1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * a) Redistributions of source code must retain the above copyright notice, 12 * this list of conditions and the following disclaimer. 13 * 14 * b) Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the distribution. 17 * 18 * c) Neither the name of Cisco Systems, Inc. nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 32 * THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include <sys/cdefs.h> 36 __FBSDID("$FreeBSD$"); 37 38 #include <netinet/sctp_os.h> 39 #include <netinet/sctp_pcb.h> 40 #include <netinet/sctputil.h> 41 #include <netinet/sctp_var.h> 42 #include <netinet/sctp_sysctl.h> 43 #ifdef INET6 44 #include <netinet6/sctp6_var.h> 45 #endif 46 #include <netinet/sctp_header.h> 47 #include <netinet/sctp_output.h> 48 #include <netinet/sctp_uio.h> 49 #include <netinet/sctp_timer.h> 50 #include <netinet/sctp_indata.h> 51 #include <netinet/sctp_auth.h> 52 #include <netinet/sctp_asconf.h> 53 #include <netinet/sctp_bsd_addr.h> 54 #include <netinet/sctp_kdtrace.h> 55 #if defined(INET6) || defined(INET) 56 #include <netinet/tcp_var.h> 57 #endif 58 #include <netinet/udp.h> 59 #include <netinet/udp_var.h> 60 #include <sys/proc.h> 61 #ifdef INET6 62 #include <netinet/icmp6.h> 63 #endif 64 65 #ifndef KTR_SCTP 66 #define KTR_SCTP KTR_SUBSYS 67 #endif 68 69 extern const struct sctp_cc_functions sctp_cc_functions[]; 70 extern const struct sctp_ss_functions sctp_ss_functions[]; 71 72 void 73 sctp_sblog(struct sockbuf *sb, struct sctp_tcb *stcb, int from, int incr) 74 { 75 #if defined(SCTP_LOCAL_TRACE_BUF) 76 struct sctp_cwnd_log sctp_clog; 77 78 sctp_clog.x.sb.stcb = stcb; 79 sctp_clog.x.sb.so_sbcc = sb->sb_cc; 80 if (stcb) 81 sctp_clog.x.sb.stcb_sbcc = stcb->asoc.sb_cc; 82 else 83 sctp_clog.x.sb.stcb_sbcc = 0; 84 sctp_clog.x.sb.incr = incr; 85 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 86 SCTP_LOG_EVENT_SB, 87 from, 88 sctp_clog.x.misc.log1, 89 sctp_clog.x.misc.log2, 90 sctp_clog.x.misc.log3, 91 sctp_clog.x.misc.log4); 92 #endif 93 } 94 95 void 96 sctp_log_closing(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int16_t loc) 97 { 98 #if defined(SCTP_LOCAL_TRACE_BUF) 99 struct sctp_cwnd_log sctp_clog; 100 101 sctp_clog.x.close.inp = (void *)inp; 102 sctp_clog.x.close.sctp_flags = inp->sctp_flags; 103 if (stcb) { 104 sctp_clog.x.close.stcb = (void *)stcb; 105 sctp_clog.x.close.state = (uint16_t)stcb->asoc.state; 106 } else { 107 sctp_clog.x.close.stcb = 0; 108 sctp_clog.x.close.state = 0; 109 } 110 sctp_clog.x.close.loc = loc; 111 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 112 SCTP_LOG_EVENT_CLOSE, 113 0, 114 sctp_clog.x.misc.log1, 115 sctp_clog.x.misc.log2, 116 sctp_clog.x.misc.log3, 117 sctp_clog.x.misc.log4); 118 #endif 119 } 120 121 void 122 rto_logging(struct sctp_nets *net, int from) 123 { 124 #if defined(SCTP_LOCAL_TRACE_BUF) 125 struct sctp_cwnd_log sctp_clog; 126 127 memset(&sctp_clog, 0, sizeof(sctp_clog)); 128 sctp_clog.x.rto.net = (void *)net; 129 sctp_clog.x.rto.rtt = net->rtt / 1000; 130 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 131 SCTP_LOG_EVENT_RTT, 132 from, 133 sctp_clog.x.misc.log1, 134 sctp_clog.x.misc.log2, 135 sctp_clog.x.misc.log3, 136 sctp_clog.x.misc.log4); 137 #endif 138 } 139 140 void 141 sctp_log_strm_del_alt(struct sctp_tcb *stcb, uint32_t tsn, uint16_t sseq, uint16_t stream, int from) 142 { 143 #if defined(SCTP_LOCAL_TRACE_BUF) 144 struct sctp_cwnd_log sctp_clog; 145 146 sctp_clog.x.strlog.stcb = stcb; 147 sctp_clog.x.strlog.n_tsn = tsn; 148 sctp_clog.x.strlog.n_sseq = sseq; 149 sctp_clog.x.strlog.e_tsn = 0; 150 sctp_clog.x.strlog.e_sseq = 0; 151 sctp_clog.x.strlog.strm = stream; 152 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 153 SCTP_LOG_EVENT_STRM, 154 from, 155 sctp_clog.x.misc.log1, 156 sctp_clog.x.misc.log2, 157 sctp_clog.x.misc.log3, 158 sctp_clog.x.misc.log4); 159 #endif 160 } 161 162 void 163 sctp_log_nagle_event(struct sctp_tcb *stcb, int action) 164 { 165 #if defined(SCTP_LOCAL_TRACE_BUF) 166 struct sctp_cwnd_log sctp_clog; 167 168 sctp_clog.x.nagle.stcb = (void *)stcb; 169 sctp_clog.x.nagle.total_flight = stcb->asoc.total_flight; 170 sctp_clog.x.nagle.total_in_queue = stcb->asoc.total_output_queue_size; 171 sctp_clog.x.nagle.count_in_queue = stcb->asoc.chunks_on_out_queue; 172 sctp_clog.x.nagle.count_in_flight = stcb->asoc.total_flight_count; 173 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 174 SCTP_LOG_EVENT_NAGLE, 175 action, 176 sctp_clog.x.misc.log1, 177 sctp_clog.x.misc.log2, 178 sctp_clog.x.misc.log3, 179 sctp_clog.x.misc.log4); 180 #endif 181 } 182 183 void 184 sctp_log_sack(uint32_t old_cumack, uint32_t cumack, uint32_t tsn, uint16_t gaps, uint16_t dups, int from) 185 { 186 #if defined(SCTP_LOCAL_TRACE_BUF) 187 struct sctp_cwnd_log sctp_clog; 188 189 sctp_clog.x.sack.cumack = cumack; 190 sctp_clog.x.sack.oldcumack = old_cumack; 191 sctp_clog.x.sack.tsn = tsn; 192 sctp_clog.x.sack.numGaps = gaps; 193 sctp_clog.x.sack.numDups = dups; 194 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 195 SCTP_LOG_EVENT_SACK, 196 from, 197 sctp_clog.x.misc.log1, 198 sctp_clog.x.misc.log2, 199 sctp_clog.x.misc.log3, 200 sctp_clog.x.misc.log4); 201 #endif 202 } 203 204 void 205 sctp_log_map(uint32_t map, uint32_t cum, uint32_t high, int from) 206 { 207 #if defined(SCTP_LOCAL_TRACE_BUF) 208 struct sctp_cwnd_log sctp_clog; 209 210 memset(&sctp_clog, 0, sizeof(sctp_clog)); 211 sctp_clog.x.map.base = map; 212 sctp_clog.x.map.cum = cum; 213 sctp_clog.x.map.high = high; 214 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 215 SCTP_LOG_EVENT_MAP, 216 from, 217 sctp_clog.x.misc.log1, 218 sctp_clog.x.misc.log2, 219 sctp_clog.x.misc.log3, 220 sctp_clog.x.misc.log4); 221 #endif 222 } 223 224 void 225 sctp_log_fr(uint32_t biggest_tsn, uint32_t biggest_new_tsn, uint32_t tsn, int from) 226 { 227 #if defined(SCTP_LOCAL_TRACE_BUF) 228 struct sctp_cwnd_log sctp_clog; 229 230 memset(&sctp_clog, 0, sizeof(sctp_clog)); 231 sctp_clog.x.fr.largest_tsn = biggest_tsn; 232 sctp_clog.x.fr.largest_new_tsn = biggest_new_tsn; 233 sctp_clog.x.fr.tsn = tsn; 234 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 235 SCTP_LOG_EVENT_FR, 236 from, 237 sctp_clog.x.misc.log1, 238 sctp_clog.x.misc.log2, 239 sctp_clog.x.misc.log3, 240 sctp_clog.x.misc.log4); 241 #endif 242 } 243 244 #ifdef SCTP_MBUF_LOGGING 245 void 246 sctp_log_mb(struct mbuf *m, int from) 247 { 248 #if defined(SCTP_LOCAL_TRACE_BUF) 249 struct sctp_cwnd_log sctp_clog; 250 251 sctp_clog.x.mb.mp = m; 252 sctp_clog.x.mb.mbuf_flags = (uint8_t)(SCTP_BUF_GET_FLAGS(m)); 253 sctp_clog.x.mb.size = (uint16_t)(SCTP_BUF_LEN(m)); 254 sctp_clog.x.mb.data = SCTP_BUF_AT(m, 0); 255 if (SCTP_BUF_IS_EXTENDED(m)) { 256 sctp_clog.x.mb.ext = SCTP_BUF_EXTEND_BASE(m); 257 sctp_clog.x.mb.refcnt = (uint8_t)(SCTP_BUF_EXTEND_REFCNT(m)); 258 } else { 259 sctp_clog.x.mb.ext = 0; 260 sctp_clog.x.mb.refcnt = 0; 261 } 262 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 263 SCTP_LOG_EVENT_MBUF, 264 from, 265 sctp_clog.x.misc.log1, 266 sctp_clog.x.misc.log2, 267 sctp_clog.x.misc.log3, 268 sctp_clog.x.misc.log4); 269 #endif 270 } 271 272 void 273 sctp_log_mbc(struct mbuf *m, int from) 274 { 275 struct mbuf *mat; 276 277 for (mat = m; mat; mat = SCTP_BUF_NEXT(mat)) { 278 sctp_log_mb(mat, from); 279 } 280 } 281 #endif 282 283 void 284 sctp_log_strm_del(struct sctp_queued_to_read *control, struct sctp_queued_to_read *poschk, int from) 285 { 286 #if defined(SCTP_LOCAL_TRACE_BUF) 287 struct sctp_cwnd_log sctp_clog; 288 289 if (control == NULL) { 290 SCTP_PRINTF("Gak log of NULL?\n"); 291 return; 292 } 293 sctp_clog.x.strlog.stcb = control->stcb; 294 sctp_clog.x.strlog.n_tsn = control->sinfo_tsn; 295 sctp_clog.x.strlog.n_sseq = (uint16_t)control->mid; 296 sctp_clog.x.strlog.strm = control->sinfo_stream; 297 if (poschk != NULL) { 298 sctp_clog.x.strlog.e_tsn = poschk->sinfo_tsn; 299 sctp_clog.x.strlog.e_sseq = (uint16_t)poschk->mid; 300 } else { 301 sctp_clog.x.strlog.e_tsn = 0; 302 sctp_clog.x.strlog.e_sseq = 0; 303 } 304 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 305 SCTP_LOG_EVENT_STRM, 306 from, 307 sctp_clog.x.misc.log1, 308 sctp_clog.x.misc.log2, 309 sctp_clog.x.misc.log3, 310 sctp_clog.x.misc.log4); 311 #endif 312 } 313 314 void 315 sctp_log_cwnd(struct sctp_tcb *stcb, struct sctp_nets *net, int augment, uint8_t from) 316 { 317 #if defined(SCTP_LOCAL_TRACE_BUF) 318 struct sctp_cwnd_log sctp_clog; 319 320 sctp_clog.x.cwnd.net = net; 321 if (stcb->asoc.send_queue_cnt > 255) 322 sctp_clog.x.cwnd.cnt_in_send = 255; 323 else 324 sctp_clog.x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 325 if (stcb->asoc.stream_queue_cnt > 255) 326 sctp_clog.x.cwnd.cnt_in_str = 255; 327 else 328 sctp_clog.x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 329 330 if (net) { 331 sctp_clog.x.cwnd.cwnd_new_value = net->cwnd; 332 sctp_clog.x.cwnd.inflight = net->flight_size; 333 sctp_clog.x.cwnd.pseudo_cumack = net->pseudo_cumack; 334 sctp_clog.x.cwnd.meets_pseudo_cumack = net->new_pseudo_cumack; 335 sctp_clog.x.cwnd.need_new_pseudo_cumack = net->find_pseudo_cumack; 336 } 337 if (SCTP_CWNDLOG_PRESEND == from) { 338 sctp_clog.x.cwnd.meets_pseudo_cumack = stcb->asoc.peers_rwnd; 339 } 340 sctp_clog.x.cwnd.cwnd_augment = augment; 341 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 342 SCTP_LOG_EVENT_CWND, 343 from, 344 sctp_clog.x.misc.log1, 345 sctp_clog.x.misc.log2, 346 sctp_clog.x.misc.log3, 347 sctp_clog.x.misc.log4); 348 #endif 349 } 350 351 void 352 sctp_log_lock(struct sctp_inpcb *inp, struct sctp_tcb *stcb, uint8_t from) 353 { 354 #if defined(SCTP_LOCAL_TRACE_BUF) 355 struct sctp_cwnd_log sctp_clog; 356 357 memset(&sctp_clog, 0, sizeof(sctp_clog)); 358 if (inp) { 359 sctp_clog.x.lock.sock = (void *)inp->sctp_socket; 360 361 } else { 362 sctp_clog.x.lock.sock = (void *)NULL; 363 } 364 sctp_clog.x.lock.inp = (void *)inp; 365 if (stcb) { 366 sctp_clog.x.lock.tcb_lock = mtx_owned(&stcb->tcb_mtx); 367 } else { 368 sctp_clog.x.lock.tcb_lock = SCTP_LOCK_UNKNOWN; 369 } 370 if (inp) { 371 sctp_clog.x.lock.inp_lock = mtx_owned(&inp->inp_mtx); 372 sctp_clog.x.lock.create_lock = mtx_owned(&inp->inp_create_mtx); 373 } else { 374 sctp_clog.x.lock.inp_lock = SCTP_LOCK_UNKNOWN; 375 sctp_clog.x.lock.create_lock = SCTP_LOCK_UNKNOWN; 376 } 377 sctp_clog.x.lock.info_lock = rw_wowned(&SCTP_BASE_INFO(ipi_ep_mtx)); 378 if (inp && (inp->sctp_socket)) { 379 sctp_clog.x.lock.sock_lock = mtx_owned(SOCK_MTX(inp->sctp_socket)); 380 sctp_clog.x.lock.sockrcvbuf_lock = mtx_owned(SOCKBUF_MTX(&inp->sctp_socket->so_rcv)); 381 sctp_clog.x.lock.socksndbuf_lock = mtx_owned(SOCKBUF_MTX(&inp->sctp_socket->so_snd)); 382 } else { 383 sctp_clog.x.lock.sock_lock = SCTP_LOCK_UNKNOWN; 384 sctp_clog.x.lock.sockrcvbuf_lock = SCTP_LOCK_UNKNOWN; 385 sctp_clog.x.lock.socksndbuf_lock = SCTP_LOCK_UNKNOWN; 386 } 387 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 388 SCTP_LOG_LOCK_EVENT, 389 from, 390 sctp_clog.x.misc.log1, 391 sctp_clog.x.misc.log2, 392 sctp_clog.x.misc.log3, 393 sctp_clog.x.misc.log4); 394 #endif 395 } 396 397 void 398 sctp_log_maxburst(struct sctp_tcb *stcb, struct sctp_nets *net, int error, int burst, uint8_t from) 399 { 400 #if defined(SCTP_LOCAL_TRACE_BUF) 401 struct sctp_cwnd_log sctp_clog; 402 403 memset(&sctp_clog, 0, sizeof(sctp_clog)); 404 sctp_clog.x.cwnd.net = net; 405 sctp_clog.x.cwnd.cwnd_new_value = error; 406 sctp_clog.x.cwnd.inflight = net->flight_size; 407 sctp_clog.x.cwnd.cwnd_augment = burst; 408 if (stcb->asoc.send_queue_cnt > 255) 409 sctp_clog.x.cwnd.cnt_in_send = 255; 410 else 411 sctp_clog.x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 412 if (stcb->asoc.stream_queue_cnt > 255) 413 sctp_clog.x.cwnd.cnt_in_str = 255; 414 else 415 sctp_clog.x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 416 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 417 SCTP_LOG_EVENT_MAXBURST, 418 from, 419 sctp_clog.x.misc.log1, 420 sctp_clog.x.misc.log2, 421 sctp_clog.x.misc.log3, 422 sctp_clog.x.misc.log4); 423 #endif 424 } 425 426 void 427 sctp_log_rwnd(uint8_t from, uint32_t peers_rwnd, uint32_t snd_size, uint32_t overhead) 428 { 429 #if defined(SCTP_LOCAL_TRACE_BUF) 430 struct sctp_cwnd_log sctp_clog; 431 432 sctp_clog.x.rwnd.rwnd = peers_rwnd; 433 sctp_clog.x.rwnd.send_size = snd_size; 434 sctp_clog.x.rwnd.overhead = overhead; 435 sctp_clog.x.rwnd.new_rwnd = 0; 436 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 437 SCTP_LOG_EVENT_RWND, 438 from, 439 sctp_clog.x.misc.log1, 440 sctp_clog.x.misc.log2, 441 sctp_clog.x.misc.log3, 442 sctp_clog.x.misc.log4); 443 #endif 444 } 445 446 void 447 sctp_log_rwnd_set(uint8_t from, uint32_t peers_rwnd, uint32_t flight_size, uint32_t overhead, uint32_t a_rwndval) 448 { 449 #if defined(SCTP_LOCAL_TRACE_BUF) 450 struct sctp_cwnd_log sctp_clog; 451 452 sctp_clog.x.rwnd.rwnd = peers_rwnd; 453 sctp_clog.x.rwnd.send_size = flight_size; 454 sctp_clog.x.rwnd.overhead = overhead; 455 sctp_clog.x.rwnd.new_rwnd = a_rwndval; 456 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 457 SCTP_LOG_EVENT_RWND, 458 from, 459 sctp_clog.x.misc.log1, 460 sctp_clog.x.misc.log2, 461 sctp_clog.x.misc.log3, 462 sctp_clog.x.misc.log4); 463 #endif 464 } 465 466 #ifdef SCTP_MBCNT_LOGGING 467 static void 468 sctp_log_mbcnt(uint8_t from, uint32_t total_oq, uint32_t book, uint32_t total_mbcnt_q, uint32_t mbcnt) 469 { 470 #if defined(SCTP_LOCAL_TRACE_BUF) 471 struct sctp_cwnd_log sctp_clog; 472 473 sctp_clog.x.mbcnt.total_queue_size = total_oq; 474 sctp_clog.x.mbcnt.size_change = book; 475 sctp_clog.x.mbcnt.total_queue_mb_size = total_mbcnt_q; 476 sctp_clog.x.mbcnt.mbcnt_change = mbcnt; 477 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 478 SCTP_LOG_EVENT_MBCNT, 479 from, 480 sctp_clog.x.misc.log1, 481 sctp_clog.x.misc.log2, 482 sctp_clog.x.misc.log3, 483 sctp_clog.x.misc.log4); 484 #endif 485 } 486 #endif 487 488 void 489 sctp_misc_ints(uint8_t from, uint32_t a, uint32_t b, uint32_t c, uint32_t d) 490 { 491 #if defined(SCTP_LOCAL_TRACE_BUF) 492 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 493 SCTP_LOG_MISC_EVENT, 494 from, 495 a, b, c, d); 496 #endif 497 } 498 499 void 500 sctp_wakeup_log(struct sctp_tcb *stcb, uint32_t wake_cnt, int from) 501 { 502 #if defined(SCTP_LOCAL_TRACE_BUF) 503 struct sctp_cwnd_log sctp_clog; 504 505 sctp_clog.x.wake.stcb = (void *)stcb; 506 sctp_clog.x.wake.wake_cnt = wake_cnt; 507 sctp_clog.x.wake.flight = stcb->asoc.total_flight_count; 508 sctp_clog.x.wake.send_q = stcb->asoc.send_queue_cnt; 509 sctp_clog.x.wake.sent_q = stcb->asoc.sent_queue_cnt; 510 511 if (stcb->asoc.stream_queue_cnt < 0xff) 512 sctp_clog.x.wake.stream_qcnt = (uint8_t)stcb->asoc.stream_queue_cnt; 513 else 514 sctp_clog.x.wake.stream_qcnt = 0xff; 515 516 if (stcb->asoc.chunks_on_out_queue < 0xff) 517 sctp_clog.x.wake.chunks_on_oque = (uint8_t)stcb->asoc.chunks_on_out_queue; 518 else 519 sctp_clog.x.wake.chunks_on_oque = 0xff; 520 521 sctp_clog.x.wake.sctpflags = 0; 522 /* set in the defered mode stuff */ 523 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE) 524 sctp_clog.x.wake.sctpflags |= 1; 525 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT) 526 sctp_clog.x.wake.sctpflags |= 2; 527 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT) 528 sctp_clog.x.wake.sctpflags |= 4; 529 /* what about the sb */ 530 if (stcb->sctp_socket) { 531 struct socket *so = stcb->sctp_socket; 532 533 sctp_clog.x.wake.sbflags = (uint8_t)((so->so_snd.sb_flags & 0x00ff)); 534 } else { 535 sctp_clog.x.wake.sbflags = 0xff; 536 } 537 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 538 SCTP_LOG_EVENT_WAKE, 539 from, 540 sctp_clog.x.misc.log1, 541 sctp_clog.x.misc.log2, 542 sctp_clog.x.misc.log3, 543 sctp_clog.x.misc.log4); 544 #endif 545 } 546 547 void 548 sctp_log_block(uint8_t from, struct sctp_association *asoc, ssize_t sendlen) 549 { 550 #if defined(SCTP_LOCAL_TRACE_BUF) 551 struct sctp_cwnd_log sctp_clog; 552 553 sctp_clog.x.blk.onsb = asoc->total_output_queue_size; 554 sctp_clog.x.blk.send_sent_qcnt = (uint16_t)(asoc->send_queue_cnt + asoc->sent_queue_cnt); 555 sctp_clog.x.blk.peer_rwnd = asoc->peers_rwnd; 556 sctp_clog.x.blk.stream_qcnt = (uint16_t)asoc->stream_queue_cnt; 557 sctp_clog.x.blk.chunks_on_oque = (uint16_t)asoc->chunks_on_out_queue; 558 sctp_clog.x.blk.flight_size = (uint16_t)(asoc->total_flight / 1024); 559 sctp_clog.x.blk.sndlen = (uint32_t)sendlen; 560 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 561 SCTP_LOG_EVENT_BLOCK, 562 from, 563 sctp_clog.x.misc.log1, 564 sctp_clog.x.misc.log2, 565 sctp_clog.x.misc.log3, 566 sctp_clog.x.misc.log4); 567 #endif 568 } 569 570 int 571 sctp_fill_stat_log(void *optval SCTP_UNUSED, size_t *optsize SCTP_UNUSED) 572 { 573 /* May need to fix this if ktrdump does not work */ 574 return (0); 575 } 576 577 #ifdef SCTP_AUDITING_ENABLED 578 uint8_t sctp_audit_data[SCTP_AUDIT_SIZE][2]; 579 static int sctp_audit_indx = 0; 580 581 static 582 void 583 sctp_print_audit_report(void) 584 { 585 int i; 586 int cnt; 587 588 cnt = 0; 589 for (i = sctp_audit_indx; i < SCTP_AUDIT_SIZE; i++) { 590 if ((sctp_audit_data[i][0] == 0xe0) && 591 (sctp_audit_data[i][1] == 0x01)) { 592 cnt = 0; 593 SCTP_PRINTF("\n"); 594 } else if (sctp_audit_data[i][0] == 0xf0) { 595 cnt = 0; 596 SCTP_PRINTF("\n"); 597 } else if ((sctp_audit_data[i][0] == 0xc0) && 598 (sctp_audit_data[i][1] == 0x01)) { 599 SCTP_PRINTF("\n"); 600 cnt = 0; 601 } 602 SCTP_PRINTF("%2.2x%2.2x ", (uint32_t)sctp_audit_data[i][0], 603 (uint32_t)sctp_audit_data[i][1]); 604 cnt++; 605 if ((cnt % 14) == 0) 606 SCTP_PRINTF("\n"); 607 } 608 for (i = 0; i < sctp_audit_indx; i++) { 609 if ((sctp_audit_data[i][0] == 0xe0) && 610 (sctp_audit_data[i][1] == 0x01)) { 611 cnt = 0; 612 SCTP_PRINTF("\n"); 613 } else if (sctp_audit_data[i][0] == 0xf0) { 614 cnt = 0; 615 SCTP_PRINTF("\n"); 616 } else if ((sctp_audit_data[i][0] == 0xc0) && 617 (sctp_audit_data[i][1] == 0x01)) { 618 SCTP_PRINTF("\n"); 619 cnt = 0; 620 } 621 SCTP_PRINTF("%2.2x%2.2x ", (uint32_t)sctp_audit_data[i][0], 622 (uint32_t)sctp_audit_data[i][1]); 623 cnt++; 624 if ((cnt % 14) == 0) 625 SCTP_PRINTF("\n"); 626 } 627 SCTP_PRINTF("\n"); 628 } 629 630 void 631 sctp_auditing(int from, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 632 struct sctp_nets *net) 633 { 634 int resend_cnt, tot_out, rep, tot_book_cnt; 635 struct sctp_nets *lnet; 636 struct sctp_tmit_chunk *chk; 637 638 sctp_audit_data[sctp_audit_indx][0] = 0xAA; 639 sctp_audit_data[sctp_audit_indx][1] = 0x000000ff & from; 640 sctp_audit_indx++; 641 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 642 sctp_audit_indx = 0; 643 } 644 if (inp == NULL) { 645 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 646 sctp_audit_data[sctp_audit_indx][1] = 0x01; 647 sctp_audit_indx++; 648 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 649 sctp_audit_indx = 0; 650 } 651 return; 652 } 653 if (stcb == NULL) { 654 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 655 sctp_audit_data[sctp_audit_indx][1] = 0x02; 656 sctp_audit_indx++; 657 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 658 sctp_audit_indx = 0; 659 } 660 return; 661 } 662 sctp_audit_data[sctp_audit_indx][0] = 0xA1; 663 sctp_audit_data[sctp_audit_indx][1] = 664 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 665 sctp_audit_indx++; 666 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 667 sctp_audit_indx = 0; 668 } 669 rep = 0; 670 tot_book_cnt = 0; 671 resend_cnt = tot_out = 0; 672 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 673 if (chk->sent == SCTP_DATAGRAM_RESEND) { 674 resend_cnt++; 675 } else if (chk->sent < SCTP_DATAGRAM_RESEND) { 676 tot_out += chk->book_size; 677 tot_book_cnt++; 678 } 679 } 680 if (resend_cnt != stcb->asoc.sent_queue_retran_cnt) { 681 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 682 sctp_audit_data[sctp_audit_indx][1] = 0xA1; 683 sctp_audit_indx++; 684 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 685 sctp_audit_indx = 0; 686 } 687 SCTP_PRINTF("resend_cnt:%d asoc-tot:%d\n", 688 resend_cnt, stcb->asoc.sent_queue_retran_cnt); 689 rep = 1; 690 stcb->asoc.sent_queue_retran_cnt = resend_cnt; 691 sctp_audit_data[sctp_audit_indx][0] = 0xA2; 692 sctp_audit_data[sctp_audit_indx][1] = 693 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 694 sctp_audit_indx++; 695 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 696 sctp_audit_indx = 0; 697 } 698 } 699 if (tot_out != stcb->asoc.total_flight) { 700 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 701 sctp_audit_data[sctp_audit_indx][1] = 0xA2; 702 sctp_audit_indx++; 703 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 704 sctp_audit_indx = 0; 705 } 706 rep = 1; 707 SCTP_PRINTF("tot_flt:%d asoc_tot:%d\n", tot_out, 708 (int)stcb->asoc.total_flight); 709 stcb->asoc.total_flight = tot_out; 710 } 711 if (tot_book_cnt != stcb->asoc.total_flight_count) { 712 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 713 sctp_audit_data[sctp_audit_indx][1] = 0xA5; 714 sctp_audit_indx++; 715 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 716 sctp_audit_indx = 0; 717 } 718 rep = 1; 719 SCTP_PRINTF("tot_flt_book:%d\n", tot_book_cnt); 720 721 stcb->asoc.total_flight_count = tot_book_cnt; 722 } 723 tot_out = 0; 724 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 725 tot_out += lnet->flight_size; 726 } 727 if (tot_out != stcb->asoc.total_flight) { 728 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 729 sctp_audit_data[sctp_audit_indx][1] = 0xA3; 730 sctp_audit_indx++; 731 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 732 sctp_audit_indx = 0; 733 } 734 rep = 1; 735 SCTP_PRINTF("real flight:%d net total was %d\n", 736 stcb->asoc.total_flight, tot_out); 737 /* now corrective action */ 738 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 739 tot_out = 0; 740 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 741 if ((chk->whoTo == lnet) && 742 (chk->sent < SCTP_DATAGRAM_RESEND)) { 743 tot_out += chk->book_size; 744 } 745 } 746 if (lnet->flight_size != tot_out) { 747 SCTP_PRINTF("net:%p flight was %d corrected to %d\n", 748 (void *)lnet, lnet->flight_size, 749 tot_out); 750 lnet->flight_size = tot_out; 751 } 752 } 753 } 754 if (rep) { 755 sctp_print_audit_report(); 756 } 757 } 758 759 void 760 sctp_audit_log(uint8_t ev, uint8_t fd) 761 { 762 763 sctp_audit_data[sctp_audit_indx][0] = ev; 764 sctp_audit_data[sctp_audit_indx][1] = fd; 765 sctp_audit_indx++; 766 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 767 sctp_audit_indx = 0; 768 } 769 } 770 771 #endif 772 773 /* 774 * The conversion from time to ticks and vice versa is done by rounding 775 * upwards. This way we can test in the code the time to be positive and 776 * know that this corresponds to a positive number of ticks. 777 */ 778 779 uint32_t 780 sctp_msecs_to_ticks(uint32_t msecs) 781 { 782 uint64_t temp; 783 uint32_t ticks; 784 785 if (hz == 1000) { 786 ticks = msecs; 787 } else { 788 temp = (((uint64_t)msecs * hz) + 999) / 1000; 789 if (temp > UINT32_MAX) { 790 ticks = UINT32_MAX; 791 } else { 792 ticks = (uint32_t)temp; 793 } 794 } 795 return (ticks); 796 } 797 798 uint32_t 799 sctp_ticks_to_msecs(uint32_t ticks) 800 { 801 uint64_t temp; 802 uint32_t msecs; 803 804 if (hz == 1000) { 805 msecs = ticks; 806 } else { 807 temp = (((uint64_t)ticks * 1000) + (hz - 1)) / hz; 808 if (temp > UINT32_MAX) { 809 msecs = UINT32_MAX; 810 } else { 811 msecs = (uint32_t)temp; 812 } 813 } 814 return (msecs); 815 } 816 817 uint32_t 818 sctp_secs_to_ticks(uint32_t secs) 819 { 820 uint64_t temp; 821 uint32_t ticks; 822 823 temp = (uint64_t)secs * hz; 824 if (temp > UINT32_MAX) { 825 ticks = UINT32_MAX; 826 } else { 827 ticks = (uint32_t)temp; 828 } 829 return (ticks); 830 } 831 832 uint32_t 833 sctp_ticks_to_secs(uint32_t ticks) 834 { 835 uint64_t temp; 836 uint32_t secs; 837 838 temp = ((uint64_t)ticks + (hz - 1)) / hz; 839 if (temp > UINT32_MAX) { 840 secs = UINT32_MAX; 841 } else { 842 secs = (uint32_t)temp; 843 } 844 return (secs); 845 } 846 847 /* 848 * sctp_stop_timers_for_shutdown() should be called 849 * when entering the SHUTDOWN_SENT or SHUTDOWN_ACK_SENT 850 * state to make sure that all timers are stopped. 851 */ 852 void 853 sctp_stop_timers_for_shutdown(struct sctp_tcb *stcb) 854 { 855 struct sctp_inpcb *inp; 856 struct sctp_nets *net; 857 858 inp = stcb->sctp_ep; 859 860 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, inp, stcb, NULL, 861 SCTP_FROM_SCTPUTIL + SCTP_LOC_12); 862 sctp_timer_stop(SCTP_TIMER_TYPE_STRRESET, inp, stcb, NULL, 863 SCTP_FROM_SCTPUTIL + SCTP_LOC_13); 864 sctp_timer_stop(SCTP_TIMER_TYPE_ASCONF, inp, stcb, NULL, 865 SCTP_FROM_SCTPUTIL + SCTP_LOC_14); 866 sctp_timer_stop(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL, 867 SCTP_FROM_SCTPUTIL + SCTP_LOC_15); 868 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 869 sctp_timer_stop(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net, 870 SCTP_FROM_SCTPUTIL + SCTP_LOC_16); 871 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, 872 SCTP_FROM_SCTPUTIL + SCTP_LOC_17); 873 } 874 } 875 876 void 877 sctp_stop_association_timers(struct sctp_tcb *stcb, bool stop_assoc_kill_timer) 878 { 879 struct sctp_inpcb *inp; 880 struct sctp_nets *net; 881 882 inp = stcb->sctp_ep; 883 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, inp, stcb, NULL, 884 SCTP_FROM_SCTPUTIL + SCTP_LOC_18); 885 sctp_timer_stop(SCTP_TIMER_TYPE_STRRESET, inp, stcb, NULL, 886 SCTP_FROM_SCTPUTIL + SCTP_LOC_19); 887 if (stop_assoc_kill_timer) { 888 sctp_timer_stop(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL, 889 SCTP_FROM_SCTPUTIL + SCTP_LOC_20); 890 } 891 sctp_timer_stop(SCTP_TIMER_TYPE_ASCONF, inp, stcb, NULL, 892 SCTP_FROM_SCTPUTIL + SCTP_LOC_21); 893 sctp_timer_stop(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL, 894 SCTP_FROM_SCTPUTIL + SCTP_LOC_22); 895 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWNGUARD, inp, stcb, NULL, 896 SCTP_FROM_SCTPUTIL + SCTP_LOC_23); 897 /* Mobility adaptation */ 898 sctp_timer_stop(SCTP_TIMER_TYPE_PRIM_DELETED, inp, stcb, NULL, 899 SCTP_FROM_SCTPUTIL + SCTP_LOC_24); 900 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 901 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, inp, stcb, net, 902 SCTP_FROM_SCTPUTIL + SCTP_LOC_25); 903 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, stcb, net, 904 SCTP_FROM_SCTPUTIL + SCTP_LOC_26); 905 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, inp, stcb, net, 906 SCTP_FROM_SCTPUTIL + SCTP_LOC_27); 907 sctp_timer_stop(SCTP_TIMER_TYPE_COOKIE, inp, stcb, net, 908 SCTP_FROM_SCTPUTIL + SCTP_LOC_28); 909 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWNACK, inp, stcb, net, 910 SCTP_FROM_SCTPUTIL + SCTP_LOC_29); 911 sctp_timer_stop(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net, 912 SCTP_FROM_SCTPUTIL + SCTP_LOC_30); 913 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, 914 SCTP_FROM_SCTPUTIL + SCTP_LOC_31); 915 } 916 } 917 918 /* 919 * A list of sizes based on typical mtu's, used only if next hop size not 920 * returned. These values MUST be multiples of 4 and MUST be ordered. 921 */ 922 static uint32_t sctp_mtu_sizes[] = { 923 68, 924 296, 925 508, 926 512, 927 544, 928 576, 929 1004, 930 1492, 931 1500, 932 1536, 933 2000, 934 2048, 935 4352, 936 4464, 937 8168, 938 17912, 939 32000, 940 65532 941 }; 942 943 /* 944 * Return the largest MTU in sctp_mtu_sizes smaller than val. 945 * If val is smaller than the minimum, just return the largest 946 * multiple of 4 smaller or equal to val. 947 * Ensure that the result is a multiple of 4. 948 */ 949 uint32_t 950 sctp_get_prev_mtu(uint32_t val) 951 { 952 uint32_t i; 953 954 val &= 0xfffffffc; 955 if (val <= sctp_mtu_sizes[0]) { 956 return (val); 957 } 958 for (i = 1; i < (sizeof(sctp_mtu_sizes) / sizeof(uint32_t)); i++) { 959 if (val <= sctp_mtu_sizes[i]) { 960 break; 961 } 962 } 963 KASSERT((sctp_mtu_sizes[i - 1] & 0x00000003) == 0, 964 ("sctp_mtu_sizes[%u] not a multiple of 4", i - 1)); 965 return (sctp_mtu_sizes[i - 1]); 966 } 967 968 /* 969 * Return the smallest MTU in sctp_mtu_sizes larger than val. 970 * If val is larger than the maximum, just return the largest multiple of 4 smaller 971 * or equal to val. 972 * Ensure that the result is a multiple of 4. 973 */ 974 uint32_t 975 sctp_get_next_mtu(uint32_t val) 976 { 977 /* select another MTU that is just bigger than this one */ 978 uint32_t i; 979 980 val &= 0xfffffffc; 981 for (i = 0; i < (sizeof(sctp_mtu_sizes) / sizeof(uint32_t)); i++) { 982 if (val < sctp_mtu_sizes[i]) { 983 KASSERT((sctp_mtu_sizes[i] & 0x00000003) == 0, 984 ("sctp_mtu_sizes[%u] not a multiple of 4", i)); 985 return (sctp_mtu_sizes[i]); 986 } 987 } 988 return (val); 989 } 990 991 void 992 sctp_fill_random_store(struct sctp_pcb *m) 993 { 994 /* 995 * Here we use the MD5/SHA-1 to hash with our good randomNumbers and 996 * our counter. The result becomes our good random numbers and we 997 * then setup to give these out. Note that we do no locking to 998 * protect this. This is ok, since if competing folks call this we 999 * will get more gobbled gook in the random store which is what we 1000 * want. There is a danger that two guys will use the same random 1001 * numbers, but thats ok too since that is random as well :-> 1002 */ 1003 m->store_at = 0; 1004 (void)sctp_hmac(SCTP_HMAC, (uint8_t *)m->random_numbers, 1005 sizeof(m->random_numbers), (uint8_t *)&m->random_counter, 1006 sizeof(m->random_counter), (uint8_t *)m->random_store); 1007 m->random_counter++; 1008 } 1009 1010 uint32_t 1011 sctp_select_initial_TSN(struct sctp_pcb *inp) 1012 { 1013 /* 1014 * A true implementation should use random selection process to get 1015 * the initial stream sequence number, using RFC1750 as a good 1016 * guideline 1017 */ 1018 uint32_t x, *xp; 1019 uint8_t *p; 1020 int store_at, new_store; 1021 1022 if (inp->initial_sequence_debug != 0) { 1023 uint32_t ret; 1024 1025 ret = inp->initial_sequence_debug; 1026 inp->initial_sequence_debug++; 1027 return (ret); 1028 } 1029 retry: 1030 store_at = inp->store_at; 1031 new_store = store_at + sizeof(uint32_t); 1032 if (new_store >= (SCTP_SIGNATURE_SIZE - 3)) { 1033 new_store = 0; 1034 } 1035 if (!atomic_cmpset_int(&inp->store_at, store_at, new_store)) { 1036 goto retry; 1037 } 1038 if (new_store == 0) { 1039 /* Refill the random store */ 1040 sctp_fill_random_store(inp); 1041 } 1042 p = &inp->random_store[store_at]; 1043 xp = (uint32_t *)p; 1044 x = *xp; 1045 return (x); 1046 } 1047 1048 uint32_t 1049 sctp_select_a_tag(struct sctp_inpcb *inp, uint16_t lport, uint16_t rport, int check) 1050 { 1051 uint32_t x; 1052 struct timeval now; 1053 1054 if (check) { 1055 (void)SCTP_GETTIME_TIMEVAL(&now); 1056 } 1057 for (;;) { 1058 x = sctp_select_initial_TSN(&inp->sctp_ep); 1059 if (x == 0) { 1060 /* we never use 0 */ 1061 continue; 1062 } 1063 if (!check || sctp_is_vtag_good(x, lport, rport, &now)) { 1064 break; 1065 } 1066 } 1067 return (x); 1068 } 1069 1070 int32_t 1071 sctp_map_assoc_state(int kernel_state) 1072 { 1073 int32_t user_state; 1074 1075 if (kernel_state & SCTP_STATE_WAS_ABORTED) { 1076 user_state = SCTP_CLOSED; 1077 } else if (kernel_state & SCTP_STATE_SHUTDOWN_PENDING) { 1078 user_state = SCTP_SHUTDOWN_PENDING; 1079 } else { 1080 switch (kernel_state & SCTP_STATE_MASK) { 1081 case SCTP_STATE_EMPTY: 1082 user_state = SCTP_CLOSED; 1083 break; 1084 case SCTP_STATE_INUSE: 1085 user_state = SCTP_CLOSED; 1086 break; 1087 case SCTP_STATE_COOKIE_WAIT: 1088 user_state = SCTP_COOKIE_WAIT; 1089 break; 1090 case SCTP_STATE_COOKIE_ECHOED: 1091 user_state = SCTP_COOKIE_ECHOED; 1092 break; 1093 case SCTP_STATE_OPEN: 1094 user_state = SCTP_ESTABLISHED; 1095 break; 1096 case SCTP_STATE_SHUTDOWN_SENT: 1097 user_state = SCTP_SHUTDOWN_SENT; 1098 break; 1099 case SCTP_STATE_SHUTDOWN_RECEIVED: 1100 user_state = SCTP_SHUTDOWN_RECEIVED; 1101 break; 1102 case SCTP_STATE_SHUTDOWN_ACK_SENT: 1103 user_state = SCTP_SHUTDOWN_ACK_SENT; 1104 break; 1105 default: 1106 user_state = SCTP_CLOSED; 1107 break; 1108 } 1109 } 1110 return (user_state); 1111 } 1112 1113 int 1114 sctp_init_asoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 1115 uint32_t override_tag, uint32_t initial_tsn, uint32_t vrf_id, 1116 uint16_t o_strms) 1117 { 1118 struct sctp_association *asoc; 1119 1120 /* 1121 * Anything set to zero is taken care of by the allocation routine's 1122 * bzero 1123 */ 1124 1125 /* 1126 * Up front select what scoping to apply on addresses I tell my peer 1127 * Not sure what to do with these right now, we will need to come up 1128 * with a way to set them. We may need to pass them through from the 1129 * caller in the sctp_aloc_assoc() function. 1130 */ 1131 int i; 1132 #if defined(SCTP_DETAILED_STR_STATS) 1133 int j; 1134 #endif 1135 1136 asoc = &stcb->asoc; 1137 /* init all variables to a known value. */ 1138 SCTP_SET_STATE(stcb, SCTP_STATE_INUSE); 1139 asoc->max_burst = inp->sctp_ep.max_burst; 1140 asoc->fr_max_burst = inp->sctp_ep.fr_max_burst; 1141 asoc->heart_beat_delay = sctp_ticks_to_msecs(inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_HEARTBEAT]); 1142 asoc->cookie_life = inp->sctp_ep.def_cookie_life; 1143 asoc->sctp_cmt_on_off = inp->sctp_cmt_on_off; 1144 asoc->ecn_supported = inp->ecn_supported; 1145 asoc->prsctp_supported = inp->prsctp_supported; 1146 asoc->auth_supported = inp->auth_supported; 1147 asoc->asconf_supported = inp->asconf_supported; 1148 asoc->reconfig_supported = inp->reconfig_supported; 1149 asoc->nrsack_supported = inp->nrsack_supported; 1150 asoc->pktdrop_supported = inp->pktdrop_supported; 1151 asoc->idata_supported = inp->idata_supported; 1152 asoc->sctp_cmt_pf = (uint8_t)0; 1153 asoc->sctp_frag_point = inp->sctp_frag_point; 1154 asoc->sctp_features = inp->sctp_features; 1155 asoc->default_dscp = inp->sctp_ep.default_dscp; 1156 asoc->max_cwnd = inp->max_cwnd; 1157 #ifdef INET6 1158 if (inp->sctp_ep.default_flowlabel) { 1159 asoc->default_flowlabel = inp->sctp_ep.default_flowlabel; 1160 } else { 1161 if (inp->ip_inp.inp.inp_flags & IN6P_AUTOFLOWLABEL) { 1162 asoc->default_flowlabel = sctp_select_initial_TSN(&inp->sctp_ep); 1163 asoc->default_flowlabel &= 0x000fffff; 1164 asoc->default_flowlabel |= 0x80000000; 1165 } else { 1166 asoc->default_flowlabel = 0; 1167 } 1168 } 1169 #endif 1170 asoc->sb_send_resv = 0; 1171 if (override_tag) { 1172 asoc->my_vtag = override_tag; 1173 } else { 1174 asoc->my_vtag = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 1); 1175 } 1176 /* Get the nonce tags */ 1177 asoc->my_vtag_nonce = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 0); 1178 asoc->peer_vtag_nonce = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 0); 1179 asoc->vrf_id = vrf_id; 1180 1181 #ifdef SCTP_ASOCLOG_OF_TSNS 1182 asoc->tsn_in_at = 0; 1183 asoc->tsn_out_at = 0; 1184 asoc->tsn_in_wrapped = 0; 1185 asoc->tsn_out_wrapped = 0; 1186 asoc->cumack_log_at = 0; 1187 asoc->cumack_log_atsnt = 0; 1188 #endif 1189 #ifdef SCTP_FS_SPEC_LOG 1190 asoc->fs_index = 0; 1191 #endif 1192 asoc->refcnt = 0; 1193 asoc->assoc_up_sent = 0; 1194 if (override_tag) { 1195 asoc->init_seq_number = initial_tsn; 1196 } else { 1197 asoc->init_seq_number = sctp_select_initial_TSN(&inp->sctp_ep); 1198 } 1199 asoc->asconf_seq_out = asoc->init_seq_number; 1200 asoc->str_reset_seq_out = asoc->init_seq_number; 1201 asoc->sending_seq = asoc->init_seq_number; 1202 asoc->asconf_seq_out_acked = asoc->init_seq_number - 1; 1203 /* we are optimisitic here */ 1204 asoc->peer_supports_nat = 0; 1205 asoc->sent_queue_retran_cnt = 0; 1206 1207 /* for CMT */ 1208 asoc->last_net_cmt_send_started = NULL; 1209 1210 asoc->last_acked_seq = asoc->init_seq_number - 1; 1211 asoc->advanced_peer_ack_point = asoc->init_seq_number - 1; 1212 asoc->asconf_seq_in = asoc->init_seq_number - 1; 1213 1214 /* here we are different, we hold the next one we expect */ 1215 asoc->str_reset_seq_in = asoc->init_seq_number; 1216 1217 asoc->initial_init_rto_max = inp->sctp_ep.initial_init_rto_max; 1218 asoc->initial_rto = inp->sctp_ep.initial_rto; 1219 1220 asoc->default_mtu = inp->sctp_ep.default_mtu; 1221 asoc->max_init_times = inp->sctp_ep.max_init_times; 1222 asoc->max_send_times = inp->sctp_ep.max_send_times; 1223 asoc->def_net_failure = inp->sctp_ep.def_net_failure; 1224 asoc->def_net_pf_threshold = inp->sctp_ep.def_net_pf_threshold; 1225 asoc->free_chunk_cnt = 0; 1226 1227 asoc->iam_blocking = 0; 1228 asoc->context = inp->sctp_context; 1229 asoc->local_strreset_support = inp->local_strreset_support; 1230 asoc->def_send = inp->def_send; 1231 asoc->delayed_ack = sctp_ticks_to_msecs(inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_RECV]); 1232 asoc->sack_freq = inp->sctp_ep.sctp_sack_freq; 1233 asoc->pr_sctp_cnt = 0; 1234 asoc->total_output_queue_size = 0; 1235 1236 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 1237 asoc->scope.ipv6_addr_legal = 1; 1238 if (SCTP_IPV6_V6ONLY(inp) == 0) { 1239 asoc->scope.ipv4_addr_legal = 1; 1240 } else { 1241 asoc->scope.ipv4_addr_legal = 0; 1242 } 1243 } else { 1244 asoc->scope.ipv6_addr_legal = 0; 1245 asoc->scope.ipv4_addr_legal = 1; 1246 } 1247 1248 asoc->my_rwnd = max(SCTP_SB_LIMIT_RCV(inp->sctp_socket), SCTP_MINIMAL_RWND); 1249 asoc->peers_rwnd = SCTP_SB_LIMIT_RCV(inp->sctp_socket); 1250 1251 asoc->smallest_mtu = inp->sctp_frag_point; 1252 asoc->minrto = inp->sctp_ep.sctp_minrto; 1253 asoc->maxrto = inp->sctp_ep.sctp_maxrto; 1254 1255 asoc->stream_locked_on = 0; 1256 asoc->ecn_echo_cnt_onq = 0; 1257 asoc->stream_locked = 0; 1258 1259 asoc->send_sack = 1; 1260 1261 LIST_INIT(&asoc->sctp_restricted_addrs); 1262 1263 TAILQ_INIT(&asoc->nets); 1264 TAILQ_INIT(&asoc->pending_reply_queue); 1265 TAILQ_INIT(&asoc->asconf_ack_sent); 1266 /* Setup to fill the hb random cache at first HB */ 1267 asoc->hb_random_idx = 4; 1268 1269 asoc->sctp_autoclose_ticks = inp->sctp_ep.auto_close_time; 1270 1271 stcb->asoc.congestion_control_module = inp->sctp_ep.sctp_default_cc_module; 1272 stcb->asoc.cc_functions = sctp_cc_functions[inp->sctp_ep.sctp_default_cc_module]; 1273 1274 stcb->asoc.stream_scheduling_module = inp->sctp_ep.sctp_default_ss_module; 1275 stcb->asoc.ss_functions = sctp_ss_functions[inp->sctp_ep.sctp_default_ss_module]; 1276 1277 /* 1278 * Now the stream parameters, here we allocate space for all streams 1279 * that we request by default. 1280 */ 1281 asoc->strm_realoutsize = asoc->streamoutcnt = asoc->pre_open_streams = 1282 o_strms; 1283 SCTP_MALLOC(asoc->strmout, struct sctp_stream_out *, 1284 asoc->streamoutcnt * sizeof(struct sctp_stream_out), 1285 SCTP_M_STRMO); 1286 if (asoc->strmout == NULL) { 1287 /* big trouble no memory */ 1288 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1289 return (ENOMEM); 1290 } 1291 SCTP_TCB_SEND_LOCK(stcb); 1292 for (i = 0; i < asoc->streamoutcnt; i++) { 1293 /* 1294 * inbound side must be set to 0xffff, also NOTE when we get 1295 * the INIT-ACK back (for INIT sender) we MUST reduce the 1296 * count (streamoutcnt) but first check if we sent to any of 1297 * the upper streams that were dropped (if some were). Those 1298 * that were dropped must be notified to the upper layer as 1299 * failed to send. 1300 */ 1301 TAILQ_INIT(&asoc->strmout[i].outqueue); 1302 asoc->ss_functions.sctp_ss_init_stream(stcb, &asoc->strmout[i], NULL); 1303 asoc->strmout[i].chunks_on_queues = 0; 1304 #if defined(SCTP_DETAILED_STR_STATS) 1305 for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) { 1306 asoc->strmout[i].abandoned_sent[j] = 0; 1307 asoc->strmout[i].abandoned_unsent[j] = 0; 1308 } 1309 #else 1310 asoc->strmout[i].abandoned_sent[0] = 0; 1311 asoc->strmout[i].abandoned_unsent[0] = 0; 1312 #endif 1313 asoc->strmout[i].next_mid_ordered = 0; 1314 asoc->strmout[i].next_mid_unordered = 0; 1315 asoc->strmout[i].sid = i; 1316 asoc->strmout[i].last_msg_incomplete = 0; 1317 asoc->strmout[i].state = SCTP_STREAM_OPENING; 1318 } 1319 asoc->ss_functions.sctp_ss_init(stcb, asoc); 1320 SCTP_TCB_SEND_UNLOCK(stcb); 1321 1322 /* Now the mapping array */ 1323 asoc->mapping_array_size = SCTP_INITIAL_MAPPING_ARRAY; 1324 SCTP_MALLOC(asoc->mapping_array, uint8_t *, asoc->mapping_array_size, 1325 SCTP_M_MAP); 1326 if (asoc->mapping_array == NULL) { 1327 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 1328 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1329 return (ENOMEM); 1330 } 1331 memset(asoc->mapping_array, 0, asoc->mapping_array_size); 1332 SCTP_MALLOC(asoc->nr_mapping_array, uint8_t *, asoc->mapping_array_size, 1333 SCTP_M_MAP); 1334 if (asoc->nr_mapping_array == NULL) { 1335 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 1336 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 1337 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1338 return (ENOMEM); 1339 } 1340 memset(asoc->nr_mapping_array, 0, asoc->mapping_array_size); 1341 1342 /* Now the init of the other outqueues */ 1343 TAILQ_INIT(&asoc->free_chunks); 1344 TAILQ_INIT(&asoc->control_send_queue); 1345 TAILQ_INIT(&asoc->asconf_send_queue); 1346 TAILQ_INIT(&asoc->send_queue); 1347 TAILQ_INIT(&asoc->sent_queue); 1348 TAILQ_INIT(&asoc->resetHead); 1349 asoc->max_inbound_streams = inp->sctp_ep.max_open_streams_intome; 1350 TAILQ_INIT(&asoc->asconf_queue); 1351 /* authentication fields */ 1352 asoc->authinfo.random = NULL; 1353 asoc->authinfo.active_keyid = 0; 1354 asoc->authinfo.assoc_key = NULL; 1355 asoc->authinfo.assoc_keyid = 0; 1356 asoc->authinfo.recv_key = NULL; 1357 asoc->authinfo.recv_keyid = 0; 1358 LIST_INIT(&asoc->shared_keys); 1359 asoc->marked_retrans = 0; 1360 asoc->port = inp->sctp_ep.port; 1361 asoc->timoinit = 0; 1362 asoc->timodata = 0; 1363 asoc->timosack = 0; 1364 asoc->timoshutdown = 0; 1365 asoc->timoheartbeat = 0; 1366 asoc->timocookie = 0; 1367 asoc->timoshutdownack = 0; 1368 (void)SCTP_GETTIME_TIMEVAL(&asoc->start_time); 1369 asoc->discontinuity_time = asoc->start_time; 1370 for (i = 0; i < SCTP_PR_SCTP_MAX + 1; i++) { 1371 asoc->abandoned_unsent[i] = 0; 1372 asoc->abandoned_sent[i] = 0; 1373 } 1374 /* 1375 * sa_ignore MEMLEAK {memory is put in the assoc mapping array and 1376 * freed later when the association is freed. 1377 */ 1378 return (0); 1379 } 1380 1381 void 1382 sctp_print_mapping_array(struct sctp_association *asoc) 1383 { 1384 unsigned int i, limit; 1385 1386 SCTP_PRINTF("Mapping array size: %d, baseTSN: %8.8x, cumAck: %8.8x, highestTSN: (%8.8x, %8.8x).\n", 1387 asoc->mapping_array_size, 1388 asoc->mapping_array_base_tsn, 1389 asoc->cumulative_tsn, 1390 asoc->highest_tsn_inside_map, 1391 asoc->highest_tsn_inside_nr_map); 1392 for (limit = asoc->mapping_array_size; limit > 1; limit--) { 1393 if (asoc->mapping_array[limit - 1] != 0) { 1394 break; 1395 } 1396 } 1397 SCTP_PRINTF("Renegable mapping array (last %d entries are zero):\n", asoc->mapping_array_size - limit); 1398 for (i = 0; i < limit; i++) { 1399 SCTP_PRINTF("%2.2x%c", asoc->mapping_array[i], ((i + 1) % 16) ? ' ' : '\n'); 1400 } 1401 if (limit % 16) 1402 SCTP_PRINTF("\n"); 1403 for (limit = asoc->mapping_array_size; limit > 1; limit--) { 1404 if (asoc->nr_mapping_array[limit - 1]) { 1405 break; 1406 } 1407 } 1408 SCTP_PRINTF("Non renegable mapping array (last %d entries are zero):\n", asoc->mapping_array_size - limit); 1409 for (i = 0; i < limit; i++) { 1410 SCTP_PRINTF("%2.2x%c", asoc->nr_mapping_array[i], ((i + 1) % 16) ? ' ' : '\n'); 1411 } 1412 if (limit % 16) 1413 SCTP_PRINTF("\n"); 1414 } 1415 1416 int 1417 sctp_expand_mapping_array(struct sctp_association *asoc, uint32_t needed) 1418 { 1419 /* mapping array needs to grow */ 1420 uint8_t *new_array1, *new_array2; 1421 uint32_t new_size; 1422 1423 new_size = asoc->mapping_array_size + ((needed + 7) / 8 + SCTP_MAPPING_ARRAY_INCR); 1424 SCTP_MALLOC(new_array1, uint8_t *, new_size, SCTP_M_MAP); 1425 SCTP_MALLOC(new_array2, uint8_t *, new_size, SCTP_M_MAP); 1426 if ((new_array1 == NULL) || (new_array2 == NULL)) { 1427 /* can't get more, forget it */ 1428 SCTP_PRINTF("No memory for expansion of SCTP mapping array %d\n", new_size); 1429 if (new_array1) { 1430 SCTP_FREE(new_array1, SCTP_M_MAP); 1431 } 1432 if (new_array2) { 1433 SCTP_FREE(new_array2, SCTP_M_MAP); 1434 } 1435 return (-1); 1436 } 1437 memset(new_array1, 0, new_size); 1438 memset(new_array2, 0, new_size); 1439 memcpy(new_array1, asoc->mapping_array, asoc->mapping_array_size); 1440 memcpy(new_array2, asoc->nr_mapping_array, asoc->mapping_array_size); 1441 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 1442 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP); 1443 asoc->mapping_array = new_array1; 1444 asoc->nr_mapping_array = new_array2; 1445 asoc->mapping_array_size = new_size; 1446 return (0); 1447 } 1448 1449 static void 1450 sctp_iterator_work(struct sctp_iterator *it) 1451 { 1452 struct epoch_tracker et; 1453 struct sctp_inpcb *tinp; 1454 int iteration_count = 0; 1455 int inp_skip = 0; 1456 int first_in = 1; 1457 1458 NET_EPOCH_ENTER(et); 1459 SCTP_INP_INFO_RLOCK(); 1460 SCTP_ITERATOR_LOCK(); 1461 sctp_it_ctl.cur_it = it; 1462 if (it->inp) { 1463 SCTP_INP_RLOCK(it->inp); 1464 SCTP_INP_DECR_REF(it->inp); 1465 } 1466 if (it->inp == NULL) { 1467 /* iterator is complete */ 1468 done_with_iterator: 1469 sctp_it_ctl.cur_it = NULL; 1470 SCTP_ITERATOR_UNLOCK(); 1471 SCTP_INP_INFO_RUNLOCK(); 1472 if (it->function_atend != NULL) { 1473 (*it->function_atend) (it->pointer, it->val); 1474 } 1475 SCTP_FREE(it, SCTP_M_ITER); 1476 NET_EPOCH_EXIT(et); 1477 return; 1478 } 1479 select_a_new_ep: 1480 if (first_in) { 1481 first_in = 0; 1482 } else { 1483 SCTP_INP_RLOCK(it->inp); 1484 } 1485 while (((it->pcb_flags) && 1486 ((it->inp->sctp_flags & it->pcb_flags) != it->pcb_flags)) || 1487 ((it->pcb_features) && 1488 ((it->inp->sctp_features & it->pcb_features) != it->pcb_features))) { 1489 /* endpoint flags or features don't match, so keep looking */ 1490 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 1491 SCTP_INP_RUNLOCK(it->inp); 1492 goto done_with_iterator; 1493 } 1494 tinp = it->inp; 1495 it->inp = LIST_NEXT(it->inp, sctp_list); 1496 it->stcb = NULL; 1497 SCTP_INP_RUNLOCK(tinp); 1498 if (it->inp == NULL) { 1499 goto done_with_iterator; 1500 } 1501 SCTP_INP_RLOCK(it->inp); 1502 } 1503 /* now go through each assoc which is in the desired state */ 1504 if (it->done_current_ep == 0) { 1505 if (it->function_inp != NULL) 1506 inp_skip = (*it->function_inp) (it->inp, it->pointer, it->val); 1507 it->done_current_ep = 1; 1508 } 1509 if (it->stcb == NULL) { 1510 /* run the per instance function */ 1511 it->stcb = LIST_FIRST(&it->inp->sctp_asoc_list); 1512 } 1513 if ((inp_skip) || it->stcb == NULL) { 1514 if (it->function_inp_end != NULL) { 1515 inp_skip = (*it->function_inp_end) (it->inp, 1516 it->pointer, 1517 it->val); 1518 } 1519 SCTP_INP_RUNLOCK(it->inp); 1520 goto no_stcb; 1521 } 1522 while (it->stcb != NULL) { 1523 SCTP_TCB_LOCK(it->stcb); 1524 if (it->asoc_state && ((it->stcb->asoc.state & it->asoc_state) != it->asoc_state)) { 1525 /* not in the right state... keep looking */ 1526 SCTP_TCB_UNLOCK(it->stcb); 1527 goto next_assoc; 1528 } 1529 /* see if we have limited out the iterator loop */ 1530 iteration_count++; 1531 if (iteration_count > SCTP_ITERATOR_MAX_AT_ONCE) { 1532 /* Pause to let others grab the lock */ 1533 atomic_add_int(&it->stcb->asoc.refcnt, 1); 1534 SCTP_TCB_UNLOCK(it->stcb); 1535 SCTP_INP_INCR_REF(it->inp); 1536 SCTP_INP_RUNLOCK(it->inp); 1537 SCTP_ITERATOR_UNLOCK(); 1538 SCTP_INP_INFO_RUNLOCK(); 1539 SCTP_INP_INFO_RLOCK(); 1540 SCTP_ITERATOR_LOCK(); 1541 if (sctp_it_ctl.iterator_flags) { 1542 /* We won't be staying here */ 1543 SCTP_INP_DECR_REF(it->inp); 1544 atomic_subtract_int(&it->stcb->asoc.refcnt, 1); 1545 if (sctp_it_ctl.iterator_flags & 1546 SCTP_ITERATOR_STOP_CUR_IT) { 1547 sctp_it_ctl.iterator_flags &= ~SCTP_ITERATOR_STOP_CUR_IT; 1548 goto done_with_iterator; 1549 } 1550 if (sctp_it_ctl.iterator_flags & 1551 SCTP_ITERATOR_STOP_CUR_INP) { 1552 sctp_it_ctl.iterator_flags &= ~SCTP_ITERATOR_STOP_CUR_INP; 1553 goto no_stcb; 1554 } 1555 /* If we reach here huh? */ 1556 SCTP_PRINTF("Unknown it ctl flag %x\n", 1557 sctp_it_ctl.iterator_flags); 1558 sctp_it_ctl.iterator_flags = 0; 1559 } 1560 SCTP_INP_RLOCK(it->inp); 1561 SCTP_INP_DECR_REF(it->inp); 1562 SCTP_TCB_LOCK(it->stcb); 1563 atomic_subtract_int(&it->stcb->asoc.refcnt, 1); 1564 iteration_count = 0; 1565 } 1566 KASSERT(it->inp == it->stcb->sctp_ep, 1567 ("%s: stcb %p does not belong to inp %p, but inp %p", 1568 __func__, it->stcb, it->inp, it->stcb->sctp_ep)); 1569 SCTP_INP_RLOCK_ASSERT(it->inp); 1570 SCTP_TCB_LOCK_ASSERT(it->stcb); 1571 1572 /* run function on this one */ 1573 (*it->function_assoc) (it->inp, it->stcb, it->pointer, it->val); 1574 SCTP_INP_RLOCK_ASSERT(it->inp); 1575 SCTP_TCB_LOCK_ASSERT(it->stcb); 1576 1577 /* 1578 * we lie here, it really needs to have its own type but 1579 * first I must verify that this won't effect things :-0 1580 */ 1581 if (it->no_chunk_output == 0) { 1582 sctp_chunk_output(it->inp, it->stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1583 SCTP_INP_RLOCK_ASSERT(it->inp); 1584 SCTP_TCB_LOCK_ASSERT(it->stcb); 1585 } 1586 1587 SCTP_TCB_UNLOCK(it->stcb); 1588 next_assoc: 1589 it->stcb = LIST_NEXT(it->stcb, sctp_tcblist); 1590 if (it->stcb == NULL) { 1591 /* Run last function */ 1592 if (it->function_inp_end != NULL) { 1593 inp_skip = (*it->function_inp_end) (it->inp, 1594 it->pointer, 1595 it->val); 1596 } 1597 } 1598 } 1599 SCTP_INP_RUNLOCK(it->inp); 1600 no_stcb: 1601 /* done with all assocs on this endpoint, move on to next endpoint */ 1602 it->done_current_ep = 0; 1603 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 1604 it->inp = NULL; 1605 } else { 1606 it->inp = LIST_NEXT(it->inp, sctp_list); 1607 } 1608 it->stcb = NULL; 1609 if (it->inp == NULL) { 1610 goto done_with_iterator; 1611 } 1612 goto select_a_new_ep; 1613 } 1614 1615 void 1616 sctp_iterator_worker(void) 1617 { 1618 struct sctp_iterator *it; 1619 1620 /* This function is called with the WQ lock in place */ 1621 sctp_it_ctl.iterator_running = 1; 1622 while ((it = TAILQ_FIRST(&sctp_it_ctl.iteratorhead)) != NULL) { 1623 /* now lets work on this one */ 1624 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr); 1625 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 1626 CURVNET_SET(it->vn); 1627 sctp_iterator_work(it); 1628 CURVNET_RESTORE(); 1629 SCTP_IPI_ITERATOR_WQ_LOCK(); 1630 /* sa_ignore FREED_MEMORY */ 1631 } 1632 sctp_it_ctl.iterator_running = 0; 1633 return; 1634 } 1635 1636 static void 1637 sctp_handle_addr_wq(void) 1638 { 1639 /* deal with the ADDR wq from the rtsock calls */ 1640 struct sctp_laddr *wi, *nwi; 1641 struct sctp_asconf_iterator *asc; 1642 1643 SCTP_MALLOC(asc, struct sctp_asconf_iterator *, 1644 sizeof(struct sctp_asconf_iterator), SCTP_M_ASC_IT); 1645 if (asc == NULL) { 1646 /* Try later, no memory */ 1647 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 1648 (struct sctp_inpcb *)NULL, 1649 (struct sctp_tcb *)NULL, 1650 (struct sctp_nets *)NULL); 1651 return; 1652 } 1653 LIST_INIT(&asc->list_of_work); 1654 asc->cnt = 0; 1655 1656 LIST_FOREACH_SAFE(wi, &SCTP_BASE_INFO(addr_wq), sctp_nxt_addr, nwi) { 1657 LIST_REMOVE(wi, sctp_nxt_addr); 1658 LIST_INSERT_HEAD(&asc->list_of_work, wi, sctp_nxt_addr); 1659 asc->cnt++; 1660 } 1661 1662 if (asc->cnt == 0) { 1663 SCTP_FREE(asc, SCTP_M_ASC_IT); 1664 } else { 1665 int ret; 1666 1667 ret = sctp_initiate_iterator(sctp_asconf_iterator_ep, 1668 sctp_asconf_iterator_stcb, 1669 NULL, /* No ep end for boundall */ 1670 SCTP_PCB_FLAGS_BOUNDALL, 1671 SCTP_PCB_ANY_FEATURES, 1672 SCTP_ASOC_ANY_STATE, 1673 (void *)asc, 0, 1674 sctp_asconf_iterator_end, NULL, 0); 1675 if (ret) { 1676 SCTP_PRINTF("Failed to initiate iterator for handle_addr_wq\n"); 1677 /* 1678 * Freeing if we are stopping or put back on the 1679 * addr_wq. 1680 */ 1681 if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) { 1682 sctp_asconf_iterator_end(asc, 0); 1683 } else { 1684 LIST_FOREACH(wi, &asc->list_of_work, sctp_nxt_addr) { 1685 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); 1686 } 1687 SCTP_FREE(asc, SCTP_M_ASC_IT); 1688 } 1689 } 1690 } 1691 } 1692 1693 /*- 1694 * The following table shows which pointers for the inp, stcb, or net are 1695 * stored for each timer after it was started. 1696 * 1697 *|Name |Timer |inp |stcb|net | 1698 *|-----------------------------|-----------------------------|----|----|----| 1699 *|SCTP_TIMER_TYPE_SEND |net->rxt_timer |Yes |Yes |Yes | 1700 *|SCTP_TIMER_TYPE_INIT |net->rxt_timer |Yes |Yes |Yes | 1701 *|SCTP_TIMER_TYPE_RECV |stcb->asoc.dack_timer |Yes |Yes |No | 1702 *|SCTP_TIMER_TYPE_SHUTDOWN |net->rxt_timer |Yes |Yes |Yes | 1703 *|SCTP_TIMER_TYPE_HEARTBEAT |net->hb_timer |Yes |Yes |Yes | 1704 *|SCTP_TIMER_TYPE_COOKIE |net->rxt_timer |Yes |Yes |Yes | 1705 *|SCTP_TIMER_TYPE_NEWCOOKIE |inp->sctp_ep.signature_change|Yes |No |No | 1706 *|SCTP_TIMER_TYPE_PATHMTURAISE |net->pmtu_timer |Yes |Yes |Yes | 1707 *|SCTP_TIMER_TYPE_SHUTDOWNACK |net->rxt_timer |Yes |Yes |Yes | 1708 *|SCTP_TIMER_TYPE_ASCONF |stcb->asoc.asconf_timer |Yes |Yes |Yes | 1709 *|SCTP_TIMER_TYPE_SHUTDOWNGUARD|stcb->asoc.shut_guard_timer |Yes |Yes |No | 1710 *|SCTP_TIMER_TYPE_AUTOCLOSE |stcb->asoc.autoclose_timer |Yes |Yes |No | 1711 *|SCTP_TIMER_TYPE_STRRESET |stcb->asoc.strreset_timer |Yes |Yes |No | 1712 *|SCTP_TIMER_TYPE_INPKILL |inp->sctp_ep.signature_change|Yes |No |No | 1713 *|SCTP_TIMER_TYPE_ASOCKILL |stcb->asoc.strreset_timer |Yes |Yes |No | 1714 *|SCTP_TIMER_TYPE_ADDR_WQ |SCTP_BASE_INFO(addr_wq_timer)|No |No |No | 1715 *|SCTP_TIMER_TYPE_PRIM_DELETED |stcb->asoc.delete_prim_timer |Yes |Yes |No | 1716 */ 1717 1718 void 1719 sctp_timeout_handler(void *t) 1720 { 1721 struct epoch_tracker et; 1722 struct timeval tv; 1723 struct sctp_inpcb *inp; 1724 struct sctp_tcb *stcb; 1725 struct sctp_nets *net; 1726 struct sctp_timer *tmr; 1727 struct mbuf *op_err; 1728 int type; 1729 int i, secret; 1730 bool did_output, released_asoc_reference; 1731 1732 /* 1733 * If inp, stcb or net are not NULL, then references to these were 1734 * added when the timer was started, and must be released before 1735 * this function returns. 1736 */ 1737 tmr = (struct sctp_timer *)t; 1738 inp = (struct sctp_inpcb *)tmr->ep; 1739 stcb = (struct sctp_tcb *)tmr->tcb; 1740 net = (struct sctp_nets *)tmr->net; 1741 CURVNET_SET((struct vnet *)tmr->vnet); 1742 NET_EPOCH_ENTER(et); 1743 released_asoc_reference = false; 1744 1745 #ifdef SCTP_AUDITING_ENABLED 1746 sctp_audit_log(0xF0, (uint8_t)tmr->type); 1747 sctp_auditing(3, inp, stcb, net); 1748 #endif 1749 1750 /* sanity checks... */ 1751 KASSERT(tmr->self == NULL || tmr->self == tmr, 1752 ("sctp_timeout_handler: tmr->self corrupted")); 1753 KASSERT(SCTP_IS_TIMER_TYPE_VALID(tmr->type), 1754 ("sctp_timeout_handler: invalid timer type %d", tmr->type)); 1755 type = tmr->type; 1756 KASSERT(stcb == NULL || stcb->sctp_ep == inp, 1757 ("sctp_timeout_handler of type %d: inp = %p, stcb->sctp_ep %p", 1758 type, stcb, stcb->sctp_ep)); 1759 tmr->stopped_from = 0xa001; 1760 if ((stcb != NULL) && (stcb->asoc.state == SCTP_STATE_EMPTY)) { 1761 SCTPDBG(SCTP_DEBUG_TIMER2, 1762 "Timer type %d handler exiting due to CLOSED association.\n", 1763 type); 1764 goto out_decr; 1765 } 1766 tmr->stopped_from = 0xa002; 1767 SCTPDBG(SCTP_DEBUG_TIMER2, "Timer type %d goes off.\n", type); 1768 if (!SCTP_OS_TIMER_ACTIVE(&tmr->timer)) { 1769 SCTPDBG(SCTP_DEBUG_TIMER2, 1770 "Timer type %d handler exiting due to not being active.\n", 1771 type); 1772 goto out_decr; 1773 } 1774 1775 tmr->stopped_from = 0xa003; 1776 if (stcb) { 1777 SCTP_TCB_LOCK(stcb); 1778 /* 1779 * Release reference so that association can be freed if 1780 * necessary below. This is safe now that we have acquired 1781 * the lock. 1782 */ 1783 atomic_subtract_int(&stcb->asoc.refcnt, 1); 1784 released_asoc_reference = true; 1785 if ((type != SCTP_TIMER_TYPE_ASOCKILL) && 1786 ((stcb->asoc.state == SCTP_STATE_EMPTY) || 1787 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED))) { 1788 SCTPDBG(SCTP_DEBUG_TIMER2, 1789 "Timer type %d handler exiting due to CLOSED association.\n", 1790 type); 1791 goto out; 1792 } 1793 } else if (inp != NULL) { 1794 SCTP_INP_WLOCK(inp); 1795 } else { 1796 SCTP_WQ_ADDR_LOCK(); 1797 } 1798 1799 /* Record in stopped_from which timeout occurred. */ 1800 tmr->stopped_from = type; 1801 /* mark as being serviced now */ 1802 if (SCTP_OS_TIMER_PENDING(&tmr->timer)) { 1803 /* 1804 * Callout has been rescheduled. 1805 */ 1806 goto out; 1807 } 1808 if (!SCTP_OS_TIMER_ACTIVE(&tmr->timer)) { 1809 /* 1810 * Not active, so no action. 1811 */ 1812 goto out; 1813 } 1814 SCTP_OS_TIMER_DEACTIVATE(&tmr->timer); 1815 1816 /* call the handler for the appropriate timer type */ 1817 switch (type) { 1818 case SCTP_TIMER_TYPE_SEND: 1819 KASSERT(inp != NULL && stcb != NULL && net != NULL, 1820 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 1821 type, inp, stcb, net)); 1822 SCTP_STAT_INCR(sctps_timodata); 1823 stcb->asoc.timodata++; 1824 stcb->asoc.num_send_timers_up--; 1825 if (stcb->asoc.num_send_timers_up < 0) { 1826 stcb->asoc.num_send_timers_up = 0; 1827 } 1828 SCTP_TCB_LOCK_ASSERT(stcb); 1829 if (sctp_t3rxt_timer(inp, stcb, net)) { 1830 /* no need to unlock on tcb its gone */ 1831 1832 goto out_decr; 1833 } 1834 SCTP_TCB_LOCK_ASSERT(stcb); 1835 #ifdef SCTP_AUDITING_ENABLED 1836 sctp_auditing(4, inp, stcb, net); 1837 #endif 1838 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1839 did_output = true; 1840 if ((stcb->asoc.num_send_timers_up == 0) && 1841 (stcb->asoc.sent_queue_cnt > 0)) { 1842 struct sctp_tmit_chunk *chk; 1843 1844 /* 1845 * Safeguard. If there on some on the sent queue 1846 * somewhere but no timers running something is 1847 * wrong... so we start a timer on the first chunk 1848 * on the send queue on whatever net it is sent to. 1849 */ 1850 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 1851 if (chk->whoTo != NULL) { 1852 break; 1853 } 1854 } 1855 if (chk != NULL) { 1856 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, chk->whoTo); 1857 } 1858 } 1859 break; 1860 case SCTP_TIMER_TYPE_INIT: 1861 KASSERT(inp != NULL && stcb != NULL && net != NULL, 1862 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 1863 type, inp, stcb, net)); 1864 SCTP_STAT_INCR(sctps_timoinit); 1865 stcb->asoc.timoinit++; 1866 if (sctp_t1init_timer(inp, stcb, net)) { 1867 /* no need to unlock on tcb its gone */ 1868 goto out_decr; 1869 } 1870 did_output = false; 1871 break; 1872 case SCTP_TIMER_TYPE_RECV: 1873 KASSERT(inp != NULL && stcb != NULL && net == NULL, 1874 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 1875 type, inp, stcb, net)); 1876 SCTP_STAT_INCR(sctps_timosack); 1877 stcb->asoc.timosack++; 1878 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED); 1879 #ifdef SCTP_AUDITING_ENABLED 1880 sctp_auditing(4, inp, stcb, NULL); 1881 #endif 1882 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SACK_TMR, SCTP_SO_NOT_LOCKED); 1883 did_output = true; 1884 break; 1885 case SCTP_TIMER_TYPE_SHUTDOWN: 1886 KASSERT(inp != NULL && stcb != NULL && net != NULL, 1887 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 1888 type, inp, stcb, net)); 1889 SCTP_STAT_INCR(sctps_timoshutdown); 1890 stcb->asoc.timoshutdown++; 1891 if (sctp_shutdown_timer(inp, stcb, net)) { 1892 /* no need to unlock on tcb its gone */ 1893 goto out_decr; 1894 } 1895 #ifdef SCTP_AUDITING_ENABLED 1896 sctp_auditing(4, inp, stcb, net); 1897 #endif 1898 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_TMR, SCTP_SO_NOT_LOCKED); 1899 did_output = true; 1900 break; 1901 case SCTP_TIMER_TYPE_HEARTBEAT: 1902 KASSERT(inp != NULL && stcb != NULL && net != NULL, 1903 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 1904 type, inp, stcb, net)); 1905 SCTP_STAT_INCR(sctps_timoheartbeat); 1906 stcb->asoc.timoheartbeat++; 1907 if (sctp_heartbeat_timer(inp, stcb, net)) { 1908 /* no need to unlock on tcb its gone */ 1909 goto out_decr; 1910 } 1911 #ifdef SCTP_AUDITING_ENABLED 1912 sctp_auditing(4, inp, stcb, net); 1913 #endif 1914 if (!(net->dest_state & SCTP_ADDR_NOHB)) { 1915 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net); 1916 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_HB_TMR, SCTP_SO_NOT_LOCKED); 1917 did_output = true; 1918 } else { 1919 did_output = false; 1920 } 1921 break; 1922 case SCTP_TIMER_TYPE_COOKIE: 1923 KASSERT(inp != NULL && stcb != NULL && net != NULL, 1924 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 1925 type, inp, stcb, net)); 1926 SCTP_STAT_INCR(sctps_timocookie); 1927 stcb->asoc.timocookie++; 1928 if (sctp_cookie_timer(inp, stcb, net)) { 1929 /* no need to unlock on tcb its gone */ 1930 goto out_decr; 1931 } 1932 #ifdef SCTP_AUDITING_ENABLED 1933 sctp_auditing(4, inp, stcb, net); 1934 #endif 1935 /* 1936 * We consider T3 and Cookie timer pretty much the same with 1937 * respect to where from in chunk_output. 1938 */ 1939 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1940 did_output = true; 1941 break; 1942 case SCTP_TIMER_TYPE_NEWCOOKIE: 1943 KASSERT(inp != NULL && stcb == NULL && net == NULL, 1944 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 1945 type, inp, stcb, net)); 1946 SCTP_STAT_INCR(sctps_timosecret); 1947 (void)SCTP_GETTIME_TIMEVAL(&tv); 1948 inp->sctp_ep.time_of_secret_change = (unsigned int)tv.tv_sec; 1949 inp->sctp_ep.last_secret_number = 1950 inp->sctp_ep.current_secret_number; 1951 inp->sctp_ep.current_secret_number++; 1952 if (inp->sctp_ep.current_secret_number >= 1953 SCTP_HOW_MANY_SECRETS) { 1954 inp->sctp_ep.current_secret_number = 0; 1955 } 1956 secret = (int)inp->sctp_ep.current_secret_number; 1957 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) { 1958 inp->sctp_ep.secret_key[secret][i] = 1959 sctp_select_initial_TSN(&inp->sctp_ep); 1960 } 1961 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL); 1962 did_output = false; 1963 break; 1964 case SCTP_TIMER_TYPE_PATHMTURAISE: 1965 KASSERT(inp != NULL && stcb != NULL && net != NULL, 1966 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 1967 type, inp, stcb, net)); 1968 SCTP_STAT_INCR(sctps_timopathmtu); 1969 sctp_pathmtu_timer(inp, stcb, net); 1970 did_output = false; 1971 break; 1972 case SCTP_TIMER_TYPE_SHUTDOWNACK: 1973 KASSERT(inp != NULL && stcb != NULL && net != NULL, 1974 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 1975 type, inp, stcb, net)); 1976 if (sctp_shutdownack_timer(inp, stcb, net)) { 1977 /* no need to unlock on tcb its gone */ 1978 goto out_decr; 1979 } 1980 SCTP_STAT_INCR(sctps_timoshutdownack); 1981 stcb->asoc.timoshutdownack++; 1982 #ifdef SCTP_AUDITING_ENABLED 1983 sctp_auditing(4, inp, stcb, net); 1984 #endif 1985 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_ACK_TMR, SCTP_SO_NOT_LOCKED); 1986 did_output = true; 1987 break; 1988 case SCTP_TIMER_TYPE_ASCONF: 1989 KASSERT(inp != NULL && stcb != NULL && net != NULL, 1990 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 1991 type, inp, stcb, net)); 1992 SCTP_STAT_INCR(sctps_timoasconf); 1993 if (sctp_asconf_timer(inp, stcb, net)) { 1994 /* no need to unlock on tcb its gone */ 1995 goto out_decr; 1996 } 1997 #ifdef SCTP_AUDITING_ENABLED 1998 sctp_auditing(4, inp, stcb, net); 1999 #endif 2000 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_ASCONF_TMR, SCTP_SO_NOT_LOCKED); 2001 did_output = true; 2002 break; 2003 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 2004 KASSERT(inp != NULL && stcb != NULL && net == NULL, 2005 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 2006 type, inp, stcb, net)); 2007 SCTP_STAT_INCR(sctps_timoshutdownguard); 2008 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), 2009 "Shutdown guard timer expired"); 2010 sctp_abort_an_association(inp, stcb, op_err, true, SCTP_SO_NOT_LOCKED); 2011 /* no need to unlock on tcb its gone */ 2012 goto out_decr; 2013 case SCTP_TIMER_TYPE_AUTOCLOSE: 2014 KASSERT(inp != NULL && stcb != NULL && net == NULL, 2015 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 2016 type, inp, stcb, net)); 2017 SCTP_STAT_INCR(sctps_timoautoclose); 2018 sctp_autoclose_timer(inp, stcb); 2019 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR, SCTP_SO_NOT_LOCKED); 2020 did_output = true; 2021 break; 2022 case SCTP_TIMER_TYPE_STRRESET: 2023 KASSERT(inp != NULL && stcb != NULL && net == NULL, 2024 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 2025 type, inp, stcb, net)); 2026 SCTP_STAT_INCR(sctps_timostrmrst); 2027 if (sctp_strreset_timer(inp, stcb)) { 2028 /* no need to unlock on tcb its gone */ 2029 goto out_decr; 2030 } 2031 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_STRRST_TMR, SCTP_SO_NOT_LOCKED); 2032 did_output = true; 2033 break; 2034 case SCTP_TIMER_TYPE_INPKILL: 2035 KASSERT(inp != NULL && stcb == NULL && net == NULL, 2036 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 2037 type, inp, stcb, net)); 2038 SCTP_STAT_INCR(sctps_timoinpkill); 2039 /* 2040 * special case, take away our increment since WE are the 2041 * killer 2042 */ 2043 sctp_timer_stop(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL, 2044 SCTP_FROM_SCTPUTIL + SCTP_LOC_3); 2045 SCTP_INP_DECR_REF(inp); 2046 SCTP_INP_WUNLOCK(inp); 2047 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 2048 SCTP_CALLED_FROM_INPKILL_TIMER); 2049 inp = NULL; 2050 goto out_decr; 2051 case SCTP_TIMER_TYPE_ASOCKILL: 2052 KASSERT(inp != NULL && stcb != NULL && net == NULL, 2053 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 2054 type, inp, stcb, net)); 2055 SCTP_STAT_INCR(sctps_timoassockill); 2056 /* Can we free it yet? */ 2057 sctp_timer_stop(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL, 2058 SCTP_FROM_SCTPUTIL + SCTP_LOC_1); 2059 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 2060 SCTP_FROM_SCTPUTIL + SCTP_LOC_2); 2061 /* 2062 * free asoc, always unlocks (or destroy's) so prevent 2063 * duplicate unlock or unlock of a free mtx :-0 2064 */ 2065 stcb = NULL; 2066 goto out_decr; 2067 case SCTP_TIMER_TYPE_ADDR_WQ: 2068 KASSERT(inp == NULL && stcb == NULL && net == NULL, 2069 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 2070 type, inp, stcb, net)); 2071 sctp_handle_addr_wq(); 2072 did_output = true; 2073 break; 2074 case SCTP_TIMER_TYPE_PRIM_DELETED: 2075 KASSERT(inp != NULL && stcb != NULL && net == NULL, 2076 ("timeout of type %d: inp = %p, stcb = %p, net = %p", 2077 type, inp, stcb, net)); 2078 SCTP_STAT_INCR(sctps_timodelprim); 2079 sctp_delete_prim_timer(inp, stcb); 2080 did_output = false; 2081 break; 2082 default: 2083 #ifdef INVARIANTS 2084 panic("Unknown timer type %d", type); 2085 #else 2086 goto out; 2087 #endif 2088 } 2089 #ifdef SCTP_AUDITING_ENABLED 2090 sctp_audit_log(0xF1, (uint8_t)type); 2091 if (inp != NULL) 2092 sctp_auditing(5, inp, stcb, net); 2093 #endif 2094 if (did_output && (stcb != NULL)) { 2095 /* 2096 * Now we need to clean up the control chunk chain if an 2097 * ECNE is on it. It must be marked as UNSENT again so next 2098 * call will continue to send it until such time that we get 2099 * a CWR, to remove it. It is, however, less likely that we 2100 * will find a ecn echo on the chain though. 2101 */ 2102 sctp_fix_ecn_echo(&stcb->asoc); 2103 } 2104 out: 2105 if (stcb != NULL) { 2106 SCTP_TCB_UNLOCK(stcb); 2107 } else if (inp != NULL) { 2108 SCTP_INP_WUNLOCK(inp); 2109 } else { 2110 SCTP_WQ_ADDR_UNLOCK(); 2111 } 2112 2113 out_decr: 2114 /* These reference counts were incremented in sctp_timer_start(). */ 2115 if (inp != NULL) { 2116 SCTP_INP_DECR_REF(inp); 2117 } 2118 if ((stcb != NULL) && !released_asoc_reference) { 2119 atomic_subtract_int(&stcb->asoc.refcnt, 1); 2120 } 2121 if (net != NULL) { 2122 sctp_free_remote_addr(net); 2123 } 2124 SCTPDBG(SCTP_DEBUG_TIMER2, "Timer type %d handler finished.\n", type); 2125 CURVNET_RESTORE(); 2126 NET_EPOCH_EXIT(et); 2127 } 2128 2129 /*- 2130 * The following table shows which parameters must be provided 2131 * when calling sctp_timer_start(). For parameters not being 2132 * provided, NULL must be used. 2133 * 2134 * |Name |inp |stcb|net | 2135 * |-----------------------------|----|----|----| 2136 * |SCTP_TIMER_TYPE_SEND |Yes |Yes |Yes | 2137 * |SCTP_TIMER_TYPE_INIT |Yes |Yes |Yes | 2138 * |SCTP_TIMER_TYPE_RECV |Yes |Yes |No | 2139 * |SCTP_TIMER_TYPE_SHUTDOWN |Yes |Yes |Yes | 2140 * |SCTP_TIMER_TYPE_HEARTBEAT |Yes |Yes |Yes | 2141 * |SCTP_TIMER_TYPE_COOKIE |Yes |Yes |Yes | 2142 * |SCTP_TIMER_TYPE_NEWCOOKIE |Yes |No |No | 2143 * |SCTP_TIMER_TYPE_PATHMTURAISE |Yes |Yes |Yes | 2144 * |SCTP_TIMER_TYPE_SHUTDOWNACK |Yes |Yes |Yes | 2145 * |SCTP_TIMER_TYPE_ASCONF |Yes |Yes |Yes | 2146 * |SCTP_TIMER_TYPE_SHUTDOWNGUARD|Yes |Yes |No | 2147 * |SCTP_TIMER_TYPE_AUTOCLOSE |Yes |Yes |No | 2148 * |SCTP_TIMER_TYPE_STRRESET |Yes |Yes |Yes | 2149 * |SCTP_TIMER_TYPE_INPKILL |Yes |No |No | 2150 * |SCTP_TIMER_TYPE_ASOCKILL |Yes |Yes |No | 2151 * |SCTP_TIMER_TYPE_ADDR_WQ |No |No |No | 2152 * |SCTP_TIMER_TYPE_PRIM_DELETED |Yes |Yes |No | 2153 * 2154 */ 2155 2156 void 2157 sctp_timer_start(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 2158 struct sctp_nets *net) 2159 { 2160 struct sctp_timer *tmr; 2161 uint32_t to_ticks; 2162 uint32_t rndval, jitter; 2163 2164 KASSERT(stcb == NULL || stcb->sctp_ep == inp, 2165 ("sctp_timer_start of type %d: inp = %p, stcb->sctp_ep %p", 2166 t_type, stcb, stcb->sctp_ep)); 2167 tmr = NULL; 2168 if (stcb != NULL) { 2169 SCTP_TCB_LOCK_ASSERT(stcb); 2170 } else if (inp != NULL) { 2171 SCTP_INP_WLOCK_ASSERT(inp); 2172 } else { 2173 SCTP_WQ_ADDR_LOCK_ASSERT(); 2174 } 2175 if (stcb != NULL) { 2176 /* 2177 * Don't restart timer on association that's about to be 2178 * killed. 2179 */ 2180 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) && 2181 (t_type != SCTP_TIMER_TYPE_ASOCKILL)) { 2182 SCTPDBG(SCTP_DEBUG_TIMER2, 2183 "Timer type %d not started: inp=%p, stcb=%p, net=%p (stcb deleted).\n", 2184 t_type, inp, stcb, net); 2185 return; 2186 } 2187 /* Don't restart timer on net that's been removed. */ 2188 if (net != NULL && (net->dest_state & SCTP_ADDR_BEING_DELETED)) { 2189 SCTPDBG(SCTP_DEBUG_TIMER2, 2190 "Timer type %d not started: inp=%p, stcb=%p, net=%p (net deleted).\n", 2191 t_type, inp, stcb, net); 2192 return; 2193 } 2194 } 2195 switch (t_type) { 2196 case SCTP_TIMER_TYPE_SEND: 2197 /* Here we use the RTO timer. */ 2198 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2199 #ifdef INVARIANTS 2200 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2201 t_type, inp, stcb, net); 2202 #else 2203 return; 2204 #endif 2205 } 2206 tmr = &net->rxt_timer; 2207 if (net->RTO == 0) { 2208 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto); 2209 } else { 2210 to_ticks = sctp_msecs_to_ticks(net->RTO); 2211 } 2212 break; 2213 case SCTP_TIMER_TYPE_INIT: 2214 /* 2215 * Here we use the INIT timer default usually about 1 2216 * second. 2217 */ 2218 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2219 #ifdef INVARIANTS 2220 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2221 t_type, inp, stcb, net); 2222 #else 2223 return; 2224 #endif 2225 } 2226 tmr = &net->rxt_timer; 2227 if (net->RTO == 0) { 2228 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto); 2229 } else { 2230 to_ticks = sctp_msecs_to_ticks(net->RTO); 2231 } 2232 break; 2233 case SCTP_TIMER_TYPE_RECV: 2234 /* 2235 * Here we use the Delayed-Ack timer value from the inp, 2236 * ususually about 200ms. 2237 */ 2238 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) { 2239 #ifdef INVARIANTS 2240 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2241 t_type, inp, stcb, net); 2242 #else 2243 return; 2244 #endif 2245 } 2246 tmr = &stcb->asoc.dack_timer; 2247 to_ticks = sctp_msecs_to_ticks(stcb->asoc.delayed_ack); 2248 break; 2249 case SCTP_TIMER_TYPE_SHUTDOWN: 2250 /* Here we use the RTO of the destination. */ 2251 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2252 #ifdef INVARIANTS 2253 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2254 t_type, inp, stcb, net); 2255 #else 2256 return; 2257 #endif 2258 } 2259 tmr = &net->rxt_timer; 2260 if (net->RTO == 0) { 2261 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto); 2262 } else { 2263 to_ticks = sctp_msecs_to_ticks(net->RTO); 2264 } 2265 break; 2266 case SCTP_TIMER_TYPE_HEARTBEAT: 2267 /* 2268 * The net is used here so that we can add in the RTO. Even 2269 * though we use a different timer. We also add the HB timer 2270 * PLUS a random jitter. 2271 */ 2272 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2273 #ifdef INVARIANTS 2274 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2275 t_type, inp, stcb, net); 2276 #else 2277 return; 2278 #endif 2279 } 2280 if ((net->dest_state & SCTP_ADDR_NOHB) && 2281 !(net->dest_state & SCTP_ADDR_UNCONFIRMED)) { 2282 SCTPDBG(SCTP_DEBUG_TIMER2, 2283 "Timer type %d not started: inp=%p, stcb=%p, net=%p.\n", 2284 t_type, inp, stcb, net); 2285 return; 2286 } 2287 tmr = &net->hb_timer; 2288 if (net->RTO == 0) { 2289 to_ticks = stcb->asoc.initial_rto; 2290 } else { 2291 to_ticks = net->RTO; 2292 } 2293 rndval = sctp_select_initial_TSN(&inp->sctp_ep); 2294 jitter = rndval % to_ticks; 2295 if (to_ticks > 1) { 2296 to_ticks >>= 1; 2297 } 2298 if (jitter < (UINT32_MAX - to_ticks)) { 2299 to_ticks += jitter; 2300 } else { 2301 to_ticks = UINT32_MAX; 2302 } 2303 if (!(net->dest_state & SCTP_ADDR_UNCONFIRMED) && 2304 !(net->dest_state & SCTP_ADDR_PF)) { 2305 if (net->heart_beat_delay < (UINT32_MAX - to_ticks)) { 2306 to_ticks += net->heart_beat_delay; 2307 } else { 2308 to_ticks = UINT32_MAX; 2309 } 2310 } 2311 /* 2312 * Now we must convert the to_ticks that are now in ms to 2313 * ticks. 2314 */ 2315 to_ticks = sctp_msecs_to_ticks(to_ticks); 2316 break; 2317 case SCTP_TIMER_TYPE_COOKIE: 2318 /* 2319 * Here we can use the RTO timer from the network since one 2320 * RTT was complete. If a retransmission happened then we 2321 * will be using the RTO initial value. 2322 */ 2323 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2324 #ifdef INVARIANTS 2325 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2326 t_type, inp, stcb, net); 2327 #else 2328 return; 2329 #endif 2330 } 2331 tmr = &net->rxt_timer; 2332 if (net->RTO == 0) { 2333 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto); 2334 } else { 2335 to_ticks = sctp_msecs_to_ticks(net->RTO); 2336 } 2337 break; 2338 case SCTP_TIMER_TYPE_NEWCOOKIE: 2339 /* 2340 * Nothing needed but the endpoint here ususually about 60 2341 * minutes. 2342 */ 2343 if ((inp == NULL) || (stcb != NULL) || (net != NULL)) { 2344 #ifdef INVARIANTS 2345 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2346 t_type, inp, stcb, net); 2347 #else 2348 return; 2349 #endif 2350 } 2351 tmr = &inp->sctp_ep.signature_change; 2352 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_SIGNATURE]; 2353 break; 2354 case SCTP_TIMER_TYPE_PATHMTURAISE: 2355 /* 2356 * Here we use the value found in the EP for PMTUD, 2357 * ususually about 10 minutes. 2358 */ 2359 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2360 #ifdef INVARIANTS 2361 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2362 t_type, inp, stcb, net); 2363 #else 2364 return; 2365 #endif 2366 } 2367 if (net->dest_state & SCTP_ADDR_NO_PMTUD) { 2368 SCTPDBG(SCTP_DEBUG_TIMER2, 2369 "Timer type %d not started: inp=%p, stcb=%p, net=%p.\n", 2370 t_type, inp, stcb, net); 2371 return; 2372 } 2373 tmr = &net->pmtu_timer; 2374 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_PMTU]; 2375 break; 2376 case SCTP_TIMER_TYPE_SHUTDOWNACK: 2377 /* Here we use the RTO of the destination. */ 2378 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2379 #ifdef INVARIANTS 2380 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2381 t_type, inp, stcb, net); 2382 #else 2383 return; 2384 #endif 2385 } 2386 tmr = &net->rxt_timer; 2387 if (net->RTO == 0) { 2388 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto); 2389 } else { 2390 to_ticks = sctp_msecs_to_ticks(net->RTO); 2391 } 2392 break; 2393 case SCTP_TIMER_TYPE_ASCONF: 2394 /* 2395 * Here the timer comes from the stcb but its value is from 2396 * the net's RTO. 2397 */ 2398 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2399 #ifdef INVARIANTS 2400 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2401 t_type, inp, stcb, net); 2402 #else 2403 return; 2404 #endif 2405 } 2406 tmr = &stcb->asoc.asconf_timer; 2407 if (net->RTO == 0) { 2408 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto); 2409 } else { 2410 to_ticks = sctp_msecs_to_ticks(net->RTO); 2411 } 2412 break; 2413 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 2414 /* 2415 * Here we use the endpoints shutdown guard timer usually 2416 * about 3 minutes. 2417 */ 2418 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) { 2419 #ifdef INVARIANTS 2420 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2421 t_type, inp, stcb, net); 2422 #else 2423 return; 2424 #endif 2425 } 2426 tmr = &stcb->asoc.shut_guard_timer; 2427 if (inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN] == 0) { 2428 if (stcb->asoc.maxrto < UINT32_MAX / 5) { 2429 to_ticks = sctp_msecs_to_ticks(5 * stcb->asoc.maxrto); 2430 } else { 2431 to_ticks = sctp_msecs_to_ticks(UINT32_MAX); 2432 } 2433 } else { 2434 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN]; 2435 } 2436 break; 2437 case SCTP_TIMER_TYPE_AUTOCLOSE: 2438 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) { 2439 #ifdef INVARIANTS 2440 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2441 t_type, inp, stcb, net); 2442 #else 2443 return; 2444 #endif 2445 } 2446 tmr = &stcb->asoc.autoclose_timer; 2447 to_ticks = stcb->asoc.sctp_autoclose_ticks; 2448 break; 2449 case SCTP_TIMER_TYPE_STRRESET: 2450 /* 2451 * Here the timer comes from the stcb but its value is from 2452 * the net's RTO. 2453 */ 2454 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2455 #ifdef INVARIANTS 2456 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2457 t_type, inp, stcb, net); 2458 #else 2459 return; 2460 #endif 2461 } 2462 tmr = &stcb->asoc.strreset_timer; 2463 if (net->RTO == 0) { 2464 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto); 2465 } else { 2466 to_ticks = sctp_msecs_to_ticks(net->RTO); 2467 } 2468 break; 2469 case SCTP_TIMER_TYPE_INPKILL: 2470 /* 2471 * The inp is setup to die. We re-use the signature_chage 2472 * timer since that has stopped and we are in the GONE 2473 * state. 2474 */ 2475 if ((inp == NULL) || (stcb != NULL) || (net != NULL)) { 2476 #ifdef INVARIANTS 2477 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2478 t_type, inp, stcb, net); 2479 #else 2480 return; 2481 #endif 2482 } 2483 tmr = &inp->sctp_ep.signature_change; 2484 to_ticks = sctp_msecs_to_ticks(SCTP_INP_KILL_TIMEOUT); 2485 break; 2486 case SCTP_TIMER_TYPE_ASOCKILL: 2487 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) { 2488 #ifdef INVARIANTS 2489 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2490 t_type, inp, stcb, net); 2491 #else 2492 return; 2493 #endif 2494 } 2495 tmr = &stcb->asoc.strreset_timer; 2496 to_ticks = sctp_msecs_to_ticks(SCTP_ASOC_KILL_TIMEOUT); 2497 break; 2498 case SCTP_TIMER_TYPE_ADDR_WQ: 2499 if ((inp != NULL) || (stcb != NULL) || (net != NULL)) { 2500 #ifdef INVARIANTS 2501 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2502 t_type, inp, stcb, net); 2503 #else 2504 return; 2505 #endif 2506 } 2507 /* Only 1 tick away :-) */ 2508 tmr = &SCTP_BASE_INFO(addr_wq_timer); 2509 to_ticks = SCTP_ADDRESS_TICK_DELAY; 2510 break; 2511 case SCTP_TIMER_TYPE_PRIM_DELETED: 2512 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) { 2513 #ifdef INVARIANTS 2514 panic("sctp_timer_start of type %d: inp = %p, stcb = %p, net = %p", 2515 t_type, inp, stcb, net); 2516 #else 2517 return; 2518 #endif 2519 } 2520 tmr = &stcb->asoc.delete_prim_timer; 2521 to_ticks = sctp_msecs_to_ticks(stcb->asoc.initial_rto); 2522 break; 2523 default: 2524 #ifdef INVARIANTS 2525 panic("Unknown timer type %d", t_type); 2526 #else 2527 return; 2528 #endif 2529 } 2530 KASSERT(tmr != NULL, ("tmr is NULL for timer type %d", t_type)); 2531 KASSERT(to_ticks > 0, ("to_ticks == 0 for timer type %d", t_type)); 2532 if (SCTP_OS_TIMER_PENDING(&tmr->timer)) { 2533 /* 2534 * We do NOT allow you to have it already running. If it is, 2535 * we leave the current one up unchanged. 2536 */ 2537 SCTPDBG(SCTP_DEBUG_TIMER2, 2538 "Timer type %d already running: inp=%p, stcb=%p, net=%p.\n", 2539 t_type, inp, stcb, net); 2540 return; 2541 } 2542 /* At this point we can proceed. */ 2543 if (t_type == SCTP_TIMER_TYPE_SEND) { 2544 stcb->asoc.num_send_timers_up++; 2545 } 2546 tmr->stopped_from = 0; 2547 tmr->type = t_type; 2548 tmr->ep = (void *)inp; 2549 tmr->tcb = (void *)stcb; 2550 if (t_type == SCTP_TIMER_TYPE_STRRESET) { 2551 tmr->net = NULL; 2552 } else { 2553 tmr->net = (void *)net; 2554 } 2555 tmr->self = (void *)tmr; 2556 tmr->vnet = (void *)curvnet; 2557 tmr->ticks = sctp_get_tick_count(); 2558 if (SCTP_OS_TIMER_START(&tmr->timer, to_ticks, sctp_timeout_handler, tmr) == 0) { 2559 SCTPDBG(SCTP_DEBUG_TIMER2, 2560 "Timer type %d started: ticks=%u, inp=%p, stcb=%p, net=%p.\n", 2561 t_type, to_ticks, inp, stcb, net); 2562 /* 2563 * If this is a newly scheduled callout, as opposed to a 2564 * rescheduled one, increment relevant reference counts. 2565 */ 2566 if (tmr->ep != NULL) { 2567 SCTP_INP_INCR_REF(inp); 2568 } 2569 if (tmr->tcb != NULL) { 2570 atomic_add_int(&stcb->asoc.refcnt, 1); 2571 } 2572 if (tmr->net != NULL) { 2573 atomic_add_int(&net->ref_count, 1); 2574 } 2575 } else { 2576 /* 2577 * This should not happen, since we checked for pending 2578 * above. 2579 */ 2580 SCTPDBG(SCTP_DEBUG_TIMER2, 2581 "Timer type %d restarted: ticks=%u, inp=%p, stcb=%p, net=%p.\n", 2582 t_type, to_ticks, inp, stcb, net); 2583 } 2584 return; 2585 } 2586 2587 /*- 2588 * The following table shows which parameters must be provided 2589 * when calling sctp_timer_stop(). For parameters not being 2590 * provided, NULL must be used. 2591 * 2592 * |Name |inp |stcb|net | 2593 * |-----------------------------|----|----|----| 2594 * |SCTP_TIMER_TYPE_SEND |Yes |Yes |Yes | 2595 * |SCTP_TIMER_TYPE_INIT |Yes |Yes |Yes | 2596 * |SCTP_TIMER_TYPE_RECV |Yes |Yes |No | 2597 * |SCTP_TIMER_TYPE_SHUTDOWN |Yes |Yes |Yes | 2598 * |SCTP_TIMER_TYPE_HEARTBEAT |Yes |Yes |Yes | 2599 * |SCTP_TIMER_TYPE_COOKIE |Yes |Yes |Yes | 2600 * |SCTP_TIMER_TYPE_NEWCOOKIE |Yes |No |No | 2601 * |SCTP_TIMER_TYPE_PATHMTURAISE |Yes |Yes |Yes | 2602 * |SCTP_TIMER_TYPE_SHUTDOWNACK |Yes |Yes |Yes | 2603 * |SCTP_TIMER_TYPE_ASCONF |Yes |Yes |No | 2604 * |SCTP_TIMER_TYPE_SHUTDOWNGUARD|Yes |Yes |No | 2605 * |SCTP_TIMER_TYPE_AUTOCLOSE |Yes |Yes |No | 2606 * |SCTP_TIMER_TYPE_STRRESET |Yes |Yes |No | 2607 * |SCTP_TIMER_TYPE_INPKILL |Yes |No |No | 2608 * |SCTP_TIMER_TYPE_ASOCKILL |Yes |Yes |No | 2609 * |SCTP_TIMER_TYPE_ADDR_WQ |No |No |No | 2610 * |SCTP_TIMER_TYPE_PRIM_DELETED |Yes |Yes |No | 2611 * 2612 */ 2613 2614 void 2615 sctp_timer_stop(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 2616 struct sctp_nets *net, uint32_t from) 2617 { 2618 struct sctp_timer *tmr; 2619 2620 KASSERT(stcb == NULL || stcb->sctp_ep == inp, 2621 ("sctp_timer_stop of type %d: inp = %p, stcb->sctp_ep %p", 2622 t_type, stcb, stcb->sctp_ep)); 2623 if (stcb != NULL) { 2624 SCTP_TCB_LOCK_ASSERT(stcb); 2625 } else if (inp != NULL) { 2626 SCTP_INP_WLOCK_ASSERT(inp); 2627 } else { 2628 SCTP_WQ_ADDR_LOCK_ASSERT(); 2629 } 2630 tmr = NULL; 2631 switch (t_type) { 2632 case SCTP_TIMER_TYPE_SEND: 2633 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2634 #ifdef INVARIANTS 2635 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2636 t_type, inp, stcb, net); 2637 #else 2638 return; 2639 #endif 2640 } 2641 tmr = &net->rxt_timer; 2642 break; 2643 case SCTP_TIMER_TYPE_INIT: 2644 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2645 #ifdef INVARIANTS 2646 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2647 t_type, inp, stcb, net); 2648 #else 2649 return; 2650 #endif 2651 } 2652 tmr = &net->rxt_timer; 2653 break; 2654 case SCTP_TIMER_TYPE_RECV: 2655 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) { 2656 #ifdef INVARIANTS 2657 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2658 t_type, inp, stcb, net); 2659 #else 2660 return; 2661 #endif 2662 } 2663 tmr = &stcb->asoc.dack_timer; 2664 break; 2665 case SCTP_TIMER_TYPE_SHUTDOWN: 2666 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2667 #ifdef INVARIANTS 2668 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2669 t_type, inp, stcb, net); 2670 #else 2671 return; 2672 #endif 2673 } 2674 tmr = &net->rxt_timer; 2675 break; 2676 case SCTP_TIMER_TYPE_HEARTBEAT: 2677 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2678 #ifdef INVARIANTS 2679 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2680 t_type, inp, stcb, net); 2681 #else 2682 return; 2683 #endif 2684 } 2685 tmr = &net->hb_timer; 2686 break; 2687 case SCTP_TIMER_TYPE_COOKIE: 2688 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2689 #ifdef INVARIANTS 2690 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2691 t_type, inp, stcb, net); 2692 #else 2693 return; 2694 #endif 2695 } 2696 tmr = &net->rxt_timer; 2697 break; 2698 case SCTP_TIMER_TYPE_NEWCOOKIE: 2699 if ((inp == NULL) || (stcb != NULL) || (net != NULL)) { 2700 #ifdef INVARIANTS 2701 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2702 t_type, inp, stcb, net); 2703 #else 2704 return; 2705 #endif 2706 } 2707 tmr = &inp->sctp_ep.signature_change; 2708 break; 2709 case SCTP_TIMER_TYPE_PATHMTURAISE: 2710 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2711 #ifdef INVARIANTS 2712 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2713 t_type, inp, stcb, net); 2714 #else 2715 return; 2716 #endif 2717 } 2718 tmr = &net->pmtu_timer; 2719 break; 2720 case SCTP_TIMER_TYPE_SHUTDOWNACK: 2721 if ((inp == NULL) || (stcb == NULL) || (net == NULL)) { 2722 #ifdef INVARIANTS 2723 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2724 t_type, inp, stcb, net); 2725 #else 2726 return; 2727 #endif 2728 } 2729 tmr = &net->rxt_timer; 2730 break; 2731 case SCTP_TIMER_TYPE_ASCONF: 2732 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) { 2733 #ifdef INVARIANTS 2734 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2735 t_type, inp, stcb, net); 2736 #else 2737 return; 2738 #endif 2739 } 2740 tmr = &stcb->asoc.asconf_timer; 2741 break; 2742 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 2743 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) { 2744 #ifdef INVARIANTS 2745 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2746 t_type, inp, stcb, net); 2747 #else 2748 return; 2749 #endif 2750 } 2751 tmr = &stcb->asoc.shut_guard_timer; 2752 break; 2753 case SCTP_TIMER_TYPE_AUTOCLOSE: 2754 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) { 2755 #ifdef INVARIANTS 2756 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2757 t_type, inp, stcb, net); 2758 #else 2759 return; 2760 #endif 2761 } 2762 tmr = &stcb->asoc.autoclose_timer; 2763 break; 2764 case SCTP_TIMER_TYPE_STRRESET: 2765 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) { 2766 #ifdef INVARIANTS 2767 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2768 t_type, inp, stcb, net); 2769 #else 2770 return; 2771 #endif 2772 } 2773 tmr = &stcb->asoc.strreset_timer; 2774 break; 2775 case SCTP_TIMER_TYPE_INPKILL: 2776 /* 2777 * The inp is setup to die. We re-use the signature_chage 2778 * timer since that has stopped and we are in the GONE 2779 * state. 2780 */ 2781 if ((inp == NULL) || (stcb != NULL) || (net != NULL)) { 2782 #ifdef INVARIANTS 2783 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2784 t_type, inp, stcb, net); 2785 #else 2786 return; 2787 #endif 2788 } 2789 tmr = &inp->sctp_ep.signature_change; 2790 break; 2791 case SCTP_TIMER_TYPE_ASOCKILL: 2792 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) { 2793 #ifdef INVARIANTS 2794 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2795 t_type, inp, stcb, net); 2796 #else 2797 return; 2798 #endif 2799 } 2800 tmr = &stcb->asoc.strreset_timer; 2801 break; 2802 case SCTP_TIMER_TYPE_ADDR_WQ: 2803 if ((inp != NULL) || (stcb != NULL) || (net != NULL)) { 2804 #ifdef INVARIANTS 2805 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2806 t_type, inp, stcb, net); 2807 #else 2808 return; 2809 #endif 2810 } 2811 tmr = &SCTP_BASE_INFO(addr_wq_timer); 2812 break; 2813 case SCTP_TIMER_TYPE_PRIM_DELETED: 2814 if ((inp == NULL) || (stcb == NULL) || (net != NULL)) { 2815 #ifdef INVARIANTS 2816 panic("sctp_timer_stop of type %d: inp = %p, stcb = %p, net = %p", 2817 t_type, inp, stcb, net); 2818 #else 2819 return; 2820 #endif 2821 } 2822 tmr = &stcb->asoc.delete_prim_timer; 2823 break; 2824 default: 2825 #ifdef INVARIANTS 2826 panic("Unknown timer type %d", t_type); 2827 #else 2828 return; 2829 #endif 2830 } 2831 KASSERT(tmr != NULL, ("tmr is NULL for timer type %d", t_type)); 2832 if ((tmr->type != SCTP_TIMER_TYPE_NONE) && 2833 (tmr->type != t_type)) { 2834 /* 2835 * Ok we have a timer that is under joint use. Cookie timer 2836 * per chance with the SEND timer. We therefore are NOT 2837 * running the timer that the caller wants stopped. So just 2838 * return. 2839 */ 2840 SCTPDBG(SCTP_DEBUG_TIMER2, 2841 "Shared timer type %d not running: inp=%p, stcb=%p, net=%p.\n", 2842 t_type, inp, stcb, net); 2843 return; 2844 } 2845 if ((t_type == SCTP_TIMER_TYPE_SEND) && (stcb != NULL)) { 2846 stcb->asoc.num_send_timers_up--; 2847 if (stcb->asoc.num_send_timers_up < 0) { 2848 stcb->asoc.num_send_timers_up = 0; 2849 } 2850 } 2851 tmr->self = NULL; 2852 tmr->stopped_from = from; 2853 if (SCTP_OS_TIMER_STOP(&tmr->timer) == 1) { 2854 KASSERT(tmr->ep == inp, 2855 ("sctp_timer_stop of type %d: inp = %p, tmr->inp = %p", 2856 t_type, inp, tmr->ep)); 2857 KASSERT(tmr->tcb == stcb, 2858 ("sctp_timer_stop of type %d: stcb = %p, tmr->stcb = %p", 2859 t_type, stcb, tmr->tcb)); 2860 KASSERT(((t_type == SCTP_TIMER_TYPE_ASCONF) && (tmr->net != NULL)) || 2861 ((t_type != SCTP_TIMER_TYPE_ASCONF) && (tmr->net == net)), 2862 ("sctp_timer_stop of type %d: net = %p, tmr->net = %p", 2863 t_type, net, tmr->net)); 2864 SCTPDBG(SCTP_DEBUG_TIMER2, 2865 "Timer type %d stopped: inp=%p, stcb=%p, net=%p.\n", 2866 t_type, inp, stcb, net); 2867 /* 2868 * If the timer was actually stopped, decrement reference 2869 * counts that were incremented in sctp_timer_start(). 2870 */ 2871 if (tmr->ep != NULL) { 2872 SCTP_INP_DECR_REF(inp); 2873 tmr->ep = NULL; 2874 } 2875 if (tmr->tcb != NULL) { 2876 atomic_subtract_int(&stcb->asoc.refcnt, 1); 2877 tmr->tcb = NULL; 2878 } 2879 if (tmr->net != NULL) { 2880 /* 2881 * Can't use net, since it doesn't work for 2882 * SCTP_TIMER_TYPE_ASCONF. 2883 */ 2884 sctp_free_remote_addr((struct sctp_nets *)tmr->net); 2885 tmr->net = NULL; 2886 } 2887 } else { 2888 SCTPDBG(SCTP_DEBUG_TIMER2, 2889 "Timer type %d not stopped: inp=%p, stcb=%p, net=%p.\n", 2890 t_type, inp, stcb, net); 2891 } 2892 return; 2893 } 2894 2895 uint32_t 2896 sctp_calculate_len(struct mbuf *m) 2897 { 2898 uint32_t tlen = 0; 2899 struct mbuf *at; 2900 2901 at = m; 2902 while (at) { 2903 tlen += SCTP_BUF_LEN(at); 2904 at = SCTP_BUF_NEXT(at); 2905 } 2906 return (tlen); 2907 } 2908 2909 void 2910 sctp_mtu_size_reset(struct sctp_inpcb *inp, 2911 struct sctp_association *asoc, uint32_t mtu) 2912 { 2913 /* 2914 * Reset the P-MTU size on this association, this involves changing 2915 * the asoc MTU, going through ANY chunk+overhead larger than mtu to 2916 * allow the DF flag to be cleared. 2917 */ 2918 struct sctp_tmit_chunk *chk; 2919 unsigned int eff_mtu, ovh; 2920 2921 asoc->smallest_mtu = mtu; 2922 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 2923 ovh = SCTP_MIN_OVERHEAD; 2924 } else { 2925 ovh = SCTP_MIN_V4_OVERHEAD; 2926 } 2927 eff_mtu = mtu - ovh; 2928 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 2929 if (chk->send_size > eff_mtu) { 2930 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2931 } 2932 } 2933 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 2934 if (chk->send_size > eff_mtu) { 2935 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2936 } 2937 } 2938 } 2939 2940 /* 2941 * Given an association and starting time of the current RTT period, update 2942 * RTO in number of msecs. net should point to the current network. 2943 * Return 1, if an RTO update was performed, return 0 if no update was 2944 * performed due to invalid starting point. 2945 */ 2946 2947 int 2948 sctp_calculate_rto(struct sctp_tcb *stcb, 2949 struct sctp_association *asoc, 2950 struct sctp_nets *net, 2951 struct timeval *old, 2952 int rtt_from_sack) 2953 { 2954 struct timeval now; 2955 uint64_t rtt_us; /* RTT in us */ 2956 int32_t rtt; /* RTT in ms */ 2957 uint32_t new_rto; 2958 int first_measure = 0; 2959 2960 /************************/ 2961 /* 1. calculate new RTT */ 2962 /************************/ 2963 /* get the current time */ 2964 if (stcb->asoc.use_precise_time) { 2965 (void)SCTP_GETPTIME_TIMEVAL(&now); 2966 } else { 2967 (void)SCTP_GETTIME_TIMEVAL(&now); 2968 } 2969 if ((old->tv_sec > now.tv_sec) || 2970 ((old->tv_sec == now.tv_sec) && (old->tv_usec > now.tv_usec))) { 2971 /* The starting point is in the future. */ 2972 return (0); 2973 } 2974 timevalsub(&now, old); 2975 rtt_us = (uint64_t)1000000 * (uint64_t)now.tv_sec + (uint64_t)now.tv_usec; 2976 if (rtt_us > SCTP_RTO_UPPER_BOUND * 1000) { 2977 /* The RTT is larger than a sane value. */ 2978 return (0); 2979 } 2980 /* store the current RTT in us */ 2981 net->rtt = rtt_us; 2982 /* compute rtt in ms */ 2983 rtt = (int32_t)(net->rtt / 1000); 2984 if ((asoc->cc_functions.sctp_rtt_calculated) && (rtt_from_sack == SCTP_RTT_FROM_DATA)) { 2985 /* 2986 * Tell the CC module that a new update has just occurred 2987 * from a sack 2988 */ 2989 (*asoc->cc_functions.sctp_rtt_calculated) (stcb, net, &now); 2990 } 2991 /* 2992 * Do we need to determine the lan? We do this only on sacks i.e. 2993 * RTT being determined from data not non-data (HB/INIT->INITACK). 2994 */ 2995 if ((rtt_from_sack == SCTP_RTT_FROM_DATA) && 2996 (net->lan_type == SCTP_LAN_UNKNOWN)) { 2997 if (net->rtt > SCTP_LOCAL_LAN_RTT) { 2998 net->lan_type = SCTP_LAN_INTERNET; 2999 } else { 3000 net->lan_type = SCTP_LAN_LOCAL; 3001 } 3002 } 3003 3004 /***************************/ 3005 /* 2. update RTTVAR & SRTT */ 3006 /***************************/ 3007 /*- 3008 * Compute the scaled average lastsa and the 3009 * scaled variance lastsv as described in van Jacobson 3010 * Paper "Congestion Avoidance and Control", Annex A. 3011 * 3012 * (net->lastsa >> SCTP_RTT_SHIFT) is the srtt 3013 * (net->lastsv >> SCTP_RTT_VAR_SHIFT) is the rttvar 3014 */ 3015 if (net->RTO_measured) { 3016 rtt -= (net->lastsa >> SCTP_RTT_SHIFT); 3017 net->lastsa += rtt; 3018 if (rtt < 0) { 3019 rtt = -rtt; 3020 } 3021 rtt -= (net->lastsv >> SCTP_RTT_VAR_SHIFT); 3022 net->lastsv += rtt; 3023 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RTTVAR_LOGGING_ENABLE) { 3024 rto_logging(net, SCTP_LOG_RTTVAR); 3025 } 3026 } else { 3027 /* First RTO measurment */ 3028 net->RTO_measured = 1; 3029 first_measure = 1; 3030 net->lastsa = rtt << SCTP_RTT_SHIFT; 3031 net->lastsv = (rtt / 2) << SCTP_RTT_VAR_SHIFT; 3032 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RTTVAR_LOGGING_ENABLE) { 3033 rto_logging(net, SCTP_LOG_INITIAL_RTT); 3034 } 3035 } 3036 if (net->lastsv == 0) { 3037 net->lastsv = SCTP_CLOCK_GRANULARITY; 3038 } 3039 new_rto = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv; 3040 if ((new_rto > SCTP_SAT_NETWORK_MIN) && 3041 (stcb->asoc.sat_network_lockout == 0)) { 3042 stcb->asoc.sat_network = 1; 3043 } else if ((!first_measure) && stcb->asoc.sat_network) { 3044 stcb->asoc.sat_network = 0; 3045 stcb->asoc.sat_network_lockout = 1; 3046 } 3047 /* bound it, per C6/C7 in Section 5.3.1 */ 3048 if (new_rto < stcb->asoc.minrto) { 3049 new_rto = stcb->asoc.minrto; 3050 } 3051 if (new_rto > stcb->asoc.maxrto) { 3052 new_rto = stcb->asoc.maxrto; 3053 } 3054 net->RTO = new_rto; 3055 return (1); 3056 } 3057 3058 /* 3059 * return a pointer to a contiguous piece of data from the given mbuf chain 3060 * starting at 'off' for 'len' bytes. If the desired piece spans more than 3061 * one mbuf, a copy is made at 'ptr'. caller must ensure that the buffer size 3062 * is >= 'len' returns NULL if there there isn't 'len' bytes in the chain. 3063 */ 3064 caddr_t 3065 sctp_m_getptr(struct mbuf *m, int off, int len, uint8_t *in_ptr) 3066 { 3067 uint32_t count; 3068 uint8_t *ptr; 3069 3070 ptr = in_ptr; 3071 if ((off < 0) || (len <= 0)) 3072 return (NULL); 3073 3074 /* find the desired start location */ 3075 while ((m != NULL) && (off > 0)) { 3076 if (off < SCTP_BUF_LEN(m)) 3077 break; 3078 off -= SCTP_BUF_LEN(m); 3079 m = SCTP_BUF_NEXT(m); 3080 } 3081 if (m == NULL) 3082 return (NULL); 3083 3084 /* is the current mbuf large enough (eg. contiguous)? */ 3085 if ((SCTP_BUF_LEN(m) - off) >= len) { 3086 return (mtod(m, caddr_t)+off); 3087 } else { 3088 /* else, it spans more than one mbuf, so save a temp copy... */ 3089 while ((m != NULL) && (len > 0)) { 3090 count = min(SCTP_BUF_LEN(m) - off, len); 3091 memcpy(ptr, mtod(m, caddr_t)+off, count); 3092 len -= count; 3093 ptr += count; 3094 off = 0; 3095 m = SCTP_BUF_NEXT(m); 3096 } 3097 if ((m == NULL) && (len > 0)) 3098 return (NULL); 3099 else 3100 return ((caddr_t)in_ptr); 3101 } 3102 } 3103 3104 struct sctp_paramhdr * 3105 sctp_get_next_param(struct mbuf *m, 3106 int offset, 3107 struct sctp_paramhdr *pull, 3108 int pull_limit) 3109 { 3110 /* This just provides a typed signature to Peter's Pull routine */ 3111 return ((struct sctp_paramhdr *)sctp_m_getptr(m, offset, pull_limit, 3112 (uint8_t *)pull)); 3113 } 3114 3115 struct mbuf * 3116 sctp_add_pad_tombuf(struct mbuf *m, int padlen) 3117 { 3118 struct mbuf *m_last; 3119 caddr_t dp; 3120 3121 if (padlen > 3) { 3122 return (NULL); 3123 } 3124 if (padlen <= M_TRAILINGSPACE(m)) { 3125 /* 3126 * The easy way. We hope the majority of the time we hit 3127 * here :) 3128 */ 3129 m_last = m; 3130 } else { 3131 /* Hard way we must grow the mbuf chain */ 3132 m_last = sctp_get_mbuf_for_msg(padlen, 0, M_NOWAIT, 1, MT_DATA); 3133 if (m_last == NULL) { 3134 return (NULL); 3135 } 3136 SCTP_BUF_LEN(m_last) = 0; 3137 SCTP_BUF_NEXT(m_last) = NULL; 3138 SCTP_BUF_NEXT(m) = m_last; 3139 } 3140 dp = mtod(m_last, caddr_t)+SCTP_BUF_LEN(m_last); 3141 SCTP_BUF_LEN(m_last) += padlen; 3142 memset(dp, 0, padlen); 3143 return (m_last); 3144 } 3145 3146 struct mbuf * 3147 sctp_pad_lastmbuf(struct mbuf *m, int padval, struct mbuf *last_mbuf) 3148 { 3149 /* find the last mbuf in chain and pad it */ 3150 struct mbuf *m_at; 3151 3152 if (last_mbuf != NULL) { 3153 return (sctp_add_pad_tombuf(last_mbuf, padval)); 3154 } else { 3155 for (m_at = m; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3156 if (SCTP_BUF_NEXT(m_at) == NULL) { 3157 return (sctp_add_pad_tombuf(m_at, padval)); 3158 } 3159 } 3160 } 3161 return (NULL); 3162 } 3163 3164 static void 3165 sctp_notify_assoc_change(uint16_t state, struct sctp_tcb *stcb, 3166 uint16_t error, struct sctp_abort_chunk *abort, 3167 bool from_peer, bool timedout, int so_locked) 3168 { 3169 struct mbuf *m_notify; 3170 struct sctp_assoc_change *sac; 3171 struct sctp_queued_to_read *control; 3172 unsigned int notif_len; 3173 uint16_t abort_len; 3174 unsigned int i; 3175 3176 KASSERT(abort == NULL || from_peer, 3177 ("sctp_notify_assoc_change: ABORT chunk provided for local termination")); 3178 KASSERT(!from_peer || !timedout, 3179 ("sctp_notify_assoc_change: timeouts can only be local")); 3180 if (stcb == NULL) { 3181 return; 3182 } 3183 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVASSOCEVNT)) { 3184 notif_len = (unsigned int)sizeof(struct sctp_assoc_change); 3185 if (abort != NULL) { 3186 abort_len = ntohs(abort->ch.chunk_length); 3187 /* 3188 * Only SCTP_CHUNK_BUFFER_SIZE are guaranteed to be 3189 * contiguous. 3190 */ 3191 if (abort_len > SCTP_CHUNK_BUFFER_SIZE) { 3192 abort_len = SCTP_CHUNK_BUFFER_SIZE; 3193 } 3194 } else { 3195 abort_len = 0; 3196 } 3197 if ((state == SCTP_COMM_UP) || (state == SCTP_RESTART)) { 3198 notif_len += SCTP_ASSOC_SUPPORTS_MAX; 3199 } else if ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC)) { 3200 notif_len += abort_len; 3201 } 3202 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 3203 if (m_notify == NULL) { 3204 /* Retry with smaller value. */ 3205 notif_len = (unsigned int)sizeof(struct sctp_assoc_change); 3206 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 3207 if (m_notify == NULL) { 3208 goto set_error; 3209 } 3210 } 3211 SCTP_BUF_NEXT(m_notify) = NULL; 3212 sac = mtod(m_notify, struct sctp_assoc_change *); 3213 memset(sac, 0, notif_len); 3214 sac->sac_type = SCTP_ASSOC_CHANGE; 3215 sac->sac_flags = 0; 3216 sac->sac_length = sizeof(struct sctp_assoc_change); 3217 sac->sac_state = state; 3218 sac->sac_error = error; 3219 if (state == SCTP_CANT_STR_ASSOC) { 3220 sac->sac_outbound_streams = 0; 3221 sac->sac_inbound_streams = 0; 3222 } else { 3223 sac->sac_outbound_streams = stcb->asoc.streamoutcnt; 3224 sac->sac_inbound_streams = stcb->asoc.streamincnt; 3225 } 3226 sac->sac_assoc_id = sctp_get_associd(stcb); 3227 if (notif_len > sizeof(struct sctp_assoc_change)) { 3228 if ((state == SCTP_COMM_UP) || (state == SCTP_RESTART)) { 3229 i = 0; 3230 if (stcb->asoc.prsctp_supported == 1) { 3231 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_PR; 3232 } 3233 if (stcb->asoc.auth_supported == 1) { 3234 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_AUTH; 3235 } 3236 if (stcb->asoc.asconf_supported == 1) { 3237 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_ASCONF; 3238 } 3239 if (stcb->asoc.idata_supported == 1) { 3240 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_INTERLEAVING; 3241 } 3242 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_MULTIBUF; 3243 if (stcb->asoc.reconfig_supported == 1) { 3244 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_RE_CONFIG; 3245 } 3246 sac->sac_length += i; 3247 } else if ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC)) { 3248 memcpy(sac->sac_info, abort, abort_len); 3249 sac->sac_length += abort_len; 3250 } 3251 } 3252 SCTP_BUF_LEN(m_notify) = sac->sac_length; 3253 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3254 0, 0, stcb->asoc.context, 0, 0, 0, 3255 m_notify); 3256 if (control != NULL) { 3257 control->length = SCTP_BUF_LEN(m_notify); 3258 control->spec_flags = M_NOTIFICATION; 3259 /* not that we need this */ 3260 control->tail_mbuf = m_notify; 3261 sctp_add_to_readq(stcb->sctp_ep, stcb, 3262 control, 3263 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, 3264 so_locked); 3265 } else { 3266 sctp_m_freem(m_notify); 3267 } 3268 } 3269 /* 3270 * For 1-to-1 style sockets, we send up and error when an ABORT 3271 * comes in. 3272 */ 3273 set_error: 3274 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 3275 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && 3276 ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC))) { 3277 SOCK_LOCK(stcb->sctp_socket); 3278 if (from_peer) { 3279 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) { 3280 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNREFUSED); 3281 stcb->sctp_socket->so_error = ECONNREFUSED; 3282 } else { 3283 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNRESET); 3284 stcb->sctp_socket->so_error = ECONNRESET; 3285 } 3286 } else { 3287 if (timedout) { 3288 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ETIMEDOUT); 3289 stcb->sctp_socket->so_error = ETIMEDOUT; 3290 } else { 3291 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNABORTED); 3292 stcb->sctp_socket->so_error = ECONNABORTED; 3293 } 3294 } 3295 SOCK_UNLOCK(stcb->sctp_socket); 3296 } 3297 /* Wake ANY sleepers */ 3298 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 3299 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && 3300 ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC))) { 3301 socantrcvmore(stcb->sctp_socket); 3302 } 3303 sorwakeup(stcb->sctp_socket); 3304 sowwakeup(stcb->sctp_socket); 3305 } 3306 3307 static void 3308 sctp_notify_peer_addr_change(struct sctp_tcb *stcb, uint32_t state, 3309 struct sockaddr *sa, uint32_t error, int so_locked) 3310 { 3311 struct mbuf *m_notify; 3312 struct sctp_paddr_change *spc; 3313 struct sctp_queued_to_read *control; 3314 3315 if ((stcb == NULL) || 3316 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVPADDREVNT)) { 3317 /* event not enabled */ 3318 return; 3319 } 3320 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_paddr_change), 0, M_NOWAIT, 1, MT_DATA); 3321 if (m_notify == NULL) 3322 return; 3323 SCTP_BUF_LEN(m_notify) = 0; 3324 spc = mtod(m_notify, struct sctp_paddr_change *); 3325 memset(spc, 0, sizeof(struct sctp_paddr_change)); 3326 spc->spc_type = SCTP_PEER_ADDR_CHANGE; 3327 spc->spc_flags = 0; 3328 spc->spc_length = sizeof(struct sctp_paddr_change); 3329 switch (sa->sa_family) { 3330 #ifdef INET 3331 case AF_INET: 3332 #ifdef INET6 3333 if (sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_NEEDS_MAPPED_V4)) { 3334 in6_sin_2_v4mapsin6((struct sockaddr_in *)sa, 3335 (struct sockaddr_in6 *)&spc->spc_aaddr); 3336 } else { 3337 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in)); 3338 } 3339 #else 3340 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in)); 3341 #endif 3342 break; 3343 #endif 3344 #ifdef INET6 3345 case AF_INET6: 3346 { 3347 struct sockaddr_in6 *sin6; 3348 3349 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in6)); 3350 3351 sin6 = (struct sockaddr_in6 *)&spc->spc_aaddr; 3352 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) { 3353 if (sin6->sin6_scope_id == 0) { 3354 /* recover scope_id for user */ 3355 (void)sa6_recoverscope(sin6); 3356 } else { 3357 /* clear embedded scope_id for user */ 3358 in6_clearscope(&sin6->sin6_addr); 3359 } 3360 } 3361 break; 3362 } 3363 #endif 3364 default: 3365 /* TSNH */ 3366 break; 3367 } 3368 spc->spc_state = state; 3369 spc->spc_error = error; 3370 spc->spc_assoc_id = sctp_get_associd(stcb); 3371 3372 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_paddr_change); 3373 SCTP_BUF_NEXT(m_notify) = NULL; 3374 3375 /* append to socket */ 3376 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3377 0, 0, stcb->asoc.context, 0, 0, 0, 3378 m_notify); 3379 if (control == NULL) { 3380 /* no memory */ 3381 sctp_m_freem(m_notify); 3382 return; 3383 } 3384 control->length = SCTP_BUF_LEN(m_notify); 3385 control->spec_flags = M_NOTIFICATION; 3386 /* not that we need this */ 3387 control->tail_mbuf = m_notify; 3388 sctp_add_to_readq(stcb->sctp_ep, stcb, 3389 control, 3390 &stcb->sctp_socket->so_rcv, 1, 3391 SCTP_READ_LOCK_NOT_HELD, 3392 so_locked); 3393 } 3394 3395 static void 3396 sctp_notify_send_failed(struct sctp_tcb *stcb, uint8_t sent, uint32_t error, 3397 struct sctp_tmit_chunk *chk, int so_locked) 3398 { 3399 struct mbuf *m_notify; 3400 struct sctp_send_failed *ssf; 3401 struct sctp_send_failed_event *ssfe; 3402 struct sctp_queued_to_read *control; 3403 struct sctp_chunkhdr *chkhdr; 3404 int notifhdr_len, chk_len, chkhdr_len, padding_len, payload_len; 3405 3406 if ((stcb == NULL) || 3407 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSENDFAILEVNT) && 3408 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT))) { 3409 /* event not enabled */ 3410 return; 3411 } 3412 3413 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3414 notifhdr_len = sizeof(struct sctp_send_failed_event); 3415 } else { 3416 notifhdr_len = sizeof(struct sctp_send_failed); 3417 } 3418 m_notify = sctp_get_mbuf_for_msg(notifhdr_len, 0, M_NOWAIT, 1, MT_DATA); 3419 if (m_notify == NULL) 3420 /* no space left */ 3421 return; 3422 SCTP_BUF_LEN(m_notify) = notifhdr_len; 3423 if (stcb->asoc.idata_supported) { 3424 chkhdr_len = sizeof(struct sctp_idata_chunk); 3425 } else { 3426 chkhdr_len = sizeof(struct sctp_data_chunk); 3427 } 3428 /* Use some defaults in case we can't access the chunk header */ 3429 if (chk->send_size >= chkhdr_len) { 3430 payload_len = chk->send_size - chkhdr_len; 3431 } else { 3432 payload_len = 0; 3433 } 3434 padding_len = 0; 3435 if (chk->data != NULL) { 3436 chkhdr = mtod(chk->data, struct sctp_chunkhdr *); 3437 if (chkhdr != NULL) { 3438 chk_len = ntohs(chkhdr->chunk_length); 3439 if ((chk_len >= chkhdr_len) && 3440 (chk->send_size >= chk_len) && 3441 (chk->send_size - chk_len < 4)) { 3442 padding_len = chk->send_size - chk_len; 3443 payload_len = chk->send_size - chkhdr_len - padding_len; 3444 } 3445 } 3446 } 3447 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3448 ssfe = mtod(m_notify, struct sctp_send_failed_event *); 3449 memset(ssfe, 0, notifhdr_len); 3450 ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; 3451 if (sent) { 3452 ssfe->ssfe_flags = SCTP_DATA_SENT; 3453 } else { 3454 ssfe->ssfe_flags = SCTP_DATA_UNSENT; 3455 } 3456 ssfe->ssfe_length = (uint32_t)(notifhdr_len + payload_len); 3457 ssfe->ssfe_error = error; 3458 /* not exactly what the user sent in, but should be close :) */ 3459 ssfe->ssfe_info.snd_sid = chk->rec.data.sid; 3460 ssfe->ssfe_info.snd_flags = chk->rec.data.rcv_flags; 3461 ssfe->ssfe_info.snd_ppid = chk->rec.data.ppid; 3462 ssfe->ssfe_info.snd_context = chk->rec.data.context; 3463 ssfe->ssfe_info.snd_assoc_id = sctp_get_associd(stcb); 3464 ssfe->ssfe_assoc_id = sctp_get_associd(stcb); 3465 } else { 3466 ssf = mtod(m_notify, struct sctp_send_failed *); 3467 memset(ssf, 0, notifhdr_len); 3468 ssf->ssf_type = SCTP_SEND_FAILED; 3469 if (sent) { 3470 ssf->ssf_flags = SCTP_DATA_SENT; 3471 } else { 3472 ssf->ssf_flags = SCTP_DATA_UNSENT; 3473 } 3474 ssf->ssf_length = (uint32_t)(notifhdr_len + payload_len); 3475 ssf->ssf_error = error; 3476 /* not exactly what the user sent in, but should be close :) */ 3477 ssf->ssf_info.sinfo_stream = chk->rec.data.sid; 3478 ssf->ssf_info.sinfo_ssn = (uint16_t)chk->rec.data.mid; 3479 ssf->ssf_info.sinfo_flags = chk->rec.data.rcv_flags; 3480 ssf->ssf_info.sinfo_ppid = chk->rec.data.ppid; 3481 ssf->ssf_info.sinfo_context = chk->rec.data.context; 3482 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 3483 ssf->ssf_assoc_id = sctp_get_associd(stcb); 3484 } 3485 if (chk->data != NULL) { 3486 /* Trim off the sctp chunk header (it should be there) */ 3487 if (chk->send_size == chkhdr_len + payload_len + padding_len) { 3488 m_adj(chk->data, chkhdr_len); 3489 m_adj(chk->data, -padding_len); 3490 sctp_mbuf_crush(chk->data); 3491 chk->send_size -= (chkhdr_len + padding_len); 3492 } 3493 } 3494 SCTP_BUF_NEXT(m_notify) = chk->data; 3495 /* Steal off the mbuf */ 3496 chk->data = NULL; 3497 /* 3498 * For this case, we check the actual socket buffer, since the assoc 3499 * is going away we don't want to overfill the socket buffer for a 3500 * non-reader 3501 */ 3502 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3503 sctp_m_freem(m_notify); 3504 return; 3505 } 3506 /* append to socket */ 3507 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3508 0, 0, stcb->asoc.context, 0, 0, 0, 3509 m_notify); 3510 if (control == NULL) { 3511 /* no memory */ 3512 sctp_m_freem(m_notify); 3513 return; 3514 } 3515 control->length = SCTP_BUF_LEN(m_notify); 3516 control->spec_flags = M_NOTIFICATION; 3517 /* not that we need this */ 3518 control->tail_mbuf = m_notify; 3519 sctp_add_to_readq(stcb->sctp_ep, stcb, 3520 control, 3521 &stcb->sctp_socket->so_rcv, 1, 3522 SCTP_READ_LOCK_NOT_HELD, 3523 so_locked); 3524 } 3525 3526 static void 3527 sctp_notify_send_failed2(struct sctp_tcb *stcb, uint32_t error, 3528 struct sctp_stream_queue_pending *sp, int so_locked) 3529 { 3530 struct mbuf *m_notify; 3531 struct sctp_send_failed *ssf; 3532 struct sctp_send_failed_event *ssfe; 3533 struct sctp_queued_to_read *control; 3534 int notifhdr_len; 3535 3536 if ((stcb == NULL) || 3537 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSENDFAILEVNT) && 3538 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT))) { 3539 /* event not enabled */ 3540 return; 3541 } 3542 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3543 notifhdr_len = sizeof(struct sctp_send_failed_event); 3544 } else { 3545 notifhdr_len = sizeof(struct sctp_send_failed); 3546 } 3547 m_notify = sctp_get_mbuf_for_msg(notifhdr_len, 0, M_NOWAIT, 1, MT_DATA); 3548 if (m_notify == NULL) { 3549 /* no space left */ 3550 return; 3551 } 3552 SCTP_BUF_LEN(m_notify) = notifhdr_len; 3553 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3554 ssfe = mtod(m_notify, struct sctp_send_failed_event *); 3555 memset(ssfe, 0, notifhdr_len); 3556 ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; 3557 ssfe->ssfe_flags = SCTP_DATA_UNSENT; 3558 ssfe->ssfe_length = (uint32_t)(notifhdr_len + sp->length); 3559 ssfe->ssfe_error = error; 3560 /* not exactly what the user sent in, but should be close :) */ 3561 ssfe->ssfe_info.snd_sid = sp->sid; 3562 if (sp->some_taken) { 3563 ssfe->ssfe_info.snd_flags = SCTP_DATA_LAST_FRAG; 3564 } else { 3565 ssfe->ssfe_info.snd_flags = SCTP_DATA_NOT_FRAG; 3566 } 3567 ssfe->ssfe_info.snd_ppid = sp->ppid; 3568 ssfe->ssfe_info.snd_context = sp->context; 3569 ssfe->ssfe_info.snd_assoc_id = sctp_get_associd(stcb); 3570 ssfe->ssfe_assoc_id = sctp_get_associd(stcb); 3571 } else { 3572 ssf = mtod(m_notify, struct sctp_send_failed *); 3573 memset(ssf, 0, notifhdr_len); 3574 ssf->ssf_type = SCTP_SEND_FAILED; 3575 ssf->ssf_flags = SCTP_DATA_UNSENT; 3576 ssf->ssf_length = (uint32_t)(notifhdr_len + sp->length); 3577 ssf->ssf_error = error; 3578 /* not exactly what the user sent in, but should be close :) */ 3579 ssf->ssf_info.sinfo_stream = sp->sid; 3580 ssf->ssf_info.sinfo_ssn = 0; 3581 if (sp->some_taken) { 3582 ssf->ssf_info.sinfo_flags = SCTP_DATA_LAST_FRAG; 3583 } else { 3584 ssf->ssf_info.sinfo_flags = SCTP_DATA_NOT_FRAG; 3585 } 3586 ssf->ssf_info.sinfo_ppid = sp->ppid; 3587 ssf->ssf_info.sinfo_context = sp->context; 3588 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 3589 ssf->ssf_assoc_id = sctp_get_associd(stcb); 3590 } 3591 SCTP_BUF_NEXT(m_notify) = sp->data; 3592 3593 /* Steal off the mbuf */ 3594 sp->data = NULL; 3595 /* 3596 * For this case, we check the actual socket buffer, since the assoc 3597 * is going away we don't want to overfill the socket buffer for a 3598 * non-reader 3599 */ 3600 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3601 sctp_m_freem(m_notify); 3602 return; 3603 } 3604 /* append to socket */ 3605 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3606 0, 0, stcb->asoc.context, 0, 0, 0, 3607 m_notify); 3608 if (control == NULL) { 3609 /* no memory */ 3610 sctp_m_freem(m_notify); 3611 return; 3612 } 3613 control->length = SCTP_BUF_LEN(m_notify); 3614 control->spec_flags = M_NOTIFICATION; 3615 /* not that we need this */ 3616 control->tail_mbuf = m_notify; 3617 sctp_add_to_readq(stcb->sctp_ep, stcb, 3618 control, 3619 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); 3620 } 3621 3622 static void 3623 sctp_notify_adaptation_layer(struct sctp_tcb *stcb) 3624 { 3625 struct mbuf *m_notify; 3626 struct sctp_adaptation_event *sai; 3627 struct sctp_queued_to_read *control; 3628 3629 if ((stcb == NULL) || 3630 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ADAPTATIONEVNT)) { 3631 /* event not enabled */ 3632 return; 3633 } 3634 3635 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_adaption_event), 0, M_NOWAIT, 1, MT_DATA); 3636 if (m_notify == NULL) 3637 /* no space left */ 3638 return; 3639 SCTP_BUF_LEN(m_notify) = 0; 3640 sai = mtod(m_notify, struct sctp_adaptation_event *); 3641 memset(sai, 0, sizeof(struct sctp_adaptation_event)); 3642 sai->sai_type = SCTP_ADAPTATION_INDICATION; 3643 sai->sai_flags = 0; 3644 sai->sai_length = sizeof(struct sctp_adaptation_event); 3645 sai->sai_adaptation_ind = stcb->asoc.peers_adaptation; 3646 sai->sai_assoc_id = sctp_get_associd(stcb); 3647 3648 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_adaptation_event); 3649 SCTP_BUF_NEXT(m_notify) = NULL; 3650 3651 /* append to socket */ 3652 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3653 0, 0, stcb->asoc.context, 0, 0, 0, 3654 m_notify); 3655 if (control == NULL) { 3656 /* no memory */ 3657 sctp_m_freem(m_notify); 3658 return; 3659 } 3660 control->length = SCTP_BUF_LEN(m_notify); 3661 control->spec_flags = M_NOTIFICATION; 3662 /* not that we need this */ 3663 control->tail_mbuf = m_notify; 3664 sctp_add_to_readq(stcb->sctp_ep, stcb, 3665 control, 3666 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3667 } 3668 3669 /* This always must be called with the read-queue LOCKED in the INP */ 3670 static void 3671 sctp_notify_partial_delivery_indication(struct sctp_tcb *stcb, uint32_t error, 3672 uint32_t val, int so_locked) 3673 { 3674 struct mbuf *m_notify; 3675 struct sctp_pdapi_event *pdapi; 3676 struct sctp_queued_to_read *control; 3677 struct sockbuf *sb; 3678 3679 if ((stcb == NULL) || 3680 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_PDAPIEVNT)) { 3681 /* event not enabled */ 3682 return; 3683 } 3684 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_CANT_READ) { 3685 return; 3686 } 3687 3688 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_pdapi_event), 0, M_NOWAIT, 1, MT_DATA); 3689 if (m_notify == NULL) 3690 /* no space left */ 3691 return; 3692 SCTP_BUF_LEN(m_notify) = 0; 3693 pdapi = mtod(m_notify, struct sctp_pdapi_event *); 3694 memset(pdapi, 0, sizeof(struct sctp_pdapi_event)); 3695 pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT; 3696 pdapi->pdapi_flags = 0; 3697 pdapi->pdapi_length = sizeof(struct sctp_pdapi_event); 3698 pdapi->pdapi_indication = error; 3699 pdapi->pdapi_stream = (val >> 16); 3700 pdapi->pdapi_seq = (val & 0x0000ffff); 3701 pdapi->pdapi_assoc_id = sctp_get_associd(stcb); 3702 3703 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_pdapi_event); 3704 SCTP_BUF_NEXT(m_notify) = NULL; 3705 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3706 0, 0, stcb->asoc.context, 0, 0, 0, 3707 m_notify); 3708 if (control == NULL) { 3709 /* no memory */ 3710 sctp_m_freem(m_notify); 3711 return; 3712 } 3713 control->length = SCTP_BUF_LEN(m_notify); 3714 control->spec_flags = M_NOTIFICATION; 3715 /* not that we need this */ 3716 control->tail_mbuf = m_notify; 3717 sb = &stcb->sctp_socket->so_rcv; 3718 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 3719 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m_notify)); 3720 } 3721 sctp_sballoc(stcb, sb, m_notify); 3722 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 3723 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 3724 } 3725 control->end_added = 1; 3726 if (stcb->asoc.control_pdapi) 3727 TAILQ_INSERT_AFTER(&stcb->sctp_ep->read_queue, stcb->asoc.control_pdapi, control, next); 3728 else { 3729 /* we really should not see this case */ 3730 TAILQ_INSERT_TAIL(&stcb->sctp_ep->read_queue, control, next); 3731 } 3732 if (stcb->sctp_ep && stcb->sctp_socket) { 3733 /* This should always be the case */ 3734 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket); 3735 } 3736 } 3737 3738 static void 3739 sctp_notify_shutdown_event(struct sctp_tcb *stcb) 3740 { 3741 struct mbuf *m_notify; 3742 struct sctp_shutdown_event *sse; 3743 struct sctp_queued_to_read *control; 3744 3745 /* 3746 * For TCP model AND UDP connected sockets we will send an error up 3747 * when an SHUTDOWN completes 3748 */ 3749 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 3750 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 3751 /* mark socket closed for read/write and wakeup! */ 3752 socantsendmore(stcb->sctp_socket); 3753 } 3754 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSHUTDOWNEVNT)) { 3755 /* event not enabled */ 3756 return; 3757 } 3758 3759 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_event), 0, M_NOWAIT, 1, MT_DATA); 3760 if (m_notify == NULL) 3761 /* no space left */ 3762 return; 3763 sse = mtod(m_notify, struct sctp_shutdown_event *); 3764 memset(sse, 0, sizeof(struct sctp_shutdown_event)); 3765 sse->sse_type = SCTP_SHUTDOWN_EVENT; 3766 sse->sse_flags = 0; 3767 sse->sse_length = sizeof(struct sctp_shutdown_event); 3768 sse->sse_assoc_id = sctp_get_associd(stcb); 3769 3770 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_shutdown_event); 3771 SCTP_BUF_NEXT(m_notify) = NULL; 3772 3773 /* append to socket */ 3774 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3775 0, 0, stcb->asoc.context, 0, 0, 0, 3776 m_notify); 3777 if (control == NULL) { 3778 /* no memory */ 3779 sctp_m_freem(m_notify); 3780 return; 3781 } 3782 control->length = SCTP_BUF_LEN(m_notify); 3783 control->spec_flags = M_NOTIFICATION; 3784 /* not that we need this */ 3785 control->tail_mbuf = m_notify; 3786 sctp_add_to_readq(stcb->sctp_ep, stcb, 3787 control, 3788 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3789 } 3790 3791 static void 3792 sctp_notify_sender_dry_event(struct sctp_tcb *stcb, 3793 int so_locked) 3794 { 3795 struct mbuf *m_notify; 3796 struct sctp_sender_dry_event *event; 3797 struct sctp_queued_to_read *control; 3798 3799 if ((stcb == NULL) || 3800 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DRYEVNT)) { 3801 /* event not enabled */ 3802 return; 3803 } 3804 3805 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_sender_dry_event), 0, M_NOWAIT, 1, MT_DATA); 3806 if (m_notify == NULL) { 3807 /* no space left */ 3808 return; 3809 } 3810 SCTP_BUF_LEN(m_notify) = 0; 3811 event = mtod(m_notify, struct sctp_sender_dry_event *); 3812 memset(event, 0, sizeof(struct sctp_sender_dry_event)); 3813 event->sender_dry_type = SCTP_SENDER_DRY_EVENT; 3814 event->sender_dry_flags = 0; 3815 event->sender_dry_length = sizeof(struct sctp_sender_dry_event); 3816 event->sender_dry_assoc_id = sctp_get_associd(stcb); 3817 3818 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_sender_dry_event); 3819 SCTP_BUF_NEXT(m_notify) = NULL; 3820 3821 /* append to socket */ 3822 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3823 0, 0, stcb->asoc.context, 0, 0, 0, 3824 m_notify); 3825 if (control == NULL) { 3826 /* no memory */ 3827 sctp_m_freem(m_notify); 3828 return; 3829 } 3830 control->length = SCTP_BUF_LEN(m_notify); 3831 control->spec_flags = M_NOTIFICATION; 3832 /* not that we need this */ 3833 control->tail_mbuf = m_notify; 3834 sctp_add_to_readq(stcb->sctp_ep, stcb, control, 3835 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); 3836 } 3837 3838 void 3839 sctp_notify_stream_reset_add(struct sctp_tcb *stcb, uint16_t numberin, uint16_t numberout, int flag) 3840 { 3841 struct mbuf *m_notify; 3842 struct sctp_queued_to_read *control; 3843 struct sctp_stream_change_event *stradd; 3844 3845 if ((stcb == NULL) || 3846 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_CHANGEEVNT))) { 3847 /* event not enabled */ 3848 return; 3849 } 3850 if ((stcb->asoc.peer_req_out) && flag) { 3851 /* Peer made the request, don't tell the local user */ 3852 stcb->asoc.peer_req_out = 0; 3853 return; 3854 } 3855 stcb->asoc.peer_req_out = 0; 3856 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_stream_change_event), 0, M_NOWAIT, 1, MT_DATA); 3857 if (m_notify == NULL) 3858 /* no space left */ 3859 return; 3860 SCTP_BUF_LEN(m_notify) = 0; 3861 stradd = mtod(m_notify, struct sctp_stream_change_event *); 3862 memset(stradd, 0, sizeof(struct sctp_stream_change_event)); 3863 stradd->strchange_type = SCTP_STREAM_CHANGE_EVENT; 3864 stradd->strchange_flags = flag; 3865 stradd->strchange_length = sizeof(struct sctp_stream_change_event); 3866 stradd->strchange_assoc_id = sctp_get_associd(stcb); 3867 stradd->strchange_instrms = numberin; 3868 stradd->strchange_outstrms = numberout; 3869 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_stream_change_event); 3870 SCTP_BUF_NEXT(m_notify) = NULL; 3871 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3872 /* no space */ 3873 sctp_m_freem(m_notify); 3874 return; 3875 } 3876 /* append to socket */ 3877 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3878 0, 0, stcb->asoc.context, 0, 0, 0, 3879 m_notify); 3880 if (control == NULL) { 3881 /* no memory */ 3882 sctp_m_freem(m_notify); 3883 return; 3884 } 3885 control->length = SCTP_BUF_LEN(m_notify); 3886 control->spec_flags = M_NOTIFICATION; 3887 /* not that we need this */ 3888 control->tail_mbuf = m_notify; 3889 sctp_add_to_readq(stcb->sctp_ep, stcb, 3890 control, 3891 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3892 } 3893 3894 void 3895 sctp_notify_stream_reset_tsn(struct sctp_tcb *stcb, uint32_t sending_tsn, uint32_t recv_tsn, int flag) 3896 { 3897 struct mbuf *m_notify; 3898 struct sctp_queued_to_read *control; 3899 struct sctp_assoc_reset_event *strasoc; 3900 3901 if ((stcb == NULL) || 3902 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ASSOC_RESETEVNT))) { 3903 /* event not enabled */ 3904 return; 3905 } 3906 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_reset_event), 0, M_NOWAIT, 1, MT_DATA); 3907 if (m_notify == NULL) 3908 /* no space left */ 3909 return; 3910 SCTP_BUF_LEN(m_notify) = 0; 3911 strasoc = mtod(m_notify, struct sctp_assoc_reset_event *); 3912 memset(strasoc, 0, sizeof(struct sctp_assoc_reset_event)); 3913 strasoc->assocreset_type = SCTP_ASSOC_RESET_EVENT; 3914 strasoc->assocreset_flags = flag; 3915 strasoc->assocreset_length = sizeof(struct sctp_assoc_reset_event); 3916 strasoc->assocreset_assoc_id = sctp_get_associd(stcb); 3917 strasoc->assocreset_local_tsn = sending_tsn; 3918 strasoc->assocreset_remote_tsn = recv_tsn; 3919 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_assoc_reset_event); 3920 SCTP_BUF_NEXT(m_notify) = NULL; 3921 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3922 /* no space */ 3923 sctp_m_freem(m_notify); 3924 return; 3925 } 3926 /* append to socket */ 3927 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3928 0, 0, stcb->asoc.context, 0, 0, 0, 3929 m_notify); 3930 if (control == NULL) { 3931 /* no memory */ 3932 sctp_m_freem(m_notify); 3933 return; 3934 } 3935 control->length = SCTP_BUF_LEN(m_notify); 3936 control->spec_flags = M_NOTIFICATION; 3937 /* not that we need this */ 3938 control->tail_mbuf = m_notify; 3939 sctp_add_to_readq(stcb->sctp_ep, stcb, 3940 control, 3941 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3942 } 3943 3944 static void 3945 sctp_notify_stream_reset(struct sctp_tcb *stcb, 3946 int number_entries, uint16_t *list, int flag) 3947 { 3948 struct mbuf *m_notify; 3949 struct sctp_queued_to_read *control; 3950 struct sctp_stream_reset_event *strreset; 3951 int len; 3952 3953 if ((stcb == NULL) || 3954 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_RESETEVNT))) { 3955 /* event not enabled */ 3956 return; 3957 } 3958 3959 m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 3960 if (m_notify == NULL) 3961 /* no space left */ 3962 return; 3963 SCTP_BUF_LEN(m_notify) = 0; 3964 len = sizeof(struct sctp_stream_reset_event) + (number_entries * sizeof(uint16_t)); 3965 if (len > M_TRAILINGSPACE(m_notify)) { 3966 /* never enough room */ 3967 sctp_m_freem(m_notify); 3968 return; 3969 } 3970 strreset = mtod(m_notify, struct sctp_stream_reset_event *); 3971 memset(strreset, 0, len); 3972 strreset->strreset_type = SCTP_STREAM_RESET_EVENT; 3973 strreset->strreset_flags = flag; 3974 strreset->strreset_length = len; 3975 strreset->strreset_assoc_id = sctp_get_associd(stcb); 3976 if (number_entries) { 3977 int i; 3978 3979 for (i = 0; i < number_entries; i++) { 3980 strreset->strreset_stream_list[i] = ntohs(list[i]); 3981 } 3982 } 3983 SCTP_BUF_LEN(m_notify) = len; 3984 SCTP_BUF_NEXT(m_notify) = NULL; 3985 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3986 /* no space */ 3987 sctp_m_freem(m_notify); 3988 return; 3989 } 3990 /* append to socket */ 3991 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3992 0, 0, stcb->asoc.context, 0, 0, 0, 3993 m_notify); 3994 if (control == NULL) { 3995 /* no memory */ 3996 sctp_m_freem(m_notify); 3997 return; 3998 } 3999 control->length = SCTP_BUF_LEN(m_notify); 4000 control->spec_flags = M_NOTIFICATION; 4001 /* not that we need this */ 4002 control->tail_mbuf = m_notify; 4003 sctp_add_to_readq(stcb->sctp_ep, stcb, 4004 control, 4005 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 4006 } 4007 4008 static void 4009 sctp_notify_remote_error(struct sctp_tcb *stcb, uint16_t error, struct sctp_error_chunk *chunk) 4010 { 4011 struct mbuf *m_notify; 4012 struct sctp_remote_error *sre; 4013 struct sctp_queued_to_read *control; 4014 unsigned int notif_len; 4015 uint16_t chunk_len; 4016 4017 if ((stcb == NULL) || 4018 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVPEERERR)) { 4019 return; 4020 } 4021 if (chunk != NULL) { 4022 chunk_len = ntohs(chunk->ch.chunk_length); 4023 /* 4024 * Only SCTP_CHUNK_BUFFER_SIZE are guaranteed to be 4025 * contiguous. 4026 */ 4027 if (chunk_len > SCTP_CHUNK_BUFFER_SIZE) { 4028 chunk_len = SCTP_CHUNK_BUFFER_SIZE; 4029 } 4030 } else { 4031 chunk_len = 0; 4032 } 4033 notif_len = (unsigned int)(sizeof(struct sctp_remote_error) + chunk_len); 4034 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 4035 if (m_notify == NULL) { 4036 /* Retry with smaller value. */ 4037 notif_len = (unsigned int)sizeof(struct sctp_remote_error); 4038 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 4039 if (m_notify == NULL) { 4040 return; 4041 } 4042 } 4043 SCTP_BUF_NEXT(m_notify) = NULL; 4044 sre = mtod(m_notify, struct sctp_remote_error *); 4045 memset(sre, 0, notif_len); 4046 sre->sre_type = SCTP_REMOTE_ERROR; 4047 sre->sre_flags = 0; 4048 sre->sre_length = sizeof(struct sctp_remote_error); 4049 sre->sre_error = error; 4050 sre->sre_assoc_id = sctp_get_associd(stcb); 4051 if (notif_len > sizeof(struct sctp_remote_error)) { 4052 memcpy(sre->sre_data, chunk, chunk_len); 4053 sre->sre_length += chunk_len; 4054 } 4055 SCTP_BUF_LEN(m_notify) = sre->sre_length; 4056 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 4057 0, 0, stcb->asoc.context, 0, 0, 0, 4058 m_notify); 4059 if (control != NULL) { 4060 control->length = SCTP_BUF_LEN(m_notify); 4061 control->spec_flags = M_NOTIFICATION; 4062 /* not that we need this */ 4063 control->tail_mbuf = m_notify; 4064 sctp_add_to_readq(stcb->sctp_ep, stcb, 4065 control, 4066 &stcb->sctp_socket->so_rcv, 1, 4067 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 4068 } else { 4069 sctp_m_freem(m_notify); 4070 } 4071 } 4072 4073 void 4074 sctp_ulp_notify(uint32_t notification, struct sctp_tcb *stcb, 4075 uint32_t error, void *data, int so_locked) 4076 { 4077 if ((stcb == NULL) || 4078 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 4079 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 4080 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 4081 /* If the socket is gone we are out of here */ 4082 return; 4083 } 4084 if (stcb->sctp_socket->so_rcv.sb_state & SBS_CANTRCVMORE) { 4085 return; 4086 } 4087 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 4088 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 4089 if ((notification == SCTP_NOTIFY_INTERFACE_DOWN) || 4090 (notification == SCTP_NOTIFY_INTERFACE_UP) || 4091 (notification == SCTP_NOTIFY_INTERFACE_CONFIRMED)) { 4092 /* Don't report these in front states */ 4093 return; 4094 } 4095 } 4096 switch (notification) { 4097 case SCTP_NOTIFY_ASSOC_UP: 4098 if (stcb->asoc.assoc_up_sent == 0) { 4099 sctp_notify_assoc_change(SCTP_COMM_UP, stcb, error, NULL, false, false, so_locked); 4100 stcb->asoc.assoc_up_sent = 1; 4101 } 4102 if (stcb->asoc.adaptation_needed && (stcb->asoc.adaptation_sent == 0)) { 4103 sctp_notify_adaptation_layer(stcb); 4104 } 4105 if (stcb->asoc.auth_supported == 0) { 4106 sctp_ulp_notify(SCTP_NOTIFY_NO_PEER_AUTH, stcb, 0, 4107 NULL, so_locked); 4108 } 4109 break; 4110 case SCTP_NOTIFY_ASSOC_DOWN: 4111 sctp_notify_assoc_change(SCTP_SHUTDOWN_COMP, stcb, error, NULL, false, false, so_locked); 4112 break; 4113 case SCTP_NOTIFY_INTERFACE_DOWN: 4114 { 4115 struct sctp_nets *net; 4116 4117 net = (struct sctp_nets *)data; 4118 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_UNREACHABLE, 4119 (struct sockaddr *)&net->ro._l_addr, error, so_locked); 4120 break; 4121 } 4122 case SCTP_NOTIFY_INTERFACE_UP: 4123 { 4124 struct sctp_nets *net; 4125 4126 net = (struct sctp_nets *)data; 4127 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_AVAILABLE, 4128 (struct sockaddr *)&net->ro._l_addr, error, so_locked); 4129 break; 4130 } 4131 case SCTP_NOTIFY_INTERFACE_CONFIRMED: 4132 { 4133 struct sctp_nets *net; 4134 4135 net = (struct sctp_nets *)data; 4136 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_CONFIRMED, 4137 (struct sockaddr *)&net->ro._l_addr, error, so_locked); 4138 break; 4139 } 4140 case SCTP_NOTIFY_SPECIAL_SP_FAIL: 4141 sctp_notify_send_failed2(stcb, error, 4142 (struct sctp_stream_queue_pending *)data, so_locked); 4143 break; 4144 case SCTP_NOTIFY_SENT_DG_FAIL: 4145 sctp_notify_send_failed(stcb, 1, error, 4146 (struct sctp_tmit_chunk *)data, so_locked); 4147 break; 4148 case SCTP_NOTIFY_UNSENT_DG_FAIL: 4149 sctp_notify_send_failed(stcb, 0, error, 4150 (struct sctp_tmit_chunk *)data, so_locked); 4151 break; 4152 case SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION: 4153 { 4154 uint32_t val; 4155 4156 val = *((uint32_t *)data); 4157 4158 sctp_notify_partial_delivery_indication(stcb, error, val, so_locked); 4159 break; 4160 } 4161 case SCTP_NOTIFY_ASSOC_LOC_ABORTED: 4162 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 4163 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 4164 sctp_notify_assoc_change(SCTP_CANT_STR_ASSOC, stcb, error, data, false, false, so_locked); 4165 } else { 4166 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, data, false, false, so_locked); 4167 } 4168 break; 4169 case SCTP_NOTIFY_ASSOC_REM_ABORTED: 4170 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 4171 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 4172 sctp_notify_assoc_change(SCTP_CANT_STR_ASSOC, stcb, error, data, true, false, so_locked); 4173 } else { 4174 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, data, true, false, so_locked); 4175 } 4176 break; 4177 case SCTP_NOTIFY_ASSOC_TIMEDOUT: 4178 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 4179 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 4180 sctp_notify_assoc_change(SCTP_CANT_STR_ASSOC, stcb, error, data, false, true, so_locked); 4181 } else { 4182 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, data, false, true, so_locked); 4183 } 4184 break; 4185 case SCTP_NOTIFY_ASSOC_RESTART: 4186 sctp_notify_assoc_change(SCTP_RESTART, stcb, error, NULL, false, false, so_locked); 4187 if (stcb->asoc.auth_supported == 0) { 4188 sctp_ulp_notify(SCTP_NOTIFY_NO_PEER_AUTH, stcb, 0, 4189 NULL, so_locked); 4190 } 4191 break; 4192 case SCTP_NOTIFY_STR_RESET_SEND: 4193 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), SCTP_STREAM_RESET_OUTGOING_SSN); 4194 break; 4195 case SCTP_NOTIFY_STR_RESET_RECV: 4196 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), SCTP_STREAM_RESET_INCOMING); 4197 break; 4198 case SCTP_NOTIFY_STR_RESET_FAILED_OUT: 4199 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 4200 (SCTP_STREAM_RESET_OUTGOING_SSN | SCTP_STREAM_RESET_FAILED)); 4201 break; 4202 case SCTP_NOTIFY_STR_RESET_DENIED_OUT: 4203 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 4204 (SCTP_STREAM_RESET_OUTGOING_SSN | SCTP_STREAM_RESET_DENIED)); 4205 break; 4206 case SCTP_NOTIFY_STR_RESET_FAILED_IN: 4207 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 4208 (SCTP_STREAM_RESET_INCOMING | SCTP_STREAM_RESET_FAILED)); 4209 break; 4210 case SCTP_NOTIFY_STR_RESET_DENIED_IN: 4211 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 4212 (SCTP_STREAM_RESET_INCOMING | SCTP_STREAM_RESET_DENIED)); 4213 break; 4214 case SCTP_NOTIFY_ASCONF_ADD_IP: 4215 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_ADDED, data, 4216 error, so_locked); 4217 break; 4218 case SCTP_NOTIFY_ASCONF_DELETE_IP: 4219 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_REMOVED, data, 4220 error, so_locked); 4221 break; 4222 case SCTP_NOTIFY_ASCONF_SET_PRIMARY: 4223 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_MADE_PRIM, data, 4224 error, so_locked); 4225 break; 4226 case SCTP_NOTIFY_PEER_SHUTDOWN: 4227 sctp_notify_shutdown_event(stcb); 4228 break; 4229 case SCTP_NOTIFY_AUTH_NEW_KEY: 4230 sctp_notify_authentication(stcb, SCTP_AUTH_NEW_KEY, error, 4231 (uint16_t)(uintptr_t)data, 4232 so_locked); 4233 break; 4234 case SCTP_NOTIFY_AUTH_FREE_KEY: 4235 sctp_notify_authentication(stcb, SCTP_AUTH_FREE_KEY, error, 4236 (uint16_t)(uintptr_t)data, 4237 so_locked); 4238 break; 4239 case SCTP_NOTIFY_NO_PEER_AUTH: 4240 sctp_notify_authentication(stcb, SCTP_AUTH_NO_AUTH, error, 4241 (uint16_t)(uintptr_t)data, 4242 so_locked); 4243 break; 4244 case SCTP_NOTIFY_SENDER_DRY: 4245 sctp_notify_sender_dry_event(stcb, so_locked); 4246 break; 4247 case SCTP_NOTIFY_REMOTE_ERROR: 4248 sctp_notify_remote_error(stcb, error, data); 4249 break; 4250 default: 4251 SCTPDBG(SCTP_DEBUG_UTIL1, "%s: unknown notification %xh (%u)\n", 4252 __func__, notification, notification); 4253 break; 4254 } /* end switch */ 4255 } 4256 4257 void 4258 sctp_report_all_outbound(struct sctp_tcb *stcb, uint16_t error, int so_locked) 4259 { 4260 struct sctp_association *asoc; 4261 struct sctp_stream_out *outs; 4262 struct sctp_tmit_chunk *chk, *nchk; 4263 struct sctp_stream_queue_pending *sp, *nsp; 4264 int i; 4265 4266 if (stcb == NULL) { 4267 return; 4268 } 4269 asoc = &stcb->asoc; 4270 if (asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) { 4271 /* already being freed */ 4272 return; 4273 } 4274 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 4275 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 4276 (asoc->state & SCTP_STATE_CLOSED_SOCKET)) { 4277 return; 4278 } 4279 /* now through all the gunk freeing chunks */ 4280 /* sent queue SHOULD be empty */ 4281 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) { 4282 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next); 4283 asoc->sent_queue_cnt--; 4284 if (chk->sent != SCTP_DATAGRAM_NR_ACKED) { 4285 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) { 4286 asoc->strmout[chk->rec.data.sid].chunks_on_queues--; 4287 #ifdef INVARIANTS 4288 } else { 4289 panic("No chunks on the queues for sid %u.", chk->rec.data.sid); 4290 #endif 4291 } 4292 } 4293 if (chk->data != NULL) { 4294 sctp_free_bufspace(stcb, asoc, chk, 1); 4295 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 4296 error, chk, so_locked); 4297 if (chk->data) { 4298 sctp_m_freem(chk->data); 4299 chk->data = NULL; 4300 } 4301 } 4302 sctp_free_a_chunk(stcb, chk, so_locked); 4303 /* sa_ignore FREED_MEMORY */ 4304 } 4305 /* pending send queue SHOULD be empty */ 4306 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { 4307 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); 4308 asoc->send_queue_cnt--; 4309 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) { 4310 asoc->strmout[chk->rec.data.sid].chunks_on_queues--; 4311 #ifdef INVARIANTS 4312 } else { 4313 panic("No chunks on the queues for sid %u.", chk->rec.data.sid); 4314 #endif 4315 } 4316 if (chk->data != NULL) { 4317 sctp_free_bufspace(stcb, asoc, chk, 1); 4318 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 4319 error, chk, so_locked); 4320 if (chk->data) { 4321 sctp_m_freem(chk->data); 4322 chk->data = NULL; 4323 } 4324 } 4325 sctp_free_a_chunk(stcb, chk, so_locked); 4326 /* sa_ignore FREED_MEMORY */ 4327 } 4328 for (i = 0; i < asoc->streamoutcnt; i++) { 4329 /* For each stream */ 4330 outs = &asoc->strmout[i]; 4331 /* clean up any sends there */ 4332 TAILQ_FOREACH_SAFE(sp, &outs->outqueue, next, nsp) { 4333 atomic_subtract_int(&asoc->stream_queue_cnt, 1); 4334 TAILQ_REMOVE(&outs->outqueue, sp, next); 4335 stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, outs, sp); 4336 sctp_free_spbufspace(stcb, asoc, sp); 4337 if (sp->data) { 4338 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb, 4339 error, (void *)sp, so_locked); 4340 if (sp->data) { 4341 sctp_m_freem(sp->data); 4342 sp->data = NULL; 4343 sp->tail_mbuf = NULL; 4344 sp->length = 0; 4345 } 4346 } 4347 if (sp->net) { 4348 sctp_free_remote_addr(sp->net); 4349 sp->net = NULL; 4350 } 4351 /* Free the chunk */ 4352 sctp_free_a_strmoq(stcb, sp, so_locked); 4353 /* sa_ignore FREED_MEMORY */ 4354 } 4355 } 4356 } 4357 4358 void 4359 sctp_abort_notification(struct sctp_tcb *stcb, bool from_peer, bool timeout, 4360 uint16_t error, struct sctp_abort_chunk *abort, 4361 int so_locked) 4362 { 4363 if (stcb == NULL) { 4364 return; 4365 } 4366 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || 4367 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 4368 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) { 4369 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_WAS_ABORTED; 4370 } 4371 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 4372 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 4373 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 4374 return; 4375 } 4376 SCTP_TCB_SEND_LOCK(stcb); 4377 SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_WAS_ABORTED); 4378 /* Tell them we lost the asoc */ 4379 sctp_report_all_outbound(stcb, error, so_locked); 4380 SCTP_TCB_SEND_UNLOCK(stcb); 4381 if (from_peer) { 4382 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_REM_ABORTED, stcb, error, abort, so_locked); 4383 } else { 4384 if (timeout) { 4385 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_TIMEDOUT, stcb, error, abort, so_locked); 4386 } else { 4387 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_LOC_ABORTED, stcb, error, abort, so_locked); 4388 } 4389 } 4390 } 4391 4392 void 4393 sctp_abort_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 4394 struct mbuf *m, int iphlen, 4395 struct sockaddr *src, struct sockaddr *dst, 4396 struct sctphdr *sh, struct mbuf *op_err, 4397 uint8_t mflowtype, uint32_t mflowid, 4398 uint32_t vrf_id, uint16_t port) 4399 { 4400 struct sctp_gen_error_cause *cause; 4401 uint32_t vtag; 4402 uint16_t cause_code; 4403 4404 if (stcb != NULL) { 4405 vtag = stcb->asoc.peer_vtag; 4406 vrf_id = stcb->asoc.vrf_id; 4407 if (op_err != NULL) { 4408 /* Read the cause code from the error cause. */ 4409 cause = mtod(op_err, struct sctp_gen_error_cause *); 4410 cause_code = ntohs(cause->code); 4411 } else { 4412 cause_code = 0; 4413 } 4414 } else { 4415 vtag = 0; 4416 } 4417 sctp_send_abort(m, iphlen, src, dst, sh, vtag, op_err, 4418 mflowtype, mflowid, inp->fibnum, 4419 vrf_id, port); 4420 if (stcb != NULL) { 4421 /* We have a TCB to abort, send notification too */ 4422 sctp_abort_notification(stcb, false, false, cause_code, NULL, SCTP_SO_NOT_LOCKED); 4423 /* Ok, now lets free it */ 4424 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 4425 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 4426 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 4427 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 4428 } 4429 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 4430 SCTP_FROM_SCTPUTIL + SCTP_LOC_4); 4431 } 4432 } 4433 #ifdef SCTP_ASOCLOG_OF_TSNS 4434 void 4435 sctp_print_out_track_log(struct sctp_tcb *stcb) 4436 { 4437 #ifdef NOSIY_PRINTS 4438 int i; 4439 4440 SCTP_PRINTF("Last ep reason:%x\n", stcb->sctp_ep->last_abort_code); 4441 SCTP_PRINTF("IN bound TSN log-aaa\n"); 4442 if ((stcb->asoc.tsn_in_at == 0) && (stcb->asoc.tsn_in_wrapped == 0)) { 4443 SCTP_PRINTF("None rcvd\n"); 4444 goto none_in; 4445 } 4446 if (stcb->asoc.tsn_in_wrapped) { 4447 for (i = stcb->asoc.tsn_in_at; i < SCTP_TSN_LOG_SIZE; i++) { 4448 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4449 stcb->asoc.in_tsnlog[i].tsn, 4450 stcb->asoc.in_tsnlog[i].strm, 4451 stcb->asoc.in_tsnlog[i].seq, 4452 stcb->asoc.in_tsnlog[i].flgs, 4453 stcb->asoc.in_tsnlog[i].sz); 4454 } 4455 } 4456 if (stcb->asoc.tsn_in_at) { 4457 for (i = 0; i < stcb->asoc.tsn_in_at; i++) { 4458 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4459 stcb->asoc.in_tsnlog[i].tsn, 4460 stcb->asoc.in_tsnlog[i].strm, 4461 stcb->asoc.in_tsnlog[i].seq, 4462 stcb->asoc.in_tsnlog[i].flgs, 4463 stcb->asoc.in_tsnlog[i].sz); 4464 } 4465 } 4466 none_in: 4467 SCTP_PRINTF("OUT bound TSN log-aaa\n"); 4468 if ((stcb->asoc.tsn_out_at == 0) && 4469 (stcb->asoc.tsn_out_wrapped == 0)) { 4470 SCTP_PRINTF("None sent\n"); 4471 } 4472 if (stcb->asoc.tsn_out_wrapped) { 4473 for (i = stcb->asoc.tsn_out_at; i < SCTP_TSN_LOG_SIZE; i++) { 4474 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4475 stcb->asoc.out_tsnlog[i].tsn, 4476 stcb->asoc.out_tsnlog[i].strm, 4477 stcb->asoc.out_tsnlog[i].seq, 4478 stcb->asoc.out_tsnlog[i].flgs, 4479 stcb->asoc.out_tsnlog[i].sz); 4480 } 4481 } 4482 if (stcb->asoc.tsn_out_at) { 4483 for (i = 0; i < stcb->asoc.tsn_out_at; i++) { 4484 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4485 stcb->asoc.out_tsnlog[i].tsn, 4486 stcb->asoc.out_tsnlog[i].strm, 4487 stcb->asoc.out_tsnlog[i].seq, 4488 stcb->asoc.out_tsnlog[i].flgs, 4489 stcb->asoc.out_tsnlog[i].sz); 4490 } 4491 } 4492 #endif 4493 } 4494 #endif 4495 4496 void 4497 sctp_abort_an_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 4498 struct mbuf *op_err, bool timedout, int so_locked) 4499 { 4500 struct sctp_gen_error_cause *cause; 4501 uint16_t cause_code; 4502 4503 if (stcb == NULL) { 4504 /* Got to have a TCB */ 4505 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 4506 if (LIST_EMPTY(&inp->sctp_asoc_list)) { 4507 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 4508 SCTP_CALLED_DIRECTLY_NOCMPSET); 4509 } 4510 } 4511 return; 4512 } 4513 if (op_err != NULL) { 4514 /* Read the cause code from the error cause. */ 4515 cause = mtod(op_err, struct sctp_gen_error_cause *); 4516 cause_code = ntohs(cause->code); 4517 } else { 4518 cause_code = 0; 4519 } 4520 /* notify the peer */ 4521 sctp_send_abort_tcb(stcb, op_err, so_locked); 4522 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 4523 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 4524 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 4525 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 4526 } 4527 /* notify the ulp */ 4528 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) { 4529 sctp_abort_notification(stcb, false, timedout, cause_code, NULL, so_locked); 4530 } 4531 /* now free the asoc */ 4532 #ifdef SCTP_ASOCLOG_OF_TSNS 4533 sctp_print_out_track_log(stcb); 4534 #endif 4535 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 4536 SCTP_FROM_SCTPUTIL + SCTP_LOC_5); 4537 } 4538 4539 void 4540 sctp_handle_ootb(struct mbuf *m, int iphlen, int offset, 4541 struct sockaddr *src, struct sockaddr *dst, 4542 struct sctphdr *sh, struct sctp_inpcb *inp, 4543 struct mbuf *cause, 4544 uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum, 4545 uint32_t vrf_id, uint16_t port) 4546 { 4547 struct sctp_chunkhdr *ch, chunk_buf; 4548 unsigned int chk_length; 4549 int contains_init_chunk; 4550 4551 SCTP_STAT_INCR_COUNTER32(sctps_outoftheblue); 4552 /* Generate a TO address for future reference */ 4553 if (inp && (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) { 4554 if (LIST_EMPTY(&inp->sctp_asoc_list)) { 4555 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 4556 SCTP_CALLED_DIRECTLY_NOCMPSET); 4557 } 4558 } 4559 contains_init_chunk = 0; 4560 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4561 sizeof(*ch), (uint8_t *)&chunk_buf); 4562 while (ch != NULL) { 4563 chk_length = ntohs(ch->chunk_length); 4564 if (chk_length < sizeof(*ch)) { 4565 /* break to abort land */ 4566 break; 4567 } 4568 switch (ch->chunk_type) { 4569 case SCTP_INIT: 4570 contains_init_chunk = 1; 4571 break; 4572 case SCTP_PACKET_DROPPED: 4573 /* we don't respond to pkt-dropped */ 4574 return; 4575 case SCTP_ABORT_ASSOCIATION: 4576 /* we don't respond with an ABORT to an ABORT */ 4577 return; 4578 case SCTP_SHUTDOWN_COMPLETE: 4579 /* 4580 * we ignore it since we are not waiting for it and 4581 * peer is gone 4582 */ 4583 return; 4584 case SCTP_SHUTDOWN_ACK: 4585 sctp_send_shutdown_complete2(src, dst, sh, 4586 mflowtype, mflowid, fibnum, 4587 vrf_id, port); 4588 return; 4589 default: 4590 break; 4591 } 4592 offset += SCTP_SIZE32(chk_length); 4593 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4594 sizeof(*ch), (uint8_t *)&chunk_buf); 4595 } 4596 if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) || 4597 ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) && 4598 (contains_init_chunk == 0))) { 4599 sctp_send_abort(m, iphlen, src, dst, sh, 0, cause, 4600 mflowtype, mflowid, fibnum, 4601 vrf_id, port); 4602 } 4603 } 4604 4605 /* 4606 * check the inbound datagram to make sure there is not an abort inside it, 4607 * if there is return 1, else return 0. 4608 */ 4609 int 4610 sctp_is_there_an_abort_here(struct mbuf *m, int iphlen, uint32_t *vtag) 4611 { 4612 struct sctp_chunkhdr *ch; 4613 struct sctp_init_chunk *init_chk, chunk_buf; 4614 int offset; 4615 unsigned int chk_length; 4616 4617 offset = iphlen + sizeof(struct sctphdr); 4618 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, sizeof(*ch), 4619 (uint8_t *)&chunk_buf); 4620 while (ch != NULL) { 4621 chk_length = ntohs(ch->chunk_length); 4622 if (chk_length < sizeof(*ch)) { 4623 /* packet is probably corrupt */ 4624 break; 4625 } 4626 /* we seem to be ok, is it an abort? */ 4627 if (ch->chunk_type == SCTP_ABORT_ASSOCIATION) { 4628 /* yep, tell them */ 4629 return (1); 4630 } 4631 if ((ch->chunk_type == SCTP_INITIATION) || 4632 (ch->chunk_type == SCTP_INITIATION_ACK)) { 4633 /* need to update the Vtag */ 4634 init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m, 4635 offset, sizeof(struct sctp_init_chunk), (uint8_t *)&chunk_buf); 4636 if (init_chk != NULL) { 4637 *vtag = ntohl(init_chk->init.initiate_tag); 4638 } 4639 } 4640 /* Nope, move to the next chunk */ 4641 offset += SCTP_SIZE32(chk_length); 4642 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4643 sizeof(*ch), (uint8_t *)&chunk_buf); 4644 } 4645 return (0); 4646 } 4647 4648 /* 4649 * currently (2/02), ifa_addr embeds scope_id's and don't have sin6_scope_id 4650 * set (i.e. it's 0) so, create this function to compare link local scopes 4651 */ 4652 #ifdef INET6 4653 uint32_t 4654 sctp_is_same_scope(struct sockaddr_in6 *addr1, struct sockaddr_in6 *addr2) 4655 { 4656 struct sockaddr_in6 a, b; 4657 4658 /* save copies */ 4659 a = *addr1; 4660 b = *addr2; 4661 4662 if (a.sin6_scope_id == 0) 4663 if (sa6_recoverscope(&a)) { 4664 /* can't get scope, so can't match */ 4665 return (0); 4666 } 4667 if (b.sin6_scope_id == 0) 4668 if (sa6_recoverscope(&b)) { 4669 /* can't get scope, so can't match */ 4670 return (0); 4671 } 4672 if (a.sin6_scope_id != b.sin6_scope_id) 4673 return (0); 4674 4675 return (1); 4676 } 4677 4678 /* 4679 * returns a sockaddr_in6 with embedded scope recovered and removed 4680 */ 4681 struct sockaddr_in6 * 4682 sctp_recover_scope(struct sockaddr_in6 *addr, struct sockaddr_in6 *store) 4683 { 4684 /* check and strip embedded scope junk */ 4685 if (addr->sin6_family == AF_INET6) { 4686 if (IN6_IS_SCOPE_LINKLOCAL(&addr->sin6_addr)) { 4687 if (addr->sin6_scope_id == 0) { 4688 *store = *addr; 4689 if (!sa6_recoverscope(store)) { 4690 /* use the recovered scope */ 4691 addr = store; 4692 } 4693 } else { 4694 /* else, return the original "to" addr */ 4695 in6_clearscope(&addr->sin6_addr); 4696 } 4697 } 4698 } 4699 return (addr); 4700 } 4701 #endif 4702 4703 /* 4704 * are the two addresses the same? currently a "scopeless" check returns: 1 4705 * if same, 0 if not 4706 */ 4707 int 4708 sctp_cmpaddr(struct sockaddr *sa1, struct sockaddr *sa2) 4709 { 4710 4711 /* must be valid */ 4712 if (sa1 == NULL || sa2 == NULL) 4713 return (0); 4714 4715 /* must be the same family */ 4716 if (sa1->sa_family != sa2->sa_family) 4717 return (0); 4718 4719 switch (sa1->sa_family) { 4720 #ifdef INET6 4721 case AF_INET6: 4722 { 4723 /* IPv6 addresses */ 4724 struct sockaddr_in6 *sin6_1, *sin6_2; 4725 4726 sin6_1 = (struct sockaddr_in6 *)sa1; 4727 sin6_2 = (struct sockaddr_in6 *)sa2; 4728 return (SCTP6_ARE_ADDR_EQUAL(sin6_1, 4729 sin6_2)); 4730 } 4731 #endif 4732 #ifdef INET 4733 case AF_INET: 4734 { 4735 /* IPv4 addresses */ 4736 struct sockaddr_in *sin_1, *sin_2; 4737 4738 sin_1 = (struct sockaddr_in *)sa1; 4739 sin_2 = (struct sockaddr_in *)sa2; 4740 return (sin_1->sin_addr.s_addr == sin_2->sin_addr.s_addr); 4741 } 4742 #endif 4743 default: 4744 /* we don't do these... */ 4745 return (0); 4746 } 4747 } 4748 4749 void 4750 sctp_print_address(struct sockaddr *sa) 4751 { 4752 #ifdef INET6 4753 char ip6buf[INET6_ADDRSTRLEN]; 4754 #endif 4755 4756 switch (sa->sa_family) { 4757 #ifdef INET6 4758 case AF_INET6: 4759 { 4760 struct sockaddr_in6 *sin6; 4761 4762 sin6 = (struct sockaddr_in6 *)sa; 4763 SCTP_PRINTF("IPv6 address: %s:port:%d scope:%u\n", 4764 ip6_sprintf(ip6buf, &sin6->sin6_addr), 4765 ntohs(sin6->sin6_port), 4766 sin6->sin6_scope_id); 4767 break; 4768 } 4769 #endif 4770 #ifdef INET 4771 case AF_INET: 4772 { 4773 struct sockaddr_in *sin; 4774 unsigned char *p; 4775 4776 sin = (struct sockaddr_in *)sa; 4777 p = (unsigned char *)&sin->sin_addr; 4778 SCTP_PRINTF("IPv4 address: %u.%u.%u.%u:%d\n", 4779 p[0], p[1], p[2], p[3], ntohs(sin->sin_port)); 4780 break; 4781 } 4782 #endif 4783 default: 4784 SCTP_PRINTF("?\n"); 4785 break; 4786 } 4787 } 4788 4789 void 4790 sctp_pull_off_control_to_new_inp(struct sctp_inpcb *old_inp, 4791 struct sctp_inpcb *new_inp, 4792 struct sctp_tcb *stcb, 4793 int waitflags) 4794 { 4795 /* 4796 * go through our old INP and pull off any control structures that 4797 * belong to stcb and move then to the new inp. 4798 */ 4799 struct socket *old_so, *new_so; 4800 struct sctp_queued_to_read *control, *nctl; 4801 struct sctp_readhead tmp_queue; 4802 struct mbuf *m; 4803 int error = 0; 4804 4805 old_so = old_inp->sctp_socket; 4806 new_so = new_inp->sctp_socket; 4807 TAILQ_INIT(&tmp_queue); 4808 error = SOCK_IO_RECV_LOCK(old_so, waitflags); 4809 if (error) { 4810 /* 4811 * Gak, can't get I/O lock, we have a problem. data will be 4812 * left stranded.. and we don't dare look at it since the 4813 * other thread may be reading something. Oh well, its a 4814 * screwed up app that does a peeloff OR a accept while 4815 * reading from the main socket... actually its only the 4816 * peeloff() case, since I think read will fail on a 4817 * listening socket.. 4818 */ 4819 return; 4820 } 4821 /* lock the socket buffers */ 4822 SCTP_INP_READ_LOCK(old_inp); 4823 TAILQ_FOREACH_SAFE(control, &old_inp->read_queue, next, nctl) { 4824 /* Pull off all for out target stcb */ 4825 if (control->stcb == stcb) { 4826 /* remove it we want it */ 4827 TAILQ_REMOVE(&old_inp->read_queue, control, next); 4828 TAILQ_INSERT_TAIL(&tmp_queue, control, next); 4829 m = control->data; 4830 while (m) { 4831 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4832 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 4833 } 4834 sctp_sbfree(control, stcb, &old_so->so_rcv, m); 4835 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4836 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4837 } 4838 m = SCTP_BUF_NEXT(m); 4839 } 4840 } 4841 } 4842 SCTP_INP_READ_UNLOCK(old_inp); 4843 /* Remove the recv-lock on the old socket */ 4844 SOCK_IO_RECV_UNLOCK(old_so); 4845 /* Now we move them over to the new socket buffer */ 4846 SCTP_INP_READ_LOCK(new_inp); 4847 TAILQ_FOREACH_SAFE(control, &tmp_queue, next, nctl) { 4848 TAILQ_INSERT_TAIL(&new_inp->read_queue, control, next); 4849 m = control->data; 4850 while (m) { 4851 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4852 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m)); 4853 } 4854 sctp_sballoc(stcb, &new_so->so_rcv, m); 4855 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4856 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4857 } 4858 m = SCTP_BUF_NEXT(m); 4859 } 4860 } 4861 SCTP_INP_READ_UNLOCK(new_inp); 4862 } 4863 4864 void 4865 sctp_wakeup_the_read_socket(struct sctp_inpcb *inp, 4866 struct sctp_tcb *stcb, 4867 int so_locked 4868 SCTP_UNUSED 4869 ) 4870 { 4871 if ((inp != NULL) && (inp->sctp_socket != NULL)) { 4872 sctp_sorwakeup(inp, inp->sctp_socket); 4873 } 4874 } 4875 4876 void 4877 sctp_add_to_readq(struct sctp_inpcb *inp, 4878 struct sctp_tcb *stcb, 4879 struct sctp_queued_to_read *control, 4880 struct sockbuf *sb, 4881 int end, 4882 int inp_read_lock_held, 4883 int so_locked) 4884 { 4885 /* 4886 * Here we must place the control on the end of the socket read 4887 * queue AND increment sb_cc so that select will work properly on 4888 * read. 4889 */ 4890 struct mbuf *m, *prev = NULL; 4891 4892 if (inp == NULL) { 4893 /* Gak, TSNH!! */ 4894 #ifdef INVARIANTS 4895 panic("Gak, inp NULL on add_to_readq"); 4896 #endif 4897 return; 4898 } 4899 if (inp_read_lock_held == 0) 4900 SCTP_INP_READ_LOCK(inp); 4901 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_CANT_READ) { 4902 if (!control->on_strm_q) { 4903 sctp_free_remote_addr(control->whoFrom); 4904 if (control->data) { 4905 sctp_m_freem(control->data); 4906 control->data = NULL; 4907 } 4908 sctp_free_a_readq(stcb, control); 4909 } 4910 if (inp_read_lock_held == 0) 4911 SCTP_INP_READ_UNLOCK(inp); 4912 return; 4913 } 4914 if (!(control->spec_flags & M_NOTIFICATION)) { 4915 atomic_add_int(&inp->total_recvs, 1); 4916 if (!control->do_not_ref_stcb) { 4917 atomic_add_int(&stcb->total_recvs, 1); 4918 } 4919 } 4920 m = control->data; 4921 control->held_length = 0; 4922 control->length = 0; 4923 while (m) { 4924 if (SCTP_BUF_LEN(m) == 0) { 4925 /* Skip mbufs with NO length */ 4926 if (prev == NULL) { 4927 /* First one */ 4928 control->data = sctp_m_free(m); 4929 m = control->data; 4930 } else { 4931 SCTP_BUF_NEXT(prev) = sctp_m_free(m); 4932 m = SCTP_BUF_NEXT(prev); 4933 } 4934 if (m == NULL) { 4935 control->tail_mbuf = prev; 4936 } 4937 continue; 4938 } 4939 prev = m; 4940 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4941 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m)); 4942 } 4943 sctp_sballoc(stcb, sb, m); 4944 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4945 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4946 } 4947 atomic_add_int(&control->length, SCTP_BUF_LEN(m)); 4948 m = SCTP_BUF_NEXT(m); 4949 } 4950 if (prev != NULL) { 4951 control->tail_mbuf = prev; 4952 } else { 4953 /* Everything got collapsed out?? */ 4954 if (!control->on_strm_q) { 4955 sctp_free_remote_addr(control->whoFrom); 4956 sctp_free_a_readq(stcb, control); 4957 } 4958 if (inp_read_lock_held == 0) 4959 SCTP_INP_READ_UNLOCK(inp); 4960 return; 4961 } 4962 if (end) { 4963 control->end_added = 1; 4964 } 4965 TAILQ_INSERT_TAIL(&inp->read_queue, control, next); 4966 control->on_read_q = 1; 4967 if (inp_read_lock_held == 0) 4968 SCTP_INP_READ_UNLOCK(inp); 4969 if (inp && inp->sctp_socket) { 4970 sctp_wakeup_the_read_socket(inp, stcb, so_locked); 4971 } 4972 } 4973 4974 /*************HOLD THIS COMMENT FOR PATCH FILE OF 4975 *************ALTERNATE ROUTING CODE 4976 */ 4977 4978 /*************HOLD THIS COMMENT FOR END OF PATCH FILE OF 4979 *************ALTERNATE ROUTING CODE 4980 */ 4981 4982 struct mbuf * 4983 sctp_generate_cause(uint16_t code, char *info) 4984 { 4985 struct mbuf *m; 4986 struct sctp_gen_error_cause *cause; 4987 size_t info_len; 4988 uint16_t len; 4989 4990 if ((code == 0) || (info == NULL)) { 4991 return (NULL); 4992 } 4993 info_len = strlen(info); 4994 if (info_len > (SCTP_MAX_CAUSE_LENGTH - sizeof(struct sctp_paramhdr))) { 4995 return (NULL); 4996 } 4997 len = (uint16_t)(sizeof(struct sctp_paramhdr) + info_len); 4998 m = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); 4999 if (m != NULL) { 5000 SCTP_BUF_LEN(m) = len; 5001 cause = mtod(m, struct sctp_gen_error_cause *); 5002 cause->code = htons(code); 5003 cause->length = htons(len); 5004 memcpy(cause->info, info, info_len); 5005 } 5006 return (m); 5007 } 5008 5009 struct mbuf * 5010 sctp_generate_no_user_data_cause(uint32_t tsn) 5011 { 5012 struct mbuf *m; 5013 struct sctp_error_no_user_data *no_user_data_cause; 5014 uint16_t len; 5015 5016 len = (uint16_t)sizeof(struct sctp_error_no_user_data); 5017 m = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); 5018 if (m != NULL) { 5019 SCTP_BUF_LEN(m) = len; 5020 no_user_data_cause = mtod(m, struct sctp_error_no_user_data *); 5021 no_user_data_cause->cause.code = htons(SCTP_CAUSE_NO_USER_DATA); 5022 no_user_data_cause->cause.length = htons(len); 5023 no_user_data_cause->tsn = htonl(tsn); 5024 } 5025 return (m); 5026 } 5027 5028 #ifdef SCTP_MBCNT_LOGGING 5029 void 5030 sctp_free_bufspace(struct sctp_tcb *stcb, struct sctp_association *asoc, 5031 struct sctp_tmit_chunk *tp1, int chk_cnt) 5032 { 5033 if (tp1->data == NULL) { 5034 return; 5035 } 5036 asoc->chunks_on_out_queue -= chk_cnt; 5037 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBCNT_LOGGING_ENABLE) { 5038 sctp_log_mbcnt(SCTP_LOG_MBCNT_DECREASE, 5039 asoc->total_output_queue_size, 5040 tp1->book_size, 5041 0, 5042 tp1->mbcnt); 5043 } 5044 if (asoc->total_output_queue_size >= tp1->book_size) { 5045 atomic_add_int(&asoc->total_output_queue_size, -tp1->book_size); 5046 } else { 5047 asoc->total_output_queue_size = 0; 5048 } 5049 5050 if (stcb->sctp_socket && (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) || 5051 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)))) { 5052 if (stcb->sctp_socket->so_snd.sb_cc >= tp1->book_size) { 5053 stcb->sctp_socket->so_snd.sb_cc -= tp1->book_size; 5054 } else { 5055 stcb->sctp_socket->so_snd.sb_cc = 0; 5056 } 5057 } 5058 } 5059 5060 #endif 5061 5062 int 5063 sctp_release_pr_sctp_chunk(struct sctp_tcb *stcb, struct sctp_tmit_chunk *tp1, 5064 uint8_t sent, int so_locked) 5065 { 5066 struct sctp_stream_out *strq; 5067 struct sctp_tmit_chunk *chk = NULL, *tp2; 5068 struct sctp_stream_queue_pending *sp; 5069 uint32_t mid; 5070 uint16_t sid; 5071 uint8_t foundeom = 0; 5072 int ret_sz = 0; 5073 int notdone; 5074 int do_wakeup_routine = 0; 5075 5076 sid = tp1->rec.data.sid; 5077 mid = tp1->rec.data.mid; 5078 if (sent || !(tp1->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG)) { 5079 stcb->asoc.abandoned_sent[0]++; 5080 stcb->asoc.abandoned_sent[PR_SCTP_POLICY(tp1->flags)]++; 5081 stcb->asoc.strmout[sid].abandoned_sent[0]++; 5082 #if defined(SCTP_DETAILED_STR_STATS) 5083 stcb->asoc.strmout[sid].abandoned_sent[PR_SCTP_POLICY(tp1->flags)]++; 5084 #endif 5085 } else { 5086 stcb->asoc.abandoned_unsent[0]++; 5087 stcb->asoc.abandoned_unsent[PR_SCTP_POLICY(tp1->flags)]++; 5088 stcb->asoc.strmout[sid].abandoned_unsent[0]++; 5089 #if defined(SCTP_DETAILED_STR_STATS) 5090 stcb->asoc.strmout[sid].abandoned_unsent[PR_SCTP_POLICY(tp1->flags)]++; 5091 #endif 5092 } 5093 do { 5094 ret_sz += tp1->book_size; 5095 if (tp1->data != NULL) { 5096 if (tp1->sent < SCTP_DATAGRAM_RESEND) { 5097 sctp_flight_size_decrease(tp1); 5098 sctp_total_flight_decrease(stcb, tp1); 5099 } 5100 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1); 5101 stcb->asoc.peers_rwnd += tp1->send_size; 5102 stcb->asoc.peers_rwnd += SCTP_BASE_SYSCTL(sctp_peer_chunk_oh); 5103 if (sent) { 5104 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 0, tp1, so_locked); 5105 } else { 5106 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 0, tp1, so_locked); 5107 } 5108 if (tp1->data) { 5109 sctp_m_freem(tp1->data); 5110 tp1->data = NULL; 5111 } 5112 do_wakeup_routine = 1; 5113 if (PR_SCTP_BUF_ENABLED(tp1->flags)) { 5114 stcb->asoc.sent_queue_cnt_removeable--; 5115 } 5116 } 5117 tp1->sent = SCTP_FORWARD_TSN_SKIP; 5118 if ((tp1->rec.data.rcv_flags & SCTP_DATA_NOT_FRAG) == 5119 SCTP_DATA_NOT_FRAG) { 5120 /* not frag'ed we ae done */ 5121 notdone = 0; 5122 foundeom = 1; 5123 } else if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { 5124 /* end of frag, we are done */ 5125 notdone = 0; 5126 foundeom = 1; 5127 } else { 5128 /* 5129 * Its a begin or middle piece, we must mark all of 5130 * it 5131 */ 5132 notdone = 1; 5133 tp1 = TAILQ_NEXT(tp1, sctp_next); 5134 } 5135 } while (tp1 && notdone); 5136 if (foundeom == 0) { 5137 /* 5138 * The multi-part message was scattered across the send and 5139 * sent queue. 5140 */ 5141 TAILQ_FOREACH_SAFE(tp1, &stcb->asoc.send_queue, sctp_next, tp2) { 5142 if ((tp1->rec.data.sid != sid) || 5143 (!SCTP_MID_EQ(stcb->asoc.idata_supported, tp1->rec.data.mid, mid))) { 5144 break; 5145 } 5146 /* 5147 * save to chk in case we have some on stream out 5148 * queue. If so and we have an un-transmitted one we 5149 * don't have to fudge the TSN. 5150 */ 5151 chk = tp1; 5152 ret_sz += tp1->book_size; 5153 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1); 5154 if (sent) { 5155 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 0, tp1, so_locked); 5156 } else { 5157 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 0, tp1, so_locked); 5158 } 5159 if (tp1->data) { 5160 sctp_m_freem(tp1->data); 5161 tp1->data = NULL; 5162 } 5163 /* No flight involved here book the size to 0 */ 5164 tp1->book_size = 0; 5165 if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { 5166 foundeom = 1; 5167 } 5168 do_wakeup_routine = 1; 5169 tp1->sent = SCTP_FORWARD_TSN_SKIP; 5170 TAILQ_REMOVE(&stcb->asoc.send_queue, tp1, sctp_next); 5171 /* 5172 * on to the sent queue so we can wait for it to be 5173 * passed by. 5174 */ 5175 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, tp1, 5176 sctp_next); 5177 stcb->asoc.send_queue_cnt--; 5178 stcb->asoc.sent_queue_cnt++; 5179 } 5180 } 5181 if (foundeom == 0) { 5182 /* 5183 * Still no eom found. That means there is stuff left on the 5184 * stream out queue.. yuck. 5185 */ 5186 SCTP_TCB_SEND_LOCK(stcb); 5187 strq = &stcb->asoc.strmout[sid]; 5188 sp = TAILQ_FIRST(&strq->outqueue); 5189 if (sp != NULL) { 5190 sp->discard_rest = 1; 5191 /* 5192 * We may need to put a chunk on the queue that 5193 * holds the TSN that would have been sent with the 5194 * LAST bit. 5195 */ 5196 if (chk == NULL) { 5197 /* Yep, we have to */ 5198 sctp_alloc_a_chunk(stcb, chk); 5199 if (chk == NULL) { 5200 /* 5201 * we are hosed. All we can do is 5202 * nothing.. which will cause an 5203 * abort if the peer is paying 5204 * attention. 5205 */ 5206 goto oh_well; 5207 } 5208 memset(chk, 0, sizeof(*chk)); 5209 chk->rec.data.rcv_flags = 0; 5210 chk->sent = SCTP_FORWARD_TSN_SKIP; 5211 chk->asoc = &stcb->asoc; 5212 if (stcb->asoc.idata_supported == 0) { 5213 if (sp->sinfo_flags & SCTP_UNORDERED) { 5214 chk->rec.data.mid = 0; 5215 } else { 5216 chk->rec.data.mid = strq->next_mid_ordered; 5217 } 5218 } else { 5219 if (sp->sinfo_flags & SCTP_UNORDERED) { 5220 chk->rec.data.mid = strq->next_mid_unordered; 5221 } else { 5222 chk->rec.data.mid = strq->next_mid_ordered; 5223 } 5224 } 5225 chk->rec.data.sid = sp->sid; 5226 chk->rec.data.ppid = sp->ppid; 5227 chk->rec.data.context = sp->context; 5228 chk->flags = sp->act_flags; 5229 chk->whoTo = NULL; 5230 chk->rec.data.tsn = atomic_fetchadd_int(&stcb->asoc.sending_seq, 1); 5231 strq->chunks_on_queues++; 5232 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, chk, sctp_next); 5233 stcb->asoc.sent_queue_cnt++; 5234 stcb->asoc.pr_sctp_cnt++; 5235 } 5236 chk->rec.data.rcv_flags |= SCTP_DATA_LAST_FRAG; 5237 if (sp->sinfo_flags & SCTP_UNORDERED) { 5238 chk->rec.data.rcv_flags |= SCTP_DATA_UNORDERED; 5239 } 5240 if (stcb->asoc.idata_supported == 0) { 5241 if ((sp->sinfo_flags & SCTP_UNORDERED) == 0) { 5242 strq->next_mid_ordered++; 5243 } 5244 } else { 5245 if (sp->sinfo_flags & SCTP_UNORDERED) { 5246 strq->next_mid_unordered++; 5247 } else { 5248 strq->next_mid_ordered++; 5249 } 5250 } 5251 oh_well: 5252 if (sp->data) { 5253 /* 5254 * Pull any data to free up the SB and allow 5255 * sender to "add more" while we will throw 5256 * away :-) 5257 */ 5258 sctp_free_spbufspace(stcb, &stcb->asoc, sp); 5259 ret_sz += sp->length; 5260 do_wakeup_routine = 1; 5261 sp->some_taken = 1; 5262 sctp_m_freem(sp->data); 5263 sp->data = NULL; 5264 sp->tail_mbuf = NULL; 5265 sp->length = 0; 5266 } 5267 } 5268 SCTP_TCB_SEND_UNLOCK(stcb); 5269 } 5270 if (do_wakeup_routine) { 5271 sctp_sowwakeup(stcb->sctp_ep, stcb->sctp_socket); 5272 } 5273 return (ret_sz); 5274 } 5275 5276 /* 5277 * checks to see if the given address, sa, is one that is currently known by 5278 * the kernel note: can't distinguish the same address on multiple interfaces 5279 * and doesn't handle multiple addresses with different zone/scope id's note: 5280 * ifa_ifwithaddr() compares the entire sockaddr struct 5281 */ 5282 struct sctp_ifa * 5283 sctp_find_ifa_in_ep(struct sctp_inpcb *inp, struct sockaddr *addr, 5284 int holds_lock) 5285 { 5286 struct sctp_laddr *laddr; 5287 5288 if (holds_lock == 0) { 5289 SCTP_INP_RLOCK(inp); 5290 } 5291 5292 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 5293 if (laddr->ifa == NULL) 5294 continue; 5295 if (addr->sa_family != laddr->ifa->address.sa.sa_family) 5296 continue; 5297 #ifdef INET 5298 if (addr->sa_family == AF_INET) { 5299 if (((struct sockaddr_in *)addr)->sin_addr.s_addr == 5300 laddr->ifa->address.sin.sin_addr.s_addr) { 5301 /* found him. */ 5302 break; 5303 } 5304 } 5305 #endif 5306 #ifdef INET6 5307 if (addr->sa_family == AF_INET6) { 5308 if (SCTP6_ARE_ADDR_EQUAL((struct sockaddr_in6 *)addr, 5309 &laddr->ifa->address.sin6)) { 5310 /* found him. */ 5311 break; 5312 } 5313 } 5314 #endif 5315 } 5316 if (holds_lock == 0) { 5317 SCTP_INP_RUNLOCK(inp); 5318 } 5319 if (laddr != NULL) { 5320 return (laddr->ifa); 5321 } else { 5322 return (NULL); 5323 } 5324 } 5325 5326 uint32_t 5327 sctp_get_ifa_hash_val(struct sockaddr *addr) 5328 { 5329 switch (addr->sa_family) { 5330 #ifdef INET 5331 case AF_INET: 5332 { 5333 struct sockaddr_in *sin; 5334 5335 sin = (struct sockaddr_in *)addr; 5336 return (sin->sin_addr.s_addr ^ (sin->sin_addr.s_addr >> 16)); 5337 } 5338 #endif 5339 #ifdef INET6 5340 case AF_INET6: 5341 { 5342 struct sockaddr_in6 *sin6; 5343 uint32_t hash_of_addr; 5344 5345 sin6 = (struct sockaddr_in6 *)addr; 5346 hash_of_addr = (sin6->sin6_addr.s6_addr32[0] + 5347 sin6->sin6_addr.s6_addr32[1] + 5348 sin6->sin6_addr.s6_addr32[2] + 5349 sin6->sin6_addr.s6_addr32[3]); 5350 hash_of_addr = (hash_of_addr ^ (hash_of_addr >> 16)); 5351 return (hash_of_addr); 5352 } 5353 #endif 5354 default: 5355 break; 5356 } 5357 return (0); 5358 } 5359 5360 struct sctp_ifa * 5361 sctp_find_ifa_by_addr(struct sockaddr *addr, uint32_t vrf_id, int holds_lock) 5362 { 5363 struct sctp_ifa *sctp_ifap; 5364 struct sctp_vrf *vrf; 5365 struct sctp_ifalist *hash_head; 5366 uint32_t hash_of_addr; 5367 5368 if (holds_lock == 0) { 5369 SCTP_IPI_ADDR_RLOCK(); 5370 } else { 5371 SCTP_IPI_ADDR_LOCK_ASSERT(); 5372 } 5373 5374 vrf = sctp_find_vrf(vrf_id); 5375 if (vrf == NULL) { 5376 if (holds_lock == 0) 5377 SCTP_IPI_ADDR_RUNLOCK(); 5378 return (NULL); 5379 } 5380 5381 hash_of_addr = sctp_get_ifa_hash_val(addr); 5382 5383 hash_head = &vrf->vrf_addr_hash[(hash_of_addr & vrf->vrf_addr_hashmark)]; 5384 if (hash_head == NULL) { 5385 SCTP_PRINTF("hash_of_addr:%x mask:%x table:%x - ", 5386 hash_of_addr, (uint32_t)vrf->vrf_addr_hashmark, 5387 (uint32_t)(hash_of_addr & vrf->vrf_addr_hashmark)); 5388 sctp_print_address(addr); 5389 SCTP_PRINTF("No such bucket for address\n"); 5390 if (holds_lock == 0) 5391 SCTP_IPI_ADDR_RUNLOCK(); 5392 5393 return (NULL); 5394 } 5395 LIST_FOREACH(sctp_ifap, hash_head, next_bucket) { 5396 if (addr->sa_family != sctp_ifap->address.sa.sa_family) 5397 continue; 5398 #ifdef INET 5399 if (addr->sa_family == AF_INET) { 5400 if (((struct sockaddr_in *)addr)->sin_addr.s_addr == 5401 sctp_ifap->address.sin.sin_addr.s_addr) { 5402 /* found him. */ 5403 break; 5404 } 5405 } 5406 #endif 5407 #ifdef INET6 5408 if (addr->sa_family == AF_INET6) { 5409 if (SCTP6_ARE_ADDR_EQUAL((struct sockaddr_in6 *)addr, 5410 &sctp_ifap->address.sin6)) { 5411 /* found him. */ 5412 break; 5413 } 5414 } 5415 #endif 5416 } 5417 if (holds_lock == 0) 5418 SCTP_IPI_ADDR_RUNLOCK(); 5419 return (sctp_ifap); 5420 } 5421 5422 static void 5423 sctp_user_rcvd(struct sctp_tcb *stcb, uint32_t *freed_so_far, int hold_rlock, 5424 uint32_t rwnd_req) 5425 { 5426 /* User pulled some data, do we need a rwnd update? */ 5427 struct epoch_tracker et; 5428 int r_unlocked = 0; 5429 uint32_t dif, rwnd; 5430 struct socket *so = NULL; 5431 5432 if (stcb == NULL) 5433 return; 5434 5435 atomic_add_int(&stcb->asoc.refcnt, 1); 5436 5437 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 5438 (stcb->asoc.state & (SCTP_STATE_ABOUT_TO_BE_FREED | SCTP_STATE_SHUTDOWN_RECEIVED))) { 5439 /* Pre-check If we are freeing no update */ 5440 goto no_lock; 5441 } 5442 SCTP_INP_INCR_REF(stcb->sctp_ep); 5443 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 5444 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 5445 goto out; 5446 } 5447 so = stcb->sctp_socket; 5448 if (so == NULL) { 5449 goto out; 5450 } 5451 atomic_add_int(&stcb->freed_by_sorcv_sincelast, *freed_so_far); 5452 /* Have you have freed enough to look */ 5453 *freed_so_far = 0; 5454 /* Yep, its worth a look and the lock overhead */ 5455 5456 /* Figure out what the rwnd would be */ 5457 rwnd = sctp_calc_rwnd(stcb, &stcb->asoc); 5458 if (rwnd >= stcb->asoc.my_last_reported_rwnd) { 5459 dif = rwnd - stcb->asoc.my_last_reported_rwnd; 5460 } else { 5461 dif = 0; 5462 } 5463 if (dif >= rwnd_req) { 5464 if (hold_rlock) { 5465 SCTP_INP_READ_UNLOCK(stcb->sctp_ep); 5466 r_unlocked = 1; 5467 } 5468 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5469 /* 5470 * One last check before we allow the guy possibly 5471 * to get in. There is a race, where the guy has not 5472 * reached the gate. In that case 5473 */ 5474 goto out; 5475 } 5476 SCTP_TCB_LOCK(stcb); 5477 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5478 /* No reports here */ 5479 SCTP_TCB_UNLOCK(stcb); 5480 goto out; 5481 } 5482 SCTP_STAT_INCR(sctps_wu_sacks_sent); 5483 NET_EPOCH_ENTER(et); 5484 sctp_send_sack(stcb, SCTP_SO_LOCKED); 5485 5486 sctp_chunk_output(stcb->sctp_ep, stcb, 5487 SCTP_OUTPUT_FROM_USR_RCVD, SCTP_SO_LOCKED); 5488 /* make sure no timer is running */ 5489 NET_EPOCH_EXIT(et); 5490 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, 5491 SCTP_FROM_SCTPUTIL + SCTP_LOC_6); 5492 SCTP_TCB_UNLOCK(stcb); 5493 } else { 5494 /* Update how much we have pending */ 5495 stcb->freed_by_sorcv_sincelast = dif; 5496 } 5497 out: 5498 if (so && r_unlocked && hold_rlock) { 5499 SCTP_INP_READ_LOCK(stcb->sctp_ep); 5500 } 5501 5502 SCTP_INP_DECR_REF(stcb->sctp_ep); 5503 no_lock: 5504 atomic_subtract_int(&stcb->asoc.refcnt, 1); 5505 return; 5506 } 5507 5508 int 5509 sctp_sorecvmsg(struct socket *so, 5510 struct uio *uio, 5511 struct mbuf **mp, 5512 struct sockaddr *from, 5513 int fromlen, 5514 int *msg_flags, 5515 struct sctp_sndrcvinfo *sinfo, 5516 int filling_sinfo) 5517 { 5518 /* 5519 * MSG flags we will look at MSG_DONTWAIT - non-blocking IO. 5520 * MSG_PEEK - Look don't touch :-D (only valid with OUT mbuf copy 5521 * mp=NULL thus uio is the copy method to userland) MSG_WAITALL - ?? 5522 * On the way out we may send out any combination of: 5523 * MSG_NOTIFICATION MSG_EOR 5524 * 5525 */ 5526 struct sctp_inpcb *inp = NULL; 5527 ssize_t my_len = 0; 5528 ssize_t cp_len = 0; 5529 int error = 0; 5530 struct sctp_queued_to_read *control = NULL, *ctl = NULL, *nxt = NULL; 5531 struct mbuf *m = NULL; 5532 struct sctp_tcb *stcb = NULL; 5533 int wakeup_read_socket = 0; 5534 int freecnt_applied = 0; 5535 int out_flags = 0, in_flags = 0; 5536 int block_allowed = 1; 5537 uint32_t freed_so_far = 0; 5538 ssize_t copied_so_far = 0; 5539 int in_eeor_mode = 0; 5540 int no_rcv_needed = 0; 5541 uint32_t rwnd_req = 0; 5542 int hold_sblock = 0; 5543 int hold_rlock = 0; 5544 ssize_t slen = 0; 5545 uint32_t held_length = 0; 5546 int sockbuf_lock = 0; 5547 5548 if (uio == NULL) { 5549 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 5550 return (EINVAL); 5551 } 5552 5553 if (msg_flags) { 5554 in_flags = *msg_flags; 5555 if (in_flags & MSG_PEEK) 5556 SCTP_STAT_INCR(sctps_read_peeks); 5557 } else { 5558 in_flags = 0; 5559 } 5560 slen = uio->uio_resid; 5561 5562 /* Pull in and set up our int flags */ 5563 if (in_flags & MSG_OOB) { 5564 /* Out of band's NOT supported */ 5565 return (EOPNOTSUPP); 5566 } 5567 if ((in_flags & MSG_PEEK) && (mp != NULL)) { 5568 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 5569 return (EINVAL); 5570 } 5571 if ((in_flags & (MSG_DONTWAIT 5572 | MSG_NBIO 5573 )) || 5574 SCTP_SO_IS_NBIO(so)) { 5575 block_allowed = 0; 5576 } 5577 /* setup the endpoint */ 5578 inp = (struct sctp_inpcb *)so->so_pcb; 5579 if (inp == NULL) { 5580 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EFAULT); 5581 return (EFAULT); 5582 } 5583 rwnd_req = (SCTP_SB_LIMIT_RCV(so) >> SCTP_RWND_HIWAT_SHIFT); 5584 /* Must be at least a MTU's worth */ 5585 if (rwnd_req < SCTP_MIN_RWND) 5586 rwnd_req = SCTP_MIN_RWND; 5587 in_eeor_mode = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR); 5588 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 5589 sctp_misc_ints(SCTP_SORECV_ENTER, 5590 rwnd_req, in_eeor_mode, so->so_rcv.sb_cc, (uint32_t)uio->uio_resid); 5591 } 5592 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 5593 sctp_misc_ints(SCTP_SORECV_ENTERPL, 5594 rwnd_req, block_allowed, so->so_rcv.sb_cc, (uint32_t)uio->uio_resid); 5595 } 5596 5597 error = SOCK_IO_RECV_LOCK(so, SBLOCKWAIT(in_flags)); 5598 if (error) { 5599 goto release_unlocked; 5600 } 5601 sockbuf_lock = 1; 5602 restart: 5603 5604 restart_nosblocks: 5605 if (hold_sblock == 0) { 5606 SOCKBUF_LOCK(&so->so_rcv); 5607 hold_sblock = 1; 5608 } 5609 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 5610 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 5611 goto out; 5612 } 5613 if ((so->so_rcv.sb_state & SBS_CANTRCVMORE) && (so->so_rcv.sb_cc == 0)) { 5614 if (so->so_error) { 5615 error = so->so_error; 5616 if ((in_flags & MSG_PEEK) == 0) 5617 so->so_error = 0; 5618 goto out; 5619 } else { 5620 if (so->so_rcv.sb_cc == 0) { 5621 /* indicate EOF */ 5622 error = 0; 5623 goto out; 5624 } 5625 } 5626 } 5627 if (so->so_rcv.sb_cc <= held_length) { 5628 if (so->so_error) { 5629 error = so->so_error; 5630 if ((in_flags & MSG_PEEK) == 0) { 5631 so->so_error = 0; 5632 } 5633 goto out; 5634 } 5635 if ((so->so_rcv.sb_cc == 0) && 5636 ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 5637 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL))) { 5638 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0) { 5639 /* 5640 * For active open side clear flags for 5641 * re-use passive open is blocked by 5642 * connect. 5643 */ 5644 if (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED) { 5645 /* 5646 * You were aborted, passive side 5647 * always hits here 5648 */ 5649 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ECONNRESET); 5650 error = ECONNRESET; 5651 } 5652 so->so_state &= ~(SS_ISCONNECTING | 5653 SS_ISDISCONNECTING | 5654 SS_ISCONFIRMING | 5655 SS_ISCONNECTED); 5656 if (error == 0) { 5657 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) == 0) { 5658 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOTCONN); 5659 error = ENOTCONN; 5660 } 5661 } 5662 goto out; 5663 } 5664 } 5665 if (block_allowed) { 5666 error = sbwait(&so->so_rcv); 5667 if (error) { 5668 goto out; 5669 } 5670 held_length = 0; 5671 goto restart_nosblocks; 5672 } else { 5673 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EWOULDBLOCK); 5674 error = EWOULDBLOCK; 5675 goto out; 5676 } 5677 } 5678 if (hold_sblock == 1) { 5679 SOCKBUF_UNLOCK(&so->so_rcv); 5680 hold_sblock = 0; 5681 } 5682 /* we possibly have data we can read */ 5683 /* sa_ignore FREED_MEMORY */ 5684 control = TAILQ_FIRST(&inp->read_queue); 5685 if (control == NULL) { 5686 /* 5687 * This could be happening since the appender did the 5688 * increment but as not yet did the tailq insert onto the 5689 * read_queue 5690 */ 5691 if (hold_rlock == 0) { 5692 SCTP_INP_READ_LOCK(inp); 5693 } 5694 control = TAILQ_FIRST(&inp->read_queue); 5695 if ((control == NULL) && (so->so_rcv.sb_cc != 0)) { 5696 #ifdef INVARIANTS 5697 panic("Huh, its non zero and nothing on control?"); 5698 #endif 5699 so->so_rcv.sb_cc = 0; 5700 } 5701 SCTP_INP_READ_UNLOCK(inp); 5702 hold_rlock = 0; 5703 goto restart; 5704 } 5705 5706 if ((control->length == 0) && 5707 (control->do_not_ref_stcb)) { 5708 /* 5709 * Clean up code for freeing assoc that left behind a 5710 * pdapi.. maybe a peer in EEOR that just closed after 5711 * sending and never indicated a EOR. 5712 */ 5713 if (hold_rlock == 0) { 5714 hold_rlock = 1; 5715 SCTP_INP_READ_LOCK(inp); 5716 } 5717 control->held_length = 0; 5718 if (control->data) { 5719 /* Hmm there is data here .. fix */ 5720 struct mbuf *m_tmp; 5721 int cnt = 0; 5722 5723 m_tmp = control->data; 5724 while (m_tmp) { 5725 cnt += SCTP_BUF_LEN(m_tmp); 5726 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 5727 control->tail_mbuf = m_tmp; 5728 control->end_added = 1; 5729 } 5730 m_tmp = SCTP_BUF_NEXT(m_tmp); 5731 } 5732 control->length = cnt; 5733 } else { 5734 /* remove it */ 5735 TAILQ_REMOVE(&inp->read_queue, control, next); 5736 /* Add back any hiddend data */ 5737 sctp_free_remote_addr(control->whoFrom); 5738 sctp_free_a_readq(stcb, control); 5739 } 5740 if (hold_rlock) { 5741 hold_rlock = 0; 5742 SCTP_INP_READ_UNLOCK(inp); 5743 } 5744 goto restart; 5745 } 5746 if ((control->length == 0) && 5747 (control->end_added == 1)) { 5748 /* 5749 * Do we also need to check for (control->pdapi_aborted == 5750 * 1)? 5751 */ 5752 if (hold_rlock == 0) { 5753 hold_rlock = 1; 5754 SCTP_INP_READ_LOCK(inp); 5755 } 5756 TAILQ_REMOVE(&inp->read_queue, control, next); 5757 if (control->data) { 5758 #ifdef INVARIANTS 5759 panic("control->data not null but control->length == 0"); 5760 #else 5761 SCTP_PRINTF("Strange, data left in the control buffer. Cleaning up.\n"); 5762 sctp_m_freem(control->data); 5763 control->data = NULL; 5764 #endif 5765 } 5766 if (control->aux_data) { 5767 sctp_m_free(control->aux_data); 5768 control->aux_data = NULL; 5769 } 5770 #ifdef INVARIANTS 5771 if (control->on_strm_q) { 5772 panic("About to free ctl:%p so:%p and its in %d", 5773 control, so, control->on_strm_q); 5774 } 5775 #endif 5776 sctp_free_remote_addr(control->whoFrom); 5777 sctp_free_a_readq(stcb, control); 5778 if (hold_rlock) { 5779 hold_rlock = 0; 5780 SCTP_INP_READ_UNLOCK(inp); 5781 } 5782 goto restart; 5783 } 5784 if (control->length == 0) { 5785 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE)) && 5786 (filling_sinfo)) { 5787 /* find a more suitable one then this */ 5788 ctl = TAILQ_NEXT(control, next); 5789 while (ctl) { 5790 if ((ctl->stcb != control->stcb) && (ctl->length) && 5791 (ctl->some_taken || 5792 (ctl->spec_flags & M_NOTIFICATION) || 5793 ((ctl->do_not_ref_stcb == 0) && 5794 (ctl->stcb->asoc.strmin[ctl->sinfo_stream].delivery_started == 0))) 5795 ) { 5796 /*- 5797 * If we have a different TCB next, and there is data 5798 * present. If we have already taken some (pdapi), OR we can 5799 * ref the tcb and no delivery as started on this stream, we 5800 * take it. Note we allow a notification on a different 5801 * assoc to be delivered.. 5802 */ 5803 control = ctl; 5804 goto found_one; 5805 } else if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS)) && 5806 (ctl->length) && 5807 ((ctl->some_taken) || 5808 ((ctl->do_not_ref_stcb == 0) && 5809 ((ctl->spec_flags & M_NOTIFICATION) == 0) && 5810 (ctl->stcb->asoc.strmin[ctl->sinfo_stream].delivery_started == 0)))) { 5811 /*- 5812 * If we have the same tcb, and there is data present, and we 5813 * have the strm interleave feature present. Then if we have 5814 * taken some (pdapi) or we can refer to tht tcb AND we have 5815 * not started a delivery for this stream, we can take it. 5816 * Note we do NOT allow a notificaiton on the same assoc to 5817 * be delivered. 5818 */ 5819 control = ctl; 5820 goto found_one; 5821 } 5822 ctl = TAILQ_NEXT(ctl, next); 5823 } 5824 } 5825 /* 5826 * if we reach here, not suitable replacement is available 5827 * <or> fragment interleave is NOT on. So stuff the sb_cc 5828 * into the our held count, and its time to sleep again. 5829 */ 5830 held_length = so->so_rcv.sb_cc; 5831 control->held_length = so->so_rcv.sb_cc; 5832 goto restart; 5833 } 5834 /* Clear the held length since there is something to read */ 5835 control->held_length = 0; 5836 found_one: 5837 /* 5838 * If we reach here, control has a some data for us to read off. 5839 * Note that stcb COULD be NULL. 5840 */ 5841 if (hold_rlock == 0) { 5842 hold_rlock = 1; 5843 SCTP_INP_READ_LOCK(inp); 5844 } 5845 control->some_taken++; 5846 stcb = control->stcb; 5847 if (stcb) { 5848 if ((control->do_not_ref_stcb == 0) && 5849 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED)) { 5850 if (freecnt_applied == 0) 5851 stcb = NULL; 5852 } else if (control->do_not_ref_stcb == 0) { 5853 /* you can't free it on me please */ 5854 /* 5855 * The lock on the socket buffer protects us so the 5856 * free code will stop. But since we used the 5857 * socketbuf lock and the sender uses the tcb_lock 5858 * to increment, we need to use the atomic add to 5859 * the refcnt 5860 */ 5861 if (freecnt_applied) { 5862 #ifdef INVARIANTS 5863 panic("refcnt already incremented"); 5864 #else 5865 SCTP_PRINTF("refcnt already incremented?\n"); 5866 #endif 5867 } else { 5868 atomic_add_int(&stcb->asoc.refcnt, 1); 5869 freecnt_applied = 1; 5870 } 5871 /* 5872 * Setup to remember how much we have not yet told 5873 * the peer our rwnd has opened up. Note we grab the 5874 * value from the tcb from last time. Note too that 5875 * sack sending clears this when a sack is sent, 5876 * which is fine. Once we hit the rwnd_req, we then 5877 * will go to the sctp_user_rcvd() that will not 5878 * lock until it KNOWs it MUST send a WUP-SACK. 5879 */ 5880 freed_so_far = (uint32_t)stcb->freed_by_sorcv_sincelast; 5881 stcb->freed_by_sorcv_sincelast = 0; 5882 } 5883 } 5884 if (stcb && 5885 ((control->spec_flags & M_NOTIFICATION) == 0) && 5886 control->do_not_ref_stcb == 0) { 5887 stcb->asoc.strmin[control->sinfo_stream].delivery_started = 1; 5888 } 5889 5890 /* First lets get off the sinfo and sockaddr info */ 5891 if ((sinfo != NULL) && (filling_sinfo != 0)) { 5892 sinfo->sinfo_stream = control->sinfo_stream; 5893 sinfo->sinfo_ssn = (uint16_t)control->mid; 5894 sinfo->sinfo_flags = control->sinfo_flags; 5895 sinfo->sinfo_ppid = control->sinfo_ppid; 5896 sinfo->sinfo_context = control->sinfo_context; 5897 sinfo->sinfo_timetolive = control->sinfo_timetolive; 5898 sinfo->sinfo_tsn = control->sinfo_tsn; 5899 sinfo->sinfo_cumtsn = control->sinfo_cumtsn; 5900 sinfo->sinfo_assoc_id = control->sinfo_assoc_id; 5901 nxt = TAILQ_NEXT(control, next); 5902 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO) || 5903 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) { 5904 struct sctp_extrcvinfo *s_extra; 5905 5906 s_extra = (struct sctp_extrcvinfo *)sinfo; 5907 if ((nxt) && 5908 (nxt->length)) { 5909 s_extra->serinfo_next_flags = SCTP_NEXT_MSG_AVAIL; 5910 if (nxt->sinfo_flags & SCTP_UNORDERED) { 5911 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_IS_UNORDERED; 5912 } 5913 if (nxt->spec_flags & M_NOTIFICATION) { 5914 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_IS_NOTIFICATION; 5915 } 5916 s_extra->serinfo_next_aid = nxt->sinfo_assoc_id; 5917 s_extra->serinfo_next_length = nxt->length; 5918 s_extra->serinfo_next_ppid = nxt->sinfo_ppid; 5919 s_extra->serinfo_next_stream = nxt->sinfo_stream; 5920 if (nxt->tail_mbuf != NULL) { 5921 if (nxt->end_added) { 5922 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_ISCOMPLETE; 5923 } 5924 } 5925 } else { 5926 /* 5927 * we explicitly 0 this, since the memcpy 5928 * got some other things beyond the older 5929 * sinfo_ that is on the control's structure 5930 * :-D 5931 */ 5932 nxt = NULL; 5933 s_extra->serinfo_next_flags = SCTP_NO_NEXT_MSG; 5934 s_extra->serinfo_next_aid = 0; 5935 s_extra->serinfo_next_length = 0; 5936 s_extra->serinfo_next_ppid = 0; 5937 s_extra->serinfo_next_stream = 0; 5938 } 5939 } 5940 /* 5941 * update off the real current cum-ack, if we have an stcb. 5942 */ 5943 if ((control->do_not_ref_stcb == 0) && stcb) 5944 sinfo->sinfo_cumtsn = stcb->asoc.cumulative_tsn; 5945 /* 5946 * mask off the high bits, we keep the actual chunk bits in 5947 * there. 5948 */ 5949 sinfo->sinfo_flags &= 0x00ff; 5950 if ((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED) { 5951 sinfo->sinfo_flags |= SCTP_UNORDERED; 5952 } 5953 } 5954 #ifdef SCTP_ASOCLOG_OF_TSNS 5955 { 5956 int index, newindex; 5957 struct sctp_pcbtsn_rlog *entry; 5958 5959 do { 5960 index = inp->readlog_index; 5961 newindex = index + 1; 5962 if (newindex >= SCTP_READ_LOG_SIZE) { 5963 newindex = 0; 5964 } 5965 } while (atomic_cmpset_int(&inp->readlog_index, index, newindex) == 0); 5966 entry = &inp->readlog[index]; 5967 entry->vtag = control->sinfo_assoc_id; 5968 entry->strm = control->sinfo_stream; 5969 entry->seq = (uint16_t)control->mid; 5970 entry->sz = control->length; 5971 entry->flgs = control->sinfo_flags; 5972 } 5973 #endif 5974 if ((fromlen > 0) && (from != NULL)) { 5975 union sctp_sockstore store; 5976 size_t len; 5977 5978 switch (control->whoFrom->ro._l_addr.sa.sa_family) { 5979 #ifdef INET6 5980 case AF_INET6: 5981 len = sizeof(struct sockaddr_in6); 5982 store.sin6 = control->whoFrom->ro._l_addr.sin6; 5983 store.sin6.sin6_port = control->port_from; 5984 break; 5985 #endif 5986 #ifdef INET 5987 case AF_INET: 5988 #ifdef INET6 5989 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NEEDS_MAPPED_V4)) { 5990 len = sizeof(struct sockaddr_in6); 5991 in6_sin_2_v4mapsin6(&control->whoFrom->ro._l_addr.sin, 5992 &store.sin6); 5993 store.sin6.sin6_port = control->port_from; 5994 } else { 5995 len = sizeof(struct sockaddr_in); 5996 store.sin = control->whoFrom->ro._l_addr.sin; 5997 store.sin.sin_port = control->port_from; 5998 } 5999 #else 6000 len = sizeof(struct sockaddr_in); 6001 store.sin = control->whoFrom->ro._l_addr.sin; 6002 store.sin.sin_port = control->port_from; 6003 #endif 6004 break; 6005 #endif 6006 default: 6007 len = 0; 6008 break; 6009 } 6010 memcpy(from, &store, min((size_t)fromlen, len)); 6011 #ifdef INET6 6012 { 6013 struct sockaddr_in6 lsa6, *from6; 6014 6015 from6 = (struct sockaddr_in6 *)from; 6016 sctp_recover_scope_mac(from6, (&lsa6)); 6017 } 6018 #endif 6019 } 6020 if (hold_rlock) { 6021 SCTP_INP_READ_UNLOCK(inp); 6022 hold_rlock = 0; 6023 } 6024 if (hold_sblock) { 6025 SOCKBUF_UNLOCK(&so->so_rcv); 6026 hold_sblock = 0; 6027 } 6028 /* now copy out what data we can */ 6029 if (mp == NULL) { 6030 /* copy out each mbuf in the chain up to length */ 6031 get_more_data: 6032 m = control->data; 6033 while (m) { 6034 /* Move out all we can */ 6035 cp_len = uio->uio_resid; 6036 my_len = SCTP_BUF_LEN(m); 6037 if (cp_len > my_len) { 6038 /* not enough in this buf */ 6039 cp_len = my_len; 6040 } 6041 if (hold_rlock) { 6042 SCTP_INP_READ_UNLOCK(inp); 6043 hold_rlock = 0; 6044 } 6045 if (cp_len > 0) 6046 error = uiomove(mtod(m, char *), (int)cp_len, uio); 6047 /* re-read */ 6048 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 6049 goto release; 6050 } 6051 6052 if ((control->do_not_ref_stcb == 0) && stcb && 6053 stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 6054 no_rcv_needed = 1; 6055 } 6056 if (error) { 6057 /* error we are out of here */ 6058 goto release; 6059 } 6060 SCTP_INP_READ_LOCK(inp); 6061 hold_rlock = 1; 6062 if (cp_len == SCTP_BUF_LEN(m)) { 6063 if ((SCTP_BUF_NEXT(m) == NULL) && 6064 (control->end_added)) { 6065 out_flags |= MSG_EOR; 6066 if ((control->do_not_ref_stcb == 0) && 6067 (control->stcb != NULL) && 6068 ((control->spec_flags & M_NOTIFICATION) == 0)) 6069 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 6070 } 6071 if (control->spec_flags & M_NOTIFICATION) { 6072 out_flags |= MSG_NOTIFICATION; 6073 } 6074 /* we ate up the mbuf */ 6075 if (in_flags & MSG_PEEK) { 6076 /* just looking */ 6077 m = SCTP_BUF_NEXT(m); 6078 copied_so_far += cp_len; 6079 } else { 6080 /* dispose of the mbuf */ 6081 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 6082 sctp_sblog(&so->so_rcv, 6083 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 6084 } 6085 sctp_sbfree(control, stcb, &so->so_rcv, m); 6086 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 6087 sctp_sblog(&so->so_rcv, 6088 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 6089 } 6090 copied_so_far += cp_len; 6091 freed_so_far += (uint32_t)cp_len; 6092 freed_so_far += MSIZE; 6093 atomic_subtract_int(&control->length, (int)cp_len); 6094 control->data = sctp_m_free(m); 6095 m = control->data; 6096 /* 6097 * been through it all, must hold sb 6098 * lock ok to null tail 6099 */ 6100 if (control->data == NULL) { 6101 #ifdef INVARIANTS 6102 if ((control->end_added == 0) || 6103 (TAILQ_NEXT(control, next) == NULL)) { 6104 /* 6105 * If the end is not 6106 * added, OR the 6107 * next is NOT null 6108 * we MUST have the 6109 * lock. 6110 */ 6111 if (mtx_owned(&inp->inp_rdata_mtx) == 0) { 6112 panic("Hmm we don't own the lock?"); 6113 } 6114 } 6115 #endif 6116 control->tail_mbuf = NULL; 6117 #ifdef INVARIANTS 6118 if ((control->end_added) && ((out_flags & MSG_EOR) == 0)) { 6119 panic("end_added, nothing left and no MSG_EOR"); 6120 } 6121 #endif 6122 } 6123 } 6124 } else { 6125 /* Do we need to trim the mbuf? */ 6126 if (control->spec_flags & M_NOTIFICATION) { 6127 out_flags |= MSG_NOTIFICATION; 6128 } 6129 if ((in_flags & MSG_PEEK) == 0) { 6130 SCTP_BUF_RESV_UF(m, cp_len); 6131 SCTP_BUF_LEN(m) -= (int)cp_len; 6132 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 6133 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, (int)cp_len); 6134 } 6135 atomic_subtract_int(&so->so_rcv.sb_cc, (int)cp_len); 6136 if ((control->do_not_ref_stcb == 0) && 6137 stcb) { 6138 atomic_subtract_int(&stcb->asoc.sb_cc, (int)cp_len); 6139 } 6140 copied_so_far += cp_len; 6141 freed_so_far += (uint32_t)cp_len; 6142 freed_so_far += MSIZE; 6143 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 6144 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, 6145 SCTP_LOG_SBRESULT, 0); 6146 } 6147 atomic_subtract_int(&control->length, (int)cp_len); 6148 } else { 6149 copied_so_far += cp_len; 6150 } 6151 } 6152 if ((out_flags & MSG_EOR) || (uio->uio_resid == 0)) { 6153 break; 6154 } 6155 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 6156 (control->do_not_ref_stcb == 0) && 6157 (freed_so_far >= rwnd_req)) { 6158 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 6159 } 6160 } /* end while(m) */ 6161 /* 6162 * At this point we have looked at it all and we either have 6163 * a MSG_EOR/or read all the user wants... <OR> 6164 * control->length == 0. 6165 */ 6166 if ((out_flags & MSG_EOR) && ((in_flags & MSG_PEEK) == 0)) { 6167 /* we are done with this control */ 6168 if (control->length == 0) { 6169 if (control->data) { 6170 #ifdef INVARIANTS 6171 panic("control->data not null at read eor?"); 6172 #else 6173 SCTP_PRINTF("Strange, data left in the control buffer .. invarients would panic?\n"); 6174 sctp_m_freem(control->data); 6175 control->data = NULL; 6176 #endif 6177 } 6178 done_with_control: 6179 if (hold_rlock == 0) { 6180 SCTP_INP_READ_LOCK(inp); 6181 hold_rlock = 1; 6182 } 6183 TAILQ_REMOVE(&inp->read_queue, control, next); 6184 /* Add back any hiddend data */ 6185 if (control->held_length) { 6186 held_length = 0; 6187 control->held_length = 0; 6188 wakeup_read_socket = 1; 6189 } 6190 if (control->aux_data) { 6191 sctp_m_free(control->aux_data); 6192 control->aux_data = NULL; 6193 } 6194 no_rcv_needed = control->do_not_ref_stcb; 6195 sctp_free_remote_addr(control->whoFrom); 6196 control->data = NULL; 6197 #ifdef INVARIANTS 6198 if (control->on_strm_q) { 6199 panic("About to free ctl:%p so:%p and its in %d", 6200 control, so, control->on_strm_q); 6201 } 6202 #endif 6203 sctp_free_a_readq(stcb, control); 6204 control = NULL; 6205 if ((freed_so_far >= rwnd_req) && 6206 (no_rcv_needed == 0)) 6207 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 6208 6209 } else { 6210 /* 6211 * The user did not read all of this 6212 * message, turn off the returned MSG_EOR 6213 * since we are leaving more behind on the 6214 * control to read. 6215 */ 6216 #ifdef INVARIANTS 6217 if (control->end_added && 6218 (control->data == NULL) && 6219 (control->tail_mbuf == NULL)) { 6220 panic("Gak, control->length is corrupt?"); 6221 } 6222 #endif 6223 no_rcv_needed = control->do_not_ref_stcb; 6224 out_flags &= ~MSG_EOR; 6225 } 6226 } 6227 if (out_flags & MSG_EOR) { 6228 goto release; 6229 } 6230 if ((uio->uio_resid == 0) || 6231 ((in_eeor_mode) && 6232 (copied_so_far >= max(so->so_rcv.sb_lowat, 1)))) { 6233 goto release; 6234 } 6235 /* 6236 * If I hit here the receiver wants more and this message is 6237 * NOT done (pd-api). So two questions. Can we block? if not 6238 * we are done. Did the user NOT set MSG_WAITALL? 6239 */ 6240 if (block_allowed == 0) { 6241 goto release; 6242 } 6243 /* 6244 * We need to wait for more data a few things: - We don't 6245 * release the I/O lock so we don't get someone else 6246 * reading. - We must be sure to account for the case where 6247 * what is added is NOT to our control when we wakeup. 6248 */ 6249 6250 /* 6251 * Do we need to tell the transport a rwnd update might be 6252 * needed before we go to sleep? 6253 */ 6254 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 6255 ((freed_so_far >= rwnd_req) && 6256 (control->do_not_ref_stcb == 0) && 6257 (no_rcv_needed == 0))) { 6258 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 6259 } 6260 wait_some_more: 6261 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) { 6262 goto release; 6263 } 6264 6265 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) 6266 goto release; 6267 6268 if (hold_rlock == 1) { 6269 SCTP_INP_READ_UNLOCK(inp); 6270 hold_rlock = 0; 6271 } 6272 if (hold_sblock == 0) { 6273 SOCKBUF_LOCK(&so->so_rcv); 6274 hold_sblock = 1; 6275 } 6276 if ((copied_so_far) && (control->length == 0) && 6277 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE))) { 6278 goto release; 6279 } 6280 if (so->so_rcv.sb_cc <= control->held_length) { 6281 error = sbwait(&so->so_rcv); 6282 if (error) { 6283 goto release; 6284 } 6285 control->held_length = 0; 6286 } 6287 if (hold_sblock) { 6288 SOCKBUF_UNLOCK(&so->so_rcv); 6289 hold_sblock = 0; 6290 } 6291 if (control->length == 0) { 6292 /* still nothing here */ 6293 if (control->end_added == 1) { 6294 /* he aborted, or is done i.e.did a shutdown */ 6295 out_flags |= MSG_EOR; 6296 if (control->pdapi_aborted) { 6297 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0)) 6298 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 6299 6300 out_flags |= MSG_TRUNC; 6301 } else { 6302 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0)) 6303 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 6304 } 6305 goto done_with_control; 6306 } 6307 if (so->so_rcv.sb_cc > held_length) { 6308 control->held_length = so->so_rcv.sb_cc; 6309 held_length = 0; 6310 } 6311 goto wait_some_more; 6312 } else if (control->data == NULL) { 6313 /* 6314 * we must re-sync since data is probably being 6315 * added 6316 */ 6317 SCTP_INP_READ_LOCK(inp); 6318 if ((control->length > 0) && (control->data == NULL)) { 6319 /* 6320 * big trouble.. we have the lock and its 6321 * corrupt? 6322 */ 6323 #ifdef INVARIANTS 6324 panic("Impossible data==NULL length !=0"); 6325 #endif 6326 out_flags |= MSG_EOR; 6327 out_flags |= MSG_TRUNC; 6328 control->length = 0; 6329 SCTP_INP_READ_UNLOCK(inp); 6330 goto done_with_control; 6331 } 6332 SCTP_INP_READ_UNLOCK(inp); 6333 /* We will fall around to get more data */ 6334 } 6335 goto get_more_data; 6336 } else { 6337 /*- 6338 * Give caller back the mbuf chain, 6339 * store in uio_resid the length 6340 */ 6341 wakeup_read_socket = 0; 6342 if ((control->end_added == 0) || 6343 (TAILQ_NEXT(control, next) == NULL)) { 6344 /* Need to get rlock */ 6345 if (hold_rlock == 0) { 6346 SCTP_INP_READ_LOCK(inp); 6347 hold_rlock = 1; 6348 } 6349 } 6350 if (control->end_added) { 6351 out_flags |= MSG_EOR; 6352 if ((control->do_not_ref_stcb == 0) && 6353 (control->stcb != NULL) && 6354 ((control->spec_flags & M_NOTIFICATION) == 0)) 6355 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 6356 } 6357 if (control->spec_flags & M_NOTIFICATION) { 6358 out_flags |= MSG_NOTIFICATION; 6359 } 6360 uio->uio_resid = control->length; 6361 *mp = control->data; 6362 m = control->data; 6363 while (m) { 6364 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 6365 sctp_sblog(&so->so_rcv, 6366 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 6367 } 6368 sctp_sbfree(control, stcb, &so->so_rcv, m); 6369 freed_so_far += (uint32_t)SCTP_BUF_LEN(m); 6370 freed_so_far += MSIZE; 6371 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 6372 sctp_sblog(&so->so_rcv, 6373 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 6374 } 6375 m = SCTP_BUF_NEXT(m); 6376 } 6377 control->data = control->tail_mbuf = NULL; 6378 control->length = 0; 6379 if (out_flags & MSG_EOR) { 6380 /* Done with this control */ 6381 goto done_with_control; 6382 } 6383 } 6384 release: 6385 if (hold_rlock == 1) { 6386 SCTP_INP_READ_UNLOCK(inp); 6387 hold_rlock = 0; 6388 } 6389 if (hold_sblock == 1) { 6390 SOCKBUF_UNLOCK(&so->so_rcv); 6391 hold_sblock = 0; 6392 } 6393 6394 SOCK_IO_RECV_UNLOCK(so); 6395 sockbuf_lock = 0; 6396 6397 release_unlocked: 6398 if (hold_sblock) { 6399 SOCKBUF_UNLOCK(&so->so_rcv); 6400 hold_sblock = 0; 6401 } 6402 if ((stcb) && (in_flags & MSG_PEEK) == 0) { 6403 if ((freed_so_far >= rwnd_req) && 6404 (control && (control->do_not_ref_stcb == 0)) && 6405 (no_rcv_needed == 0)) 6406 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 6407 } 6408 out: 6409 if (msg_flags) { 6410 *msg_flags = out_flags; 6411 } 6412 if (((out_flags & MSG_EOR) == 0) && 6413 ((in_flags & MSG_PEEK) == 0) && 6414 (sinfo) && 6415 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO) || 6416 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO))) { 6417 struct sctp_extrcvinfo *s_extra; 6418 6419 s_extra = (struct sctp_extrcvinfo *)sinfo; 6420 s_extra->serinfo_next_flags = SCTP_NO_NEXT_MSG; 6421 } 6422 if (hold_rlock == 1) { 6423 SCTP_INP_READ_UNLOCK(inp); 6424 } 6425 if (hold_sblock) { 6426 SOCKBUF_UNLOCK(&so->so_rcv); 6427 } 6428 if (sockbuf_lock) { 6429 SOCK_IO_RECV_UNLOCK(so); 6430 } 6431 6432 if (freecnt_applied) { 6433 /* 6434 * The lock on the socket buffer protects us so the free 6435 * code will stop. But since we used the socketbuf lock and 6436 * the sender uses the tcb_lock to increment, we need to use 6437 * the atomic add to the refcnt. 6438 */ 6439 if (stcb == NULL) { 6440 #ifdef INVARIANTS 6441 panic("stcb for refcnt has gone NULL?"); 6442 goto stage_left; 6443 #else 6444 goto stage_left; 6445 #endif 6446 } 6447 /* Save the value back for next time */ 6448 stcb->freed_by_sorcv_sincelast = freed_so_far; 6449 atomic_subtract_int(&stcb->asoc.refcnt, 1); 6450 } 6451 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 6452 if (stcb) { 6453 sctp_misc_ints(SCTP_SORECV_DONE, 6454 freed_so_far, 6455 (uint32_t)((uio) ? (slen - uio->uio_resid) : slen), 6456 stcb->asoc.my_rwnd, 6457 so->so_rcv.sb_cc); 6458 } else { 6459 sctp_misc_ints(SCTP_SORECV_DONE, 6460 freed_so_far, 6461 (uint32_t)((uio) ? (slen - uio->uio_resid) : slen), 6462 0, 6463 so->so_rcv.sb_cc); 6464 } 6465 } 6466 stage_left: 6467 if (wakeup_read_socket) { 6468 sctp_sorwakeup(inp, so); 6469 } 6470 return (error); 6471 } 6472 6473 #ifdef SCTP_MBUF_LOGGING 6474 struct mbuf * 6475 sctp_m_free(struct mbuf *m) 6476 { 6477 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 6478 sctp_log_mb(m, SCTP_MBUF_IFREE); 6479 } 6480 return (m_free(m)); 6481 } 6482 6483 void 6484 sctp_m_freem(struct mbuf *mb) 6485 { 6486 while (mb != NULL) 6487 mb = sctp_m_free(mb); 6488 } 6489 6490 #endif 6491 6492 int 6493 sctp_dynamic_set_primary(struct sockaddr *sa, uint32_t vrf_id) 6494 { 6495 /* 6496 * Given a local address. For all associations that holds the 6497 * address, request a peer-set-primary. 6498 */ 6499 struct sctp_ifa *ifa; 6500 struct sctp_laddr *wi; 6501 6502 ifa = sctp_find_ifa_by_addr(sa, vrf_id, SCTP_ADDR_NOT_LOCKED); 6503 if (ifa == NULL) { 6504 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EADDRNOTAVAIL); 6505 return (EADDRNOTAVAIL); 6506 } 6507 /* 6508 * Now that we have the ifa we must awaken the iterator with this 6509 * message. 6510 */ 6511 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 6512 if (wi == NULL) { 6513 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 6514 return (ENOMEM); 6515 } 6516 /* Now incr the count and int wi structure */ 6517 SCTP_INCR_LADDR_COUNT(); 6518 memset(wi, 0, sizeof(*wi)); 6519 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time); 6520 wi->ifa = ifa; 6521 wi->action = SCTP_SET_PRIM_ADDR; 6522 atomic_add_int(&ifa->refcount, 1); 6523 6524 /* Now add it to the work queue */ 6525 SCTP_WQ_ADDR_LOCK(); 6526 /* 6527 * Should this really be a tailq? As it is we will process the 6528 * newest first :-0 6529 */ 6530 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); 6531 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 6532 (struct sctp_inpcb *)NULL, 6533 (struct sctp_tcb *)NULL, 6534 (struct sctp_nets *)NULL); 6535 SCTP_WQ_ADDR_UNLOCK(); 6536 return (0); 6537 } 6538 6539 int 6540 sctp_soreceive(struct socket *so, 6541 struct sockaddr **psa, 6542 struct uio *uio, 6543 struct mbuf **mp0, 6544 struct mbuf **controlp, 6545 int *flagsp) 6546 { 6547 int error, fromlen; 6548 uint8_t sockbuf[256]; 6549 struct sockaddr *from; 6550 struct sctp_extrcvinfo sinfo; 6551 int filling_sinfo = 1; 6552 int flags; 6553 struct sctp_inpcb *inp; 6554 6555 inp = (struct sctp_inpcb *)so->so_pcb; 6556 /* pickup the assoc we are reading from */ 6557 if (inp == NULL) { 6558 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6559 return (EINVAL); 6560 } 6561 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT) && 6562 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVRCVINFO) && 6563 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) || 6564 (controlp == NULL)) { 6565 /* user does not want the sndrcv ctl */ 6566 filling_sinfo = 0; 6567 } 6568 if (psa) { 6569 from = (struct sockaddr *)sockbuf; 6570 fromlen = sizeof(sockbuf); 6571 from->sa_len = 0; 6572 } else { 6573 from = NULL; 6574 fromlen = 0; 6575 } 6576 6577 if (filling_sinfo) { 6578 memset(&sinfo, 0, sizeof(struct sctp_extrcvinfo)); 6579 } 6580 if (flagsp != NULL) { 6581 flags = *flagsp; 6582 } else { 6583 flags = 0; 6584 } 6585 error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, &flags, 6586 (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo); 6587 if (flagsp != NULL) { 6588 *flagsp = flags; 6589 } 6590 if (controlp != NULL) { 6591 /* copy back the sinfo in a CMSG format */ 6592 if (filling_sinfo && ((flags & MSG_NOTIFICATION) == 0)) { 6593 *controlp = sctp_build_ctl_nchunk(inp, 6594 (struct sctp_sndrcvinfo *)&sinfo); 6595 } else { 6596 *controlp = NULL; 6597 } 6598 } 6599 if (psa) { 6600 /* copy back the address info */ 6601 if (from && from->sa_len) { 6602 *psa = sodupsockaddr(from, M_NOWAIT); 6603 } else { 6604 *psa = NULL; 6605 } 6606 } 6607 return (error); 6608 } 6609 6610 int 6611 sctp_connectx_helper_add(struct sctp_tcb *stcb, struct sockaddr *addr, 6612 int totaddr, int *error) 6613 { 6614 int added = 0; 6615 int i; 6616 struct sctp_inpcb *inp; 6617 struct sockaddr *sa; 6618 size_t incr = 0; 6619 #ifdef INET 6620 struct sockaddr_in *sin; 6621 #endif 6622 #ifdef INET6 6623 struct sockaddr_in6 *sin6; 6624 #endif 6625 6626 sa = addr; 6627 inp = stcb->sctp_ep; 6628 *error = 0; 6629 for (i = 0; i < totaddr; i++) { 6630 switch (sa->sa_family) { 6631 #ifdef INET 6632 case AF_INET: 6633 incr = sizeof(struct sockaddr_in); 6634 sin = (struct sockaddr_in *)sa; 6635 if ((sin->sin_addr.s_addr == INADDR_ANY) || 6636 (sin->sin_addr.s_addr == INADDR_BROADCAST) || 6637 IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { 6638 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6639 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6640 SCTP_FROM_SCTPUTIL + SCTP_LOC_7); 6641 *error = EINVAL; 6642 goto out_now; 6643 } 6644 if (sctp_add_remote_addr(stcb, sa, NULL, stcb->asoc.port, 6645 SCTP_DONOT_SETSCOPE, 6646 SCTP_ADDR_IS_CONFIRMED)) { 6647 /* assoc gone no un-lock */ 6648 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOBUFS); 6649 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6650 SCTP_FROM_SCTPUTIL + SCTP_LOC_8); 6651 *error = ENOBUFS; 6652 goto out_now; 6653 } 6654 added++; 6655 break; 6656 #endif 6657 #ifdef INET6 6658 case AF_INET6: 6659 incr = sizeof(struct sockaddr_in6); 6660 sin6 = (struct sockaddr_in6 *)sa; 6661 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) || 6662 IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 6663 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6664 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6665 SCTP_FROM_SCTPUTIL + SCTP_LOC_9); 6666 *error = EINVAL; 6667 goto out_now; 6668 } 6669 if (sctp_add_remote_addr(stcb, sa, NULL, stcb->asoc.port, 6670 SCTP_DONOT_SETSCOPE, 6671 SCTP_ADDR_IS_CONFIRMED)) { 6672 /* assoc gone no un-lock */ 6673 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOBUFS); 6674 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6675 SCTP_FROM_SCTPUTIL + SCTP_LOC_10); 6676 *error = ENOBUFS; 6677 goto out_now; 6678 } 6679 added++; 6680 break; 6681 #endif 6682 default: 6683 break; 6684 } 6685 sa = (struct sockaddr *)((caddr_t)sa + incr); 6686 } 6687 out_now: 6688 return (added); 6689 } 6690 6691 int 6692 sctp_connectx_helper_find(struct sctp_inpcb *inp, struct sockaddr *addr, 6693 unsigned int totaddr, 6694 unsigned int *num_v4, unsigned int *num_v6, 6695 unsigned int limit) 6696 { 6697 struct sockaddr *sa; 6698 struct sctp_tcb *stcb; 6699 unsigned int incr, at, i; 6700 6701 at = 0; 6702 sa = addr; 6703 *num_v6 = *num_v4 = 0; 6704 /* account and validate addresses */ 6705 if (totaddr == 0) { 6706 return (EINVAL); 6707 } 6708 for (i = 0; i < totaddr; i++) { 6709 if (at + sizeof(struct sockaddr) > limit) { 6710 return (EINVAL); 6711 } 6712 switch (sa->sa_family) { 6713 #ifdef INET 6714 case AF_INET: 6715 incr = (unsigned int)sizeof(struct sockaddr_in); 6716 if (sa->sa_len != incr) { 6717 return (EINVAL); 6718 } 6719 (*num_v4) += 1; 6720 break; 6721 #endif 6722 #ifdef INET6 6723 case AF_INET6: 6724 { 6725 struct sockaddr_in6 *sin6; 6726 6727 incr = (unsigned int)sizeof(struct sockaddr_in6); 6728 if (sa->sa_len != incr) { 6729 return (EINVAL); 6730 } 6731 sin6 = (struct sockaddr_in6 *)sa; 6732 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6733 /* Must be non-mapped for connectx */ 6734 return (EINVAL); 6735 } 6736 (*num_v6) += 1; 6737 break; 6738 } 6739 #endif 6740 default: 6741 return (EINVAL); 6742 } 6743 if ((at + incr) > limit) { 6744 return (EINVAL); 6745 } 6746 SCTP_INP_INCR_REF(inp); 6747 stcb = sctp_findassociation_ep_addr(&inp, sa, NULL, NULL, NULL); 6748 if (stcb != NULL) { 6749 SCTP_TCB_UNLOCK(stcb); 6750 return (EALREADY); 6751 } else { 6752 SCTP_INP_DECR_REF(inp); 6753 } 6754 at += incr; 6755 sa = (struct sockaddr *)((caddr_t)sa + incr); 6756 } 6757 return (0); 6758 } 6759 6760 /* 6761 * sctp_bindx(ADD) for one address. 6762 * assumes all arguments are valid/checked by caller. 6763 */ 6764 void 6765 sctp_bindx_add_address(struct socket *so, struct sctp_inpcb *inp, 6766 struct sockaddr *sa, uint32_t vrf_id, int *error, 6767 void *p) 6768 { 6769 #if defined(INET) && defined(INET6) 6770 struct sockaddr_in sin; 6771 #endif 6772 #ifdef INET6 6773 struct sockaddr_in6 *sin6; 6774 #endif 6775 #ifdef INET 6776 struct sockaddr_in *sinp; 6777 #endif 6778 struct sockaddr *addr_to_use; 6779 struct sctp_inpcb *lep; 6780 uint16_t port; 6781 6782 /* see if we're bound all already! */ 6783 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6784 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6785 *error = EINVAL; 6786 return; 6787 } 6788 switch (sa->sa_family) { 6789 #ifdef INET6 6790 case AF_INET6: 6791 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6792 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6793 *error = EINVAL; 6794 return; 6795 } 6796 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 6797 /* can only bind v6 on PF_INET6 sockets */ 6798 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6799 *error = EINVAL; 6800 return; 6801 } 6802 sin6 = (struct sockaddr_in6 *)sa; 6803 port = sin6->sin6_port; 6804 #ifdef INET 6805 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6806 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6807 SCTP_IPV6_V6ONLY(inp)) { 6808 /* can't bind v4-mapped on PF_INET sockets */ 6809 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6810 *error = EINVAL; 6811 return; 6812 } 6813 in6_sin6_2_sin(&sin, sin6); 6814 addr_to_use = (struct sockaddr *)&sin; 6815 } else { 6816 addr_to_use = sa; 6817 } 6818 #else 6819 addr_to_use = sa; 6820 #endif 6821 break; 6822 #endif 6823 #ifdef INET 6824 case AF_INET: 6825 if (sa->sa_len != sizeof(struct sockaddr_in)) { 6826 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6827 *error = EINVAL; 6828 return; 6829 } 6830 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6831 SCTP_IPV6_V6ONLY(inp)) { 6832 /* can't bind v4 on PF_INET sockets */ 6833 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6834 *error = EINVAL; 6835 return; 6836 } 6837 sinp = (struct sockaddr_in *)sa; 6838 port = sinp->sin_port; 6839 addr_to_use = sa; 6840 break; 6841 #endif 6842 default: 6843 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6844 *error = EINVAL; 6845 return; 6846 } 6847 if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) { 6848 if (p == NULL) { 6849 /* Can't get proc for Net/Open BSD */ 6850 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6851 *error = EINVAL; 6852 return; 6853 } 6854 *error = sctp_inpcb_bind(so, addr_to_use, NULL, p); 6855 return; 6856 } 6857 /* Validate the incoming port. */ 6858 if ((port != 0) && (port != inp->sctp_lport)) { 6859 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6860 *error = EINVAL; 6861 return; 6862 } 6863 lep = sctp_pcb_findep(addr_to_use, 1, 0, vrf_id); 6864 if (lep == NULL) { 6865 /* add the address */ 6866 *error = sctp_addr_mgmt_ep_sa(inp, addr_to_use, 6867 SCTP_ADD_IP_ADDRESS, vrf_id); 6868 } else { 6869 if (lep != inp) { 6870 *error = EADDRINUSE; 6871 } 6872 SCTP_INP_DECR_REF(lep); 6873 } 6874 } 6875 6876 /* 6877 * sctp_bindx(DELETE) for one address. 6878 * assumes all arguments are valid/checked by caller. 6879 */ 6880 void 6881 sctp_bindx_delete_address(struct sctp_inpcb *inp, 6882 struct sockaddr *sa, uint32_t vrf_id, int *error) 6883 { 6884 struct sockaddr *addr_to_use; 6885 #if defined(INET) && defined(INET6) 6886 struct sockaddr_in6 *sin6; 6887 struct sockaddr_in sin; 6888 #endif 6889 6890 /* see if we're bound all already! */ 6891 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6892 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6893 *error = EINVAL; 6894 return; 6895 } 6896 switch (sa->sa_family) { 6897 #ifdef INET6 6898 case AF_INET6: 6899 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6900 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6901 *error = EINVAL; 6902 return; 6903 } 6904 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 6905 /* can only bind v6 on PF_INET6 sockets */ 6906 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6907 *error = EINVAL; 6908 return; 6909 } 6910 #ifdef INET 6911 sin6 = (struct sockaddr_in6 *)sa; 6912 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6913 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6914 SCTP_IPV6_V6ONLY(inp)) { 6915 /* can't bind mapped-v4 on PF_INET sockets */ 6916 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6917 *error = EINVAL; 6918 return; 6919 } 6920 in6_sin6_2_sin(&sin, sin6); 6921 addr_to_use = (struct sockaddr *)&sin; 6922 } else { 6923 addr_to_use = sa; 6924 } 6925 #else 6926 addr_to_use = sa; 6927 #endif 6928 break; 6929 #endif 6930 #ifdef INET 6931 case AF_INET: 6932 if (sa->sa_len != sizeof(struct sockaddr_in)) { 6933 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6934 *error = EINVAL; 6935 return; 6936 } 6937 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6938 SCTP_IPV6_V6ONLY(inp)) { 6939 /* can't bind v4 on PF_INET sockets */ 6940 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6941 *error = EINVAL; 6942 return; 6943 } 6944 addr_to_use = sa; 6945 break; 6946 #endif 6947 default: 6948 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6949 *error = EINVAL; 6950 return; 6951 } 6952 /* No lock required mgmt_ep_sa does its own locking. */ 6953 *error = sctp_addr_mgmt_ep_sa(inp, addr_to_use, SCTP_DEL_IP_ADDRESS, 6954 vrf_id); 6955 } 6956 6957 /* 6958 * returns the valid local address count for an assoc, taking into account 6959 * all scoping rules 6960 */ 6961 int 6962 sctp_local_addr_count(struct sctp_tcb *stcb) 6963 { 6964 int loopback_scope; 6965 #if defined(INET) 6966 int ipv4_local_scope, ipv4_addr_legal; 6967 #endif 6968 #if defined(INET6) 6969 int local_scope, site_scope, ipv6_addr_legal; 6970 #endif 6971 struct sctp_vrf *vrf; 6972 struct sctp_ifn *sctp_ifn; 6973 struct sctp_ifa *sctp_ifa; 6974 int count = 0; 6975 6976 /* Turn on all the appropriate scopes */ 6977 loopback_scope = stcb->asoc.scope.loopback_scope; 6978 #if defined(INET) 6979 ipv4_local_scope = stcb->asoc.scope.ipv4_local_scope; 6980 ipv4_addr_legal = stcb->asoc.scope.ipv4_addr_legal; 6981 #endif 6982 #if defined(INET6) 6983 local_scope = stcb->asoc.scope.local_scope; 6984 site_scope = stcb->asoc.scope.site_scope; 6985 ipv6_addr_legal = stcb->asoc.scope.ipv6_addr_legal; 6986 #endif 6987 SCTP_IPI_ADDR_RLOCK(); 6988 vrf = sctp_find_vrf(stcb->asoc.vrf_id); 6989 if (vrf == NULL) { 6990 /* no vrf, no addresses */ 6991 SCTP_IPI_ADDR_RUNLOCK(); 6992 return (0); 6993 } 6994 6995 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6996 /* 6997 * bound all case: go through all ifns on the vrf 6998 */ 6999 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 7000 if ((loopback_scope == 0) && 7001 SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 7002 continue; 7003 } 7004 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 7005 if (sctp_is_addr_restricted(stcb, sctp_ifa)) 7006 continue; 7007 switch (sctp_ifa->address.sa.sa_family) { 7008 #ifdef INET 7009 case AF_INET: 7010 if (ipv4_addr_legal) { 7011 struct sockaddr_in *sin; 7012 7013 sin = &sctp_ifa->address.sin; 7014 if (sin->sin_addr.s_addr == 0) { 7015 /* 7016 * skip unspecified 7017 * addrs 7018 */ 7019 continue; 7020 } 7021 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, 7022 &sin->sin_addr) != 0) { 7023 continue; 7024 } 7025 if ((ipv4_local_scope == 0) && 7026 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 7027 continue; 7028 } 7029 /* count this one */ 7030 count++; 7031 } else { 7032 continue; 7033 } 7034 break; 7035 #endif 7036 #ifdef INET6 7037 case AF_INET6: 7038 if (ipv6_addr_legal) { 7039 struct sockaddr_in6 *sin6; 7040 7041 sin6 = &sctp_ifa->address.sin6; 7042 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 7043 continue; 7044 } 7045 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, 7046 &sin6->sin6_addr) != 0) { 7047 continue; 7048 } 7049 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 7050 if (local_scope == 0) 7051 continue; 7052 if (sin6->sin6_scope_id == 0) { 7053 if (sa6_recoverscope(sin6) != 0) 7054 /* 7055 * 7056 * bad 7057 * link 7058 * 7059 * local 7060 * 7061 * address 7062 */ 7063 continue; 7064 } 7065 } 7066 if ((site_scope == 0) && 7067 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 7068 continue; 7069 } 7070 /* count this one */ 7071 count++; 7072 } 7073 break; 7074 #endif 7075 default: 7076 /* TSNH */ 7077 break; 7078 } 7079 } 7080 } 7081 } else { 7082 /* 7083 * subset bound case 7084 */ 7085 struct sctp_laddr *laddr; 7086 7087 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, 7088 sctp_nxt_addr) { 7089 if (sctp_is_addr_restricted(stcb, laddr->ifa)) { 7090 continue; 7091 } 7092 /* count this one */ 7093 count++; 7094 } 7095 } 7096 SCTP_IPI_ADDR_RUNLOCK(); 7097 return (count); 7098 } 7099 7100 #if defined(SCTP_LOCAL_TRACE_BUF) 7101 7102 void 7103 sctp_log_trace(uint32_t subsys, const char *str SCTP_UNUSED, uint32_t a, uint32_t b, uint32_t c, uint32_t d, uint32_t e, uint32_t f) 7104 { 7105 uint32_t saveindex, newindex; 7106 7107 do { 7108 saveindex = SCTP_BASE_SYSCTL(sctp_log).index; 7109 if (saveindex >= SCTP_MAX_LOGGING_SIZE) { 7110 newindex = 1; 7111 } else { 7112 newindex = saveindex + 1; 7113 } 7114 } while (atomic_cmpset_int(&SCTP_BASE_SYSCTL(sctp_log).index, saveindex, newindex) == 0); 7115 if (saveindex >= SCTP_MAX_LOGGING_SIZE) { 7116 saveindex = 0; 7117 } 7118 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].timestamp = SCTP_GET_CYCLECOUNT; 7119 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].subsys = subsys; 7120 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[0] = a; 7121 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[1] = b; 7122 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[2] = c; 7123 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[3] = d; 7124 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[4] = e; 7125 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[5] = f; 7126 } 7127 7128 #endif 7129 static void 7130 sctp_recv_udp_tunneled_packet(struct mbuf *m, int off, struct inpcb *inp, 7131 const struct sockaddr *sa SCTP_UNUSED, void *ctx SCTP_UNUSED) 7132 { 7133 struct ip *iph; 7134 #ifdef INET6 7135 struct ip6_hdr *ip6; 7136 #endif 7137 struct mbuf *sp, *last; 7138 struct udphdr *uhdr; 7139 uint16_t port; 7140 7141 if ((m->m_flags & M_PKTHDR) == 0) { 7142 /* Can't handle one that is not a pkt hdr */ 7143 goto out; 7144 } 7145 /* Pull the src port */ 7146 iph = mtod(m, struct ip *); 7147 uhdr = (struct udphdr *)((caddr_t)iph + off); 7148 port = uhdr->uh_sport; 7149 /* 7150 * Split out the mbuf chain. Leave the IP header in m, place the 7151 * rest in the sp. 7152 */ 7153 sp = m_split(m, off, M_NOWAIT); 7154 if (sp == NULL) { 7155 /* Gak, drop packet, we can't do a split */ 7156 goto out; 7157 } 7158 if (sp->m_pkthdr.len < sizeof(struct udphdr) + sizeof(struct sctphdr)) { 7159 /* Gak, packet can't have an SCTP header in it - too small */ 7160 m_freem(sp); 7161 goto out; 7162 } 7163 /* Now pull up the UDP header and SCTP header together */ 7164 sp = m_pullup(sp, sizeof(struct udphdr) + sizeof(struct sctphdr)); 7165 if (sp == NULL) { 7166 /* Gak pullup failed */ 7167 goto out; 7168 } 7169 /* Trim out the UDP header */ 7170 m_adj(sp, sizeof(struct udphdr)); 7171 7172 /* Now reconstruct the mbuf chain */ 7173 for (last = m; last->m_next; last = last->m_next); 7174 last->m_next = sp; 7175 m->m_pkthdr.len += sp->m_pkthdr.len; 7176 /* 7177 * The CSUM_DATA_VALID flags indicates that the HW checked the UDP 7178 * checksum and it was valid. Since CSUM_DATA_VALID == 7179 * CSUM_SCTP_VALID this would imply that the HW also verified the 7180 * SCTP checksum. Therefore, clear the bit. 7181 */ 7182 SCTPDBG(SCTP_DEBUG_CRCOFFLOAD, 7183 "sctp_recv_udp_tunneled_packet(): Packet of length %d received on %s with csum_flags 0x%b.\n", 7184 m->m_pkthdr.len, 7185 if_name(m->m_pkthdr.rcvif), 7186 (int)m->m_pkthdr.csum_flags, CSUM_BITS); 7187 m->m_pkthdr.csum_flags &= ~CSUM_DATA_VALID; 7188 iph = mtod(m, struct ip *); 7189 switch (iph->ip_v) { 7190 #ifdef INET 7191 case IPVERSION: 7192 iph->ip_len = htons(ntohs(iph->ip_len) - sizeof(struct udphdr)); 7193 sctp_input_with_port(m, off, port); 7194 break; 7195 #endif 7196 #ifdef INET6 7197 case IPV6_VERSION >> 4: 7198 ip6 = mtod(m, struct ip6_hdr *); 7199 ip6->ip6_plen = htons(ntohs(ip6->ip6_plen) - sizeof(struct udphdr)); 7200 sctp6_input_with_port(&m, &off, port); 7201 break; 7202 #endif 7203 default: 7204 goto out; 7205 break; 7206 } 7207 return; 7208 out: 7209 m_freem(m); 7210 } 7211 7212 #ifdef INET 7213 static void 7214 sctp_recv_icmp_tunneled_packet(int cmd, struct sockaddr *sa, void *vip, void *ctx SCTP_UNUSED) 7215 { 7216 struct ip *outer_ip, *inner_ip; 7217 struct sctphdr *sh; 7218 struct icmp *icmp; 7219 struct udphdr *udp; 7220 struct sctp_inpcb *inp; 7221 struct sctp_tcb *stcb; 7222 struct sctp_nets *net; 7223 struct sctp_init_chunk *ch; 7224 struct sockaddr_in src, dst; 7225 uint8_t type, code; 7226 7227 inner_ip = (struct ip *)vip; 7228 icmp = (struct icmp *)((caddr_t)inner_ip - 7229 (sizeof(struct icmp) - sizeof(struct ip))); 7230 outer_ip = (struct ip *)((caddr_t)icmp - sizeof(struct ip)); 7231 if (ntohs(outer_ip->ip_len) < 7232 sizeof(struct ip) + 8 + (inner_ip->ip_hl << 2) + sizeof(struct udphdr) + 8) { 7233 return; 7234 } 7235 udp = (struct udphdr *)((caddr_t)inner_ip + (inner_ip->ip_hl << 2)); 7236 sh = (struct sctphdr *)(udp + 1); 7237 memset(&src, 0, sizeof(struct sockaddr_in)); 7238 src.sin_family = AF_INET; 7239 src.sin_len = sizeof(struct sockaddr_in); 7240 src.sin_port = sh->src_port; 7241 src.sin_addr = inner_ip->ip_src; 7242 memset(&dst, 0, sizeof(struct sockaddr_in)); 7243 dst.sin_family = AF_INET; 7244 dst.sin_len = sizeof(struct sockaddr_in); 7245 dst.sin_port = sh->dest_port; 7246 dst.sin_addr = inner_ip->ip_dst; 7247 /* 7248 * 'dst' holds the dest of the packet that failed to be sent. 'src' 7249 * holds our local endpoint address. Thus we reverse the dst and the 7250 * src in the lookup. 7251 */ 7252 inp = NULL; 7253 net = NULL; 7254 stcb = sctp_findassociation_addr_sa((struct sockaddr *)&dst, 7255 (struct sockaddr *)&src, 7256 &inp, &net, 1, 7257 SCTP_DEFAULT_VRFID); 7258 if ((stcb != NULL) && 7259 (net != NULL) && 7260 (inp != NULL)) { 7261 /* Check the UDP port numbers */ 7262 if ((udp->uh_dport != net->port) || 7263 (udp->uh_sport != htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)))) { 7264 SCTP_TCB_UNLOCK(stcb); 7265 return; 7266 } 7267 /* Check the verification tag */ 7268 if (ntohl(sh->v_tag) != 0) { 7269 /* 7270 * This must be the verification tag used for 7271 * sending out packets. We don't consider packets 7272 * reflecting the verification tag. 7273 */ 7274 if (ntohl(sh->v_tag) != stcb->asoc.peer_vtag) { 7275 SCTP_TCB_UNLOCK(stcb); 7276 return; 7277 } 7278 } else { 7279 if (ntohs(outer_ip->ip_len) >= 7280 sizeof(struct ip) + 7281 8 + (inner_ip->ip_hl << 2) + 8 + 20) { 7282 /* 7283 * In this case we can check if we got an 7284 * INIT chunk and if the initiate tag 7285 * matches. 7286 */ 7287 ch = (struct sctp_init_chunk *)(sh + 1); 7288 if ((ch->ch.chunk_type != SCTP_INITIATION) || 7289 (ntohl(ch->init.initiate_tag) != stcb->asoc.my_vtag)) { 7290 SCTP_TCB_UNLOCK(stcb); 7291 return; 7292 } 7293 } else { 7294 SCTP_TCB_UNLOCK(stcb); 7295 return; 7296 } 7297 } 7298 type = icmp->icmp_type; 7299 code = icmp->icmp_code; 7300 if ((type == ICMP_UNREACH) && 7301 (code == ICMP_UNREACH_PORT)) { 7302 code = ICMP_UNREACH_PROTOCOL; 7303 } 7304 sctp_notify(inp, stcb, net, type, code, 7305 ntohs(inner_ip->ip_len), 7306 (uint32_t)ntohs(icmp->icmp_nextmtu)); 7307 } else { 7308 if ((stcb == NULL) && (inp != NULL)) { 7309 /* reduce ref-count */ 7310 SCTP_INP_WLOCK(inp); 7311 SCTP_INP_DECR_REF(inp); 7312 SCTP_INP_WUNLOCK(inp); 7313 } 7314 if (stcb) { 7315 SCTP_TCB_UNLOCK(stcb); 7316 } 7317 } 7318 return; 7319 } 7320 #endif 7321 7322 #ifdef INET6 7323 static void 7324 sctp_recv_icmp6_tunneled_packet(int cmd, struct sockaddr *sa, void *d, void *ctx SCTP_UNUSED) 7325 { 7326 struct ip6ctlparam *ip6cp; 7327 struct sctp_inpcb *inp; 7328 struct sctp_tcb *stcb; 7329 struct sctp_nets *net; 7330 struct sctphdr sh; 7331 struct udphdr udp; 7332 struct sockaddr_in6 src, dst; 7333 uint8_t type, code; 7334 7335 ip6cp = (struct ip6ctlparam *)d; 7336 /* 7337 * XXX: We assume that when IPV6 is non NULL, M and OFF are valid. 7338 */ 7339 if (ip6cp->ip6c_m == NULL) { 7340 return; 7341 } 7342 /* 7343 * Check if we can safely examine the ports and the verification tag 7344 * of the SCTP common header. 7345 */ 7346 if (ip6cp->ip6c_m->m_pkthdr.len < 7347 ip6cp->ip6c_off + sizeof(struct udphdr) + offsetof(struct sctphdr, checksum)) { 7348 return; 7349 } 7350 /* Copy out the UDP header. */ 7351 memset(&udp, 0, sizeof(struct udphdr)); 7352 m_copydata(ip6cp->ip6c_m, 7353 ip6cp->ip6c_off, 7354 sizeof(struct udphdr), 7355 (caddr_t)&udp); 7356 /* Copy out the port numbers and the verification tag. */ 7357 memset(&sh, 0, sizeof(struct sctphdr)); 7358 m_copydata(ip6cp->ip6c_m, 7359 ip6cp->ip6c_off + sizeof(struct udphdr), 7360 sizeof(uint16_t) + sizeof(uint16_t) + sizeof(uint32_t), 7361 (caddr_t)&sh); 7362 memset(&src, 0, sizeof(struct sockaddr_in6)); 7363 src.sin6_family = AF_INET6; 7364 src.sin6_len = sizeof(struct sockaddr_in6); 7365 src.sin6_port = sh.src_port; 7366 src.sin6_addr = ip6cp->ip6c_ip6->ip6_src; 7367 if (in6_setscope(&src.sin6_addr, ip6cp->ip6c_m->m_pkthdr.rcvif, NULL) != 0) { 7368 return; 7369 } 7370 memset(&dst, 0, sizeof(struct sockaddr_in6)); 7371 dst.sin6_family = AF_INET6; 7372 dst.sin6_len = sizeof(struct sockaddr_in6); 7373 dst.sin6_port = sh.dest_port; 7374 dst.sin6_addr = ip6cp->ip6c_ip6->ip6_dst; 7375 if (in6_setscope(&dst.sin6_addr, ip6cp->ip6c_m->m_pkthdr.rcvif, NULL) != 0) { 7376 return; 7377 } 7378 inp = NULL; 7379 net = NULL; 7380 stcb = sctp_findassociation_addr_sa((struct sockaddr *)&dst, 7381 (struct sockaddr *)&src, 7382 &inp, &net, 1, SCTP_DEFAULT_VRFID); 7383 if ((stcb != NULL) && 7384 (net != NULL) && 7385 (inp != NULL)) { 7386 /* Check the UDP port numbers */ 7387 if ((udp.uh_dport != net->port) || 7388 (udp.uh_sport != htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)))) { 7389 SCTP_TCB_UNLOCK(stcb); 7390 return; 7391 } 7392 /* Check the verification tag */ 7393 if (ntohl(sh.v_tag) != 0) { 7394 /* 7395 * This must be the verification tag used for 7396 * sending out packets. We don't consider packets 7397 * reflecting the verification tag. 7398 */ 7399 if (ntohl(sh.v_tag) != stcb->asoc.peer_vtag) { 7400 SCTP_TCB_UNLOCK(stcb); 7401 return; 7402 } 7403 } else { 7404 if (ip6cp->ip6c_m->m_pkthdr.len >= 7405 ip6cp->ip6c_off + sizeof(struct udphdr) + 7406 sizeof(struct sctphdr) + 7407 sizeof(struct sctp_chunkhdr) + 7408 offsetof(struct sctp_init, a_rwnd)) { 7409 /* 7410 * In this case we can check if we got an 7411 * INIT chunk and if the initiate tag 7412 * matches. 7413 */ 7414 uint32_t initiate_tag; 7415 uint8_t chunk_type; 7416 7417 m_copydata(ip6cp->ip6c_m, 7418 ip6cp->ip6c_off + 7419 sizeof(struct udphdr) + 7420 sizeof(struct sctphdr), 7421 sizeof(uint8_t), 7422 (caddr_t)&chunk_type); 7423 m_copydata(ip6cp->ip6c_m, 7424 ip6cp->ip6c_off + 7425 sizeof(struct udphdr) + 7426 sizeof(struct sctphdr) + 7427 sizeof(struct sctp_chunkhdr), 7428 sizeof(uint32_t), 7429 (caddr_t)&initiate_tag); 7430 if ((chunk_type != SCTP_INITIATION) || 7431 (ntohl(initiate_tag) != stcb->asoc.my_vtag)) { 7432 SCTP_TCB_UNLOCK(stcb); 7433 return; 7434 } 7435 } else { 7436 SCTP_TCB_UNLOCK(stcb); 7437 return; 7438 } 7439 } 7440 type = ip6cp->ip6c_icmp6->icmp6_type; 7441 code = ip6cp->ip6c_icmp6->icmp6_code; 7442 if ((type == ICMP6_DST_UNREACH) && 7443 (code == ICMP6_DST_UNREACH_NOPORT)) { 7444 type = ICMP6_PARAM_PROB; 7445 code = ICMP6_PARAMPROB_NEXTHEADER; 7446 } 7447 sctp6_notify(inp, stcb, net, type, code, 7448 ntohl(ip6cp->ip6c_icmp6->icmp6_mtu)); 7449 } else { 7450 if ((stcb == NULL) && (inp != NULL)) { 7451 /* reduce inp's ref-count */ 7452 SCTP_INP_WLOCK(inp); 7453 SCTP_INP_DECR_REF(inp); 7454 SCTP_INP_WUNLOCK(inp); 7455 } 7456 if (stcb) { 7457 SCTP_TCB_UNLOCK(stcb); 7458 } 7459 } 7460 } 7461 #endif 7462 7463 void 7464 sctp_over_udp_stop(void) 7465 { 7466 /* 7467 * This function assumes sysctl caller holds sctp_sysctl_info_lock() 7468 * for writing! 7469 */ 7470 #ifdef INET 7471 if (SCTP_BASE_INFO(udp4_tun_socket) != NULL) { 7472 soclose(SCTP_BASE_INFO(udp4_tun_socket)); 7473 SCTP_BASE_INFO(udp4_tun_socket) = NULL; 7474 } 7475 #endif 7476 #ifdef INET6 7477 if (SCTP_BASE_INFO(udp6_tun_socket) != NULL) { 7478 soclose(SCTP_BASE_INFO(udp6_tun_socket)); 7479 SCTP_BASE_INFO(udp6_tun_socket) = NULL; 7480 } 7481 #endif 7482 } 7483 7484 int 7485 sctp_over_udp_start(void) 7486 { 7487 uint16_t port; 7488 int ret; 7489 #ifdef INET 7490 struct sockaddr_in sin; 7491 #endif 7492 #ifdef INET6 7493 struct sockaddr_in6 sin6; 7494 #endif 7495 /* 7496 * This function assumes sysctl caller holds sctp_sysctl_info_lock() 7497 * for writing! 7498 */ 7499 port = SCTP_BASE_SYSCTL(sctp_udp_tunneling_port); 7500 if (ntohs(port) == 0) { 7501 /* Must have a port set */ 7502 return (EINVAL); 7503 } 7504 #ifdef INET 7505 if (SCTP_BASE_INFO(udp4_tun_socket) != NULL) { 7506 /* Already running -- must stop first */ 7507 return (EALREADY); 7508 } 7509 #endif 7510 #ifdef INET6 7511 if (SCTP_BASE_INFO(udp6_tun_socket) != NULL) { 7512 /* Already running -- must stop first */ 7513 return (EALREADY); 7514 } 7515 #endif 7516 #ifdef INET 7517 if ((ret = socreate(PF_INET, &SCTP_BASE_INFO(udp4_tun_socket), 7518 SOCK_DGRAM, IPPROTO_UDP, 7519 curthread->td_ucred, curthread))) { 7520 sctp_over_udp_stop(); 7521 return (ret); 7522 } 7523 /* Call the special UDP hook. */ 7524 if ((ret = udp_set_kernel_tunneling(SCTP_BASE_INFO(udp4_tun_socket), 7525 sctp_recv_udp_tunneled_packet, 7526 sctp_recv_icmp_tunneled_packet, 7527 NULL))) { 7528 sctp_over_udp_stop(); 7529 return (ret); 7530 } 7531 /* Ok, we have a socket, bind it to the port. */ 7532 memset(&sin, 0, sizeof(struct sockaddr_in)); 7533 sin.sin_len = sizeof(struct sockaddr_in); 7534 sin.sin_family = AF_INET; 7535 sin.sin_port = htons(port); 7536 if ((ret = sobind(SCTP_BASE_INFO(udp4_tun_socket), 7537 (struct sockaddr *)&sin, curthread))) { 7538 sctp_over_udp_stop(); 7539 return (ret); 7540 } 7541 #endif 7542 #ifdef INET6 7543 if ((ret = socreate(PF_INET6, &SCTP_BASE_INFO(udp6_tun_socket), 7544 SOCK_DGRAM, IPPROTO_UDP, 7545 curthread->td_ucred, curthread))) { 7546 sctp_over_udp_stop(); 7547 return (ret); 7548 } 7549 /* Call the special UDP hook. */ 7550 if ((ret = udp_set_kernel_tunneling(SCTP_BASE_INFO(udp6_tun_socket), 7551 sctp_recv_udp_tunneled_packet, 7552 sctp_recv_icmp6_tunneled_packet, 7553 NULL))) { 7554 sctp_over_udp_stop(); 7555 return (ret); 7556 } 7557 /* Ok, we have a socket, bind it to the port. */ 7558 memset(&sin6, 0, sizeof(struct sockaddr_in6)); 7559 sin6.sin6_len = sizeof(struct sockaddr_in6); 7560 sin6.sin6_family = AF_INET6; 7561 sin6.sin6_port = htons(port); 7562 if ((ret = sobind(SCTP_BASE_INFO(udp6_tun_socket), 7563 (struct sockaddr *)&sin6, curthread))) { 7564 sctp_over_udp_stop(); 7565 return (ret); 7566 } 7567 #endif 7568 return (0); 7569 } 7570 7571 /* 7572 * sctp_min_mtu ()returns the minimum of all non-zero arguments. 7573 * If all arguments are zero, zero is returned. 7574 */ 7575 uint32_t 7576 sctp_min_mtu(uint32_t mtu1, uint32_t mtu2, uint32_t mtu3) 7577 { 7578 if (mtu1 > 0) { 7579 if (mtu2 > 0) { 7580 if (mtu3 > 0) { 7581 return (min(mtu1, min(mtu2, mtu3))); 7582 } else { 7583 return (min(mtu1, mtu2)); 7584 } 7585 } else { 7586 if (mtu3 > 0) { 7587 return (min(mtu1, mtu3)); 7588 } else { 7589 return (mtu1); 7590 } 7591 } 7592 } else { 7593 if (mtu2 > 0) { 7594 if (mtu3 > 0) { 7595 return (min(mtu2, mtu3)); 7596 } else { 7597 return (mtu2); 7598 } 7599 } else { 7600 return (mtu3); 7601 } 7602 } 7603 } 7604 7605 void 7606 sctp_hc_set_mtu(union sctp_sockstore *addr, uint16_t fibnum, uint32_t mtu) 7607 { 7608 struct in_conninfo inc; 7609 7610 memset(&inc, 0, sizeof(struct in_conninfo)); 7611 inc.inc_fibnum = fibnum; 7612 switch (addr->sa.sa_family) { 7613 #ifdef INET 7614 case AF_INET: 7615 inc.inc_faddr = addr->sin.sin_addr; 7616 break; 7617 #endif 7618 #ifdef INET6 7619 case AF_INET6: 7620 inc.inc_flags |= INC_ISIPV6; 7621 inc.inc6_faddr = addr->sin6.sin6_addr; 7622 break; 7623 #endif 7624 default: 7625 return; 7626 } 7627 tcp_hc_updatemtu(&inc, (u_long)mtu); 7628 } 7629 7630 uint32_t 7631 sctp_hc_get_mtu(union sctp_sockstore *addr, uint16_t fibnum) 7632 { 7633 struct in_conninfo inc; 7634 7635 memset(&inc, 0, sizeof(struct in_conninfo)); 7636 inc.inc_fibnum = fibnum; 7637 switch (addr->sa.sa_family) { 7638 #ifdef INET 7639 case AF_INET: 7640 inc.inc_faddr = addr->sin.sin_addr; 7641 break; 7642 #endif 7643 #ifdef INET6 7644 case AF_INET6: 7645 inc.inc_flags |= INC_ISIPV6; 7646 inc.inc6_faddr = addr->sin6.sin6_addr; 7647 break; 7648 #endif 7649 default: 7650 return (0); 7651 } 7652 return ((uint32_t)tcp_hc_getmtu(&inc)); 7653 } 7654 7655 void 7656 sctp_set_state(struct sctp_tcb *stcb, int new_state) 7657 { 7658 #if defined(KDTRACE_HOOKS) 7659 int old_state = stcb->asoc.state; 7660 #endif 7661 7662 KASSERT((new_state & ~SCTP_STATE_MASK) == 0, 7663 ("sctp_set_state: Can't set substate (new_state = %x)", 7664 new_state)); 7665 stcb->asoc.state = (stcb->asoc.state & ~SCTP_STATE_MASK) | new_state; 7666 if ((new_state == SCTP_STATE_SHUTDOWN_RECEIVED) || 7667 (new_state == SCTP_STATE_SHUTDOWN_SENT) || 7668 (new_state == SCTP_STATE_SHUTDOWN_ACK_SENT)) { 7669 SCTP_CLEAR_SUBSTATE(stcb, SCTP_STATE_SHUTDOWN_PENDING); 7670 } 7671 #if defined(KDTRACE_HOOKS) 7672 if (((old_state & SCTP_STATE_MASK) != new_state) && 7673 !(((old_state & SCTP_STATE_MASK) == SCTP_STATE_EMPTY) && 7674 (new_state == SCTP_STATE_INUSE))) { 7675 SCTP_PROBE6(state__change, NULL, stcb, NULL, stcb, NULL, old_state); 7676 } 7677 #endif 7678 } 7679 7680 void 7681 sctp_add_substate(struct sctp_tcb *stcb, int substate) 7682 { 7683 #if defined(KDTRACE_HOOKS) 7684 int old_state = stcb->asoc.state; 7685 #endif 7686 7687 KASSERT((substate & SCTP_STATE_MASK) == 0, 7688 ("sctp_add_substate: Can't set state (substate = %x)", 7689 substate)); 7690 stcb->asoc.state |= substate; 7691 #if defined(KDTRACE_HOOKS) 7692 if (((substate & SCTP_STATE_ABOUT_TO_BE_FREED) && 7693 ((old_state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) || 7694 ((substate & SCTP_STATE_SHUTDOWN_PENDING) && 7695 ((old_state & SCTP_STATE_SHUTDOWN_PENDING) == 0))) { 7696 SCTP_PROBE6(state__change, NULL, stcb, NULL, stcb, NULL, old_state); 7697 } 7698 #endif 7699 } 7700