1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * a) Redistributions of source code must retain the above copyright notice, 12 * this list of conditions and the following disclaimer. 13 * 14 * b) Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the distribution. 17 * 18 * c) Neither the name of Cisco Systems, Inc. nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 32 * THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include <sys/cdefs.h> 36 __FBSDID("$FreeBSD$"); 37 38 #include <netinet/sctp_os.h> 39 #include <netinet/sctp_pcb.h> 40 #include <netinet/sctputil.h> 41 #include <netinet/sctp_var.h> 42 #include <netinet/sctp_sysctl.h> 43 #ifdef INET6 44 #include <netinet6/sctp6_var.h> 45 #endif 46 #include <netinet/sctp_header.h> 47 #include <netinet/sctp_output.h> 48 #include <netinet/sctp_uio.h> 49 #include <netinet/sctp_timer.h> 50 #include <netinet/sctp_indata.h> 51 #include <netinet/sctp_auth.h> 52 #include <netinet/sctp_asconf.h> 53 #include <netinet/sctp_bsd_addr.h> 54 #if defined(INET6) || defined(INET) 55 #include <netinet/tcp_var.h> 56 #endif 57 #include <netinet/udp.h> 58 #include <netinet/udp_var.h> 59 #include <netinet/in_kdtrace.h> 60 #include <sys/proc.h> 61 #ifdef INET6 62 #include <netinet/icmp6.h> 63 #endif 64 65 66 #ifndef KTR_SCTP 67 #define KTR_SCTP KTR_SUBSYS 68 #endif 69 70 extern const struct sctp_cc_functions sctp_cc_functions[]; 71 extern const struct sctp_ss_functions sctp_ss_functions[]; 72 73 void 74 sctp_sblog(struct sockbuf *sb, struct sctp_tcb *stcb, int from, int incr) 75 { 76 #if defined(SCTP_LOCAL_TRACE_BUF) 77 struct sctp_cwnd_log sctp_clog; 78 79 sctp_clog.x.sb.stcb = stcb; 80 sctp_clog.x.sb.so_sbcc = sb->sb_cc; 81 if (stcb) 82 sctp_clog.x.sb.stcb_sbcc = stcb->asoc.sb_cc; 83 else 84 sctp_clog.x.sb.stcb_sbcc = 0; 85 sctp_clog.x.sb.incr = incr; 86 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 87 SCTP_LOG_EVENT_SB, 88 from, 89 sctp_clog.x.misc.log1, 90 sctp_clog.x.misc.log2, 91 sctp_clog.x.misc.log3, 92 sctp_clog.x.misc.log4); 93 #endif 94 } 95 96 void 97 sctp_log_closing(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int16_t loc) 98 { 99 #if defined(SCTP_LOCAL_TRACE_BUF) 100 struct sctp_cwnd_log sctp_clog; 101 102 sctp_clog.x.close.inp = (void *)inp; 103 sctp_clog.x.close.sctp_flags = inp->sctp_flags; 104 if (stcb) { 105 sctp_clog.x.close.stcb = (void *)stcb; 106 sctp_clog.x.close.state = (uint16_t)stcb->asoc.state; 107 } else { 108 sctp_clog.x.close.stcb = 0; 109 sctp_clog.x.close.state = 0; 110 } 111 sctp_clog.x.close.loc = loc; 112 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 113 SCTP_LOG_EVENT_CLOSE, 114 0, 115 sctp_clog.x.misc.log1, 116 sctp_clog.x.misc.log2, 117 sctp_clog.x.misc.log3, 118 sctp_clog.x.misc.log4); 119 #endif 120 } 121 122 void 123 rto_logging(struct sctp_nets *net, int from) 124 { 125 #if defined(SCTP_LOCAL_TRACE_BUF) 126 struct sctp_cwnd_log sctp_clog; 127 128 memset(&sctp_clog, 0, sizeof(sctp_clog)); 129 sctp_clog.x.rto.net = (void *)net; 130 sctp_clog.x.rto.rtt = net->rtt / 1000; 131 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 132 SCTP_LOG_EVENT_RTT, 133 from, 134 sctp_clog.x.misc.log1, 135 sctp_clog.x.misc.log2, 136 sctp_clog.x.misc.log3, 137 sctp_clog.x.misc.log4); 138 #endif 139 } 140 141 void 142 sctp_log_strm_del_alt(struct sctp_tcb *stcb, uint32_t tsn, uint16_t sseq, uint16_t stream, int from) 143 { 144 #if defined(SCTP_LOCAL_TRACE_BUF) 145 struct sctp_cwnd_log sctp_clog; 146 147 sctp_clog.x.strlog.stcb = stcb; 148 sctp_clog.x.strlog.n_tsn = tsn; 149 sctp_clog.x.strlog.n_sseq = sseq; 150 sctp_clog.x.strlog.e_tsn = 0; 151 sctp_clog.x.strlog.e_sseq = 0; 152 sctp_clog.x.strlog.strm = stream; 153 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 154 SCTP_LOG_EVENT_STRM, 155 from, 156 sctp_clog.x.misc.log1, 157 sctp_clog.x.misc.log2, 158 sctp_clog.x.misc.log3, 159 sctp_clog.x.misc.log4); 160 #endif 161 } 162 163 void 164 sctp_log_nagle_event(struct sctp_tcb *stcb, int action) 165 { 166 #if defined(SCTP_LOCAL_TRACE_BUF) 167 struct sctp_cwnd_log sctp_clog; 168 169 sctp_clog.x.nagle.stcb = (void *)stcb; 170 sctp_clog.x.nagle.total_flight = stcb->asoc.total_flight; 171 sctp_clog.x.nagle.total_in_queue = stcb->asoc.total_output_queue_size; 172 sctp_clog.x.nagle.count_in_queue = stcb->asoc.chunks_on_out_queue; 173 sctp_clog.x.nagle.count_in_flight = stcb->asoc.total_flight_count; 174 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 175 SCTP_LOG_EVENT_NAGLE, 176 action, 177 sctp_clog.x.misc.log1, 178 sctp_clog.x.misc.log2, 179 sctp_clog.x.misc.log3, 180 sctp_clog.x.misc.log4); 181 #endif 182 } 183 184 void 185 sctp_log_sack(uint32_t old_cumack, uint32_t cumack, uint32_t tsn, uint16_t gaps, uint16_t dups, int from) 186 { 187 #if defined(SCTP_LOCAL_TRACE_BUF) 188 struct sctp_cwnd_log sctp_clog; 189 190 sctp_clog.x.sack.cumack = cumack; 191 sctp_clog.x.sack.oldcumack = old_cumack; 192 sctp_clog.x.sack.tsn = tsn; 193 sctp_clog.x.sack.numGaps = gaps; 194 sctp_clog.x.sack.numDups = dups; 195 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 196 SCTP_LOG_EVENT_SACK, 197 from, 198 sctp_clog.x.misc.log1, 199 sctp_clog.x.misc.log2, 200 sctp_clog.x.misc.log3, 201 sctp_clog.x.misc.log4); 202 #endif 203 } 204 205 void 206 sctp_log_map(uint32_t map, uint32_t cum, uint32_t high, int from) 207 { 208 #if defined(SCTP_LOCAL_TRACE_BUF) 209 struct sctp_cwnd_log sctp_clog; 210 211 memset(&sctp_clog, 0, sizeof(sctp_clog)); 212 sctp_clog.x.map.base = map; 213 sctp_clog.x.map.cum = cum; 214 sctp_clog.x.map.high = high; 215 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 216 SCTP_LOG_EVENT_MAP, 217 from, 218 sctp_clog.x.misc.log1, 219 sctp_clog.x.misc.log2, 220 sctp_clog.x.misc.log3, 221 sctp_clog.x.misc.log4); 222 #endif 223 } 224 225 void 226 sctp_log_fr(uint32_t biggest_tsn, uint32_t biggest_new_tsn, uint32_t tsn, int from) 227 { 228 #if defined(SCTP_LOCAL_TRACE_BUF) 229 struct sctp_cwnd_log sctp_clog; 230 231 memset(&sctp_clog, 0, sizeof(sctp_clog)); 232 sctp_clog.x.fr.largest_tsn = biggest_tsn; 233 sctp_clog.x.fr.largest_new_tsn = biggest_new_tsn; 234 sctp_clog.x.fr.tsn = tsn; 235 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 236 SCTP_LOG_EVENT_FR, 237 from, 238 sctp_clog.x.misc.log1, 239 sctp_clog.x.misc.log2, 240 sctp_clog.x.misc.log3, 241 sctp_clog.x.misc.log4); 242 #endif 243 } 244 245 #ifdef SCTP_MBUF_LOGGING 246 void 247 sctp_log_mb(struct mbuf *m, int from) 248 { 249 #if defined(SCTP_LOCAL_TRACE_BUF) 250 struct sctp_cwnd_log sctp_clog; 251 252 sctp_clog.x.mb.mp = m; 253 sctp_clog.x.mb.mbuf_flags = (uint8_t)(SCTP_BUF_GET_FLAGS(m)); 254 sctp_clog.x.mb.size = (uint16_t)(SCTP_BUF_LEN(m)); 255 sctp_clog.x.mb.data = SCTP_BUF_AT(m, 0); 256 if (SCTP_BUF_IS_EXTENDED(m)) { 257 sctp_clog.x.mb.ext = SCTP_BUF_EXTEND_BASE(m); 258 sctp_clog.x.mb.refcnt = (uint8_t)(SCTP_BUF_EXTEND_REFCNT(m)); 259 } else { 260 sctp_clog.x.mb.ext = 0; 261 sctp_clog.x.mb.refcnt = 0; 262 } 263 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 264 SCTP_LOG_EVENT_MBUF, 265 from, 266 sctp_clog.x.misc.log1, 267 sctp_clog.x.misc.log2, 268 sctp_clog.x.misc.log3, 269 sctp_clog.x.misc.log4); 270 #endif 271 } 272 273 void 274 sctp_log_mbc(struct mbuf *m, int from) 275 { 276 struct mbuf *mat; 277 278 for (mat = m; mat; mat = SCTP_BUF_NEXT(mat)) { 279 sctp_log_mb(mat, from); 280 } 281 } 282 #endif 283 284 void 285 sctp_log_strm_del(struct sctp_queued_to_read *control, struct sctp_queued_to_read *poschk, int from) 286 { 287 #if defined(SCTP_LOCAL_TRACE_BUF) 288 struct sctp_cwnd_log sctp_clog; 289 290 if (control == NULL) { 291 SCTP_PRINTF("Gak log of NULL?\n"); 292 return; 293 } 294 sctp_clog.x.strlog.stcb = control->stcb; 295 sctp_clog.x.strlog.n_tsn = control->sinfo_tsn; 296 sctp_clog.x.strlog.n_sseq = (uint16_t)control->mid; 297 sctp_clog.x.strlog.strm = control->sinfo_stream; 298 if (poschk != NULL) { 299 sctp_clog.x.strlog.e_tsn = poschk->sinfo_tsn; 300 sctp_clog.x.strlog.e_sseq = (uint16_t)poschk->mid; 301 } else { 302 sctp_clog.x.strlog.e_tsn = 0; 303 sctp_clog.x.strlog.e_sseq = 0; 304 } 305 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 306 SCTP_LOG_EVENT_STRM, 307 from, 308 sctp_clog.x.misc.log1, 309 sctp_clog.x.misc.log2, 310 sctp_clog.x.misc.log3, 311 sctp_clog.x.misc.log4); 312 #endif 313 } 314 315 void 316 sctp_log_cwnd(struct sctp_tcb *stcb, struct sctp_nets *net, int augment, uint8_t from) 317 { 318 #if defined(SCTP_LOCAL_TRACE_BUF) 319 struct sctp_cwnd_log sctp_clog; 320 321 sctp_clog.x.cwnd.net = net; 322 if (stcb->asoc.send_queue_cnt > 255) 323 sctp_clog.x.cwnd.cnt_in_send = 255; 324 else 325 sctp_clog.x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 326 if (stcb->asoc.stream_queue_cnt > 255) 327 sctp_clog.x.cwnd.cnt_in_str = 255; 328 else 329 sctp_clog.x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 330 331 if (net) { 332 sctp_clog.x.cwnd.cwnd_new_value = net->cwnd; 333 sctp_clog.x.cwnd.inflight = net->flight_size; 334 sctp_clog.x.cwnd.pseudo_cumack = net->pseudo_cumack; 335 sctp_clog.x.cwnd.meets_pseudo_cumack = net->new_pseudo_cumack; 336 sctp_clog.x.cwnd.need_new_pseudo_cumack = net->find_pseudo_cumack; 337 } 338 if (SCTP_CWNDLOG_PRESEND == from) { 339 sctp_clog.x.cwnd.meets_pseudo_cumack = stcb->asoc.peers_rwnd; 340 } 341 sctp_clog.x.cwnd.cwnd_augment = augment; 342 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 343 SCTP_LOG_EVENT_CWND, 344 from, 345 sctp_clog.x.misc.log1, 346 sctp_clog.x.misc.log2, 347 sctp_clog.x.misc.log3, 348 sctp_clog.x.misc.log4); 349 #endif 350 } 351 352 void 353 sctp_log_lock(struct sctp_inpcb *inp, struct sctp_tcb *stcb, uint8_t from) 354 { 355 #if defined(SCTP_LOCAL_TRACE_BUF) 356 struct sctp_cwnd_log sctp_clog; 357 358 memset(&sctp_clog, 0, sizeof(sctp_clog)); 359 if (inp) { 360 sctp_clog.x.lock.sock = (void *)inp->sctp_socket; 361 362 } else { 363 sctp_clog.x.lock.sock = (void *)NULL; 364 } 365 sctp_clog.x.lock.inp = (void *)inp; 366 if (stcb) { 367 sctp_clog.x.lock.tcb_lock = mtx_owned(&stcb->tcb_mtx); 368 } else { 369 sctp_clog.x.lock.tcb_lock = SCTP_LOCK_UNKNOWN; 370 } 371 if (inp) { 372 sctp_clog.x.lock.inp_lock = mtx_owned(&inp->inp_mtx); 373 sctp_clog.x.lock.create_lock = mtx_owned(&inp->inp_create_mtx); 374 } else { 375 sctp_clog.x.lock.inp_lock = SCTP_LOCK_UNKNOWN; 376 sctp_clog.x.lock.create_lock = SCTP_LOCK_UNKNOWN; 377 } 378 sctp_clog.x.lock.info_lock = rw_wowned(&SCTP_BASE_INFO(ipi_ep_mtx)); 379 if (inp && (inp->sctp_socket)) { 380 sctp_clog.x.lock.sock_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); 381 sctp_clog.x.lock.sockrcvbuf_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); 382 sctp_clog.x.lock.socksndbuf_lock = mtx_owned(&(inp->sctp_socket->so_snd.sb_mtx)); 383 } else { 384 sctp_clog.x.lock.sock_lock = SCTP_LOCK_UNKNOWN; 385 sctp_clog.x.lock.sockrcvbuf_lock = SCTP_LOCK_UNKNOWN; 386 sctp_clog.x.lock.socksndbuf_lock = SCTP_LOCK_UNKNOWN; 387 } 388 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 389 SCTP_LOG_LOCK_EVENT, 390 from, 391 sctp_clog.x.misc.log1, 392 sctp_clog.x.misc.log2, 393 sctp_clog.x.misc.log3, 394 sctp_clog.x.misc.log4); 395 #endif 396 } 397 398 void 399 sctp_log_maxburst(struct sctp_tcb *stcb, struct sctp_nets *net, int error, int burst, uint8_t from) 400 { 401 #if defined(SCTP_LOCAL_TRACE_BUF) 402 struct sctp_cwnd_log sctp_clog; 403 404 memset(&sctp_clog, 0, sizeof(sctp_clog)); 405 sctp_clog.x.cwnd.net = net; 406 sctp_clog.x.cwnd.cwnd_new_value = error; 407 sctp_clog.x.cwnd.inflight = net->flight_size; 408 sctp_clog.x.cwnd.cwnd_augment = burst; 409 if (stcb->asoc.send_queue_cnt > 255) 410 sctp_clog.x.cwnd.cnt_in_send = 255; 411 else 412 sctp_clog.x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 413 if (stcb->asoc.stream_queue_cnt > 255) 414 sctp_clog.x.cwnd.cnt_in_str = 255; 415 else 416 sctp_clog.x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 417 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 418 SCTP_LOG_EVENT_MAXBURST, 419 from, 420 sctp_clog.x.misc.log1, 421 sctp_clog.x.misc.log2, 422 sctp_clog.x.misc.log3, 423 sctp_clog.x.misc.log4); 424 #endif 425 } 426 427 void 428 sctp_log_rwnd(uint8_t from, uint32_t peers_rwnd, uint32_t snd_size, uint32_t overhead) 429 { 430 #if defined(SCTP_LOCAL_TRACE_BUF) 431 struct sctp_cwnd_log sctp_clog; 432 433 sctp_clog.x.rwnd.rwnd = peers_rwnd; 434 sctp_clog.x.rwnd.send_size = snd_size; 435 sctp_clog.x.rwnd.overhead = overhead; 436 sctp_clog.x.rwnd.new_rwnd = 0; 437 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 438 SCTP_LOG_EVENT_RWND, 439 from, 440 sctp_clog.x.misc.log1, 441 sctp_clog.x.misc.log2, 442 sctp_clog.x.misc.log3, 443 sctp_clog.x.misc.log4); 444 #endif 445 } 446 447 void 448 sctp_log_rwnd_set(uint8_t from, uint32_t peers_rwnd, uint32_t flight_size, uint32_t overhead, uint32_t a_rwndval) 449 { 450 #if defined(SCTP_LOCAL_TRACE_BUF) 451 struct sctp_cwnd_log sctp_clog; 452 453 sctp_clog.x.rwnd.rwnd = peers_rwnd; 454 sctp_clog.x.rwnd.send_size = flight_size; 455 sctp_clog.x.rwnd.overhead = overhead; 456 sctp_clog.x.rwnd.new_rwnd = a_rwndval; 457 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 458 SCTP_LOG_EVENT_RWND, 459 from, 460 sctp_clog.x.misc.log1, 461 sctp_clog.x.misc.log2, 462 sctp_clog.x.misc.log3, 463 sctp_clog.x.misc.log4); 464 #endif 465 } 466 467 #ifdef SCTP_MBCNT_LOGGING 468 static void 469 sctp_log_mbcnt(uint8_t from, uint32_t total_oq, uint32_t book, uint32_t total_mbcnt_q, uint32_t mbcnt) 470 { 471 #if defined(SCTP_LOCAL_TRACE_BUF) 472 struct sctp_cwnd_log sctp_clog; 473 474 sctp_clog.x.mbcnt.total_queue_size = total_oq; 475 sctp_clog.x.mbcnt.size_change = book; 476 sctp_clog.x.mbcnt.total_queue_mb_size = total_mbcnt_q; 477 sctp_clog.x.mbcnt.mbcnt_change = mbcnt; 478 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 479 SCTP_LOG_EVENT_MBCNT, 480 from, 481 sctp_clog.x.misc.log1, 482 sctp_clog.x.misc.log2, 483 sctp_clog.x.misc.log3, 484 sctp_clog.x.misc.log4); 485 #endif 486 } 487 #endif 488 489 void 490 sctp_misc_ints(uint8_t from, uint32_t a, uint32_t b, uint32_t c, uint32_t d) 491 { 492 #if defined(SCTP_LOCAL_TRACE_BUF) 493 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 494 SCTP_LOG_MISC_EVENT, 495 from, 496 a, b, c, d); 497 #endif 498 } 499 500 void 501 sctp_wakeup_log(struct sctp_tcb *stcb, uint32_t wake_cnt, int from) 502 { 503 #if defined(SCTP_LOCAL_TRACE_BUF) 504 struct sctp_cwnd_log sctp_clog; 505 506 sctp_clog.x.wake.stcb = (void *)stcb; 507 sctp_clog.x.wake.wake_cnt = wake_cnt; 508 sctp_clog.x.wake.flight = stcb->asoc.total_flight_count; 509 sctp_clog.x.wake.send_q = stcb->asoc.send_queue_cnt; 510 sctp_clog.x.wake.sent_q = stcb->asoc.sent_queue_cnt; 511 512 if (stcb->asoc.stream_queue_cnt < 0xff) 513 sctp_clog.x.wake.stream_qcnt = (uint8_t)stcb->asoc.stream_queue_cnt; 514 else 515 sctp_clog.x.wake.stream_qcnt = 0xff; 516 517 if (stcb->asoc.chunks_on_out_queue < 0xff) 518 sctp_clog.x.wake.chunks_on_oque = (uint8_t)stcb->asoc.chunks_on_out_queue; 519 else 520 sctp_clog.x.wake.chunks_on_oque = 0xff; 521 522 sctp_clog.x.wake.sctpflags = 0; 523 /* set in the defered mode stuff */ 524 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE) 525 sctp_clog.x.wake.sctpflags |= 1; 526 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT) 527 sctp_clog.x.wake.sctpflags |= 2; 528 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT) 529 sctp_clog.x.wake.sctpflags |= 4; 530 /* what about the sb */ 531 if (stcb->sctp_socket) { 532 struct socket *so = stcb->sctp_socket; 533 534 sctp_clog.x.wake.sbflags = (uint8_t)((so->so_snd.sb_flags & 0x00ff)); 535 } else { 536 sctp_clog.x.wake.sbflags = 0xff; 537 } 538 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 539 SCTP_LOG_EVENT_WAKE, 540 from, 541 sctp_clog.x.misc.log1, 542 sctp_clog.x.misc.log2, 543 sctp_clog.x.misc.log3, 544 sctp_clog.x.misc.log4); 545 #endif 546 } 547 548 void 549 sctp_log_block(uint8_t from, struct sctp_association *asoc, ssize_t sendlen) 550 { 551 #if defined(SCTP_LOCAL_TRACE_BUF) 552 struct sctp_cwnd_log sctp_clog; 553 554 sctp_clog.x.blk.onsb = asoc->total_output_queue_size; 555 sctp_clog.x.blk.send_sent_qcnt = (uint16_t)(asoc->send_queue_cnt + asoc->sent_queue_cnt); 556 sctp_clog.x.blk.peer_rwnd = asoc->peers_rwnd; 557 sctp_clog.x.blk.stream_qcnt = (uint16_t)asoc->stream_queue_cnt; 558 sctp_clog.x.blk.chunks_on_oque = (uint16_t)asoc->chunks_on_out_queue; 559 sctp_clog.x.blk.flight_size = (uint16_t)(asoc->total_flight / 1024); 560 sctp_clog.x.blk.sndlen = (uint32_t)sendlen; 561 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 562 SCTP_LOG_EVENT_BLOCK, 563 from, 564 sctp_clog.x.misc.log1, 565 sctp_clog.x.misc.log2, 566 sctp_clog.x.misc.log3, 567 sctp_clog.x.misc.log4); 568 #endif 569 } 570 571 int 572 sctp_fill_stat_log(void *optval SCTP_UNUSED, size_t *optsize SCTP_UNUSED) 573 { 574 /* May need to fix this if ktrdump does not work */ 575 return (0); 576 } 577 578 #ifdef SCTP_AUDITING_ENABLED 579 uint8_t sctp_audit_data[SCTP_AUDIT_SIZE][2]; 580 static int sctp_audit_indx = 0; 581 582 static 583 void 584 sctp_print_audit_report(void) 585 { 586 int i; 587 int cnt; 588 589 cnt = 0; 590 for (i = sctp_audit_indx; i < SCTP_AUDIT_SIZE; i++) { 591 if ((sctp_audit_data[i][0] == 0xe0) && 592 (sctp_audit_data[i][1] == 0x01)) { 593 cnt = 0; 594 SCTP_PRINTF("\n"); 595 } else if (sctp_audit_data[i][0] == 0xf0) { 596 cnt = 0; 597 SCTP_PRINTF("\n"); 598 } else if ((sctp_audit_data[i][0] == 0xc0) && 599 (sctp_audit_data[i][1] == 0x01)) { 600 SCTP_PRINTF("\n"); 601 cnt = 0; 602 } 603 SCTP_PRINTF("%2.2x%2.2x ", (uint32_t)sctp_audit_data[i][0], 604 (uint32_t)sctp_audit_data[i][1]); 605 cnt++; 606 if ((cnt % 14) == 0) 607 SCTP_PRINTF("\n"); 608 } 609 for (i = 0; i < sctp_audit_indx; i++) { 610 if ((sctp_audit_data[i][0] == 0xe0) && 611 (sctp_audit_data[i][1] == 0x01)) { 612 cnt = 0; 613 SCTP_PRINTF("\n"); 614 } else if (sctp_audit_data[i][0] == 0xf0) { 615 cnt = 0; 616 SCTP_PRINTF("\n"); 617 } else if ((sctp_audit_data[i][0] == 0xc0) && 618 (sctp_audit_data[i][1] == 0x01)) { 619 SCTP_PRINTF("\n"); 620 cnt = 0; 621 } 622 SCTP_PRINTF("%2.2x%2.2x ", (uint32_t)sctp_audit_data[i][0], 623 (uint32_t)sctp_audit_data[i][1]); 624 cnt++; 625 if ((cnt % 14) == 0) 626 SCTP_PRINTF("\n"); 627 } 628 SCTP_PRINTF("\n"); 629 } 630 631 void 632 sctp_auditing(int from, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 633 struct sctp_nets *net) 634 { 635 int resend_cnt, tot_out, rep, tot_book_cnt; 636 struct sctp_nets *lnet; 637 struct sctp_tmit_chunk *chk; 638 639 sctp_audit_data[sctp_audit_indx][0] = 0xAA; 640 sctp_audit_data[sctp_audit_indx][1] = 0x000000ff & from; 641 sctp_audit_indx++; 642 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 643 sctp_audit_indx = 0; 644 } 645 if (inp == NULL) { 646 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 647 sctp_audit_data[sctp_audit_indx][1] = 0x01; 648 sctp_audit_indx++; 649 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 650 sctp_audit_indx = 0; 651 } 652 return; 653 } 654 if (stcb == NULL) { 655 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 656 sctp_audit_data[sctp_audit_indx][1] = 0x02; 657 sctp_audit_indx++; 658 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 659 sctp_audit_indx = 0; 660 } 661 return; 662 } 663 sctp_audit_data[sctp_audit_indx][0] = 0xA1; 664 sctp_audit_data[sctp_audit_indx][1] = 665 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 666 sctp_audit_indx++; 667 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 668 sctp_audit_indx = 0; 669 } 670 rep = 0; 671 tot_book_cnt = 0; 672 resend_cnt = tot_out = 0; 673 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 674 if (chk->sent == SCTP_DATAGRAM_RESEND) { 675 resend_cnt++; 676 } else if (chk->sent < SCTP_DATAGRAM_RESEND) { 677 tot_out += chk->book_size; 678 tot_book_cnt++; 679 } 680 } 681 if (resend_cnt != stcb->asoc.sent_queue_retran_cnt) { 682 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 683 sctp_audit_data[sctp_audit_indx][1] = 0xA1; 684 sctp_audit_indx++; 685 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 686 sctp_audit_indx = 0; 687 } 688 SCTP_PRINTF("resend_cnt:%d asoc-tot:%d\n", 689 resend_cnt, stcb->asoc.sent_queue_retran_cnt); 690 rep = 1; 691 stcb->asoc.sent_queue_retran_cnt = resend_cnt; 692 sctp_audit_data[sctp_audit_indx][0] = 0xA2; 693 sctp_audit_data[sctp_audit_indx][1] = 694 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 695 sctp_audit_indx++; 696 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 697 sctp_audit_indx = 0; 698 } 699 } 700 if (tot_out != stcb->asoc.total_flight) { 701 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 702 sctp_audit_data[sctp_audit_indx][1] = 0xA2; 703 sctp_audit_indx++; 704 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 705 sctp_audit_indx = 0; 706 } 707 rep = 1; 708 SCTP_PRINTF("tot_flt:%d asoc_tot:%d\n", tot_out, 709 (int)stcb->asoc.total_flight); 710 stcb->asoc.total_flight = tot_out; 711 } 712 if (tot_book_cnt != stcb->asoc.total_flight_count) { 713 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 714 sctp_audit_data[sctp_audit_indx][1] = 0xA5; 715 sctp_audit_indx++; 716 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 717 sctp_audit_indx = 0; 718 } 719 rep = 1; 720 SCTP_PRINTF("tot_flt_book:%d\n", tot_book_cnt); 721 722 stcb->asoc.total_flight_count = tot_book_cnt; 723 } 724 tot_out = 0; 725 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 726 tot_out += lnet->flight_size; 727 } 728 if (tot_out != stcb->asoc.total_flight) { 729 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 730 sctp_audit_data[sctp_audit_indx][1] = 0xA3; 731 sctp_audit_indx++; 732 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 733 sctp_audit_indx = 0; 734 } 735 rep = 1; 736 SCTP_PRINTF("real flight:%d net total was %d\n", 737 stcb->asoc.total_flight, tot_out); 738 /* now corrective action */ 739 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 740 741 tot_out = 0; 742 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 743 if ((chk->whoTo == lnet) && 744 (chk->sent < SCTP_DATAGRAM_RESEND)) { 745 tot_out += chk->book_size; 746 } 747 } 748 if (lnet->flight_size != tot_out) { 749 SCTP_PRINTF("net:%p flight was %d corrected to %d\n", 750 (void *)lnet, lnet->flight_size, 751 tot_out); 752 lnet->flight_size = tot_out; 753 } 754 } 755 } 756 if (rep) { 757 sctp_print_audit_report(); 758 } 759 } 760 761 void 762 sctp_audit_log(uint8_t ev, uint8_t fd) 763 { 764 765 sctp_audit_data[sctp_audit_indx][0] = ev; 766 sctp_audit_data[sctp_audit_indx][1] = fd; 767 sctp_audit_indx++; 768 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 769 sctp_audit_indx = 0; 770 } 771 } 772 773 #endif 774 775 /* 776 * sctp_stop_timers_for_shutdown() should be called 777 * when entering the SHUTDOWN_SENT or SHUTDOWN_ACK_SENT 778 * state to make sure that all timers are stopped. 779 */ 780 void 781 sctp_stop_timers_for_shutdown(struct sctp_tcb *stcb) 782 { 783 struct sctp_association *asoc; 784 struct sctp_nets *net; 785 786 asoc = &stcb->asoc; 787 788 (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer); 789 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer); 790 (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer); 791 (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer); 792 (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer); 793 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 794 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer); 795 (void)SCTP_OS_TIMER_STOP(&net->hb_timer.timer); 796 } 797 } 798 799 /* 800 * A list of sizes based on typical mtu's, used only if next hop size not 801 * returned. These values MUST be multiples of 4 and MUST be ordered. 802 */ 803 static uint32_t sctp_mtu_sizes[] = { 804 68, 805 296, 806 508, 807 512, 808 544, 809 576, 810 1004, 811 1492, 812 1500, 813 1536, 814 2000, 815 2048, 816 4352, 817 4464, 818 8166, 819 17912, 820 32000, 821 65532 822 }; 823 824 /* 825 * Return the largest MTU in sctp_mtu_sizes smaller than val. 826 * If val is smaller than the minimum, just return the largest 827 * multiple of 4 smaller or equal to val. 828 * Ensure that the result is a multiple of 4. 829 */ 830 uint32_t 831 sctp_get_prev_mtu(uint32_t val) 832 { 833 uint32_t i; 834 835 val &= 0xfffffffc; 836 if (val <= sctp_mtu_sizes[0]) { 837 return (val); 838 } 839 for (i = 1; i < (sizeof(sctp_mtu_sizes) / sizeof(uint32_t)); i++) { 840 if (val <= sctp_mtu_sizes[i]) { 841 break; 842 } 843 } 844 KASSERT((sctp_mtu_sizes[i - 1] & 0x00000003) == 0, 845 ("sctp_mtu_sizes[%u] not a multiple of 4", i - 1)); 846 return (sctp_mtu_sizes[i - 1]); 847 } 848 849 /* 850 * Return the smallest MTU in sctp_mtu_sizes larger than val. 851 * If val is larger than the maximum, just return the largest multiple of 4 smaller 852 * or equal to val. 853 * Ensure that the result is a multiple of 4. 854 */ 855 uint32_t 856 sctp_get_next_mtu(uint32_t val) 857 { 858 /* select another MTU that is just bigger than this one */ 859 uint32_t i; 860 861 val &= 0xfffffffc; 862 for (i = 0; i < (sizeof(sctp_mtu_sizes) / sizeof(uint32_t)); i++) { 863 if (val < sctp_mtu_sizes[i]) { 864 KASSERT((sctp_mtu_sizes[i] & 0x00000003) == 0, 865 ("sctp_mtu_sizes[%u] not a multiple of 4", i)); 866 return (sctp_mtu_sizes[i]); 867 } 868 } 869 return (val); 870 } 871 872 void 873 sctp_fill_random_store(struct sctp_pcb *m) 874 { 875 /* 876 * Here we use the MD5/SHA-1 to hash with our good randomNumbers and 877 * our counter. The result becomes our good random numbers and we 878 * then setup to give these out. Note that we do no locking to 879 * protect this. This is ok, since if competing folks call this we 880 * will get more gobbled gook in the random store which is what we 881 * want. There is a danger that two guys will use the same random 882 * numbers, but thats ok too since that is random as well :-> 883 */ 884 m->store_at = 0; 885 (void)sctp_hmac(SCTP_HMAC, (uint8_t *)m->random_numbers, 886 sizeof(m->random_numbers), (uint8_t *)&m->random_counter, 887 sizeof(m->random_counter), (uint8_t *)m->random_store); 888 m->random_counter++; 889 } 890 891 uint32_t 892 sctp_select_initial_TSN(struct sctp_pcb *inp) 893 { 894 /* 895 * A true implementation should use random selection process to get 896 * the initial stream sequence number, using RFC1750 as a good 897 * guideline 898 */ 899 uint32_t x, *xp; 900 uint8_t *p; 901 int store_at, new_store; 902 903 if (inp->initial_sequence_debug != 0) { 904 uint32_t ret; 905 906 ret = inp->initial_sequence_debug; 907 inp->initial_sequence_debug++; 908 return (ret); 909 } 910 retry: 911 store_at = inp->store_at; 912 new_store = store_at + sizeof(uint32_t); 913 if (new_store >= (SCTP_SIGNATURE_SIZE - 3)) { 914 new_store = 0; 915 } 916 if (!atomic_cmpset_int(&inp->store_at, store_at, new_store)) { 917 goto retry; 918 } 919 if (new_store == 0) { 920 /* Refill the random store */ 921 sctp_fill_random_store(inp); 922 } 923 p = &inp->random_store[store_at]; 924 xp = (uint32_t *)p; 925 x = *xp; 926 return (x); 927 } 928 929 uint32_t 930 sctp_select_a_tag(struct sctp_inpcb *inp, uint16_t lport, uint16_t rport, int check) 931 { 932 uint32_t x; 933 struct timeval now; 934 935 if (check) { 936 (void)SCTP_GETTIME_TIMEVAL(&now); 937 } 938 for (;;) { 939 x = sctp_select_initial_TSN(&inp->sctp_ep); 940 if (x == 0) { 941 /* we never use 0 */ 942 continue; 943 } 944 if (!check || sctp_is_vtag_good(x, lport, rport, &now)) { 945 break; 946 } 947 } 948 return (x); 949 } 950 951 int32_t 952 sctp_map_assoc_state(int kernel_state) 953 { 954 int32_t user_state; 955 956 if (kernel_state & SCTP_STATE_WAS_ABORTED) { 957 user_state = SCTP_CLOSED; 958 } else if (kernel_state & SCTP_STATE_SHUTDOWN_PENDING) { 959 user_state = SCTP_SHUTDOWN_PENDING; 960 } else { 961 switch (kernel_state & SCTP_STATE_MASK) { 962 case SCTP_STATE_EMPTY: 963 user_state = SCTP_CLOSED; 964 break; 965 case SCTP_STATE_INUSE: 966 user_state = SCTP_CLOSED; 967 break; 968 case SCTP_STATE_COOKIE_WAIT: 969 user_state = SCTP_COOKIE_WAIT; 970 break; 971 case SCTP_STATE_COOKIE_ECHOED: 972 user_state = SCTP_COOKIE_ECHOED; 973 break; 974 case SCTP_STATE_OPEN: 975 user_state = SCTP_ESTABLISHED; 976 break; 977 case SCTP_STATE_SHUTDOWN_SENT: 978 user_state = SCTP_SHUTDOWN_SENT; 979 break; 980 case SCTP_STATE_SHUTDOWN_RECEIVED: 981 user_state = SCTP_SHUTDOWN_RECEIVED; 982 break; 983 case SCTP_STATE_SHUTDOWN_ACK_SENT: 984 user_state = SCTP_SHUTDOWN_ACK_SENT; 985 break; 986 default: 987 user_state = SCTP_CLOSED; 988 break; 989 } 990 } 991 return (user_state); 992 } 993 994 int 995 sctp_init_asoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 996 uint32_t override_tag, uint32_t vrf_id, uint16_t o_strms) 997 { 998 struct sctp_association *asoc; 999 1000 /* 1001 * Anything set to zero is taken care of by the allocation routine's 1002 * bzero 1003 */ 1004 1005 /* 1006 * Up front select what scoping to apply on addresses I tell my peer 1007 * Not sure what to do with these right now, we will need to come up 1008 * with a way to set them. We may need to pass them through from the 1009 * caller in the sctp_aloc_assoc() function. 1010 */ 1011 int i; 1012 #if defined(SCTP_DETAILED_STR_STATS) 1013 int j; 1014 #endif 1015 1016 asoc = &stcb->asoc; 1017 /* init all variables to a known value. */ 1018 SCTP_SET_STATE(stcb, SCTP_STATE_INUSE); 1019 asoc->max_burst = inp->sctp_ep.max_burst; 1020 asoc->fr_max_burst = inp->sctp_ep.fr_max_burst; 1021 asoc->heart_beat_delay = TICKS_TO_MSEC(inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_HEARTBEAT]); 1022 asoc->cookie_life = inp->sctp_ep.def_cookie_life; 1023 asoc->sctp_cmt_on_off = inp->sctp_cmt_on_off; 1024 asoc->ecn_supported = inp->ecn_supported; 1025 asoc->prsctp_supported = inp->prsctp_supported; 1026 asoc->idata_supported = inp->idata_supported; 1027 asoc->auth_supported = inp->auth_supported; 1028 asoc->asconf_supported = inp->asconf_supported; 1029 asoc->reconfig_supported = inp->reconfig_supported; 1030 asoc->nrsack_supported = inp->nrsack_supported; 1031 asoc->pktdrop_supported = inp->pktdrop_supported; 1032 asoc->idata_supported = inp->idata_supported; 1033 asoc->sctp_cmt_pf = (uint8_t)0; 1034 asoc->sctp_frag_point = inp->sctp_frag_point; 1035 asoc->sctp_features = inp->sctp_features; 1036 asoc->default_dscp = inp->sctp_ep.default_dscp; 1037 asoc->max_cwnd = inp->max_cwnd; 1038 #ifdef INET6 1039 if (inp->sctp_ep.default_flowlabel) { 1040 asoc->default_flowlabel = inp->sctp_ep.default_flowlabel; 1041 } else { 1042 if (inp->ip_inp.inp.inp_flags & IN6P_AUTOFLOWLABEL) { 1043 asoc->default_flowlabel = sctp_select_initial_TSN(&inp->sctp_ep); 1044 asoc->default_flowlabel &= 0x000fffff; 1045 asoc->default_flowlabel |= 0x80000000; 1046 } else { 1047 asoc->default_flowlabel = 0; 1048 } 1049 } 1050 #endif 1051 asoc->sb_send_resv = 0; 1052 if (override_tag) { 1053 asoc->my_vtag = override_tag; 1054 } else { 1055 asoc->my_vtag = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 1); 1056 } 1057 /* Get the nonce tags */ 1058 asoc->my_vtag_nonce = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 0); 1059 asoc->peer_vtag_nonce = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 0); 1060 asoc->vrf_id = vrf_id; 1061 1062 #ifdef SCTP_ASOCLOG_OF_TSNS 1063 asoc->tsn_in_at = 0; 1064 asoc->tsn_out_at = 0; 1065 asoc->tsn_in_wrapped = 0; 1066 asoc->tsn_out_wrapped = 0; 1067 asoc->cumack_log_at = 0; 1068 asoc->cumack_log_atsnt = 0; 1069 #endif 1070 #ifdef SCTP_FS_SPEC_LOG 1071 asoc->fs_index = 0; 1072 #endif 1073 asoc->refcnt = 0; 1074 asoc->assoc_up_sent = 0; 1075 asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number = asoc->sending_seq = 1076 sctp_select_initial_TSN(&inp->sctp_ep); 1077 asoc->asconf_seq_out_acked = asoc->asconf_seq_out - 1; 1078 /* we are optimisitic here */ 1079 asoc->peer_supports_nat = 0; 1080 asoc->sent_queue_retran_cnt = 0; 1081 1082 /* for CMT */ 1083 asoc->last_net_cmt_send_started = NULL; 1084 1085 /* This will need to be adjusted */ 1086 asoc->last_acked_seq = asoc->init_seq_number - 1; 1087 asoc->advanced_peer_ack_point = asoc->last_acked_seq; 1088 asoc->asconf_seq_in = asoc->last_acked_seq; 1089 1090 /* here we are different, we hold the next one we expect */ 1091 asoc->str_reset_seq_in = asoc->last_acked_seq + 1; 1092 1093 asoc->initial_init_rto_max = inp->sctp_ep.initial_init_rto_max; 1094 asoc->initial_rto = inp->sctp_ep.initial_rto; 1095 1096 asoc->default_mtu = inp->sctp_ep.default_mtu; 1097 asoc->max_init_times = inp->sctp_ep.max_init_times; 1098 asoc->max_send_times = inp->sctp_ep.max_send_times; 1099 asoc->def_net_failure = inp->sctp_ep.def_net_failure; 1100 asoc->def_net_pf_threshold = inp->sctp_ep.def_net_pf_threshold; 1101 asoc->free_chunk_cnt = 0; 1102 1103 asoc->iam_blocking = 0; 1104 asoc->context = inp->sctp_context; 1105 asoc->local_strreset_support = inp->local_strreset_support; 1106 asoc->def_send = inp->def_send; 1107 asoc->delayed_ack = TICKS_TO_MSEC(inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_RECV]); 1108 asoc->sack_freq = inp->sctp_ep.sctp_sack_freq; 1109 asoc->pr_sctp_cnt = 0; 1110 asoc->total_output_queue_size = 0; 1111 1112 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 1113 asoc->scope.ipv6_addr_legal = 1; 1114 if (SCTP_IPV6_V6ONLY(inp) == 0) { 1115 asoc->scope.ipv4_addr_legal = 1; 1116 } else { 1117 asoc->scope.ipv4_addr_legal = 0; 1118 } 1119 } else { 1120 asoc->scope.ipv6_addr_legal = 0; 1121 asoc->scope.ipv4_addr_legal = 1; 1122 } 1123 1124 asoc->my_rwnd = max(SCTP_SB_LIMIT_RCV(inp->sctp_socket), SCTP_MINIMAL_RWND); 1125 asoc->peers_rwnd = SCTP_SB_LIMIT_RCV(inp->sctp_socket); 1126 1127 asoc->smallest_mtu = inp->sctp_frag_point; 1128 asoc->minrto = inp->sctp_ep.sctp_minrto; 1129 asoc->maxrto = inp->sctp_ep.sctp_maxrto; 1130 1131 asoc->stream_locked_on = 0; 1132 asoc->ecn_echo_cnt_onq = 0; 1133 asoc->stream_locked = 0; 1134 1135 asoc->send_sack = 1; 1136 1137 LIST_INIT(&asoc->sctp_restricted_addrs); 1138 1139 TAILQ_INIT(&asoc->nets); 1140 TAILQ_INIT(&asoc->pending_reply_queue); 1141 TAILQ_INIT(&asoc->asconf_ack_sent); 1142 /* Setup to fill the hb random cache at first HB */ 1143 asoc->hb_random_idx = 4; 1144 1145 asoc->sctp_autoclose_ticks = inp->sctp_ep.auto_close_time; 1146 1147 stcb->asoc.congestion_control_module = inp->sctp_ep.sctp_default_cc_module; 1148 stcb->asoc.cc_functions = sctp_cc_functions[inp->sctp_ep.sctp_default_cc_module]; 1149 1150 stcb->asoc.stream_scheduling_module = inp->sctp_ep.sctp_default_ss_module; 1151 stcb->asoc.ss_functions = sctp_ss_functions[inp->sctp_ep.sctp_default_ss_module]; 1152 1153 /* 1154 * Now the stream parameters, here we allocate space for all streams 1155 * that we request by default. 1156 */ 1157 asoc->strm_realoutsize = asoc->streamoutcnt = asoc->pre_open_streams = 1158 o_strms; 1159 SCTP_MALLOC(asoc->strmout, struct sctp_stream_out *, 1160 asoc->streamoutcnt * sizeof(struct sctp_stream_out), 1161 SCTP_M_STRMO); 1162 if (asoc->strmout == NULL) { 1163 /* big trouble no memory */ 1164 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1165 return (ENOMEM); 1166 } 1167 for (i = 0; i < asoc->streamoutcnt; i++) { 1168 /* 1169 * inbound side must be set to 0xffff, also NOTE when we get 1170 * the INIT-ACK back (for INIT sender) we MUST reduce the 1171 * count (streamoutcnt) but first check if we sent to any of 1172 * the upper streams that were dropped (if some were). Those 1173 * that were dropped must be notified to the upper layer as 1174 * failed to send. 1175 */ 1176 asoc->strmout[i].next_mid_ordered = 0; 1177 asoc->strmout[i].next_mid_unordered = 0; 1178 TAILQ_INIT(&asoc->strmout[i].outqueue); 1179 asoc->strmout[i].chunks_on_queues = 0; 1180 #if defined(SCTP_DETAILED_STR_STATS) 1181 for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) { 1182 asoc->strmout[i].abandoned_sent[j] = 0; 1183 asoc->strmout[i].abandoned_unsent[j] = 0; 1184 } 1185 #else 1186 asoc->strmout[i].abandoned_sent[0] = 0; 1187 asoc->strmout[i].abandoned_unsent[0] = 0; 1188 #endif 1189 asoc->strmout[i].sid = i; 1190 asoc->strmout[i].last_msg_incomplete = 0; 1191 asoc->strmout[i].state = SCTP_STREAM_OPENING; 1192 asoc->ss_functions.sctp_ss_init_stream(stcb, &asoc->strmout[i], NULL); 1193 } 1194 asoc->ss_functions.sctp_ss_init(stcb, asoc, 0); 1195 1196 /* Now the mapping array */ 1197 asoc->mapping_array_size = SCTP_INITIAL_MAPPING_ARRAY; 1198 SCTP_MALLOC(asoc->mapping_array, uint8_t *, asoc->mapping_array_size, 1199 SCTP_M_MAP); 1200 if (asoc->mapping_array == NULL) { 1201 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 1202 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1203 return (ENOMEM); 1204 } 1205 memset(asoc->mapping_array, 0, asoc->mapping_array_size); 1206 SCTP_MALLOC(asoc->nr_mapping_array, uint8_t *, asoc->mapping_array_size, 1207 SCTP_M_MAP); 1208 if (asoc->nr_mapping_array == NULL) { 1209 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 1210 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 1211 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1212 return (ENOMEM); 1213 } 1214 memset(asoc->nr_mapping_array, 0, asoc->mapping_array_size); 1215 1216 /* Now the init of the other outqueues */ 1217 TAILQ_INIT(&asoc->free_chunks); 1218 TAILQ_INIT(&asoc->control_send_queue); 1219 TAILQ_INIT(&asoc->asconf_send_queue); 1220 TAILQ_INIT(&asoc->send_queue); 1221 TAILQ_INIT(&asoc->sent_queue); 1222 TAILQ_INIT(&asoc->resetHead); 1223 asoc->max_inbound_streams = inp->sctp_ep.max_open_streams_intome; 1224 TAILQ_INIT(&asoc->asconf_queue); 1225 /* authentication fields */ 1226 asoc->authinfo.random = NULL; 1227 asoc->authinfo.active_keyid = 0; 1228 asoc->authinfo.assoc_key = NULL; 1229 asoc->authinfo.assoc_keyid = 0; 1230 asoc->authinfo.recv_key = NULL; 1231 asoc->authinfo.recv_keyid = 0; 1232 LIST_INIT(&asoc->shared_keys); 1233 asoc->marked_retrans = 0; 1234 asoc->port = inp->sctp_ep.port; 1235 asoc->timoinit = 0; 1236 asoc->timodata = 0; 1237 asoc->timosack = 0; 1238 asoc->timoshutdown = 0; 1239 asoc->timoheartbeat = 0; 1240 asoc->timocookie = 0; 1241 asoc->timoshutdownack = 0; 1242 (void)SCTP_GETTIME_TIMEVAL(&asoc->start_time); 1243 asoc->discontinuity_time = asoc->start_time; 1244 for (i = 0; i < SCTP_PR_SCTP_MAX + 1; i++) { 1245 asoc->abandoned_unsent[i] = 0; 1246 asoc->abandoned_sent[i] = 0; 1247 } 1248 /* 1249 * sa_ignore MEMLEAK {memory is put in the assoc mapping array and 1250 * freed later when the association is freed. 1251 */ 1252 return (0); 1253 } 1254 1255 void 1256 sctp_print_mapping_array(struct sctp_association *asoc) 1257 { 1258 unsigned int i, limit; 1259 1260 SCTP_PRINTF("Mapping array size: %d, baseTSN: %8.8x, cumAck: %8.8x, highestTSN: (%8.8x, %8.8x).\n", 1261 asoc->mapping_array_size, 1262 asoc->mapping_array_base_tsn, 1263 asoc->cumulative_tsn, 1264 asoc->highest_tsn_inside_map, 1265 asoc->highest_tsn_inside_nr_map); 1266 for (limit = asoc->mapping_array_size; limit > 1; limit--) { 1267 if (asoc->mapping_array[limit - 1] != 0) { 1268 break; 1269 } 1270 } 1271 SCTP_PRINTF("Renegable mapping array (last %d entries are zero):\n", asoc->mapping_array_size - limit); 1272 for (i = 0; i < limit; i++) { 1273 SCTP_PRINTF("%2.2x%c", asoc->mapping_array[i], ((i + 1) % 16) ? ' ' : '\n'); 1274 } 1275 if (limit % 16) 1276 SCTP_PRINTF("\n"); 1277 for (limit = asoc->mapping_array_size; limit > 1; limit--) { 1278 if (asoc->nr_mapping_array[limit - 1]) { 1279 break; 1280 } 1281 } 1282 SCTP_PRINTF("Non renegable mapping array (last %d entries are zero):\n", asoc->mapping_array_size - limit); 1283 for (i = 0; i < limit; i++) { 1284 SCTP_PRINTF("%2.2x%c", asoc->nr_mapping_array[i], ((i + 1) % 16) ? ' ' : '\n'); 1285 } 1286 if (limit % 16) 1287 SCTP_PRINTF("\n"); 1288 } 1289 1290 int 1291 sctp_expand_mapping_array(struct sctp_association *asoc, uint32_t needed) 1292 { 1293 /* mapping array needs to grow */ 1294 uint8_t *new_array1, *new_array2; 1295 uint32_t new_size; 1296 1297 new_size = asoc->mapping_array_size + ((needed + 7) / 8 + SCTP_MAPPING_ARRAY_INCR); 1298 SCTP_MALLOC(new_array1, uint8_t *, new_size, SCTP_M_MAP); 1299 SCTP_MALLOC(new_array2, uint8_t *, new_size, SCTP_M_MAP); 1300 if ((new_array1 == NULL) || (new_array2 == NULL)) { 1301 /* can't get more, forget it */ 1302 SCTP_PRINTF("No memory for expansion of SCTP mapping array %d\n", new_size); 1303 if (new_array1) { 1304 SCTP_FREE(new_array1, SCTP_M_MAP); 1305 } 1306 if (new_array2) { 1307 SCTP_FREE(new_array2, SCTP_M_MAP); 1308 } 1309 return (-1); 1310 } 1311 memset(new_array1, 0, new_size); 1312 memset(new_array2, 0, new_size); 1313 memcpy(new_array1, asoc->mapping_array, asoc->mapping_array_size); 1314 memcpy(new_array2, asoc->nr_mapping_array, asoc->mapping_array_size); 1315 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 1316 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP); 1317 asoc->mapping_array = new_array1; 1318 asoc->nr_mapping_array = new_array2; 1319 asoc->mapping_array_size = new_size; 1320 return (0); 1321 } 1322 1323 1324 static void 1325 sctp_iterator_work(struct sctp_iterator *it) 1326 { 1327 int iteration_count = 0; 1328 int inp_skip = 0; 1329 int first_in = 1; 1330 struct sctp_inpcb *tinp; 1331 1332 SCTP_INP_INFO_RLOCK(); 1333 SCTP_ITERATOR_LOCK(); 1334 sctp_it_ctl.cur_it = it; 1335 if (it->inp) { 1336 SCTP_INP_RLOCK(it->inp); 1337 SCTP_INP_DECR_REF(it->inp); 1338 } 1339 if (it->inp == NULL) { 1340 /* iterator is complete */ 1341 done_with_iterator: 1342 sctp_it_ctl.cur_it = NULL; 1343 SCTP_ITERATOR_UNLOCK(); 1344 SCTP_INP_INFO_RUNLOCK(); 1345 if (it->function_atend != NULL) { 1346 (*it->function_atend) (it->pointer, it->val); 1347 } 1348 SCTP_FREE(it, SCTP_M_ITER); 1349 return; 1350 } 1351 select_a_new_ep: 1352 if (first_in) { 1353 first_in = 0; 1354 } else { 1355 SCTP_INP_RLOCK(it->inp); 1356 } 1357 while (((it->pcb_flags) && 1358 ((it->inp->sctp_flags & it->pcb_flags) != it->pcb_flags)) || 1359 ((it->pcb_features) && 1360 ((it->inp->sctp_features & it->pcb_features) != it->pcb_features))) { 1361 /* endpoint flags or features don't match, so keep looking */ 1362 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 1363 SCTP_INP_RUNLOCK(it->inp); 1364 goto done_with_iterator; 1365 } 1366 tinp = it->inp; 1367 it->inp = LIST_NEXT(it->inp, sctp_list); 1368 SCTP_INP_RUNLOCK(tinp); 1369 if (it->inp == NULL) { 1370 goto done_with_iterator; 1371 } 1372 SCTP_INP_RLOCK(it->inp); 1373 } 1374 /* now go through each assoc which is in the desired state */ 1375 if (it->done_current_ep == 0) { 1376 if (it->function_inp != NULL) 1377 inp_skip = (*it->function_inp) (it->inp, it->pointer, it->val); 1378 it->done_current_ep = 1; 1379 } 1380 if (it->stcb == NULL) { 1381 /* run the per instance function */ 1382 it->stcb = LIST_FIRST(&it->inp->sctp_asoc_list); 1383 } 1384 if ((inp_skip) || it->stcb == NULL) { 1385 if (it->function_inp_end != NULL) { 1386 inp_skip = (*it->function_inp_end) (it->inp, 1387 it->pointer, 1388 it->val); 1389 } 1390 SCTP_INP_RUNLOCK(it->inp); 1391 goto no_stcb; 1392 } 1393 while (it->stcb) { 1394 SCTP_TCB_LOCK(it->stcb); 1395 if (it->asoc_state && ((it->stcb->asoc.state & it->asoc_state) != it->asoc_state)) { 1396 /* not in the right state... keep looking */ 1397 SCTP_TCB_UNLOCK(it->stcb); 1398 goto next_assoc; 1399 } 1400 /* see if we have limited out the iterator loop */ 1401 iteration_count++; 1402 if (iteration_count > SCTP_ITERATOR_MAX_AT_ONCE) { 1403 /* Pause to let others grab the lock */ 1404 atomic_add_int(&it->stcb->asoc.refcnt, 1); 1405 SCTP_TCB_UNLOCK(it->stcb); 1406 SCTP_INP_INCR_REF(it->inp); 1407 SCTP_INP_RUNLOCK(it->inp); 1408 SCTP_ITERATOR_UNLOCK(); 1409 SCTP_INP_INFO_RUNLOCK(); 1410 SCTP_INP_INFO_RLOCK(); 1411 SCTP_ITERATOR_LOCK(); 1412 if (sctp_it_ctl.iterator_flags) { 1413 /* We won't be staying here */ 1414 SCTP_INP_DECR_REF(it->inp); 1415 atomic_add_int(&it->stcb->asoc.refcnt, -1); 1416 if (sctp_it_ctl.iterator_flags & 1417 SCTP_ITERATOR_STOP_CUR_IT) { 1418 sctp_it_ctl.iterator_flags &= ~SCTP_ITERATOR_STOP_CUR_IT; 1419 goto done_with_iterator; 1420 } 1421 if (sctp_it_ctl.iterator_flags & 1422 SCTP_ITERATOR_STOP_CUR_INP) { 1423 sctp_it_ctl.iterator_flags &= ~SCTP_ITERATOR_STOP_CUR_INP; 1424 goto no_stcb; 1425 } 1426 /* If we reach here huh? */ 1427 SCTP_PRINTF("Unknown it ctl flag %x\n", 1428 sctp_it_ctl.iterator_flags); 1429 sctp_it_ctl.iterator_flags = 0; 1430 } 1431 SCTP_INP_RLOCK(it->inp); 1432 SCTP_INP_DECR_REF(it->inp); 1433 SCTP_TCB_LOCK(it->stcb); 1434 atomic_add_int(&it->stcb->asoc.refcnt, -1); 1435 iteration_count = 0; 1436 } 1437 1438 /* run function on this one */ 1439 (*it->function_assoc) (it->inp, it->stcb, it->pointer, it->val); 1440 1441 /* 1442 * we lie here, it really needs to have its own type but 1443 * first I must verify that this won't effect things :-0 1444 */ 1445 if (it->no_chunk_output == 0) 1446 sctp_chunk_output(it->inp, it->stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1447 1448 SCTP_TCB_UNLOCK(it->stcb); 1449 next_assoc: 1450 it->stcb = LIST_NEXT(it->stcb, sctp_tcblist); 1451 if (it->stcb == NULL) { 1452 /* Run last function */ 1453 if (it->function_inp_end != NULL) { 1454 inp_skip = (*it->function_inp_end) (it->inp, 1455 it->pointer, 1456 it->val); 1457 } 1458 } 1459 } 1460 SCTP_INP_RUNLOCK(it->inp); 1461 no_stcb: 1462 /* done with all assocs on this endpoint, move on to next endpoint */ 1463 it->done_current_ep = 0; 1464 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 1465 it->inp = NULL; 1466 } else { 1467 it->inp = LIST_NEXT(it->inp, sctp_list); 1468 } 1469 if (it->inp == NULL) { 1470 goto done_with_iterator; 1471 } 1472 goto select_a_new_ep; 1473 } 1474 1475 void 1476 sctp_iterator_worker(void) 1477 { 1478 struct sctp_iterator *it, *nit; 1479 1480 /* This function is called with the WQ lock in place */ 1481 1482 sctp_it_ctl.iterator_running = 1; 1483 TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) { 1484 /* now lets work on this one */ 1485 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr); 1486 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 1487 CURVNET_SET(it->vn); 1488 sctp_iterator_work(it); 1489 CURVNET_RESTORE(); 1490 SCTP_IPI_ITERATOR_WQ_LOCK(); 1491 /* sa_ignore FREED_MEMORY */ 1492 } 1493 sctp_it_ctl.iterator_running = 0; 1494 return; 1495 } 1496 1497 1498 static void 1499 sctp_handle_addr_wq(void) 1500 { 1501 /* deal with the ADDR wq from the rtsock calls */ 1502 struct sctp_laddr *wi, *nwi; 1503 struct sctp_asconf_iterator *asc; 1504 1505 SCTP_MALLOC(asc, struct sctp_asconf_iterator *, 1506 sizeof(struct sctp_asconf_iterator), SCTP_M_ASC_IT); 1507 if (asc == NULL) { 1508 /* Try later, no memory */ 1509 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 1510 (struct sctp_inpcb *)NULL, 1511 (struct sctp_tcb *)NULL, 1512 (struct sctp_nets *)NULL); 1513 return; 1514 } 1515 LIST_INIT(&asc->list_of_work); 1516 asc->cnt = 0; 1517 1518 LIST_FOREACH_SAFE(wi, &SCTP_BASE_INFO(addr_wq), sctp_nxt_addr, nwi) { 1519 LIST_REMOVE(wi, sctp_nxt_addr); 1520 LIST_INSERT_HEAD(&asc->list_of_work, wi, sctp_nxt_addr); 1521 asc->cnt++; 1522 } 1523 1524 if (asc->cnt == 0) { 1525 SCTP_FREE(asc, SCTP_M_ASC_IT); 1526 } else { 1527 int ret; 1528 1529 ret = sctp_initiate_iterator(sctp_asconf_iterator_ep, 1530 sctp_asconf_iterator_stcb, 1531 NULL, /* No ep end for boundall */ 1532 SCTP_PCB_FLAGS_BOUNDALL, 1533 SCTP_PCB_ANY_FEATURES, 1534 SCTP_ASOC_ANY_STATE, 1535 (void *)asc, 0, 1536 sctp_asconf_iterator_end, NULL, 0); 1537 if (ret) { 1538 SCTP_PRINTF("Failed to initiate iterator for handle_addr_wq\n"); 1539 /* 1540 * Freeing if we are stopping or put back on the 1541 * addr_wq. 1542 */ 1543 if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) { 1544 sctp_asconf_iterator_end(asc, 0); 1545 } else { 1546 LIST_FOREACH(wi, &asc->list_of_work, sctp_nxt_addr) { 1547 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); 1548 } 1549 SCTP_FREE(asc, SCTP_M_ASC_IT); 1550 } 1551 } 1552 } 1553 } 1554 1555 void 1556 sctp_timeout_handler(void *t) 1557 { 1558 struct sctp_inpcb *inp; 1559 struct sctp_tcb *stcb; 1560 struct sctp_nets *net; 1561 struct sctp_timer *tmr; 1562 struct mbuf *op_err; 1563 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 1564 struct socket *so; 1565 #endif 1566 int did_output; 1567 int type; 1568 1569 tmr = (struct sctp_timer *)t; 1570 inp = (struct sctp_inpcb *)tmr->ep; 1571 stcb = (struct sctp_tcb *)tmr->tcb; 1572 net = (struct sctp_nets *)tmr->net; 1573 CURVNET_SET((struct vnet *)tmr->vnet); 1574 did_output = 1; 1575 1576 #ifdef SCTP_AUDITING_ENABLED 1577 sctp_audit_log(0xF0, (uint8_t)tmr->type); 1578 sctp_auditing(3, inp, stcb, net); 1579 #endif 1580 1581 /* sanity checks... */ 1582 if (tmr->self != (void *)tmr) { 1583 /* 1584 * SCTP_PRINTF("Stale SCTP timer fired (%p), ignoring...\n", 1585 * (void *)tmr); 1586 */ 1587 CURVNET_RESTORE(); 1588 return; 1589 } 1590 tmr->stopped_from = 0xa001; 1591 if (!SCTP_IS_TIMER_TYPE_VALID(tmr->type)) { 1592 /* 1593 * SCTP_PRINTF("SCTP timer fired with invalid type: 0x%x\n", 1594 * tmr->type); 1595 */ 1596 CURVNET_RESTORE(); 1597 return; 1598 } 1599 tmr->stopped_from = 0xa002; 1600 if ((tmr->type != SCTP_TIMER_TYPE_ADDR_WQ) && (inp == NULL)) { 1601 CURVNET_RESTORE(); 1602 return; 1603 } 1604 /* if this is an iterator timeout, get the struct and clear inp */ 1605 tmr->stopped_from = 0xa003; 1606 if (inp) { 1607 SCTP_INP_INCR_REF(inp); 1608 if ((inp->sctp_socket == NULL) && 1609 ((tmr->type != SCTP_TIMER_TYPE_INPKILL) && 1610 (tmr->type != SCTP_TIMER_TYPE_INIT) && 1611 (tmr->type != SCTP_TIMER_TYPE_SEND) && 1612 (tmr->type != SCTP_TIMER_TYPE_RECV) && 1613 (tmr->type != SCTP_TIMER_TYPE_HEARTBEAT) && 1614 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWN) && 1615 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNACK) && 1616 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNGUARD) && 1617 (tmr->type != SCTP_TIMER_TYPE_ASOCKILL))) { 1618 SCTP_INP_DECR_REF(inp); 1619 CURVNET_RESTORE(); 1620 return; 1621 } 1622 } 1623 tmr->stopped_from = 0xa004; 1624 if (stcb) { 1625 atomic_add_int(&stcb->asoc.refcnt, 1); 1626 if (stcb->asoc.state == 0) { 1627 atomic_add_int(&stcb->asoc.refcnt, -1); 1628 if (inp) { 1629 SCTP_INP_DECR_REF(inp); 1630 } 1631 CURVNET_RESTORE(); 1632 return; 1633 } 1634 } 1635 type = tmr->type; 1636 tmr->stopped_from = 0xa005; 1637 SCTPDBG(SCTP_DEBUG_TIMER1, "Timer type %d goes off\n", type); 1638 if (!SCTP_OS_TIMER_ACTIVE(&tmr->timer)) { 1639 if (inp) { 1640 SCTP_INP_DECR_REF(inp); 1641 } 1642 if (stcb) { 1643 atomic_add_int(&stcb->asoc.refcnt, -1); 1644 } 1645 CURVNET_RESTORE(); 1646 return; 1647 } 1648 tmr->stopped_from = 0xa006; 1649 1650 if (stcb) { 1651 SCTP_TCB_LOCK(stcb); 1652 atomic_add_int(&stcb->asoc.refcnt, -1); 1653 if ((type != SCTP_TIMER_TYPE_ASOCKILL) && 1654 ((stcb->asoc.state == 0) || 1655 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED))) { 1656 SCTP_TCB_UNLOCK(stcb); 1657 if (inp) { 1658 SCTP_INP_DECR_REF(inp); 1659 } 1660 CURVNET_RESTORE(); 1661 return; 1662 } 1663 } else if (inp != NULL) { 1664 if (type != SCTP_TIMER_TYPE_INPKILL) { 1665 SCTP_INP_WLOCK(inp); 1666 } 1667 } else { 1668 SCTP_WQ_ADDR_LOCK(); 1669 } 1670 /* record in stopped what t-o occurred */ 1671 tmr->stopped_from = type; 1672 1673 /* mark as being serviced now */ 1674 if (SCTP_OS_TIMER_PENDING(&tmr->timer)) { 1675 /* 1676 * Callout has been rescheduled. 1677 */ 1678 goto get_out; 1679 } 1680 if (!SCTP_OS_TIMER_ACTIVE(&tmr->timer)) { 1681 /* 1682 * Not active, so no action. 1683 */ 1684 goto get_out; 1685 } 1686 SCTP_OS_TIMER_DEACTIVATE(&tmr->timer); 1687 1688 /* call the handler for the appropriate timer type */ 1689 switch (type) { 1690 case SCTP_TIMER_TYPE_ADDR_WQ: 1691 sctp_handle_addr_wq(); 1692 break; 1693 case SCTP_TIMER_TYPE_SEND: 1694 if ((stcb == NULL) || (inp == NULL)) { 1695 break; 1696 } 1697 SCTP_STAT_INCR(sctps_timodata); 1698 stcb->asoc.timodata++; 1699 stcb->asoc.num_send_timers_up--; 1700 if (stcb->asoc.num_send_timers_up < 0) { 1701 stcb->asoc.num_send_timers_up = 0; 1702 } 1703 SCTP_TCB_LOCK_ASSERT(stcb); 1704 if (sctp_t3rxt_timer(inp, stcb, net)) { 1705 /* no need to unlock on tcb its gone */ 1706 1707 goto out_decr; 1708 } 1709 SCTP_TCB_LOCK_ASSERT(stcb); 1710 #ifdef SCTP_AUDITING_ENABLED 1711 sctp_auditing(4, inp, stcb, net); 1712 #endif 1713 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1714 if ((stcb->asoc.num_send_timers_up == 0) && 1715 (stcb->asoc.sent_queue_cnt > 0)) { 1716 struct sctp_tmit_chunk *chk; 1717 1718 /* 1719 * safeguard. If there on some on the sent queue 1720 * somewhere but no timers running something is 1721 * wrong... so we start a timer on the first chunk 1722 * on the send queue on whatever net it is sent to. 1723 */ 1724 chk = TAILQ_FIRST(&stcb->asoc.sent_queue); 1725 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, 1726 chk->whoTo); 1727 } 1728 break; 1729 case SCTP_TIMER_TYPE_INIT: 1730 if ((stcb == NULL) || (inp == NULL)) { 1731 break; 1732 } 1733 SCTP_STAT_INCR(sctps_timoinit); 1734 stcb->asoc.timoinit++; 1735 if (sctp_t1init_timer(inp, stcb, net)) { 1736 /* no need to unlock on tcb its gone */ 1737 goto out_decr; 1738 } 1739 /* We do output but not here */ 1740 did_output = 0; 1741 break; 1742 case SCTP_TIMER_TYPE_RECV: 1743 if ((stcb == NULL) || (inp == NULL)) { 1744 break; 1745 } 1746 SCTP_STAT_INCR(sctps_timosack); 1747 stcb->asoc.timosack++; 1748 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED); 1749 #ifdef SCTP_AUDITING_ENABLED 1750 sctp_auditing(4, inp, stcb, net); 1751 #endif 1752 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SACK_TMR, SCTP_SO_NOT_LOCKED); 1753 break; 1754 case SCTP_TIMER_TYPE_SHUTDOWN: 1755 if ((stcb == NULL) || (inp == NULL)) { 1756 break; 1757 } 1758 if (sctp_shutdown_timer(inp, stcb, net)) { 1759 /* no need to unlock on tcb its gone */ 1760 goto out_decr; 1761 } 1762 SCTP_STAT_INCR(sctps_timoshutdown); 1763 stcb->asoc.timoshutdown++; 1764 #ifdef SCTP_AUDITING_ENABLED 1765 sctp_auditing(4, inp, stcb, net); 1766 #endif 1767 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_TMR, SCTP_SO_NOT_LOCKED); 1768 break; 1769 case SCTP_TIMER_TYPE_HEARTBEAT: 1770 if ((stcb == NULL) || (inp == NULL) || (net == NULL)) { 1771 break; 1772 } 1773 SCTP_STAT_INCR(sctps_timoheartbeat); 1774 stcb->asoc.timoheartbeat++; 1775 if (sctp_heartbeat_timer(inp, stcb, net)) { 1776 /* no need to unlock on tcb its gone */ 1777 goto out_decr; 1778 } 1779 #ifdef SCTP_AUDITING_ENABLED 1780 sctp_auditing(4, inp, stcb, net); 1781 #endif 1782 if (!(net->dest_state & SCTP_ADDR_NOHB)) { 1783 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net); 1784 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_HB_TMR, SCTP_SO_NOT_LOCKED); 1785 } 1786 break; 1787 case SCTP_TIMER_TYPE_COOKIE: 1788 if ((stcb == NULL) || (inp == NULL)) { 1789 break; 1790 } 1791 1792 if (sctp_cookie_timer(inp, stcb, net)) { 1793 /* no need to unlock on tcb its gone */ 1794 goto out_decr; 1795 } 1796 SCTP_STAT_INCR(sctps_timocookie); 1797 stcb->asoc.timocookie++; 1798 #ifdef SCTP_AUDITING_ENABLED 1799 sctp_auditing(4, inp, stcb, net); 1800 #endif 1801 /* 1802 * We consider T3 and Cookie timer pretty much the same with 1803 * respect to where from in chunk_output. 1804 */ 1805 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1806 break; 1807 case SCTP_TIMER_TYPE_NEWCOOKIE: 1808 { 1809 struct timeval tv; 1810 int i, secret; 1811 1812 if (inp == NULL) { 1813 break; 1814 } 1815 SCTP_STAT_INCR(sctps_timosecret); 1816 (void)SCTP_GETTIME_TIMEVAL(&tv); 1817 inp->sctp_ep.time_of_secret_change = tv.tv_sec; 1818 inp->sctp_ep.last_secret_number = 1819 inp->sctp_ep.current_secret_number; 1820 inp->sctp_ep.current_secret_number++; 1821 if (inp->sctp_ep.current_secret_number >= 1822 SCTP_HOW_MANY_SECRETS) { 1823 inp->sctp_ep.current_secret_number = 0; 1824 } 1825 secret = (int)inp->sctp_ep.current_secret_number; 1826 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) { 1827 inp->sctp_ep.secret_key[secret][i] = 1828 sctp_select_initial_TSN(&inp->sctp_ep); 1829 } 1830 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, stcb, net); 1831 } 1832 did_output = 0; 1833 break; 1834 case SCTP_TIMER_TYPE_PATHMTURAISE: 1835 if ((stcb == NULL) || (inp == NULL)) { 1836 break; 1837 } 1838 SCTP_STAT_INCR(sctps_timopathmtu); 1839 sctp_pathmtu_timer(inp, stcb, net); 1840 did_output = 0; 1841 break; 1842 case SCTP_TIMER_TYPE_SHUTDOWNACK: 1843 if ((stcb == NULL) || (inp == NULL)) { 1844 break; 1845 } 1846 if (sctp_shutdownack_timer(inp, stcb, net)) { 1847 /* no need to unlock on tcb its gone */ 1848 goto out_decr; 1849 } 1850 SCTP_STAT_INCR(sctps_timoshutdownack); 1851 stcb->asoc.timoshutdownack++; 1852 #ifdef SCTP_AUDITING_ENABLED 1853 sctp_auditing(4, inp, stcb, net); 1854 #endif 1855 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_ACK_TMR, SCTP_SO_NOT_LOCKED); 1856 break; 1857 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 1858 if ((stcb == NULL) || (inp == NULL)) { 1859 break; 1860 } 1861 SCTP_STAT_INCR(sctps_timoshutdownguard); 1862 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), 1863 "Shutdown guard timer expired"); 1864 sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); 1865 /* no need to unlock on tcb its gone */ 1866 goto out_decr; 1867 1868 case SCTP_TIMER_TYPE_STRRESET: 1869 if ((stcb == NULL) || (inp == NULL)) { 1870 break; 1871 } 1872 if (sctp_strreset_timer(inp, stcb, net)) { 1873 /* no need to unlock on tcb its gone */ 1874 goto out_decr; 1875 } 1876 SCTP_STAT_INCR(sctps_timostrmrst); 1877 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_STRRST_TMR, SCTP_SO_NOT_LOCKED); 1878 break; 1879 case SCTP_TIMER_TYPE_ASCONF: 1880 if ((stcb == NULL) || (inp == NULL)) { 1881 break; 1882 } 1883 if (sctp_asconf_timer(inp, stcb, net)) { 1884 /* no need to unlock on tcb its gone */ 1885 goto out_decr; 1886 } 1887 SCTP_STAT_INCR(sctps_timoasconf); 1888 #ifdef SCTP_AUDITING_ENABLED 1889 sctp_auditing(4, inp, stcb, net); 1890 #endif 1891 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_ASCONF_TMR, SCTP_SO_NOT_LOCKED); 1892 break; 1893 case SCTP_TIMER_TYPE_PRIM_DELETED: 1894 if ((stcb == NULL) || (inp == NULL)) { 1895 break; 1896 } 1897 sctp_delete_prim_timer(inp, stcb, net); 1898 SCTP_STAT_INCR(sctps_timodelprim); 1899 break; 1900 1901 case SCTP_TIMER_TYPE_AUTOCLOSE: 1902 if ((stcb == NULL) || (inp == NULL)) { 1903 break; 1904 } 1905 SCTP_STAT_INCR(sctps_timoautoclose); 1906 sctp_autoclose_timer(inp, stcb, net); 1907 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR, SCTP_SO_NOT_LOCKED); 1908 did_output = 0; 1909 break; 1910 case SCTP_TIMER_TYPE_ASOCKILL: 1911 if ((stcb == NULL) || (inp == NULL)) { 1912 break; 1913 } 1914 SCTP_STAT_INCR(sctps_timoassockill); 1915 /* Can we free it yet? */ 1916 SCTP_INP_DECR_REF(inp); 1917 sctp_timer_stop(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL, 1918 SCTP_FROM_SCTPUTIL + SCTP_LOC_1); 1919 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 1920 so = SCTP_INP_SO(inp); 1921 atomic_add_int(&stcb->asoc.refcnt, 1); 1922 SCTP_TCB_UNLOCK(stcb); 1923 SCTP_SOCKET_LOCK(so, 1); 1924 SCTP_TCB_LOCK(stcb); 1925 atomic_subtract_int(&stcb->asoc.refcnt, 1); 1926 #endif 1927 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 1928 SCTP_FROM_SCTPUTIL + SCTP_LOC_2); 1929 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 1930 SCTP_SOCKET_UNLOCK(so, 1); 1931 #endif 1932 /* 1933 * free asoc, always unlocks (or destroy's) so prevent 1934 * duplicate unlock or unlock of a free mtx :-0 1935 */ 1936 stcb = NULL; 1937 goto out_no_decr; 1938 case SCTP_TIMER_TYPE_INPKILL: 1939 SCTP_STAT_INCR(sctps_timoinpkill); 1940 if (inp == NULL) { 1941 break; 1942 } 1943 /* 1944 * special case, take away our increment since WE are the 1945 * killer 1946 */ 1947 SCTP_INP_DECR_REF(inp); 1948 sctp_timer_stop(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL, 1949 SCTP_FROM_SCTPUTIL + SCTP_LOC_3); 1950 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 1951 SCTP_CALLED_FROM_INPKILL_TIMER); 1952 inp = NULL; 1953 goto out_no_decr; 1954 default: 1955 SCTPDBG(SCTP_DEBUG_TIMER1, "sctp_timeout_handler:unknown timer %d\n", 1956 type); 1957 break; 1958 } 1959 #ifdef SCTP_AUDITING_ENABLED 1960 sctp_audit_log(0xF1, (uint8_t)type); 1961 if (inp) 1962 sctp_auditing(5, inp, stcb, net); 1963 #endif 1964 if ((did_output) && stcb) { 1965 /* 1966 * Now we need to clean up the control chunk chain if an 1967 * ECNE is on it. It must be marked as UNSENT again so next 1968 * call will continue to send it until such time that we get 1969 * a CWR, to remove it. It is, however, less likely that we 1970 * will find a ecn echo on the chain though. 1971 */ 1972 sctp_fix_ecn_echo(&stcb->asoc); 1973 } 1974 get_out: 1975 if (stcb) { 1976 SCTP_TCB_UNLOCK(stcb); 1977 } else if (inp != NULL) { 1978 SCTP_INP_WUNLOCK(inp); 1979 } else { 1980 SCTP_WQ_ADDR_UNLOCK(); 1981 } 1982 1983 out_decr: 1984 if (inp) { 1985 SCTP_INP_DECR_REF(inp); 1986 } 1987 1988 out_no_decr: 1989 SCTPDBG(SCTP_DEBUG_TIMER1, "Timer now complete (type = %d)\n", type); 1990 CURVNET_RESTORE(); 1991 } 1992 1993 void 1994 sctp_timer_start(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 1995 struct sctp_nets *net) 1996 { 1997 uint32_t to_ticks; 1998 struct sctp_timer *tmr; 1999 2000 if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && (inp == NULL)) 2001 return; 2002 2003 tmr = NULL; 2004 if (stcb) { 2005 SCTP_TCB_LOCK_ASSERT(stcb); 2006 } 2007 switch (t_type) { 2008 case SCTP_TIMER_TYPE_ADDR_WQ: 2009 /* Only 1 tick away :-) */ 2010 tmr = &SCTP_BASE_INFO(addr_wq_timer); 2011 to_ticks = SCTP_ADDRESS_TICK_DELAY; 2012 break; 2013 case SCTP_TIMER_TYPE_SEND: 2014 /* Here we use the RTO timer */ 2015 { 2016 int rto_val; 2017 2018 if ((stcb == NULL) || (net == NULL)) { 2019 return; 2020 } 2021 tmr = &net->rxt_timer; 2022 if (net->RTO == 0) { 2023 rto_val = stcb->asoc.initial_rto; 2024 } else { 2025 rto_val = net->RTO; 2026 } 2027 to_ticks = MSEC_TO_TICKS(rto_val); 2028 } 2029 break; 2030 case SCTP_TIMER_TYPE_INIT: 2031 /* 2032 * Here we use the INIT timer default usually about 1 2033 * minute. 2034 */ 2035 if ((stcb == NULL) || (net == NULL)) { 2036 return; 2037 } 2038 tmr = &net->rxt_timer; 2039 if (net->RTO == 0) { 2040 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2041 } else { 2042 to_ticks = MSEC_TO_TICKS(net->RTO); 2043 } 2044 break; 2045 case SCTP_TIMER_TYPE_RECV: 2046 /* 2047 * Here we use the Delayed-Ack timer value from the inp 2048 * ususually about 200ms. 2049 */ 2050 if (stcb == NULL) { 2051 return; 2052 } 2053 tmr = &stcb->asoc.dack_timer; 2054 to_ticks = MSEC_TO_TICKS(stcb->asoc.delayed_ack); 2055 break; 2056 case SCTP_TIMER_TYPE_SHUTDOWN: 2057 /* Here we use the RTO of the destination. */ 2058 if ((stcb == NULL) || (net == NULL)) { 2059 return; 2060 } 2061 if (net->RTO == 0) { 2062 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2063 } else { 2064 to_ticks = MSEC_TO_TICKS(net->RTO); 2065 } 2066 tmr = &net->rxt_timer; 2067 break; 2068 case SCTP_TIMER_TYPE_HEARTBEAT: 2069 /* 2070 * the net is used here so that we can add in the RTO. Even 2071 * though we use a different timer. We also add the HB timer 2072 * PLUS a random jitter. 2073 */ 2074 if ((stcb == NULL) || (net == NULL)) { 2075 return; 2076 } else { 2077 uint32_t rndval; 2078 uint32_t jitter; 2079 2080 if ((net->dest_state & SCTP_ADDR_NOHB) && 2081 !(net->dest_state & SCTP_ADDR_UNCONFIRMED)) { 2082 return; 2083 } 2084 if (net->RTO == 0) { 2085 to_ticks = stcb->asoc.initial_rto; 2086 } else { 2087 to_ticks = net->RTO; 2088 } 2089 rndval = sctp_select_initial_TSN(&inp->sctp_ep); 2090 jitter = rndval % to_ticks; 2091 if (jitter >= (to_ticks >> 1)) { 2092 to_ticks = to_ticks + (jitter - (to_ticks >> 1)); 2093 } else { 2094 to_ticks = to_ticks - jitter; 2095 } 2096 if (!(net->dest_state & SCTP_ADDR_UNCONFIRMED) && 2097 !(net->dest_state & SCTP_ADDR_PF)) { 2098 to_ticks += net->heart_beat_delay; 2099 } 2100 /* 2101 * Now we must convert the to_ticks that are now in 2102 * ms to ticks. 2103 */ 2104 to_ticks = MSEC_TO_TICKS(to_ticks); 2105 tmr = &net->hb_timer; 2106 } 2107 break; 2108 case SCTP_TIMER_TYPE_COOKIE: 2109 /* 2110 * Here we can use the RTO timer from the network since one 2111 * RTT was compelete. If a retran happened then we will be 2112 * using the RTO initial value. 2113 */ 2114 if ((stcb == NULL) || (net == NULL)) { 2115 return; 2116 } 2117 if (net->RTO == 0) { 2118 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2119 } else { 2120 to_ticks = MSEC_TO_TICKS(net->RTO); 2121 } 2122 tmr = &net->rxt_timer; 2123 break; 2124 case SCTP_TIMER_TYPE_NEWCOOKIE: 2125 /* 2126 * nothing needed but the endpoint here ususually about 60 2127 * minutes. 2128 */ 2129 tmr = &inp->sctp_ep.signature_change; 2130 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_SIGNATURE]; 2131 break; 2132 case SCTP_TIMER_TYPE_ASOCKILL: 2133 if (stcb == NULL) { 2134 return; 2135 } 2136 tmr = &stcb->asoc.strreset_timer; 2137 to_ticks = MSEC_TO_TICKS(SCTP_ASOC_KILL_TIMEOUT); 2138 break; 2139 case SCTP_TIMER_TYPE_INPKILL: 2140 /* 2141 * The inp is setup to die. We re-use the signature_chage 2142 * timer since that has stopped and we are in the GONE 2143 * state. 2144 */ 2145 tmr = &inp->sctp_ep.signature_change; 2146 to_ticks = MSEC_TO_TICKS(SCTP_INP_KILL_TIMEOUT); 2147 break; 2148 case SCTP_TIMER_TYPE_PATHMTURAISE: 2149 /* 2150 * Here we use the value found in the EP for PMTU ususually 2151 * about 10 minutes. 2152 */ 2153 if ((stcb == NULL) || (net == NULL)) { 2154 return; 2155 } 2156 if (net->dest_state & SCTP_ADDR_NO_PMTUD) { 2157 return; 2158 } 2159 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_PMTU]; 2160 tmr = &net->pmtu_timer; 2161 break; 2162 case SCTP_TIMER_TYPE_SHUTDOWNACK: 2163 /* Here we use the RTO of the destination */ 2164 if ((stcb == NULL) || (net == NULL)) { 2165 return; 2166 } 2167 if (net->RTO == 0) { 2168 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2169 } else { 2170 to_ticks = MSEC_TO_TICKS(net->RTO); 2171 } 2172 tmr = &net->rxt_timer; 2173 break; 2174 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 2175 /* 2176 * Here we use the endpoints shutdown guard timer usually 2177 * about 3 minutes. 2178 */ 2179 if (stcb == NULL) { 2180 return; 2181 } 2182 if (inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN] == 0) { 2183 to_ticks = 5 * MSEC_TO_TICKS(stcb->asoc.maxrto); 2184 } else { 2185 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN]; 2186 } 2187 tmr = &stcb->asoc.shut_guard_timer; 2188 break; 2189 case SCTP_TIMER_TYPE_STRRESET: 2190 /* 2191 * Here the timer comes from the stcb but its value is from 2192 * the net's RTO. 2193 */ 2194 if ((stcb == NULL) || (net == NULL)) { 2195 return; 2196 } 2197 if (net->RTO == 0) { 2198 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2199 } else { 2200 to_ticks = MSEC_TO_TICKS(net->RTO); 2201 } 2202 tmr = &stcb->asoc.strreset_timer; 2203 break; 2204 case SCTP_TIMER_TYPE_ASCONF: 2205 /* 2206 * Here the timer comes from the stcb but its value is from 2207 * the net's RTO. 2208 */ 2209 if ((stcb == NULL) || (net == NULL)) { 2210 return; 2211 } 2212 if (net->RTO == 0) { 2213 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2214 } else { 2215 to_ticks = MSEC_TO_TICKS(net->RTO); 2216 } 2217 tmr = &stcb->asoc.asconf_timer; 2218 break; 2219 case SCTP_TIMER_TYPE_PRIM_DELETED: 2220 if ((stcb == NULL) || (net != NULL)) { 2221 return; 2222 } 2223 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2224 tmr = &stcb->asoc.delete_prim_timer; 2225 break; 2226 case SCTP_TIMER_TYPE_AUTOCLOSE: 2227 if (stcb == NULL) { 2228 return; 2229 } 2230 if (stcb->asoc.sctp_autoclose_ticks == 0) { 2231 /* 2232 * Really an error since stcb is NOT set to 2233 * autoclose 2234 */ 2235 return; 2236 } 2237 to_ticks = stcb->asoc.sctp_autoclose_ticks; 2238 tmr = &stcb->asoc.autoclose_timer; 2239 break; 2240 default: 2241 SCTPDBG(SCTP_DEBUG_TIMER1, "%s: Unknown timer type %d\n", 2242 __func__, t_type); 2243 return; 2244 break; 2245 } 2246 if ((to_ticks <= 0) || (tmr == NULL)) { 2247 SCTPDBG(SCTP_DEBUG_TIMER1, "%s: %d:software error to_ticks:%d tmr:%p not set ??\n", 2248 __func__, t_type, to_ticks, (void *)tmr); 2249 return; 2250 } 2251 if (SCTP_OS_TIMER_PENDING(&tmr->timer)) { 2252 /* 2253 * we do NOT allow you to have it already running. if it is 2254 * we leave the current one up unchanged 2255 */ 2256 return; 2257 } 2258 /* At this point we can proceed */ 2259 if (t_type == SCTP_TIMER_TYPE_SEND) { 2260 stcb->asoc.num_send_timers_up++; 2261 } 2262 tmr->stopped_from = 0; 2263 tmr->type = t_type; 2264 tmr->ep = (void *)inp; 2265 tmr->tcb = (void *)stcb; 2266 tmr->net = (void *)net; 2267 tmr->self = (void *)tmr; 2268 tmr->vnet = (void *)curvnet; 2269 tmr->ticks = sctp_get_tick_count(); 2270 (void)SCTP_OS_TIMER_START(&tmr->timer, to_ticks, sctp_timeout_handler, tmr); 2271 return; 2272 } 2273 2274 void 2275 sctp_timer_stop(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 2276 struct sctp_nets *net, uint32_t from) 2277 { 2278 struct sctp_timer *tmr; 2279 2280 if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && 2281 (inp == NULL)) 2282 return; 2283 2284 tmr = NULL; 2285 if (stcb) { 2286 SCTP_TCB_LOCK_ASSERT(stcb); 2287 } 2288 switch (t_type) { 2289 case SCTP_TIMER_TYPE_ADDR_WQ: 2290 tmr = &SCTP_BASE_INFO(addr_wq_timer); 2291 break; 2292 case SCTP_TIMER_TYPE_SEND: 2293 if ((stcb == NULL) || (net == NULL)) { 2294 return; 2295 } 2296 tmr = &net->rxt_timer; 2297 break; 2298 case SCTP_TIMER_TYPE_INIT: 2299 if ((stcb == NULL) || (net == NULL)) { 2300 return; 2301 } 2302 tmr = &net->rxt_timer; 2303 break; 2304 case SCTP_TIMER_TYPE_RECV: 2305 if (stcb == NULL) { 2306 return; 2307 } 2308 tmr = &stcb->asoc.dack_timer; 2309 break; 2310 case SCTP_TIMER_TYPE_SHUTDOWN: 2311 if ((stcb == NULL) || (net == NULL)) { 2312 return; 2313 } 2314 tmr = &net->rxt_timer; 2315 break; 2316 case SCTP_TIMER_TYPE_HEARTBEAT: 2317 if ((stcb == NULL) || (net == NULL)) { 2318 return; 2319 } 2320 tmr = &net->hb_timer; 2321 break; 2322 case SCTP_TIMER_TYPE_COOKIE: 2323 if ((stcb == NULL) || (net == NULL)) { 2324 return; 2325 } 2326 tmr = &net->rxt_timer; 2327 break; 2328 case SCTP_TIMER_TYPE_NEWCOOKIE: 2329 /* nothing needed but the endpoint here */ 2330 tmr = &inp->sctp_ep.signature_change; 2331 /* 2332 * We re-use the newcookie timer for the INP kill timer. We 2333 * must assure that we do not kill it by accident. 2334 */ 2335 break; 2336 case SCTP_TIMER_TYPE_ASOCKILL: 2337 /* 2338 * Stop the asoc kill timer. 2339 */ 2340 if (stcb == NULL) { 2341 return; 2342 } 2343 tmr = &stcb->asoc.strreset_timer; 2344 break; 2345 2346 case SCTP_TIMER_TYPE_INPKILL: 2347 /* 2348 * The inp is setup to die. We re-use the signature_chage 2349 * timer since that has stopped and we are in the GONE 2350 * state. 2351 */ 2352 tmr = &inp->sctp_ep.signature_change; 2353 break; 2354 case SCTP_TIMER_TYPE_PATHMTURAISE: 2355 if ((stcb == NULL) || (net == NULL)) { 2356 return; 2357 } 2358 tmr = &net->pmtu_timer; 2359 break; 2360 case SCTP_TIMER_TYPE_SHUTDOWNACK: 2361 if ((stcb == NULL) || (net == NULL)) { 2362 return; 2363 } 2364 tmr = &net->rxt_timer; 2365 break; 2366 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 2367 if (stcb == NULL) { 2368 return; 2369 } 2370 tmr = &stcb->asoc.shut_guard_timer; 2371 break; 2372 case SCTP_TIMER_TYPE_STRRESET: 2373 if (stcb == NULL) { 2374 return; 2375 } 2376 tmr = &stcb->asoc.strreset_timer; 2377 break; 2378 case SCTP_TIMER_TYPE_ASCONF: 2379 if (stcb == NULL) { 2380 return; 2381 } 2382 tmr = &stcb->asoc.asconf_timer; 2383 break; 2384 case SCTP_TIMER_TYPE_PRIM_DELETED: 2385 if (stcb == NULL) { 2386 return; 2387 } 2388 tmr = &stcb->asoc.delete_prim_timer; 2389 break; 2390 case SCTP_TIMER_TYPE_AUTOCLOSE: 2391 if (stcb == NULL) { 2392 return; 2393 } 2394 tmr = &stcb->asoc.autoclose_timer; 2395 break; 2396 default: 2397 SCTPDBG(SCTP_DEBUG_TIMER1, "%s: Unknown timer type %d\n", 2398 __func__, t_type); 2399 break; 2400 } 2401 if (tmr == NULL) { 2402 return; 2403 } 2404 if ((tmr->type != t_type) && tmr->type) { 2405 /* 2406 * Ok we have a timer that is under joint use. Cookie timer 2407 * per chance with the SEND timer. We therefore are NOT 2408 * running the timer that the caller wants stopped. So just 2409 * return. 2410 */ 2411 return; 2412 } 2413 if ((t_type == SCTP_TIMER_TYPE_SEND) && (stcb != NULL)) { 2414 stcb->asoc.num_send_timers_up--; 2415 if (stcb->asoc.num_send_timers_up < 0) { 2416 stcb->asoc.num_send_timers_up = 0; 2417 } 2418 } 2419 tmr->self = NULL; 2420 tmr->stopped_from = from; 2421 (void)SCTP_OS_TIMER_STOP(&tmr->timer); 2422 return; 2423 } 2424 2425 uint32_t 2426 sctp_calculate_len(struct mbuf *m) 2427 { 2428 uint32_t tlen = 0; 2429 struct mbuf *at; 2430 2431 at = m; 2432 while (at) { 2433 tlen += SCTP_BUF_LEN(at); 2434 at = SCTP_BUF_NEXT(at); 2435 } 2436 return (tlen); 2437 } 2438 2439 void 2440 sctp_mtu_size_reset(struct sctp_inpcb *inp, 2441 struct sctp_association *asoc, uint32_t mtu) 2442 { 2443 /* 2444 * Reset the P-MTU size on this association, this involves changing 2445 * the asoc MTU, going through ANY chunk+overhead larger than mtu to 2446 * allow the DF flag to be cleared. 2447 */ 2448 struct sctp_tmit_chunk *chk; 2449 unsigned int eff_mtu, ovh; 2450 2451 asoc->smallest_mtu = mtu; 2452 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 2453 ovh = SCTP_MIN_OVERHEAD; 2454 } else { 2455 ovh = SCTP_MIN_V4_OVERHEAD; 2456 } 2457 eff_mtu = mtu - ovh; 2458 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 2459 if (chk->send_size > eff_mtu) { 2460 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2461 } 2462 } 2463 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 2464 if (chk->send_size > eff_mtu) { 2465 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2466 } 2467 } 2468 } 2469 2470 2471 /* 2472 * given an association and starting time of the current RTT period return 2473 * RTO in number of msecs net should point to the current network 2474 */ 2475 2476 uint32_t 2477 sctp_calculate_rto(struct sctp_tcb *stcb, 2478 struct sctp_association *asoc, 2479 struct sctp_nets *net, 2480 struct timeval *old, 2481 int rtt_from_sack) 2482 { 2483 /*- 2484 * given an association and the starting time of the current RTT 2485 * period (in value1/value2) return RTO in number of msecs. 2486 */ 2487 int32_t rtt; /* RTT in ms */ 2488 uint32_t new_rto; 2489 int first_measure = 0; 2490 struct timeval now; 2491 2492 /************************/ 2493 /* 1. calculate new RTT */ 2494 /************************/ 2495 /* get the current time */ 2496 if (stcb->asoc.use_precise_time) { 2497 (void)SCTP_GETPTIME_TIMEVAL(&now); 2498 } else { 2499 (void)SCTP_GETTIME_TIMEVAL(&now); 2500 } 2501 timevalsub(&now, old); 2502 /* store the current RTT in us */ 2503 net->rtt = (uint64_t)1000000 * (uint64_t)now.tv_sec + 2504 (uint64_t)now.tv_usec; 2505 /* compute rtt in ms */ 2506 rtt = (int32_t)(net->rtt / 1000); 2507 if ((asoc->cc_functions.sctp_rtt_calculated) && (rtt_from_sack == SCTP_RTT_FROM_DATA)) { 2508 /* 2509 * Tell the CC module that a new update has just occurred 2510 * from a sack 2511 */ 2512 (*asoc->cc_functions.sctp_rtt_calculated) (stcb, net, &now); 2513 } 2514 /* 2515 * Do we need to determine the lan? We do this only on sacks i.e. 2516 * RTT being determined from data not non-data (HB/INIT->INITACK). 2517 */ 2518 if ((rtt_from_sack == SCTP_RTT_FROM_DATA) && 2519 (net->lan_type == SCTP_LAN_UNKNOWN)) { 2520 if (net->rtt > SCTP_LOCAL_LAN_RTT) { 2521 net->lan_type = SCTP_LAN_INTERNET; 2522 } else { 2523 net->lan_type = SCTP_LAN_LOCAL; 2524 } 2525 } 2526 2527 /***************************/ 2528 /* 2. update RTTVAR & SRTT */ 2529 /***************************/ 2530 /*- 2531 * Compute the scaled average lastsa and the 2532 * scaled variance lastsv as described in van Jacobson 2533 * Paper "Congestion Avoidance and Control", Annex A. 2534 * 2535 * (net->lastsa >> SCTP_RTT_SHIFT) is the srtt 2536 * (net->lastsa >> SCTP_RTT_VAR_SHIFT) is the rttvar 2537 */ 2538 if (net->RTO_measured) { 2539 rtt -= (net->lastsa >> SCTP_RTT_SHIFT); 2540 net->lastsa += rtt; 2541 if (rtt < 0) { 2542 rtt = -rtt; 2543 } 2544 rtt -= (net->lastsv >> SCTP_RTT_VAR_SHIFT); 2545 net->lastsv += rtt; 2546 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RTTVAR_LOGGING_ENABLE) { 2547 rto_logging(net, SCTP_LOG_RTTVAR); 2548 } 2549 } else { 2550 /* First RTO measurment */ 2551 net->RTO_measured = 1; 2552 first_measure = 1; 2553 net->lastsa = rtt << SCTP_RTT_SHIFT; 2554 net->lastsv = (rtt / 2) << SCTP_RTT_VAR_SHIFT; 2555 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RTTVAR_LOGGING_ENABLE) { 2556 rto_logging(net, SCTP_LOG_INITIAL_RTT); 2557 } 2558 } 2559 if (net->lastsv == 0) { 2560 net->lastsv = SCTP_CLOCK_GRANULARITY; 2561 } 2562 new_rto = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv; 2563 if ((new_rto > SCTP_SAT_NETWORK_MIN) && 2564 (stcb->asoc.sat_network_lockout == 0)) { 2565 stcb->asoc.sat_network = 1; 2566 } else if ((!first_measure) && stcb->asoc.sat_network) { 2567 stcb->asoc.sat_network = 0; 2568 stcb->asoc.sat_network_lockout = 1; 2569 } 2570 /* bound it, per C6/C7 in Section 5.3.1 */ 2571 if (new_rto < stcb->asoc.minrto) { 2572 new_rto = stcb->asoc.minrto; 2573 } 2574 if (new_rto > stcb->asoc.maxrto) { 2575 new_rto = stcb->asoc.maxrto; 2576 } 2577 /* we are now returning the RTO */ 2578 return (new_rto); 2579 } 2580 2581 /* 2582 * return a pointer to a contiguous piece of data from the given mbuf chain 2583 * starting at 'off' for 'len' bytes. If the desired piece spans more than 2584 * one mbuf, a copy is made at 'ptr'. caller must ensure that the buffer size 2585 * is >= 'len' returns NULL if there there isn't 'len' bytes in the chain. 2586 */ 2587 caddr_t 2588 sctp_m_getptr(struct mbuf *m, int off, int len, uint8_t *in_ptr) 2589 { 2590 uint32_t count; 2591 uint8_t *ptr; 2592 2593 ptr = in_ptr; 2594 if ((off < 0) || (len <= 0)) 2595 return (NULL); 2596 2597 /* find the desired start location */ 2598 while ((m != NULL) && (off > 0)) { 2599 if (off < SCTP_BUF_LEN(m)) 2600 break; 2601 off -= SCTP_BUF_LEN(m); 2602 m = SCTP_BUF_NEXT(m); 2603 } 2604 if (m == NULL) 2605 return (NULL); 2606 2607 /* is the current mbuf large enough (eg. contiguous)? */ 2608 if ((SCTP_BUF_LEN(m) - off) >= len) { 2609 return (mtod(m, caddr_t)+off); 2610 } else { 2611 /* else, it spans more than one mbuf, so save a temp copy... */ 2612 while ((m != NULL) && (len > 0)) { 2613 count = min(SCTP_BUF_LEN(m) - off, len); 2614 memcpy(ptr, mtod(m, caddr_t)+off, count); 2615 len -= count; 2616 ptr += count; 2617 off = 0; 2618 m = SCTP_BUF_NEXT(m); 2619 } 2620 if ((m == NULL) && (len > 0)) 2621 return (NULL); 2622 else 2623 return ((caddr_t)in_ptr); 2624 } 2625 } 2626 2627 2628 2629 struct sctp_paramhdr * 2630 sctp_get_next_param(struct mbuf *m, 2631 int offset, 2632 struct sctp_paramhdr *pull, 2633 int pull_limit) 2634 { 2635 /* This just provides a typed signature to Peter's Pull routine */ 2636 return ((struct sctp_paramhdr *)sctp_m_getptr(m, offset, pull_limit, 2637 (uint8_t *)pull)); 2638 } 2639 2640 2641 struct mbuf * 2642 sctp_add_pad_tombuf(struct mbuf *m, int padlen) 2643 { 2644 struct mbuf *m_last; 2645 caddr_t dp; 2646 2647 if (padlen > 3) { 2648 return (NULL); 2649 } 2650 if (padlen <= M_TRAILINGSPACE(m)) { 2651 /* 2652 * The easy way. We hope the majority of the time we hit 2653 * here :) 2654 */ 2655 m_last = m; 2656 } else { 2657 /* Hard way we must grow the mbuf chain */ 2658 m_last = sctp_get_mbuf_for_msg(padlen, 0, M_NOWAIT, 1, MT_DATA); 2659 if (m_last == NULL) { 2660 return (NULL); 2661 } 2662 SCTP_BUF_LEN(m_last) = 0; 2663 SCTP_BUF_NEXT(m_last) = NULL; 2664 SCTP_BUF_NEXT(m) = m_last; 2665 } 2666 dp = mtod(m_last, caddr_t)+SCTP_BUF_LEN(m_last); 2667 SCTP_BUF_LEN(m_last) += padlen; 2668 memset(dp, 0, padlen); 2669 return (m_last); 2670 } 2671 2672 struct mbuf * 2673 sctp_pad_lastmbuf(struct mbuf *m, int padval, struct mbuf *last_mbuf) 2674 { 2675 /* find the last mbuf in chain and pad it */ 2676 struct mbuf *m_at; 2677 2678 if (last_mbuf != NULL) { 2679 return (sctp_add_pad_tombuf(last_mbuf, padval)); 2680 } else { 2681 for (m_at = m; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 2682 if (SCTP_BUF_NEXT(m_at) == NULL) { 2683 return (sctp_add_pad_tombuf(m_at, padval)); 2684 } 2685 } 2686 } 2687 return (NULL); 2688 } 2689 2690 static void 2691 sctp_notify_assoc_change(uint16_t state, struct sctp_tcb *stcb, 2692 uint16_t error, struct sctp_abort_chunk *abort, uint8_t from_peer, int so_locked 2693 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 2694 SCTP_UNUSED 2695 #endif 2696 ) 2697 { 2698 struct mbuf *m_notify; 2699 struct sctp_assoc_change *sac; 2700 struct sctp_queued_to_read *control; 2701 unsigned int notif_len; 2702 uint16_t abort_len; 2703 unsigned int i; 2704 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2705 struct socket *so; 2706 #endif 2707 2708 if (stcb == NULL) { 2709 return; 2710 } 2711 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVASSOCEVNT)) { 2712 notif_len = (unsigned int)sizeof(struct sctp_assoc_change); 2713 if (abort != NULL) { 2714 abort_len = ntohs(abort->ch.chunk_length); 2715 /* 2716 * Only SCTP_CHUNK_BUFFER_SIZE are guaranteed to be 2717 * contiguous. 2718 */ 2719 if (abort_len > SCTP_CHUNK_BUFFER_SIZE) { 2720 abort_len = SCTP_CHUNK_BUFFER_SIZE; 2721 } 2722 } else { 2723 abort_len = 0; 2724 } 2725 if ((state == SCTP_COMM_UP) || (state == SCTP_RESTART)) { 2726 notif_len += SCTP_ASSOC_SUPPORTS_MAX; 2727 } else if ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC)) { 2728 notif_len += abort_len; 2729 } 2730 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 2731 if (m_notify == NULL) { 2732 /* Retry with smaller value. */ 2733 notif_len = (unsigned int)sizeof(struct sctp_assoc_change); 2734 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 2735 if (m_notify == NULL) { 2736 goto set_error; 2737 } 2738 } 2739 SCTP_BUF_NEXT(m_notify) = NULL; 2740 sac = mtod(m_notify, struct sctp_assoc_change *); 2741 memset(sac, 0, notif_len); 2742 sac->sac_type = SCTP_ASSOC_CHANGE; 2743 sac->sac_flags = 0; 2744 sac->sac_length = sizeof(struct sctp_assoc_change); 2745 sac->sac_state = state; 2746 sac->sac_error = error; 2747 /* XXX verify these stream counts */ 2748 sac->sac_outbound_streams = stcb->asoc.streamoutcnt; 2749 sac->sac_inbound_streams = stcb->asoc.streamincnt; 2750 sac->sac_assoc_id = sctp_get_associd(stcb); 2751 if (notif_len > sizeof(struct sctp_assoc_change)) { 2752 if ((state == SCTP_COMM_UP) || (state == SCTP_RESTART)) { 2753 i = 0; 2754 if (stcb->asoc.prsctp_supported == 1) { 2755 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_PR; 2756 } 2757 if (stcb->asoc.auth_supported == 1) { 2758 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_AUTH; 2759 } 2760 if (stcb->asoc.asconf_supported == 1) { 2761 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_ASCONF; 2762 } 2763 if (stcb->asoc.idata_supported == 1) { 2764 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_INTERLEAVING; 2765 } 2766 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_MULTIBUF; 2767 if (stcb->asoc.reconfig_supported == 1) { 2768 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_RE_CONFIG; 2769 } 2770 sac->sac_length += i; 2771 } else if ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC)) { 2772 memcpy(sac->sac_info, abort, abort_len); 2773 sac->sac_length += abort_len; 2774 } 2775 } 2776 SCTP_BUF_LEN(m_notify) = sac->sac_length; 2777 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2778 0, 0, stcb->asoc.context, 0, 0, 0, 2779 m_notify); 2780 if (control != NULL) { 2781 control->length = SCTP_BUF_LEN(m_notify); 2782 control->spec_flags = M_NOTIFICATION; 2783 /* not that we need this */ 2784 control->tail_mbuf = m_notify; 2785 sctp_add_to_readq(stcb->sctp_ep, stcb, 2786 control, 2787 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, 2788 so_locked); 2789 } else { 2790 sctp_m_freem(m_notify); 2791 } 2792 } 2793 /* 2794 * For 1-to-1 style sockets, we send up and error when an ABORT 2795 * comes in. 2796 */ 2797 set_error: 2798 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 2799 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && 2800 ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC))) { 2801 SOCK_LOCK(stcb->sctp_socket); 2802 if (from_peer) { 2803 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) { 2804 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNREFUSED); 2805 stcb->sctp_socket->so_error = ECONNREFUSED; 2806 } else { 2807 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNRESET); 2808 stcb->sctp_socket->so_error = ECONNRESET; 2809 } 2810 } else { 2811 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 2812 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 2813 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ETIMEDOUT); 2814 stcb->sctp_socket->so_error = ETIMEDOUT; 2815 } else { 2816 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNABORTED); 2817 stcb->sctp_socket->so_error = ECONNABORTED; 2818 } 2819 } 2820 SOCK_UNLOCK(stcb->sctp_socket); 2821 } 2822 /* Wake ANY sleepers */ 2823 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2824 so = SCTP_INP_SO(stcb->sctp_ep); 2825 if (!so_locked) { 2826 atomic_add_int(&stcb->asoc.refcnt, 1); 2827 SCTP_TCB_UNLOCK(stcb); 2828 SCTP_SOCKET_LOCK(so, 1); 2829 SCTP_TCB_LOCK(stcb); 2830 atomic_subtract_int(&stcb->asoc.refcnt, 1); 2831 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 2832 SCTP_SOCKET_UNLOCK(so, 1); 2833 return; 2834 } 2835 } 2836 #endif 2837 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 2838 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && 2839 ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC))) { 2840 socantrcvmore(stcb->sctp_socket); 2841 } 2842 sorwakeup(stcb->sctp_socket); 2843 sowwakeup(stcb->sctp_socket); 2844 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2845 if (!so_locked) { 2846 SCTP_SOCKET_UNLOCK(so, 1); 2847 } 2848 #endif 2849 } 2850 2851 static void 2852 sctp_notify_peer_addr_change(struct sctp_tcb *stcb, uint32_t state, 2853 struct sockaddr *sa, uint32_t error, int so_locked 2854 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 2855 SCTP_UNUSED 2856 #endif 2857 ) 2858 { 2859 struct mbuf *m_notify; 2860 struct sctp_paddr_change *spc; 2861 struct sctp_queued_to_read *control; 2862 2863 if ((stcb == NULL) || 2864 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVPADDREVNT)) { 2865 /* event not enabled */ 2866 return; 2867 } 2868 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_paddr_change), 0, M_NOWAIT, 1, MT_DATA); 2869 if (m_notify == NULL) 2870 return; 2871 SCTP_BUF_LEN(m_notify) = 0; 2872 spc = mtod(m_notify, struct sctp_paddr_change *); 2873 memset(spc, 0, sizeof(struct sctp_paddr_change)); 2874 spc->spc_type = SCTP_PEER_ADDR_CHANGE; 2875 spc->spc_flags = 0; 2876 spc->spc_length = sizeof(struct sctp_paddr_change); 2877 switch (sa->sa_family) { 2878 #ifdef INET 2879 case AF_INET: 2880 #ifdef INET6 2881 if (sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_NEEDS_MAPPED_V4)) { 2882 in6_sin_2_v4mapsin6((struct sockaddr_in *)sa, 2883 (struct sockaddr_in6 *)&spc->spc_aaddr); 2884 } else { 2885 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in)); 2886 } 2887 #else 2888 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in)); 2889 #endif 2890 break; 2891 #endif 2892 #ifdef INET6 2893 case AF_INET6: 2894 { 2895 struct sockaddr_in6 *sin6; 2896 2897 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in6)); 2898 2899 sin6 = (struct sockaddr_in6 *)&spc->spc_aaddr; 2900 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) { 2901 if (sin6->sin6_scope_id == 0) { 2902 /* recover scope_id for user */ 2903 (void)sa6_recoverscope(sin6); 2904 } else { 2905 /* clear embedded scope_id for user */ 2906 in6_clearscope(&sin6->sin6_addr); 2907 } 2908 } 2909 break; 2910 } 2911 #endif 2912 default: 2913 /* TSNH */ 2914 break; 2915 } 2916 spc->spc_state = state; 2917 spc->spc_error = error; 2918 spc->spc_assoc_id = sctp_get_associd(stcb); 2919 2920 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_paddr_change); 2921 SCTP_BUF_NEXT(m_notify) = NULL; 2922 2923 /* append to socket */ 2924 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2925 0, 0, stcb->asoc.context, 0, 0, 0, 2926 m_notify); 2927 if (control == NULL) { 2928 /* no memory */ 2929 sctp_m_freem(m_notify); 2930 return; 2931 } 2932 control->length = SCTP_BUF_LEN(m_notify); 2933 control->spec_flags = M_NOTIFICATION; 2934 /* not that we need this */ 2935 control->tail_mbuf = m_notify; 2936 sctp_add_to_readq(stcb->sctp_ep, stcb, 2937 control, 2938 &stcb->sctp_socket->so_rcv, 1, 2939 SCTP_READ_LOCK_NOT_HELD, 2940 so_locked); 2941 } 2942 2943 2944 static void 2945 sctp_notify_send_failed(struct sctp_tcb *stcb, uint8_t sent, uint32_t error, 2946 struct sctp_tmit_chunk *chk, int so_locked 2947 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 2948 SCTP_UNUSED 2949 #endif 2950 ) 2951 { 2952 struct mbuf *m_notify; 2953 struct sctp_send_failed *ssf; 2954 struct sctp_send_failed_event *ssfe; 2955 struct sctp_queued_to_read *control; 2956 struct sctp_chunkhdr *chkhdr; 2957 int notifhdr_len, chk_len, chkhdr_len, padding_len, payload_len; 2958 2959 if ((stcb == NULL) || 2960 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSENDFAILEVNT) && 2961 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT))) { 2962 /* event not enabled */ 2963 return; 2964 } 2965 2966 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 2967 notifhdr_len = sizeof(struct sctp_send_failed_event); 2968 } else { 2969 notifhdr_len = sizeof(struct sctp_send_failed); 2970 } 2971 m_notify = sctp_get_mbuf_for_msg(notifhdr_len, 0, M_NOWAIT, 1, MT_DATA); 2972 if (m_notify == NULL) 2973 /* no space left */ 2974 return; 2975 SCTP_BUF_LEN(m_notify) = notifhdr_len; 2976 if (stcb->asoc.idata_supported) { 2977 chkhdr_len = sizeof(struct sctp_idata_chunk); 2978 } else { 2979 chkhdr_len = sizeof(struct sctp_data_chunk); 2980 } 2981 /* Use some defaults in case we can't access the chunk header */ 2982 if (chk->send_size >= chkhdr_len) { 2983 payload_len = chk->send_size - chkhdr_len; 2984 } else { 2985 payload_len = 0; 2986 } 2987 padding_len = 0; 2988 if (chk->data != NULL) { 2989 chkhdr = mtod(chk->data, struct sctp_chunkhdr *); 2990 if (chkhdr != NULL) { 2991 chk_len = ntohs(chkhdr->chunk_length); 2992 if ((chk_len >= chkhdr_len) && 2993 (chk->send_size >= chk_len) && 2994 (chk->send_size - chk_len < 4)) { 2995 padding_len = chk->send_size - chk_len; 2996 payload_len = chk->send_size - chkhdr_len - padding_len; 2997 } 2998 } 2999 } 3000 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3001 ssfe = mtod(m_notify, struct sctp_send_failed_event *); 3002 memset(ssfe, 0, notifhdr_len); 3003 ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; 3004 if (sent) { 3005 ssfe->ssfe_flags = SCTP_DATA_SENT; 3006 } else { 3007 ssfe->ssfe_flags = SCTP_DATA_UNSENT; 3008 } 3009 ssfe->ssfe_length = (uint32_t)(notifhdr_len + payload_len); 3010 ssfe->ssfe_error = error; 3011 /* not exactly what the user sent in, but should be close :) */ 3012 ssfe->ssfe_info.snd_sid = chk->rec.data.sid; 3013 ssfe->ssfe_info.snd_flags = chk->rec.data.rcv_flags; 3014 ssfe->ssfe_info.snd_ppid = chk->rec.data.ppid; 3015 ssfe->ssfe_info.snd_context = chk->rec.data.context; 3016 ssfe->ssfe_info.snd_assoc_id = sctp_get_associd(stcb); 3017 ssfe->ssfe_assoc_id = sctp_get_associd(stcb); 3018 } else { 3019 ssf = mtod(m_notify, struct sctp_send_failed *); 3020 memset(ssf, 0, notifhdr_len); 3021 ssf->ssf_type = SCTP_SEND_FAILED; 3022 if (sent) { 3023 ssf->ssf_flags = SCTP_DATA_SENT; 3024 } else { 3025 ssf->ssf_flags = SCTP_DATA_UNSENT; 3026 } 3027 ssf->ssf_length = (uint32_t)(notifhdr_len + payload_len); 3028 ssf->ssf_error = error; 3029 /* not exactly what the user sent in, but should be close :) */ 3030 ssf->ssf_info.sinfo_stream = chk->rec.data.sid; 3031 ssf->ssf_info.sinfo_ssn = (uint16_t)chk->rec.data.mid; 3032 ssf->ssf_info.sinfo_flags = chk->rec.data.rcv_flags; 3033 ssf->ssf_info.sinfo_ppid = chk->rec.data.ppid; 3034 ssf->ssf_info.sinfo_context = chk->rec.data.context; 3035 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 3036 ssf->ssf_assoc_id = sctp_get_associd(stcb); 3037 } 3038 if (chk->data != NULL) { 3039 /* Trim off the sctp chunk header (it should be there) */ 3040 if (chk->send_size == chkhdr_len + payload_len + padding_len) { 3041 m_adj(chk->data, chkhdr_len); 3042 m_adj(chk->data, -padding_len); 3043 sctp_mbuf_crush(chk->data); 3044 chk->send_size -= (chkhdr_len + padding_len); 3045 } 3046 } 3047 SCTP_BUF_NEXT(m_notify) = chk->data; 3048 /* Steal off the mbuf */ 3049 chk->data = NULL; 3050 /* 3051 * For this case, we check the actual socket buffer, since the assoc 3052 * is going away we don't want to overfill the socket buffer for a 3053 * non-reader 3054 */ 3055 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3056 sctp_m_freem(m_notify); 3057 return; 3058 } 3059 /* append to socket */ 3060 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3061 0, 0, stcb->asoc.context, 0, 0, 0, 3062 m_notify); 3063 if (control == NULL) { 3064 /* no memory */ 3065 sctp_m_freem(m_notify); 3066 return; 3067 } 3068 control->length = SCTP_BUF_LEN(m_notify); 3069 control->spec_flags = M_NOTIFICATION; 3070 /* not that we need this */ 3071 control->tail_mbuf = m_notify; 3072 sctp_add_to_readq(stcb->sctp_ep, stcb, 3073 control, 3074 &stcb->sctp_socket->so_rcv, 1, 3075 SCTP_READ_LOCK_NOT_HELD, 3076 so_locked); 3077 } 3078 3079 3080 static void 3081 sctp_notify_send_failed2(struct sctp_tcb *stcb, uint32_t error, 3082 struct sctp_stream_queue_pending *sp, int so_locked 3083 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3084 SCTP_UNUSED 3085 #endif 3086 ) 3087 { 3088 struct mbuf *m_notify; 3089 struct sctp_send_failed *ssf; 3090 struct sctp_send_failed_event *ssfe; 3091 struct sctp_queued_to_read *control; 3092 int notifhdr_len; 3093 3094 if ((stcb == NULL) || 3095 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSENDFAILEVNT) && 3096 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT))) { 3097 /* event not enabled */ 3098 return; 3099 } 3100 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3101 notifhdr_len = sizeof(struct sctp_send_failed_event); 3102 } else { 3103 notifhdr_len = sizeof(struct sctp_send_failed); 3104 } 3105 m_notify = sctp_get_mbuf_for_msg(notifhdr_len, 0, M_NOWAIT, 1, MT_DATA); 3106 if (m_notify == NULL) { 3107 /* no space left */ 3108 return; 3109 } 3110 SCTP_BUF_LEN(m_notify) = notifhdr_len; 3111 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3112 ssfe = mtod(m_notify, struct sctp_send_failed_event *); 3113 memset(ssfe, 0, notifhdr_len); 3114 ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; 3115 ssfe->ssfe_flags = SCTP_DATA_UNSENT; 3116 ssfe->ssfe_length = (uint32_t)(notifhdr_len + sp->length); 3117 ssfe->ssfe_error = error; 3118 /* not exactly what the user sent in, but should be close :) */ 3119 ssfe->ssfe_info.snd_sid = sp->sid; 3120 if (sp->some_taken) { 3121 ssfe->ssfe_info.snd_flags = SCTP_DATA_LAST_FRAG; 3122 } else { 3123 ssfe->ssfe_info.snd_flags = SCTP_DATA_NOT_FRAG; 3124 } 3125 ssfe->ssfe_info.snd_ppid = sp->ppid; 3126 ssfe->ssfe_info.snd_context = sp->context; 3127 ssfe->ssfe_info.snd_assoc_id = sctp_get_associd(stcb); 3128 ssfe->ssfe_assoc_id = sctp_get_associd(stcb); 3129 } else { 3130 ssf = mtod(m_notify, struct sctp_send_failed *); 3131 memset(ssf, 0, notifhdr_len); 3132 ssf->ssf_type = SCTP_SEND_FAILED; 3133 ssf->ssf_flags = SCTP_DATA_UNSENT; 3134 ssf->ssf_length = (uint32_t)(notifhdr_len + sp->length); 3135 ssf->ssf_error = error; 3136 /* not exactly what the user sent in, but should be close :) */ 3137 ssf->ssf_info.sinfo_stream = sp->sid; 3138 ssf->ssf_info.sinfo_ssn = 0; 3139 if (sp->some_taken) { 3140 ssf->ssf_info.sinfo_flags = SCTP_DATA_LAST_FRAG; 3141 } else { 3142 ssf->ssf_info.sinfo_flags = SCTP_DATA_NOT_FRAG; 3143 } 3144 ssf->ssf_info.sinfo_ppid = sp->ppid; 3145 ssf->ssf_info.sinfo_context = sp->context; 3146 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 3147 ssf->ssf_assoc_id = sctp_get_associd(stcb); 3148 } 3149 SCTP_BUF_NEXT(m_notify) = sp->data; 3150 3151 /* Steal off the mbuf */ 3152 sp->data = NULL; 3153 /* 3154 * For this case, we check the actual socket buffer, since the assoc 3155 * is going away we don't want to overfill the socket buffer for a 3156 * non-reader 3157 */ 3158 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3159 sctp_m_freem(m_notify); 3160 return; 3161 } 3162 /* append to socket */ 3163 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3164 0, 0, stcb->asoc.context, 0, 0, 0, 3165 m_notify); 3166 if (control == NULL) { 3167 /* no memory */ 3168 sctp_m_freem(m_notify); 3169 return; 3170 } 3171 control->length = SCTP_BUF_LEN(m_notify); 3172 control->spec_flags = M_NOTIFICATION; 3173 /* not that we need this */ 3174 control->tail_mbuf = m_notify; 3175 sctp_add_to_readq(stcb->sctp_ep, stcb, 3176 control, 3177 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); 3178 } 3179 3180 3181 3182 static void 3183 sctp_notify_adaptation_layer(struct sctp_tcb *stcb) 3184 { 3185 struct mbuf *m_notify; 3186 struct sctp_adaptation_event *sai; 3187 struct sctp_queued_to_read *control; 3188 3189 if ((stcb == NULL) || 3190 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ADAPTATIONEVNT)) { 3191 /* event not enabled */ 3192 return; 3193 } 3194 3195 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_adaption_event), 0, M_NOWAIT, 1, MT_DATA); 3196 if (m_notify == NULL) 3197 /* no space left */ 3198 return; 3199 SCTP_BUF_LEN(m_notify) = 0; 3200 sai = mtod(m_notify, struct sctp_adaptation_event *); 3201 memset(sai, 0, sizeof(struct sctp_adaptation_event)); 3202 sai->sai_type = SCTP_ADAPTATION_INDICATION; 3203 sai->sai_flags = 0; 3204 sai->sai_length = sizeof(struct sctp_adaptation_event); 3205 sai->sai_adaptation_ind = stcb->asoc.peers_adaptation; 3206 sai->sai_assoc_id = sctp_get_associd(stcb); 3207 3208 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_adaptation_event); 3209 SCTP_BUF_NEXT(m_notify) = NULL; 3210 3211 /* append to socket */ 3212 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3213 0, 0, stcb->asoc.context, 0, 0, 0, 3214 m_notify); 3215 if (control == NULL) { 3216 /* no memory */ 3217 sctp_m_freem(m_notify); 3218 return; 3219 } 3220 control->length = SCTP_BUF_LEN(m_notify); 3221 control->spec_flags = M_NOTIFICATION; 3222 /* not that we need this */ 3223 control->tail_mbuf = m_notify; 3224 sctp_add_to_readq(stcb->sctp_ep, stcb, 3225 control, 3226 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3227 } 3228 3229 /* This always must be called with the read-queue LOCKED in the INP */ 3230 static void 3231 sctp_notify_partial_delivery_indication(struct sctp_tcb *stcb, uint32_t error, 3232 uint32_t val, int so_locked 3233 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3234 SCTP_UNUSED 3235 #endif 3236 ) 3237 { 3238 struct mbuf *m_notify; 3239 struct sctp_pdapi_event *pdapi; 3240 struct sctp_queued_to_read *control; 3241 struct sockbuf *sb; 3242 3243 if ((stcb == NULL) || 3244 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_PDAPIEVNT)) { 3245 /* event not enabled */ 3246 return; 3247 } 3248 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_CANT_READ) { 3249 return; 3250 } 3251 3252 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_pdapi_event), 0, M_NOWAIT, 1, MT_DATA); 3253 if (m_notify == NULL) 3254 /* no space left */ 3255 return; 3256 SCTP_BUF_LEN(m_notify) = 0; 3257 pdapi = mtod(m_notify, struct sctp_pdapi_event *); 3258 memset(pdapi, 0, sizeof(struct sctp_pdapi_event)); 3259 pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT; 3260 pdapi->pdapi_flags = 0; 3261 pdapi->pdapi_length = sizeof(struct sctp_pdapi_event); 3262 pdapi->pdapi_indication = error; 3263 pdapi->pdapi_stream = (val >> 16); 3264 pdapi->pdapi_seq = (val & 0x0000ffff); 3265 pdapi->pdapi_assoc_id = sctp_get_associd(stcb); 3266 3267 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_pdapi_event); 3268 SCTP_BUF_NEXT(m_notify) = NULL; 3269 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3270 0, 0, stcb->asoc.context, 0, 0, 0, 3271 m_notify); 3272 if (control == NULL) { 3273 /* no memory */ 3274 sctp_m_freem(m_notify); 3275 return; 3276 } 3277 control->length = SCTP_BUF_LEN(m_notify); 3278 control->spec_flags = M_NOTIFICATION; 3279 /* not that we need this */ 3280 control->tail_mbuf = m_notify; 3281 sb = &stcb->sctp_socket->so_rcv; 3282 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 3283 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m_notify)); 3284 } 3285 sctp_sballoc(stcb, sb, m_notify); 3286 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 3287 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 3288 } 3289 control->end_added = 1; 3290 if (stcb->asoc.control_pdapi) 3291 TAILQ_INSERT_AFTER(&stcb->sctp_ep->read_queue, stcb->asoc.control_pdapi, control, next); 3292 else { 3293 /* we really should not see this case */ 3294 TAILQ_INSERT_TAIL(&stcb->sctp_ep->read_queue, control, next); 3295 } 3296 if (stcb->sctp_ep && stcb->sctp_socket) { 3297 /* This should always be the case */ 3298 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3299 struct socket *so; 3300 3301 so = SCTP_INP_SO(stcb->sctp_ep); 3302 if (!so_locked) { 3303 atomic_add_int(&stcb->asoc.refcnt, 1); 3304 SCTP_TCB_UNLOCK(stcb); 3305 SCTP_SOCKET_LOCK(so, 1); 3306 SCTP_TCB_LOCK(stcb); 3307 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3308 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 3309 SCTP_SOCKET_UNLOCK(so, 1); 3310 return; 3311 } 3312 } 3313 #endif 3314 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket); 3315 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3316 if (!so_locked) { 3317 SCTP_SOCKET_UNLOCK(so, 1); 3318 } 3319 #endif 3320 } 3321 } 3322 3323 static void 3324 sctp_notify_shutdown_event(struct sctp_tcb *stcb) 3325 { 3326 struct mbuf *m_notify; 3327 struct sctp_shutdown_event *sse; 3328 struct sctp_queued_to_read *control; 3329 3330 /* 3331 * For TCP model AND UDP connected sockets we will send an error up 3332 * when an SHUTDOWN completes 3333 */ 3334 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 3335 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 3336 /* mark socket closed for read/write and wakeup! */ 3337 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3338 struct socket *so; 3339 3340 so = SCTP_INP_SO(stcb->sctp_ep); 3341 atomic_add_int(&stcb->asoc.refcnt, 1); 3342 SCTP_TCB_UNLOCK(stcb); 3343 SCTP_SOCKET_LOCK(so, 1); 3344 SCTP_TCB_LOCK(stcb); 3345 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3346 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 3347 SCTP_SOCKET_UNLOCK(so, 1); 3348 return; 3349 } 3350 #endif 3351 socantsendmore(stcb->sctp_socket); 3352 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3353 SCTP_SOCKET_UNLOCK(so, 1); 3354 #endif 3355 } 3356 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSHUTDOWNEVNT)) { 3357 /* event not enabled */ 3358 return; 3359 } 3360 3361 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_event), 0, M_NOWAIT, 1, MT_DATA); 3362 if (m_notify == NULL) 3363 /* no space left */ 3364 return; 3365 sse = mtod(m_notify, struct sctp_shutdown_event *); 3366 memset(sse, 0, sizeof(struct sctp_shutdown_event)); 3367 sse->sse_type = SCTP_SHUTDOWN_EVENT; 3368 sse->sse_flags = 0; 3369 sse->sse_length = sizeof(struct sctp_shutdown_event); 3370 sse->sse_assoc_id = sctp_get_associd(stcb); 3371 3372 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_shutdown_event); 3373 SCTP_BUF_NEXT(m_notify) = NULL; 3374 3375 /* append to socket */ 3376 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3377 0, 0, stcb->asoc.context, 0, 0, 0, 3378 m_notify); 3379 if (control == NULL) { 3380 /* no memory */ 3381 sctp_m_freem(m_notify); 3382 return; 3383 } 3384 control->length = SCTP_BUF_LEN(m_notify); 3385 control->spec_flags = M_NOTIFICATION; 3386 /* not that we need this */ 3387 control->tail_mbuf = m_notify; 3388 sctp_add_to_readq(stcb->sctp_ep, stcb, 3389 control, 3390 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3391 } 3392 3393 static void 3394 sctp_notify_sender_dry_event(struct sctp_tcb *stcb, 3395 int so_locked 3396 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3397 SCTP_UNUSED 3398 #endif 3399 ) 3400 { 3401 struct mbuf *m_notify; 3402 struct sctp_sender_dry_event *event; 3403 struct sctp_queued_to_read *control; 3404 3405 if ((stcb == NULL) || 3406 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DRYEVNT)) { 3407 /* event not enabled */ 3408 return; 3409 } 3410 3411 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_sender_dry_event), 0, M_NOWAIT, 1, MT_DATA); 3412 if (m_notify == NULL) { 3413 /* no space left */ 3414 return; 3415 } 3416 SCTP_BUF_LEN(m_notify) = 0; 3417 event = mtod(m_notify, struct sctp_sender_dry_event *); 3418 memset(event, 0, sizeof(struct sctp_sender_dry_event)); 3419 event->sender_dry_type = SCTP_SENDER_DRY_EVENT; 3420 event->sender_dry_flags = 0; 3421 event->sender_dry_length = sizeof(struct sctp_sender_dry_event); 3422 event->sender_dry_assoc_id = sctp_get_associd(stcb); 3423 3424 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_sender_dry_event); 3425 SCTP_BUF_NEXT(m_notify) = NULL; 3426 3427 /* append to socket */ 3428 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3429 0, 0, stcb->asoc.context, 0, 0, 0, 3430 m_notify); 3431 if (control == NULL) { 3432 /* no memory */ 3433 sctp_m_freem(m_notify); 3434 return; 3435 } 3436 control->length = SCTP_BUF_LEN(m_notify); 3437 control->spec_flags = M_NOTIFICATION; 3438 /* not that we need this */ 3439 control->tail_mbuf = m_notify; 3440 sctp_add_to_readq(stcb->sctp_ep, stcb, control, 3441 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); 3442 } 3443 3444 3445 void 3446 sctp_notify_stream_reset_add(struct sctp_tcb *stcb, uint16_t numberin, uint16_t numberout, int flag) 3447 { 3448 struct mbuf *m_notify; 3449 struct sctp_queued_to_read *control; 3450 struct sctp_stream_change_event *stradd; 3451 3452 if ((stcb == NULL) || 3453 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_CHANGEEVNT))) { 3454 /* event not enabled */ 3455 return; 3456 } 3457 if ((stcb->asoc.peer_req_out) && flag) { 3458 /* Peer made the request, don't tell the local user */ 3459 stcb->asoc.peer_req_out = 0; 3460 return; 3461 } 3462 stcb->asoc.peer_req_out = 0; 3463 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_stream_change_event), 0, M_NOWAIT, 1, MT_DATA); 3464 if (m_notify == NULL) 3465 /* no space left */ 3466 return; 3467 SCTP_BUF_LEN(m_notify) = 0; 3468 stradd = mtod(m_notify, struct sctp_stream_change_event *); 3469 memset(stradd, 0, sizeof(struct sctp_stream_change_event)); 3470 stradd->strchange_type = SCTP_STREAM_CHANGE_EVENT; 3471 stradd->strchange_flags = flag; 3472 stradd->strchange_length = sizeof(struct sctp_stream_change_event); 3473 stradd->strchange_assoc_id = sctp_get_associd(stcb); 3474 stradd->strchange_instrms = numberin; 3475 stradd->strchange_outstrms = numberout; 3476 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_stream_change_event); 3477 SCTP_BUF_NEXT(m_notify) = NULL; 3478 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3479 /* no space */ 3480 sctp_m_freem(m_notify); 3481 return; 3482 } 3483 /* append to socket */ 3484 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3485 0, 0, stcb->asoc.context, 0, 0, 0, 3486 m_notify); 3487 if (control == NULL) { 3488 /* no memory */ 3489 sctp_m_freem(m_notify); 3490 return; 3491 } 3492 control->length = SCTP_BUF_LEN(m_notify); 3493 control->spec_flags = M_NOTIFICATION; 3494 /* not that we need this */ 3495 control->tail_mbuf = m_notify; 3496 sctp_add_to_readq(stcb->sctp_ep, stcb, 3497 control, 3498 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3499 } 3500 3501 void 3502 sctp_notify_stream_reset_tsn(struct sctp_tcb *stcb, uint32_t sending_tsn, uint32_t recv_tsn, int flag) 3503 { 3504 struct mbuf *m_notify; 3505 struct sctp_queued_to_read *control; 3506 struct sctp_assoc_reset_event *strasoc; 3507 3508 if ((stcb == NULL) || 3509 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ASSOC_RESETEVNT))) { 3510 /* event not enabled */ 3511 return; 3512 } 3513 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_reset_event), 0, M_NOWAIT, 1, MT_DATA); 3514 if (m_notify == NULL) 3515 /* no space left */ 3516 return; 3517 SCTP_BUF_LEN(m_notify) = 0; 3518 strasoc = mtod(m_notify, struct sctp_assoc_reset_event *); 3519 memset(strasoc, 0, sizeof(struct sctp_assoc_reset_event)); 3520 strasoc->assocreset_type = SCTP_ASSOC_RESET_EVENT; 3521 strasoc->assocreset_flags = flag; 3522 strasoc->assocreset_length = sizeof(struct sctp_assoc_reset_event); 3523 strasoc->assocreset_assoc_id = sctp_get_associd(stcb); 3524 strasoc->assocreset_local_tsn = sending_tsn; 3525 strasoc->assocreset_remote_tsn = recv_tsn; 3526 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_assoc_reset_event); 3527 SCTP_BUF_NEXT(m_notify) = NULL; 3528 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3529 /* no space */ 3530 sctp_m_freem(m_notify); 3531 return; 3532 } 3533 /* append to socket */ 3534 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3535 0, 0, stcb->asoc.context, 0, 0, 0, 3536 m_notify); 3537 if (control == NULL) { 3538 /* no memory */ 3539 sctp_m_freem(m_notify); 3540 return; 3541 } 3542 control->length = SCTP_BUF_LEN(m_notify); 3543 control->spec_flags = M_NOTIFICATION; 3544 /* not that we need this */ 3545 control->tail_mbuf = m_notify; 3546 sctp_add_to_readq(stcb->sctp_ep, stcb, 3547 control, 3548 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3549 } 3550 3551 3552 3553 static void 3554 sctp_notify_stream_reset(struct sctp_tcb *stcb, 3555 int number_entries, uint16_t *list, int flag) 3556 { 3557 struct mbuf *m_notify; 3558 struct sctp_queued_to_read *control; 3559 struct sctp_stream_reset_event *strreset; 3560 int len; 3561 3562 if ((stcb == NULL) || 3563 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_RESETEVNT))) { 3564 /* event not enabled */ 3565 return; 3566 } 3567 3568 m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 3569 if (m_notify == NULL) 3570 /* no space left */ 3571 return; 3572 SCTP_BUF_LEN(m_notify) = 0; 3573 len = sizeof(struct sctp_stream_reset_event) + (number_entries * sizeof(uint16_t)); 3574 if (len > M_TRAILINGSPACE(m_notify)) { 3575 /* never enough room */ 3576 sctp_m_freem(m_notify); 3577 return; 3578 } 3579 strreset = mtod(m_notify, struct sctp_stream_reset_event *); 3580 memset(strreset, 0, len); 3581 strreset->strreset_type = SCTP_STREAM_RESET_EVENT; 3582 strreset->strreset_flags = flag; 3583 strreset->strreset_length = len; 3584 strreset->strreset_assoc_id = sctp_get_associd(stcb); 3585 if (number_entries) { 3586 int i; 3587 3588 for (i = 0; i < number_entries; i++) { 3589 strreset->strreset_stream_list[i] = ntohs(list[i]); 3590 } 3591 } 3592 SCTP_BUF_LEN(m_notify) = len; 3593 SCTP_BUF_NEXT(m_notify) = NULL; 3594 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3595 /* no space */ 3596 sctp_m_freem(m_notify); 3597 return; 3598 } 3599 /* append to socket */ 3600 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3601 0, 0, stcb->asoc.context, 0, 0, 0, 3602 m_notify); 3603 if (control == NULL) { 3604 /* no memory */ 3605 sctp_m_freem(m_notify); 3606 return; 3607 } 3608 control->length = SCTP_BUF_LEN(m_notify); 3609 control->spec_flags = M_NOTIFICATION; 3610 /* not that we need this */ 3611 control->tail_mbuf = m_notify; 3612 sctp_add_to_readq(stcb->sctp_ep, stcb, 3613 control, 3614 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3615 } 3616 3617 3618 static void 3619 sctp_notify_remote_error(struct sctp_tcb *stcb, uint16_t error, struct sctp_error_chunk *chunk) 3620 { 3621 struct mbuf *m_notify; 3622 struct sctp_remote_error *sre; 3623 struct sctp_queued_to_read *control; 3624 unsigned int notif_len; 3625 uint16_t chunk_len; 3626 3627 if ((stcb == NULL) || 3628 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVPEERERR)) { 3629 return; 3630 } 3631 if (chunk != NULL) { 3632 chunk_len = ntohs(chunk->ch.chunk_length); 3633 /* 3634 * Only SCTP_CHUNK_BUFFER_SIZE are guaranteed to be 3635 * contiguous. 3636 */ 3637 if (chunk_len > SCTP_CHUNK_BUFFER_SIZE) { 3638 chunk_len = SCTP_CHUNK_BUFFER_SIZE; 3639 } 3640 } else { 3641 chunk_len = 0; 3642 } 3643 notif_len = (unsigned int)(sizeof(struct sctp_remote_error) + chunk_len); 3644 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 3645 if (m_notify == NULL) { 3646 /* Retry with smaller value. */ 3647 notif_len = (unsigned int)sizeof(struct sctp_remote_error); 3648 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 3649 if (m_notify == NULL) { 3650 return; 3651 } 3652 } 3653 SCTP_BUF_NEXT(m_notify) = NULL; 3654 sre = mtod(m_notify, struct sctp_remote_error *); 3655 memset(sre, 0, notif_len); 3656 sre->sre_type = SCTP_REMOTE_ERROR; 3657 sre->sre_flags = 0; 3658 sre->sre_length = sizeof(struct sctp_remote_error); 3659 sre->sre_error = error; 3660 sre->sre_assoc_id = sctp_get_associd(stcb); 3661 if (notif_len > sizeof(struct sctp_remote_error)) { 3662 memcpy(sre->sre_data, chunk, chunk_len); 3663 sre->sre_length += chunk_len; 3664 } 3665 SCTP_BUF_LEN(m_notify) = sre->sre_length; 3666 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3667 0, 0, stcb->asoc.context, 0, 0, 0, 3668 m_notify); 3669 if (control != NULL) { 3670 control->length = SCTP_BUF_LEN(m_notify); 3671 control->spec_flags = M_NOTIFICATION; 3672 /* not that we need this */ 3673 control->tail_mbuf = m_notify; 3674 sctp_add_to_readq(stcb->sctp_ep, stcb, 3675 control, 3676 &stcb->sctp_socket->so_rcv, 1, 3677 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3678 } else { 3679 sctp_m_freem(m_notify); 3680 } 3681 } 3682 3683 3684 void 3685 sctp_ulp_notify(uint32_t notification, struct sctp_tcb *stcb, 3686 uint32_t error, void *data, int so_locked 3687 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3688 SCTP_UNUSED 3689 #endif 3690 ) 3691 { 3692 if ((stcb == NULL) || 3693 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3694 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3695 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 3696 /* If the socket is gone we are out of here */ 3697 return; 3698 } 3699 if (stcb->sctp_socket->so_rcv.sb_state & SBS_CANTRCVMORE) { 3700 return; 3701 } 3702 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 3703 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 3704 if ((notification == SCTP_NOTIFY_INTERFACE_DOWN) || 3705 (notification == SCTP_NOTIFY_INTERFACE_UP) || 3706 (notification == SCTP_NOTIFY_INTERFACE_CONFIRMED)) { 3707 /* Don't report these in front states */ 3708 return; 3709 } 3710 } 3711 switch (notification) { 3712 case SCTP_NOTIFY_ASSOC_UP: 3713 if (stcb->asoc.assoc_up_sent == 0) { 3714 sctp_notify_assoc_change(SCTP_COMM_UP, stcb, error, NULL, 0, so_locked); 3715 stcb->asoc.assoc_up_sent = 1; 3716 } 3717 if (stcb->asoc.adaptation_needed && (stcb->asoc.adaptation_sent == 0)) { 3718 sctp_notify_adaptation_layer(stcb); 3719 } 3720 if (stcb->asoc.auth_supported == 0) { 3721 sctp_ulp_notify(SCTP_NOTIFY_NO_PEER_AUTH, stcb, 0, 3722 NULL, so_locked); 3723 } 3724 break; 3725 case SCTP_NOTIFY_ASSOC_DOWN: 3726 sctp_notify_assoc_change(SCTP_SHUTDOWN_COMP, stcb, error, NULL, 0, so_locked); 3727 break; 3728 case SCTP_NOTIFY_INTERFACE_DOWN: 3729 { 3730 struct sctp_nets *net; 3731 3732 net = (struct sctp_nets *)data; 3733 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_UNREACHABLE, 3734 (struct sockaddr *)&net->ro._l_addr, error, so_locked); 3735 break; 3736 } 3737 case SCTP_NOTIFY_INTERFACE_UP: 3738 { 3739 struct sctp_nets *net; 3740 3741 net = (struct sctp_nets *)data; 3742 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_AVAILABLE, 3743 (struct sockaddr *)&net->ro._l_addr, error, so_locked); 3744 break; 3745 } 3746 case SCTP_NOTIFY_INTERFACE_CONFIRMED: 3747 { 3748 struct sctp_nets *net; 3749 3750 net = (struct sctp_nets *)data; 3751 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_CONFIRMED, 3752 (struct sockaddr *)&net->ro._l_addr, error, so_locked); 3753 break; 3754 } 3755 case SCTP_NOTIFY_SPECIAL_SP_FAIL: 3756 sctp_notify_send_failed2(stcb, error, 3757 (struct sctp_stream_queue_pending *)data, so_locked); 3758 break; 3759 case SCTP_NOTIFY_SENT_DG_FAIL: 3760 sctp_notify_send_failed(stcb, 1, error, 3761 (struct sctp_tmit_chunk *)data, so_locked); 3762 break; 3763 case SCTP_NOTIFY_UNSENT_DG_FAIL: 3764 sctp_notify_send_failed(stcb, 0, error, 3765 (struct sctp_tmit_chunk *)data, so_locked); 3766 break; 3767 case SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION: 3768 { 3769 uint32_t val; 3770 3771 val = *((uint32_t *)data); 3772 3773 sctp_notify_partial_delivery_indication(stcb, error, val, so_locked); 3774 break; 3775 } 3776 case SCTP_NOTIFY_ASSOC_LOC_ABORTED: 3777 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 3778 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 3779 sctp_notify_assoc_change(SCTP_CANT_STR_ASSOC, stcb, error, data, 0, so_locked); 3780 } else { 3781 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, data, 0, so_locked); 3782 } 3783 break; 3784 case SCTP_NOTIFY_ASSOC_REM_ABORTED: 3785 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 3786 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 3787 sctp_notify_assoc_change(SCTP_CANT_STR_ASSOC, stcb, error, data, 1, so_locked); 3788 } else { 3789 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, data, 1, so_locked); 3790 } 3791 break; 3792 case SCTP_NOTIFY_ASSOC_RESTART: 3793 sctp_notify_assoc_change(SCTP_RESTART, stcb, error, NULL, 0, so_locked); 3794 if (stcb->asoc.auth_supported == 0) { 3795 sctp_ulp_notify(SCTP_NOTIFY_NO_PEER_AUTH, stcb, 0, 3796 NULL, so_locked); 3797 } 3798 break; 3799 case SCTP_NOTIFY_STR_RESET_SEND: 3800 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), SCTP_STREAM_RESET_OUTGOING_SSN); 3801 break; 3802 case SCTP_NOTIFY_STR_RESET_RECV: 3803 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), SCTP_STREAM_RESET_INCOMING); 3804 break; 3805 case SCTP_NOTIFY_STR_RESET_FAILED_OUT: 3806 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3807 (SCTP_STREAM_RESET_OUTGOING_SSN | SCTP_STREAM_RESET_FAILED)); 3808 break; 3809 case SCTP_NOTIFY_STR_RESET_DENIED_OUT: 3810 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3811 (SCTP_STREAM_RESET_OUTGOING_SSN | SCTP_STREAM_RESET_DENIED)); 3812 break; 3813 case SCTP_NOTIFY_STR_RESET_FAILED_IN: 3814 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3815 (SCTP_STREAM_RESET_INCOMING | SCTP_STREAM_RESET_FAILED)); 3816 break; 3817 case SCTP_NOTIFY_STR_RESET_DENIED_IN: 3818 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3819 (SCTP_STREAM_RESET_INCOMING | SCTP_STREAM_RESET_DENIED)); 3820 break; 3821 case SCTP_NOTIFY_ASCONF_ADD_IP: 3822 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_ADDED, data, 3823 error, so_locked); 3824 break; 3825 case SCTP_NOTIFY_ASCONF_DELETE_IP: 3826 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_REMOVED, data, 3827 error, so_locked); 3828 break; 3829 case SCTP_NOTIFY_ASCONF_SET_PRIMARY: 3830 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_MADE_PRIM, data, 3831 error, so_locked); 3832 break; 3833 case SCTP_NOTIFY_PEER_SHUTDOWN: 3834 sctp_notify_shutdown_event(stcb); 3835 break; 3836 case SCTP_NOTIFY_AUTH_NEW_KEY: 3837 sctp_notify_authentication(stcb, SCTP_AUTH_NEW_KEY, error, 3838 (uint16_t)(uintptr_t)data, 3839 so_locked); 3840 break; 3841 case SCTP_NOTIFY_AUTH_FREE_KEY: 3842 sctp_notify_authentication(stcb, SCTP_AUTH_FREE_KEY, error, 3843 (uint16_t)(uintptr_t)data, 3844 so_locked); 3845 break; 3846 case SCTP_NOTIFY_NO_PEER_AUTH: 3847 sctp_notify_authentication(stcb, SCTP_AUTH_NO_AUTH, error, 3848 (uint16_t)(uintptr_t)data, 3849 so_locked); 3850 break; 3851 case SCTP_NOTIFY_SENDER_DRY: 3852 sctp_notify_sender_dry_event(stcb, so_locked); 3853 break; 3854 case SCTP_NOTIFY_REMOTE_ERROR: 3855 sctp_notify_remote_error(stcb, error, data); 3856 break; 3857 default: 3858 SCTPDBG(SCTP_DEBUG_UTIL1, "%s: unknown notification %xh (%u)\n", 3859 __func__, notification, notification); 3860 break; 3861 } /* end switch */ 3862 } 3863 3864 void 3865 sctp_report_all_outbound(struct sctp_tcb *stcb, uint16_t error, int holds_lock, int so_locked 3866 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3867 SCTP_UNUSED 3868 #endif 3869 ) 3870 { 3871 struct sctp_association *asoc; 3872 struct sctp_stream_out *outs; 3873 struct sctp_tmit_chunk *chk, *nchk; 3874 struct sctp_stream_queue_pending *sp, *nsp; 3875 int i; 3876 3877 if (stcb == NULL) { 3878 return; 3879 } 3880 asoc = &stcb->asoc; 3881 if (asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) { 3882 /* already being freed */ 3883 return; 3884 } 3885 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3886 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3887 (asoc->state & SCTP_STATE_CLOSED_SOCKET)) { 3888 return; 3889 } 3890 /* now through all the gunk freeing chunks */ 3891 if (holds_lock == 0) { 3892 SCTP_TCB_SEND_LOCK(stcb); 3893 } 3894 /* sent queue SHOULD be empty */ 3895 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) { 3896 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next); 3897 asoc->sent_queue_cnt--; 3898 if (chk->sent != SCTP_DATAGRAM_NR_ACKED) { 3899 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) { 3900 asoc->strmout[chk->rec.data.sid].chunks_on_queues--; 3901 #ifdef INVARIANTS 3902 } else { 3903 panic("No chunks on the queues for sid %u.", chk->rec.data.sid); 3904 #endif 3905 } 3906 } 3907 if (chk->data != NULL) { 3908 sctp_free_bufspace(stcb, asoc, chk, 1); 3909 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 3910 error, chk, so_locked); 3911 if (chk->data) { 3912 sctp_m_freem(chk->data); 3913 chk->data = NULL; 3914 } 3915 } 3916 sctp_free_a_chunk(stcb, chk, so_locked); 3917 /* sa_ignore FREED_MEMORY */ 3918 } 3919 /* pending send queue SHOULD be empty */ 3920 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { 3921 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); 3922 asoc->send_queue_cnt--; 3923 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) { 3924 asoc->strmout[chk->rec.data.sid].chunks_on_queues--; 3925 #ifdef INVARIANTS 3926 } else { 3927 panic("No chunks on the queues for sid %u.", chk->rec.data.sid); 3928 #endif 3929 } 3930 if (chk->data != NULL) { 3931 sctp_free_bufspace(stcb, asoc, chk, 1); 3932 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 3933 error, chk, so_locked); 3934 if (chk->data) { 3935 sctp_m_freem(chk->data); 3936 chk->data = NULL; 3937 } 3938 } 3939 sctp_free_a_chunk(stcb, chk, so_locked); 3940 /* sa_ignore FREED_MEMORY */ 3941 } 3942 for (i = 0; i < asoc->streamoutcnt; i++) { 3943 /* For each stream */ 3944 outs = &asoc->strmout[i]; 3945 /* clean up any sends there */ 3946 TAILQ_FOREACH_SAFE(sp, &outs->outqueue, next, nsp) { 3947 atomic_subtract_int(&asoc->stream_queue_cnt, 1); 3948 TAILQ_REMOVE(&outs->outqueue, sp, next); 3949 stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, outs, sp, 1); 3950 sctp_free_spbufspace(stcb, asoc, sp); 3951 if (sp->data) { 3952 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb, 3953 error, (void *)sp, so_locked); 3954 if (sp->data) { 3955 sctp_m_freem(sp->data); 3956 sp->data = NULL; 3957 sp->tail_mbuf = NULL; 3958 sp->length = 0; 3959 } 3960 } 3961 if (sp->net) { 3962 sctp_free_remote_addr(sp->net); 3963 sp->net = NULL; 3964 } 3965 /* Free the chunk */ 3966 sctp_free_a_strmoq(stcb, sp, so_locked); 3967 /* sa_ignore FREED_MEMORY */ 3968 } 3969 } 3970 3971 if (holds_lock == 0) { 3972 SCTP_TCB_SEND_UNLOCK(stcb); 3973 } 3974 } 3975 3976 void 3977 sctp_abort_notification(struct sctp_tcb *stcb, uint8_t from_peer, uint16_t error, 3978 struct sctp_abort_chunk *abort, int so_locked 3979 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3980 SCTP_UNUSED 3981 #endif 3982 ) 3983 { 3984 if (stcb == NULL) { 3985 return; 3986 } 3987 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || 3988 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 3989 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) { 3990 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_WAS_ABORTED; 3991 } 3992 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3993 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3994 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 3995 return; 3996 } 3997 /* Tell them we lost the asoc */ 3998 sctp_report_all_outbound(stcb, error, 0, so_locked); 3999 if (from_peer) { 4000 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_REM_ABORTED, stcb, error, abort, so_locked); 4001 } else { 4002 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_LOC_ABORTED, stcb, error, abort, so_locked); 4003 } 4004 } 4005 4006 void 4007 sctp_abort_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 4008 struct mbuf *m, int iphlen, 4009 struct sockaddr *src, struct sockaddr *dst, 4010 struct sctphdr *sh, struct mbuf *op_err, 4011 uint8_t mflowtype, uint32_t mflowid, 4012 uint32_t vrf_id, uint16_t port) 4013 { 4014 uint32_t vtag; 4015 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4016 struct socket *so; 4017 #endif 4018 4019 vtag = 0; 4020 if (stcb != NULL) { 4021 vtag = stcb->asoc.peer_vtag; 4022 vrf_id = stcb->asoc.vrf_id; 4023 } 4024 sctp_send_abort(m, iphlen, src, dst, sh, vtag, op_err, 4025 mflowtype, mflowid, inp->fibnum, 4026 vrf_id, port); 4027 if (stcb != NULL) { 4028 /* We have a TCB to abort, send notification too */ 4029 sctp_abort_notification(stcb, 0, 0, NULL, SCTP_SO_NOT_LOCKED); 4030 SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_WAS_ABORTED); 4031 /* Ok, now lets free it */ 4032 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4033 so = SCTP_INP_SO(inp); 4034 atomic_add_int(&stcb->asoc.refcnt, 1); 4035 SCTP_TCB_UNLOCK(stcb); 4036 SCTP_SOCKET_LOCK(so, 1); 4037 SCTP_TCB_LOCK(stcb); 4038 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4039 #endif 4040 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 4041 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 4042 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 4043 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 4044 } 4045 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 4046 SCTP_FROM_SCTPUTIL + SCTP_LOC_4); 4047 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4048 SCTP_SOCKET_UNLOCK(so, 1); 4049 #endif 4050 } 4051 } 4052 #ifdef SCTP_ASOCLOG_OF_TSNS 4053 void 4054 sctp_print_out_track_log(struct sctp_tcb *stcb) 4055 { 4056 #ifdef NOSIY_PRINTS 4057 int i; 4058 4059 SCTP_PRINTF("Last ep reason:%x\n", stcb->sctp_ep->last_abort_code); 4060 SCTP_PRINTF("IN bound TSN log-aaa\n"); 4061 if ((stcb->asoc.tsn_in_at == 0) && (stcb->asoc.tsn_in_wrapped == 0)) { 4062 SCTP_PRINTF("None rcvd\n"); 4063 goto none_in; 4064 } 4065 if (stcb->asoc.tsn_in_wrapped) { 4066 for (i = stcb->asoc.tsn_in_at; i < SCTP_TSN_LOG_SIZE; i++) { 4067 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4068 stcb->asoc.in_tsnlog[i].tsn, 4069 stcb->asoc.in_tsnlog[i].strm, 4070 stcb->asoc.in_tsnlog[i].seq, 4071 stcb->asoc.in_tsnlog[i].flgs, 4072 stcb->asoc.in_tsnlog[i].sz); 4073 } 4074 } 4075 if (stcb->asoc.tsn_in_at) { 4076 for (i = 0; i < stcb->asoc.tsn_in_at; i++) { 4077 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4078 stcb->asoc.in_tsnlog[i].tsn, 4079 stcb->asoc.in_tsnlog[i].strm, 4080 stcb->asoc.in_tsnlog[i].seq, 4081 stcb->asoc.in_tsnlog[i].flgs, 4082 stcb->asoc.in_tsnlog[i].sz); 4083 } 4084 } 4085 none_in: 4086 SCTP_PRINTF("OUT bound TSN log-aaa\n"); 4087 if ((stcb->asoc.tsn_out_at == 0) && 4088 (stcb->asoc.tsn_out_wrapped == 0)) { 4089 SCTP_PRINTF("None sent\n"); 4090 } 4091 if (stcb->asoc.tsn_out_wrapped) { 4092 for (i = stcb->asoc.tsn_out_at; i < SCTP_TSN_LOG_SIZE; i++) { 4093 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4094 stcb->asoc.out_tsnlog[i].tsn, 4095 stcb->asoc.out_tsnlog[i].strm, 4096 stcb->asoc.out_tsnlog[i].seq, 4097 stcb->asoc.out_tsnlog[i].flgs, 4098 stcb->asoc.out_tsnlog[i].sz); 4099 } 4100 } 4101 if (stcb->asoc.tsn_out_at) { 4102 for (i = 0; i < stcb->asoc.tsn_out_at; i++) { 4103 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4104 stcb->asoc.out_tsnlog[i].tsn, 4105 stcb->asoc.out_tsnlog[i].strm, 4106 stcb->asoc.out_tsnlog[i].seq, 4107 stcb->asoc.out_tsnlog[i].flgs, 4108 stcb->asoc.out_tsnlog[i].sz); 4109 } 4110 } 4111 #endif 4112 } 4113 #endif 4114 4115 void 4116 sctp_abort_an_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 4117 struct mbuf *op_err, 4118 int so_locked 4119 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4120 SCTP_UNUSED 4121 #endif 4122 ) 4123 { 4124 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4125 struct socket *so; 4126 #endif 4127 4128 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4129 so = SCTP_INP_SO(inp); 4130 #endif 4131 if (stcb == NULL) { 4132 /* Got to have a TCB */ 4133 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 4134 if (LIST_EMPTY(&inp->sctp_asoc_list)) { 4135 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 4136 SCTP_CALLED_DIRECTLY_NOCMPSET); 4137 } 4138 } 4139 return; 4140 } else { 4141 SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_WAS_ABORTED); 4142 } 4143 /* notify the peer */ 4144 sctp_send_abort_tcb(stcb, op_err, so_locked); 4145 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 4146 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 4147 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 4148 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 4149 } 4150 /* notify the ulp */ 4151 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) { 4152 sctp_abort_notification(stcb, 0, 0, NULL, so_locked); 4153 } 4154 /* now free the asoc */ 4155 #ifdef SCTP_ASOCLOG_OF_TSNS 4156 sctp_print_out_track_log(stcb); 4157 #endif 4158 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4159 if (!so_locked) { 4160 atomic_add_int(&stcb->asoc.refcnt, 1); 4161 SCTP_TCB_UNLOCK(stcb); 4162 SCTP_SOCKET_LOCK(so, 1); 4163 SCTP_TCB_LOCK(stcb); 4164 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4165 } 4166 #endif 4167 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 4168 SCTP_FROM_SCTPUTIL + SCTP_LOC_5); 4169 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4170 if (!so_locked) { 4171 SCTP_SOCKET_UNLOCK(so, 1); 4172 } 4173 #endif 4174 } 4175 4176 void 4177 sctp_handle_ootb(struct mbuf *m, int iphlen, int offset, 4178 struct sockaddr *src, struct sockaddr *dst, 4179 struct sctphdr *sh, struct sctp_inpcb *inp, 4180 struct mbuf *cause, 4181 uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum, 4182 uint32_t vrf_id, uint16_t port) 4183 { 4184 struct sctp_chunkhdr *ch, chunk_buf; 4185 unsigned int chk_length; 4186 int contains_init_chunk; 4187 4188 SCTP_STAT_INCR_COUNTER32(sctps_outoftheblue); 4189 /* Generate a TO address for future reference */ 4190 if (inp && (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) { 4191 if (LIST_EMPTY(&inp->sctp_asoc_list)) { 4192 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 4193 SCTP_CALLED_DIRECTLY_NOCMPSET); 4194 } 4195 } 4196 contains_init_chunk = 0; 4197 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4198 sizeof(*ch), (uint8_t *)&chunk_buf); 4199 while (ch != NULL) { 4200 chk_length = ntohs(ch->chunk_length); 4201 if (chk_length < sizeof(*ch)) { 4202 /* break to abort land */ 4203 break; 4204 } 4205 switch (ch->chunk_type) { 4206 case SCTP_INIT: 4207 contains_init_chunk = 1; 4208 break; 4209 case SCTP_PACKET_DROPPED: 4210 /* we don't respond to pkt-dropped */ 4211 return; 4212 case SCTP_ABORT_ASSOCIATION: 4213 /* we don't respond with an ABORT to an ABORT */ 4214 return; 4215 case SCTP_SHUTDOWN_COMPLETE: 4216 /* 4217 * we ignore it since we are not waiting for it and 4218 * peer is gone 4219 */ 4220 return; 4221 case SCTP_SHUTDOWN_ACK: 4222 sctp_send_shutdown_complete2(src, dst, sh, 4223 mflowtype, mflowid, fibnum, 4224 vrf_id, port); 4225 return; 4226 default: 4227 break; 4228 } 4229 offset += SCTP_SIZE32(chk_length); 4230 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4231 sizeof(*ch), (uint8_t *)&chunk_buf); 4232 } 4233 if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) || 4234 ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) && 4235 (contains_init_chunk == 0))) { 4236 sctp_send_abort(m, iphlen, src, dst, sh, 0, cause, 4237 mflowtype, mflowid, fibnum, 4238 vrf_id, port); 4239 } 4240 } 4241 4242 /* 4243 * check the inbound datagram to make sure there is not an abort inside it, 4244 * if there is return 1, else return 0. 4245 */ 4246 int 4247 sctp_is_there_an_abort_here(struct mbuf *m, int iphlen, uint32_t *vtagfill) 4248 { 4249 struct sctp_chunkhdr *ch; 4250 struct sctp_init_chunk *init_chk, chunk_buf; 4251 int offset; 4252 unsigned int chk_length; 4253 4254 offset = iphlen + sizeof(struct sctphdr); 4255 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, sizeof(*ch), 4256 (uint8_t *)&chunk_buf); 4257 while (ch != NULL) { 4258 chk_length = ntohs(ch->chunk_length); 4259 if (chk_length < sizeof(*ch)) { 4260 /* packet is probably corrupt */ 4261 break; 4262 } 4263 /* we seem to be ok, is it an abort? */ 4264 if (ch->chunk_type == SCTP_ABORT_ASSOCIATION) { 4265 /* yep, tell them */ 4266 return (1); 4267 } 4268 if (ch->chunk_type == SCTP_INITIATION) { 4269 /* need to update the Vtag */ 4270 init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m, 4271 offset, sizeof(*init_chk), (uint8_t *)&chunk_buf); 4272 if (init_chk != NULL) { 4273 *vtagfill = ntohl(init_chk->init.initiate_tag); 4274 } 4275 } 4276 /* Nope, move to the next chunk */ 4277 offset += SCTP_SIZE32(chk_length); 4278 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4279 sizeof(*ch), (uint8_t *)&chunk_buf); 4280 } 4281 return (0); 4282 } 4283 4284 /* 4285 * currently (2/02), ifa_addr embeds scope_id's and don't have sin6_scope_id 4286 * set (i.e. it's 0) so, create this function to compare link local scopes 4287 */ 4288 #ifdef INET6 4289 uint32_t 4290 sctp_is_same_scope(struct sockaddr_in6 *addr1, struct sockaddr_in6 *addr2) 4291 { 4292 struct sockaddr_in6 a, b; 4293 4294 /* save copies */ 4295 a = *addr1; 4296 b = *addr2; 4297 4298 if (a.sin6_scope_id == 0) 4299 if (sa6_recoverscope(&a)) { 4300 /* can't get scope, so can't match */ 4301 return (0); 4302 } 4303 if (b.sin6_scope_id == 0) 4304 if (sa6_recoverscope(&b)) { 4305 /* can't get scope, so can't match */ 4306 return (0); 4307 } 4308 if (a.sin6_scope_id != b.sin6_scope_id) 4309 return (0); 4310 4311 return (1); 4312 } 4313 4314 /* 4315 * returns a sockaddr_in6 with embedded scope recovered and removed 4316 */ 4317 struct sockaddr_in6 * 4318 sctp_recover_scope(struct sockaddr_in6 *addr, struct sockaddr_in6 *store) 4319 { 4320 /* check and strip embedded scope junk */ 4321 if (addr->sin6_family == AF_INET6) { 4322 if (IN6_IS_SCOPE_LINKLOCAL(&addr->sin6_addr)) { 4323 if (addr->sin6_scope_id == 0) { 4324 *store = *addr; 4325 if (!sa6_recoverscope(store)) { 4326 /* use the recovered scope */ 4327 addr = store; 4328 } 4329 } else { 4330 /* else, return the original "to" addr */ 4331 in6_clearscope(&addr->sin6_addr); 4332 } 4333 } 4334 } 4335 return (addr); 4336 } 4337 #endif 4338 4339 /* 4340 * are the two addresses the same? currently a "scopeless" check returns: 1 4341 * if same, 0 if not 4342 */ 4343 int 4344 sctp_cmpaddr(struct sockaddr *sa1, struct sockaddr *sa2) 4345 { 4346 4347 /* must be valid */ 4348 if (sa1 == NULL || sa2 == NULL) 4349 return (0); 4350 4351 /* must be the same family */ 4352 if (sa1->sa_family != sa2->sa_family) 4353 return (0); 4354 4355 switch (sa1->sa_family) { 4356 #ifdef INET6 4357 case AF_INET6: 4358 { 4359 /* IPv6 addresses */ 4360 struct sockaddr_in6 *sin6_1, *sin6_2; 4361 4362 sin6_1 = (struct sockaddr_in6 *)sa1; 4363 sin6_2 = (struct sockaddr_in6 *)sa2; 4364 return (SCTP6_ARE_ADDR_EQUAL(sin6_1, 4365 sin6_2)); 4366 } 4367 #endif 4368 #ifdef INET 4369 case AF_INET: 4370 { 4371 /* IPv4 addresses */ 4372 struct sockaddr_in *sin_1, *sin_2; 4373 4374 sin_1 = (struct sockaddr_in *)sa1; 4375 sin_2 = (struct sockaddr_in *)sa2; 4376 return (sin_1->sin_addr.s_addr == sin_2->sin_addr.s_addr); 4377 } 4378 #endif 4379 default: 4380 /* we don't do these... */ 4381 return (0); 4382 } 4383 } 4384 4385 void 4386 sctp_print_address(struct sockaddr *sa) 4387 { 4388 #ifdef INET6 4389 char ip6buf[INET6_ADDRSTRLEN]; 4390 #endif 4391 4392 switch (sa->sa_family) { 4393 #ifdef INET6 4394 case AF_INET6: 4395 { 4396 struct sockaddr_in6 *sin6; 4397 4398 sin6 = (struct sockaddr_in6 *)sa; 4399 SCTP_PRINTF("IPv6 address: %s:port:%d scope:%u\n", 4400 ip6_sprintf(ip6buf, &sin6->sin6_addr), 4401 ntohs(sin6->sin6_port), 4402 sin6->sin6_scope_id); 4403 break; 4404 } 4405 #endif 4406 #ifdef INET 4407 case AF_INET: 4408 { 4409 struct sockaddr_in *sin; 4410 unsigned char *p; 4411 4412 sin = (struct sockaddr_in *)sa; 4413 p = (unsigned char *)&sin->sin_addr; 4414 SCTP_PRINTF("IPv4 address: %u.%u.%u.%u:%d\n", 4415 p[0], p[1], p[2], p[3], ntohs(sin->sin_port)); 4416 break; 4417 } 4418 #endif 4419 default: 4420 SCTP_PRINTF("?\n"); 4421 break; 4422 } 4423 } 4424 4425 void 4426 sctp_pull_off_control_to_new_inp(struct sctp_inpcb *old_inp, 4427 struct sctp_inpcb *new_inp, 4428 struct sctp_tcb *stcb, 4429 int waitflags) 4430 { 4431 /* 4432 * go through our old INP and pull off any control structures that 4433 * belong to stcb and move then to the new inp. 4434 */ 4435 struct socket *old_so, *new_so; 4436 struct sctp_queued_to_read *control, *nctl; 4437 struct sctp_readhead tmp_queue; 4438 struct mbuf *m; 4439 int error = 0; 4440 4441 old_so = old_inp->sctp_socket; 4442 new_so = new_inp->sctp_socket; 4443 TAILQ_INIT(&tmp_queue); 4444 error = sblock(&old_so->so_rcv, waitflags); 4445 if (error) { 4446 /* 4447 * Gak, can't get sblock, we have a problem. data will be 4448 * left stranded.. and we don't dare look at it since the 4449 * other thread may be reading something. Oh well, its a 4450 * screwed up app that does a peeloff OR a accept while 4451 * reading from the main socket... actually its only the 4452 * peeloff() case, since I think read will fail on a 4453 * listening socket.. 4454 */ 4455 return; 4456 } 4457 /* lock the socket buffers */ 4458 SCTP_INP_READ_LOCK(old_inp); 4459 TAILQ_FOREACH_SAFE(control, &old_inp->read_queue, next, nctl) { 4460 /* Pull off all for out target stcb */ 4461 if (control->stcb == stcb) { 4462 /* remove it we want it */ 4463 TAILQ_REMOVE(&old_inp->read_queue, control, next); 4464 TAILQ_INSERT_TAIL(&tmp_queue, control, next); 4465 m = control->data; 4466 while (m) { 4467 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4468 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 4469 } 4470 sctp_sbfree(control, stcb, &old_so->so_rcv, m); 4471 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4472 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4473 } 4474 m = SCTP_BUF_NEXT(m); 4475 } 4476 } 4477 } 4478 SCTP_INP_READ_UNLOCK(old_inp); 4479 /* Remove the sb-lock on the old socket */ 4480 4481 sbunlock(&old_so->so_rcv); 4482 /* Now we move them over to the new socket buffer */ 4483 SCTP_INP_READ_LOCK(new_inp); 4484 TAILQ_FOREACH_SAFE(control, &tmp_queue, next, nctl) { 4485 TAILQ_INSERT_TAIL(&new_inp->read_queue, control, next); 4486 m = control->data; 4487 while (m) { 4488 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4489 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m)); 4490 } 4491 sctp_sballoc(stcb, &new_so->so_rcv, m); 4492 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4493 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4494 } 4495 m = SCTP_BUF_NEXT(m); 4496 } 4497 } 4498 SCTP_INP_READ_UNLOCK(new_inp); 4499 } 4500 4501 void 4502 sctp_wakeup_the_read_socket(struct sctp_inpcb *inp, 4503 struct sctp_tcb *stcb, 4504 int so_locked 4505 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4506 SCTP_UNUSED 4507 #endif 4508 ) 4509 { 4510 if ((inp != NULL) && (inp->sctp_socket != NULL)) { 4511 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4512 struct socket *so; 4513 4514 so = SCTP_INP_SO(inp); 4515 if (!so_locked) { 4516 if (stcb) { 4517 atomic_add_int(&stcb->asoc.refcnt, 1); 4518 SCTP_TCB_UNLOCK(stcb); 4519 } 4520 SCTP_SOCKET_LOCK(so, 1); 4521 if (stcb) { 4522 SCTP_TCB_LOCK(stcb); 4523 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4524 } 4525 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 4526 SCTP_SOCKET_UNLOCK(so, 1); 4527 return; 4528 } 4529 } 4530 #endif 4531 sctp_sorwakeup(inp, inp->sctp_socket); 4532 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4533 if (!so_locked) { 4534 SCTP_SOCKET_UNLOCK(so, 1); 4535 } 4536 #endif 4537 } 4538 } 4539 4540 void 4541 sctp_add_to_readq(struct sctp_inpcb *inp, 4542 struct sctp_tcb *stcb, 4543 struct sctp_queued_to_read *control, 4544 struct sockbuf *sb, 4545 int end, 4546 int inp_read_lock_held, 4547 int so_locked 4548 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4549 SCTP_UNUSED 4550 #endif 4551 ) 4552 { 4553 /* 4554 * Here we must place the control on the end of the socket read 4555 * queue AND increment sb_cc so that select will work properly on 4556 * read. 4557 */ 4558 struct mbuf *m, *prev = NULL; 4559 4560 if (inp == NULL) { 4561 /* Gak, TSNH!! */ 4562 #ifdef INVARIANTS 4563 panic("Gak, inp NULL on add_to_readq"); 4564 #endif 4565 return; 4566 } 4567 if (inp_read_lock_held == 0) 4568 SCTP_INP_READ_LOCK(inp); 4569 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_CANT_READ) { 4570 sctp_free_remote_addr(control->whoFrom); 4571 if (control->data) { 4572 sctp_m_freem(control->data); 4573 control->data = NULL; 4574 } 4575 sctp_free_a_readq(stcb, control); 4576 if (inp_read_lock_held == 0) 4577 SCTP_INP_READ_UNLOCK(inp); 4578 return; 4579 } 4580 if (!(control->spec_flags & M_NOTIFICATION)) { 4581 atomic_add_int(&inp->total_recvs, 1); 4582 if (!control->do_not_ref_stcb) { 4583 atomic_add_int(&stcb->total_recvs, 1); 4584 } 4585 } 4586 m = control->data; 4587 control->held_length = 0; 4588 control->length = 0; 4589 while (m) { 4590 if (SCTP_BUF_LEN(m) == 0) { 4591 /* Skip mbufs with NO length */ 4592 if (prev == NULL) { 4593 /* First one */ 4594 control->data = sctp_m_free(m); 4595 m = control->data; 4596 } else { 4597 SCTP_BUF_NEXT(prev) = sctp_m_free(m); 4598 m = SCTP_BUF_NEXT(prev); 4599 } 4600 if (m == NULL) { 4601 control->tail_mbuf = prev; 4602 } 4603 continue; 4604 } 4605 prev = m; 4606 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4607 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m)); 4608 } 4609 sctp_sballoc(stcb, sb, m); 4610 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4611 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4612 } 4613 atomic_add_int(&control->length, SCTP_BUF_LEN(m)); 4614 m = SCTP_BUF_NEXT(m); 4615 } 4616 if (prev != NULL) { 4617 control->tail_mbuf = prev; 4618 } else { 4619 /* Everything got collapsed out?? */ 4620 sctp_free_remote_addr(control->whoFrom); 4621 sctp_free_a_readq(stcb, control); 4622 if (inp_read_lock_held == 0) 4623 SCTP_INP_READ_UNLOCK(inp); 4624 return; 4625 } 4626 if (end) { 4627 control->end_added = 1; 4628 } 4629 TAILQ_INSERT_TAIL(&inp->read_queue, control, next); 4630 control->on_read_q = 1; 4631 if (inp_read_lock_held == 0) 4632 SCTP_INP_READ_UNLOCK(inp); 4633 if (inp && inp->sctp_socket) { 4634 sctp_wakeup_the_read_socket(inp, stcb, so_locked); 4635 } 4636 } 4637 4638 /*************HOLD THIS COMMENT FOR PATCH FILE OF 4639 *************ALTERNATE ROUTING CODE 4640 */ 4641 4642 /*************HOLD THIS COMMENT FOR END OF PATCH FILE OF 4643 *************ALTERNATE ROUTING CODE 4644 */ 4645 4646 struct mbuf * 4647 sctp_generate_cause(uint16_t code, char *info) 4648 { 4649 struct mbuf *m; 4650 struct sctp_gen_error_cause *cause; 4651 size_t info_len; 4652 uint16_t len; 4653 4654 if ((code == 0) || (info == NULL)) { 4655 return (NULL); 4656 } 4657 info_len = strlen(info); 4658 if (info_len > (SCTP_MAX_CAUSE_LENGTH - sizeof(struct sctp_paramhdr))) { 4659 return (NULL); 4660 } 4661 len = (uint16_t)(sizeof(struct sctp_paramhdr) + info_len); 4662 m = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); 4663 if (m != NULL) { 4664 SCTP_BUF_LEN(m) = len; 4665 cause = mtod(m, struct sctp_gen_error_cause *); 4666 cause->code = htons(code); 4667 cause->length = htons(len); 4668 memcpy(cause->info, info, info_len); 4669 } 4670 return (m); 4671 } 4672 4673 struct mbuf * 4674 sctp_generate_no_user_data_cause(uint32_t tsn) 4675 { 4676 struct mbuf *m; 4677 struct sctp_error_no_user_data *no_user_data_cause; 4678 uint16_t len; 4679 4680 len = (uint16_t)sizeof(struct sctp_error_no_user_data); 4681 m = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); 4682 if (m != NULL) { 4683 SCTP_BUF_LEN(m) = len; 4684 no_user_data_cause = mtod(m, struct sctp_error_no_user_data *); 4685 no_user_data_cause->cause.code = htons(SCTP_CAUSE_NO_USER_DATA); 4686 no_user_data_cause->cause.length = htons(len); 4687 no_user_data_cause->tsn = htonl(tsn); 4688 } 4689 return (m); 4690 } 4691 4692 #ifdef SCTP_MBCNT_LOGGING 4693 void 4694 sctp_free_bufspace(struct sctp_tcb *stcb, struct sctp_association *asoc, 4695 struct sctp_tmit_chunk *tp1, int chk_cnt) 4696 { 4697 if (tp1->data == NULL) { 4698 return; 4699 } 4700 asoc->chunks_on_out_queue -= chk_cnt; 4701 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBCNT_LOGGING_ENABLE) { 4702 sctp_log_mbcnt(SCTP_LOG_MBCNT_DECREASE, 4703 asoc->total_output_queue_size, 4704 tp1->book_size, 4705 0, 4706 tp1->mbcnt); 4707 } 4708 if (asoc->total_output_queue_size >= tp1->book_size) { 4709 atomic_add_int(&asoc->total_output_queue_size, -tp1->book_size); 4710 } else { 4711 asoc->total_output_queue_size = 0; 4712 } 4713 4714 if (stcb->sctp_socket && (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) || 4715 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)))) { 4716 if (stcb->sctp_socket->so_snd.sb_cc >= tp1->book_size) { 4717 stcb->sctp_socket->so_snd.sb_cc -= tp1->book_size; 4718 } else { 4719 stcb->sctp_socket->so_snd.sb_cc = 0; 4720 4721 } 4722 } 4723 } 4724 4725 #endif 4726 4727 int 4728 sctp_release_pr_sctp_chunk(struct sctp_tcb *stcb, struct sctp_tmit_chunk *tp1, 4729 uint8_t sent, int so_locked 4730 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4731 SCTP_UNUSED 4732 #endif 4733 ) 4734 { 4735 struct sctp_stream_out *strq; 4736 struct sctp_tmit_chunk *chk = NULL, *tp2; 4737 struct sctp_stream_queue_pending *sp; 4738 uint32_t mid; 4739 uint16_t sid; 4740 uint8_t foundeom = 0; 4741 int ret_sz = 0; 4742 int notdone; 4743 int do_wakeup_routine = 0; 4744 4745 sid = tp1->rec.data.sid; 4746 mid = tp1->rec.data.mid; 4747 if (sent || !(tp1->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG)) { 4748 stcb->asoc.abandoned_sent[0]++; 4749 stcb->asoc.abandoned_sent[PR_SCTP_POLICY(tp1->flags)]++; 4750 stcb->asoc.strmout[sid].abandoned_sent[0]++; 4751 #if defined(SCTP_DETAILED_STR_STATS) 4752 stcb->asoc.strmout[sid].abandoned_sent[PR_SCTP_POLICY(tp1->flags)]++; 4753 #endif 4754 } else { 4755 stcb->asoc.abandoned_unsent[0]++; 4756 stcb->asoc.abandoned_unsent[PR_SCTP_POLICY(tp1->flags)]++; 4757 stcb->asoc.strmout[sid].abandoned_unsent[0]++; 4758 #if defined(SCTP_DETAILED_STR_STATS) 4759 stcb->asoc.strmout[sid].abandoned_unsent[PR_SCTP_POLICY(tp1->flags)]++; 4760 #endif 4761 } 4762 do { 4763 ret_sz += tp1->book_size; 4764 if (tp1->data != NULL) { 4765 if (tp1->sent < SCTP_DATAGRAM_RESEND) { 4766 sctp_flight_size_decrease(tp1); 4767 sctp_total_flight_decrease(stcb, tp1); 4768 } 4769 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1); 4770 stcb->asoc.peers_rwnd += tp1->send_size; 4771 stcb->asoc.peers_rwnd += SCTP_BASE_SYSCTL(sctp_peer_chunk_oh); 4772 if (sent) { 4773 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 0, tp1, so_locked); 4774 } else { 4775 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 0, tp1, so_locked); 4776 } 4777 if (tp1->data) { 4778 sctp_m_freem(tp1->data); 4779 tp1->data = NULL; 4780 } 4781 do_wakeup_routine = 1; 4782 if (PR_SCTP_BUF_ENABLED(tp1->flags)) { 4783 stcb->asoc.sent_queue_cnt_removeable--; 4784 } 4785 } 4786 tp1->sent = SCTP_FORWARD_TSN_SKIP; 4787 if ((tp1->rec.data.rcv_flags & SCTP_DATA_NOT_FRAG) == 4788 SCTP_DATA_NOT_FRAG) { 4789 /* not frag'ed we ae done */ 4790 notdone = 0; 4791 foundeom = 1; 4792 } else if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { 4793 /* end of frag, we are done */ 4794 notdone = 0; 4795 foundeom = 1; 4796 } else { 4797 /* 4798 * Its a begin or middle piece, we must mark all of 4799 * it 4800 */ 4801 notdone = 1; 4802 tp1 = TAILQ_NEXT(tp1, sctp_next); 4803 } 4804 } while (tp1 && notdone); 4805 if (foundeom == 0) { 4806 /* 4807 * The multi-part message was scattered across the send and 4808 * sent queue. 4809 */ 4810 TAILQ_FOREACH_SAFE(tp1, &stcb->asoc.send_queue, sctp_next, tp2) { 4811 if ((tp1->rec.data.sid != sid) || 4812 (!SCTP_MID_EQ(stcb->asoc.idata_supported, tp1->rec.data.mid, mid))) { 4813 break; 4814 } 4815 /* 4816 * save to chk in case we have some on stream out 4817 * queue. If so and we have an un-transmitted one we 4818 * don't have to fudge the TSN. 4819 */ 4820 chk = tp1; 4821 ret_sz += tp1->book_size; 4822 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1); 4823 if (sent) { 4824 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 0, tp1, so_locked); 4825 } else { 4826 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 0, tp1, so_locked); 4827 } 4828 if (tp1->data) { 4829 sctp_m_freem(tp1->data); 4830 tp1->data = NULL; 4831 } 4832 /* No flight involved here book the size to 0 */ 4833 tp1->book_size = 0; 4834 if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { 4835 foundeom = 1; 4836 } 4837 do_wakeup_routine = 1; 4838 tp1->sent = SCTP_FORWARD_TSN_SKIP; 4839 TAILQ_REMOVE(&stcb->asoc.send_queue, tp1, sctp_next); 4840 /* 4841 * on to the sent queue so we can wait for it to be 4842 * passed by. 4843 */ 4844 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, tp1, 4845 sctp_next); 4846 stcb->asoc.send_queue_cnt--; 4847 stcb->asoc.sent_queue_cnt++; 4848 } 4849 } 4850 if (foundeom == 0) { 4851 /* 4852 * Still no eom found. That means there is stuff left on the 4853 * stream out queue.. yuck. 4854 */ 4855 SCTP_TCB_SEND_LOCK(stcb); 4856 strq = &stcb->asoc.strmout[sid]; 4857 sp = TAILQ_FIRST(&strq->outqueue); 4858 if (sp != NULL) { 4859 sp->discard_rest = 1; 4860 /* 4861 * We may need to put a chunk on the queue that 4862 * holds the TSN that would have been sent with the 4863 * LAST bit. 4864 */ 4865 if (chk == NULL) { 4866 /* Yep, we have to */ 4867 sctp_alloc_a_chunk(stcb, chk); 4868 if (chk == NULL) { 4869 /* 4870 * we are hosed. All we can do is 4871 * nothing.. which will cause an 4872 * abort if the peer is paying 4873 * attention. 4874 */ 4875 goto oh_well; 4876 } 4877 memset(chk, 0, sizeof(*chk)); 4878 chk->rec.data.rcv_flags = 0; 4879 chk->sent = SCTP_FORWARD_TSN_SKIP; 4880 chk->asoc = &stcb->asoc; 4881 if (stcb->asoc.idata_supported == 0) { 4882 if (sp->sinfo_flags & SCTP_UNORDERED) { 4883 chk->rec.data.mid = 0; 4884 } else { 4885 chk->rec.data.mid = strq->next_mid_ordered; 4886 } 4887 } else { 4888 if (sp->sinfo_flags & SCTP_UNORDERED) { 4889 chk->rec.data.mid = strq->next_mid_unordered; 4890 } else { 4891 chk->rec.data.mid = strq->next_mid_ordered; 4892 } 4893 } 4894 chk->rec.data.sid = sp->sid; 4895 chk->rec.data.ppid = sp->ppid; 4896 chk->rec.data.context = sp->context; 4897 chk->flags = sp->act_flags; 4898 chk->whoTo = NULL; 4899 chk->rec.data.tsn = atomic_fetchadd_int(&stcb->asoc.sending_seq, 1); 4900 strq->chunks_on_queues++; 4901 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, chk, sctp_next); 4902 stcb->asoc.sent_queue_cnt++; 4903 stcb->asoc.pr_sctp_cnt++; 4904 } 4905 chk->rec.data.rcv_flags |= SCTP_DATA_LAST_FRAG; 4906 if (sp->sinfo_flags & SCTP_UNORDERED) { 4907 chk->rec.data.rcv_flags |= SCTP_DATA_UNORDERED; 4908 } 4909 if (stcb->asoc.idata_supported == 0) { 4910 if ((sp->sinfo_flags & SCTP_UNORDERED) == 0) { 4911 strq->next_mid_ordered++; 4912 } 4913 } else { 4914 if (sp->sinfo_flags & SCTP_UNORDERED) { 4915 strq->next_mid_unordered++; 4916 } else { 4917 strq->next_mid_ordered++; 4918 } 4919 } 4920 oh_well: 4921 if (sp->data) { 4922 /* 4923 * Pull any data to free up the SB and allow 4924 * sender to "add more" while we will throw 4925 * away :-) 4926 */ 4927 sctp_free_spbufspace(stcb, &stcb->asoc, sp); 4928 ret_sz += sp->length; 4929 do_wakeup_routine = 1; 4930 sp->some_taken = 1; 4931 sctp_m_freem(sp->data); 4932 sp->data = NULL; 4933 sp->tail_mbuf = NULL; 4934 sp->length = 0; 4935 } 4936 } 4937 SCTP_TCB_SEND_UNLOCK(stcb); 4938 } 4939 if (do_wakeup_routine) { 4940 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4941 struct socket *so; 4942 4943 so = SCTP_INP_SO(stcb->sctp_ep); 4944 if (!so_locked) { 4945 atomic_add_int(&stcb->asoc.refcnt, 1); 4946 SCTP_TCB_UNLOCK(stcb); 4947 SCTP_SOCKET_LOCK(so, 1); 4948 SCTP_TCB_LOCK(stcb); 4949 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4950 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 4951 /* assoc was freed while we were unlocked */ 4952 SCTP_SOCKET_UNLOCK(so, 1); 4953 return (ret_sz); 4954 } 4955 } 4956 #endif 4957 sctp_sowwakeup(stcb->sctp_ep, stcb->sctp_socket); 4958 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4959 if (!so_locked) { 4960 SCTP_SOCKET_UNLOCK(so, 1); 4961 } 4962 #endif 4963 } 4964 return (ret_sz); 4965 } 4966 4967 /* 4968 * checks to see if the given address, sa, is one that is currently known by 4969 * the kernel note: can't distinguish the same address on multiple interfaces 4970 * and doesn't handle multiple addresses with different zone/scope id's note: 4971 * ifa_ifwithaddr() compares the entire sockaddr struct 4972 */ 4973 struct sctp_ifa * 4974 sctp_find_ifa_in_ep(struct sctp_inpcb *inp, struct sockaddr *addr, 4975 int holds_lock) 4976 { 4977 struct sctp_laddr *laddr; 4978 4979 if (holds_lock == 0) { 4980 SCTP_INP_RLOCK(inp); 4981 } 4982 4983 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 4984 if (laddr->ifa == NULL) 4985 continue; 4986 if (addr->sa_family != laddr->ifa->address.sa.sa_family) 4987 continue; 4988 #ifdef INET 4989 if (addr->sa_family == AF_INET) { 4990 if (((struct sockaddr_in *)addr)->sin_addr.s_addr == 4991 laddr->ifa->address.sin.sin_addr.s_addr) { 4992 /* found him. */ 4993 if (holds_lock == 0) { 4994 SCTP_INP_RUNLOCK(inp); 4995 } 4996 return (laddr->ifa); 4997 break; 4998 } 4999 } 5000 #endif 5001 #ifdef INET6 5002 if (addr->sa_family == AF_INET6) { 5003 if (SCTP6_ARE_ADDR_EQUAL((struct sockaddr_in6 *)addr, 5004 &laddr->ifa->address.sin6)) { 5005 /* found him. */ 5006 if (holds_lock == 0) { 5007 SCTP_INP_RUNLOCK(inp); 5008 } 5009 return (laddr->ifa); 5010 break; 5011 } 5012 } 5013 #endif 5014 } 5015 if (holds_lock == 0) { 5016 SCTP_INP_RUNLOCK(inp); 5017 } 5018 return (NULL); 5019 } 5020 5021 uint32_t 5022 sctp_get_ifa_hash_val(struct sockaddr *addr) 5023 { 5024 switch (addr->sa_family) { 5025 #ifdef INET 5026 case AF_INET: 5027 { 5028 struct sockaddr_in *sin; 5029 5030 sin = (struct sockaddr_in *)addr; 5031 return (sin->sin_addr.s_addr ^ (sin->sin_addr.s_addr >> 16)); 5032 } 5033 #endif 5034 #ifdef INET6 5035 case AF_INET6: 5036 { 5037 struct sockaddr_in6 *sin6; 5038 uint32_t hash_of_addr; 5039 5040 sin6 = (struct sockaddr_in6 *)addr; 5041 hash_of_addr = (sin6->sin6_addr.s6_addr32[0] + 5042 sin6->sin6_addr.s6_addr32[1] + 5043 sin6->sin6_addr.s6_addr32[2] + 5044 sin6->sin6_addr.s6_addr32[3]); 5045 hash_of_addr = (hash_of_addr ^ (hash_of_addr >> 16)); 5046 return (hash_of_addr); 5047 } 5048 #endif 5049 default: 5050 break; 5051 } 5052 return (0); 5053 } 5054 5055 struct sctp_ifa * 5056 sctp_find_ifa_by_addr(struct sockaddr *addr, uint32_t vrf_id, int holds_lock) 5057 { 5058 struct sctp_ifa *sctp_ifap; 5059 struct sctp_vrf *vrf; 5060 struct sctp_ifalist *hash_head; 5061 uint32_t hash_of_addr; 5062 5063 if (holds_lock == 0) 5064 SCTP_IPI_ADDR_RLOCK(); 5065 5066 vrf = sctp_find_vrf(vrf_id); 5067 if (vrf == NULL) { 5068 if (holds_lock == 0) 5069 SCTP_IPI_ADDR_RUNLOCK(); 5070 return (NULL); 5071 } 5072 5073 hash_of_addr = sctp_get_ifa_hash_val(addr); 5074 5075 hash_head = &vrf->vrf_addr_hash[(hash_of_addr & vrf->vrf_addr_hashmark)]; 5076 if (hash_head == NULL) { 5077 SCTP_PRINTF("hash_of_addr:%x mask:%x table:%x - ", 5078 hash_of_addr, (uint32_t)vrf->vrf_addr_hashmark, 5079 (uint32_t)(hash_of_addr & vrf->vrf_addr_hashmark)); 5080 sctp_print_address(addr); 5081 SCTP_PRINTF("No such bucket for address\n"); 5082 if (holds_lock == 0) 5083 SCTP_IPI_ADDR_RUNLOCK(); 5084 5085 return (NULL); 5086 } 5087 LIST_FOREACH(sctp_ifap, hash_head, next_bucket) { 5088 if (addr->sa_family != sctp_ifap->address.sa.sa_family) 5089 continue; 5090 #ifdef INET 5091 if (addr->sa_family == AF_INET) { 5092 if (((struct sockaddr_in *)addr)->sin_addr.s_addr == 5093 sctp_ifap->address.sin.sin_addr.s_addr) { 5094 /* found him. */ 5095 if (holds_lock == 0) 5096 SCTP_IPI_ADDR_RUNLOCK(); 5097 return (sctp_ifap); 5098 break; 5099 } 5100 } 5101 #endif 5102 #ifdef INET6 5103 if (addr->sa_family == AF_INET6) { 5104 if (SCTP6_ARE_ADDR_EQUAL((struct sockaddr_in6 *)addr, 5105 &sctp_ifap->address.sin6)) { 5106 /* found him. */ 5107 if (holds_lock == 0) 5108 SCTP_IPI_ADDR_RUNLOCK(); 5109 return (sctp_ifap); 5110 break; 5111 } 5112 } 5113 #endif 5114 } 5115 if (holds_lock == 0) 5116 SCTP_IPI_ADDR_RUNLOCK(); 5117 return (NULL); 5118 } 5119 5120 static void 5121 sctp_user_rcvd(struct sctp_tcb *stcb, uint32_t *freed_so_far, int hold_rlock, 5122 uint32_t rwnd_req) 5123 { 5124 /* User pulled some data, do we need a rwnd update? */ 5125 int r_unlocked = 0; 5126 uint32_t dif, rwnd; 5127 struct socket *so = NULL; 5128 5129 if (stcb == NULL) 5130 return; 5131 5132 atomic_add_int(&stcb->asoc.refcnt, 1); 5133 5134 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 5135 (stcb->asoc.state & (SCTP_STATE_ABOUT_TO_BE_FREED | SCTP_STATE_SHUTDOWN_RECEIVED))) { 5136 /* Pre-check If we are freeing no update */ 5137 goto no_lock; 5138 } 5139 SCTP_INP_INCR_REF(stcb->sctp_ep); 5140 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 5141 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 5142 goto out; 5143 } 5144 so = stcb->sctp_socket; 5145 if (so == NULL) { 5146 goto out; 5147 } 5148 atomic_add_int(&stcb->freed_by_sorcv_sincelast, *freed_so_far); 5149 /* Have you have freed enough to look */ 5150 *freed_so_far = 0; 5151 /* Yep, its worth a look and the lock overhead */ 5152 5153 /* Figure out what the rwnd would be */ 5154 rwnd = sctp_calc_rwnd(stcb, &stcb->asoc); 5155 if (rwnd >= stcb->asoc.my_last_reported_rwnd) { 5156 dif = rwnd - stcb->asoc.my_last_reported_rwnd; 5157 } else { 5158 dif = 0; 5159 } 5160 if (dif >= rwnd_req) { 5161 if (hold_rlock) { 5162 SCTP_INP_READ_UNLOCK(stcb->sctp_ep); 5163 r_unlocked = 1; 5164 } 5165 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5166 /* 5167 * One last check before we allow the guy possibly 5168 * to get in. There is a race, where the guy has not 5169 * reached the gate. In that case 5170 */ 5171 goto out; 5172 } 5173 SCTP_TCB_LOCK(stcb); 5174 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5175 /* No reports here */ 5176 SCTP_TCB_UNLOCK(stcb); 5177 goto out; 5178 } 5179 SCTP_STAT_INCR(sctps_wu_sacks_sent); 5180 sctp_send_sack(stcb, SCTP_SO_LOCKED); 5181 5182 sctp_chunk_output(stcb->sctp_ep, stcb, 5183 SCTP_OUTPUT_FROM_USR_RCVD, SCTP_SO_LOCKED); 5184 /* make sure no timer is running */ 5185 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, 5186 SCTP_FROM_SCTPUTIL + SCTP_LOC_6); 5187 SCTP_TCB_UNLOCK(stcb); 5188 } else { 5189 /* Update how much we have pending */ 5190 stcb->freed_by_sorcv_sincelast = dif; 5191 } 5192 out: 5193 if (so && r_unlocked && hold_rlock) { 5194 SCTP_INP_READ_LOCK(stcb->sctp_ep); 5195 } 5196 5197 SCTP_INP_DECR_REF(stcb->sctp_ep); 5198 no_lock: 5199 atomic_add_int(&stcb->asoc.refcnt, -1); 5200 return; 5201 } 5202 5203 int 5204 sctp_sorecvmsg(struct socket *so, 5205 struct uio *uio, 5206 struct mbuf **mp, 5207 struct sockaddr *from, 5208 int fromlen, 5209 int *msg_flags, 5210 struct sctp_sndrcvinfo *sinfo, 5211 int filling_sinfo) 5212 { 5213 /* 5214 * MSG flags we will look at MSG_DONTWAIT - non-blocking IO. 5215 * MSG_PEEK - Look don't touch :-D (only valid with OUT mbuf copy 5216 * mp=NULL thus uio is the copy method to userland) MSG_WAITALL - ?? 5217 * On the way out we may send out any combination of: 5218 * MSG_NOTIFICATION MSG_EOR 5219 * 5220 */ 5221 struct sctp_inpcb *inp = NULL; 5222 ssize_t my_len = 0; 5223 ssize_t cp_len = 0; 5224 int error = 0; 5225 struct sctp_queued_to_read *control = NULL, *ctl = NULL, *nxt = NULL; 5226 struct mbuf *m = NULL; 5227 struct sctp_tcb *stcb = NULL; 5228 int wakeup_read_socket = 0; 5229 int freecnt_applied = 0; 5230 int out_flags = 0, in_flags = 0; 5231 int block_allowed = 1; 5232 uint32_t freed_so_far = 0; 5233 ssize_t copied_so_far = 0; 5234 int in_eeor_mode = 0; 5235 int no_rcv_needed = 0; 5236 uint32_t rwnd_req = 0; 5237 int hold_sblock = 0; 5238 int hold_rlock = 0; 5239 ssize_t slen = 0; 5240 uint32_t held_length = 0; 5241 int sockbuf_lock = 0; 5242 5243 if (uio == NULL) { 5244 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 5245 return (EINVAL); 5246 } 5247 5248 if (msg_flags) { 5249 in_flags = *msg_flags; 5250 if (in_flags & MSG_PEEK) 5251 SCTP_STAT_INCR(sctps_read_peeks); 5252 } else { 5253 in_flags = 0; 5254 } 5255 slen = uio->uio_resid; 5256 5257 /* Pull in and set up our int flags */ 5258 if (in_flags & MSG_OOB) { 5259 /* Out of band's NOT supported */ 5260 return (EOPNOTSUPP); 5261 } 5262 if ((in_flags & MSG_PEEK) && (mp != NULL)) { 5263 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 5264 return (EINVAL); 5265 } 5266 if ((in_flags & (MSG_DONTWAIT 5267 | MSG_NBIO 5268 )) || 5269 SCTP_SO_IS_NBIO(so)) { 5270 block_allowed = 0; 5271 } 5272 /* setup the endpoint */ 5273 inp = (struct sctp_inpcb *)so->so_pcb; 5274 if (inp == NULL) { 5275 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EFAULT); 5276 return (EFAULT); 5277 } 5278 rwnd_req = (SCTP_SB_LIMIT_RCV(so) >> SCTP_RWND_HIWAT_SHIFT); 5279 /* Must be at least a MTU's worth */ 5280 if (rwnd_req < SCTP_MIN_RWND) 5281 rwnd_req = SCTP_MIN_RWND; 5282 in_eeor_mode = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR); 5283 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 5284 sctp_misc_ints(SCTP_SORECV_ENTER, 5285 rwnd_req, in_eeor_mode, so->so_rcv.sb_cc, (uint32_t)uio->uio_resid); 5286 } 5287 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 5288 sctp_misc_ints(SCTP_SORECV_ENTERPL, 5289 rwnd_req, block_allowed, so->so_rcv.sb_cc, (uint32_t)uio->uio_resid); 5290 } 5291 5292 5293 error = sblock(&so->so_rcv, (block_allowed ? SBL_WAIT : 0)); 5294 if (error) { 5295 goto release_unlocked; 5296 } 5297 sockbuf_lock = 1; 5298 restart: 5299 5300 5301 restart_nosblocks: 5302 if (hold_sblock == 0) { 5303 SOCKBUF_LOCK(&so->so_rcv); 5304 hold_sblock = 1; 5305 } 5306 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 5307 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 5308 goto out; 5309 } 5310 if ((so->so_rcv.sb_state & SBS_CANTRCVMORE) && (so->so_rcv.sb_cc == 0)) { 5311 if (so->so_error) { 5312 error = so->so_error; 5313 if ((in_flags & MSG_PEEK) == 0) 5314 so->so_error = 0; 5315 goto out; 5316 } else { 5317 if (so->so_rcv.sb_cc == 0) { 5318 /* indicate EOF */ 5319 error = 0; 5320 goto out; 5321 } 5322 } 5323 } 5324 if (so->so_rcv.sb_cc <= held_length) { 5325 if (so->so_error) { 5326 error = so->so_error; 5327 if ((in_flags & MSG_PEEK) == 0) { 5328 so->so_error = 0; 5329 } 5330 goto out; 5331 } 5332 if ((so->so_rcv.sb_cc == 0) && 5333 ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 5334 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL))) { 5335 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0) { 5336 /* 5337 * For active open side clear flags for 5338 * re-use passive open is blocked by 5339 * connect. 5340 */ 5341 if (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED) { 5342 /* 5343 * You were aborted, passive side 5344 * always hits here 5345 */ 5346 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ECONNRESET); 5347 error = ECONNRESET; 5348 } 5349 so->so_state &= ~(SS_ISCONNECTING | 5350 SS_ISDISCONNECTING | 5351 SS_ISCONFIRMING | 5352 SS_ISCONNECTED); 5353 if (error == 0) { 5354 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) == 0) { 5355 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOTCONN); 5356 error = ENOTCONN; 5357 } 5358 } 5359 goto out; 5360 } 5361 } 5362 if (block_allowed) { 5363 error = sbwait(&so->so_rcv); 5364 if (error) { 5365 goto out; 5366 } 5367 held_length = 0; 5368 goto restart_nosblocks; 5369 } else { 5370 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EWOULDBLOCK); 5371 error = EWOULDBLOCK; 5372 goto out; 5373 } 5374 } 5375 if (hold_sblock == 1) { 5376 SOCKBUF_UNLOCK(&so->so_rcv); 5377 hold_sblock = 0; 5378 } 5379 /* we possibly have data we can read */ 5380 /* sa_ignore FREED_MEMORY */ 5381 control = TAILQ_FIRST(&inp->read_queue); 5382 if (control == NULL) { 5383 /* 5384 * This could be happening since the appender did the 5385 * increment but as not yet did the tailq insert onto the 5386 * read_queue 5387 */ 5388 if (hold_rlock == 0) { 5389 SCTP_INP_READ_LOCK(inp); 5390 } 5391 control = TAILQ_FIRST(&inp->read_queue); 5392 if ((control == NULL) && (so->so_rcv.sb_cc != 0)) { 5393 #ifdef INVARIANTS 5394 panic("Huh, its non zero and nothing on control?"); 5395 #endif 5396 so->so_rcv.sb_cc = 0; 5397 } 5398 SCTP_INP_READ_UNLOCK(inp); 5399 hold_rlock = 0; 5400 goto restart; 5401 } 5402 5403 if ((control->length == 0) && 5404 (control->do_not_ref_stcb)) { 5405 /* 5406 * Clean up code for freeing assoc that left behind a 5407 * pdapi.. maybe a peer in EEOR that just closed after 5408 * sending and never indicated a EOR. 5409 */ 5410 if (hold_rlock == 0) { 5411 hold_rlock = 1; 5412 SCTP_INP_READ_LOCK(inp); 5413 } 5414 control->held_length = 0; 5415 if (control->data) { 5416 /* Hmm there is data here .. fix */ 5417 struct mbuf *m_tmp; 5418 int cnt = 0; 5419 5420 m_tmp = control->data; 5421 while (m_tmp) { 5422 cnt += SCTP_BUF_LEN(m_tmp); 5423 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 5424 control->tail_mbuf = m_tmp; 5425 control->end_added = 1; 5426 } 5427 m_tmp = SCTP_BUF_NEXT(m_tmp); 5428 } 5429 control->length = cnt; 5430 } else { 5431 /* remove it */ 5432 TAILQ_REMOVE(&inp->read_queue, control, next); 5433 /* Add back any hiddend data */ 5434 sctp_free_remote_addr(control->whoFrom); 5435 sctp_free_a_readq(stcb, control); 5436 } 5437 if (hold_rlock) { 5438 hold_rlock = 0; 5439 SCTP_INP_READ_UNLOCK(inp); 5440 } 5441 goto restart; 5442 } 5443 if ((control->length == 0) && 5444 (control->end_added == 1)) { 5445 /* 5446 * Do we also need to check for (control->pdapi_aborted == 5447 * 1)? 5448 */ 5449 if (hold_rlock == 0) { 5450 hold_rlock = 1; 5451 SCTP_INP_READ_LOCK(inp); 5452 } 5453 TAILQ_REMOVE(&inp->read_queue, control, next); 5454 if (control->data) { 5455 #ifdef INVARIANTS 5456 panic("control->data not null but control->length == 0"); 5457 #else 5458 SCTP_PRINTF("Strange, data left in the control buffer. Cleaning up.\n"); 5459 sctp_m_freem(control->data); 5460 control->data = NULL; 5461 #endif 5462 } 5463 if (control->aux_data) { 5464 sctp_m_free(control->aux_data); 5465 control->aux_data = NULL; 5466 } 5467 #ifdef INVARIANTS 5468 if (control->on_strm_q) { 5469 panic("About to free ctl:%p so:%p and its in %d", 5470 control, so, control->on_strm_q); 5471 } 5472 #endif 5473 sctp_free_remote_addr(control->whoFrom); 5474 sctp_free_a_readq(stcb, control); 5475 if (hold_rlock) { 5476 hold_rlock = 0; 5477 SCTP_INP_READ_UNLOCK(inp); 5478 } 5479 goto restart; 5480 } 5481 if (control->length == 0) { 5482 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE)) && 5483 (filling_sinfo)) { 5484 /* find a more suitable one then this */ 5485 ctl = TAILQ_NEXT(control, next); 5486 while (ctl) { 5487 if ((ctl->stcb != control->stcb) && (ctl->length) && 5488 (ctl->some_taken || 5489 (ctl->spec_flags & M_NOTIFICATION) || 5490 ((ctl->do_not_ref_stcb == 0) && 5491 (ctl->stcb->asoc.strmin[ctl->sinfo_stream].delivery_started == 0))) 5492 ) { 5493 /*- 5494 * If we have a different TCB next, and there is data 5495 * present. If we have already taken some (pdapi), OR we can 5496 * ref the tcb and no delivery as started on this stream, we 5497 * take it. Note we allow a notification on a different 5498 * assoc to be delivered.. 5499 */ 5500 control = ctl; 5501 goto found_one; 5502 } else if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS)) && 5503 (ctl->length) && 5504 ((ctl->some_taken) || 5505 ((ctl->do_not_ref_stcb == 0) && 5506 ((ctl->spec_flags & M_NOTIFICATION) == 0) && 5507 (ctl->stcb->asoc.strmin[ctl->sinfo_stream].delivery_started == 0)))) { 5508 /*- 5509 * If we have the same tcb, and there is data present, and we 5510 * have the strm interleave feature present. Then if we have 5511 * taken some (pdapi) or we can refer to tht tcb AND we have 5512 * not started a delivery for this stream, we can take it. 5513 * Note we do NOT allow a notificaiton on the same assoc to 5514 * be delivered. 5515 */ 5516 control = ctl; 5517 goto found_one; 5518 } 5519 ctl = TAILQ_NEXT(ctl, next); 5520 } 5521 } 5522 /* 5523 * if we reach here, not suitable replacement is available 5524 * <or> fragment interleave is NOT on. So stuff the sb_cc 5525 * into the our held count, and its time to sleep again. 5526 */ 5527 held_length = so->so_rcv.sb_cc; 5528 control->held_length = so->so_rcv.sb_cc; 5529 goto restart; 5530 } 5531 /* Clear the held length since there is something to read */ 5532 control->held_length = 0; 5533 found_one: 5534 /* 5535 * If we reach here, control has a some data for us to read off. 5536 * Note that stcb COULD be NULL. 5537 */ 5538 if (hold_rlock == 0) { 5539 hold_rlock = 1; 5540 SCTP_INP_READ_LOCK(inp); 5541 } 5542 control->some_taken++; 5543 stcb = control->stcb; 5544 if (stcb) { 5545 if ((control->do_not_ref_stcb == 0) && 5546 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED)) { 5547 if (freecnt_applied == 0) 5548 stcb = NULL; 5549 } else if (control->do_not_ref_stcb == 0) { 5550 /* you can't free it on me please */ 5551 /* 5552 * The lock on the socket buffer protects us so the 5553 * free code will stop. But since we used the 5554 * socketbuf lock and the sender uses the tcb_lock 5555 * to increment, we need to use the atomic add to 5556 * the refcnt 5557 */ 5558 if (freecnt_applied) { 5559 #ifdef INVARIANTS 5560 panic("refcnt already incremented"); 5561 #else 5562 SCTP_PRINTF("refcnt already incremented?\n"); 5563 #endif 5564 } else { 5565 atomic_add_int(&stcb->asoc.refcnt, 1); 5566 freecnt_applied = 1; 5567 } 5568 /* 5569 * Setup to remember how much we have not yet told 5570 * the peer our rwnd has opened up. Note we grab the 5571 * value from the tcb from last time. Note too that 5572 * sack sending clears this when a sack is sent, 5573 * which is fine. Once we hit the rwnd_req, we then 5574 * will go to the sctp_user_rcvd() that will not 5575 * lock until it KNOWs it MUST send a WUP-SACK. 5576 */ 5577 freed_so_far = (uint32_t)stcb->freed_by_sorcv_sincelast; 5578 stcb->freed_by_sorcv_sincelast = 0; 5579 } 5580 } 5581 if (stcb && 5582 ((control->spec_flags & M_NOTIFICATION) == 0) && 5583 control->do_not_ref_stcb == 0) { 5584 stcb->asoc.strmin[control->sinfo_stream].delivery_started = 1; 5585 } 5586 5587 /* First lets get off the sinfo and sockaddr info */ 5588 if ((sinfo != NULL) && (filling_sinfo != 0)) { 5589 sinfo->sinfo_stream = control->sinfo_stream; 5590 sinfo->sinfo_ssn = (uint16_t)control->mid; 5591 sinfo->sinfo_flags = control->sinfo_flags; 5592 sinfo->sinfo_ppid = control->sinfo_ppid; 5593 sinfo->sinfo_context = control->sinfo_context; 5594 sinfo->sinfo_timetolive = control->sinfo_timetolive; 5595 sinfo->sinfo_tsn = control->sinfo_tsn; 5596 sinfo->sinfo_cumtsn = control->sinfo_cumtsn; 5597 sinfo->sinfo_assoc_id = control->sinfo_assoc_id; 5598 nxt = TAILQ_NEXT(control, next); 5599 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO) || 5600 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) { 5601 struct sctp_extrcvinfo *s_extra; 5602 5603 s_extra = (struct sctp_extrcvinfo *)sinfo; 5604 if ((nxt) && 5605 (nxt->length)) { 5606 s_extra->serinfo_next_flags = SCTP_NEXT_MSG_AVAIL; 5607 if (nxt->sinfo_flags & SCTP_UNORDERED) { 5608 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_IS_UNORDERED; 5609 } 5610 if (nxt->spec_flags & M_NOTIFICATION) { 5611 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_IS_NOTIFICATION; 5612 } 5613 s_extra->serinfo_next_aid = nxt->sinfo_assoc_id; 5614 s_extra->serinfo_next_length = nxt->length; 5615 s_extra->serinfo_next_ppid = nxt->sinfo_ppid; 5616 s_extra->serinfo_next_stream = nxt->sinfo_stream; 5617 if (nxt->tail_mbuf != NULL) { 5618 if (nxt->end_added) { 5619 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_ISCOMPLETE; 5620 } 5621 } 5622 } else { 5623 /* 5624 * we explicitly 0 this, since the memcpy 5625 * got some other things beyond the older 5626 * sinfo_ that is on the control's structure 5627 * :-D 5628 */ 5629 nxt = NULL; 5630 s_extra->serinfo_next_flags = SCTP_NO_NEXT_MSG; 5631 s_extra->serinfo_next_aid = 0; 5632 s_extra->serinfo_next_length = 0; 5633 s_extra->serinfo_next_ppid = 0; 5634 s_extra->serinfo_next_stream = 0; 5635 } 5636 } 5637 /* 5638 * update off the real current cum-ack, if we have an stcb. 5639 */ 5640 if ((control->do_not_ref_stcb == 0) && stcb) 5641 sinfo->sinfo_cumtsn = stcb->asoc.cumulative_tsn; 5642 /* 5643 * mask off the high bits, we keep the actual chunk bits in 5644 * there. 5645 */ 5646 sinfo->sinfo_flags &= 0x00ff; 5647 if ((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED) { 5648 sinfo->sinfo_flags |= SCTP_UNORDERED; 5649 } 5650 } 5651 #ifdef SCTP_ASOCLOG_OF_TSNS 5652 { 5653 int index, newindex; 5654 struct sctp_pcbtsn_rlog *entry; 5655 5656 do { 5657 index = inp->readlog_index; 5658 newindex = index + 1; 5659 if (newindex >= SCTP_READ_LOG_SIZE) { 5660 newindex = 0; 5661 } 5662 } while (atomic_cmpset_int(&inp->readlog_index, index, newindex) == 0); 5663 entry = &inp->readlog[index]; 5664 entry->vtag = control->sinfo_assoc_id; 5665 entry->strm = control->sinfo_stream; 5666 entry->seq = (uint16_t)control->mid; 5667 entry->sz = control->length; 5668 entry->flgs = control->sinfo_flags; 5669 } 5670 #endif 5671 if ((fromlen > 0) && (from != NULL)) { 5672 union sctp_sockstore store; 5673 size_t len; 5674 5675 switch (control->whoFrom->ro._l_addr.sa.sa_family) { 5676 #ifdef INET6 5677 case AF_INET6: 5678 len = sizeof(struct sockaddr_in6); 5679 store.sin6 = control->whoFrom->ro._l_addr.sin6; 5680 store.sin6.sin6_port = control->port_from; 5681 break; 5682 #endif 5683 #ifdef INET 5684 case AF_INET: 5685 #ifdef INET6 5686 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NEEDS_MAPPED_V4)) { 5687 len = sizeof(struct sockaddr_in6); 5688 in6_sin_2_v4mapsin6(&control->whoFrom->ro._l_addr.sin, 5689 &store.sin6); 5690 store.sin6.sin6_port = control->port_from; 5691 } else { 5692 len = sizeof(struct sockaddr_in); 5693 store.sin = control->whoFrom->ro._l_addr.sin; 5694 store.sin.sin_port = control->port_from; 5695 } 5696 #else 5697 len = sizeof(struct sockaddr_in); 5698 store.sin = control->whoFrom->ro._l_addr.sin; 5699 store.sin.sin_port = control->port_from; 5700 #endif 5701 break; 5702 #endif 5703 default: 5704 len = 0; 5705 break; 5706 } 5707 memcpy(from, &store, min((size_t)fromlen, len)); 5708 #ifdef INET6 5709 { 5710 struct sockaddr_in6 lsa6, *from6; 5711 5712 from6 = (struct sockaddr_in6 *)from; 5713 sctp_recover_scope_mac(from6, (&lsa6)); 5714 } 5715 #endif 5716 } 5717 if (hold_rlock) { 5718 SCTP_INP_READ_UNLOCK(inp); 5719 hold_rlock = 0; 5720 } 5721 if (hold_sblock) { 5722 SOCKBUF_UNLOCK(&so->so_rcv); 5723 hold_sblock = 0; 5724 } 5725 /* now copy out what data we can */ 5726 if (mp == NULL) { 5727 /* copy out each mbuf in the chain up to length */ 5728 get_more_data: 5729 m = control->data; 5730 while (m) { 5731 /* Move out all we can */ 5732 cp_len = uio->uio_resid; 5733 my_len = SCTP_BUF_LEN(m); 5734 if (cp_len > my_len) { 5735 /* not enough in this buf */ 5736 cp_len = my_len; 5737 } 5738 if (hold_rlock) { 5739 SCTP_INP_READ_UNLOCK(inp); 5740 hold_rlock = 0; 5741 } 5742 if (cp_len > 0) 5743 error = uiomove(mtod(m, char *), (int)cp_len, uio); 5744 /* re-read */ 5745 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 5746 goto release; 5747 } 5748 5749 if ((control->do_not_ref_stcb == 0) && stcb && 5750 stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5751 no_rcv_needed = 1; 5752 } 5753 if (error) { 5754 /* error we are out of here */ 5755 goto release; 5756 } 5757 SCTP_INP_READ_LOCK(inp); 5758 hold_rlock = 1; 5759 if (cp_len == SCTP_BUF_LEN(m)) { 5760 if ((SCTP_BUF_NEXT(m) == NULL) && 5761 (control->end_added)) { 5762 out_flags |= MSG_EOR; 5763 if ((control->do_not_ref_stcb == 0) && 5764 (control->stcb != NULL) && 5765 ((control->spec_flags & M_NOTIFICATION) == 0)) 5766 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 5767 } 5768 if (control->spec_flags & M_NOTIFICATION) { 5769 out_flags |= MSG_NOTIFICATION; 5770 } 5771 /* we ate up the mbuf */ 5772 if (in_flags & MSG_PEEK) { 5773 /* just looking */ 5774 m = SCTP_BUF_NEXT(m); 5775 copied_so_far += cp_len; 5776 } else { 5777 /* dispose of the mbuf */ 5778 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5779 sctp_sblog(&so->so_rcv, 5780 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 5781 } 5782 sctp_sbfree(control, stcb, &so->so_rcv, m); 5783 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5784 sctp_sblog(&so->so_rcv, 5785 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 5786 } 5787 copied_so_far += cp_len; 5788 freed_so_far += (uint32_t)cp_len; 5789 freed_so_far += MSIZE; 5790 atomic_subtract_int(&control->length, cp_len); 5791 control->data = sctp_m_free(m); 5792 m = control->data; 5793 /* 5794 * been through it all, must hold sb 5795 * lock ok to null tail 5796 */ 5797 if (control->data == NULL) { 5798 #ifdef INVARIANTS 5799 if ((control->end_added == 0) || 5800 (TAILQ_NEXT(control, next) == NULL)) { 5801 /* 5802 * If the end is not 5803 * added, OR the 5804 * next is NOT null 5805 * we MUST have the 5806 * lock. 5807 */ 5808 if (mtx_owned(&inp->inp_rdata_mtx) == 0) { 5809 panic("Hmm we don't own the lock?"); 5810 } 5811 } 5812 #endif 5813 control->tail_mbuf = NULL; 5814 #ifdef INVARIANTS 5815 if ((control->end_added) && ((out_flags & MSG_EOR) == 0)) { 5816 panic("end_added, nothing left and no MSG_EOR"); 5817 } 5818 #endif 5819 } 5820 } 5821 } else { 5822 /* Do we need to trim the mbuf? */ 5823 if (control->spec_flags & M_NOTIFICATION) { 5824 out_flags |= MSG_NOTIFICATION; 5825 } 5826 if ((in_flags & MSG_PEEK) == 0) { 5827 SCTP_BUF_RESV_UF(m, cp_len); 5828 SCTP_BUF_LEN(m) -= (int)cp_len; 5829 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5830 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, (int)cp_len); 5831 } 5832 atomic_subtract_int(&so->so_rcv.sb_cc, cp_len); 5833 if ((control->do_not_ref_stcb == 0) && 5834 stcb) { 5835 atomic_subtract_int(&stcb->asoc.sb_cc, cp_len); 5836 } 5837 copied_so_far += cp_len; 5838 freed_so_far += (uint32_t)cp_len; 5839 freed_so_far += MSIZE; 5840 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5841 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, 5842 SCTP_LOG_SBRESULT, 0); 5843 } 5844 atomic_subtract_int(&control->length, cp_len); 5845 } else { 5846 copied_so_far += cp_len; 5847 } 5848 } 5849 if ((out_flags & MSG_EOR) || (uio->uio_resid == 0)) { 5850 break; 5851 } 5852 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 5853 (control->do_not_ref_stcb == 0) && 5854 (freed_so_far >= rwnd_req)) { 5855 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5856 } 5857 } /* end while(m) */ 5858 /* 5859 * At this point we have looked at it all and we either have 5860 * a MSG_EOR/or read all the user wants... <OR> 5861 * control->length == 0. 5862 */ 5863 if ((out_flags & MSG_EOR) && ((in_flags & MSG_PEEK) == 0)) { 5864 /* we are done with this control */ 5865 if (control->length == 0) { 5866 if (control->data) { 5867 #ifdef INVARIANTS 5868 panic("control->data not null at read eor?"); 5869 #else 5870 SCTP_PRINTF("Strange, data left in the control buffer .. invarients would panic?\n"); 5871 sctp_m_freem(control->data); 5872 control->data = NULL; 5873 #endif 5874 } 5875 done_with_control: 5876 if (hold_rlock == 0) { 5877 SCTP_INP_READ_LOCK(inp); 5878 hold_rlock = 1; 5879 } 5880 TAILQ_REMOVE(&inp->read_queue, control, next); 5881 /* Add back any hiddend data */ 5882 if (control->held_length) { 5883 held_length = 0; 5884 control->held_length = 0; 5885 wakeup_read_socket = 1; 5886 } 5887 if (control->aux_data) { 5888 sctp_m_free(control->aux_data); 5889 control->aux_data = NULL; 5890 } 5891 no_rcv_needed = control->do_not_ref_stcb; 5892 sctp_free_remote_addr(control->whoFrom); 5893 control->data = NULL; 5894 #ifdef INVARIANTS 5895 if (control->on_strm_q) { 5896 panic("About to free ctl:%p so:%p and its in %d", 5897 control, so, control->on_strm_q); 5898 } 5899 #endif 5900 sctp_free_a_readq(stcb, control); 5901 control = NULL; 5902 if ((freed_so_far >= rwnd_req) && 5903 (no_rcv_needed == 0)) 5904 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5905 5906 } else { 5907 /* 5908 * The user did not read all of this 5909 * message, turn off the returned MSG_EOR 5910 * since we are leaving more behind on the 5911 * control to read. 5912 */ 5913 #ifdef INVARIANTS 5914 if (control->end_added && 5915 (control->data == NULL) && 5916 (control->tail_mbuf == NULL)) { 5917 panic("Gak, control->length is corrupt?"); 5918 } 5919 #endif 5920 no_rcv_needed = control->do_not_ref_stcb; 5921 out_flags &= ~MSG_EOR; 5922 } 5923 } 5924 if (out_flags & MSG_EOR) { 5925 goto release; 5926 } 5927 if ((uio->uio_resid == 0) || 5928 ((in_eeor_mode) && 5929 (copied_so_far >= (uint32_t)max(so->so_rcv.sb_lowat, 1)))) { 5930 goto release; 5931 } 5932 /* 5933 * If I hit here the receiver wants more and this message is 5934 * NOT done (pd-api). So two questions. Can we block? if not 5935 * we are done. Did the user NOT set MSG_WAITALL? 5936 */ 5937 if (block_allowed == 0) { 5938 goto release; 5939 } 5940 /* 5941 * We need to wait for more data a few things: - We don't 5942 * sbunlock() so we don't get someone else reading. - We 5943 * must be sure to account for the case where what is added 5944 * is NOT to our control when we wakeup. 5945 */ 5946 5947 /* 5948 * Do we need to tell the transport a rwnd update might be 5949 * needed before we go to sleep? 5950 */ 5951 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 5952 ((freed_so_far >= rwnd_req) && 5953 (control->do_not_ref_stcb == 0) && 5954 (no_rcv_needed == 0))) { 5955 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5956 } 5957 wait_some_more: 5958 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) { 5959 goto release; 5960 } 5961 5962 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) 5963 goto release; 5964 5965 if (hold_rlock == 1) { 5966 SCTP_INP_READ_UNLOCK(inp); 5967 hold_rlock = 0; 5968 } 5969 if (hold_sblock == 0) { 5970 SOCKBUF_LOCK(&so->so_rcv); 5971 hold_sblock = 1; 5972 } 5973 if ((copied_so_far) && (control->length == 0) && 5974 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE))) { 5975 goto release; 5976 } 5977 if (so->so_rcv.sb_cc <= control->held_length) { 5978 error = sbwait(&so->so_rcv); 5979 if (error) { 5980 goto release; 5981 } 5982 control->held_length = 0; 5983 } 5984 if (hold_sblock) { 5985 SOCKBUF_UNLOCK(&so->so_rcv); 5986 hold_sblock = 0; 5987 } 5988 if (control->length == 0) { 5989 /* still nothing here */ 5990 if (control->end_added == 1) { 5991 /* he aborted, or is done i.e.did a shutdown */ 5992 out_flags |= MSG_EOR; 5993 if (control->pdapi_aborted) { 5994 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0)) 5995 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 5996 5997 out_flags |= MSG_TRUNC; 5998 } else { 5999 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0)) 6000 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 6001 } 6002 goto done_with_control; 6003 } 6004 if (so->so_rcv.sb_cc > held_length) { 6005 control->held_length = so->so_rcv.sb_cc; 6006 held_length = 0; 6007 } 6008 goto wait_some_more; 6009 } else if (control->data == NULL) { 6010 /* 6011 * we must re-sync since data is probably being 6012 * added 6013 */ 6014 SCTP_INP_READ_LOCK(inp); 6015 if ((control->length > 0) && (control->data == NULL)) { 6016 /* 6017 * big trouble.. we have the lock and its 6018 * corrupt? 6019 */ 6020 #ifdef INVARIANTS 6021 panic("Impossible data==NULL length !=0"); 6022 #endif 6023 out_flags |= MSG_EOR; 6024 out_flags |= MSG_TRUNC; 6025 control->length = 0; 6026 SCTP_INP_READ_UNLOCK(inp); 6027 goto done_with_control; 6028 } 6029 SCTP_INP_READ_UNLOCK(inp); 6030 /* We will fall around to get more data */ 6031 } 6032 goto get_more_data; 6033 } else { 6034 /*- 6035 * Give caller back the mbuf chain, 6036 * store in uio_resid the length 6037 */ 6038 wakeup_read_socket = 0; 6039 if ((control->end_added == 0) || 6040 (TAILQ_NEXT(control, next) == NULL)) { 6041 /* Need to get rlock */ 6042 if (hold_rlock == 0) { 6043 SCTP_INP_READ_LOCK(inp); 6044 hold_rlock = 1; 6045 } 6046 } 6047 if (control->end_added) { 6048 out_flags |= MSG_EOR; 6049 if ((control->do_not_ref_stcb == 0) && 6050 (control->stcb != NULL) && 6051 ((control->spec_flags & M_NOTIFICATION) == 0)) 6052 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 6053 } 6054 if (control->spec_flags & M_NOTIFICATION) { 6055 out_flags |= MSG_NOTIFICATION; 6056 } 6057 uio->uio_resid = control->length; 6058 *mp = control->data; 6059 m = control->data; 6060 while (m) { 6061 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 6062 sctp_sblog(&so->so_rcv, 6063 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 6064 } 6065 sctp_sbfree(control, stcb, &so->so_rcv, m); 6066 freed_so_far += (uint32_t)SCTP_BUF_LEN(m); 6067 freed_so_far += MSIZE; 6068 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 6069 sctp_sblog(&so->so_rcv, 6070 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 6071 } 6072 m = SCTP_BUF_NEXT(m); 6073 } 6074 control->data = control->tail_mbuf = NULL; 6075 control->length = 0; 6076 if (out_flags & MSG_EOR) { 6077 /* Done with this control */ 6078 goto done_with_control; 6079 } 6080 } 6081 release: 6082 if (hold_rlock == 1) { 6083 SCTP_INP_READ_UNLOCK(inp); 6084 hold_rlock = 0; 6085 } 6086 if (hold_sblock == 1) { 6087 SOCKBUF_UNLOCK(&so->so_rcv); 6088 hold_sblock = 0; 6089 } 6090 6091 sbunlock(&so->so_rcv); 6092 sockbuf_lock = 0; 6093 6094 release_unlocked: 6095 if (hold_sblock) { 6096 SOCKBUF_UNLOCK(&so->so_rcv); 6097 hold_sblock = 0; 6098 } 6099 if ((stcb) && (in_flags & MSG_PEEK) == 0) { 6100 if ((freed_so_far >= rwnd_req) && 6101 (control && (control->do_not_ref_stcb == 0)) && 6102 (no_rcv_needed == 0)) 6103 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 6104 } 6105 out: 6106 if (msg_flags) { 6107 *msg_flags = out_flags; 6108 } 6109 if (((out_flags & MSG_EOR) == 0) && 6110 ((in_flags & MSG_PEEK) == 0) && 6111 (sinfo) && 6112 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO) || 6113 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO))) { 6114 struct sctp_extrcvinfo *s_extra; 6115 6116 s_extra = (struct sctp_extrcvinfo *)sinfo; 6117 s_extra->serinfo_next_flags = SCTP_NO_NEXT_MSG; 6118 } 6119 if (hold_rlock == 1) { 6120 SCTP_INP_READ_UNLOCK(inp); 6121 } 6122 if (hold_sblock) { 6123 SOCKBUF_UNLOCK(&so->so_rcv); 6124 } 6125 if (sockbuf_lock) { 6126 sbunlock(&so->so_rcv); 6127 } 6128 6129 if (freecnt_applied) { 6130 /* 6131 * The lock on the socket buffer protects us so the free 6132 * code will stop. But since we used the socketbuf lock and 6133 * the sender uses the tcb_lock to increment, we need to use 6134 * the atomic add to the refcnt. 6135 */ 6136 if (stcb == NULL) { 6137 #ifdef INVARIANTS 6138 panic("stcb for refcnt has gone NULL?"); 6139 goto stage_left; 6140 #else 6141 goto stage_left; 6142 #endif 6143 } 6144 /* Save the value back for next time */ 6145 stcb->freed_by_sorcv_sincelast = freed_so_far; 6146 atomic_add_int(&stcb->asoc.refcnt, -1); 6147 } 6148 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 6149 if (stcb) { 6150 sctp_misc_ints(SCTP_SORECV_DONE, 6151 freed_so_far, 6152 (uint32_t)((uio) ? (slen - uio->uio_resid) : slen), 6153 stcb->asoc.my_rwnd, 6154 so->so_rcv.sb_cc); 6155 } else { 6156 sctp_misc_ints(SCTP_SORECV_DONE, 6157 freed_so_far, 6158 (uint32_t)((uio) ? (slen - uio->uio_resid) : slen), 6159 0, 6160 so->so_rcv.sb_cc); 6161 } 6162 } 6163 stage_left: 6164 if (wakeup_read_socket) { 6165 sctp_sorwakeup(inp, so); 6166 } 6167 return (error); 6168 } 6169 6170 6171 #ifdef SCTP_MBUF_LOGGING 6172 struct mbuf * 6173 sctp_m_free(struct mbuf *m) 6174 { 6175 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 6176 sctp_log_mb(m, SCTP_MBUF_IFREE); 6177 } 6178 return (m_free(m)); 6179 } 6180 6181 void 6182 sctp_m_freem(struct mbuf *mb) 6183 { 6184 while (mb != NULL) 6185 mb = sctp_m_free(mb); 6186 } 6187 6188 #endif 6189 6190 int 6191 sctp_dynamic_set_primary(struct sockaddr *sa, uint32_t vrf_id) 6192 { 6193 /* 6194 * Given a local address. For all associations that holds the 6195 * address, request a peer-set-primary. 6196 */ 6197 struct sctp_ifa *ifa; 6198 struct sctp_laddr *wi; 6199 6200 ifa = sctp_find_ifa_by_addr(sa, vrf_id, 0); 6201 if (ifa == NULL) { 6202 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EADDRNOTAVAIL); 6203 return (EADDRNOTAVAIL); 6204 } 6205 /* 6206 * Now that we have the ifa we must awaken the iterator with this 6207 * message. 6208 */ 6209 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 6210 if (wi == NULL) { 6211 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 6212 return (ENOMEM); 6213 } 6214 /* Now incr the count and int wi structure */ 6215 SCTP_INCR_LADDR_COUNT(); 6216 memset(wi, 0, sizeof(*wi)); 6217 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time); 6218 wi->ifa = ifa; 6219 wi->action = SCTP_SET_PRIM_ADDR; 6220 atomic_add_int(&ifa->refcount, 1); 6221 6222 /* Now add it to the work queue */ 6223 SCTP_WQ_ADDR_LOCK(); 6224 /* 6225 * Should this really be a tailq? As it is we will process the 6226 * newest first :-0 6227 */ 6228 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); 6229 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 6230 (struct sctp_inpcb *)NULL, 6231 (struct sctp_tcb *)NULL, 6232 (struct sctp_nets *)NULL); 6233 SCTP_WQ_ADDR_UNLOCK(); 6234 return (0); 6235 } 6236 6237 6238 int 6239 sctp_soreceive(struct socket *so, 6240 struct sockaddr **psa, 6241 struct uio *uio, 6242 struct mbuf **mp0, 6243 struct mbuf **controlp, 6244 int *flagsp) 6245 { 6246 int error, fromlen; 6247 uint8_t sockbuf[256]; 6248 struct sockaddr *from; 6249 struct sctp_extrcvinfo sinfo; 6250 int filling_sinfo = 1; 6251 int flags; 6252 struct sctp_inpcb *inp; 6253 6254 inp = (struct sctp_inpcb *)so->so_pcb; 6255 /* pickup the assoc we are reading from */ 6256 if (inp == NULL) { 6257 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6258 return (EINVAL); 6259 } 6260 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT) && 6261 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVRCVINFO) && 6262 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) || 6263 (controlp == NULL)) { 6264 /* user does not want the sndrcv ctl */ 6265 filling_sinfo = 0; 6266 } 6267 if (psa) { 6268 from = (struct sockaddr *)sockbuf; 6269 fromlen = sizeof(sockbuf); 6270 from->sa_len = 0; 6271 } else { 6272 from = NULL; 6273 fromlen = 0; 6274 } 6275 6276 if (filling_sinfo) { 6277 memset(&sinfo, 0, sizeof(struct sctp_extrcvinfo)); 6278 } 6279 if (flagsp != NULL) { 6280 flags = *flagsp; 6281 } else { 6282 flags = 0; 6283 } 6284 error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, &flags, 6285 (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo); 6286 if (flagsp != NULL) { 6287 *flagsp = flags; 6288 } 6289 if (controlp != NULL) { 6290 /* copy back the sinfo in a CMSG format */ 6291 if (filling_sinfo && ((flags & MSG_NOTIFICATION) == 0)) { 6292 *controlp = sctp_build_ctl_nchunk(inp, 6293 (struct sctp_sndrcvinfo *)&sinfo); 6294 } else { 6295 *controlp = NULL; 6296 } 6297 } 6298 if (psa) { 6299 /* copy back the address info */ 6300 if (from && from->sa_len) { 6301 *psa = sodupsockaddr(from, M_NOWAIT); 6302 } else { 6303 *psa = NULL; 6304 } 6305 } 6306 return (error); 6307 } 6308 6309 6310 6311 6312 6313 int 6314 sctp_connectx_helper_add(struct sctp_tcb *stcb, struct sockaddr *addr, 6315 int totaddr, int *error) 6316 { 6317 int added = 0; 6318 int i; 6319 struct sctp_inpcb *inp; 6320 struct sockaddr *sa; 6321 size_t incr = 0; 6322 #ifdef INET 6323 struct sockaddr_in *sin; 6324 #endif 6325 #ifdef INET6 6326 struct sockaddr_in6 *sin6; 6327 #endif 6328 6329 sa = addr; 6330 inp = stcb->sctp_ep; 6331 *error = 0; 6332 for (i = 0; i < totaddr; i++) { 6333 switch (sa->sa_family) { 6334 #ifdef INET 6335 case AF_INET: 6336 incr = sizeof(struct sockaddr_in); 6337 sin = (struct sockaddr_in *)sa; 6338 if ((sin->sin_addr.s_addr == INADDR_ANY) || 6339 (sin->sin_addr.s_addr == INADDR_BROADCAST) || 6340 IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { 6341 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6342 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6343 SCTP_FROM_SCTPUTIL + SCTP_LOC_7); 6344 *error = EINVAL; 6345 goto out_now; 6346 } 6347 if (sctp_add_remote_addr(stcb, sa, NULL, stcb->asoc.port, 6348 SCTP_DONOT_SETSCOPE, 6349 SCTP_ADDR_IS_CONFIRMED)) { 6350 /* assoc gone no un-lock */ 6351 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOBUFS); 6352 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6353 SCTP_FROM_SCTPUTIL + SCTP_LOC_8); 6354 *error = ENOBUFS; 6355 goto out_now; 6356 } 6357 added++; 6358 break; 6359 #endif 6360 #ifdef INET6 6361 case AF_INET6: 6362 incr = sizeof(struct sockaddr_in6); 6363 sin6 = (struct sockaddr_in6 *)sa; 6364 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) || 6365 IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 6366 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6367 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6368 SCTP_FROM_SCTPUTIL + SCTP_LOC_9); 6369 *error = EINVAL; 6370 goto out_now; 6371 } 6372 if (sctp_add_remote_addr(stcb, sa, NULL, stcb->asoc.port, 6373 SCTP_DONOT_SETSCOPE, 6374 SCTP_ADDR_IS_CONFIRMED)) { 6375 /* assoc gone no un-lock */ 6376 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOBUFS); 6377 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6378 SCTP_FROM_SCTPUTIL + SCTP_LOC_10); 6379 *error = ENOBUFS; 6380 goto out_now; 6381 } 6382 added++; 6383 break; 6384 #endif 6385 default: 6386 break; 6387 } 6388 sa = (struct sockaddr *)((caddr_t)sa + incr); 6389 } 6390 out_now: 6391 return (added); 6392 } 6393 6394 struct sctp_tcb * 6395 sctp_connectx_helper_find(struct sctp_inpcb *inp, struct sockaddr *addr, 6396 unsigned int *totaddr, 6397 unsigned int *num_v4, unsigned int *num_v6, int *error, 6398 unsigned int limit, int *bad_addr) 6399 { 6400 struct sockaddr *sa; 6401 struct sctp_tcb *stcb = NULL; 6402 unsigned int incr, at, i; 6403 6404 at = 0; 6405 sa = addr; 6406 *error = *num_v6 = *num_v4 = 0; 6407 /* account and validate addresses */ 6408 for (i = 0; i < *totaddr; i++) { 6409 switch (sa->sa_family) { 6410 #ifdef INET 6411 case AF_INET: 6412 incr = (unsigned int)sizeof(struct sockaddr_in); 6413 if (sa->sa_len != incr) { 6414 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6415 *error = EINVAL; 6416 *bad_addr = 1; 6417 return (NULL); 6418 } 6419 (*num_v4) += 1; 6420 break; 6421 #endif 6422 #ifdef INET6 6423 case AF_INET6: 6424 { 6425 struct sockaddr_in6 *sin6; 6426 6427 sin6 = (struct sockaddr_in6 *)sa; 6428 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6429 /* Must be non-mapped for connectx */ 6430 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6431 *error = EINVAL; 6432 *bad_addr = 1; 6433 return (NULL); 6434 } 6435 incr = (unsigned int)sizeof(struct sockaddr_in6); 6436 if (sa->sa_len != incr) { 6437 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6438 *error = EINVAL; 6439 *bad_addr = 1; 6440 return (NULL); 6441 } 6442 (*num_v6) += 1; 6443 break; 6444 } 6445 #endif 6446 default: 6447 *totaddr = i; 6448 incr = 0; 6449 /* we are done */ 6450 break; 6451 } 6452 if (i == *totaddr) { 6453 break; 6454 } 6455 SCTP_INP_INCR_REF(inp); 6456 stcb = sctp_findassociation_ep_addr(&inp, sa, NULL, NULL, NULL); 6457 if (stcb != NULL) { 6458 /* Already have or am bring up an association */ 6459 return (stcb); 6460 } else { 6461 SCTP_INP_DECR_REF(inp); 6462 } 6463 if ((at + incr) > limit) { 6464 *totaddr = i; 6465 break; 6466 } 6467 sa = (struct sockaddr *)((caddr_t)sa + incr); 6468 } 6469 return ((struct sctp_tcb *)NULL); 6470 } 6471 6472 /* 6473 * sctp_bindx(ADD) for one address. 6474 * assumes all arguments are valid/checked by caller. 6475 */ 6476 void 6477 sctp_bindx_add_address(struct socket *so, struct sctp_inpcb *inp, 6478 struct sockaddr *sa, sctp_assoc_t assoc_id, 6479 uint32_t vrf_id, int *error, void *p) 6480 { 6481 struct sockaddr *addr_touse; 6482 #if defined(INET) && defined(INET6) 6483 struct sockaddr_in sin; 6484 #endif 6485 6486 /* see if we're bound all already! */ 6487 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6488 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6489 *error = EINVAL; 6490 return; 6491 } 6492 addr_touse = sa; 6493 #ifdef INET6 6494 if (sa->sa_family == AF_INET6) { 6495 #ifdef INET 6496 struct sockaddr_in6 *sin6; 6497 6498 #endif 6499 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6500 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6501 *error = EINVAL; 6502 return; 6503 } 6504 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 6505 /* can only bind v6 on PF_INET6 sockets */ 6506 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6507 *error = EINVAL; 6508 return; 6509 } 6510 #ifdef INET 6511 sin6 = (struct sockaddr_in6 *)addr_touse; 6512 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6513 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6514 SCTP_IPV6_V6ONLY(inp)) { 6515 /* can't bind v4-mapped on PF_INET sockets */ 6516 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6517 *error = EINVAL; 6518 return; 6519 } 6520 in6_sin6_2_sin(&sin, sin6); 6521 addr_touse = (struct sockaddr *)&sin; 6522 } 6523 #endif 6524 } 6525 #endif 6526 #ifdef INET 6527 if (sa->sa_family == AF_INET) { 6528 if (sa->sa_len != sizeof(struct sockaddr_in)) { 6529 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6530 *error = EINVAL; 6531 return; 6532 } 6533 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6534 SCTP_IPV6_V6ONLY(inp)) { 6535 /* can't bind v4 on PF_INET sockets */ 6536 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6537 *error = EINVAL; 6538 return; 6539 } 6540 } 6541 #endif 6542 if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) { 6543 if (p == NULL) { 6544 /* Can't get proc for Net/Open BSD */ 6545 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6546 *error = EINVAL; 6547 return; 6548 } 6549 *error = sctp_inpcb_bind(so, addr_touse, NULL, p); 6550 return; 6551 } 6552 /* 6553 * No locks required here since bind and mgmt_ep_sa all do their own 6554 * locking. If we do something for the FIX: below we may need to 6555 * lock in that case. 6556 */ 6557 if (assoc_id == 0) { 6558 /* add the address */ 6559 struct sctp_inpcb *lep; 6560 struct sockaddr_in *lsin = (struct sockaddr_in *)addr_touse; 6561 6562 /* validate the incoming port */ 6563 if ((lsin->sin_port != 0) && 6564 (lsin->sin_port != inp->sctp_lport)) { 6565 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6566 *error = EINVAL; 6567 return; 6568 } else { 6569 /* user specified 0 port, set it to existing port */ 6570 lsin->sin_port = inp->sctp_lport; 6571 } 6572 6573 lep = sctp_pcb_findep(addr_touse, 1, 0, vrf_id); 6574 if (lep != NULL) { 6575 /* 6576 * We must decrement the refcount since we have the 6577 * ep already and are binding. No remove going on 6578 * here. 6579 */ 6580 SCTP_INP_DECR_REF(lep); 6581 } 6582 if (lep == inp) { 6583 /* already bound to it.. ok */ 6584 return; 6585 } else if (lep == NULL) { 6586 ((struct sockaddr_in *)addr_touse)->sin_port = 0; 6587 *error = sctp_addr_mgmt_ep_sa(inp, addr_touse, 6588 SCTP_ADD_IP_ADDRESS, 6589 vrf_id, NULL); 6590 } else { 6591 *error = EADDRINUSE; 6592 } 6593 if (*error) 6594 return; 6595 } else { 6596 /* 6597 * FIX: decide whether we allow assoc based bindx 6598 */ 6599 } 6600 } 6601 6602 /* 6603 * sctp_bindx(DELETE) for one address. 6604 * assumes all arguments are valid/checked by caller. 6605 */ 6606 void 6607 sctp_bindx_delete_address(struct sctp_inpcb *inp, 6608 struct sockaddr *sa, sctp_assoc_t assoc_id, 6609 uint32_t vrf_id, int *error) 6610 { 6611 struct sockaddr *addr_touse; 6612 #if defined(INET) && defined(INET6) 6613 struct sockaddr_in sin; 6614 #endif 6615 6616 /* see if we're bound all already! */ 6617 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6618 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6619 *error = EINVAL; 6620 return; 6621 } 6622 addr_touse = sa; 6623 #ifdef INET6 6624 if (sa->sa_family == AF_INET6) { 6625 #ifdef INET 6626 struct sockaddr_in6 *sin6; 6627 #endif 6628 6629 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6630 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6631 *error = EINVAL; 6632 return; 6633 } 6634 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 6635 /* can only bind v6 on PF_INET6 sockets */ 6636 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6637 *error = EINVAL; 6638 return; 6639 } 6640 #ifdef INET 6641 sin6 = (struct sockaddr_in6 *)addr_touse; 6642 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6643 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6644 SCTP_IPV6_V6ONLY(inp)) { 6645 /* can't bind mapped-v4 on PF_INET sockets */ 6646 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6647 *error = EINVAL; 6648 return; 6649 } 6650 in6_sin6_2_sin(&sin, sin6); 6651 addr_touse = (struct sockaddr *)&sin; 6652 } 6653 #endif 6654 } 6655 #endif 6656 #ifdef INET 6657 if (sa->sa_family == AF_INET) { 6658 if (sa->sa_len != sizeof(struct sockaddr_in)) { 6659 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6660 *error = EINVAL; 6661 return; 6662 } 6663 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6664 SCTP_IPV6_V6ONLY(inp)) { 6665 /* can't bind v4 on PF_INET sockets */ 6666 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6667 *error = EINVAL; 6668 return; 6669 } 6670 } 6671 #endif 6672 /* 6673 * No lock required mgmt_ep_sa does its own locking. If the FIX: 6674 * below is ever changed we may need to lock before calling 6675 * association level binding. 6676 */ 6677 if (assoc_id == 0) { 6678 /* delete the address */ 6679 *error = sctp_addr_mgmt_ep_sa(inp, addr_touse, 6680 SCTP_DEL_IP_ADDRESS, 6681 vrf_id, NULL); 6682 } else { 6683 /* 6684 * FIX: decide whether we allow assoc based bindx 6685 */ 6686 } 6687 } 6688 6689 /* 6690 * returns the valid local address count for an assoc, taking into account 6691 * all scoping rules 6692 */ 6693 int 6694 sctp_local_addr_count(struct sctp_tcb *stcb) 6695 { 6696 int loopback_scope; 6697 #if defined(INET) 6698 int ipv4_local_scope, ipv4_addr_legal; 6699 #endif 6700 #if defined (INET6) 6701 int local_scope, site_scope, ipv6_addr_legal; 6702 #endif 6703 struct sctp_vrf *vrf; 6704 struct sctp_ifn *sctp_ifn; 6705 struct sctp_ifa *sctp_ifa; 6706 int count = 0; 6707 6708 /* Turn on all the appropriate scopes */ 6709 loopback_scope = stcb->asoc.scope.loopback_scope; 6710 #if defined(INET) 6711 ipv4_local_scope = stcb->asoc.scope.ipv4_local_scope; 6712 ipv4_addr_legal = stcb->asoc.scope.ipv4_addr_legal; 6713 #endif 6714 #if defined(INET6) 6715 local_scope = stcb->asoc.scope.local_scope; 6716 site_scope = stcb->asoc.scope.site_scope; 6717 ipv6_addr_legal = stcb->asoc.scope.ipv6_addr_legal; 6718 #endif 6719 SCTP_IPI_ADDR_RLOCK(); 6720 vrf = sctp_find_vrf(stcb->asoc.vrf_id); 6721 if (vrf == NULL) { 6722 /* no vrf, no addresses */ 6723 SCTP_IPI_ADDR_RUNLOCK(); 6724 return (0); 6725 } 6726 6727 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6728 /* 6729 * bound all case: go through all ifns on the vrf 6730 */ 6731 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 6732 if ((loopback_scope == 0) && 6733 SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 6734 continue; 6735 } 6736 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 6737 if (sctp_is_addr_restricted(stcb, sctp_ifa)) 6738 continue; 6739 switch (sctp_ifa->address.sa.sa_family) { 6740 #ifdef INET 6741 case AF_INET: 6742 if (ipv4_addr_legal) { 6743 struct sockaddr_in *sin; 6744 6745 sin = &sctp_ifa->address.sin; 6746 if (sin->sin_addr.s_addr == 0) { 6747 /* 6748 * skip unspecified 6749 * addrs 6750 */ 6751 continue; 6752 } 6753 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, 6754 &sin->sin_addr) != 0) { 6755 continue; 6756 } 6757 if ((ipv4_local_scope == 0) && 6758 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 6759 continue; 6760 } 6761 /* count this one */ 6762 count++; 6763 } else { 6764 continue; 6765 } 6766 break; 6767 #endif 6768 #ifdef INET6 6769 case AF_INET6: 6770 if (ipv6_addr_legal) { 6771 struct sockaddr_in6 *sin6; 6772 6773 sin6 = &sctp_ifa->address.sin6; 6774 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 6775 continue; 6776 } 6777 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, 6778 &sin6->sin6_addr) != 0) { 6779 continue; 6780 } 6781 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 6782 if (local_scope == 0) 6783 continue; 6784 if (sin6->sin6_scope_id == 0) { 6785 if (sa6_recoverscope(sin6) != 0) 6786 /* 6787 * 6788 * bad 6789 * link 6790 * 6791 * local 6792 * 6793 * address 6794 */ 6795 continue; 6796 } 6797 } 6798 if ((site_scope == 0) && 6799 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 6800 continue; 6801 } 6802 /* count this one */ 6803 count++; 6804 } 6805 break; 6806 #endif 6807 default: 6808 /* TSNH */ 6809 break; 6810 } 6811 } 6812 } 6813 } else { 6814 /* 6815 * subset bound case 6816 */ 6817 struct sctp_laddr *laddr; 6818 6819 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, 6820 sctp_nxt_addr) { 6821 if (sctp_is_addr_restricted(stcb, laddr->ifa)) { 6822 continue; 6823 } 6824 /* count this one */ 6825 count++; 6826 } 6827 } 6828 SCTP_IPI_ADDR_RUNLOCK(); 6829 return (count); 6830 } 6831 6832 #if defined(SCTP_LOCAL_TRACE_BUF) 6833 6834 void 6835 sctp_log_trace(uint32_t subsys, const char *str SCTP_UNUSED, uint32_t a, uint32_t b, uint32_t c, uint32_t d, uint32_t e, uint32_t f) 6836 { 6837 uint32_t saveindex, newindex; 6838 6839 do { 6840 saveindex = SCTP_BASE_SYSCTL(sctp_log).index; 6841 if (saveindex >= SCTP_MAX_LOGGING_SIZE) { 6842 newindex = 1; 6843 } else { 6844 newindex = saveindex + 1; 6845 } 6846 } while (atomic_cmpset_int(&SCTP_BASE_SYSCTL(sctp_log).index, saveindex, newindex) == 0); 6847 if (saveindex >= SCTP_MAX_LOGGING_SIZE) { 6848 saveindex = 0; 6849 } 6850 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].timestamp = SCTP_GET_CYCLECOUNT; 6851 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].subsys = subsys; 6852 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[0] = a; 6853 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[1] = b; 6854 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[2] = c; 6855 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[3] = d; 6856 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[4] = e; 6857 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[5] = f; 6858 } 6859 6860 #endif 6861 static void 6862 sctp_recv_udp_tunneled_packet(struct mbuf *m, int off, struct inpcb *inp, 6863 const struct sockaddr *sa SCTP_UNUSED, void *ctx SCTP_UNUSED) 6864 { 6865 struct ip *iph; 6866 #ifdef INET6 6867 struct ip6_hdr *ip6; 6868 #endif 6869 struct mbuf *sp, *last; 6870 struct udphdr *uhdr; 6871 uint16_t port; 6872 6873 if ((m->m_flags & M_PKTHDR) == 0) { 6874 /* Can't handle one that is not a pkt hdr */ 6875 goto out; 6876 } 6877 /* Pull the src port */ 6878 iph = mtod(m, struct ip *); 6879 uhdr = (struct udphdr *)((caddr_t)iph + off); 6880 port = uhdr->uh_sport; 6881 /* 6882 * Split out the mbuf chain. Leave the IP header in m, place the 6883 * rest in the sp. 6884 */ 6885 sp = m_split(m, off, M_NOWAIT); 6886 if (sp == NULL) { 6887 /* Gak, drop packet, we can't do a split */ 6888 goto out; 6889 } 6890 if (sp->m_pkthdr.len < sizeof(struct udphdr) + sizeof(struct sctphdr)) { 6891 /* Gak, packet can't have an SCTP header in it - too small */ 6892 m_freem(sp); 6893 goto out; 6894 } 6895 /* Now pull up the UDP header and SCTP header together */ 6896 sp = m_pullup(sp, sizeof(struct udphdr) + sizeof(struct sctphdr)); 6897 if (sp == NULL) { 6898 /* Gak pullup failed */ 6899 goto out; 6900 } 6901 /* Trim out the UDP header */ 6902 m_adj(sp, sizeof(struct udphdr)); 6903 6904 /* Now reconstruct the mbuf chain */ 6905 for (last = m; last->m_next; last = last->m_next); 6906 last->m_next = sp; 6907 m->m_pkthdr.len += sp->m_pkthdr.len; 6908 /* 6909 * The CSUM_DATA_VALID flags indicates that the HW checked the UDP 6910 * checksum and it was valid. Since CSUM_DATA_VALID == 6911 * CSUM_SCTP_VALID this would imply that the HW also verified the 6912 * SCTP checksum. Therefore, clear the bit. 6913 */ 6914 SCTPDBG(SCTP_DEBUG_CRCOFFLOAD, 6915 "sctp_recv_udp_tunneled_packet(): Packet of length %d received on %s with csum_flags 0x%b.\n", 6916 m->m_pkthdr.len, 6917 if_name(m->m_pkthdr.rcvif), 6918 (int)m->m_pkthdr.csum_flags, CSUM_BITS); 6919 m->m_pkthdr.csum_flags &= ~CSUM_DATA_VALID; 6920 iph = mtod(m, struct ip *); 6921 switch (iph->ip_v) { 6922 #ifdef INET 6923 case IPVERSION: 6924 iph->ip_len = htons(ntohs(iph->ip_len) - sizeof(struct udphdr)); 6925 sctp_input_with_port(m, off, port); 6926 break; 6927 #endif 6928 #ifdef INET6 6929 case IPV6_VERSION >> 4: 6930 ip6 = mtod(m, struct ip6_hdr *); 6931 ip6->ip6_plen = htons(ntohs(ip6->ip6_plen) - sizeof(struct udphdr)); 6932 sctp6_input_with_port(&m, &off, port); 6933 break; 6934 #endif 6935 default: 6936 goto out; 6937 break; 6938 } 6939 return; 6940 out: 6941 m_freem(m); 6942 } 6943 6944 #ifdef INET 6945 static void 6946 sctp_recv_icmp_tunneled_packet(int cmd, struct sockaddr *sa, void *vip, void *ctx SCTP_UNUSED) 6947 { 6948 struct ip *outer_ip, *inner_ip; 6949 struct sctphdr *sh; 6950 struct icmp *icmp; 6951 struct udphdr *udp; 6952 struct sctp_inpcb *inp; 6953 struct sctp_tcb *stcb; 6954 struct sctp_nets *net; 6955 struct sctp_init_chunk *ch; 6956 struct sockaddr_in src, dst; 6957 uint8_t type, code; 6958 6959 inner_ip = (struct ip *)vip; 6960 icmp = (struct icmp *)((caddr_t)inner_ip - 6961 (sizeof(struct icmp) - sizeof(struct ip))); 6962 outer_ip = (struct ip *)((caddr_t)icmp - sizeof(struct ip)); 6963 if (ntohs(outer_ip->ip_len) < 6964 sizeof(struct ip) + 8 + (inner_ip->ip_hl << 2) + sizeof(struct udphdr) + 8) { 6965 return; 6966 } 6967 udp = (struct udphdr *)((caddr_t)inner_ip + (inner_ip->ip_hl << 2)); 6968 sh = (struct sctphdr *)(udp + 1); 6969 memset(&src, 0, sizeof(struct sockaddr_in)); 6970 src.sin_family = AF_INET; 6971 src.sin_len = sizeof(struct sockaddr_in); 6972 src.sin_port = sh->src_port; 6973 src.sin_addr = inner_ip->ip_src; 6974 memset(&dst, 0, sizeof(struct sockaddr_in)); 6975 dst.sin_family = AF_INET; 6976 dst.sin_len = sizeof(struct sockaddr_in); 6977 dst.sin_port = sh->dest_port; 6978 dst.sin_addr = inner_ip->ip_dst; 6979 /* 6980 * 'dst' holds the dest of the packet that failed to be sent. 'src' 6981 * holds our local endpoint address. Thus we reverse the dst and the 6982 * src in the lookup. 6983 */ 6984 inp = NULL; 6985 net = NULL; 6986 stcb = sctp_findassociation_addr_sa((struct sockaddr *)&dst, 6987 (struct sockaddr *)&src, 6988 &inp, &net, 1, 6989 SCTP_DEFAULT_VRFID); 6990 if ((stcb != NULL) && 6991 (net != NULL) && 6992 (inp != NULL)) { 6993 /* Check the UDP port numbers */ 6994 if ((udp->uh_dport != net->port) || 6995 (udp->uh_sport != htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)))) { 6996 SCTP_TCB_UNLOCK(stcb); 6997 return; 6998 } 6999 /* Check the verification tag */ 7000 if (ntohl(sh->v_tag) != 0) { 7001 /* 7002 * This must be the verification tag used for 7003 * sending out packets. We don't consider packets 7004 * reflecting the verification tag. 7005 */ 7006 if (ntohl(sh->v_tag) != stcb->asoc.peer_vtag) { 7007 SCTP_TCB_UNLOCK(stcb); 7008 return; 7009 } 7010 } else { 7011 if (ntohs(outer_ip->ip_len) >= 7012 sizeof(struct ip) + 7013 8 + (inner_ip->ip_hl << 2) + 8 + 20) { 7014 /* 7015 * In this case we can check if we got an 7016 * INIT chunk and if the initiate tag 7017 * matches. 7018 */ 7019 ch = (struct sctp_init_chunk *)(sh + 1); 7020 if ((ch->ch.chunk_type != SCTP_INITIATION) || 7021 (ntohl(ch->init.initiate_tag) != stcb->asoc.my_vtag)) { 7022 SCTP_TCB_UNLOCK(stcb); 7023 return; 7024 } 7025 } else { 7026 SCTP_TCB_UNLOCK(stcb); 7027 return; 7028 } 7029 } 7030 type = icmp->icmp_type; 7031 code = icmp->icmp_code; 7032 if ((type == ICMP_UNREACH) && 7033 (code == ICMP_UNREACH_PORT)) { 7034 code = ICMP_UNREACH_PROTOCOL; 7035 } 7036 sctp_notify(inp, stcb, net, type, code, 7037 ntohs(inner_ip->ip_len), 7038 (uint32_t)ntohs(icmp->icmp_nextmtu)); 7039 } else { 7040 if ((stcb == NULL) && (inp != NULL)) { 7041 /* reduce ref-count */ 7042 SCTP_INP_WLOCK(inp); 7043 SCTP_INP_DECR_REF(inp); 7044 SCTP_INP_WUNLOCK(inp); 7045 } 7046 if (stcb) { 7047 SCTP_TCB_UNLOCK(stcb); 7048 } 7049 } 7050 return; 7051 } 7052 #endif 7053 7054 #ifdef INET6 7055 static void 7056 sctp_recv_icmp6_tunneled_packet(int cmd, struct sockaddr *sa, void *d, void *ctx SCTP_UNUSED) 7057 { 7058 struct ip6ctlparam *ip6cp; 7059 struct sctp_inpcb *inp; 7060 struct sctp_tcb *stcb; 7061 struct sctp_nets *net; 7062 struct sctphdr sh; 7063 struct udphdr udp; 7064 struct sockaddr_in6 src, dst; 7065 uint8_t type, code; 7066 7067 ip6cp = (struct ip6ctlparam *)d; 7068 /* 7069 * XXX: We assume that when IPV6 is non NULL, M and OFF are valid. 7070 */ 7071 if (ip6cp->ip6c_m == NULL) { 7072 return; 7073 } 7074 /* 7075 * Check if we can safely examine the ports and the verification tag 7076 * of the SCTP common header. 7077 */ 7078 if (ip6cp->ip6c_m->m_pkthdr.len < 7079 ip6cp->ip6c_off + sizeof(struct udphdr) + offsetof(struct sctphdr, checksum)) { 7080 return; 7081 } 7082 /* Copy out the UDP header. */ 7083 memset(&udp, 0, sizeof(struct udphdr)); 7084 m_copydata(ip6cp->ip6c_m, 7085 ip6cp->ip6c_off, 7086 sizeof(struct udphdr), 7087 (caddr_t)&udp); 7088 /* Copy out the port numbers and the verification tag. */ 7089 memset(&sh, 0, sizeof(struct sctphdr)); 7090 m_copydata(ip6cp->ip6c_m, 7091 ip6cp->ip6c_off + sizeof(struct udphdr), 7092 sizeof(uint16_t) + sizeof(uint16_t) + sizeof(uint32_t), 7093 (caddr_t)&sh); 7094 memset(&src, 0, sizeof(struct sockaddr_in6)); 7095 src.sin6_family = AF_INET6; 7096 src.sin6_len = sizeof(struct sockaddr_in6); 7097 src.sin6_port = sh.src_port; 7098 src.sin6_addr = ip6cp->ip6c_ip6->ip6_src; 7099 if (in6_setscope(&src.sin6_addr, ip6cp->ip6c_m->m_pkthdr.rcvif, NULL) != 0) { 7100 return; 7101 } 7102 memset(&dst, 0, sizeof(struct sockaddr_in6)); 7103 dst.sin6_family = AF_INET6; 7104 dst.sin6_len = sizeof(struct sockaddr_in6); 7105 dst.sin6_port = sh.dest_port; 7106 dst.sin6_addr = ip6cp->ip6c_ip6->ip6_dst; 7107 if (in6_setscope(&dst.sin6_addr, ip6cp->ip6c_m->m_pkthdr.rcvif, NULL) != 0) { 7108 return; 7109 } 7110 inp = NULL; 7111 net = NULL; 7112 stcb = sctp_findassociation_addr_sa((struct sockaddr *)&dst, 7113 (struct sockaddr *)&src, 7114 &inp, &net, 1, SCTP_DEFAULT_VRFID); 7115 if ((stcb != NULL) && 7116 (net != NULL) && 7117 (inp != NULL)) { 7118 /* Check the UDP port numbers */ 7119 if ((udp.uh_dport != net->port) || 7120 (udp.uh_sport != htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)))) { 7121 SCTP_TCB_UNLOCK(stcb); 7122 return; 7123 } 7124 /* Check the verification tag */ 7125 if (ntohl(sh.v_tag) != 0) { 7126 /* 7127 * This must be the verification tag used for 7128 * sending out packets. We don't consider packets 7129 * reflecting the verification tag. 7130 */ 7131 if (ntohl(sh.v_tag) != stcb->asoc.peer_vtag) { 7132 SCTP_TCB_UNLOCK(stcb); 7133 return; 7134 } 7135 } else { 7136 if (ip6cp->ip6c_m->m_pkthdr.len >= 7137 ip6cp->ip6c_off + sizeof(struct udphdr) + 7138 sizeof(struct sctphdr) + 7139 sizeof(struct sctp_chunkhdr) + 7140 offsetof(struct sctp_init, a_rwnd)) { 7141 /* 7142 * In this case we can check if we got an 7143 * INIT chunk and if the initiate tag 7144 * matches. 7145 */ 7146 uint32_t initiate_tag; 7147 uint8_t chunk_type; 7148 7149 m_copydata(ip6cp->ip6c_m, 7150 ip6cp->ip6c_off + 7151 sizeof(struct udphdr) + 7152 sizeof(struct sctphdr), 7153 sizeof(uint8_t), 7154 (caddr_t)&chunk_type); 7155 m_copydata(ip6cp->ip6c_m, 7156 ip6cp->ip6c_off + 7157 sizeof(struct udphdr) + 7158 sizeof(struct sctphdr) + 7159 sizeof(struct sctp_chunkhdr), 7160 sizeof(uint32_t), 7161 (caddr_t)&initiate_tag); 7162 if ((chunk_type != SCTP_INITIATION) || 7163 (ntohl(initiate_tag) != stcb->asoc.my_vtag)) { 7164 SCTP_TCB_UNLOCK(stcb); 7165 return; 7166 } 7167 } else { 7168 SCTP_TCB_UNLOCK(stcb); 7169 return; 7170 } 7171 } 7172 type = ip6cp->ip6c_icmp6->icmp6_type; 7173 code = ip6cp->ip6c_icmp6->icmp6_code; 7174 if ((type == ICMP6_DST_UNREACH) && 7175 (code == ICMP6_DST_UNREACH_NOPORT)) { 7176 type = ICMP6_PARAM_PROB; 7177 code = ICMP6_PARAMPROB_NEXTHEADER; 7178 } 7179 sctp6_notify(inp, stcb, net, type, code, 7180 ntohl(ip6cp->ip6c_icmp6->icmp6_mtu)); 7181 } else { 7182 if ((stcb == NULL) && (inp != NULL)) { 7183 /* reduce inp's ref-count */ 7184 SCTP_INP_WLOCK(inp); 7185 SCTP_INP_DECR_REF(inp); 7186 SCTP_INP_WUNLOCK(inp); 7187 } 7188 if (stcb) { 7189 SCTP_TCB_UNLOCK(stcb); 7190 } 7191 } 7192 } 7193 #endif 7194 7195 void 7196 sctp_over_udp_stop(void) 7197 { 7198 /* 7199 * This function assumes sysctl caller holds sctp_sysctl_info_lock() 7200 * for writting! 7201 */ 7202 #ifdef INET 7203 if (SCTP_BASE_INFO(udp4_tun_socket) != NULL) { 7204 soclose(SCTP_BASE_INFO(udp4_tun_socket)); 7205 SCTP_BASE_INFO(udp4_tun_socket) = NULL; 7206 } 7207 #endif 7208 #ifdef INET6 7209 if (SCTP_BASE_INFO(udp6_tun_socket) != NULL) { 7210 soclose(SCTP_BASE_INFO(udp6_tun_socket)); 7211 SCTP_BASE_INFO(udp6_tun_socket) = NULL; 7212 } 7213 #endif 7214 } 7215 7216 int 7217 sctp_over_udp_start(void) 7218 { 7219 uint16_t port; 7220 int ret; 7221 #ifdef INET 7222 struct sockaddr_in sin; 7223 #endif 7224 #ifdef INET6 7225 struct sockaddr_in6 sin6; 7226 #endif 7227 /* 7228 * This function assumes sysctl caller holds sctp_sysctl_info_lock() 7229 * for writting! 7230 */ 7231 port = SCTP_BASE_SYSCTL(sctp_udp_tunneling_port); 7232 if (ntohs(port) == 0) { 7233 /* Must have a port set */ 7234 return (EINVAL); 7235 } 7236 #ifdef INET 7237 if (SCTP_BASE_INFO(udp4_tun_socket) != NULL) { 7238 /* Already running -- must stop first */ 7239 return (EALREADY); 7240 } 7241 #endif 7242 #ifdef INET6 7243 if (SCTP_BASE_INFO(udp6_tun_socket) != NULL) { 7244 /* Already running -- must stop first */ 7245 return (EALREADY); 7246 } 7247 #endif 7248 #ifdef INET 7249 if ((ret = socreate(PF_INET, &SCTP_BASE_INFO(udp4_tun_socket), 7250 SOCK_DGRAM, IPPROTO_UDP, 7251 curthread->td_ucred, curthread))) { 7252 sctp_over_udp_stop(); 7253 return (ret); 7254 } 7255 /* Call the special UDP hook. */ 7256 if ((ret = udp_set_kernel_tunneling(SCTP_BASE_INFO(udp4_tun_socket), 7257 sctp_recv_udp_tunneled_packet, 7258 sctp_recv_icmp_tunneled_packet, 7259 NULL))) { 7260 sctp_over_udp_stop(); 7261 return (ret); 7262 } 7263 /* Ok, we have a socket, bind it to the port. */ 7264 memset(&sin, 0, sizeof(struct sockaddr_in)); 7265 sin.sin_len = sizeof(struct sockaddr_in); 7266 sin.sin_family = AF_INET; 7267 sin.sin_port = htons(port); 7268 if ((ret = sobind(SCTP_BASE_INFO(udp4_tun_socket), 7269 (struct sockaddr *)&sin, curthread))) { 7270 sctp_over_udp_stop(); 7271 return (ret); 7272 } 7273 #endif 7274 #ifdef INET6 7275 if ((ret = socreate(PF_INET6, &SCTP_BASE_INFO(udp6_tun_socket), 7276 SOCK_DGRAM, IPPROTO_UDP, 7277 curthread->td_ucred, curthread))) { 7278 sctp_over_udp_stop(); 7279 return (ret); 7280 } 7281 /* Call the special UDP hook. */ 7282 if ((ret = udp_set_kernel_tunneling(SCTP_BASE_INFO(udp6_tun_socket), 7283 sctp_recv_udp_tunneled_packet, 7284 sctp_recv_icmp6_tunneled_packet, 7285 NULL))) { 7286 sctp_over_udp_stop(); 7287 return (ret); 7288 } 7289 /* Ok, we have a socket, bind it to the port. */ 7290 memset(&sin6, 0, sizeof(struct sockaddr_in6)); 7291 sin6.sin6_len = sizeof(struct sockaddr_in6); 7292 sin6.sin6_family = AF_INET6; 7293 sin6.sin6_port = htons(port); 7294 if ((ret = sobind(SCTP_BASE_INFO(udp6_tun_socket), 7295 (struct sockaddr *)&sin6, curthread))) { 7296 sctp_over_udp_stop(); 7297 return (ret); 7298 } 7299 #endif 7300 return (0); 7301 } 7302 7303 /* 7304 * sctp_min_mtu ()returns the minimum of all non-zero arguments. 7305 * If all arguments are zero, zero is returned. 7306 */ 7307 uint32_t 7308 sctp_min_mtu(uint32_t mtu1, uint32_t mtu2, uint32_t mtu3) 7309 { 7310 if (mtu1 > 0) { 7311 if (mtu2 > 0) { 7312 if (mtu3 > 0) { 7313 return (min(mtu1, min(mtu2, mtu3))); 7314 } else { 7315 return (min(mtu1, mtu2)); 7316 } 7317 } else { 7318 if (mtu3 > 0) { 7319 return (min(mtu1, mtu3)); 7320 } else { 7321 return (mtu1); 7322 } 7323 } 7324 } else { 7325 if (mtu2 > 0) { 7326 if (mtu3 > 0) { 7327 return (min(mtu2, mtu3)); 7328 } else { 7329 return (mtu2); 7330 } 7331 } else { 7332 return (mtu3); 7333 } 7334 } 7335 } 7336 7337 void 7338 sctp_hc_set_mtu(union sctp_sockstore *addr, uint16_t fibnum, uint32_t mtu) 7339 { 7340 struct in_conninfo inc; 7341 7342 memset(&inc, 0, sizeof(struct in_conninfo)); 7343 inc.inc_fibnum = fibnum; 7344 switch (addr->sa.sa_family) { 7345 #ifdef INET 7346 case AF_INET: 7347 inc.inc_faddr = addr->sin.sin_addr; 7348 break; 7349 #endif 7350 #ifdef INET6 7351 case AF_INET6: 7352 inc.inc_flags |= INC_ISIPV6; 7353 inc.inc6_faddr = addr->sin6.sin6_addr; 7354 break; 7355 #endif 7356 default: 7357 return; 7358 } 7359 tcp_hc_updatemtu(&inc, (u_long)mtu); 7360 } 7361 7362 uint32_t 7363 sctp_hc_get_mtu(union sctp_sockstore *addr, uint16_t fibnum) 7364 { 7365 struct in_conninfo inc; 7366 7367 memset(&inc, 0, sizeof(struct in_conninfo)); 7368 inc.inc_fibnum = fibnum; 7369 switch (addr->sa.sa_family) { 7370 #ifdef INET 7371 case AF_INET: 7372 inc.inc_faddr = addr->sin.sin_addr; 7373 break; 7374 #endif 7375 #ifdef INET6 7376 case AF_INET6: 7377 inc.inc_flags |= INC_ISIPV6; 7378 inc.inc6_faddr = addr->sin6.sin6_addr; 7379 break; 7380 #endif 7381 default: 7382 return (0); 7383 } 7384 return ((uint32_t)tcp_hc_getmtu(&inc)); 7385 } 7386 7387 void 7388 sctp_set_state(struct sctp_tcb *stcb, int new_state) 7389 { 7390 #if defined(KDTRACE_HOOKS) 7391 int old_state = stcb->asoc.state; 7392 #endif 7393 7394 KASSERT((new_state & ~SCTP_STATE_MASK) == 0, 7395 ("sctp_set_state: Can't set substate (new_state = %x)", 7396 new_state)); 7397 stcb->asoc.state = (stcb->asoc.state & ~SCTP_STATE_MASK) | new_state; 7398 if ((new_state == SCTP_STATE_SHUTDOWN_RECEIVED) || 7399 (new_state == SCTP_STATE_SHUTDOWN_SENT) || 7400 (new_state == SCTP_STATE_SHUTDOWN_ACK_SENT)) { 7401 SCTP_CLEAR_SUBSTATE(stcb, SCTP_STATE_SHUTDOWN_PENDING); 7402 } 7403 #if defined(KDTRACE_HOOKS) 7404 if (((old_state & SCTP_STATE_MASK) != new_state) && 7405 !(((old_state & SCTP_STATE_MASK) == SCTP_STATE_EMPTY) && 7406 (new_state == SCTP_STATE_INUSE))) { 7407 SCTP_PROBE6(state__change, NULL, stcb, NULL, stcb, NULL, old_state); 7408 } 7409 #endif 7410 } 7411 7412 void 7413 sctp_add_substate(struct sctp_tcb *stcb, int substate) 7414 { 7415 #if defined(KDTRACE_HOOKS) 7416 int old_state = stcb->asoc.state; 7417 #endif 7418 7419 KASSERT((substate & SCTP_STATE_MASK) == 0, 7420 ("sctp_add_substate: Can't set state (substate = %x)", 7421 substate)); 7422 stcb->asoc.state |= substate; 7423 #if defined(KDTRACE_HOOKS) 7424 if (((substate & SCTP_STATE_ABOUT_TO_BE_FREED) && 7425 ((old_state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) || 7426 ((substate & SCTP_STATE_SHUTDOWN_PENDING) && 7427 ((old_state & SCTP_STATE_SHUTDOWN_PENDING) == 0))) { 7428 SCTP_PROBE6(state__change, NULL, stcb, NULL, stcb, NULL, old_state); 7429 } 7430 #endif 7431 } 7432