->sctp_ep.signature_change; 2196 to_ticks = MSEC_TO_TICKS(SCTP_INP_KILL_TIMEOUT); 2197 break; 2198 case SCTP_TIMER_TYPE_PATHMTURAISE: 2199 /* 2200 * Here we use the value found in the EP for PMTU ususually 2201 * about 10 minutes. 2202 */ 2203 if ((stcb == NULL) || (net == NULL)) { 2204 return; 2205 } 2206 if (net->dest_state & SCTP_ADDR_NO_PMTUD) { 2207 return; 2208 } 2209 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_PMTU]; 2210 tmr = &net->pmtu_timer; 2211 break; 2212 case SCTP_TIMER_TYPE_SHUTDOWNACK: 2213 /* Here we use the RTO of the destination */ 2214 if ((stcb == NULL) || (net == NULL)) { 2215 return; 2216 } 2217 if (net->RTO == 0) { 2218 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2219 } else { 2220 to_ticks = MSEC_TO_TICKS(net->RTO); 2221 } 2222 tmr = &net->rxt_timer; 2223 break; 2224 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 2225 /* 2226 * Here we use the endpoints shutdown guard timer usually 2227 * about 3 minutes. 2228 */ 2229 if (stcb == NULL) { 2230 return; 2231 } 2232 if (inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN] == 0) { 2233 to_ticks = 5 * MSEC_TO_TICKS(stcb->asoc.maxrto); 2234 } else { 2235 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN]; 2236 } 2237 tmr = &stcb->asoc.shut_guard_timer; 2238 break; 2239 case SCTP_TIMER_TYPE_STRRESET: 2240 /* 2241 * Here the timer comes from the stcb but its value is from 2242 * the net's RTO. 2243 */ 2244 if ((stcb == NULL) || (net == NULL)) { 2245 return; 2246 } 2247 if (net->RTO == 0) { 2248 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2249 } else { 2250 to_ticks = MSEC_TO_TICKS(net->RTO); 2251 } 2252 tmr = &stcb->asoc.strreset_timer; 2253 break; 2254 case SCTP_TIMER_TYPE_ASCONF: 2255 /* 2256 * Here the timer comes from the stcb but its value is from 2257 * the net's RTO. 2258 */ 2259 if ((stcb == NULL) || (net == NULL)) { 2260 return; 2261 } 2262 if (net->RTO == 0) { 2263 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2264 } else { 2265 to_ticks = MSEC_TO_TICKS(net->RTO); 2266 } 2267 tmr = &stcb->asoc.asconf_timer; 2268 break; 2269 case SCTP_TIMER_TYPE_PRIM_DELETED: 2270 if ((stcb == NULL) || (net != NULL)) { 2271 return; 2272 } 2273 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2274 tmr = &stcb->asoc.delete_prim_timer; 2275 break; 2276 case SCTP_TIMER_TYPE_AUTOCLOSE: 2277 if (stcb == NULL) { 2278 return; 2279 } 2280 if (stcb->asoc.sctp_autoclose_ticks == 0) { 2281 /* 2282 * Really an error since stcb is NOT set to 2283 * autoclose 2284 */ 2285 return; 2286 } 2287 to_ticks = stcb->asoc.sctp_autoclose_ticks; 2288 tmr = &stcb->asoc.autoclose_timer; 2289 break; 2290 default: 2291 SCTPDBG(SCTP_DEBUG_TIMER1, "%s: Unknown timer type %d\n", 2292 __func__, t_type); 2293 return; 2294 break; 2295 } 2296 if ((to_ticks <= 0) || (tmr == NULL)) { 2297 SCTPDBG(SCTP_DEBUG_TIMER1, "%s: %d:software error to_ticks:%d tmr:%p not set ??\n", 2298 __func__, t_type, to_ticks, (void *)tmr); 2299 return; 2300 } 2301 if (SCTP_OS_TIMER_PENDING(&tmr->timer)) { 2302 /* 2303 * we do NOT allow you to have it already running. if it is 2304 * we leave the current one up unchanged 2305 */ 2306 return; 2307 } 2308 /* At this point we can proceed */ 2309 if (t_type == SCTP_TIMER_TYPE_SEND) { 2310 stcb->asoc.num_send_timers_up++; 2311 } 2312 tmr->stopped_from = 0; 2313 tmr->type = t_type; 2314 tmr->ep = (void *)inp; 2315 tmr->tcb = (void *)stcb; 2316 tmr->net = (void *)net; 2317 tmr->self = (void *)tmr; 2318 tmr->vnet = (void *)curvnet; 2319 tmr->ticks = sctp_get_tick_count(); 2320 (void)SCTP_OS_TIMER_START(&tmr->timer, to_ticks, sctp_timeout_handler, tmr); 2321 return; 2322 } 2323 2324 void 2325 sctp_timer_stop(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 2326 struct sctp_nets *net, uint32_t from) 2327 { 2328 struct sctp_timer *tmr; 2329 2330 if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && 2331 (inp == NULL)) 2332 return; 2333 2334 tmr = NULL; 2335 if (stcb) { 2336 SCTP_TCB_LOCK_ASSERT(stcb); 2337 } 2338 switch (t_type) { 2339 case SCTP_TIMER_TYPE_ADDR_WQ: 2340 tmr = &SCTP_BASE_INFO(addr_wq_timer); 2341 break; 2342 case SCTP_TIMER_TYPE_SEND: 2343 if ((stcb == NULL) || (net == NULL)) { 2344 return; 2345 } 2346 tmr = &net->rxt_timer; 2347 break; 2348 case SCTP_TIMER_TYPE_INIT: 2349 if ((stcb == NULL) || (net == NULL)) { 2350 return; 2351 } 2352 tmr = &net->rxt_timer; 2353 break; 2354 case SCTP_TIMER_TYPE_RECV: 2355 if (stcb == NULL) { 2356 return; 2357 } 2358 tmr = &stcb->asoc.dack_timer; 2359 break; 2360 case SCTP_TIMER_TYPE_SHUTDOWN: 2361 if ((stcb == NULL) || (net == NULL)) { 2362 return; 2363 } 2364 tmr = &net->rxt_timer; 2365 break; 2366 case SCTP_TIMER_TYPE_HEARTBEAT: 2367 if ((stcb == NULL) || (net == NULL)) { 2368 return; 2369 } 2370 tmr = &net->hb_timer; 2371 break; 2372 case SCTP_TIMER_TYPE_COOKIE: 2373 if ((stcb == NULL) || (net == NULL)) { 2374 return; 2375 } 2376 tmr = &net->rxt_timer; 2377 break; 2378 case SCTP_TIMER_TYPE_NEWCOOKIE: 2379 /* nothing needed but the endpoint here */ 2380 tmr = &inp->sctp_ep.signature_change; 2381 /* 2382 * We re-use the newcookie timer for the INP kill timer. We 2383 * must assure that we do not kill it by accident. 2384 */ 2385 break; 2386 case SCTP_TIMER_TYPE_ASOCKILL: 2387 /* 2388 * Stop the asoc kill timer. 2389 */ 2390 if (stcb == NULL) { 2391 return; 2392 } 2393 tmr = &stcb->asoc.strreset_timer; 2394 break; 2395 2396 case SCTP_TIMER_TYPE_INPKILL: 2397 /* 2398 * The inp is setup to die. We re-use the signature_chage 2399 * timer since that has stopped and we are in the GONE 2400 * state. 2401 */ 2402 tmr = &inp->sctp_ep.signature_change; 2403 break; 2404 case SCTP_TIMER_TYPE_PATHMTURAISE: 2405 if ((stcb == NULL) || (net == NULL)) { 2406 return; 2407 } 2408 tmr = &net->pmtu_timer; 2409 break; 2410 case SCTP_TIMER_TYPE_SHUTDOWNACK: 2411 if ((stcb == NULL) || (net == NULL)) { 2412 return; 2413 } 2414 tmr = &net->rxt_timer; 2415 break; 2416 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 2417 if (stcb == NULL) { 2418 return; 2419 } 2420 tmr = &stcb->asoc.shut_guard_timer; 2421 break; 2422 case SCTP_TIMER_TYPE_STRRESET: 2423 if (stcb == NULL) { 2424 return; 2425 } 2426 tmr = &stcb->asoc.strreset_timer; 2427 break; 2428 case SCTP_TIMER_TYPE_ASCONF: 2429 if (stcb == NULL) { 2430 return; 2431 } 2432 tmr = &stcb->asoc.asconf_timer; 2433 break; 2434 case SCTP_TIMER_TYPE_PRIM_DELETED: 2435 if (stcb == NULL) { 2436 return; 2437 } 2438 tmr = &stcb->asoc.delete_prim_timer; 2439 break; 2440 case SCTP_TIMER_TYPE_AUTOCLOSE: 2441 if (stcb == NULL) { 2442 return; 2443 } 2444 tmr = &stcb->asoc.autoclose_timer; 2445 break; 2446 default: 2447 SCTPDBG(SCTP_DEBUG_TIMER1, "%s: Unknown timer type %d\n", 2448 __func__, t_type); 2449 break; 2450 } 2451 if (tmr == NULL) { 2452 return; 2453 } 2454 if ((tmr->type != t_type) && tmr->type) { 2455 /* 2456 * Ok we have a timer that is under joint use. Cookie timer 2457 * per chance with the SEND timer. We therefore are NOT 2458 * running the timer that the caller wants stopped. So just 2459 * return. 2460 */ 2461 return; 2462 } 2463 if ((t_type == SCTP_TIMER_TYPE_SEND) && (stcb != NULL)) { 2464 stcb->asoc.num_send_timers_up--; 2465 if (stcb->asoc.num_send_timers_up < 0) { 2466 stcb->asoc.num_send_timers_up = 0; 2467 } 2468 } 2469 tmr->self = NULL; 2470 tmr->stopped_from = from; 2471 (void)SCTP_OS_TIMER_STOP(&tmr->timer); 2472 return; 2473 } 2474 2475 uint32_t 2476 sctp_calculate_len(struct mbuf *m) 2477 { 2478 uint32_t tlen = 0; 2479 struct mbuf *at; 2480 2481 at = m; 2482 while (at) { 2483 tlen += SCTP_BUF_LEN(at); 2484 at = SCTP_BUF_NEXT(at); 2485 } 2486 return (tlen); 2487 } 2488 2489 void 2490 sctp_mtu_size_reset(struct sctp_inpcb *inp, 2491 struct sctp_association *asoc, uint32_t mtu) 2492 { 2493 /* 2494 * Reset the P-MTU size on this association, this involves changing 2495 * the asoc MTU, going through ANY chunk+overhead larger than mtu to 2496 * allow the DF flag to be cleared. 2497 */ 2498 struct sctp_tmit_chunk *chk; 2499 unsigned int eff_mtu, ovh; 2500 2501 asoc->smallest_mtu = mtu; 2502 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 2503 ovh = SCTP_MIN_OVERHEAD; 2504 } else { 2505 ovh = SCTP_MIN_V4_OVERHEAD; 2506 } 2507 eff_mtu = mtu - ovh; 2508 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 2509 if (chk->send_size > eff_mtu) { 2510 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2511 } 2512 } 2513 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 2514 if (chk->send_size > eff_mtu) { 2515 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2516 } 2517 } 2518 } 2519 2520 2521 /* 2522 * Given an association and starting time of the current RTT period, update 2523 * RTO in number of msecs. net should point to the current network. 2524 * Return 1, if an RTO update was performed, return 0 if no update was 2525 * performed due to invalid starting point. 2526 */ 2527 2528 int 2529 sctp_calculate_rto(struct sctp_tcb *stcb, 2530 struct sctp_association *asoc, 2531 struct sctp_nets *net, 2532 struct timeval *old, 2533 int rtt_from_sack) 2534 { 2535 struct timeval now; 2536 uint64_t rtt_us; /* RTT in us */ 2537 int32_t rtt; /* RTT in ms */ 2538 uint32_t new_rto; 2539 int first_measure = 0; 2540 2541 /************************/ 2542 /* 1. calculate new RTT */ 2543 /************************/ 2544 /* get the current time */ 2545 if (stcb->asoc.use_precise_time) { 2546 (void)SCTP_GETPTIME_TIMEVAL(&now); 2547 } else { 2548 (void)SCTP_GETTIME_TIMEVAL(&now); 2549 } 2550 if ((old->tv_sec > now.tv_sec) || 2551 ((old->tv_sec == now.tv_sec) && (old->tv_sec > now.tv_sec))) { 2552 /* The starting point is in the future. */ 2553 return (0); 2554 } 2555 timevalsub(&now, old); 2556 rtt_us = (uint64_t)1000000 * (uint64_t)now.tv_sec + (uint64_t)now.tv_usec; 2557 if (rtt_us > SCTP_RTO_UPPER_BOUND * 1000) { 2558 /* The RTT is larger than a sane value. */ 2559 return (0); 2560 } 2561 /* store the current RTT in us */ 2562 net->rtt = rtt_us; 2563 /* compute rtt in ms */ 2564 rtt = (int32_t)(net->rtt / 1000); 2565 if ((asoc->cc_functions.sctp_rtt_calculated) && (rtt_from_sack == SCTP_RTT_FROM_DATA)) { 2566 /* 2567 * Tell the CC module that a new update has just occurred 2568 * from a sack 2569 */ 2570 (*asoc->cc_functions.sctp_rtt_calculated) (stcb, net, &now); 2571 } 2572 /* 2573 * Do we need to determine the lan? We do this only on sacks i.e. 2574 * RTT being determined from data not non-data (HB/INIT->INITACK). 2575 */ 2576 if ((rtt_from_sack == SCTP_RTT_FROM_DATA) && 2577 (net->lan_type == SCTP_LAN_UNKNOWN)) { 2578 if (net->rtt > SCTP_LOCAL_LAN_RTT) { 2579 net->lan_type = SCTP_LAN_INTERNET; 2580 } else { 2581 net->lan_type = SCTP_LAN_LOCAL; 2582 } 2583 } 2584 2585 /***************************/ 2586 /* 2. update RTTVAR & SRTT */ 2587 /***************************/ 2588 /*- 2589 * Compute the scaled average lastsa and the 2590 * scaled variance lastsv as described in van Jacobson 2591 * Paper "Congestion Avoidance and Control", Annex A. 2592 * 2593 * (net->lastsa >> SCTP_RTT_SHIFT) is the srtt 2594 * (net->lastsv >> SCTP_RTT_VAR_SHIFT) is the rttvar 2595 */ 2596 if (net->RTO_measured) { 2597 rtt -= (net->lastsa >> SCTP_RTT_SHIFT); 2598 net->lastsa += rtt; 2599 if (rtt < 0) { 2600 rtt = -rtt; 2601 } 2602 rtt -= (net->lastsv >> SCTP_RTT_VAR_SHIFT); 2603 net->lastsv += rtt; 2604 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RTTVAR_LOGGING_ENABLE) { 2605 rto_logging(net, SCTP_LOG_RTTVAR); 2606 } 2607 } else { 2608 /* First RTO measurment */ 2609 net->RTO_measured = 1; 2610 first_measure = 1; 2611 net->lastsa = rtt << SCTP_RTT_SHIFT; 2612 net->lastsv = (rtt / 2) << SCTP_RTT_VAR_SHIFT; 2613 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RTTVAR_LOGGING_ENABLE) { 2614 rto_logging(net, SCTP_LOG_INITIAL_RTT); 2615 } 2616 } 2617 if (net->lastsv == 0) { 2618 net->lastsv = SCTP_CLOCK_GRANULARITY; 2619 } 2620 new_rto = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv; 2621 if ((new_rto > SCTP_SAT_NETWORK_MIN) && 2622 (stcb->asoc.sat_network_lockout == 0)) { 2623 stcb->asoc.sat_network = 1; 2624 } else if ((!first_measure) && stcb->asoc.sat_network) { 2625 stcb->asoc.sat_network = 0; 2626 stcb->asoc.sat_network_lockout = 1; 2627 } 2628 /* bound it, per C6/C7 in Section 5.3.1 */ 2629 if (new_rto < stcb->asoc.minrto) { 2630 new_rto = stcb->asoc.minrto; 2631 } 2632 if (new_rto > stcb->asoc.maxrto) { 2633 new_rto = stcb->asoc.maxrto; 2634 } 2635 net->RTO = new_rto; 2636 return (1); 2637 } 2638 2639 /* 2640 * return a pointer to a contiguous piece of data from the given mbuf chain 2641 * starting at 'off' for 'len' bytes. If the desired piece spans more than 2642 * one mbuf, a copy is made at 'ptr'. caller must ensure that the buffer size 2643 * is >= 'len' returns NULL if there there isn't 'len' bytes in the chain. 2644 */ 2645 caddr_t 2646 sctp_m_getptr(struct mbuf *m, int off, int len, uint8_t *in_ptr) 2647 { 2648 uint32_t count; 2649 uint8_t *ptr; 2650 2651 ptr = in_ptr; 2652 if ((off < 0) || (len <= 0)) 2653 return (NULL); 2654 2655 /* find the desired start location */ 2656 while ((m != NULL) && (off > 0)) { 2657 if (off < SCTP_BUF_LEN(m)) 2658 break; 2659 off -= SCTP_BUF_LEN(m); 2660 m = SCTP_BUF_NEXT(m); 2661 } 2662 if (m == NULL) 2663 return (NULL); 2664 2665 /* is the current mbuf large enough (eg. contiguous)? */ 2666 if ((SCTP_BUF_LEN(m) - off) >= len) { 2667 return (mtod(m, caddr_t)+off); 2668 } else { 2669 /* else, it spans more than one mbuf, so save a temp copy... */ 2670 while ((m != NULL) && (len > 0)) { 2671 count = min(SCTP_BUF_LEN(m) - off, len); 2672 memcpy(ptr, mtod(m, caddr_t)+off, count); 2673 len -= count; 2674 ptr += count; 2675 off = 0; 2676 m = SCTP_BUF_NEXT(m); 2677 } 2678 if ((m == NULL) && (len > 0)) 2679 return (NULL); 2680 else 2681 return ((caddr_t)in_ptr); 2682 } 2683 } 2684 2685 2686 2687 struct sctp_paramhdr * 2688 sctp_get_next_param(struct mbuf *m, 2689 int offset, 2690 struct sctp_paramhdr *pull, 2691 int pull_limit) 2692 { 2693 /* This just provides a typed signature to Peter's Pull routine */ 2694 return ((struct sctp_paramhdr *)sctp_m_getptr(m, offset, pull_limit, 2695 (uint8_t *)pull)); 2696 } 2697 2698 2699 struct mbuf * 2700 sctp_add_pad_tombuf(struct mbuf *m, int padlen) 2701 { 2702 struct mbuf *m_last; 2703 caddr_t dp; 2704 2705 if (padlen > 3) { 2706 return (NULL); 2707 } 2708 if (padlen <= M_TRAILINGSPACE(m)) { 2709 /* 2710 * The easy way. We hope the majority of the time we hit 2711 * here :) 2712 */ 2713 m_last = m; 2714 } else { 2715 /* Hard way we must grow the mbuf chain */ 2716 m_last = sctp_get_mbuf_for_msg(padlen, 0, M_NOWAIT, 1, MT_DATA); 2717 if (m_last == NULL) { 2718 return (NULL); 2719 } 2720 SCTP_BUF_LEN(m_last) = 0; 2721 SCTP_BUF_NEXT(m_last) = NULL; 2722 SCTP_BUF_NEXT(m) = m_last; 2723 } 2724 dp = mtod(m_last, caddr_t)+SCTP_BUF_LEN(m_last); 2725 SCTP_BUF_LEN(m_last) += padlen; 2726 memset(dp, 0, padlen); 2727 return (m_last); 2728 } 2729 2730 struct mbuf * 2731 sctp_pad_lastmbuf(struct mbuf *m, int padval, struct mbuf *last_mbuf) 2732 { 2733 /* find the last mbuf in chain and pad it */ 2734 struct mbuf *m_at; 2735 2736 if (last_mbuf != NULL) { 2737 return (sctp_add_pad_tombuf(last_mbuf, padval)); 2738 } else { 2739 for (m_at = m; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 2740 if (SCTP_BUF_NEXT(m_at) == NULL) { 2741 return (sctp_add_pad_tombuf(m_at, padval)); 2742 } 2743 } 2744 } 2745 return (NULL); 2746 } 2747 2748 static void 2749 sctp_notify_assoc_change(uint16_t state, struct sctp_tcb *stcb, 2750 uint16_t error, struct sctp_abort_chunk *abort, uint8_t from_peer, int so_locked 2751 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 2752 SCTP_UNUSED 2753 #endif 2754 ) 2755 { 2756 struct mbuf *m_notify; 2757 struct sctp_assoc_change *sac; 2758 struct sctp_queued_to_read *control; 2759 unsigned int notif_len; 2760 uint16_t abort_len; 2761 unsigned int i; 2762 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2763 struct socket *so; 2764 #endif 2765 2766 if (stcb == NULL) { 2767 return; 2768 } 2769 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVASSOCEVNT)) { 2770 notif_len = (unsigned int)sizeof(struct sctp_assoc_change); 2771 if (abort != NULL) { 2772 abort_len = ntohs(abort->ch.chunk_length); 2773 /* 2774 * Only SCTP_CHUNK_BUFFER_SIZE are guaranteed to be 2775 * contiguous. 2776 */ 2777 if (abort_len > SCTP_CHUNK_BUFFER_SIZE) { 2778 abort_len = SCTP_CHUNK_BUFFER_SIZE; 2779 } 2780 } else { 2781 abort_len = 0; 2782 } 2783 if ((state == SCTP_COMM_UP) || (state == SCTP_RESTART)) { 2784 notif_len += SCTP_ASSOC_SUPPORTS_MAX; 2785 } else if ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC)) { 2786 notif_len += abort_len; 2787 } 2788 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 2789 if (m_notify == NULL) { 2790 /* Retry with smaller value. */ 2791 notif_len = (unsigned int)sizeof(struct sctp_assoc_change); 2792 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 2793 if (m_notify == NULL) { 2794 goto set_error; 2795 } 2796 } 2797 SCTP_BUF_NEXT(m_notify) = NULL; 2798 sac = mtod(m_notify, struct sctp_assoc_change *); 2799 memset(sac, 0, notif_len); 2800 sac->sac_type = SCTP_ASSOC_CHANGE; 2801 sac->sac_flags = 0; 2802 sac->sac_length = sizeof(struct sctp_assoc_change); 2803 sac->sac_state = state; 2804 sac->sac_error = error; 2805 /* XXX verify these stream counts */ 2806 sac->sac_outbound_streams = stcb->asoc.streamoutcnt; 2807 sac->sac_inbound_streams = stcb->asoc.streamincnt; 2808 sac->sac_assoc_id = sctp_get_associd(stcb); 2809 if (notif_len > sizeof(struct sctp_assoc_change)) { 2810 if ((state == SCTP_COMM_UP) || (state == SCTP_RESTART)) { 2811 i = 0; 2812 if (stcb->asoc.prsctp_supported == 1) { 2813 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_PR; 2814 } 2815 if (stcb->asoc.auth_supported == 1) { 2816 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_AUTH; 2817 } 2818 if (stcb->asoc.asconf_supported == 1) { 2819 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_ASCONF; 2820 } 2821 if (stcb->asoc.idata_supported == 1) { 2822 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_INTERLEAVING; 2823 } 2824 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_MULTIBUF; 2825 if (stcb->asoc.reconfig_supported == 1) { 2826 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_RE_CONFIG; 2827 } 2828 sac->sac_length += i; 2829 } else if ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC)) { 2830 memcpy(sac->sac_info, abort, abort_len); 2831 sac->sac_length += abort_len; 2832 } 2833 } 2834 SCTP_BUF_LEN(m_notify) = sac->sac_length; 2835 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2836 0, 0, stcb->asoc.context, 0, 0, 0, 2837 m_notify); 2838 if (control != NULL) { 2839 control->length = SCTP_BUF_LEN(m_notify); 2840 control->spec_flags = M_NOTIFICATION; 2841 /* not that we need this */ 2842 control->tail_mbuf = m_notify; 2843 sctp_add_to_readq(stcb->sctp_ep, stcb, 2844 control, 2845 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, 2846 so_locked); 2847 } else { 2848 sctp_m_freem(m_notify); 2849 } 2850 } 2851 /* 2852 * For 1-to-1 style sockets, we send up and error when an ABORT 2853 * comes in. 2854 */ 2855 set_error: 2856 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 2857 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && 2858 ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC))) { 2859 SOCK_LOCK(stcb->sctp_socket); 2860 if (from_peer) { 2861 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) { 2862 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNREFUSED); 2863 stcb->sctp_socket->so_error = ECONNREFUSED; 2864 } else { 2865 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNRESET); 2866 stcb->sctp_socket->so_error = ECONNRESET; 2867 } 2868 } else { 2869 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 2870 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 2871 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ETIMEDOUT); 2872 stcb->sctp_socket->so_error = ETIMEDOUT; 2873 } else { 2874 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNABORTED); 2875 stcb->sctp_socket->so_error = ECONNABORTED; 2876 } 2877 } 2878 SOCK_UNLOCK(stcb->sctp_socket); 2879 } 2880 /* Wake ANY sleepers */ 2881 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2882 so = SCTP_INP_SO(stcb->sctp_ep); 2883 if (!so_locked) { 2884 atomic_add_int(&stcb->asoc.refcnt, 1); 2885 SCTP_TCB_UNLOCK(stcb); 2886 SCTP_SOCKET_LOCK(so, 1); 2887 SCTP_TCB_LOCK(stcb); 2888 atomic_subtract_int(&stcb->asoc.refcnt, 1); 2889 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 2890 SCTP_SOCKET_UNLOCK(so, 1); 2891 return; 2892 } 2893 } 2894 #endif 2895 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 2896 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && 2897 ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC))) { 2898 socantrcvmore(stcb->sctp_socket); 2899 } 2900 sorwakeup(stcb->sctp_socket); 2901 sowwakeup(stcb->sctp_socket); 2902 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2903 if (!so_locked) { 2904 SCTP_SOCKET_UNLOCK(so, 1); 2905 } 2906 #endif 2907 } 2908 2909 static void 2910 sctp_notify_peer_addr_change(struct sctp_tcb *stcb, uint32_t state, 2911 struct sockaddr *sa, uint32_t error, int so_locked 2912 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 2913 SCTP_UNUSED 2914 #endif 2915 ) 2916 { 2917 struct mbuf *m_notify; 2918 struct sctp_paddr_change *spc; 2919 struct sctp_queued_to_read *control; 2920 2921 if ((stcb == NULL) || 2922 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVPADDREVNT)) { 2923 /* event not enabled */ 2924 return; 2925 } 2926 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_paddr_change), 0, M_NOWAIT, 1, MT_DATA); 2927 if (m_notify == NULL) 2928 return; 2929 SCTP_BUF_LEN(m_notify) = 0; 2930 spc = mtod(m_notify, struct sctp_paddr_change *); 2931 memset(spc, 0, sizeof(struct sctp_paddr_change)); 2932 spc->spc_type = SCTP_PEER_ADDR_CHANGE; 2933 spc->spc_flags = 0; 2934 spc->spc_length = sizeof(struct sctp_paddr_change); 2935 switch (sa->sa_family) { 2936 #ifdef INET 2937 case AF_INET: 2938 #ifdef INET6 2939 if (sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_NEEDS_MAPPED_V4)) { 2940 in6_sin_2_v4mapsin6((struct sockaddr_in *)sa, 2941 (struct sockaddr_in6 *)&spc->spc_aaddr); 2942 } else { 2943 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in)); 2944 } 2945 #else 2946 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in)); 2947 #endif 2948 break; 2949 #endif 2950 #ifdef INET6 2951 case AF_INET6: 2952 { 2953 struct sockaddr_in6 *sin6; 2954 2955 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in6)); 2956 2957 sin6 = (struct sockaddr_in6 *)&spc->spc_aaddr; 2958 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) { 2959 if (sin6->sin6_scope_id == 0) { 2960 /* recover scope_id for user */ 2961 (void)sa6_recoverscope(sin6); 2962 } else { 2963 /* clear embedded scope_id for user */ 2964 in6_clearscope(&sin6->sin6_addr); 2965 } 2966 } 2967 break; 2968 } 2969 #endif 2970 default: 2971 /* TSNH */ 2972 break; 2973 } 2974 spc->spc_state = state; 2975 spc->spc_error = error; 2976 spc->spc_assoc_id = sctp_get_associd(stcb); 2977 2978 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_paddr_change); 2979 SCTP_BUF_NEXT(m_notify) = NULL; 2980 2981 /* append to socket */ 2982 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2983 0, 0, stcb->asoc.context, 0, 0, 0, 2984 m_notify); 2985 if (control == NULL) { 2986 /* no memory */ 2987 sctp_m_freem(m_notify); 2988 return; 2989 } 2990 control->length = SCTP_BUF_LEN(m_notify); 2991 control->spec_flags = M_NOTIFICATION; 2992 /* not that we need this */ 2993 control->tail_mbuf = m_notify; 2994 sctp_add_to_readq(stcb->sctp_ep, stcb, 2995 control, 2996 &stcb->sctp_socket->so_rcv, 1, 2997 SCTP_READ_LOCK_NOT_HELD, 2998 so_locked); 2999 } 3000 3001 3002 static void 3003 sctp_notify_send_failed(struct sctp_tcb *stcb, uint8_t sent, uint32_t error, 3004 struct sctp_tmit_chunk *chk, int so_locked 3005 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3006 SCTP_UNUSED 3007 #endif 3008 ) 3009 { 3010 struct mbuf *m_notify; 3011 struct sctp_send_failed *ssf; 3012 struct sctp_send_failed_event *ssfe; 3013 struct sctp_queued_to_read *control; 3014 struct sctp_chunkhdr *chkhdr; 3015 int notifhdr_len, chk_len, chkhdr_len, padding_len, payload_len; 3016 3017 if ((stcb == NULL) || 3018 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSENDFAILEVNT) && 3019 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT))) { 3020 /* event not enabled */ 3021 return; 3022 } 3023 3024 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3025 notifhdr_len = sizeof(struct sctp_send_failed_event); 3026 } else { 3027 notifhdr_len = sizeof(struct sctp_send_failed); 3028 } 3029 m_notify = sctp_get_mbuf_for_msg(notifhdr_len, 0, M_NOWAIT, 1, MT_DATA); 3030 if (m_notify == NULL) 3031 /* no space left */ 3032 return; 3033 SCTP_BUF_LEN(m_notify) = notifhdr_len; 3034 if (stcb->asoc.idata_supported) { 3035 chkhdr_len = sizeof(struct sctp_idata_chunk); 3036 } else { 3037 chkhdr_len = sizeof(struct sctp_data_chunk); 3038 } 3039 /* Use some defaults in case we can't access the chunk header */ 3040 if (chk->send_size >= chkhdr_len) { 3041 payload_len = chk->send_size - chkhdr_len; 3042 } else { 3043 payload_len = 0; 3044 } 3045 padding_len = 0; 3046 if (chk->data != NULL) { 3047 chkhdr = mtod(chk->data, struct sctp_chunkhdr *); 3048 if (chkhdr != NULL) { 3049 chk_len = ntohs(chkhdr->chunk_length); 3050 if ((chk_len >= chkhdr_len) && 3051 (chk->send_size >= chk_len) && 3052 (chk->send_size - chk_len < 4)) { 3053 padding_len = chk->send_size - chk_len; 3054 payload_len = chk->send_size - chkhdr_len - padding_len; 3055 } 3056 } 3057 } 3058 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3059 ssfe = mtod(m_notify, struct sctp_send_failed_event *); 3060 memset(ssfe, 0, notifhdr_len); 3061 ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; 3062 if (sent) { 3063 ssfe->ssfe_flags = SCTP_DATA_SENT; 3064 } else { 3065 ssfe->ssfe_flags = SCTP_DATA_UNSENT; 3066 } 3067 ssfe->ssfe_length = (uint32_t)(notifhdr_len + payload_len); 3068 ssfe->ssfe_error = error; 3069 /* not exactly what the user sent in, but should be close :) */ 3070 ssfe->ssfe_info.snd_sid = chk->rec.data.sid; 3071 ssfe->ssfe_info.snd_flags = chk->rec.data.rcv_flags; 3072 ssfe->ssfe_info.snd_ppid = chk->rec.data.ppid; 3073 ssfe->ssfe_info.snd_context = chk->rec.data.context; 3074 ssfe->ssfe_info.snd_assoc_id = sctp_get_associd(stcb); 3075 ssfe->ssfe_assoc_id = sctp_get_associd(stcb); 3076 } else { 3077 ssf = mtod(m_notify, struct sctp_send_failed *); 3078 memset(ssf, 0, notifhdr_len); 3079 ssf->ssf_type = SCTP_SEND_FAILED; 3080 if (sent) { 3081 ssf->ssf_flags = SCTP_DATA_SENT; 3082 } else { 3083 ssf->ssf_flags = SCTP_DATA_UNSENT; 3084 } 3085 ssf->ssf_length = (uint32_t)(notifhdr_len + payload_len); 3086 ssf->ssf_error = error; 3087 /* not exactly what the user sent in, but should be close :) */ 3088 ssf->ssf_info.sinfo_stream = chk->rec.data.sid; 3089 ssf->ssf_info.sinfo_ssn = (uint16_t)chk->rec.data.mid; 3090 ssf->ssf_info.sinfo_flags = chk->rec.data.rcv_flags; 3091 ssf->ssf_info.sinfo_ppid = chk->rec.data.ppid; 3092 ssf->ssf_info.sinfo_context = chk->rec.data.context; 3093 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 3094 ssf->ssf_assoc_id = sctp_get_associd(stcb); 3095 } 3096 if (chk->data != NULL) { 3097 /* Trim off the sctp chunk header (it should be there) */ 3098 if (chk->send_size == chkhdr_len + payload_len + padding_len) { 3099 m_adj(chk->data, chkhdr_len); 3100 m_adj(chk->data, -padding_len); 3101 sctp_mbuf_crush(chk->data); 3102 chk->send_size -= (chkhdr_len + padding_len); 3103 } 3104 } 3105 SCTP_BUF_NEXT(m_notify) = chk->data; 3106 /* Steal off the mbuf */ 3107 chk->data = NULL; 3108 /* 3109 * For this case, we check the actual socket buffer, since the assoc 3110 * is going away we don't want to overfill the socket buffer for a 3111 * non-reader 3112 */ 3113 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3114 sctp_m_freem(m_notify); 3115 return; 3116 } 3117 /* append to socket */ 3118 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3119 0, 0, stcb->asoc.context, 0, 0, 0, 3120 m_notify); 3121 if (control == NULL) { 3122 /* no memory */ 3123 sctp_m_freem(m_notify); 3124 return; 3125 } 3126 control->length = SCTP_BUF_LEN(m_notify); 3127 control->spec_flags = M_NOTIFICATION; 3128 /* not that we need this */ 3129 control->tail_mbuf = m_notify; 3130 sctp_add_to_readq(stcb->sctp_ep, stcb, 3131 control, 3132 &stcb->sctp_socket->so_rcv, 1, 3133 SCTP_READ_LOCK_NOT_HELD, 3134 so_locked); 3135 } 3136 3137 3138 static void 3139 sctp_notify_send_failed2(struct sctp_tcb *stcb, uint32_t error, 3140 struct sctp_stream_queue_pending *sp, int so_locked 3141 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3142 SCTP_UNUSED 3143 #endif 3144 ) 3145 { 3146 struct mbuf *m_notify; 3147 struct sctp_send_failed *ssf; 3148 struct sctp_send_failed_event *ssfe; 3149 struct sctp_queued_to_read *control; 3150 int notifhdr_len; 3151 3152 if ((stcb == NULL) || 3153 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSENDFAILEVNT) && 3154 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT))) { 3155 /* event not enabled */ 3156 return; 3157 } 3158 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3159 notifhdr_len = sizeof(struct sctp_send_failed_event); 3160 } else { 3161 notifhdr_len = sizeof(struct sctp_send_failed); 3162 } 3163 m_notify = sctp_get_mbuf_for_msg(notifhdr_len, 0, M_NOWAIT, 1, MT_DATA); 3164 if (m_notify == NULL) { 3165 /* no space left */ 3166 return; 3167 } 3168 SCTP_BUF_LEN(m_notify) = notifhdr_len; 3169 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3170 ssfe = mtod(m_notify, struct sctp_send_failed_event *); 3171 memset(ssfe, 0, notifhdr_len); 3172 ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; 3173 ssfe->ssfe_flags = SCTP_DATA_UNSENT; 3174 ssfe->ssfe_length = (uint32_t)(notifhdr_len + sp->length); 3175 ssfe->ssfe_error = error; 3176 /* not exactly what the user sent in, but should be close :) */ 3177 ssfe->ssfe_info.snd_sid = sp->sid; 3178 if (sp->some_taken) { 3179 ssfe->ssfe_info.snd_flags = SCTP_DATA_LAST_FRAG; 3180 } else { 3181 ssfe->ssfe_info.snd_flags = SCTP_DATA_NOT_FRAG; 3182 } 3183 ssfe->ssfe_info.snd_ppid = sp->ppid; 3184 ssfe->ssfe_info.snd_context = sp->context; 3185 ssfe->ssfe_info.snd_assoc_id = sctp_get_associd(stcb); 3186 ssfe->ssfe_assoc_id = sctp_get_associd(stcb); 3187 } else { 3188 ssf = mtod(m_notify, struct sctp_send_failed *); 3189 memset(ssf, 0, notifhdr_len); 3190 ssf->ssf_type = SCTP_SEND_FAILED; 3191 ssf->ssf_flags = SCTP_DATA_UNSENT; 3192 ssf->ssf_length = (uint32_t)(notifhdr_len + sp->length); 3193 ssf->ssf_error = error; 3194 /* not exactly what the user sent in, but should be close :) */ 3195 ssf->ssf_info.sinfo_stream = sp->sid; 3196 ssf->ssf_info.sinfo_ssn = 0; 3197 if (sp->some_taken) { 3198 ssf->ssf_info.sinfo_flags = SCTP_DATA_LAST_FRAG; 3199 } else { 3200 ssf->ssf_info.sinfo_flags = SCTP_DATA_NOT_FRAG; 3201 } 3202 ssf->ssf_info.sinfo_ppid = sp->ppid; 3203 ssf->ssf_info.sinfo_context = sp->context; 3204 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 3205 ssf->ssf_assoc_id = sctp_get_associd(stcb); 3206 } 3207 SCTP_BUF_NEXT(m_notify) = sp->data; 3208 3209 /* Steal off the mbuf */ 3210 sp->data = NULL; 3211 /* 3212 * For this case, we check the actual socket buffer, since the assoc 3213 * is going away we don't want to overfill the socket buffer for a 3214 * non-reader 3215 */ 3216 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3217 sctp_m_freem(m_notify); 3218 return; 3219 } 3220 /* append to socket */ 3221 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3222 0, 0, stcb->asoc.context, 0, 0, 0, 3223 m_notify); 3224 if (control == NULL) { 3225 /* no memory */ 3226 sctp_m_freem(m_notify); 3227 return; 3228 } 3229 control->length = SCTP_BUF_LEN(m_notify); 3230 control->spec_flags = M_NOTIFICATION; 3231 /* not that we need this */ 3232 control->tail_mbuf = m_notify; 3233 sctp_add_to_readq(stcb->sctp_ep, stcb, 3234 control, 3235 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); 3236 } 3237 3238 3239 3240 static void 3241 sctp_notify_adaptation_layer(struct sctp_tcb *stcb) 3242 { 3243 struct mbuf *m_notify; 3244 struct sctp_adaptation_event *sai; 3245 struct sctp_queued_to_read *control; 3246 3247 if ((stcb == NULL) || 3248 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ADAPTATIONEVNT)) { 3249 /* event not enabled */ 3250 return; 3251 } 3252 3253 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_adaption_event), 0, M_NOWAIT, 1, MT_DATA); 3254 if (m_notify == NULL) 3255 /* no space left */ 3256 return; 3257 SCTP_BUF_LEN(m_notify) = 0; 3258 sai = mtod(m_notify, struct sctp_adaptation_event *); 3259 memset(sai, 0, sizeof(struct sctp_adaptation_event)); 3260 sai->sai_type = SCTP_ADAPTATION_INDICATION; 3261 sai->sai_flags = 0; 3262 sai->sai_length = sizeof(struct sctp_adaptation_event); 3263 sai->sai_adaptation_ind = stcb->asoc.peers_adaptation; 3264 sai->sai_assoc_id = sctp_get_associd(stcb); 3265 3266 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_adaptation_event); 3267 SCTP_BUF_NEXT(m_notify) = NULL; 3268 3269 /* append to socket */ 3270 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3271 0, 0, stcb->asoc.context, 0, 0, 0, 3272 m_notify); 3273 if (control == NULL) { 3274 /* no memory */ 3275 sctp_m_freem(m_notify); 3276 return; 3277 } 3278 control->length = SCTP_BUF_LEN(m_notify); 3279 control->spec_flags = M_NOTIFICATION; 3280 /* not that we need this */ 3281 control->tail_mbuf = m_notify; 3282 sctp_add_to_readq(stcb->sctp_ep, stcb, 3283 control, 3284 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3285 } 3286 3287 /* This always must be called with the read-queue LOCKED in the INP */ 3288 static void 3289 sctp_notify_partial_delivery_indication(struct sctp_tcb *stcb, uint32_t error, 3290 uint32_t val, int so_locked 3291 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3292 SCTP_UNUSED 3293 #endif 3294 ) 3295 { 3296 struct mbuf *m_notify; 3297 struct sctp_pdapi_event *pdapi; 3298 struct sctp_queued_to_read *control; 3299 struct sockbuf *sb; 3300 3301 if ((stcb == NULL) || 3302 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_PDAPIEVNT)) { 3303 /* event not enabled */ 3304 return; 3305 } 3306 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_CANT_READ) { 3307 return; 3308 } 3309 3310 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_pdapi_event), 0, M_NOWAIT, 1, MT_DATA); 3311 if (m_notify == NULL) 3312 /* no space left */ 3313 return; 3314 SCTP_BUF_LEN(m_notify) = 0; 3315 pdapi = mtod(m_notify, struct sctp_pdapi_event *); 3316 memset(pdapi, 0, sizeof(struct sctp_pdapi_event)); 3317 pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT; 3318 pdapi->pdapi_flags = 0; 3319 pdapi->pdapi_length = sizeof(struct sctp_pdapi_event); 3320 pdapi->pdapi_indication = error; 3321 pdapi->pdapi_stream = (val >> 16); 3322 pdapi->pdapi_seq = (val & 0x0000ffff); 3323 pdapi->pdapi_assoc_id = sctp_get_associd(stcb); 3324 3325 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_pdapi_event); 3326 SCTP_BUF_NEXT(m_notify) = NULL; 3327 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3328 0, 0, stcb->asoc.context, 0, 0, 0, 3329 m_notify); 3330 if (control == NULL) { 3331 /* no memory */ 3332 sctp_m_freem(m_notify); 3333 return; 3334 } 3335 control->length = SCTP_BUF_LEN(m_notify); 3336 control->spec_flags = M_NOTIFICATION; 3337 /* not that we need this */ 3338 control->tail_mbuf = m_notify; 3339 sb = &stcb->sctp_socket->so_rcv; 3340 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 3341 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m_notify)); 3342 } 3343 sctp_sballoc(stcb, sb, m_notify); 3344 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 3345 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 3346 } 3347 control->end_added = 1; 3348 if (stcb->asoc.control_pdapi) 3349 TAILQ_INSERT_AFTER(&stcb->sctp_ep->read_queue, stcb->asoc.control_pdapi, control, next); 3350 else { 3351 /* we really should not see this case */ 3352 TAILQ_INSERT_TAIL(&stcb->sctp_ep->read_queue, control, next); 3353 } 3354 if (stcb->sctp_ep && stcb->sctp_socket) { 3355 /* This should always be the case */ 3356 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3357 struct socket *so; 3358 3359 so = SCTP_INP_SO(stcb->sctp_ep); 3360 if (!so_locked) { 3361 atomic_add_int(&stcb->asoc.refcnt, 1); 3362 SCTP_TCB_UNLOCK(stcb); 3363 SCTP_SOCKET_LOCK(so, 1); 3364 SCTP_TCB_LOCK(stcb); 3365 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3366 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 3367 SCTP_SOCKET_UNLOCK(so, 1); 3368 return; 3369 } 3370 } 3371 #endif 3372 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket); 3373 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3374 if (!so_locked) { 3375 SCTP_SOCKET_UNLOCK(so, 1); 3376 } 3377 #endif 3378 } 3379 } 3380 3381 static void 3382 sctp_notify_shutdown_event(struct sctp_tcb *stcb) 3383 { 3384 struct mbuf *m_notify; 3385 struct sctp_shutdown_event *sse; 3386 struct sctp_queued_to_read *control; 3387 3388 /* 3389 * For TCP model AND UDP connected sockets we will send an error up 3390 * when an SHUTDOWN completes 3391 */ 3392 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 3393 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 3394 /* mark socket closed for read/write and wakeup! */ 3395 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3396 struct socket *so; 3397 3398 so = SCTP_INP_SO(stcb->sctp_ep); 3399 atomic_add_int(&stcb->asoc.refcnt, 1); 3400 SCTP_TCB_UNLOCK(stcb); 3401 SCTP_SOCKET_LOCK(so, 1); 3402 SCTP_TCB_LOCK(stcb); 3403 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3404 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 3405 SCTP_SOCKET_UNLOCK(so, 1); 3406 return; 3407 } 3408 #endif 3409 socantsendmore(stcb->sctp_socket); 3410 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3411 SCTP_SOCKET_UNLOCK(so, 1); 3412 #endif 3413 } 3414 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSHUTDOWNEVNT)) { 3415 /* event not enabled */ 3416 return; 3417 } 3418 3419 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_event), 0, M_NOWAIT, 1, MT_DATA); 3420 if (m_notify == NULL) 3421 /* no space left */ 3422 return; 3423 sse = mtod(m_notify, struct sctp_shutdown_event *); 3424 memset(sse, 0, sizeof(struct sctp_shutdown_event)); 3425 sse->sse_type = SCTP_SHUTDOWN_EVENT; 3426 sse->sse_flags = 0; 3427 sse->sse_length = sizeof(struct sctp_shutdown_event); 3428 sse->sse_assoc_id = sctp_get_associd(stcb); 3429 3430 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_shutdown_event); 3431 SCTP_BUF_NEXT(m_notify) = NULL; 3432 3433 /* append to socket */ 3434 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3435 0, 0, stcb->asoc.context, 0, 0, 0, 3436 m_notify); 3437 if (control == NULL) { 3438 /* no memory */ 3439 sctp_m_freem(m_notify); 3440 return; 3441 } 3442 control->length = SCTP_BUF_LEN(m_notify); 3443 control->spec_flags = M_NOTIFICATION; 3444 /* not that we need this */ 3445 control->tail_mbuf = m_notify; 3446 sctp_add_to_readq(stcb->sctp_ep, stcb, 3447 control, 3448 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3449 } 3450 3451 static void 3452 sctp_notify_sender_dry_event(struct sctp_tcb *stcb, 3453 int so_locked 3454 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3455 SCTP_UNUSED 3456 #endif 3457 ) 3458 { 3459 struct mbuf *m_notify; 3460 struct sctp_sender_dry_event *event; 3461 struct sctp_queued_to_read *control; 3462 3463 if ((stcb == NULL) || 3464 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DRYEVNT)) { 3465 /* event not enabled */ 3466 return; 3467 } 3468 3469 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_sender_dry_event), 0, M_NOWAIT, 1, MT_DATA); 3470 if (m_notify == NULL) { 3471 /* no space left */ 3472 return; 3473 } 3474 SCTP_BUF_LEN(m_notify) = 0; 3475 event = mtod(m_notify, struct sctp_sender_dry_event *); 3476 memset(event, 0, sizeof(struct sctp_sender_dry_event)); 3477 event->sender_dry_type = SCTP_SENDER_DRY_EVENT; 3478 event->sender_dry_flags = 0; 3479 event->sender_dry_length = sizeof(struct sctp_sender_dry_event); 3480 event->sender_dry_assoc_id = sctp_get_associd(stcb); 3481 3482 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_sender_dry_event); 3483 SCTP_BUF_NEXT(m_notify) = NULL; 3484 3485 /* append to socket */ 3486 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3487 0, 0, stcb->asoc.context, 0, 0, 0, 3488 m_notify); 3489 if (control == NULL) { 3490 /* no memory */ 3491 sctp_m_freem(m_notify); 3492 return; 3493 } 3494 control->length = SCTP_BUF_LEN(m_notify); 3495 control->spec_flags = M_NOTIFICATION; 3496 /* not that we need this */ 3497 control->tail_mbuf = m_notify; 3498 sctp_add_to_readq(stcb->sctp_ep, stcb, control, 3499 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); 3500 } 3501 3502 3503 void 3504 sctp_notify_stream_reset_add(struct sctp_tcb *stcb, uint16_t numberin, uint16_t numberout, int flag) 3505 { 3506 struct mbuf *m_notify; 3507 struct sctp_queued_to_read *control; 3508 struct sctp_stream_change_event *stradd; 3509 3510 if ((stcb == NULL) || 3511 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_CHANGEEVNT))) { 3512 /* event not enabled */ 3513 return; 3514 } 3515 if ((stcb->asoc.peer_req_out) && flag) { 3516 /* Peer made the request, don't tell the local user */ 3517 stcb->asoc.peer_req_out = 0; 3518 return; 3519 } 3520 stcb->asoc.peer_req_out = 0; 3521 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_stream_change_event), 0, M_NOWAIT, 1, MT_DATA); 3522 if (m_notify == NULL) 3523 /* no space left */ 3524 return; 3525 SCTP_BUF_LEN(m_notify) = 0; 3526 stradd = mtod(m_notify, struct sctp_stream_change_event *); 3527 memset(stradd, 0, sizeof(struct sctp_stream_change_event)); 3528 stradd->strchange_type = SCTP_STREAM_CHANGE_EVENT; 3529 stradd->strchange_flags = flag; 3530 stradd->strchange_length = sizeof(struct sctp_stream_change_event); 3531 stradd->strchange_assoc_id = sctp_get_associd(stcb); 3532 stradd->strchange_instrms = numberin; 3533 stradd->strchange_outstrms = numberout; 3534 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_stream_change_event); 3535 SCTP_BUF_NEXT(m_notify) = NULL; 3536 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3537 /* no space */ 3538 sctp_m_freem(m_notify); 3539 return; 3540 } 3541 /* append to socket */ 3542 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3543 0, 0, stcb->asoc.context, 0, 0, 0, 3544 m_notify); 3545 if (control == NULL) { 3546 /* no memory */ 3547 sctp_m_freem(m_notify); 3548 return; 3549 } 3550 control->length = SCTP_BUF_LEN(m_notify); 3551 control->spec_flags = M_NOTIFICATION; 3552 /* not that we need this */ 3553 control->tail_mbuf = m_notify; 3554 sctp_add_to_readq(stcb->sctp_ep, stcb, 3555 control, 3556 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3557 } 3558 3559 void 3560 sctp_notify_stream_reset_tsn(struct sctp_tcb *stcb, uint32_t sending_tsn, uint32_t recv_tsn, int flag) 3561 { 3562 struct mbuf *m_notify; 3563 struct sctp_queued_to_read *control; 3564 struct sctp_assoc_reset_event *strasoc; 3565 3566 if ((stcb == NULL) || 3567 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ASSOC_RESETEVNT))) { 3568 /* event not enabled */ 3569 return; 3570 } 3571 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_reset_event), 0, M_NOWAIT, 1, MT_DATA); 3572 if (m_notify == NULL) 3573 /* no space left */ 3574 return; 3575 SCTP_BUF_LEN(m_notify) = 0; 3576 strasoc = mtod(m_notify, struct sctp_assoc_reset_event *); 3577 memset(strasoc, 0, sizeof(struct sctp_assoc_reset_event)); 3578 strasoc->assocreset_type = SCTP_ASSOC_RESET_EVENT; 3579 strasoc->assocreset_flags = flag; 3580 strasoc->assocreset_length = sizeof(struct sctp_assoc_reset_event); 3581 strasoc->assocreset_assoc_id = sctp_get_associd(stcb); 3582 strasoc->assocreset_local_tsn = sending_tsn; 3583 strasoc->assocreset_remote_tsn = recv_tsn; 3584 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_assoc_reset_event); 3585 SCTP_BUF_NEXT(m_notify) = NULL; 3586 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3587 /* no space */ 3588 sctp_m_freem(m_notify); 3589 return; 3590 } 3591 /* append to socket */ 3592 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3593 0, 0, stcb->asoc.context, 0, 0, 0, 3594 m_notify); 3595 if (control == NULL) { 3596 /* no memory */ 3597 sctp_m_freem(m_notify); 3598 return; 3599 } 3600 control->length = SCTP_BUF_LEN(m_notify); 3601 control->spec_flags = M_NOTIFICATION; 3602 /* not that we need this */ 3603 control->tail_mbuf = m_notify; 3604 sctp_add_to_readq(stcb->sctp_ep, stcb, 3605 control, 3606 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3607 } 3608 3609 3610 3611 static void 3612 sctp_notify_stream_reset(struct sctp_tcb *stcb, 3613 int number_entries, uint16_t *list, int flag) 3614 { 3615 struct mbuf *m_notify; 3616 struct sctp_queued_to_read *control; 3617 struct sctp_stream_reset_event *strreset; 3618 int len; 3619 3620 if ((stcb == NULL) || 3621 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_RESETEVNT))) { 3622 /* event not enabled */ 3623 return; 3624 } 3625 3626 m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 3627 if (m_notify == NULL) 3628 /* no space left */ 3629 return; 3630 SCTP_BUF_LEN(m_notify) = 0; 3631 len = sizeof(struct sctp_stream_reset_event) + (number_entries * sizeof(uint16_t)); 3632 if (len > M_TRAILINGSPACE(m_notify)) { 3633 /* never enough room */ 3634 sctp_m_freem(m_notify); 3635 return; 3636 } 3637 strreset = mtod(m_notify, struct sctp_stream_reset_event *); 3638 memset(strreset, 0, len); 3639 strreset->strreset_type = SCTP_STREAM_RESET_EVENT; 3640 strreset->strreset_flags = flag; 3641 strreset->strreset_length = len; 3642 strreset->strreset_assoc_id = sctp_get_associd(stcb); 3643 if (number_entries) { 3644 int i; 3645 3646 for (i = 0; i < number_entries; i++) { 3647 strreset->strreset_stream_list[i] = ntohs(list[i]); 3648 } 3649 } 3650 SCTP_BUF_LEN(m_notify) = len; 3651 SCTP_BUF_NEXT(m_notify) = NULL; 3652 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3653 /* no space */ 3654 sctp_m_freem(m_notify); 3655 return; 3656 } 3657 /* append to socket */ 3658 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3659 0, 0, stcb->asoc.context, 0, 0, 0, 3660 m_notify); 3661 if (control == NULL) { 3662 /* no memory */ 3663 sctp_m_freem(m_notify); 3664 return; 3665 } 3666 control->length = SCTP_BUF_LEN(m_notify); 3667 control->spec_flags = M_NOTIFICATION; 3668 /* not that we need this */ 3669 control->tail_mbuf = m_notify; 3670 sctp_add_to_readq(stcb->sctp_ep, stcb, 3671 control, 3672 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3673 } 3674 3675 3676 static void 3677 sctp_notify_remote_error(struct sctp_tcb *stcb, uint16_t error, struct sctp_error_chunk *chunk) 3678 { 3679 struct mbuf *m_notify; 3680 struct sctp_remote_error *sre; 3681 struct sctp_queued_to_read *control; 3682 unsigned int notif_len; 3683 uint16_t chunk_len; 3684 3685 if ((stcb == NULL) || 3686 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVPEERERR)) { 3687 return; 3688 } 3689 if (chunk != NULL) { 3690 chunk_len = ntohs(chunk->ch.chunk_length); 3691 /* 3692 * Only SCTP_CHUNK_BUFFER_SIZE are guaranteed to be 3693 * contiguous. 3694 */ 3695 if (chunk_len > SCTP_CHUNK_BUFFER_SIZE) { 3696 chunk_len = SCTP_CHUNK_BUFFER_SIZE; 3697 } 3698 } else { 3699 chunk_len = 0; 3700 } 3701 notif_len = (unsigned int)(sizeof(struct sctp_remote_error) + chunk_len); 3702 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 3703 if (m_notify == NULL) { 3704 /* Retry with smaller value. */ 3705 notif_len = (unsigned int)sizeof(struct sctp_remote_error); 3706 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 3707 if (m_notify == NULL) { 3708 return; 3709 } 3710 } 3711 SCTP_BUF_NEXT(m_notify) = NULL; 3712 sre = mtod(m_notify, struct sctp_remote_error *); 3713 memset(sre, 0, notif_len); 3714 sre->sre_type = SCTP_REMOTE_ERROR; 3715 sre->sre_flags = 0; 3716 sre->sre_length = sizeof(struct sctp_remote_error); 3717 sre->sre_error = error; 3718 sre->sre_assoc_id = sctp_get_associd(stcb); 3719 if (notif_len > sizeof(struct sctp_remote_error)) { 3720 memcpy(sre->sre_data, chunk, chunk_len); 3721 sre->sre_length += chunk_len; 3722 } 3723 SCTP_BUF_LEN(m_notify) = sre->sre_length; 3724 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3725 0, 0, stcb->asoc.context, 0, 0, 0, 3726 m_notify); 3727 if (control != NULL) { 3728 control->length = SCTP_BUF_LEN(m_notify); 3729 control->spec_flags = M_NOTIFICATION; 3730 /* not that we need this */ 3731 control->tail_mbuf = m_notify; 3732 sctp_add_to_readq(stcb->sctp_ep, stcb, 3733 control, 3734 &stcb->sctp_socket->so_rcv, 1, 3735 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3736 } else { 3737 sctp_m_freem(m_notify); 3738 } 3739 } 3740 3741 3742 void 3743 sctp_ulp_notify(uint32_t notification, struct sctp_tcb *stcb, 3744 uint32_t error, void *data, int so_locked 3745 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3746 SCTP_UNUSED 3747 #endif 3748 ) 3749 { 3750 if ((stcb == NULL) || 3751 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3752 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3753 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 3754 /* If the socket is gone we are out of here */ 3755 return; 3756 } 3757 if (stcb->sctp_socket->so_rcv.sb_state & SBS_CANTRCVMORE) { 3758 return; 3759 } 3760 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 3761 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 3762 if ((notification == SCTP_NOTIFY_INTERFACE_DOWN) || 3763 (notification == SCTP_NOTIFY_INTERFACE_UP) || 3764 (notification == SCTP_NOTIFY_INTERFACE_CONFIRMED)) { 3765 /* Don't report these in front states */ 3766 return; 3767 } 3768 } 3769 switch (notification) { 3770 case SCTP_NOTIFY_ASSOC_UP: 3771 if (stcb->asoc.assoc_up_sent == 0) { 3772 sctp_notify_assoc_change(SCTP_COMM_UP, stcb, error, NULL, 0, so_locked); 3773 stcb->asoc.assoc_up_sent = 1; 3774 } 3775 if (stcb->asoc.adaptation_needed && (stcb->asoc.adaptation_sent == 0)) { 3776 sctp_notify_adaptation_layer(stcb); 3777 } 3778 if (stcb->asoc.auth_supported == 0) { 3779 sctp_ulp_notify(SCTP_NOTIFY_NO_PEER_AUTH, stcb, 0, 3780 NULL, so_locked); 3781 } 3782 break; 3783 case SCTP_NOTIFY_ASSOC_DOWN: 3784 sctp_notify_assoc_change(SCTP_SHUTDOWN_COMP, stcb, error, NULL, 0, so_locked); 3785 break; 3786 case SCTP_NOTIFY_INTERFACE_DOWN: 3787 { 3788 struct sctp_nets *net; 3789 3790 net = (struct sctp_nets *)data; 3791 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_UNREACHABLE, 3792 (struct sockaddr *)&net->ro._l_addr, error, so_locked); 3793 break; 3794 } 3795 case SCTP_NOTIFY_INTERFACE_UP: 3796 { 3797 struct sctp_nets *net; 3798 3799 net = (struct sctp_nets *)data; 3800 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_AVAILABLE, 3801 (struct sockaddr *)&net->ro._l_addr, error, so_locked); 3802 break; 3803 } 3804 case SCTP_NOTIFY_INTERFACE_CONFIRMED: 3805 { 3806 struct sctp_nets *net; 3807 3808 net = (struct sctp_nets *)data; 3809 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_CONFIRMED, 3810 (struct sockaddr *)&net->ro._l_addr, error, so_locked); 3811 break; 3812 } 3813 case SCTP_NOTIFY_SPECIAL_SP_FAIL: 3814 sctp_notify_send_failed2(stcb, error, 3815 (struct sctp_stream_queue_pending *)data, so_locked); 3816 break; 3817 case SCTP_NOTIFY_SENT_DG_FAIL: 3818 sctp_notify_send_failed(stcb, 1, error, 3819 (struct sctp_tmit_chunk *)data, so_locked); 3820 break; 3821 case SCTP_NOTIFY_UNSENT_DG_FAIL: 3822 sctp_notify_send_failed(stcb, 0, error, 3823 (struct sctp_tmit_chunk *)data, so_locked); 3824 break; 3825 case SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION: 3826 { 3827 uint32_t val; 3828 3829 val = *((uint32_t *)data); 3830 3831 sctp_notify_partial_delivery_indication(stcb, error, val, so_locked); 3832 break; 3833 } 3834 case SCTP_NOTIFY_ASSOC_LOC_ABORTED: 3835 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 3836 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 3837 sctp_notify_assoc_change(SCTP_CANT_STR_ASSOC, stcb, error, data, 0, so_locked); 3838 } else { 3839 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, data, 0, so_locked); 3840 } 3841 break; 3842 case SCTP_NOTIFY_ASSOC_REM_ABORTED: 3843 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 3844 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 3845 sctp_notify_assoc_change(SCTP_CANT_STR_ASSOC, stcb, error, data, 1, so_locked); 3846 } else { 3847 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, data, 1, so_locked); 3848 } 3849 break; 3850 case SCTP_NOTIFY_ASSOC_RESTART: 3851 sctp_notify_assoc_change(SCTP_RESTART, stcb, error, NULL, 0, so_locked); 3852 if (stcb->asoc.auth_supported == 0) { 3853 sctp_ulp_notify(SCTP_NOTIFY_NO_PEER_AUTH, stcb, 0, 3854 NULL, so_locked); 3855 } 3856 break; 3857 case SCTP_NOTIFY_STR_RESET_SEND: 3858 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), SCTP_STREAM_RESET_OUTGOING_SSN); 3859 break; 3860 case SCTP_NOTIFY_STR_RESET_RECV: 3861 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), SCTP_STREAM_RESET_INCOMING); 3862 break; 3863 case SCTP_NOTIFY_STR_RESET_FAILED_OUT: 3864 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3865 (SCTP_STREAM_RESET_OUTGOING_SSN | SCTP_STREAM_RESET_FAILED)); 3866 break; 3867 case SCTP_NOTIFY_STR_RESET_DENIED_OUT: 3868 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3869 (SCTP_STREAM_RESET_OUTGOING_SSN | SCTP_STREAM_RESET_DENIED)); 3870 break; 3871 case SCTP_NOTIFY_STR_RESET_FAILED_IN: 3872 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3873 (SCTP_STREAM_RESET_INCOMING | SCTP_STREAM_RESET_FAILED)); 3874 break; 3875 case SCTP_NOTIFY_STR_RESET_DENIED_IN: 3876 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3877 (SCTP_STREAM_RESET_INCOMING | SCTP_STREAM_RESET_DENIED)); 3878 break; 3879 case SCTP_NOTIFY_ASCONF_ADD_IP: 3880 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_ADDED, data, 3881 error, so_locked); 3882 break; 3883 case SCTP_NOTIFY_ASCONF_DELETE_IP: 3884 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_REMOVED, data, 3885 error, so_locked); 3886 break; 3887 case SCTP_NOTIFY_ASCONF_SET_PRIMARY: 3888 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_MADE_PRIM, data, 3889 error, so_locked); 3890 break; 3891 case SCTP_NOTIFY_PEER_SHUTDOWN: 3892 sctp_notify_shutdown_event(stcb); 3893 break; 3894 case SCTP_NOTIFY_AUTH_NEW_KEY: 3895 sctp_notify_authentication(stcb, SCTP_AUTH_NEW_KEY, error, 3896 (uint16_t)(uintptr_t)data, 3897 so_locked); 3898 break; 3899 case SCTP_NOTIFY_AUTH_FREE_KEY: 3900 sctp_notify_authentication(stcb, SCTP_AUTH_FREE_KEY, error, 3901 (uint16_t)(uintptr_t)data, 3902 so_locked); 3903 break; 3904 case SCTP_NOTIFY_NO_PEER_AUTH: 3905 sctp_notify_authentication(stcb, SCTP_AUTH_NO_AUTH, error, 3906 (uint16_t)(uintptr_t)data, 3907 so_locked); 3908 break; 3909 case SCTP_NOTIFY_SENDER_DRY: 3910 sctp_notify_sender_dry_event(stcb, so_locked); 3911 break; 3912 case SCTP_NOTIFY_REMOTE_ERROR: 3913 sctp_notify_remote_error(stcb, error, data); 3914 break; 3915 default: 3916 SCTPDBG(SCTP_DEBUG_UTIL1, "%s: unknown notification %xh (%u)\n", 3917 __func__, notification, notification); 3918 break; 3919 } /* end switch */ 3920 } 3921 3922 void 3923 sctp_report_all_outbound(struct sctp_tcb *stcb, uint16_t error, int holds_lock, int so_locked 3924 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3925 SCTP_UNUSED 3926 #endif 3927 ) 3928 { 3929 struct sctp_association *asoc; 3930 struct sctp_stream_out *outs; 3931 struct sctp_tmit_chunk *chk, *nchk; 3932 struct sctp_stream_queue_pending *sp, *nsp; 3933 int i; 3934 3935 if (stcb == NULL) { 3936 return; 3937 } 3938 asoc = &stcb->asoc; 3939 if (asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) { 3940 /* already being freed */ 3941 return; 3942 } 3943 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3944 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3945 (asoc->state & SCTP_STATE_CLOSED_SOCKET)) { 3946 return; 3947 } 3948 /* now through all the gunk freeing chunks */ 3949 if (holds_lock == 0) { 3950 SCTP_TCB_SEND_LOCK(stcb); 3951 } 3952 /* sent queue SHOULD be empty */ 3953 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) { 3954 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next); 3955 asoc->sent_queue_cnt--; 3956 if (chk->sent != SCTP_DATAGRAM_NR_ACKED) { 3957 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) { 3958 asoc->strmout[chk->rec.data.sid].chunks_on_queues--; 3959 #ifdef INVARIANTS 3960 } else { 3961 panic("No chunks on the queues for sid %u.", chk->rec.data.sid); 3962 #endif 3963 } 3964 } 3965 if (chk->data != NULL) { 3966 sctp_free_bufspace(stcb, asoc, chk, 1); 3967 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 3968 error, chk, so_locked); 3969 if (chk->data) { 3970 sctp_m_freem(chk->data); 3971 chk->data = NULL; 3972 } 3973 } 3974 sctp_free_a_chunk(stcb, chk, so_locked); 3975 /* sa_ignore FREED_MEMORY */ 3976 } 3977 /* pending send queue SHOULD be empty */ 3978 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { 3979 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); 3980 asoc->send_queue_cnt--; 3981 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) { 3982 asoc->strmout[chk->rec.data.sid].chunks_on_queues--; 3983 #ifdef INVARIANTS 3984 } else { 3985 panic("No chunks on the queues for sid %u.", chk->rec.data.sid); 3986 #endif 3987 } 3988 if (chk->data != NULL) { 3989 sctp_free_bufspace(stcb, asoc, chk, 1); 3990 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 3991 error, chk, so_locked); 3992 if (chk->data) { 3993 sctp_m_freem(chk->data); 3994 chk->data = NULL; 3995 } 3996 } 3997 sctp_free_a_chunk(stcb, chk, so_locked); 3998 /* sa_ignore FREED_MEMORY */ 3999 } 4000 for (i = 0; i < asoc->streamoutcnt; i++) { 4001 /* For each stream */ 4002 outs = &asoc->strmout[i]; 4003 /* clean up any sends there */ 4004 TAILQ_FOREACH_SAFE(sp, &outs->outqueue, next, nsp) { 4005 atomic_subtract_int(&asoc->stream_queue_cnt, 1); 4006 TAILQ_REMOVE(&outs->outqueue, sp, next); 4007 stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, outs, sp, 1); 4008 sctp_free_spbufspace(stcb, asoc, sp); 4009 if (sp->data) { 4010 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb, 4011 error, (void *)sp, so_locked); 4012 if (sp->data) { 4013 sctp_m_freem(sp->data); 4014 sp->data = NULL; 4015 sp->tail_mbuf = NULL; 4016 sp->length = 0; 4017 } 4018 } 4019 if (sp->net) { 4020 sctp_free_remote_addr(sp->net); 4021 sp->net = NULL; 4022 } 4023 /* Free the chunk */ 4024 sctp_free_a_strmoq(stcb, sp, so_locked); 4025 /* sa_ignore FREED_MEMORY */ 4026 } 4027 } 4028 4029 if (holds_lock == 0) { 4030 SCTP_TCB_SEND_UNLOCK(stcb); 4031 } 4032 } 4033 4034 void 4035 sctp_abort_notification(struct sctp_tcb *stcb, uint8_t from_peer, uint16_t error, 4036 struct sctp_abort_chunk *abort, int so_locked 4037 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4038 SCTP_UNUSED 4039 #endif 4040 ) 4041 { 4042 if (stcb == NULL) { 4043 return; 4044 } 4045 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || 4046 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 4047 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) { 4048 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_WAS_ABORTED; 4049 } 4050 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 4051 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 4052 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 4053 return; 4054 } 4055 /* Tell them we lost the asoc */ 4056 sctp_report_all_outbound(stcb, error, 0, so_locked); 4057 if (from_peer) { 4058 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_REM_ABORTED, stcb, error, abort, so_locked); 4059 } else { 4060 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_LOC_ABORTED, stcb, error, abort, so_locked); 4061 } 4062 } 4063 4064 void 4065 sctp_abort_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 4066 struct mbuf *m, int iphlen, 4067 struct sockaddr *src, struct sockaddr *dst, 4068 struct sctphdr *sh, struct mbuf *op_err, 4069 uint8_t mflowtype, uint32_t mflowid, 4070 uint32_t vrf_id, uint16_t port) 4071 { 4072 uint32_t vtag; 4073 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4074 struct socket *so; 4075 #endif 4076 4077 vtag = 0; 4078 if (stcb != NULL) { 4079 vtag = stcb->asoc.peer_vtag; 4080 vrf_id = stcb->asoc.vrf_id; 4081 } 4082 sctp_send_abort(m, iphlen, src, dst, sh, vtag, op_err, 4083 mflowtype, mflowid, inp->fibnum, 4084 vrf_id, port); 4085 if (stcb != NULL) { 4086 /* We have a TCB to abort, send notification too */ 4087 sctp_abort_notification(stcb, 0, 0, NULL, SCTP_SO_NOT_LOCKED); 4088 SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_WAS_ABORTED); 4089 /* Ok, now lets free it */ 4090 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4091 so = SCTP_INP_SO(inp); 4092 atomic_add_int(&stcb->asoc.refcnt, 1); 4093 SCTP_TCB_UNLOCK(stcb); 4094 SCTP_SOCKET_LOCK(so, 1); 4095 SCTP_TCB_LOCK(stcb); 4096 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4097 #endif 4098 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 4099 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 4100 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 4101 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 4102 } 4103 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 4104 SCTP_FROM_SCTPUTIL + SCTP_LOC_4); 4105 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4106 SCTP_SOCKET_UNLOCK(so, 1); 4107 #endif 4108 } 4109 } 4110 #ifdef SCTP_ASOCLOG_OF_TSNS 4111 void 4112 sctp_print_out_track_log(struct sctp_tcb *stcb) 4113 { 4114 #ifdef NOSIY_PRINTS 4115 int i; 4116 4117 SCTP_PRINTF("Last ep reason:%x\n", stcb->sctp_ep->last_abort_code); 4118 SCTP_PRINTF("IN bound TSN log-aaa\n"); 4119 if ((stcb->asoc.tsn_in_at == 0) && (stcb->asoc.tsn_in_wrapped == 0)) { 4120 SCTP_PRINTF("None rcvd\n"); 4121 goto none_in; 4122 } 4123 if (stcb->asoc.tsn_in_wrapped) { 4124 for (i = stcb->asoc.tsn_in_at; i < SCTP_TSN_LOG_SIZE; i++) { 4125 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4126 stcb->asoc.in_tsnlog[i].tsn, 4127 stcb->asoc.in_tsnlog[i].strm, 4128 stcb->asoc.in_tsnlog[i].seq, 4129 stcb->asoc.in_tsnlog[i].flgs, 4130 stcb->asoc.in_tsnlog[i].sz); 4131 } 4132 } 4133 if (stcb->asoc.tsn_in_at) { 4134 for (i = 0; i < stcb->asoc.tsn_in_at; i++) { 4135 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4136 stcb->asoc.in_tsnlog[i].tsn, 4137 stcb->asoc.in_tsnlog[i].strm, 4138 stcb->asoc.in_tsnlog[i].seq, 4139 stcb->asoc.in_tsnlog[i].flgs, 4140 stcb->asoc.in_tsnlog[i].sz); 4141 } 4142 } 4143 none_in: 4144 SCTP_PRINTF("OUT bound TSN log-aaa\n"); 4145 if ((stcb->asoc.tsn_out_at == 0) && 4146 (stcb->asoc.tsn_out_wrapped == 0)) { 4147 SCTP_PRINTF("None sent\n"); 4148 } 4149 if (stcb->asoc.tsn_out_wrapped) { 4150 for (i = stcb->asoc.tsn_out_at; i < SCTP_TSN_LOG_SIZE; i++) { 4151 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4152 stcb->asoc.out_tsnlog[i].tsn, 4153 stcb->asoc.out_tsnlog[i].strm, 4154 stcb->asoc.out_tsnlog[i].seq, 4155 stcb->asoc.out_tsnlog[i].flgs, 4156 stcb->asoc.out_tsnlog[i].sz); 4157 } 4158 } 4159 if (stcb->asoc.tsn_out_at) { 4160 for (i = 0; i < stcb->asoc.tsn_out_at; i++) { 4161 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4162 stcb->asoc.out_tsnlog[i].tsn, 4163 stcb->asoc.out_tsnlog[i].strm, 4164 stcb->asoc.out_tsnlog[i].seq, 4165 stcb->asoc.out_tsnlog[i].flgs, 4166 stcb->asoc.out_tsnlog[i].sz); 4167 } 4168 } 4169 #endif 4170 } 4171 #endif 4172 4173 void 4174 sctp_abort_an_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 4175 struct mbuf *op_err, 4176 int so_locked 4177 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4178 SCTP_UNUSED 4179 #endif 4180 ) 4181 { 4182 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4183 struct socket *so; 4184 #endif 4185 4186 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4187 so = SCTP_INP_SO(inp); 4188 #endif 4189 if (stcb == NULL) { 4190 /* Got to have a TCB */ 4191 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 4192 if (LIST_EMPTY(&inp->sctp_asoc_list)) { 4193 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 4194 SCTP_CALLED_DIRECTLY_NOCMPSET); 4195 } 4196 } 4197 return; 4198 } else { 4199 SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_WAS_ABORTED); 4200 } 4201 /* notify the peer */ 4202 sctp_send_abort_tcb(stcb, op_err, so_locked); 4203 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 4204 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 4205 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 4206 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 4207 } 4208 /* notify the ulp */ 4209 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) { 4210 sctp_abort_notification(stcb, 0, 0, NULL, so_locked); 4211 } 4212 /* now free the asoc */ 4213 #ifdef SCTP_ASOCLOG_OF_TSNS 4214 sctp_print_out_track_log(stcb); 4215 #endif 4216 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4217 if (!so_locked) { 4218 atomic_add_int(&stcb->asoc.refcnt, 1); 4219 SCTP_TCB_UNLOCK(stcb); 4220 SCTP_SOCKET_LOCK(so, 1); 4221 SCTP_TCB_LOCK(stcb); 4222 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4223 } 4224 #endif 4225 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 4226 SCTP_FROM_SCTPUTIL + SCTP_LOC_5); 4227 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4228 if (!so_locked) { 4229 SCTP_SOCKET_UNLOCK(so, 1); 4230 } 4231 #endif 4232 } 4233 4234 void 4235 sctp_handle_ootb(struct mbuf *m, int iphlen, int offset, 4236 struct sockaddr *src, struct sockaddr *dst, 4237 struct sctphdr *sh, struct sctp_inpcb *inp, 4238 struct mbuf *cause, 4239 uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum, 4240 uint32_t vrf_id, uint16_t port) 4241 { 4242 struct sctp_chunkhdr *ch, chunk_buf; 4243 unsigned int chk_length; 4244 int contains_init_chunk; 4245 4246 SCTP_STAT_INCR_COUNTER32(sctps_outoftheblue); 4247 /* Generate a TO address for future reference */ 4248 if (inp && (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) { 4249 if (LIST_EMPTY(&inp->sctp_asoc_list)) { 4250 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 4251 SCTP_CALLED_DIRECTLY_NOCMPSET); 4252 } 4253 } 4254 contains_init_chunk = 0; 4255 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4256 sizeof(*ch), (uint8_t *)&chunk_buf); 4257 while (ch != NULL) { 4258 chk_length = ntohs(ch->chunk_length); 4259 if (chk_length < sizeof(*ch)) { 4260 /* break to abort land */ 4261 break; 4262 } 4263 switch (ch->chunk_type) { 4264 case SCTP_INIT: 4265 contains_init_chunk = 1; 4266 break; 4267 case SCTP_PACKET_DROPPED: 4268 /* we don't respond to pkt-dropped */ 4269 return; 4270 case SCTP_ABORT_ASSOCIATION: 4271 /* we don't respond with an ABORT to an ABORT */ 4272 return; 4273 case SCTP_SHUTDOWN_COMPLETE: 4274 /* 4275 * we ignore it since we are not waiting for it and 4276 * peer is gone 4277 */ 4278 return; 4279 case SCTP_SHUTDOWN_ACK: 4280 sctp_send_shutdown_complete2(src, dst, sh, 4281 mflowtype, mflowid, fibnum, 4282 vrf_id, port); 4283 return; 4284 default: 4285 break; 4286 } 4287 offset += SCTP_SIZE32(chk_length); 4288 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4289 sizeof(*ch), (uint8_t *)&chunk_buf); 4290 } 4291 if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) || 4292 ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) && 4293 (contains_init_chunk == 0))) { 4294 sctp_send_abort(m, iphlen, src, dst, sh, 0, cause, 4295 mflowtype, mflowid, fibnum, 4296 vrf_id, port); 4297 } 4298 } 4299 4300 /* 4301 * check the inbound datagram to make sure there is not an abort inside it, 4302 * if there is return 1, else return 0. 4303 */ 4304 int 4305 sctp_is_there_an_abort_here(struct mbuf *m, int iphlen, uint32_t *vtagfill) 4306 { 4307 struct sctp_chunkhdr *ch; 4308 struct sctp_init_chunk *init_chk, chunk_buf; 4309 int offset; 4310 unsigned int chk_length; 4311 4312 offset = iphlen + sizeof(struct sctphdr); 4313 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, sizeof(*ch), 4314 (uint8_t *)&chunk_buf); 4315 while (ch != NULL) { 4316 chk_length = ntohs(ch->chunk_length); 4317 if (chk_length < sizeof(*ch)) { 4318 /* packet is probably corrupt */ 4319 break; 4320 } 4321 /* we seem to be ok, is it an abort? */ 4322 if (ch->chunk_type == SCTP_ABORT_ASSOCIATION) { 4323 /* yep, tell them */ 4324 return (1); 4325 } 4326 if (ch->chunk_type == SCTP_INITIATION) { 4327 /* need to update the Vtag */ 4328 init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m, 4329 offset, sizeof(*init_chk), (uint8_t *)&chunk_buf); 4330 if (init_chk != NULL) { 4331 *vtagfill = ntohl(init_chk->init.initiate_tag); 4332 } 4333 } 4334 /* Nope, move to the next chunk */ 4335 offset += SCTP_SIZE32(chk_length); 4336 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4337 sizeof(*ch), (uint8_t *)&chunk_buf); 4338 } 4339 return (0); 4340 } 4341 4342 /* 4343 * currently (2/02), ifa_addr embeds scope_id's and don't have sin6_scope_id 4344 * set (i.e. it's 0) so, create this function to compare link local scopes 4345 */ 4346 #ifdef INET6 4347 uint32_t 4348 sctp_is_same_scope(struct sockaddr_in6 *addr1, struct sockaddr_in6 *addr2) 4349 { 4350 struct sockaddr_in6 a, b; 4351 4352 /* save copies */ 4353 a = *addr1; 4354 b = *addr2; 4355 4356 if (a.sin6_scope_id == 0) 4357 if (sa6_recoverscope(&a)) { 4358 /* can't get scope, so can't match */ 4359 return (0); 4360 } 4361 if (b.sin6_scope_id == 0) 4362 if (sa6_recoverscope(&b)) { 4363 /* can't get scope, so can't match */ 4364 return (0); 4365 } 4366 if (a.sin6_scope_id != b.sin6_scope_id) 4367 return (0); 4368 4369 return (1); 4370 } 4371 4372 /* 4373 * returns a sockaddr_in6 with embedded scope recovered and removed 4374 */ 4375 struct sockaddr_in6 * 4376 sctp_recover_scope(struct sockaddr_in6 *addr, struct sockaddr_in6 *store) 4377 { 4378 /* check and strip embedded scope junk */ 4379 if (addr->sin6_family == AF_INET6) { 4380 if (IN6_IS_SCOPE_LINKLOCAL(&addr->sin6_addr)) { 4381 if (addr->sin6_scope_id == 0) { 4382 *store = *addr; 4383 if (!sa6_recoverscope(store)) { 4384 /* use the recovered scope */ 4385 addr = store; 4386 } 4387 } else { 4388 /* else, return the original "to" addr */ 4389 in6_clearscope(&addr->sin6_addr); 4390 } 4391 } 4392 } 4393 return (addr); 4394 } 4395 #endif 4396 4397 /* 4398 * are the two addresses the same? currently a "scopeless" check returns: 1 4399 * if same, 0 if not 4400 */ 4401 int 4402 sctp_cmpaddr(struct sockaddr *sa1, struct sockaddr *sa2) 4403 { 4404 4405 /* must be valid */ 4406 if (sa1 == NULL || sa2 == NULL) 4407 return (0); 4408 4409 /* must be the same family */ 4410 if (sa1->sa_family != sa2->sa_family) 4411 return (0); 4412 4413 switch (sa1->sa_family) { 4414 #ifdef INET6 4415 case AF_INET6: 4416 { 4417 /* IPv6 addresses */ 4418 struct sockaddr_in6 *sin6_1, *sin6_2; 4419 4420 sin6_1 = (struct sockaddr_in6 *)sa1; 4421 sin6_2 = (struct sockaddr_in6 *)sa2; 4422 return (SCTP6_ARE_ADDR_EQUAL(sin6_1, 4423 sin6_2)); 4424 } 4425 #endif 4426 #ifdef INET 4427 case AF_INET: 4428 { 4429 /* IPv4 addresses */ 4430 struct sockaddr_in *sin_1, *sin_2; 4431 4432 sin_1 = (struct sockaddr_in *)sa1; 4433 sin_2 = (struct sockaddr_in *)sa2; 4434 return (sin_1->sin_addr.s_addr == sin_2->sin_addr.s_addr); 4435 } 4436 #endif 4437 default: 4438 /* we don't do these... */ 4439 return (0); 4440 } 4441 } 4442 4443 void 4444 sctp_print_address(struct sockaddr *sa) 4445 { 4446 #ifdef INET6 4447 char ip6buf[INET6_ADDRSTRLEN]; 4448 #endif 4449 4450 switch (sa->sa_family) { 4451 #ifdef INET6 4452 case AF_INET6: 4453 { 4454 struct sockaddr_in6 *sin6; 4455 4456 sin6 = (struct sockaddr_in6 *)sa; 4457 SCTP_PRINTF("IPv6 address: %s:port:%d scope:%u\n", 4458 ip6_sprintf(ip6buf, &sin6->sin6_addr), 4459 ntohs(sin6->sin6_port), 4460 sin6->sin6_scope_id); 4461 break; 4462 } 4463 #endif 4464 #ifdef INET 4465 case AF_INET: 4466 { 4467 struct sockaddr_in *sin; 4468 unsigned char *p; 4469 4470 sin = (struct sockaddr_in *)sa; 4471 p = (unsigned char *)&sin->sin_addr; 4472 SCTP_PRINTF("IPv4 address: %u.%u.%u.%u:%d\n", 4473 p[0], p[1], p[2], p[3], ntohs(sin->sin_port)); 4474 break; 4475 } 4476 #endif 4477 default: 4478 SCTP_PRINTF("?\n"); 4479 break; 4480 } 4481 } 4482 4483 void 4484 sctp_pull_off_control_to_new_inp(struct sctp_inpcb *old_inp, 4485 struct sctp_inpcb *new_inp, 4486 struct sctp_tcb *stcb, 4487 int waitflags) 4488 { 4489 /* 4490 * go through our old INP and pull off any control structures that 4491 * belong to stcb and move then to the new inp. 4492 */ 4493 struct socket *old_so, *new_so; 4494 struct sctp_queued_to_read *control, *nctl; 4495 struct sctp_readhead tmp_queue; 4496 struct mbuf *m; 4497 int error = 0; 4498 4499 old_so = old_inp->sctp_socket; 4500 new_so = new_inp->sctp_socket; 4501 TAILQ_INIT(&tmp_queue); 4502 error = sblock(&old_so->so_rcv, waitflags); 4503 if (error) { 4504 /* 4505 * Gak, can't get sblock, we have a problem. data will be 4506 * left stranded.. and we don't dare look at it since the 4507 * other thread may be reading something. Oh well, its a 4508 * screwed up app that does a peeloff OR a accept while 4509 * reading from the main socket... actually its only the 4510 * peeloff() case, since I think read will fail on a 4511 * listening socket.. 4512 */ 4513 return; 4514 } 4515 /* lock the socket buffers */ 4516 SCTP_INP_READ_LOCK(old_inp); 4517 TAILQ_FOREACH_SAFE(control, &old_inp->read_queue, next, nctl) { 4518 /* Pull off all for out target stcb */ 4519 if (control->stcb == stcb) { 4520 /* remove it we want it */ 4521 TAILQ_REMOVE(&old_inp->read_queue, control, next); 4522 TAILQ_INSERT_TAIL(&tmp_queue, control, next); 4523 m = control->data; 4524 while (m) { 4525 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4526 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 4527 } 4528 sctp_sbfree(control, stcb, &old_so->so_rcv, m); 4529 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4530 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4531 } 4532 m = SCTP_BUF_NEXT(m); 4533 } 4534 } 4535 } 4536 SCTP_INP_READ_UNLOCK(old_inp); 4537 /* Remove the sb-lock on the old socket */ 4538 4539 sbunlock(&old_so->so_rcv); 4540 /* Now we move them over to the new socket buffer */ 4541 SCTP_INP_READ_LOCK(new_inp); 4542 TAILQ_FOREACH_SAFE(control, &tmp_queue, next, nctl) { 4543 TAILQ_INSERT_TAIL(&new_inp->read_queue, control, next); 4544 m = control->data; 4545 while (m) { 4546 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4547 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m)); 4548 } 4549 sctp_sballoc(stcb, &new_so->so_rcv, m); 4550 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4551 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4552 } 4553 m = SCTP_BUF_NEXT(m); 4554 } 4555 } 4556 SCTP_INP_READ_UNLOCK(new_inp); 4557 } 4558 4559 void 4560 sctp_wakeup_the_read_socket(struct sctp_inpcb *inp, 4561 struct sctp_tcb *stcb, 4562 int so_locked 4563 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4564 SCTP_UNUSED 4565 #endif 4566 ) 4567 { 4568 if ((inp != NULL) && (inp->sctp_socket != NULL)) { 4569 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4570 struct socket *so; 4571 4572 so = SCTP_INP_SO(inp); 4573 if (!so_locked) { 4574 if (stcb) { 4575 atomic_add_int(&stcb->asoc.refcnt, 1); 4576 SCTP_TCB_UNLOCK(stcb); 4577 } 4578 SCTP_SOCKET_LOCK(so, 1); 4579 if (stcb) { 4580 SCTP_TCB_LOCK(stcb); 4581 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4582 } 4583 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 4584 SCTP_SOCKET_UNLOCK(so, 1); 4585 return; 4586 } 4587 } 4588 #endif 4589 sctp_sorwakeup(inp, inp->sctp_socket); 4590 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4591 if (!so_locked) { 4592 SCTP_SOCKET_UNLOCK(so, 1); 4593 } 4594 #endif 4595 } 4596 } 4597 4598 void 4599 sctp_add_to_readq(struct sctp_inpcb *inp, 4600 struct sctp_tcb *stcb, 4601 struct sctp_queued_to_read *control, 4602 struct sockbuf *sb, 4603 int end, 4604 int inp_read_lock_held, 4605 int so_locked 4606 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4607 SCTP_UNUSED 4608 #endif 4609 ) 4610 { 4611 /* 4612 * Here we must place the control on the end of the socket read 4613 * queue AND increment sb_cc so that select will work properly on 4614 * read. 4615 */ 4616 struct mbuf *m, *prev = NULL; 4617 4618 if (inp == NULL) { 4619 /* Gak, TSNH!! */ 4620 #ifdef INVARIANTS 4621 panic("Gak, inp NULL on add_to_readq"); 4622 #endif 4623 return; 4624 } 4625 if (inp_read_lock_held == 0) 4626 SCTP_INP_READ_LOCK(inp); 4627 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_CANT_READ) { 4628 if (!control->on_strm_q) { 4629 sctp_free_remote_addr(control->whoFrom); 4630 if (control->data) { 4631 sctp_m_freem(control->data); 4632 control->data = NULL; 4633 } 4634 sctp_free_a_readq(stcb, control); 4635 } 4636 if (inp_read_lock_held == 0) 4637 SCTP_INP_READ_UNLOCK(inp); 4638 return; 4639 } 4640 if (!(control->spec_flags & M_NOTIFICATION)) { 4641 atomic_add_int(&inp->total_recvs, 1); 4642 if (!control->do_not_ref_stcb) { 4643 atomic_add_int(&stcb->total_recvs, 1); 4644 } 4645 } 4646 m = control->data; 4647 control->held_length = 0; 4648 control->length = 0; 4649 while (m) { 4650 if (SCTP_BUF_LEN(m) == 0) { 4651 /* Skip mbufs with NO length */ 4652 if (prev == NULL) { 4653 /* First one */ 4654 control->data = sctp_m_free(m); 4655 m = control->data; 4656 } else { 4657 SCTP_BUF_NEXT(prev) = sctp_m_free(m); 4658 m = SCTP_BUF_NEXT(prev); 4659 } 4660 if (m == NULL) { 4661 control->tail_mbuf = prev; 4662 } 4663 continue; 4664 } 4665 prev = m; 4666 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4667 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m)); 4668 } 4669 sctp_sballoc(stcb, sb, m); 4670 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4671 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4672 } 4673 atomic_add_int(&control->length, SCTP_BUF_LEN(m)); 4674 m = SCTP_BUF_NEXT(m); 4675 } 4676 if (prev != NULL) { 4677 control->tail_mbuf = prev; 4678 } else { 4679 /* Everything got collapsed out?? */ 4680 if (!control->on_strm_q) { 4681 sctp_free_remote_addr(control->whoFrom); 4682 sctp_free_a_readq(stcb, control); 4683 } 4684 if (inp_read_lock_held == 0) 4685 SCTP_INP_READ_UNLOCK(inp); 4686 return; 4687 } 4688 if (end) { 4689 control->end_added = 1; 4690 } 4691 TAILQ_INSERT_TAIL(&inp->read_queue, control, next); 4692 control->on_read_q = 1; 4693 if (inp_read_lock_held == 0) 4694 SCTP_INP_READ_UNLOCK(inp); 4695 if (inp && inp->sctp_socket) { 4696 sctp_wakeup_the_read_socket(inp, stcb, so_locked); 4697 } 4698 } 4699 4700 /*************HOLD THIS COMMENT FOR PATCH FILE OF 4701 *************ALTERNATE ROUTING CODE 4702 */ 4703 4704 /*************HOLD THIS COMMENT FOR END OF PATCH FILE OF 4705 *************ALTERNATE ROUTING CODE 4706 */ 4707 4708 struct mbuf * 4709 sctp_generate_cause(uint16_t code, char *info) 4710 { 4711 struct mbuf *m; 4712 struct sctp_gen_error_cause *cause; 4713 size_t info_len; 4714 uint16_t len; 4715 4716 if ((code == 0) || (info == NULL)) { 4717 return (NULL); 4718 } 4719 info_len = strlen(info); 4720 if (info_len > (SCTP_MAX_CAUSE_LENGTH - sizeof(struct sctp_paramhdr))) { 4721 return (NULL); 4722 } 4723 len = (uint16_t)(sizeof(struct sctp_paramhdr) + info_len); 4724 m = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); 4725 if (m != NULL) { 4726 SCTP_BUF_LEN(m) = len; 4727 cause = mtod(m, struct sctp_gen_error_cause *); 4728 cause->code = htons(code); 4729 cause->length = htons(len); 4730 memcpy(cause->info, info, info_len); 4731 } 4732 return (m); 4733 } 4734 4735 struct mbuf * 4736 sctp_generate_no_user_data_cause(uint32_t tsn) 4737 { 4738 struct mbuf *m; 4739 struct sctp_error_no_user_data *no_user_data_cause; 4740 uint16_t len; 4741 4742 len = (uint16_t)sizeof(struct sctp_error_no_user_data); 4743 m = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); 4744 if (m != NULL) { 4745 SCTP_BUF_LEN(m) = len; 4746 no_user_data_cause = mtod(m, struct sctp_error_no_user_data *); 4747 no_user_data_cause->cause.code = htons(SCTP_CAUSE_NO_USER_DATA); 4748 no_user_data_cause->cause.length = htons(len); 4749 no_user_data_cause->tsn = htonl(tsn); 4750 } 4751 return (m); 4752 } 4753 4754 #ifdef SCTP_MBCNT_LOGGING 4755 void 4756 sctp_free_bufspace(struct sctp_tcb *stcb, struct sctp_association *asoc, 4757 struct sctp_tmit_chunk *tp1, int chk_cnt) 4758 { 4759 if (tp1->data == NULL) { 4760 return; 4761 } 4762 asoc->chunks_on_out_queue -= chk_cnt; 4763 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBCNT_LOGGING_ENABLE) { 4764 sctp_log_mbcnt(SCTP_LOG_MBCNT_DECREASE, 4765 asoc->total_output_queue_size, 4766 tp1->book_size, 4767 0, 4768 tp1->mbcnt); 4769 } 4770 if (asoc->total_output_queue_size >= tp1->book_size) { 4771 atomic_add_int(&asoc->total_output_queue_size, -tp1->book_size); 4772 } else { 4773 asoc->total_output_queue_size = 0; 4774 } 4775 4776 if (stcb->sctp_socket && (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) || 4777 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)))) { 4778 if (stcb->sctp_socket->so_snd.sb_cc >= tp1->book_size) { 4779 stcb->sctp_socket->so_snd.sb_cc -= tp1->book_size; 4780 } else { 4781 stcb->sctp_socket->so_snd.sb_cc = 0; 4782 4783 } 4784 } 4785 } 4786 4787 #endif 4788 4789 int 4790 sctp_release_pr_sctp_chunk(struct sctp_tcb *stcb, struct sctp_tmit_chunk *tp1, 4791 uint8_t sent, int so_locked 4792 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4793 SCTP_UNUSED 4794 #endif 4795 ) 4796 { 4797 struct sctp_stream_out *strq; 4798 struct sctp_tmit_chunk *chk = NULL, *tp2; 4799 struct sctp_stream_queue_pending *sp; 4800 uint32_t mid; 4801 uint16_t sid; 4802 uint8_t foundeom = 0; 4803 int ret_sz = 0; 4804 int notdone; 4805 int do_wakeup_routine = 0; 4806 4807 sid = tp1->rec.data.sid; 4808 mid = tp1->rec.data.mid; 4809 if (sent || !(tp1->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG)) { 4810 stcb->asoc.abandoned_sent[0]++; 4811 stcb->asoc.abandoned_sent[PR_SCTP_POLICY(tp1->flags)]++; 4812 stcb->asoc.strmout[sid].abandoned_sent[0]++; 4813 #if defined(SCTP_DETAILED_STR_STATS) 4814 stcb->asoc.strmout[sid].abandoned_sent[PR_SCTP_POLICY(tp1->flags)]++; 4815 #endif 4816 } else { 4817 stcb->asoc.abandoned_unsent[0]++; 4818 stcb->asoc.abandoned_unsent[PR_SCTP_POLICY(tp1->flags)]++; 4819 stcb->asoc.strmout[sid].abandoned_unsent[0]++; 4820 #if defined(SCTP_DETAILED_STR_STATS) 4821 stcb->asoc.strmout[sid].abandoned_unsent[PR_SCTP_POLICY(tp1->flags)]++; 4822 #endif 4823 } 4824 do { 4825 ret_sz += tp1->book_size; 4826 if (tp1->data != NULL) { 4827 if (tp1->sent < SCTP_DATAGRAM_RESEND) { 4828 sctp_flight_size_decrease(tp1); 4829 sctp_total_flight_decrease(stcb, tp1); 4830 } 4831 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1); 4832 stcb->asoc.peers_rwnd += tp1->send_size; 4833 stcb->asoc.peers_rwnd += SCTP_BASE_SYSCTL(sctp_peer_chunk_oh); 4834 if (sent) { 4835 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 0, tp1, so_locked); 4836 } else { 4837 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 0, tp1, so_locked); 4838 } 4839 if (tp1->data) { 4840 sctp_m_freem(tp1->data); 4841 tp1->data = NULL; 4842 } 4843 do_wakeup_routine = 1; 4844 if (PR_SCTP_BUF_ENABLED(tp1->flags)) { 4845 stcb->asoc.sent_queue_cnt_removeable--; 4846 } 4847 } 4848 tp1->sent = SCTP_FORWARD_TSN_SKIP; 4849 if ((tp1->rec.data.rcv_flags & SCTP_DATA_NOT_FRAG) == 4850 SCTP_DATA_NOT_FRAG) { 4851 /* not frag'ed we ae done */ 4852 notdone = 0; 4853 foundeom = 1; 4854 } else if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { 4855 /* end of frag, we are done */ 4856 notdone = 0; 4857 foundeom = 1; 4858 } else { 4859 /* 4860 * Its a begin or middle piece, we must mark all of 4861 * it 4862 */ 4863 notdone = 1; 4864 tp1 = TAILQ_NEXT(tp1, sctp_next); 4865 } 4866 } while (tp1 && notdone); 4867 if (foundeom == 0) { 4868 /* 4869 * The multi-part message was scattered across the send and 4870 * sent queue. 4871 */ 4872 TAILQ_FOREACH_SAFE(tp1, &stcb->asoc.send_queue, sctp_next, tp2) { 4873 if ((tp1->rec.data.sid != sid) || 4874 (!SCTP_MID_EQ(stcb->asoc.idata_supported, tp1->rec.data.mid, mid))) { 4875 break; 4876 } 4877 /* 4878 * save to chk in case we have some on stream out 4879 * queue. If so and we have an un-transmitted one we 4880 * don't have to fudge the TSN. 4881 */ 4882 chk = tp1; 4883 ret_sz += tp1->book_size; 4884 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1); 4885 if (sent) { 4886 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 0, tp1, so_locked); 4887 } else { 4888 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 0, tp1, so_locked); 4889 } 4890 if (tp1->data) { 4891 sctp_m_freem(tp1->data); 4892 tp1->data = NULL; 4893 } 4894 /* No flight involved here book the size to 0 */ 4895 tp1->book_size = 0; 4896 if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { 4897 foundeom = 1; 4898 } 4899 do_wakeup_routine = 1; 4900 tp1->sent = SCTP_FORWARD_TSN_SKIP; 4901 TAILQ_REMOVE(&stcb->asoc.send_queue, tp1, sctp_next); 4902 /* 4903 * on to the sent queue so we can wait for it to be 4904 * passed by. 4905 */ 4906 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, tp1, 4907 sctp_next); 4908 stcb->asoc.send_queue_cnt--; 4909 stcb->asoc.sent_queue_cnt++; 4910 } 4911 } 4912 if (foundeom == 0) { 4913 /* 4914 * Still no eom found. That means there is stuff left on the 4915 * stream out queue.. yuck. 4916 */ 4917 SCTP_TCB_SEND_LOCK(stcb); 4918 strq = &stcb->asoc.strmout[sid]; 4919 sp = TAILQ_FIRST(&strq->outqueue); 4920 if (sp != NULL) { 4921 sp->discard_rest = 1; 4922 /* 4923 * We may need to put a chunk on the queue that 4924 * holds the TSN that would have been sent with the 4925 * LAST bit. 4926 */ 4927 if (chk == NULL) { 4928 /* Yep, we have to */ 4929 sctp_alloc_a_chunk(stcb, chk); 4930 if (chk == NULL) { 4931 /* 4932 * we are hosed. All we can do is 4933 * nothing.. which will cause an 4934 * abort if the peer is paying 4935 * attention. 4936 */ 4937 goto oh_well; 4938 } 4939 memset(chk, 0, sizeof(*chk)); 4940 chk->rec.data.rcv_flags = 0; 4941 chk->sent = SCTP_FORWARD_TSN_SKIP; 4942 chk->asoc = &stcb->asoc; 4943 if (stcb->asoc.idata_supported == 0) { 4944 if (sp->sinfo_flags & SCTP_UNORDERED) { 4945 chk->rec.data.mid = 0; 4946 } else { 4947 chk->rec.data.mid = strq->next_mid_ordered; 4948 } 4949 } else { 4950 if (sp->sinfo_flags & SCTP_UNORDERED) { 4951 chk->rec.data.mid = strq->next_mid_unordered; 4952 } else { 4953 chk->rec.data.mid = strq->next_mid_ordered; 4954 } 4955 } 4956 chk->rec.data.sid = sp->sid; 4957 chk->rec.data.ppid = sp->ppid; 4958 chk->rec.data.context = sp->context; 4959 chk->flags = sp->act_flags; 4960 chk->whoTo = NULL; 4961 chk->rec.data.tsn = atomic_fetchadd_int(&stcb->asoc.sending_seq, 1); 4962 strq->chunks_on_queues++; 4963 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, chk, sctp_next); 4964 stcb->asoc.sent_queue_cnt++; 4965 stcb->asoc.pr_sctp_cnt++; 4966 } 4967 chk->rec.data.rcv_flags |= SCTP_DATA_LAST_FRAG; 4968 if (sp->sinfo_flags & SCTP_UNORDERED) { 4969 chk->rec.data.rcv_flags |= SCTP_DATA_UNORDERED; 4970 } 4971 if (stcb->asoc.idata_supported == 0) { 4972 if ((sp->sinfo_flags & SCTP_UNORDERED) == 0) { 4973 strq->next_mid_ordered++; 4974 } 4975 } else { 4976 if (sp->sinfo_flags & SCTP_UNORDERED) { 4977 strq->next_mid_unordered++; 4978 } else { 4979 strq->next_mid_ordered++; 4980 } 4981 } 4982 oh_well: 4983 if (sp->data) { 4984 /* 4985 * Pull any data to free up the SB and allow 4986 * sender to "add more" while we will throw 4987 * away :-) 4988 */ 4989 sctp_free_spbufspace(stcb, &stcb->asoc, sp); 4990 ret_sz += sp->length; 4991 do_wakeup_routine = 1; 4992 sp->some_taken = 1; 4993 sctp_m_freem(sp->data); 4994 sp->data = NULL; 4995 sp->tail_mbuf = NULL; 4996 sp->length = 0; 4997 } 4998 } 4999 SCTP_TCB_SEND_UNLOCK(stcb); 5000 } 5001 if (do_wakeup_routine) { 5002 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 5003 struct socket *so; 5004 5005 so = SCTP_INP_SO(stcb->sctp_ep); 5006 if (!so_locked) { 5007 atomic_add_int(&stcb->asoc.refcnt, 1); 5008 SCTP_TCB_UNLOCK(stcb); 5009 SCTP_SOCKET_LOCK(so, 1); 5010 SCTP_TCB_LOCK(stcb); 5011 atomic_subtract_int(&stcb->asoc.refcnt, 1); 5012 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 5013 /* assoc was freed while we were unlocked */ 5014 SCTP_SOCKET_UNLOCK(so, 1); 5015 return (ret_sz); 5016 } 5017 } 5018 #endif 5019 sctp_sowwakeup(stcb->sctp_ep, stcb->sctp_socket); 5020 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 5021 if (!so_locked) { 5022 SCTP_SOCKET_UNLOCK(so, 1); 5023 } 5024 #endif 5025 } 5026 return (ret_sz); 5027 } 5028 5029 /* 5030 * checks to see if the given address, sa, is one that is currently known by 5031 * the kernel note: can't distinguish the same address on multiple interfaces 5032 * and doesn't handle multiple addresses with different zone/scope id's note: 5033 * ifa_ifwithaddr() compares the entire sockaddr struct 5034 */ 5035 struct sctp_ifa * 5036 sctp_find_ifa_in_ep(struct sctp_inpcb *inp, struct sockaddr *addr, 5037 int holds_lock) 5038 { 5039 struct sctp_laddr *laddr; 5040 5041 if (holds_lock == 0) { 5042 SCTP_INP_RLOCK(inp); 5043 } 5044 5045 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 5046 if (laddr->ifa == NULL) 5047 continue; 5048 if (addr->sa_family != laddr->ifa->address.sa.sa_family) 5049 continue; 5050 #ifdef INET 5051 if (addr->sa_family == AF_INET) { 5052 if (((struct sockaddr_in *)addr)->sin_addr.s_addr == 5053 laddr->ifa->address.sin.sin_addr.s_addr) { 5054 /* found him. */ 5055 if (holds_lock == 0) { 5056 SCTP_INP_RUNLOCK(inp); 5057 } 5058 return (laddr->ifa); 5059 break; 5060 } 5061 } 5062 #endif 5063 #ifdef INET6 5064 if (addr->sa_family == AF_INET6) { 5065 if (SCTP6_ARE_ADDR_EQUAL((struct sockaddr_in6 *)addr, 5066 &laddr->ifa->address.sin6)) { 5067 /* found him. */ 5068 if (holds_lock == 0) { 5069 SCTP_INP_RUNLOCK(inp); 5070 } 5071 return (laddr->ifa); 5072 break; 5073 } 5074 } 5075 #endif 5076 } 5077 if (holds_lock == 0) { 5078 SCTP_INP_RUNLOCK(inp); 5079 } 5080 return (NULL); 5081 } 5082 5083 uint32_t 5084 sctp_get_ifa_hash_val(struct sockaddr *addr) 5085 { 5086 switch (addr->sa_family) { 5087 #ifdef INET 5088 case AF_INET: 5089 { 5090 struct sockaddr_in *sin; 5091 5092 sin = (struct sockaddr_in *)addr; 5093 return (sin->sin_addr.s_addr ^ (sin->sin_addr.s_addr >> 16)); 5094 } 5095 #endif 5096 #ifdef INET6 5097 case AF_INET6: 5098 { 5099 struct sockaddr_in6 *sin6; 5100 uint32_t hash_of_addr; 5101 5102 sin6 = (struct sockaddr_in6 *)addr; 5103 hash_of_addr = (sin6->sin6_addr.s6_addr32[0] + 5104 sin6->sin6_addr.s6_addr32[1] + 5105 sin6->sin6_addr.s6_addr32[2] + 5106 sin6->sin6_addr.s6_addr32[3]); 5107 hash_of_addr = (hash_of_addr ^ (hash_of_addr >> 16)); 5108 return (hash_of_addr); 5109 } 5110 #endif 5111 default: 5112 break; 5113 } 5114 return (0); 5115 } 5116 5117 struct sctp_ifa * 5118 sctp_find_ifa_by_addr(struct sockaddr *addr, uint32_t vrf_id, int holds_lock) 5119 { 5120 struct sctp_ifa *sctp_ifap; 5121 struct sctp_vrf *vrf; 5122 struct sctp_ifalist *hash_head; 5123 uint32_t hash_of_addr; 5124 5125 if (holds_lock == 0) 5126 SCTP_IPI_ADDR_RLOCK(); 5127 5128 vrf = sctp_find_vrf(vrf_id); 5129 if (vrf == NULL) { 5130 if (holds_lock == 0) 5131 SCTP_IPI_ADDR_RUNLOCK(); 5132 return (NULL); 5133 } 5134 5135 hash_of_addr = sctp_get_ifa_hash_val(addr); 5136 5137 hash_head = &vrf->vrf_addr_hash[(hash_of_addr & vrf->vrf_addr_hashmark)]; 5138 if (hash_head == NULL) { 5139 SCTP_PRINTF("hash_of_addr:%x mask:%x table:%x - ", 5140 hash_of_addr, (uint32_t)vrf->vrf_addr_hashmark, 5141 (uint32_t)(hash_of_addr & vrf->vrf_addr_hashmark)); 5142 sctp_print_address(addr); 5143 SCTP_PRINTF("No such bucket for address\n"); 5144 if (holds_lock == 0) 5145 SCTP_IPI_ADDR_RUNLOCK(); 5146 5147 return (NULL); 5148 } 5149 LIST_FOREACH(sctp_ifap, hash_head, next_bucket) { 5150 if (addr->sa_family != sctp_ifap->address.sa.sa_family) 5151 continue; 5152 #ifdef INET 5153 if (addr->sa_family == AF_INET) { 5154 if (((struct sockaddr_in *)addr)->sin_addr.s_addr == 5155 sctp_ifap->address.sin.sin_addr.s_addr) { 5156 /* found him. */ 5157 if (holds_lock == 0) 5158 SCTP_IPI_ADDR_RUNLOCK(); 5159 return (sctp_ifap); 5160 break; 5161 } 5162 } 5163 #endif 5164 #ifdef INET6 5165 if (addr->sa_family == AF_INET6) { 5166 if (SCTP6_ARE_ADDR_EQUAL((struct sockaddr_in6 *)addr, 5167 &sctp_ifap->address.sin6)) { 5168 /* found him. */ 5169 if (holds_lock == 0) 5170 SCTP_IPI_ADDR_RUNLOCK(); 5171 return (sctp_ifap); 5172 break; 5173 } 5174 } 5175 #endif 5176 } 5177 if (holds_lock == 0) 5178 SCTP_IPI_ADDR_RUNLOCK(); 5179 return (NULL); 5180 } 5181 5182 static void 5183 sctp_user_rcvd(struct sctp_tcb *stcb, uint32_t *freed_so_far, int hold_rlock, 5184 uint32_t rwnd_req) 5185 { 5186 /* User pulled some data, do we need a rwnd update? */ 5187 int r_unlocked = 0; 5188 uint32_t dif, rwnd; 5189 struct socket *so = NULL; 5190 5191 if (stcb == NULL) 5192 return; 5193 5194 atomic_add_int(&stcb->asoc.refcnt, 1); 5195 5196 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 5197 (stcb->asoc.state & (SCTP_STATE_ABOUT_TO_BE_FREED | SCTP_STATE_SHUTDOWN_RECEIVED))) { 5198 /* Pre-check If we are freeing no update */ 5199 goto no_lock; 5200 } 5201 SCTP_INP_INCR_REF(stcb->sctp_ep); 5202 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 5203 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 5204 goto out; 5205 } 5206 so = stcb->sctp_socket; 5207 if (so == NULL) { 5208 goto out; 5209 } 5210 atomic_add_int(&stcb->freed_by_sorcv_sincelast, *freed_so_far); 5211 /* Have you have freed enough to look */ 5212 *freed_so_far = 0; 5213 /* Yep, its worth a look and the lock overhead */ 5214 5215 /* Figure out what the rwnd would be */ 5216 rwnd = sctp_calc_rwnd(stcb, &stcb->asoc); 5217 if (rwnd >= stcb->asoc.my_last_reported_rwnd) { 5218 dif = rwnd - stcb->asoc.my_last_reported_rwnd; 5219 } else { 5220 dif = 0; 5221 } 5222 if (dif >= rwnd_req) { 5223 if (hold_rlock) { 5224 SCTP_INP_READ_UNLOCK(stcb->sctp_ep); 5225 r_unlocked = 1; 5226 } 5227 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5228 /* 5229 * One last check before we allow the guy possibly 5230 * to get in. There is a race, where the guy has not 5231 * reached the gate. In that case 5232 */ 5233 goto out; 5234 } 5235 SCTP_TCB_LOCK(stcb); 5236 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5237 /* No reports here */ 5238 SCTP_TCB_UNLOCK(stcb); 5239 goto out; 5240 } 5241 SCTP_STAT_INCR(sctps_wu_sacks_sent); 5242 sctp_send_sack(stcb, SCTP_SO_LOCKED); 5243 5244 sctp_chunk_output(stcb->sctp_ep, stcb, 5245 SCTP_OUTPUT_FROM_USR_RCVD, SCTP_SO_LOCKED); 5246 /* make sure no timer is running */ 5247 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, 5248 SCTP_FROM_SCTPUTIL + SCTP_LOC_6); 5249 SCTP_TCB_UNLOCK(stcb); 5250 } else { 5251 /* Update how much we have pending */ 5252 stcb->freed_by_sorcv_sincelast = dif; 5253 } 5254 out: 5255 if (so && r_unlocked && hold_rlock) { 5256 SCTP_INP_READ_LOCK(stcb->sctp_ep); 5257 } 5258 5259 SCTP_INP_DECR_REF(stcb->sctp_ep); 5260 no_lock: 5261 atomic_add_int(&stcb->asoc.refcnt, -1); 5262 return; 5263 } 5264 5265 int 5266 sctp_sorecvmsg(struct socket *so, 5267 struct uio *uio, 5268 struct mbuf **mp, 5269 struct sockaddr *from, 5270 int fromlen, 5271 int *msg_flags, 5272 struct sctp_sndrcvinfo *sinfo, 5273 int filling_sinfo) 5274 { 5275 /* 5276 * MSG flags we will look at MSG_DONTWAIT - non-blocking IO. 5277 * MSG_PEEK - Look don't touch :-D (only valid with OUT mbuf copy 5278 * mp=NULL thus uio is the copy method to userland) MSG_WAITALL - ?? 5279 * On the way out we may send out any combination of: 5280 * MSG_NOTIFICATION MSG_EOR 5281 * 5282 */ 5283 struct sctp_inpcb *inp = NULL; 5284 ssize_t my_len = 0; 5285 ssize_t cp_len = 0; 5286 int error = 0; 5287 struct sctp_queued_to_read *control = NULL, *ctl = NULL, *nxt = NULL; 5288 struct mbuf *m = NULL; 5289 struct sctp_tcb *stcb = NULL; 5290 int wakeup_read_socket = 0; 5291 int freecnt_applied = 0; 5292 int out_flags = 0, in_flags = 0; 5293 int block_allowed = 1; 5294 uint32_t freed_so_far = 0; 5295 ssize_t copied_so_far = 0; 5296 int in_eeor_mode = 0; 5297 int no_rcv_needed = 0; 5298 uint32_t rwnd_req = 0; 5299 int hold_sblock = 0; 5300 int hold_rlock = 0; 5301 ssize_t slen = 0; 5302 uint32_t held_length = 0; 5303 int sockbuf_lock = 0; 5304 5305 if (uio == NULL) { 5306 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 5307 return (EINVAL); 5308 } 5309 5310 if (msg_flags) { 5311 in_flags = *msg_flags; 5312 if (in_flags & MSG_PEEK) 5313 SCTP_STAT_INCR(sctps_read_peeks); 5314 } else { 5315 in_flags = 0; 5316 } 5317 slen = uio->uio_resid; 5318 5319 /* Pull in and set up our int flags */ 5320 if (in_flags & MSG_OOB) { 5321 /* Out of band's NOT supported */ 5322 return (EOPNOTSUPP); 5323 } 5324 if ((in_flags & MSG_PEEK) && (mp != NULL)) { 5325 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 5326 return (EINVAL); 5327 } 5328 if ((in_flags & (MSG_DONTWAIT 5329 | MSG_NBIO 5330 )) || 5331 SCTP_SO_IS_NBIO(so)) { 5332 block_allowed = 0; 5333 } 5334 /* setup the endpoint */ 5335 inp = (struct sctp_inpcb *)so->so_pcb; 5336 if (inp == NULL) { 5337 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EFAULT); 5338 return (EFAULT); 5339 } 5340 rwnd_req = (SCTP_SB_LIMIT_RCV(so) >> SCTP_RWND_HIWAT_SHIFT); 5341 /* Must be at least a MTU's worth */ 5342 if (rwnd_req < SCTP_MIN_RWND) 5343 rwnd_req = SCTP_MIN_RWND; 5344 in_eeor_mode = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR); 5345 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 5346 sctp_misc_ints(SCTP_SORECV_ENTER, 5347 rwnd_req, in_eeor_mode, so->so_rcv.sb_cc, (uint32_t)uio->uio_resid); 5348 } 5349 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 5350 sctp_misc_ints(SCTP_SORECV_ENTERPL, 5351 rwnd_req, block_allowed, so->so_rcv.sb_cc, (uint32_t)uio->uio_resid); 5352 } 5353 5354 5355 error = sblock(&so->so_rcv, (block_allowed ? SBL_WAIT : 0)); 5356 if (error) { 5357 goto release_unlocked; 5358 } 5359 sockbuf_lock = 1; 5360 restart: 5361 5362 5363 restart_nosblocks: 5364 if (hold_sblock == 0) { 5365 SOCKBUF_LOCK(&so->so_rcv); 5366 hold_sblock = 1; 5367 } 5368 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 5369 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 5370 goto out; 5371 } 5372 if ((so->so_rcv.sb_state & SBS_CANTRCVMORE) && (so->so_rcv.sb_cc == 0)) { 5373 if (so->so_error) { 5374 error = so->so_error; 5375 if ((in_flags & MSG_PEEK) == 0) 5376 so->so_error = 0; 5377 goto out; 5378 } else { 5379 if (so->so_rcv.sb_cc == 0) { 5380 /* indicate EOF */ 5381 error = 0; 5382 goto out; 5383 } 5384 } 5385 } 5386 if (so->so_rcv.sb_cc <= held_length) { 5387 if (so->so_error) { 5388 error = so->so_error; 5389 if ((in_flags & MSG_PEEK) == 0) { 5390 so->so_error = 0; 5391 } 5392 goto out; 5393 } 5394 if ((so->so_rcv.sb_cc == 0) && 5395 ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 5396 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL))) { 5397 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0) { 5398 /* 5399 * For active open side clear flags for 5400 * re-use passive open is blocked by 5401 * connect. 5402 */ 5403 if (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED) { 5404 /* 5405 * You were aborted, passive side 5406 * always hits here 5407 */ 5408 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ECONNRESET); 5409 error = ECONNRESET; 5410 } 5411 so->so_state &= ~(SS_ISCONNECTING | 5412 SS_ISDISCONNECTING | 5413 SS_ISCONFIRMING | 5414 SS_ISCONNECTED); 5415 if (error == 0) { 5416 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) == 0) { 5417 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOTCONN); 5418 error = ENOTCONN; 5419 } 5420 } 5421 goto out; 5422 } 5423 } 5424 if (block_allowed) { 5425 error = sbwait(&so->so_rcv); 5426 if (error) { 5427 goto out; 5428 } 5429 held_length = 0; 5430 goto restart_nosblocks; 5431 } else { 5432 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EWOULDBLOCK); 5433 error = EWOULDBLOCK; 5434 goto out; 5435 } 5436 } 5437 if (hold_sblock == 1) { 5438 SOCKBUF_UNLOCK(&so->so_rcv); 5439 hold_sblock = 0; 5440 } 5441 /* we possibly have data we can read */ 5442 /* sa_ignore FREED_MEMORY */ 5443 control = TAILQ_FIRST(&inp->read_queue); 5444 if (control == NULL) { 5445 /* 5446 * This could be happening since the appender did the 5447 * increment but as not yet did the tailq insert onto the 5448 * read_queue 5449 */ 5450 if (hold_rlock == 0) { 5451 SCTP_INP_READ_LOCK(inp); 5452 } 5453 control = TAILQ_FIRST(&inp->read_queue); 5454 if ((control == NULL) && (so->so_rcv.sb_cc != 0)) { 5455 #ifdef INVARIANTS 5456 panic("Huh, its non zero and nothing on control?"); 5457 #endif 5458 so->so_rcv.sb_cc = 0; 5459 } 5460 SCTP_INP_READ_UNLOCK(inp); 5461 hold_rlock = 0; 5462 goto restart; 5463 } 5464 5465 if ((control->length == 0) && 5466 (control->do_not_ref_stcb)) { 5467 /* 5468 * Clean up code for freeing assoc that left behind a 5469 * pdapi.. maybe a peer in EEOR that just closed after 5470 * sending and never indicated a EOR. 5471 */ 5472 if (hold_rlock == 0) { 5473 hold_rlock = 1; 5474 SCTP_INP_READ_LOCK(inp); 5475 } 5476 control->held_length = 0; 5477 if (control->data) { 5478 /* Hmm there is data here .. fix */ 5479 struct mbuf *m_tmp; 5480 int cnt = 0; 5481 5482 m_tmp = control->data; 5483 while (m_tmp) { 5484 cnt += SCTP_BUF_LEN(m_tmp); 5485 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 5486 control->tail_mbuf = m_tmp; 5487 control->end_added = 1; 5488 } 5489 m_tmp = SCTP_BUF_NEXT(m_tmp); 5490 } 5491 control->length = cnt; 5492 } else { 5493 /* remove it */ 5494 TAILQ_REMOVE(&inp->read_queue, control, next); 5495 /* Add back any hiddend data */ 5496 sctp_free_remote_addr(control->whoFrom); 5497 sctp_free_a_readq(stcb, control); 5498 } 5499 if (hold_rlock) { 5500 hold_rlock = 0; 5501 SCTP_INP_READ_UNLOCK(inp); 5502 } 5503 goto restart; 5504 } 5505 if ((control->length == 0) && 5506 (control->end_added == 1)) { 5507 /* 5508 * Do we also need to check for (control->pdapi_aborted == 5509 * 1)? 5510 */ 5511 if (hold_rlock == 0) { 5512 hold_rlock = 1; 5513 SCTP_INP_READ_LOCK(inp); 5514 } 5515 TAILQ_REMOVE(&inp->read_queue, control, next); 5516 if (control->data) { 5517 #ifdef INVARIANTS 5518 panic("control->data not null but control->length == 0"); 5519 #else 5520 SCTP_PRINTF("Strange, data left in the control buffer. Cleaning up.\n"); 5521 sctp_m_freem(control->data); 5522 control->data = NULL; 5523 #endif 5524 } 5525 if (control->aux_data) { 5526 sctp_m_free(control->aux_data); 5527 control->aux_data = NULL; 5528 } 5529 #ifdef INVARIANTS 5530 if (control->on_strm_q) { 5531 panic("About to free ctl:%p so:%p and its in %d", 5532 control, so, control->on_strm_q); 5533 } 5534 #endif 5535 sctp_free_remote_addr(control->whoFrom); 5536 sctp_free_a_readq(stcb, control); 5537 if (hold_rlock) { 5538 hold_rlock = 0; 5539 SCTP_INP_READ_UNLOCK(inp); 5540 } 5541 goto restart; 5542 } 5543 if (control->length == 0) { 5544 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE)) && 5545 (filling_sinfo)) { 5546 /* find a more suitable one then this */ 5547 ctl = TAILQ_NEXT(control, next); 5548 while (ctl) { 5549 if ((ctl->stcb != control->stcb) && (ctl->length) && 5550 (ctl->some_taken || 5551 (ctl->spec_flags & M_NOTIFICATION) || 5552 ((ctl->do_not_ref_stcb == 0) && 5553 (ctl->stcb->asoc.strmin[ctl->sinfo_stream].delivery_started == 0))) 5554 ) { 5555 /*- 5556 * If we have a different TCB next, and there is data 5557 * present. If we have already taken some (pdapi), OR we can 5558 * ref the tcb and no delivery as started on this stream, we 5559 * take it. Note we allow a notification on a different 5560 * assoc to be delivered.. 5561 */ 5562 control = ctl; 5563 goto found_one; 5564 } else if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS)) && 5565 (ctl->length) && 5566 ((ctl->some_taken) || 5567 ((ctl->do_not_ref_stcb == 0) && 5568 ((ctl->spec_flags & M_NOTIFICATION) == 0) && 5569 (ctl->stcb->asoc.strmin[ctl->sinfo_stream].delivery_started == 0)))) { 5570 /*- 5571 * If we have the same tcb, and there is data present, and we 5572 * have the strm interleave feature present. Then if we have 5573 * taken some (pdapi) or we can refer to tht tcb AND we have 5574 * not started a delivery for this stream, we can take it. 5575 * Note we do NOT allow a notificaiton on the same assoc to 5576 * be delivered. 5577 */ 5578 control = ctl; 5579 goto found_one; 5580 } 5581 ctl = TAILQ_NEXT(ctl, next); 5582 } 5583 } 5584 /* 5585 * if we reach here, not suitable replacement is available 5586 * <or> fragment interleave is NOT on. So stuff the sb_cc 5587 * into the our held count, and its time to sleep again. 5588 */ 5589 held_length = so->so_rcv.sb_cc; 5590 control->held_length = so->so_rcv.sb_cc; 5591 goto restart; 5592 } 5593 /* Clear the held length since there is something to read */ 5594 control->held_length = 0; 5595 found_one: 5596 /* 5597 * If we reach here, control has a some data for us to read off. 5598 * Note that stcb COULD be NULL. 5599 */ 5600 if (hold_rlock == 0) { 5601 hold_rlock = 1; 5602 SCTP_INP_READ_LOCK(inp); 5603 } 5604 control->some_taken++; 5605 stcb = control->stcb; 5606 if (stcb) { 5607 if ((control->do_not_ref_stcb == 0) && 5608 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED)) { 5609 if (freecnt_applied == 0) 5610 stcb = NULL; 5611 } else if (control->do_not_ref_stcb == 0) { 5612 /* you can't free it on me please */ 5613 /* 5614 * The lock on the socket buffer protects us so the 5615 * free code will stop. But since we used the 5616 * socketbuf lock and the sender uses the tcb_lock 5617 * to increment, we need to use the atomic add to 5618 * the refcnt 5619 */ 5620 if (freecnt_applied) { 5621 #ifdef INVARIANTS 5622 panic("refcnt already incremented"); 5623 #else 5624 SCTP_PRINTF("refcnt already incremented?\n"); 5625 #endif 5626 } else { 5627 atomic_add_int(&stcb->asoc.refcnt, 1); 5628 freecnt_applied = 1; 5629 } 5630 /* 5631 * Setup to remember how much we have not yet told 5632 * the peer our rwnd has opened up. Note we grab the 5633 * value from the tcb from last time. Note too that 5634 * sack sending clears this when a sack is sent, 5635 * which is fine. Once we hit the rwnd_req, we then 5636 * will go to the sctp_user_rcvd() that will not 5637 * lock until it KNOWs it MUST send a WUP-SACK. 5638 */ 5639 freed_so_far = (uint32_t)stcb->freed_by_sorcv_sincelast; 5640 stcb->freed_by_sorcv_sincelast = 0; 5641 } 5642 } 5643 if (stcb && 5644 ((control->spec_flags & M_NOTIFICATION) == 0) && 5645 control->do_not_ref_stcb == 0) { 5646 stcb->asoc.strmin[control->sinfo_stream].delivery_started = 1; 5647 } 5648 5649 /* First lets get off the sinfo and sockaddr info */ 5650 if ((sinfo != NULL) && (filling_sinfo != 0)) { 5651 sinfo->sinfo_stream = control->sinfo_stream; 5652 sinfo->sinfo_ssn = (uint16_t)control->mid; 5653 sinfo->sinfo_flags = control->sinfo_flags; 5654 sinfo->sinfo_ppid = control->sinfo_ppid; 5655 sinfo->sinfo_context = control->sinfo_context; 5656 sinfo->sinfo_timetolive = control->sinfo_timetolive; 5657 sinfo->sinfo_tsn = control->sinfo_tsn; 5658 sinfo->sinfo_cumtsn = control->sinfo_cumtsn; 5659 sinfo->sinfo_assoc_id = control->sinfo_assoc_id; 5660 nxt = TAILQ_NEXT(control, next); 5661 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO) || 5662 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) { 5663 struct sctp_extrcvinfo *s_extra; 5664 5665 s_extra = (struct sctp_extrcvinfo *)sinfo; 5666 if ((nxt) && 5667 (nxt->length)) { 5668 s_extra->serinfo_next_flags = SCTP_NEXT_MSG_AVAIL; 5669 if (nxt->sinfo_flags & SCTP_UNORDERED) { 5670 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_IS_UNORDERED; 5671 } 5672 if (nxt->spec_flags & M_NOTIFICATION) { 5673 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_IS_NOTIFICATION; 5674 } 5675 s_extra->serinfo_next_aid = nxt->sinfo_assoc_id; 5676 s_extra->serinfo_next_length = nxt->length; 5677 s_extra->serinfo_next_ppid = nxt->sinfo_ppid; 5678 s_extra->serinfo_next_stream = nxt->sinfo_stream; 5679 if (nxt->tail_mbuf != NULL) { 5680 if (nxt->end_added) { 5681 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_ISCOMPLETE; 5682 } 5683 } 5684 } else { 5685 /* 5686 * we explicitly 0 this, since the memcpy 5687 * got some other things beyond the older 5688 * sinfo_ that is on the control's structure 5689 * :-D 5690 */ 5691 nxt = NULL; 5692 s_extra->serinfo_next_flags = SCTP_NO_NEXT_MSG; 5693 s_extra->serinfo_next_aid = 0; 5694 s_extra->serinfo_next_length = 0; 5695 s_extra->serinfo_next_ppid = 0; 5696 s_extra->serinfo_next_stream = 0; 5697 } 5698 } 5699 /* 5700 * update off the real current cum-ack, if we have an stcb. 5701 */ 5702 if ((control->do_not_ref_stcb == 0) && stcb) 5703 sinfo->sinfo_cumtsn = stcb->asoc.cumulative_tsn; 5704 /* 5705 * mask off the high bits, we keep the actual chunk bits in 5706 * there. 5707 */ 5708 sinfo->sinfo_flags &= 0x00ff; 5709 if ((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED) { 5710 sinfo->sinfo_flags |= SCTP_UNORDERED; 5711 } 5712 } 5713 #ifdef SCTP_ASOCLOG_OF_TSNS 5714 { 5715 int index, newindex; 5716 struct sctp_pcbtsn_rlog *entry; 5717 5718 do { 5719 index = inp->readlog_index; 5720 newindex = index + 1; 5721 if (newindex >= SCTP_READ_LOG_SIZE) { 5722 newindex = 0; 5723 } 5724 } while (atomic_cmpset_int(&inp->readlog_index, index, newindex) == 0); 5725 entry = &inp->readlog[index]; 5726 entry->vtag = control->sinfo_assoc_id; 5727 entry->strm = control->sinfo_stream; 5728 entry->seq = (uint16_t)control->mid; 5729 entry->sz = control->length; 5730 entry->flgs = control->sinfo_flags; 5731 } 5732 #endif 5733 if ((fromlen > 0) && (from != NULL)) { 5734 union sctp_sockstore store; 5735 size_t len; 5736 5737 switch (control->whoFrom->ro._l_addr.sa.sa_family) { 5738 #ifdef INET6 5739 case AF_INET6: 5740 len = sizeof(struct sockaddr_in6); 5741 store.sin6 = control->whoFrom->ro._l_addr.sin6; 5742 store.sin6.sin6_port = control->port_from; 5743 break; 5744 #endif 5745 #ifdef INET 5746 case AF_INET: 5747 #ifdef INET6 5748 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NEEDS_MAPPED_V4)) { 5749 len = sizeof(struct sockaddr_in6); 5750 in6_sin_2_v4mapsin6(&control->whoFrom->ro._l_addr.sin, 5751 &store.sin6); 5752 store.sin6.sin6_port = control->port_from; 5753 } else { 5754 len = sizeof(struct sockaddr_in); 5755 store.sin = control->whoFrom->ro._l_addr.sin; 5756 store.sin.sin_port = control->port_from; 5757 } 5758 #else 5759 len = sizeof(struct sockaddr_in); 5760 store.sin = control->whoFrom->ro._l_addr.sin; 5761 store.sin.sin_port = control->port_from; 5762 #endif 5763 break; 5764 #endif 5765 default: 5766 len = 0; 5767 break; 5768 } 5769 memcpy(from, &store, min((size_t)fromlen, len)); 5770 #ifdef INET6 5771 { 5772 struct sockaddr_in6 lsa6, *from6; 5773 5774 from6 = (struct sockaddr_in6 *)from; 5775 sctp_recover_scope_mac(from6, (&lsa6)); 5776 } 5777 #endif 5778 } 5779 if (hold_rlock) { 5780 SCTP_INP_READ_UNLOCK(inp); 5781 hold_rlock = 0; 5782 } 5783 if (hold_sblock) { 5784 SOCKBUF_UNLOCK(&so->so_rcv); 5785 hold_sblock = 0; 5786 } 5787 /* now copy out what data we can */ 5788 if (mp == NULL) { 5789 /* copy out each mbuf in the chain up to length */ 5790 get_more_data: 5791 m = control->data; 5792 while (m) { 5793 /* Move out all we can */ 5794 cp_len = uio->uio_resid; 5795 my_len = SCTP_BUF_LEN(m); 5796 if (cp_len > my_len) { 5797 /* not enough in this buf */ 5798 cp_len = my_len; 5799 } 5800 if (hold_rlock) { 5801 SCTP_INP_READ_UNLOCK(inp); 5802 hold_rlock = 0; 5803 } 5804 if (cp_len > 0) 5805 error = uiomove(mtod(m, char *), (int)cp_len, uio); 5806 /* re-read */ 5807 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 5808 goto release; 5809 } 5810 5811 if ((control->do_not_ref_stcb == 0) && stcb && 5812 stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5813 no_rcv_needed = 1; 5814 } 5815 if (error) { 5816 /* error we are out of here */ 5817 goto release; 5818 } 5819 SCTP_INP_READ_LOCK(inp); 5820 hold_rlock = 1; 5821 if (cp_len == SCTP_BUF_LEN(m)) { 5822 if ((SCTP_BUF_NEXT(m) == NULL) && 5823 (control->end_added)) { 5824 out_flags |= MSG_EOR; 5825 if ((control->do_not_ref_stcb == 0) && 5826 (control->stcb != NULL) && 5827 ((control->spec_flags & M_NOTIFICATION) == 0)) 5828 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 5829 } 5830 if (control->spec_flags & M_NOTIFICATION) { 5831 out_flags |= MSG_NOTIFICATION; 5832 } 5833 /* we ate up the mbuf */ 5834 if (in_flags & MSG_PEEK) { 5835 /* just looking */ 5836 m = SCTP_BUF_NEXT(m); 5837 copied_so_far += cp_len; 5838 } else { 5839 /* dispose of the mbuf */ 5840 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5841 sctp_sblog(&so->so_rcv, 5842 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 5843 } 5844 sctp_sbfree(control, stcb, &so->so_rcv, m); 5845 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5846 sctp_sblog(&so->so_rcv, 5847 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 5848 } 5849 copied_so_far += cp_len; 5850 freed_so_far += (uint32_t)cp_len; 5851 freed_so_far += MSIZE; 5852 atomic_subtract_int(&control->length, cp_len); 5853 control->data = sctp_m_free(m); 5854 m = control->data; 5855 /* 5856 * been through it all, must hold sb 5857 * lock ok to null tail 5858 */ 5859 if (control->data == NULL) { 5860 #ifdef INVARIANTS 5861 if ((control->end_added == 0) || 5862 (TAILQ_NEXT(control, next) == NULL)) { 5863 /* 5864 * If the end is not 5865 * added, OR the 5866 * next is NOT null 5867 * we MUST have the 5868 * lock. 5869 */ 5870 if (mtx_owned(&inp->inp_rdata_mtx) == 0) { 5871 panic("Hmm we don't own the lock?"); 5872 } 5873 } 5874 #endif 5875 control->tail_mbuf = NULL; 5876 #ifdef INVARIANTS 5877 if ((control->end_added) && ((out_flags & MSG_EOR) == 0)) { 5878 panic("end_added, nothing left and no MSG_EOR"); 5879 } 5880 #endif 5881 } 5882 } 5883 } else { 5884 /* Do we need to trim the mbuf? */ 5885 if (control->spec_flags & M_NOTIFICATION) { 5886 out_flags |= MSG_NOTIFICATION; 5887 } 5888 if ((in_flags & MSG_PEEK) == 0) { 5889 SCTP_BUF_RESV_UF(m, cp_len); 5890 SCTP_BUF_LEN(m) -= (int)cp_len; 5891 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5892 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, (int)cp_len); 5893 } 5894 atomic_subtract_int(&so->so_rcv.sb_cc, cp_len); 5895 if ((control->do_not_ref_stcb == 0) && 5896 stcb) { 5897 atomic_subtract_int(&stcb->asoc.sb_cc, cp_len); 5898 } 5899 copied_so_far += cp_len; 5900 freed_so_far += (uint32_t)cp_len; 5901 freed_so_far += MSIZE; 5902 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5903 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, 5904 SCTP_LOG_SBRESULT, 0); 5905 } 5906 atomic_subtract_int(&control->length, cp_len); 5907 } else { 5908 copied_so_far += cp_len; 5909 } 5910 } 5911 if ((out_flags & MSG_EOR) || (uio->uio_resid == 0)) { 5912 break; 5913 } 5914 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 5915 (control->do_not_ref_stcb == 0) && 5916 (freed_so_far >= rwnd_req)) { 5917 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5918 } 5919 } /* end while(m) */ 5920 /* 5921 * At this point we have looked at it all and we either have 5922 * a MSG_EOR/or read all the user wants... <OR> 5923 * control->length == 0. 5924 */ 5925 if ((out_flags & MSG_EOR) && ((in_flags & MSG_PEEK) == 0)) { 5926 /* we are done with this control */ 5927 if (control->length == 0) { 5928 if (control->data) { 5929 #ifdef INVARIANTS 5930 panic("control->data not null at read eor?"); 5931 #else 5932 SCTP_PRINTF("Strange, data left in the control buffer .. invarients would panic?\n"); 5933 sctp_m_freem(control->data); 5934 control->data = NULL; 5935 #endif 5936 } 5937 done_with_control: 5938 if (hold_rlock == 0) { 5939 SCTP_INP_READ_LOCK(inp); 5940 hold_rlock = 1; 5941 } 5942 TAILQ_REMOVE(&inp->read_queue, control, next); 5943 /* Add back any hiddend data */ 5944 if (control->held_length) { 5945 held_length = 0; 5946 control->held_length = 0; 5947 wakeup_read_socket = 1; 5948 } 5949 if (control->aux_data) { 5950 sctp_m_free(control->aux_data); 5951 control->aux_data = NULL; 5952 } 5953 no_rcv_needed = control->do_not_ref_stcb; 5954 sctp_free_remote_addr(control->whoFrom); 5955 control->data = NULL; 5956 #ifdef INVARIANTS 5957 if (control->on_strm_q) { 5958 panic("About to free ctl:%p so:%p and its in %d", 5959 control, so, control->on_strm_q); 5960 } 5961 #endif 5962 sctp_free_a_readq(stcb, control); 5963 control = NULL; 5964 if ((freed_so_far >= rwnd_req) && 5965 (no_rcv_needed == 0)) 5966 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5967 5968 } else { 5969 /* 5970 * The user did not read all of this 5971 * message, turn off the returned MSG_EOR 5972 * since we are leaving more behind on the 5973 * control to read. 5974 */ 5975 #ifdef INVARIANTS 5976 if (control->end_added && 5977 (control->data == NULL) && 5978 (control->tail_mbuf == NULL)) { 5979 panic("Gak, control->length is corrupt?"); 5980 } 5981 #endif 5982 no_rcv_needed = control->do_not_ref_stcb; 5983 out_flags &= ~MSG_EOR; 5984 } 5985 } 5986 if (out_flags & MSG_EOR) { 5987 goto release; 5988 } 5989 if ((uio->uio_resid == 0) || 5990 ((in_eeor_mode) && 5991 (copied_so_far >= max(so->so_rcv.sb_lowat, 1)))) { 5992 goto release; 5993 } 5994 /* 5995 * If I hit here the receiver wants more and this message is 5996 * NOT done (pd-api). So two questions. Can we block? if not 5997 * we are done. Did the user NOT set MSG_WAITALL? 5998 */ 5999 if (block_allowed == 0) { 6000 goto release; 6001 } 6002 /* 6003 * We need to wait for more data a few things: - We don't 6004 * sbunlock() so we don't get someone else reading. - We 6005 * must be sure to account for the case where what is added 6006 * is NOT to our control when we wakeup. 6007 */ 6008 6009 /* 6010 * Do we need to tell the transport a rwnd update might be 6011 * needed before we go to sleep? 6012 */ 6013 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 6014 ((freed_so_far >= rwnd_req) && 6015 (control->do_not_ref_stcb == 0) && 6016 (no_rcv_needed == 0))) { 6017 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 6018 } 6019 wait_some_more: 6020 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) { 6021 goto release; 6022 } 6023 6024 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) 6025 goto release; 6026 6027 if (hold_rlock == 1) { 6028 SCTP_INP_READ_UNLOCK(inp); 6029 hold_rlock = 0; 6030 } 6031 if (hold_sblock == 0) { 6032 SOCKBUF_LOCK(&so->so_rcv); 6033 hold_sblock = 1; 6034 } 6035 if ((copied_so_far) && (control->length == 0) && 6036 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE))) { 6037 goto release; 6038 } 6039 if (so->so_rcv.sb_cc <= control->held_length) { 6040 error = sbwait(&so->so_rcv); 6041 if (error) { 6042 goto release; 6043 } 6044 control->held_length = 0; 6045 } 6046 if (hold_sblock) { 6047 SOCKBUF_UNLOCK(&so->so_rcv); 6048 hold_sblock = 0; 6049 } 6050 if (control->length == 0) { 6051 /* still nothing here */ 6052 if (control->end_added == 1) { 6053 /* he aborted, or is done i.e.did a shutdown */ 6054 out_flags |= MSG_EOR; 6055 if (control->pdapi_aborted) { 6056 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0)) 6057 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 6058 6059 out_flags |= MSG_TRUNC; 6060 } else { 6061 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0)) 6062 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 6063 } 6064 goto done_with_control; 6065 } 6066 if (so->so_rcv.sb_cc > held_length) { 6067 control->held_length = so->so_rcv.sb_cc; 6068 held_length = 0; 6069 } 6070 goto wait_some_more; 6071 } else if (control->data == NULL) { 6072 /* 6073 * we must re-sync since data is probably being 6074 * added 6075 */ 6076 SCTP_INP_READ_LOCK(inp); 6077 if ((control->length > 0) && (control->data == NULL)) { 6078 /* 6079 * big trouble.. we have the lock and its 6080 * corrupt? 6081 */ 6082 #ifdef INVARIANTS 6083 panic("Impossible data==NULL length !=0"); 6084 #endif 6085 out_flags |= MSG_EOR; 6086 out_flags |= MSG_TRUNC; 6087 control->length = 0; 6088 SCTP_INP_READ_UNLOCK(inp); 6089 goto done_with_control; 6090 } 6091 SCTP_INP_READ_UNLOCK(inp); 6092 /* We will fall around to get more data */ 6093 } 6094 goto get_more_data; 6095 } else { 6096 /*- 6097 * Give caller back the mbuf chain, 6098 * store in uio_resid the length 6099 */ 6100 wakeup_read_socket = 0; 6101 if ((control->end_added == 0) || 6102 (TAILQ_NEXT(control, next) == NULL)) { 6103 /* Need to get rlock */ 6104 if (hold_rlock == 0) { 6105 SCTP_INP_READ_LOCK(inp); 6106 hold_rlock = 1; 6107 } 6108 } 6109 if (control->end_added) { 6110 out_flags |= MSG_EOR; 6111 if ((control->do_not_ref_stcb == 0) && 6112 (control->stcb != NULL) && 6113 ((control->spec_flags & M_NOTIFICATION) == 0)) 6114 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 6115 } 6116 if (control->spec_flags & M_NOTIFICATION) { 6117 out_flags |= MSG_NOTIFICATION; 6118 } 6119 uio->uio_resid = control->length; 6120 *mp = control->data; 6121 m = control->data; 6122 while (m) { 6123 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 6124 sctp_sblog(&so->so_rcv, 6125 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 6126 } 6127 sctp_sbfree(control, stcb, &so->so_rcv, m); 6128 freed_so_far += (uint32_t)SCTP_BUF_LEN(m); 6129 freed_so_far += MSIZE; 6130 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 6131 sctp_sblog(&so->so_rcv, 6132 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 6133 } 6134 m = SCTP_BUF_NEXT(m); 6135 } 6136 control->data = control->tail_mbuf = NULL; 6137 control->length = 0; 6138 if (out_flags & MSG_EOR) { 6139 /* Done with this control */ 6140 goto done_with_control; 6141 } 6142 } 6143 release: 6144 if (hold_rlock == 1) { 6145 SCTP_INP_READ_UNLOCK(inp); 6146 hold_rlock = 0; 6147 } 6148 if (hold_sblock == 1) { 6149 SOCKBUF_UNLOCK(&so->so_rcv); 6150 hold_sblock = 0; 6151 } 6152 6153 sbunlock(&so->so_rcv); 6154 sockbuf_lock = 0; 6155 6156 release_unlocked: 6157 if (hold_sblock) { 6158 SOCKBUF_UNLOCK(&so->so_rcv); 6159 hold_sblock = 0; 6160 } 6161 if ((stcb) && (in_flags & MSG_PEEK) == 0) { 6162 if ((freed_so_far >= rwnd_req) && 6163 (control && (control->do_not_ref_stcb == 0)) && 6164 (no_rcv_needed == 0)) 6165 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 6166 } 6167 out: 6168 if (msg_flags) { 6169 *msg_flags = out_flags; 6170 } 6171 if (((out_flags & MSG_EOR) == 0) && 6172 ((in_flags & MSG_PEEK) == 0) && 6173 (sinfo) && 6174 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO) || 6175 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO))) { 6176 struct sctp_extrcvinfo *s_extra; 6177 6178 s_extra = (struct sctp_extrcvinfo *)sinfo; 6179 s_extra->serinfo_next_flags = SCTP_NO_NEXT_MSG; 6180 } 6181 if (hold_rlock == 1) { 6182 SCTP_INP_READ_UNLOCK(inp); 6183 } 6184 if (hold_sblock) { 6185 SOCKBUF_UNLOCK(&so->so_rcv); 6186 } 6187 if (sockbuf_lock) { 6188 sbunlock(&so->so_rcv); 6189 } 6190 6191 if (freecnt_applied) { 6192 /* 6193 * The lock on the socket buffer protects us so the free 6194 * code will stop. But since we used the socketbuf lock and 6195 * the sender uses the tcb_lock to increment, we need to use 6196 * the atomic add to the refcnt. 6197 */ 6198 if (stcb == NULL) { 6199 #ifdef INVARIANTS 6200 panic("stcb for refcnt has gone NULL?"); 6201 goto stage_left; 6202 #else 6203 goto stage_left; 6204 #endif 6205 } 6206 /* Save the value back for next time */ 6207 stcb->freed_by_sorcv_sincelast = freed_so_far; 6208 atomic_add_int(&stcb->asoc.refcnt, -1); 6209 } 6210 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 6211 if (stcb) { 6212 sctp_misc_ints(SCTP_SORECV_DONE, 6213 freed_so_far, 6214 (uint32_t)((uio) ? (slen - uio->uio_resid) : slen), 6215 stcb->asoc.my_rwnd, 6216 so->so_rcv.sb_cc); 6217 } else { 6218 sctp_misc_ints(SCTP_SORECV_DONE, 6219 freed_so_far, 6220 (uint32_t)((uio) ? (slen - uio->uio_resid) : slen), 6221 0, 6222 so->so_rcv.sb_cc); 6223 } 6224 } 6225 stage_left: 6226 if (wakeup_read_socket) { 6227 sctp_sorwakeup(inp, so); 6228 } 6229 return (error); 6230 } 6231 6232 6233 #ifdef SCTP_MBUF_LOGGING 6234 struct mbuf * 6235 sctp_m_free(struct mbuf *m) 6236 { 6237 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 6238 sctp_log_mb(m, SCTP_MBUF_IFREE); 6239 } 6240 return (m_free(m)); 6241 } 6242 6243 void 6244 sctp_m_freem(struct mbuf *mb) 6245 { 6246 while (mb != NULL) 6247 mb = sctp_m_free(mb); 6248 } 6249 6250 #endif 6251 6252 int 6253 sctp_dynamic_set_primary(struct sockaddr *sa, uint32_t vrf_id) 6254 { 6255 /* 6256 * Given a local address. For all associations that holds the 6257 * address, request a peer-set-primary. 6258 */ 6259 struct sctp_ifa *ifa; 6260 struct sctp_laddr *wi; 6261 6262 ifa = sctp_find_ifa_by_addr(sa, vrf_id, 0); 6263 if (ifa == NULL) { 6264 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EADDRNOTAVAIL); 6265 return (EADDRNOTAVAIL); 6266 } 6267 /* 6268 * Now that we have the ifa we must awaken the iterator with this 6269 * message. 6270 */ 6271 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 6272 if (wi == NULL) { 6273 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 6274 return (ENOMEM); 6275 } 6276 /* Now incr the count and int wi structure */ 6277 SCTP_INCR_LADDR_COUNT(); 6278 memset(wi, 0, sizeof(*wi)); 6279 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time); 6280 wi->ifa = ifa; 6281 wi->action = SCTP_SET_PRIM_ADDR; 6282 atomic_add_int(&ifa->refcount, 1); 6283 6284 /* Now add it to the work queue */ 6285 SCTP_WQ_ADDR_LOCK(); 6286 /* 6287 * Should this really be a tailq? As it is we will process the 6288 * newest first :-0 6289 */ 6290 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); 6291 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 6292 (struct sctp_inpcb *)NULL, 6293 (struct sctp_tcb *)NULL, 6294 (struct sctp_nets *)NULL); 6295 SCTP_WQ_ADDR_UNLOCK(); 6296 return (0); 6297 } 6298 6299 6300 int 6301 sctp_soreceive(struct socket *so, 6302 struct sockaddr **psa, 6303 struct uio *uio, 6304 struct mbuf **mp0, 6305 struct mbuf **controlp, 6306 int *flagsp) 6307 { 6308 int error, fromlen; 6309 uint8_t sockbuf[256]; 6310 struct sockaddr *from; 6311 struct sctp_extrcvinfo sinfo; 6312 int filling_sinfo = 1; 6313 int flags; 6314 struct sctp_inpcb *inp; 6315 6316 inp = (struct sctp_inpcb *)so->so_pcb; 6317 /* pickup the assoc we are reading from */ 6318 if (inp == NULL) { 6319 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6320 return (EINVAL); 6321 } 6322 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT) && 6323 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVRCVINFO) && 6324 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) || 6325 (controlp == NULL)) { 6326 /* user does not want the sndrcv ctl */ 6327 filling_sinfo = 0; 6328 } 6329 if (psa) { 6330 from = (struct sockaddr *)sockbuf; 6331 fromlen = sizeof(sockbuf); 6332 from->sa_len = 0; 6333 } else { 6334 from = NULL; 6335 fromlen = 0; 6336 } 6337 6338 if (filling_sinfo) { 6339 memset(&sinfo, 0, sizeof(struct sctp_extrcvinfo)); 6340 } 6341 if (flagsp != NULL) { 6342 flags = *flagsp; 6343 } else { 6344 flags = 0; 6345 } 6346 error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, &flags, 6347 (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo); 6348 if (flagsp != NULL) { 6349 *flagsp = flags; 6350 } 6351 if (controlp != NULL) { 6352 /* copy back the sinfo in a CMSG format */ 6353 if (filling_sinfo && ((flags & MSG_NOTIFICATION) == 0)) { 6354 *controlp = sctp_build_ctl_nchunk(inp, 6355 (struct sctp_sndrcvinfo *)&sinfo); 6356 } else { 6357 *controlp = NULL; 6358 } 6359 } 6360 if (psa) { 6361 /* copy back the address info */ 6362 if (from && from->sa_len) { 6363 *psa = sodupsockaddr(from, M_NOWAIT); 6364 } else { 6365 *psa = NULL; 6366 } 6367 } 6368 return (error); 6369 } 6370 6371 6372 6373 6374 6375 int 6376 sctp_connectx_helper_add(struct sctp_tcb *stcb, struct sockaddr *addr, 6377 int totaddr, int *error) 6378 { 6379 int added = 0; 6380 int i; 6381 struct sctp_inpcb *inp; 6382 struct sockaddr *sa; 6383 size_t incr = 0; 6384 #ifdef INET 6385 struct sockaddr_in *sin; 6386 #endif 6387 #ifdef INET6 6388 struct sockaddr_in6 *sin6; 6389 #endif 6390 6391 sa = addr; 6392 inp = stcb->sctp_ep; 6393 *error = 0; 6394 for (i = 0; i < totaddr; i++) { 6395 switch (sa->sa_family) { 6396 #ifdef INET 6397 case AF_INET: 6398 incr = sizeof(struct sockaddr_in); 6399 sin = (struct sockaddr_in *)sa; 6400 if ((sin->sin_addr.s_addr == INADDR_ANY) || 6401 (sin->sin_addr.s_addr == INADDR_BROADCAST) || 6402 IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { 6403 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6404 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6405 SCTP_FROM_SCTPUTIL + SCTP_LOC_7); 6406 *error = EINVAL; 6407 goto out_now; 6408 } 6409 if (sctp_add_remote_addr(stcb, sa, NULL, stcb->asoc.port, 6410 SCTP_DONOT_SETSCOPE, 6411 SCTP_ADDR_IS_CONFIRMED)) { 6412 /* assoc gone no un-lock */ 6413 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOBUFS); 6414 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6415 SCTP_FROM_SCTPUTIL + SCTP_LOC_8); 6416 *error = ENOBUFS; 6417 goto out_now; 6418 } 6419 added++; 6420 break; 6421 #endif 6422 #ifdef INET6 6423 case AF_INET6: 6424 incr = sizeof(struct sockaddr_in6); 6425 sin6 = (struct sockaddr_in6 *)sa; 6426 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) || 6427 IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 6428 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6429 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6430 SCTP_FROM_SCTPUTIL + SCTP_LOC_9); 6431 *error = EINVAL; 6432 goto out_now; 6433 } 6434 if (sctp_add_remote_addr(stcb, sa, NULL, stcb->asoc.port, 6435 SCTP_DONOT_SETSCOPE, 6436 SCTP_ADDR_IS_CONFIRMED)) { 6437 /* assoc gone no un-lock */ 6438 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOBUFS); 6439 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6440 SCTP_FROM_SCTPUTIL + SCTP_LOC_10); 6441 *error = ENOBUFS; 6442 goto out_now; 6443 } 6444 added++; 6445 break; 6446 #endif 6447 default: 6448 break; 6449 } 6450 sa = (struct sockaddr *)((caddr_t)sa + incr); 6451 } 6452 out_now: 6453 return (added); 6454 } 6455 6456 int 6457 sctp_connectx_helper_find(struct sctp_inpcb *inp, struct sockaddr *addr, 6458 unsigned int totaddr, 6459 unsigned int *num_v4, unsigned int *num_v6, 6460 unsigned int limit) 6461 { 6462 struct sockaddr *sa; 6463 struct sctp_tcb *stcb; 6464 unsigned int incr, at, i; 6465 6466 at = 0; 6467 sa = addr; 6468 *num_v6 = *num_v4 = 0; 6469 /* account and validate addresses */ 6470 if (totaddr == 0) { 6471 return (EINVAL); 6472 } 6473 for (i = 0; i < totaddr; i++) { 6474 if (at + sizeof(struct sockaddr) > limit) { 6475 return (EINVAL); 6476 } 6477 switch (sa->sa_family) { 6478 #ifdef INET 6479 case AF_INET: 6480 incr = (unsigned int)sizeof(struct sockaddr_in); 6481 if (sa->sa_len != incr) { 6482 return (EINVAL); 6483 } 6484 (*num_v4) += 1; 6485 break; 6486 #endif 6487 #ifdef INET6 6488 case AF_INET6: 6489 { 6490 struct sockaddr_in6 *sin6; 6491 6492 sin6 = (struct sockaddr_in6 *)sa; 6493 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6494 /* Must be non-mapped for connectx */ 6495 return (EINVAL); 6496 } 6497 incr = (unsigned int)sizeof(struct sockaddr_in6); 6498 if (sa->sa_len != incr) { 6499 return (EINVAL); 6500 } 6501 (*num_v6) += 1; 6502 break; 6503 } 6504 #endif 6505 default: 6506 return (EINVAL); 6507 } 6508 if ((at + incr) > limit) { 6509 return (EINVAL); 6510 } 6511 SCTP_INP_INCR_REF(inp); 6512 stcb = sctp_findassociation_ep_addr(&inp, sa, NULL, NULL, NULL); 6513 if (stcb != NULL) { 6514 SCTP_TCB_UNLOCK(stcb); 6515 return (EALREADY); 6516 } else { 6517 SCTP_INP_DECR_REF(inp); 6518 } 6519 at += incr; 6520 sa = (struct sockaddr *)((caddr_t)sa + incr); 6521 } 6522 return (0); 6523 } 6524 6525 /* 6526 * sctp_bindx(ADD) for one address. 6527 * assumes all arguments are valid/checked by caller. 6528 */ 6529 void 6530 sctp_bindx_add_address(struct socket *so, struct sctp_inpcb *inp, 6531 struct sockaddr *sa, sctp_assoc_t assoc_id, 6532 uint32_t vrf_id, int *error, void *p) 6533 { 6534 struct sockaddr *addr_touse; 6535 #if defined(INET) && defined(INET6) 6536 struct sockaddr_in sin; 6537 #endif 6538 6539 /* see if we're bound all already! */ 6540 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6541 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6542 *error = EINVAL; 6543 return; 6544 } 6545 addr_touse = sa; 6546 #ifdef INET6 6547 if (sa->sa_family == AF_INET6) { 6548 #ifdef INET 6549 struct sockaddr_in6 *sin6; 6550 6551 #endif 6552 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6553 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6554 *error = EINVAL; 6555 return; 6556 } 6557 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 6558 /* can only bind v6 on PF_INET6 sockets */ 6559 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6560 *error = EINVAL; 6561 return; 6562 } 6563 #ifdef INET 6564 sin6 = (struct sockaddr_in6 *)addr_touse; 6565 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6566 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6567 SCTP_IPV6_V6ONLY(inp)) { 6568 /* can't bind v4-mapped on PF_INET sockets */ 6569 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6570 *error = EINVAL; 6571 return; 6572 } 6573 in6_sin6_2_sin(&sin, sin6); 6574 addr_touse = (struct sockaddr *)&sin; 6575 } 6576 #endif 6577 } 6578 #endif 6579 #ifdef INET 6580 if (sa->sa_family == AF_INET) { 6581 if (sa->sa_len != sizeof(struct sockaddr_in)) { 6582 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6583 *error = EINVAL; 6584 return; 6585 } 6586 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6587 SCTP_IPV6_V6ONLY(inp)) { 6588 /* can't bind v4 on PF_INET sockets */ 6589 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6590 *error = EINVAL; 6591 return; 6592 } 6593 } 6594 #endif 6595 if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) { 6596 if (p == NULL) { 6597 /* Can't get proc for Net/Open BSD */ 6598 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6599 *error = EINVAL; 6600 return; 6601 } 6602 *error = sctp_inpcb_bind(so, addr_touse, NULL, p); 6603 return; 6604 } 6605 /* 6606 * No locks required here since bind and mgmt_ep_sa all do their own 6607 * locking. If we do something for the FIX: below we may need to 6608 * lock in that case. 6609 */ 6610 if (assoc_id == 0) { 6611 /* add the address */ 6612 struct sctp_inpcb *lep; 6613 struct sockaddr_in *lsin = (struct sockaddr_in *)addr_touse; 6614 6615 /* validate the incoming port */ 6616 if ((lsin->sin_port != 0) && 6617 (lsin->sin_port != inp->sctp_lport)) { 6618 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6619 *error = EINVAL; 6620 return; 6621 } else { 6622 /* user specified 0 port, set it to existing port */ 6623 lsin->sin_port = inp->sctp_lport; 6624 } 6625 6626 lep = sctp_pcb_findep(addr_touse, 1, 0, vrf_id); 6627 if (lep != NULL) { 6628 /* 6629 * We must decrement the refcount since we have the 6630 * ep already and are binding. No remove going on 6631 * here. 6632 */ 6633 SCTP_INP_DECR_REF(lep); 6634 } 6635 if (lep == inp) { 6636 /* already bound to it.. ok */ 6637 return; 6638 } else if (lep == NULL) { 6639 ((struct sockaddr_in *)addr_touse)->sin_port = 0; 6640 *error = sctp_addr_mgmt_ep_sa(inp, addr_touse, 6641 SCTP_ADD_IP_ADDRESS, 6642 vrf_id, NULL); 6643 } else { 6644 *error = EADDRINUSE; 6645 } 6646 if (*error) 6647 return; 6648 } else { 6649 /* 6650 * FIX: decide whether we allow assoc based bindx 6651 */ 6652 } 6653 } 6654 6655 /* 6656 * sctp_bindx(DELETE) for one address. 6657 * assumes all arguments are valid/checked by caller. 6658 */ 6659 void 6660 sctp_bindx_delete_address(struct sctp_inpcb *inp, 6661 struct sockaddr *sa, sctp_assoc_t assoc_id, 6662 uint32_t vrf_id, int *error) 6663 { 6664 struct sockaddr *addr_touse; 6665 #if defined(INET) && defined(INET6) 6666 struct sockaddr_in sin; 6667 #endif 6668 6669 /* see if we're bound all already! */ 6670 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6671 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6672 *error = EINVAL; 6673 return; 6674 } 6675 addr_touse = sa; 6676 #ifdef INET6 6677 if (sa->sa_family == AF_INET6) { 6678 #ifdef INET 6679 struct sockaddr_in6 *sin6; 6680 #endif 6681 6682 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6683 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6684 *error = EINVAL; 6685 return; 6686 } 6687 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 6688 /* can only bind v6 on PF_INET6 sockets */ 6689 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6690 *error = EINVAL; 6691 return; 6692 } 6693 #ifdef INET 6694 sin6 = (struct sockaddr_in6 *)addr_touse; 6695 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6696 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6697 SCTP_IPV6_V6ONLY(inp)) { 6698 /* can't bind mapped-v4 on PF_INET sockets */ 6699 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6700 *error = EINVAL; 6701 return; 6702 } 6703 in6_sin6_2_sin(&sin, sin6); 6704 addr_touse = (struct sockaddr *)&sin; 6705 } 6706 #endif 6707 } 6708 #endif 6709 #ifdef INET 6710 if (sa->sa_family == AF_INET) { 6711 if (sa->sa_len != sizeof(struct sockaddr_in)) { 6712 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6713 *error = EINVAL; 6714 return; 6715 } 6716 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6717 SCTP_IPV6_V6ONLY(inp)) { 6718 /* can't bind v4 on PF_INET sockets */ 6719 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6720 *error = EINVAL; 6721 return; 6722 } 6723 } 6724 #endif 6725 /* 6726 * No lock required mgmt_ep_sa does its own locking. If the FIX: 6727 * below is ever changed we may need to lock before calling 6728 * association level binding. 6729 */ 6730 if (assoc_id == 0) { 6731 /* delete the address */ 6732 *error = sctp_addr_mgmt_ep_sa(inp, addr_touse, 6733 SCTP_DEL_IP_ADDRESS, 6734 vrf_id, NULL); 6735 } else { 6736 /* 6737 * FIX: decide whether we allow assoc based bindx 6738 */ 6739 } 6740 } 6741 6742 /* 6743 * returns the valid local address count for an assoc, taking into account 6744 * all scoping rules 6745 */ 6746 int 6747 sctp_local_addr_count(struct sctp_tcb *stcb) 6748 { 6749 int loopback_scope; 6750 #if defined(INET) 6751 int ipv4_local_scope, ipv4_addr_legal; 6752 #endif 6753 #if defined (INET6) 6754 int local_scope, site_scope, ipv6_addr_legal; 6755 #endif 6756 struct sctp_vrf *vrf; 6757 struct sctp_ifn *sctp_ifn; 6758 struct sctp_ifa *sctp_ifa; 6759 int count = 0; 6760 6761 /* Turn on all the appropriate scopes */ 6762 loopback_scope = stcb->asoc.scope.loopback_scope; 6763 #if defined(INET) 6764 ipv4_local_scope = stcb->asoc.scope.ipv4_local_scope; 6765 ipv4_addr_legal = stcb->asoc.scope.ipv4_addr_legal; 6766 #endif 6767 #if defined(INET6) 6768 local_scope = stcb->asoc.scope.local_scope; 6769 site_scope = stcb->asoc.scope.site_scope; 6770 ipv6_addr_legal = stcb->asoc.scope.ipv6_addr_legal; 6771 #endif 6772 SCTP_IPI_ADDR_RLOCK(); 6773 vrf = sctp_find_vrf(stcb->asoc.vrf_id); 6774 if (vrf == NULL) { 6775 /* no vrf, no addresses */ 6776 SCTP_IPI_ADDR_RUNLOCK(); 6777 return (0); 6778 } 6779 6780 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6781 /* 6782 * bound all case: go through all ifns on the vrf 6783 */ 6784 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 6785 if ((loopback_scope == 0) && 6786 SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 6787 continue; 6788 } 6789 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 6790 if (sctp_is_addr_restricted(stcb, sctp_ifa)) 6791 continue; 6792 switch (sctp_ifa->address.sa.sa_family) { 6793 #ifdef INET 6794 case AF_INET: 6795 if (ipv4_addr_legal) { 6796 struct sockaddr_in *sin; 6797 6798 sin = &sctp_ifa->address.sin; 6799 if (sin->sin_addr.s_addr == 0) { 6800 /* 6801 * skip unspecified 6802 * addrs 6803 */ 6804 continue; 6805 } 6806 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, 6807 &sin->sin_addr) != 0) { 6808 continue; 6809 } 6810 if ((ipv4_local_scope == 0) && 6811 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 6812 continue; 6813 } 6814 /* count this one */ 6815 count++; 6816 } else { 6817 continue; 6818 } 6819 break; 6820 #endif 6821 #ifdef INET6 6822 case AF_INET6: 6823 if (ipv6_addr_legal) { 6824 struct sockaddr_in6 *sin6; 6825 6826 sin6 = &sctp_ifa->address.sin6; 6827 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 6828 continue; 6829 } 6830 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, 6831 &sin6->sin6_addr) != 0) { 6832 continue; 6833 } 6834 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 6835 if (local_scope == 0) 6836 continue; 6837 if (sin6->sin6_scope_id == 0) { 6838 if (sa6_recoverscope(sin6) != 0) 6839 /* 6840 * 6841 * bad 6842 * link 6843 * 6844 * local 6845 * 6846 * address 6847 */ 6848 continue; 6849 } 6850 } 6851 if ((site_scope == 0) && 6852 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 6853 continue; 6854 } 6855 /* count this one */ 6856 count++; 6857 } 6858 break; 6859 #endif 6860 default: 6861 /* TSNH */ 6862 break; 6863 } 6864 } 6865 } 6866 } else { 6867 /* 6868 * subset bound case 6869 */ 6870 struct sctp_laddr *laddr; 6871 6872 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, 6873 sctp_nxt_addr) { 6874 if (sctp_is_addr_restricted(stcb, laddr->ifa)) { 6875 continue; 6876 } 6877 /* count this one */ 6878 count++; 6879 } 6880 } 6881 SCTP_IPI_ADDR_RUNLOCK(); 6882 return (count); 6883 } 6884 6885 #if defined(SCTP_LOCAL_TRACE_BUF) 6886 6887 void 6888 sctp_log_trace(uint32_t subsys, const char *str SCTP_UNUSED, uint32_t a, uint32_t b, uint32_t c, uint32_t d, uint32_t e, uint32_t f) 6889 { 6890 uint32_t saveindex, newindex; 6891 6892 do { 6893 saveindex = SCTP_BASE_SYSCTL(sctp_log).index; 6894 if (saveindex >= SCTP_MAX_LOGGING_SIZE) { 6895 newindex = 1; 6896 } else { 6897 newindex = saveindex + 1; 6898 } 6899 } while (atomic_cmpset_int(&SCTP_BASE_SYSCTL(sctp_log).index, saveindex, newindex) == 0); 6900 if (saveindex >= SCTP_MAX_LOGGING_SIZE) { 6901 saveindex = 0; 6902 } 6903 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].timestamp = SCTP_GET_CYCLECOUNT; 6904 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].subsys = subsys; 6905 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[0] = a; 6906 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[1] = b; 6907 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[2] = c; 6908 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[3] = d; 6909 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[4] = e; 6910 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[5] = f; 6911 } 6912 6913 #endif 6914 static void 6915 sctp_recv_udp_tunneled_packet(struct mbuf *m, int off, struct inpcb *inp, 6916 const struct sockaddr *sa SCTP_UNUSED, void *ctx SCTP_UNUSED) 6917 { 6918 struct ip *iph; 6919 #ifdef INET6 6920 struct ip6_hdr *ip6; 6921 #endif 6922 struct mbuf *sp, *last; 6923 struct udphdr *uhdr; 6924 uint16_t port; 6925 6926 if ((m->m_flags & M_PKTHDR) == 0) { 6927 /* Can't handle one that is not a pkt hdr */ 6928 goto out; 6929 } 6930 /* Pull the src port */ 6931 iph = mtod(m, struct ip *); 6932 uhdr = (struct udphdr *)((caddr_t)iph + off); 6933 port = uhdr->uh_sport; 6934 /* 6935 * Split out the mbuf chain. Leave the IP header in m, place the 6936 * rest in the sp. 6937 */ 6938 sp = m_split(m, off, M_NOWAIT); 6939 if (sp == NULL) { 6940 /* Gak, drop packet, we can't do a split */ 6941 goto out; 6942 } 6943 if (sp->m_pkthdr.len < sizeof(struct udphdr) + sizeof(struct sctphdr)) { 6944 /* Gak, packet can't have an SCTP header in it - too small */ 6945 m_freem(sp); 6946 goto out; 6947 } 6948 /* Now pull up the UDP header and SCTP header together */ 6949 sp = m_pullup(sp, sizeof(struct udphdr) + sizeof(struct sctphdr)); 6950 if (sp == NULL) { 6951 /* Gak pullup failed */ 6952 goto out; 6953 } 6954 /* Trim out the UDP header */ 6955 m_adj(sp, sizeof(struct udphdr)); 6956 6957 /* Now reconstruct the mbuf chain */ 6958 for (last = m; last->m_next; last = last->m_next); 6959 last->m_next = sp; 6960 m->m_pkthdr.len += sp->m_pkthdr.len; 6961 /* 6962 * The CSUM_DATA_VALID flags indicates that the HW checked the UDP 6963 * checksum and it was valid. Since CSUM_DATA_VALID == 6964 * CSUM_SCTP_VALID this would imply that the HW also verified the 6965 * SCTP checksum. Therefore, clear the bit. 6966 */ 6967 SCTPDBG(SCTP_DEBUG_CRCOFFLOAD, 6968 "sctp_recv_udp_tunneled_packet(): Packet of length %d received on %s with csum_flags 0x%b.\n", 6969 m->m_pkthdr.len, 6970 if_name(m->m_pkthdr.rcvif), 6971 (int)m->m_pkthdr.csum_flags, CSUM_BITS); 6972 m->m_pkthdr.csum_flags &= ~CSUM_DATA_VALID; 6973 iph = mtod(m, struct ip *); 6974 switch (iph->ip_v) { 6975 #ifdef INET 6976 case IPVERSION: 6977 iph->ip_len = htons(ntohs(iph->ip_len) - sizeof(struct udphdr)); 6978 sctp_input_with_port(m, off, port); 6979 break; 6980 #endif 6981 #ifdef INET6 6982 case IPV6_VERSION >> 4: 6983 ip6 = mtod(m, struct ip6_hdr *); 6984 ip6->ip6_plen = htons(ntohs(ip6->ip6_plen) - sizeof(struct udphdr)); 6985 sctp6_input_with_port(&m, &off, port); 6986 break; 6987 #endif 6988 default: 6989 goto out; 6990 break; 6991 } 6992 return; 6993 out: 6994 m_freem(m); 6995 } 6996 6997 #ifdef INET 6998 static void 6999 sctp_recv_icmp_tunneled_packet(int cmd, struct sockaddr *sa, void *vip, void *ctx SCTP_UNUSED) 7000 { 7001 struct ip *outer_ip, *inner_ip; 7002 struct sctphdr *sh; 7003 struct icmp *icmp; 7004 struct udphdr *udp; 7005 struct sctp_inpcb *inp; 7006 struct sctp_tcb *stcb; 7007 struct sctp_nets *net; 7008 struct sctp_init_chunk *ch; 7009 struct sockaddr_in src, dst; 7010 uint8_t type, code; 7011 7012 inner_ip = (struct ip *)vip; 7013 icmp = (struct icmp *)((caddr_t)inner_ip - 7014 (sizeof(struct icmp) - sizeof(struct ip))); 7015 outer_ip = (struct ip *)((caddr_t)icmp - sizeof(struct ip)); 7016 if (ntohs(outer_ip->ip_len) < 7017 sizeof(struct ip) + 8 + (inner_ip->ip_hl << 2) + sizeof(struct udphdr) + 8) { 7018 return; 7019 } 7020 udp = (struct udphdr *)((caddr_t)inner_ip + (inner_ip->ip_hl << 2)); 7021 sh = (struct sctphdr *)(udp + 1); 7022 memset(&src, 0, sizeof(struct sockaddr_in)); 7023 src.sin_family = AF_INET; 7024 src.sin_len = sizeof(struct sockaddr_in); 7025 src.sin_port = sh->src_port; 7026 src.sin_addr = inner_ip->ip_src; 7027 memset(&dst, 0, sizeof(struct sockaddr_in)); 7028 dst.sin_family = AF_INET; 7029 dst.sin_len = sizeof(struct sockaddr_in); 7030 dst.sin_port = sh->dest_port; 7031 dst.sin_addr = inner_ip->ip_dst; 7032 /* 7033 * 'dst' holds the dest of the packet that failed to be sent. 'src' 7034 * holds our local endpoint address. Thus we reverse the dst and the 7035 * src in the lookup. 7036 */ 7037 inp = NULL; 7038 net = NULL; 7039 stcb = sctp_findassociation_addr_sa((struct sockaddr *)&dst, 7040 (struct sockaddr *)&src, 7041 &inp, &net, 1, 7042 SCTP_DEFAULT_VRFID); 7043 if ((stcb != NULL) && 7044 (net != NULL) && 7045 (inp != NULL)) { 7046 /* Check the UDP port numbers */ 7047 if ((udp->uh_dport != net->port) || 7048 (udp->uh_sport != htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)))) { 7049 SCTP_TCB_UNLOCK(stcb); 7050 return; 7051 } 7052 /* Check the verification tag */ 7053 if (ntohl(sh->v_tag) != 0) { 7054 /* 7055 * This must be the verification tag used for 7056 * sending out packets. We don't consider packets 7057 * reflecting the verification tag. 7058 */ 7059 if (ntohl(sh->v_tag) != stcb->asoc.peer_vtag) { 7060 SCTP_TCB_UNLOCK(stcb); 7061 return; 7062 } 7063 } else { 7064 if (ntohs(outer_ip->ip_len) >= 7065 sizeof(struct ip) + 7066 8 + (inner_ip->ip_hl << 2) + 8 + 20) { 7067 /* 7068 * In this case we can check if we got an 7069 * INIT chunk and if the initiate tag 7070 * matches. 7071 */ 7072 ch = (struct sctp_init_chunk *)(sh + 1); 7073 if ((ch->ch.chunk_type != SCTP_INITIATION) || 7074 (ntohl(ch->init.initiate_tag) != stcb->asoc.my_vtag)) { 7075 SCTP_TCB_UNLOCK(stcb); 7076 return; 7077 } 7078 } else { 7079 SCTP_TCB_UNLOCK(stcb); 7080 return; 7081 } 7082 } 7083 type = icmp->icmp_type; 7084 code = icmp->icmp_code; 7085 if ((type == ICMP_UNREACH) && 7086 (code == ICMP_UNREACH_PORT)) { 7087 code = ICMP_UNREACH_PROTOCOL; 7088 } 7089 sctp_notify(inp, stcb, net, type, code, 7090 ntohs(inner_ip->ip_len), 7091 (uint32_t)ntohs(icmp->icmp_nextmtu)); 7092 } else { 7093 if ((stcb == NULL) && (inp != NULL)) { 7094 /* reduce ref-count */ 7095 SCTP_INP_WLOCK(inp); 7096 SCTP_INP_DECR_REF(inp); 7097 SCTP_INP_WUNLOCK(inp); 7098 } 7099 if (stcb) { 7100 SCTP_TCB_UNLOCK(stcb); 7101 } 7102 } 7103 return; 7104 } 7105 #endif 7106 7107 #ifdef INET6 7108 static void 7109 sctp_recv_icmp6_tunneled_packet(int cmd, struct sockaddr *sa, void *d, void *ctx SCTP_UNUSED) 7110 { 7111 struct ip6ctlparam *ip6cp; 7112 struct sctp_inpcb *inp; 7113 struct sctp_tcb *stcb; 7114 struct sctp_nets *net; 7115 struct sctphdr sh; 7116 struct udphdr udp; 7117 struct sockaddr_in6 src, dst; 7118 uint8_t type, code; 7119 7120 ip6cp = (struct ip6ctlparam *)d; 7121 /* 7122 * XXX: We assume that when IPV6 is non NULL, M and OFF are valid. 7123 */ 7124 if (ip6cp->ip6c_m == NULL) { 7125 return; 7126 } 7127 /* 7128 * Check if we can safely examine the ports and the verification tag 7129 * of the SCTP common header. 7130 */ 7131 if (ip6cp->ip6c_m->m_pkthdr.len < 7132 ip6cp->ip6c_off + sizeof(struct udphdr) + offsetof(struct sctphdr, checksum)) { 7133 return; 7134 } 7135 /* Copy out the UDP header. */ 7136 memset(&udp, 0, sizeof(struct udphdr)); 7137 m_copydata(ip6cp->ip6c_m, 7138 ip6cp->ip6c_off, 7139 sizeof(struct udphdr), 7140 (caddr_t)&udp); 7141 /* Copy out the port numbers and the verification tag. */ 7142 memset(&sh, 0, sizeof(struct sctphdr)); 7143 m_copydata(ip6cp->ip6c_m, 7144 ip6cp->ip6c_off + sizeof(struct udphdr), 7145 sizeof(uint16_t) + sizeof(uint16_t) + sizeof(uint32_t), 7146 (caddr_t)&sh); 7147 memset(&src, 0, sizeof(struct sockaddr_in6)); 7148 src.sin6_family = AF_INET6; 7149 src.sin6_len = sizeof(struct sockaddr_in6); 7150 src.sin6_port = sh.src_port; 7151 src.sin6_addr = ip6cp->ip6c_ip6->ip6_src; 7152 if (in6_setscope(&src.sin6_addr, ip6cp->ip6c_m->m_pkthdr.rcvif, NULL) != 0) { 7153 return; 7154 } 7155 memset(&dst, 0, sizeof(struct sockaddr_in6)); 7156 dst.sin6_family = AF_INET6; 7157 dst.sin6_len = sizeof(struct sockaddr_in6); 7158 dst.sin6_port = sh.dest_port; 7159 dst.sin6_addr = ip6cp->ip6c_ip6->ip6_dst; 7160 if (in6_setscope(&dst.sin6_addr, ip6cp->ip6c_m->m_pkthdr.rcvif, NULL) != 0) { 7161 return; 7162 } 7163 inp = NULL; 7164 net = NULL; 7165 stcb = sctp_findassociation_addr_sa((struct sockaddr *)&dst, 7166 (struct sockaddr *)&src, 7167 &inp, &net, 1, SCTP_DEFAULT_VRFID); 7168 if ((stcb != NULL) && 7169 (net != NULL) && 7170 (inp != NULL)) { 7171 /* Check the UDP port numbers */ 7172 if ((udp.uh_dport != net->port) || 7173 (udp.uh_sport != htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)))) { 7174 SCTP_TCB_UNLOCK(stcb); 7175 return; 7176 } 7177 /* Check the verification tag */ 7178 if (ntohl(sh.v_tag) != 0) { 7179 /* 7180 * This must be the verification tag used for 7181 * sending out packets. We don't consider packets 7182 * reflecting the verification tag. 7183 */ 7184 if (ntohl(sh.v_tag) != stcb->asoc.peer_vtag) { 7185 SCTP_TCB_UNLOCK(stcb); 7186 return; 7187 } 7188 } else { 7189 if (ip6cp->ip6c_m->m_pkthdr.len >= 7190 ip6cp->ip6c_off + sizeof(struct udphdr) + 7191 sizeof(struct sctphdr) + 7192 sizeof(struct sctp_chunkhdr) + 7193 offsetof(struct sctp_init, a_rwnd)) { 7194 /* 7195 * In this case we can check if we got an 7196 * INIT chunk and if the initiate tag 7197 * matches. 7198 */ 7199 uint32_t initiate_tag; 7200 uint8_t chunk_type; 7201 7202 m_copydata(ip6cp->ip6c_m, 7203 ip6cp->ip6c_off + 7204 sizeof(struct udphdr) + 7205 sizeof(struct sctphdr), 7206 sizeof(uint8_t), 7207 (caddr_t)&chunk_type); 7208 m_copydata(ip6cp->ip6c_m, 7209 ip6cp->ip6c_off + 7210 sizeof(struct udphdr) + 7211 sizeof(struct sctphdr) + 7212 sizeof(struct sctp_chunkhdr), 7213 sizeof(uint32_t), 7214 (caddr_t)&initiate_tag); 7215 if ((chunk_type != SCTP_INITIATION) || 7216 (ntohl(initiate_tag) != stcb->asoc.my_vtag)) { 7217 SCTP_TCB_UNLOCK(stcb); 7218 return; 7219 } 7220 } else { 7221 SCTP_TCB_UNLOCK(stcb); 7222 return; 7223 } 7224 } 7225 type = ip6cp->ip6c_icmp6->icmp6_type; 7226 code = ip6cp->ip6c_icmp6->icmp6_code; 7227 if ((type == ICMP6_DST_UNREACH) && 7228 (code == ICMP6_DST_UNREACH_NOPORT)) { 7229 type = ICMP6_PARAM_PROB; 7230 code = ICMP6_PARAMPROB_NEXTHEADER; 7231 } 7232 sctp6_notify(inp, stcb, net, type, code, 7233 ntohl(ip6cp->ip6c_icmp6->icmp6_mtu)); 7234 } else { 7235 if ((stcb == NULL) && (inp != NULL)) { 7236 /* reduce inp's ref-count */ 7237 SCTP_INP_WLOCK(inp); 7238 SCTP_INP_DECR_REF(inp); 7239 SCTP_INP_WUNLOCK(inp); 7240 } 7241 if (stcb) { 7242 SCTP_TCB_UNLOCK(stcb); 7243 } 7244 } 7245 } 7246 #endif 7247 7248 void 7249 sctp_over_udp_stop(void) 7250 { 7251 /* 7252 * This function assumes sysctl caller holds sctp_sysctl_info_lock() 7253 * for writting! 7254 */ 7255 #ifdef INET 7256 if (SCTP_BASE_INFO(udp4_tun_socket) != NULL) { 7257 soclose(SCTP_BASE_INFO(udp4_tun_socket)); 7258 SCTP_BASE_INFO(udp4_tun_socket) = NULL; 7259 } 7260 #endif 7261 #ifdef INET6 7262 if (SCTP_BASE_INFO(udp6_tun_socket) != NULL) { 7263 soclose(SCTP_BASE_INFO(udp6_tun_socket)); 7264 SCTP_BASE_INFO(udp6_tun_socket) = NULL; 7265 } 7266 #endif 7267 } 7268 7269 int 7270 sctp_over_udp_start(void) 7271 { 7272 uint16_t port; 7273 int ret; 7274 #ifdef INET 7275 struct sockaddr_in sin; 7276 #endif 7277 #ifdef INET6 7278 struct sockaddr_in6 sin6; 7279 #endif 7280 /* 7281 * This function assumes sysctl caller holds sctp_sysctl_info_lock() 7282 * for writting! 7283 */ 7284 port = SCTP_BASE_SYSCTL(sctp_udp_tunneling_port); 7285 if (ntohs(port) == 0) { 7286 /* Must have a port set */ 7287 return (EINVAL); 7288 } 7289 #ifdef INET 7290 if (SCTP_BASE_INFO(udp4_tun_socket) != NULL) { 7291 /* Already running -- must stop first */ 7292 return (EALREADY); 7293 } 7294 #endif 7295 #ifdef INET6 7296 if (SCTP_BASE_INFO(udp6_tun_socket) != NULL) { 7297 /* Already running -- must stop first */ 7298 return (EALREADY); 7299 } 7300 #endif 7301 #ifdef INET 7302 if ((ret = socreate(PF_INET, &SCTP_BASE_INFO(udp4_tun_socket), 7303 SOCK_DGRAM, IPPROTO_UDP, 7304 curthread->td_ucred, curthread))) { 7305 sctp_over_udp_stop(); 7306 return (ret); 7307 } 7308 /* Call the special UDP hook. */ 7309 if ((ret = udp_set_kernel_tunneling(SCTP_BASE_INFO(udp4_tun_socket), 7310 sctp_recv_udp_tunneled_packet, 7311 sctp_recv_icmp_tunneled_packet, 7312 NULL))) { 7313 sctp_over_udp_stop(); 7314 return (ret); 7315 } 7316 /* Ok, we have a socket, bind it to the port. */ 7317 memset(&sin, 0, sizeof(struct sockaddr_in)); 7318 sin.sin_len = sizeof(struct sockaddr_in); 7319 sin.sin_family = AF_INET; 7320 sin.sin_port = htons(port); 7321 if ((ret = sobind(SCTP_BASE_INFO(udp4_tun_socket), 7322 (struct sockaddr *)&sin, curthread))) { 7323 sctp_over_udp_stop(); 7324 return (ret); 7325 } 7326 #endif 7327 #ifdef INET6 7328 if ((ret = socreate(PF_INET6, &SCTP_BASE_INFO(udp6_tun_socket), 7329 SOCK_DGRAM, IPPROTO_UDP, 7330 curthread->td_ucred, curthread))) { 7331 sctp_over_udp_stop(); 7332 return (ret); 7333 } 7334 /* Call the special UDP hook. */ 7335 if ((ret = udp_set_kernel_tunneling(SCTP_BASE_INFO(udp6_tun_socket), 7336 sctp_recv_udp_tunneled_packet, 7337 sctp_recv_icmp6_tunneled_packet, 7338 NULL))) { 7339 sctp_over_udp_stop(); 7340 return (ret); 7341 } 7342 /* Ok, we have a socket, bind it to the port. */ 7343 memset(&sin6, 0, sizeof(struct sockaddr_in6)); 7344 sin6.sin6_len = sizeof(struct sockaddr_in6); 7345 sin6.sin6_family = AF_INET6; 7346 sin6.sin6_port = htons(port); 7347 if ((ret = sobind(SCTP_BASE_INFO(udp6_tun_socket), 7348 (struct sockaddr *)&sin6, curthread))) { 7349 sctp_over_udp_stop(); 7350 return (ret); 7351 } 7352 #endif 7353 return (0); 7354 } 7355 7356 /* 7357 * sctp_min_mtu ()returns the minimum of all non-zero arguments. 7358 * If all arguments are zero, zero is returned. 7359 */ 7360 uint32_t 7361 sctp_min_mtu(uint32_t mtu1, uint32_t mtu2, uint32_t mtu3) 7362 { 7363 if (mtu1 > 0) { 7364 if (mtu2 > 0) { 7365 if (mtu3 > 0) { 7366 return (min(mtu1, min(mtu2, mtu3))); 7367 } else { 7368 return (min(mtu1, mtu2)); 7369 } 7370 } else { 7371 if (mtu3 > 0) { 7372 return (min(mtu1, mtu3)); 7373 } else { 7374 return (mtu1); 7375 } 7376 } 7377 } else { 7378 if (mtu2 > 0) { 7379 if (mtu3 > 0) { 7380 return (min(mtu2, mtu3)); 7381 } else { 7382 return (mtu2); 7383 } 7384 } else { 7385 return (mtu3); 7386 } 7387 } 7388 } 7389 7390 void 7391 sctp_hc_set_mtu(union sctp_sockstore *addr, uint16_t fibnum, uint32_t mtu) 7392 { 7393 struct in_conninfo inc; 7394 7395 memset(&inc, 0, sizeof(struct in_conninfo)); 7396 inc.inc_fibnum = fibnum; 7397 switch (addr->sa.sa_family) { 7398 #ifdef INET 7399 case AF_INET: 7400 inc.inc_faddr = addr->sin.sin_addr; 7401 break; 7402 #endif 7403 #ifdef INET6 7404 case AF_INET6: 7405 inc.inc_flags |= INC_ISIPV6; 7406 inc.inc6_faddr = addr->sin6.sin6_addr; 7407 break; 7408 #endif 7409 default: 7410 return; 7411 } 7412 tcp_hc_updatemtu(&inc, (u_long)mtu); 7413 } 7414 7415 uint32_t 7416 sctp_hc_get_mtu(union sctp_sockstore *addr, uint16_t fibnum) 7417 { 7418 struct in_conninfo inc; 7419 7420 memset(&inc, 0, sizeof(struct in_conninfo)); 7421 inc.inc_fibnum = fibnum; 7422 switch (addr->sa.sa_family) { 7423 #ifdef INET 7424 case AF_INET: 7425 inc.inc_faddr = addr->sin.sin_addr; 7426 break; 7427 #endif 7428 #ifdef INET6 7429 case AF_INET6: 7430 inc.inc_flags |= INC_ISIPV6; 7431 inc.inc6_faddr = addr->sin6.sin6_addr; 7432 break; 7433 #endif 7434 default: 7435 return (0); 7436 } 7437 return ((uint32_t)tcp_hc_getmtu(&inc)); 7438 } 7439 7440 void 7441 sctp_set_state(struct sctp_tcb *stcb, int new_state) 7442 { 7443 #if defined(KDTRACE_HOOKS) 7444 int old_state = stcb->asoc.state; 7445 #endif 7446 7447 KASSERT((new_state & ~SCTP_STATE_MASK) == 0, 7448 ("sctp_set_state: Can't set substate (new_state = %x)", 7449 new_state)); 7450 stcb->asoc.state = (stcb->asoc.state & ~SCTP_STATE_MASK) | new_state; 7451 if ((new_state == SCTP_STATE_SHUTDOWN_RECEIVED) || 7452 (new_state == SCTP_STATE_SHUTDOWN_SENT) || 7453 (new_state == SCTP_STATE_SHUTDOWN_ACK_SENT)) { 7454 SCTP_CLEAR_SUBSTATE(stcb, SCTP_STATE_SHUTDOWN_PENDING); 7455 } 7456 #if defined(KDTRACE_HOOKS) 7457 if (((old_state & SCTP_STATE_MASK) != new_state) && 7458 !(((old_state & SCTP_STATE_MASK) == SCTP_STATE_EMPTY) && 7459 (new_state == SCTP_STATE_INUSE))) { 7460 SCTP_PROBE6(state__change, NULL, stcb, NULL, stcb, NULL, old_state); 7461 } 7462 #endif 7463 } 7464 7465 void 7466 sctp_add_substate(struct sctp_tcb *stcb, int substate) 7467 { 7468 #if defined(KDTRACE_HOOKS) 7469 int old_state = stcb->asoc.state; 7470 #endif 7471 7472 KASSERT((substate & SCTP_STATE_MASK) == 0, 7473 ("sctp_add_substate: Can't set state (substate = %x)", 7474 substate)); 7475 stcb->asoc.state |= substate; 7476 #if defined(KDTRACE_HOOKS) 7477 if (((substate & SCTP_STATE_ABOUT_TO_BE_FREED) && 7478 ((old_state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) || 7479 ((substate & SCTP_STATE_SHUTDOWN_PENDING) && 7480 ((old_state & SCTP_STATE_SHUTDOWN_PENDING) == 0))) { 7481 SCTP_PROBE6(state__change, NULL, stcb, NULL, stcb, NULL, old_state); 7482 } 7483 #endif 7484 } 7485