1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * a) Redistributions of source code must retain the above copyright notice, 12 * this list of conditions and the following disclaimer. 13 * 14 * b) Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the distribution. 17 * 18 * c) Neither the name of Cisco Systems, Inc. nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 32 * THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include <sys/cdefs.h> 36 __FBSDID("$FreeBSD$"); 37 38 #include <netinet/sctp_os.h> 39 #include <netinet/sctp_pcb.h> 40 #include <netinet/sctputil.h> 41 #include <netinet/sctp_var.h> 42 #include <netinet/sctp_sysctl.h> 43 #ifdef INET6 44 #include <netinet6/sctp6_var.h> 45 #endif 46 #include <netinet/sctp_header.h> 47 #include <netinet/sctp_output.h> 48 #include <netinet/sctp_uio.h> 49 #include <netinet/sctp_timer.h> 50 #include <netinet/sctp_indata.h> 51 #include <netinet/sctp_auth.h> 52 #include <netinet/sctp_asconf.h> 53 #include <netinet/sctp_bsd_addr.h> 54 #if defined(INET6) || defined(INET) 55 #include <netinet/tcp_var.h> 56 #endif 57 #include <netinet/udp.h> 58 #include <netinet/udp_var.h> 59 #include <netinet/in_kdtrace.h> 60 #include <sys/proc.h> 61 #ifdef INET6 62 #include <netinet/icmp6.h> 63 #endif 64 65 66 #ifndef KTR_SCTP 67 #define KTR_SCTP KTR_SUBSYS 68 #endif 69 70 extern const struct sctp_cc_functions sctp_cc_functions[]; 71 extern const struct sctp_ss_functions sctp_ss_functions[]; 72 73 void 74 sctp_sblog(struct sockbuf *sb, struct sctp_tcb *stcb, int from, int incr) 75 { 76 #if defined(SCTP_LOCAL_TRACE_BUF) 77 struct sctp_cwnd_log sctp_clog; 78 79 sctp_clog.x.sb.stcb = stcb; 80 sctp_clog.x.sb.so_sbcc = sb->sb_cc; 81 if (stcb) 82 sctp_clog.x.sb.stcb_sbcc = stcb->asoc.sb_cc; 83 else 84 sctp_clog.x.sb.stcb_sbcc = 0; 85 sctp_clog.x.sb.incr = incr; 86 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 87 SCTP_LOG_EVENT_SB, 88 from, 89 sctp_clog.x.misc.log1, 90 sctp_clog.x.misc.log2, 91 sctp_clog.x.misc.log3, 92 sctp_clog.x.misc.log4); 93 #endif 94 } 95 96 void 97 sctp_log_closing(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int16_t loc) 98 { 99 #if defined(SCTP_LOCAL_TRACE_BUF) 100 struct sctp_cwnd_log sctp_clog; 101 102 sctp_clog.x.close.inp = (void *)inp; 103 sctp_clog.x.close.sctp_flags = inp->sctp_flags; 104 if (stcb) { 105 sctp_clog.x.close.stcb = (void *)stcb; 106 sctp_clog.x.close.state = (uint16_t)stcb->asoc.state; 107 } else { 108 sctp_clog.x.close.stcb = 0; 109 sctp_clog.x.close.state = 0; 110 } 111 sctp_clog.x.close.loc = loc; 112 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 113 SCTP_LOG_EVENT_CLOSE, 114 0, 115 sctp_clog.x.misc.log1, 116 sctp_clog.x.misc.log2, 117 sctp_clog.x.misc.log3, 118 sctp_clog.x.misc.log4); 119 #endif 120 } 121 122 void 123 rto_logging(struct sctp_nets *net, int from) 124 { 125 #if defined(SCTP_LOCAL_TRACE_BUF) 126 struct sctp_cwnd_log sctp_clog; 127 128 memset(&sctp_clog, 0, sizeof(sctp_clog)); 129 sctp_clog.x.rto.net = (void *)net; 130 sctp_clog.x.rto.rtt = net->rtt / 1000; 131 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 132 SCTP_LOG_EVENT_RTT, 133 from, 134 sctp_clog.x.misc.log1, 135 sctp_clog.x.misc.log2, 136 sctp_clog.x.misc.log3, 137 sctp_clog.x.misc.log4); 138 #endif 139 } 140 141 void 142 sctp_log_strm_del_alt(struct sctp_tcb *stcb, uint32_t tsn, uint16_t sseq, uint16_t stream, int from) 143 { 144 #if defined(SCTP_LOCAL_TRACE_BUF) 145 struct sctp_cwnd_log sctp_clog; 146 147 sctp_clog.x.strlog.stcb = stcb; 148 sctp_clog.x.strlog.n_tsn = tsn; 149 sctp_clog.x.strlog.n_sseq = sseq; 150 sctp_clog.x.strlog.e_tsn = 0; 151 sctp_clog.x.strlog.e_sseq = 0; 152 sctp_clog.x.strlog.strm = stream; 153 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 154 SCTP_LOG_EVENT_STRM, 155 from, 156 sctp_clog.x.misc.log1, 157 sctp_clog.x.misc.log2, 158 sctp_clog.x.misc.log3, 159 sctp_clog.x.misc.log4); 160 #endif 161 } 162 163 void 164 sctp_log_nagle_event(struct sctp_tcb *stcb, int action) 165 { 166 #if defined(SCTP_LOCAL_TRACE_BUF) 167 struct sctp_cwnd_log sctp_clog; 168 169 sctp_clog.x.nagle.stcb = (void *)stcb; 170 sctp_clog.x.nagle.total_flight = stcb->asoc.total_flight; 171 sctp_clog.x.nagle.total_in_queue = stcb->asoc.total_output_queue_size; 172 sctp_clog.x.nagle.count_in_queue = stcb->asoc.chunks_on_out_queue; 173 sctp_clog.x.nagle.count_in_flight = stcb->asoc.total_flight_count; 174 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 175 SCTP_LOG_EVENT_NAGLE, 176 action, 177 sctp_clog.x.misc.log1, 178 sctp_clog.x.misc.log2, 179 sctp_clog.x.misc.log3, 180 sctp_clog.x.misc.log4); 181 #endif 182 } 183 184 void 185 sctp_log_sack(uint32_t old_cumack, uint32_t cumack, uint32_t tsn, uint16_t gaps, uint16_t dups, int from) 186 { 187 #if defined(SCTP_LOCAL_TRACE_BUF) 188 struct sctp_cwnd_log sctp_clog; 189 190 sctp_clog.x.sack.cumack = cumack; 191 sctp_clog.x.sack.oldcumack = old_cumack; 192 sctp_clog.x.sack.tsn = tsn; 193 sctp_clog.x.sack.numGaps = gaps; 194 sctp_clog.x.sack.numDups = dups; 195 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 196 SCTP_LOG_EVENT_SACK, 197 from, 198 sctp_clog.x.misc.log1, 199 sctp_clog.x.misc.log2, 200 sctp_clog.x.misc.log3, 201 sctp_clog.x.misc.log4); 202 #endif 203 } 204 205 void 206 sctp_log_map(uint32_t map, uint32_t cum, uint32_t high, int from) 207 { 208 #if defined(SCTP_LOCAL_TRACE_BUF) 209 struct sctp_cwnd_log sctp_clog; 210 211 memset(&sctp_clog, 0, sizeof(sctp_clog)); 212 sctp_clog.x.map.base = map; 213 sctp_clog.x.map.cum = cum; 214 sctp_clog.x.map.high = high; 215 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 216 SCTP_LOG_EVENT_MAP, 217 from, 218 sctp_clog.x.misc.log1, 219 sctp_clog.x.misc.log2, 220 sctp_clog.x.misc.log3, 221 sctp_clog.x.misc.log4); 222 #endif 223 } 224 225 void 226 sctp_log_fr(uint32_t biggest_tsn, uint32_t biggest_new_tsn, uint32_t tsn, int from) 227 { 228 #if defined(SCTP_LOCAL_TRACE_BUF) 229 struct sctp_cwnd_log sctp_clog; 230 231 memset(&sctp_clog, 0, sizeof(sctp_clog)); 232 sctp_clog.x.fr.largest_tsn = biggest_tsn; 233 sctp_clog.x.fr.largest_new_tsn = biggest_new_tsn; 234 sctp_clog.x.fr.tsn = tsn; 235 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 236 SCTP_LOG_EVENT_FR, 237 from, 238 sctp_clog.x.misc.log1, 239 sctp_clog.x.misc.log2, 240 sctp_clog.x.misc.log3, 241 sctp_clog.x.misc.log4); 242 #endif 243 } 244 245 #ifdef SCTP_MBUF_LOGGING 246 void 247 sctp_log_mb(struct mbuf *m, int from) 248 { 249 #if defined(SCTP_LOCAL_TRACE_BUF) 250 struct sctp_cwnd_log sctp_clog; 251 252 sctp_clog.x.mb.mp = m; 253 sctp_clog.x.mb.mbuf_flags = (uint8_t)(SCTP_BUF_GET_FLAGS(m)); 254 sctp_clog.x.mb.size = (uint16_t)(SCTP_BUF_LEN(m)); 255 sctp_clog.x.mb.data = SCTP_BUF_AT(m, 0); 256 if (SCTP_BUF_IS_EXTENDED(m)) { 257 sctp_clog.x.mb.ext = SCTP_BUF_EXTEND_BASE(m); 258 sctp_clog.x.mb.refcnt = (uint8_t)(SCTP_BUF_EXTEND_REFCNT(m)); 259 } else { 260 sctp_clog.x.mb.ext = 0; 261 sctp_clog.x.mb.refcnt = 0; 262 } 263 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 264 SCTP_LOG_EVENT_MBUF, 265 from, 266 sctp_clog.x.misc.log1, 267 sctp_clog.x.misc.log2, 268 sctp_clog.x.misc.log3, 269 sctp_clog.x.misc.log4); 270 #endif 271 } 272 273 void 274 sctp_log_mbc(struct mbuf *m, int from) 275 { 276 struct mbuf *mat; 277 278 for (mat = m; mat; mat = SCTP_BUF_NEXT(mat)) { 279 sctp_log_mb(mat, from); 280 } 281 } 282 #endif 283 284 void 285 sctp_log_strm_del(struct sctp_queued_to_read *control, struct sctp_queued_to_read *poschk, int from) 286 { 287 #if defined(SCTP_LOCAL_TRACE_BUF) 288 struct sctp_cwnd_log sctp_clog; 289 290 if (control == NULL) { 291 SCTP_PRINTF("Gak log of NULL?\n"); 292 return; 293 } 294 sctp_clog.x.strlog.stcb = control->stcb; 295 sctp_clog.x.strlog.n_tsn = control->sinfo_tsn; 296 sctp_clog.x.strlog.n_sseq = (uint16_t)control->mid; 297 sctp_clog.x.strlog.strm = control->sinfo_stream; 298 if (poschk != NULL) { 299 sctp_clog.x.strlog.e_tsn = poschk->sinfo_tsn; 300 sctp_clog.x.strlog.e_sseq = (uint16_t)poschk->mid; 301 } else { 302 sctp_clog.x.strlog.e_tsn = 0; 303 sctp_clog.x.strlog.e_sseq = 0; 304 } 305 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 306 SCTP_LOG_EVENT_STRM, 307 from, 308 sctp_clog.x.misc.log1, 309 sctp_clog.x.misc.log2, 310 sctp_clog.x.misc.log3, 311 sctp_clog.x.misc.log4); 312 #endif 313 } 314 315 void 316 sctp_log_cwnd(struct sctp_tcb *stcb, struct sctp_nets *net, int augment, uint8_t from) 317 { 318 #if defined(SCTP_LOCAL_TRACE_BUF) 319 struct sctp_cwnd_log sctp_clog; 320 321 sctp_clog.x.cwnd.net = net; 322 if (stcb->asoc.send_queue_cnt > 255) 323 sctp_clog.x.cwnd.cnt_in_send = 255; 324 else 325 sctp_clog.x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 326 if (stcb->asoc.stream_queue_cnt > 255) 327 sctp_clog.x.cwnd.cnt_in_str = 255; 328 else 329 sctp_clog.x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 330 331 if (net) { 332 sctp_clog.x.cwnd.cwnd_new_value = net->cwnd; 333 sctp_clog.x.cwnd.inflight = net->flight_size; 334 sctp_clog.x.cwnd.pseudo_cumack = net->pseudo_cumack; 335 sctp_clog.x.cwnd.meets_pseudo_cumack = net->new_pseudo_cumack; 336 sctp_clog.x.cwnd.need_new_pseudo_cumack = net->find_pseudo_cumack; 337 } 338 if (SCTP_CWNDLOG_PRESEND == from) { 339 sctp_clog.x.cwnd.meets_pseudo_cumack = stcb->asoc.peers_rwnd; 340 } 341 sctp_clog.x.cwnd.cwnd_augment = augment; 342 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 343 SCTP_LOG_EVENT_CWND, 344 from, 345 sctp_clog.x.misc.log1, 346 sctp_clog.x.misc.log2, 347 sctp_clog.x.misc.log3, 348 sctp_clog.x.misc.log4); 349 #endif 350 } 351 352 void 353 sctp_log_lock(struct sctp_inpcb *inp, struct sctp_tcb *stcb, uint8_t from) 354 { 355 #if defined(SCTP_LOCAL_TRACE_BUF) 356 struct sctp_cwnd_log sctp_clog; 357 358 memset(&sctp_clog, 0, sizeof(sctp_clog)); 359 if (inp) { 360 sctp_clog.x.lock.sock = (void *)inp->sctp_socket; 361 362 } else { 363 sctp_clog.x.lock.sock = (void *)NULL; 364 } 365 sctp_clog.x.lock.inp = (void *)inp; 366 if (stcb) { 367 sctp_clog.x.lock.tcb_lock = mtx_owned(&stcb->tcb_mtx); 368 } else { 369 sctp_clog.x.lock.tcb_lock = SCTP_LOCK_UNKNOWN; 370 } 371 if (inp) { 372 sctp_clog.x.lock.inp_lock = mtx_owned(&inp->inp_mtx); 373 sctp_clog.x.lock.create_lock = mtx_owned(&inp->inp_create_mtx); 374 } else { 375 sctp_clog.x.lock.inp_lock = SCTP_LOCK_UNKNOWN; 376 sctp_clog.x.lock.create_lock = SCTP_LOCK_UNKNOWN; 377 } 378 sctp_clog.x.lock.info_lock = rw_wowned(&SCTP_BASE_INFO(ipi_ep_mtx)); 379 if (inp && (inp->sctp_socket)) { 380 sctp_clog.x.lock.sock_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); 381 sctp_clog.x.lock.sockrcvbuf_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); 382 sctp_clog.x.lock.socksndbuf_lock = mtx_owned(&(inp->sctp_socket->so_snd.sb_mtx)); 383 } else { 384 sctp_clog.x.lock.sock_lock = SCTP_LOCK_UNKNOWN; 385 sctp_clog.x.lock.sockrcvbuf_lock = SCTP_LOCK_UNKNOWN; 386 sctp_clog.x.lock.socksndbuf_lock = SCTP_LOCK_UNKNOWN; 387 } 388 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 389 SCTP_LOG_LOCK_EVENT, 390 from, 391 sctp_clog.x.misc.log1, 392 sctp_clog.x.misc.log2, 393 sctp_clog.x.misc.log3, 394 sctp_clog.x.misc.log4); 395 #endif 396 } 397 398 void 399 sctp_log_maxburst(struct sctp_tcb *stcb, struct sctp_nets *net, int error, int burst, uint8_t from) 400 { 401 #if defined(SCTP_LOCAL_TRACE_BUF) 402 struct sctp_cwnd_log sctp_clog; 403 404 memset(&sctp_clog, 0, sizeof(sctp_clog)); 405 sctp_clog.x.cwnd.net = net; 406 sctp_clog.x.cwnd.cwnd_new_value = error; 407 sctp_clog.x.cwnd.inflight = net->flight_size; 408 sctp_clog.x.cwnd.cwnd_augment = burst; 409 if (stcb->asoc.send_queue_cnt > 255) 410 sctp_clog.x.cwnd.cnt_in_send = 255; 411 else 412 sctp_clog.x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 413 if (stcb->asoc.stream_queue_cnt > 255) 414 sctp_clog.x.cwnd.cnt_in_str = 255; 415 else 416 sctp_clog.x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 417 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 418 SCTP_LOG_EVENT_MAXBURST, 419 from, 420 sctp_clog.x.misc.log1, 421 sctp_clog.x.misc.log2, 422 sctp_clog.x.misc.log3, 423 sctp_clog.x.misc.log4); 424 #endif 425 } 426 427 void 428 sctp_log_rwnd(uint8_t from, uint32_t peers_rwnd, uint32_t snd_size, uint32_t overhead) 429 { 430 #if defined(SCTP_LOCAL_TRACE_BUF) 431 struct sctp_cwnd_log sctp_clog; 432 433 sctp_clog.x.rwnd.rwnd = peers_rwnd; 434 sctp_clog.x.rwnd.send_size = snd_size; 435 sctp_clog.x.rwnd.overhead = overhead; 436 sctp_clog.x.rwnd.new_rwnd = 0; 437 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 438 SCTP_LOG_EVENT_RWND, 439 from, 440 sctp_clog.x.misc.log1, 441 sctp_clog.x.misc.log2, 442 sctp_clog.x.misc.log3, 443 sctp_clog.x.misc.log4); 444 #endif 445 } 446 447 void 448 sctp_log_rwnd_set(uint8_t from, uint32_t peers_rwnd, uint32_t flight_size, uint32_t overhead, uint32_t a_rwndval) 449 { 450 #if defined(SCTP_LOCAL_TRACE_BUF) 451 struct sctp_cwnd_log sctp_clog; 452 453 sctp_clog.x.rwnd.rwnd = peers_rwnd; 454 sctp_clog.x.rwnd.send_size = flight_size; 455 sctp_clog.x.rwnd.overhead = overhead; 456 sctp_clog.x.rwnd.new_rwnd = a_rwndval; 457 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 458 SCTP_LOG_EVENT_RWND, 459 from, 460 sctp_clog.x.misc.log1, 461 sctp_clog.x.misc.log2, 462 sctp_clog.x.misc.log3, 463 sctp_clog.x.misc.log4); 464 #endif 465 } 466 467 #ifdef SCTP_MBCNT_LOGGING 468 static void 469 sctp_log_mbcnt(uint8_t from, uint32_t total_oq, uint32_t book, uint32_t total_mbcnt_q, uint32_t mbcnt) 470 { 471 #if defined(SCTP_LOCAL_TRACE_BUF) 472 struct sctp_cwnd_log sctp_clog; 473 474 sctp_clog.x.mbcnt.total_queue_size = total_oq; 475 sctp_clog.x.mbcnt.size_change = book; 476 sctp_clog.x.mbcnt.total_queue_mb_size = total_mbcnt_q; 477 sctp_clog.x.mbcnt.mbcnt_change = mbcnt; 478 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 479 SCTP_LOG_EVENT_MBCNT, 480 from, 481 sctp_clog.x.misc.log1, 482 sctp_clog.x.misc.log2, 483 sctp_clog.x.misc.log3, 484 sctp_clog.x.misc.log4); 485 #endif 486 } 487 #endif 488 489 void 490 sctp_misc_ints(uint8_t from, uint32_t a, uint32_t b, uint32_t c, uint32_t d) 491 { 492 #if defined(SCTP_LOCAL_TRACE_BUF) 493 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 494 SCTP_LOG_MISC_EVENT, 495 from, 496 a, b, c, d); 497 #endif 498 } 499 500 void 501 sctp_wakeup_log(struct sctp_tcb *stcb, uint32_t wake_cnt, int from) 502 { 503 #if defined(SCTP_LOCAL_TRACE_BUF) 504 struct sctp_cwnd_log sctp_clog; 505 506 sctp_clog.x.wake.stcb = (void *)stcb; 507 sctp_clog.x.wake.wake_cnt = wake_cnt; 508 sctp_clog.x.wake.flight = stcb->asoc.total_flight_count; 509 sctp_clog.x.wake.send_q = stcb->asoc.send_queue_cnt; 510 sctp_clog.x.wake.sent_q = stcb->asoc.sent_queue_cnt; 511 512 if (stcb->asoc.stream_queue_cnt < 0xff) 513 sctp_clog.x.wake.stream_qcnt = (uint8_t)stcb->asoc.stream_queue_cnt; 514 else 515 sctp_clog.x.wake.stream_qcnt = 0xff; 516 517 if (stcb->asoc.chunks_on_out_queue < 0xff) 518 sctp_clog.x.wake.chunks_on_oque = (uint8_t)stcb->asoc.chunks_on_out_queue; 519 else 520 sctp_clog.x.wake.chunks_on_oque = 0xff; 521 522 sctp_clog.x.wake.sctpflags = 0; 523 /* set in the defered mode stuff */ 524 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE) 525 sctp_clog.x.wake.sctpflags |= 1; 526 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT) 527 sctp_clog.x.wake.sctpflags |= 2; 528 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT) 529 sctp_clog.x.wake.sctpflags |= 4; 530 /* what about the sb */ 531 if (stcb->sctp_socket) { 532 struct socket *so = stcb->sctp_socket; 533 534 sctp_clog.x.wake.sbflags = (uint8_t)((so->so_snd.sb_flags & 0x00ff)); 535 } else { 536 sctp_clog.x.wake.sbflags = 0xff; 537 } 538 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 539 SCTP_LOG_EVENT_WAKE, 540 from, 541 sctp_clog.x.misc.log1, 542 sctp_clog.x.misc.log2, 543 sctp_clog.x.misc.log3, 544 sctp_clog.x.misc.log4); 545 #endif 546 } 547 548 void 549 sctp_log_block(uint8_t from, struct sctp_association *asoc, size_t sendlen) 550 { 551 #if defined(SCTP_LOCAL_TRACE_BUF) 552 struct sctp_cwnd_log sctp_clog; 553 554 sctp_clog.x.blk.onsb = asoc->total_output_queue_size; 555 sctp_clog.x.blk.send_sent_qcnt = (uint16_t)(asoc->send_queue_cnt + asoc->sent_queue_cnt); 556 sctp_clog.x.blk.peer_rwnd = asoc->peers_rwnd; 557 sctp_clog.x.blk.stream_qcnt = (uint16_t)asoc->stream_queue_cnt; 558 sctp_clog.x.blk.chunks_on_oque = (uint16_t)asoc->chunks_on_out_queue; 559 sctp_clog.x.blk.flight_size = (uint16_t)(asoc->total_flight / 1024); 560 sctp_clog.x.blk.sndlen = (uint32_t)sendlen; 561 SCTP_CTR6(KTR_SCTP, "SCTP:%d[%d]:%x-%x-%x-%x", 562 SCTP_LOG_EVENT_BLOCK, 563 from, 564 sctp_clog.x.misc.log1, 565 sctp_clog.x.misc.log2, 566 sctp_clog.x.misc.log3, 567 sctp_clog.x.misc.log4); 568 #endif 569 } 570 571 int 572 sctp_fill_stat_log(void *optval SCTP_UNUSED, size_t *optsize SCTP_UNUSED) 573 { 574 /* May need to fix this if ktrdump does not work */ 575 return (0); 576 } 577 578 #ifdef SCTP_AUDITING_ENABLED 579 uint8_t sctp_audit_data[SCTP_AUDIT_SIZE][2]; 580 static int sctp_audit_indx = 0; 581 582 static 583 void 584 sctp_print_audit_report(void) 585 { 586 int i; 587 int cnt; 588 589 cnt = 0; 590 for (i = sctp_audit_indx; i < SCTP_AUDIT_SIZE; i++) { 591 if ((sctp_audit_data[i][0] == 0xe0) && 592 (sctp_audit_data[i][1] == 0x01)) { 593 cnt = 0; 594 SCTP_PRINTF("\n"); 595 } else if (sctp_audit_data[i][0] == 0xf0) { 596 cnt = 0; 597 SCTP_PRINTF("\n"); 598 } else if ((sctp_audit_data[i][0] == 0xc0) && 599 (sctp_audit_data[i][1] == 0x01)) { 600 SCTP_PRINTF("\n"); 601 cnt = 0; 602 } 603 SCTP_PRINTF("%2.2x%2.2x ", (uint32_t)sctp_audit_data[i][0], 604 (uint32_t)sctp_audit_data[i][1]); 605 cnt++; 606 if ((cnt % 14) == 0) 607 SCTP_PRINTF("\n"); 608 } 609 for (i = 0; i < sctp_audit_indx; i++) { 610 if ((sctp_audit_data[i][0] == 0xe0) && 611 (sctp_audit_data[i][1] == 0x01)) { 612 cnt = 0; 613 SCTP_PRINTF("\n"); 614 } else if (sctp_audit_data[i][0] == 0xf0) { 615 cnt = 0; 616 SCTP_PRINTF("\n"); 617 } else if ((sctp_audit_data[i][0] == 0xc0) && 618 (sctp_audit_data[i][1] == 0x01)) { 619 SCTP_PRINTF("\n"); 620 cnt = 0; 621 } 622 SCTP_PRINTF("%2.2x%2.2x ", (uint32_t)sctp_audit_data[i][0], 623 (uint32_t)sctp_audit_data[i][1]); 624 cnt++; 625 if ((cnt % 14) == 0) 626 SCTP_PRINTF("\n"); 627 } 628 SCTP_PRINTF("\n"); 629 } 630 631 void 632 sctp_auditing(int from, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 633 struct sctp_nets *net) 634 { 635 int resend_cnt, tot_out, rep, tot_book_cnt; 636 struct sctp_nets *lnet; 637 struct sctp_tmit_chunk *chk; 638 639 sctp_audit_data[sctp_audit_indx][0] = 0xAA; 640 sctp_audit_data[sctp_audit_indx][1] = 0x000000ff & from; 641 sctp_audit_indx++; 642 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 643 sctp_audit_indx = 0; 644 } 645 if (inp == NULL) { 646 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 647 sctp_audit_data[sctp_audit_indx][1] = 0x01; 648 sctp_audit_indx++; 649 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 650 sctp_audit_indx = 0; 651 } 652 return; 653 } 654 if (stcb == NULL) { 655 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 656 sctp_audit_data[sctp_audit_indx][1] = 0x02; 657 sctp_audit_indx++; 658 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 659 sctp_audit_indx = 0; 660 } 661 return; 662 } 663 sctp_audit_data[sctp_audit_indx][0] = 0xA1; 664 sctp_audit_data[sctp_audit_indx][1] = 665 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 666 sctp_audit_indx++; 667 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 668 sctp_audit_indx = 0; 669 } 670 rep = 0; 671 tot_book_cnt = 0; 672 resend_cnt = tot_out = 0; 673 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 674 if (chk->sent == SCTP_DATAGRAM_RESEND) { 675 resend_cnt++; 676 } else if (chk->sent < SCTP_DATAGRAM_RESEND) { 677 tot_out += chk->book_size; 678 tot_book_cnt++; 679 } 680 } 681 if (resend_cnt != stcb->asoc.sent_queue_retran_cnt) { 682 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 683 sctp_audit_data[sctp_audit_indx][1] = 0xA1; 684 sctp_audit_indx++; 685 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 686 sctp_audit_indx = 0; 687 } 688 SCTP_PRINTF("resend_cnt:%d asoc-tot:%d\n", 689 resend_cnt, stcb->asoc.sent_queue_retran_cnt); 690 rep = 1; 691 stcb->asoc.sent_queue_retran_cnt = resend_cnt; 692 sctp_audit_data[sctp_audit_indx][0] = 0xA2; 693 sctp_audit_data[sctp_audit_indx][1] = 694 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 695 sctp_audit_indx++; 696 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 697 sctp_audit_indx = 0; 698 } 699 } 700 if (tot_out != stcb->asoc.total_flight) { 701 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 702 sctp_audit_data[sctp_audit_indx][1] = 0xA2; 703 sctp_audit_indx++; 704 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 705 sctp_audit_indx = 0; 706 } 707 rep = 1; 708 SCTP_PRINTF("tot_flt:%d asoc_tot:%d\n", tot_out, 709 (int)stcb->asoc.total_flight); 710 stcb->asoc.total_flight = tot_out; 711 } 712 if (tot_book_cnt != stcb->asoc.total_flight_count) { 713 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 714 sctp_audit_data[sctp_audit_indx][1] = 0xA5; 715 sctp_audit_indx++; 716 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 717 sctp_audit_indx = 0; 718 } 719 rep = 1; 720 SCTP_PRINTF("tot_flt_book:%d\n", tot_book_cnt); 721 722 stcb->asoc.total_flight_count = tot_book_cnt; 723 } 724 tot_out = 0; 725 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 726 tot_out += lnet->flight_size; 727 } 728 if (tot_out != stcb->asoc.total_flight) { 729 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 730 sctp_audit_data[sctp_audit_indx][1] = 0xA3; 731 sctp_audit_indx++; 732 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 733 sctp_audit_indx = 0; 734 } 735 rep = 1; 736 SCTP_PRINTF("real flight:%d net total was %d\n", 737 stcb->asoc.total_flight, tot_out); 738 /* now corrective action */ 739 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 740 741 tot_out = 0; 742 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 743 if ((chk->whoTo == lnet) && 744 (chk->sent < SCTP_DATAGRAM_RESEND)) { 745 tot_out += chk->book_size; 746 } 747 } 748 if (lnet->flight_size != tot_out) { 749 SCTP_PRINTF("net:%p flight was %d corrected to %d\n", 750 (void *)lnet, lnet->flight_size, 751 tot_out); 752 lnet->flight_size = tot_out; 753 } 754 } 755 } 756 if (rep) { 757 sctp_print_audit_report(); 758 } 759 } 760 761 void 762 sctp_audit_log(uint8_t ev, uint8_t fd) 763 { 764 765 sctp_audit_data[sctp_audit_indx][0] = ev; 766 sctp_audit_data[sctp_audit_indx][1] = fd; 767 sctp_audit_indx++; 768 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 769 sctp_audit_indx = 0; 770 } 771 } 772 773 #endif 774 775 /* 776 * sctp_stop_timers_for_shutdown() should be called 777 * when entering the SHUTDOWN_SENT or SHUTDOWN_ACK_SENT 778 * state to make sure that all timers are stopped. 779 */ 780 void 781 sctp_stop_timers_for_shutdown(struct sctp_tcb *stcb) 782 { 783 struct sctp_association *asoc; 784 struct sctp_nets *net; 785 786 asoc = &stcb->asoc; 787 788 (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer); 789 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer); 790 (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer); 791 (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer); 792 (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer); 793 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 794 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer); 795 (void)SCTP_OS_TIMER_STOP(&net->hb_timer.timer); 796 } 797 } 798 799 /* 800 * A list of sizes based on typical mtu's, used only if next hop size not 801 * returned. These values MUST be multiples of 4 and MUST be ordered. 802 */ 803 static uint32_t sctp_mtu_sizes[] = { 804 68, 805 296, 806 508, 807 512, 808 544, 809 576, 810 1004, 811 1492, 812 1500, 813 1536, 814 2000, 815 2048, 816 4352, 817 4464, 818 8166, 819 17912, 820 32000, 821 65532 822 }; 823 824 /* 825 * Return the largest MTU in sctp_mtu_sizes smaller than val. 826 * If val is smaller than the minimum, just return the largest 827 * multiple of 4 smaller or equal to val. 828 * Ensure that the result is a multiple of 4. 829 */ 830 uint32_t 831 sctp_get_prev_mtu(uint32_t val) 832 { 833 uint32_t i; 834 835 val &= 0xfffffffc; 836 if (val <= sctp_mtu_sizes[0]) { 837 return (val); 838 } 839 for (i = 1; i < (sizeof(sctp_mtu_sizes) / sizeof(uint32_t)); i++) { 840 if (val <= sctp_mtu_sizes[i]) { 841 break; 842 } 843 } 844 KASSERT((sctp_mtu_sizes[i - 1] & 0x00000003) == 0, 845 ("sctp_mtu_sizes[%u] not a multiple of 4", i - 1)); 846 return (sctp_mtu_sizes[i - 1]); 847 } 848 849 /* 850 * Return the smallest MTU in sctp_mtu_sizes larger than val. 851 * If val is larger than the maximum, just return the largest multiple of 4 smaller 852 * or equal to val. 853 * Ensure that the result is a multiple of 4. 854 */ 855 uint32_t 856 sctp_get_next_mtu(uint32_t val) 857 { 858 /* select another MTU that is just bigger than this one */ 859 uint32_t i; 860 861 val &= 0xfffffffc; 862 for (i = 0; i < (sizeof(sctp_mtu_sizes) / sizeof(uint32_t)); i++) { 863 if (val < sctp_mtu_sizes[i]) { 864 KASSERT((sctp_mtu_sizes[i] & 0x00000003) == 0, 865 ("sctp_mtu_sizes[%u] not a multiple of 4", i)); 866 return (sctp_mtu_sizes[i]); 867 } 868 } 869 return (val); 870 } 871 872 void 873 sctp_fill_random_store(struct sctp_pcb *m) 874 { 875 /* 876 * Here we use the MD5/SHA-1 to hash with our good randomNumbers and 877 * our counter. The result becomes our good random numbers and we 878 * then setup to give these out. Note that we do no locking to 879 * protect this. This is ok, since if competing folks call this we 880 * will get more gobbled gook in the random store which is what we 881 * want. There is a danger that two guys will use the same random 882 * numbers, but thats ok too since that is random as well :-> 883 */ 884 m->store_at = 0; 885 (void)sctp_hmac(SCTP_HMAC, (uint8_t *)m->random_numbers, 886 sizeof(m->random_numbers), (uint8_t *)&m->random_counter, 887 sizeof(m->random_counter), (uint8_t *)m->random_store); 888 m->random_counter++; 889 } 890 891 uint32_t 892 sctp_select_initial_TSN(struct sctp_pcb *inp) 893 { 894 /* 895 * A true implementation should use random selection process to get 896 * the initial stream sequence number, using RFC1750 as a good 897 * guideline 898 */ 899 uint32_t x, *xp; 900 uint8_t *p; 901 int store_at, new_store; 902 903 if (inp->initial_sequence_debug != 0) { 904 uint32_t ret; 905 906 ret = inp->initial_sequence_debug; 907 inp->initial_sequence_debug++; 908 return (ret); 909 } 910 retry: 911 store_at = inp->store_at; 912 new_store = store_at + sizeof(uint32_t); 913 if (new_store >= (SCTP_SIGNATURE_SIZE - 3)) { 914 new_store = 0; 915 } 916 if (!atomic_cmpset_int(&inp->store_at, store_at, new_store)) { 917 goto retry; 918 } 919 if (new_store == 0) { 920 /* Refill the random store */ 921 sctp_fill_random_store(inp); 922 } 923 p = &inp->random_store[store_at]; 924 xp = (uint32_t *)p; 925 x = *xp; 926 return (x); 927 } 928 929 uint32_t 930 sctp_select_a_tag(struct sctp_inpcb *inp, uint16_t lport, uint16_t rport, int check) 931 { 932 uint32_t x; 933 struct timeval now; 934 935 if (check) { 936 (void)SCTP_GETTIME_TIMEVAL(&now); 937 } 938 for (;;) { 939 x = sctp_select_initial_TSN(&inp->sctp_ep); 940 if (x == 0) { 941 /* we never use 0 */ 942 continue; 943 } 944 if (!check || sctp_is_vtag_good(x, lport, rport, &now)) { 945 break; 946 } 947 } 948 return (x); 949 } 950 951 int32_t 952 sctp_map_assoc_state(int kernel_state) 953 { 954 int32_t user_state; 955 956 if (kernel_state & SCTP_STATE_WAS_ABORTED) { 957 user_state = SCTP_CLOSED; 958 } else if (kernel_state & SCTP_STATE_SHUTDOWN_PENDING) { 959 user_state = SCTP_SHUTDOWN_PENDING; 960 } else { 961 switch (kernel_state & SCTP_STATE_MASK) { 962 case SCTP_STATE_EMPTY: 963 user_state = SCTP_CLOSED; 964 break; 965 case SCTP_STATE_INUSE: 966 user_state = SCTP_CLOSED; 967 break; 968 case SCTP_STATE_COOKIE_WAIT: 969 user_state = SCTP_COOKIE_WAIT; 970 break; 971 case SCTP_STATE_COOKIE_ECHOED: 972 user_state = SCTP_COOKIE_ECHOED; 973 break; 974 case SCTP_STATE_OPEN: 975 user_state = SCTP_ESTABLISHED; 976 break; 977 case SCTP_STATE_SHUTDOWN_SENT: 978 user_state = SCTP_SHUTDOWN_SENT; 979 break; 980 case SCTP_STATE_SHUTDOWN_RECEIVED: 981 user_state = SCTP_SHUTDOWN_RECEIVED; 982 break; 983 case SCTP_STATE_SHUTDOWN_ACK_SENT: 984 user_state = SCTP_SHUTDOWN_ACK_SENT; 985 break; 986 default: 987 user_state = SCTP_CLOSED; 988 break; 989 } 990 } 991 return (user_state); 992 } 993 994 int 995 sctp_init_asoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 996 uint32_t override_tag, uint32_t vrf_id, uint16_t o_strms) 997 { 998 struct sctp_association *asoc; 999 1000 /* 1001 * Anything set to zero is taken care of by the allocation routine's 1002 * bzero 1003 */ 1004 1005 /* 1006 * Up front select what scoping to apply on addresses I tell my peer 1007 * Not sure what to do with these right now, we will need to come up 1008 * with a way to set them. We may need to pass them through from the 1009 * caller in the sctp_aloc_assoc() function. 1010 */ 1011 int i; 1012 #if defined(SCTP_DETAILED_STR_STATS) 1013 int j; 1014 #endif 1015 1016 asoc = &stcb->asoc; 1017 /* init all variables to a known value. */ 1018 SCTP_SET_STATE(stcb, SCTP_STATE_INUSE); 1019 asoc->max_burst = inp->sctp_ep.max_burst; 1020 asoc->fr_max_burst = inp->sctp_ep.fr_max_burst; 1021 asoc->heart_beat_delay = TICKS_TO_MSEC(inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_HEARTBEAT]); 1022 asoc->cookie_life = inp->sctp_ep.def_cookie_life; 1023 asoc->sctp_cmt_on_off = inp->sctp_cmt_on_off; 1024 asoc->ecn_supported = inp->ecn_supported; 1025 asoc->prsctp_supported = inp->prsctp_supported; 1026 asoc->idata_supported = inp->idata_supported; 1027 asoc->auth_supported = inp->auth_supported; 1028 asoc->asconf_supported = inp->asconf_supported; 1029 asoc->reconfig_supported = inp->reconfig_supported; 1030 asoc->nrsack_supported = inp->nrsack_supported; 1031 asoc->pktdrop_supported = inp->pktdrop_supported; 1032 asoc->idata_supported = inp->idata_supported; 1033 asoc->sctp_cmt_pf = (uint8_t)0; 1034 asoc->sctp_frag_point = inp->sctp_frag_point; 1035 asoc->sctp_features = inp->sctp_features; 1036 asoc->default_dscp = inp->sctp_ep.default_dscp; 1037 asoc->max_cwnd = inp->max_cwnd; 1038 #ifdef INET6 1039 if (inp->sctp_ep.default_flowlabel) { 1040 asoc->default_flowlabel = inp->sctp_ep.default_flowlabel; 1041 } else { 1042 if (inp->ip_inp.inp.inp_flags & IN6P_AUTOFLOWLABEL) { 1043 asoc->default_flowlabel = sctp_select_initial_TSN(&inp->sctp_ep); 1044 asoc->default_flowlabel &= 0x000fffff; 1045 asoc->default_flowlabel |= 0x80000000; 1046 } else { 1047 asoc->default_flowlabel = 0; 1048 } 1049 } 1050 #endif 1051 asoc->sb_send_resv = 0; 1052 if (override_tag) { 1053 asoc->my_vtag = override_tag; 1054 } else { 1055 asoc->my_vtag = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 1); 1056 } 1057 /* Get the nonce tags */ 1058 asoc->my_vtag_nonce = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 0); 1059 asoc->peer_vtag_nonce = sctp_select_a_tag(inp, stcb->sctp_ep->sctp_lport, stcb->rport, 0); 1060 asoc->vrf_id = vrf_id; 1061 1062 #ifdef SCTP_ASOCLOG_OF_TSNS 1063 asoc->tsn_in_at = 0; 1064 asoc->tsn_out_at = 0; 1065 asoc->tsn_in_wrapped = 0; 1066 asoc->tsn_out_wrapped = 0; 1067 asoc->cumack_log_at = 0; 1068 asoc->cumack_log_atsnt = 0; 1069 #endif 1070 #ifdef SCTP_FS_SPEC_LOG 1071 asoc->fs_index = 0; 1072 #endif 1073 asoc->refcnt = 0; 1074 asoc->assoc_up_sent = 0; 1075 asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number = asoc->sending_seq = 1076 sctp_select_initial_TSN(&inp->sctp_ep); 1077 asoc->asconf_seq_out_acked = asoc->asconf_seq_out - 1; 1078 /* we are optimisitic here */ 1079 asoc->peer_supports_nat = 0; 1080 asoc->sent_queue_retran_cnt = 0; 1081 1082 /* for CMT */ 1083 asoc->last_net_cmt_send_started = NULL; 1084 1085 /* This will need to be adjusted */ 1086 asoc->last_acked_seq = asoc->init_seq_number - 1; 1087 asoc->advanced_peer_ack_point = asoc->last_acked_seq; 1088 asoc->asconf_seq_in = asoc->last_acked_seq; 1089 1090 /* here we are different, we hold the next one we expect */ 1091 asoc->str_reset_seq_in = asoc->last_acked_seq + 1; 1092 1093 asoc->initial_init_rto_max = inp->sctp_ep.initial_init_rto_max; 1094 asoc->initial_rto = inp->sctp_ep.initial_rto; 1095 1096 asoc->default_mtu = inp->sctp_ep.default_mtu; 1097 asoc->max_init_times = inp->sctp_ep.max_init_times; 1098 asoc->max_send_times = inp->sctp_ep.max_send_times; 1099 asoc->def_net_failure = inp->sctp_ep.def_net_failure; 1100 asoc->def_net_pf_threshold = inp->sctp_ep.def_net_pf_threshold; 1101 asoc->free_chunk_cnt = 0; 1102 1103 asoc->iam_blocking = 0; 1104 asoc->context = inp->sctp_context; 1105 asoc->local_strreset_support = inp->local_strreset_support; 1106 asoc->def_send = inp->def_send; 1107 asoc->delayed_ack = TICKS_TO_MSEC(inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_RECV]); 1108 asoc->sack_freq = inp->sctp_ep.sctp_sack_freq; 1109 asoc->pr_sctp_cnt = 0; 1110 asoc->total_output_queue_size = 0; 1111 1112 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 1113 asoc->scope.ipv6_addr_legal = 1; 1114 if (SCTP_IPV6_V6ONLY(inp) == 0) { 1115 asoc->scope.ipv4_addr_legal = 1; 1116 } else { 1117 asoc->scope.ipv4_addr_legal = 0; 1118 } 1119 } else { 1120 asoc->scope.ipv6_addr_legal = 0; 1121 asoc->scope.ipv4_addr_legal = 1; 1122 } 1123 1124 asoc->my_rwnd = max(SCTP_SB_LIMIT_RCV(inp->sctp_socket), SCTP_MINIMAL_RWND); 1125 asoc->peers_rwnd = SCTP_SB_LIMIT_RCV(inp->sctp_socket); 1126 1127 asoc->smallest_mtu = inp->sctp_frag_point; 1128 asoc->minrto = inp->sctp_ep.sctp_minrto; 1129 asoc->maxrto = inp->sctp_ep.sctp_maxrto; 1130 1131 asoc->stream_locked_on = 0; 1132 asoc->ecn_echo_cnt_onq = 0; 1133 asoc->stream_locked = 0; 1134 1135 asoc->send_sack = 1; 1136 1137 LIST_INIT(&asoc->sctp_restricted_addrs); 1138 1139 TAILQ_INIT(&asoc->nets); 1140 TAILQ_INIT(&asoc->pending_reply_queue); 1141 TAILQ_INIT(&asoc->asconf_ack_sent); 1142 /* Setup to fill the hb random cache at first HB */ 1143 asoc->hb_random_idx = 4; 1144 1145 asoc->sctp_autoclose_ticks = inp->sctp_ep.auto_close_time; 1146 1147 stcb->asoc.congestion_control_module = inp->sctp_ep.sctp_default_cc_module; 1148 stcb->asoc.cc_functions = sctp_cc_functions[inp->sctp_ep.sctp_default_cc_module]; 1149 1150 stcb->asoc.stream_scheduling_module = inp->sctp_ep.sctp_default_ss_module; 1151 stcb->asoc.ss_functions = sctp_ss_functions[inp->sctp_ep.sctp_default_ss_module]; 1152 1153 /* 1154 * Now the stream parameters, here we allocate space for all streams 1155 * that we request by default. 1156 */ 1157 asoc->strm_realoutsize = asoc->streamoutcnt = asoc->pre_open_streams = 1158 o_strms; 1159 SCTP_MALLOC(asoc->strmout, struct sctp_stream_out *, 1160 asoc->streamoutcnt * sizeof(struct sctp_stream_out), 1161 SCTP_M_STRMO); 1162 if (asoc->strmout == NULL) { 1163 /* big trouble no memory */ 1164 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1165 return (ENOMEM); 1166 } 1167 for (i = 0; i < asoc->streamoutcnt; i++) { 1168 /* 1169 * inbound side must be set to 0xffff, also NOTE when we get 1170 * the INIT-ACK back (for INIT sender) we MUST reduce the 1171 * count (streamoutcnt) but first check if we sent to any of 1172 * the upper streams that were dropped (if some were). Those 1173 * that were dropped must be notified to the upper layer as 1174 * failed to send. 1175 */ 1176 asoc->strmout[i].next_mid_ordered = 0; 1177 asoc->strmout[i].next_mid_unordered = 0; 1178 TAILQ_INIT(&asoc->strmout[i].outqueue); 1179 asoc->strmout[i].chunks_on_queues = 0; 1180 #if defined(SCTP_DETAILED_STR_STATS) 1181 for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) { 1182 asoc->strmout[i].abandoned_sent[j] = 0; 1183 asoc->strmout[i].abandoned_unsent[j] = 0; 1184 } 1185 #else 1186 asoc->strmout[i].abandoned_sent[0] = 0; 1187 asoc->strmout[i].abandoned_unsent[0] = 0; 1188 #endif 1189 asoc->strmout[i].sid = i; 1190 asoc->strmout[i].last_msg_incomplete = 0; 1191 asoc->strmout[i].state = SCTP_STREAM_OPENING; 1192 asoc->ss_functions.sctp_ss_init_stream(stcb, &asoc->strmout[i], NULL); 1193 } 1194 asoc->ss_functions.sctp_ss_init(stcb, asoc, 0); 1195 1196 /* Now the mapping array */ 1197 asoc->mapping_array_size = SCTP_INITIAL_MAPPING_ARRAY; 1198 SCTP_MALLOC(asoc->mapping_array, uint8_t *, asoc->mapping_array_size, 1199 SCTP_M_MAP); 1200 if (asoc->mapping_array == NULL) { 1201 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 1202 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1203 return (ENOMEM); 1204 } 1205 memset(asoc->mapping_array, 0, asoc->mapping_array_size); 1206 SCTP_MALLOC(asoc->nr_mapping_array, uint8_t *, asoc->mapping_array_size, 1207 SCTP_M_MAP); 1208 if (asoc->nr_mapping_array == NULL) { 1209 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 1210 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 1211 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 1212 return (ENOMEM); 1213 } 1214 memset(asoc->nr_mapping_array, 0, asoc->mapping_array_size); 1215 1216 /* Now the init of the other outqueues */ 1217 TAILQ_INIT(&asoc->free_chunks); 1218 TAILQ_INIT(&asoc->control_send_queue); 1219 TAILQ_INIT(&asoc->asconf_send_queue); 1220 TAILQ_INIT(&asoc->send_queue); 1221 TAILQ_INIT(&asoc->sent_queue); 1222 TAILQ_INIT(&asoc->resetHead); 1223 asoc->max_inbound_streams = inp->sctp_ep.max_open_streams_intome; 1224 TAILQ_INIT(&asoc->asconf_queue); 1225 /* authentication fields */ 1226 asoc->authinfo.random = NULL; 1227 asoc->authinfo.active_keyid = 0; 1228 asoc->authinfo.assoc_key = NULL; 1229 asoc->authinfo.assoc_keyid = 0; 1230 asoc->authinfo.recv_key = NULL; 1231 asoc->authinfo.recv_keyid = 0; 1232 LIST_INIT(&asoc->shared_keys); 1233 asoc->marked_retrans = 0; 1234 asoc->port = inp->sctp_ep.port; 1235 asoc->timoinit = 0; 1236 asoc->timodata = 0; 1237 asoc->timosack = 0; 1238 asoc->timoshutdown = 0; 1239 asoc->timoheartbeat = 0; 1240 asoc->timocookie = 0; 1241 asoc->timoshutdownack = 0; 1242 (void)SCTP_GETTIME_TIMEVAL(&asoc->start_time); 1243 asoc->discontinuity_time = asoc->start_time; 1244 for (i = 0; i < SCTP_PR_SCTP_MAX + 1; i++) { 1245 asoc->abandoned_unsent[i] = 0; 1246 asoc->abandoned_sent[i] = 0; 1247 } 1248 /* 1249 * sa_ignore MEMLEAK {memory is put in the assoc mapping array and 1250 * freed later when the association is freed. 1251 */ 1252 return (0); 1253 } 1254 1255 void 1256 sctp_print_mapping_array(struct sctp_association *asoc) 1257 { 1258 unsigned int i, limit; 1259 1260 SCTP_PRINTF("Mapping array size: %d, baseTSN: %8.8x, cumAck: %8.8x, highestTSN: (%8.8x, %8.8x).\n", 1261 asoc->mapping_array_size, 1262 asoc->mapping_array_base_tsn, 1263 asoc->cumulative_tsn, 1264 asoc->highest_tsn_inside_map, 1265 asoc->highest_tsn_inside_nr_map); 1266 for (limit = asoc->mapping_array_size; limit > 1; limit--) { 1267 if (asoc->mapping_array[limit - 1] != 0) { 1268 break; 1269 } 1270 } 1271 SCTP_PRINTF("Renegable mapping array (last %d entries are zero):\n", asoc->mapping_array_size - limit); 1272 for (i = 0; i < limit; i++) { 1273 SCTP_PRINTF("%2.2x%c", asoc->mapping_array[i], ((i + 1) % 16) ? ' ' : '\n'); 1274 } 1275 if (limit % 16) 1276 SCTP_PRINTF("\n"); 1277 for (limit = asoc->mapping_array_size; limit > 1; limit--) { 1278 if (asoc->nr_mapping_array[limit - 1]) { 1279 break; 1280 } 1281 } 1282 SCTP_PRINTF("Non renegable mapping array (last %d entries are zero):\n", asoc->mapping_array_size - limit); 1283 for (i = 0; i < limit; i++) { 1284 SCTP_PRINTF("%2.2x%c", asoc->nr_mapping_array[i], ((i + 1) % 16) ? ' ' : '\n'); 1285 } 1286 if (limit % 16) 1287 SCTP_PRINTF("\n"); 1288 } 1289 1290 int 1291 sctp_expand_mapping_array(struct sctp_association *asoc, uint32_t needed) 1292 { 1293 /* mapping array needs to grow */ 1294 uint8_t *new_array1, *new_array2; 1295 uint32_t new_size; 1296 1297 new_size = asoc->mapping_array_size + ((needed + 7) / 8 + SCTP_MAPPING_ARRAY_INCR); 1298 SCTP_MALLOC(new_array1, uint8_t *, new_size, SCTP_M_MAP); 1299 SCTP_MALLOC(new_array2, uint8_t *, new_size, SCTP_M_MAP); 1300 if ((new_array1 == NULL) || (new_array2 == NULL)) { 1301 /* can't get more, forget it */ 1302 SCTP_PRINTF("No memory for expansion of SCTP mapping array %d\n", new_size); 1303 if (new_array1) { 1304 SCTP_FREE(new_array1, SCTP_M_MAP); 1305 } 1306 if (new_array2) { 1307 SCTP_FREE(new_array2, SCTP_M_MAP); 1308 } 1309 return (-1); 1310 } 1311 memset(new_array1, 0, new_size); 1312 memset(new_array2, 0, new_size); 1313 memcpy(new_array1, asoc->mapping_array, asoc->mapping_array_size); 1314 memcpy(new_array2, asoc->nr_mapping_array, asoc->mapping_array_size); 1315 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 1316 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP); 1317 asoc->mapping_array = new_array1; 1318 asoc->nr_mapping_array = new_array2; 1319 asoc->mapping_array_size = new_size; 1320 return (0); 1321 } 1322 1323 1324 static void 1325 sctp_iterator_work(struct sctp_iterator *it) 1326 { 1327 int iteration_count = 0; 1328 int inp_skip = 0; 1329 int first_in = 1; 1330 struct sctp_inpcb *tinp; 1331 1332 SCTP_INP_INFO_RLOCK(); 1333 SCTP_ITERATOR_LOCK(); 1334 sctp_it_ctl.cur_it = it; 1335 if (it->inp) { 1336 SCTP_INP_RLOCK(it->inp); 1337 SCTP_INP_DECR_REF(it->inp); 1338 } 1339 if (it->inp == NULL) { 1340 /* iterator is complete */ 1341 done_with_iterator: 1342 sctp_it_ctl.cur_it = NULL; 1343 SCTP_ITERATOR_UNLOCK(); 1344 SCTP_INP_INFO_RUNLOCK(); 1345 if (it->function_atend != NULL) { 1346 (*it->function_atend) (it->pointer, it->val); 1347 } 1348 SCTP_FREE(it, SCTP_M_ITER); 1349 return; 1350 } 1351 select_a_new_ep: 1352 if (first_in) { 1353 first_in = 0; 1354 } else { 1355 SCTP_INP_RLOCK(it->inp); 1356 } 1357 while (((it->pcb_flags) && 1358 ((it->inp->sctp_flags & it->pcb_flags) != it->pcb_flags)) || 1359 ((it->pcb_features) && 1360 ((it->inp->sctp_features & it->pcb_features) != it->pcb_features))) { 1361 /* endpoint flags or features don't match, so keep looking */ 1362 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 1363 SCTP_INP_RUNLOCK(it->inp); 1364 goto done_with_iterator; 1365 } 1366 tinp = it->inp; 1367 it->inp = LIST_NEXT(it->inp, sctp_list); 1368 SCTP_INP_RUNLOCK(tinp); 1369 if (it->inp == NULL) { 1370 goto done_with_iterator; 1371 } 1372 SCTP_INP_RLOCK(it->inp); 1373 } 1374 /* now go through each assoc which is in the desired state */ 1375 if (it->done_current_ep == 0) { 1376 if (it->function_inp != NULL) 1377 inp_skip = (*it->function_inp) (it->inp, it->pointer, it->val); 1378 it->done_current_ep = 1; 1379 } 1380 if (it->stcb == NULL) { 1381 /* run the per instance function */ 1382 it->stcb = LIST_FIRST(&it->inp->sctp_asoc_list); 1383 } 1384 if ((inp_skip) || it->stcb == NULL) { 1385 if (it->function_inp_end != NULL) { 1386 inp_skip = (*it->function_inp_end) (it->inp, 1387 it->pointer, 1388 it->val); 1389 } 1390 SCTP_INP_RUNLOCK(it->inp); 1391 goto no_stcb; 1392 } 1393 while (it->stcb) { 1394 SCTP_TCB_LOCK(it->stcb); 1395 if (it->asoc_state && ((it->stcb->asoc.state & it->asoc_state) != it->asoc_state)) { 1396 /* not in the right state... keep looking */ 1397 SCTP_TCB_UNLOCK(it->stcb); 1398 goto next_assoc; 1399 } 1400 /* see if we have limited out the iterator loop */ 1401 iteration_count++; 1402 if (iteration_count > SCTP_ITERATOR_MAX_AT_ONCE) { 1403 /* Pause to let others grab the lock */ 1404 atomic_add_int(&it->stcb->asoc.refcnt, 1); 1405 SCTP_TCB_UNLOCK(it->stcb); 1406 SCTP_INP_INCR_REF(it->inp); 1407 SCTP_INP_RUNLOCK(it->inp); 1408 SCTP_ITERATOR_UNLOCK(); 1409 SCTP_INP_INFO_RUNLOCK(); 1410 SCTP_INP_INFO_RLOCK(); 1411 SCTP_ITERATOR_LOCK(); 1412 if (sctp_it_ctl.iterator_flags) { 1413 /* We won't be staying here */ 1414 SCTP_INP_DECR_REF(it->inp); 1415 atomic_add_int(&it->stcb->asoc.refcnt, -1); 1416 if (sctp_it_ctl.iterator_flags & 1417 SCTP_ITERATOR_STOP_CUR_IT) { 1418 sctp_it_ctl.iterator_flags &= ~SCTP_ITERATOR_STOP_CUR_IT; 1419 goto done_with_iterator; 1420 } 1421 if (sctp_it_ctl.iterator_flags & 1422 SCTP_ITERATOR_STOP_CUR_INP) { 1423 sctp_it_ctl.iterator_flags &= ~SCTP_ITERATOR_STOP_CUR_INP; 1424 goto no_stcb; 1425 } 1426 /* If we reach here huh? */ 1427 SCTP_PRINTF("Unknown it ctl flag %x\n", 1428 sctp_it_ctl.iterator_flags); 1429 sctp_it_ctl.iterator_flags = 0; 1430 } 1431 SCTP_INP_RLOCK(it->inp); 1432 SCTP_INP_DECR_REF(it->inp); 1433 SCTP_TCB_LOCK(it->stcb); 1434 atomic_add_int(&it->stcb->asoc.refcnt, -1); 1435 iteration_count = 0; 1436 } 1437 1438 /* run function on this one */ 1439 (*it->function_assoc) (it->inp, it->stcb, it->pointer, it->val); 1440 1441 /* 1442 * we lie here, it really needs to have its own type but 1443 * first I must verify that this won't effect things :-0 1444 */ 1445 if (it->no_chunk_output == 0) 1446 sctp_chunk_output(it->inp, it->stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1447 1448 SCTP_TCB_UNLOCK(it->stcb); 1449 next_assoc: 1450 it->stcb = LIST_NEXT(it->stcb, sctp_tcblist); 1451 if (it->stcb == NULL) { 1452 /* Run last function */ 1453 if (it->function_inp_end != NULL) { 1454 inp_skip = (*it->function_inp_end) (it->inp, 1455 it->pointer, 1456 it->val); 1457 } 1458 } 1459 } 1460 SCTP_INP_RUNLOCK(it->inp); 1461 no_stcb: 1462 /* done with all assocs on this endpoint, move on to next endpoint */ 1463 it->done_current_ep = 0; 1464 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 1465 it->inp = NULL; 1466 } else { 1467 it->inp = LIST_NEXT(it->inp, sctp_list); 1468 } 1469 if (it->inp == NULL) { 1470 goto done_with_iterator; 1471 } 1472 goto select_a_new_ep; 1473 } 1474 1475 void 1476 sctp_iterator_worker(void) 1477 { 1478 struct sctp_iterator *it, *nit; 1479 1480 /* This function is called with the WQ lock in place */ 1481 1482 sctp_it_ctl.iterator_running = 1; 1483 TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) { 1484 /* now lets work on this one */ 1485 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr); 1486 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 1487 CURVNET_SET(it->vn); 1488 sctp_iterator_work(it); 1489 CURVNET_RESTORE(); 1490 SCTP_IPI_ITERATOR_WQ_LOCK(); 1491 /* sa_ignore FREED_MEMORY */ 1492 } 1493 sctp_it_ctl.iterator_running = 0; 1494 return; 1495 } 1496 1497 1498 static void 1499 sctp_handle_addr_wq(void) 1500 { 1501 /* deal with the ADDR wq from the rtsock calls */ 1502 struct sctp_laddr *wi, *nwi; 1503 struct sctp_asconf_iterator *asc; 1504 1505 SCTP_MALLOC(asc, struct sctp_asconf_iterator *, 1506 sizeof(struct sctp_asconf_iterator), SCTP_M_ASC_IT); 1507 if (asc == NULL) { 1508 /* Try later, no memory */ 1509 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 1510 (struct sctp_inpcb *)NULL, 1511 (struct sctp_tcb *)NULL, 1512 (struct sctp_nets *)NULL); 1513 return; 1514 } 1515 LIST_INIT(&asc->list_of_work); 1516 asc->cnt = 0; 1517 1518 LIST_FOREACH_SAFE(wi, &SCTP_BASE_INFO(addr_wq), sctp_nxt_addr, nwi) { 1519 LIST_REMOVE(wi, sctp_nxt_addr); 1520 LIST_INSERT_HEAD(&asc->list_of_work, wi, sctp_nxt_addr); 1521 asc->cnt++; 1522 } 1523 1524 if (asc->cnt == 0) { 1525 SCTP_FREE(asc, SCTP_M_ASC_IT); 1526 } else { 1527 int ret; 1528 1529 ret = sctp_initiate_iterator(sctp_asconf_iterator_ep, 1530 sctp_asconf_iterator_stcb, 1531 NULL, /* No ep end for boundall */ 1532 SCTP_PCB_FLAGS_BOUNDALL, 1533 SCTP_PCB_ANY_FEATURES, 1534 SCTP_ASOC_ANY_STATE, 1535 (void *)asc, 0, 1536 sctp_asconf_iterator_end, NULL, 0); 1537 if (ret) { 1538 SCTP_PRINTF("Failed to initiate iterator for handle_addr_wq\n"); 1539 /* 1540 * Freeing if we are stopping or put back on the 1541 * addr_wq. 1542 */ 1543 if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) { 1544 sctp_asconf_iterator_end(asc, 0); 1545 } else { 1546 LIST_FOREACH(wi, &asc->list_of_work, sctp_nxt_addr) { 1547 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); 1548 } 1549 SCTP_FREE(asc, SCTP_M_ASC_IT); 1550 } 1551 } 1552 } 1553 } 1554 1555 void 1556 sctp_timeout_handler(void *t) 1557 { 1558 struct sctp_inpcb *inp; 1559 struct sctp_tcb *stcb; 1560 struct sctp_nets *net; 1561 struct sctp_timer *tmr; 1562 struct mbuf *op_err; 1563 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 1564 struct socket *so; 1565 #endif 1566 int did_output; 1567 int type; 1568 1569 tmr = (struct sctp_timer *)t; 1570 inp = (struct sctp_inpcb *)tmr->ep; 1571 stcb = (struct sctp_tcb *)tmr->tcb; 1572 net = (struct sctp_nets *)tmr->net; 1573 CURVNET_SET((struct vnet *)tmr->vnet); 1574 did_output = 1; 1575 1576 #ifdef SCTP_AUDITING_ENABLED 1577 sctp_audit_log(0xF0, (uint8_t)tmr->type); 1578 sctp_auditing(3, inp, stcb, net); 1579 #endif 1580 1581 /* sanity checks... */ 1582 if (tmr->self != (void *)tmr) { 1583 /* 1584 * SCTP_PRINTF("Stale SCTP timer fired (%p), ignoring...\n", 1585 * (void *)tmr); 1586 */ 1587 CURVNET_RESTORE(); 1588 return; 1589 } 1590 tmr->stopped_from = 0xa001; 1591 if (!SCTP_IS_TIMER_TYPE_VALID(tmr->type)) { 1592 /* 1593 * SCTP_PRINTF("SCTP timer fired with invalid type: 0x%x\n", 1594 * tmr->type); 1595 */ 1596 CURVNET_RESTORE(); 1597 return; 1598 } 1599 tmr->stopped_from = 0xa002; 1600 if ((tmr->type != SCTP_TIMER_TYPE_ADDR_WQ) && (inp == NULL)) { 1601 CURVNET_RESTORE(); 1602 return; 1603 } 1604 /* if this is an iterator timeout, get the struct and clear inp */ 1605 tmr->stopped_from = 0xa003; 1606 if (inp) { 1607 SCTP_INP_INCR_REF(inp); 1608 if ((inp->sctp_socket == NULL) && 1609 ((tmr->type != SCTP_TIMER_TYPE_INPKILL) && 1610 (tmr->type != SCTP_TIMER_TYPE_INIT) && 1611 (tmr->type != SCTP_TIMER_TYPE_SEND) && 1612 (tmr->type != SCTP_TIMER_TYPE_RECV) && 1613 (tmr->type != SCTP_TIMER_TYPE_HEARTBEAT) && 1614 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWN) && 1615 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNACK) && 1616 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNGUARD) && 1617 (tmr->type != SCTP_TIMER_TYPE_ASOCKILL))) { 1618 SCTP_INP_DECR_REF(inp); 1619 CURVNET_RESTORE(); 1620 return; 1621 } 1622 } 1623 tmr->stopped_from = 0xa004; 1624 if (stcb) { 1625 atomic_add_int(&stcb->asoc.refcnt, 1); 1626 if (stcb->asoc.state == 0) { 1627 atomic_add_int(&stcb->asoc.refcnt, -1); 1628 if (inp) { 1629 SCTP_INP_DECR_REF(inp); 1630 } 1631 CURVNET_RESTORE(); 1632 return; 1633 } 1634 } 1635 type = tmr->type; 1636 tmr->stopped_from = 0xa005; 1637 SCTPDBG(SCTP_DEBUG_TIMER1, "Timer type %d goes off\n", type); 1638 if (!SCTP_OS_TIMER_ACTIVE(&tmr->timer)) { 1639 if (inp) { 1640 SCTP_INP_DECR_REF(inp); 1641 } 1642 if (stcb) { 1643 atomic_add_int(&stcb->asoc.refcnt, -1); 1644 } 1645 CURVNET_RESTORE(); 1646 return; 1647 } 1648 tmr->stopped_from = 0xa006; 1649 1650 if (stcb) { 1651 SCTP_TCB_LOCK(stcb); 1652 atomic_add_int(&stcb->asoc.refcnt, -1); 1653 if ((type != SCTP_TIMER_TYPE_ASOCKILL) && 1654 ((stcb->asoc.state == 0) || 1655 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED))) { 1656 SCTP_TCB_UNLOCK(stcb); 1657 if (inp) { 1658 SCTP_INP_DECR_REF(inp); 1659 } 1660 CURVNET_RESTORE(); 1661 return; 1662 } 1663 } else if (inp != NULL) { 1664 if (type != SCTP_TIMER_TYPE_INPKILL) { 1665 SCTP_INP_WLOCK(inp); 1666 } 1667 } else { 1668 SCTP_WQ_ADDR_LOCK(); 1669 } 1670 /* record in stopped what t-o occurred */ 1671 tmr->stopped_from = type; 1672 1673 /* mark as being serviced now */ 1674 if (SCTP_OS_TIMER_PENDING(&tmr->timer)) { 1675 /* 1676 * Callout has been rescheduled. 1677 */ 1678 goto get_out; 1679 } 1680 if (!SCTP_OS_TIMER_ACTIVE(&tmr->timer)) { 1681 /* 1682 * Not active, so no action. 1683 */ 1684 goto get_out; 1685 } 1686 SCTP_OS_TIMER_DEACTIVATE(&tmr->timer); 1687 1688 /* call the handler for the appropriate timer type */ 1689 switch (type) { 1690 case SCTP_TIMER_TYPE_ADDR_WQ: 1691 sctp_handle_addr_wq(); 1692 break; 1693 case SCTP_TIMER_TYPE_SEND: 1694 if ((stcb == NULL) || (inp == NULL)) { 1695 break; 1696 } 1697 SCTP_STAT_INCR(sctps_timodata); 1698 stcb->asoc.timodata++; 1699 stcb->asoc.num_send_timers_up--; 1700 if (stcb->asoc.num_send_timers_up < 0) { 1701 stcb->asoc.num_send_timers_up = 0; 1702 } 1703 SCTP_TCB_LOCK_ASSERT(stcb); 1704 if (sctp_t3rxt_timer(inp, stcb, net)) { 1705 /* no need to unlock on tcb its gone */ 1706 1707 goto out_decr; 1708 } 1709 SCTP_TCB_LOCK_ASSERT(stcb); 1710 #ifdef SCTP_AUDITING_ENABLED 1711 sctp_auditing(4, inp, stcb, net); 1712 #endif 1713 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1714 if ((stcb->asoc.num_send_timers_up == 0) && 1715 (stcb->asoc.sent_queue_cnt > 0)) { 1716 struct sctp_tmit_chunk *chk; 1717 1718 /* 1719 * safeguard. If there on some on the sent queue 1720 * somewhere but no timers running something is 1721 * wrong... so we start a timer on the first chunk 1722 * on the send queue on whatever net it is sent to. 1723 */ 1724 chk = TAILQ_FIRST(&stcb->asoc.sent_queue); 1725 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, 1726 chk->whoTo); 1727 } 1728 break; 1729 case SCTP_TIMER_TYPE_INIT: 1730 if ((stcb == NULL) || (inp == NULL)) { 1731 break; 1732 } 1733 SCTP_STAT_INCR(sctps_timoinit); 1734 stcb->asoc.timoinit++; 1735 if (sctp_t1init_timer(inp, stcb, net)) { 1736 /* no need to unlock on tcb its gone */ 1737 goto out_decr; 1738 } 1739 /* We do output but not here */ 1740 did_output = 0; 1741 break; 1742 case SCTP_TIMER_TYPE_RECV: 1743 if ((stcb == NULL) || (inp == NULL)) { 1744 break; 1745 } 1746 SCTP_STAT_INCR(sctps_timosack); 1747 stcb->asoc.timosack++; 1748 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED); 1749 #ifdef SCTP_AUDITING_ENABLED 1750 sctp_auditing(4, inp, stcb, net); 1751 #endif 1752 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SACK_TMR, SCTP_SO_NOT_LOCKED); 1753 break; 1754 case SCTP_TIMER_TYPE_SHUTDOWN: 1755 if ((stcb == NULL) || (inp == NULL)) { 1756 break; 1757 } 1758 if (sctp_shutdown_timer(inp, stcb, net)) { 1759 /* no need to unlock on tcb its gone */ 1760 goto out_decr; 1761 } 1762 SCTP_STAT_INCR(sctps_timoshutdown); 1763 stcb->asoc.timoshutdown++; 1764 #ifdef SCTP_AUDITING_ENABLED 1765 sctp_auditing(4, inp, stcb, net); 1766 #endif 1767 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_TMR, SCTP_SO_NOT_LOCKED); 1768 break; 1769 case SCTP_TIMER_TYPE_HEARTBEAT: 1770 if ((stcb == NULL) || (inp == NULL) || (net == NULL)) { 1771 break; 1772 } 1773 SCTP_STAT_INCR(sctps_timoheartbeat); 1774 stcb->asoc.timoheartbeat++; 1775 if (sctp_heartbeat_timer(inp, stcb, net)) { 1776 /* no need to unlock on tcb its gone */ 1777 goto out_decr; 1778 } 1779 #ifdef SCTP_AUDITING_ENABLED 1780 sctp_auditing(4, inp, stcb, net); 1781 #endif 1782 if (!(net->dest_state & SCTP_ADDR_NOHB)) { 1783 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net); 1784 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_HB_TMR, SCTP_SO_NOT_LOCKED); 1785 } 1786 break; 1787 case SCTP_TIMER_TYPE_COOKIE: 1788 if ((stcb == NULL) || (inp == NULL)) { 1789 break; 1790 } 1791 1792 if (sctp_cookie_timer(inp, stcb, net)) { 1793 /* no need to unlock on tcb its gone */ 1794 goto out_decr; 1795 } 1796 SCTP_STAT_INCR(sctps_timocookie); 1797 stcb->asoc.timocookie++; 1798 #ifdef SCTP_AUDITING_ENABLED 1799 sctp_auditing(4, inp, stcb, net); 1800 #endif 1801 /* 1802 * We consider T3 and Cookie timer pretty much the same with 1803 * respect to where from in chunk_output. 1804 */ 1805 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1806 break; 1807 case SCTP_TIMER_TYPE_NEWCOOKIE: 1808 { 1809 struct timeval tv; 1810 int i, secret; 1811 1812 if (inp == NULL) { 1813 break; 1814 } 1815 SCTP_STAT_INCR(sctps_timosecret); 1816 (void)SCTP_GETTIME_TIMEVAL(&tv); 1817 inp->sctp_ep.time_of_secret_change = tv.tv_sec; 1818 inp->sctp_ep.last_secret_number = 1819 inp->sctp_ep.current_secret_number; 1820 inp->sctp_ep.current_secret_number++; 1821 if (inp->sctp_ep.current_secret_number >= 1822 SCTP_HOW_MANY_SECRETS) { 1823 inp->sctp_ep.current_secret_number = 0; 1824 } 1825 secret = (int)inp->sctp_ep.current_secret_number; 1826 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) { 1827 inp->sctp_ep.secret_key[secret][i] = 1828 sctp_select_initial_TSN(&inp->sctp_ep); 1829 } 1830 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, stcb, net); 1831 } 1832 did_output = 0; 1833 break; 1834 case SCTP_TIMER_TYPE_PATHMTURAISE: 1835 if ((stcb == NULL) || (inp == NULL)) { 1836 break; 1837 } 1838 SCTP_STAT_INCR(sctps_timopathmtu); 1839 sctp_pathmtu_timer(inp, stcb, net); 1840 did_output = 0; 1841 break; 1842 case SCTP_TIMER_TYPE_SHUTDOWNACK: 1843 if ((stcb == NULL) || (inp == NULL)) { 1844 break; 1845 } 1846 if (sctp_shutdownack_timer(inp, stcb, net)) { 1847 /* no need to unlock on tcb its gone */ 1848 goto out_decr; 1849 } 1850 SCTP_STAT_INCR(sctps_timoshutdownack); 1851 stcb->asoc.timoshutdownack++; 1852 #ifdef SCTP_AUDITING_ENABLED 1853 sctp_auditing(4, inp, stcb, net); 1854 #endif 1855 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_ACK_TMR, SCTP_SO_NOT_LOCKED); 1856 break; 1857 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 1858 if ((stcb == NULL) || (inp == NULL)) { 1859 break; 1860 } 1861 SCTP_STAT_INCR(sctps_timoshutdownguard); 1862 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), 1863 "Shutdown guard timer expired"); 1864 sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); 1865 /* no need to unlock on tcb its gone */ 1866 goto out_decr; 1867 1868 case SCTP_TIMER_TYPE_STRRESET: 1869 if ((stcb == NULL) || (inp == NULL)) { 1870 break; 1871 } 1872 if (sctp_strreset_timer(inp, stcb, net)) { 1873 /* no need to unlock on tcb its gone */ 1874 goto out_decr; 1875 } 1876 SCTP_STAT_INCR(sctps_timostrmrst); 1877 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_STRRST_TMR, SCTP_SO_NOT_LOCKED); 1878 break; 1879 case SCTP_TIMER_TYPE_ASCONF: 1880 if ((stcb == NULL) || (inp == NULL)) { 1881 break; 1882 } 1883 if (sctp_asconf_timer(inp, stcb, net)) { 1884 /* no need to unlock on tcb its gone */ 1885 goto out_decr; 1886 } 1887 SCTP_STAT_INCR(sctps_timoasconf); 1888 #ifdef SCTP_AUDITING_ENABLED 1889 sctp_auditing(4, inp, stcb, net); 1890 #endif 1891 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_ASCONF_TMR, SCTP_SO_NOT_LOCKED); 1892 break; 1893 case SCTP_TIMER_TYPE_PRIM_DELETED: 1894 if ((stcb == NULL) || (inp == NULL)) { 1895 break; 1896 } 1897 sctp_delete_prim_timer(inp, stcb, net); 1898 SCTP_STAT_INCR(sctps_timodelprim); 1899 break; 1900 1901 case SCTP_TIMER_TYPE_AUTOCLOSE: 1902 if ((stcb == NULL) || (inp == NULL)) { 1903 break; 1904 } 1905 SCTP_STAT_INCR(sctps_timoautoclose); 1906 sctp_autoclose_timer(inp, stcb, net); 1907 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR, SCTP_SO_NOT_LOCKED); 1908 did_output = 0; 1909 break; 1910 case SCTP_TIMER_TYPE_ASOCKILL: 1911 if ((stcb == NULL) || (inp == NULL)) { 1912 break; 1913 } 1914 SCTP_STAT_INCR(sctps_timoassockill); 1915 /* Can we free it yet? */ 1916 SCTP_INP_DECR_REF(inp); 1917 sctp_timer_stop(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL, 1918 SCTP_FROM_SCTPUTIL + SCTP_LOC_1); 1919 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 1920 so = SCTP_INP_SO(inp); 1921 atomic_add_int(&stcb->asoc.refcnt, 1); 1922 SCTP_TCB_UNLOCK(stcb); 1923 SCTP_SOCKET_LOCK(so, 1); 1924 SCTP_TCB_LOCK(stcb); 1925 atomic_subtract_int(&stcb->asoc.refcnt, 1); 1926 #endif 1927 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 1928 SCTP_FROM_SCTPUTIL + SCTP_LOC_2); 1929 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 1930 SCTP_SOCKET_UNLOCK(so, 1); 1931 #endif 1932 /* 1933 * free asoc, always unlocks (or destroy's) so prevent 1934 * duplicate unlock or unlock of a free mtx :-0 1935 */ 1936 stcb = NULL; 1937 goto out_no_decr; 1938 case SCTP_TIMER_TYPE_INPKILL: 1939 SCTP_STAT_INCR(sctps_timoinpkill); 1940 if (inp == NULL) { 1941 break; 1942 } 1943 /* 1944 * special case, take away our increment since WE are the 1945 * killer 1946 */ 1947 SCTP_INP_DECR_REF(inp); 1948 sctp_timer_stop(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL, 1949 SCTP_FROM_SCTPUTIL + SCTP_LOC_3); 1950 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 1951 SCTP_CALLED_FROM_INPKILL_TIMER); 1952 inp = NULL; 1953 goto out_no_decr; 1954 default: 1955 SCTPDBG(SCTP_DEBUG_TIMER1, "sctp_timeout_handler:unknown timer %d\n", 1956 type); 1957 break; 1958 } 1959 #ifdef SCTP_AUDITING_ENABLED 1960 sctp_audit_log(0xF1, (uint8_t)type); 1961 if (inp) 1962 sctp_auditing(5, inp, stcb, net); 1963 #endif 1964 if ((did_output) && stcb) { 1965 /* 1966 * Now we need to clean up the control chunk chain if an 1967 * ECNE is on it. It must be marked as UNSENT again so next 1968 * call will continue to send it until such time that we get 1969 * a CWR, to remove it. It is, however, less likely that we 1970 * will find a ecn echo on the chain though. 1971 */ 1972 sctp_fix_ecn_echo(&stcb->asoc); 1973 } 1974 get_out: 1975 if (stcb) { 1976 SCTP_TCB_UNLOCK(stcb); 1977 } else if (inp != NULL) { 1978 SCTP_INP_WUNLOCK(inp); 1979 } else { 1980 SCTP_WQ_ADDR_UNLOCK(); 1981 } 1982 1983 out_decr: 1984 if (inp) { 1985 SCTP_INP_DECR_REF(inp); 1986 } 1987 1988 out_no_decr: 1989 SCTPDBG(SCTP_DEBUG_TIMER1, "Timer now complete (type = %d)\n", type); 1990 CURVNET_RESTORE(); 1991 } 1992 1993 void 1994 sctp_timer_start(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 1995 struct sctp_nets *net) 1996 { 1997 uint32_t to_ticks; 1998 struct sctp_timer *tmr; 1999 2000 if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && (inp == NULL)) 2001 return; 2002 2003 tmr = NULL; 2004 if (stcb) { 2005 SCTP_TCB_LOCK_ASSERT(stcb); 2006 } 2007 switch (t_type) { 2008 case SCTP_TIMER_TYPE_ADDR_WQ: 2009 /* Only 1 tick away :-) */ 2010 tmr = &SCTP_BASE_INFO(addr_wq_timer); 2011 to_ticks = SCTP_ADDRESS_TICK_DELAY; 2012 break; 2013 case SCTP_TIMER_TYPE_SEND: 2014 /* Here we use the RTO timer */ 2015 { 2016 int rto_val; 2017 2018 if ((stcb == NULL) || (net == NULL)) { 2019 return; 2020 } 2021 tmr = &net->rxt_timer; 2022 if (net->RTO == 0) { 2023 rto_val = stcb->asoc.initial_rto; 2024 } else { 2025 rto_val = net->RTO; 2026 } 2027 to_ticks = MSEC_TO_TICKS(rto_val); 2028 } 2029 break; 2030 case SCTP_TIMER_TYPE_INIT: 2031 /* 2032 * Here we use the INIT timer default usually about 1 2033 * minute. 2034 */ 2035 if ((stcb == NULL) || (net == NULL)) { 2036 return; 2037 } 2038 tmr = &net->rxt_timer; 2039 if (net->RTO == 0) { 2040 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2041 } else { 2042 to_ticks = MSEC_TO_TICKS(net->RTO); 2043 } 2044 break; 2045 case SCTP_TIMER_TYPE_RECV: 2046 /* 2047 * Here we use the Delayed-Ack timer value from the inp 2048 * ususually about 200ms. 2049 */ 2050 if (stcb == NULL) { 2051 return; 2052 } 2053 tmr = &stcb->asoc.dack_timer; 2054 to_ticks = MSEC_TO_TICKS(stcb->asoc.delayed_ack); 2055 break; 2056 case SCTP_TIMER_TYPE_SHUTDOWN: 2057 /* Here we use the RTO of the destination. */ 2058 if ((stcb == NULL) || (net == NULL)) { 2059 return; 2060 } 2061 if (net->RTO == 0) { 2062 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2063 } else { 2064 to_ticks = MSEC_TO_TICKS(net->RTO); 2065 } 2066 tmr = &net->rxt_timer; 2067 break; 2068 case SCTP_TIMER_TYPE_HEARTBEAT: 2069 /* 2070 * the net is used here so that we can add in the RTO. Even 2071 * though we use a different timer. We also add the HB timer 2072 * PLUS a random jitter. 2073 */ 2074 if ((stcb == NULL) || (net == NULL)) { 2075 return; 2076 } else { 2077 uint32_t rndval; 2078 uint32_t jitter; 2079 2080 if ((net->dest_state & SCTP_ADDR_NOHB) && 2081 !(net->dest_state & SCTP_ADDR_UNCONFIRMED)) { 2082 return; 2083 } 2084 if (net->RTO == 0) { 2085 to_ticks = stcb->asoc.initial_rto; 2086 } else { 2087 to_ticks = net->RTO; 2088 } 2089 rndval = sctp_select_initial_TSN(&inp->sctp_ep); 2090 jitter = rndval % to_ticks; 2091 if (jitter >= (to_ticks >> 1)) { 2092 to_ticks = to_ticks + (jitter - (to_ticks >> 1)); 2093 } else { 2094 to_ticks = to_ticks - jitter; 2095 } 2096 if (!(net->dest_state & SCTP_ADDR_UNCONFIRMED) && 2097 !(net->dest_state & SCTP_ADDR_PF)) { 2098 to_ticks += net->heart_beat_delay; 2099 } 2100 /* 2101 * Now we must convert the to_ticks that are now in 2102 * ms to ticks. 2103 */ 2104 to_ticks = MSEC_TO_TICKS(to_ticks); 2105 tmr = &net->hb_timer; 2106 } 2107 break; 2108 case SCTP_TIMER_TYPE_COOKIE: 2109 /* 2110 * Here we can use the RTO timer from the network since one 2111 * RTT was compelete. If a retran happened then we will be 2112 * using the RTO initial value. 2113 */ 2114 if ((stcb == NULL) || (net == NULL)) { 2115 return; 2116 } 2117 if (net->RTO == 0) { 2118 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2119 } else { 2120 to_ticks = MSEC_TO_TICKS(net->RTO); 2121 } 2122 tmr = &net->rxt_timer; 2123 break; 2124 case SCTP_TIMER_TYPE_NEWCOOKIE: 2125 /* 2126 * nothing needed but the endpoint here ususually about 60 2127 * minutes. 2128 */ 2129 tmr = &inp->sctp_ep.signature_change; 2130 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_SIGNATURE]; 2131 break; 2132 case SCTP_TIMER_TYPE_ASOCKILL: 2133 if (stcb == NULL) { 2134 return; 2135 } 2136 tmr = &stcb->asoc.strreset_timer; 2137 to_ticks = MSEC_TO_TICKS(SCTP_ASOC_KILL_TIMEOUT); 2138 break; 2139 case SCTP_TIMER_TYPE_INPKILL: 2140 /* 2141 * The inp is setup to die. We re-use the signature_chage 2142 * timer since that has stopped and we are in the GONE 2143 * state. 2144 */ 2145 tmr = &inp->sctp_ep.signature_change; 2146 to_ticks = MSEC_TO_TICKS(SCTP_INP_KILL_TIMEOUT); 2147 break; 2148 case SCTP_TIMER_TYPE_PATHMTURAISE: 2149 /* 2150 * Here we use the value found in the EP for PMTU ususually 2151 * about 10 minutes. 2152 */ 2153 if ((stcb == NULL) || (net == NULL)) { 2154 return; 2155 } 2156 if (net->dest_state & SCTP_ADDR_NO_PMTUD) { 2157 return; 2158 } 2159 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_PMTU]; 2160 tmr = &net->pmtu_timer; 2161 break; 2162 case SCTP_TIMER_TYPE_SHUTDOWNACK: 2163 /* Here we use the RTO of the destination */ 2164 if ((stcb == NULL) || (net == NULL)) { 2165 return; 2166 } 2167 if (net->RTO == 0) { 2168 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2169 } else { 2170 to_ticks = MSEC_TO_TICKS(net->RTO); 2171 } 2172 tmr = &net->rxt_timer; 2173 break; 2174 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 2175 /* 2176 * Here we use the endpoints shutdown guard timer usually 2177 * about 3 minutes. 2178 */ 2179 if (stcb == NULL) { 2180 return; 2181 } 2182 if (inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN] == 0) { 2183 to_ticks = 5 * MSEC_TO_TICKS(stcb->asoc.maxrto); 2184 } else { 2185 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN]; 2186 } 2187 tmr = &stcb->asoc.shut_guard_timer; 2188 break; 2189 case SCTP_TIMER_TYPE_STRRESET: 2190 /* 2191 * Here the timer comes from the stcb but its value is from 2192 * the net's RTO. 2193 */ 2194 if ((stcb == NULL) || (net == NULL)) { 2195 return; 2196 } 2197 if (net->RTO == 0) { 2198 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2199 } else { 2200 to_ticks = MSEC_TO_TICKS(net->RTO); 2201 } 2202 tmr = &stcb->asoc.strreset_timer; 2203 break; 2204 case SCTP_TIMER_TYPE_ASCONF: 2205 /* 2206 * Here the timer comes from the stcb but its value is from 2207 * the net's RTO. 2208 */ 2209 if ((stcb == NULL) || (net == NULL)) { 2210 return; 2211 } 2212 if (net->RTO == 0) { 2213 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2214 } else { 2215 to_ticks = MSEC_TO_TICKS(net->RTO); 2216 } 2217 tmr = &stcb->asoc.asconf_timer; 2218 break; 2219 case SCTP_TIMER_TYPE_PRIM_DELETED: 2220 if ((stcb == NULL) || (net != NULL)) { 2221 return; 2222 } 2223 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 2224 tmr = &stcb->asoc.delete_prim_timer; 2225 break; 2226 case SCTP_TIMER_TYPE_AUTOCLOSE: 2227 if (stcb == NULL) { 2228 return; 2229 } 2230 if (stcb->asoc.sctp_autoclose_ticks == 0) { 2231 /* 2232 * Really an error since stcb is NOT set to 2233 * autoclose 2234 */ 2235 return; 2236 } 2237 to_ticks = stcb->asoc.sctp_autoclose_ticks; 2238 tmr = &stcb->asoc.autoclose_timer; 2239 break; 2240 default: 2241 SCTPDBG(SCTP_DEBUG_TIMER1, "%s: Unknown timer type %d\n", 2242 __func__, t_type); 2243 return; 2244 break; 2245 } 2246 if ((to_ticks <= 0) || (tmr == NULL)) { 2247 SCTPDBG(SCTP_DEBUG_TIMER1, "%s: %d:software error to_ticks:%d tmr:%p not set ??\n", 2248 __func__, t_type, to_ticks, (void *)tmr); 2249 return; 2250 } 2251 if (SCTP_OS_TIMER_PENDING(&tmr->timer)) { 2252 /* 2253 * we do NOT allow you to have it already running. if it is 2254 * we leave the current one up unchanged 2255 */ 2256 return; 2257 } 2258 /* At this point we can proceed */ 2259 if (t_type == SCTP_TIMER_TYPE_SEND) { 2260 stcb->asoc.num_send_timers_up++; 2261 } 2262 tmr->stopped_from = 0; 2263 tmr->type = t_type; 2264 tmr->ep = (void *)inp; 2265 tmr->tcb = (void *)stcb; 2266 tmr->net = (void *)net; 2267 tmr->self = (void *)tmr; 2268 tmr->vnet = (void *)curvnet; 2269 tmr->ticks = sctp_get_tick_count(); 2270 (void)SCTP_OS_TIMER_START(&tmr->timer, to_ticks, sctp_timeout_handler, tmr); 2271 return; 2272 } 2273 2274 void 2275 sctp_timer_stop(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 2276 struct sctp_nets *net, uint32_t from) 2277 { 2278 struct sctp_timer *tmr; 2279 2280 if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && 2281 (inp == NULL)) 2282 return; 2283 2284 tmr = NULL; 2285 if (stcb) { 2286 SCTP_TCB_LOCK_ASSERT(stcb); 2287 } 2288 switch (t_type) { 2289 case SCTP_TIMER_TYPE_ADDR_WQ: 2290 tmr = &SCTP_BASE_INFO(addr_wq_timer); 2291 break; 2292 case SCTP_TIMER_TYPE_SEND: 2293 if ((stcb == NULL) || (net == NULL)) { 2294 return; 2295 } 2296 tmr = &net->rxt_timer; 2297 break; 2298 case SCTP_TIMER_TYPE_INIT: 2299 if ((stcb == NULL) || (net == NULL)) { 2300 return; 2301 } 2302 tmr = &net->rxt_timer; 2303 break; 2304 case SCTP_TIMER_TYPE_RECV: 2305 if (stcb == NULL) { 2306 return; 2307 } 2308 tmr = &stcb->asoc.dack_timer; 2309 break; 2310 case SCTP_TIMER_TYPE_SHUTDOWN: 2311 if ((stcb == NULL) || (net == NULL)) { 2312 return; 2313 } 2314 tmr = &net->rxt_timer; 2315 break; 2316 case SCTP_TIMER_TYPE_HEARTBEAT: 2317 if ((stcb == NULL) || (net == NULL)) { 2318 return; 2319 } 2320 tmr = &net->hb_timer; 2321 break; 2322 case SCTP_TIMER_TYPE_COOKIE: 2323 if ((stcb == NULL) || (net == NULL)) { 2324 return; 2325 } 2326 tmr = &net->rxt_timer; 2327 break; 2328 case SCTP_TIMER_TYPE_NEWCOOKIE: 2329 /* nothing needed but the endpoint here */ 2330 tmr = &inp->sctp_ep.signature_change; 2331 /* 2332 * We re-use the newcookie timer for the INP kill timer. We 2333 * must assure that we do not kill it by accident. 2334 */ 2335 break; 2336 case SCTP_TIMER_TYPE_ASOCKILL: 2337 /* 2338 * Stop the asoc kill timer. 2339 */ 2340 if (stcb == NULL) { 2341 return; 2342 } 2343 tmr = &stcb->asoc.strreset_timer; 2344 break; 2345 2346 case SCTP_TIMER_TYPE_INPKILL: 2347 /* 2348 * The inp is setup to die. We re-use the signature_chage 2349 * timer since that has stopped and we are in the GONE 2350 * state. 2351 */ 2352 tmr = &inp->sctp_ep.signature_change; 2353 break; 2354 case SCTP_TIMER_TYPE_PATHMTURAISE: 2355 if ((stcb == NULL) || (net == NULL)) { 2356 return; 2357 } 2358 tmr = &net->pmtu_timer; 2359 break; 2360 case SCTP_TIMER_TYPE_SHUTDOWNACK: 2361 if ((stcb == NULL) || (net == NULL)) { 2362 return; 2363 } 2364 tmr = &net->rxt_timer; 2365 break; 2366 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 2367 if (stcb == NULL) { 2368 return; 2369 } 2370 tmr = &stcb->asoc.shut_guard_timer; 2371 break; 2372 case SCTP_TIMER_TYPE_STRRESET: 2373 if (stcb == NULL) { 2374 return; 2375 } 2376 tmr = &stcb->asoc.strreset_timer; 2377 break; 2378 case SCTP_TIMER_TYPE_ASCONF: 2379 if (stcb == NULL) { 2380 return; 2381 } 2382 tmr = &stcb->asoc.asconf_timer; 2383 break; 2384 case SCTP_TIMER_TYPE_PRIM_DELETED: 2385 if (stcb == NULL) { 2386 return; 2387 } 2388 tmr = &stcb->asoc.delete_prim_timer; 2389 break; 2390 case SCTP_TIMER_TYPE_AUTOCLOSE: 2391 if (stcb == NULL) { 2392 return; 2393 } 2394 tmr = &stcb->asoc.autoclose_timer; 2395 break; 2396 default: 2397 SCTPDBG(SCTP_DEBUG_TIMER1, "%s: Unknown timer type %d\n", 2398 __func__, t_type); 2399 break; 2400 } 2401 if (tmr == NULL) { 2402 return; 2403 } 2404 if ((tmr->type != t_type) && tmr->type) { 2405 /* 2406 * Ok we have a timer that is under joint use. Cookie timer 2407 * per chance with the SEND timer. We therefore are NOT 2408 * running the timer that the caller wants stopped. So just 2409 * return. 2410 */ 2411 return; 2412 } 2413 if ((t_type == SCTP_TIMER_TYPE_SEND) && (stcb != NULL)) { 2414 stcb->asoc.num_send_timers_up--; 2415 if (stcb->asoc.num_send_timers_up < 0) { 2416 stcb->asoc.num_send_timers_up = 0; 2417 } 2418 } 2419 tmr->self = NULL; 2420 tmr->stopped_from = from; 2421 (void)SCTP_OS_TIMER_STOP(&tmr->timer); 2422 return; 2423 } 2424 2425 uint32_t 2426 sctp_calculate_len(struct mbuf *m) 2427 { 2428 uint32_t tlen = 0; 2429 struct mbuf *at; 2430 2431 at = m; 2432 while (at) { 2433 tlen += SCTP_BUF_LEN(at); 2434 at = SCTP_BUF_NEXT(at); 2435 } 2436 return (tlen); 2437 } 2438 2439 void 2440 sctp_mtu_size_reset(struct sctp_inpcb *inp, 2441 struct sctp_association *asoc, uint32_t mtu) 2442 { 2443 /* 2444 * Reset the P-MTU size on this association, this involves changing 2445 * the asoc MTU, going through ANY chunk+overhead larger than mtu to 2446 * allow the DF flag to be cleared. 2447 */ 2448 struct sctp_tmit_chunk *chk; 2449 unsigned int eff_mtu, ovh; 2450 2451 asoc->smallest_mtu = mtu; 2452 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 2453 ovh = SCTP_MIN_OVERHEAD; 2454 } else { 2455 ovh = SCTP_MIN_V4_OVERHEAD; 2456 } 2457 eff_mtu = mtu - ovh; 2458 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 2459 if (chk->send_size > eff_mtu) { 2460 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2461 } 2462 } 2463 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 2464 if (chk->send_size > eff_mtu) { 2465 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2466 } 2467 } 2468 } 2469 2470 2471 /* 2472 * given an association and starting time of the current RTT period return 2473 * RTO in number of msecs net should point to the current network 2474 */ 2475 2476 uint32_t 2477 sctp_calculate_rto(struct sctp_tcb *stcb, 2478 struct sctp_association *asoc, 2479 struct sctp_nets *net, 2480 struct timeval *old, 2481 int rtt_from_sack) 2482 { 2483 /*- 2484 * given an association and the starting time of the current RTT 2485 * period (in value1/value2) return RTO in number of msecs. 2486 */ 2487 int32_t rtt; /* RTT in ms */ 2488 uint32_t new_rto; 2489 int first_measure = 0; 2490 struct timeval now; 2491 2492 /************************/ 2493 /* 1. calculate new RTT */ 2494 /************************/ 2495 /* get the current time */ 2496 if (stcb->asoc.use_precise_time) { 2497 (void)SCTP_GETPTIME_TIMEVAL(&now); 2498 } else { 2499 (void)SCTP_GETTIME_TIMEVAL(&now); 2500 } 2501 timevalsub(&now, old); 2502 /* store the current RTT in us */ 2503 net->rtt = (uint64_t)1000000 * (uint64_t)now.tv_sec + 2504 (uint64_t)now.tv_usec; 2505 /* compute rtt in ms */ 2506 rtt = (int32_t)(net->rtt / 1000); 2507 if ((asoc->cc_functions.sctp_rtt_calculated) && (rtt_from_sack == SCTP_RTT_FROM_DATA)) { 2508 /* 2509 * Tell the CC module that a new update has just occurred 2510 * from a sack 2511 */ 2512 (*asoc->cc_functions.sctp_rtt_calculated) (stcb, net, &now); 2513 } 2514 /* 2515 * Do we need to determine the lan? We do this only on sacks i.e. 2516 * RTT being determined from data not non-data (HB/INIT->INITACK). 2517 */ 2518 if ((rtt_from_sack == SCTP_RTT_FROM_DATA) && 2519 (net->lan_type == SCTP_LAN_UNKNOWN)) { 2520 if (net->rtt > SCTP_LOCAL_LAN_RTT) { 2521 net->lan_type = SCTP_LAN_INTERNET; 2522 } else { 2523 net->lan_type = SCTP_LAN_LOCAL; 2524 } 2525 } 2526 2527 /***************************/ 2528 /* 2. update RTTVAR & SRTT */ 2529 /***************************/ 2530 /*- 2531 * Compute the scaled average lastsa and the 2532 * scaled variance lastsv as described in van Jacobson 2533 * Paper "Congestion Avoidance and Control", Annex A. 2534 * 2535 * (net->lastsa >> SCTP_RTT_SHIFT) is the srtt 2536 * (net->lastsa >> SCTP_RTT_VAR_SHIFT) is the rttvar 2537 */ 2538 if (net->RTO_measured) { 2539 rtt -= (net->lastsa >> SCTP_RTT_SHIFT); 2540 net->lastsa += rtt; 2541 if (rtt < 0) { 2542 rtt = -rtt; 2543 } 2544 rtt -= (net->lastsv >> SCTP_RTT_VAR_SHIFT); 2545 net->lastsv += rtt; 2546 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RTTVAR_LOGGING_ENABLE) { 2547 rto_logging(net, SCTP_LOG_RTTVAR); 2548 } 2549 } else { 2550 /* First RTO measurment */ 2551 net->RTO_measured = 1; 2552 first_measure = 1; 2553 net->lastsa = rtt << SCTP_RTT_SHIFT; 2554 net->lastsv = (rtt / 2) << SCTP_RTT_VAR_SHIFT; 2555 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RTTVAR_LOGGING_ENABLE) { 2556 rto_logging(net, SCTP_LOG_INITIAL_RTT); 2557 } 2558 } 2559 if (net->lastsv == 0) { 2560 net->lastsv = SCTP_CLOCK_GRANULARITY; 2561 } 2562 new_rto = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv; 2563 if ((new_rto > SCTP_SAT_NETWORK_MIN) && 2564 (stcb->asoc.sat_network_lockout == 0)) { 2565 stcb->asoc.sat_network = 1; 2566 } else if ((!first_measure) && stcb->asoc.sat_network) { 2567 stcb->asoc.sat_network = 0; 2568 stcb->asoc.sat_network_lockout = 1; 2569 } 2570 /* bound it, per C6/C7 in Section 5.3.1 */ 2571 if (new_rto < stcb->asoc.minrto) { 2572 new_rto = stcb->asoc.minrto; 2573 } 2574 if (new_rto > stcb->asoc.maxrto) { 2575 new_rto = stcb->asoc.maxrto; 2576 } 2577 /* we are now returning the RTO */ 2578 return (new_rto); 2579 } 2580 2581 /* 2582 * return a pointer to a contiguous piece of data from the given mbuf chain 2583 * starting at 'off' for 'len' bytes. If the desired piece spans more than 2584 * one mbuf, a copy is made at 'ptr'. caller must ensure that the buffer size 2585 * is >= 'len' returns NULL if there there isn't 'len' bytes in the chain. 2586 */ 2587 caddr_t 2588 sctp_m_getptr(struct mbuf *m, int off, int len, uint8_t *in_ptr) 2589 { 2590 uint32_t count; 2591 uint8_t *ptr; 2592 2593 ptr = in_ptr; 2594 if ((off < 0) || (len <= 0)) 2595 return (NULL); 2596 2597 /* find the desired start location */ 2598 while ((m != NULL) && (off > 0)) { 2599 if (off < SCTP_BUF_LEN(m)) 2600 break; 2601 off -= SCTP_BUF_LEN(m); 2602 m = SCTP_BUF_NEXT(m); 2603 } 2604 if (m == NULL) 2605 return (NULL); 2606 2607 /* is the current mbuf large enough (eg. contiguous)? */ 2608 if ((SCTP_BUF_LEN(m) - off) >= len) { 2609 return (mtod(m, caddr_t)+off); 2610 } else { 2611 /* else, it spans more than one mbuf, so save a temp copy... */ 2612 while ((m != NULL) && (len > 0)) { 2613 count = min(SCTP_BUF_LEN(m) - off, len); 2614 memcpy(ptr, mtod(m, caddr_t)+off, count); 2615 len -= count; 2616 ptr += count; 2617 off = 0; 2618 m = SCTP_BUF_NEXT(m); 2619 } 2620 if ((m == NULL) && (len > 0)) 2621 return (NULL); 2622 else 2623 return ((caddr_t)in_ptr); 2624 } 2625 } 2626 2627 2628 2629 struct sctp_paramhdr * 2630 sctp_get_next_param(struct mbuf *m, 2631 int offset, 2632 struct sctp_paramhdr *pull, 2633 int pull_limit) 2634 { 2635 /* This just provides a typed signature to Peter's Pull routine */ 2636 return ((struct sctp_paramhdr *)sctp_m_getptr(m, offset, pull_limit, 2637 (uint8_t *)pull)); 2638 } 2639 2640 2641 struct mbuf * 2642 sctp_add_pad_tombuf(struct mbuf *m, int padlen) 2643 { 2644 struct mbuf *m_last; 2645 caddr_t dp; 2646 2647 if (padlen > 3) { 2648 return (NULL); 2649 } 2650 if (padlen <= M_TRAILINGSPACE(m)) { 2651 /* 2652 * The easy way. We hope the majority of the time we hit 2653 * here :) 2654 */ 2655 m_last = m; 2656 } else { 2657 /* Hard way we must grow the mbuf chain */ 2658 m_last = sctp_get_mbuf_for_msg(padlen, 0, M_NOWAIT, 1, MT_DATA); 2659 if (m_last == NULL) { 2660 return (NULL); 2661 } 2662 SCTP_BUF_LEN(m_last) = 0; 2663 SCTP_BUF_NEXT(m_last) = NULL; 2664 SCTP_BUF_NEXT(m) = m_last; 2665 } 2666 dp = mtod(m_last, caddr_t)+SCTP_BUF_LEN(m_last); 2667 SCTP_BUF_LEN(m_last) += padlen; 2668 memset(dp, 0, padlen); 2669 return (m_last); 2670 } 2671 2672 struct mbuf * 2673 sctp_pad_lastmbuf(struct mbuf *m, int padval, struct mbuf *last_mbuf) 2674 { 2675 /* find the last mbuf in chain and pad it */ 2676 struct mbuf *m_at; 2677 2678 if (last_mbuf != NULL) { 2679 return (sctp_add_pad_tombuf(last_mbuf, padval)); 2680 } else { 2681 for (m_at = m; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 2682 if (SCTP_BUF_NEXT(m_at) == NULL) { 2683 return (sctp_add_pad_tombuf(m_at, padval)); 2684 } 2685 } 2686 } 2687 return (NULL); 2688 } 2689 2690 static void 2691 sctp_notify_assoc_change(uint16_t state, struct sctp_tcb *stcb, 2692 uint16_t error, struct sctp_abort_chunk *abort, uint8_t from_peer, int so_locked 2693 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 2694 SCTP_UNUSED 2695 #endif 2696 ) 2697 { 2698 struct mbuf *m_notify; 2699 struct sctp_assoc_change *sac; 2700 struct sctp_queued_to_read *control; 2701 unsigned int notif_len; 2702 uint16_t abort_len; 2703 unsigned int i; 2704 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2705 struct socket *so; 2706 #endif 2707 2708 if (stcb == NULL) { 2709 return; 2710 } 2711 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVASSOCEVNT)) { 2712 notif_len = (unsigned int)sizeof(struct sctp_assoc_change); 2713 if (abort != NULL) { 2714 abort_len = ntohs(abort->ch.chunk_length); 2715 /* 2716 * Only SCTP_CHUNK_BUFFER_SIZE are guaranteed to be 2717 * contiguous. 2718 */ 2719 if (abort_len > SCTP_CHUNK_BUFFER_SIZE) { 2720 abort_len = SCTP_CHUNK_BUFFER_SIZE; 2721 } 2722 } else { 2723 abort_len = 0; 2724 } 2725 if ((state == SCTP_COMM_UP) || (state == SCTP_RESTART)) { 2726 notif_len += SCTP_ASSOC_SUPPORTS_MAX; 2727 } else if ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC)) { 2728 notif_len += abort_len; 2729 } 2730 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 2731 if (m_notify == NULL) { 2732 /* Retry with smaller value. */ 2733 notif_len = (unsigned int)sizeof(struct sctp_assoc_change); 2734 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 2735 if (m_notify == NULL) { 2736 goto set_error; 2737 } 2738 } 2739 SCTP_BUF_NEXT(m_notify) = NULL; 2740 sac = mtod(m_notify, struct sctp_assoc_change *); 2741 memset(sac, 0, notif_len); 2742 sac->sac_type = SCTP_ASSOC_CHANGE; 2743 sac->sac_flags = 0; 2744 sac->sac_length = sizeof(struct sctp_assoc_change); 2745 sac->sac_state = state; 2746 sac->sac_error = error; 2747 /* XXX verify these stream counts */ 2748 sac->sac_outbound_streams = stcb->asoc.streamoutcnt; 2749 sac->sac_inbound_streams = stcb->asoc.streamincnt; 2750 sac->sac_assoc_id = sctp_get_associd(stcb); 2751 if (notif_len > sizeof(struct sctp_assoc_change)) { 2752 if ((state == SCTP_COMM_UP) || (state == SCTP_RESTART)) { 2753 i = 0; 2754 if (stcb->asoc.prsctp_supported == 1) { 2755 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_PR; 2756 } 2757 if (stcb->asoc.auth_supported == 1) { 2758 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_AUTH; 2759 } 2760 if (stcb->asoc.asconf_supported == 1) { 2761 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_ASCONF; 2762 } 2763 if (stcb->asoc.idata_supported == 1) { 2764 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_INTERLEAVING; 2765 } 2766 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_MULTIBUF; 2767 if (stcb->asoc.reconfig_supported == 1) { 2768 sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_RE_CONFIG; 2769 } 2770 sac->sac_length += i; 2771 } else if ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC)) { 2772 memcpy(sac->sac_info, abort, abort_len); 2773 sac->sac_length += abort_len; 2774 } 2775 } 2776 SCTP_BUF_LEN(m_notify) = sac->sac_length; 2777 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2778 0, 0, stcb->asoc.context, 0, 0, 0, 2779 m_notify); 2780 if (control != NULL) { 2781 control->length = SCTP_BUF_LEN(m_notify); 2782 control->spec_flags = M_NOTIFICATION; 2783 /* not that we need this */ 2784 control->tail_mbuf = m_notify; 2785 sctp_add_to_readq(stcb->sctp_ep, stcb, 2786 control, 2787 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, 2788 so_locked); 2789 } else { 2790 sctp_m_freem(m_notify); 2791 } 2792 } 2793 /* 2794 * For 1-to-1 style sockets, we send up and error when an ABORT 2795 * comes in. 2796 */ 2797 set_error: 2798 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 2799 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && 2800 ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC))) { 2801 SOCK_LOCK(stcb->sctp_socket); 2802 if (from_peer) { 2803 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) { 2804 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNREFUSED); 2805 stcb->sctp_socket->so_error = ECONNREFUSED; 2806 } else { 2807 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNRESET); 2808 stcb->sctp_socket->so_error = ECONNRESET; 2809 } 2810 } else { 2811 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 2812 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 2813 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ETIMEDOUT); 2814 stcb->sctp_socket->so_error = ETIMEDOUT; 2815 } else { 2816 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ECONNABORTED); 2817 stcb->sctp_socket->so_error = ECONNABORTED; 2818 } 2819 } 2820 SOCK_UNLOCK(stcb->sctp_socket); 2821 } 2822 /* Wake ANY sleepers */ 2823 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2824 so = SCTP_INP_SO(stcb->sctp_ep); 2825 if (!so_locked) { 2826 atomic_add_int(&stcb->asoc.refcnt, 1); 2827 SCTP_TCB_UNLOCK(stcb); 2828 SCTP_SOCKET_LOCK(so, 1); 2829 SCTP_TCB_LOCK(stcb); 2830 atomic_subtract_int(&stcb->asoc.refcnt, 1); 2831 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 2832 SCTP_SOCKET_UNLOCK(so, 1); 2833 return; 2834 } 2835 } 2836 #endif 2837 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 2838 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && 2839 ((state == SCTP_COMM_LOST) || (state == SCTP_CANT_STR_ASSOC))) { 2840 socantrcvmore(stcb->sctp_socket); 2841 } 2842 sorwakeup(stcb->sctp_socket); 2843 sowwakeup(stcb->sctp_socket); 2844 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 2845 if (!so_locked) { 2846 SCTP_SOCKET_UNLOCK(so, 1); 2847 } 2848 #endif 2849 } 2850 2851 static void 2852 sctp_notify_peer_addr_change(struct sctp_tcb *stcb, uint32_t state, 2853 struct sockaddr *sa, uint32_t error, int so_locked 2854 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 2855 SCTP_UNUSED 2856 #endif 2857 ) 2858 { 2859 struct mbuf *m_notify; 2860 struct sctp_paddr_change *spc; 2861 struct sctp_queued_to_read *control; 2862 2863 if ((stcb == NULL) || 2864 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVPADDREVNT)) { 2865 /* event not enabled */ 2866 return; 2867 } 2868 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_paddr_change), 0, M_NOWAIT, 1, MT_DATA); 2869 if (m_notify == NULL) 2870 return; 2871 SCTP_BUF_LEN(m_notify) = 0; 2872 spc = mtod(m_notify, struct sctp_paddr_change *); 2873 memset(spc, 0, sizeof(struct sctp_paddr_change)); 2874 spc->spc_type = SCTP_PEER_ADDR_CHANGE; 2875 spc->spc_flags = 0; 2876 spc->spc_length = sizeof(struct sctp_paddr_change); 2877 switch (sa->sa_family) { 2878 #ifdef INET 2879 case AF_INET: 2880 #ifdef INET6 2881 if (sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_NEEDS_MAPPED_V4)) { 2882 in6_sin_2_v4mapsin6((struct sockaddr_in *)sa, 2883 (struct sockaddr_in6 *)&spc->spc_aaddr); 2884 } else { 2885 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in)); 2886 } 2887 #else 2888 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in)); 2889 #endif 2890 break; 2891 #endif 2892 #ifdef INET6 2893 case AF_INET6: 2894 { 2895 struct sockaddr_in6 *sin6; 2896 2897 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in6)); 2898 2899 sin6 = (struct sockaddr_in6 *)&spc->spc_aaddr; 2900 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) { 2901 if (sin6->sin6_scope_id == 0) { 2902 /* recover scope_id for user */ 2903 (void)sa6_recoverscope(sin6); 2904 } else { 2905 /* clear embedded scope_id for user */ 2906 in6_clearscope(&sin6->sin6_addr); 2907 } 2908 } 2909 break; 2910 } 2911 #endif 2912 default: 2913 /* TSNH */ 2914 break; 2915 } 2916 spc->spc_state = state; 2917 spc->spc_error = error; 2918 spc->spc_assoc_id = sctp_get_associd(stcb); 2919 2920 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_paddr_change); 2921 SCTP_BUF_NEXT(m_notify) = NULL; 2922 2923 /* append to socket */ 2924 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2925 0, 0, stcb->asoc.context, 0, 0, 0, 2926 m_notify); 2927 if (control == NULL) { 2928 /* no memory */ 2929 sctp_m_freem(m_notify); 2930 return; 2931 } 2932 control->length = SCTP_BUF_LEN(m_notify); 2933 control->spec_flags = M_NOTIFICATION; 2934 /* not that we need this */ 2935 control->tail_mbuf = m_notify; 2936 sctp_add_to_readq(stcb->sctp_ep, stcb, 2937 control, 2938 &stcb->sctp_socket->so_rcv, 1, 2939 SCTP_READ_LOCK_NOT_HELD, 2940 so_locked); 2941 } 2942 2943 2944 static void 2945 sctp_notify_send_failed(struct sctp_tcb *stcb, uint8_t sent, uint32_t error, 2946 struct sctp_tmit_chunk *chk, int so_locked 2947 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 2948 SCTP_UNUSED 2949 #endif 2950 ) 2951 { 2952 struct mbuf *m_notify; 2953 struct sctp_send_failed *ssf; 2954 struct sctp_send_failed_event *ssfe; 2955 struct sctp_queued_to_read *control; 2956 struct sctp_chunkhdr *chkhdr; 2957 int notifhdr_len, chk_len, chkhdr_len, padding_len, payload_len; 2958 2959 if ((stcb == NULL) || 2960 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSENDFAILEVNT) && 2961 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT))) { 2962 /* event not enabled */ 2963 return; 2964 } 2965 2966 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 2967 notifhdr_len = sizeof(struct sctp_send_failed_event); 2968 } else { 2969 notifhdr_len = sizeof(struct sctp_send_failed); 2970 } 2971 m_notify = sctp_get_mbuf_for_msg(notifhdr_len, 0, M_NOWAIT, 1, MT_DATA); 2972 if (m_notify == NULL) 2973 /* no space left */ 2974 return; 2975 SCTP_BUF_LEN(m_notify) = notifhdr_len; 2976 if (stcb->asoc.idata_supported) { 2977 chkhdr_len = sizeof(struct sctp_idata_chunk); 2978 } else { 2979 chkhdr_len = sizeof(struct sctp_data_chunk); 2980 } 2981 /* Use some defaults in case we can't access the chunk header */ 2982 if (chk->send_size >= chkhdr_len) { 2983 payload_len = chk->send_size - chkhdr_len; 2984 } else { 2985 payload_len = 0; 2986 } 2987 padding_len = 0; 2988 if (chk->data != NULL) { 2989 chkhdr = mtod(chk->data, struct sctp_chunkhdr *); 2990 if (chkhdr != NULL) { 2991 chk_len = ntohs(chkhdr->chunk_length); 2992 if ((chk_len >= chkhdr_len) && 2993 (chk->send_size >= chk_len) && 2994 (chk->send_size - chk_len < 4)) { 2995 padding_len = chk->send_size - chk_len; 2996 payload_len = chk->send_size - chkhdr_len - padding_len; 2997 } 2998 } 2999 } 3000 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3001 ssfe = mtod(m_notify, struct sctp_send_failed_event *); 3002 memset(ssfe, 0, notifhdr_len); 3003 ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; 3004 if (sent) { 3005 ssfe->ssfe_flags = SCTP_DATA_SENT; 3006 } else { 3007 ssfe->ssfe_flags = SCTP_DATA_UNSENT; 3008 } 3009 ssfe->ssfe_length = (uint32_t)(notifhdr_len + payload_len); 3010 ssfe->ssfe_error = error; 3011 /* not exactly what the user sent in, but should be close :) */ 3012 ssfe->ssfe_info.snd_sid = chk->rec.data.sid; 3013 ssfe->ssfe_info.snd_flags = chk->rec.data.rcv_flags; 3014 ssfe->ssfe_info.snd_ppid = chk->rec.data.ppid; 3015 ssfe->ssfe_info.snd_context = chk->rec.data.context; 3016 ssfe->ssfe_info.snd_assoc_id = sctp_get_associd(stcb); 3017 ssfe->ssfe_assoc_id = sctp_get_associd(stcb); 3018 } else { 3019 ssf = mtod(m_notify, struct sctp_send_failed *); 3020 memset(ssf, 0, notifhdr_len); 3021 ssf->ssf_type = SCTP_SEND_FAILED; 3022 if (sent) { 3023 ssf->ssf_flags = SCTP_DATA_SENT; 3024 } else { 3025 ssf->ssf_flags = SCTP_DATA_UNSENT; 3026 } 3027 ssf->ssf_length = (uint32_t)(notifhdr_len + payload_len); 3028 ssf->ssf_error = error; 3029 /* not exactly what the user sent in, but should be close :) */ 3030 ssf->ssf_info.sinfo_stream = chk->rec.data.sid; 3031 ssf->ssf_info.sinfo_ssn = (uint16_t)chk->rec.data.mid; 3032 ssf->ssf_info.sinfo_flags = chk->rec.data.rcv_flags; 3033 ssf->ssf_info.sinfo_ppid = chk->rec.data.ppid; 3034 ssf->ssf_info.sinfo_context = chk->rec.data.context; 3035 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 3036 ssf->ssf_assoc_id = sctp_get_associd(stcb); 3037 } 3038 if (chk->data != NULL) { 3039 /* Trim off the sctp chunk header (it should be there) */ 3040 if (chk->send_size == chkhdr_len + payload_len + padding_len) { 3041 m_adj(chk->data, chkhdr_len); 3042 m_adj(chk->data, -padding_len); 3043 sctp_mbuf_crush(chk->data); 3044 chk->send_size -= (chkhdr_len + padding_len); 3045 } 3046 } 3047 SCTP_BUF_NEXT(m_notify) = chk->data; 3048 /* Steal off the mbuf */ 3049 chk->data = NULL; 3050 /* 3051 * For this case, we check the actual socket buffer, since the assoc 3052 * is going away we don't want to overfill the socket buffer for a 3053 * non-reader 3054 */ 3055 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3056 sctp_m_freem(m_notify); 3057 return; 3058 } 3059 /* append to socket */ 3060 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3061 0, 0, stcb->asoc.context, 0, 0, 0, 3062 m_notify); 3063 if (control == NULL) { 3064 /* no memory */ 3065 sctp_m_freem(m_notify); 3066 return; 3067 } 3068 control->length = SCTP_BUF_LEN(m_notify); 3069 control->spec_flags = M_NOTIFICATION; 3070 /* not that we need this */ 3071 control->tail_mbuf = m_notify; 3072 sctp_add_to_readq(stcb->sctp_ep, stcb, 3073 control, 3074 &stcb->sctp_socket->so_rcv, 1, 3075 SCTP_READ_LOCK_NOT_HELD, 3076 so_locked); 3077 } 3078 3079 3080 static void 3081 sctp_notify_send_failed2(struct sctp_tcb *stcb, uint32_t error, 3082 struct sctp_stream_queue_pending *sp, int so_locked 3083 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3084 SCTP_UNUSED 3085 #endif 3086 ) 3087 { 3088 struct mbuf *m_notify; 3089 struct sctp_send_failed *ssf; 3090 struct sctp_send_failed_event *ssfe; 3091 struct sctp_queued_to_read *control; 3092 int notifhdr_len; 3093 3094 if ((stcb == NULL) || 3095 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSENDFAILEVNT) && 3096 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT))) { 3097 /* event not enabled */ 3098 return; 3099 } 3100 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3101 notifhdr_len = sizeof(struct sctp_send_failed_event); 3102 } else { 3103 notifhdr_len = sizeof(struct sctp_send_failed); 3104 } 3105 m_notify = sctp_get_mbuf_for_msg(notifhdr_len, 0, M_NOWAIT, 1, MT_DATA); 3106 if (m_notify == NULL) { 3107 /* no space left */ 3108 return; 3109 } 3110 SCTP_BUF_LEN(m_notify) = notifhdr_len; 3111 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { 3112 ssfe = mtod(m_notify, struct sctp_send_failed_event *); 3113 memset(ssfe, 0, notifhdr_len); 3114 ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; 3115 ssfe->ssfe_flags = SCTP_DATA_UNSENT; 3116 ssfe->ssfe_length = (uint32_t)(notifhdr_len + sp->length); 3117 ssfe->ssfe_error = error; 3118 /* not exactly what the user sent in, but should be close :) */ 3119 ssfe->ssfe_info.snd_sid = sp->sid; 3120 if (sp->some_taken) { 3121 ssfe->ssfe_info.snd_flags = SCTP_DATA_LAST_FRAG; 3122 } else { 3123 ssfe->ssfe_info.snd_flags = SCTP_DATA_NOT_FRAG; 3124 } 3125 ssfe->ssfe_info.snd_ppid = sp->ppid; 3126 ssfe->ssfe_info.snd_context = sp->context; 3127 ssfe->ssfe_info.snd_assoc_id = sctp_get_associd(stcb); 3128 ssfe->ssfe_assoc_id = sctp_get_associd(stcb); 3129 } else { 3130 ssf = mtod(m_notify, struct sctp_send_failed *); 3131 memset(ssf, 0, notifhdr_len); 3132 ssf->ssf_type = SCTP_SEND_FAILED; 3133 ssf->ssf_flags = SCTP_DATA_UNSENT; 3134 ssf->ssf_length = (uint32_t)(notifhdr_len + sp->length); 3135 ssf->ssf_error = error; 3136 /* not exactly what the user sent in, but should be close :) */ 3137 ssf->ssf_info.sinfo_stream = sp->sid; 3138 ssf->ssf_info.sinfo_ssn = 0; 3139 if (sp->some_taken) { 3140 ssf->ssf_info.sinfo_flags = SCTP_DATA_LAST_FRAG; 3141 } else { 3142 ssf->ssf_info.sinfo_flags = SCTP_DATA_NOT_FRAG; 3143 } 3144 ssf->ssf_info.sinfo_ppid = sp->ppid; 3145 ssf->ssf_info.sinfo_context = sp->context; 3146 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 3147 ssf->ssf_assoc_id = sctp_get_associd(stcb); 3148 } 3149 SCTP_BUF_NEXT(m_notify) = sp->data; 3150 3151 /* Steal off the mbuf */ 3152 sp->data = NULL; 3153 /* 3154 * For this case, we check the actual socket buffer, since the assoc 3155 * is going away we don't want to overfill the socket buffer for a 3156 * non-reader 3157 */ 3158 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3159 sctp_m_freem(m_notify); 3160 return; 3161 } 3162 /* append to socket */ 3163 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3164 0, 0, stcb->asoc.context, 0, 0, 0, 3165 m_notify); 3166 if (control == NULL) { 3167 /* no memory */ 3168 sctp_m_freem(m_notify); 3169 return; 3170 } 3171 control->length = SCTP_BUF_LEN(m_notify); 3172 control->spec_flags = M_NOTIFICATION; 3173 /* not that we need this */ 3174 control->tail_mbuf = m_notify; 3175 sctp_add_to_readq(stcb->sctp_ep, stcb, 3176 control, 3177 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); 3178 } 3179 3180 3181 3182 static void 3183 sctp_notify_adaptation_layer(struct sctp_tcb *stcb) 3184 { 3185 struct mbuf *m_notify; 3186 struct sctp_adaptation_event *sai; 3187 struct sctp_queued_to_read *control; 3188 3189 if ((stcb == NULL) || 3190 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ADAPTATIONEVNT)) { 3191 /* event not enabled */ 3192 return; 3193 } 3194 3195 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_adaption_event), 0, M_NOWAIT, 1, MT_DATA); 3196 if (m_notify == NULL) 3197 /* no space left */ 3198 return; 3199 SCTP_BUF_LEN(m_notify) = 0; 3200 sai = mtod(m_notify, struct sctp_adaptation_event *); 3201 memset(sai, 0, sizeof(struct sctp_adaptation_event)); 3202 sai->sai_type = SCTP_ADAPTATION_INDICATION; 3203 sai->sai_flags = 0; 3204 sai->sai_length = sizeof(struct sctp_adaptation_event); 3205 sai->sai_adaptation_ind = stcb->asoc.peers_adaptation; 3206 sai->sai_assoc_id = sctp_get_associd(stcb); 3207 3208 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_adaptation_event); 3209 SCTP_BUF_NEXT(m_notify) = NULL; 3210 3211 /* append to socket */ 3212 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3213 0, 0, stcb->asoc.context, 0, 0, 0, 3214 m_notify); 3215 if (control == NULL) { 3216 /* no memory */ 3217 sctp_m_freem(m_notify); 3218 return; 3219 } 3220 control->length = SCTP_BUF_LEN(m_notify); 3221 control->spec_flags = M_NOTIFICATION; 3222 /* not that we need this */ 3223 control->tail_mbuf = m_notify; 3224 sctp_add_to_readq(stcb->sctp_ep, stcb, 3225 control, 3226 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3227 } 3228 3229 /* This always must be called with the read-queue LOCKED in the INP */ 3230 static void 3231 sctp_notify_partial_delivery_indication(struct sctp_tcb *stcb, uint32_t error, 3232 uint32_t val, int so_locked 3233 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3234 SCTP_UNUSED 3235 #endif 3236 ) 3237 { 3238 struct mbuf *m_notify; 3239 struct sctp_pdapi_event *pdapi; 3240 struct sctp_queued_to_read *control; 3241 struct sockbuf *sb; 3242 3243 if ((stcb == NULL) || 3244 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_PDAPIEVNT)) { 3245 /* event not enabled */ 3246 return; 3247 } 3248 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_CANT_READ) { 3249 return; 3250 } 3251 3252 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_pdapi_event), 0, M_NOWAIT, 1, MT_DATA); 3253 if (m_notify == NULL) 3254 /* no space left */ 3255 return; 3256 SCTP_BUF_LEN(m_notify) = 0; 3257 pdapi = mtod(m_notify, struct sctp_pdapi_event *); 3258 memset(pdapi, 0, sizeof(struct sctp_pdapi_event)); 3259 pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT; 3260 pdapi->pdapi_flags = 0; 3261 pdapi->pdapi_length = sizeof(struct sctp_pdapi_event); 3262 pdapi->pdapi_indication = error; 3263 pdapi->pdapi_stream = (val >> 16); 3264 pdapi->pdapi_seq = (val & 0x0000ffff); 3265 pdapi->pdapi_assoc_id = sctp_get_associd(stcb); 3266 3267 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_pdapi_event); 3268 SCTP_BUF_NEXT(m_notify) = NULL; 3269 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3270 0, 0, stcb->asoc.context, 0, 0, 0, 3271 m_notify); 3272 if (control == NULL) { 3273 /* no memory */ 3274 sctp_m_freem(m_notify); 3275 return; 3276 } 3277 control->length = SCTP_BUF_LEN(m_notify); 3278 control->spec_flags = M_NOTIFICATION; 3279 /* not that we need this */ 3280 control->tail_mbuf = m_notify; 3281 sb = &stcb->sctp_socket->so_rcv; 3282 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 3283 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m_notify)); 3284 } 3285 sctp_sballoc(stcb, sb, m_notify); 3286 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 3287 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 3288 } 3289 control->end_added = 1; 3290 if (stcb->asoc.control_pdapi) 3291 TAILQ_INSERT_AFTER(&stcb->sctp_ep->read_queue, stcb->asoc.control_pdapi, control, next); 3292 else { 3293 /* we really should not see this case */ 3294 TAILQ_INSERT_TAIL(&stcb->sctp_ep->read_queue, control, next); 3295 } 3296 if (stcb->sctp_ep && stcb->sctp_socket) { 3297 /* This should always be the case */ 3298 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3299 struct socket *so; 3300 3301 so = SCTP_INP_SO(stcb->sctp_ep); 3302 if (!so_locked) { 3303 atomic_add_int(&stcb->asoc.refcnt, 1); 3304 SCTP_TCB_UNLOCK(stcb); 3305 SCTP_SOCKET_LOCK(so, 1); 3306 SCTP_TCB_LOCK(stcb); 3307 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3308 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 3309 SCTP_SOCKET_UNLOCK(so, 1); 3310 return; 3311 } 3312 } 3313 #endif 3314 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket); 3315 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3316 if (!so_locked) { 3317 SCTP_SOCKET_UNLOCK(so, 1); 3318 } 3319 #endif 3320 } 3321 } 3322 3323 static void 3324 sctp_notify_shutdown_event(struct sctp_tcb *stcb) 3325 { 3326 struct mbuf *m_notify; 3327 struct sctp_shutdown_event *sse; 3328 struct sctp_queued_to_read *control; 3329 3330 /* 3331 * For TCP model AND UDP connected sockets we will send an error up 3332 * when an SHUTDOWN completes 3333 */ 3334 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 3335 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 3336 /* mark socket closed for read/write and wakeup! */ 3337 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3338 struct socket *so; 3339 3340 so = SCTP_INP_SO(stcb->sctp_ep); 3341 atomic_add_int(&stcb->asoc.refcnt, 1); 3342 SCTP_TCB_UNLOCK(stcb); 3343 SCTP_SOCKET_LOCK(so, 1); 3344 SCTP_TCB_LOCK(stcb); 3345 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3346 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 3347 SCTP_SOCKET_UNLOCK(so, 1); 3348 return; 3349 } 3350 #endif 3351 socantsendmore(stcb->sctp_socket); 3352 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 3353 SCTP_SOCKET_UNLOCK(so, 1); 3354 #endif 3355 } 3356 if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVSHUTDOWNEVNT)) { 3357 /* event not enabled */ 3358 return; 3359 } 3360 3361 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_event), 0, M_NOWAIT, 1, MT_DATA); 3362 if (m_notify == NULL) 3363 /* no space left */ 3364 return; 3365 sse = mtod(m_notify, struct sctp_shutdown_event *); 3366 memset(sse, 0, sizeof(struct sctp_shutdown_event)); 3367 sse->sse_type = SCTP_SHUTDOWN_EVENT; 3368 sse->sse_flags = 0; 3369 sse->sse_length = sizeof(struct sctp_shutdown_event); 3370 sse->sse_assoc_id = sctp_get_associd(stcb); 3371 3372 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_shutdown_event); 3373 SCTP_BUF_NEXT(m_notify) = NULL; 3374 3375 /* append to socket */ 3376 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3377 0, 0, stcb->asoc.context, 0, 0, 0, 3378 m_notify); 3379 if (control == NULL) { 3380 /* no memory */ 3381 sctp_m_freem(m_notify); 3382 return; 3383 } 3384 control->length = SCTP_BUF_LEN(m_notify); 3385 control->spec_flags = M_NOTIFICATION; 3386 /* not that we need this */ 3387 control->tail_mbuf = m_notify; 3388 sctp_add_to_readq(stcb->sctp_ep, stcb, 3389 control, 3390 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3391 } 3392 3393 static void 3394 sctp_notify_sender_dry_event(struct sctp_tcb *stcb, 3395 int so_locked 3396 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3397 SCTP_UNUSED 3398 #endif 3399 ) 3400 { 3401 struct mbuf *m_notify; 3402 struct sctp_sender_dry_event *event; 3403 struct sctp_queued_to_read *control; 3404 3405 if ((stcb == NULL) || 3406 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DRYEVNT)) { 3407 /* event not enabled */ 3408 return; 3409 } 3410 3411 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_sender_dry_event), 0, M_NOWAIT, 1, MT_DATA); 3412 if (m_notify == NULL) { 3413 /* no space left */ 3414 return; 3415 } 3416 SCTP_BUF_LEN(m_notify) = 0; 3417 event = mtod(m_notify, struct sctp_sender_dry_event *); 3418 memset(event, 0, sizeof(struct sctp_sender_dry_event)); 3419 event->sender_dry_type = SCTP_SENDER_DRY_EVENT; 3420 event->sender_dry_flags = 0; 3421 event->sender_dry_length = sizeof(struct sctp_sender_dry_event); 3422 event->sender_dry_assoc_id = sctp_get_associd(stcb); 3423 3424 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_sender_dry_event); 3425 SCTP_BUF_NEXT(m_notify) = NULL; 3426 3427 /* append to socket */ 3428 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3429 0, 0, stcb->asoc.context, 0, 0, 0, 3430 m_notify); 3431 if (control == NULL) { 3432 /* no memory */ 3433 sctp_m_freem(m_notify); 3434 return; 3435 } 3436 control->length = SCTP_BUF_LEN(m_notify); 3437 control->spec_flags = M_NOTIFICATION; 3438 /* not that we need this */ 3439 control->tail_mbuf = m_notify; 3440 sctp_add_to_readq(stcb->sctp_ep, stcb, control, 3441 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, so_locked); 3442 } 3443 3444 3445 void 3446 sctp_notify_stream_reset_add(struct sctp_tcb *stcb, uint16_t numberin, uint16_t numberout, int flag) 3447 { 3448 struct mbuf *m_notify; 3449 struct sctp_queued_to_read *control; 3450 struct sctp_stream_change_event *stradd; 3451 3452 if ((stcb == NULL) || 3453 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_CHANGEEVNT))) { 3454 /* event not enabled */ 3455 return; 3456 } 3457 if ((stcb->asoc.peer_req_out) && flag) { 3458 /* Peer made the request, don't tell the local user */ 3459 stcb->asoc.peer_req_out = 0; 3460 return; 3461 } 3462 stcb->asoc.peer_req_out = 0; 3463 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_stream_change_event), 0, M_NOWAIT, 1, MT_DATA); 3464 if (m_notify == NULL) 3465 /* no space left */ 3466 return; 3467 SCTP_BUF_LEN(m_notify) = 0; 3468 stradd = mtod(m_notify, struct sctp_stream_change_event *); 3469 memset(stradd, 0, sizeof(struct sctp_stream_change_event)); 3470 stradd->strchange_type = SCTP_STREAM_CHANGE_EVENT; 3471 stradd->strchange_flags = flag; 3472 stradd->strchange_length = sizeof(struct sctp_stream_change_event); 3473 stradd->strchange_assoc_id = sctp_get_associd(stcb); 3474 stradd->strchange_instrms = numberin; 3475 stradd->strchange_outstrms = numberout; 3476 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_stream_change_event); 3477 SCTP_BUF_NEXT(m_notify) = NULL; 3478 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3479 /* no space */ 3480 sctp_m_freem(m_notify); 3481 return; 3482 } 3483 /* append to socket */ 3484 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3485 0, 0, stcb->asoc.context, 0, 0, 0, 3486 m_notify); 3487 if (control == NULL) { 3488 /* no memory */ 3489 sctp_m_freem(m_notify); 3490 return; 3491 } 3492 control->length = SCTP_BUF_LEN(m_notify); 3493 control->spec_flags = M_NOTIFICATION; 3494 /* not that we need this */ 3495 control->tail_mbuf = m_notify; 3496 sctp_add_to_readq(stcb->sctp_ep, stcb, 3497 control, 3498 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3499 } 3500 3501 void 3502 sctp_notify_stream_reset_tsn(struct sctp_tcb *stcb, uint32_t sending_tsn, uint32_t recv_tsn, int flag) 3503 { 3504 struct mbuf *m_notify; 3505 struct sctp_queued_to_read *control; 3506 struct sctp_assoc_reset_event *strasoc; 3507 3508 if ((stcb == NULL) || 3509 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ASSOC_RESETEVNT))) { 3510 /* event not enabled */ 3511 return; 3512 } 3513 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_reset_event), 0, M_NOWAIT, 1, MT_DATA); 3514 if (m_notify == NULL) 3515 /* no space left */ 3516 return; 3517 SCTP_BUF_LEN(m_notify) = 0; 3518 strasoc = mtod(m_notify, struct sctp_assoc_reset_event *); 3519 memset(strasoc, 0, sizeof(struct sctp_assoc_reset_event)); 3520 strasoc->assocreset_type = SCTP_ASSOC_RESET_EVENT; 3521 strasoc->assocreset_flags = flag; 3522 strasoc->assocreset_length = sizeof(struct sctp_assoc_reset_event); 3523 strasoc->assocreset_assoc_id = sctp_get_associd(stcb); 3524 strasoc->assocreset_local_tsn = sending_tsn; 3525 strasoc->assocreset_remote_tsn = recv_tsn; 3526 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_assoc_reset_event); 3527 SCTP_BUF_NEXT(m_notify) = NULL; 3528 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3529 /* no space */ 3530 sctp_m_freem(m_notify); 3531 return; 3532 } 3533 /* append to socket */ 3534 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3535 0, 0, stcb->asoc.context, 0, 0, 0, 3536 m_notify); 3537 if (control == NULL) { 3538 /* no memory */ 3539 sctp_m_freem(m_notify); 3540 return; 3541 } 3542 control->length = SCTP_BUF_LEN(m_notify); 3543 control->spec_flags = M_NOTIFICATION; 3544 /* not that we need this */ 3545 control->tail_mbuf = m_notify; 3546 sctp_add_to_readq(stcb->sctp_ep, stcb, 3547 control, 3548 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3549 } 3550 3551 3552 3553 static void 3554 sctp_notify_stream_reset(struct sctp_tcb *stcb, 3555 int number_entries, uint16_t *list, int flag) 3556 { 3557 struct mbuf *m_notify; 3558 struct sctp_queued_to_read *control; 3559 struct sctp_stream_reset_event *strreset; 3560 int len; 3561 3562 if ((stcb == NULL) || 3563 (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_RESETEVNT))) { 3564 /* event not enabled */ 3565 return; 3566 } 3567 3568 m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 3569 if (m_notify == NULL) 3570 /* no space left */ 3571 return; 3572 SCTP_BUF_LEN(m_notify) = 0; 3573 len = sizeof(struct sctp_stream_reset_event) + (number_entries * sizeof(uint16_t)); 3574 if (len > M_TRAILINGSPACE(m_notify)) { 3575 /* never enough room */ 3576 sctp_m_freem(m_notify); 3577 return; 3578 } 3579 strreset = mtod(m_notify, struct sctp_stream_reset_event *); 3580 memset(strreset, 0, len); 3581 strreset->strreset_type = SCTP_STREAM_RESET_EVENT; 3582 strreset->strreset_flags = flag; 3583 strreset->strreset_length = len; 3584 strreset->strreset_assoc_id = sctp_get_associd(stcb); 3585 if (number_entries) { 3586 int i; 3587 3588 for (i = 0; i < number_entries; i++) { 3589 strreset->strreset_stream_list[i] = ntohs(list[i]); 3590 } 3591 } 3592 SCTP_BUF_LEN(m_notify) = len; 3593 SCTP_BUF_NEXT(m_notify) = NULL; 3594 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3595 /* no space */ 3596 sctp_m_freem(m_notify); 3597 return; 3598 } 3599 /* append to socket */ 3600 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3601 0, 0, stcb->asoc.context, 0, 0, 0, 3602 m_notify); 3603 if (control == NULL) { 3604 /* no memory */ 3605 sctp_m_freem(m_notify); 3606 return; 3607 } 3608 control->length = SCTP_BUF_LEN(m_notify); 3609 control->spec_flags = M_NOTIFICATION; 3610 /* not that we need this */ 3611 control->tail_mbuf = m_notify; 3612 sctp_add_to_readq(stcb->sctp_ep, stcb, 3613 control, 3614 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3615 } 3616 3617 3618 static void 3619 sctp_notify_remote_error(struct sctp_tcb *stcb, uint16_t error, struct sctp_error_chunk *chunk) 3620 { 3621 struct mbuf *m_notify; 3622 struct sctp_remote_error *sre; 3623 struct sctp_queued_to_read *control; 3624 unsigned int notif_len; 3625 uint16_t chunk_len; 3626 3627 if ((stcb == NULL) || 3628 sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVPEERERR)) { 3629 return; 3630 } 3631 if (chunk != NULL) { 3632 chunk_len = ntohs(chunk->ch.chunk_length); 3633 /* 3634 * Only SCTP_CHUNK_BUFFER_SIZE are guaranteed to be 3635 * contiguous. 3636 */ 3637 if (chunk_len > SCTP_CHUNK_BUFFER_SIZE) { 3638 chunk_len = SCTP_CHUNK_BUFFER_SIZE; 3639 } 3640 } else { 3641 chunk_len = 0; 3642 } 3643 notif_len = (unsigned int)(sizeof(struct sctp_remote_error) + chunk_len); 3644 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 3645 if (m_notify == NULL) { 3646 /* Retry with smaller value. */ 3647 notif_len = (unsigned int)sizeof(struct sctp_remote_error); 3648 m_notify = sctp_get_mbuf_for_msg(notif_len, 0, M_NOWAIT, 1, MT_DATA); 3649 if (m_notify == NULL) { 3650 return; 3651 } 3652 } 3653 SCTP_BUF_NEXT(m_notify) = NULL; 3654 sre = mtod(m_notify, struct sctp_remote_error *); 3655 memset(sre, 0, notif_len); 3656 sre->sre_type = SCTP_REMOTE_ERROR; 3657 sre->sre_flags = 0; 3658 sre->sre_length = sizeof(struct sctp_remote_error); 3659 sre->sre_error = error; 3660 sre->sre_assoc_id = sctp_get_associd(stcb); 3661 if (notif_len > sizeof(struct sctp_remote_error)) { 3662 memcpy(sre->sre_data, chunk, chunk_len); 3663 sre->sre_length += chunk_len; 3664 } 3665 SCTP_BUF_LEN(m_notify) = sre->sre_length; 3666 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3667 0, 0, stcb->asoc.context, 0, 0, 0, 3668 m_notify); 3669 if (control != NULL) { 3670 control->length = SCTP_BUF_LEN(m_notify); 3671 control->spec_flags = M_NOTIFICATION; 3672 /* not that we need this */ 3673 control->tail_mbuf = m_notify; 3674 sctp_add_to_readq(stcb->sctp_ep, stcb, 3675 control, 3676 &stcb->sctp_socket->so_rcv, 1, 3677 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); 3678 } else { 3679 sctp_m_freem(m_notify); 3680 } 3681 } 3682 3683 3684 void 3685 sctp_ulp_notify(uint32_t notification, struct sctp_tcb *stcb, 3686 uint32_t error, void *data, int so_locked 3687 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3688 SCTP_UNUSED 3689 #endif 3690 ) 3691 { 3692 if ((stcb == NULL) || 3693 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3694 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3695 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 3696 /* If the socket is gone we are out of here */ 3697 return; 3698 } 3699 if (stcb->sctp_socket->so_rcv.sb_state & SBS_CANTRCVMORE) { 3700 return; 3701 } 3702 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 3703 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 3704 if ((notification == SCTP_NOTIFY_INTERFACE_DOWN) || 3705 (notification == SCTP_NOTIFY_INTERFACE_UP) || 3706 (notification == SCTP_NOTIFY_INTERFACE_CONFIRMED)) { 3707 /* Don't report these in front states */ 3708 return; 3709 } 3710 } 3711 switch (notification) { 3712 case SCTP_NOTIFY_ASSOC_UP: 3713 if (stcb->asoc.assoc_up_sent == 0) { 3714 sctp_notify_assoc_change(SCTP_COMM_UP, stcb, error, NULL, 0, so_locked); 3715 stcb->asoc.assoc_up_sent = 1; 3716 } 3717 if (stcb->asoc.adaptation_needed && (stcb->asoc.adaptation_sent == 0)) { 3718 sctp_notify_adaptation_layer(stcb); 3719 } 3720 if (stcb->asoc.auth_supported == 0) { 3721 sctp_ulp_notify(SCTP_NOTIFY_NO_PEER_AUTH, stcb, 0, 3722 NULL, so_locked); 3723 } 3724 break; 3725 case SCTP_NOTIFY_ASSOC_DOWN: 3726 sctp_notify_assoc_change(SCTP_SHUTDOWN_COMP, stcb, error, NULL, 0, so_locked); 3727 break; 3728 case SCTP_NOTIFY_INTERFACE_DOWN: 3729 { 3730 struct sctp_nets *net; 3731 3732 net = (struct sctp_nets *)data; 3733 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_UNREACHABLE, 3734 (struct sockaddr *)&net->ro._l_addr, error, so_locked); 3735 break; 3736 } 3737 case SCTP_NOTIFY_INTERFACE_UP: 3738 { 3739 struct sctp_nets *net; 3740 3741 net = (struct sctp_nets *)data; 3742 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_AVAILABLE, 3743 (struct sockaddr *)&net->ro._l_addr, error, so_locked); 3744 break; 3745 } 3746 case SCTP_NOTIFY_INTERFACE_CONFIRMED: 3747 { 3748 struct sctp_nets *net; 3749 3750 net = (struct sctp_nets *)data; 3751 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_CONFIRMED, 3752 (struct sockaddr *)&net->ro._l_addr, error, so_locked); 3753 break; 3754 } 3755 case SCTP_NOTIFY_SPECIAL_SP_FAIL: 3756 sctp_notify_send_failed2(stcb, error, 3757 (struct sctp_stream_queue_pending *)data, so_locked); 3758 break; 3759 case SCTP_NOTIFY_SENT_DG_FAIL: 3760 sctp_notify_send_failed(stcb, 1, error, 3761 (struct sctp_tmit_chunk *)data, so_locked); 3762 break; 3763 case SCTP_NOTIFY_UNSENT_DG_FAIL: 3764 sctp_notify_send_failed(stcb, 0, error, 3765 (struct sctp_tmit_chunk *)data, so_locked); 3766 break; 3767 case SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION: 3768 { 3769 uint32_t val; 3770 3771 val = *((uint32_t *)data); 3772 3773 sctp_notify_partial_delivery_indication(stcb, error, val, so_locked); 3774 break; 3775 } 3776 case SCTP_NOTIFY_ASSOC_LOC_ABORTED: 3777 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 3778 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 3779 sctp_notify_assoc_change(SCTP_CANT_STR_ASSOC, stcb, error, data, 0, so_locked); 3780 } else { 3781 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, data, 0, so_locked); 3782 } 3783 break; 3784 case SCTP_NOTIFY_ASSOC_REM_ABORTED: 3785 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || 3786 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { 3787 sctp_notify_assoc_change(SCTP_CANT_STR_ASSOC, stcb, error, data, 1, so_locked); 3788 } else { 3789 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, data, 1, so_locked); 3790 } 3791 break; 3792 case SCTP_NOTIFY_ASSOC_RESTART: 3793 sctp_notify_assoc_change(SCTP_RESTART, stcb, error, NULL, 0, so_locked); 3794 if (stcb->asoc.auth_supported == 0) { 3795 sctp_ulp_notify(SCTP_NOTIFY_NO_PEER_AUTH, stcb, 0, 3796 NULL, so_locked); 3797 } 3798 break; 3799 case SCTP_NOTIFY_STR_RESET_SEND: 3800 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), SCTP_STREAM_RESET_OUTGOING_SSN); 3801 break; 3802 case SCTP_NOTIFY_STR_RESET_RECV: 3803 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), SCTP_STREAM_RESET_INCOMING); 3804 break; 3805 case SCTP_NOTIFY_STR_RESET_FAILED_OUT: 3806 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3807 (SCTP_STREAM_RESET_OUTGOING_SSN | SCTP_STREAM_RESET_FAILED)); 3808 break; 3809 case SCTP_NOTIFY_STR_RESET_DENIED_OUT: 3810 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3811 (SCTP_STREAM_RESET_OUTGOING_SSN | SCTP_STREAM_RESET_DENIED)); 3812 break; 3813 case SCTP_NOTIFY_STR_RESET_FAILED_IN: 3814 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3815 (SCTP_STREAM_RESET_INCOMING | SCTP_STREAM_RESET_FAILED)); 3816 break; 3817 case SCTP_NOTIFY_STR_RESET_DENIED_IN: 3818 sctp_notify_stream_reset(stcb, error, ((uint16_t *)data), 3819 (SCTP_STREAM_RESET_INCOMING | SCTP_STREAM_RESET_DENIED)); 3820 break; 3821 case SCTP_NOTIFY_ASCONF_ADD_IP: 3822 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_ADDED, data, 3823 error, so_locked); 3824 break; 3825 case SCTP_NOTIFY_ASCONF_DELETE_IP: 3826 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_REMOVED, data, 3827 error, so_locked); 3828 break; 3829 case SCTP_NOTIFY_ASCONF_SET_PRIMARY: 3830 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_MADE_PRIM, data, 3831 error, so_locked); 3832 break; 3833 case SCTP_NOTIFY_PEER_SHUTDOWN: 3834 sctp_notify_shutdown_event(stcb); 3835 break; 3836 case SCTP_NOTIFY_AUTH_NEW_KEY: 3837 sctp_notify_authentication(stcb, SCTP_AUTH_NEW_KEY, error, 3838 (uint16_t)(uintptr_t)data, 3839 so_locked); 3840 break; 3841 case SCTP_NOTIFY_AUTH_FREE_KEY: 3842 sctp_notify_authentication(stcb, SCTP_AUTH_FREE_KEY, error, 3843 (uint16_t)(uintptr_t)data, 3844 so_locked); 3845 break; 3846 case SCTP_NOTIFY_NO_PEER_AUTH: 3847 sctp_notify_authentication(stcb, SCTP_AUTH_NO_AUTH, error, 3848 (uint16_t)(uintptr_t)data, 3849 so_locked); 3850 break; 3851 case SCTP_NOTIFY_SENDER_DRY: 3852 sctp_notify_sender_dry_event(stcb, so_locked); 3853 break; 3854 case SCTP_NOTIFY_REMOTE_ERROR: 3855 sctp_notify_remote_error(stcb, error, data); 3856 break; 3857 default: 3858 SCTPDBG(SCTP_DEBUG_UTIL1, "%s: unknown notification %xh (%u)\n", 3859 __func__, notification, notification); 3860 break; 3861 } /* end switch */ 3862 } 3863 3864 void 3865 sctp_report_all_outbound(struct sctp_tcb *stcb, uint16_t error, int holds_lock, int so_locked 3866 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3867 SCTP_UNUSED 3868 #endif 3869 ) 3870 { 3871 struct sctp_association *asoc; 3872 struct sctp_stream_out *outs; 3873 struct sctp_tmit_chunk *chk, *nchk; 3874 struct sctp_stream_queue_pending *sp, *nsp; 3875 int i; 3876 3877 if (stcb == NULL) { 3878 return; 3879 } 3880 asoc = &stcb->asoc; 3881 if (asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) { 3882 /* already being freed */ 3883 return; 3884 } 3885 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3886 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3887 (asoc->state & SCTP_STATE_CLOSED_SOCKET)) { 3888 return; 3889 } 3890 /* now through all the gunk freeing chunks */ 3891 if (holds_lock == 0) { 3892 SCTP_TCB_SEND_LOCK(stcb); 3893 } 3894 /* sent queue SHOULD be empty */ 3895 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) { 3896 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next); 3897 asoc->sent_queue_cnt--; 3898 if (chk->sent != SCTP_DATAGRAM_NR_ACKED) { 3899 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) { 3900 asoc->strmout[chk->rec.data.sid].chunks_on_queues--; 3901 #ifdef INVARIANTS 3902 } else { 3903 panic("No chunks on the queues for sid %u.", chk->rec.data.sid); 3904 #endif 3905 } 3906 } 3907 if (chk->data != NULL) { 3908 sctp_free_bufspace(stcb, asoc, chk, 1); 3909 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 3910 error, chk, so_locked); 3911 if (chk->data) { 3912 sctp_m_freem(chk->data); 3913 chk->data = NULL; 3914 } 3915 } 3916 sctp_free_a_chunk(stcb, chk, so_locked); 3917 /* sa_ignore FREED_MEMORY */ 3918 } 3919 /* pending send queue SHOULD be empty */ 3920 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { 3921 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); 3922 asoc->send_queue_cnt--; 3923 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) { 3924 asoc->strmout[chk->rec.data.sid].chunks_on_queues--; 3925 #ifdef INVARIANTS 3926 } else { 3927 panic("No chunks on the queues for sid %u.", chk->rec.data.sid); 3928 #endif 3929 } 3930 if (chk->data != NULL) { 3931 sctp_free_bufspace(stcb, asoc, chk, 1); 3932 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 3933 error, chk, so_locked); 3934 if (chk->data) { 3935 sctp_m_freem(chk->data); 3936 chk->data = NULL; 3937 } 3938 } 3939 sctp_free_a_chunk(stcb, chk, so_locked); 3940 /* sa_ignore FREED_MEMORY */ 3941 } 3942 for (i = 0; i < asoc->streamoutcnt; i++) { 3943 /* For each stream */ 3944 outs = &asoc->strmout[i]; 3945 /* clean up any sends there */ 3946 TAILQ_FOREACH_SAFE(sp, &outs->outqueue, next, nsp) { 3947 atomic_subtract_int(&asoc->stream_queue_cnt, 1); 3948 TAILQ_REMOVE(&outs->outqueue, sp, next); 3949 stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, outs, sp, 1); 3950 sctp_free_spbufspace(stcb, asoc, sp); 3951 if (sp->data) { 3952 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb, 3953 error, (void *)sp, so_locked); 3954 if (sp->data) { 3955 sctp_m_freem(sp->data); 3956 sp->data = NULL; 3957 sp->tail_mbuf = NULL; 3958 sp->length = 0; 3959 } 3960 } 3961 if (sp->net) { 3962 sctp_free_remote_addr(sp->net); 3963 sp->net = NULL; 3964 } 3965 /* Free the chunk */ 3966 sctp_free_a_strmoq(stcb, sp, so_locked); 3967 /* sa_ignore FREED_MEMORY */ 3968 } 3969 } 3970 3971 if (holds_lock == 0) { 3972 SCTP_TCB_SEND_UNLOCK(stcb); 3973 } 3974 } 3975 3976 void 3977 sctp_abort_notification(struct sctp_tcb *stcb, uint8_t from_peer, uint16_t error, 3978 struct sctp_abort_chunk *abort, int so_locked 3979 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3980 SCTP_UNUSED 3981 #endif 3982 ) 3983 { 3984 if (stcb == NULL) { 3985 return; 3986 } 3987 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || 3988 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 3989 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) { 3990 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_WAS_ABORTED; 3991 } 3992 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3993 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3994 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 3995 return; 3996 } 3997 /* Tell them we lost the asoc */ 3998 sctp_report_all_outbound(stcb, error, 1, so_locked); 3999 if (from_peer) { 4000 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_REM_ABORTED, stcb, error, abort, so_locked); 4001 } else { 4002 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_LOC_ABORTED, stcb, error, abort, so_locked); 4003 } 4004 } 4005 4006 void 4007 sctp_abort_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 4008 struct mbuf *m, int iphlen, 4009 struct sockaddr *src, struct sockaddr *dst, 4010 struct sctphdr *sh, struct mbuf *op_err, 4011 uint8_t mflowtype, uint32_t mflowid, 4012 uint32_t vrf_id, uint16_t port) 4013 { 4014 uint32_t vtag; 4015 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4016 struct socket *so; 4017 #endif 4018 4019 vtag = 0; 4020 if (stcb != NULL) { 4021 vtag = stcb->asoc.peer_vtag; 4022 vrf_id = stcb->asoc.vrf_id; 4023 } 4024 sctp_send_abort(m, iphlen, src, dst, sh, vtag, op_err, 4025 mflowtype, mflowid, inp->fibnum, 4026 vrf_id, port); 4027 if (stcb != NULL) { 4028 /* We have a TCB to abort, send notification too */ 4029 sctp_abort_notification(stcb, 0, 0, NULL, SCTP_SO_NOT_LOCKED); 4030 SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_WAS_ABORTED); 4031 /* Ok, now lets free it */ 4032 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4033 so = SCTP_INP_SO(inp); 4034 atomic_add_int(&stcb->asoc.refcnt, 1); 4035 SCTP_TCB_UNLOCK(stcb); 4036 SCTP_SOCKET_LOCK(so, 1); 4037 SCTP_TCB_LOCK(stcb); 4038 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4039 #endif 4040 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 4041 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 4042 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 4043 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 4044 } 4045 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 4046 SCTP_FROM_SCTPUTIL + SCTP_LOC_4); 4047 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4048 SCTP_SOCKET_UNLOCK(so, 1); 4049 #endif 4050 } 4051 } 4052 #ifdef SCTP_ASOCLOG_OF_TSNS 4053 void 4054 sctp_print_out_track_log(struct sctp_tcb *stcb) 4055 { 4056 #ifdef NOSIY_PRINTS 4057 int i; 4058 4059 SCTP_PRINTF("Last ep reason:%x\n", stcb->sctp_ep->last_abort_code); 4060 SCTP_PRINTF("IN bound TSN log-aaa\n"); 4061 if ((stcb->asoc.tsn_in_at == 0) && (stcb->asoc.tsn_in_wrapped == 0)) { 4062 SCTP_PRINTF("None rcvd\n"); 4063 goto none_in; 4064 } 4065 if (stcb->asoc.tsn_in_wrapped) { 4066 for (i = stcb->asoc.tsn_in_at; i < SCTP_TSN_LOG_SIZE; i++) { 4067 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4068 stcb->asoc.in_tsnlog[i].tsn, 4069 stcb->asoc.in_tsnlog[i].strm, 4070 stcb->asoc.in_tsnlog[i].seq, 4071 stcb->asoc.in_tsnlog[i].flgs, 4072 stcb->asoc.in_tsnlog[i].sz); 4073 } 4074 } 4075 if (stcb->asoc.tsn_in_at) { 4076 for (i = 0; i < stcb->asoc.tsn_in_at; i++) { 4077 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4078 stcb->asoc.in_tsnlog[i].tsn, 4079 stcb->asoc.in_tsnlog[i].strm, 4080 stcb->asoc.in_tsnlog[i].seq, 4081 stcb->asoc.in_tsnlog[i].flgs, 4082 stcb->asoc.in_tsnlog[i].sz); 4083 } 4084 } 4085 none_in: 4086 SCTP_PRINTF("OUT bound TSN log-aaa\n"); 4087 if ((stcb->asoc.tsn_out_at == 0) && 4088 (stcb->asoc.tsn_out_wrapped == 0)) { 4089 SCTP_PRINTF("None sent\n"); 4090 } 4091 if (stcb->asoc.tsn_out_wrapped) { 4092 for (i = stcb->asoc.tsn_out_at; i < SCTP_TSN_LOG_SIZE; i++) { 4093 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4094 stcb->asoc.out_tsnlog[i].tsn, 4095 stcb->asoc.out_tsnlog[i].strm, 4096 stcb->asoc.out_tsnlog[i].seq, 4097 stcb->asoc.out_tsnlog[i].flgs, 4098 stcb->asoc.out_tsnlog[i].sz); 4099 } 4100 } 4101 if (stcb->asoc.tsn_out_at) { 4102 for (i = 0; i < stcb->asoc.tsn_out_at; i++) { 4103 SCTP_PRINTF("TSN:%x strm:%d seq:%d flags:%x sz:%d\n", 4104 stcb->asoc.out_tsnlog[i].tsn, 4105 stcb->asoc.out_tsnlog[i].strm, 4106 stcb->asoc.out_tsnlog[i].seq, 4107 stcb->asoc.out_tsnlog[i].flgs, 4108 stcb->asoc.out_tsnlog[i].sz); 4109 } 4110 } 4111 #endif 4112 } 4113 #endif 4114 4115 void 4116 sctp_abort_an_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 4117 struct mbuf *op_err, 4118 int so_locked 4119 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4120 SCTP_UNUSED 4121 #endif 4122 ) 4123 { 4124 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4125 struct socket *so; 4126 #endif 4127 4128 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4129 so = SCTP_INP_SO(inp); 4130 #endif 4131 if (stcb == NULL) { 4132 /* Got to have a TCB */ 4133 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 4134 if (LIST_EMPTY(&inp->sctp_asoc_list)) { 4135 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 4136 SCTP_CALLED_DIRECTLY_NOCMPSET); 4137 } 4138 } 4139 return; 4140 } else { 4141 SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_WAS_ABORTED); 4142 } 4143 /* notify the peer */ 4144 sctp_send_abort_tcb(stcb, op_err, so_locked); 4145 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 4146 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 4147 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 4148 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 4149 } 4150 /* notify the ulp */ 4151 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) { 4152 sctp_abort_notification(stcb, 0, 0, NULL, so_locked); 4153 } 4154 /* now free the asoc */ 4155 #ifdef SCTP_ASOCLOG_OF_TSNS 4156 sctp_print_out_track_log(stcb); 4157 #endif 4158 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4159 if (!so_locked) { 4160 atomic_add_int(&stcb->asoc.refcnt, 1); 4161 SCTP_TCB_UNLOCK(stcb); 4162 SCTP_SOCKET_LOCK(so, 1); 4163 SCTP_TCB_LOCK(stcb); 4164 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4165 } 4166 #endif 4167 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 4168 SCTP_FROM_SCTPUTIL + SCTP_LOC_5); 4169 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4170 if (!so_locked) { 4171 SCTP_SOCKET_UNLOCK(so, 1); 4172 } 4173 #endif 4174 } 4175 4176 void 4177 sctp_handle_ootb(struct mbuf *m, int iphlen, int offset, 4178 struct sockaddr *src, struct sockaddr *dst, 4179 struct sctphdr *sh, struct sctp_inpcb *inp, 4180 struct mbuf *cause, 4181 uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum, 4182 uint32_t vrf_id, uint16_t port) 4183 { 4184 struct sctp_chunkhdr *ch, chunk_buf; 4185 unsigned int chk_length; 4186 int contains_init_chunk; 4187 4188 SCTP_STAT_INCR_COUNTER32(sctps_outoftheblue); 4189 /* Generate a TO address for future reference */ 4190 if (inp && (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) { 4191 if (LIST_EMPTY(&inp->sctp_asoc_list)) { 4192 sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT, 4193 SCTP_CALLED_DIRECTLY_NOCMPSET); 4194 } 4195 } 4196 contains_init_chunk = 0; 4197 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4198 sizeof(*ch), (uint8_t *)&chunk_buf); 4199 while (ch != NULL) { 4200 chk_length = ntohs(ch->chunk_length); 4201 if (chk_length < sizeof(*ch)) { 4202 /* break to abort land */ 4203 break; 4204 } 4205 switch (ch->chunk_type) { 4206 case SCTP_INIT: 4207 contains_init_chunk = 1; 4208 break; 4209 case SCTP_PACKET_DROPPED: 4210 /* we don't respond to pkt-dropped */ 4211 return; 4212 case SCTP_ABORT_ASSOCIATION: 4213 /* we don't respond with an ABORT to an ABORT */ 4214 return; 4215 case SCTP_SHUTDOWN_COMPLETE: 4216 /* 4217 * we ignore it since we are not waiting for it and 4218 * peer is gone 4219 */ 4220 return; 4221 case SCTP_SHUTDOWN_ACK: 4222 sctp_send_shutdown_complete2(src, dst, sh, 4223 mflowtype, mflowid, fibnum, 4224 vrf_id, port); 4225 return; 4226 default: 4227 break; 4228 } 4229 offset += SCTP_SIZE32(chk_length); 4230 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4231 sizeof(*ch), (uint8_t *)&chunk_buf); 4232 } 4233 if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) || 4234 ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) && 4235 (contains_init_chunk == 0))) { 4236 sctp_send_abort(m, iphlen, src, dst, sh, 0, cause, 4237 mflowtype, mflowid, fibnum, 4238 vrf_id, port); 4239 } 4240 } 4241 4242 /* 4243 * check the inbound datagram to make sure there is not an abort inside it, 4244 * if there is return 1, else return 0. 4245 */ 4246 int 4247 sctp_is_there_an_abort_here(struct mbuf *m, int iphlen, uint32_t *vtagfill) 4248 { 4249 struct sctp_chunkhdr *ch; 4250 struct sctp_init_chunk *init_chk, chunk_buf; 4251 int offset; 4252 unsigned int chk_length; 4253 4254 offset = iphlen + sizeof(struct sctphdr); 4255 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, sizeof(*ch), 4256 (uint8_t *)&chunk_buf); 4257 while (ch != NULL) { 4258 chk_length = ntohs(ch->chunk_length); 4259 if (chk_length < sizeof(*ch)) { 4260 /* packet is probably corrupt */ 4261 break; 4262 } 4263 /* we seem to be ok, is it an abort? */ 4264 if (ch->chunk_type == SCTP_ABORT_ASSOCIATION) { 4265 /* yep, tell them */ 4266 return (1); 4267 } 4268 if (ch->chunk_type == SCTP_INITIATION) { 4269 /* need to update the Vtag */ 4270 init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m, 4271 offset, sizeof(*init_chk), (uint8_t *)&chunk_buf); 4272 if (init_chk != NULL) { 4273 *vtagfill = ntohl(init_chk->init.initiate_tag); 4274 } 4275 } 4276 /* Nope, move to the next chunk */ 4277 offset += SCTP_SIZE32(chk_length); 4278 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 4279 sizeof(*ch), (uint8_t *)&chunk_buf); 4280 } 4281 return (0); 4282 } 4283 4284 /* 4285 * currently (2/02), ifa_addr embeds scope_id's and don't have sin6_scope_id 4286 * set (i.e. it's 0) so, create this function to compare link local scopes 4287 */ 4288 #ifdef INET6 4289 uint32_t 4290 sctp_is_same_scope(struct sockaddr_in6 *addr1, struct sockaddr_in6 *addr2) 4291 { 4292 struct sockaddr_in6 a, b; 4293 4294 /* save copies */ 4295 a = *addr1; 4296 b = *addr2; 4297 4298 if (a.sin6_scope_id == 0) 4299 if (sa6_recoverscope(&a)) { 4300 /* can't get scope, so can't match */ 4301 return (0); 4302 } 4303 if (b.sin6_scope_id == 0) 4304 if (sa6_recoverscope(&b)) { 4305 /* can't get scope, so can't match */ 4306 return (0); 4307 } 4308 if (a.sin6_scope_id != b.sin6_scope_id) 4309 return (0); 4310 4311 return (1); 4312 } 4313 4314 /* 4315 * returns a sockaddr_in6 with embedded scope recovered and removed 4316 */ 4317 struct sockaddr_in6 * 4318 sctp_recover_scope(struct sockaddr_in6 *addr, struct sockaddr_in6 *store) 4319 { 4320 /* check and strip embedded scope junk */ 4321 if (addr->sin6_family == AF_INET6) { 4322 if (IN6_IS_SCOPE_LINKLOCAL(&addr->sin6_addr)) { 4323 if (addr->sin6_scope_id == 0) { 4324 *store = *addr; 4325 if (!sa6_recoverscope(store)) { 4326 /* use the recovered scope */ 4327 addr = store; 4328 } 4329 } else { 4330 /* else, return the original "to" addr */ 4331 in6_clearscope(&addr->sin6_addr); 4332 } 4333 } 4334 } 4335 return (addr); 4336 } 4337 #endif 4338 4339 /* 4340 * are the two addresses the same? currently a "scopeless" check returns: 1 4341 * if same, 0 if not 4342 */ 4343 int 4344 sctp_cmpaddr(struct sockaddr *sa1, struct sockaddr *sa2) 4345 { 4346 4347 /* must be valid */ 4348 if (sa1 == NULL || sa2 == NULL) 4349 return (0); 4350 4351 /* must be the same family */ 4352 if (sa1->sa_family != sa2->sa_family) 4353 return (0); 4354 4355 switch (sa1->sa_family) { 4356 #ifdef INET6 4357 case AF_INET6: 4358 { 4359 /* IPv6 addresses */ 4360 struct sockaddr_in6 *sin6_1, *sin6_2; 4361 4362 sin6_1 = (struct sockaddr_in6 *)sa1; 4363 sin6_2 = (struct sockaddr_in6 *)sa2; 4364 return (SCTP6_ARE_ADDR_EQUAL(sin6_1, 4365 sin6_2)); 4366 } 4367 #endif 4368 #ifdef INET 4369 case AF_INET: 4370 { 4371 /* IPv4 addresses */ 4372 struct sockaddr_in *sin_1, *sin_2; 4373 4374 sin_1 = (struct sockaddr_in *)sa1; 4375 sin_2 = (struct sockaddr_in *)sa2; 4376 return (sin_1->sin_addr.s_addr == sin_2->sin_addr.s_addr); 4377 } 4378 #endif 4379 default: 4380 /* we don't do these... */ 4381 return (0); 4382 } 4383 } 4384 4385 void 4386 sctp_print_address(struct sockaddr *sa) 4387 { 4388 #ifdef INET6 4389 char ip6buf[INET6_ADDRSTRLEN]; 4390 #endif 4391 4392 switch (sa->sa_family) { 4393 #ifdef INET6 4394 case AF_INET6: 4395 { 4396 struct sockaddr_in6 *sin6; 4397 4398 sin6 = (struct sockaddr_in6 *)sa; 4399 SCTP_PRINTF("IPv6 address: %s:port:%d scope:%u\n", 4400 ip6_sprintf(ip6buf, &sin6->sin6_addr), 4401 ntohs(sin6->sin6_port), 4402 sin6->sin6_scope_id); 4403 break; 4404 } 4405 #endif 4406 #ifdef INET 4407 case AF_INET: 4408 { 4409 struct sockaddr_in *sin; 4410 unsigned char *p; 4411 4412 sin = (struct sockaddr_in *)sa; 4413 p = (unsigned char *)&sin->sin_addr; 4414 SCTP_PRINTF("IPv4 address: %u.%u.%u.%u:%d\n", 4415 p[0], p[1], p[2], p[3], ntohs(sin->sin_port)); 4416 break; 4417 } 4418 #endif 4419 default: 4420 SCTP_PRINTF("?\n"); 4421 break; 4422 } 4423 } 4424 4425 void 4426 sctp_pull_off_control_to_new_inp(struct sctp_inpcb *old_inp, 4427 struct sctp_inpcb *new_inp, 4428 struct sctp_tcb *stcb, 4429 int waitflags) 4430 { 4431 /* 4432 * go through our old INP and pull off any control structures that 4433 * belong to stcb and move then to the new inp. 4434 */ 4435 struct socket *old_so, *new_so; 4436 struct sctp_queued_to_read *control, *nctl; 4437 struct sctp_readhead tmp_queue; 4438 struct mbuf *m; 4439 int error = 0; 4440 4441 old_so = old_inp->sctp_socket; 4442 new_so = new_inp->sctp_socket; 4443 TAILQ_INIT(&tmp_queue); 4444 error = sblock(&old_so->so_rcv, waitflags); 4445 if (error) { 4446 /* 4447 * Gak, can't get sblock, we have a problem. data will be 4448 * left stranded.. and we don't dare look at it since the 4449 * other thread may be reading something. Oh well, its a 4450 * screwed up app that does a peeloff OR a accept while 4451 * reading from the main socket... actually its only the 4452 * peeloff() case, since I think read will fail on a 4453 * listening socket.. 4454 */ 4455 return; 4456 } 4457 /* lock the socket buffers */ 4458 SCTP_INP_READ_LOCK(old_inp); 4459 TAILQ_FOREACH_SAFE(control, &old_inp->read_queue, next, nctl) { 4460 /* Pull off all for out target stcb */ 4461 if (control->stcb == stcb) { 4462 /* remove it we want it */ 4463 TAILQ_REMOVE(&old_inp->read_queue, control, next); 4464 TAILQ_INSERT_TAIL(&tmp_queue, control, next); 4465 m = control->data; 4466 while (m) { 4467 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4468 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 4469 } 4470 sctp_sbfree(control, stcb, &old_so->so_rcv, m); 4471 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4472 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4473 } 4474 m = SCTP_BUF_NEXT(m); 4475 } 4476 } 4477 } 4478 SCTP_INP_READ_UNLOCK(old_inp); 4479 /* Remove the sb-lock on the old socket */ 4480 4481 sbunlock(&old_so->so_rcv); 4482 /* Now we move them over to the new socket buffer */ 4483 SCTP_INP_READ_LOCK(new_inp); 4484 TAILQ_FOREACH_SAFE(control, &tmp_queue, next, nctl) { 4485 TAILQ_INSERT_TAIL(&new_inp->read_queue, control, next); 4486 m = control->data; 4487 while (m) { 4488 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4489 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m)); 4490 } 4491 sctp_sballoc(stcb, &new_so->so_rcv, m); 4492 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4493 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4494 } 4495 m = SCTP_BUF_NEXT(m); 4496 } 4497 } 4498 SCTP_INP_READ_UNLOCK(new_inp); 4499 } 4500 4501 void 4502 sctp_wakeup_the_read_socket(struct sctp_inpcb *inp, 4503 struct sctp_tcb *stcb, 4504 int so_locked 4505 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4506 SCTP_UNUSED 4507 #endif 4508 ) 4509 { 4510 if ((inp != NULL) && (inp->sctp_socket != NULL)) { 4511 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4512 struct socket *so; 4513 4514 so = SCTP_INP_SO(inp); 4515 if (!so_locked) { 4516 if (stcb) { 4517 atomic_add_int(&stcb->asoc.refcnt, 1); 4518 SCTP_TCB_UNLOCK(stcb); 4519 } 4520 SCTP_SOCKET_LOCK(so, 1); 4521 if (stcb) { 4522 SCTP_TCB_LOCK(stcb); 4523 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4524 } 4525 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 4526 SCTP_SOCKET_UNLOCK(so, 1); 4527 return; 4528 } 4529 } 4530 #endif 4531 sctp_sorwakeup(inp, inp->sctp_socket); 4532 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4533 if (!so_locked) { 4534 SCTP_SOCKET_UNLOCK(so, 1); 4535 } 4536 #endif 4537 } 4538 } 4539 4540 void 4541 sctp_add_to_readq(struct sctp_inpcb *inp, 4542 struct sctp_tcb *stcb, 4543 struct sctp_queued_to_read *control, 4544 struct sockbuf *sb, 4545 int end, 4546 int inp_read_lock_held, 4547 int so_locked 4548 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4549 SCTP_UNUSED 4550 #endif 4551 ) 4552 { 4553 /* 4554 * Here we must place the control on the end of the socket read 4555 * queue AND increment sb_cc so that select will work properly on 4556 * read. 4557 */ 4558 struct mbuf *m, *prev = NULL; 4559 4560 if (inp == NULL) { 4561 /* Gak, TSNH!! */ 4562 #ifdef INVARIANTS 4563 panic("Gak, inp NULL on add_to_readq"); 4564 #endif 4565 return; 4566 } 4567 if (inp_read_lock_held == 0) 4568 SCTP_INP_READ_LOCK(inp); 4569 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_CANT_READ) { 4570 sctp_free_remote_addr(control->whoFrom); 4571 if (control->data) { 4572 sctp_m_freem(control->data); 4573 control->data = NULL; 4574 } 4575 sctp_free_a_readq(stcb, control); 4576 if (inp_read_lock_held == 0) 4577 SCTP_INP_READ_UNLOCK(inp); 4578 return; 4579 } 4580 if (!(control->spec_flags & M_NOTIFICATION)) { 4581 atomic_add_int(&inp->total_recvs, 1); 4582 if (!control->do_not_ref_stcb) { 4583 atomic_add_int(&stcb->total_recvs, 1); 4584 } 4585 } 4586 m = control->data; 4587 control->held_length = 0; 4588 control->length = 0; 4589 while (m) { 4590 if (SCTP_BUF_LEN(m) == 0) { 4591 /* Skip mbufs with NO length */ 4592 if (prev == NULL) { 4593 /* First one */ 4594 control->data = sctp_m_free(m); 4595 m = control->data; 4596 } else { 4597 SCTP_BUF_NEXT(prev) = sctp_m_free(m); 4598 m = SCTP_BUF_NEXT(prev); 4599 } 4600 if (m == NULL) { 4601 control->tail_mbuf = prev; 4602 } 4603 continue; 4604 } 4605 prev = m; 4606 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4607 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m)); 4608 } 4609 sctp_sballoc(stcb, sb, m); 4610 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 4611 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4612 } 4613 atomic_add_int(&control->length, SCTP_BUF_LEN(m)); 4614 m = SCTP_BUF_NEXT(m); 4615 } 4616 if (prev != NULL) { 4617 control->tail_mbuf = prev; 4618 } else { 4619 /* Everything got collapsed out?? */ 4620 sctp_free_remote_addr(control->whoFrom); 4621 sctp_free_a_readq(stcb, control); 4622 if (inp_read_lock_held == 0) 4623 SCTP_INP_READ_UNLOCK(inp); 4624 return; 4625 } 4626 if (end) { 4627 control->end_added = 1; 4628 } 4629 TAILQ_INSERT_TAIL(&inp->read_queue, control, next); 4630 control->on_read_q = 1; 4631 if (inp_read_lock_held == 0) 4632 SCTP_INP_READ_UNLOCK(inp); 4633 if (inp && inp->sctp_socket) { 4634 sctp_wakeup_the_read_socket(inp, stcb, so_locked); 4635 } 4636 } 4637 4638 /*************HOLD THIS COMMENT FOR PATCH FILE OF 4639 *************ALTERNATE ROUTING CODE 4640 */ 4641 4642 /*************HOLD THIS COMMENT FOR END OF PATCH FILE OF 4643 *************ALTERNATE ROUTING CODE 4644 */ 4645 4646 struct mbuf * 4647 sctp_generate_cause(uint16_t code, char *info) 4648 { 4649 struct mbuf *m; 4650 struct sctp_gen_error_cause *cause; 4651 size_t info_len; 4652 uint16_t len; 4653 4654 if ((code == 0) || (info == NULL)) { 4655 return (NULL); 4656 } 4657 info_len = strlen(info); 4658 if (info_len > (SCTP_MAX_CAUSE_LENGTH - sizeof(struct sctp_paramhdr))) { 4659 return (NULL); 4660 } 4661 len = (uint16_t)(sizeof(struct sctp_paramhdr) + info_len); 4662 m = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); 4663 if (m != NULL) { 4664 SCTP_BUF_LEN(m) = len; 4665 cause = mtod(m, struct sctp_gen_error_cause *); 4666 cause->code = htons(code); 4667 cause->length = htons(len); 4668 memcpy(cause->info, info, info_len); 4669 } 4670 return (m); 4671 } 4672 4673 struct mbuf * 4674 sctp_generate_no_user_data_cause(uint32_t tsn) 4675 { 4676 struct mbuf *m; 4677 struct sctp_error_no_user_data *no_user_data_cause; 4678 uint16_t len; 4679 4680 len = (uint16_t)sizeof(struct sctp_error_no_user_data); 4681 m = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); 4682 if (m != NULL) { 4683 SCTP_BUF_LEN(m) = len; 4684 no_user_data_cause = mtod(m, struct sctp_error_no_user_data *); 4685 no_user_data_cause->cause.code = htons(SCTP_CAUSE_NO_USER_DATA); 4686 no_user_data_cause->cause.length = htons(len); 4687 no_user_data_cause->tsn = htonl(tsn); 4688 } 4689 return (m); 4690 } 4691 4692 #ifdef SCTP_MBCNT_LOGGING 4693 void 4694 sctp_free_bufspace(struct sctp_tcb *stcb, struct sctp_association *asoc, 4695 struct sctp_tmit_chunk *tp1, int chk_cnt) 4696 { 4697 if (tp1->data == NULL) { 4698 return; 4699 } 4700 asoc->chunks_on_out_queue -= chk_cnt; 4701 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBCNT_LOGGING_ENABLE) { 4702 sctp_log_mbcnt(SCTP_LOG_MBCNT_DECREASE, 4703 asoc->total_output_queue_size, 4704 tp1->book_size, 4705 0, 4706 tp1->mbcnt); 4707 } 4708 if (asoc->total_output_queue_size >= tp1->book_size) { 4709 atomic_add_int(&asoc->total_output_queue_size, -tp1->book_size); 4710 } else { 4711 asoc->total_output_queue_size = 0; 4712 } 4713 4714 if (stcb->sctp_socket && (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) || 4715 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)))) { 4716 if (stcb->sctp_socket->so_snd.sb_cc >= tp1->book_size) { 4717 stcb->sctp_socket->so_snd.sb_cc -= tp1->book_size; 4718 } else { 4719 stcb->sctp_socket->so_snd.sb_cc = 0; 4720 4721 } 4722 } 4723 } 4724 4725 #endif 4726 4727 int 4728 sctp_release_pr_sctp_chunk(struct sctp_tcb *stcb, struct sctp_tmit_chunk *tp1, 4729 uint8_t sent, int so_locked 4730 #if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4731 SCTP_UNUSED 4732 #endif 4733 ) 4734 { 4735 struct sctp_stream_out *strq; 4736 struct sctp_tmit_chunk *chk = NULL, *tp2; 4737 struct sctp_stream_queue_pending *sp; 4738 uint32_t mid; 4739 uint16_t sid; 4740 uint8_t foundeom = 0; 4741 int ret_sz = 0; 4742 int notdone; 4743 int do_wakeup_routine = 0; 4744 4745 sid = tp1->rec.data.sid; 4746 mid = tp1->rec.data.mid; 4747 if (sent || !(tp1->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG)) { 4748 stcb->asoc.abandoned_sent[0]++; 4749 stcb->asoc.abandoned_sent[PR_SCTP_POLICY(tp1->flags)]++; 4750 stcb->asoc.strmout[sid].abandoned_sent[0]++; 4751 #if defined(SCTP_DETAILED_STR_STATS) 4752 stcb->asoc.strmout[sid].abandoned_sent[PR_SCTP_POLICY(tp1->flags)]++; 4753 #endif 4754 } else { 4755 stcb->asoc.abandoned_unsent[0]++; 4756 stcb->asoc.abandoned_unsent[PR_SCTP_POLICY(tp1->flags)]++; 4757 stcb->asoc.strmout[sid].abandoned_unsent[0]++; 4758 #if defined(SCTP_DETAILED_STR_STATS) 4759 stcb->asoc.strmout[sid].abandoned_unsent[PR_SCTP_POLICY(tp1->flags)]++; 4760 #endif 4761 } 4762 do { 4763 ret_sz += tp1->book_size; 4764 if (tp1->data != NULL) { 4765 if (tp1->sent < SCTP_DATAGRAM_RESEND) { 4766 sctp_flight_size_decrease(tp1); 4767 sctp_total_flight_decrease(stcb, tp1); 4768 } 4769 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1); 4770 stcb->asoc.peers_rwnd += tp1->send_size; 4771 stcb->asoc.peers_rwnd += SCTP_BASE_SYSCTL(sctp_peer_chunk_oh); 4772 if (sent) { 4773 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 0, tp1, so_locked); 4774 } else { 4775 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 0, tp1, so_locked); 4776 } 4777 if (tp1->data) { 4778 sctp_m_freem(tp1->data); 4779 tp1->data = NULL; 4780 } 4781 do_wakeup_routine = 1; 4782 if (PR_SCTP_BUF_ENABLED(tp1->flags)) { 4783 stcb->asoc.sent_queue_cnt_removeable--; 4784 } 4785 } 4786 tp1->sent = SCTP_FORWARD_TSN_SKIP; 4787 if ((tp1->rec.data.rcv_flags & SCTP_DATA_NOT_FRAG) == 4788 SCTP_DATA_NOT_FRAG) { 4789 /* not frag'ed we ae done */ 4790 notdone = 0; 4791 foundeom = 1; 4792 } else if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { 4793 /* end of frag, we are done */ 4794 notdone = 0; 4795 foundeom = 1; 4796 } else { 4797 /* 4798 * Its a begin or middle piece, we must mark all of 4799 * it 4800 */ 4801 notdone = 1; 4802 tp1 = TAILQ_NEXT(tp1, sctp_next); 4803 } 4804 } while (tp1 && notdone); 4805 if (foundeom == 0) { 4806 /* 4807 * The multi-part message was scattered across the send and 4808 * sent queue. 4809 */ 4810 TAILQ_FOREACH_SAFE(tp1, &stcb->asoc.send_queue, sctp_next, tp2) { 4811 if ((tp1->rec.data.sid != sid) || 4812 (!SCTP_MID_EQ(stcb->asoc.idata_supported, tp1->rec.data.mid, mid))) { 4813 break; 4814 } 4815 /* 4816 * save to chk in case we have some on stream out 4817 * queue. If so and we have an un-transmitted one we 4818 * don't have to fudge the TSN. 4819 */ 4820 chk = tp1; 4821 ret_sz += tp1->book_size; 4822 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1); 4823 if (sent) { 4824 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 0, tp1, so_locked); 4825 } else { 4826 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 0, tp1, so_locked); 4827 } 4828 if (tp1->data) { 4829 sctp_m_freem(tp1->data); 4830 tp1->data = NULL; 4831 } 4832 /* No flight involved here book the size to 0 */ 4833 tp1->book_size = 0; 4834 if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { 4835 foundeom = 1; 4836 } 4837 do_wakeup_routine = 1; 4838 tp1->sent = SCTP_FORWARD_TSN_SKIP; 4839 TAILQ_REMOVE(&stcb->asoc.send_queue, tp1, sctp_next); 4840 /* 4841 * on to the sent queue so we can wait for it to be 4842 * passed by. 4843 */ 4844 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, tp1, 4845 sctp_next); 4846 stcb->asoc.send_queue_cnt--; 4847 stcb->asoc.sent_queue_cnt++; 4848 } 4849 } 4850 if (foundeom == 0) { 4851 /* 4852 * Still no eom found. That means there is stuff left on the 4853 * stream out queue.. yuck. 4854 */ 4855 SCTP_TCB_SEND_LOCK(stcb); 4856 strq = &stcb->asoc.strmout[sid]; 4857 sp = TAILQ_FIRST(&strq->outqueue); 4858 if (sp != NULL) { 4859 sp->discard_rest = 1; 4860 /* 4861 * We may need to put a chunk on the queue that 4862 * holds the TSN that would have been sent with the 4863 * LAST bit. 4864 */ 4865 if (chk == NULL) { 4866 /* Yep, we have to */ 4867 sctp_alloc_a_chunk(stcb, chk); 4868 if (chk == NULL) { 4869 /* 4870 * we are hosed. All we can do is 4871 * nothing.. which will cause an 4872 * abort if the peer is paying 4873 * attention. 4874 */ 4875 goto oh_well; 4876 } 4877 memset(chk, 0, sizeof(*chk)); 4878 chk->rec.data.rcv_flags = 0; 4879 chk->sent = SCTP_FORWARD_TSN_SKIP; 4880 chk->asoc = &stcb->asoc; 4881 if (stcb->asoc.idata_supported == 0) { 4882 if (sp->sinfo_flags & SCTP_UNORDERED) { 4883 chk->rec.data.mid = 0; 4884 } else { 4885 chk->rec.data.mid = strq->next_mid_ordered; 4886 } 4887 } else { 4888 if (sp->sinfo_flags & SCTP_UNORDERED) { 4889 chk->rec.data.mid = strq->next_mid_unordered; 4890 } else { 4891 chk->rec.data.mid = strq->next_mid_ordered; 4892 } 4893 } 4894 chk->rec.data.sid = sp->sid; 4895 chk->rec.data.ppid = sp->ppid; 4896 chk->rec.data.context = sp->context; 4897 chk->flags = sp->act_flags; 4898 chk->whoTo = NULL; 4899 chk->rec.data.tsn = atomic_fetchadd_int(&stcb->asoc.sending_seq, 1); 4900 strq->chunks_on_queues++; 4901 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, chk, sctp_next); 4902 stcb->asoc.sent_queue_cnt++; 4903 stcb->asoc.pr_sctp_cnt++; 4904 } 4905 chk->rec.data.rcv_flags |= SCTP_DATA_LAST_FRAG; 4906 if (sp->sinfo_flags & SCTP_UNORDERED) { 4907 chk->rec.data.rcv_flags |= SCTP_DATA_UNORDERED; 4908 } 4909 if (stcb->asoc.idata_supported == 0) { 4910 if ((sp->sinfo_flags & SCTP_UNORDERED) == 0) { 4911 strq->next_mid_ordered++; 4912 } 4913 } else { 4914 if (sp->sinfo_flags & SCTP_UNORDERED) { 4915 strq->next_mid_unordered++; 4916 } else { 4917 strq->next_mid_ordered++; 4918 } 4919 } 4920 oh_well: 4921 if (sp->data) { 4922 /* 4923 * Pull any data to free up the SB and allow 4924 * sender to "add more" while we will throw 4925 * away :-) 4926 */ 4927 sctp_free_spbufspace(stcb, &stcb->asoc, sp); 4928 ret_sz += sp->length; 4929 do_wakeup_routine = 1; 4930 sp->some_taken = 1; 4931 sctp_m_freem(sp->data); 4932 sp->data = NULL; 4933 sp->tail_mbuf = NULL; 4934 sp->length = 0; 4935 } 4936 } 4937 SCTP_TCB_SEND_UNLOCK(stcb); 4938 } 4939 if (do_wakeup_routine) { 4940 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4941 struct socket *so; 4942 4943 so = SCTP_INP_SO(stcb->sctp_ep); 4944 if (!so_locked) { 4945 atomic_add_int(&stcb->asoc.refcnt, 1); 4946 SCTP_TCB_UNLOCK(stcb); 4947 SCTP_SOCKET_LOCK(so, 1); 4948 SCTP_TCB_LOCK(stcb); 4949 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4950 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 4951 /* assoc was freed while we were unlocked */ 4952 SCTP_SOCKET_UNLOCK(so, 1); 4953 return (ret_sz); 4954 } 4955 } 4956 #endif 4957 sctp_sowwakeup(stcb->sctp_ep, stcb->sctp_socket); 4958 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4959 if (!so_locked) { 4960 SCTP_SOCKET_UNLOCK(so, 1); 4961 } 4962 #endif 4963 } 4964 return (ret_sz); 4965 } 4966 4967 /* 4968 * checks to see if the given address, sa, is one that is currently known by 4969 * the kernel note: can't distinguish the same address on multiple interfaces 4970 * and doesn't handle multiple addresses with different zone/scope id's note: 4971 * ifa_ifwithaddr() compares the entire sockaddr struct 4972 */ 4973 struct sctp_ifa * 4974 sctp_find_ifa_in_ep(struct sctp_inpcb *inp, struct sockaddr *addr, 4975 int holds_lock) 4976 { 4977 struct sctp_laddr *laddr; 4978 4979 if (holds_lock == 0) { 4980 SCTP_INP_RLOCK(inp); 4981 } 4982 4983 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 4984 if (laddr->ifa == NULL) 4985 continue; 4986 if (addr->sa_family != laddr->ifa->address.sa.sa_family) 4987 continue; 4988 #ifdef INET 4989 if (addr->sa_family == AF_INET) { 4990 if (((struct sockaddr_in *)addr)->sin_addr.s_addr == 4991 laddr->ifa->address.sin.sin_addr.s_addr) { 4992 /* found him. */ 4993 if (holds_lock == 0) { 4994 SCTP_INP_RUNLOCK(inp); 4995 } 4996 return (laddr->ifa); 4997 break; 4998 } 4999 } 5000 #endif 5001 #ifdef INET6 5002 if (addr->sa_family == AF_INET6) { 5003 if (SCTP6_ARE_ADDR_EQUAL((struct sockaddr_in6 *)addr, 5004 &laddr->ifa->address.sin6)) { 5005 /* found him. */ 5006 if (holds_lock == 0) { 5007 SCTP_INP_RUNLOCK(inp); 5008 } 5009 return (laddr->ifa); 5010 break; 5011 } 5012 } 5013 #endif 5014 } 5015 if (holds_lock == 0) { 5016 SCTP_INP_RUNLOCK(inp); 5017 } 5018 return (NULL); 5019 } 5020 5021 uint32_t 5022 sctp_get_ifa_hash_val(struct sockaddr *addr) 5023 { 5024 switch (addr->sa_family) { 5025 #ifdef INET 5026 case AF_INET: 5027 { 5028 struct sockaddr_in *sin; 5029 5030 sin = (struct sockaddr_in *)addr; 5031 return (sin->sin_addr.s_addr ^ (sin->sin_addr.s_addr >> 16)); 5032 } 5033 #endif 5034 #ifdef INET6 5035 case AF_INET6: 5036 { 5037 struct sockaddr_in6 *sin6; 5038 uint32_t hash_of_addr; 5039 5040 sin6 = (struct sockaddr_in6 *)addr; 5041 hash_of_addr = (sin6->sin6_addr.s6_addr32[0] + 5042 sin6->sin6_addr.s6_addr32[1] + 5043 sin6->sin6_addr.s6_addr32[2] + 5044 sin6->sin6_addr.s6_addr32[3]); 5045 hash_of_addr = (hash_of_addr ^ (hash_of_addr >> 16)); 5046 return (hash_of_addr); 5047 } 5048 #endif 5049 default: 5050 break; 5051 } 5052 return (0); 5053 } 5054 5055 struct sctp_ifa * 5056 sctp_find_ifa_by_addr(struct sockaddr *addr, uint32_t vrf_id, int holds_lock) 5057 { 5058 struct sctp_ifa *sctp_ifap; 5059 struct sctp_vrf *vrf; 5060 struct sctp_ifalist *hash_head; 5061 uint32_t hash_of_addr; 5062 5063 if (holds_lock == 0) 5064 SCTP_IPI_ADDR_RLOCK(); 5065 5066 vrf = sctp_find_vrf(vrf_id); 5067 if (vrf == NULL) { 5068 if (holds_lock == 0) 5069 SCTP_IPI_ADDR_RUNLOCK(); 5070 return (NULL); 5071 } 5072 5073 hash_of_addr = sctp_get_ifa_hash_val(addr); 5074 5075 hash_head = &vrf->vrf_addr_hash[(hash_of_addr & vrf->vrf_addr_hashmark)]; 5076 if (hash_head == NULL) { 5077 SCTP_PRINTF("hash_of_addr:%x mask:%x table:%x - ", 5078 hash_of_addr, (uint32_t)vrf->vrf_addr_hashmark, 5079 (uint32_t)(hash_of_addr & vrf->vrf_addr_hashmark)); 5080 sctp_print_address(addr); 5081 SCTP_PRINTF("No such bucket for address\n"); 5082 if (holds_lock == 0) 5083 SCTP_IPI_ADDR_RUNLOCK(); 5084 5085 return (NULL); 5086 } 5087 LIST_FOREACH(sctp_ifap, hash_head, next_bucket) { 5088 if (addr->sa_family != sctp_ifap->address.sa.sa_family) 5089 continue; 5090 #ifdef INET 5091 if (addr->sa_family == AF_INET) { 5092 if (((struct sockaddr_in *)addr)->sin_addr.s_addr == 5093 sctp_ifap->address.sin.sin_addr.s_addr) { 5094 /* found him. */ 5095 if (holds_lock == 0) 5096 SCTP_IPI_ADDR_RUNLOCK(); 5097 return (sctp_ifap); 5098 break; 5099 } 5100 } 5101 #endif 5102 #ifdef INET6 5103 if (addr->sa_family == AF_INET6) { 5104 if (SCTP6_ARE_ADDR_EQUAL((struct sockaddr_in6 *)addr, 5105 &sctp_ifap->address.sin6)) { 5106 /* found him. */ 5107 if (holds_lock == 0) 5108 SCTP_IPI_ADDR_RUNLOCK(); 5109 return (sctp_ifap); 5110 break; 5111 } 5112 } 5113 #endif 5114 } 5115 if (holds_lock == 0) 5116 SCTP_IPI_ADDR_RUNLOCK(); 5117 return (NULL); 5118 } 5119 5120 static void 5121 sctp_user_rcvd(struct sctp_tcb *stcb, uint32_t *freed_so_far, int hold_rlock, 5122 uint32_t rwnd_req) 5123 { 5124 /* User pulled some data, do we need a rwnd update? */ 5125 int r_unlocked = 0; 5126 uint32_t dif, rwnd; 5127 struct socket *so = NULL; 5128 5129 if (stcb == NULL) 5130 return; 5131 5132 atomic_add_int(&stcb->asoc.refcnt, 1); 5133 5134 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 5135 (stcb->asoc.state & (SCTP_STATE_ABOUT_TO_BE_FREED | SCTP_STATE_SHUTDOWN_RECEIVED))) { 5136 /* Pre-check If we are freeing no update */ 5137 goto no_lock; 5138 } 5139 SCTP_INP_INCR_REF(stcb->sctp_ep); 5140 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 5141 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 5142 goto out; 5143 } 5144 so = stcb->sctp_socket; 5145 if (so == NULL) { 5146 goto out; 5147 } 5148 atomic_add_int(&stcb->freed_by_sorcv_sincelast, *freed_so_far); 5149 /* Have you have freed enough to look */ 5150 *freed_so_far = 0; 5151 /* Yep, its worth a look and the lock overhead */ 5152 5153 /* Figure out what the rwnd would be */ 5154 rwnd = sctp_calc_rwnd(stcb, &stcb->asoc); 5155 if (rwnd >= stcb->asoc.my_last_reported_rwnd) { 5156 dif = rwnd - stcb->asoc.my_last_reported_rwnd; 5157 } else { 5158 dif = 0; 5159 } 5160 if (dif >= rwnd_req) { 5161 if (hold_rlock) { 5162 SCTP_INP_READ_UNLOCK(stcb->sctp_ep); 5163 r_unlocked = 1; 5164 } 5165 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5166 /* 5167 * One last check before we allow the guy possibly 5168 * to get in. There is a race, where the guy has not 5169 * reached the gate. In that case 5170 */ 5171 goto out; 5172 } 5173 SCTP_TCB_LOCK(stcb); 5174 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5175 /* No reports here */ 5176 SCTP_TCB_UNLOCK(stcb); 5177 goto out; 5178 } 5179 SCTP_STAT_INCR(sctps_wu_sacks_sent); 5180 sctp_send_sack(stcb, SCTP_SO_LOCKED); 5181 5182 sctp_chunk_output(stcb->sctp_ep, stcb, 5183 SCTP_OUTPUT_FROM_USR_RCVD, SCTP_SO_LOCKED); 5184 /* make sure no timer is running */ 5185 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, 5186 SCTP_FROM_SCTPUTIL + SCTP_LOC_6); 5187 SCTP_TCB_UNLOCK(stcb); 5188 } else { 5189 /* Update how much we have pending */ 5190 stcb->freed_by_sorcv_sincelast = dif; 5191 } 5192 out: 5193 if (so && r_unlocked && hold_rlock) { 5194 SCTP_INP_READ_LOCK(stcb->sctp_ep); 5195 } 5196 5197 SCTP_INP_DECR_REF(stcb->sctp_ep); 5198 no_lock: 5199 atomic_add_int(&stcb->asoc.refcnt, -1); 5200 return; 5201 } 5202 5203 int 5204 sctp_sorecvmsg(struct socket *so, 5205 struct uio *uio, 5206 struct mbuf **mp, 5207 struct sockaddr *from, 5208 int fromlen, 5209 int *msg_flags, 5210 struct sctp_sndrcvinfo *sinfo, 5211 int filling_sinfo) 5212 { 5213 /* 5214 * MSG flags we will look at MSG_DONTWAIT - non-blocking IO. 5215 * MSG_PEEK - Look don't touch :-D (only valid with OUT mbuf copy 5216 * mp=NULL thus uio is the copy method to userland) MSG_WAITALL - ?? 5217 * On the way out we may send out any combination of: 5218 * MSG_NOTIFICATION MSG_EOR 5219 * 5220 */ 5221 struct sctp_inpcb *inp = NULL; 5222 int my_len = 0; 5223 int cp_len = 0, error = 0; 5224 struct sctp_queued_to_read *control = NULL, *ctl = NULL, *nxt = NULL; 5225 struct mbuf *m = NULL; 5226 struct sctp_tcb *stcb = NULL; 5227 int wakeup_read_socket = 0; 5228 int freecnt_applied = 0; 5229 int out_flags = 0, in_flags = 0; 5230 int block_allowed = 1; 5231 uint32_t freed_so_far = 0; 5232 uint32_t copied_so_far = 0; 5233 int in_eeor_mode = 0; 5234 int no_rcv_needed = 0; 5235 uint32_t rwnd_req = 0; 5236 int hold_sblock = 0; 5237 int hold_rlock = 0; 5238 ssize_t slen = 0; 5239 uint32_t held_length = 0; 5240 int sockbuf_lock = 0; 5241 5242 if (uio == NULL) { 5243 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 5244 return (EINVAL); 5245 } 5246 5247 if (msg_flags) { 5248 in_flags = *msg_flags; 5249 if (in_flags & MSG_PEEK) 5250 SCTP_STAT_INCR(sctps_read_peeks); 5251 } else { 5252 in_flags = 0; 5253 } 5254 slen = uio->uio_resid; 5255 5256 /* Pull in and set up our int flags */ 5257 if (in_flags & MSG_OOB) { 5258 /* Out of band's NOT supported */ 5259 return (EOPNOTSUPP); 5260 } 5261 if ((in_flags & MSG_PEEK) && (mp != NULL)) { 5262 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 5263 return (EINVAL); 5264 } 5265 if ((in_flags & (MSG_DONTWAIT 5266 | MSG_NBIO 5267 )) || 5268 SCTP_SO_IS_NBIO(so)) { 5269 block_allowed = 0; 5270 } 5271 /* setup the endpoint */ 5272 inp = (struct sctp_inpcb *)so->so_pcb; 5273 if (inp == NULL) { 5274 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EFAULT); 5275 return (EFAULT); 5276 } 5277 rwnd_req = (SCTP_SB_LIMIT_RCV(so) >> SCTP_RWND_HIWAT_SHIFT); 5278 /* Must be at least a MTU's worth */ 5279 if (rwnd_req < SCTP_MIN_RWND) 5280 rwnd_req = SCTP_MIN_RWND; 5281 in_eeor_mode = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR); 5282 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 5283 sctp_misc_ints(SCTP_SORECV_ENTER, 5284 rwnd_req, in_eeor_mode, so->so_rcv.sb_cc, (uint32_t)uio->uio_resid); 5285 } 5286 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 5287 sctp_misc_ints(SCTP_SORECV_ENTERPL, 5288 rwnd_req, block_allowed, so->so_rcv.sb_cc, (uint32_t)uio->uio_resid); 5289 } 5290 5291 5292 error = sblock(&so->so_rcv, (block_allowed ? SBL_WAIT : 0)); 5293 if (error) { 5294 goto release_unlocked; 5295 } 5296 sockbuf_lock = 1; 5297 restart: 5298 5299 5300 restart_nosblocks: 5301 if (hold_sblock == 0) { 5302 SOCKBUF_LOCK(&so->so_rcv); 5303 hold_sblock = 1; 5304 } 5305 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 5306 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 5307 goto out; 5308 } 5309 if ((so->so_rcv.sb_state & SBS_CANTRCVMORE) && (so->so_rcv.sb_cc == 0)) { 5310 if (so->so_error) { 5311 error = so->so_error; 5312 if ((in_flags & MSG_PEEK) == 0) 5313 so->so_error = 0; 5314 goto out; 5315 } else { 5316 if (so->so_rcv.sb_cc == 0) { 5317 /* indicate EOF */ 5318 error = 0; 5319 goto out; 5320 } 5321 } 5322 } 5323 if (so->so_rcv.sb_cc <= held_length) { 5324 if (so->so_error) { 5325 error = so->so_error; 5326 if ((in_flags & MSG_PEEK) == 0) { 5327 so->so_error = 0; 5328 } 5329 goto out; 5330 } 5331 if ((so->so_rcv.sb_cc == 0) && 5332 ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 5333 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL))) { 5334 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0) { 5335 /* 5336 * For active open side clear flags for 5337 * re-use passive open is blocked by 5338 * connect. 5339 */ 5340 if (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED) { 5341 /* 5342 * You were aborted, passive side 5343 * always hits here 5344 */ 5345 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ECONNRESET); 5346 error = ECONNRESET; 5347 } 5348 so->so_state &= ~(SS_ISCONNECTING | 5349 SS_ISDISCONNECTING | 5350 SS_ISCONFIRMING | 5351 SS_ISCONNECTED); 5352 if (error == 0) { 5353 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) == 0) { 5354 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOTCONN); 5355 error = ENOTCONN; 5356 } 5357 } 5358 goto out; 5359 } 5360 } 5361 if (block_allowed) { 5362 error = sbwait(&so->so_rcv); 5363 if (error) { 5364 goto out; 5365 } 5366 held_length = 0; 5367 goto restart_nosblocks; 5368 } else { 5369 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EWOULDBLOCK); 5370 error = EWOULDBLOCK; 5371 goto out; 5372 } 5373 } 5374 if (hold_sblock == 1) { 5375 SOCKBUF_UNLOCK(&so->so_rcv); 5376 hold_sblock = 0; 5377 } 5378 /* we possibly have data we can read */ 5379 /* sa_ignore FREED_MEMORY */ 5380 control = TAILQ_FIRST(&inp->read_queue); 5381 if (control == NULL) { 5382 /* 5383 * This could be happening since the appender did the 5384 * increment but as not yet did the tailq insert onto the 5385 * read_queue 5386 */ 5387 if (hold_rlock == 0) { 5388 SCTP_INP_READ_LOCK(inp); 5389 } 5390 control = TAILQ_FIRST(&inp->read_queue); 5391 if ((control == NULL) && (so->so_rcv.sb_cc != 0)) { 5392 #ifdef INVARIANTS 5393 panic("Huh, its non zero and nothing on control?"); 5394 #endif 5395 so->so_rcv.sb_cc = 0; 5396 } 5397 SCTP_INP_READ_UNLOCK(inp); 5398 hold_rlock = 0; 5399 goto restart; 5400 } 5401 5402 if ((control->length == 0) && 5403 (control->do_not_ref_stcb)) { 5404 /* 5405 * Clean up code for freeing assoc that left behind a 5406 * pdapi.. maybe a peer in EEOR that just closed after 5407 * sending and never indicated a EOR. 5408 */ 5409 if (hold_rlock == 0) { 5410 hold_rlock = 1; 5411 SCTP_INP_READ_LOCK(inp); 5412 } 5413 control->held_length = 0; 5414 if (control->data) { 5415 /* Hmm there is data here .. fix */ 5416 struct mbuf *m_tmp; 5417 int cnt = 0; 5418 5419 m_tmp = control->data; 5420 while (m_tmp) { 5421 cnt += SCTP_BUF_LEN(m_tmp); 5422 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 5423 control->tail_mbuf = m_tmp; 5424 control->end_added = 1; 5425 } 5426 m_tmp = SCTP_BUF_NEXT(m_tmp); 5427 } 5428 control->length = cnt; 5429 } else { 5430 /* remove it */ 5431 TAILQ_REMOVE(&inp->read_queue, control, next); 5432 /* Add back any hiddend data */ 5433 sctp_free_remote_addr(control->whoFrom); 5434 sctp_free_a_readq(stcb, control); 5435 } 5436 if (hold_rlock) { 5437 hold_rlock = 0; 5438 SCTP_INP_READ_UNLOCK(inp); 5439 } 5440 goto restart; 5441 } 5442 if ((control->length == 0) && 5443 (control->end_added == 1)) { 5444 /* 5445 * Do we also need to check for (control->pdapi_aborted == 5446 * 1)? 5447 */ 5448 if (hold_rlock == 0) { 5449 hold_rlock = 1; 5450 SCTP_INP_READ_LOCK(inp); 5451 } 5452 TAILQ_REMOVE(&inp->read_queue, control, next); 5453 if (control->data) { 5454 #ifdef INVARIANTS 5455 panic("control->data not null but control->length == 0"); 5456 #else 5457 SCTP_PRINTF("Strange, data left in the control buffer. Cleaning up.\n"); 5458 sctp_m_freem(control->data); 5459 control->data = NULL; 5460 #endif 5461 } 5462 if (control->aux_data) { 5463 sctp_m_free(control->aux_data); 5464 control->aux_data = NULL; 5465 } 5466 #ifdef INVARIANTS 5467 if (control->on_strm_q) { 5468 panic("About to free ctl:%p so:%p and its in %d", 5469 control, so, control->on_strm_q); 5470 } 5471 #endif 5472 sctp_free_remote_addr(control->whoFrom); 5473 sctp_free_a_readq(stcb, control); 5474 if (hold_rlock) { 5475 hold_rlock = 0; 5476 SCTP_INP_READ_UNLOCK(inp); 5477 } 5478 goto restart; 5479 } 5480 if (control->length == 0) { 5481 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE)) && 5482 (filling_sinfo)) { 5483 /* find a more suitable one then this */ 5484 ctl = TAILQ_NEXT(control, next); 5485 while (ctl) { 5486 if ((ctl->stcb != control->stcb) && (ctl->length) && 5487 (ctl->some_taken || 5488 (ctl->spec_flags & M_NOTIFICATION) || 5489 ((ctl->do_not_ref_stcb == 0) && 5490 (ctl->stcb->asoc.strmin[ctl->sinfo_stream].delivery_started == 0))) 5491 ) { 5492 /*- 5493 * If we have a different TCB next, and there is data 5494 * present. If we have already taken some (pdapi), OR we can 5495 * ref the tcb and no delivery as started on this stream, we 5496 * take it. Note we allow a notification on a different 5497 * assoc to be delivered.. 5498 */ 5499 control = ctl; 5500 goto found_one; 5501 } else if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS)) && 5502 (ctl->length) && 5503 ((ctl->some_taken) || 5504 ((ctl->do_not_ref_stcb == 0) && 5505 ((ctl->spec_flags & M_NOTIFICATION) == 0) && 5506 (ctl->stcb->asoc.strmin[ctl->sinfo_stream].delivery_started == 0)))) { 5507 /*- 5508 * If we have the same tcb, and there is data present, and we 5509 * have the strm interleave feature present. Then if we have 5510 * taken some (pdapi) or we can refer to tht tcb AND we have 5511 * not started a delivery for this stream, we can take it. 5512 * Note we do NOT allow a notificaiton on the same assoc to 5513 * be delivered. 5514 */ 5515 control = ctl; 5516 goto found_one; 5517 } 5518 ctl = TAILQ_NEXT(ctl, next); 5519 } 5520 } 5521 /* 5522 * if we reach here, not suitable replacement is available 5523 * <or> fragment interleave is NOT on. So stuff the sb_cc 5524 * into the our held count, and its time to sleep again. 5525 */ 5526 held_length = so->so_rcv.sb_cc; 5527 control->held_length = so->so_rcv.sb_cc; 5528 goto restart; 5529 } 5530 /* Clear the held length since there is something to read */ 5531 control->held_length = 0; 5532 found_one: 5533 /* 5534 * If we reach here, control has a some data for us to read off. 5535 * Note that stcb COULD be NULL. 5536 */ 5537 if (hold_rlock == 0) { 5538 hold_rlock = 1; 5539 SCTP_INP_READ_LOCK(inp); 5540 } 5541 control->some_taken++; 5542 stcb = control->stcb; 5543 if (stcb) { 5544 if ((control->do_not_ref_stcb == 0) && 5545 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED)) { 5546 if (freecnt_applied == 0) 5547 stcb = NULL; 5548 } else if (control->do_not_ref_stcb == 0) { 5549 /* you can't free it on me please */ 5550 /* 5551 * The lock on the socket buffer protects us so the 5552 * free code will stop. But since we used the 5553 * socketbuf lock and the sender uses the tcb_lock 5554 * to increment, we need to use the atomic add to 5555 * the refcnt 5556 */ 5557 if (freecnt_applied) { 5558 #ifdef INVARIANTS 5559 panic("refcnt already incremented"); 5560 #else 5561 SCTP_PRINTF("refcnt already incremented?\n"); 5562 #endif 5563 } else { 5564 atomic_add_int(&stcb->asoc.refcnt, 1); 5565 freecnt_applied = 1; 5566 } 5567 /* 5568 * Setup to remember how much we have not yet told 5569 * the peer our rwnd has opened up. Note we grab the 5570 * value from the tcb from last time. Note too that 5571 * sack sending clears this when a sack is sent, 5572 * which is fine. Once we hit the rwnd_req, we then 5573 * will go to the sctp_user_rcvd() that will not 5574 * lock until it KNOWs it MUST send a WUP-SACK. 5575 */ 5576 freed_so_far = stcb->freed_by_sorcv_sincelast; 5577 stcb->freed_by_sorcv_sincelast = 0; 5578 } 5579 } 5580 if (stcb && 5581 ((control->spec_flags & M_NOTIFICATION) == 0) && 5582 control->do_not_ref_stcb == 0) { 5583 stcb->asoc.strmin[control->sinfo_stream].delivery_started = 1; 5584 } 5585 5586 /* First lets get off the sinfo and sockaddr info */ 5587 if ((sinfo != NULL) && (filling_sinfo != 0)) { 5588 sinfo->sinfo_stream = control->sinfo_stream; 5589 sinfo->sinfo_ssn = (uint16_t)control->mid; 5590 sinfo->sinfo_flags = control->sinfo_flags; 5591 sinfo->sinfo_ppid = control->sinfo_ppid; 5592 sinfo->sinfo_context = control->sinfo_context; 5593 sinfo->sinfo_timetolive = control->sinfo_timetolive; 5594 sinfo->sinfo_tsn = control->sinfo_tsn; 5595 sinfo->sinfo_cumtsn = control->sinfo_cumtsn; 5596 sinfo->sinfo_assoc_id = control->sinfo_assoc_id; 5597 nxt = TAILQ_NEXT(control, next); 5598 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO) || 5599 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) { 5600 struct sctp_extrcvinfo *s_extra; 5601 5602 s_extra = (struct sctp_extrcvinfo *)sinfo; 5603 if ((nxt) && 5604 (nxt->length)) { 5605 s_extra->serinfo_next_flags = SCTP_NEXT_MSG_AVAIL; 5606 if (nxt->sinfo_flags & SCTP_UNORDERED) { 5607 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_IS_UNORDERED; 5608 } 5609 if (nxt->spec_flags & M_NOTIFICATION) { 5610 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_IS_NOTIFICATION; 5611 } 5612 s_extra->serinfo_next_aid = nxt->sinfo_assoc_id; 5613 s_extra->serinfo_next_length = nxt->length; 5614 s_extra->serinfo_next_ppid = nxt->sinfo_ppid; 5615 s_extra->serinfo_next_stream = nxt->sinfo_stream; 5616 if (nxt->tail_mbuf != NULL) { 5617 if (nxt->end_added) { 5618 s_extra->serinfo_next_flags |= SCTP_NEXT_MSG_ISCOMPLETE; 5619 } 5620 } 5621 } else { 5622 /* 5623 * we explicitly 0 this, since the memcpy 5624 * got some other things beyond the older 5625 * sinfo_ that is on the control's structure 5626 * :-D 5627 */ 5628 nxt = NULL; 5629 s_extra->serinfo_next_flags = SCTP_NO_NEXT_MSG; 5630 s_extra->serinfo_next_aid = 0; 5631 s_extra->serinfo_next_length = 0; 5632 s_extra->serinfo_next_ppid = 0; 5633 s_extra->serinfo_next_stream = 0; 5634 } 5635 } 5636 /* 5637 * update off the real current cum-ack, if we have an stcb. 5638 */ 5639 if ((control->do_not_ref_stcb == 0) && stcb) 5640 sinfo->sinfo_cumtsn = stcb->asoc.cumulative_tsn; 5641 /* 5642 * mask off the high bits, we keep the actual chunk bits in 5643 * there. 5644 */ 5645 sinfo->sinfo_flags &= 0x00ff; 5646 if ((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED) { 5647 sinfo->sinfo_flags |= SCTP_UNORDERED; 5648 } 5649 } 5650 #ifdef SCTP_ASOCLOG_OF_TSNS 5651 { 5652 int index, newindex; 5653 struct sctp_pcbtsn_rlog *entry; 5654 5655 do { 5656 index = inp->readlog_index; 5657 newindex = index + 1; 5658 if (newindex >= SCTP_READ_LOG_SIZE) { 5659 newindex = 0; 5660 } 5661 } while (atomic_cmpset_int(&inp->readlog_index, index, newindex) == 0); 5662 entry = &inp->readlog[index]; 5663 entry->vtag = control->sinfo_assoc_id; 5664 entry->strm = control->sinfo_stream; 5665 entry->seq = (uint16_t)control->mid; 5666 entry->sz = control->length; 5667 entry->flgs = control->sinfo_flags; 5668 } 5669 #endif 5670 if ((fromlen > 0) && (from != NULL)) { 5671 union sctp_sockstore store; 5672 size_t len; 5673 5674 switch (control->whoFrom->ro._l_addr.sa.sa_family) { 5675 #ifdef INET6 5676 case AF_INET6: 5677 len = sizeof(struct sockaddr_in6); 5678 store.sin6 = control->whoFrom->ro._l_addr.sin6; 5679 store.sin6.sin6_port = control->port_from; 5680 break; 5681 #endif 5682 #ifdef INET 5683 case AF_INET: 5684 #ifdef INET6 5685 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NEEDS_MAPPED_V4)) { 5686 len = sizeof(struct sockaddr_in6); 5687 in6_sin_2_v4mapsin6(&control->whoFrom->ro._l_addr.sin, 5688 &store.sin6); 5689 store.sin6.sin6_port = control->port_from; 5690 } else { 5691 len = sizeof(struct sockaddr_in); 5692 store.sin = control->whoFrom->ro._l_addr.sin; 5693 store.sin.sin_port = control->port_from; 5694 } 5695 #else 5696 len = sizeof(struct sockaddr_in); 5697 store.sin = control->whoFrom->ro._l_addr.sin; 5698 store.sin.sin_port = control->port_from; 5699 #endif 5700 break; 5701 #endif 5702 default: 5703 len = 0; 5704 break; 5705 } 5706 memcpy(from, &store, min((size_t)fromlen, len)); 5707 #ifdef INET6 5708 { 5709 struct sockaddr_in6 lsa6, *from6; 5710 5711 from6 = (struct sockaddr_in6 *)from; 5712 sctp_recover_scope_mac(from6, (&lsa6)); 5713 } 5714 #endif 5715 } 5716 if (hold_rlock) { 5717 SCTP_INP_READ_UNLOCK(inp); 5718 hold_rlock = 0; 5719 } 5720 if (hold_sblock) { 5721 SOCKBUF_UNLOCK(&so->so_rcv); 5722 hold_sblock = 0; 5723 } 5724 /* now copy out what data we can */ 5725 if (mp == NULL) { 5726 /* copy out each mbuf in the chain up to length */ 5727 get_more_data: 5728 m = control->data; 5729 while (m) { 5730 /* Move out all we can */ 5731 cp_len = (int)uio->uio_resid; 5732 my_len = (int)SCTP_BUF_LEN(m); 5733 if (cp_len > my_len) { 5734 /* not enough in this buf */ 5735 cp_len = my_len; 5736 } 5737 if (hold_rlock) { 5738 SCTP_INP_READ_UNLOCK(inp); 5739 hold_rlock = 0; 5740 } 5741 if (cp_len > 0) 5742 error = uiomove(mtod(m, char *), cp_len, uio); 5743 /* re-read */ 5744 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 5745 goto release; 5746 } 5747 5748 if ((control->do_not_ref_stcb == 0) && stcb && 5749 stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5750 no_rcv_needed = 1; 5751 } 5752 if (error) { 5753 /* error we are out of here */ 5754 goto release; 5755 } 5756 SCTP_INP_READ_LOCK(inp); 5757 hold_rlock = 1; 5758 if (cp_len == SCTP_BUF_LEN(m)) { 5759 if ((SCTP_BUF_NEXT(m) == NULL) && 5760 (control->end_added)) { 5761 out_flags |= MSG_EOR; 5762 if ((control->do_not_ref_stcb == 0) && 5763 (control->stcb != NULL) && 5764 ((control->spec_flags & M_NOTIFICATION) == 0)) 5765 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 5766 } 5767 if (control->spec_flags & M_NOTIFICATION) { 5768 out_flags |= MSG_NOTIFICATION; 5769 } 5770 /* we ate up the mbuf */ 5771 if (in_flags & MSG_PEEK) { 5772 /* just looking */ 5773 m = SCTP_BUF_NEXT(m); 5774 copied_so_far += cp_len; 5775 } else { 5776 /* dispose of the mbuf */ 5777 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5778 sctp_sblog(&so->so_rcv, 5779 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 5780 } 5781 sctp_sbfree(control, stcb, &so->so_rcv, m); 5782 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5783 sctp_sblog(&so->so_rcv, 5784 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 5785 } 5786 copied_so_far += cp_len; 5787 freed_so_far += cp_len; 5788 freed_so_far += MSIZE; 5789 atomic_subtract_int(&control->length, cp_len); 5790 control->data = sctp_m_free(m); 5791 m = control->data; 5792 /* 5793 * been through it all, must hold sb 5794 * lock ok to null tail 5795 */ 5796 if (control->data == NULL) { 5797 #ifdef INVARIANTS 5798 if ((control->end_added == 0) || 5799 (TAILQ_NEXT(control, next) == NULL)) { 5800 /* 5801 * If the end is not 5802 * added, OR the 5803 * next is NOT null 5804 * we MUST have the 5805 * lock. 5806 */ 5807 if (mtx_owned(&inp->inp_rdata_mtx) == 0) { 5808 panic("Hmm we don't own the lock?"); 5809 } 5810 } 5811 #endif 5812 control->tail_mbuf = NULL; 5813 #ifdef INVARIANTS 5814 if ((control->end_added) && ((out_flags & MSG_EOR) == 0)) { 5815 panic("end_added, nothing left and no MSG_EOR"); 5816 } 5817 #endif 5818 } 5819 } 5820 } else { 5821 /* Do we need to trim the mbuf? */ 5822 if (control->spec_flags & M_NOTIFICATION) { 5823 out_flags |= MSG_NOTIFICATION; 5824 } 5825 if ((in_flags & MSG_PEEK) == 0) { 5826 SCTP_BUF_RESV_UF(m, cp_len); 5827 SCTP_BUF_LEN(m) -= cp_len; 5828 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5829 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, cp_len); 5830 } 5831 atomic_subtract_int(&so->so_rcv.sb_cc, cp_len); 5832 if ((control->do_not_ref_stcb == 0) && 5833 stcb) { 5834 atomic_subtract_int(&stcb->asoc.sb_cc, cp_len); 5835 } 5836 copied_so_far += cp_len; 5837 freed_so_far += cp_len; 5838 freed_so_far += MSIZE; 5839 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 5840 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, 5841 SCTP_LOG_SBRESULT, 0); 5842 } 5843 atomic_subtract_int(&control->length, cp_len); 5844 } else { 5845 copied_so_far += cp_len; 5846 } 5847 } 5848 if ((out_flags & MSG_EOR) || (uio->uio_resid == 0)) { 5849 break; 5850 } 5851 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 5852 (control->do_not_ref_stcb == 0) && 5853 (freed_so_far >= rwnd_req)) { 5854 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5855 } 5856 } /* end while(m) */ 5857 /* 5858 * At this point we have looked at it all and we either have 5859 * a MSG_EOR/or read all the user wants... <OR> 5860 * control->length == 0. 5861 */ 5862 if ((out_flags & MSG_EOR) && ((in_flags & MSG_PEEK) == 0)) { 5863 /* we are done with this control */ 5864 if (control->length == 0) { 5865 if (control->data) { 5866 #ifdef INVARIANTS 5867 panic("control->data not null at read eor?"); 5868 #else 5869 SCTP_PRINTF("Strange, data left in the control buffer .. invarients would panic?\n"); 5870 sctp_m_freem(control->data); 5871 control->data = NULL; 5872 #endif 5873 } 5874 done_with_control: 5875 if (hold_rlock == 0) { 5876 SCTP_INP_READ_LOCK(inp); 5877 hold_rlock = 1; 5878 } 5879 TAILQ_REMOVE(&inp->read_queue, control, next); 5880 /* Add back any hiddend data */ 5881 if (control->held_length) { 5882 held_length = 0; 5883 control->held_length = 0; 5884 wakeup_read_socket = 1; 5885 } 5886 if (control->aux_data) { 5887 sctp_m_free(control->aux_data); 5888 control->aux_data = NULL; 5889 } 5890 no_rcv_needed = control->do_not_ref_stcb; 5891 sctp_free_remote_addr(control->whoFrom); 5892 control->data = NULL; 5893 #ifdef INVARIANTS 5894 if (control->on_strm_q) { 5895 panic("About to free ctl:%p so:%p and its in %d", 5896 control, so, control->on_strm_q); 5897 } 5898 #endif 5899 sctp_free_a_readq(stcb, control); 5900 control = NULL; 5901 if ((freed_so_far >= rwnd_req) && 5902 (no_rcv_needed == 0)) 5903 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5904 5905 } else { 5906 /* 5907 * The user did not read all of this 5908 * message, turn off the returned MSG_EOR 5909 * since we are leaving more behind on the 5910 * control to read. 5911 */ 5912 #ifdef INVARIANTS 5913 if (control->end_added && 5914 (control->data == NULL) && 5915 (control->tail_mbuf == NULL)) { 5916 panic("Gak, control->length is corrupt?"); 5917 } 5918 #endif 5919 no_rcv_needed = control->do_not_ref_stcb; 5920 out_flags &= ~MSG_EOR; 5921 } 5922 } 5923 if (out_flags & MSG_EOR) { 5924 goto release; 5925 } 5926 if ((uio->uio_resid == 0) || 5927 ((in_eeor_mode) && 5928 (copied_so_far >= (uint32_t)max(so->so_rcv.sb_lowat, 1)))) { 5929 goto release; 5930 } 5931 /* 5932 * If I hit here the receiver wants more and this message is 5933 * NOT done (pd-api). So two questions. Can we block? if not 5934 * we are done. Did the user NOT set MSG_WAITALL? 5935 */ 5936 if (block_allowed == 0) { 5937 goto release; 5938 } 5939 /* 5940 * We need to wait for more data a few things: - We don't 5941 * sbunlock() so we don't get someone else reading. - We 5942 * must be sure to account for the case where what is added 5943 * is NOT to our control when we wakeup. 5944 */ 5945 5946 /* 5947 * Do we need to tell the transport a rwnd update might be 5948 * needed before we go to sleep? 5949 */ 5950 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 5951 ((freed_so_far >= rwnd_req) && 5952 (control->do_not_ref_stcb == 0) && 5953 (no_rcv_needed == 0))) { 5954 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5955 } 5956 wait_some_more: 5957 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) { 5958 goto release; 5959 } 5960 5961 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) 5962 goto release; 5963 5964 if (hold_rlock == 1) { 5965 SCTP_INP_READ_UNLOCK(inp); 5966 hold_rlock = 0; 5967 } 5968 if (hold_sblock == 0) { 5969 SOCKBUF_LOCK(&so->so_rcv); 5970 hold_sblock = 1; 5971 } 5972 if ((copied_so_far) && (control->length == 0) && 5973 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE))) { 5974 goto release; 5975 } 5976 if (so->so_rcv.sb_cc <= control->held_length) { 5977 error = sbwait(&so->so_rcv); 5978 if (error) { 5979 goto release; 5980 } 5981 control->held_length = 0; 5982 } 5983 if (hold_sblock) { 5984 SOCKBUF_UNLOCK(&so->so_rcv); 5985 hold_sblock = 0; 5986 } 5987 if (control->length == 0) { 5988 /* still nothing here */ 5989 if (control->end_added == 1) { 5990 /* he aborted, or is done i.e.did a shutdown */ 5991 out_flags |= MSG_EOR; 5992 if (control->pdapi_aborted) { 5993 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0)) 5994 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 5995 5996 out_flags |= MSG_TRUNC; 5997 } else { 5998 if ((control->do_not_ref_stcb == 0) && ((control->spec_flags & M_NOTIFICATION) == 0)) 5999 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 6000 } 6001 goto done_with_control; 6002 } 6003 if (so->so_rcv.sb_cc > held_length) { 6004 control->held_length = so->so_rcv.sb_cc; 6005 held_length = 0; 6006 } 6007 goto wait_some_more; 6008 } else if (control->data == NULL) { 6009 /* 6010 * we must re-sync since data is probably being 6011 * added 6012 */ 6013 SCTP_INP_READ_LOCK(inp); 6014 if ((control->length > 0) && (control->data == NULL)) { 6015 /* 6016 * big trouble.. we have the lock and its 6017 * corrupt? 6018 */ 6019 #ifdef INVARIANTS 6020 panic("Impossible data==NULL length !=0"); 6021 #endif 6022 out_flags |= MSG_EOR; 6023 out_flags |= MSG_TRUNC; 6024 control->length = 0; 6025 SCTP_INP_READ_UNLOCK(inp); 6026 goto done_with_control; 6027 } 6028 SCTP_INP_READ_UNLOCK(inp); 6029 /* We will fall around to get more data */ 6030 } 6031 goto get_more_data; 6032 } else { 6033 /*- 6034 * Give caller back the mbuf chain, 6035 * store in uio_resid the length 6036 */ 6037 wakeup_read_socket = 0; 6038 if ((control->end_added == 0) || 6039 (TAILQ_NEXT(control, next) == NULL)) { 6040 /* Need to get rlock */ 6041 if (hold_rlock == 0) { 6042 SCTP_INP_READ_LOCK(inp); 6043 hold_rlock = 1; 6044 } 6045 } 6046 if (control->end_added) { 6047 out_flags |= MSG_EOR; 6048 if ((control->do_not_ref_stcb == 0) && 6049 (control->stcb != NULL) && 6050 ((control->spec_flags & M_NOTIFICATION) == 0)) 6051 control->stcb->asoc.strmin[control->sinfo_stream].delivery_started = 0; 6052 } 6053 if (control->spec_flags & M_NOTIFICATION) { 6054 out_flags |= MSG_NOTIFICATION; 6055 } 6056 uio->uio_resid = control->length; 6057 *mp = control->data; 6058 m = control->data; 6059 while (m) { 6060 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 6061 sctp_sblog(&so->so_rcv, 6062 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 6063 } 6064 sctp_sbfree(control, stcb, &so->so_rcv, m); 6065 freed_so_far += SCTP_BUF_LEN(m); 6066 freed_so_far += MSIZE; 6067 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SB_LOGGING_ENABLE) { 6068 sctp_sblog(&so->so_rcv, 6069 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 6070 } 6071 m = SCTP_BUF_NEXT(m); 6072 } 6073 control->data = control->tail_mbuf = NULL; 6074 control->length = 0; 6075 if (out_flags & MSG_EOR) { 6076 /* Done with this control */ 6077 goto done_with_control; 6078 } 6079 } 6080 release: 6081 if (hold_rlock == 1) { 6082 SCTP_INP_READ_UNLOCK(inp); 6083 hold_rlock = 0; 6084 } 6085 if (hold_sblock == 1) { 6086 SOCKBUF_UNLOCK(&so->so_rcv); 6087 hold_sblock = 0; 6088 } 6089 6090 sbunlock(&so->so_rcv); 6091 sockbuf_lock = 0; 6092 6093 release_unlocked: 6094 if (hold_sblock) { 6095 SOCKBUF_UNLOCK(&so->so_rcv); 6096 hold_sblock = 0; 6097 } 6098 if ((stcb) && (in_flags & MSG_PEEK) == 0) { 6099 if ((freed_so_far >= rwnd_req) && 6100 (control && (control->do_not_ref_stcb == 0)) && 6101 (no_rcv_needed == 0)) 6102 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 6103 } 6104 out: 6105 if (msg_flags) { 6106 *msg_flags = out_flags; 6107 } 6108 if (((out_flags & MSG_EOR) == 0) && 6109 ((in_flags & MSG_PEEK) == 0) && 6110 (sinfo) && 6111 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO) || 6112 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO))) { 6113 struct sctp_extrcvinfo *s_extra; 6114 6115 s_extra = (struct sctp_extrcvinfo *)sinfo; 6116 s_extra->serinfo_next_flags = SCTP_NO_NEXT_MSG; 6117 } 6118 if (hold_rlock == 1) { 6119 SCTP_INP_READ_UNLOCK(inp); 6120 } 6121 if (hold_sblock) { 6122 SOCKBUF_UNLOCK(&so->so_rcv); 6123 } 6124 if (sockbuf_lock) { 6125 sbunlock(&so->so_rcv); 6126 } 6127 6128 if (freecnt_applied) { 6129 /* 6130 * The lock on the socket buffer protects us so the free 6131 * code will stop. But since we used the socketbuf lock and 6132 * the sender uses the tcb_lock to increment, we need to use 6133 * the atomic add to the refcnt. 6134 */ 6135 if (stcb == NULL) { 6136 #ifdef INVARIANTS 6137 panic("stcb for refcnt has gone NULL?"); 6138 goto stage_left; 6139 #else 6140 goto stage_left; 6141 #endif 6142 } 6143 /* Save the value back for next time */ 6144 stcb->freed_by_sorcv_sincelast = freed_so_far; 6145 atomic_add_int(&stcb->asoc.refcnt, -1); 6146 } 6147 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_RECV_RWND_LOGGING_ENABLE) { 6148 if (stcb) { 6149 sctp_misc_ints(SCTP_SORECV_DONE, 6150 freed_so_far, 6151 (uint32_t)((uio) ? (slen - uio->uio_resid) : slen), 6152 stcb->asoc.my_rwnd, 6153 so->so_rcv.sb_cc); 6154 } else { 6155 sctp_misc_ints(SCTP_SORECV_DONE, 6156 freed_so_far, 6157 (uint32_t)((uio) ? (slen - uio->uio_resid) : slen), 6158 0, 6159 so->so_rcv.sb_cc); 6160 } 6161 } 6162 stage_left: 6163 if (wakeup_read_socket) { 6164 sctp_sorwakeup(inp, so); 6165 } 6166 return (error); 6167 } 6168 6169 6170 #ifdef SCTP_MBUF_LOGGING 6171 struct mbuf * 6172 sctp_m_free(struct mbuf *m) 6173 { 6174 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 6175 sctp_log_mb(m, SCTP_MBUF_IFREE); 6176 } 6177 return (m_free(m)); 6178 } 6179 6180 void 6181 sctp_m_freem(struct mbuf *mb) 6182 { 6183 while (mb != NULL) 6184 mb = sctp_m_free(mb); 6185 } 6186 6187 #endif 6188 6189 int 6190 sctp_dynamic_set_primary(struct sockaddr *sa, uint32_t vrf_id) 6191 { 6192 /* 6193 * Given a local address. For all associations that holds the 6194 * address, request a peer-set-primary. 6195 */ 6196 struct sctp_ifa *ifa; 6197 struct sctp_laddr *wi; 6198 6199 ifa = sctp_find_ifa_by_addr(sa, vrf_id, 0); 6200 if (ifa == NULL) { 6201 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, EADDRNOTAVAIL); 6202 return (EADDRNOTAVAIL); 6203 } 6204 /* 6205 * Now that we have the ifa we must awaken the iterator with this 6206 * message. 6207 */ 6208 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 6209 if (wi == NULL) { 6210 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTPUTIL, ENOMEM); 6211 return (ENOMEM); 6212 } 6213 /* Now incr the count and int wi structure */ 6214 SCTP_INCR_LADDR_COUNT(); 6215 memset(wi, 0, sizeof(*wi)); 6216 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time); 6217 wi->ifa = ifa; 6218 wi->action = SCTP_SET_PRIM_ADDR; 6219 atomic_add_int(&ifa->refcount, 1); 6220 6221 /* Now add it to the work queue */ 6222 SCTP_WQ_ADDR_LOCK(); 6223 /* 6224 * Should this really be a tailq? As it is we will process the 6225 * newest first :-0 6226 */ 6227 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); 6228 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 6229 (struct sctp_inpcb *)NULL, 6230 (struct sctp_tcb *)NULL, 6231 (struct sctp_nets *)NULL); 6232 SCTP_WQ_ADDR_UNLOCK(); 6233 return (0); 6234 } 6235 6236 6237 int 6238 sctp_soreceive(struct socket *so, 6239 struct sockaddr **psa, 6240 struct uio *uio, 6241 struct mbuf **mp0, 6242 struct mbuf **controlp, 6243 int *flagsp) 6244 { 6245 int error, fromlen; 6246 uint8_t sockbuf[256]; 6247 struct sockaddr *from; 6248 struct sctp_extrcvinfo sinfo; 6249 int filling_sinfo = 1; 6250 int flags; 6251 struct sctp_inpcb *inp; 6252 6253 inp = (struct sctp_inpcb *)so->so_pcb; 6254 /* pickup the assoc we are reading from */ 6255 if (inp == NULL) { 6256 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6257 return (EINVAL); 6258 } 6259 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT) && 6260 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVRCVINFO) && 6261 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) || 6262 (controlp == NULL)) { 6263 /* user does not want the sndrcv ctl */ 6264 filling_sinfo = 0; 6265 } 6266 if (psa) { 6267 from = (struct sockaddr *)sockbuf; 6268 fromlen = sizeof(sockbuf); 6269 from->sa_len = 0; 6270 } else { 6271 from = NULL; 6272 fromlen = 0; 6273 } 6274 6275 if (filling_sinfo) { 6276 memset(&sinfo, 0, sizeof(struct sctp_extrcvinfo)); 6277 } 6278 if (flagsp != NULL) { 6279 flags = *flagsp; 6280 } else { 6281 flags = 0; 6282 } 6283 error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, &flags, 6284 (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo); 6285 if (flagsp != NULL) { 6286 *flagsp = flags; 6287 } 6288 if (controlp != NULL) { 6289 /* copy back the sinfo in a CMSG format */ 6290 if (filling_sinfo && ((flags & MSG_NOTIFICATION) == 0)) { 6291 *controlp = sctp_build_ctl_nchunk(inp, 6292 (struct sctp_sndrcvinfo *)&sinfo); 6293 } else { 6294 *controlp = NULL; 6295 } 6296 } 6297 if (psa) { 6298 /* copy back the address info */ 6299 if (from && from->sa_len) { 6300 *psa = sodupsockaddr(from, M_NOWAIT); 6301 } else { 6302 *psa = NULL; 6303 } 6304 } 6305 return (error); 6306 } 6307 6308 6309 6310 6311 6312 int 6313 sctp_connectx_helper_add(struct sctp_tcb *stcb, struct sockaddr *addr, 6314 int totaddr, int *error) 6315 { 6316 int added = 0; 6317 int i; 6318 struct sctp_inpcb *inp; 6319 struct sockaddr *sa; 6320 size_t incr = 0; 6321 #ifdef INET 6322 struct sockaddr_in *sin; 6323 #endif 6324 #ifdef INET6 6325 struct sockaddr_in6 *sin6; 6326 #endif 6327 6328 sa = addr; 6329 inp = stcb->sctp_ep; 6330 *error = 0; 6331 for (i = 0; i < totaddr; i++) { 6332 switch (sa->sa_family) { 6333 #ifdef INET 6334 case AF_INET: 6335 incr = sizeof(struct sockaddr_in); 6336 sin = (struct sockaddr_in *)sa; 6337 if ((sin->sin_addr.s_addr == INADDR_ANY) || 6338 (sin->sin_addr.s_addr == INADDR_BROADCAST) || 6339 IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { 6340 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6341 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6342 SCTP_FROM_SCTPUTIL + SCTP_LOC_7); 6343 *error = EINVAL; 6344 goto out_now; 6345 } 6346 if (sctp_add_remote_addr(stcb, sa, NULL, stcb->asoc.port, 6347 SCTP_DONOT_SETSCOPE, 6348 SCTP_ADDR_IS_CONFIRMED)) { 6349 /* assoc gone no un-lock */ 6350 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOBUFS); 6351 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6352 SCTP_FROM_SCTPUTIL + SCTP_LOC_8); 6353 *error = ENOBUFS; 6354 goto out_now; 6355 } 6356 added++; 6357 break; 6358 #endif 6359 #ifdef INET6 6360 case AF_INET6: 6361 incr = sizeof(struct sockaddr_in6); 6362 sin6 = (struct sockaddr_in6 *)sa; 6363 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) || 6364 IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 6365 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6366 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6367 SCTP_FROM_SCTPUTIL + SCTP_LOC_9); 6368 *error = EINVAL; 6369 goto out_now; 6370 } 6371 if (sctp_add_remote_addr(stcb, sa, NULL, stcb->asoc.port, 6372 SCTP_DONOT_SETSCOPE, 6373 SCTP_ADDR_IS_CONFIRMED)) { 6374 /* assoc gone no un-lock */ 6375 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTPUTIL, ENOBUFS); 6376 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 6377 SCTP_FROM_SCTPUTIL + SCTP_LOC_10); 6378 *error = ENOBUFS; 6379 goto out_now; 6380 } 6381 added++; 6382 break; 6383 #endif 6384 default: 6385 break; 6386 } 6387 sa = (struct sockaddr *)((caddr_t)sa + incr); 6388 } 6389 out_now: 6390 return (added); 6391 } 6392 6393 struct sctp_tcb * 6394 sctp_connectx_helper_find(struct sctp_inpcb *inp, struct sockaddr *addr, 6395 unsigned int *totaddr, 6396 unsigned int *num_v4, unsigned int *num_v6, int *error, 6397 unsigned int limit, int *bad_addr) 6398 { 6399 struct sockaddr *sa; 6400 struct sctp_tcb *stcb = NULL; 6401 unsigned int incr, at, i; 6402 6403 at = 0; 6404 sa = addr; 6405 *error = *num_v6 = *num_v4 = 0; 6406 /* account and validate addresses */ 6407 for (i = 0; i < *totaddr; i++) { 6408 switch (sa->sa_family) { 6409 #ifdef INET 6410 case AF_INET: 6411 incr = (unsigned int)sizeof(struct sockaddr_in); 6412 if (sa->sa_len != incr) { 6413 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6414 *error = EINVAL; 6415 *bad_addr = 1; 6416 return (NULL); 6417 } 6418 (*num_v4) += 1; 6419 break; 6420 #endif 6421 #ifdef INET6 6422 case AF_INET6: 6423 { 6424 struct sockaddr_in6 *sin6; 6425 6426 sin6 = (struct sockaddr_in6 *)sa; 6427 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6428 /* Must be non-mapped for connectx */ 6429 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6430 *error = EINVAL; 6431 *bad_addr = 1; 6432 return (NULL); 6433 } 6434 incr = (unsigned int)sizeof(struct sockaddr_in6); 6435 if (sa->sa_len != incr) { 6436 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6437 *error = EINVAL; 6438 *bad_addr = 1; 6439 return (NULL); 6440 } 6441 (*num_v6) += 1; 6442 break; 6443 } 6444 #endif 6445 default: 6446 *totaddr = i; 6447 incr = 0; 6448 /* we are done */ 6449 break; 6450 } 6451 if (i == *totaddr) { 6452 break; 6453 } 6454 SCTP_INP_INCR_REF(inp); 6455 stcb = sctp_findassociation_ep_addr(&inp, sa, NULL, NULL, NULL); 6456 if (stcb != NULL) { 6457 /* Already have or am bring up an association */ 6458 return (stcb); 6459 } else { 6460 SCTP_INP_DECR_REF(inp); 6461 } 6462 if ((at + incr) > limit) { 6463 *totaddr = i; 6464 break; 6465 } 6466 sa = (struct sockaddr *)((caddr_t)sa + incr); 6467 } 6468 return ((struct sctp_tcb *)NULL); 6469 } 6470 6471 /* 6472 * sctp_bindx(ADD) for one address. 6473 * assumes all arguments are valid/checked by caller. 6474 */ 6475 void 6476 sctp_bindx_add_address(struct socket *so, struct sctp_inpcb *inp, 6477 struct sockaddr *sa, sctp_assoc_t assoc_id, 6478 uint32_t vrf_id, int *error, void *p) 6479 { 6480 struct sockaddr *addr_touse; 6481 #if defined(INET) && defined(INET6) 6482 struct sockaddr_in sin; 6483 #endif 6484 6485 /* see if we're bound all already! */ 6486 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6487 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6488 *error = EINVAL; 6489 return; 6490 } 6491 addr_touse = sa; 6492 #ifdef INET6 6493 if (sa->sa_family == AF_INET6) { 6494 #ifdef INET 6495 struct sockaddr_in6 *sin6; 6496 6497 #endif 6498 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6499 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6500 *error = EINVAL; 6501 return; 6502 } 6503 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 6504 /* can only bind v6 on PF_INET6 sockets */ 6505 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6506 *error = EINVAL; 6507 return; 6508 } 6509 #ifdef INET 6510 sin6 = (struct sockaddr_in6 *)addr_touse; 6511 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6512 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6513 SCTP_IPV6_V6ONLY(inp)) { 6514 /* can't bind v4-mapped on PF_INET sockets */ 6515 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6516 *error = EINVAL; 6517 return; 6518 } 6519 in6_sin6_2_sin(&sin, sin6); 6520 addr_touse = (struct sockaddr *)&sin; 6521 } 6522 #endif 6523 } 6524 #endif 6525 #ifdef INET 6526 if (sa->sa_family == AF_INET) { 6527 if (sa->sa_len != sizeof(struct sockaddr_in)) { 6528 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6529 *error = EINVAL; 6530 return; 6531 } 6532 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6533 SCTP_IPV6_V6ONLY(inp)) { 6534 /* can't bind v4 on PF_INET sockets */ 6535 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6536 *error = EINVAL; 6537 return; 6538 } 6539 } 6540 #endif 6541 if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) { 6542 if (p == NULL) { 6543 /* Can't get proc for Net/Open BSD */ 6544 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6545 *error = EINVAL; 6546 return; 6547 } 6548 *error = sctp_inpcb_bind(so, addr_touse, NULL, p); 6549 return; 6550 } 6551 /* 6552 * No locks required here since bind and mgmt_ep_sa all do their own 6553 * locking. If we do something for the FIX: below we may need to 6554 * lock in that case. 6555 */ 6556 if (assoc_id == 0) { 6557 /* add the address */ 6558 struct sctp_inpcb *lep; 6559 struct sockaddr_in *lsin = (struct sockaddr_in *)addr_touse; 6560 6561 /* validate the incoming port */ 6562 if ((lsin->sin_port != 0) && 6563 (lsin->sin_port != inp->sctp_lport)) { 6564 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6565 *error = EINVAL; 6566 return; 6567 } else { 6568 /* user specified 0 port, set it to existing port */ 6569 lsin->sin_port = inp->sctp_lport; 6570 } 6571 6572 lep = sctp_pcb_findep(addr_touse, 1, 0, vrf_id); 6573 if (lep != NULL) { 6574 /* 6575 * We must decrement the refcount since we have the 6576 * ep already and are binding. No remove going on 6577 * here. 6578 */ 6579 SCTP_INP_DECR_REF(lep); 6580 } 6581 if (lep == inp) { 6582 /* already bound to it.. ok */ 6583 return; 6584 } else if (lep == NULL) { 6585 ((struct sockaddr_in *)addr_touse)->sin_port = 0; 6586 *error = sctp_addr_mgmt_ep_sa(inp, addr_touse, 6587 SCTP_ADD_IP_ADDRESS, 6588 vrf_id, NULL); 6589 } else { 6590 *error = EADDRINUSE; 6591 } 6592 if (*error) 6593 return; 6594 } else { 6595 /* 6596 * FIX: decide whether we allow assoc based bindx 6597 */ 6598 } 6599 } 6600 6601 /* 6602 * sctp_bindx(DELETE) for one address. 6603 * assumes all arguments are valid/checked by caller. 6604 */ 6605 void 6606 sctp_bindx_delete_address(struct sctp_inpcb *inp, 6607 struct sockaddr *sa, sctp_assoc_t assoc_id, 6608 uint32_t vrf_id, int *error) 6609 { 6610 struct sockaddr *addr_touse; 6611 #if defined(INET) && defined(INET6) 6612 struct sockaddr_in sin; 6613 #endif 6614 6615 /* see if we're bound all already! */ 6616 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6617 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6618 *error = EINVAL; 6619 return; 6620 } 6621 addr_touse = sa; 6622 #ifdef INET6 6623 if (sa->sa_family == AF_INET6) { 6624 #ifdef INET 6625 struct sockaddr_in6 *sin6; 6626 #endif 6627 6628 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6629 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6630 *error = EINVAL; 6631 return; 6632 } 6633 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 6634 /* can only bind v6 on PF_INET6 sockets */ 6635 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6636 *error = EINVAL; 6637 return; 6638 } 6639 #ifdef INET 6640 sin6 = (struct sockaddr_in6 *)addr_touse; 6641 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6642 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6643 SCTP_IPV6_V6ONLY(inp)) { 6644 /* can't bind mapped-v4 on PF_INET sockets */ 6645 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6646 *error = EINVAL; 6647 return; 6648 } 6649 in6_sin6_2_sin(&sin, sin6); 6650 addr_touse = (struct sockaddr *)&sin; 6651 } 6652 #endif 6653 } 6654 #endif 6655 #ifdef INET 6656 if (sa->sa_family == AF_INET) { 6657 if (sa->sa_len != sizeof(struct sockaddr_in)) { 6658 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6659 *error = EINVAL; 6660 return; 6661 } 6662 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 6663 SCTP_IPV6_V6ONLY(inp)) { 6664 /* can't bind v4 on PF_INET sockets */ 6665 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTPUTIL, EINVAL); 6666 *error = EINVAL; 6667 return; 6668 } 6669 } 6670 #endif 6671 /* 6672 * No lock required mgmt_ep_sa does its own locking. If the FIX: 6673 * below is ever changed we may need to lock before calling 6674 * association level binding. 6675 */ 6676 if (assoc_id == 0) { 6677 /* delete the address */ 6678 *error = sctp_addr_mgmt_ep_sa(inp, addr_touse, 6679 SCTP_DEL_IP_ADDRESS, 6680 vrf_id, NULL); 6681 } else { 6682 /* 6683 * FIX: decide whether we allow assoc based bindx 6684 */ 6685 } 6686 } 6687 6688 /* 6689 * returns the valid local address count for an assoc, taking into account 6690 * all scoping rules 6691 */ 6692 int 6693 sctp_local_addr_count(struct sctp_tcb *stcb) 6694 { 6695 int loopback_scope; 6696 #if defined(INET) 6697 int ipv4_local_scope, ipv4_addr_legal; 6698 #endif 6699 #if defined (INET6) 6700 int local_scope, site_scope, ipv6_addr_legal; 6701 #endif 6702 struct sctp_vrf *vrf; 6703 struct sctp_ifn *sctp_ifn; 6704 struct sctp_ifa *sctp_ifa; 6705 int count = 0; 6706 6707 /* Turn on all the appropriate scopes */ 6708 loopback_scope = stcb->asoc.scope.loopback_scope; 6709 #if defined(INET) 6710 ipv4_local_scope = stcb->asoc.scope.ipv4_local_scope; 6711 ipv4_addr_legal = stcb->asoc.scope.ipv4_addr_legal; 6712 #endif 6713 #if defined(INET6) 6714 local_scope = stcb->asoc.scope.local_scope; 6715 site_scope = stcb->asoc.scope.site_scope; 6716 ipv6_addr_legal = stcb->asoc.scope.ipv6_addr_legal; 6717 #endif 6718 SCTP_IPI_ADDR_RLOCK(); 6719 vrf = sctp_find_vrf(stcb->asoc.vrf_id); 6720 if (vrf == NULL) { 6721 /* no vrf, no addresses */ 6722 SCTP_IPI_ADDR_RUNLOCK(); 6723 return (0); 6724 } 6725 6726 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6727 /* 6728 * bound all case: go through all ifns on the vrf 6729 */ 6730 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 6731 if ((loopback_scope == 0) && 6732 SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 6733 continue; 6734 } 6735 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 6736 if (sctp_is_addr_restricted(stcb, sctp_ifa)) 6737 continue; 6738 switch (sctp_ifa->address.sa.sa_family) { 6739 #ifdef INET 6740 case AF_INET: 6741 if (ipv4_addr_legal) { 6742 struct sockaddr_in *sin; 6743 6744 sin = &sctp_ifa->address.sin; 6745 if (sin->sin_addr.s_addr == 0) { 6746 /* 6747 * skip unspecified 6748 * addrs 6749 */ 6750 continue; 6751 } 6752 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, 6753 &sin->sin_addr) != 0) { 6754 continue; 6755 } 6756 if ((ipv4_local_scope == 0) && 6757 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 6758 continue; 6759 } 6760 /* count this one */ 6761 count++; 6762 } else { 6763 continue; 6764 } 6765 break; 6766 #endif 6767 #ifdef INET6 6768 case AF_INET6: 6769 if (ipv6_addr_legal) { 6770 struct sockaddr_in6 *sin6; 6771 6772 sin6 = &sctp_ifa->address.sin6; 6773 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 6774 continue; 6775 } 6776 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, 6777 &sin6->sin6_addr) != 0) { 6778 continue; 6779 } 6780 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 6781 if (local_scope == 0) 6782 continue; 6783 if (sin6->sin6_scope_id == 0) { 6784 if (sa6_recoverscope(sin6) != 0) 6785 /* 6786 * 6787 * bad 6788 * link 6789 * 6790 * local 6791 * 6792 * address 6793 */ 6794 continue; 6795 } 6796 } 6797 if ((site_scope == 0) && 6798 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 6799 continue; 6800 } 6801 /* count this one */ 6802 count++; 6803 } 6804 break; 6805 #endif 6806 default: 6807 /* TSNH */ 6808 break; 6809 } 6810 } 6811 } 6812 } else { 6813 /* 6814 * subset bound case 6815 */ 6816 struct sctp_laddr *laddr; 6817 6818 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, 6819 sctp_nxt_addr) { 6820 if (sctp_is_addr_restricted(stcb, laddr->ifa)) { 6821 continue; 6822 } 6823 /* count this one */ 6824 count++; 6825 } 6826 } 6827 SCTP_IPI_ADDR_RUNLOCK(); 6828 return (count); 6829 } 6830 6831 #if defined(SCTP_LOCAL_TRACE_BUF) 6832 6833 void 6834 sctp_log_trace(uint32_t subsys, const char *str SCTP_UNUSED, uint32_t a, uint32_t b, uint32_t c, uint32_t d, uint32_t e, uint32_t f) 6835 { 6836 uint32_t saveindex, newindex; 6837 6838 do { 6839 saveindex = SCTP_BASE_SYSCTL(sctp_log).index; 6840 if (saveindex >= SCTP_MAX_LOGGING_SIZE) { 6841 newindex = 1; 6842 } else { 6843 newindex = saveindex + 1; 6844 } 6845 } while (atomic_cmpset_int(&SCTP_BASE_SYSCTL(sctp_log).index, saveindex, newindex) == 0); 6846 if (saveindex >= SCTP_MAX_LOGGING_SIZE) { 6847 saveindex = 0; 6848 } 6849 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].timestamp = SCTP_GET_CYCLECOUNT; 6850 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].subsys = subsys; 6851 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[0] = a; 6852 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[1] = b; 6853 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[2] = c; 6854 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[3] = d; 6855 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[4] = e; 6856 SCTP_BASE_SYSCTL(sctp_log).entry[saveindex].params[5] = f; 6857 } 6858 6859 #endif 6860 static void 6861 sctp_recv_udp_tunneled_packet(struct mbuf *m, int off, struct inpcb *inp, 6862 const struct sockaddr *sa SCTP_UNUSED, void *ctx SCTP_UNUSED) 6863 { 6864 struct ip *iph; 6865 #ifdef INET6 6866 struct ip6_hdr *ip6; 6867 #endif 6868 struct mbuf *sp, *last; 6869 struct udphdr *uhdr; 6870 uint16_t port; 6871 6872 if ((m->m_flags & M_PKTHDR) == 0) { 6873 /* Can't handle one that is not a pkt hdr */ 6874 goto out; 6875 } 6876 /* Pull the src port */ 6877 iph = mtod(m, struct ip *); 6878 uhdr = (struct udphdr *)((caddr_t)iph + off); 6879 port = uhdr->uh_sport; 6880 /* 6881 * Split out the mbuf chain. Leave the IP header in m, place the 6882 * rest in the sp. 6883 */ 6884 sp = m_split(m, off, M_NOWAIT); 6885 if (sp == NULL) { 6886 /* Gak, drop packet, we can't do a split */ 6887 goto out; 6888 } 6889 if (sp->m_pkthdr.len < sizeof(struct udphdr) + sizeof(struct sctphdr)) { 6890 /* Gak, packet can't have an SCTP header in it - too small */ 6891 m_freem(sp); 6892 goto out; 6893 } 6894 /* Now pull up the UDP header and SCTP header together */ 6895 sp = m_pullup(sp, sizeof(struct udphdr) + sizeof(struct sctphdr)); 6896 if (sp == NULL) { 6897 /* Gak pullup failed */ 6898 goto out; 6899 } 6900 /* Trim out the UDP header */ 6901 m_adj(sp, sizeof(struct udphdr)); 6902 6903 /* Now reconstruct the mbuf chain */ 6904 for (last = m; last->m_next; last = last->m_next); 6905 last->m_next = sp; 6906 m->m_pkthdr.len += sp->m_pkthdr.len; 6907 /* 6908 * The CSUM_DATA_VALID flags indicates that the HW checked the UDP 6909 * checksum and it was valid. Since CSUM_DATA_VALID == 6910 * CSUM_SCTP_VALID this would imply that the HW also verified the 6911 * SCTP checksum. Therefore, clear the bit. 6912 */ 6913 SCTPDBG(SCTP_DEBUG_CRCOFFLOAD, 6914 "sctp_recv_udp_tunneled_packet(): Packet of length %d received on %s with csum_flags 0x%b.\n", 6915 m->m_pkthdr.len, 6916 if_name(m->m_pkthdr.rcvif), 6917 (int)m->m_pkthdr.csum_flags, CSUM_BITS); 6918 m->m_pkthdr.csum_flags &= ~CSUM_DATA_VALID; 6919 iph = mtod(m, struct ip *); 6920 switch (iph->ip_v) { 6921 #ifdef INET 6922 case IPVERSION: 6923 iph->ip_len = htons(ntohs(iph->ip_len) - sizeof(struct udphdr)); 6924 sctp_input_with_port(m, off, port); 6925 break; 6926 #endif 6927 #ifdef INET6 6928 case IPV6_VERSION >> 4: 6929 ip6 = mtod(m, struct ip6_hdr *); 6930 ip6->ip6_plen = htons(ntohs(ip6->ip6_plen) - sizeof(struct udphdr)); 6931 sctp6_input_with_port(&m, &off, port); 6932 break; 6933 #endif 6934 default: 6935 goto out; 6936 break; 6937 } 6938 return; 6939 out: 6940 m_freem(m); 6941 } 6942 6943 #ifdef INET 6944 static void 6945 sctp_recv_icmp_tunneled_packet(int cmd, struct sockaddr *sa, void *vip, void *ctx SCTP_UNUSED) 6946 { 6947 struct ip *outer_ip, *inner_ip; 6948 struct sctphdr *sh; 6949 struct icmp *icmp; 6950 struct udphdr *udp; 6951 struct sctp_inpcb *inp; 6952 struct sctp_tcb *stcb; 6953 struct sctp_nets *net; 6954 struct sctp_init_chunk *ch; 6955 struct sockaddr_in src, dst; 6956 uint8_t type, code; 6957 6958 inner_ip = (struct ip *)vip; 6959 icmp = (struct icmp *)((caddr_t)inner_ip - 6960 (sizeof(struct icmp) - sizeof(struct ip))); 6961 outer_ip = (struct ip *)((caddr_t)icmp - sizeof(struct ip)); 6962 if (ntohs(outer_ip->ip_len) < 6963 sizeof(struct ip) + 8 + (inner_ip->ip_hl << 2) + sizeof(struct udphdr) + 8) { 6964 return; 6965 } 6966 udp = (struct udphdr *)((caddr_t)inner_ip + (inner_ip->ip_hl << 2)); 6967 sh = (struct sctphdr *)(udp + 1); 6968 memset(&src, 0, sizeof(struct sockaddr_in)); 6969 src.sin_family = AF_INET; 6970 src.sin_len = sizeof(struct sockaddr_in); 6971 src.sin_port = sh->src_port; 6972 src.sin_addr = inner_ip->ip_src; 6973 memset(&dst, 0, sizeof(struct sockaddr_in)); 6974 dst.sin_family = AF_INET; 6975 dst.sin_len = sizeof(struct sockaddr_in); 6976 dst.sin_port = sh->dest_port; 6977 dst.sin_addr = inner_ip->ip_dst; 6978 /* 6979 * 'dst' holds the dest of the packet that failed to be sent. 'src' 6980 * holds our local endpoint address. Thus we reverse the dst and the 6981 * src in the lookup. 6982 */ 6983 inp = NULL; 6984 net = NULL; 6985 stcb = sctp_findassociation_addr_sa((struct sockaddr *)&dst, 6986 (struct sockaddr *)&src, 6987 &inp, &net, 1, 6988 SCTP_DEFAULT_VRFID); 6989 if ((stcb != NULL) && 6990 (net != NULL) && 6991 (inp != NULL)) { 6992 /* Check the UDP port numbers */ 6993 if ((udp->uh_dport != net->port) || 6994 (udp->uh_sport != htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)))) { 6995 SCTP_TCB_UNLOCK(stcb); 6996 return; 6997 } 6998 /* Check the verification tag */ 6999 if (ntohl(sh->v_tag) != 0) { 7000 /* 7001 * This must be the verification tag used for 7002 * sending out packets. We don't consider packets 7003 * reflecting the verification tag. 7004 */ 7005 if (ntohl(sh->v_tag) != stcb->asoc.peer_vtag) { 7006 SCTP_TCB_UNLOCK(stcb); 7007 return; 7008 } 7009 } else { 7010 if (ntohs(outer_ip->ip_len) >= 7011 sizeof(struct ip) + 7012 8 + (inner_ip->ip_hl << 2) + 8 + 20) { 7013 /* 7014 * In this case we can check if we got an 7015 * INIT chunk and if the initiate tag 7016 * matches. 7017 */ 7018 ch = (struct sctp_init_chunk *)(sh + 1); 7019 if ((ch->ch.chunk_type != SCTP_INITIATION) || 7020 (ntohl(ch->init.initiate_tag) != stcb->asoc.my_vtag)) { 7021 SCTP_TCB_UNLOCK(stcb); 7022 return; 7023 } 7024 } else { 7025 SCTP_TCB_UNLOCK(stcb); 7026 return; 7027 } 7028 } 7029 type = icmp->icmp_type; 7030 code = icmp->icmp_code; 7031 if ((type == ICMP_UNREACH) && 7032 (code == ICMP_UNREACH_PORT)) { 7033 code = ICMP_UNREACH_PROTOCOL; 7034 } 7035 sctp_notify(inp, stcb, net, type, code, 7036 ntohs(inner_ip->ip_len), 7037 (uint32_t)ntohs(icmp->icmp_nextmtu)); 7038 } else { 7039 if ((stcb == NULL) && (inp != NULL)) { 7040 /* reduce ref-count */ 7041 SCTP_INP_WLOCK(inp); 7042 SCTP_INP_DECR_REF(inp); 7043 SCTP_INP_WUNLOCK(inp); 7044 } 7045 if (stcb) { 7046 SCTP_TCB_UNLOCK(stcb); 7047 } 7048 } 7049 return; 7050 } 7051 #endif 7052 7053 #ifdef INET6 7054 static void 7055 sctp_recv_icmp6_tunneled_packet(int cmd, struct sockaddr *sa, void *d, void *ctx SCTP_UNUSED) 7056 { 7057 struct ip6ctlparam *ip6cp; 7058 struct sctp_inpcb *inp; 7059 struct sctp_tcb *stcb; 7060 struct sctp_nets *net; 7061 struct sctphdr sh; 7062 struct udphdr udp; 7063 struct sockaddr_in6 src, dst; 7064 uint8_t type, code; 7065 7066 ip6cp = (struct ip6ctlparam *)d; 7067 /* 7068 * XXX: We assume that when IPV6 is non NULL, M and OFF are valid. 7069 */ 7070 if (ip6cp->ip6c_m == NULL) { 7071 return; 7072 } 7073 /* 7074 * Check if we can safely examine the ports and the verification tag 7075 * of the SCTP common header. 7076 */ 7077 if (ip6cp->ip6c_m->m_pkthdr.len < 7078 ip6cp->ip6c_off + sizeof(struct udphdr) + offsetof(struct sctphdr, checksum)) { 7079 return; 7080 } 7081 /* Copy out the UDP header. */ 7082 memset(&udp, 0, sizeof(struct udphdr)); 7083 m_copydata(ip6cp->ip6c_m, 7084 ip6cp->ip6c_off, 7085 sizeof(struct udphdr), 7086 (caddr_t)&udp); 7087 /* Copy out the port numbers and the verification tag. */ 7088 memset(&sh, 0, sizeof(struct sctphdr)); 7089 m_copydata(ip6cp->ip6c_m, 7090 ip6cp->ip6c_off + sizeof(struct udphdr), 7091 sizeof(uint16_t) + sizeof(uint16_t) + sizeof(uint32_t), 7092 (caddr_t)&sh); 7093 memset(&src, 0, sizeof(struct sockaddr_in6)); 7094 src.sin6_family = AF_INET6; 7095 src.sin6_len = sizeof(struct sockaddr_in6); 7096 src.sin6_port = sh.src_port; 7097 src.sin6_addr = ip6cp->ip6c_ip6->ip6_src; 7098 if (in6_setscope(&src.sin6_addr, ip6cp->ip6c_m->m_pkthdr.rcvif, NULL) != 0) { 7099 return; 7100 } 7101 memset(&dst, 0, sizeof(struct sockaddr_in6)); 7102 dst.sin6_family = AF_INET6; 7103 dst.sin6_len = sizeof(struct sockaddr_in6); 7104 dst.sin6_port = sh.dest_port; 7105 dst.sin6_addr = ip6cp->ip6c_ip6->ip6_dst; 7106 if (in6_setscope(&dst.sin6_addr, ip6cp->ip6c_m->m_pkthdr.rcvif, NULL) != 0) { 7107 return; 7108 } 7109 inp = NULL; 7110 net = NULL; 7111 stcb = sctp_findassociation_addr_sa((struct sockaddr *)&dst, 7112 (struct sockaddr *)&src, 7113 &inp, &net, 1, SCTP_DEFAULT_VRFID); 7114 if ((stcb != NULL) && 7115 (net != NULL) && 7116 (inp != NULL)) { 7117 /* Check the UDP port numbers */ 7118 if ((udp.uh_dport != net->port) || 7119 (udp.uh_sport != htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)))) { 7120 SCTP_TCB_UNLOCK(stcb); 7121 return; 7122 } 7123 /* Check the verification tag */ 7124 if (ntohl(sh.v_tag) != 0) { 7125 /* 7126 * This must be the verification tag used for 7127 * sending out packets. We don't consider packets 7128 * reflecting the verification tag. 7129 */ 7130 if (ntohl(sh.v_tag) != stcb->asoc.peer_vtag) { 7131 SCTP_TCB_UNLOCK(stcb); 7132 return; 7133 } 7134 } else { 7135 if (ip6cp->ip6c_m->m_pkthdr.len >= 7136 ip6cp->ip6c_off + sizeof(struct udphdr) + 7137 sizeof(struct sctphdr) + 7138 sizeof(struct sctp_chunkhdr) + 7139 offsetof(struct sctp_init, a_rwnd)) { 7140 /* 7141 * In this case we can check if we got an 7142 * INIT chunk and if the initiate tag 7143 * matches. 7144 */ 7145 uint32_t initiate_tag; 7146 uint8_t chunk_type; 7147 7148 m_copydata(ip6cp->ip6c_m, 7149 ip6cp->ip6c_off + 7150 sizeof(struct udphdr) + 7151 sizeof(struct sctphdr), 7152 sizeof(uint8_t), 7153 (caddr_t)&chunk_type); 7154 m_copydata(ip6cp->ip6c_m, 7155 ip6cp->ip6c_off + 7156 sizeof(struct udphdr) + 7157 sizeof(struct sctphdr) + 7158 sizeof(struct sctp_chunkhdr), 7159 sizeof(uint32_t), 7160 (caddr_t)&initiate_tag); 7161 if ((chunk_type != SCTP_INITIATION) || 7162 (ntohl(initiate_tag) != stcb->asoc.my_vtag)) { 7163 SCTP_TCB_UNLOCK(stcb); 7164 return; 7165 } 7166 } else { 7167 SCTP_TCB_UNLOCK(stcb); 7168 return; 7169 } 7170 } 7171 type = ip6cp->ip6c_icmp6->icmp6_type; 7172 code = ip6cp->ip6c_icmp6->icmp6_code; 7173 if ((type == ICMP6_DST_UNREACH) && 7174 (code == ICMP6_DST_UNREACH_NOPORT)) { 7175 type = ICMP6_PARAM_PROB; 7176 code = ICMP6_PARAMPROB_NEXTHEADER; 7177 } 7178 sctp6_notify(inp, stcb, net, type, code, 7179 ntohl(ip6cp->ip6c_icmp6->icmp6_mtu)); 7180 } else { 7181 if ((stcb == NULL) && (inp != NULL)) { 7182 /* reduce inp's ref-count */ 7183 SCTP_INP_WLOCK(inp); 7184 SCTP_INP_DECR_REF(inp); 7185 SCTP_INP_WUNLOCK(inp); 7186 } 7187 if (stcb) { 7188 SCTP_TCB_UNLOCK(stcb); 7189 } 7190 } 7191 } 7192 #endif 7193 7194 void 7195 sctp_over_udp_stop(void) 7196 { 7197 /* 7198 * This function assumes sysctl caller holds sctp_sysctl_info_lock() 7199 * for writting! 7200 */ 7201 #ifdef INET 7202 if (SCTP_BASE_INFO(udp4_tun_socket) != NULL) { 7203 soclose(SCTP_BASE_INFO(udp4_tun_socket)); 7204 SCTP_BASE_INFO(udp4_tun_socket) = NULL; 7205 } 7206 #endif 7207 #ifdef INET6 7208 if (SCTP_BASE_INFO(udp6_tun_socket) != NULL) { 7209 soclose(SCTP_BASE_INFO(udp6_tun_socket)); 7210 SCTP_BASE_INFO(udp6_tun_socket) = NULL; 7211 } 7212 #endif 7213 } 7214 7215 int 7216 sctp_over_udp_start(void) 7217 { 7218 uint16_t port; 7219 int ret; 7220 #ifdef INET 7221 struct sockaddr_in sin; 7222 #endif 7223 #ifdef INET6 7224 struct sockaddr_in6 sin6; 7225 #endif 7226 /* 7227 * This function assumes sysctl caller holds sctp_sysctl_info_lock() 7228 * for writting! 7229 */ 7230 port = SCTP_BASE_SYSCTL(sctp_udp_tunneling_port); 7231 if (ntohs(port) == 0) { 7232 /* Must have a port set */ 7233 return (EINVAL); 7234 } 7235 #ifdef INET 7236 if (SCTP_BASE_INFO(udp4_tun_socket) != NULL) { 7237 /* Already running -- must stop first */ 7238 return (EALREADY); 7239 } 7240 #endif 7241 #ifdef INET6 7242 if (SCTP_BASE_INFO(udp6_tun_socket) != NULL) { 7243 /* Already running -- must stop first */ 7244 return (EALREADY); 7245 } 7246 #endif 7247 #ifdef INET 7248 if ((ret = socreate(PF_INET, &SCTP_BASE_INFO(udp4_tun_socket), 7249 SOCK_DGRAM, IPPROTO_UDP, 7250 curthread->td_ucred, curthread))) { 7251 sctp_over_udp_stop(); 7252 return (ret); 7253 } 7254 /* Call the special UDP hook. */ 7255 if ((ret = udp_set_kernel_tunneling(SCTP_BASE_INFO(udp4_tun_socket), 7256 sctp_recv_udp_tunneled_packet, 7257 sctp_recv_icmp_tunneled_packet, 7258 NULL))) { 7259 sctp_over_udp_stop(); 7260 return (ret); 7261 } 7262 /* Ok, we have a socket, bind it to the port. */ 7263 memset(&sin, 0, sizeof(struct sockaddr_in)); 7264 sin.sin_len = sizeof(struct sockaddr_in); 7265 sin.sin_family = AF_INET; 7266 sin.sin_port = htons(port); 7267 if ((ret = sobind(SCTP_BASE_INFO(udp4_tun_socket), 7268 (struct sockaddr *)&sin, curthread))) { 7269 sctp_over_udp_stop(); 7270 return (ret); 7271 } 7272 #endif 7273 #ifdef INET6 7274 if ((ret = socreate(PF_INET6, &SCTP_BASE_INFO(udp6_tun_socket), 7275 SOCK_DGRAM, IPPROTO_UDP, 7276 curthread->td_ucred, curthread))) { 7277 sctp_over_udp_stop(); 7278 return (ret); 7279 } 7280 /* Call the special UDP hook. */ 7281 if ((ret = udp_set_kernel_tunneling(SCTP_BASE_INFO(udp6_tun_socket), 7282 sctp_recv_udp_tunneled_packet, 7283 sctp_recv_icmp6_tunneled_packet, 7284 NULL))) { 7285 sctp_over_udp_stop(); 7286 return (ret); 7287 } 7288 /* Ok, we have a socket, bind it to the port. */ 7289 memset(&sin6, 0, sizeof(struct sockaddr_in6)); 7290 sin6.sin6_len = sizeof(struct sockaddr_in6); 7291 sin6.sin6_family = AF_INET6; 7292 sin6.sin6_port = htons(port); 7293 if ((ret = sobind(SCTP_BASE_INFO(udp6_tun_socket), 7294 (struct sockaddr *)&sin6, curthread))) { 7295 sctp_over_udp_stop(); 7296 return (ret); 7297 } 7298 #endif 7299 return (0); 7300 } 7301 7302 /* 7303 * sctp_min_mtu ()returns the minimum of all non-zero arguments. 7304 * If all arguments are zero, zero is returned. 7305 */ 7306 uint32_t 7307 sctp_min_mtu(uint32_t mtu1, uint32_t mtu2, uint32_t mtu3) 7308 { 7309 if (mtu1 > 0) { 7310 if (mtu2 > 0) { 7311 if (mtu3 > 0) { 7312 return (min(mtu1, min(mtu2, mtu3))); 7313 } else { 7314 return (min(mtu1, mtu2)); 7315 } 7316 } else { 7317 if (mtu3 > 0) { 7318 return (min(mtu1, mtu3)); 7319 } else { 7320 return (mtu1); 7321 } 7322 } 7323 } else { 7324 if (mtu2 > 0) { 7325 if (mtu3 > 0) { 7326 return (min(mtu2, mtu3)); 7327 } else { 7328 return (mtu2); 7329 } 7330 } else { 7331 return (mtu3); 7332 } 7333 } 7334 } 7335 7336 void 7337 sctp_hc_set_mtu(union sctp_sockstore *addr, uint16_t fibnum, uint32_t mtu) 7338 { 7339 struct in_conninfo inc; 7340 7341 memset(&inc, 0, sizeof(struct in_conninfo)); 7342 inc.inc_fibnum = fibnum; 7343 switch (addr->sa.sa_family) { 7344 #ifdef INET 7345 case AF_INET: 7346 inc.inc_faddr = addr->sin.sin_addr; 7347 break; 7348 #endif 7349 #ifdef INET6 7350 case AF_INET6: 7351 inc.inc_flags |= INC_ISIPV6; 7352 inc.inc6_faddr = addr->sin6.sin6_addr; 7353 break; 7354 #endif 7355 default: 7356 return; 7357 } 7358 tcp_hc_updatemtu(&inc, (u_long)mtu); 7359 } 7360 7361 uint32_t 7362 sctp_hc_get_mtu(union sctp_sockstore *addr, uint16_t fibnum) 7363 { 7364 struct in_conninfo inc; 7365 7366 memset(&inc, 0, sizeof(struct in_conninfo)); 7367 inc.inc_fibnum = fibnum; 7368 switch (addr->sa.sa_family) { 7369 #ifdef INET 7370 case AF_INET: 7371 inc.inc_faddr = addr->sin.sin_addr; 7372 break; 7373 #endif 7374 #ifdef INET6 7375 case AF_INET6: 7376 inc.inc_flags |= INC_ISIPV6; 7377 inc.inc6_faddr = addr->sin6.sin6_addr; 7378 break; 7379 #endif 7380 default: 7381 return (0); 7382 } 7383 return ((uint32_t)tcp_hc_getmtu(&inc)); 7384 } 7385 7386 void 7387 sctp_set_state(struct sctp_tcb *stcb, int new_state) 7388 { 7389 #if defined(KDTRACE_HOOKS) 7390 int old_state = stcb->asoc.state; 7391 #endif 7392 7393 KASSERT((new_state & ~SCTP_STATE_MASK) == 0, 7394 ("sctp_set_state: Can't set substate (new_state = %x)", 7395 new_state)); 7396 stcb->asoc.state = (stcb->asoc.state & ~SCTP_STATE_MASK) | new_state; 7397 if ((new_state == SCTP_STATE_SHUTDOWN_RECEIVED) || 7398 (new_state == SCTP_STATE_SHUTDOWN_SENT) || 7399 (new_state == SCTP_STATE_SHUTDOWN_ACK_SENT)) { 7400 SCTP_CLEAR_SUBSTATE(stcb, SCTP_STATE_SHUTDOWN_PENDING); 7401 } 7402 #if defined(KDTRACE_HOOKS) 7403 if (((old_state & SCTP_STATE_MASK) != new_state) && 7404 !(((old_state & SCTP_STATE_MASK) == SCTP_STATE_EMPTY) && 7405 (new_state == SCTP_STATE_INUSE))) { 7406 SCTP_PROBE6(state__change, NULL, stcb, NULL, stcb, NULL, old_state); 7407 } 7408 #endif 7409 } 7410 7411 void 7412 sctp_add_substate(struct sctp_tcb *stcb, int substate) 7413 { 7414 #if defined(KDTRACE_HOOKS) 7415 int old_state = stcb->asoc.state; 7416 #endif 7417 7418 KASSERT((substate & SCTP_STATE_MASK) == 0, 7419 ("sctp_add_substate: Can't set state (substate = %x)", 7420 substate)); 7421 stcb->asoc.state |= substate; 7422 #if defined(KDTRACE_HOOKS) 7423 if (((substate & SCTP_STATE_ABOUT_TO_BE_FREED) && 7424 ((old_state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) || 7425 ((substate & SCTP_STATE_SHUTDOWN_PENDING) && 7426 ((old_state & SCTP_STATE_SHUTDOWN_PENDING) == 0))) { 7427 SCTP_PROBE6(state__change, NULL, stcb, NULL, stcb, NULL, old_state); 7428 } 7429 #endif 7430 } 7431