1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * a) Redistributions of source code must retain the above copyright notice, 12 * this list of conditions and the following disclaimer. 13 * 14 * b) Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the distribution. 17 * 18 * c) Neither the name of Cisco Systems, Inc. nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 32 * THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include <sys/cdefs.h> 36 __FBSDID("$FreeBSD$"); 37 38 #include <netinet/sctp_os.h> 39 #include <netinet/sctp_pcb.h> 40 #include <netinet/sctputil.h> 41 #include <netinet/sctp_var.h> 42 #include <netinet/sctp_sysctl.h> 43 #ifdef INET6 44 #include <netinet6/sctp6_var.h> 45 #endif 46 #include <netinet/sctp_header.h> 47 #include <netinet/sctp_output.h> 48 #include <netinet/sctp_uio.h> 49 #include <netinet/sctp_timer.h> 50 #include <netinet/sctp_indata.h> 51 #include <netinet/sctp_auth.h> 52 #include <netinet/sctp_asconf.h> 53 #include <netinet/sctp_bsd_addr.h> 54 #if defined(INET6) || defined(INET) 55 #include <netinet/tcp_var.h> 56 #endif 57 #include <netinet/udp.h> 58 #include <netinet/udp_var.h> 59 #include <netinet/in_kdtrace.h> 60 #include <sys/proc.h> 61 #ifdef INET6 62 #include <netinet/icmp6.h> 63 #endif 64 65 66 #ifndef KTR_SCTP 67 #define KTR_SCTP KTR_SUBSYS 68 #endif 69 70 extern const struct sctp_cc_functions sctp_cc_functions[]; 71 extern const struct sctp_ss_functions sctp_ss_functions[]; 72 73 void 74 sctp_sblog(struct sockbuf *sb, struct sctp_tcb *stcb, int from, int incr) 75 { 76 #if defined(SCTP_LOCAL_TRACE_BUF) 77 struct sctp_cwnd_log sctp_clog; 78 79 sctp_clog.x.sb.stcb = stcb; 80 sctp_clog.x.sb.so_sbcc = sb->sb_cc; 81 if (stcb) 82 sctp_clog.x.sb.stcb_sbcc = stcb->asoc.sb_cc; 83 else 84 sctp_clog.x.sb.stcb_sbcc = 0; 85 sctp_clog.x.sb.incr = incr; 86 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 87 SCTP_LOG_EVENT_SB, 88 from, 89 sctp_clog.x.misc.log1, 90 sctp_clog.x.misc.log2, 91 sctp_clog.x.misc.log3, 92 sctp_clog.x.misc.log4); 93 #endif 94 } 95 96 void 97 sctp_log_closing(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int16_t loc) 98 { 99 #if defined(SCTP_LOCAL_TRACE_BUF) 100 struct sctp_cwnd_log sctp_clog; 101 102 sctp_clog.x.close.inp = (void *)inp; 103 sctp_clog.x.close.sctp_flags = inp->sctp_flags; 104 if (stcb) { 105 sctp_clog.x.close.stcb = (void *)stcb; 106 sctp_clog.x.close.state = (uint16_t)stcb->asoc.state; 107 } else { 108 sctp_clog.x.close.stcb = 0; 109 sctp_clog.x.close.state = 0; 110 } 111 sctp_clog.x.close.loc = loc; 112 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 113 SCTP_LOG_EVENT_CLOSE, 114 0, 115 sctp_clog.x.misc.log1, 116 sctp_clog.x.misc.log2, 117 sctp_clog.x.misc.log3, 118 sctp_clog.x.misc.log4); 119 #endif 120 } 121 122 void 123 rto_logging(struct sctp_nets *net, int from) 124 { 125 #if defined(SCTP_LOCAL_TRACE_BUF) 126 struct sctp_cwnd_log sctp_clog; 127 128 memset(&sctp_clog, 0, sizeof(sctp_clog)); 129 sctp_clog.x.rto.net = (void *)net; 130 sctp_clog.x.rto.rtt = net->rtt / 1000; 131 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 132 SCTP_LOG_EVENT_RTT, 133 from, 134 sctp_clog.x.misc.log1, 135 sctp_clog.x.misc.log2, 136 sctp_clog.x.misc.log3, 137 sctp_clog.x.misc.log4); 138 #endif 139 } 140 141 void 142 sctp_log_strm_del_alt(struct sctp_tcb *stcb, uint32_t tsn, uint16_t sseq, uint16_t stream, int from) 143 { 144 #if defined(SCTP_LOCAL_TRACE_BUF) 145 struct sctp_cwnd_log sctp_clog; 146 147 sctp_clog.x.strlog.stcb = stcb; 148 sctp_clog.x.strlog.n_tsn = tsn; 149 sctp_clog.x.strlog.n_sseq = sseq; 150 sctp_clog.x.strlog.e_tsn = 0; 151 sctp_clog.x.strlog.e_sseq = 0; 152 sctp_clog.x.strlog.strm = stream; 153 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 154 SCTP_LOG_EVENT_STRM, 155 from, 156 sctp_clog.x.misc.log1, 157 sctp_clog.x.misc.log2, 158 sctp_clog.x.misc.log3, 159 sctp_clog.x.misc.log4); 160 #endif 161 } 162 163 void 164 sctp_log_nagle_event(struct sctp_tcb *stcb, int action) 165 { 166 #if defined(SCTP_LOCAL_TRACE_BUF) 167 struct sctp_cwnd_log sctp_clog; 168 169 sctp_clog.x.nagle.stcb = (void *)stcb; 170 sctp_clog.x.nagle.total_flight = stcb->asoc.total_flight; 171 sctp_clog.x.nagle.total_in_queue = stcb->asoc.total_output_queue_size; 172 sctp_clog.x.nagle.count_in_queue = stcb->asoc.chunks_on_out_queue; 173 sctp_clog.x.nagle.count_in_flight = stcb->asoc.total_flight_count; 174 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 175 SCTP_LOG_EVENT_NAGLE, 176 action, 177 sctp_clog.x.misc.log1, 178 sctp_clog.x.misc.log2, 179 sctp_clog.x.misc.log3, 180 sctp_clog.x.misc.log4); 181 #endif 182 } 183 184 void 185 sctp_log_sack(uint32_t old_cumack, uint32_t cumack, uint32_t tsn, uint16_t gaps, uint16_t dups, int from) 186 { 187 #if defined(SCTP_LOCAL_TRACE_BUF) 188 struct sctp_cwnd_log sctp_clog; 189 190 sctp_clog.x.sack.cumack = cumack; 191 sctp_clog.x.sack.oldcumack = old_cumack; 192 sctp_clog.x.sack.tsn = tsn; 193 sctp_clog.x.sack.numGaps = gaps; 194 sctp_clog.x.sack.numDups = dups; 195 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 196 SCTP_LOG_EVENT_SACK, 197 from, 198 sctp_clog.x.misc.log1, 199 sctp_clog.x.misc.log2, 200 sctp_clog.x.misc.log3, 201 sctp_clog.x.misc.log4); 202 #endif 203 } 204 205 void 206 sctp_log_map(uint32_t map, uint32_t cum, uint32_t high, int from) 207 { 208 #if defined(SCTP_LOCAL_TRACE_BUF) 209 struct sctp_cwnd_log sctp_clog; 210 211 memset(&sctp_clog, 0, sizeof(sctp_clog)); 212 sctp_clog.x.map.base = map; 213 sctp_clog.x.map.cum = cum; 214 sctp_clog.x.map.high = high; 215 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 216 SCTP_LOG_EVENT_MAP, 217 from, 218 sctp_clog.x.misc.log1, 219 sctp_clog.x.misc.log2, 220 sctp_clog.x.misc.log3, 221 sctp_clog.x.misc.log4); 222 #endif 223 } 224 225 void 226 sctp_log_fr(uint32_t biggest_tsn, uint32_t biggest_new_tsn, uint32_t tsn, int from) 227 { 228 #if defined(SCTP_LOCAL_TRACE_BUF) 229 struct sctp_cwnd_log sctp_clog; 230 231 memset(&sctp_clog, 0, sizeof(sctp_clog)); 232 sctp_clog.x.fr.largest_tsn = biggest_tsn; 233 sctp_clog.x.fr.largest_new_tsn = biggest_new_tsn; 234 sctp_clog.x.fr.tsn = tsn; 235 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 236 SCTP_LOG_EVENT_FR, 237 from, 238 sctp_clog.x.misc.log1, 239 sctp_clog.x.misc.log2, 240 sctp_clog.x.misc.log3, 241 sctp_clog.x.misc.log4); 242 #endif 243 } 244 245 #ifdef SCTP_MBUF_LOGGING 246 void 247 sctp_log_mb(struct mbuf *m, int from) 248 { 249 #if defined(SCTP_LOCAL_TRACE_BUF) 250 struct sctp_cwnd_log sctp_clog; 251 252 sctp_clog.x.mb.mp = m; 253 sctp_clog.x.mb.mbuf_flags = (uint8_t)(SCTP_BUF_GET_FLAGS(m)); 254 sctp_clog.x.mb.size = (uint16_t)(SCTP_BUF_LEN(m)); 255 sctp_clog.x.mb.data = SCTP_BUF_AT(m, 0); 256 if (SCTP_BUF_IS_EXTENDED(m)) { 257 sctp_clog.x.mb.ext = SCTP_BUF_EXTEND_BASE(m); 258 sctp_clog.x.mb.refcnt = (uint8_t)(SCTP_BUF_EXTEND_REFCNT(m)); 259 } else { 260 sctp_clog.x.mb.ext = 0; 261 sctp_clog.x.mb.refcnt = 0; 262 } 263 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 264 SCTP_LOG_EVENT_MBUF, 265 from, 266 sctp_clog.x.misc.log1, 267 sctp_clog.x.misc.log2, 268 sctp_clog.x.misc.log3, 269 sctp_clog.x.misc.log4); 270 #endif 271 } 272 273 void 274 sctp_log_mbc(struct mbuf *m, int from) 275 { 276 struct mbuf *mat; 277 278 for (mat = m; mat; mat = SCTP_BUF_NEXT(mat)) { 279 sctp_log_mb(mat, from); 280 } 281 } 282 #endif 283 284 void 285 sctp_log_strm_del(struct sctp_queued_to_read *control, struct sctp_queued_to_read *poschk, int from) 286 { 287 #if defined(SCTP_LOCAL_TRACE_BUF) 288 struct sctp_cwnd_log sctp_clog; 289 290 if (control == NULL) { 291 SCTP_PRINTF("Gak log of NULL?\n"); 292 return; 293 } 294 sctp_clog.x.strlog.stcb = control->stcb; 295 sctp_clog.x.strlog.n_tsn = control->sinfo_tsn; 296 sctp_clog.x.strlog.n_sseq = (uint16_t)control->mid; 297 sctp_clog.x.strlog.strm = control->sinfo_stream; 298 if (poschk != NULL) { 299 sctp_clog.x.strlog.e_tsn = poschk->sinfo_tsn; 300 sctp_clog.x.strlog.e_sseq = (uint16_t)poschk->mid; 301 } else { 302 sctp_clog.x.strlog.e_tsn = 0; 303 sctp_clog.x.strlog.e_sseq = 0; 304 } 305 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 306 SCTP_LOG_EVENT_STRM, 307 from, 308 sctp_clog.x.misc.log1, 309 sctp_clog.x.misc.log2, 310 sctp_clog.x.misc.log3, 311 sctp_clog.x.misc.log4); 312 #endif 313 } 314 315 void 316 sctp_log_cwnd(struct sctp_tcb *stcb, struct sctp_nets *net, int augment, uint8_t from) 317 { 318 #if defined(SCTP_LOCAL_TRACE_BUF) 319 struct sctp_cwnd_log sctp_clog; 320 321 sctp_clog.x.cwnd.net = net; 322 if (stcb->asoc.send_queue_cnt > 255) 323 sctp_clog.x.cwnd.cnt_in_send = 255; 324 else 325 sctp_clog.x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 326 if (stcb->asoc.stream_queue_cnt > 255) 327 sctp_clog.x.cwnd.cnt_in_str = 255; 328 else 329 sctp_clog.x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 330 331 if (net) { 332 sctp_clog.x.cwnd.cwnd_new_value = net->cwnd; 333 sctp_clog.x.cwnd.inflight = net->flight_size; 334 sctp_clog.x.cwnd.pseudo_cumack = net->pseudo_cumack; 335 sctp_clog.x.cwnd.meets_pseudo_cumack = net->new_pseudo_cumack; 336 sctp_clog.x.cwnd.need_new_pseudo_cumack = net->find_pseudo_cumack; 337 } 338 if (SCTP_CWNDLOG_PRESEND == from) { 339 sctp_clog.x.cwnd.meets_pseudo_cumack = stcb->asoc.peers_rwnd; 340 } 341 sctp_clog.x.cwnd.cwnd_augment = augment; 342 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 343 SCTP_LOG_EVENT_CWND, 344 from, 345 sctp_clog.x.misc.log1, 346 sctp_clog.x.misc.log2, 347 sctp_clog.x.misc.log3, 348 sctp_clog.x.misc.log4); 349 #endif 350 } 351 352 void 353 sctp_log_lock(struct sctp_inpcb *inp, struct sctp_tcb *stcb, uint8_t from) 354 { 355 #if defined(SCTP_LOCAL_TRACE_BUF) 356 struct sctp_cwnd_log sctp_clog; 357 358 memset(&sctp_clog, 0, sizeof(sctp_clog)); 359 if (inp) { 360 sctp_clog.x.lock.sock = (void *)inp->sctp_socket; 361 362 } else { 363 sctp_clog.x.lock.sock = (void *)NULL; 364 } 365 sctp_clog.x.lock.inp = (void *)inp; 366 if (stcb) { 367 sctp_clog.x.lock.tcb_lock = mtx_owned(&stcb->tcb_mtx); 368 } else { 369 sctp_clog.x.lock.tcb_lock = SCTP_LOCK_UNKNOWN; 370 } 371 if (inp) { 372 sctp_clog.x.lock.inp_lock = mtx_owned(&inp->inp_mtx); 373 sctp_clog.x.lock.create_lock = mtx_owned(&inp->inp_create_mtx); 374 } else { 375 sctp_clog.x.lock.inp_lock = SCTP_LOCK_UNKNOWN; 376 sctp_clog.x.lock.create_lock = SCTP_LOCK_UNKNOWN; 377 } 378 sctp_clog.x.lock.info_lock = rw_wowned(&SCTP_BASE_INFO(ipi_ep_mtx)); 379 if (inp && (inp->sctp_socket)) { 380 sctp_clog.x.lock.sock_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); 381 sctp_clog.x.lock.sockrcvbuf_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); 382 sctp_clog.x.lock.socksndbuf_lock = mtx_owned(&(inp->sctp_socket->so_snd.sb_mtx)); 383 } else { 384 sctp_clog.x.lock.sock_lock = SCTP_LOCK_UNKNOWN; 385 sctp_clog.x.lock.sockrcvbuf_lock = SCTP_LOCK_UNKNOWN; 386 sctp_clog.x.lock.socksndbuf_lock = SCTP_LOCK_UNKNOWN; 387 } 388 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 389 SCTP_LOG_LOCK_EVENT, 390 from, 391 sctp_clog.x.misc.log1, 392 sctp_clog.x.misc.log2, 393 sctp_clog.x.misc.log3, 394 sctp_clog.x.misc.log4); 395 #endif 396 } 397 398 void 399 sctp_log_maxburst(struct sctp_tcb *stcb, struct sctp_nets *net, int error, int burst, uint8_t from) 400 { 401 #if defined(SCTP_LOCAL_TRACE_BUF) 402 struct sctp_cwnd_log sctp_clog; 403 404 memset(&sctp_clog, 0, sizeof(sctp_clog)); 405 sctp_clog.x.cwnd.net = net; 406 sctp_clog.x.cwnd.cwnd_new_value = error; 407 sctp_clog.x.cwnd.inflight = net->flight_size; 408 sctp_clog.x.cwnd.cwnd_augment = burst; 409 if (stcb->asoc.send_queue_cnt > 255) 410 sctp_clog.x.cwnd.cnt_in_send = 255; 411 else 412 sctp_clog.x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 413 if (stcb->asoc.stream_queue_cnt > 255) 414 sctp_clog.x.cwnd.cnt_in_str = 255; 415 else 416 sctp_clog.x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 417 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 418 SCTP_LOG_EVENT_MAXBURST, 419 from, 420 sctp_clog.x.misc.log1, 421 sctp_clog.x.misc.log2, 422 sctp_clog.x.misc.log3, 423 sctp_clog.x.misc.log4); 424 #endif 425 } 426 427 void 428 sctp_log_rwnd(uint8_t from, uint32_t peers_rwnd, uint32_t snd_size, uint32_t overhead) 429 { 430 #if defined(SCTP_LOCAL_TRACE_BUF) 431 struct sctp_cwnd_log sctp_clog; 432 433 sctp_clog.x.rwnd.rwnd = peers_rwnd; 434 sctp_clog.x.rwnd.send_size = snd_size; 435 sctp_clog.x.rwnd.overhead = overhead; 436 sctp_clog.x.rwnd.new_rwnd = 0; 437 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 438 SCTP_LOG_EVENT_RWND, 439 from, 440 sctp_clog.x.misc.log1, 441 sctp_clog.x.misc.log2, 442 sctp_clog.x.misc.log3, 443 sctp_clog.x.misc.log4); 444 #endif 445 } 446 447 void 448 sctp_log_rwnd_set(uint8_t from, uint32_t peers_rwnd, uint32_t flight_size, uint32_t overhead, uint32_t a_rwndval) 449 { 450 #if defined(SCTP_LOCAL_TRACE_BUF) 451 struct sctp_cwnd_log sctp_clog; 452 453 sctp_clog.x.rwnd.rwnd = peers_rwnd; 454 sctp_clog.x.rwnd.send_size = flight_size; 455 sctp_clog.x.rwnd.overhead = overhead; 456 sctp_clog.x.rwnd.new_rwnd = a_rwndval; 457 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 458 SCTP_LOG_EVENT_RWND, 459 from, 460 sctp_clog.x.misc.log1, 461 sctp_clog.x.misc.log2, 462 sctp_clog.x.misc.log3, 463 sctp_clog.x.misc.log4); 464 #endif 465 } 466 467 #ifdef SCTP_MBCNT_LOGGING 468 static void 469 sctp_log_mbcnt(uint8_t from, uint32_t total_oq, uint32_t book, uint32_t total_mbcnt_q, uint32_t mbcnt) 470 { 471 #if defined(SCTP_LOCAL_TRACE_BUF) 472 struct sctp_cwnd_log sctp_clog; 473 474 sctp_clog.x.mbcnt.total_queue_size = total_oq; 475 sctp_clog.x.mbcnt.size_change = book; 476 sctp_clog.x.mbcnt.total_queue_mb_size = total_mbcnt_q; 477 sctp_clog.x.mbcnt.mbcnt_change = mbcnt; 478 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 479 SCTP_LOG_EVENT_MBCNT, 480 from, 481 sctp_clog.x.misc.log1, 482 sctp_clog.x.misc.log2, 483 sctp_clog.x.misc.log3, 484 sctp_clog.x.misc.log4); 485 #endif 486 } 487 #endif 488 489 void 490 sctp_misc_ints(uint8_t from, uint32_t a, uint32_t b, uint32_t c, uint32_t d) 491 { 492 #if defined(SCTP_LOCAL_TRACE_BUF) 493 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 494 SCTP_LOG_MISC_EVENT, 495 from, 496 a, b, c, d); 497 #endif 498 } 499 500 void 501 sctp_wakeup_log(struct sctp_tcb *stcb, uint32_t wake_cnt, int from) 502 { 503 #if defined(SCTP_LOCAL_TRACE_BUF) 504 struct sctp_cwnd_log sctp_clog; 505 506 sctp_clog.x.wake.stcb = (void *)stcb; 507 sctp_clog.x.wake.wake_cnt = wake_cnt; 508 sctp_clog.x.wake.flight = stcb->asoc.total_flight_count; 509 sctp_clog.x.wake.send_q = stcb->asoc.send_queue_cnt; 510 sctp_clog.x.wake.sent_q = stcb->asoc.sent_queue_cnt; 511 512 if (stcb->asoc.stream_queue_cnt < 0xff) 513 sctp_clog.x.wake.stream_qcnt = (uint8_t)stcb->asoc.stream_queue_cnt; 514 else 515 sctp_clog.x.wake.stream_qcnt = 0xff; 516 517 if (stcb->asoc.chunks_on_out_queue < 0xff) 518 sctp_clog.x.wake.chunks_on_oque = (uint8_t)stcb->asoc.chunks_on_out_queue; 519 else 520 sctp_clog.x.wake.chunks_on_oque = 0xff; 521 522 sctp_clog.x.wake.sctpflags = 0; 523 /* set in the defered mode stuff */ 524 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE) 525 sctp_clog.x.wake.sctpflags |= 1; 526 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT) 527 sctp_clog.x.wake.sctpflags |= 2; 528 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT) 529 sctp_clog.x.wake.sctpflags |= 4; 530 /* what about the sb */ 531 if (stcb->sctp_socket) { 532 struct socket *so = stcb->sctp_socket; 533 534 sctp_clog.x.wake.sbflags = (uint8_t)((so->so_snd.sb_flags & 0x00ff)); 535 } else { 536 sctp_clog.x.wake.sbflags = 0xff; 537 } 538 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 539 SCTP_LOG_EVENT_WAKE, 540 from, 541 sctp_clog.x.misc.log1, 542 sctp_clog.x.misc.log2, 543 sctp_clog.x.misc.log3, 544 sctp_clog.x.misc.log4); 545 #endif 546 } 547 548 void 549 sctp_log_block(uint8_t from, struct sctp_association *asoc, ssize_t sendlen) 550 { 551 #if defined(SCTP_LOCAL_TRACE_BUF) 552 struct sctp_cwnd_log sctp_clog; 553 554 sctp_clog.x.blk.onsb = asoc->total_output_queue_size; 555 sctp_clog.x.blk.send_sent_qcnt = (uint16_t)(asoc->send_queue_cnt + asoc->sent_queue_cnt); 556 sctp_clog.x.blk.peer_rwnd = asoc->peers_rwnd; 557 sctp_clog.x.blk.stream_qcnt = (uint16_t)asoc->stream_queue_cnt; 558 sctp_clog.x.blk.chunks_on_oque = (uint16_t)asoc->chunks_on_out_queue; 559 sctp_clog.x.blk.flight_size = (uint16_t)(asoc->total_flight / 1024); 560 sctp_clog.x.blk.sndlen = (uint32_t)sendlen; 561 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 562 SCTP_LOG_EVENT_BLOCK, 563 from, 564 sctp_clog.x.misc.log1, 565 sctp_clog.x.misc.log2, 566 sctp_clog.x.misc.log3, 567 sctp_clog.x.misc.log4); 568 #endif 569 } 570 571 int 572 sctp_fill_stat_log(void *optval SCTP_UNUSED, size_t *optsize SCTP_UNUSED) 573 { 574 /* May need to fix this if ktrdump does not work */ 575 return (0); 576 } 577 578 #ifdef SCTP_AUDITING_ENABLED 579 uint8_t sctp_audit_data[SCTP_AUDIT_SIZE][2]; 580 static int sctp_audit_indx = 0; 581 582 static 583 void 584 sctp_print_audit_report(void) 585 { 586 int i; 587 int cnt; 588 589 cnt = 0; 590 for (i = sctp_audit_indx; i < SCTP_AUDIT_SIZE; i++) { 591 if ((sctp_audit_data[i][0] == 0xe0) && 592 (sctp_audit_data[i][1] == 0x01)) { 593 cnt = 0; 594 SCTP_PRINTF("\n"); 595 } else if (sctp_audit_data[i][0] == 0xf0) { 596 cnt = 0; 597 SCTP_PRINTF("\n"); 598 } else if ((sctp_audit_data[i][0] == 0xc0) && 599 (sctp_audit_data[i][1] == 0x01)) { 600 SCTP_PRINTF("\n"); 601 cnt = 0; 602 } 603 SCTP_PRINTF("%2.2x%2.2x ", (uint32_t)sctp_audit_data[i][0], 604 (uint32_t)sctp_audit_data[i][1]); 605 cnt++; 606 if ((cnt % 14) == 0) 607 SCTP_PRINTF("\n"); 608 } 609 for (i = 0; i < sctp_audit_indx; i++) { 610 if ((sctp_audit_data[i][0] == 0xe0) && 611 (sctp_audit_data[i][1] == 0x01)) { 612 cnt = 0; 613 SCTP_PRINTF("\n"); 614 } else if (sctp_audit_data[i][0] == 0xf0) { 615 cnt = 0; 616 SCTP_PRINTF("\n"); 617 } else if ((sctp_audit_data[i][0] == 0xc0) && 618 (sctp_audit_data[i][1] == 0x01)) { 619 SCTP_PRINTF("\n"); 620 cnt = 0; 621 } 622 SCTP_PRINTF("%2.2x%2.2x ", (uint32_t)sctp_audit_data[i][0], 623 (uint32_t)sctp_audit_data[i][1]); 624 cnt++; 625 if ((cnt % 14) == 0) 626 SCTP_PRINTF("\n"); 627 } 628 SCTP_PRINTF("\n"); 629 } 630 631 void 632 sctp_auditing(int from, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 633 struct sctp_nets *net) 634 { 635 int resend_cnt, tot_out, rep, tot_book_cnt; 636 struct sctp_nets *lnet; 637 struct sctp_tmit_chunk *chk; 638 639 sctp_audit_data[sctp_audit_indx][0] = 0xAA; 640 sctp_audit_data[sctp_audit_indx][1] = 0x000000ff & from; 641 sctp_audit_indx++; 642 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 643 sctp_audit_indx = 0; 644 } 645 if (inp == NULL) { 646 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 647 sctp_audit_data[sctp_audit_indx][1] = 0x01; 648 sctp_audit_indx++; 649 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 650 sctp_audit_indx = 0; 651 } 652 return; 653 } 654 if (stcb == NULL) { 655 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 656 sctp_audit_data[sctp_audit_indx][1] = 0x02; 657 sctp_audit_indx++; 658 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 659 sctp_audit_indx = 0; 660 } 661 return; 662 } 663 sctp_audit_data[sctp_audit_indx][0] = 0xA1; 664 sctp_audit_data[sctp_audit_indx][1] = 665 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 666 sctp_audit_indx++; 667 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 668 sctp_audit_indx = 0; 669 } 670 rep = 0; 671 tot_book_cnt = 0; 672 resend_cnt = tot_out = 0; 673 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 674 if (chk->sent == SCTP_DATAGRAM_RESEND) { 675 resend_cnt++; 676 } else if (chk->sent < SCTP_DATAGRAM_RESEND) { 677 tot_out += chk->book_size; 678 tot_book_cnt++; 679 } 680 } 681 if (resend_cnt != stcb->asoc.sent_queue_retran_cnt) { 682 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 683 sctp_audit_data[sctp_audit_indx][1] = 0xA1; 684 sctp_audit_indx++; 685 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 686 sctp_audit_indx = 0; 687 } 688 SCTP_PRINTF("resend_cnt:%d asoc-tot:%d\n", 689 resend_cnt, stcb->asoc.sent_queue_retran_cnt); 690 rep = 1; 691 stcb->asoc.sent_queue_retran_cnt = resend_cnt; 692 sctp_audit_data[sctp_audit_indx][0] = 0xA2; 693 sctp_audit_data[sctp_audit_indx][1] = 694 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 695 sctp_audit_indx++; 696 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 697 sctp_audit_indx = 0; 698 } 699 } 700 if (tot_out != stcb->asoc.total_flight) { 701 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 702 sctp_audit_data[sctp_audit_indx][1] = 0xA2; 703 sctp_audit_indx++; 704 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 705 sctp_audit_indx = 0; 706 } 707 rep = 1; 708 SCTP_PRINTF("tot_flt:%d asoc_tot:%d\n", tot_out, 709 (int)stcb->asoc.total_flight); 710 stcb->asoc.total_flight = tot_out; 711 } 712 if (tot_book_cnt != stcb->asoc.total_flight_count) { 713 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 714 sctp_audit_data[sctp_audit_indx][1] = 0xA5; 715 sctp_audit_indx++; 716 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 717 sctp_audit_indx = 0; 718 } 719 rep = 1; 720 SCTP_PRINTF("tot_flt_book:%d\n", tot_book_cnt); 721 722 stcb->asoc.total_flight_count = tot_book_cnt; 723 } 724 tot_out = 0; 725 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 726 tot_out += lnet->flight_size; 727 } 728 if (tot_out != stcb->asoc.total_flight) { 729 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 730 sctp_audit_data[sctp_audit_indx][1] = 0xA3; 731 sctp_audit_indx++; 732 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 733 sctp_audit_indx = 0; 734 } 735 rep = 1; 736 SCTP_PRINTF("real flight:%d net total was %d\n", 737 stcb->asoc.total_flight, tot_out); 738 /* now corrective action */ 739 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 740 741 tot_out = 0; 742 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 743 if ((chk->whoTo == lnet) && 744 (chk->sent < SCTP_DATAGRAM_RESEND)) { 745 tot_out += chk->book_size; 746 } 747 } 748 if (lnet->flight_size != tot_out) { 749 SCTP_PRINTF("net:%p flight was %d corrected to %d\n", 750 (void *)lnet, lnet->flight_size, 751 tot_out); 752 lnet->flight_size = tot_out; 753 } 754 } 755 } 756 if (rep) { 757 sctp_print_audit_report(); 758 } 759 } 760 761 void 762 sctp_audit_log(uint8_t ev, uint8_t fd) 763 { 764 765 sctp_audit_data[sctp_audit_indx][0] = ev; 766 sctp_audit_data[sctp_audit_indx][1] = fd; 767 sctp_audit_indx++; 768 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 769 sctp_audit_indx = 0; 770 } 771 } 772 773 #endif 774 775 /* 776 * sctp_stop_timers_for_shutdown() should be called 777 * when entering the SHUTDOWN_SENT or SHUTDOWN_ACK_SENT 778 * state to make sure that all timers are stopped. 779 */ 780 void 781 sctp_stop_timers_for_shutdown(struct sctp_tcb *stcb) 782 { 783 struct sctp_association *asoc; 784 struct sctp_nets *net; 785 786 asoc = &stcb->asoc; 787 788 (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer); 789 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer); 790 (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer); 791 (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer); 792 (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer); 793 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 794 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer); 795 (void)SCTP_OS_TIMER_STOP(&net->hb_timer.timer); 796 } 797 } 798 799 /* 800 * A list of sizes based on typical mtu's, used only if next hop size not 801 * returned. These values MUST be multiples of 4 and MUST be ordered. 802 */ 803 static uint32_t sctp_mtu_sizes[] = { 804 68, 805 296, 806 508, 807 512, 808 544, 809 576, 810 1004, 811 1492, 812 1500, 813 1536, 814 2000, 815 2048, 816 4352, 817 4464, 818 8166, 819 17912, 820 32000, 821 65532 822 }; 823 824 /* 825 * Return the largest MTU in sctp_mtu_sizes smaller than val. 826 * If val is smaller than the minimum, just return the largest 827 * multiple of 4 smaller or equal to val. 828 * Ensure that the result is a multiple of 4. 829 */ 830 uint32_t 831 sctp_get_prev_mtu(uint32_t val) 832 { 833 uint32_t i; 834 835 val &= 0xfffffffc; 836 if (val <= sctp_mtu_sizes[0]) { 837 return (val); 838 } 839 for (i = 1; i < (sizeof(sctp_mtu_sizes) / sizeof(uint32_t)); i++) { 840 if (val <= sctp_mtu_sizes[i]) { 841 break; 842 } 843 } 844 KASSERT((sctp_mtu_sizes[i - 1] & 0x00000003) == 0, 845 ("sctp_mtu_sizes[%u] not a multiple of 4", i - 1)); 846 return (sctp_mtu_sizes[i - 1]); 847 } 848 849 /* 850 * Return the smallest MTU in sctp_mtu_sizes larger than val. 851 * If val is larger than the maximum, just return the largest multiple of 4 smaller 852 * or equal to val. 853 * Ensure that the result is a multiple of 4. 854 */ 855 uint32_t 856 sctp_get_next_mtu(uint32_t val) 857 { 858 /* select another MTU that is just bigger than this one */ 859 uint32_t i; 860 861 val &= 0xfffffffc; 862 for (i = 0; i < (sizeof(sctp_mtu_sizes) / sizeof(uint32_t)); i++) { 863 if (val < sctp_mtu_sizes[i]) { 864 KASSERT((sctp_mtu_sizes[i] & 0x00000003) == 0, 865 ("sctp_mtu_sizes[%u] not a multiple of 4", i)); 866 return (sctp_mtu_sizes[i]); 867 } 868 } 869 return (val); 870 } 871 872 void 873 sctp_fill_random_store(struct sctp_pcb *m) 874 { 875 /* 876 * Here we use the MD5/SHA-1 to hash with our good randomNumbers and 877 * our counter. The result becomes our good random numbers and we 878 * then setup to give these out. Note that we do no locking to 879 * protect this. This is ok, since if competing folks call this we 880 * will get more gobbled gook in the random store which is what we 881 * want. There is a danger that two guys will use the same random 882 * numbers, but thats ok too since that is random as well :-> 883 */ 884 m->store_at = 0; 885 (void)sctp_hmac(SCTP_HMAC, (uint8_t *)m->random_numbers, 886 sizeof(m->random_numbers), (uint8_t *)&m->random_counter, 887 sizeof(m->random_counter), (uint8_t *)m->random_store); 888 m->random_counter++; 889 } 890 891 uint32_t 892 sctp_select_initial_TSN(struct sctp_pcb *inp) 893 { 894 /* 895 * A true implementation should use random selection process to get 896 * the initial stream sequence number, using RFC1750 as a good 897 * guideline 898 */ 899 uint32_t x, *xp; 900 uint8_t *p; 901 int store_at, new_store; 902 903 if (inp->initial_sequence_debug != 0) { 904 uint32_t ret; 905 906 ret = inp->initial_sequence_debug; 907 inp->initial_sequence_debug++; 908 return (ret); 909 } 910 retry: 911 store_at = inp->store_at; 912 new_store = store_at + sizeof(uint32_t); 913 if (new_store >= (SCTP_SIGNATURE_SIZE - 3)) { 914 new_store = 0; 915 } 916 if (!atomic_cmpset_int(&inp->store_at, store_at, new_store)) { 917 goto retry; 918 } 919 if (new_store == 0) { 920 /* Refill the random store */ 921 sctp_fill_random_store(inp); 922 } 923 p = &inp->random_store[store_at]; 924 xp = (uint32_t *)p; 925 x = *xp; 926 return (x); 927 } 928 929 uint32_t 930 sctp_select_a_tag(struct sctp_inpcb *inp, uint16_t lport, uint16_t rport, int check) 931 { 932 uint32_t x; 933 struct timeval now; 934 935 if (check) { 936 (void)SCTP_GETTIME_TIMEVAL(&now); 937 } 938 for (;;) { 939 x = sctp_select_initial_TSN(&inp->sctp_ep); 940 if (x == 0) { 941 /* we never use 0 */ 942 continue; 943 } 944 if (!check || sctp_is_vtag_good(x, lport, rport, &now)) { 945 break; 946 } 947 } 948 return (x); 949 } 950 951 int32_t 952 sctp_map_assoc_state(int kernel_state) 953 { 954 int32_t user_state; 955 956 if (kernel_state & SCTP_STATE_WAS_ABORTED) { 957 user_state = SCTP_CLOSED; 958 } else if (kernel_state & SCTP_STATE_SHUTDOWN_PENDING) { 959 user_state = SCTP_SHUTDOWN_PENDING; 960 } else { 961 switch (kernel_state & SCTP_STATE_MASK) { 962 case SCTP_STATE_EMPTY: 963 user_state = SCTP_CLOSED; 964 break; 965 case SCTP_STATE_INUSE: 966 user_state = SCTP_CLOSED; 967 break; 968 case SCTP_STATE_COOKIE_WAIT: 969 user_state = SCTP_COOKIE_WAIT; 970 break; 971 case SCTP_STATE_COOKIE_ECHOED: 972 user_state = SCTP_COOKIE_ECHOED; 973 break; 974 case SCTP_STATE_OPEN: 975 user_state = SCTP_ESTABLISHED; 976 break; 977 case SCTP_STATE_SHUTDOWN_SENT: 978 user_state = SCTP_SHUTDOWN_SENT; 979 break; 980 case SCTP_STATE_SHUTDOWN_RECEIVED: 981 user_state = SCTP_SHUTDOWN_RECEIVED; 982 break; 983 case SCTP_STATE_SHUTDOWN_ACK_SENT: 984 user_state = SCTP_SHUTDOWN_ACK_SENT; 985 break; 986 default: 987 user_state = SCTP_CLOSED; 988 break; 989 } 990 } 991 return (user_state); 992 } 993 994 int 995 sctp_init_asoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 996 uint32_t override_tag, uint32_t vrf_id, uint16_t o_strms) 997 { 998 struct sctp_association *asoc; 999 1000 /* 1001 * Anything set to zero is taken care of by the allocation routine's 1002 * bzero 1003 */ 1004 1005 /* 1006 * Up front select what scoping to apply on addresses I tell my peer 1007 * Not sure what to do with these right now, we will need to come up 1008 * with a way to set them. We may need to pass them through from the 1009 * caller in the sctp_aloc_assoc() function. 1010 */ 1011 int i; 1012 #if defined(SCTP_DETAILED_STR_STATS) 1013 int j; 1014 #endif 1015 1016 asoc = &stcb->asoc; 1017 /* init all variables to a known value. */ 1018 SCTP_SET_STATE(stcb, SCTP_STATE_INUSE); 1019 asoc->max_burst = inp->sctp_ep.max_burst; 1020 asoc->fr_max_burst = inp->sctp_ep.fr_max_burst; 1021 asoc->heart_beat_delay = TICKS_TO_MSEC(inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_HEARTBEAT]); 1022 asoc->cookie_life = inp->sctp_ep.def_cookie_life; 1023 asoc->sctp_cmt_on_off = inp->sctp_cmt_on_off; 1024 asoc->ecn_supported = inp->ecn_supported; 1025 asoc->prsctp_supported = inp->prsctp_supported; 1026 asoc->idata_supported = inp->idata_supported; 1027 asoc->auth_supported = inp->auth_supported; 1028 asoc->asconf_supported = inp->asconf_supported; 1029 asoc->reconfig_supported = inp->reconfig_supported; 1030 asoc->nrsack_supported = inp->nrsack_supported; 1031 asoc->pktdrop_supported = inp->pktdrop_supported; 1032 asoc->idata_supported = inp->idata_supported; 1033 asoc->sctp_cmt_pf = (uint8_t)0; 1034 asoc->sctp_frag_point = inp->sctp_frag_point; 1035 asoc->sctp_features = inp->sctp_features; 1036 asoc->default_dscp = inp->sctp_ep.default_dscp; 1037 asoc->max_cwnd = inp->max_cwnd; 1038 #ifdef INET6 1039 if (inp->sctp_ep.default_flowlabel) { 1040 asoc->default_flowlabel = inp->sctp_ep.default_flowlabel; 1041 } else { 1042 if (inp->ip_inp.inp.inp_flags & IN6P_AUTOFLOWLABEL) { 1043 asoc->default_flowlabel = sctp_select_initial_TSN(&inp->sctp_ep); 1044 asoc->default_flowlabel &= 0x000fffff; 1045 asoc->default_flowlabel |= 0x80000000; 1046 } else { 1047 asoc->default_flowlabel = 0; 1048 } 1049 } 1050 #endif 1051 asoc->sb_send_resv = 0; 1052 if (override_tag) { 1053 asoc->my_vtag = override_tag; 1054 } else { 1055 asoc->my_vtag = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 1); 1056 } 1057 /* Get the nonce tags */ 1058 asoc->my_vtag_nonce = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 0); 1059 asoc->peer_vtag_nonce = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 0); 1060 asoc->vrf_id = vrf_id; 1061 1062 #ifdef SCTP_ASOCLOG_OF_TSNS 1063 asoc->tsn_in_at = 0; 1064 asoc->tsn_out_at = 0; 1065 asoc->tsn_in_wrapped = 0; 1066 asoc->tsn_out_wrapped = 0; 1067 asoc->cumack_log_at = 0; 1068 asoc->cumack_log_atsnt = 0; 1069 #endif 1070 #ifdef SCTP_FS_SPEC_LOG 1071 asoc->fs_index = 0; 1072 #endif 1073 asoc->refcnt = 0; 1074 asoc->assoc_up_sent = 0; 1075 asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number = asoc->sending_seq = 1076 sctp_select_initial_TSN(&inp->sctp_ep); 1077 asoc->asconf_seq_out_acked = asoc->asconf_seq_out - 1; 1078 /* we are optimisitic here */ 1079 asoc->peer_supports_nat = 0; 1080 asoc->sent_queue_retran_cnt = 0; 1081 1082 /* for CMT */ 1083 asoc->last_net_cmt_send_started = NULL; 1084 1085 /* This will need to be adjusted */ 1086 asoc->last_acked_seq = asoc->init_seq_number - 1; 1087 asoc->advanced_peer_ack_point = asoc->last_acked_seq; 1088 asoc->asconf_seq_in = asoc->last_acked_seq; 1089 1090 /* here we are different, we hold the next one we expect */ 1091 asoc->str_reset_seq_in = asoc->last_acked_seq + 1; 1092 1093 asoc->initial_init_rto_max = inp->sctp_ep.initial_init_rto_max; 1094 asoc->initial_rto = inp->sctp_ep.initial_rto; 1095 1096 asoc->default_mtu = inp->sctp_ep.default_mtu; 1097 asoc->max_init_times = inp->sctp_ep.max_init_times; 1098 asoc->max_send_times = inp->sctp_ep.max_send_times; 1099 asoc->def_net_failure = inp->sctp_ep.def_net_failure; 1100 asoc->def_net_pf_threshold = inp->sctp_ep.def_net_pf_threshold; 1101 asoc->free_chunk_cnt = 0; 1102 1103 asoc->iam_blocking = 0; 1104 asoc->context = inp->sctp_context; 1105 asoc->local_strreset_support = inp->local_strreset_support; 1106 asoc->def_send = inp->def_send; 1107 asoc->delayed_ack = TICKS_TO_MSEC(inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_RECV]); 1108 asoc->sack_freq = inp->sctp_ep.sctp_sack_freq; 1109 asoc->pr_sctp_cnt = 0; 1110 asoc->total_output_queue_size = 0; 1111 1112 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 1113 asoc->scope.ipv6_addr_legal = 1; 1114 if (SCTP_IPV6_V6ONLY(inp) == 0) { 1115 asoc->scope.ipv4_addr_legal = 1; 1116 } else { 1117 asoc->scope.ipv4_addr_legal = 0; 1118 } 1119 } else { 1120 asoc->scope.ipv6_addr_legal = 0; 1121 asoc->scope.ipv4_addr_legal = 1; 1122 } 1123 1124 asoc->my_rwnd = max(SCTP_SB_LIMIT_RCV(inp->sctp_socket), SCTP_MINIMAL_RWND); 1125 asoc->peers_rwnd = SCTP_SB_LIMIT_RCV(inp->sctp_socket); 1126 1127 asoc->smallest_mtu = inp->sctp_frag_point; 1128 asoc->minrto = inp->sctp_ep.sctp_minrto; 1129 asoc->maxrto = inp->sctp_ep.sctp_maxrto; 1130 1131 asoc->stream_locked_on = 0; 1132 asoc->ecn_echo_cnt_onq = 0; 1133 asoc->stream_locked = 0; 1134 1135 asoc->send_sack = 1; 1136 1137 LIST_INIT(&asoc->sctp_restricted_addrs); 1138 1139 TAILQ_INIT(&asoc->nets); 1140 TAILQ_INIT(&asoc->pending_reply_queue); 1141 TAILQ_INIT(&asoc->asconf_ack_sent); 1142 /* Setup to fill the hb random cache at first HB */ 1143 asoc->hb_random_idx = 4; 1144 1145 asoc->sctp_autoclose_ticks = inp->sctp_ep.auto_close_time; 1146 1147 stcb->asoc.congestion_control_module = inp->sctp_ep.sctp_default_cc_module; 1148 stcb->asoc.cc_functions = sctp_cc_functions[inp->sctp_ep.sctp_default_cc_module]; 1149 1150 stcb->asoc.stream_scheduling_module = inp->sctp_ep.sctp_default_ss_module; 1151 stcb->asoc.ss_functions = sctp_ss_functions[inp->sctp_ep.sctp_default_ss_module]; 1152 1153 /* 1154 * Now the stream parameters, here we allocate space for all streams 1155 * that we request by default. 1156 */ 1157 asoc->strm_realoutsize = asoc->streamoutcnt = asoc->pre_open_streams = 1158 o_strms; 1159 SCTP_MALLOC(asoc->strmout, struct sctp_stream_out *, 1160 asoc->streamoutcnt * sizeof(struct sctp_stream_out), 1161 SCTP_M_STRMO); 1162 if (asoc->strmout == NULL) { 1163 /* big trouble no memory */ 1164 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1165 return (ENOMEM); 1166 } 1167 for (i = 0; i < asoc->streamoutcnt; i++) { 1168 /* 1169 * inbound side must be set to 0xffff, also NOTE when we get 1170 * the INIT-ACK back (for INIT sender) we MUST reduce the 1171 * count (streamoutcnt) but first check if we sent to any of 1172 * the upper streams that were dropped (if some were). Those 1173 * that were dropped must be notified to the upper layer as 1174 * failed to send. 1175 */ 1176 asoc->strmout[i].next_mid_ordered = 0; 1177 asoc->strmout[i].next_mid_unordered = 0; 1178 TAILQ_INIT(&asoc->strmout[i].outqueue); 1179 asoc->strmout[i].chunks_on_queues = 0; 1180 #if defined(SCTP_DETAILED_STR_STATS) 1181 for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) { 1182 asoc->strmout[i].abandoned_sent[j] = 0; 1183 asoc->strmout[i].abandoned_unsent[j] = 0; 1184 } 1185 #else 1186 asoc->strmout[i].abandoned_sent[0] = 0; 1187 asoc->strmout[i].abandoned_unsent[0] = 0; 1188 #endif 1189 asoc->strmout[i].sid = i; 1190 asoc->strmout[i].last_msg_incomplete = 0; 1191 asoc->strmout[i].state = SCTP_STREAM_OPENING; 1192 asoc->ss_functions.sctp_ss_init_stream(stcb, &asoc->strmout[i], NULL); 1193 } 1194 asoc->ss_functions.sctp_ss_init(stcb, asoc, 0); 1195 1196 /* Now the mapping array */ 1197 asoc->mapping_array_size = SCTP_INITIAL_MAPPING_ARRAY; 1198 SCTP_MALLOC(asoc->mapping_array, uint8_t *, asoc->mapping_array_size, 1199 SCTP_M_MAP); 1200 if (asoc->mapping_array == NULL) { 1201 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 1202 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1203 return (ENOMEM); 1204 } 1205 memset(asoc->mapping_array, 0, asoc->mapping_array_size); 1206 SCTP_MALLOC(asoc->nr_mapping_array, uint8_t *, asoc->mapping_array_size, 1207 SCTP_M_MAP); 1208 if (asoc->nr_mapping_array == NULL) { 1209 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 1210 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 1211 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1212 return (ENOMEM); 1213 } 1214 memset(asoc->nr_mapping_array, 0, asoc->mapping_array_size); 1215 1216 /* Now the init of the other outqueues */ 1217 TAILQ_INIT(&asoc->free_chunks); 1218 TAILQ_INIT(&asoc->control_send_queue); 1219 TAILQ_INIT(&asoc->asconf_send_queue); 1220 TAILQ_INIT(&asoc->send_queue); 1221 TAILQ_INIT(&asoc->sent_queue); 1222 TAILQ_INIT(&asoc->resetHead); 1223 asoc->max_inbound_streams = inp->sctp_ep.max_open_streams_intome; 1224 TAILQ_INIT(&asoc->asconf_queue); 1225 /* authentication fields */ 1226 asoc->authinfo.random = NULL; 1227 asoc->authinfo.active_keyid = 0; 1228 asoc->authinfo.assoc_key = NULL; 1229 asoc->authinfo.assoc_keyid = 0; 1230 asoc->authinfo.recv_key = NULL; 1231 asoc->authinfo.recv_keyid = 0; 1232 LIST_INIT(&asoc->shared_keys); 1233 asoc->marked_retrans = 0; 1234 asoc->port = inp->sctp_ep.port; 1235 asoc->timoinit = 0; 1236 asoc->timodata = 0; 1237 asoc->timosack = 0; 1238 asoc->timoshutdown = 0; 1239 asoc->timoheartbeat = 0; 1240 asoc->timocookie = 0; 1241 asoc->timoshutdownack = 0; 1242 (void)SCTP_GETTIME_TIMEVAL(&asoc->start_time); 1243 asoc->discontinuity_time = asoc->start_time; 1244 for (i = 0; i < SCTP_PR_SCTP_MAX + 1; i++) { 1245 asoc->abandoned_unsent[i] = 0; 1246 asoc->abandoned_sent[i] = 0; 1247 } 1248 /* 1249 * sa_ignore MEMLEAK {memory is put in the assoc mapping array and 1250 * freed later when the association is freed. 1251 */ 1252 return (0); 1253 } 1254 1255 void 1256 sctp_print_mapping_array(struct sctp_association *asoc) 1257 { 1258 unsigned int i, limit; 1259 1260 SCTP_PRINTF("Mapping array size: %d, baseTSN: %8.8x, cumAck: %8.8x, highestTSN: (%8.8x, %8.8x).\n", 1261 asoc->mapping_array_size, 1262 asoc->mapping_array_base_tsn, 1263 asoc->cumulative_tsn, 1264 asoc->highest_tsn_inside_map, 1265 asoc->highest_tsn_inside_nr_map); 1266 for (limit = asoc->mapping_array_size; limit > 1; limit--) { 1267 if (asoc->mapping_array[limit - 1] != 0) { 1268 break; 1269 } 1270 } 1271 SCTP_PRINTF("Renegable mapping array (last %d entries are zero):\n", asoc->mapping_array_size - limit); 1272 for (i = 0; i < limit; i++) { 1273 SCTP_PRINTF("%2.2x%c", asoc->mapping_array[i], ((i + 1) % 16) ? ' ' : '\n'); 1274 } 1275 if (limit % 16) 1276 SCTP_PRINTF("\n"); 1277 for (limit = asoc->mapping_array_size; limit > 1; limit--) { 1278 if (asoc->nr_mapping_array[limit - 1]) { 1279 break; 1280 } 1281 } 1282 SCTP_PRINTF("Non renegable mapping array (last %d entries are zero):\n", asoc->mapping_array_size - limit); 1283 for (i = 0; i < limit; i++) { 1284 SCTP_PRINTF("%2.2x%c", asoc->nr_mapping_array[i], ((i + 1) % 16) ? ' ' : '\n'); 1285 } 1286 if (limit % 16) 1287 SCTP_PRINTF("\n"); 1288 } 1289 1290 int 1291 sctp_expand_mapping_array(struct sctp_association *asoc, uint32_t needed) 1292 { 1293 /* mapping array needs to grow */ 1294 uint8_t *new_array1, *new_array2; 1295 uint32_t new_size; 1296 1297 new_size = asoc->mapping_array_size + ((needed + 7) / 8 + SCTP_MAPPING_ARRAY_INCR); 1298 SCTP_MALLOC(new_array1, uint8_t *, new_size, SCTP_M_MAP); 1299 SCTP_MALLOC(new_array2, uint8_t *, new_size, SCTP_M_MAP); 1300 if ((new_array1 == NULL) || (new_array2 == NULL)) { 1301 /* can't get more, forget it */ 1302 SCTP_PRINTF("No memory for expansion of SCTP mapping array %d\n", new_size); 1303 if (new_array1) { 1304 SCTP_FREE(new_array1, SCTP_M_MAP); 1305 } 1306 if (new_array2) { 1307 SCTP_FREE(new_array2, SCTP_M_MAP); 1308 } 1309 return (-1); 1310 } 1311 memset(new_array1, 0, new_size); 1312 memset(new_array2, 0, new_size); 1313 memcpy(new_array1, asoc->mapping_array, asoc->mapping_array_size); 1314 memcpy(new_array2, asoc->nr_mapping_array, asoc->mapping_array_size); 1315 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 1316 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP); 1317 asoc->mapping_array = new_array1; 1318 asoc->nr_mapping_array = new_array2; 1319 asoc->mapping_array_size = new_size; 1320 return (0); 1321 } 1322 1323 1324 static void 1325 sctp_iterator_work(struct sctp_iterator *it) 1326 { 1327 int iteration_count = 0; 1328 int inp_skip = 0; 1329 int first_in = 1; 1330 struct sctp_inpcb *tinp; 1331 1332 SCTP_INP_INFO_RLOCK(); 1333 SCTP_ITERATOR_LOCK(); 1334 sctp_it_ctl.cur_it = it; 1335 if (it->inp) { 1336 SCTP_INP_RLOCK(it->inp); 1337 SCTP_INP_DECR_REF(it->inp); 1338 } 1339 if (it->inp == NULL) { 1340 /* iterator is complete */ 1341 done_with_iterator: 1342 sctp_it_ctl.cur_it = NULL; 1343 SCTP_ITERATOR_UNLOCK(); 1344 SCTP_INP_INFO_RUNLOCK(); 1345 if (it->function_atend != NULL) { 1346 (*it->function_atend) (it->pointer, it->val); 1347 } 1348 SCTP_FREE(it, SCTP_M_ITER); 1349 return; 1350 } 1351 select_a_new_ep: 1352 if (first_in) { 1353 first_in = 0; 1354 } else { 1355 SCTP_INP_RLOCK(it->inp); 1356 } 1357 while (((it->pcb_flags) && 1358 ((it->inp->sctp_flags & it->pcb_flags) != it->pcb_flags)) || 1359 ((it->pcb_features) && 1360 ((it->inp->sctp_features & it->pcb_features) != it->pcb_features))) { 1361 /* endpoint flags or features don't match, so keep looking */ 1362 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 1363 SCTP_INP_RUNLOCK(it->inp); 1364 goto done_with_iterator; 1365 } 1366 tinp = it->inp; 1367 it->inp = LIST_NEXT(it->inp, sctp_list); 1368 SCTP_INP_RUNLOCK(tinp); 1369 if (it->inp == NULL) { 1370 goto done_with_iterator; 1371 } 1372 SCTP_INP_RLOCK(it->inp); 1373 } 1374 /* now go through each assoc which is in the desired state */ 1375 if (it->done_current_ep == 0) { 1376 if (it->function_inp != NULL) 1377 inp_skip = (*it->function_inp) (it->inp, it->pointer, it->val); 1378 it->done_current_ep = 1; 1379 } 1380 if (it->stcb == NULL) { 1381 /* run the per instance function */ 1382 it->stcb = LIST_FIRST(&it->inp->sctp_asoc_list); 1383 } 1384 if ((inp_skip) || it->stcb == NULL) { 1385 if (it->function_inp_end != NULL) { 1386 inp_skip = (*it->function_inp_end) (it->inp, 1387 it->pointer, 1388 it->val); 1389 } 1390 SCTP_INP_RUNLOCK(it->inp); 1391 goto no_stcb; 1392 } 1393 while (it->stcb) { 1394 SCTP_TCB_LOCK(it->stcb); 1395 if (it->asoc_state && ((it->stcb->asoc.state & it->asoc_state) != it->asoc_state)) { 1396 /* not in the right state... keep looking */ 1397 SCTP_TCB_UNLOCK(it->stcb); 1398 goto next_assoc; 1399 } 1400 /* see if we have limited out the iterator loop */ 1401 iteration_count++; 1402 if (iteration_count > SCTP_ITERATOR_MAX_AT_ONCE) { 1403 /* Pause to let others grab the lock */ 1404 atomic_add_int(&it->stcb->asoc.refcnt, 1); 1405 SCTP_TCB_UNLOCK(it->stcb); 1406 SCTP_INP_INCR_REF(it->inp); 1407 SCTP_INP_RUNLOCK(it->inp); 1408 SCTP_ITERATOR_UNLOCK(); 1409 SCTP_INP_INFO_RUNLOCK(); 1410 SCTP_INP_INFO_RLOCK(); 1411 SCTP_ITERATOR_LOCK(); 1412 if (sctp_it_ctl.iterator_flags) { 1413 /* We won't be staying here */ 1414 SCTP_INP_DECR_REF(it->inp); 1415 atomic_add_int(&it->stcb->asoc.refcnt, -1); 1416 if (sctp_it_ctl.iterator_flags & 1417 SCTP_ITERATOR_STOP_CUR_IT) { 1418 sctp_it_ctl.iterator_flags &= ~SCTP_ITERATOR_STOP_CUR_IT; 1419 goto done_with_iterator; 1420 } 1421 if (sctp_it_ctl.iterator_flags & 1422 SCTP_ITERATOR_STOP_CUR_INP) { 1423 sctp_it_ctl.iterator_flags &= ~SCTP_ITERATOR_STOP_CUR_INP; 1424 goto no_stcb; 1425 } 1426 /* If we reach here huh? */ 1427 SCTP_PRINTF("Unknown it ctl flag %x\n", 1428 sctp_it_ctl.iterator_flags); 1429 sctp_it_ctl.iterator_flags = 0; 1430 } 1431 SCTP_INP_RLOCK(it->inp); 1432 SCTP_INP_DECR_REF(it->inp); 1433 SCTP_TCB_LOCK(it->stcb); 1434 atomic_add_int(&it->stcb->asoc.refcnt, -1); 1435 iteration_count = 0; 1436 } 1437 1438 /* run function on this one */ 1439 (*it->function_assoc) (it->inp, it->stcb, it->pointer, it->val); 1440 1441 /* 1442 * we lie here, it really needs to have its own type but 1443 * first I must verify that this won't effect things :-0 1444 */ 1445 if (it->no_chunk_output == 0) 1446 sctp_chunk_output(it->inp, it->stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1447 1448 SCTP_TCB_UNLOCK(it->stcb); 1449 next_assoc: 1450 it->stcb = LIST_NEXT(it->stcb, sctp_tcblist); 1451 if (it->stcb == NULL) { 1452 /* Run last function */ 1453 if (it->function_inp_end != NULL) { 1454 inp_skip = (*it->function_inp_end) (it->inp, 1455 it->pointer, 1456 it->val); 1457 } 1458 } 1459 } 1460 SCTP_INP_RUNLOCK(it->inp); 1461 no_stcb: 1462 /* done with all assocs on this endpoint, move on to next endpoint */ 1463 it->done_current_ep = 0; 1464 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 1465 it->inp = NULL; 1466 } else { 1467 it->inp = LIST_NEXT(it->inp, sctp_list); 1468 } 1469 if (it->inp == NULL) { 1470 goto done_with_iterator; 1471 } 1472 goto select_a_new_ep; 1473 } 1474 1475 void 1476 sctp_iterator_worker(void) 1477 { 1478 struct sctp_iterator *it, *nit; 1479 1480 /* This function is called with the WQ lock in place */ 1481 1482 sctp_it_ctl.iterator_running = 1; 1483 TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) { 1484 /* now lets work on this one */ 1485 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr); 1486 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 1487 CURVNET_SET(it->vn); 1488 sctp_iterator_work(it); 1489 CURVNET_RESTORE(); 1490 SCTP_IPI_ITERATOR_WQ_LOCK(); 1491 /* sa_ignore FREED_MEMORY */ 1492 } 1493 sctp_it_ctl.iterator_running = 0; 1494 return; 1495 } 1496 1497 1498 static void 1499 sctp_handle_addr_wq(void) 1500 { 1501 /* deal with the ADDR wq from the rtsock calls */ 1502 struct sctp_laddr *wi, *nwi; 1503 struct sctp_asconf_iterator *asc; 1504 1505 SCTP_MALLOC(asc, struct sctp_asconf_iterator *, 1506 sizeof(struct sctp_asconf_iterator), SCTP_M_ASC_IT); 1507 if (asc == NULL) { 1508 /* Try later, no memory */ 1509 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 1510 (struct sctp_inpcb *)NULL, 1511 (struct sctp_tcb *)NULL, 1512 (struct sctp_nets *)NULL); 1513 return; 1514 } 1515 LIST_INIT(&asc->list_of_work); 1516 asc->cnt = 0; 1517 1518 LIST_FOREACH_SAFE(wi, &SCTP_BASE_INFO(addr_wq), sctp_nxt_addr, nwi) { 1519 LIST_REMOVE(wi, sctp_nxt_addr); 1520 LIST_INSERT_HEAD(&asc->list_of_work, wi, sctp_nxt_addr); 1521 asc->cnt++; 1522 } 1523 1524 if (asc->cnt == 0) { 1525 SCTP_FREE(asc, SCTP_M_ASC_IT); 1526 } else { 1527 int ret; 1528 1529 ret = sctp_initiate_iterator(sctp_asconf_iterator_ep, 1530 sctp_asconf_iterator_stcb, 1531 NULL, /* No ep end for boundall */ 1532 SCTP_PCB_FLAGS_BOUNDALL, 1533 SCTP_PCB_ANY_FEATURES, 1534 SCTP_ASOC_ANY_STATE, 1535 (void *)asc, 0, 1536 sctp_asconf_iterator_end, NULL, 0); 1537 if (ret) { 1538 SCTP_PRINTF("Failed to initiate iterator for handle_addr_wq\n"); 1539 /* 1540 * Freeing if we are stopping or put back on the 1541 * addr_wq. 1542 */ 1543 if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) { 1544 sctp_asconf_iterator_end(asc, 0); 1545 } else { 1546 LIST_FOREACH(wi, &asc->list_of_work, sctp_nxt_addr) { 1547 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); 1548 } 1549 SCTP_FREE(asc, SCTP_M_ASC_IT); 1550 } 1551 } 1552 } 1553 } 1554 1555 void 1556 sctp_timeout_handler(void *t) 1557 { 1558 struct sctp_inpcb *inp; 1559 struct sctp_tcb *stcb; 1560 struct sctp_nets *net; 1561 struct sctp_timer *tmr; 1562 struct mbuf *op_err; 1563 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 1564 struct socket *so; 1565 #endif 1566 int did_output; 1567 int type; 1568 1569 tmr = (struct sctp_timer *)t; 1570 inp = (struct sctp_inpcb *)tmr->ep; 1571 stcb = (struct sctp_tcb *)tmr->tcb; 1572 net = (struct sctp_nets *)tmr->net; 1573 CURVNET_SET((struct vnet *)tmr->vnet); 1574 did_output = 1; 1575 1576 #ifdef SCTP_AUDITING_ENABLED 1577 sctp_audit_log(0xF0, (uint8_t)tmr->type); 1578 sctp_auditing(3, inp, stcb, net); 1579 #endif 1580 1581 /* sanity checks... */ 1582 if (tmr->self != (void *)tmr) { 1583 /* 1584 * SCTP_PRINTF("Stale SCTP timer fired (%p), ignoring...\n", 1585 * (void *)tmr); 1586 */ 1587 CURVNET_RESTORE(); 1588 return; 1589 } 1590 tmr->stopped_from = 0xa001; 1591 if (!SCTP_IS_TIMER_TYPE_VALID(tmr->type)) { 1592 /* 1593 * SCTP_PRINTF("SCTP timer fired with invalid type: 0x%x\n", 1594 * tmr->type); 1595 */ 1596 CURVNET_RESTORE(); 1597 return; 1598 } 1599 tmr->stopped_from = 0xa002; 1600 if ((tmr->type != SCTP_TIMER_TYPE_ADDR_WQ) && (inp == NULL)) { 1601 CURVNET_RESTORE(); 1602 return; 1603 } 1604 /* if this is an iterator timeout, get the struct and clear inp */ 1605 tmr->stopped_from = 0xa003; 1606 if (inp) { 1607 SCTP_INP_INCR_REF(inp); 1608 if ((inp->sctp_socket == NULL) && 1609 ((tmr->type != SCTP_TIMER_TYPE_INPKILL) && 1610 (tmr->type != SCTP_TIMER_TYPE_INIT) && 1611 (tmr->type != SCTP_TIMER_TYPE_SEND) && 1612 (tmr->type != SCTP_TIMER_TYPE_RECV) && 1613 (tmr->type != SCTP_TIMER_TYPE_HEARTBEAT) && 1614 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWN) && 1615 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNACK) && 1616 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNGUARD) && 1617 (tmr->type != SCTP_TIMER_TYPE_ASOCKILL))) { 1618 SCTP_INP_DECR_REF(inp); 1619 CURVNET_RESTORE(); 1620 return; 1621 } 1622 } 1623 tmr->stopped_from = 0xa004; 1624 if (stcb) { 1625 atomic_add_int(&stcb->asoc.refcnt, 1); 1626 if (stcb->asoc.state == 0) { 1627 atomic_add_int(&stcb->asoc.refcnt, -1); 1628 if (inp) { 1629 SCTP_INP_DECR_REF(inp); 1630 } 1631 CURVNET_RESTORE(); 1632 return; 1633 } 1634 } 1635 type = tmr->type; 1636 tmr->stopped_from = 0xa005; 1637 SCTPDBG(SCTP_DEBUG_TIMER1, "Timer type %d goes off\n", type); 1638 if (!SCTP_OS_TIMER_ACTIVE(&tmr->timer)) { 1639 if (inp) { 1640 SCTP_INP_DECR_REF(inp); 1641 } 1642 if (stcb) { 1643 atomic_add_int(&stcb->asoc.refcnt, -1); 1644 } 1645 CURVNET_RESTORE(); 1646 return; 1647 } 1648 tmr->stopped_from = 0xa006; 1649 1650 if (stcb) { 1651 SCTP_TCB_LOCK(stcb); 1652 atomic_add_int(&stcb->asoc.refcnt, -1); 1653 if ((type != SCTP_TIMER_TYPE_ASOCKILL) && 1654 ((stcb->asoc.state == 0) || 1655 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED))) { 1656 SCTP_TCB_UNLOCK(stcb); 1657 if (inp) { 1658 SCTP_INP_DECR_REF(inp); 1659 } 1660 CURVNET_RESTORE(); 1661 return; 1662 } 1663 } else if (inp != NULL) { 1664 if (type != SCTP_TIMER_TYPE_INPKILL) { 1665 SCTP_INP_WLOCK(inp); 1666 } 1667 } else { 1668 SCTP_WQ_ADDR_LOCK(); 1669 } 1670 /* record in stopped what t-o occurred */ 1671 tmr->stopped_from = type; 1672 1673 /* mark as being serviced now */ 1674 if (SCTP_OS_TIMER_PENDING(&tmr->timer)) { 1675 /* 1676 * Callout has been rescheduled. 1677 */ 1678 goto get_out; 1679 } 1680 if (!SCTP_OS_TIMER_ACTIVE(&tmr->timer)) { 1681 /* 1682 * Not active, so no action. 1683 */ 1684 goto get_out; 1685 } 1686 SCTP_OS_TIMER_DEACTIVATE(&tmr->timer); 1687 1688 /* call the handler for the appropriate timer type */ 1689 switch (type) { 1690 case SCTP_TIMER_TYPE_ADDR_WQ: 1691 sctp_handle_addr_wq(); 1692 break; 1693 case SCTP_TIMER_TYPE_SEND: 1694 if ((stcb == NULL) || (inp == NULL)) { 1695 break; 1696 } 1697 SCTP_STAT_INCR(sctps_timodata); 1698 stcb->asoc.timodata++; 1699 stcb->asoc.num_send_timers_up--; 1700 if (stcb->asoc.num_send_timers_up < 0) { 1701 stcb->asoc.num_send_timers_up = 0; 1702 } 1703 SCTP_TCB_LOCK_ASSERT(stcb); 1704 if (sctp_t3rxt_timer(inp, stcb, net)) { 1705 /* no need to unlock on tcb its gone */ 1706 1707 goto out_decr; 1708 } 1709 SCTP_TCB_LOCK_ASSERT(stcb); 1710 #ifdef SCTP_AUDITING_ENABLED 1711 sctp_auditing(4, inp, stcb, net); 1712 #endif 1713 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1714 if ((stcb->asoc.num_send_timers_up == 0) && 1715 (stcb->asoc.sent_queue_cnt > 0)) { 1716 struct sctp_tmit_chunk *chk; 1717 1718 /* 1719 * safeguard. If there on some on the sent queue 1720 * somewhere but no timers running something is 1721 * wrong... so we start a timer on the first chunk 1722 * on the send queue on whatever net it is sent to. 1723 */ 1724 chk = TAILQ_FIRST(&stcb->asoc.sent_queue); 1725 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, 1726 chk->whoTo); 1727 } 1728 break; 1729 case SCTP_TIMER_TYPE_INIT: 1730 if ((stcb == NULL) || (inp == NULL)) { 1731 break; 1732 } 1733 SCTP_STAT_INCR(sctps_timoinit); 1734 stcb->asoc.timoinit++; 1735 if (sctp_t1init_timer(inp, stcb, net)) { 1736 /* no need to unlock on tcb its gone */ 1737 goto out_decr; 1738 } 1739 /* We do output but not here */ 1740 did_output = 0; 1741 break; 1742 case SCTP_TIMER_TYPE_RECV: 1743 if ((stcb == NULL) || (inp == NULL)) { 1744 break; 1745 } 1746 SCTP_STAT_INCR(sctps_timosack); 1747 stcb->asoc.timosack++; 1748 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED); 1749 #ifdef SCTP_AUDITING_ENABLED 1750 sctp_auditing(4, inp, stcb, net); 1751 #endif 1752 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SACK_TMR, SCTP_SO_NOT_LOCKED); 1753 break; 1754 case SCTP_TIMER_TYPE_SHUTDOWN: 1755 if ((stcb == NULL) || (inp == NULL)) { 1756 break; 1757 } 1758 if (sctp_shutdown_timer(inp, stcb, net)) { 1759 /* no need to unlock on tcb its gone */ 1760 goto out_decr; 1761 } 1762 SCTP_STAT_INCR(sctps_timoshutdown); 1763 stcb->asoc.timoshutdown++; 1764 #ifdef SCTP_AUDITING_ENABLED 1765 sctp_auditing(4, inp, stcb, net); 1766 #endif 1767 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_TMR, SCTP_SO_NOT_LOCKED); 1768 break; 1769 case SCTP_TIMER_TYPE_HEARTBEAT: 1770 if ((stcb == NULL) || (inp == NULL) || (net == NULL)) { 1771 break; 1772 } 1773 SCTP_STAT_INCR(sctps_timoheartbeat); 1774 stcb->asoc.timoheartbeat++; 1775 if (sctp_heartbeat_timer(inp, stcb, net)) { 1776 /* no need to unlock on tcb its gone */ 1777 goto out_decr; 1778 } 1779 #ifdef SCTP_AUDITING_ENABLED 1780 sctp_auditing(4, inp, stcb, net); 1781 #endif 1782 if (!(net->dest_state & SCTP_ADDR_NOHB)) { 1783 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net); 1784 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_HB_TMR, SCTP_SO_NOT_LOCKED); 1785 } 1786 break; 1787 case SCTP_TIMER_TYPE_COOKIE: 1788 if ((stcb == NULL) || (inp == NULL)) { 1789 break; 1790 } 1791 1792 if (sctp_cookie_timer(inp, stcb, net)) { 1793 /* no need to unlock on tcb its gone */ 1794 goto out_decr; 1795 } 1796 SCTP_STAT_INCR(sctps_timocookie); 1797 stcb->asoc.timocookie++; 1798 #ifdef SCTP_AUDITING_ENABLED 1799 sctp_auditing(4, inp, stcb, net); 1800 #endif 1801 /* 1802 * We consider T3 and Cookie timer pretty much the same with 1803 * respect to where from in chunk_output. 1804 */ 1805 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1806 break; 1807 case SCTP_TIMER_TYPE_NEWCOOKIE: 1808 { 1809 struct timeval tv; 1810 int i, secret; 1811 1812 if (inp == NULL) { 1813 break; 1814 } 1815 SCTP_STAT_INCR(sctps_timosecret); 1816 (void)SCTP_GETTIME_TIMEVAL(&tv); 1817 inp->sctp_ep.time_of_secret_change = tv.tv_sec; 1818 inp->sctp_ep.last_secret_number = 1819 inp->sctp_ep.current_secret_number; 1820 inp->sctp_ep.current_secret_number++; 1821 if (inp->sctp_ep.current_secret_number >= 1822 SCTP_HOW_MANY_SECRETS) { 1823 inp->sctp_ep.current_secret_number = 0; 1824 } 1825 secret = (int)inp->sctp_ep.current_secret_number; 1826 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) { 1827 inp->sctp_ep.secret_key[secret][i] = 1828 sctp_select_initial_TSN(&inp->sctp_ep); 1829 } 1830 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, stcb, net); 1831 } 1832 did_output = 0; 1833 break; 1834 case SCTP_TIMER_TYPE_PATHMTURAISE: 1835 if ((stcb == NULL) || (inp == NULL)) { 1836 break; 1837 } 1838 SCTP_STAT_INCR(sctps_timopathmtu); 1839 sctp_pathmtu_timer(inp, stcb, net); 1840 did_output = 0; 1841 break; 1842 case SCTP_TIMER_TYPE_SHUTDOWNACK: 1843 if ((stcb == NULL) || (inp == NULL)) { 1844 break; 1845 } 1846 if (sctp_shutdownack_timer(inp, stcb, net)) { 1847 /* no need to unlock on tcb its gone */ 1848 goto out_decr; 1849 } 1850 SCTP_STAT_INCR(sctps_timoshutdownack); 1851 stcb->asoc.timoshutdownack++; 1852 #ifdef SCTP_AUDITING_ENABLED 1853 sctp_auditing(4, inp, stcb, net); 1854 #endif 1855 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_ACK_TMR, SCTP_SO_NOT_LOCKED); 1856 break; 1857 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 1858 if ((stcb == NULL) || (inp == NULL)) { 1859 break; 1860 } 1861 SCTP_STAT_INCR(sctps_timoshutdownguard); 1862 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), 1863 "Shutdown guard timer expired"); 1864 sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); 1865 /* no need to unlock on tcb its gone */ 1866 goto out_decr; 1867 1868 case SCTP_TIMER_TYPE_STRRESET: 1869 if ((stcb == NULL) || (inp == NULL)) { 1870 break; 1871 } 1872 if (sctp_strreset_timer(inp, stcb, net)) { 1873 /* no need to unlock on tcb its gone */ 1874 goto out_decr; 1875 } 1876 SCTP_STAT_INCR(sctps_timostrmrst); 1877 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_STRRST_TMR, SCTP_SO_NOT_LOCKED); 1878 break; 1879 case SCTP_TIMER_TYPE_ASCONF: 1880 if ((stcb == NULL) || (inp == NULL)) { 1881 break; 1882 } 1883 if (sctp_asconf_timer(inp, stcb, net)) { 1884 /* no need to unlock on tcb its gone */ 1885 goto out_decr; 1886 } 1887 SCTP_STAT_INCR(sctps_timoasconf); 1888 #ifdef SCTP_AUDITING_ENABLED 1889 sctp_auditing(4, inp, stcb, net); 1890 #endif 1891 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_ASCONF_TMR, SCTP_SO_NOT_LOCKED); 1892 break; 1893 case SCTP_TIMER_TYPE_PRIM_DELETED: 1894 if ((stcb == NULL) || (inp == NULL)) { 1895 break; 1896 } 1897 sctp_delete_prim_timer(inp, stcb, net); 1898 SCTP_STAT_INCR(sctps_timodelprim); 1899 break; 1900 1901 case SCTP_TIMER_TYPE_AUTOCLOSE: 1902 if ((stcb == NULL) || (inp == NULL)) { 1903 break; 1904 } 1905 SCTP_STAT_INCR(sctps_timoautoclose); 1906 sctp_autoclose_timer(inp, stcb, net); 1907 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR, SCTP_SO_NOT_LOCKED); 1908 did_output = 0; 1909 break; 1910 case SCTP_TIMER_TYPE_ASOCKILL: 1911 if ((stcb == NULL) || (inp == NULL)) { 1912 break; 1913 } 1914 SCTP_STAT_INCR(sctps_timoassockill); 1915 /* Can we free it yet? */ 1916 SCTP_INP_DECR_REF(inp); 1917 sctp_timer_stop(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL, 1918 SCTP_FROM_SCTPUTIL + SCTP_LOC_1); 1919 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 1920 so = SCTP_INP_SO(inp); 1921 atomic_add_int(&stcb->asoc.refcnt, 1); 1922 SCTP_TCB_UNLOCK(stcb); 1923 SCTP_SOCKET_LOCK(so, 1); 1924 SCTP_TCB_LOCK(stcb); 1925 atomic_subtract_int(&stcb->asoc.refcnt, 1); 1926 #endif 1927 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 1928 SCTP_FROM_SCTPUTIL + SCTP_LOC_2); 1929 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 1930 SCTP_SOCKET_UNLOCK(so, 1); 1931 #endif 1932 /* 1933 * free asoc, always unlocks (or destroy's) so prevent 1934 * duplicate unlock or unlock of a free mtx :-0 1935 */ 1936 stcb = NULL; 1937 goto out_no_decr; 1938 case SCTP_TIMER_TYPE_INPKILL: 1939 SCTP_STAT_INCR(sctps_timoinpkill); 1940 if (inp == NULL) { 1941 break; 1942 } 1943 /* 1944 * special case, take away our increment since WE are the 1945 * killer 1946 */ 1947 SCTP_INP_DECR_REF(inp); 1948 sctp_timer_stop(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL, 1949 SCTP_FROM_SCTPUTIL + SCTP_LOC_3); 1950 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 1951 SCTP_CALLED_FROM_INPKILL_TIMER); 1952 inp = NULL; 1953 goto out_no_decr; 1954 default: 1955 SCTPDBG(SCTP_DEBUG_TIMER1, "sctp_timeout_handler:unknown timer %d\n", 1956 type); 1957 break; 1958 } 1959 #ifdef SCTP_AUDITING_ENABLED 1960 sctp_audit_log(0xF1, (uint8_t)type); 1961 if (inp) 1962 sctp_auditing(5, inp, stcb, net); 1963 #endif 1964 if ((did_output) && stcb) { 1965 /* 1966 * Now we need to clean up the control chunk chain if an 1967 * ECNE is on it. It must be marked as UNSENT again so next 1968 * call will continue to send it until such time that we get 1969 * a CWR, to remove it. It is, however, less likely that we 1970 * will find a ecn echo on the chain though. 1971 */ 1972 sctp_fix_ecn_echo(&stcb->asoc); 1973 } 1974 get_out: 1975 if (stcb) { 1976 SCTP_TCB_UNLOCK(stcb); 1977 } else if (inp != NULL) { 1978 SCTP_INP_WUNLOCK(inp); 1979 } else { 1980 SCTP_WQ_ADDR_UNLOCK(); 1981 } 1982 1983 out_decr: 1984 if (inp) { 1985 SCTP_INP_DECR_REF(inp); 1986 } 1987 1988 out_no_decr: 1989 SCTPDBG(SCTP_DEBUG_TIMER1, "Timer now complete (type = %d)\n", type); 1990 CURVNET_RESTORE(); 1991 } 1992 1993 void 1994 sctp_timer_start(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 1995 struct sctp_nets *net) 1996 { 1997 uint32_t to_ticks; 1998 struct sctp_timer *tmr; 1999 2000 if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && (inp == NULL)) 2001 return; 2002 2003 tmr = NULL; 2004 if (stcb) { 2005 SCTP_TCB_LOCK_ASSERT(stcb); 2006 } 2007 switch (t_type) { 2008 case SCTP_TIMER_TYPE_ADDR_WQ: 2009 /* Only 1 tick away :-) */ 2010 tmr = &SCTP_BASE_INFO(addr_wq_timer); 2011 to_ticks = SCTP_ADDRESS_TICK_DELAY; 2012 break; 2013 case SCTP_TIMER_TYPE_SEND: 2014 /* Here we use the RTO timer */ 2015 { 2016 int rto_val; 2017 2018 if ((stcb == NULL) || (net == NULL)) { 2019 return; 2020 } 2021 tmr = &net->rxt_timer; 2022 if (net->RTO == 0) { 2023 rto_val = stcb->asoc.initial_rto; 2024 } else { 2025 rto_val = net->RTO; 2026 } 2027 to_ticks = MSEC_TO_TICKS(rto_val); 2028 } 2029 break; 2030 case SCTP_TIMER_TYPE_INIT: 2031 /* 2032 * Here we use the INIT timer default usually about 1 2033 * minute. 2034 */ 2035 if ((stcb == NULL) || (net == NULL)) { 2036 return; 2037 } 2038 tmr = &net->rxt_timer; 2039 if (net->RTO == 0) { 2040 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2041 } else { 2042 to_ticks = MSEC_TO_TICKS(net->RTO); 2043 } 2044 break; 2045 case SCTP_TIMER_TYPE_RECV: 2046 /* 2047 * Here we use the Delayed-Ack timer value from the inp 2048 * ususually about 200ms. 2049 */ 2050 if (stcb == NULL) { 2051 return; 2052 } 2053 tmr = &stcb->asoc.dack_timer; 2054 to_ticks = MSEC_TO_TICKS(stcb->asoc.delayed_ack); 2055 break; 2056 case SCTP_TIMER_TYPE_SHUTDOWN: 2057 /* Here we use the RTO of the destination. */ 2058 if ((stcb == NULL) || (net == NULL)) { 2059 return; 2060 } 2061 if (net->RTO == 0) { 2062 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2063 } else { 2064 to_ticks = MSEC_TO_TICKS(net->RTO); 2065 } 2066 tmr = &net->rxt_timer; 2067 break; 2068 case SCTP_TIMER_TYPE_HEARTBEAT: 2069 /* 2070 * the net is used here so that we can add in the RTO. Even 2071 * though we use a different timer. We also add the HB timer 2072 * PLUS a random jitter. 2073 */ 2074 if ((stcb == NULL) || (net == NULL)) { 2075 return; 2076 } else { 2077 uint32_t rndval; 2078 uint32_t jitter; 2079 2080 if ((net->dest_state & SCTP_ADDR_NOHB) && 2081 !(net->dest_state & SCTP_ADDR_UNCONFIRMED)) { 2082 return; 2083 } 2084 if (net->RTO == 0) { 2085 to_ticks = stcb->asoc.initial_rto; 2086 } else { 2087 to_ticks = net->RTO; 2088 } 2089 rndval = sctp_select_initial_TSN(&inp->sctp_ep); 2090 jitter = rndval % to_ticks; 2091 if (jitter >= (to_ticks >> 1)) { 2092 to_ticks = to_ticks + (jitter - (to_ticks >> 1)); 2093 } else { 2094 to_ticks = to_ticks - jitter; 2095 } 2096 if (!(net->dest_state & SCTP_ADDR_UNCONFIRMED) && 2097 !(net->dest_state & SCTP_ADDR_PF)) { 2098 to_ticks += net->heart_beat_delay; 2099 } 2100 /* 2101 * Now we must convert the to_ticks that are now in 2102 * ms to ticks. 2103 */ 2104 to_ticks = MSEC_TO_TICKS(to_ticks); 2105 tmr = &net->hb_timer; 2106 } 2107 break; 2108 case SCTP_TIMER_TYPE_COOKIE: 2109 /* 2110 * Here we can use the RTO timer from the network since one 2111 * RTT was compelete. If a retran happened then we will be 2112 * using the RTO initial value. 2113 */ 2114 if ((stcb == NULL) || (net == NULL)) { 2115 return; 2116 } 2117 if (net->RTO == 0) { 2118 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2119 } else { 2120 to_ticks = MSEC_TO_TICKS(net->RTO); 2121 } 2122 tmr = &net->rxt_timer; 2123 break; 2124 case SCTP_TIMER_TYPE_NEWCOOKIE: 2125 /* 2126 * nothing needed but the endpoint here ususually about 60 2127 * minutes. 2128 */ 2129 tmr = &inp->sctp_ep.signature_change; 2130 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_SIGNATURE]; 2131 break; 2132 case SCTP_TIMER_TYPE_ASOCKILL: 2133 if (stcb == NULL) { 2134 return; 2135 } 2136 tmr = &stcb->asoc.strreset_timer; 2137 to_ticks = MSEC_TO_TICKS(SCTP_ASOC_KILL_TIMEOUT); 2138 break; 2139 case SCTP_TIMER_TYPE_INPKILL: 2140 /* 2141 * The inp is setup to die. We re-use the signature_chage 2142 * timer since that has stopped and we are in the GONE 2143 * state. 2144 */ 2145 tmr = &inp->sctp_ep.signature_change; 2146 to_ticks = MSEC_TO_TICKS(SCTP_INP_KILL_TIMEOUT); 2147 break; 2148 case SCTP_TIMER_TYPE_PATHMTURAISE: 2149 /* 2150 * Here we use the value found in the EP for PMTU ususually 2151 * about 10 minutes. 2152 */ 2153 if ((stcb == NULL) || (net == NULL)) { 2154 return; 2155 } 2156 if (net->dest_state & SCTP_ADDR_NO_PMTUD) { 2157 return; 2158 } 2159 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_PMTU]; 2160 tmr = &net->pmtu_timer; 2161 break; 2162 case SCTP_TIMER_TYPE_SHUTDOWNACK: 2163 /* Here we use the RTO of the destination */ 2164 if ((stcb == NULL) || (net == NULL)) { 2165 return; 2166 } 2167 if (net->RTO == 0) { 2168 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2169 } else { 2170 to_ticks = MSEC_TO_TICKS(net->RTO); 2171 } 2172 tmr = &net->rxt_timer; 2173 break; 2174 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 2175 /* 2176 * Here we use the endpoints shutdown guard timer usually 2177 * about 3 minutes. 2178 */ 2179 if (stcb == NULL) { 2180 return; 2181 } 2182 if (inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN] == 0) { 2183 to_ticks = 5 * MSEC_TO_TICKS(stcb->asoc.maxrto); 2184 } else { 2185 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN]; 2186 } 2187 tmr = &stcb->asoc.shut_guard_timer; 2188 break; 2189 case SCTP_TIMER_TYPE_STRRESET: 2190 /* 2191 * Here the timer comes from the stcb but its value is from 2192 * the net's RTO. 2193 */ 2194 if ((stcb == NULL) || (net == NULL)) { 2195 return; 2196 } 2197 if (net->RTO == 0) { 2198 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2199 } else { 2200 to_ticks = MSEC_TO_TICKS(net->RTO); 2201 } 2202 tmr = &stcb->asoc.strreset_timer; 2203 break; 2204 case SCTP_TIMER_TYPE_ASCONF: 2205 /* 2206 * Here the timer comes from the stcb but its value is from 2207 * the net's RTO. 2208 */ 2209 if ((stcb == NULL) || (net == NULL)) { 2210 return; 2211 } 2212 if (net->RTO == 0) { 2213 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2214 } else { 2215 to_ticks = MSEC_TO_TICKS(net->RTO); 2216 } 2217 tmr = &stcb->asoc.asconf_timer; 2218 break; 2219 case SCTP_TIMER_TYPE_PRIM_DELETED: 2220 if ((stcb == NULL) || (net != NULL)) { 2221 return; 2222 } 2223 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2224 tmr = &stcb->asoc.delete_prim_timer; 2225 break; 2226 case SCTP_TIMER_TYPE_AUTOCLOSE: 2227 if (stcb == NULL) { 2228 return; 2229 } 2230 if (stcb->asoc.sctp_autoclose_ticks == 0) { 2231 /* 2232 * Really an error since stcb is NOT set to 2233 * autoclose 2234 */ 2235 return; 2236 } 2237 to_ticks = stcb->asoc.sctp_autoclose_ticks; 2238 tmr = &stcb->asoc.autoclose_timer; 2239 break; 2240 default: 2241 SCTPDBG(SCTP_DEBUG_TIMER1, "%s: Unknown timer type %d\n", 2242 __func__, t_type); 2243 return; 2244 break; 2245 } 2246 if ((to_ticks <= 0) || (tmr == NULL)) { 2247 SCTPDBG(SCTP_DEBUG_TIMER1, "%s: %d:software error to_ticks:%d tmr:%p not set ??\n", 2248 __func__, t_type, to_ticks, (void *)tmr); 2249 return; 2250 } 2251 if (SCTP_OS_TIMER_PENDING(&tmr->timer)) { 2252 /* 2253 * we do NOT allow you to have it already running. if it is 2254 * we leave the current one up unchanged 2255 */ 2256 return; 2257 } 2258 /* At this point we can proceed */ 2259 if (t_type == SCTP_TIMER_TYPE_SEND) { 2260 stcb->asoc.num_send_timers_up++; 2261 } 2262 tmr->stopped_from = 0; 2263 tmr->type = t_type; 2264 tmr->ep = (void *)inp; 2265 tmr->tcb = (void *)stcb; 2266 tmr->net = (void *)net; 2267 tmr->self = (void *)tmr; 2268 tmr->vnet = (void *)curvnet; 2269 tmr->ticks = sctp_get_tick_count(); 2270 (void)SCTP_OS_TIMER_START(&tmr->timer, to_ticks, sctp_timeout_handler, tmr); 2271 return; 2272 } 2273 2274 void 2275 sctp_timer_stop(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 2276 struct sctp_nets *net, uint32_t from) 2277 { 2278 struct sctp_timer *tmr; 2279 2280 if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && 2281 (inp == NULL)) 2282 return; 2283 2284 tmr = NULL; 2285 if (stcb) { 2286 SCTP_TCB_LOCK_ASSERT(stcb); 2287 } 2288 switch (t_type) { 2289 case SCTP_TIMER_TYPE_ADDR_WQ: 2290 tmr = &SCTP_BASE_INFO(addr_wq_timer); 2291 break; 2292 case SCTP_TIMER_TYPE_SEND: 2293 if ((stcb == NULL) || (net == NULL)) { 2294 return; 2295 } 2296 tmr = &net->rxt_timer; 2297 break; 2298 case SCTP_TIMER_TYPE_INIT: 2299 if ((stcb == NULL) || (net == NULL)) { 2300 return; 2301 } 2302 tmr = &net->rxt_timer; 2303 break; 2304 case SCTP_TIMER_TYPE_RECV: 2305 if (stcb == NULL) { 2306 return; 2307 } 2308 tmr = &stcb->asoc.dack_timer; 2309 break; 2310 case SCTP_TIMER_TYPE_SHUTDOWN: 2311 if ((stcb == NULL) || (net == NULL)) { 2312 return; 2313 } 2314 tmr = &net->rxt_timer; 2315 break; 2316 case SCTP_TIMER_TYPE_HEARTBEAT: 2317 if ((stcb == NULL) || (net == NULL)) { 2318 return; 2319 } 2320 tmr = &net->hb_timer; 2321 break; 2322 case SCTP_TIMER_TYPE_COOKIE: 2323 if ((stcb == NULL) || (net == NULL)) { 2324 return; 2325 } 2326 tmr = &net->rxt_timer; 2327 break; 2328 case SCTP_TIMER_TYPE_NEWCOOKIE: 2329 /* nothing needed but the endpoint here */ 2330 tmr = &inp->sctp_ep.signature_change; 2331 /* 2332 * We re-use the newcookie timer for the INP kill timer. We 2333 * must assure that we do not kill it by accident. 2334 */ 2335 break; 2336 case SCTP_TIMER_TYPE_ASOCKILL: 2337 /* 2338 * Stop the asoc kill timer. 2339 */ 2340 if (stcb == NULL) { 2341 return; 2342 } 2343 tmr = &stcb->asoc.strreset_timer; 2344 break; 2345 2346 case SCTP_TIMER_TYPE_INPKILL: 2347 /* 2348 * The inp is setup to die. We re-use the signature_chage 2349 * timer since that has stopped and we are in the GONE 2350 * state. 2351 */ 2352 tmr = &inp->sctp_ep.signature_change; 2353 break; 2354 case SCTP_TIMER_TYPE_PATHMTURAISE: 2355 if ((stcb == NULL) || (net == NULL)) { 2356 return; 2357 } 2358 tmr = &net->pmtu_timer; 2359 break; 2360 case SCTP_TIMER_TYPE_SHUTDOWNACK: 2361 if ((stcb == NULL) || (net == NULL)) { 2362 return; 2363 } 2364 tmr = &net->rxt_timer; 2365 break; 2366 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 2367 if (stcb == NULL) { 2368 return; 2369 } 2370 tmr = &stcb->asoc.shut_guard_timer; 2371 break; 2372 case SCTP_TIMER_TYPE_STRRESET: 2373 if (stcb == NULL) { 2374 return; 2375 } 2376 tmr = &stcb->asoc.strreset_timer; 2377 break; 2378 case SCTP_TIMER_TYPE_ASCONF: 2379 if (stcb == NULL) { 2380 return; 2381 } 2382 tmr = &stcb->asoc.asconf_timer; 2383 break; 2384 case SCTP_TIMER_TYPE_PRIM_DELETED: 2385 if (stcb == NULL) { 2386 return; 2387 } 2388 tmr = &stcb->asoc.delete_prim_timer; 2389 break; 2390 case SCTP_TIMER_TYPE_AUTOCLOSE: 2391 if (stcb == NULL) { 2392 return; 2393 } 2394 tmr = &stcb->asoc.autoclose_timer; 2395 break; 2396 default: 2397 SCTPDBG(SCTP_DEBUG_TIMER1, "%s: Unknown timer type %d\n", 2398 __func__, t_type); 2399 break; 2400 } 2401 if (tmr == NULL) { 2402 return; 2403 } 2404 if ((tmr->type != t_type) && tmr->type) { 2405 /* 2406 * Ok we have a timer that is under joint use. Cookie timer 2407 * per chance with the SEND timer. We therefore are NOT 2408 * running the timer that the caller wants stopped. So just 2409 * return. 2410 */ 2411 return; 2412 } 2413 if ((t_type == SCTP_TIMER_TYPE_SEND) && (stcb != NULL)) { 2414 stcb->asoc.num_send_timers_up--; 2415 if (stcb->asoc.num_send_timers_up < 0) { 2416 stcb->asoc.num_send_timers_up = 0; 2417 } 2418 } 2419 tmr->self = NULL; 2420 tmr->stopped_from = from; 2421 (void)SCTP_OS_TIMER_STOP(&tmr->timer); 2422 return; 2423 } 2424 2425 uint32_t 2426 sctp_calculate_len(struct mbuf *m) 2427 { 2428 uint32_t tlen = 0; 2429 struct mbuf *at; 2430 2431 at = m; 2432 while (at) { 2433 tlen += SCTP_BUF_LEN(at); 2434 at = SCTP_BUF_NEXT(at); 2435 } 2436 return (tlen); 2437 } 2438 2439 void 2440 sctp_mtu_size_reset(struct sctp_inpcb *inp, 2441 struct sctp_association *asoc, uint32_t mtu) 2442 { 2443 /* 2444 * Reset the P-MTU size on this association, this involves changing 2445 * the asoc MTU, going through ANY chunk+overhead larger than mtu to 2446 * allow the DF flag to be cleared. 2447 */ 2448 struct sctp_tmit_chunk *chk; 2449 unsigned int eff_mtu, ovh; 2450 2451 asoc->smallest_mtu = mtu; 2452 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 2453 ovh = SCTP_MIN_OVERHEAD; 2454 } else { 2455 ovh = SCTP_MIN_V4_OVERHEAD; 2456 } 2457 eff_mtu = mtu - ovh; 2458 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 2459 if (chk->send_size > eff_mtu) { 2460 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2461 } 2462 } 2463 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 2464 if (chk->send_size > eff_mtu) { 2465 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2466 } 2467 } 2468 } 2469 2470 2471 /* 2472 * given an association and starting time of the current RTT period return 2473 * RTO in number of msecs net should point to the current network 2474 */ 2475 2476 uint32_t 2477 sctp_calculate_rto(struct sctp_tcb *stcb, 2478 struct sctp_association *asoc, 2479 struct sctp_nets *net, 2480 struct timeval *old, 2481 int rtt_from_sack) 2482 { 2483 /*- 2484 * given an association and the starting time of the current RTT 2485 * period (in value1/value2) return RTO in number of msecs. 2486 */ 2487 int32_t rtt; /* RTT in ms */ 2488 uint32_t new_rto; 2489 int first_measure = 0; 2490 struct timeval now; 2491 2492 /************************/ 2493 /* 1. calculate new RTT */ 2494 /************************/ 2495 /* get the current time */ 2496 if (stcb->asoc.use_precise_time) { 2497 (void)SCTP_GETPTIME_TIMEVAL(&now); 2498 } else { 2499 (void)SCTP_GETTIME_TIMEVAL(&now); 2500 } 2501 timevalsub(&now, old); 2502 /* store the current RTT in us */ 2503 net->rtt = (uint64_t)1000000 * (uint64_t)now.tv_sec + 2504 (uint64_t)now.tv_usec; 2505 /* compute rtt in ms */ 2506 rtt = (int32_t)(net->rtt / 1000); 2507 if ((asoc->cc_functions.sctp_rtt_calculated) && (rtt_from_sack == SCTP_RTT_FROM_DATA)) { 2508 /* 2509 * Tell the CC module that a new update has just occurred 2510 * from a sack 2511 */ 2512 (*asoc->cc_functions.sctp_rtt_calculated) (stcb, net, &now); 2513 } 2514 /* 2515 * Do we need to determine the lan? We do this only on sacks i.e. 2516 * RTT being determined from data not non-data (HB/INIT->INITACK). 2517 */ 2518 if ((rtt_from_sack == SCTP_RTT_FROM_DATA) && 2519 (net->lan_type == SCTP_LAN_UNKNOWN)) { 2520 if (net->rtt > SCTP_LOCAL_LAN_RTT) { 2521 net->lan_type = SCTP_LAN_INTERNET; 2522 } else { 2523 net->lan_type = SCTP_LAN_LOCAL; 2524 } 2525 } 2526 2527 /***************************/ 2528 /* 2. update RTTVAR & SRTT */ 2529 /***************************/ 2530 /*- 2531 * Compute the scaled average lastsa and the 2532 * scaled variance lastsv as described in van Jacobson 2533 * Paper "Congestion Avoidance and Control", Annex A. 2534 * 2535 * (net->lastsa >> SCTP_RTT_SHIFT) is the srtt 2536 * (net->lastsa >> SCTP_RTT_VAR_SHIFT) is the rttvar 2537 */ 2538 if (net->RTO_measured) { 2539 rtt -= (net->lastsa >> SCTP_RTT_SHIFT); 2540 net->lastsa += rtt; 2541 if (rtt < 0) { 2542 rtt = -rtt; 2543 } 2544 rtt -= (net->lastsv >> SCTP_RTT_VAR_SHIFT); 2545 net->lastsv += rtt; 2546 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RTTVAR_LOGGING_ENABLE) { 2547 rto_logging(net, SCTP_LOG_RTTVAR); 2548 } 2549 } else { 2550 /* First RTO measurment */ 2551 net->RTO_measured = 1; 2552 first_measure = 1; 2553 net->lastsa = rtt << SCTP_RTT_SHIFT; 2554 net->lastsv = (rtt / 2) << SCTP_RTT_VAR_SHIFT; 2555 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RTTVAR_LOGGING_ENABLE) { 2556 rto_logging(net, SCTP_LOG_INITIAL_RTT); 2557 } 2558 } 2559 if (net->lastsv == 0) { 2560 net->lastsv = SCTP_CLOCK_GRANULARITY; 2561 } 2562 new_rto = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv; 2563 if ((new_rto > SCTP_SAT_NETWORK_MIN) && 2564 (stcb->asoc.sat_network_lockout == 0)) { 2565 stcb->asoc.sat_network = 1; 2566 } else if ((!first_measure) && stcb->asoc.sat_network) { 2567 stcb->asoc.sat_network = 0; 2568 stcb->asoc.sat_network_lockout = 1; 2569 } 2570 /* bound it, per C6/C7 in Section 5.3.1 */ 2571 if (new_rto < stcb->asoc.minrto) { 2572 new_rto = stcb->asoc.minrto; 2573 } 2574 if (new_rto > stcb->asoc.maxrto) { 2575 new_rto = stcb->asoc.maxrto; 2576 } 2577 /* we are now returning the RTO */ 2578 return (new_rto); 2579 } 2580 2581 /* 2582 * return a pointer to a contiguous piece of data from the given mbuf chain 2583 * starting at 'off' for 'len' bytes. If the desired piece spans more than 2584 * one mbuf, a copy is made at 'ptr'. caller must ensure that the buffer size 2585 * is >= 'len' returns NULL if there there isn't 'len' bytes in the chain. 2586 */ 2587 caddr_t 2588 sctp_m_getptr(struct mbuf *m, int off, int len, uint8_t *in_ptr) 2589 { 2590 uint32_t count; 2591 uint8_t *ptr; 2592 2593 ptr = in_ptr; 2594 if ((off < 0) || (len <= 0)) 2595 return (NULL); 2596 2597 /* find the desired start location */ 2598 while ((m != NULL) && (off > 0)) { 2599 if (off < SCTP_BUF_LEN(m)) 2600 break; 2601 off -= SCTP_BUF_LEN(m); 2602 m = SCTP_BUF_NEXT(m); 2603 } 2604 if (m == NULL) 2605 return (NULL); 2606 2607 /* is the current mbuf large enough (eg. contiguous)? */ 2608 if ((SCTP_BUF_LEN(m) - off) >= len) { 2609 return (mtod(m, caddr_t)+off); 2610 } else { 2611 /* else, it spans more than one mbuf, so save a temp copy... */ 2612 while ((m != NULL) && (len > 0)) { 2613 count = min(SCTP_BUF_LEN(m) - off, len); 2614 memcpy(ptr, mtod(m, caddr_t)+off, count); 2615 len -= count; 2616 ptr += count; 2617 off = 0; 2618 m = SCTP_BUF_NEXT(m); 2619 } 2620 if ((m == NULL) && (len > 0)) 2621 return (NULL); 2622 else 2623 return ((caddr_t)in_ptr); 2624 } 2625 } 2626 2627 2628 2629 struct sctp_paramhdr * 2630 sctp_get_next_param(struct mbuf *m, 2631 int offset, 2632 struct sctp_paramhdr *pull, 2633 int pull_limit) 2634 { 2635 /* This just provides a typed signature to Peter's Pull routine */ 2636 return ((struct sctp_paramhdr *)sctp_m_getptr(m, offset, pull_limit, 2637 (uint8_t *)pull)); 2638 } 2639 2640 2641 struct mbuf * 2642 sctp_add_pad_tombuf(struct mbuf *m, int padlen) 2643 { 2644 struct mbuf *m_last; 2645 caddr_t dp; 2646 2647 if (padlen > 3) { 2648 return (NULL); 2649 } 2650 if (padlen <= M_TRAILINGSPACE(m)) { 2651 /* 2652 * The easy way. We hope the majority of the time we hit 2653 * here :) 2654 */ 2655 m_last = m; 2656 } else { 2657 /* Hard way we must grow the mbuf chain */ 2658 m_last = sctp_get_mbuf_for_msg(padlen, 0, M_NOWAIT, 1, MT_DATA); 2659 if (m_last == NULL) { 2660 return (NULL); 2661 } 2662 SCTP_BUF_LEN(m_last) = 0; 2663 SCTP_BUF_NEXT(m_last) = NULL; 2664 SCTP_BUF_NEXT(m) = m_last; 2665 } 2666 dp = mtod(m_last, caddr_t)+SCTP_BUF_LEN(m_last); 2667 SCTP_BUF_LEN(m_last) += padlen; 2668 memset(dp, 0, padlen); 2669 return (m_last); 2670 } 2671 2672 struct mbuf * 2673 sctp_pad_lastmbuf(struct mbuf *m, int padval, struct mbuf *last_mbuf) 2674 { 2675 /* find the last mbuf in chain and pad it */ 2676 struct mbuf *m_at; 2677 2678 if (last_mbuf != NULL) { 2679 return (sctp_add_pad_tombuf(last_mbuf, padval)); 2680 } else { 2681 for (m_at = m; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 2682 if (SCTP_BUF_NEXT(m_at) == NULL) { 2683 return (sctp_add_pad_tombuf(m_at, padval)); 2684 } 2685 } 2686 } 2687 return (NULL); 2688 } 2689 2690 static void 2691 sctp_notify_assoc_change(uint16_t state, struct sctp_tcb *stcb, 2692 uint16_t error, struct sctp_abort_chunk *abort, uint8_t from_peer, int so_locked 2693 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 2694 SCTP_UNUSED 2695 #endif 2696 ) 2697 { 2698 struct mbuf *m_notify; 2699 struct sctp_assoc_change *sac; 2700 struct sctp_queued_to_read *control; 2701 unsigned int notif_len; 2702 uint16_t abort_len; 2703 unsigned int i; 2704 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2705 struct socket *so; 2706 #endif 2707 2708 if (stcb == NULL) { 2709 return; 2710 } 2711 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVASSOCEVNT)) { 2712 notif_len = (unsigned int)sizeof(struct sctp_assoc_change); 2713 if (abort != NULL) { 2714 abort_len = ntohs(abort->ch.chunk_length); 2715 /* 2716 * Only SCTP_CHUNK_BUFFER_SIZE are guaranteed to be 2717 * contiguous. 2718 */ 2719 if (abort_len > SCTP_CHUNK_BUFFER_SIZE) { 2720 abort_len = SCTP_CHUNK_BUFFER_SIZE; 2721 } 2722 } else { 2723 abort_len = 0; 2724 } 2725 if ((state == SCTP_COMM_UP) || (state == SCTP_RESTART)) { 2726 notif_len += SCTP_ASSOC_SUPPORTS_MAX; 2727 } else if ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC)) { 2728 notif_len += abort_len; 2729 } 2730 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 2731 if (m_notify == NULL) { 2732 /* Retry with smaller value. */ 2733 notif_len = (unsigned int)sizeof(struct sctp_assoc_change); 2734 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 2735 if (m_notify == NULL) { 2736 goto set_error; 2737 } 2738 } 2739 SCTP_BUF_NEXT(m_notify) = NULL; 2740 sac = mtod(m_notify, struct sctp_assoc_change *); 2741 memset(sac, 0, notif_len); 2742 sac->sac_type = SCTP_ASSOC_CHANGE; 2743 sac->sac_flags = 0; 2744 sac->sac_length = sizeof(struct sctp_assoc_change); 2745 sac->sac_state = state; 2746 sac->sac_error = error; 2747 /* XXX verify these stream counts */ 2748 sac->sac_outbound_streams = stcb->asoc.streamoutcnt; 2749 sac->sac_inbound_streams = stcb->asoc.streamincnt; 2750 sac->sac_assoc_id = sctp_get_associd(stcb); 2751 if (notif_len > sizeof(struct sctp_assoc_change)) { 2752 if ((state == SCTP_COMM_UP) || (state == SCTP_RESTART)) { 2753 i = 0; 2754 if (stcb->asoc.prsctp_supported == 1) { 2755 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_PR; 2756 } 2757 if (stcb->asoc.auth_supported == 1) { 2758 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_AUTH; 2759 } 2760 if (stcb->asoc.asconf_supported == 1) { 2761 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_ASCONF; 2762 } 2763 if (stcb->asoc.idata_supported == 1) { 2764 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_INTERLEAVING; 2765 } 2766 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_MULTIBUF; 2767 if (stcb->asoc.reconfig_supported == 1) { 2768 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_RE_CONFIG; 2769 } 2770 sac->sac_length += i; 2771 } else if ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC)) { 2772 memcpy(sac->sac_info, abort, abort_len); 2773 sac->sac_length += abort_len; 2774 } 2775 } 2776 SCTP_BUF_LEN(m_notify) = sac->sac_length; 2777 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2778 0, 0, stcb->asoc.context, 0, 0, 0, 2779 m_notify); 2780 if (control != NULL) { 2781 control->length = SCTP_BUF_LEN(m_notify); 2782 control->spec_flags = M_NOTIFICATION; 2783 /* not that we need this */ 2784 control->tail_mbuf = m_notify; 2785 sctp_add_to_readq(stcb->sctp_ep, stcb, 2786 control, 2787 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, 2788 so_locked); 2789 } else { 2790 sctp_m_freem(m_notify); 2791 } 2792 } 2793 /* 2794 * For 1-to-1 style sockets, we send up and error when an ABORT 2795 * comes in. 2796 */ 2797 set_error: 2798 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 2799 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && 2800 ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC))) { 2801 SOCK_LOCK(stcb->sctp_socket); 2802 if (from_peer) { 2803 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) { 2804 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNREFUSED); 2805 stcb->sctp_socket->so_error = ECONNREFUSED; 2806 } else { 2807 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNRESET); 2808 stcb->sctp_socket->so_error = ECONNRESET; 2809 } 2810 } else { 2811 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 2812 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 2813 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ETIMEDOUT); 2814 stcb->sctp_socket->so_error = ETIMEDOUT; 2815 } else { 2816 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNABORTED); 2817 stcb->sctp_socket->so_error = ECONNABORTED; 2818 } 2819 } 2820 SOCK_UNLOCK(stcb->sctp_socket); 2821 } 2822 /* Wake ANY sleepers */ 2823 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2824 so = SCTP_INP_SO(stcb->sctp_ep); 2825 if (!so_locked) { 2826 atomic_add_int(&stcb->asoc.refcnt, 1); 2827 SCTP_TCB_UNLOCK(stcb); 2828 SCTP_SOCKET_LOCK(so, 1); 2829 SCTP_TCB_LOCK(stcb); 2830 atomic_subtract_int(&stcb->asoc.refcnt, 1); 2831 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 2832 SCTP_SOCKET_UNLOCK(so, 1); 2833 return; 2834 } 2835 } 2836 #endif 2837 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 2838 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && 2839 ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC))) { 2840 socantrcvmore(stcb->sctp_socket); 2841 } 2842 sorwakeup(stcb->sctp_socket); 2843 sowwakeup(stcb->sctp_socket); 2844 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2845 if (!so_locked) { 2846 SCTP_SOCKET_UNLOCK(so, 1); 2847 } 2848 #endif 2849 } 2850 2851 static void 2852 sctp_notify_peer_addr_change(struct sctp_tcb *stcb, uint32_t state, 2853 struct sockaddr *sa, uint32_t error, int so_locked 2854 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 2855 SCTP_UNUSED 2856 #endif 2857 ) 2858 { 2859 struct mbuf *m_notify; 2860 struct sctp_paddr_change *spc; 2861 struct sctp_queued_to_read *control; 2862 2863 if ((stcb == NULL) || 2864 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVPADDREVNT)) { 2865 /* event not enabled */ 2866 return; 2867 } 2868 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_paddr_change), 0, M_NOWAIT, 1, MT_DATA); 2869 if (m_notify == NULL) 2870 return; 2871 SCTP_BUF_LEN(m_notify) = 0; 2872 spc = mtod(m_notify, struct sctp_paddr_change *); 2873 memset(spc, 0, sizeof(struct sctp_paddr_change)); 2874 spc->spc_type = SCTP_PEER_ADDR_CHANGE; 2875 spc->spc_flags = 0; 2876 spc->spc_length = sizeof(struct sctp_paddr_change); 2877 switch (sa->sa_family) { 2878 #ifdef INET 2879 case AF_INET: 2880 #ifdef INET6 2881 if (sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_NEEDS_MAPPED_V4)) { 2882 in6_sin_2_v4mapsin6((struct sockaddr_in *)sa, 2883 (struct sockaddr_in6 *)&spc->spc_aaddr); 2884 } else { 2885 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in)); 2886 } 2887 #else 2888 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in)); 2889 #endif 2890 break; 2891 #endif 2892 #ifdef INET6 2893 case AF_INET6: 2894 { 2895 struct sockaddr_in6 *sin6; 2896 2897 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in6)); 2898 2899 sin6 = (struct sockaddr_in6 *)&spc->spc_aaddr; 2900 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) { 2901 if (sin6->sin6_scope_id == 0) { 2902 /* recover scope_id for user */ 2903 (void)sa6_recoverscope(sin6); 2904 } else { 2905 /* clear embedded scope_id for user */ 2906 in6_clearscope(&sin6->sin6_addr); 2907 } 2908 } 2909 break; 2910 } 2911 #endif 2912 default: 2913 /* TSNH */ 2914 break; 2915 } 2916 spc->spc_state = state; 2917 spc->spc_error = error; 2918 spc->spc_assoc_id = sctp_get_associd(stcb); 2919 2920 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_paddr_change); 2921 SCTP_BUF_NEXT(m_notify) = NULL; 2922 2923 /* append to socket */ 2924 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2925 0, 0, stcb->asoc.context, 0, 0, 0, 2926 m_notify); 2927 if (control == NULL) { 2928 /* no memory */ 2929 sctp_m_freem(m_notify); 2930 return; 2931 } 2932 control->length = SCTP_BUF_LEN(m_notify); 2933 control->spec_flags = M_NOTIFICATION; 2934 /* not that we need this */ 2935 control->tail_mbuf = m_notify; 2936 sctp_add_to_readq(stcb->sctp_ep, stcb, 2937 control, 2938 &stcb->sctp_socket->so_rcv, 1, 2939 SCTP_READ_LOCK_NOT_HELD, 2940 so_locked); 2941 } 2942 2943 2944 static void 2945 sctp_notify_send_failed(struct sctp_tcb *stcb, uint8_t sent, uint32_t error, 2946 struct sctp_tmit_chunk *chk, int so_locked 2947 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 2948 SCTP_UNUSED 2949 #endif 2950 ) 2951 { 2952 struct mbuf *m_notify; 2953 struct sctp_send_failed *ssf; 2954 struct sctp_send_failed_event *ssfe; 2955 struct sctp_queued_to_read *control; 2956 struct sctp_chunkhdr *chkhdr; 2957 int notifhdr_len, chk_len, chkhdr_len, padding_len, payload_len; 2958 2959 if ((stcb == NULL) || 2960 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSENDFAILEVNT) && 2961 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT))) { 2962 /* event not enabled */ 2963 return; 2964 } 2965 2966 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 2967 notifhdr_len = sizeof(struct sctp_send_failed_event); 2968 } else { 2969 notifhdr_len = sizeof(struct sctp_send_failed); 2970 } 2971 m_notify = sctp_get_mbuf_for_msg(notifhdr_len, 0, M_NOWAIT, 1, MT_DATA); 2972 if (m_notify == NULL) 2973 /* no space left */ 2974 return; 2975 SCTP_BUF_LEN(m_notify) = notifhdr_len; 2976 if (stcb->asoc.idata_supported) { 2977 chkhdr_len = sizeof(struct sctp_idata_chunk); 2978 } else { 2979 chkhdr_len = sizeof(struct sctp_data_chunk); 2980 } 2981 /* Use some defaults in case we can't access the chunk header */ 2982 if (chk->send_size >= chkhdr_len) { 2983 payload_len = chk->send_size - chkhdr_len; 2984 } else { 2985 payload_len = 0; 2986 } 2987 padding_len = 0; 2988 if (chk->data != NULL) { 2989 chkhdr = mtod(chk->data, struct sctp_chunkhdr *); 2990 if (chkhdr != NULL) { 2991 chk_len = ntohs(chkhdr->chunk_length); 2992 if ((chk_len >= chkhdr_len) && 2993 (chk->send_size >= chk_len) && 2994 (chk->send_size - chk_len < 4)) { 2995 padding_len = chk->send_size - chk_len; 2996 payload_len = chk->send_size - chkhdr_len - padding_len; 2997 } 2998 } 2999 } 3000 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3001 ssfe = mtod(m_notify, struct sctp_send_failed_event *); 3002 memset(ssfe, 0, notifhdr_len); 3003 ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; 3004 if (sent) { 3005 ssfe->ssfe_flags = SCTP_DATA_SENT; 3006 } else { 3007 ssfe->ssfe_flags = SCTP_DATA_UNSENT; 3008 } 3009 ssfe->ssfe_length = (uint32_t)(notifhdr_len + payload_len); 3010 ssfe->ssfe_error = error; 3011 /* not exactly what the user sent in, but should be close :) */ 3012 ssfe->ssfe_info.snd_sid = chk->rec.data.sid; 3013 ssfe->ssfe_info.snd_flags = chk->rec.data.rcv_flags; 3014 ssfe->ssfe_info.snd_ppid = chk->rec.data.ppid; 3015 ssfe->ssfe_info.snd_context = chk->rec.data.context; 3016 ssfe->ssfe_info.snd_assoc_id = sctp_get_associd(stcb); 3017 ssfe->ssfe_assoc_id = sctp_get_associd(stcb); 3018 } else { 3019 ssf = mtod(m_notify, struct sctp_send_failed *); 3020 memset(ssf, 0, notifhdr_len); 3021 ssf->ssf_type = SCTP_SEND_FAILED; 3022 if (sent) { 3023 ssf->ssf_flags = SCTP_DATA_SENT; 3024 } else { 3025 ssf->ssf_flags = SCTP_DATA_UNSENT; 3026 } 3027 ssf->ssf_length = (uint32_t)(notifhdr_len + payload_len); 3028 ssf->ssf_error = error; 3029 /* not exactly what the user sent in, but should be close :) */ 3030 ssf->ssf_info.sinfo_stream = chk->rec.data.sid; 3031 ssf->ssf_info.sinfo_ssn = (uint16_t)chk->rec.data.mid; 3032 ssf->ssf_info.sinfo_flags = chk->rec.data.rcv_flags; 3033 ssf->ssf_info.sinfo_ppid = chk->rec.data.ppid; 3034 ssf->ssf_info.sinfo_context = chk->rec.data.context; 3035 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 3036 ssf->ssf_assoc_id = sctp_get_associd(stcb); 3037 } 3038 if (chk->data != NULL) { 3039 /* Trim off the sctp chunk header (it should be there) */ 3040 if (chk->send_size == chkhdr_len + payload_len + padding_len) { 3041 m_adj(chk->data, chkhdr_len); 3042 m_adj(chk->data, -padding_len); 3043 sctp_mbuf_crush(chk->data); 3044 chk->send_size -= (chkhdr_len + padding_len); 3045 } 3046 } 3047 SCTP_BUF_NEXT(m_notify) = chk->data; 3048 /* Steal off the mbuf */ 3049 chk->data = NULL; 3050 /* 3051 * For this case, we check the actual socket buffer, since the assoc 3052 * is going away we don't want to overfill the socket buffer for a 3053 * non-reader 3054 */ 3055 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3056 sctp_m_freem(m_notify); 3057 return; 3058 } 3059 /* append to socket */ 3060 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3061 0, 0, stcb->asoc.context, 0, 0, 0, 3062 m_notify); 3063 if (control == NULL) { 3064 /* no memory */ 3065 sctp_m_freem(m_notify); 3066 return; 3067 } 3068 control->length = SCTP_BUF_LEN(m_notify); 3069 control->spec_flags = M_NOTIFICATION; 3070 /* not that we need this */ 3071 control->tail_mbuf = m_notify; 3072 sctp_add_to_readq(stcb->sctp_ep, stcb, 3073 control, 3074 &stcb->sctp_socket->so_rcv, 1, 3075 SCTP_READ_LOCK_NOT_HELD, 3076 so_locked); 3077 } 3078 3079 3080 static void 3081 sctp_notify_send_failed2(struct sctp_tcb *stcb, uint32_t error, 3082 struct sctp_stream_queue_pending *sp, int so_locked 3083 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3084 SCTP_UNUSED 3085 #endif 3086 ) 3087 { 3088 struct mbuf *m_notify; 3089 struct sctp_send_failed *ssf; 3090 struct sctp_send_failed_event *ssfe; 3091 struct sctp_queued_to_read *control; 3092 int notifhdr_len; 3093 3094 if ((stcb == NULL) || 3095 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSENDFAILEVNT) && 3096 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT))) { 3097 /* event not enabled */ 3098 return; 3099 } 3100 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3101 notifhdr_len = sizeof(struct sctp_send_failed_event); 3102 } else { 3103 notifhdr_len = sizeof(struct sctp_send_failed); 3104 } 3105 m_notify = sctp_get_mbuf_for_msg(notifhdr_len, 0, M_NOWAIT, 1, MT_DATA); 3106 if (m_notify == NULL) { 3107 /* no space left */ 3108 return; 3109 } 3110 SCTP_BUF_LEN(m_notify) = notifhdr_len; 3111 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3112 ssfe = mtod(m_notify, struct sctp_send_failed_event *); 3113 memset(ssfe, 0, notifhdr_len); 3114 ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; 3115 ssfe->ssfe_flags = SCTP_DATA_UNSENT; 3116 ssfe->ssfe_length = (uint32_t)(notifhdr_len + sp->length); 3117 ssfe->ssfe_error = error; 3118 /* not exactly what the user sent in, but should be close :) */ 3119 ssfe->ssfe_info.snd_sid = sp->sid; 3120 if (sp->some_taken) { 3121 ssfe->ssfe_info.snd_flags = SCTP_DATA_LAST_FRAG; 3122 } else { 3123 ssfe->ssfe_info.snd_flags = SCTP_DATA_NOT_FRAG; 3124 } 3125 ssfe->ssfe_info.snd_ppid = sp->ppid; 3126 ssfe->ssfe_info.snd_context = sp->context; 3127 ssfe->ssfe_info.snd_assoc_id = sctp_get_associd(stcb); 3128 ssfe->ssfe_assoc_id = sctp_get_associd(stcb); 3129 } else { 3130 ssf = mtod(m_notify, struct sctp_send_failed *); 3131 memset(ssf, 0, notifhdr_len); 3132 ssf->ssf_type = SCTP_SEND_FAILED; 3133 ssf->ssf_flags = SCTP_DATA_UNSENT; 3134 ssf->ssf_length = (uint32_t)(notifhdr_len + sp->length); 3135 ssf->ssf_error = error; 3136 /* not exactly what the user sent in, but should be close :) */ 3137 ssf->ssf_info.sinfo_stream = sp->sid; 3138 ssf->ssf_info.sinfo_ssn = 0; 3139 if (sp->some_taken) { 3140 ssf->ssf_info.sinfo_flags = SCTP_DATA_LAST_FRAG; 3141 } else { 3142 ssf->ssf_info.sinfo_flags = SCTP_DATA_NOT_FRAG; 3143 } 3144 ssf->ssf_info.sinfo_ppid = sp->ppid; 3145 ssf->ssf_info.sinfo_context = sp->context; 3146 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 3147 ssf->ssf_assoc_id = sctp_get_associd(stcb); 3148 } 3149 SCTP_BUF_NEXT(m_notify) = sp->data; 3150 3151 /* Steal off the mbuf */ 3152 sp->data = NULL; 3153 /* 3154 * For this case, we check the actual socket buffer, since the assoc 3155 * is going away we don't want to overfill the socket buffer for a 3156 * non-reader 3157 */ 3158 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3159 sctp_m_freem(m_notify); 3160 return; 3161 } 3162 /* append to socket */ 3163 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3164 0, 0, stcb->asoc.context, 0, 0, 0, 3165 m_notify); 3166 if (control == NULL) { 3167 /* no memory */ 3168 sctp_m_freem(m_notify); 3169 return; 3170 } 3171 control->length = SCTP_BUF_LEN(m_notify); 3172 control->spec_flags = M_NOTIFICATION; 3173 /* not that we need this */ 3174 control->tail_mbuf = m_notify; 3175 sctp_add_to_readq(stcb->sctp_ep, stcb, 3176 control, 3177 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); 3178 } 3179 3180 3181 3182 static void 3183 sctp_notify_adaptation_layer(struct sctp_tcb *stcb) 3184 { 3185 struct mbuf *m_notify; 3186 struct sctp_adaptation_event *sai; 3187 struct sctp_queued_to_read *control; 3188 3189 if ((stcb == NULL) || 3190 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ADAPTATIONEVNT)) { 3191 /* event not enabled */ 3192 return; 3193 } 3194 3195 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_adaption_event), 0, M_NOWAIT, 1, MT_DATA); 3196 if (m_notify == NULL) 3197 /* no space left */ 3198 return; 3199 SCTP_BUF_LEN(m_notify) = 0; 3200 sai = mtod(m_notify, struct sctp_adaptation_event *); 3201 memset(sai, 0, sizeof(struct sctp_adaptation_event)); 3202 sai->sai_type = SCTP_ADAPTATION_INDICATION; 3203 sai->sai_flags = 0; 3204 sai->sai_length = sizeof(struct sctp_adaptation_event); 3205 sai->sai_adaptation_ind = stcb->asoc.peers_adaptation; 3206 sai->sai_assoc_id = sctp_get_associd(stcb); 3207 3208 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_adaptation_event); 3209 SCTP_BUF_NEXT(m_notify) = NULL; 3210 3211 /* append to socket */ 3212 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3213 0, 0, stcb->asoc.context, 0, 0, 0, 3214 m_notify); 3215 if (control == NULL) { 3216 /* no memory */ 3217 sctp_m_freem(m_notify); 3218 return; 3219 } 3220 control->length = SCTP_BUF_LEN(m_notify); 3221 control->spec_flags = M_NOTIFICATION; 3222 /* not that we need this */ 3223 control->tail_mbuf = m_notify; 3224 sctp_add_to_readq(stcb->sctp_ep, stcb, 3225 control, 3226 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3227 } 3228 3229 /* This always must be called with the read-queue LOCKED in the INP */ 3230 static void 3231 sctp_notify_partial_delivery_indication(struct sctp_tcb *stcb, uint32_t error, 3232 uint32_t val, int so_locked 3233 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3234 SCTP_UNUSED 3235 #endif 3236 ) 3237 { 3238 struct mbuf *m_notify; 3239 struct sctp_pdapi_event *pdapi; 3240 struct sctp_queued_to_read *control; 3241 struct sockbuf *sb; 3242 3243 if ((stcb == NULL) || 3244 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_PDAPIEVNT)) { 3245 /* event not enabled */ 3246 return; 3247 } 3248 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_CANT_READ) { 3249 return; 3250 } 3251 3252 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_pdapi_event), 0, M_NOWAIT, 1, MT_DATA); 3253 if (m_notify == NULL) 3254 /* no space left */ 3255 return; 3256 SCTP_BUF_LEN(m_notify) = 0; 3257 pdapi = mtod(m_notify, struct sctp_pdapi_event *); 3258 memset(pdapi, 0, sizeof(struct sctp_pdapi_event)); 3259 pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT; 3260 pdapi->pdapi_flags = 0; 3261 pdapi->pdapi_length = sizeof(struct sctp_pdapi_event); 3262 pdapi->pdapi_indication = error; 3263 pdapi->pdapi_stream = (val >> 16); 3264 pdapi->pdapi_seq = (val & 0x0000ffff); 3265 pdapi->pdapi_assoc_id = sctp_get_associd(stcb); 3266 3267 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_pdapi_event); 3268 SCTP_BUF_NEXT(m_notify) = NULL; 3269 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3270 0, 0, stcb->asoc.context, 0, 0, 0, 3271 m_notify); 3272 if (control == NULL) { 3273 /* no memory */ 3274 sctp_m_freem(m_notify); 3275 return; 3276 } 3277 control->length = SCTP_BUF_LEN(m_notify); 3278 control->spec_flags = M_NOTIFICATION; 3279 /* not that we need this */ 3280 control->tail_mbuf = m_notify; 3281 sb = &stcb->sctp_socket->so_rcv; 3282 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 3283 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m_notify)); 3284 } 3285 sctp_sballoc(stcb, sb, m_notify); 3286 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 3287 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 3288 } 3289 control->end_added = 1; 3290 if (stcb->asoc.control_pdapi) 3291 TAILQ_INSERT_AFTER(&stcb->sctp_ep->read_queue, stcb->asoc.control_pdapi, control, next); 3292 else { 3293 /* we really should not see this case */ 3294 TAILQ_INSERT_TAIL(&stcb->sctp_ep->read_queue, control, next); 3295 } 3296 if (stcb->sctp_ep && stcb->sctp_socket) { 3297 /* This should always be the case */ 3298 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3299 struct socket *so; 3300 3301 so = SCTP_INP_SO(stcb->sctp_ep); 3302 if (!so_locked) { 3303 atomic_add_int(&stcb->asoc.refcnt, 1); 3304 SCTP_TCB_UNLOCK(stcb); 3305 SCTP_SOCKET_LOCK(so, 1); 3306 SCTP_TCB_LOCK(stcb); 3307 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3308 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 3309 SCTP_SOCKET_UNLOCK(so, 1); 3310 return; 3311 } 3312 } 3313 #endif 3314 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket); 3315 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3316 if (!so_locked) { 3317 SCTP_SOCKET_UNLOCK(so, 1); 3318 } 3319 #endif 3320 } 3321 } 3322 3323 static void 3324 sctp_notify_shutdown_event(struct sctp_tcb *stcb) 3325 { 3326 struct mbuf *m_notify; 3327 struct sctp_shutdown_event *sse; 3328 struct sctp_queued_to_read *control; 3329 3330 /* 3331 * For TCP model AND UDP connected sockets we will send an error up 3332 * when an SHUTDOWN completes 3333 */ 3334 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 3335 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 3336 /* mark socket closed for read/write and wakeup! */ 3337 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3338 struct socket *so; 3339 3340 so = SCTP_INP_SO(stcb->sctp_ep); 3341 atomic_add_int(&stcb->asoc.refcnt, 1); 3342 SCTP_TCB_UNLOCK(stcb); 3343 SCTP_SOCKET_LOCK(so, 1); 3344 SCTP_TCB_LOCK(stcb); 3345 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3346 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 3347 SCTP_SOCKET_UNLOCK(so, 1); 3348 return; 3349 } 3350 #endif 3351 socantsendmore(stcb->sctp_socket); 3352 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3353 SCTP_SOCKET_UNLOCK(so, 1); 3354 #endif 3355 } 3356 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSHUTDOWNEVNT)) { 3357 /* event not enabled */ 3358 return; 3359 } 3360 3361 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_event), 0, M_NOWAIT, 1, MT_DATA); 3362 if (m_notify == NULL) 3363 /* no space left */ 3364 return; 3365 sse = mtod(m_notify, struct sctp_shutdown_event *); 3366 memset(sse, 0, sizeof(struct sctp_shutdown_event)); 3367 sse->sse_type = SCTP_SHUTDOWN_EVENT; 3368 sse->sse_flags = 0; 3369 sse->sse_length = sizeof(struct sctp_shutdown_event); 3370 sse->sse_assoc_id = sctp_get_associd(stcb); 3371 3372 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_shutdown_event); 3373 SCTP_BUF_NEXT(m_notify) = NULL; 3374 3375 /* append to socket */ 3376 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3377 0, 0, stcb->asoc.context, 0, 0, 0, 3378 m_notify); 3379 if (control == NULL) { 3380 /* no memory */ 3381 sctp_m_freem(m_notify); 3382 return; 3383 } 3384 control->length = SCTP_BUF_LEN(m_notify); 3385 control->spec_flags = M_NOTIFICATION; 3386 /* not that we need this */ 3387 control->tail_mbuf = m_notify; 3388 sctp_add_to_readq(stcb->sctp_ep, stcb, 3389 control, 3390 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3391 } 3392 3393 static void 3394 sctp_notify_sender_dry_event(struct sctp_tcb *stcb, 3395 int so_locked 3396 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3397 SCTP_UNUSED 3398 #endif 3399 ) 3400 { 3401 struct mbuf *m_notify; 3402 struct sctp_sender_dry_event *event; 3403 struct sctp_queued_to_read *control; 3404 3405 if ((stcb == NULL) || 3406 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DRYEVNT)) { 3407 /* event not enabled */ 3408 return; 3409 } 3410 3411 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_sender_dry_event), 0, M_NOWAIT, 1, MT_DATA); 3412 if (m_notify == NULL) { 3413 /* no space left */ 3414 return; 3415 } 3416 SCTP_BUF_LEN(m_notify) = 0; 3417 event = mtod(m_notify, struct sctp_sender_dry_event *); 3418 memset(event, 0, sizeof(struct sctp_sender_dry_event)); 3419 event->sender_dry_type = SCTP_SENDER_DRY_EVENT; 3420 event->sender_dry_flags = 0; 3421 event->sender_dry_length = sizeof(struct sctp_sender_dry_event); 3422 event->sender_dry_assoc_id = sctp_get_associd(stcb); 3423 3424 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_sender_dry_event); 3425 SCTP_BUF_NEXT(m_notify) = NULL; 3426 3427 /* append to socket */ 3428 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3429 0, 0, stcb->asoc.context, 0, 0, 0, 3430 m_notify); 3431 if (control == NULL) { 3432 /* no memory */ 3433 sctp_m_freem(m_notify); 3434 return; 3435 } 3436 control->length = SCTP_BUF_LEN(m_notify); 3437 control->spec_flags = M_NOTIFICATION; 3438 /* not that we need this */ 3439 control->tail_mbuf = m_notify; 3440 sctp_add_to_readq(stcb->sctp_ep, stcb, control, 3441 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); 3442 } 3443 3444 3445 void 3446 sctp_notify_stream_reset_add(struct sctp_tcb *stcb, uint16_t numberin, uint16_t numberout, int flag) 3447 { 3448 struct mbuf *m_notify; 3449 struct sctp_queued_to_read *control; 3450 struct sctp_stream_change_event *stradd; 3451 3452 if ((stcb == NULL) || 3453 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_CHANGEEVNT))) { 3454 /* event not enabled */ 3455 return; 3456 } 3457 if ((stcb->asoc.peer_req_out) && flag) { 3458 /* Peer made the request, don't tell the local user */ 3459 stcb->asoc.peer_req_out = 0; 3460 return; 3461 } 3462 stcb->asoc.peer_req_out = 0; 3463 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_stream_change_event), 0, M_NOWAIT, 1, MT_DATA); 3464 if (m_notify == NULL) 3465 /* no space left */ 3466 return; 3467 SCTP_BUF_LEN(m_notify) = 0; 3468 stradd = mtod(m_notify, struct sctp_stream_change_event *); 3469 memset(stradd, 0, sizeof(struct sctp_stream_change_event)); 3470 stradd->strchange_type = SCTP_STREAM_CHANGE_EVENT; 3471 stradd->strchange_flags = flag; 3472 stradd->strchange_length = sizeof(struct sctp_stream_change_event); 3473 stradd->strchange_assoc_id = sctp_get_associd(stcb); 3474 stradd->strchange_instrms = numberin; 3475 stradd->strchange_outstrms = numberout; 3476 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_stream_change_event); 3477 SCTP_BUF_NEXT(m_notify) = NULL; 3478 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3479 /* no space */ 3480 sctp_m_freem(m_notify); 3481 return; 3482 } 3483 /* append to socket */ 3484 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3485 0, 0, stcb->asoc.context, 0, 0, 0, 3486 m_notify); 3487 if (control == NULL) { 3488 /* no memory */ 3489 sctp_m_freem(m_notify); 3490 return; 3491 } 3492 control->length = SCTP_BUF_LEN(m_notify); 3493 control->spec_flags = M_NOTIFICATION; 3494 /* not that we need this */ 3495 control->tail_mbuf = m_notify; 3496 sctp_add_to_readq(stcb->sctp_ep, stcb, 3497 control, 3498 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3499 } 3500 3501 void 3502 sctp_notify_stream_reset_tsn(struct sctp_tcb *stcb, uint32_t sending_tsn, uint32_t recv_tsn, int flag) 3503 { 3504 struct mbuf *m_notify; 3505 struct sctp_queued_to_read *control; 3506 struct sctp_assoc_reset_event *strasoc; 3507 3508 if ((stcb == NULL) || 3509 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ASSOC_RESETEVNT))) { 3510 /* event not enabled */ 3511 return; 3512 } 3513 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_reset_event), 0, M_NOWAIT, 1, MT_DATA); 3514 if (m_notify == NULL) 3515 /* no space left */ 3516 return; 3517 SCTP_BUF_LEN(m_notify) = 0; 3518 strasoc = mtod(m_notify, struct sctp_assoc_reset_event *); 3519 memset(strasoc, 0, sizeof(struct sctp_assoc_reset_event)); 3520 strasoc->assocreset_type = SCTP_ASSOC_RESET_EVENT; 3521 strasoc->assocreset_flags = flag; 3522 strasoc->assocreset_length = sizeof(struct sctp_assoc_reset_event); 3523 strasoc->assocreset_assoc_id = sctp_get_associd(stcb); 3524 strasoc->assocreset_local_tsn = sending_tsn; 3525 strasoc->assocreset_remote_tsn = recv_tsn; 3526 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_assoc_reset_event); 3527 SCTP_BUF_NEXT(m_notify) = NULL; 3528 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3529 /* no space */ 3530 sctp_m_freem(m_notify); 3531 return; 3532 } 3533 /* append to socket */ 3534 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3535 0, 0, stcb->asoc.context, 0, 0, 0, 3536 m_notify); 3537 if (control == NULL) { 3538 /* no memory */ 3539 sctp_m_freem(m_notify); 3540 return; 3541 } 3542 control->length = SCTP_BUF_LEN(m_notify); 3543 control->spec_flags = M_NOTIFICATION; 3544 /* not that we need this */ 3545 control->tail_mbuf = m_notify; 3546 sctp_add_to_readq(stcb->sctp_ep, stcb, 3547 control, 3548 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3549 } 3550 3551 3552 3553 static void 3554 sctp_notify_stream_reset(struct sctp_tcb *stcb, 3555 int number_entries, uint16_t *list, int flag) 3556 { 3557 struct mbuf *m_notify; 3558 struct sctp_queued_to_read *control; 3559 struct sctp_stream_reset_event *strreset; 3560 int len; 3561 3562 if ((stcb == NULL) || 3563 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_RESETEVNT))) { 3564 /* event not enabled */ 3565 return; 3566 } 3567 3568 m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 3569 if (m_notify == NULL) 3570 /* no space left */ 3571 return; 3572 SCTP_BUF_LEN(m_notify) = 0; 3573 len = sizeof(struct sctp_stream_reset_event) + (number_entries * sizeof(uint16_t)); 3574 if (len > M_TRAILINGSPACE(m_notify)) { 3575 /* never enough room */ 3576 sctp_m_freem(m_notify); 3577 return; 3578 } 3579 strreset = mtod(m_notify, struct sctp_stream_reset_event *); 3580 memset(strreset, 0, len); 3581 strreset->strreset_type = SCTP_STREAM_RESET_EVENT; 3582 strreset->strreset_flags = flag; 3583 strreset->strreset_length = len; 3584 strreset->strreset_assoc_id = sctp_get_associd(stcb); 3585 if (number_entries) { 3586 int i; 3587 3588 for (i = 0; i < number_entries; i++) { 3589 strreset->strreset_stream_list[i] = ntohs(list[i]); 3590 } 3591 } 3592 SCTP_BUF_LEN(m_notify) = len; 3593 SCTP_BUF_NEXT(m_notify) = NULL; 3594 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3595 /* no space */ 3596 sctp_m_freem(m_notify); 3597 return; 3598 } 3599 /* append to socket */ 3600 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3601 0, 0, stcb->asoc.context, 0, 0, 0, 3602 m_notify); 3603 if (control == NULL) { 3604 /* no memory */ 3605 sctp_m_freem(m_notify); 3606 return; 3607 } 3608 control->length = SCTP_BUF_LEN(m_notify); 3609 control->spec_flags = M_NOTIFICATION; 3610 /* not that we need this */ 3611 control->tail_mbuf = m_notify; 3612 sctp_add_to_readq(stcb->sctp_ep, stcb, 3613 control, 3614 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3615 } 3616 3617 3618 static void 3619 sctp_notify_remote_error(struct sctp_tcb *stcb, uint16_t error, struct sctp_error_chunk *chunk) 3620 { 3621 struct mbuf *m_notify; 3622 struct sctp_remote_error *sre; 3623 struct sctp_queued_to_read *control; 3624 unsigned int notif_len; 3625 uint16_t chunk_len; 3626 3627 if ((stcb == NULL) || 3628 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVPEERERR)) { 3629 return; 3630 } 3631 if (chunk != NULL) { 3632 chunk_len = ntohs(chunk->ch.chunk_length); 3633 /* 3634 * Only SCTP_CHUNK_BUFFER_SIZE are guaranteed to be 3635 * contiguous. 3636 */ 3637 if (chunk_len > SCTP_CHUNK_BUFFER_SIZE) { 3638 chunk_len = SCTP_CHUNK_BUFFER_SIZE; 3639 } 3640 } else { 3641 chunk_len = 0; 3642 } 3643 notif_len = (unsigned int)(sizeof(struct sctp_remote_error) + chunk_len); 3644 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 3645 if (m_notify == NULL) { 3646 /* Retry with smaller value. */ 3647 notif_len = (unsigned int)sizeof(struct sctp_remote_error); 3648 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 3649 if (m_notify == NULL) { 3650 return; 3651 } 3652 } 3653 SCTP_BUF_NEXT(m_notify) = NULL; 3654 sre = mtod(m_notify, struct sctp_remote_error *); 3655 memset(sre, 0, notif_len); 3656 sre->sre_type = SCTP_REMOTE_ERROR; 3657 sre->sre_flags = 0; 3658 sre->sre_length = sizeof(struct sctp_remote_error); 3659 sre->sre_error = error; 3660 sre->sre_assoc_id = sctp_get_associd(stcb); 3661 if (notif_len > sizeof(struct sctp_remote_error)) { 3662 memcpy(sre->sre_data, chunk, chunk_len); 3663 sre->sre_length += chunk_len; 3664 } 3665 SCTP_BUF_LEN(m_notify) = sre->sre_length; 3666 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3667 0, 0, stcb->asoc.context, 0, 0, 0, 3668 m_notify); 3669 if (control != NULL) { 3670 control->length = SCTP_BUF_LEN(m_notify); 3671 control->spec_flags = M_NOTIFICATION; 3672 /* not that we need this */ 3673 control->tail_mbuf = m_notify; 3674 sctp_add_to_readq(stcb->sctp_ep, stcb, 3675 control, 3676 &stcb->sctp_socket->so_rcv, 1, 3677 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3678 } else { 3679 sctp_m_freem(m_notify); 3680 } 3681 } 3682 3683 3684 void 3685 sctp_ulp_notify(uint32_t notification, struct sctp_tcb *stcb, 3686 uint32_t error, void *data, int so_locked 3687 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3688 SCTP_UNUSED 3689 #endif 3690 ) 3691 { 3692 if ((stcb == NULL) || 3693 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3694 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3695 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 3696 /* If the socket is gone we are out of here */ 3697 return; 3698 } 3699 if (stcb->sctp_socket->so_rcv.sb_state & SBS_CANTRCVMORE) { 3700 return; 3701 } 3702 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 3703 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 3704 if ((notification == SCTP_NOTIFY_INTERFACE_DOWN) || 3705 (notification == SCTP_NOTIFY_INTERFACE_UP) || 3706 (notification == SCTP_NOTIFY_INTERFACE_CONFIRMED)) { 3707 /* Don't report these in front states */ 3708 return; 3709 } 3710 } 3711 switch (notification) { 3712 case SCTP_NOTIFY_ASSOC_UP: 3713 if (stcb->asoc.assoc_up_sent == 0) { 3714 sctp_notify_assoc_change(SCTP_COMM_UP, stcb, error, NULL, 0, so_locked); 3715 stcb->asoc.assoc_up_sent = 1; 3716 } 3717 if (stcb->asoc.adaptation_needed && (stcb->asoc.adaptation_sent == 0)) { 3718 sctp_notify_adaptation_layer(stcb); 3719 } 3720 if (stcb->asoc.auth_supported == 0) { 3721 sctp_ulp_notify(SCTP_NOTIFY_NO_PEER_AUTH, stcb, 0, 3722 NULL, so_locked); 3723 } 3724 break; 3725 case SCTP_NOTIFY_ASSOC_DOWN: 3726 sctp_notify_assoc_change(SCTP_SHUTDOWN_COMP, stcb, error, NULL, 0, so_locked); 3727 break; 3728 case SCTP_NOTIFY_INTERFACE_DOWN: 3729 { 3730 struct sctp_nets *net; 3731 3732 net = (struct sctp_nets *)data; 3733 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_UNREACHABLE, 3734 (struct sockaddr *)&net->ro._l_addr, error, so_locked); 3735 break; 3736 } 3737 case SCTP_NOTIFY_INTERFACE_UP: 3738 { 3739 struct sctp_nets *net; 3740 3741 net = (struct sctp_nets *)data; 3742 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_AVAILABLE, 3743 (struct sockaddr *)&net->ro._l_addr, error, so_locked); 3744 break; 3745 } 3746 case SCTP_NOTIFY_INTERFACE_CONFIRMED: 3747 { 3748 struct sctp_nets *net; 3749 3750 net = (struct sctp_nets *)data; 3751 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_CONFIRMED, 3752 (struct sockaddr *)&net->ro._l_addr, error, so_locked); 3753 break; 3754 } 3755 case SCTP_NOTIFY_SPECIAL_SP_FAIL: 3756 sctp_notify_send_failed2(stcb, error, 3757 (struct sctp_stream_queue_pending *)data, so_locked); 3758 break; 3759 case SCTP_NOTIFY_SENT_DG_FAIL: 3760 sctp_notify_send_failed(stcb, 1, error, 3761 (struct sctp_tmit_chunk *)data, so_locked); 3762 break; 3763 case SCTP_NOTIFY_UNSENT_DG_FAIL: 3764 sctp_notify_send_failed(stcb, 0, error, 3765 (struct sctp_tmit_chunk *)data, so_locked); 3766 break; 3767 case SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION: 3768 { 3769 uint32_t val; 3770 3771 val = *((uint32_t *)data); 3772 3773 sctp_notify_partial_delivery_indication(stcb, error, val, so_locked); 3774 break; 3775 } 3776 case SCTP_NOTIFY_ASSOC_LOC_ABORTED: 3777 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 3778 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 3779 sctp_notify_assoc_change(SCTP_CANT_STR_ASSOC, stcb, error, data, 0, so_locked); 3780 } else { 3781 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, data, 0, so_locked); 3782 } 3783 break; 3784 case SCTP_NOTIFY_ASSOC_REM_ABORTED: 3785 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 3786 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 3787 sctp_notify_assoc_change(SCTP_CANT_STR_ASSOC, stcb, error, data, 1, so_locked); 3788 } else { 3789 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, data, 1, so_locked); 3790 } 3791 break; 3792 case SCTP_NOTIFY_ASSOC_RESTART: 3793 sctp_notify_assoc_change(SCTP_RESTART, stcb, error, NULL, 0, so_locked); 3794 if (stcb->asoc.auth_supported == 0) { 3795 sctp_ulp_notify(SCTP_NOTIFY_NO_PEER_AUTH, stcb, 0, 3796 NULL, so_locked); 3797 } 3798 break; 3799 case SCTP_NOTIFY_STR_RESET_SEND: 3800 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), SCTP_STREAM_RESET_OUTGOING_SSN); 3801 break; 3802 case SCTP_NOTIFY_STR_RESET_RECV: 3803 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), SCTP_STREAM_RESET_INCOMING); 3804 break; 3805 case SCTP_NOTIFY_STR_RESET_FAILED_OUT: 3806 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3807 (SCTP_STREAM_RESET_OUTGOING_SSN | SCTP_STREAM_RESET_FAILED)); 3808 break; 3809 case SCTP_NOTIFY_STR_RESET_DENIED_OUT: 3810 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3811 (SCTP_STREAM_RESET_OUTGOING_SSN | SCTP_STREAM_RESET_DENIED)); 3812 break; 3813 case SCTP_NOTIFY_STR_RESET_FAILED_IN: 3814 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3815 (SCTP_STREAM_RESET_INCOMING | SCTP_STREAM_RESET_FAILED)); 3816 break; 3817 case SCTP_NOTIFY_STR_RESET_DENIED_IN: 3818 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3819 (SCTP_STREAM_RESET_INCOMING | SCTP_STREAM_RESET_DENIED)); 3820 break; 3821 case SCTP_NOTIFY_ASCONF_ADD_IP: 3822 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_ADDED, data, 3823 error, so_locked); 3824 break; 3825 case SCTP_NOTIFY_ASCONF_DELETE_IP: 3826 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_REMOVED, data, 3827 error, so_locked); 3828 break; 3829 case SCTP_NOTIFY_ASCONF_SET_PRIMARY: 3830 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_MADE_PRIM, data, 3831 error, so_locked); 3832 break; 3833 case SCTP_NOTIFY_PEER_SHUTDOWN: 3834 sctp_notify_shutdown_event(stcb); 3835 break; 3836 case SCTP_NOTIFY_AUTH_NEW_KEY: 3837 sctp_notify_authentication(stcb, SCTP_AUTH_NEW_KEY, error, 3838 (uint16_t)(uintptr_t)data, 3839 so_locked); 3840 break; 3841 case SCTP_NOTIFY_AUTH_FREE_KEY: 3842 sctp_notify_authentication(stcb, SCTP_AUTH_FREE_KEY, error, 3843 (uint16_t)(uintptr_t)data, 3844 so_locked); 3845 break; 3846 case SCTP_NOTIFY_NO_PEER_AUTH: 3847 sctp_notify_authentication(stcb, SCTP_AUTH_NO_AUTH, error, 3848 (uint16_t)(uintptr_t)data, 3849 so_locked); 3850 break; 3851 case SCTP_NOTIFY_SENDER_DRY: 3852 sctp_notify_sender_dry_event(stcb, so_locked); 3853 break; 3854 case SCTP_NOTIFY_REMOTE_ERROR: 3855 sctp_notify_remote_error(stcb, error, data); 3856 break; 3857 default: 3858 SCTPDBG(SCTP_DEBUG_UTIL1, "%s: unknown notification %xh (%u)\n", 3859 __func__, notification, notification); 3860 break; 3861 } /* end switch */ 3862 } 3863 3864 void 3865 sctp_report_all_outbound(struct sctp_tcb *stcb, uint16_t error, int holds_lock, int so_locked 3866 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3867 SCTP_UNUSED 3868 #endif 3869 ) 3870 { 3871 struct sctp_association *asoc; 3872 struct sctp_stream_out *outs; 3873 struct sctp_tmit_chunk *chk, *nchk; 3874 struct sctp_stream_queue_pending *sp, *nsp; 3875 int i; 3876 3877 if (stcb == NULL) { 3878 return; 3879 } 3880 asoc = &stcb->asoc; 3881 if (asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) { 3882 /* already being freed */ 3883 return; 3884 } 3885 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3886 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3887 (asoc->state & SCTP_STATE_CLOSED_SOCKET)) { 3888 return; 3889 } 3890 /* now through all the gunk freeing chunks */ 3891 if (holds_lock == 0) { 3892 SCTP_TCB_SEND_LOCK(stcb); 3893 } 3894 /* sent queue SHOULD be empty */ 3895 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) { 3896 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next); 3897 asoc->sent_queue_cnt--; 3898 if (chk->sent != SCTP_DATAGRAM_NR_ACKED) { 3899 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) { 3900 asoc->strmout[chk->rec.data.sid].chunks_on_queues--; 3901 #ifdef INVARIANTS 3902 } else { 3903 panic("No chunks on the queues for sid %u.", chk->rec.data.sid); 3904 #endif 3905 } 3906 } 3907 if (chk->data != NULL) { 3908 sctp_free_bufspace(stcb, asoc, chk, 1); 3909 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 3910 error, chk, so_locked); 3911 if (chk->data) { 3912 sctp_m_freem(chk->data); 3913 chk->data = NULL; 3914 } 3915 } 3916 sctp_free_a_chunk(stcb, chk, so_locked); 3917 /* sa_ignore FREED_MEMORY */ 3918 } 3919 /* pending send queue SHOULD be empty */ 3920 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { 3921 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); 3922 asoc->send_queue_cnt--; 3923 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) { 3924 asoc->strmout[chk->rec.data.sid].chunks_on_queues--; 3925 #ifdef INVARIANTS 3926 } else { 3927 panic("No chunks on the queues for sid %u.", chk->rec.data.sid); 3928 #endif 3929 } 3930 if (chk->data != NULL) { 3931 sctp_free_bufspace(stcb, asoc, chk, 1); 3932 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 3933 error, chk, so_locked); 3934 if (chk->data) { 3935 sctp_m_freem(chk->data); 3936 chk->data = NULL; 3937 } 3938 } 3939 sctp_free_a_chunk(stcb, chk, so_locked); 3940 /* sa_ignore FREED_MEMORY */ 3941 } 3942 for (i = 0; i < asoc->streamoutcnt; i++) { 3943 /* For each stream */ 3944 outs = &asoc->strmout[i]; 3945 /* clean up any sends there */ 3946 TAILQ_FOREACH_SAFE(sp, &outs->outqueue, next, nsp) { 3947 atomic_subtract_int(&asoc->stream_queue_cnt, 1); 3948 TAILQ_REMOVE(&outs->outqueue, sp, next); 3949 stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, outs, sp, 1); 3950 sctp_free_spbufspace(stcb, asoc, sp); 3951 if (sp->data) { 3952 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb, 3953 error, (void *)sp, so_locked); 3954 if (sp->data) { 3955 sctp_m_freem(sp->data); 3956 sp->data = NULL; 3957 sp->tail_mbuf = NULL; 3958 sp->length = 0; 3959 } 3960 } 3961 if (sp->net) { 3962 sctp_free_remote_addr(sp->net); 3963 sp->net = NULL; 3964 } 3965 /* Free the chunk */ 3966 sctp_free_a_strmoq(stcb, sp, so_locked); 3967 /* sa_ignore FREED_MEMORY */ 3968 } 3969 } 3970 3971 if (holds_lock == 0) { 3972 SCTP_TCB_SEND_UNLOCK(stcb); 3973 } 3974 } 3975 3976 void 3977 sctp_abort_notification(struct sctp_tcb *stcb, uint8_t from_peer, uint16_t error, 3978 struct sctp_abort_chunk *abort, int so_locked 3979 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3980 SCTP_UNUSED 3981 #endif 3982 ) 3983 { 3984 if (stcb == NULL) { 3985 return; 3986 } 3987 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || 3988 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 3989 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) { 3990 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_WAS_ABORTED; 3991 } 3992 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3993 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3994 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 3995 return; 3996 } 3997 /* Tell them we lost the asoc */ 3998 sctp_report_all_outbound(stcb, error, 0, so_locked); 3999 if (from_peer) { 4000 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_REM_ABORTED, stcb, error, abort, so_locked); 4001 } else { 4002 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_LOC_ABORTED, stcb, error, abort, so_locked); 4003 } 4004 } 4005 4006 void 4007 sctp_abort_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 4008 struct mbuf *m, int iphlen, 4009 struct sockaddr *src, struct sockaddr *dst, 4010 struct sctphdr *sh, struct mbuf *op_err, 4011 uint8_t mflowtype, uint32_t mflowid, 4012 uint32_t vrf_id, uint16_t port) 4013 { 4014 uint32_t vtag; 4015 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4016 struct socket *so; 4017 #endif 4018 4019 vtag = 0; 4020 if (stcb != NULL) { 4021 vtag = stcb->asoc.peer_vtag; 4022 vrf_id = stcb->asoc.vrf_id; 4023 } 4024 sctp_send_abort(m, iphlen, src, dst, sh, vtag, op_err, 4025 mflowtype, mflowid, inp->fibnum, 4026 vrf_id, port); 4027 if (stcb != NULL) { 4028 /* We have a TCB to abort, send notification too */ 4029 sctp_abort_notification(stcb, 0, 0, NULL, SCTP_SO_NOT_LOCKED); 4030 SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_WAS_ABORTED); 4031 /* Ok, now lets free it */ 4032 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4033 so = SCTP_INP_SO(inp); 4034 atomic_add_int(&stcb->asoc.refcnt, 1); 4035 SCTP_TCB_UNLOCK(stcb); 4036 SCTP_SOCKET_LOCK(so, 1); 4037 SCTP_TCB_LOCK(stcb); 4038 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4039 #endif 4040 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 4041 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 4042 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 4043 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 4044 } 4045 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 4046 SCTP_FROM_SCTPUTIL + SCTP_LOC_4); 4047 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4048 SCTP_SOCKET_UNLOCK(so, 1); 4049 #endif 4050 } 4051 } 4052 #ifdef SCTP_ASOCLOG_OF_TSNS 4053 void 4054 sctp_print_out_track_log(struct sctp_tcb *stcb) 4055 { 4056 #ifdef NOSIY_PRINTS 4057 int i; 4058 4059 SCTP_PRINTF("Last ep reason:%x\n", stcb->sctp_ep->last_abort_code); 4060 SCTP_PRINTF("IN bound TSN log-aaa\n"); 4061 if ((stcb->asoc.tsn_in_at == 0) && (stcb->asoc.tsn_in_wrapped == 0)) { 4062 SCTP_PRINTF("None rcvd\n"); 4063 goto none_in; 4064 } 4065 if (stcb->asoc.tsn_in_wrapped) { 4066 for (i = stcb->asoc.tsn_in_at; i < SCTP_TSN_LOG_SIZE; i++) { 4067 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4068 stcb->asoc.in_tsnlog[i].tsn, 4069 stcb->asoc.in_tsnlog[i].strm, 4070 stcb->asoc.in_tsnlog[i].seq, 4071 stcb->asoc.in_tsnlog[i].flgs, 4072 stcb->asoc.in_tsnlog[i].sz); 4073 } 4074 } 4075 if (stcb->asoc.tsn_in_at) { 4076 for (i = 0; i < stcb->asoc.tsn_in_at; i++) { 4077 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4078 stcb->asoc.in_tsnlog[i].tsn, 4079 stcb->asoc.in_tsnlog[i].strm, 4080 stcb->asoc.in_tsnlog[i].seq, 4081 stcb->asoc.in_tsnlog[i].flgs, 4082 stcb->asoc.in_tsnlog[i].sz); 4083 } 4084 } 4085 none_in: 4086 SCTP_PRINTF("OUT bound TSN log-aaa\n"); 4087 if ((stcb->asoc.tsn_out_at == 0) && 4088 (stcb->asoc.tsn_out_wrapped == 0)) { 4089 SCTP_PRINTF("None sent\n"); 4090 } 4091 if (stcb->asoc.tsn_out_wrapped) { 4092 for (i = stcb->asoc.tsn_out_at; i < SCTP_TSN_LOG_SIZE; i++) { 4093 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4094 stcb->asoc.out_tsnlog[i].tsn, 4095 stcb->asoc.out_tsnlog[i].strm, 4096 stcb->asoc.out_tsnlog[i].seq, 4097 stcb->asoc.out_tsnlog[i].flgs, 4098 stcb->asoc.out_tsnlog[i].sz); 4099 } 4100 } 4101 if (stcb->asoc.tsn_out_at) { 4102 for (i = 0; i < stcb->asoc.tsn_out_at; i++) { 4103 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4104 stcb->asoc.out_tsnlog[i].tsn, 4105 stcb->asoc.out_tsnlog[i].strm, 4106 stcb->asoc.out_tsnlog[i].seq, 4107 stcb->asoc.out_tsnlog[i].flgs, 4108 stcb->asoc.out_tsnlog[i].sz); 4109 } 4110 } 4111 #endif 4112 } 4113 #endif 4114 4115 void 4116 sctp_abort_an_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 4117 struct mbuf *op_err, 4118 int so_locked 4119 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4120 SCTP_UNUSED 4121 #endif 4122 ) 4123 { 4124 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4125 struct socket *so; 4126 #endif 4127 4128 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4129 so = SCTP_INP_SO(inp); 4130 #endif 4131 if (stcb == NULL) { 4132 /* Got to have a TCB */ 4133 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 4134 if (LIST_EMPTY(&inp->sctp_asoc_list)) { 4135 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 4136 SCTP_CALLED_DIRECTLY_NOCMPSET); 4137 } 4138 } 4139 return; 4140 } else { 4141 SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_WAS_ABORTED); 4142 } 4143 /* notify the peer */ 4144 sctp_send_abort_tcb(stcb, op_err, so_locked); 4145 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 4146 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 4147 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 4148 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 4149 } 4150 /* notify the ulp */ 4151 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) { 4152 sctp_abort_notification(stcb, 0, 0, NULL, so_locked); 4153 } 4154 /* now free the asoc */ 4155 #ifdef SCTP_ASOCLOG_OF_TSNS 4156 sctp_print_out_track_log(stcb); 4157 #endif 4158 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4159 if (!so_locked) { 4160 atomic_add_int(&stcb->asoc.refcnt, 1); 4161 SCTP_TCB_UNLOCK(stcb); 4162 SCTP_SOCKET_LOCK(so, 1); 4163 SCTP_TCB_LOCK(stcb); 4164 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4165 } 4166 #endif 4167 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 4168 SCTP_FROM_SCTPUTIL + SCTP_LOC_5); 4169 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4170 if (!so_locked) { 4171 SCTP_SOCKET_UNLOCK(so, 1); 4172 } 4173 #endif 4174 } 4175 4176 void 4177 sctp_handle_ootb(struct mbuf *m, int iphlen, int offset, 4178 struct sockaddr *src, struct sockaddr *dst, 4179 struct sctphdr *sh, struct sctp_inpcb *inp, 4180 struct mbuf *cause, 4181 uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum, 4182 uint32_t vrf_id, uint16_t port) 4183 { 4184 struct sctp_chunkhdr *ch, chunk_buf; 4185 unsigned int chk_length; 4186 int contains_init_chunk; 4187 4188 SCTP_STAT_INCR_COUNTER32(sctps_outoftheblue); 4189 /* Generate a TO address for future reference */ 4190 if (inp && (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) { 4191 if (LIST_EMPTY(&inp->sctp_asoc_list)) { 4192 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 4193 SCTP_CALLED_DIRECTLY_NOCMPSET); 4194 } 4195 } 4196 contains_init_chunk = 0; 4197 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4198 sizeof(*ch), (uint8_t *)&chunk_buf); 4199 while (ch != NULL) { 4200 chk_length = ntohs(ch->chunk_length); 4201 if (chk_length < sizeof(*ch)) { 4202 /* break to abort land */ 4203 break; 4204 } 4205 switch (ch->chunk_type) { 4206 case SCTP_INIT: 4207 contains_init_chunk = 1; 4208 break; 4209 case SCTP_PACKET_DROPPED: 4210 /* we don't respond to pkt-dropped */ 4211 return; 4212 case SCTP_ABORT_ASSOCIATION: 4213 /* we don't respond with an ABORT to an ABORT */ 4214 return; 4215 case SCTP_SHUTDOWN_COMPLETE: 4216 /* 4217 * we ignore it since we are not waiting for it and 4218 * peer is gone 4219 */ 4220 return; 4221 case SCTP_SHUTDOWN_ACK: 4222 sctp_send_shutdown_complete2(src, dst, sh, 4223 mflowtype, mflowid, fibnum, 4224 vrf_id, port); 4225 return; 4226 default: 4227 break; 4228 } 4229 offset += SCTP_SIZE32(chk_length); 4230 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4231 sizeof(*ch), (uint8_t *)&chunk_buf); 4232 } 4233 if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) || 4234 ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) && 4235 (contains_init_chunk == 0))) { 4236 sctp_send_abort(m, iphlen, src, dst, sh, 0, cause, 4237 mflowtype, mflowid, fibnum, 4238 vrf_id, port); 4239 } 4240 } 4241 4242 /* 4243 * check the inbound datagram to make sure there is not an abort inside it, 4244 * if there is return 1, else return 0. 4245 */ 4246 int 4247 sctp_is_there_an_abort_here(struct mbuf *m, int iphlen, uint32_t *vtagfill) 4248 { 4249 struct sctp_chunkhdr *ch; 4250 struct sctp_init_chunk *init_chk, chunk_buf; 4251 int offset; 4252 unsigned int chk_length; 4253 4254 offset = iphlen + sizeof(struct sctphdr); 4255 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, sizeof(*ch), 4256 (uint8_t *)&chunk_buf); 4257 while (ch != NULL) { 4258 chk_length = ntohs(ch->chunk_length); 4259 if (chk_length < sizeof(*ch)) { 4260 /* packet is probably corrupt */ 4261 break; 4262 } 4263 /* we seem to be ok, is it an abort? */ 4264 if (ch->chunk_type == SCTP_ABORT_ASSOCIATION) { 4265 /* yep, tell them */ 4266 return (1); 4267 } 4268 if (ch->chunk_type == SCTP_INITIATION) { 4269 /* need to update the Vtag */ 4270 init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m, 4271 offset, sizeof(*init_chk), (uint8_t *)&chunk_buf); 4272 if (init_chk != NULL) { 4273 *vtagfill = ntohl(init_chk->init.initiate_tag); 4274 } 4275 } 4276 /* Nope, move to the next chunk */ 4277 offset += SCTP_SIZE32(chk_length); 4278 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4279 sizeof(*ch), (uint8_t *)&chunk_buf); 4280 } 4281 return (0); 4282 } 4283 4284 /* 4285 * currently (2/02), ifa_addr embeds scope_id's and don't have sin6_scope_id 4286 * set (i.e. it's 0) so, create this function to compare link local scopes 4287 */ 4288 #ifdef INET6 4289 uint32_t 4290 sctp_is_same_scope(struct sockaddr_in6 *addr1, struct sockaddr_in6 *addr2) 4291 { 4292 struct sockaddr_in6 a, b; 4293 4294 /* save copies */ 4295 a = *addr1; 4296 b = *addr2; 4297 4298 if (a.sin6_scope_id == 0) 4299 if (sa6_recoverscope(&a)) { 4300 /* can't get scope, so can't match */ 4301 return (0); 4302 } 4303 if (b.sin6_scope_id == 0) 4304 if (sa6_recoverscope(&b)) { 4305 /* can't get scope, so can't match */ 4306 return (0); 4307 } 4308 if (a.sin6_scope_id != b.sin6_scope_id) 4309 return (0); 4310 4311 return (1); 4312 } 4313 4314 /* 4315 * returns a sockaddr_in6 with embedded scope recovered and removed 4316 */ 4317 struct sockaddr_in6 * 4318 sctp_recover_scope(struct sockaddr_in6 *addr, struct sockaddr_in6 *store) 4319 { 4320 /* check and strip embedded scope junk */ 4321 if (addr->sin6_family == AF_INET6) { 4322 if (IN6_IS_SCOPE_LINKLOCAL(&addr->sin6_addr)) { 4323 if (addr->sin6_scope_id == 0) { 4324 *store = *addr; 4325 if (!sa6_recoverscope(store)) { 4326 /* use the recovered scope */ 4327 addr = store; 4328 } 4329 } else { 4330 /* else, return the original "to" addr */ 4331 in6_clearscope(&addr->sin6_addr); 4332 } 4333 } 4334 } 4335 return (addr); 4336 } 4337 #endif 4338 4339 /* 4340 * are the two addresses the same? currently a "scopeless" check returns: 1 4341 * if same, 0 if not 4342 */ 4343 int 4344 sctp_cmpaddr(struct sockaddr *sa1, struct sockaddr *sa2) 4345 { 4346 4347 /* must be valid */ 4348 if (sa1 == NULL || sa2 == NULL) 4349 return (0); 4350 4351 /* must be the same family */ 4352 if (sa1->sa_family != sa2->sa_family) 4353 return (0); 4354 4355 switch (sa1->sa_family) { 4356 #ifdef INET6 4357 case AF_INET6: 4358 { 4359 /* IPv6 addresses */ 4360 struct sockaddr_in6 *sin6_1, *sin6_2; 4361 4362 sin6_1 = (struct sockaddr_in6 *)sa1; 4363 sin6_2 = (struct sockaddr_in6 *)sa2; 4364 return (SCTP6_ARE_ADDR_EQUAL(sin6_1, 4365 sin6_2)); 4366 } 4367 #endif 4368 #ifdef INET 4369 case AF_INET: 4370 { 4371 /* IPv4 addresses */ 4372 struct sockaddr_in *sin_1, *sin_2; 4373 4374 sin_1 = (struct sockaddr_in *)sa1; 4375 sin_2 = (struct sockaddr_in *)sa2; 4376 return (sin_1->sin_addr.s_addr == sin_2->sin_addr.s_addr); 4377 } 4378 #endif 4379 default: 4380 /* we don't do these... */ 4381 return (0); 4382 } 4383 } 4384 4385 void 4386 sctp_print_address(struct sockaddr *sa) 4387 { 4388 #ifdef INET6 4389 char ip6buf[INET6_ADDRSTRLEN]; 4390 #endif 4391 4392 switch (sa->sa_family) { 4393 #ifdef INET6 4394 case AF_INET6: 4395 { 4396 struct sockaddr_in6 *sin6; 4397 4398 sin6 = (struct sockaddr_in6 *)sa; 4399 SCTP_PRINTF("IPv6 address: %s:port:%d scope:%u\n", 4400 ip6_sprintf(ip6buf, &sin6->sin6_addr), 4401 ntohs(sin6->sin6_port), 4402 sin6->sin6_scope_id); 4403 break; 4404 } 4405 #endif 4406 #ifdef INET 4407 case AF_INET: 4408 { 4409 struct sockaddr_in *sin; 4410 unsigned char *p; 4411 4412 sin = (struct sockaddr_in *)sa; 4413 p = (unsigned char *)&sin->sin_addr; 4414 SCTP_PRINTF("IPv4 address: %u.%u.%u.%u:%d\n", 4415 p[0], p[1], p[2], p[3], ntohs(sin->sin_port)); 4416 break; 4417 } 4418 #endif 4419 default: 4420 SCTP_PRINTF("?\n"); 4421 break; 4422 } 4423 } 4424 4425 void 4426 sctp_pull_off_control_to_new_inp(struct sctp_inpcb *old_inp, 4427 struct sctp_inpcb *new_inp, 4428 struct sctp_tcb *stcb, 4429 int waitflags) 4430 { 4431 /* 4432 * go through our old INP and pull off any control structures that 4433 * belong to stcb and move then to the new inp. 4434 */ 4435 struct socket *old_so, *new_so; 4436 struct sctp_queued_to_read *control, *nctl; 4437 struct sctp_readhead tmp_queue; 4438 struct mbuf *m; 4439 int error = 0; 4440 4441 old_so = old_inp->sctp_socket; 4442 new_so = new_inp->sctp_socket; 4443 TAILQ_INIT(&tmp_queue); 4444 error = sblock(&old_so->so_rcv, waitflags); 4445 if (error) { 4446 /* 4447 * Gak, can't get sblock, we have a problem. data will be 4448 * left stranded.. and we don't dare look at it since the 4449 * other thread may be reading something. Oh well, its a 4450 * screwed up app that does a peeloff OR a accept while 4451 * reading from the main socket... actually its only the 4452 * peeloff() case, since I think read will fail on a 4453 * listening socket.. 4454 */ 4455 return; 4456 } 4457 /* lock the socket buffers */ 4458 SCTP_INP_READ_LOCK(old_inp); 4459 TAILQ_FOREACH_SAFE(control, &old_inp->read_queue, next, nctl) { 4460 /* Pull off all for out target stcb */ 4461 if (control->stcb == stcb) { 4462 /* remove it we want it */ 4463 TAILQ_REMOVE(&old_inp->read_queue, control, next); 4464 TAILQ_INSERT_TAIL(&tmp_queue, control, next); 4465 m = control->data; 4466 while (m) { 4467 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4468 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 4469 } 4470 sctp_sbfree(control, stcb, &old_so->so_rcv, m); 4471 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4472 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4473 } 4474 m = SCTP_BUF_NEXT(m); 4475 } 4476 } 4477 } 4478 SCTP_INP_READ_UNLOCK(old_inp); 4479 /* Remove the sb-lock on the old socket */ 4480 4481 sbunlock(&old_so->so_rcv); 4482 /* Now we move them over to the new socket buffer */ 4483 SCTP_INP_READ_LOCK(new_inp); 4484 TAILQ_FOREACH_SAFE(control, &tmp_queue, next, nctl) { 4485 TAILQ_INSERT_TAIL(&new_inp->read_queue, control, next); 4486 m = control->data; 4487 while (m) { 4488 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4489 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m)); 4490 } 4491 sctp_sballoc(stcb, &new_so->so_rcv, m); 4492 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4493 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4494 } 4495 m = SCTP_BUF_NEXT(m); 4496 } 4497 } 4498 SCTP_INP_READ_UNLOCK(new_inp); 4499 } 4500 4501 void 4502 sctp_wakeup_the_read_socket(struct sctp_inpcb *inp, 4503 struct sctp_tcb *stcb, 4504 int so_locked 4505 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4506 SCTP_UNUSED 4507 #endif 4508 ) 4509 { 4510 if ((inp != NULL) && (inp->sctp_socket != NULL)) { 4511 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4512 struct socket *so; 4513 4514 so = SCTP_INP_SO(inp); 4515 if (!so_locked) { 4516 if (stcb) { 4517 atomic_add_int(&stcb->asoc.refcnt, 1); 4518 SCTP_TCB_UNLOCK(stcb); 4519 } 4520 SCTP_SOCKET_LOCK(so, 1); 4521 if (stcb) { 4522 SCTP_TCB_LOCK(stcb); 4523 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4524 } 4525 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 4526 SCTP_SOCKET_UNLOCK(so, 1); 4527 return; 4528 } 4529 } 4530 #endif 4531 sctp_sorwakeup(inp, inp->sctp_socket); 4532 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4533 if (!so_locked) { 4534 SCTP_SOCKET_UNLOCK(so, 1); 4535 } 4536 #endif 4537 } 4538 } 4539 4540 void 4541 sctp_add_to_readq(struct sctp_inpcb *inp, 4542 struct sctp_tcb *stcb, 4543 struct sctp_queued_to_read *control, 4544 struct sockbuf *sb, 4545 int end, 4546 int inp_read_lock_held, 4547 int so_locked 4548 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4549 SCTP_UNUSED 4550 #endif 4551 ) 4552 { 4553 /* 4554 * Here we must place the control on the end of the socket read 4555 * queue AND increment sb_cc so that select will work properly on 4556 * read. 4557 */ 4558 struct mbuf *m, *prev = NULL; 4559 4560 if (inp == NULL) { 4561 /* Gak, TSNH!! */ 4562 #ifdef INVARIANTS 4563 panic("Gak, inp NULL on add_to_readq"); 4564 #endif 4565 return; 4566 } 4567 if (inp_read_lock_held == 0) 4568 SCTP_INP_READ_LOCK(inp); 4569 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_CANT_READ) { 4570 if (!control->on_strm_q) { 4571 sctp_free_remote_addr(control->whoFrom); 4572 if (control->data) { 4573 sctp_m_freem(control->data); 4574 control->data = NULL; 4575 } 4576 sctp_free_a_readq(stcb, control); 4577 } 4578 if (inp_read_lock_held == 0) 4579 SCTP_INP_READ_UNLOCK(inp); 4580 return; 4581 } 4582 if (!(control->spec_flags & M_NOTIFICATION)) { 4583 atomic_add_int(&inp->total_recvs, 1); 4584 if (!control->do_not_ref_stcb) { 4585 atomic_add_int(&stcb->total_recvs, 1); 4586 } 4587 } 4588 m = control->data; 4589 control->held_length = 0; 4590 control->length = 0; 4591 while (m) { 4592 if (SCTP_BUF_LEN(m) == 0) { 4593 /* Skip mbufs with NO length */ 4594 if (prev == NULL) { 4595 /* First one */ 4596 control->data = sctp_m_free(m); 4597 m = control->data; 4598 } else { 4599 SCTP_BUF_NEXT(prev) = sctp_m_free(m); 4600 m = SCTP_BUF_NEXT(prev); 4601 } 4602 if (m == NULL) { 4603 control->tail_mbuf = prev; 4604 } 4605 continue; 4606 } 4607 prev = m; 4608 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4609 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m)); 4610 } 4611 sctp_sballoc(stcb, sb, m); 4612 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4613 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4614 } 4615 atomic_add_int(&control->length, SCTP_BUF_LEN(m)); 4616 m = SCTP_BUF_NEXT(m); 4617 } 4618 if (prev != NULL) { 4619 control->tail_mbuf = prev; 4620 } else { 4621 /* Everything got collapsed out?? */ 4622 if (!control->on_strm_q) { 4623 sctp_free_remote_addr(control->whoFrom); 4624 sctp_free_a_readq(stcb, control); 4625 } 4626 if (inp_read_lock_held == 0) 4627 SCTP_INP_READ_UNLOCK(inp); 4628 return; 4629 } 4630 if (end) { 4631 control->end_added = 1; 4632 } 4633 TAILQ_INSERT_TAIL(&inp->read_queue, control, next); 4634 control->on_read_q = 1; 4635 if (inp_read_lock_held == 0) 4636 SCTP_INP_READ_UNLOCK(inp); 4637 if (inp && inp->sctp_socket) { 4638 sctp_wakeup_the_read_socket(inp, stcb, so_locked); 4639 } 4640 } 4641 4642 /*************HOLD THIS COMMENT FOR PATCH FILE OF 4643 *************ALTERNATE ROUTING CODE 4644 */ 4645 4646 /*************HOLD THIS COMMENT FOR END OF PATCH FILE OF 4647 *************ALTERNATE ROUTING CODE 4648 */ 4649 4650 struct mbuf * 4651 sctp_generate_cause(uint16_t code, char *info) 4652 { 4653 struct mbuf *m; 4654 struct sctp_gen_error_cause *cause; 4655 size_t info_len; 4656 uint16_t len; 4657 4658 if ((code == 0) || (info == NULL)) { 4659 return (NULL); 4660 } 4661 info_len = strlen(info); 4662 if (info_len > (SCTP_MAX_CAUSE_LENGTH - sizeof(struct sctp_paramhdr))) { 4663 return (NULL); 4664 } 4665 len = (uint16_t)(sizeof(struct sctp_paramhdr) + info_len); 4666 m = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); 4667 if (m != NULL) { 4668 SCTP_BUF_LEN(m) = len; 4669 cause = mtod(m, struct sctp_gen_error_cause *); 4670 cause->code = htons(code); 4671 cause->length = htons(len); 4672 memcpy(cause->info, info, info_len); 4673 } 4674 return (m); 4675 } 4676 4677 struct mbuf * 4678 sctp_generate_no_user_data_cause(uint32_t tsn) 4679 { 4680 struct mbuf *m; 4681 struct sctp_error_no_user_data *no_user_data_cause; 4682 uint16_t len; 4683 4684 len = (uint16_t)sizeof(struct sctp_error_no_user_data); 4685 m = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); 4686 if (m != NULL) { 4687 SCTP_BUF_LEN(m) = len; 4688 no_user_data_cause = mtod(m, struct sctp_error_no_user_data *); 4689 no_user_data_cause->cause.code = htons(SCTP_CAUSE_NO_USER_DATA); 4690 no_user_data_cause->cause.length = htons(len); 4691 no_user_data_cause->tsn = htonl(tsn); 4692 } 4693 return (m); 4694 } 4695 4696 #ifdef SCTP_MBCNT_LOGGING 4697 void 4698 sctp_free_bufspace(struct sctp_tcb *stcb, struct sctp_association *asoc, 4699 struct sctp_tmit_chunk *tp1, int chk_cnt) 4700 { 4701 if (tp1->data == NULL) { 4702 return; 4703 } 4704 asoc->chunks_on_out_queue -= chk_cnt; 4705 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBCNT_LOGGING_ENABLE) { 4706 sctp_log_mbcnt(SCTP_LOG_MBCNT_DECREASE, 4707 asoc->total_output_queue_size, 4708 tp1->book_size, 4709 0, 4710 tp1->mbcnt); 4711 } 4712 if (asoc->total_output_queue_size >= tp1->book_size) { 4713 atomic_add_int(&asoc->total_output_queue_size, -tp1->book_size); 4714 } else { 4715 asoc->total_output_queue_size = 0; 4716 } 4717 4718 if (stcb->sctp_socket && (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) || 4719 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)))) { 4720 if (stcb->sctp_socket->so_snd.sb_cc >= tp1->book_size) { 4721 stcb->sctp_socket->so_snd.sb_cc -= tp1->book_size; 4722 } else { 4723 stcb->sctp_socket->so_snd.sb_cc = 0; 4724 4725 } 4726 } 4727 } 4728 4729 #endif 4730 4731 int 4732 sctp_release_pr_sctp_chunk(struct sctp_tcb *stcb, struct sctp_tmit_chunk *tp1, 4733 uint8_t sent, int so_locked 4734 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4735 SCTP_UNUSED 4736 #endif 4737 ) 4738 { 4739 struct sctp_stream_out *strq; 4740 struct sctp_tmit_chunk *chk = NULL, *tp2; 4741 struct sctp_stream_queue_pending *sp; 4742 uint32_t mid; 4743 uint16_t sid; 4744 uint8_t foundeom = 0; 4745 int ret_sz = 0; 4746 int notdone; 4747 int do_wakeup_routine = 0; 4748 4749 sid = tp1->rec.data.sid; 4750 mid = tp1->rec.data.mid; 4751 if (sent || !(tp1->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG)) { 4752 stcb->asoc.abandoned_sent[0]++; 4753 stcb->asoc.abandoned_sent[PR_SCTP_POLICY(tp1->flags)]++; 4754 stcb->asoc.strmout[sid].abandoned_sent[0]++; 4755 #if defined(SCTP_DETAILED_STR_STATS) 4756 stcb->asoc.strmout[sid].abandoned_sent[PR_SCTP_POLICY(tp1->flags)]++; 4757 #endif 4758 } else { 4759 stcb->asoc.abandoned_unsent[0]++; 4760 stcb->asoc.abandoned_unsent[PR_SCTP_POLICY(tp1->flags)]++; 4761 stcb->asoc.strmout[sid].abandoned_unsent[0]++; 4762 #if defined(SCTP_DETAILED_STR_STATS) 4763 stcb->asoc.strmout[sid].abandoned_unsent[PR_SCTP_POLICY(tp1->flags)]++; 4764 #endif 4765 } 4766 do { 4767 ret_sz += tp1->book_size; 4768 if (tp1->data != NULL) { 4769 if (tp1->sent < SCTP_DATAGRAM_RESEND) { 4770 sctp_flight_size_decrease(tp1); 4771 sctp_total_flight_decrease(stcb, tp1); 4772 } 4773 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1); 4774 stcb->asoc.peers_rwnd += tp1->send_size; 4775 stcb->asoc.peers_rwnd += SCTP_BASE_SYSCTL(sctp_peer_chunk_oh); 4776 if (sent) { 4777 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 0, tp1, so_locked); 4778 } else { 4779 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 0, tp1, so_locked); 4780 } 4781 if (tp1->data) { 4782 sctp_m_freem(tp1->data); 4783 tp1->data = NULL; 4784 } 4785 do_wakeup_routine = 1; 4786 if (PR_SCTP_BUF_ENABLED(tp1->flags)) { 4787 stcb->asoc.sent_queue_cnt_removeable--; 4788 } 4789 } 4790 tp1->sent = SCTP_FORWARD_TSN_SKIP; 4791 if ((tp1->rec.data.rcv_flags & SCTP_DATA_NOT_FRAG) == 4792 SCTP_DATA_NOT_FRAG) { 4793 /* not frag'ed we ae done */ 4794 notdone = 0; 4795 foundeom = 1; 4796 } else if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { 4797 /* end of frag, we are done */ 4798 notdone = 0; 4799 foundeom = 1; 4800 } else { 4801 /* 4802 * Its a begin or middle piece, we must mark all of 4803 * it 4804 */ 4805 notdone = 1; 4806 tp1 = TAILQ_NEXT(tp1, sctp_next); 4807 } 4808 } while (tp1 && notdone); 4809 if (foundeom == 0) { 4810 /* 4811 * The multi-part message was scattered across the send and 4812 * sent queue. 4813 */ 4814 TAILQ_FOREACH_SAFE(tp1, &stcb->asoc.send_queue, sctp_next, tp2) { 4815 if ((tp1->rec.data.sid != sid) || 4816 (!SCTP_MID_EQ(stcb->asoc.idata_supported, tp1->rec.data.mid, mid))) { 4817 break; 4818 } 4819 /* 4820 * save to chk in case we have some on stream out 4821 * queue. If so and we have an un-transmitted one we 4822 * don't have to fudge the TSN. 4823 */ 4824 chk = tp1; 4825 ret_sz += tp1->book_size; 4826 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1); 4827 if (sent) { 4828 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 0, tp1, so_locked); 4829 } else { 4830 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 0, tp1, so_locked); 4831 } 4832 if (tp1->data) { 4833 sctp_m_freem(tp1->data); 4834 tp1->data = NULL; 4835 } 4836 /* No flight involved here book the size to 0 */ 4837 tp1->book_size = 0; 4838 if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { 4839 foundeom = 1; 4840 } 4841 do_wakeup_routine = 1; 4842 tp1->sent = SCTP_FORWARD_TSN_SKIP; 4843 TAILQ_REMOVE(&stcb->asoc.send_queue, tp1, sctp_next); 4844 /* 4845 * on to the sent queue so we can wait for it to be 4846 * passed by. 4847 */ 4848 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, tp1, 4849 sctp_next); 4850 stcb->asoc.send_queue_cnt--; 4851 stcb->asoc.sent_queue_cnt++; 4852 } 4853 } 4854 if (foundeom == 0) { 4855 /* 4856 * Still no eom found. That means there is stuff left on the 4857 * stream out queue.. yuck. 4858 */ 4859 SCTP_TCB_SEND_LOCK(stcb); 4860 strq = &stcb->asoc.strmout[sid]; 4861 sp = TAILQ_FIRST(&strq->outqueue); 4862 if (sp != NULL) { 4863 sp->discard_rest = 1; 4864 /* 4865 * We may need to put a chunk on the queue that 4866 * holds the TSN that would have been sent with the 4867 * LAST bit. 4868 */ 4869 if (chk == NULL) { 4870 /* Yep, we have to */ 4871 sctp_alloc_a_chunk(stcb, chk); 4872 if (chk == NULL) { 4873 /* 4874 * we are hosed. All we can do is 4875 * nothing.. which will cause an 4876 * abort if the peer is paying 4877 * attention. 4878 */ 4879 goto oh_well; 4880 } 4881 memset(chk, 0, sizeof(*chk)); 4882 chk->rec.data.rcv_flags = 0; 4883 chk->sent = SCTP_FORWARD_TSN_SKIP; 4884 chk->asoc = &stcb->asoc; 4885 if (stcb->asoc.idata_supported == 0) { 4886 if (sp->sinfo_flags & SCTP_UNORDERED) { 4887 chk->rec.data.mid = 0; 4888 } else { 4889 chk->rec.data.mid = strq->next_mid_ordered; 4890 } 4891 } else { 4892 if (sp->sinfo_flags & SCTP_UNORDERED) { 4893 chk->rec.data.mid = strq->next_mid_unordered; 4894 } else { 4895 chk->rec.data.mid = strq->next_mid_ordered; 4896 } 4897 } 4898 chk->rec.data.sid = sp->sid; 4899 chk->rec.data.ppid = sp->ppid; 4900 chk->rec.data.context = sp->context; 4901 chk->flags = sp->act_flags; 4902 chk->whoTo = NULL; 4903 chk->rec.data.tsn = atomic_fetchadd_int(&stcb->asoc.sending_seq, 1); 4904 strq->chunks_on_queues++; 4905 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, chk, sctp_next); 4906 stcb->asoc.sent_queue_cnt++; 4907 stcb->asoc.pr_sctp_cnt++; 4908 } 4909 chk->rec.data.rcv_flags |= SCTP_DATA_LAST_FRAG; 4910 if (sp->sinfo_flags & SCTP_UNORDERED) { 4911 chk->rec.data.rcv_flags |= SCTP_DATA_UNORDERED; 4912 } 4913 if (stcb->asoc.idata_supported == 0) { 4914 if ((sp->sinfo_flags & SCTP_UNORDERED) == 0) { 4915 strq->next_mid_ordered++; 4916 } 4917 } else { 4918 if (sp->sinfo_flags & SCTP_UNORDERED) { 4919 strq->next_mid_unordered++; 4920 } else { 4921 strq->next_mid_ordered++; 4922 } 4923 } 4924 oh_well: 4925 if (sp->data) { 4926 /* 4927 * Pull any data to free up the SB and allow 4928 * sender to "add more" while we will throw 4929 * away :-) 4930 */ 4931 sctp_free_spbufspace(stcb, &stcb->asoc, sp); 4932 ret_sz += sp->length; 4933 do_wakeup_routine = 1; 4934 sp->some_taken = 1; 4935 sctp_m_freem(sp->data); 4936 sp->data = NULL; 4937 sp->tail_mbuf = NULL; 4938 sp->length = 0; 4939 } 4940 } 4941 SCTP_TCB_SEND_UNLOCK(stcb); 4942 } 4943 if (do_wakeup_routine) { 4944 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4945 struct socket *so; 4946 4947 so = SCTP_INP_SO(stcb->sctp_ep); 4948 if (!so_locked) { 4949 atomic_add_int(&stcb->asoc.refcnt, 1); 4950 SCTP_TCB_UNLOCK(stcb); 4951 SCTP_SOCKET_LOCK(so, 1); 4952 SCTP_TCB_LOCK(stcb); 4953 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4954 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 4955 /* assoc was freed while we were unlocked */ 4956 SCTP_SOCKET_UNLOCK(so, 1); 4957 return (ret_sz); 4958 } 4959 } 4960 #endif 4961 sctp_sowwakeup(stcb->sctp_ep, stcb->sctp_socket); 4962 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4963 if (!so_locked) { 4964 SCTP_SOCKET_UNLOCK(so, 1); 4965 } 4966 #endif 4967 } 4968 return (ret_sz); 4969 } 4970 4971 /* 4972 * checks to see if the given address, sa, is one that is currently known by 4973 * the kernel note: can't distinguish the same address on multiple interfaces 4974 * and doesn't handle multiple addresses with different zone/scope id's note: 4975 * ifa_ifwithaddr() compares the entire sockaddr struct 4976 */ 4977 struct sctp_ifa * 4978 sctp_find_ifa_in_ep(struct sctp_inpcb *inp, struct sockaddr *addr, 4979 int holds_lock) 4980 { 4981 struct sctp_laddr *laddr; 4982 4983 if (holds_lock == 0) { 4984 SCTP_INP_RLOCK(inp); 4985 } 4986 4987 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 4988 if (laddr->ifa == NULL) 4989 continue; 4990 if (addr->sa_family != laddr->ifa->address.sa.sa_family) 4991 continue; 4992 #ifdef INET 4993 if (addr->sa_family == AF_INET) { 4994 if (((struct sockaddr_in *)addr)->sin_addr.s_addr == 4995 laddr->ifa->address.sin.sin_addr.s_addr) { 4996 /* found him. */ 4997 if (holds_lock == 0) { 4998 SCTP_INP_RUNLOCK(inp); 4999 } 5000 return (laddr->ifa); 5001 break; 5002 } 5003 } 5004 #endif 5005 #ifdef INET6 5006 if (addr->sa_family == AF_INET6) { 5007 if (SCTP6_ARE_ADDR_EQUAL((struct sockaddr_in6 *)addr, 5008 &laddr->ifa->address.sin6)) { 5009 /* found him. */ 5010 if (holds_lock == 0) { 5011 SCTP_INP_RUNLOCK(inp); 5012 } 5013 return (laddr->ifa); 5014 break; 5015 } 5016 } 5017 #endif 5018 } 5019 if (holds_lock == 0) { 5020 SCTP_INP_RUNLOCK(inp); 5021 } 5022 return (NULL); 5023 } 5024 5025 uint32_t 5026 sctp_get_ifa_hash_val(struct sockaddr *addr) 5027 { 5028 switch (addr->sa_family) { 5029 #ifdef INET 5030 case AF_INET: 5031 { 5032 struct sockaddr_in *sin; 5033 5034 sin = (struct sockaddr_in *)addr; 5035 return (sin->sin_addr.s_addr ^ (sin->sin_addr.s_addr >> 16)); 5036 } 5037 #endif 5038 #ifdef INET6 5039 case AF_INET6: 5040 { 5041 struct sockaddr_in6 *sin6; 5042 uint32_t hash_of_addr; 5043 5044 sin6 = (struct sockaddr_in6 *)addr; 5045 hash_of_addr = (sin6->sin6_addr.s6_addr32[0] + 5046 sin6->sin6_addr.s6_addr32[1] + 5047 sin6->sin6_addr.s6_addr32[2] + 5048 sin6->sin6_addr.s6_addr32[3]); 5049 hash_of_addr = (hash_of_addr ^ (hash_of_addr >> 16)); 5050 return (hash_of_addr); 5051 } 5052 #endif 5053 default: 5054 break; 5055 } 5056 return (0); 5057 } 5058 5059 struct sctp_ifa * 5060 sctp_find_ifa_by_addr(struct sockaddr *addr, uint32_t vrf_id, int holds_lock) 5061 { 5062 struct sctp_ifa *sctp_ifap; 5063 struct sctp_vrf *vrf; 5064 struct sctp_ifalist *hash_head; 5065 uint32_t hash_of_addr; 5066 5067 if (holds_lock == 0) 5068 SCTP_IPI_ADDR_RLOCK(); 5069 5070 vrf = sctp_find_vrf(vrf_id); 5071 if (vrf == NULL) { 5072 if (holds_lock == 0) 5073 SCTP_IPI_ADDR_RUNLOCK(); 5074 return (NULL); 5075 } 5076 5077 hash_of_addr = sctp_get_ifa_hash_val(addr); 5078 5079 hash_head = &vrf->vrf_addr_hash[(hash_of_addr & vrf->vrf_addr_hashmark)]; 5080 if (hash_head == NULL) { 5081 SCTP_PRINTF("hash_of_addr:%x mask:%x table:%x - ", 5082 hash_of_addr, (uint32_t)vrf->vrf_addr_hashmark, 5083 (uint32_t)(hash_of_addr & vrf->vrf_addr_hashmark)); 5084 sctp_print_address(addr); 5085 SCTP_PRINTF("No such bucket for address\n"); 5086 if (holds_lock == 0) 5087 SCTP_IPI_ADDR_RUNLOCK(); 5088 5089 return (NULL); 5090 } 5091 LIST_FOREACH(sctp_ifap, hash_head, next_bucket) { 5092 if (addr->sa_family != sctp_ifap->address.sa.sa_family) 5093 continue; 5094 #ifdef INET 5095 if (addr->sa_family == AF_INET) { 5096 if (((struct sockaddr_in *)addr)->sin_addr.s_addr == 5097 sctp_ifap->address.sin.sin_addr.s_addr) { 5098 /* found him. */ 5099 if (holds_lock == 0) 5100 SCTP_IPI_ADDR_RUNLOCK(); 5101 return (sctp_ifap); 5102 break; 5103 } 5104 } 5105 #endif 5106 #ifdef INET6 5107 if (addr->sa_family == AF_INET6) { 5108 if (SCTP6_ARE_ADDR_EQUAL((struct sockaddr_in6 *)addr, 5109 &sctp_ifap->address.sin6)) { 5110 /* found him. */ 5111 if (holds_lock == 0) 5112 SCTP_IPI_ADDR_RUNLOCK(); 5113 return (sctp_ifap); 5114 break; 5115 } 5116 } 5117 #endif 5118 } 5119 if (holds_lock == 0) 5120 SCTP_IPI_ADDR_RUNLOCK(); 5121 return (NULL); 5122 } 5123 5124 static void 5125 sctp_user_rcvd(struct sctp_tcb *stcb, uint32_t *freed_so_far, int hold_rlock, 5126 uint32_t rwnd_req) 5127 { 5128 /* User pulled some data, do we need a rwnd update? */ 5129 int r_unlocked = 0; 5130 uint32_t dif, rwnd; 5131 struct socket *so = NULL; 5132 5133 if (stcb == NULL) 5134 return; 5135 5136 atomic_add_int(&stcb->asoc.refcnt, 1); 5137 5138 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 5139 (stcb->asoc.state & (SCTP_STATE_ABOUT_TO_BE_FREED | SCTP_STATE_SHUTDOWN_RECEIVED))) { 5140 /* Pre-check If we are freeing no update */ 5141 goto no_lock; 5142 } 5143 SCTP_INP_INCR_REF(stcb->sctp_ep); 5144 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 5145 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 5146 goto out; 5147 } 5148 so = stcb->sctp_socket; 5149 if (so == NULL) { 5150 goto out; 5151 } 5152 atomic_add_int(&stcb->freed_by_sorcv_sincelast, *freed_so_far); 5153 /* Have you have freed enough to look */ 5154 *freed_so_far = 0; 5155 /* Yep, its worth a look and the lock overhead */ 5156 5157 /* Figure out what the rwnd would be */ 5158 rwnd = sctp_calc_rwnd(stcb, &stcb->asoc); 5159 if (rwnd >= stcb->asoc.my_last_reported_rwnd) { 5160 dif = rwnd - stcb->asoc.my_last_reported_rwnd; 5161 } else { 5162 dif = 0; 5163 } 5164 if (dif >= rwnd_req) { 5165 if (hold_rlock) { 5166 SCTP_INP_READ_UNLOCK(stcb->sctp_ep); 5167 r_unlocked = 1; 5168 } 5169 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5170 /* 5171 * One last check before we allow the guy possibly 5172 * to get in. There is a race, where the guy has not 5173 * reached the gate. In that case 5174 */ 5175 goto out; 5176 } 5177 SCTP_TCB_LOCK(stcb); 5178 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5179 /* No reports here */ 5180 SCTP_TCB_UNLOCK(stcb); 5181 goto out; 5182 } 5183 SCTP_STAT_INCR(sctps_wu_sacks_sent); 5184 sctp_send_sack(stcb, SCTP_SO_LOCKED); 5185 5186 sctp_chunk_output(stcb->sctp_ep, stcb, 5187 SCTP_OUTPUT_FROM_USR_RCVD, SCTP_SO_LOCKED); 5188 /* make sure no timer is running */ 5189 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, 5190 SCTP_FROM_SCTPUTIL + SCTP_LOC_6); 5191 SCTP_TCB_UNLOCK(stcb); 5192 } else { 5193 /* Update how much we have pending */ 5194 stcb->freed_by_sorcv_sincelast = dif; 5195 } 5196 out: 5197 if (so && r_unlocked && hold_rlock) { 5198 SCTP_INP_READ_LOCK(stcb->sctp_ep); 5199 } 5200 5201 SCTP_INP_DECR_REF(stcb->sctp_ep); 5202 no_lock: 5203 atomic_add_int(&stcb->asoc.refcnt, -1); 5204 return; 5205 } 5206 5207 int 5208 sctp_sorecvmsg(struct socket *so, 5209 struct uio *uio, 5210 struct mbuf **mp, 5211 struct sockaddr *from, 5212 int fromlen, 5213 int *msg_flags, 5214 struct sctp_sndrcvinfo *sinfo, 5215 int filling_sinfo) 5216 { 5217 /* 5218 * MSG flags we will look at MSG_DONTWAIT - non-blocking IO. 5219 * MSG_PEEK - Look don't touch :-D (only valid with OUT mbuf copy 5220 * mp=NULL thus uio is the copy method to userland) MSG_WAITALL - ?? 5221 * On the way out we may send out any combination of: 5222 * MSG_NOTIFICATION MSG_EOR 5223 * 5224 */ 5225 struct sctp_inpcb *inp = NULL; 5226 ssize_t my_len = 0; 5227 ssize_t cp_len = 0; 5228 int error = 0; 5229 struct sctp_queued_to_read *control = NULL, *ctl = NULL, *nxt = NULL; 5230 struct mbuf *m = NULL; 5231 struct sctp_tcb *stcb = NULL; 5232 int wakeup_read_socket = 0; 5233 int freecnt_applied = 0; 5234 int out_flags = 0, in_flags = 0; 5235 int block_allowed = 1; 5236 uint32_t freed_so_far = 0; 5237 ssize_t copied_so_far = 0; 5238 int in_eeor_mode = 0; 5239 int no_rcv_needed = 0; 5240 uint32_t rwnd_req = 0; 5241 int hold_sblock = 0; 5242 int hold_rlock = 0; 5243 ssize_t slen = 0; 5244 uint32_t held_length = 0; 5245 int sockbuf_lock = 0; 5246 5247 if (uio == NULL) { 5248 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 5249 return (EINVAL); 5250 } 5251 5252 if (msg_flags) { 5253 in_flags = *msg_flags; 5254 if (in_flags & MSG_PEEK) 5255 SCTP_STAT_INCR(sctps_read_peeks); 5256 } else { 5257 in_flags = 0; 5258 } 5259 slen = uio->uio_resid; 5260 5261 /* Pull in and set up our int flags */ 5262 if (in_flags & MSG_OOB) { 5263 /* Out of band's NOT supported */ 5264 return (EOPNOTSUPP); 5265 } 5266 if ((in_flags & MSG_PEEK) && (mp != NULL)) { 5267 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 5268 return (EINVAL); 5269 } 5270 if ((in_flags & (MSG_DONTWAIT 5271 | MSG_NBIO 5272 )) || 5273 SCTP_SO_IS_NBIO(so)) { 5274 block_allowed = 0; 5275 } 5276 /* setup the endpoint */ 5277 inp = (struct sctp_inpcb *)so->so_pcb; 5278 if (inp == NULL) { 5279 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EFAULT); 5280 return (EFAULT); 5281 } 5282 rwnd_req = (SCTP_SB_LIMIT_RCV(so) >> SCTP_RWND_HIWAT_SHIFT); 5283 /* Must be at least a MTU's worth */ 5284 if (rwnd_req < SCTP_MIN_RWND) 5285 rwnd_req = SCTP_MIN_RWND; 5286 in_eeor_mode = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR); 5287 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 5288 sctp_misc_ints(SCTP_SORECV_ENTER, 5289 rwnd_req, in_eeor_mode, so->so_rcv.sb_cc, (uint32_t)uio->uio_resid); 5290 } 5291 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 5292 sctp_misc_ints(SCTP_SORECV_ENTERPL, 5293 rwnd_req, block_allowed, so->so_rcv.sb_cc, (uint32_t)uio->uio_resid); 5294 } 5295 5296 5297 error = sblock(&so->so_rcv, (block_allowed ? SBL_WAIT : 0)); 5298 if (error) { 5299 goto release_unlocked; 5300 } 5301 sockbuf_lock = 1; 5302 restart: 5303 5304 5305 restart_nosblocks: 5306 if (hold_sblock == 0) { 5307 SOCKBUF_LOCK(&so->so_rcv); 5308 hold_sblock = 1; 5309 } 5310 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 5311 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 5312 goto out; 5313 } 5314 if ((so->so_rcv.sb_state & SBS_CANTRCVMORE) && (so->so_rcv.sb_cc == 0)) { 5315 if (so->so_error) { 5316 error = so->so_error; 5317 if ((in_flags & MSG_PEEK) == 0) 5318 so->so_error = 0; 5319 goto out; 5320 } else { 5321 if (so->so_rcv.sb_cc == 0) { 5322 /* indicate EOF */ 5323 error = 0; 5324 goto out; 5325 } 5326 } 5327 } 5328 if (so->so_rcv.sb_cc <= held_length) { 5329 if (so->so_error) { 5330 error = so->so_error; 5331 if ((in_flags & MSG_PEEK) == 0) { 5332 so->so_error = 0; 5333 } 5334 goto out; 5335 } 5336 if ((so->so_rcv.sb_cc == 0) && 5337 ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 5338 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL))) { 5339 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0) { 5340 /* 5341 * For active open side clear flags for 5342 * re-use passive open is blocked by 5343 * connect. 5344 */ 5345 if (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED) { 5346 /* 5347 * You were aborted, passive side 5348 * always hits here 5349 */ 5350 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ECONNRESET); 5351 error = ECONNRESET; 5352 } 5353 so->so_state &= ~(SS_ISCONNECTING | 5354 SS_ISDISCONNECTING | 5355 SS_ISCONFIRMING | 5356 SS_ISCONNECTED); 5357 if (error == 0) { 5358 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) == 0) { 5359 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOTCONN); 5360 error = ENOTCONN; 5361 } 5362 } 5363 goto out; 5364 } 5365 } 5366 if (block_allowed) { 5367 error = sbwait(&so->so_rcv); 5368 if (error) { 5369 goto out; 5370 } 5371 held_length = 0; 5372 goto restart_nosblocks; 5373 } else { 5374 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EWOULDBLOCK); 5375 error = EWOULDBLOCK; 5376 goto out; 5377 } 5378 } 5379 if (hold_sblock == 1) { 5380 SOCKBUF_UNLOCK(&so->so_rcv); 5381 hold_sblock = 0; 5382 } 5383 /* we possibly have data we can read */ 5384 /* sa_ignore FREED_MEMORY */ 5385 control = TAILQ_FIRST(&inp->read_queue); 5386 if (control == NULL) { 5387 /* 5388 * This could be happening since the appender did the 5389 * increment but as not yet did the tailq insert onto the 5390 * read_queue 5391 */ 5392 if (hold_rlock == 0) { 5393 SCTP_INP_READ_LOCK(inp); 5394 } 5395 control = TAILQ_FIRST(&inp->read_queue); 5396 if ((control == NULL) && (so->so_rcv.sb_cc != 0)) { 5397 #ifdef INVARIANTS 5398 panic("Huh, its non zero and nothing on control?"); 5399 #endif 5400 so->so_rcv.sb_cc = 0; 5401 } 5402 SCTP_INP_READ_UNLOCK(inp); 5403 hold_rlock = 0; 5404 goto restart; 5405 } 5406 5407 if ((control->length == 0) && 5408 (control->do_not_ref_stcb)) { 5409 /* 5410 * Clean up code for freeing assoc that left behind a 5411 * pdapi.. maybe a peer in EEOR that just closed after 5412 * sending and never indicated a EOR. 5413 */ 5414 if (hold_rlock == 0) { 5415 hold_rlock = 1; 5416 SCTP_INP_READ_LOCK(inp); 5417 } 5418 control->held_length = 0; 5419 if (control->data) { 5420 /* Hmm there is data here .. fix */ 5421 struct mbuf *m_tmp; 5422 int cnt = 0; 5423 5424 m_tmp = control->data; 5425 while (m_tmp) { 5426 cnt += SCTP_BUF_LEN(m_tmp); 5427 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 5428 control->tail_mbuf = m_tmp; 5429 control->end_added = 1; 5430 } 5431 m_tmp = SCTP_BUF_NEXT(m_tmp); 5432 } 5433 control->length = cnt; 5434 } else { 5435 /* remove it */ 5436 TAILQ_REMOVE(&inp->read_queue, control, next); 5437 /* Add back any hiddend data */ 5438 sctp_free_remote_addr(control->whoFrom); 5439 sctp_free_a_readq(stcb, control); 5440 } 5441 if (hold_rlock) { 5442 hold_rlock = 0; 5443 SCTP_INP_READ_UNLOCK(inp); 5444 } 5445 goto restart; 5446 } 5447 if ((control->length == 0) && 5448 (control->end_added == 1)) { 5449 /* 5450 * Do we also need to check for (control->pdapi_aborted == 5451 * 1)? 5452 */ 5453 if (hold_rlock == 0) { 5454 hold_rlock = 1; 5455 SCTP_INP_READ_LOCK(inp); 5456 } 5457 TAILQ_REMOVE(&inp->read_queue, control, next); 5458 if (control->data) { 5459 #ifdef INVARIANTS 5460 panic("control->data not null but control->length == 0"); 5461 #else 5462 SCTP_PRINTF("Strange, data left in the control buffer. Cleaning up.\n"); 5463 sctp_m_freem(control->data); 5464 control->data = NULL; 5465 #endif 5466 } 5467 if (control->aux_data) { 5468 sctp_m_free(control->aux_data); 5469 control->aux_data = NULL; 5470 } 5471 #ifdef INVARIANTS 5472 if (control->on_strm_q) { 5473 panic("About to free ctl:%p so:%p and its in %d", 5474 control, so, control->on_strm_q); 5475 } 5476 #endif 5477 sctp_free_remote_addr(control->whoFrom); 5478 sctp_free_a_readq(stcb, control); 5479 if (hold_rlock) { 5480 hold_rlock = 0; 5481 SCTP_INP_READ_UNLOCK(inp); 5482 } 5483 goto restart; 5484 } 5485 if (control->length == 0) { 5486 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE)) && 5487 (filling_sinfo)) { 5488 /* find a more suitable one then this */ 5489 ctl = TAILQ_NEXT(control, next); 5490 while (ctl) { 5491 if ((ctl->stcb != control->stcb) && (ctl->length) && 5492 (ctl->some_taken || 5493 (ctl->spec_flags & M_NOTIFICATION) || 5494 ((ctl->do_not_ref_stcb == 0) && 5495 (ctl->stcb->asoc.strmin[ctl->sinfo_stream].delivery_started == 0))) 5496 ) { 5497 /*- 5498 * If we have a different TCB next, and there is data 5499 * present. If we have already taken some (pdapi), OR we can 5500 * ref the tcb and no delivery as started on this stream, we 5501 * take it. Note we allow a notification on a different 5502 * assoc to be delivered.. 5503 */ 5504 control = ctl; 5505 goto found_one; 5506 } else if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS)) && 5507 (ctl->length) && 5508 ((ctl->some_taken) || 5509 ((ctl->do_not_ref_stcb == 0) && 5510 ((ctl->spec_flags & M_NOTIFICATION) == 0) && 5511 (ctl->stcb->asoc.strmin[ctl->sinfo_stream].delivery_started == 0)))) { 5512 /*- 5513 * If we have the same tcb, and there is data present, and we 5514 * have the strm interleave feature present. Then if we have 5515 * taken some (pdapi) or we can refer to tht tcb AND we have 5516 * not started a delivery for this stream, we can take it. 5517 * Note we do NOT allow a notificaiton on the same assoc to 5518 * be delivered. 5519 */ 5520 control = ctl; 5521 goto found_one; 5522 } 5523 ctl = TAILQ_NEXT(ctl, next); 5524 } 5525 } 5526 /* 5527 * if we reach here, not suitable replacement is available 5528 * <or> fragment interleave is NOT on. So stuff the sb_cc 5529 * into the our held count, and its time to sleep again. 5530 */ 5531 held_length = so->so_rcv.sb_cc; 5532 control->held_length = so->so_rcv.sb_cc; 5533 goto restart; 5534 } 5535 /* Clear the held length since there is something to read */ 5536 control->held_length = 0; 5537 found_one: 5538 /* 5539 * If we reach here, control has a some data for us to read off. 5540 * Note that stcb COULD be NULL. 5541 */ 5542 if (hold_rlock == 0) { 5543 hold_rlock = 1; 5544 SCTP_INP_READ_LOCK(inp); 5545 } 5546 control->some_taken++; 5547 stcb = control->stcb; 5548 if (stcb) { 5549 if ((control->do_not_ref_stcb == 0) && 5550 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED)) { 5551 if (freecnt_applied == 0) 5552 stcb = NULL; 5553 } else if (control->do_not_ref_stcb == 0) { 5554 /* you can't free it on me please */ 5555 /* 5556 * The lock on the socket buffer protects us so the 5557 * free code will stop. But since we used the 5558 * socketbuf lock and the sender uses the tcb_lock 5559 * to increment, we need to use the atomic add to 5560 * the refcnt 5561 */ 5562 if (freecnt_applied) { 5563 #ifdef INVARIANTS 5564 panic("refcnt already incremented"); 5565 #else 5566 SCTP_PRINTF("refcnt already incremented?\n"); 5567 #endif 5568 } else { 5569 atomic_add_int(&stcb->asoc.refcnt, 1); 5570 freecnt_applied = 1; 5571 } 5572 /* 5573 * Setup to remember how much we have not yet told 5574 * the peer our rwnd has opened up. Note we grab the 5575 * value from the tcb from last time. Note too that 5576 * sack sending clears this when a sack is sent, 5577 * which is fine. Once we hit the rwnd_req, we then 5578 * will go to the sctp_user_rcvd() that will not 5579 * lock until it KNOWs it MUST send a WUP-SACK. 5580 */ 5581 freed_so_far = (uint32_t)stcb->freed_by_sorcv_sincelast; 5582 stcb->freed_by_sorcv_sincelast = 0; 5583 } 5584 } 5585 if (stcb && 5586 ((control->spec_flags & M_NOTIFICATION) == 0) && 5587 control->do_not_ref_stcb == 0) { 5588 stcb->asoc.strmin[control->sinfo_stream].delivery_started = 1; 5589 } 5590 5591 /* First lets get off the sinfo and sockaddr info */ 5592 if ((sinfo != NULL) && (filling_sinfo != 0)) { 5593 sinfo->sinfo_stream = control->sinfo_stream; 5594 sinfo->sinfo_ssn = (uint16_t)control->mid; 5595 sinfo->sinfo_flags = control->sinfo_flags; 5596 sinfo->sinfo_ppid = control->sinfo_ppid; 5597 sinfo->sinfo_context = control->sinfo_context; 5598 sinfo->sinfo_timetolive = control->sinfo_timetolive; 5599 sinfo->sinfo_tsn = control->sinfo_tsn; 5600 sinfo->sinfo_cumtsn = control->sinfo_cumtsn; 5601 sinfo->sinfo_assoc_id = control->sinfo_assoc_id; 5602 nxt = TAILQ_NEXT(control, next); 5603 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO) || 5604 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) { 5605 struct sctp_extrcvinfo *s_extra; 5606 5607 s_extra = (struct sctp_extrcvinfo *)sinfo; 5608 if ((nxt) && 5609 (nxt->length)) { 5610 s_extra->serinfo_next_flags = SCTP_NEXT_MSG_AVAIL; 5611 if (nxt->sinfo_flags & SCTP_UNORDERED) { 5612 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_IS_UNORDERED; 5613 } 5614 if (nxt->spec_flags & M_NOTIFICATION) { 5615 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_IS_NOTIFICATION; 5616 } 5617 s_extra->serinfo_next_aid = nxt->sinfo_assoc_id; 5618 s_extra->serinfo_next_length = nxt->length; 5619 s_extra->serinfo_next_ppid = nxt->sinfo_ppid; 5620 s_extra->serinfo_next_stream = nxt->sinfo_stream; 5621 if (nxt->tail_mbuf != NULL) { 5622 if (nxt->end_added) { 5623 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_ISCOMPLETE; 5624 } 5625 } 5626 } else { 5627 /* 5628 * we explicitly 0 this, since the memcpy 5629 * got some other things beyond the older 5630 * sinfo_ that is on the control's structure 5631 * :-D 5632 */ 5633 nxt = NULL; 5634 s_extra->serinfo_next_flags = SCTP_NO_NEXT_MSG; 5635 s_extra->serinfo_next_aid = 0; 5636 s_extra->serinfo_next_length = 0; 5637 s_extra->serinfo_next_ppid = 0; 5638 s_extra->serinfo_next_stream = 0; 5639 } 5640 } 5641 /* 5642 * update off the real current cum-ack, if we have an stcb. 5643 */ 5644 if ((control->do_not_ref_stcb == 0) && stcb) 5645 sinfo->sinfo_cumtsn = stcb->asoc.cumulative_tsn; 5646 /* 5647 * mask off the high bits, we keep the actual chunk bits in 5648 * there. 5649 */ 5650 sinfo->sinfo_flags &= 0x00ff; 5651 if ((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED) { 5652 sinfo->sinfo_flags |= SCTP_UNORDERED; 5653 } 5654 } 5655 #ifdef SCTP_ASOCLOG_OF_TSNS 5656 { 5657 int index, newindex; 5658 struct sctp_pcbtsn_rlog *entry; 5659 5660 do { 5661 index = inp->readlog_index; 5662 newindex = index + 1; 5663 if (newindex >= SCTP_READ_LOG_SIZE) { 5664 newindex = 0; 5665 } 5666 } while (atomic_cmpset_int(&inp->readlog_index, index, newindex) == 0); 5667 entry = &inp->readlog[index]; 5668 entry->vtag = control->sinfo_assoc_id; 5669 entry->strm = control->sinfo_stream; 5670 entry->seq = (uint16_t)control->mid; 5671 entry->sz = control->length; 5672 entry->flgs = control->sinfo_flags; 5673 } 5674 #endif 5675 if ((fromlen > 0) && (from != NULL)) { 5676 union sctp_sockstore store; 5677 size_t len; 5678 5679 switch (control->whoFrom->ro._l_addr.sa.sa_family) { 5680 #ifdef INET6 5681 case AF_INET6: 5682 len = sizeof(struct sockaddr_in6); 5683 store.sin6 = control->whoFrom->ro._l_addr.sin6; 5684 store.sin6.sin6_port = control->port_from; 5685 break; 5686 #endif 5687 #ifdef INET 5688 case AF_INET: 5689 #ifdef INET6 5690 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NEEDS_MAPPED_V4)) { 5691 len = sizeof(struct sockaddr_in6); 5692 in6_sin_2_v4mapsin6(&control->whoFrom->ro._l_addr.sin, 5693 &store.sin6); 5694 store.sin6.sin6_port = control->port_from; 5695 } else { 5696 len = sizeof(struct sockaddr_in); 5697 store.sin = control->whoFrom->ro._l_addr.sin; 5698 store.sin.sin_port = control->port_from; 5699 } 5700 #else 5701 len = sizeof(struct sockaddr_in); 5702 store.sin = control->whoFrom->ro._l_addr.sin; 5703 store.sin.sin_port = control->port_from; 5704 #endif 5705 break; 5706 #endif 5707 default: 5708 len = 0; 5709 break; 5710 } 5711 memcpy(from, &store, min((size_t)fromlen, len)); 5712 #ifdef INET6 5713 { 5714 struct sockaddr_in6 lsa6, *from6; 5715 5716 from6 = (struct sockaddr_in6 *)from; 5717 sctp_recover_scope_mac(from6, (&lsa6)); 5718 } 5719 #endif 5720 } 5721 if (hold_rlock) { 5722 SCTP_INP_READ_UNLOCK(inp); 5723 hold_rlock = 0; 5724 } 5725 if (hold_sblock) { 5726 SOCKBUF_UNLOCK(&so->so_rcv); 5727 hold_sblock = 0; 5728 } 5729 /* now copy out what data we can */ 5730 if (mp == NULL) { 5731 /* copy out each mbuf in the chain up to length */ 5732 get_more_data: 5733 m = control->data; 5734 while (m) { 5735 /* Move out all we can */ 5736 cp_len = uio->uio_resid; 5737 my_len = SCTP_BUF_LEN(m); 5738 if (cp_len > my_len) { 5739 /* not enough in this buf */ 5740 cp_len = my_len; 5741 } 5742 if (hold_rlock) { 5743 SCTP_INP_READ_UNLOCK(inp); 5744 hold_rlock = 0; 5745 } 5746 if (cp_len > 0) 5747 error = uiomove(mtod(m, char *), (int)cp_len, uio); 5748 /* re-read */ 5749 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 5750 goto release; 5751 } 5752 5753 if ((control->do_not_ref_stcb == 0) && stcb && 5754 stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5755 no_rcv_needed = 1; 5756 } 5757 if (error) { 5758 /* error we are out of here */ 5759 goto release; 5760 } 5761 SCTP_INP_READ_LOCK(inp); 5762 hold_rlock = 1; 5763 if (cp_len == SCTP_BUF_LEN(m)) { 5764 if ((SCTP_BUF_NEXT(m) == NULL) && 5765 (control->end_added)) { 5766 out_flags |= MSG_EOR; 5767 if ((control->do_not_ref_stcb == 0) && 5768 (control->stcb != NULL) && 5769 ((control->spec_flags & M_NOTIFICATION) == 0)) 5770 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 5771 } 5772 if (control->spec_flags & M_NOTIFICATION) { 5773 out_flags |= MSG_NOTIFICATION; 5774 } 5775 /* we ate up the mbuf */ 5776 if (in_flags & MSG_PEEK) { 5777 /* just looking */ 5778 m = SCTP_BUF_NEXT(m); 5779 copied_so_far += cp_len; 5780 } else { 5781 /* dispose of the mbuf */ 5782 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5783 sctp_sblog(&so->so_rcv, 5784 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 5785 } 5786 sctp_sbfree(control, stcb, &so->so_rcv, m); 5787 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5788 sctp_sblog(&so->so_rcv, 5789 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 5790 } 5791 copied_so_far += cp_len; 5792 freed_so_far += (uint32_t)cp_len; 5793 freed_so_far += MSIZE; 5794 atomic_subtract_int(&control->length, cp_len); 5795 control->data = sctp_m_free(m); 5796 m = control->data; 5797 /* 5798 * been through it all, must hold sb 5799 * lock ok to null tail 5800 */ 5801 if (control->data == NULL) { 5802 #ifdef INVARIANTS 5803 if ((control->end_added == 0) || 5804 (TAILQ_NEXT(control, next) == NULL)) { 5805 /* 5806 * If the end is not 5807 * added, OR the 5808 * next is NOT null 5809 * we MUST have the 5810 * lock. 5811 */ 5812 if (mtx_owned(&inp->inp_rdata_mtx) == 0) { 5813 panic("Hmm we don't own the lock?"); 5814 } 5815 } 5816 #endif 5817 control->tail_mbuf = NULL; 5818 #ifdef INVARIANTS 5819 if ((control->end_added) && ((out_flags & MSG_EOR) == 0)) { 5820 panic("end_added, nothing left and no MSG_EOR"); 5821 } 5822 #endif 5823 } 5824 } 5825 } else { 5826 /* Do we need to trim the mbuf? */ 5827 if (control->spec_flags & M_NOTIFICATION) { 5828 out_flags |= MSG_NOTIFICATION; 5829 } 5830 if ((in_flags & MSG_PEEK) == 0) { 5831 SCTP_BUF_RESV_UF(m, cp_len); 5832 SCTP_BUF_LEN(m) -= (int)cp_len; 5833 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5834 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, (int)cp_len); 5835 } 5836 atomic_subtract_int(&so->so_rcv.sb_cc, cp_len); 5837 if ((control->do_not_ref_stcb == 0) && 5838 stcb) { 5839 atomic_subtract_int(&stcb->asoc.sb_cc, cp_len); 5840 } 5841 copied_so_far += cp_len; 5842 freed_so_far += (uint32_t)cp_len; 5843 freed_so_far += MSIZE; 5844 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5845 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, 5846 SCTP_LOG_SBRESULT, 0); 5847 } 5848 atomic_subtract_int(&control->length, cp_len); 5849 } else { 5850 copied_so_far += cp_len; 5851 } 5852 } 5853 if ((out_flags & MSG_EOR) || (uio->uio_resid == 0)) { 5854 break; 5855 } 5856 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 5857 (control->do_not_ref_stcb == 0) && 5858 (freed_so_far >= rwnd_req)) { 5859 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5860 } 5861 } /* end while(m) */ 5862 /* 5863 * At this point we have looked at it all and we either have 5864 * a MSG_EOR/or read all the user wants... <OR> 5865 * control->length == 0. 5866 */ 5867 if ((out_flags & MSG_EOR) && ((in_flags & MSG_PEEK) == 0)) { 5868 /* we are done with this control */ 5869 if (control->length == 0) { 5870 if (control->data) { 5871 #ifdef INVARIANTS 5872 panic("control->data not null at read eor?"); 5873 #else 5874 SCTP_PRINTF("Strange, data left in the control buffer .. invarients would panic?\n"); 5875 sctp_m_freem(control->data); 5876 control->data = NULL; 5877 #endif 5878 } 5879 done_with_control: 5880 if (hold_rlock == 0) { 5881 SCTP_INP_READ_LOCK(inp); 5882 hold_rlock = 1; 5883 } 5884 TAILQ_REMOVE(&inp->read_queue, control, next); 5885 /* Add back any hiddend data */ 5886 if (control->held_length) { 5887 held_length = 0; 5888 control->held_length = 0; 5889 wakeup_read_socket = 1; 5890 } 5891 if (control->aux_data) { 5892 sctp_m_free(control->aux_data); 5893 control->aux_data = NULL; 5894 } 5895 no_rcv_needed = control->do_not_ref_stcb; 5896 sctp_free_remote_addr(control->whoFrom); 5897 control->data = NULL; 5898 #ifdef INVARIANTS 5899 if (control->on_strm_q) { 5900 panic("About to free ctl:%p so:%p and its in %d", 5901 control, so, control->on_strm_q); 5902 } 5903 #endif 5904 sctp_free_a_readq(stcb, control); 5905 control = NULL; 5906 if ((freed_so_far >= rwnd_req) && 5907 (no_rcv_needed == 0)) 5908 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5909 5910 } else { 5911 /* 5912 * The user did not read all of this 5913 * message, turn off the returned MSG_EOR 5914 * since we are leaving more behind on the 5915 * control to read. 5916 */ 5917 #ifdef INVARIANTS 5918 if (control->end_added && 5919 (control->data == NULL) && 5920 (control->tail_mbuf == NULL)) { 5921 panic("Gak, control->length is corrupt?"); 5922 } 5923 #endif 5924 no_rcv_needed = control->do_not_ref_stcb; 5925 out_flags &= ~MSG_EOR; 5926 } 5927 } 5928 if (out_flags & MSG_EOR) { 5929 goto release; 5930 } 5931 if ((uio->uio_resid == 0) || 5932 ((in_eeor_mode) && 5933 (copied_so_far >= max(so->so_rcv.sb_lowat, 1)))) { 5934 goto release; 5935 } 5936 /* 5937 * If I hit here the receiver wants more and this message is 5938 * NOT done (pd-api). So two questions. Can we block? if not 5939 * we are done. Did the user NOT set MSG_WAITALL? 5940 */ 5941 if (block_allowed == 0) { 5942 goto release; 5943 } 5944 /* 5945 * We need to wait for more data a few things: - We don't 5946 * sbunlock() so we don't get someone else reading. - We 5947 * must be sure to account for the case where what is added 5948 * is NOT to our control when we wakeup. 5949 */ 5950 5951 /* 5952 * Do we need to tell the transport a rwnd update might be 5953 * needed before we go to sleep? 5954 */ 5955 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 5956 ((freed_so_far >= rwnd_req) && 5957 (control->do_not_ref_stcb == 0) && 5958 (no_rcv_needed == 0))) { 5959 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5960 } 5961 wait_some_more: 5962 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) { 5963 goto release; 5964 } 5965 5966 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) 5967 goto release; 5968 5969 if (hold_rlock == 1) { 5970 SCTP_INP_READ_UNLOCK(inp); 5971 hold_rlock = 0; 5972 } 5973 if (hold_sblock == 0) { 5974 SOCKBUF_LOCK(&so->so_rcv); 5975 hold_sblock = 1; 5976 } 5977 if ((copied_so_far) && (control->length == 0) && 5978 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE))) { 5979 goto release; 5980 } 5981 if (so->so_rcv.sb_cc <= control->held_length) { 5982 error = sbwait(&so->so_rcv); 5983 if (error) { 5984 goto release; 5985 } 5986 control->held_length = 0; 5987 } 5988 if (hold_sblock) { 5989 SOCKBUF_UNLOCK(&so->so_rcv); 5990 hold_sblock = 0; 5991 } 5992 if (control->length == 0) { 5993 /* still nothing here */ 5994 if (control->end_added == 1) { 5995 /* he aborted, or is done i.e.did a shutdown */ 5996 out_flags |= MSG_EOR; 5997 if (control->pdapi_aborted) { 5998 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0)) 5999 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 6000 6001 out_flags |= MSG_TRUNC; 6002 } else { 6003 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0)) 6004 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 6005 } 6006 goto done_with_control; 6007 } 6008 if (so->so_rcv.sb_cc > held_length) { 6009 control->held_length = so->so_rcv.sb_cc; 6010 held_length = 0; 6011 } 6012 goto wait_some_more; 6013 } else if (control->data == NULL) { 6014 /* 6015 * we must re-sync since data is probably being 6016 * added 6017 */ 6018 SCTP_INP_READ_LOCK(inp); 6019 if ((control->length > 0) && (control->data == NULL)) { 6020 /* 6021 * big trouble.. we have the lock and its 6022 * corrupt? 6023 */ 6024 #ifdef INVARIANTS 6025 panic("Impossible data==NULL length !=0"); 6026 #endif 6027 out_flags |= MSG_EOR; 6028 out_flags |= MSG_TRUNC; 6029 control->length = 0; 6030 SCTP_INP_READ_UNLOCK(inp); 6031 goto done_with_control; 6032 } 6033 SCTP_INP_READ_UNLOCK(inp); 6034 /* We will fall around to get more data */ 6035 } 6036 goto get_more_data; 6037 } else { 6038 /*- 6039 * Give caller back the mbuf chain, 6040 * store in uio_resid the length 6041 */ 6042 wakeup_read_socket = 0; 6043 if ((control->end_added == 0) || 6044 (TAILQ_NEXT(control, next) == NULL)) { 6045 /* Need to get rlock */ 6046 if (hold_rlock == 0) { 6047 SCTP_INP_READ_LOCK(inp); 6048 hold_rlock = 1; 6049 } 6050 } 6051 if (control->end_added) { 6052 out_flags |= MSG_EOR; 6053 if ((control->do_not_ref_stcb == 0) && 6054 (control->stcb != NULL) && 6055 ((control->spec_flags & M_NOTIFICATION) == 0)) 6056 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 6057 } 6058 if (control->spec_flags & M_NOTIFICATION) { 6059 out_flags |= MSG_NOTIFICATION; 6060 } 6061 uio->uio_resid = control->length; 6062 *mp = control->data; 6063 m = control->data; 6064 while (m) { 6065 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 6066 sctp_sblog(&so->so_rcv, 6067 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 6068 } 6069 sctp_sbfree(control, stcb, &so->so_rcv, m); 6070 freed_so_far += (uint32_t)SCTP_BUF_LEN(m); 6071 freed_so_far += MSIZE; 6072 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 6073 sctp_sblog(&so->so_rcv, 6074 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 6075 } 6076 m = SCTP_BUF_NEXT(m); 6077 } 6078 control->data = control->tail_mbuf = NULL; 6079 control->length = 0; 6080 if (out_flags & MSG_EOR) { 6081 /* Done with this control */ 6082 goto done_with_control; 6083 } 6084 } 6085 release: 6086 if (hold_rlock == 1) { 6087 SCTP_INP_READ_UNLOCK(inp); 6088 hold_rlock = 0; 6089 } 6090 if (hold_sblock == 1) { 6091 SOCKBUF_UNLOCK(&so->so_rcv); 6092 hold_sblock = 0; 6093 } 6094 6095 sbunlock(&so->so_rcv); 6096 sockbuf_lock = 0; 6097 6098 release_unlocked: 6099 if (hold_sblock) { 6100 SOCKBUF_UNLOCK(&so->so_rcv); 6101 hold_sblock = 0; 6102 } 6103 if ((stcb) && (in_flags & MSG_PEEK) == 0) { 6104 if ((freed_so_far >= rwnd_req) && 6105 (control && (control->do_not_ref_stcb == 0)) && 6106 (no_rcv_needed == 0)) 6107 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 6108 } 6109 out: 6110 if (msg_flags) { 6111 *msg_flags = out_flags; 6112 } 6113 if (((out_flags & MSG_EOR) == 0) && 6114 ((in_flags & MSG_PEEK) == 0) && 6115 (sinfo) && 6116 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO) || 6117 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO))) { 6118 struct sctp_extrcvinfo *s_extra; 6119 6120 s_extra = (struct sctp_extrcvinfo *)sinfo; 6121 s_extra->serinfo_next_flags = SCTP_NO_NEXT_MSG; 6122 } 6123 if (hold_rlock == 1) { 6124 SCTP_INP_READ_UNLOCK(inp); 6125 } 6126 if (hold_sblock) { 6127 SOCKBUF_UNLOCK(&so->so_rcv); 6128 } 6129 if (sockbuf_lock) { 6130 sbunlock(&so->so_rcv); 6131 } 6132 6133 if (freecnt_applied) { 6134 /* 6135 * The lock on the socket buffer protects us so the free 6136 * code will stop. But since we used the socketbuf lock and 6137 * the sender uses the tcb_lock to increment, we need to use 6138 * the atomic add to the refcnt. 6139 */ 6140 if (stcb == NULL) { 6141 #ifdef INVARIANTS 6142 panic("stcb for refcnt has gone NULL?"); 6143 goto stage_left; 6144 #else 6145 goto stage_left; 6146 #endif 6147 } 6148 /* Save the value back for next time */ 6149 stcb->freed_by_sorcv_sincelast = freed_so_far; 6150 atomic_add_int(&stcb->asoc.refcnt, -1); 6151 } 6152 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 6153 if (stcb) { 6154 sctp_misc_ints(SCTP_SORECV_DONE, 6155 freed_so_far, 6156 (uint32_t)((uio) ? (slen - uio->uio_resid) : slen), 6157 stcb->asoc.my_rwnd, 6158 so->so_rcv.sb_cc); 6159 } else { 6160 sctp_misc_ints(SCTP_SORECV_DONE, 6161 freed_so_far, 6162 (uint32_t)((uio) ? (slen - uio->uio_resid) : slen), 6163 0, 6164 so->so_rcv.sb_cc); 6165 } 6166 } 6167 stage_left: 6168 if (wakeup_read_socket) { 6169 sctp_sorwakeup(inp, so); 6170 } 6171 return (error); 6172 } 6173 6174 6175 #ifdef SCTP_MBUF_LOGGING 6176 struct mbuf * 6177 sctp_m_free(struct mbuf *m) 6178 { 6179 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 6180 sctp_log_mb(m, SCTP_MBUF_IFREE); 6181 } 6182 return (m_free(m)); 6183 } 6184 6185 void 6186 sctp_m_freem(struct mbuf *mb) 6187 { 6188 while (mb != NULL) 6189 mb = sctp_m_free(mb); 6190 } 6191 6192 #endif 6193 6194 int 6195 sctp_dynamic_set_primary(struct sockaddr *sa, uint32_t vrf_id) 6196 { 6197 /* 6198 * Given a local address. For all associations that holds the 6199 * address, request a peer-set-primary. 6200 */ 6201 struct sctp_ifa *ifa; 6202 struct sctp_laddr *wi; 6203 6204 ifa = sctp_find_ifa_by_addr(sa, vrf_id, 0); 6205 if (ifa == NULL) { 6206 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EADDRNOTAVAIL); 6207 return (EADDRNOTAVAIL); 6208 } 6209 /* 6210 * Now that we have the ifa we must awaken the iterator with this 6211 * message. 6212 */ 6213 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 6214 if (wi == NULL) { 6215 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 6216 return (ENOMEM); 6217 } 6218 /* Now incr the count and int wi structure */ 6219 SCTP_INCR_LADDR_COUNT(); 6220 memset(wi, 0, sizeof(*wi)); 6221 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time); 6222 wi->ifa = ifa; 6223 wi->action = SCTP_SET_PRIM_ADDR; 6224 atomic_add_int(&ifa->refcount, 1); 6225 6226 /* Now add it to the work queue */ 6227 SCTP_WQ_ADDR_LOCK(); 6228 /* 6229 * Should this really be a tailq? As it is we will process the 6230 * newest first :-0 6231 */ 6232 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); 6233 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 6234 (struct sctp_inpcb *)NULL, 6235 (struct sctp_tcb *)NULL, 6236 (struct sctp_nets *)NULL); 6237 SCTP_WQ_ADDR_UNLOCK(); 6238 return (0); 6239 } 6240 6241 6242 int 6243 sctp_soreceive(struct socket *so, 6244 struct sockaddr **psa, 6245 struct uio *uio, 6246 struct mbuf **mp0, 6247 struct mbuf **controlp, 6248 int *flagsp) 6249 { 6250 int error, fromlen; 6251 uint8_t sockbuf[256]; 6252 struct sockaddr *from; 6253 struct sctp_extrcvinfo sinfo; 6254 int filling_sinfo = 1; 6255 int flags; 6256 struct sctp_inpcb *inp; 6257 6258 inp = (struct sctp_inpcb *)so->so_pcb; 6259 /* pickup the assoc we are reading from */ 6260 if (inp == NULL) { 6261 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6262 return (EINVAL); 6263 } 6264 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT) && 6265 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVRCVINFO) && 6266 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) || 6267 (controlp == NULL)) { 6268 /* user does not want the sndrcv ctl */ 6269 filling_sinfo = 0; 6270 } 6271 if (psa) { 6272 from = (struct sockaddr *)sockbuf; 6273 fromlen = sizeof(sockbuf); 6274 from->sa_len = 0; 6275 } else { 6276 from = NULL; 6277 fromlen = 0; 6278 } 6279 6280 if (filling_sinfo) { 6281 memset(&sinfo, 0, sizeof(struct sctp_extrcvinfo)); 6282 } 6283 if (flagsp != NULL) { 6284 flags = *flagsp; 6285 } else { 6286 flags = 0; 6287 } 6288 error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, &flags, 6289 (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo); 6290 if (flagsp != NULL) { 6291 *flagsp = flags; 6292 } 6293 if (controlp != NULL) { 6294 /* copy back the sinfo in a CMSG format */ 6295 if (filling_sinfo && ((flags & MSG_NOTIFICATION) == 0)) { 6296 *controlp = sctp_build_ctl_nchunk(inp, 6297 (struct sctp_sndrcvinfo *)&sinfo); 6298 } else { 6299 *controlp = NULL; 6300 } 6301 } 6302 if (psa) { 6303 /* copy back the address info */ 6304 if (from && from->sa_len) { 6305 *psa = sodupsockaddr(from, M_NOWAIT); 6306 } else { 6307 *psa = NULL; 6308 } 6309 } 6310 return (error); 6311 } 6312 6313 6314 6315 6316 6317 int 6318 sctp_connectx_helper_add(struct sctp_tcb *stcb, struct sockaddr *addr, 6319 int totaddr, int *error) 6320 { 6321 int added = 0; 6322 int i; 6323 struct sctp_inpcb *inp; 6324 struct sockaddr *sa; 6325 size_t incr = 0; 6326 #ifdef INET 6327 struct sockaddr_in *sin; 6328 #endif 6329 #ifdef INET6 6330 struct sockaddr_in6 *sin6; 6331 #endif 6332 6333 sa = addr; 6334 inp = stcb->sctp_ep; 6335 *error = 0; 6336 for (i = 0; i < totaddr; i++) { 6337 switch (sa->sa_family) { 6338 #ifdef INET 6339 case AF_INET: 6340 incr = sizeof(struct sockaddr_in); 6341 sin = (struct sockaddr_in *)sa; 6342 if ((sin->sin_addr.s_addr == INADDR_ANY) || 6343 (sin->sin_addr.s_addr == INADDR_BROADCAST) || 6344 IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { 6345 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6346 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6347 SCTP_FROM_SCTPUTIL + SCTP_LOC_7); 6348 *error = EINVAL; 6349 goto out_now; 6350 } 6351 if (sctp_add_remote_addr(stcb, sa, NULL, stcb->asoc.port, 6352 SCTP_DONOT_SETSCOPE, 6353 SCTP_ADDR_IS_CONFIRMED)) { 6354 /* assoc gone no un-lock */ 6355 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOBUFS); 6356 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6357 SCTP_FROM_SCTPUTIL + SCTP_LOC_8); 6358 *error = ENOBUFS; 6359 goto out_now; 6360 } 6361 added++; 6362 break; 6363 #endif 6364 #ifdef INET6 6365 case AF_INET6: 6366 incr = sizeof(struct sockaddr_in6); 6367 sin6 = (struct sockaddr_in6 *)sa; 6368 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) || 6369 IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 6370 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6371 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6372 SCTP_FROM_SCTPUTIL + SCTP_LOC_9); 6373 *error = EINVAL; 6374 goto out_now; 6375 } 6376 if (sctp_add_remote_addr(stcb, sa, NULL, stcb->asoc.port, 6377 SCTP_DONOT_SETSCOPE, 6378 SCTP_ADDR_IS_CONFIRMED)) { 6379 /* assoc gone no un-lock */ 6380 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOBUFS); 6381 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6382 SCTP_FROM_SCTPUTIL + SCTP_LOC_10); 6383 *error = ENOBUFS; 6384 goto out_now; 6385 } 6386 added++; 6387 break; 6388 #endif 6389 default: 6390 break; 6391 } 6392 sa = (struct sockaddr *)((caddr_t)sa + incr); 6393 } 6394 out_now: 6395 return (added); 6396 } 6397 6398 int 6399 sctp_connectx_helper_find(struct sctp_inpcb *inp, struct sockaddr *addr, 6400 unsigned int totaddr, 6401 unsigned int *num_v4, unsigned int *num_v6, 6402 unsigned int limit) 6403 { 6404 struct sockaddr *sa; 6405 struct sctp_tcb *stcb; 6406 unsigned int incr, at, i; 6407 6408 at = 0; 6409 sa = addr; 6410 *num_v6 = *num_v4 = 0; 6411 /* account and validate addresses */ 6412 if (totaddr == 0) { 6413 return (EINVAL); 6414 } 6415 for (i = 0; i < totaddr; i++) { 6416 if (at + sizeof(struct sockaddr) > limit) { 6417 return (EINVAL); 6418 } 6419 switch (sa->sa_family) { 6420 #ifdef INET 6421 case AF_INET: 6422 incr = (unsigned int)sizeof(struct sockaddr_in); 6423 if (sa->sa_len != incr) { 6424 return (EINVAL); 6425 } 6426 (*num_v4) += 1; 6427 break; 6428 #endif 6429 #ifdef INET6 6430 case AF_INET6: 6431 { 6432 struct sockaddr_in6 *sin6; 6433 6434 sin6 = (struct sockaddr_in6 *)sa; 6435 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6436 /* Must be non-mapped for connectx */ 6437 return (EINVAL); 6438 } 6439 incr = (unsigned int)sizeof(struct sockaddr_in6); 6440 if (sa->sa_len != incr) { 6441 return (EINVAL); 6442 } 6443 (*num_v6) += 1; 6444 break; 6445 } 6446 #endif 6447 default: 6448 return (EINVAL); 6449 } 6450 if ((at + incr) > limit) { 6451 return (EINVAL); 6452 } 6453 SCTP_INP_INCR_REF(inp); 6454 stcb = sctp_findassociation_ep_addr(&inp, sa, NULL, NULL, NULL); 6455 if (stcb != NULL) { 6456 SCTP_TCB_UNLOCK(stcb); 6457 return (EALREADY); 6458 } else { 6459 SCTP_INP_DECR_REF(inp); 6460 } 6461 at += incr; 6462 sa = (struct sockaddr *)((caddr_t)sa + incr); 6463 } 6464 return (0); 6465 } 6466 6467 /* 6468 * sctp_bindx(ADD) for one address. 6469 * assumes all arguments are valid/checked by caller. 6470 */ 6471 void 6472 sctp_bindx_add_address(struct socket *so, struct sctp_inpcb *inp, 6473 struct sockaddr *sa, sctp_assoc_t assoc_id, 6474 uint32_t vrf_id, int *error, void *p) 6475 { 6476 struct sockaddr *addr_touse; 6477 #if defined(INET) && defined(INET6) 6478 struct sockaddr_in sin; 6479 #endif 6480 6481 /* see if we're bound all already! */ 6482 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6483 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6484 *error = EINVAL; 6485 return; 6486 } 6487 addr_touse = sa; 6488 #ifdef INET6 6489 if (sa->sa_family == AF_INET6) { 6490 #ifdef INET 6491 struct sockaddr_in6 *sin6; 6492 6493 #endif 6494 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6495 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6496 *error = EINVAL; 6497 return; 6498 } 6499 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 6500 /* can only bind v6 on PF_INET6 sockets */ 6501 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6502 *error = EINVAL; 6503 return; 6504 } 6505 #ifdef INET 6506 sin6 = (struct sockaddr_in6 *)addr_touse; 6507 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6508 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6509 SCTP_IPV6_V6ONLY(inp)) { 6510 /* can't bind v4-mapped on PF_INET sockets */ 6511 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6512 *error = EINVAL; 6513 return; 6514 } 6515 in6_sin6_2_sin(&sin, sin6); 6516 addr_touse = (struct sockaddr *)&sin; 6517 } 6518 #endif 6519 } 6520 #endif 6521 #ifdef INET 6522 if (sa->sa_family == AF_INET) { 6523 if (sa->sa_len != sizeof(struct sockaddr_in)) { 6524 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6525 *error = EINVAL; 6526 return; 6527 } 6528 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6529 SCTP_IPV6_V6ONLY(inp)) { 6530 /* can't bind v4 on PF_INET sockets */ 6531 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6532 *error = EINVAL; 6533 return; 6534 } 6535 } 6536 #endif 6537 if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) { 6538 if (p == NULL) { 6539 /* Can't get proc for Net/Open BSD */ 6540 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6541 *error = EINVAL; 6542 return; 6543 } 6544 *error = sctp_inpcb_bind(so, addr_touse, NULL, p); 6545 return; 6546 } 6547 /* 6548 * No locks required here since bind and mgmt_ep_sa all do their own 6549 * locking. If we do something for the FIX: below we may need to 6550 * lock in that case. 6551 */ 6552 if (assoc_id == 0) { 6553 /* add the address */ 6554 struct sctp_inpcb *lep; 6555 struct sockaddr_in *lsin = (struct sockaddr_in *)addr_touse; 6556 6557 /* validate the incoming port */ 6558 if ((lsin->sin_port != 0) && 6559 (lsin->sin_port != inp->sctp_lport)) { 6560 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6561 *error = EINVAL; 6562 return; 6563 } else { 6564 /* user specified 0 port, set it to existing port */ 6565 lsin->sin_port = inp->sctp_lport; 6566 } 6567 6568 lep = sctp_pcb_findep(addr_touse, 1, 0, vrf_id); 6569 if (lep != NULL) { 6570 /* 6571 * We must decrement the refcount since we have the 6572 * ep already and are binding. No remove going on 6573 * here. 6574 */ 6575 SCTP_INP_DECR_REF(lep); 6576 } 6577 if (lep == inp) { 6578 /* already bound to it.. ok */ 6579 return; 6580 } else if (lep == NULL) { 6581 ((struct sockaddr_in *)addr_touse)->sin_port = 0; 6582 *error = sctp_addr_mgmt_ep_sa(inp, addr_touse, 6583 SCTP_ADD_IP_ADDRESS, 6584 vrf_id, NULL); 6585 } else { 6586 *error = EADDRINUSE; 6587 } 6588 if (*error) 6589 return; 6590 } else { 6591 /* 6592 * FIX: decide whether we allow assoc based bindx 6593 */ 6594 } 6595 } 6596 6597 /* 6598 * sctp_bindx(DELETE) for one address. 6599 * assumes all arguments are valid/checked by caller. 6600 */ 6601 void 6602 sctp_bindx_delete_address(struct sctp_inpcb *inp, 6603 struct sockaddr *sa, sctp_assoc_t assoc_id, 6604 uint32_t vrf_id, int *error) 6605 { 6606 struct sockaddr *addr_touse; 6607 #if defined(INET) && defined(INET6) 6608 struct sockaddr_in sin; 6609 #endif 6610 6611 /* see if we're bound all already! */ 6612 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6613 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6614 *error = EINVAL; 6615 return; 6616 } 6617 addr_touse = sa; 6618 #ifdef INET6 6619 if (sa->sa_family == AF_INET6) { 6620 #ifdef INET 6621 struct sockaddr_in6 *sin6; 6622 #endif 6623 6624 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6625 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6626 *error = EINVAL; 6627 return; 6628 } 6629 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 6630 /* can only bind v6 on PF_INET6 sockets */ 6631 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6632 *error = EINVAL; 6633 return; 6634 } 6635 #ifdef INET 6636 sin6 = (struct sockaddr_in6 *)addr_touse; 6637 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6638 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6639 SCTP_IPV6_V6ONLY(inp)) { 6640 /* can't bind mapped-v4 on PF_INET sockets */ 6641 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6642 *error = EINVAL; 6643 return; 6644 } 6645 in6_sin6_2_sin(&sin, sin6); 6646 addr_touse = (struct sockaddr *)&sin; 6647 } 6648 #endif 6649 } 6650 #endif 6651 #ifdef INET 6652 if (sa->sa_family == AF_INET) { 6653 if (sa->sa_len != sizeof(struct sockaddr_in)) { 6654 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6655 *error = EINVAL; 6656 return; 6657 } 6658 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6659 SCTP_IPV6_V6ONLY(inp)) { 6660 /* can't bind v4 on PF_INET sockets */ 6661 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6662 *error = EINVAL; 6663 return; 6664 } 6665 } 6666 #endif 6667 /* 6668 * No lock required mgmt_ep_sa does its own locking. If the FIX: 6669 * below is ever changed we may need to lock before calling 6670 * association level binding. 6671 */ 6672 if (assoc_id == 0) { 6673 /* delete the address */ 6674 *error = sctp_addr_mgmt_ep_sa(inp, addr_touse, 6675 SCTP_DEL_IP_ADDRESS, 6676 vrf_id, NULL); 6677 } else { 6678 /* 6679 * FIX: decide whether we allow assoc based bindx 6680 */ 6681 } 6682 } 6683 6684 /* 6685 * returns the valid local address count for an assoc, taking into account 6686 * all scoping rules 6687 */ 6688 int 6689 sctp_local_addr_count(struct sctp_tcb *stcb) 6690 { 6691 int loopback_scope; 6692 #if defined(INET) 6693 int ipv4_local_scope, ipv4_addr_legal; 6694 #endif 6695 #if defined (INET6) 6696 int local_scope, site_scope, ipv6_addr_legal; 6697 #endif 6698 struct sctp_vrf *vrf; 6699 struct sctp_ifn *sctp_ifn; 6700 struct sctp_ifa *sctp_ifa; 6701 int count = 0; 6702 6703 /* Turn on all the appropriate scopes */ 6704 loopback_scope = stcb->asoc.scope.loopback_scope; 6705 #if defined(INET) 6706 ipv4_local_scope = stcb->asoc.scope.ipv4_local_scope; 6707 ipv4_addr_legal = stcb->asoc.scope.ipv4_addr_legal; 6708 #endif 6709 #if defined(INET6) 6710 local_scope = stcb->asoc.scope.local_scope; 6711 site_scope = stcb->asoc.scope.site_scope; 6712 ipv6_addr_legal = stcb->asoc.scope.ipv6_addr_legal; 6713 #endif 6714 SCTP_IPI_ADDR_RLOCK(); 6715 vrf = sctp_find_vrf(stcb->asoc.vrf_id); 6716 if (vrf == NULL) { 6717 /* no vrf, no addresses */ 6718 SCTP_IPI_ADDR_RUNLOCK(); 6719 return (0); 6720 } 6721 6722 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6723 /* 6724 * bound all case: go through all ifns on the vrf 6725 */ 6726 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 6727 if ((loopback_scope == 0) && 6728 SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 6729 continue; 6730 } 6731 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 6732 if (sctp_is_addr_restricted(stcb, sctp_ifa)) 6733 continue; 6734 switch (sctp_ifa->address.sa.sa_family) { 6735 #ifdef INET 6736 case AF_INET: 6737 if (ipv4_addr_legal) { 6738 struct sockaddr_in *sin; 6739 6740 sin = &sctp_ifa->address.sin; 6741 if (sin->sin_addr.s_addr == 0) { 6742 /* 6743 * skip unspecified 6744 * addrs 6745 */ 6746 continue; 6747 } 6748 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, 6749 &sin->sin_addr) != 0) { 6750 continue; 6751 } 6752 if ((ipv4_local_scope == 0) && 6753 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 6754 continue; 6755 } 6756 /* count this one */ 6757 count++; 6758 } else { 6759 continue; 6760 } 6761 break; 6762 #endif 6763 #ifdef INET6 6764 case AF_INET6: 6765 if (ipv6_addr_legal) { 6766 struct sockaddr_in6 *sin6; 6767 6768 sin6 = &sctp_ifa->address.sin6; 6769 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 6770 continue; 6771 } 6772 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, 6773 &sin6->sin6_addr) != 0) { 6774 continue; 6775 } 6776 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 6777 if (local_scope == 0) 6778 continue; 6779 if (sin6->sin6_scope_id == 0) { 6780 if (sa6_recoverscope(sin6) != 0) 6781 /* 6782 * 6783 * bad 6784 * link 6785 * 6786 * local 6787 * 6788 * address 6789 */ 6790 continue; 6791 } 6792 } 6793 if ((site_scope == 0) && 6794 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 6795 continue; 6796 } 6797 /* count this one */ 6798 count++; 6799 } 6800 break; 6801 #endif 6802 default: 6803 /* TSNH */ 6804 break; 6805 } 6806 } 6807 } 6808 } else { 6809 /* 6810 * subset bound case 6811 */ 6812 struct sctp_laddr *laddr; 6813 6814 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, 6815 sctp_nxt_addr) { 6816 if (sctp_is_addr_restricted(stcb, laddr->ifa)) { 6817 continue; 6818 } 6819 /* count this one */ 6820 count++; 6821 } 6822 } 6823 SCTP_IPI_ADDR_RUNLOCK(); 6824 return (count); 6825 } 6826 6827 #if defined(SCTP_LOCAL_TRACE_BUF) 6828 6829 void 6830 sctp_log_trace(uint32_t subsys, const char *str SCTP_UNUSED, uint32_t a, uint32_t b, uint32_t c, uint32_t d, uint32_t e, uint32_t f) 6831 { 6832 uint32_t saveindex, newindex; 6833 6834 do { 6835 saveindex = SCTP_BASE_SYSCTL(sctp_log).index; 6836 if (saveindex >= SCTP_MAX_LOGGING_SIZE) { 6837 newindex = 1; 6838 } else { 6839 newindex = saveindex + 1; 6840 } 6841 } while (atomic_cmpset_int(&SCTP_BASE_SYSCTL(sctp_log).index, saveindex, newindex) == 0); 6842 if (saveindex >= SCTP_MAX_LOGGING_SIZE) { 6843 saveindex = 0; 6844 } 6845 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].timestamp = SCTP_GET_CYCLECOUNT; 6846 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].subsys = subsys; 6847 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[0] = a; 6848 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[1] = b; 6849 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[2] = c; 6850 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[3] = d; 6851 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[4] = e; 6852 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[5] = f; 6853 } 6854 6855 #endif 6856 static void 6857 sctp_recv_udp_tunneled_packet(struct mbuf *m, int off, struct inpcb *inp, 6858 const struct sockaddr *sa SCTP_UNUSED, void *ctx SCTP_UNUSED) 6859 { 6860 struct ip *iph; 6861 #ifdef INET6 6862 struct ip6_hdr *ip6; 6863 #endif 6864 struct mbuf *sp, *last; 6865 struct udphdr *uhdr; 6866 uint16_t port; 6867 6868 if ((m->m_flags & M_PKTHDR) == 0) { 6869 /* Can't handle one that is not a pkt hdr */ 6870 goto out; 6871 } 6872 /* Pull the src port */ 6873 iph = mtod(m, struct ip *); 6874 uhdr = (struct udphdr *)((caddr_t)iph + off); 6875 port = uhdr->uh_sport; 6876 /* 6877 * Split out the mbuf chain. Leave the IP header in m, place the 6878 * rest in the sp. 6879 */ 6880 sp = m_split(m, off, M_NOWAIT); 6881 if (sp == NULL) { 6882 /* Gak, drop packet, we can't do a split */ 6883 goto out; 6884 } 6885 if (sp->m_pkthdr.len < sizeof(struct udphdr) + sizeof(struct sctphdr)) { 6886 /* Gak, packet can't have an SCTP header in it - too small */ 6887 m_freem(sp); 6888 goto out; 6889 } 6890 /* Now pull up the UDP header and SCTP header together */ 6891 sp = m_pullup(sp, sizeof(struct udphdr) + sizeof(struct sctphdr)); 6892 if (sp == NULL) { 6893 /* Gak pullup failed */ 6894 goto out; 6895 } 6896 /* Trim out the UDP header */ 6897 m_adj(sp, sizeof(struct udphdr)); 6898 6899 /* Now reconstruct the mbuf chain */ 6900 for (last = m; last->m_next; last = last->m_next); 6901 last->m_next = sp; 6902 m->m_pkthdr.len += sp->m_pkthdr.len; 6903 /* 6904 * The CSUM_DATA_VALID flags indicates that the HW checked the UDP 6905 * checksum and it was valid. Since CSUM_DATA_VALID == 6906 * CSUM_SCTP_VALID this would imply that the HW also verified the 6907 * SCTP checksum. Therefore, clear the bit. 6908 */ 6909 SCTPDBG(SCTP_DEBUG_CRCOFFLOAD, 6910 "sctp_recv_udp_tunneled_packet(): Packet of length %d received on %s with csum_flags 0x%b.\n", 6911 m->m_pkthdr.len, 6912 if_name(m->m_pkthdr.rcvif), 6913 (int)m->m_pkthdr.csum_flags, CSUM_BITS); 6914 m->m_pkthdr.csum_flags &= ~CSUM_DATA_VALID; 6915 iph = mtod(m, struct ip *); 6916 switch (iph->ip_v) { 6917 #ifdef INET 6918 case IPVERSION: 6919 iph->ip_len = htons(ntohs(iph->ip_len) - sizeof(struct udphdr)); 6920 sctp_input_with_port(m, off, port); 6921 break; 6922 #endif 6923 #ifdef INET6 6924 case IPV6_VERSION >> 4: 6925 ip6 = mtod(m, struct ip6_hdr *); 6926 ip6->ip6_plen = htons(ntohs(ip6->ip6_plen) - sizeof(struct udphdr)); 6927 sctp6_input_with_port(&m, &off, port); 6928 break; 6929 #endif 6930 default: 6931 goto out; 6932 break; 6933 } 6934 return; 6935 out: 6936 m_freem(m); 6937 } 6938 6939 #ifdef INET 6940 static void 6941 sctp_recv_icmp_tunneled_packet(int cmd, struct sockaddr *sa, void *vip, void *ctx SCTP_UNUSED) 6942 { 6943 struct ip *outer_ip, *inner_ip; 6944 struct sctphdr *sh; 6945 struct icmp *icmp; 6946 struct udphdr *udp; 6947 struct sctp_inpcb *inp; 6948 struct sctp_tcb *stcb; 6949 struct sctp_nets *net; 6950 struct sctp_init_chunk *ch; 6951 struct sockaddr_in src, dst; 6952 uint8_t type, code; 6953 6954 inner_ip = (struct ip *)vip; 6955 icmp = (struct icmp *)((caddr_t)inner_ip - 6956 (sizeof(struct icmp) - sizeof(struct ip))); 6957 outer_ip = (struct ip *)((caddr_t)icmp - sizeof(struct ip)); 6958 if (ntohs(outer_ip->ip_len) < 6959 sizeof(struct ip) + 8 + (inner_ip->ip_hl << 2) + sizeof(struct udphdr) + 8) { 6960 return; 6961 } 6962 udp = (struct udphdr *)((caddr_t)inner_ip + (inner_ip->ip_hl << 2)); 6963 sh = (struct sctphdr *)(udp + 1); 6964 memset(&src, 0, sizeof(struct sockaddr_in)); 6965 src.sin_family = AF_INET; 6966 src.sin_len = sizeof(struct sockaddr_in); 6967 src.sin_port = sh->src_port; 6968 src.sin_addr = inner_ip->ip_src; 6969 memset(&dst, 0, sizeof(struct sockaddr_in)); 6970 dst.sin_family = AF_INET; 6971 dst.sin_len = sizeof(struct sockaddr_in); 6972 dst.sin_port = sh->dest_port; 6973 dst.sin_addr = inner_ip->ip_dst; 6974 /* 6975 * 'dst' holds the dest of the packet that failed to be sent. 'src' 6976 * holds our local endpoint address. Thus we reverse the dst and the 6977 * src in the lookup. 6978 */ 6979 inp = NULL; 6980 net = NULL; 6981 stcb = sctp_findassociation_addr_sa((struct sockaddr *)&dst, 6982 (struct sockaddr *)&src, 6983 &inp, &net, 1, 6984 SCTP_DEFAULT_VRFID); 6985 if ((stcb != NULL) && 6986 (net != NULL) && 6987 (inp != NULL)) { 6988 /* Check the UDP port numbers */ 6989 if ((udp->uh_dport != net->port) || 6990 (udp->uh_sport != htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)))) { 6991 SCTP_TCB_UNLOCK(stcb); 6992 return; 6993 } 6994 /* Check the verification tag */ 6995 if (ntohl(sh->v_tag) != 0) { 6996 /* 6997 * This must be the verification tag used for 6998 * sending out packets. We don't consider packets 6999 * reflecting the verification tag. 7000 */ 7001 if (ntohl(sh->v_tag) != stcb->asoc.peer_vtag) { 7002 SCTP_TCB_UNLOCK(stcb); 7003 return; 7004 } 7005 } else { 7006 if (ntohs(outer_ip->ip_len) >= 7007 sizeof(struct ip) + 7008 8 + (inner_ip->ip_hl << 2) + 8 + 20) { 7009 /* 7010 * In this case we can check if we got an 7011 * INIT chunk and if the initiate tag 7012 * matches. 7013 */ 7014 ch = (struct sctp_init_chunk *)(sh + 1); 7015 if ((ch->ch.chunk_type != SCTP_INITIATION) || 7016 (ntohl(ch->init.initiate_tag) != stcb->asoc.my_vtag)) { 7017 SCTP_TCB_UNLOCK(stcb); 7018 return; 7019 } 7020 } else { 7021 SCTP_TCB_UNLOCK(stcb); 7022 return; 7023 } 7024 } 7025 type = icmp->icmp_type; 7026 code = icmp->icmp_code; 7027 if ((type == ICMP_UNREACH) && 7028 (code == ICMP_UNREACH_PORT)) { 7029 code = ICMP_UNREACH_PROTOCOL; 7030 } 7031 sctp_notify(inp, stcb, net, type, code, 7032 ntohs(inner_ip->ip_len), 7033 (uint32_t)ntohs(icmp->icmp_nextmtu)); 7034 } else { 7035 if ((stcb == NULL) && (inp != NULL)) { 7036 /* reduce ref-count */ 7037 SCTP_INP_WLOCK(inp); 7038 SCTP_INP_DECR_REF(inp); 7039 SCTP_INP_WUNLOCK(inp); 7040 } 7041 if (stcb) { 7042 SCTP_TCB_UNLOCK(stcb); 7043 } 7044 } 7045 return; 7046 } 7047 #endif 7048 7049 #ifdef INET6 7050 static void 7051 sctp_recv_icmp6_tunneled_packet(int cmd, struct sockaddr *sa, void *d, void *ctx SCTP_UNUSED) 7052 { 7053 struct ip6ctlparam *ip6cp; 7054 struct sctp_inpcb *inp; 7055 struct sctp_tcb *stcb; 7056 struct sctp_nets *net; 7057 struct sctphdr sh; 7058 struct udphdr udp; 7059 struct sockaddr_in6 src, dst; 7060 uint8_t type, code; 7061 7062 ip6cp = (struct ip6ctlparam *)d; 7063 /* 7064 * XXX: We assume that when IPV6 is non NULL, M and OFF are valid. 7065 */ 7066 if (ip6cp->ip6c_m == NULL) { 7067 return; 7068 } 7069 /* 7070 * Check if we can safely examine the ports and the verification tag 7071 * of the SCTP common header. 7072 */ 7073 if (ip6cp->ip6c_m->m_pkthdr.len < 7074 ip6cp->ip6c_off + sizeof(struct udphdr) + offsetof(struct sctphdr, checksum)) { 7075 return; 7076 } 7077 /* Copy out the UDP header. */ 7078 memset(&udp, 0, sizeof(struct udphdr)); 7079 m_copydata(ip6cp->ip6c_m, 7080 ip6cp->ip6c_off, 7081 sizeof(struct udphdr), 7082 (caddr_t)&udp); 7083 /* Copy out the port numbers and the verification tag. */ 7084 memset(&sh, 0, sizeof(struct sctphdr)); 7085 m_copydata(ip6cp->ip6c_m, 7086 ip6cp->ip6c_off + sizeof(struct udphdr), 7087 sizeof(uint16_t) + sizeof(uint16_t) + sizeof(uint32_t), 7088 (caddr_t)&sh); 7089 memset(&src, 0, sizeof(struct sockaddr_in6)); 7090 src.sin6_family = AF_INET6; 7091 src.sin6_len = sizeof(struct sockaddr_in6); 7092 src.sin6_port = sh.src_port; 7093 src.sin6_addr = ip6cp->ip6c_ip6->ip6_src; 7094 if (in6_setscope(&src.sin6_addr, ip6cp->ip6c_m->m_pkthdr.rcvif, NULL) != 0) { 7095 return; 7096 } 7097 memset(&dst, 0, sizeof(struct sockaddr_in6)); 7098 dst.sin6_family = AF_INET6; 7099 dst.sin6_len = sizeof(struct sockaddr_in6); 7100 dst.sin6_port = sh.dest_port; 7101 dst.sin6_addr = ip6cp->ip6c_ip6->ip6_dst; 7102 if (in6_setscope(&dst.sin6_addr, ip6cp->ip6c_m->m_pkthdr.rcvif, NULL) != 0) { 7103 return; 7104 } 7105 inp = NULL; 7106 net = NULL; 7107 stcb = sctp_findassociation_addr_sa((struct sockaddr *)&dst, 7108 (struct sockaddr *)&src, 7109 &inp, &net, 1, SCTP_DEFAULT_VRFID); 7110 if ((stcb != NULL) && 7111 (net != NULL) && 7112 (inp != NULL)) { 7113 /* Check the UDP port numbers */ 7114 if ((udp.uh_dport != net->port) || 7115 (udp.uh_sport != htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)))) { 7116 SCTP_TCB_UNLOCK(stcb); 7117 return; 7118 } 7119 /* Check the verification tag */ 7120 if (ntohl(sh.v_tag) != 0) { 7121 /* 7122 * This must be the verification tag used for 7123 * sending out packets. We don't consider packets 7124 * reflecting the verification tag. 7125 */ 7126 if (ntohl(sh.v_tag) != stcb->asoc.peer_vtag) { 7127 SCTP_TCB_UNLOCK(stcb); 7128 return; 7129 } 7130 } else { 7131 if (ip6cp->ip6c_m->m_pkthdr.len >= 7132 ip6cp->ip6c_off + sizeof(struct udphdr) + 7133 sizeof(struct sctphdr) + 7134 sizeof(struct sctp_chunkhdr) + 7135 offsetof(struct sctp_init, a_rwnd)) { 7136 /* 7137 * In this case we can check if we got an 7138 * INIT chunk and if the initiate tag 7139 * matches. 7140 */ 7141 uint32_t initiate_tag; 7142 uint8_t chunk_type; 7143 7144 m_copydata(ip6cp->ip6c_m, 7145 ip6cp->ip6c_off + 7146 sizeof(struct udphdr) + 7147 sizeof(struct sctphdr), 7148 sizeof(uint8_t), 7149 (caddr_t)&chunk_type); 7150 m_copydata(ip6cp->ip6c_m, 7151 ip6cp->ip6c_off + 7152 sizeof(struct udphdr) + 7153 sizeof(struct sctphdr) + 7154 sizeof(struct sctp_chunkhdr), 7155 sizeof(uint32_t), 7156 (caddr_t)&initiate_tag); 7157 if ((chunk_type != SCTP_INITIATION) || 7158 (ntohl(initiate_tag) != stcb->asoc.my_vtag)) { 7159 SCTP_TCB_UNLOCK(stcb); 7160 return; 7161 } 7162 } else { 7163 SCTP_TCB_UNLOCK(stcb); 7164 return; 7165 } 7166 } 7167 type = ip6cp->ip6c_icmp6->icmp6_type; 7168 code = ip6cp->ip6c_icmp6->icmp6_code; 7169 if ((type == ICMP6_DST_UNREACH) && 7170 (code == ICMP6_DST_UNREACH_NOPORT)) { 7171 type = ICMP6_PARAM_PROB; 7172 code = ICMP6_PARAMPROB_NEXTHEADER; 7173 } 7174 sctp6_notify(inp, stcb, net, type, code, 7175 ntohl(ip6cp->ip6c_icmp6->icmp6_mtu)); 7176 } else { 7177 if ((stcb == NULL) && (inp != NULL)) { 7178 /* reduce inp's ref-count */ 7179 SCTP_INP_WLOCK(inp); 7180 SCTP_INP_DECR_REF(inp); 7181 SCTP_INP_WUNLOCK(inp); 7182 } 7183 if (stcb) { 7184 SCTP_TCB_UNLOCK(stcb); 7185 } 7186 } 7187 } 7188 #endif 7189 7190 void 7191 sctp_over_udp_stop(void) 7192 { 7193 /* 7194 * This function assumes sysctl caller holds sctp_sysctl_info_lock() 7195 * for writting! 7196 */ 7197 #ifdef INET 7198 if (SCTP_BASE_INFO(udp4_tun_socket) != NULL) { 7199 soclose(SCTP_BASE_INFO(udp4_tun_socket)); 7200 SCTP_BASE_INFO(udp4_tun_socket) = NULL; 7201 } 7202 #endif 7203 #ifdef INET6 7204 if (SCTP_BASE_INFO(udp6_tun_socket) != NULL) { 7205 soclose(SCTP_BASE_INFO(udp6_tun_socket)); 7206 SCTP_BASE_INFO(udp6_tun_socket) = NULL; 7207 } 7208 #endif 7209 } 7210 7211 int 7212 sctp_over_udp_start(void) 7213 { 7214 uint16_t port; 7215 int ret; 7216 #ifdef INET 7217 struct sockaddr_in sin; 7218 #endif 7219 #ifdef INET6 7220 struct sockaddr_in6 sin6; 7221 #endif 7222 /* 7223 * This function assumes sysctl caller holds sctp_sysctl_info_lock() 7224 * for writting! 7225 */ 7226 port = SCTP_BASE_SYSCTL(sctp_udp_tunneling_port); 7227 if (ntohs(port) == 0) { 7228 /* Must have a port set */ 7229 return (EINVAL); 7230 } 7231 #ifdef INET 7232 if (SCTP_BASE_INFO(udp4_tun_socket) != NULL) { 7233 /* Already running -- must stop first */ 7234 return (EALREADY); 7235 } 7236 #endif 7237 #ifdef INET6 7238 if (SCTP_BASE_INFO(udp6_tun_socket) != NULL) { 7239 /* Already running -- must stop first */ 7240 return (EALREADY); 7241 } 7242 #endif 7243 #ifdef INET 7244 if ((ret = socreate(PF_INET, &SCTP_BASE_INFO(udp4_tun_socket), 7245 SOCK_DGRAM, IPPROTO_UDP, 7246 curthread->td_ucred, curthread))) { 7247 sctp_over_udp_stop(); 7248 return (ret); 7249 } 7250 /* Call the special UDP hook. */ 7251 if ((ret = udp_set_kernel_tunneling(SCTP_BASE_INFO(udp4_tun_socket), 7252 sctp_recv_udp_tunneled_packet, 7253 sctp_recv_icmp_tunneled_packet, 7254 NULL))) { 7255 sctp_over_udp_stop(); 7256 return (ret); 7257 } 7258 /* Ok, we have a socket, bind it to the port. */ 7259 memset(&sin, 0, sizeof(struct sockaddr_in)); 7260 sin.sin_len = sizeof(struct sockaddr_in); 7261 sin.sin_family = AF_INET; 7262 sin.sin_port = htons(port); 7263 if ((ret = sobind(SCTP_BASE_INFO(udp4_tun_socket), 7264 (struct sockaddr *)&sin, curthread))) { 7265 sctp_over_udp_stop(); 7266 return (ret); 7267 } 7268 #endif 7269 #ifdef INET6 7270 if ((ret = socreate(PF_INET6, &SCTP_BASE_INFO(udp6_tun_socket), 7271 SOCK_DGRAM, IPPROTO_UDP, 7272 curthread->td_ucred, curthread))) { 7273 sctp_over_udp_stop(); 7274 return (ret); 7275 } 7276 /* Call the special UDP hook. */ 7277 if ((ret = udp_set_kernel_tunneling(SCTP_BASE_INFO(udp6_tun_socket), 7278 sctp_recv_udp_tunneled_packet, 7279 sctp_recv_icmp6_tunneled_packet, 7280 NULL))) { 7281 sctp_over_udp_stop(); 7282 return (ret); 7283 } 7284 /* Ok, we have a socket, bind it to the port. */ 7285 memset(&sin6, 0, sizeof(struct sockaddr_in6)); 7286 sin6.sin6_len = sizeof(struct sockaddr_in6); 7287 sin6.sin6_family = AF_INET6; 7288 sin6.sin6_port = htons(port); 7289 if ((ret = sobind(SCTP_BASE_INFO(udp6_tun_socket), 7290 (struct sockaddr *)&sin6, curthread))) { 7291 sctp_over_udp_stop(); 7292 return (ret); 7293 } 7294 #endif 7295 return (0); 7296 } 7297 7298 /* 7299 * sctp_min_mtu ()returns the minimum of all non-zero arguments. 7300 * If all arguments are zero, zero is returned. 7301 */ 7302 uint32_t 7303 sctp_min_mtu(uint32_t mtu1, uint32_t mtu2, uint32_t mtu3) 7304 { 7305 if (mtu1 > 0) { 7306 if (mtu2 > 0) { 7307 if (mtu3 > 0) { 7308 return (min(mtu1, min(mtu2, mtu3))); 7309 } else { 7310 return (min(mtu1, mtu2)); 7311 } 7312 } else { 7313 if (mtu3 > 0) { 7314 return (min(mtu1, mtu3)); 7315 } else { 7316 return (mtu1); 7317 } 7318 } 7319 } else { 7320 if (mtu2 > 0) { 7321 if (mtu3 > 0) { 7322 return (min(mtu2, mtu3)); 7323 } else { 7324 return (mtu2); 7325 } 7326 } else { 7327 return (mtu3); 7328 } 7329 } 7330 } 7331 7332 void 7333 sctp_hc_set_mtu(union sctp_sockstore *addr, uint16_t fibnum, uint32_t mtu) 7334 { 7335 struct in_conninfo inc; 7336 7337 memset(&inc, 0, sizeof(struct in_conninfo)); 7338 inc.inc_fibnum = fibnum; 7339 switch (addr->sa.sa_family) { 7340 #ifdef INET 7341 case AF_INET: 7342 inc.inc_faddr = addr->sin.sin_addr; 7343 break; 7344 #endif 7345 #ifdef INET6 7346 case AF_INET6: 7347 inc.inc_flags |= INC_ISIPV6; 7348 inc.inc6_faddr = addr->sin6.sin6_addr; 7349 break; 7350 #endif 7351 default: 7352 return; 7353 } 7354 tcp_hc_updatemtu(&inc, (u_long)mtu); 7355 } 7356 7357 uint32_t 7358 sctp_hc_get_mtu(union sctp_sockstore *addr, uint16_t fibnum) 7359 { 7360 struct in_conninfo inc; 7361 7362 memset(&inc, 0, sizeof(struct in_conninfo)); 7363 inc.inc_fibnum = fibnum; 7364 switch (addr->sa.sa_family) { 7365 #ifdef INET 7366 case AF_INET: 7367 inc.inc_faddr = addr->sin.sin_addr; 7368 break; 7369 #endif 7370 #ifdef INET6 7371 case AF_INET6: 7372 inc.inc_flags |= INC_ISIPV6; 7373 inc.inc6_faddr = addr->sin6.sin6_addr; 7374 break; 7375 #endif 7376 default: 7377 return (0); 7378 } 7379 return ((uint32_t)tcp_hc_getmtu(&inc)); 7380 } 7381 7382 void 7383 sctp_set_state(struct sctp_tcb *stcb, int new_state) 7384 { 7385 #if defined(KDTRACE_HOOKS) 7386 int old_state = stcb->asoc.state; 7387 #endif 7388 7389 KASSERT((new_state & ~SCTP_STATE_MASK) == 0, 7390 ("sctp_set_state: Can't set substate (new_state = %x)", 7391 new_state)); 7392 stcb->asoc.state = (stcb->asoc.state & ~SCTP_STATE_MASK) | new_state; 7393 if ((new_state == SCTP_STATE_SHUTDOWN_RECEIVED) || 7394 (new_state == SCTP_STATE_SHUTDOWN_SENT) || 7395 (new_state == SCTP_STATE_SHUTDOWN_ACK_SENT)) { 7396 SCTP_CLEAR_SUBSTATE(stcb, SCTP_STATE_SHUTDOWN_PENDING); 7397 } 7398 #if defined(KDTRACE_HOOKS) 7399 if (((old_state & SCTP_STATE_MASK) != new_state) && 7400 !(((old_state & SCTP_STATE_MASK) == SCTP_STATE_EMPTY) && 7401 (new_state == SCTP_STATE_INUSE))) { 7402 SCTP_PROBE6(state__change, NULL, stcb, NULL, stcb, NULL, old_state); 7403 } 7404 #endif 7405 } 7406 7407 void 7408 sctp_add_substate(struct sctp_tcb *stcb, int substate) 7409 { 7410 #if defined(KDTRACE_HOOKS) 7411 int old_state = stcb->asoc.state; 7412 #endif 7413 7414 KASSERT((substate & SCTP_STATE_MASK) == 0, 7415 ("sctp_add_substate: Can't set state (substate = %x)", 7416 substate)); 7417 stcb->asoc.state |= substate; 7418 #if defined(KDTRACE_HOOKS) 7419 if (((substate & SCTP_STATE_ABOUT_TO_BE_FREED) && 7420 ((old_state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) || 7421 ((substate & SCTP_STATE_SHUTDOWN_PENDING) && 7422 ((old_state & SCTP_STATE_SHUTDOWN_PENDING) == 0))) { 7423 SCTP_PROBE6(state__change, NULL, stcb, NULL, stcb, NULL, old_state); 7424 } 7425 #endif 7426 } 7427