1 /*- 2 * Copyright (c) 2001-2006, Cisco Systems, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * a) Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * b) Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the distribution. 13 * 14 * c) Neither the name of Cisco Systems, Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 20 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 28 * THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 /* $KAME: sctputil.c,v 1.37 2005/03/07 23:26:09 itojun Exp $ */ 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 37 #include "opt_ipsec.h" 38 #include "opt_compat.h" 39 #include "opt_inet6.h" 40 #include "opt_inet.h" 41 #include "opt_sctp.h" 42 43 #include <sys/param.h> 44 #include <sys/systm.h> 45 #include <sys/fcntl.h> 46 #include <sys/lock.h> 47 #include <sys/malloc.h> 48 #include <sys/mbuf.h> 49 #include <sys/domain.h> 50 #include <sys/file.h> /* for struct knote */ 51 #include <sys/kernel.h> 52 #include <sys/event.h> 53 #include <sys/poll.h> 54 55 #include <sys/protosw.h> 56 #include <sys/socket.h> 57 #include <sys/socketvar.h> 58 #include <sys/proc.h> 59 #include <sys/kernel.h> 60 #include <sys/resourcevar.h> 61 #include <sys/signalvar.h> 62 #include <sys/sysctl.h> 63 #include <sys/uio.h> 64 #include <sys/jail.h> 65 66 #include <net/radix.h> 67 #include <net/route.h> 68 69 #ifdef INET6 70 #include <sys/domain.h> 71 #endif 72 73 #include <sys/limits.h> 74 #include <sys/mac.h> 75 #include <sys/mutex.h> 76 77 #include <net/if.h> 78 #include <net/if_types.h> 79 #include <net/route.h> 80 81 #include <netinet/in.h> 82 #include <netinet/in_systm.h> 83 #include <netinet/ip.h> 84 #include <netinet/in_pcb.h> 85 #include <netinet/in_var.h> 86 #include <netinet/ip_var.h> 87 88 #ifdef INET6 89 #include <netinet/ip6.h> 90 #include <netinet6/ip6_var.h> 91 92 #include <netinet6/in6_pcb.h> 93 94 #include <netinet6/scope6_var.h> 95 #endif /* INET6 */ 96 97 #ifdef IPSEC 98 #include <netinet6/ipsec.h> 99 #include <netkey/key.h> 100 #endif /* IPSEC */ 101 102 #include <netinet/sctp_os.h> 103 #include <netinet/sctp_pcb.h> 104 #include <netinet/sctputil.h> 105 #include <netinet/sctp_var.h> 106 #ifdef INET6 107 #include <netinet6/sctp6_var.h> 108 #endif 109 #include <netinet/sctp_header.h> 110 #include <netinet/sctp_output.h> 111 #include <netinet/sctp_uio.h> 112 #include <netinet/sctp_timer.h> 113 #include <netinet/sctp_crc32.h> 114 #include <netinet/sctp_indata.h>/* for sctp_deliver_data() */ 115 #include <netinet/sctp_auth.h> 116 #include <netinet/sctp_asconf.h> 117 118 extern int sctp_warm_the_crc32_table; 119 120 #define NUMBER_OF_MTU_SIZES 18 121 122 #ifdef SCTP_DEBUG 123 extern uint32_t sctp_debug_on; 124 125 #endif 126 127 128 #ifdef SCTP_STAT_LOGGING 129 int global_sctp_cwnd_log_at = 0; 130 int global_sctp_cwnd_log_rolled = 0; 131 struct sctp_cwnd_log sctp_clog[SCTP_STAT_LOG_SIZE]; 132 133 static uint32_t 134 sctp_get_time_of_event(void) 135 { 136 struct timeval now; 137 uint32_t timeval; 138 139 SCTP_GETPTIME_TIMEVAL(&now); 140 timeval = (now.tv_sec % 0x00000fff); 141 timeval <<= 20; 142 timeval |= now.tv_usec & 0xfffff; 143 return (timeval); 144 } 145 146 147 void 148 sctp_clr_stat_log(void) 149 { 150 global_sctp_cwnd_log_at = 0; 151 global_sctp_cwnd_log_rolled = 0; 152 } 153 154 155 void 156 sctp_sblog(struct sockbuf *sb, 157 struct sctp_tcb *stcb, int from, int incr) 158 { 159 int sctp_cwnd_log_at; 160 161 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 162 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 163 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 164 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_SB; 165 sctp_clog[sctp_cwnd_log_at].x.sb.stcb = stcb; 166 sctp_clog[sctp_cwnd_log_at].x.sb.so_sbcc = sb->sb_cc; 167 if (stcb) 168 sctp_clog[sctp_cwnd_log_at].x.sb.stcb_sbcc = stcb->asoc.sb_cc; 169 else 170 sctp_clog[sctp_cwnd_log_at].x.sb.stcb_sbcc = 0; 171 sctp_clog[sctp_cwnd_log_at].x.sb.incr = incr; 172 } 173 174 void 175 sctp_log_closing(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int16_t loc) 176 { 177 int sctp_cwnd_log_at; 178 179 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 180 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 181 sctp_clog[sctp_cwnd_log_at].from = 0; 182 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_CLOSE; 183 sctp_clog[sctp_cwnd_log_at].x.close.inp = (void *)inp; 184 sctp_clog[sctp_cwnd_log_at].x.close.sctp_flags = inp->sctp_flags; 185 if (stcb) { 186 sctp_clog[sctp_cwnd_log_at].x.close.stcb = (void *)stcb; 187 sctp_clog[sctp_cwnd_log_at].x.close.state = (uint16_t) stcb->asoc.state; 188 } else { 189 sctp_clog[sctp_cwnd_log_at].x.close.stcb = 0; 190 sctp_clog[sctp_cwnd_log_at].x.close.state = 0; 191 } 192 sctp_clog[sctp_cwnd_log_at].x.close.loc = loc; 193 } 194 195 196 void 197 rto_logging(struct sctp_nets *net, int from) 198 { 199 int sctp_cwnd_log_at; 200 201 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 202 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 203 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 204 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_RTT; 205 sctp_clog[sctp_cwnd_log_at].x.rto.net = (void *)net; 206 sctp_clog[sctp_cwnd_log_at].x.rto.rtt = net->prev_rtt; 207 sctp_clog[sctp_cwnd_log_at].x.rto.rttvar = net->rtt_variance; 208 sctp_clog[sctp_cwnd_log_at].x.rto.direction = net->rto_variance_dir; 209 } 210 211 void 212 sctp_log_strm_del_alt(struct sctp_tcb *stcb, uint32_t tsn, uint16_t sseq, uint16_t stream, int from) 213 { 214 int sctp_cwnd_log_at; 215 216 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 217 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 218 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 219 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_STRM; 220 sctp_clog[sctp_cwnd_log_at].x.strlog.stcb = stcb; 221 sctp_clog[sctp_cwnd_log_at].x.strlog.n_tsn = tsn; 222 sctp_clog[sctp_cwnd_log_at].x.strlog.n_sseq = sseq; 223 sctp_clog[sctp_cwnd_log_at].x.strlog.e_tsn = 0; 224 sctp_clog[sctp_cwnd_log_at].x.strlog.e_sseq = 0; 225 sctp_clog[sctp_cwnd_log_at].x.strlog.strm = stream; 226 } 227 228 void 229 sctp_log_nagle_event(struct sctp_tcb *stcb, int action) 230 { 231 int sctp_cwnd_log_at; 232 233 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 234 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 235 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) action; 236 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_NAGLE; 237 sctp_clog[sctp_cwnd_log_at].x.nagle.stcb = (void *)stcb; 238 sctp_clog[sctp_cwnd_log_at].x.nagle.total_flight = stcb->asoc.total_flight; 239 sctp_clog[sctp_cwnd_log_at].x.nagle.total_in_queue = stcb->asoc.total_output_queue_size; 240 sctp_clog[sctp_cwnd_log_at].x.nagle.count_in_queue = stcb->asoc.chunks_on_out_queue; 241 sctp_clog[sctp_cwnd_log_at].x.nagle.count_in_flight = stcb->asoc.total_flight_count; 242 } 243 244 245 void 246 sctp_log_sack(uint32_t old_cumack, uint32_t cumack, uint32_t tsn, uint16_t gaps, uint16_t dups, int from) 247 { 248 int sctp_cwnd_log_at; 249 250 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 251 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 252 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 253 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_SACK; 254 sctp_clog[sctp_cwnd_log_at].x.sack.cumack = cumack; 255 sctp_clog[sctp_cwnd_log_at].x.sack.oldcumack = old_cumack; 256 sctp_clog[sctp_cwnd_log_at].x.sack.tsn = tsn; 257 sctp_clog[sctp_cwnd_log_at].x.sack.numGaps = gaps; 258 sctp_clog[sctp_cwnd_log_at].x.sack.numDups = dups; 259 } 260 261 void 262 sctp_log_map(uint32_t map, uint32_t cum, uint32_t high, int from) 263 { 264 int sctp_cwnd_log_at; 265 266 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 267 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 268 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 269 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_MAP; 270 sctp_clog[sctp_cwnd_log_at].x.map.base = map; 271 sctp_clog[sctp_cwnd_log_at].x.map.cum = cum; 272 sctp_clog[sctp_cwnd_log_at].x.map.high = high; 273 } 274 275 void 276 sctp_log_fr(uint32_t biggest_tsn, uint32_t biggest_new_tsn, uint32_t tsn, 277 int from) 278 { 279 int sctp_cwnd_log_at; 280 281 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 282 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 283 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 284 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_FR; 285 sctp_clog[sctp_cwnd_log_at].x.fr.largest_tsn = biggest_tsn; 286 sctp_clog[sctp_cwnd_log_at].x.fr.largest_new_tsn = biggest_new_tsn; 287 sctp_clog[sctp_cwnd_log_at].x.fr.tsn = tsn; 288 } 289 290 291 void 292 sctp_log_mb(struct mbuf *m, int from) 293 { 294 int sctp_cwnd_log_at; 295 296 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 297 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 298 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 299 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_MBUF; 300 sctp_clog[sctp_cwnd_log_at].x.mb.mp = m; 301 sctp_clog[sctp_cwnd_log_at].x.mb.mbuf_flags = (uint8_t) (SCTP_BUF_GET_FLAGS(m)); 302 sctp_clog[sctp_cwnd_log_at].x.mb.size = (uint16_t) (SCTP_BUF_LEN(m)); 303 sctp_clog[sctp_cwnd_log_at].x.mb.data = SCTP_BUF_AT(m, 0); 304 if (SCTP_BUF_IS_EXTENDED(m)) { 305 sctp_clog[sctp_cwnd_log_at].x.mb.ext = SCTP_BUF_EXTEND_BASE(m); 306 sctp_clog[sctp_cwnd_log_at].x.mb.refcnt = (uint8_t) (SCTP_BUF_EXTEND_REFCNT(m)); 307 } else { 308 sctp_clog[sctp_cwnd_log_at].x.mb.ext = 0; 309 sctp_clog[sctp_cwnd_log_at].x.mb.refcnt = 0; 310 } 311 } 312 313 314 void 315 sctp_log_strm_del(struct sctp_queued_to_read *control, struct sctp_queued_to_read *poschk, 316 int from) 317 { 318 int sctp_cwnd_log_at; 319 320 if (control == NULL) { 321 printf("Gak log of NULL?\n"); 322 return; 323 } 324 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 325 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 326 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 327 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_STRM; 328 sctp_clog[sctp_cwnd_log_at].x.strlog.stcb = control->stcb; 329 sctp_clog[sctp_cwnd_log_at].x.strlog.n_tsn = control->sinfo_tsn; 330 sctp_clog[sctp_cwnd_log_at].x.strlog.n_sseq = control->sinfo_ssn; 331 sctp_clog[sctp_cwnd_log_at].x.strlog.strm = control->sinfo_stream; 332 if (poschk != NULL) { 333 sctp_clog[sctp_cwnd_log_at].x.strlog.e_tsn = poschk->sinfo_tsn; 334 sctp_clog[sctp_cwnd_log_at].x.strlog.e_sseq = poschk->sinfo_ssn; 335 } else { 336 sctp_clog[sctp_cwnd_log_at].x.strlog.e_tsn = 0; 337 sctp_clog[sctp_cwnd_log_at].x.strlog.e_sseq = 0; 338 } 339 } 340 341 void 342 sctp_log_cwnd(struct sctp_tcb *stcb, struct sctp_nets *net, int augment, uint8_t from) 343 { 344 int sctp_cwnd_log_at; 345 346 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 347 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 348 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 349 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_CWND; 350 sctp_clog[sctp_cwnd_log_at].x.cwnd.net = net; 351 if (stcb->asoc.send_queue_cnt > 255) 352 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_send = 255; 353 else 354 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 355 if (stcb->asoc.stream_queue_cnt > 255) 356 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_str = 255; 357 else 358 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 359 360 if (net) { 361 sctp_clog[sctp_cwnd_log_at].x.cwnd.cwnd_new_value = net->cwnd; 362 sctp_clog[sctp_cwnd_log_at].x.cwnd.inflight = net->flight_size; 363 sctp_clog[sctp_cwnd_log_at].x.cwnd.pseudo_cumack = net->pseudo_cumack; 364 sctp_clog[sctp_cwnd_log_at].x.cwnd.meets_pseudo_cumack = net->new_pseudo_cumack; 365 sctp_clog[sctp_cwnd_log_at].x.cwnd.need_new_pseudo_cumack = net->find_pseudo_cumack; 366 } 367 if (SCTP_CWNDLOG_PRESEND == from) { 368 sctp_clog[sctp_cwnd_log_at].x.cwnd.meets_pseudo_cumack = stcb->asoc.peers_rwnd; 369 } 370 sctp_clog[sctp_cwnd_log_at].x.cwnd.cwnd_augment = augment; 371 } 372 373 void 374 sctp_log_lock(struct sctp_inpcb *inp, struct sctp_tcb *stcb, uint8_t from) 375 { 376 int sctp_cwnd_log_at; 377 378 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 379 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 380 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 381 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_LOCK_EVENT; 382 if (inp) { 383 sctp_clog[sctp_cwnd_log_at].x.lock.sock = (void *)inp->sctp_socket; 384 385 } else { 386 sctp_clog[sctp_cwnd_log_at].x.lock.sock = (void *)NULL; 387 } 388 sctp_clog[sctp_cwnd_log_at].x.lock.inp = (void *)inp; 389 if (stcb) { 390 sctp_clog[sctp_cwnd_log_at].x.lock.tcb_lock = mtx_owned(&stcb->tcb_mtx); 391 } else { 392 sctp_clog[sctp_cwnd_log_at].x.lock.tcb_lock = SCTP_LOCK_UNKNOWN; 393 } 394 if (inp) { 395 sctp_clog[sctp_cwnd_log_at].x.lock.inp_lock = mtx_owned(&inp->inp_mtx); 396 sctp_clog[sctp_cwnd_log_at].x.lock.create_lock = mtx_owned(&inp->inp_create_mtx); 397 } else { 398 sctp_clog[sctp_cwnd_log_at].x.lock.inp_lock = SCTP_LOCK_UNKNOWN; 399 sctp_clog[sctp_cwnd_log_at].x.lock.create_lock = SCTP_LOCK_UNKNOWN; 400 } 401 sctp_clog[sctp_cwnd_log_at].x.lock.info_lock = mtx_owned(&sctppcbinfo.ipi_ep_mtx); 402 if (inp->sctp_socket) { 403 sctp_clog[sctp_cwnd_log_at].x.lock.sock_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); 404 sctp_clog[sctp_cwnd_log_at].x.lock.sockrcvbuf_lock = mtx_owned(&(inp->sctp_socket->so_rcv.sb_mtx)); 405 sctp_clog[sctp_cwnd_log_at].x.lock.socksndbuf_lock = mtx_owned(&(inp->sctp_socket->so_snd.sb_mtx)); 406 } else { 407 sctp_clog[sctp_cwnd_log_at].x.lock.sock_lock = SCTP_LOCK_UNKNOWN; 408 sctp_clog[sctp_cwnd_log_at].x.lock.sockrcvbuf_lock = SCTP_LOCK_UNKNOWN; 409 sctp_clog[sctp_cwnd_log_at].x.lock.socksndbuf_lock = SCTP_LOCK_UNKNOWN; 410 } 411 } 412 413 void 414 sctp_log_maxburst(struct sctp_tcb *stcb, struct sctp_nets *net, int error, int burst, uint8_t from) 415 { 416 int sctp_cwnd_log_at; 417 418 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 419 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 420 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 421 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_MAXBURST; 422 sctp_clog[sctp_cwnd_log_at].x.cwnd.net = net; 423 sctp_clog[sctp_cwnd_log_at].x.cwnd.cwnd_new_value = error; 424 sctp_clog[sctp_cwnd_log_at].x.cwnd.inflight = net->flight_size; 425 sctp_clog[sctp_cwnd_log_at].x.cwnd.cwnd_augment = burst; 426 if (stcb->asoc.send_queue_cnt > 255) 427 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_send = 255; 428 else 429 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_send = stcb->asoc.send_queue_cnt; 430 if (stcb->asoc.stream_queue_cnt > 255) 431 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_str = 255; 432 else 433 sctp_clog[sctp_cwnd_log_at].x.cwnd.cnt_in_str = stcb->asoc.stream_queue_cnt; 434 } 435 436 void 437 sctp_log_rwnd(uint8_t from, uint32_t peers_rwnd, uint32_t snd_size, uint32_t overhead) 438 { 439 int sctp_cwnd_log_at; 440 441 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 442 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 443 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 444 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_RWND; 445 sctp_clog[sctp_cwnd_log_at].x.rwnd.rwnd = peers_rwnd; 446 sctp_clog[sctp_cwnd_log_at].x.rwnd.send_size = snd_size; 447 sctp_clog[sctp_cwnd_log_at].x.rwnd.overhead = overhead; 448 sctp_clog[sctp_cwnd_log_at].x.rwnd.new_rwnd = 0; 449 } 450 451 void 452 sctp_log_rwnd_set(uint8_t from, uint32_t peers_rwnd, uint32_t flight_size, uint32_t overhead, uint32_t a_rwndval) 453 { 454 int sctp_cwnd_log_at; 455 456 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 457 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 458 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 459 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_RWND; 460 sctp_clog[sctp_cwnd_log_at].x.rwnd.rwnd = peers_rwnd; 461 sctp_clog[sctp_cwnd_log_at].x.rwnd.send_size = flight_size; 462 sctp_clog[sctp_cwnd_log_at].x.rwnd.overhead = overhead; 463 sctp_clog[sctp_cwnd_log_at].x.rwnd.new_rwnd = a_rwndval; 464 } 465 466 void 467 sctp_log_mbcnt(uint8_t from, uint32_t total_oq, uint32_t book, uint32_t total_mbcnt_q, uint32_t mbcnt) 468 { 469 int sctp_cwnd_log_at; 470 471 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 472 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 473 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 474 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_MBCNT; 475 sctp_clog[sctp_cwnd_log_at].x.mbcnt.total_queue_size = total_oq; 476 sctp_clog[sctp_cwnd_log_at].x.mbcnt.size_change = book; 477 sctp_clog[sctp_cwnd_log_at].x.mbcnt.total_queue_mb_size = total_mbcnt_q; 478 sctp_clog[sctp_cwnd_log_at].x.mbcnt.mbcnt_change = mbcnt; 479 } 480 481 void 482 sctp_misc_ints(uint8_t from, uint32_t a, uint32_t b, uint32_t c, uint32_t d) 483 { 484 int sctp_cwnd_log_at; 485 486 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 487 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 488 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 489 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_MISC_EVENT; 490 sctp_clog[sctp_cwnd_log_at].x.misc.log1 = a; 491 sctp_clog[sctp_cwnd_log_at].x.misc.log2 = b; 492 sctp_clog[sctp_cwnd_log_at].x.misc.log3 = c; 493 sctp_clog[sctp_cwnd_log_at].x.misc.log4 = d; 494 } 495 496 void 497 sctp_wakeup_log(struct sctp_tcb *stcb, uint32_t cumtsn, uint32_t wake_cnt, int from) 498 { 499 int sctp_cwnd_log_at; 500 501 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 502 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 503 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 504 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_WAKE; 505 sctp_clog[sctp_cwnd_log_at].x.wake.stcb = (void *)stcb; 506 sctp_clog[sctp_cwnd_log_at].x.wake.wake_cnt = wake_cnt; 507 sctp_clog[sctp_cwnd_log_at].x.wake.flight = stcb->asoc.total_flight_count; 508 sctp_clog[sctp_cwnd_log_at].x.wake.send_q = stcb->asoc.send_queue_cnt; 509 sctp_clog[sctp_cwnd_log_at].x.wake.sent_q = stcb->asoc.sent_queue_cnt; 510 511 if (stcb->asoc.stream_queue_cnt < 0xff) 512 sctp_clog[sctp_cwnd_log_at].x.wake.stream_qcnt = (uint8_t) stcb->asoc.stream_queue_cnt; 513 else 514 sctp_clog[sctp_cwnd_log_at].x.wake.stream_qcnt = 0xff; 515 516 if (stcb->asoc.chunks_on_out_queue < 0xff) 517 sctp_clog[sctp_cwnd_log_at].x.wake.chunks_on_oque = (uint8_t) stcb->asoc.chunks_on_out_queue; 518 else 519 sctp_clog[sctp_cwnd_log_at].x.wake.chunks_on_oque = 0xff; 520 521 sctp_clog[sctp_cwnd_log_at].x.wake.sctpflags = 0; 522 /* set in the defered mode stuff */ 523 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE) 524 sctp_clog[sctp_cwnd_log_at].x.wake.sctpflags |= 1; 525 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT) 526 sctp_clog[sctp_cwnd_log_at].x.wake.sctpflags |= 2; 527 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT) 528 sctp_clog[sctp_cwnd_log_at].x.wake.sctpflags |= 4; 529 /* what about the sb */ 530 if (stcb->sctp_socket) { 531 struct socket *so = stcb->sctp_socket; 532 533 sctp_clog[sctp_cwnd_log_at].x.wake.sbflags = (uint8_t) ((so->so_snd.sb_flags & 0x00ff)); 534 } else { 535 sctp_clog[sctp_cwnd_log_at].x.wake.sbflags = 0xff; 536 } 537 } 538 539 void 540 sctp_log_block(uint8_t from, struct socket *so, struct sctp_association *asoc, int sendlen) 541 { 542 int sctp_cwnd_log_at; 543 544 SCTP_STATLOG_GETREF(sctp_cwnd_log_at); 545 sctp_clog[sctp_cwnd_log_at].from = (uint8_t) from; 546 sctp_clog[sctp_cwnd_log_at].time_event = sctp_get_time_of_event(); 547 sctp_clog[sctp_cwnd_log_at].event_type = (uint8_t) SCTP_LOG_EVENT_BLOCK; 548 sctp_clog[sctp_cwnd_log_at].x.blk.onsb = asoc->total_output_queue_size; 549 sctp_clog[sctp_cwnd_log_at].x.blk.send_sent_qcnt = (uint16_t) (asoc->send_queue_cnt + asoc->sent_queue_cnt); 550 sctp_clog[sctp_cwnd_log_at].x.blk.peer_rwnd = asoc->peers_rwnd; 551 sctp_clog[sctp_cwnd_log_at].x.blk.stream_qcnt = (uint16_t) asoc->stream_queue_cnt; 552 sctp_clog[sctp_cwnd_log_at].x.blk.chunks_on_oque = (uint16_t) asoc->chunks_on_out_queue; 553 sctp_clog[sctp_cwnd_log_at].x.blk.flight_size = (uint16_t) (asoc->total_flight / 1024); 554 sctp_clog[sctp_cwnd_log_at].x.blk.sndlen = sendlen; 555 } 556 557 int 558 sctp_fill_stat_log(struct mbuf *m) 559 { 560 int sctp_cwnd_log_at; 561 struct sctp_cwnd_log_req *req; 562 size_t size_limit; 563 int num, i, at, cnt_out = 0; 564 565 if (m == NULL) 566 return (EINVAL); 567 568 size_limit = (SCTP_BUF_LEN(m) - sizeof(struct sctp_cwnd_log_req)); 569 if (size_limit < sizeof(struct sctp_cwnd_log)) { 570 return (EINVAL); 571 } 572 sctp_cwnd_log_at = global_sctp_cwnd_log_at; 573 req = mtod(m, struct sctp_cwnd_log_req *); 574 num = size_limit / sizeof(struct sctp_cwnd_log); 575 if (global_sctp_cwnd_log_rolled) { 576 req->num_in_log = SCTP_STAT_LOG_SIZE; 577 } else { 578 req->num_in_log = sctp_cwnd_log_at; 579 /* 580 * if the log has not rolled, we don't let you have old 581 * data. 582 */ 583 if (req->end_at > sctp_cwnd_log_at) { 584 req->end_at = sctp_cwnd_log_at; 585 } 586 } 587 if ((num < SCTP_STAT_LOG_SIZE) && 588 ((global_sctp_cwnd_log_rolled) || (sctp_cwnd_log_at > num))) { 589 /* we can't return all of it */ 590 if (((req->start_at == 0) && (req->end_at == 0)) || 591 (req->start_at >= SCTP_STAT_LOG_SIZE) || 592 (req->end_at >= SCTP_STAT_LOG_SIZE)) { 593 /* No user request or user is wacked. */ 594 req->num_ret = num; 595 req->end_at = sctp_cwnd_log_at - 1; 596 if ((sctp_cwnd_log_at - num) < 0) { 597 int cc; 598 599 cc = num - sctp_cwnd_log_at; 600 req->start_at = SCTP_STAT_LOG_SIZE - cc; 601 } else { 602 req->start_at = sctp_cwnd_log_at - num; 603 } 604 } else { 605 /* a user request */ 606 int cc; 607 608 if (req->start_at > req->end_at) { 609 cc = (SCTP_STAT_LOG_SIZE - req->start_at) + 610 (req->end_at + 1); 611 } else { 612 613 cc = (req->end_at - req->start_at) + 1; 614 } 615 if (cc < num) { 616 num = cc; 617 } 618 req->num_ret = num; 619 } 620 } else { 621 /* We can return all of it */ 622 req->start_at = 0; 623 req->end_at = sctp_cwnd_log_at - 1; 624 req->num_ret = sctp_cwnd_log_at; 625 } 626 #ifdef INVARIANTS 627 if (req->num_ret > num) { 628 panic("Bad statlog get?"); 629 } 630 #endif 631 for (i = 0, at = req->start_at; i < req->num_ret; i++) { 632 req->log[i] = sctp_clog[at]; 633 cnt_out++; 634 at++; 635 if (at >= SCTP_STAT_LOG_SIZE) 636 at = 0; 637 } 638 SCTP_BUF_LEN(m) = (cnt_out * sizeof(struct sctp_cwnd_log)) + sizeof(struct sctp_cwnd_log_req); 639 return (0); 640 } 641 642 #endif 643 644 #ifdef SCTP_AUDITING_ENABLED 645 uint8_t sctp_audit_data[SCTP_AUDIT_SIZE][2]; 646 static int sctp_audit_indx = 0; 647 648 static 649 void 650 sctp_print_audit_report(void) 651 { 652 int i; 653 int cnt; 654 655 cnt = 0; 656 for (i = sctp_audit_indx; i < SCTP_AUDIT_SIZE; i++) { 657 if ((sctp_audit_data[i][0] == 0xe0) && 658 (sctp_audit_data[i][1] == 0x01)) { 659 cnt = 0; 660 printf("\n"); 661 } else if (sctp_audit_data[i][0] == 0xf0) { 662 cnt = 0; 663 printf("\n"); 664 } else if ((sctp_audit_data[i][0] == 0xc0) && 665 (sctp_audit_data[i][1] == 0x01)) { 666 printf("\n"); 667 cnt = 0; 668 } 669 printf("%2.2x%2.2x ", (uint32_t) sctp_audit_data[i][0], 670 (uint32_t) sctp_audit_data[i][1]); 671 cnt++; 672 if ((cnt % 14) == 0) 673 printf("\n"); 674 } 675 for (i = 0; i < sctp_audit_indx; i++) { 676 if ((sctp_audit_data[i][0] == 0xe0) && 677 (sctp_audit_data[i][1] == 0x01)) { 678 cnt = 0; 679 printf("\n"); 680 } else if (sctp_audit_data[i][0] == 0xf0) { 681 cnt = 0; 682 printf("\n"); 683 } else if ((sctp_audit_data[i][0] == 0xc0) && 684 (sctp_audit_data[i][1] == 0x01)) { 685 printf("\n"); 686 cnt = 0; 687 } 688 printf("%2.2x%2.2x ", (uint32_t) sctp_audit_data[i][0], 689 (uint32_t) sctp_audit_data[i][1]); 690 cnt++; 691 if ((cnt % 14) == 0) 692 printf("\n"); 693 } 694 printf("\n"); 695 } 696 697 void 698 sctp_auditing(int from, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 699 struct sctp_nets *net) 700 { 701 int resend_cnt, tot_out, rep, tot_book_cnt; 702 struct sctp_nets *lnet; 703 struct sctp_tmit_chunk *chk; 704 705 sctp_audit_data[sctp_audit_indx][0] = 0xAA; 706 sctp_audit_data[sctp_audit_indx][1] = 0x000000ff & from; 707 sctp_audit_indx++; 708 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 709 sctp_audit_indx = 0; 710 } 711 if (inp == NULL) { 712 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 713 sctp_audit_data[sctp_audit_indx][1] = 0x01; 714 sctp_audit_indx++; 715 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 716 sctp_audit_indx = 0; 717 } 718 return; 719 } 720 if (stcb == NULL) { 721 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 722 sctp_audit_data[sctp_audit_indx][1] = 0x02; 723 sctp_audit_indx++; 724 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 725 sctp_audit_indx = 0; 726 } 727 return; 728 } 729 sctp_audit_data[sctp_audit_indx][0] = 0xA1; 730 sctp_audit_data[sctp_audit_indx][1] = 731 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 732 sctp_audit_indx++; 733 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 734 sctp_audit_indx = 0; 735 } 736 rep = 0; 737 tot_book_cnt = 0; 738 resend_cnt = tot_out = 0; 739 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 740 if (chk->sent == SCTP_DATAGRAM_RESEND) { 741 resend_cnt++; 742 } else if (chk->sent < SCTP_DATAGRAM_RESEND) { 743 tot_out += chk->book_size; 744 tot_book_cnt++; 745 } 746 } 747 if (resend_cnt != stcb->asoc.sent_queue_retran_cnt) { 748 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 749 sctp_audit_data[sctp_audit_indx][1] = 0xA1; 750 sctp_audit_indx++; 751 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 752 sctp_audit_indx = 0; 753 } 754 printf("resend_cnt:%d asoc-tot:%d\n", 755 resend_cnt, stcb->asoc.sent_queue_retran_cnt); 756 rep = 1; 757 stcb->asoc.sent_queue_retran_cnt = resend_cnt; 758 sctp_audit_data[sctp_audit_indx][0] = 0xA2; 759 sctp_audit_data[sctp_audit_indx][1] = 760 (0x000000ff & stcb->asoc.sent_queue_retran_cnt); 761 sctp_audit_indx++; 762 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 763 sctp_audit_indx = 0; 764 } 765 } 766 if (tot_out != stcb->asoc.total_flight) { 767 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 768 sctp_audit_data[sctp_audit_indx][1] = 0xA2; 769 sctp_audit_indx++; 770 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 771 sctp_audit_indx = 0; 772 } 773 rep = 1; 774 printf("tot_flt:%d asoc_tot:%d\n", tot_out, 775 (int)stcb->asoc.total_flight); 776 stcb->asoc.total_flight = tot_out; 777 } 778 if (tot_book_cnt != stcb->asoc.total_flight_count) { 779 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 780 sctp_audit_data[sctp_audit_indx][1] = 0xA5; 781 sctp_audit_indx++; 782 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 783 sctp_audit_indx = 0; 784 } 785 rep = 1; 786 printf("tot_flt_book:%d\n", tot_book); 787 788 stcb->asoc.total_flight_count = tot_book_cnt; 789 } 790 tot_out = 0; 791 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 792 tot_out += lnet->flight_size; 793 } 794 if (tot_out != stcb->asoc.total_flight) { 795 sctp_audit_data[sctp_audit_indx][0] = 0xAF; 796 sctp_audit_data[sctp_audit_indx][1] = 0xA3; 797 sctp_audit_indx++; 798 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 799 sctp_audit_indx = 0; 800 } 801 rep = 1; 802 printf("real flight:%d net total was %d\n", 803 stcb->asoc.total_flight, tot_out); 804 /* now corrective action */ 805 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 806 807 tot_out = 0; 808 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 809 if ((chk->whoTo == lnet) && 810 (chk->sent < SCTP_DATAGRAM_RESEND)) { 811 tot_out += chk->book_size; 812 } 813 } 814 if (lnet->flight_size != tot_out) { 815 printf("net:%x flight was %d corrected to %d\n", 816 (uint32_t) lnet, lnet->flight_size, tot_out); 817 lnet->flight_size = tot_out; 818 } 819 } 820 } 821 if (rep) { 822 sctp_print_audit_report(); 823 } 824 } 825 826 void 827 sctp_audit_log(uint8_t ev, uint8_t fd) 828 { 829 int s; 830 831 s = splnet(); 832 sctp_audit_data[sctp_audit_indx][0] = ev; 833 sctp_audit_data[sctp_audit_indx][1] = fd; 834 sctp_audit_indx++; 835 if (sctp_audit_indx >= SCTP_AUDIT_SIZE) { 836 sctp_audit_indx = 0; 837 } 838 splx(s); 839 } 840 841 #endif 842 843 /* 844 * a list of sizes based on typical mtu's, used only if next hop size not 845 * returned. 846 */ 847 static int sctp_mtu_sizes[] = { 848 68, 849 296, 850 508, 851 512, 852 544, 853 576, 854 1006, 855 1492, 856 1500, 857 1536, 858 2002, 859 2048, 860 4352, 861 4464, 862 8166, 863 17914, 864 32000, 865 65535 866 }; 867 868 void 869 sctp_stop_timers_for_shutdown(struct sctp_tcb *stcb) 870 { 871 struct sctp_association *asoc; 872 struct sctp_nets *net; 873 874 asoc = &stcb->asoc; 875 876 SCTP_OS_TIMER_STOP(&asoc->hb_timer.timer); 877 SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer); 878 SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer); 879 SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer); 880 SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer); 881 SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer); 882 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 883 SCTP_OS_TIMER_STOP(&net->fr_timer.timer); 884 SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer); 885 } 886 } 887 888 int 889 find_next_best_mtu(int totsz) 890 { 891 int i, perfer; 892 893 /* 894 * if we are in here we must find the next best fit based on the 895 * size of the dg that failed to be sent. 896 */ 897 perfer = 0; 898 for (i = 0; i < NUMBER_OF_MTU_SIZES; i++) { 899 if (totsz < sctp_mtu_sizes[i]) { 900 perfer = i - 1; 901 if (perfer < 0) 902 perfer = 0; 903 break; 904 } 905 } 906 return (sctp_mtu_sizes[perfer]); 907 } 908 909 void 910 sctp_fill_random_store(struct sctp_pcb *m) 911 { 912 /* 913 * Here we use the MD5/SHA-1 to hash with our good randomNumbers and 914 * our counter. The result becomes our good random numbers and we 915 * then setup to give these out. Note that we do no locking to 916 * protect this. This is ok, since if competing folks call this we 917 * will get more gobbled gook in the random store whic is what we 918 * want. There is a danger that two guys will use the same random 919 * numbers, but thats ok too since that is random as well :-> 920 */ 921 m->store_at = 0; 922 sctp_hmac(SCTP_HMAC, (uint8_t *) m->random_numbers, 923 sizeof(m->random_numbers), (uint8_t *) & m->random_counter, 924 sizeof(m->random_counter), (uint8_t *) m->random_store); 925 m->random_counter++; 926 } 927 928 uint32_t 929 sctp_select_initial_TSN(struct sctp_pcb *m) 930 { 931 /* 932 * A true implementation should use random selection process to get 933 * the initial stream sequence number, using RFC1750 as a good 934 * guideline 935 */ 936 uint32_t x, *xp; 937 uint8_t *p; 938 939 if (m->initial_sequence_debug != 0) { 940 uint32_t ret; 941 942 ret = m->initial_sequence_debug; 943 m->initial_sequence_debug++; 944 return (ret); 945 } 946 if ((m->store_at + sizeof(u_long)) > SCTP_SIGNATURE_SIZE) { 947 /* Refill the random store */ 948 sctp_fill_random_store(m); 949 } 950 p = &m->random_store[(int)m->store_at]; 951 xp = (uint32_t *) p; 952 x = *xp; 953 m->store_at += sizeof(uint32_t); 954 return (x); 955 } 956 957 uint32_t 958 sctp_select_a_tag(struct sctp_inpcb *m) 959 { 960 u_long x, not_done; 961 struct timeval now; 962 963 SCTP_GETTIME_TIMEVAL(&now); 964 not_done = 1; 965 while (not_done) { 966 x = sctp_select_initial_TSN(&m->sctp_ep); 967 if (x == 0) { 968 /* we never use 0 */ 969 continue; 970 } 971 if (sctp_is_vtag_good(m, x, &now)) { 972 not_done = 0; 973 } 974 } 975 return (x); 976 } 977 978 979 int 980 sctp_init_asoc(struct sctp_inpcb *m, struct sctp_association *asoc, 981 int for_a_init, uint32_t override_tag) 982 { 983 /* 984 * Anything set to zero is taken care of by the allocation routine's 985 * bzero 986 */ 987 988 /* 989 * Up front select what scoping to apply on addresses I tell my peer 990 * Not sure what to do with these right now, we will need to come up 991 * with a way to set them. We may need to pass them through from the 992 * caller in the sctp_aloc_assoc() function. 993 */ 994 int i; 995 996 /* init all variables to a known value. */ 997 asoc->state = SCTP_STATE_INUSE; 998 asoc->max_burst = m->sctp_ep.max_burst; 999 asoc->heart_beat_delay = TICKS_TO_MSEC(m->sctp_ep.sctp_timeoutticks[SCTP_TIMER_HEARTBEAT]); 1000 asoc->cookie_life = m->sctp_ep.def_cookie_life; 1001 asoc->sctp_cmt_on_off = (uint8_t) sctp_cmt_on_off; 1002 #ifdef AF_INET 1003 asoc->default_tos = m->ip_inp.inp.inp_ip_tos; 1004 #else 1005 asoc->default_tos = 0; 1006 #endif 1007 1008 #ifdef AF_INET6 1009 asoc->default_flowlabel = ((struct in6pcb *)m)->in6p_flowinfo; 1010 #else 1011 asoc->default_flowlabel = 0; 1012 #endif 1013 if (override_tag) { 1014 struct timeval now; 1015 1016 SCTP_GETTIME_TIMEVAL(&now); 1017 if (sctp_is_vtag_good(m, override_tag, &now)) { 1018 asoc->my_vtag = override_tag; 1019 } else { 1020 return (ENOMEM); 1021 } 1022 1023 } else { 1024 asoc->my_vtag = sctp_select_a_tag(m); 1025 } 1026 /* Get the nonce tags */ 1027 asoc->my_vtag_nonce = sctp_select_a_tag(m); 1028 asoc->peer_vtag_nonce = sctp_select_a_tag(m); 1029 1030 if (sctp_is_feature_on(m, SCTP_PCB_FLAGS_DONOT_HEARTBEAT)) 1031 asoc->hb_is_disabled = 1; 1032 else 1033 asoc->hb_is_disabled = 0; 1034 1035 asoc->refcnt = 0; 1036 asoc->assoc_up_sent = 0; 1037 asoc->assoc_id = asoc->my_vtag; 1038 asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number = asoc->sending_seq = 1039 sctp_select_initial_TSN(&m->sctp_ep); 1040 /* we are optimisitic here */ 1041 asoc->peer_supports_pktdrop = 1; 1042 1043 asoc->sent_queue_retran_cnt = 0; 1044 1045 /* for CMT */ 1046 asoc->last_net_data_came_from = NULL; 1047 1048 /* This will need to be adjusted */ 1049 asoc->last_cwr_tsn = asoc->init_seq_number - 1; 1050 asoc->last_acked_seq = asoc->init_seq_number - 1; 1051 asoc->advanced_peer_ack_point = asoc->last_acked_seq; 1052 asoc->asconf_seq_in = asoc->last_acked_seq; 1053 1054 /* here we are different, we hold the next one we expect */ 1055 asoc->str_reset_seq_in = asoc->last_acked_seq + 1; 1056 1057 asoc->initial_init_rto_max = m->sctp_ep.initial_init_rto_max; 1058 asoc->initial_rto = m->sctp_ep.initial_rto; 1059 1060 asoc->max_init_times = m->sctp_ep.max_init_times; 1061 asoc->max_send_times = m->sctp_ep.max_send_times; 1062 asoc->def_net_failure = m->sctp_ep.def_net_failure; 1063 asoc->free_chunk_cnt = 0; 1064 1065 asoc->iam_blocking = 0; 1066 /* ECN Nonce initialization */ 1067 asoc->context = m->sctp_context; 1068 asoc->def_send = m->def_send; 1069 asoc->ecn_nonce_allowed = 0; 1070 asoc->receiver_nonce_sum = 1; 1071 asoc->nonce_sum_expect_base = 1; 1072 asoc->nonce_sum_check = 1; 1073 asoc->nonce_resync_tsn = 0; 1074 asoc->nonce_wait_for_ecne = 0; 1075 asoc->nonce_wait_tsn = 0; 1076 asoc->delayed_ack = TICKS_TO_MSEC(m->sctp_ep.sctp_timeoutticks[SCTP_TIMER_RECV]); 1077 asoc->pr_sctp_cnt = 0; 1078 asoc->total_output_queue_size = 0; 1079 1080 if (m->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 1081 struct in6pcb *inp6; 1082 1083 1084 /* Its a V6 socket */ 1085 inp6 = (struct in6pcb *)m; 1086 asoc->ipv6_addr_legal = 1; 1087 /* Now look at the binding flag to see if V4 will be legal */ 1088 if ( 1089 (inp6->inp_flags & IN6P_IPV6_V6ONLY) 1090 == 0) { 1091 asoc->ipv4_addr_legal = 1; 1092 } else { 1093 /* V4 addresses are NOT legal on the association */ 1094 asoc->ipv4_addr_legal = 0; 1095 } 1096 } else { 1097 /* Its a V4 socket, no - V6 */ 1098 asoc->ipv4_addr_legal = 1; 1099 asoc->ipv6_addr_legal = 0; 1100 } 1101 1102 1103 asoc->my_rwnd = max(m->sctp_socket->so_rcv.sb_hiwat, SCTP_MINIMAL_RWND); 1104 asoc->peers_rwnd = m->sctp_socket->so_rcv.sb_hiwat; 1105 1106 asoc->smallest_mtu = m->sctp_frag_point; 1107 asoc->minrto = m->sctp_ep.sctp_minrto; 1108 asoc->maxrto = m->sctp_ep.sctp_maxrto; 1109 1110 asoc->locked_on_sending = NULL; 1111 asoc->stream_locked_on = 0; 1112 asoc->ecn_echo_cnt_onq = 0; 1113 asoc->stream_locked = 0; 1114 1115 LIST_INIT(&asoc->sctp_local_addr_list); 1116 TAILQ_INIT(&asoc->nets); 1117 TAILQ_INIT(&asoc->pending_reply_queue); 1118 asoc->last_asconf_ack_sent = NULL; 1119 /* Setup to fill the hb random cache at first HB */ 1120 asoc->hb_random_idx = 4; 1121 1122 asoc->sctp_autoclose_ticks = m->sctp_ep.auto_close_time; 1123 1124 /* 1125 * Now the stream parameters, here we allocate space for all streams 1126 * that we request by default. 1127 */ 1128 asoc->streamoutcnt = asoc->pre_open_streams = 1129 m->sctp_ep.pre_open_stream_count; 1130 SCTP_MALLOC(asoc->strmout, struct sctp_stream_out *, 1131 asoc->streamoutcnt * sizeof(struct sctp_stream_out), 1132 "StreamsOut"); 1133 if (asoc->strmout == NULL) { 1134 /* big trouble no memory */ 1135 return (ENOMEM); 1136 } 1137 for (i = 0; i < asoc->streamoutcnt; i++) { 1138 /* 1139 * inbound side must be set to 0xffff, also NOTE when we get 1140 * the INIT-ACK back (for INIT sender) we MUST reduce the 1141 * count (streamoutcnt) but first check if we sent to any of 1142 * the upper streams that were dropped (if some were). Those 1143 * that were dropped must be notified to the upper layer as 1144 * failed to send. 1145 */ 1146 asoc->strmout[i].next_sequence_sent = 0x0; 1147 TAILQ_INIT(&asoc->strmout[i].outqueue); 1148 asoc->strmout[i].stream_no = i; 1149 asoc->strmout[i].last_msg_incomplete = 0; 1150 asoc->strmout[i].next_spoke.tqe_next = 0; 1151 asoc->strmout[i].next_spoke.tqe_prev = 0; 1152 } 1153 /* Now the mapping array */ 1154 asoc->mapping_array_size = SCTP_INITIAL_MAPPING_ARRAY; 1155 SCTP_MALLOC(asoc->mapping_array, uint8_t *, asoc->mapping_array_size, 1156 "MappingArray"); 1157 if (asoc->mapping_array == NULL) { 1158 SCTP_FREE(asoc->strmout); 1159 return (ENOMEM); 1160 } 1161 memset(asoc->mapping_array, 0, asoc->mapping_array_size); 1162 /* Now the init of the other outqueues */ 1163 TAILQ_INIT(&asoc->free_chunks); 1164 TAILQ_INIT(&asoc->free_strmoq); 1165 TAILQ_INIT(&asoc->out_wheel); 1166 TAILQ_INIT(&asoc->control_send_queue); 1167 TAILQ_INIT(&asoc->send_queue); 1168 TAILQ_INIT(&asoc->sent_queue); 1169 TAILQ_INIT(&asoc->reasmqueue); 1170 TAILQ_INIT(&asoc->resetHead); 1171 asoc->max_inbound_streams = m->sctp_ep.max_open_streams_intome; 1172 TAILQ_INIT(&asoc->asconf_queue); 1173 /* authentication fields */ 1174 asoc->authinfo.random = NULL; 1175 asoc->authinfo.assoc_key = NULL; 1176 asoc->authinfo.assoc_keyid = 0; 1177 asoc->authinfo.recv_key = NULL; 1178 asoc->authinfo.recv_keyid = 0; 1179 LIST_INIT(&asoc->shared_keys); 1180 1181 return (0); 1182 } 1183 1184 int 1185 sctp_expand_mapping_array(struct sctp_association *asoc) 1186 { 1187 /* mapping array needs to grow */ 1188 uint8_t *new_array; 1189 uint16_t new_size; 1190 1191 new_size = asoc->mapping_array_size + SCTP_MAPPING_ARRAY_INCR; 1192 SCTP_MALLOC(new_array, uint8_t *, new_size, "MappingArray"); 1193 if (new_array == NULL) { 1194 /* can't get more, forget it */ 1195 printf("No memory for expansion of SCTP mapping array %d\n", 1196 new_size); 1197 return (-1); 1198 } 1199 memset(new_array, 0, new_size); 1200 memcpy(new_array, asoc->mapping_array, asoc->mapping_array_size); 1201 SCTP_FREE(asoc->mapping_array); 1202 asoc->mapping_array = new_array; 1203 asoc->mapping_array_size = new_size; 1204 return (0); 1205 } 1206 1207 extern unsigned int sctp_early_fr_msec; 1208 1209 static void 1210 sctp_handle_addr_wq(void) 1211 { 1212 /* deal with the ADDR wq from the rtsock calls */ 1213 struct sctp_laddr *wi; 1214 1215 SCTP_IPI_ADDR_LOCK(); 1216 wi = LIST_FIRST(&sctppcbinfo.addr_wq); 1217 if (wi == NULL) { 1218 SCTP_IPI_ADDR_UNLOCK(); 1219 return; 1220 } 1221 LIST_REMOVE(wi, sctp_nxt_addr); 1222 if (!LIST_EMPTY(&sctppcbinfo.addr_wq)) { 1223 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 1224 (struct sctp_inpcb *)NULL, 1225 (struct sctp_tcb *)NULL, 1226 (struct sctp_nets *)NULL); 1227 } 1228 SCTP_IPI_ADDR_UNLOCK(); 1229 if (wi->action == RTM_ADD) { 1230 sctp_add_ip_address(wi->ifa); 1231 } else if (wi->action == RTM_DELETE) { 1232 sctp_delete_ip_address(wi->ifa); 1233 } 1234 IFAFREE(wi->ifa); 1235 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_laddr, wi); 1236 SCTP_DECR_LADDR_COUNT(); 1237 } 1238 1239 void 1240 sctp_timeout_handler(void *t) 1241 { 1242 struct sctp_inpcb *inp; 1243 struct sctp_tcb *stcb; 1244 struct sctp_nets *net; 1245 struct sctp_timer *tmr; 1246 int s, did_output; 1247 struct sctp_iterator *it = NULL; 1248 1249 1250 s = splnet(); 1251 tmr = (struct sctp_timer *)t; 1252 inp = (struct sctp_inpcb *)tmr->ep; 1253 stcb = (struct sctp_tcb *)tmr->tcb; 1254 net = (struct sctp_nets *)tmr->net; 1255 did_output = 1; 1256 1257 #ifdef SCTP_AUDITING_ENABLED 1258 sctp_audit_log(0xF0, (uint8_t) tmr->type); 1259 sctp_auditing(3, inp, stcb, net); 1260 #endif 1261 1262 /* sanity checks... */ 1263 if (tmr->self != (void *)tmr) { 1264 /* 1265 * printf("Stale SCTP timer fired (%p), ignoring...\n", 1266 * tmr); 1267 */ 1268 splx(s); 1269 return; 1270 } 1271 tmr->stopped_from = 0xa001; 1272 if (!SCTP_IS_TIMER_TYPE_VALID(tmr->type)) { 1273 /* 1274 * printf("SCTP timer fired with invalid type: 0x%x\n", 1275 * tmr->type); 1276 */ 1277 splx(s); 1278 return; 1279 } 1280 tmr->stopped_from = 0xa002; 1281 if ((tmr->type != SCTP_TIMER_TYPE_ADDR_WQ) && (inp == NULL)) { 1282 splx(s); 1283 return; 1284 } 1285 /* if this is an iterator timeout, get the struct and clear inp */ 1286 tmr->stopped_from = 0xa003; 1287 if (tmr->type == SCTP_TIMER_TYPE_ITERATOR) { 1288 it = (struct sctp_iterator *)inp; 1289 inp = NULL; 1290 } 1291 if (inp) { 1292 SCTP_INP_INCR_REF(inp); 1293 if ((inp->sctp_socket == 0) && 1294 ((tmr->type != SCTP_TIMER_TYPE_INPKILL) && 1295 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWN) && 1296 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNACK) && 1297 (tmr->type != SCTP_TIMER_TYPE_SHUTDOWNGUARD) && 1298 (tmr->type != SCTP_TIMER_TYPE_ASOCKILL)) 1299 ) { 1300 splx(s); 1301 SCTP_INP_DECR_REF(inp); 1302 return; 1303 } 1304 } 1305 tmr->stopped_from = 0xa004; 1306 if (stcb) { 1307 if (stcb->asoc.state == 0) { 1308 splx(s); 1309 if (inp) { 1310 SCTP_INP_DECR_REF(inp); 1311 } 1312 return; 1313 } 1314 } 1315 tmr->stopped_from = 0xa005; 1316 #ifdef SCTP_DEBUG 1317 if (sctp_debug_on & SCTP_DEBUG_TIMER1) { 1318 printf("Timer type %d goes off\n", tmr->type); 1319 } 1320 #endif /* SCTP_DEBUG */ 1321 if (!SCTP_OS_TIMER_ACTIVE(&tmr->timer)) { 1322 splx(s); 1323 if (inp) { 1324 SCTP_INP_DECR_REF(inp); 1325 } 1326 return; 1327 } 1328 tmr->stopped_from = 0xa006; 1329 /* record in stopped what t-o occured */ 1330 tmr->stopped_from = tmr->type; 1331 1332 if (stcb) { 1333 atomic_add_int(&stcb->asoc.refcnt, 1); 1334 SCTP_TCB_LOCK(stcb); 1335 atomic_add_int(&stcb->asoc.refcnt, -1); 1336 } 1337 /* mark as being serviced now */ 1338 SCTP_OS_TIMER_DEACTIVATE(&tmr->timer); 1339 1340 /* call the handler for the appropriate timer type */ 1341 switch (tmr->type) { 1342 case SCTP_TIMER_TYPE_ADDR_WQ: 1343 sctp_handle_addr_wq(); 1344 break; 1345 case SCTP_TIMER_TYPE_ITERATOR: 1346 SCTP_STAT_INCR(sctps_timoiterator); 1347 sctp_iterator_timer(it); 1348 break; 1349 case SCTP_TIMER_TYPE_SEND: 1350 SCTP_STAT_INCR(sctps_timodata); 1351 stcb->asoc.num_send_timers_up--; 1352 if (stcb->asoc.num_send_timers_up < 0) { 1353 stcb->asoc.num_send_timers_up = 0; 1354 } 1355 if (sctp_t3rxt_timer(inp, stcb, net)) { 1356 /* no need to unlock on tcb its gone */ 1357 1358 goto out_decr; 1359 } 1360 #ifdef SCTP_AUDITING_ENABLED 1361 sctp_auditing(4, inp, stcb, net); 1362 #endif 1363 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3); 1364 if ((stcb->asoc.num_send_timers_up == 0) && 1365 (stcb->asoc.sent_queue_cnt > 0) 1366 ) { 1367 struct sctp_tmit_chunk *chk; 1368 1369 /* 1370 * safeguard. If there on some on the sent queue 1371 * somewhere but no timers running something is 1372 * wrong... so we start a timer on the first chunk 1373 * on the send queue on whatever net it is sent to. 1374 */ 1375 chk = TAILQ_FIRST(&stcb->asoc.sent_queue); 1376 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, 1377 chk->whoTo); 1378 } 1379 break; 1380 case SCTP_TIMER_TYPE_INIT: 1381 SCTP_STAT_INCR(sctps_timoinit); 1382 if (sctp_t1init_timer(inp, stcb, net)) { 1383 /* no need to unlock on tcb its gone */ 1384 goto out_decr; 1385 } 1386 /* We do output but not here */ 1387 did_output = 0; 1388 break; 1389 case SCTP_TIMER_TYPE_RECV: 1390 SCTP_STAT_INCR(sctps_timosack); 1391 sctp_send_sack(stcb); 1392 #ifdef SCTP_AUDITING_ENABLED 1393 sctp_auditing(4, inp, stcb, net); 1394 #endif 1395 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SACK_TMR); 1396 break; 1397 case SCTP_TIMER_TYPE_SHUTDOWN: 1398 if (sctp_shutdown_timer(inp, stcb, net)) { 1399 /* no need to unlock on tcb its gone */ 1400 goto out_decr; 1401 } 1402 SCTP_STAT_INCR(sctps_timoshutdown); 1403 #ifdef SCTP_AUDITING_ENABLED 1404 sctp_auditing(4, inp, stcb, net); 1405 #endif 1406 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_TMR); 1407 break; 1408 case SCTP_TIMER_TYPE_HEARTBEAT: 1409 { 1410 struct sctp_nets *net; 1411 int cnt_of_unconf = 0; 1412 1413 SCTP_STAT_INCR(sctps_timoheartbeat); 1414 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1415 if ((net->dest_state & SCTP_ADDR_UNCONFIRMED) && 1416 (net->dest_state & SCTP_ADDR_REACHABLE)) { 1417 cnt_of_unconf++; 1418 } 1419 } 1420 if (cnt_of_unconf == 0) { 1421 if (sctp_heartbeat_timer(inp, stcb, net, cnt_of_unconf)) { 1422 /* no need to unlock on tcb its gone */ 1423 goto out_decr; 1424 } 1425 } 1426 #ifdef SCTP_AUDITING_ENABLED 1427 sctp_auditing(4, inp, stcb, net); 1428 #endif 1429 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, 1430 stcb, net); 1431 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_HB_TMR); 1432 } 1433 break; 1434 case SCTP_TIMER_TYPE_COOKIE: 1435 if (sctp_cookie_timer(inp, stcb, net)) { 1436 /* no need to unlock on tcb its gone */ 1437 goto out_decr; 1438 } 1439 SCTP_STAT_INCR(sctps_timocookie); 1440 #ifdef SCTP_AUDITING_ENABLED 1441 sctp_auditing(4, inp, stcb, net); 1442 #endif 1443 /* 1444 * We consider T3 and Cookie timer pretty much the same with 1445 * respect to where from in chunk_output. 1446 */ 1447 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3); 1448 break; 1449 case SCTP_TIMER_TYPE_NEWCOOKIE: 1450 { 1451 struct timeval tv; 1452 int i, secret; 1453 1454 SCTP_STAT_INCR(sctps_timosecret); 1455 SCTP_GETTIME_TIMEVAL(&tv); 1456 SCTP_INP_WLOCK(inp); 1457 inp->sctp_ep.time_of_secret_change = tv.tv_sec; 1458 inp->sctp_ep.last_secret_number = 1459 inp->sctp_ep.current_secret_number; 1460 inp->sctp_ep.current_secret_number++; 1461 if (inp->sctp_ep.current_secret_number >= 1462 SCTP_HOW_MANY_SECRETS) { 1463 inp->sctp_ep.current_secret_number = 0; 1464 } 1465 secret = (int)inp->sctp_ep.current_secret_number; 1466 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) { 1467 inp->sctp_ep.secret_key[secret][i] = 1468 sctp_select_initial_TSN(&inp->sctp_ep); 1469 } 1470 SCTP_INP_WUNLOCK(inp); 1471 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, stcb, net); 1472 } 1473 did_output = 0; 1474 break; 1475 case SCTP_TIMER_TYPE_PATHMTURAISE: 1476 SCTP_STAT_INCR(sctps_timopathmtu); 1477 sctp_pathmtu_timer(inp, stcb, net); 1478 did_output = 0; 1479 break; 1480 case SCTP_TIMER_TYPE_SHUTDOWNACK: 1481 if (sctp_shutdownack_timer(inp, stcb, net)) { 1482 /* no need to unlock on tcb its gone */ 1483 goto out_decr; 1484 } 1485 SCTP_STAT_INCR(sctps_timoshutdownack); 1486 #ifdef SCTP_AUDITING_ENABLED 1487 sctp_auditing(4, inp, stcb, net); 1488 #endif 1489 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_ACK_TMR); 1490 break; 1491 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 1492 SCTP_STAT_INCR(sctps_timoshutdownguard); 1493 sctp_abort_an_association(inp, stcb, 1494 SCTP_SHUTDOWN_GUARD_EXPIRES, NULL); 1495 /* no need to unlock on tcb its gone */ 1496 goto out_decr; 1497 break; 1498 1499 case SCTP_TIMER_TYPE_STRRESET: 1500 if (sctp_strreset_timer(inp, stcb, net)) { 1501 /* no need to unlock on tcb its gone */ 1502 goto out_decr; 1503 } 1504 SCTP_STAT_INCR(sctps_timostrmrst); 1505 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_STRRST_TMR); 1506 break; 1507 case SCTP_TIMER_TYPE_EARLYFR: 1508 /* Need to do FR of things for net */ 1509 SCTP_STAT_INCR(sctps_timoearlyfr); 1510 sctp_early_fr_timer(inp, stcb, net); 1511 break; 1512 case SCTP_TIMER_TYPE_ASCONF: 1513 if (sctp_asconf_timer(inp, stcb, net)) { 1514 /* no need to unlock on tcb its gone */ 1515 goto out_decr; 1516 } 1517 SCTP_STAT_INCR(sctps_timoasconf); 1518 #ifdef SCTP_AUDITING_ENABLED 1519 sctp_auditing(4, inp, stcb, net); 1520 #endif 1521 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_ASCONF_TMR); 1522 break; 1523 1524 case SCTP_TIMER_TYPE_AUTOCLOSE: 1525 SCTP_STAT_INCR(sctps_timoautoclose); 1526 sctp_autoclose_timer(inp, stcb, net); 1527 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR); 1528 did_output = 0; 1529 break; 1530 case SCTP_TIMER_TYPE_ASOCKILL: 1531 SCTP_STAT_INCR(sctps_timoassockill); 1532 /* Can we free it yet? */ 1533 SCTP_INP_DECR_REF(inp); 1534 sctp_timer_stop(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL, SCTP_FROM_SCTPUTIL + SCTP_LOC_1); 1535 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTPUTIL + SCTP_LOC_2); 1536 /* 1537 * free asoc, always unlocks (or destroy's) so prevent 1538 * duplicate unlock or unlock of a free mtx :-0 1539 */ 1540 stcb = NULL; 1541 goto out_no_decr; 1542 break; 1543 case SCTP_TIMER_TYPE_INPKILL: 1544 SCTP_STAT_INCR(sctps_timoinpkill); 1545 /* 1546 * special case, take away our increment since WE are the 1547 * killer 1548 */ 1549 SCTP_INP_DECR_REF(inp); 1550 sctp_timer_stop(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL, SCTP_FROM_SCTPUTIL + SCTP_LOC_3); 1551 sctp_inpcb_free(inp, 1, 0); 1552 goto out_no_decr; 1553 break; 1554 default: 1555 #ifdef SCTP_DEBUG 1556 if (sctp_debug_on & SCTP_DEBUG_TIMER1) { 1557 printf("sctp_timeout_handler:unknown timer %d\n", 1558 tmr->type); 1559 } 1560 #endif /* SCTP_DEBUG */ 1561 break; 1562 }; 1563 #ifdef SCTP_AUDITING_ENABLED 1564 sctp_audit_log(0xF1, (uint8_t) tmr->type); 1565 if (inp) 1566 sctp_auditing(5, inp, stcb, net); 1567 #endif 1568 if ((did_output) && stcb) { 1569 /* 1570 * Now we need to clean up the control chunk chain if an 1571 * ECNE is on it. It must be marked as UNSENT again so next 1572 * call will continue to send it until such time that we get 1573 * a CWR, to remove it. It is, however, less likely that we 1574 * will find a ecn echo on the chain though. 1575 */ 1576 sctp_fix_ecn_echo(&stcb->asoc); 1577 } 1578 if (stcb) { 1579 SCTP_TCB_UNLOCK(stcb); 1580 } 1581 out_decr: 1582 if (inp) { 1583 SCTP_INP_DECR_REF(inp); 1584 } 1585 out_no_decr: 1586 1587 #ifdef SCTP_DEBUG 1588 if (sctp_debug_on & SCTP_DEBUG_TIMER1) { 1589 printf("Timer now complete (type %d)\n", tmr->type); 1590 } 1591 #endif /* SCTP_DEBUG */ 1592 splx(s); 1593 if (inp) { 1594 } 1595 } 1596 1597 int 1598 sctp_timer_start(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 1599 struct sctp_nets *net) 1600 { 1601 int to_ticks; 1602 struct sctp_timer *tmr; 1603 1604 if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && (inp == NULL)) 1605 return (EFAULT); 1606 1607 to_ticks = 0; 1608 1609 tmr = NULL; 1610 if (stcb) { 1611 SCTP_TCB_LOCK_ASSERT(stcb); 1612 } 1613 switch (t_type) { 1614 case SCTP_TIMER_TYPE_ADDR_WQ: 1615 /* Only 1 tick away :-) */ 1616 tmr = &sctppcbinfo.addr_wq_timer; 1617 to_ticks = 1; 1618 break; 1619 case SCTP_TIMER_TYPE_ITERATOR: 1620 { 1621 struct sctp_iterator *it; 1622 1623 it = (struct sctp_iterator *)inp; 1624 tmr = &it->tmr; 1625 to_ticks = SCTP_ITERATOR_TICKS; 1626 } 1627 break; 1628 case SCTP_TIMER_TYPE_SEND: 1629 /* Here we use the RTO timer */ 1630 { 1631 int rto_val; 1632 1633 if ((stcb == NULL) || (net == NULL)) { 1634 return (EFAULT); 1635 } 1636 tmr = &net->rxt_timer; 1637 if (net->RTO == 0) { 1638 rto_val = stcb->asoc.initial_rto; 1639 } else { 1640 rto_val = net->RTO; 1641 } 1642 to_ticks = MSEC_TO_TICKS(rto_val); 1643 } 1644 break; 1645 case SCTP_TIMER_TYPE_INIT: 1646 /* 1647 * Here we use the INIT timer default usually about 1 1648 * minute. 1649 */ 1650 if ((stcb == NULL) || (net == NULL)) { 1651 return (EFAULT); 1652 } 1653 tmr = &net->rxt_timer; 1654 if (net->RTO == 0) { 1655 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 1656 } else { 1657 to_ticks = MSEC_TO_TICKS(net->RTO); 1658 } 1659 break; 1660 case SCTP_TIMER_TYPE_RECV: 1661 /* 1662 * Here we use the Delayed-Ack timer value from the inp 1663 * ususually about 200ms. 1664 */ 1665 if (stcb == NULL) { 1666 return (EFAULT); 1667 } 1668 tmr = &stcb->asoc.dack_timer; 1669 to_ticks = MSEC_TO_TICKS(stcb->asoc.delayed_ack); 1670 break; 1671 case SCTP_TIMER_TYPE_SHUTDOWN: 1672 /* Here we use the RTO of the destination. */ 1673 if ((stcb == NULL) || (net == NULL)) { 1674 return (EFAULT); 1675 } 1676 if (net->RTO == 0) { 1677 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 1678 } else { 1679 to_ticks = MSEC_TO_TICKS(net->RTO); 1680 } 1681 tmr = &net->rxt_timer; 1682 break; 1683 case SCTP_TIMER_TYPE_HEARTBEAT: 1684 /* 1685 * the net is used here so that we can add in the RTO. Even 1686 * though we use a different timer. We also add the HB timer 1687 * PLUS a random jitter. 1688 */ 1689 if (stcb == NULL) { 1690 return (EFAULT); 1691 } { 1692 uint32_t rndval; 1693 uint8_t this_random; 1694 int cnt_of_unconf = 0; 1695 struct sctp_nets *lnet; 1696 1697 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 1698 if ((lnet->dest_state & SCTP_ADDR_UNCONFIRMED) && 1699 (lnet->dest_state & SCTP_ADDR_REACHABLE)) { 1700 cnt_of_unconf++; 1701 } 1702 } 1703 if (cnt_of_unconf) { 1704 lnet = NULL; 1705 sctp_heartbeat_timer(inp, stcb, lnet, cnt_of_unconf); 1706 } 1707 if (stcb->asoc.hb_random_idx > 3) { 1708 rndval = sctp_select_initial_TSN(&inp->sctp_ep); 1709 memcpy(stcb->asoc.hb_random_values, &rndval, 1710 sizeof(stcb->asoc.hb_random_values)); 1711 this_random = stcb->asoc.hb_random_values[0]; 1712 stcb->asoc.hb_random_idx = 0; 1713 stcb->asoc.hb_ect_randombit = 0; 1714 } else { 1715 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx]; 1716 stcb->asoc.hb_random_idx++; 1717 stcb->asoc.hb_ect_randombit = 0; 1718 } 1719 /* 1720 * this_random will be 0 - 256 ms RTO is in ms. 1721 */ 1722 if ((stcb->asoc.hb_is_disabled) && 1723 (cnt_of_unconf == 0)) { 1724 return (0); 1725 } 1726 if (net) { 1727 struct sctp_nets *lnet; 1728 int delay; 1729 1730 delay = stcb->asoc.heart_beat_delay; 1731 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { 1732 if ((lnet->dest_state & SCTP_ADDR_UNCONFIRMED) && 1733 ((lnet->dest_state & SCTP_ADDR_OUT_OF_SCOPE) == 0) && 1734 (lnet->dest_state & SCTP_ADDR_REACHABLE)) { 1735 delay = 0; 1736 } 1737 } 1738 if (net->RTO == 0) { 1739 /* Never been checked */ 1740 to_ticks = this_random + stcb->asoc.initial_rto + delay; 1741 } else { 1742 /* set rto_val to the ms */ 1743 to_ticks = delay + net->RTO + this_random; 1744 } 1745 } else { 1746 if (cnt_of_unconf) { 1747 to_ticks = this_random + stcb->asoc.initial_rto; 1748 } else { 1749 to_ticks = stcb->asoc.heart_beat_delay + this_random + stcb->asoc.initial_rto; 1750 } 1751 } 1752 /* 1753 * Now we must convert the to_ticks that are now in 1754 * ms to ticks. 1755 */ 1756 to_ticks = MSEC_TO_TICKS(to_ticks); 1757 tmr = &stcb->asoc.hb_timer; 1758 } 1759 break; 1760 case SCTP_TIMER_TYPE_COOKIE: 1761 /* 1762 * Here we can use the RTO timer from the network since one 1763 * RTT was compelete. If a retran happened then we will be 1764 * using the RTO initial value. 1765 */ 1766 if ((stcb == NULL) || (net == NULL)) { 1767 return (EFAULT); 1768 } 1769 if (net->RTO == 0) { 1770 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 1771 } else { 1772 to_ticks = MSEC_TO_TICKS(net->RTO); 1773 } 1774 tmr = &net->rxt_timer; 1775 break; 1776 case SCTP_TIMER_TYPE_NEWCOOKIE: 1777 /* 1778 * nothing needed but the endpoint here ususually about 60 1779 * minutes. 1780 */ 1781 tmr = &inp->sctp_ep.signature_change; 1782 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_SIGNATURE]; 1783 break; 1784 case SCTP_TIMER_TYPE_ASOCKILL: 1785 if (stcb == NULL) { 1786 return (EFAULT); 1787 } 1788 tmr = &stcb->asoc.strreset_timer; 1789 to_ticks = MSEC_TO_TICKS(SCTP_ASOC_KILL_TIMEOUT); 1790 break; 1791 case SCTP_TIMER_TYPE_INPKILL: 1792 /* 1793 * The inp is setup to die. We re-use the signature_chage 1794 * timer since that has stopped and we are in the GONE 1795 * state. 1796 */ 1797 tmr = &inp->sctp_ep.signature_change; 1798 to_ticks = MSEC_TO_TICKS(SCTP_INP_KILL_TIMEOUT); 1799 break; 1800 case SCTP_TIMER_TYPE_PATHMTURAISE: 1801 /* 1802 * Here we use the value found in the EP for PMTU ususually 1803 * about 10 minutes. 1804 */ 1805 if (stcb == NULL) { 1806 return (EFAULT); 1807 } 1808 if (net == NULL) { 1809 return (EFAULT); 1810 } 1811 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_PMTU]; 1812 tmr = &net->pmtu_timer; 1813 break; 1814 case SCTP_TIMER_TYPE_SHUTDOWNACK: 1815 /* Here we use the RTO of the destination */ 1816 if ((stcb == NULL) || (net == NULL)) { 1817 return (EFAULT); 1818 } 1819 if (net->RTO == 0) { 1820 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 1821 } else { 1822 to_ticks = MSEC_TO_TICKS(net->RTO); 1823 } 1824 tmr = &net->rxt_timer; 1825 break; 1826 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 1827 /* 1828 * Here we use the endpoints shutdown guard timer usually 1829 * about 3 minutes. 1830 */ 1831 if (stcb == NULL) { 1832 return (EFAULT); 1833 } 1834 to_ticks = inp->sctp_ep.sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN]; 1835 tmr = &stcb->asoc.shut_guard_timer; 1836 break; 1837 case SCTP_TIMER_TYPE_STRRESET: 1838 /* 1839 * Here the timer comes from the inp but its value is from 1840 * the RTO. 1841 */ 1842 if ((stcb == NULL) || (net == NULL)) { 1843 return (EFAULT); 1844 } 1845 if (net->RTO == 0) { 1846 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 1847 } else { 1848 to_ticks = MSEC_TO_TICKS(net->RTO); 1849 } 1850 tmr = &stcb->asoc.strreset_timer; 1851 break; 1852 1853 case SCTP_TIMER_TYPE_EARLYFR: 1854 { 1855 unsigned int msec; 1856 1857 if ((stcb == NULL) || (net == NULL)) { 1858 return (EFAULT); 1859 } 1860 if (net->flight_size > net->cwnd) { 1861 /* no need to start */ 1862 return (0); 1863 } 1864 SCTP_STAT_INCR(sctps_earlyfrstart); 1865 if (net->lastsa == 0) { 1866 /* Hmm no rtt estimate yet? */ 1867 msec = stcb->asoc.initial_rto >> 2; 1868 } else { 1869 msec = ((net->lastsa >> 2) + net->lastsv) >> 1; 1870 } 1871 if (msec < sctp_early_fr_msec) { 1872 msec = sctp_early_fr_msec; 1873 if (msec < SCTP_MINFR_MSEC_FLOOR) { 1874 msec = SCTP_MINFR_MSEC_FLOOR; 1875 } 1876 } 1877 to_ticks = MSEC_TO_TICKS(msec); 1878 tmr = &net->fr_timer; 1879 } 1880 break; 1881 case SCTP_TIMER_TYPE_ASCONF: 1882 /* 1883 * Here the timer comes from the inp but its value is from 1884 * the RTO. 1885 */ 1886 if ((stcb == NULL) || (net == NULL)) { 1887 return (EFAULT); 1888 } 1889 if (net->RTO == 0) { 1890 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto); 1891 } else { 1892 to_ticks = MSEC_TO_TICKS(net->RTO); 1893 } 1894 tmr = &stcb->asoc.asconf_timer; 1895 break; 1896 case SCTP_TIMER_TYPE_AUTOCLOSE: 1897 if (stcb == NULL) { 1898 return (EFAULT); 1899 } 1900 if (stcb->asoc.sctp_autoclose_ticks == 0) { 1901 /* 1902 * Really an error since stcb is NOT set to 1903 * autoclose 1904 */ 1905 return (0); 1906 } 1907 to_ticks = stcb->asoc.sctp_autoclose_ticks; 1908 tmr = &stcb->asoc.autoclose_timer; 1909 break; 1910 default: 1911 #ifdef SCTP_DEBUG 1912 if (sctp_debug_on & SCTP_DEBUG_TIMER1) { 1913 printf("sctp_timer_start:Unknown timer type %d\n", 1914 t_type); 1915 } 1916 #endif /* SCTP_DEBUG */ 1917 return (EFAULT); 1918 break; 1919 }; 1920 if ((to_ticks <= 0) || (tmr == NULL)) { 1921 #ifdef SCTP_DEBUG 1922 if (sctp_debug_on & SCTP_DEBUG_TIMER1) { 1923 printf("sctp_timer_start:%d:software error to_ticks:%d tmr:%p not set ??\n", 1924 t_type, to_ticks, tmr); 1925 } 1926 #endif /* SCTP_DEBUG */ 1927 return (EFAULT); 1928 } 1929 if (SCTP_OS_TIMER_PENDING(&tmr->timer)) { 1930 /* 1931 * we do NOT allow you to have it already running. if it is 1932 * we leave the current one up unchanged 1933 */ 1934 return (EALREADY); 1935 } 1936 /* At this point we can proceed */ 1937 if (t_type == SCTP_TIMER_TYPE_SEND) { 1938 stcb->asoc.num_send_timers_up++; 1939 } 1940 tmr->stopped_from = 0; 1941 tmr->type = t_type; 1942 tmr->ep = (void *)inp; 1943 tmr->tcb = (void *)stcb; 1944 tmr->net = (void *)net; 1945 tmr->self = (void *)tmr; 1946 tmr->ticks = ticks; 1947 SCTP_OS_TIMER_START(&tmr->timer, to_ticks, sctp_timeout_handler, tmr); 1948 return (0); 1949 } 1950 1951 int 1952 sctp_timer_stop(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, 1953 struct sctp_nets *net, uint32_t from) 1954 { 1955 struct sctp_timer *tmr; 1956 1957 if ((t_type != SCTP_TIMER_TYPE_ADDR_WQ) && 1958 (inp == NULL)) 1959 return (EFAULT); 1960 1961 tmr = NULL; 1962 if (stcb) { 1963 SCTP_TCB_LOCK_ASSERT(stcb); 1964 } 1965 switch (t_type) { 1966 case SCTP_TIMER_TYPE_ADDR_WQ: 1967 tmr = &sctppcbinfo.addr_wq_timer; 1968 break; 1969 case SCTP_TIMER_TYPE_EARLYFR: 1970 if ((stcb == NULL) || (net == NULL)) { 1971 return (EFAULT); 1972 } 1973 tmr = &net->fr_timer; 1974 SCTP_STAT_INCR(sctps_earlyfrstop); 1975 break; 1976 case SCTP_TIMER_TYPE_ITERATOR: 1977 { 1978 struct sctp_iterator *it; 1979 1980 it = (struct sctp_iterator *)inp; 1981 tmr = &it->tmr; 1982 } 1983 break; 1984 case SCTP_TIMER_TYPE_SEND: 1985 if ((stcb == NULL) || (net == NULL)) { 1986 return (EFAULT); 1987 } 1988 tmr = &net->rxt_timer; 1989 break; 1990 case SCTP_TIMER_TYPE_INIT: 1991 if ((stcb == NULL) || (net == NULL)) { 1992 return (EFAULT); 1993 } 1994 tmr = &net->rxt_timer; 1995 break; 1996 case SCTP_TIMER_TYPE_RECV: 1997 if (stcb == NULL) { 1998 return (EFAULT); 1999 } 2000 tmr = &stcb->asoc.dack_timer; 2001 break; 2002 case SCTP_TIMER_TYPE_SHUTDOWN: 2003 if ((stcb == NULL) || (net == NULL)) { 2004 return (EFAULT); 2005 } 2006 tmr = &net->rxt_timer; 2007 break; 2008 case SCTP_TIMER_TYPE_HEARTBEAT: 2009 if (stcb == NULL) { 2010 return (EFAULT); 2011 } 2012 tmr = &stcb->asoc.hb_timer; 2013 break; 2014 case SCTP_TIMER_TYPE_COOKIE: 2015 if ((stcb == NULL) || (net == NULL)) { 2016 return (EFAULT); 2017 } 2018 tmr = &net->rxt_timer; 2019 break; 2020 case SCTP_TIMER_TYPE_NEWCOOKIE: 2021 /* nothing needed but the endpoint here */ 2022 tmr = &inp->sctp_ep.signature_change; 2023 /* 2024 * We re-use the newcookie timer for the INP kill timer. We 2025 * must assure that we do not kill it by accident. 2026 */ 2027 break; 2028 case SCTP_TIMER_TYPE_ASOCKILL: 2029 /* 2030 * Stop the asoc kill timer. 2031 */ 2032 if (stcb == NULL) { 2033 return (EFAULT); 2034 } 2035 tmr = &stcb->asoc.strreset_timer; 2036 break; 2037 2038 case SCTP_TIMER_TYPE_INPKILL: 2039 /* 2040 * The inp is setup to die. We re-use the signature_chage 2041 * timer since that has stopped and we are in the GONE 2042 * state. 2043 */ 2044 tmr = &inp->sctp_ep.signature_change; 2045 break; 2046 case SCTP_TIMER_TYPE_PATHMTURAISE: 2047 if ((stcb == NULL) || (net == NULL)) { 2048 return (EFAULT); 2049 } 2050 tmr = &net->pmtu_timer; 2051 break; 2052 case SCTP_TIMER_TYPE_SHUTDOWNACK: 2053 if ((stcb == NULL) || (net == NULL)) { 2054 return (EFAULT); 2055 } 2056 tmr = &net->rxt_timer; 2057 break; 2058 case SCTP_TIMER_TYPE_SHUTDOWNGUARD: 2059 if (stcb == NULL) { 2060 return (EFAULT); 2061 } 2062 tmr = &stcb->asoc.shut_guard_timer; 2063 break; 2064 case SCTP_TIMER_TYPE_STRRESET: 2065 if (stcb == NULL) { 2066 return (EFAULT); 2067 } 2068 tmr = &stcb->asoc.strreset_timer; 2069 break; 2070 case SCTP_TIMER_TYPE_ASCONF: 2071 if (stcb == NULL) { 2072 return (EFAULT); 2073 } 2074 tmr = &stcb->asoc.asconf_timer; 2075 break; 2076 case SCTP_TIMER_TYPE_AUTOCLOSE: 2077 if (stcb == NULL) { 2078 return (EFAULT); 2079 } 2080 tmr = &stcb->asoc.autoclose_timer; 2081 break; 2082 default: 2083 #ifdef SCTP_DEBUG 2084 if (sctp_debug_on & SCTP_DEBUG_TIMER1) { 2085 printf("sctp_timer_stop:Unknown timer type %d\n", 2086 t_type); 2087 } 2088 #endif /* SCTP_DEBUG */ 2089 break; 2090 }; 2091 if (tmr == NULL) { 2092 return (EFAULT); 2093 } 2094 if ((tmr->type != t_type) && tmr->type) { 2095 /* 2096 * Ok we have a timer that is under joint use. Cookie timer 2097 * per chance with the SEND timer. We therefore are NOT 2098 * running the timer that the caller wants stopped. So just 2099 * return. 2100 */ 2101 return (0); 2102 } 2103 if (t_type == SCTP_TIMER_TYPE_SEND) { 2104 stcb->asoc.num_send_timers_up--; 2105 if (stcb->asoc.num_send_timers_up < 0) { 2106 stcb->asoc.num_send_timers_up = 0; 2107 } 2108 } 2109 tmr->self = NULL; 2110 tmr->stopped_from = from; 2111 SCTP_OS_TIMER_STOP(&tmr->timer); 2112 return (0); 2113 } 2114 2115 #ifdef SCTP_USE_ADLER32 2116 static uint32_t 2117 update_adler32(uint32_t adler, uint8_t * buf, int32_t len) 2118 { 2119 uint32_t s1 = adler & 0xffff; 2120 uint32_t s2 = (adler >> 16) & 0xffff; 2121 int n; 2122 2123 for (n = 0; n < len; n++, buf++) { 2124 /* s1 = (s1 + buf[n]) % BASE */ 2125 /* first we add */ 2126 s1 = (s1 + *buf); 2127 /* 2128 * now if we need to, we do a mod by subtracting. It seems a 2129 * bit faster since I really will only ever do one subtract 2130 * at the MOST, since buf[n] is a max of 255. 2131 */ 2132 if (s1 >= SCTP_ADLER32_BASE) { 2133 s1 -= SCTP_ADLER32_BASE; 2134 } 2135 /* s2 = (s2 + s1) % BASE */ 2136 /* first we add */ 2137 s2 = (s2 + s1); 2138 /* 2139 * again, it is more efficent (it seems) to subtract since 2140 * the most s2 will ever be is (BASE-1 + BASE-1) in the 2141 * worse case. This would then be (2 * BASE) - 2, which will 2142 * still only do one subtract. On Intel this is much better 2143 * to do this way and avoid the divide. Have not -pg'd on 2144 * sparc. 2145 */ 2146 if (s2 >= SCTP_ADLER32_BASE) { 2147 s2 -= SCTP_ADLER32_BASE; 2148 } 2149 } 2150 /* Return the adler32 of the bytes buf[0..len-1] */ 2151 return ((s2 << 16) + s1); 2152 } 2153 2154 #endif 2155 2156 2157 uint32_t 2158 sctp_calculate_len(struct mbuf *m) 2159 { 2160 uint32_t tlen = 0; 2161 struct mbuf *at; 2162 2163 at = m; 2164 while (at) { 2165 tlen += SCTP_BUF_LEN(at); 2166 at = SCTP_BUF_NEXT(at); 2167 } 2168 return (tlen); 2169 } 2170 2171 #if defined(SCTP_WITH_NO_CSUM) 2172 2173 uint32_t 2174 sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset) 2175 { 2176 /* 2177 * given a mbuf chain with a packetheader offset by 'offset' 2178 * pointing at a sctphdr (with csum set to 0) go through the chain 2179 * of SCTP_BUF_NEXT()'s and calculate the SCTP checksum. This is 2180 * currently Adler32 but will change to CRC32x soon. Also has a side 2181 * bonus calculate the total length of the mbuf chain. Note: if 2182 * offset is greater than the total mbuf length, checksum=1, 2183 * pktlen=0 is returned (ie. no real error code) 2184 */ 2185 if (pktlen == NULL) 2186 return (0); 2187 *pktlen = sctp_calculate_len(m); 2188 return (0); 2189 } 2190 2191 #elif defined(SCTP_USE_INCHKSUM) 2192 2193 #include <machine/in_cksum.h> 2194 2195 uint32_t 2196 sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset) 2197 { 2198 /* 2199 * given a mbuf chain with a packetheader offset by 'offset' 2200 * pointing at a sctphdr (with csum set to 0) go through the chain 2201 * of SCTP_BUF_NEXT()'s and calculate the SCTP checksum. This is 2202 * currently Adler32 but will change to CRC32x soon. Also has a side 2203 * bonus calculate the total length of the mbuf chain. Note: if 2204 * offset is greater than the total mbuf length, checksum=1, 2205 * pktlen=0 is returned (ie. no real error code) 2206 */ 2207 int32_t tlen = 0; 2208 struct mbuf *at; 2209 uint32_t the_sum, retsum; 2210 2211 at = m; 2212 while (at) { 2213 tlen += SCTP_BUF_LEN(at); 2214 at = SCTP_BUF_NEXT(at); 2215 } 2216 the_sum = (uint32_t) (in_cksum_skip(m, tlen, offset)); 2217 if (pktlen != NULL) 2218 *pktlen = (tlen - offset); 2219 retsum = htons(the_sum); 2220 return (the_sum); 2221 } 2222 2223 #else 2224 2225 uint32_t 2226 sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset) 2227 { 2228 /* 2229 * given a mbuf chain with a packetheader offset by 'offset' 2230 * pointing at a sctphdr (with csum set to 0) go through the chain 2231 * of SCTP_BUF_NEXT()'s and calculate the SCTP checksum. This is 2232 * currently Adler32 but will change to CRC32x soon. Also has a side 2233 * bonus calculate the total length of the mbuf chain. Note: if 2234 * offset is greater than the total mbuf length, checksum=1, 2235 * pktlen=0 is returned (ie. no real error code) 2236 */ 2237 int32_t tlen = 0; 2238 2239 #ifdef SCTP_USE_ADLER32 2240 uint32_t base = 1L; 2241 2242 #else 2243 uint32_t base = 0xffffffff; 2244 2245 #endif /* SCTP_USE_ADLER32 */ 2246 struct mbuf *at; 2247 2248 at = m; 2249 /* find the correct mbuf and offset into mbuf */ 2250 while ((at != NULL) && (offset > (uint32_t) SCTP_BUF_LEN(at))) { 2251 offset -= SCTP_BUF_LEN(at); /* update remaining offset 2252 * left */ 2253 at = SCTP_BUF_NEXT(at); 2254 } 2255 while (at != NULL) { 2256 if ((SCTP_BUF_LEN(at) - offset) > 0) { 2257 #ifdef SCTP_USE_ADLER32 2258 base = update_adler32(base, 2259 (unsigned char *)(SCTP_BUF_AT(at, offset)), 2260 (unsigned int)(SCTP_BUF_LEN(at) - offset)); 2261 #else 2262 if ((SCTP_BUF_LEN(at) - offset) < 4) { 2263 /* Use old method if less than 4 bytes */ 2264 base = old_update_crc32(base, 2265 (unsigned char *)(SCTP_BUF_AT(at, offset)), 2266 (unsigned int)(SCTP_BUF_LEN(at) - offset)); 2267 } else { 2268 base = update_crc32(base, 2269 (unsigned char *)(SCTP_BUF_AT(at, offset)), 2270 (unsigned int)(SCTP_BUF_LEN(at) - offset)); 2271 } 2272 #endif /* SCTP_USE_ADLER32 */ 2273 tlen += SCTP_BUF_LEN(at) - offset; 2274 /* we only offset once into the first mbuf */ 2275 } 2276 if (offset) { 2277 if (offset < SCTP_BUF_LEN(at)) 2278 offset = 0; 2279 else 2280 offset -= SCTP_BUF_LEN(at); 2281 } 2282 at = SCTP_BUF_NEXT(at); 2283 } 2284 if (pktlen != NULL) { 2285 *pktlen = tlen; 2286 } 2287 #ifdef SCTP_USE_ADLER32 2288 /* Adler32 */ 2289 base = htonl(base); 2290 #else 2291 /* CRC-32c */ 2292 base = sctp_csum_finalize(base); 2293 #endif 2294 return (base); 2295 } 2296 2297 2298 #endif 2299 2300 void 2301 sctp_mtu_size_reset(struct sctp_inpcb *inp, 2302 struct sctp_association *asoc, u_long mtu) 2303 { 2304 /* 2305 * Reset the P-MTU size on this association, this involves changing 2306 * the asoc MTU, going through ANY chunk+overhead larger than mtu to 2307 * allow the DF flag to be cleared. 2308 */ 2309 struct sctp_tmit_chunk *chk; 2310 unsigned int eff_mtu, ovh; 2311 2312 asoc->smallest_mtu = mtu; 2313 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 2314 ovh = SCTP_MIN_OVERHEAD; 2315 } else { 2316 ovh = SCTP_MIN_V4_OVERHEAD; 2317 } 2318 eff_mtu = mtu - ovh; 2319 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 2320 2321 if (chk->send_size > eff_mtu) { 2322 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2323 } 2324 } 2325 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 2326 if (chk->send_size > eff_mtu) { 2327 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 2328 } 2329 } 2330 } 2331 2332 2333 /* 2334 * given an association and starting time of the current RTT period return 2335 * RTO in number of usecs net should point to the current network 2336 */ 2337 uint32_t 2338 sctp_calculate_rto(struct sctp_tcb *stcb, 2339 struct sctp_association *asoc, 2340 struct sctp_nets *net, 2341 struct timeval *old) 2342 { 2343 /* 2344 * given an association and the starting time of the current RTT 2345 * period (in value1/value2) return RTO in number of usecs. 2346 */ 2347 int calc_time = 0; 2348 int o_calctime; 2349 unsigned int new_rto = 0; 2350 int first_measure = 0; 2351 struct timeval now; 2352 2353 /************************/ 2354 /* 1. calculate new RTT */ 2355 /************************/ 2356 /* get the current time */ 2357 SCTP_GETTIME_TIMEVAL(&now); 2358 /* compute the RTT value */ 2359 if ((u_long)now.tv_sec > (u_long)old->tv_sec) { 2360 calc_time = ((u_long)now.tv_sec - (u_long)old->tv_sec) * 1000; 2361 if ((u_long)now.tv_usec > (u_long)old->tv_usec) { 2362 calc_time += (((u_long)now.tv_usec - 2363 (u_long)old->tv_usec) / 1000); 2364 } else if ((u_long)now.tv_usec < (u_long)old->tv_usec) { 2365 /* Borrow 1,000ms from current calculation */ 2366 calc_time -= 1000; 2367 /* Add in the slop over */ 2368 calc_time += ((int)now.tv_usec / 1000); 2369 /* Add in the pre-second ms's */ 2370 calc_time += (((int)1000000 - (int)old->tv_usec) / 1000); 2371 } 2372 } else if ((u_long)now.tv_sec == (u_long)old->tv_sec) { 2373 if ((u_long)now.tv_usec > (u_long)old->tv_usec) { 2374 calc_time = ((u_long)now.tv_usec - 2375 (u_long)old->tv_usec) / 1000; 2376 } else if ((u_long)now.tv_usec < (u_long)old->tv_usec) { 2377 /* impossible .. garbage in nothing out */ 2378 return (((net->lastsa >> 2) + net->lastsv) >> 1); 2379 } else if ((u_long)now.tv_usec == (u_long)old->tv_usec) { 2380 /* 2381 * We have to have 1 usec :-D this must be the 2382 * loopback. 2383 */ 2384 calc_time = 1; 2385 } else { 2386 /* impossible .. garbage in nothing out */ 2387 return (((net->lastsa >> 2) + net->lastsv) >> 1); 2388 } 2389 } else { 2390 /* Clock wrapped? */ 2391 return (((net->lastsa >> 2) + net->lastsv) >> 1); 2392 } 2393 /***************************/ 2394 /* 2. update RTTVAR & SRTT */ 2395 /***************************/ 2396 o_calctime = calc_time; 2397 /* this is Van Jacobson's integer version */ 2398 if (net->RTO) { 2399 calc_time -= (net->lastsa >> 3); 2400 if ((int)net->prev_rtt > o_calctime) { 2401 net->rtt_variance = net->prev_rtt - o_calctime; 2402 /* decreasing */ 2403 net->rto_variance_dir = 0; 2404 } else { 2405 /* increasing */ 2406 net->rtt_variance = o_calctime - net->prev_rtt; 2407 net->rto_variance_dir = 1; 2408 } 2409 #ifdef SCTP_RTTVAR_LOGGING 2410 rto_logging(net, SCTP_LOG_RTTVAR); 2411 #endif 2412 net->prev_rtt = o_calctime; 2413 net->lastsa += calc_time; 2414 if (calc_time < 0) { 2415 calc_time = -calc_time; 2416 } 2417 calc_time -= (net->lastsv >> 2); 2418 net->lastsv += calc_time; 2419 if (net->lastsv == 0) { 2420 net->lastsv = SCTP_CLOCK_GRANULARITY; 2421 } 2422 } else { 2423 /* First RTO measurment */ 2424 net->lastsa = calc_time; 2425 net->lastsv = calc_time >> 1; 2426 first_measure = 1; 2427 net->rto_variance_dir = 1; 2428 net->prev_rtt = o_calctime; 2429 net->rtt_variance = 0; 2430 #ifdef SCTP_RTTVAR_LOGGING 2431 rto_logging(net, SCTP_LOG_INITIAL_RTT); 2432 #endif 2433 } 2434 new_rto = ((net->lastsa >> 2) + net->lastsv) >> 1; 2435 if ((new_rto > SCTP_SAT_NETWORK_MIN) && 2436 (stcb->asoc.sat_network_lockout == 0)) { 2437 stcb->asoc.sat_network = 1; 2438 } else if ((!first_measure) && stcb->asoc.sat_network) { 2439 stcb->asoc.sat_network = 0; 2440 stcb->asoc.sat_network_lockout = 1; 2441 } 2442 /* bound it, per C6/C7 in Section 5.3.1 */ 2443 if (new_rto < stcb->asoc.minrto) { 2444 new_rto = stcb->asoc.minrto; 2445 } 2446 if (new_rto > stcb->asoc.maxrto) { 2447 new_rto = stcb->asoc.maxrto; 2448 } 2449 /* we are now returning the RTT Smoothed */ 2450 return ((uint32_t) new_rto); 2451 } 2452 2453 2454 /* 2455 * return a pointer to a contiguous piece of data from the given mbuf chain 2456 * starting at 'off' for 'len' bytes. If the desired piece spans more than 2457 * one mbuf, a copy is made at 'ptr'. caller must ensure that the buffer size 2458 * is >= 'len' returns NULL if there there isn't 'len' bytes in the chain. 2459 */ 2460 __inline caddr_t 2461 sctp_m_getptr(struct mbuf *m, int off, int len, uint8_t * in_ptr) 2462 { 2463 uint32_t count; 2464 uint8_t *ptr; 2465 2466 ptr = in_ptr; 2467 if ((off < 0) || (len <= 0)) 2468 return (NULL); 2469 2470 /* find the desired start location */ 2471 while ((m != NULL) && (off > 0)) { 2472 if (off < SCTP_BUF_LEN(m)) 2473 break; 2474 off -= SCTP_BUF_LEN(m); 2475 m = SCTP_BUF_NEXT(m); 2476 } 2477 if (m == NULL) 2478 return (NULL); 2479 2480 /* is the current mbuf large enough (eg. contiguous)? */ 2481 if ((SCTP_BUF_LEN(m) - off) >= len) { 2482 return (mtod(m, caddr_t)+off); 2483 } else { 2484 /* else, it spans more than one mbuf, so save a temp copy... */ 2485 while ((m != NULL) && (len > 0)) { 2486 count = min(SCTP_BUF_LEN(m) - off, len); 2487 bcopy(mtod(m, caddr_t)+off, ptr, count); 2488 len -= count; 2489 ptr += count; 2490 off = 0; 2491 m = SCTP_BUF_NEXT(m); 2492 } 2493 if ((m == NULL) && (len > 0)) 2494 return (NULL); 2495 else 2496 return ((caddr_t)in_ptr); 2497 } 2498 } 2499 2500 2501 struct sctp_paramhdr * 2502 sctp_get_next_param(struct mbuf *m, 2503 int offset, 2504 struct sctp_paramhdr *pull, 2505 int pull_limit) 2506 { 2507 /* This just provides a typed signature to Peter's Pull routine */ 2508 return ((struct sctp_paramhdr *)sctp_m_getptr(m, offset, pull_limit, 2509 (uint8_t *) pull)); 2510 } 2511 2512 2513 int 2514 sctp_add_pad_tombuf(struct mbuf *m, int padlen) 2515 { 2516 /* 2517 * add padlen bytes of 0 filled padding to the end of the mbuf. If 2518 * padlen is > 3 this routine will fail. 2519 */ 2520 uint8_t *dp; 2521 int i; 2522 2523 if (padlen > 3) { 2524 return (ENOBUFS); 2525 } 2526 if (M_TRAILINGSPACE(m)) { 2527 /* 2528 * The easy way. We hope the majority of the time we hit 2529 * here :) 2530 */ 2531 dp = (uint8_t *) (mtod(m, caddr_t)+SCTP_BUF_LEN(m)); 2532 SCTP_BUF_LEN(m) += padlen; 2533 } else { 2534 /* Hard way we must grow the mbuf */ 2535 struct mbuf *tmp; 2536 2537 tmp = sctp_get_mbuf_for_msg(padlen, 0, M_DONTWAIT, 1, MT_DATA); 2538 if (tmp == NULL) { 2539 /* Out of space GAK! we are in big trouble. */ 2540 return (ENOSPC); 2541 } 2542 /* setup and insert in middle */ 2543 SCTP_BUF_NEXT(tmp) = SCTP_BUF_NEXT(m); 2544 SCTP_BUF_LEN(tmp) = padlen; 2545 SCTP_BUF_NEXT(m) = tmp; 2546 dp = mtod(tmp, uint8_t *); 2547 } 2548 /* zero out the pad */ 2549 for (i = 0; i < padlen; i++) { 2550 *dp = 0; 2551 dp++; 2552 } 2553 return (0); 2554 } 2555 2556 int 2557 sctp_pad_lastmbuf(struct mbuf *m, int padval, struct mbuf *last_mbuf) 2558 { 2559 /* find the last mbuf in chain and pad it */ 2560 struct mbuf *m_at; 2561 2562 m_at = m; 2563 if (last_mbuf) { 2564 return (sctp_add_pad_tombuf(last_mbuf, padval)); 2565 } else { 2566 while (m_at) { 2567 if (SCTP_BUF_NEXT(m_at) == NULL) { 2568 return (sctp_add_pad_tombuf(m_at, padval)); 2569 } 2570 m_at = SCTP_BUF_NEXT(m_at); 2571 } 2572 } 2573 return (EFAULT); 2574 } 2575 2576 int sctp_asoc_change_wake = 0; 2577 2578 static void 2579 sctp_notify_assoc_change(uint32_t event, struct sctp_tcb *stcb, 2580 uint32_t error, void *data) 2581 { 2582 struct mbuf *m_notify; 2583 struct sctp_assoc_change *sac; 2584 struct sctp_queued_to_read *control; 2585 2586 /* 2587 * First if we are are going down dump everything we can to the 2588 * socket rcv queue. 2589 */ 2590 2591 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 2592 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 2593 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) 2594 ) { 2595 /* If the socket is gone we are out of here */ 2596 return; 2597 } 2598 /* 2599 * For TCP model AND UDP connected sockets we will send an error up 2600 * when an ABORT comes in. 2601 */ 2602 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 2603 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && 2604 (event == SCTP_COMM_LOST)) { 2605 if (TAILQ_EMPTY(&stcb->sctp_ep->read_queue)) { 2606 stcb->sctp_socket->so_error = ECONNRESET; 2607 } 2608 /* Wake ANY sleepers */ 2609 sorwakeup(stcb->sctp_socket); 2610 sowwakeup(stcb->sctp_socket); 2611 sctp_asoc_change_wake++; 2612 } 2613 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVASSOCEVNT)) { 2614 /* event not enabled */ 2615 return; 2616 } 2617 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_change), 0, M_DONTWAIT, 1, MT_DATA); 2618 if (m_notify == NULL) 2619 /* no space left */ 2620 return; 2621 SCTP_BUF_LEN(m_notify) = 0; 2622 2623 sac = mtod(m_notify, struct sctp_assoc_change *); 2624 sac->sac_type = SCTP_ASSOC_CHANGE; 2625 sac->sac_flags = 0; 2626 sac->sac_length = sizeof(struct sctp_assoc_change); 2627 sac->sac_state = event; 2628 sac->sac_error = error; 2629 /* XXX verify these stream counts */ 2630 sac->sac_outbound_streams = stcb->asoc.streamoutcnt; 2631 sac->sac_inbound_streams = stcb->asoc.streamincnt; 2632 sac->sac_assoc_id = sctp_get_associd(stcb); 2633 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_assoc_change); 2634 SCTP_BUF_NEXT(m_notify) = NULL; 2635 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2636 0, 0, 0, 0, 0, 0, 2637 m_notify); 2638 if (control == NULL) { 2639 /* no memory */ 2640 sctp_m_freem(m_notify); 2641 return; 2642 } 2643 control->length = SCTP_BUF_LEN(m_notify); 2644 /* not that we need this */ 2645 control->tail_mbuf = m_notify; 2646 control->spec_flags = M_NOTIFICATION; 2647 sctp_add_to_readq(stcb->sctp_ep, stcb, 2648 control, 2649 &stcb->sctp_socket->so_rcv, 1); 2650 if (event == SCTP_COMM_LOST) { 2651 /* Wake up any sleeper */ 2652 sctp_sowwakeup(stcb->sctp_ep, stcb->sctp_socket); 2653 } 2654 } 2655 2656 static void 2657 sctp_notify_peer_addr_change(struct sctp_tcb *stcb, uint32_t state, 2658 struct sockaddr *sa, uint32_t error) 2659 { 2660 struct mbuf *m_notify; 2661 struct sctp_paddr_change *spc; 2662 struct sctp_queued_to_read *control; 2663 2664 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVPADDREVNT)) 2665 /* event not enabled */ 2666 return; 2667 2668 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_paddr_change), 0, M_DONTWAIT, 1, MT_DATA); 2669 if (m_notify == NULL) 2670 return; 2671 SCTP_BUF_LEN(m_notify) = 0; 2672 spc = mtod(m_notify, struct sctp_paddr_change *); 2673 spc->spc_type = SCTP_PEER_ADDR_CHANGE; 2674 spc->spc_flags = 0; 2675 spc->spc_length = sizeof(struct sctp_paddr_change); 2676 if (sa->sa_family == AF_INET) { 2677 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in)); 2678 } else { 2679 memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in6)); 2680 } 2681 spc->spc_state = state; 2682 spc->spc_error = error; 2683 spc->spc_assoc_id = sctp_get_associd(stcb); 2684 2685 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_paddr_change); 2686 SCTP_BUF_NEXT(m_notify) = NULL; 2687 2688 /* append to socket */ 2689 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2690 0, 0, 0, 0, 0, 0, 2691 m_notify); 2692 if (control == NULL) { 2693 /* no memory */ 2694 sctp_m_freem(m_notify); 2695 return; 2696 } 2697 control->length = SCTP_BUF_LEN(m_notify); 2698 control->spec_flags = M_NOTIFICATION; 2699 /* not that we need this */ 2700 control->tail_mbuf = m_notify; 2701 sctp_add_to_readq(stcb->sctp_ep, stcb, 2702 control, 2703 &stcb->sctp_socket->so_rcv, 1); 2704 } 2705 2706 2707 static void 2708 sctp_notify_send_failed(struct sctp_tcb *stcb, uint32_t error, 2709 struct sctp_tmit_chunk *chk) 2710 { 2711 struct mbuf *m_notify; 2712 struct sctp_send_failed *ssf; 2713 struct sctp_queued_to_read *control; 2714 int length; 2715 2716 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVSENDFAILEVNT)) 2717 /* event not enabled */ 2718 return; 2719 2720 length = sizeof(struct sctp_send_failed) + chk->send_size; 2721 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_send_failed), 0, M_DONTWAIT, 1, MT_DATA); 2722 if (m_notify == NULL) 2723 /* no space left */ 2724 return; 2725 SCTP_BUF_LEN(m_notify) = 0; 2726 ssf = mtod(m_notify, struct sctp_send_failed *); 2727 ssf->ssf_type = SCTP_SEND_FAILED; 2728 if (error == SCTP_NOTIFY_DATAGRAM_UNSENT) 2729 ssf->ssf_flags = SCTP_DATA_UNSENT; 2730 else 2731 ssf->ssf_flags = SCTP_DATA_SENT; 2732 ssf->ssf_length = length; 2733 ssf->ssf_error = error; 2734 /* not exactly what the user sent in, but should be close :) */ 2735 ssf->ssf_info.sinfo_stream = chk->rec.data.stream_number; 2736 ssf->ssf_info.sinfo_ssn = chk->rec.data.stream_seq; 2737 ssf->ssf_info.sinfo_flags = chk->rec.data.rcv_flags; 2738 ssf->ssf_info.sinfo_ppid = chk->rec.data.payloadtype; 2739 ssf->ssf_info.sinfo_context = chk->rec.data.context; 2740 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 2741 ssf->ssf_assoc_id = sctp_get_associd(stcb); 2742 SCTP_BUF_NEXT(m_notify) = chk->data; 2743 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed); 2744 2745 /* Steal off the mbuf */ 2746 chk->data = NULL; 2747 /* 2748 * For this case, we check the actual socket buffer, since the assoc 2749 * is going away we don't want to overfill the socket buffer for a 2750 * non-reader 2751 */ 2752 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 2753 sctp_m_freem(m_notify); 2754 return; 2755 } 2756 /* append to socket */ 2757 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2758 0, 0, 0, 0, 0, 0, 2759 m_notify); 2760 if (control == NULL) { 2761 /* no memory */ 2762 sctp_m_freem(m_notify); 2763 return; 2764 } 2765 control->spec_flags = M_NOTIFICATION; 2766 sctp_add_to_readq(stcb->sctp_ep, stcb, 2767 control, 2768 &stcb->sctp_socket->so_rcv, 1); 2769 } 2770 2771 2772 static void 2773 sctp_notify_send_failed2(struct sctp_tcb *stcb, uint32_t error, 2774 struct sctp_stream_queue_pending *sp) 2775 { 2776 struct mbuf *m_notify; 2777 struct sctp_send_failed *ssf; 2778 struct sctp_queued_to_read *control; 2779 int length; 2780 2781 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVSENDFAILEVNT)) 2782 /* event not enabled */ 2783 return; 2784 2785 length = sizeof(struct sctp_send_failed) + sp->length; 2786 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_adaption_event), 0, M_DONTWAIT, 1, MT_DATA); 2787 if (m_notify == NULL) 2788 /* no space left */ 2789 return; 2790 SCTP_BUF_LEN(m_notify) = 0; 2791 ssf = mtod(m_notify, struct sctp_send_failed *); 2792 ssf->ssf_type = SCTP_SEND_FAILED; 2793 if (error == SCTP_NOTIFY_DATAGRAM_UNSENT) 2794 ssf->ssf_flags = SCTP_DATA_UNSENT; 2795 else 2796 ssf->ssf_flags = SCTP_DATA_SENT; 2797 ssf->ssf_length = length; 2798 ssf->ssf_error = error; 2799 /* not exactly what the user sent in, but should be close :) */ 2800 ssf->ssf_info.sinfo_stream = sp->stream; 2801 ssf->ssf_info.sinfo_ssn = sp->strseq; 2802 ssf->ssf_info.sinfo_flags = sp->sinfo_flags; 2803 ssf->ssf_info.sinfo_ppid = sp->ppid; 2804 ssf->ssf_info.sinfo_context = sp->context; 2805 ssf->ssf_info.sinfo_assoc_id = sctp_get_associd(stcb); 2806 ssf->ssf_assoc_id = sctp_get_associd(stcb); 2807 SCTP_BUF_NEXT(m_notify) = sp->data; 2808 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed); 2809 2810 /* Steal off the mbuf */ 2811 sp->data = NULL; 2812 /* 2813 * For this case, we check the actual socket buffer, since the assoc 2814 * is going away we don't want to overfill the socket buffer for a 2815 * non-reader 2816 */ 2817 if (sctp_sbspace_failedmsgs(&stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 2818 sctp_m_freem(m_notify); 2819 return; 2820 } 2821 /* append to socket */ 2822 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2823 0, 0, 0, 0, 0, 0, 2824 m_notify); 2825 if (control == NULL) { 2826 /* no memory */ 2827 sctp_m_freem(m_notify); 2828 return; 2829 } 2830 control->spec_flags = M_NOTIFICATION; 2831 sctp_add_to_readq(stcb->sctp_ep, stcb, 2832 control, 2833 &stcb->sctp_socket->so_rcv, 1); 2834 } 2835 2836 2837 2838 static void 2839 sctp_notify_adaptation_layer(struct sctp_tcb *stcb, 2840 uint32_t error) 2841 { 2842 struct mbuf *m_notify; 2843 struct sctp_adaptation_event *sai; 2844 struct sctp_queued_to_read *control; 2845 2846 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_ADAPTATIONEVNT)) 2847 /* event not enabled */ 2848 return; 2849 2850 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_adaption_event), 0, M_DONTWAIT, 1, MT_DATA); 2851 if (m_notify == NULL) 2852 /* no space left */ 2853 return; 2854 SCTP_BUF_LEN(m_notify) = 0; 2855 sai = mtod(m_notify, struct sctp_adaptation_event *); 2856 sai->sai_type = SCTP_ADAPTATION_INDICATION; 2857 sai->sai_flags = 0; 2858 sai->sai_length = sizeof(struct sctp_adaptation_event); 2859 sai->sai_adaptation_ind = error; 2860 sai->sai_assoc_id = sctp_get_associd(stcb); 2861 2862 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_adaptation_event); 2863 SCTP_BUF_NEXT(m_notify) = NULL; 2864 2865 /* append to socket */ 2866 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2867 0, 0, 0, 0, 0, 0, 2868 m_notify); 2869 if (control == NULL) { 2870 /* no memory */ 2871 sctp_m_freem(m_notify); 2872 return; 2873 } 2874 control->length = SCTP_BUF_LEN(m_notify); 2875 control->spec_flags = M_NOTIFICATION; 2876 /* not that we need this */ 2877 control->tail_mbuf = m_notify; 2878 sctp_add_to_readq(stcb->sctp_ep, stcb, 2879 control, 2880 &stcb->sctp_socket->so_rcv, 1); 2881 } 2882 2883 /* This always must be called with the read-queue LOCKED in the INP */ 2884 void 2885 sctp_notify_partial_delivery_indication(struct sctp_tcb *stcb, 2886 uint32_t error, int nolock) 2887 { 2888 struct mbuf *m_notify; 2889 struct sctp_pdapi_event *pdapi; 2890 struct sctp_queued_to_read *control; 2891 struct sockbuf *sb; 2892 2893 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_PDAPIEVNT)) 2894 /* event not enabled */ 2895 return; 2896 2897 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_pdapi_event), 0, M_DONTWAIT, 1, MT_DATA); 2898 if (m_notify == NULL) 2899 /* no space left */ 2900 return; 2901 SCTP_BUF_LEN(m_notify) = 0; 2902 pdapi = mtod(m_notify, struct sctp_pdapi_event *); 2903 pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT; 2904 pdapi->pdapi_flags = 0; 2905 pdapi->pdapi_length = sizeof(struct sctp_pdapi_event); 2906 pdapi->pdapi_indication = error; 2907 pdapi->pdapi_assoc_id = sctp_get_associd(stcb); 2908 2909 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_pdapi_event); 2910 SCTP_BUF_NEXT(m_notify) = NULL; 2911 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2912 0, 0, 0, 0, 0, 0, 2913 m_notify); 2914 if (control == NULL) { 2915 /* no memory */ 2916 sctp_m_freem(m_notify); 2917 return; 2918 } 2919 control->spec_flags = M_NOTIFICATION; 2920 control->length = SCTP_BUF_LEN(m_notify); 2921 /* not that we need this */ 2922 control->tail_mbuf = m_notify; 2923 control->held_length = 0; 2924 control->length = 0; 2925 if (nolock == 0) { 2926 SCTP_INP_READ_LOCK(stcb->sctp_ep); 2927 } 2928 sb = &stcb->sctp_socket->so_rcv; 2929 #ifdef SCTP_SB_LOGGING 2930 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m_notify)); 2931 #endif 2932 sctp_sballoc(stcb, sb, m_notify); 2933 #ifdef SCTP_SB_LOGGING 2934 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 2935 #endif 2936 atomic_add_int(&control->length, SCTP_BUF_LEN(m_notify)); 2937 control->end_added = 1; 2938 if (stcb->asoc.control_pdapi) 2939 TAILQ_INSERT_AFTER(&stcb->sctp_ep->read_queue, stcb->asoc.control_pdapi, control, next); 2940 else { 2941 /* we really should not see this case */ 2942 TAILQ_INSERT_TAIL(&stcb->sctp_ep->read_queue, control, next); 2943 } 2944 if (nolock == 0) { 2945 SCTP_INP_READ_UNLOCK(stcb->sctp_ep); 2946 } 2947 if (stcb->sctp_ep && stcb->sctp_socket) { 2948 /* This should always be the case */ 2949 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket); 2950 } 2951 } 2952 2953 static void 2954 sctp_notify_shutdown_event(struct sctp_tcb *stcb) 2955 { 2956 struct mbuf *m_notify; 2957 struct sctp_shutdown_event *sse; 2958 struct sctp_queued_to_read *control; 2959 2960 /* 2961 * For TCP model AND UDP connected sockets we will send an error up 2962 * when an SHUTDOWN completes 2963 */ 2964 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 2965 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 2966 /* mark socket closed for read/write and wakeup! */ 2967 socantsendmore(stcb->sctp_socket); 2968 } 2969 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_RECVSHUTDOWNEVNT)) 2970 /* event not enabled */ 2971 return; 2972 2973 m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_event), 0, M_DONTWAIT, 1, MT_DATA); 2974 if (m_notify == NULL) 2975 /* no space left */ 2976 return; 2977 sse = mtod(m_notify, struct sctp_shutdown_event *); 2978 sse->sse_type = SCTP_SHUTDOWN_EVENT; 2979 sse->sse_flags = 0; 2980 sse->sse_length = sizeof(struct sctp_shutdown_event); 2981 sse->sse_assoc_id = sctp_get_associd(stcb); 2982 2983 SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_shutdown_event); 2984 SCTP_BUF_NEXT(m_notify) = NULL; 2985 2986 /* append to socket */ 2987 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 2988 0, 0, 0, 0, 0, 0, 2989 m_notify); 2990 if (control == NULL) { 2991 /* no memory */ 2992 sctp_m_freem(m_notify); 2993 return; 2994 } 2995 control->spec_flags = M_NOTIFICATION; 2996 control->length = SCTP_BUF_LEN(m_notify); 2997 /* not that we need this */ 2998 control->tail_mbuf = m_notify; 2999 sctp_add_to_readq(stcb->sctp_ep, stcb, 3000 control, 3001 &stcb->sctp_socket->so_rcv, 1); 3002 } 3003 3004 static void 3005 sctp_notify_stream_reset(struct sctp_tcb *stcb, 3006 int number_entries, uint16_t * list, int flag) 3007 { 3008 struct mbuf *m_notify; 3009 struct sctp_queued_to_read *control; 3010 struct sctp_stream_reset_event *strreset; 3011 int len; 3012 3013 if (sctp_is_feature_off(stcb->sctp_ep, SCTP_PCB_FLAGS_STREAM_RESETEVNT)) 3014 /* event not enabled */ 3015 return; 3016 3017 m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); 3018 if (m_notify == NULL) 3019 /* no space left */ 3020 return; 3021 SCTP_BUF_LEN(m_notify) = 0; 3022 len = sizeof(struct sctp_stream_reset_event) + (number_entries * sizeof(uint16_t)); 3023 if (len > M_TRAILINGSPACE(m_notify)) { 3024 /* never enough room */ 3025 sctp_m_freem(m_notify); 3026 return; 3027 } 3028 strreset = mtod(m_notify, struct sctp_stream_reset_event *); 3029 strreset->strreset_type = SCTP_STREAM_RESET_EVENT; 3030 if (number_entries == 0) { 3031 strreset->strreset_flags = flag | SCTP_STRRESET_ALL_STREAMS; 3032 } else { 3033 strreset->strreset_flags = flag | SCTP_STRRESET_STREAM_LIST; 3034 } 3035 strreset->strreset_length = len; 3036 strreset->strreset_assoc_id = sctp_get_associd(stcb); 3037 if (number_entries) { 3038 int i; 3039 3040 for (i = 0; i < number_entries; i++) { 3041 strreset->strreset_list[i] = ntohs(list[i]); 3042 } 3043 } 3044 SCTP_BUF_LEN(m_notify) = len; 3045 SCTP_BUF_NEXT(m_notify) = NULL; 3046 if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { 3047 /* no space */ 3048 sctp_m_freem(m_notify); 3049 return; 3050 } 3051 /* append to socket */ 3052 control = sctp_build_readq_entry(stcb, stcb->asoc.primary_destination, 3053 0, 0, 0, 0, 0, 0, 3054 m_notify); 3055 if (control == NULL) { 3056 /* no memory */ 3057 sctp_m_freem(m_notify); 3058 return; 3059 } 3060 control->spec_flags = M_NOTIFICATION; 3061 control->length = SCTP_BUF_LEN(m_notify); 3062 /* not that we need this */ 3063 control->tail_mbuf = m_notify; 3064 sctp_add_to_readq(stcb->sctp_ep, stcb, 3065 control, 3066 &stcb->sctp_socket->so_rcv, 1); 3067 } 3068 3069 3070 void 3071 sctp_ulp_notify(uint32_t notification, struct sctp_tcb *stcb, 3072 uint32_t error, void *data) 3073 { 3074 if (stcb == NULL) { 3075 /* unlikely but */ 3076 return; 3077 } 3078 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3079 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3080 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) 3081 ) { 3082 /* No notifications up when we are in a no socket state */ 3083 return; 3084 } 3085 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 3086 /* Can't send up to a closed socket any notifications */ 3087 return; 3088 } 3089 if (stcb && (stcb->asoc.assoc_up_sent == 0) && (notification != SCTP_NOTIFY_ASSOC_UP)) { 3090 if ((notification != SCTP_NOTIFY_ASSOC_DOWN) && 3091 (notification != SCTP_NOTIFY_ASSOC_ABORTED) && 3092 (notification != SCTP_NOTIFY_SPECIAL_SP_FAIL) && 3093 (notification != SCTP_NOTIFY_DG_FAIL) && 3094 (notification != SCTP_NOTIFY_PEER_SHUTDOWN)) { 3095 sctp_notify_assoc_change(SCTP_COMM_UP, stcb, 0, NULL); 3096 stcb->asoc.assoc_up_sent = 1; 3097 } 3098 } 3099 switch (notification) { 3100 case SCTP_NOTIFY_ASSOC_UP: 3101 if (stcb->asoc.assoc_up_sent == 0) { 3102 sctp_notify_assoc_change(SCTP_COMM_UP, stcb, error, NULL); 3103 stcb->asoc.assoc_up_sent = 1; 3104 } 3105 break; 3106 case SCTP_NOTIFY_ASSOC_DOWN: 3107 sctp_notify_assoc_change(SCTP_SHUTDOWN_COMP, stcb, error, NULL); 3108 break; 3109 case SCTP_NOTIFY_INTERFACE_DOWN: 3110 { 3111 struct sctp_nets *net; 3112 3113 net = (struct sctp_nets *)data; 3114 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_UNREACHABLE, 3115 (struct sockaddr *)&net->ro._l_addr, error); 3116 break; 3117 } 3118 case SCTP_NOTIFY_INTERFACE_UP: 3119 { 3120 struct sctp_nets *net; 3121 3122 net = (struct sctp_nets *)data; 3123 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_AVAILABLE, 3124 (struct sockaddr *)&net->ro._l_addr, error); 3125 break; 3126 } 3127 case SCTP_NOTIFY_INTERFACE_CONFIRMED: 3128 { 3129 struct sctp_nets *net; 3130 3131 net = (struct sctp_nets *)data; 3132 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_CONFIRMED, 3133 (struct sockaddr *)&net->ro._l_addr, error); 3134 break; 3135 } 3136 case SCTP_NOTIFY_SPECIAL_SP_FAIL: 3137 sctp_notify_send_failed2(stcb, error, 3138 (struct sctp_stream_queue_pending *)data); 3139 break; 3140 case SCTP_NOTIFY_DG_FAIL: 3141 sctp_notify_send_failed(stcb, error, 3142 (struct sctp_tmit_chunk *)data); 3143 break; 3144 case SCTP_NOTIFY_ADAPTATION_INDICATION: 3145 /* Here the error is the adaptation indication */ 3146 sctp_notify_adaptation_layer(stcb, error); 3147 break; 3148 case SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION: 3149 sctp_notify_partial_delivery_indication(stcb, error, 0); 3150 break; 3151 case SCTP_NOTIFY_STRDATA_ERR: 3152 break; 3153 case SCTP_NOTIFY_ASSOC_ABORTED: 3154 sctp_notify_assoc_change(SCTP_COMM_LOST, stcb, error, NULL); 3155 break; 3156 case SCTP_NOTIFY_PEER_OPENED_STREAM: 3157 break; 3158 case SCTP_NOTIFY_STREAM_OPENED_OK: 3159 break; 3160 case SCTP_NOTIFY_ASSOC_RESTART: 3161 sctp_notify_assoc_change(SCTP_RESTART, stcb, error, data); 3162 break; 3163 case SCTP_NOTIFY_HB_RESP: 3164 break; 3165 case SCTP_NOTIFY_STR_RESET_SEND: 3166 sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), SCTP_STRRESET_OUTBOUND_STR); 3167 break; 3168 case SCTP_NOTIFY_STR_RESET_RECV: 3169 sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), SCTP_STRRESET_INBOUND_STR); 3170 break; 3171 case SCTP_NOTIFY_STR_RESET_FAILED_OUT: 3172 sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), (SCTP_STRRESET_OUTBOUND_STR | SCTP_STRRESET_INBOUND_STR)); 3173 break; 3174 3175 case SCTP_NOTIFY_STR_RESET_FAILED_IN: 3176 sctp_notify_stream_reset(stcb, error, ((uint16_t *) data), (SCTP_STRRESET_INBOUND_STR | SCTP_STRRESET_INBOUND_STR)); 3177 break; 3178 3179 case SCTP_NOTIFY_ASCONF_ADD_IP: 3180 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_ADDED, data, 3181 error); 3182 break; 3183 case SCTP_NOTIFY_ASCONF_DELETE_IP: 3184 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_REMOVED, data, 3185 error); 3186 break; 3187 case SCTP_NOTIFY_ASCONF_SET_PRIMARY: 3188 sctp_notify_peer_addr_change(stcb, SCTP_ADDR_MADE_PRIM, data, 3189 error); 3190 break; 3191 case SCTP_NOTIFY_ASCONF_SUCCESS: 3192 break; 3193 case SCTP_NOTIFY_ASCONF_FAILED: 3194 break; 3195 case SCTP_NOTIFY_PEER_SHUTDOWN: 3196 sctp_notify_shutdown_event(stcb); 3197 break; 3198 case SCTP_NOTIFY_AUTH_NEW_KEY: 3199 sctp_notify_authentication(stcb, SCTP_AUTH_NEWKEY, error, 3200 (uint16_t) (uintptr_t) data); 3201 break; 3202 #if 0 3203 case SCTP_NOTIFY_AUTH_KEY_CONFLICT: 3204 sctp_notify_authentication(stcb, SCTP_AUTH_KEY_CONFLICT, 3205 error, (uint16_t) (uintptr_t) data); 3206 break; 3207 #endif /* not yet? remove? */ 3208 3209 3210 default: 3211 #ifdef SCTP_DEBUG 3212 if (sctp_debug_on & SCTP_DEBUG_UTIL1) { 3213 printf("NOTIFY: unknown notification %xh (%u)\n", 3214 notification, notification); 3215 } 3216 #endif /* SCTP_DEBUG */ 3217 break; 3218 } /* end switch */ 3219 } 3220 3221 void 3222 sctp_report_all_outbound(struct sctp_tcb *stcb, int holds_lock) 3223 { 3224 struct sctp_association *asoc; 3225 struct sctp_stream_out *outs; 3226 struct sctp_tmit_chunk *chk; 3227 struct sctp_stream_queue_pending *sp; 3228 int i; 3229 3230 asoc = &stcb->asoc; 3231 3232 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3233 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3234 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 3235 return; 3236 } 3237 /* now through all the gunk freeing chunks */ 3238 if (holds_lock == 0) 3239 SCTP_TCB_SEND_LOCK(stcb); 3240 for (i = 0; i < stcb->asoc.streamoutcnt; i++) { 3241 /* For each stream */ 3242 outs = &stcb->asoc.strmout[i]; 3243 /* clean up any sends there */ 3244 stcb->asoc.locked_on_sending = NULL; 3245 sp = TAILQ_FIRST(&outs->outqueue); 3246 while (sp) { 3247 stcb->asoc.stream_queue_cnt--; 3248 TAILQ_REMOVE(&outs->outqueue, sp, next); 3249 sctp_free_spbufspace(stcb, asoc, sp); 3250 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb, 3251 SCTP_NOTIFY_DATAGRAM_UNSENT, (void *)sp); 3252 if (sp->data) { 3253 sctp_m_freem(sp->data); 3254 sp->data = NULL; 3255 } 3256 if (sp->net) 3257 sctp_free_remote_addr(sp->net); 3258 sp->net = NULL; 3259 /* Free the chunk */ 3260 sctp_free_a_strmoq(stcb, sp); 3261 sp = TAILQ_FIRST(&outs->outqueue); 3262 } 3263 } 3264 3265 /* pending send queue SHOULD be empty */ 3266 if (!TAILQ_EMPTY(&asoc->send_queue)) { 3267 chk = TAILQ_FIRST(&asoc->send_queue); 3268 while (chk) { 3269 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); 3270 if (chk->data) { 3271 /* 3272 * trim off the sctp chunk header(it should 3273 * be there) 3274 */ 3275 if (chk->send_size >= sizeof(struct sctp_data_chunk)) { 3276 m_adj(chk->data, sizeof(struct sctp_data_chunk)); 3277 sctp_mbuf_crush(chk->data); 3278 } 3279 } 3280 sctp_free_bufspace(stcb, asoc, chk, 1); 3281 sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb, SCTP_NOTIFY_DATAGRAM_UNSENT, chk); 3282 if (chk->data) { 3283 sctp_m_freem(chk->data); 3284 chk->data = NULL; 3285 } 3286 if (chk->whoTo) 3287 sctp_free_remote_addr(chk->whoTo); 3288 chk->whoTo = NULL; 3289 sctp_free_a_chunk(stcb, chk); 3290 chk = TAILQ_FIRST(&asoc->send_queue); 3291 } 3292 } 3293 /* sent queue SHOULD be empty */ 3294 if (!TAILQ_EMPTY(&asoc->sent_queue)) { 3295 chk = TAILQ_FIRST(&asoc->sent_queue); 3296 while (chk) { 3297 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next); 3298 if (chk->data) { 3299 /* 3300 * trim off the sctp chunk header(it should 3301 * be there) 3302 */ 3303 if (chk->send_size >= sizeof(struct sctp_data_chunk)) { 3304 m_adj(chk->data, sizeof(struct sctp_data_chunk)); 3305 sctp_mbuf_crush(chk->data); 3306 } 3307 } 3308 sctp_free_bufspace(stcb, asoc, chk, 1); 3309 sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb, 3310 SCTP_NOTIFY_DATAGRAM_SENT, chk); 3311 if (chk->data) { 3312 sctp_m_freem(chk->data); 3313 chk->data = NULL; 3314 } 3315 if (chk->whoTo) 3316 sctp_free_remote_addr(chk->whoTo); 3317 chk->whoTo = NULL; 3318 sctp_free_a_chunk(stcb, chk); 3319 chk = TAILQ_FIRST(&asoc->sent_queue); 3320 } 3321 } 3322 if (holds_lock == 0) 3323 SCTP_TCB_SEND_UNLOCK(stcb); 3324 } 3325 3326 void 3327 sctp_abort_notification(struct sctp_tcb *stcb, int error) 3328 { 3329 3330 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 3331 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 3332 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { 3333 return; 3334 } 3335 /* Tell them we lost the asoc */ 3336 sctp_report_all_outbound(stcb, 1); 3337 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || 3338 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 3339 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) { 3340 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_WAS_ABORTED; 3341 } 3342 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_ABORTED, stcb, error, NULL); 3343 } 3344 3345 void 3346 sctp_abort_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 3347 struct mbuf *m, int iphlen, struct sctphdr *sh, struct mbuf *op_err) 3348 { 3349 uint32_t vtag; 3350 3351 vtag = 0; 3352 if (stcb != NULL) { 3353 /* We have a TCB to abort, send notification too */ 3354 vtag = stcb->asoc.peer_vtag; 3355 sctp_abort_notification(stcb, 0); 3356 } 3357 sctp_send_abort(m, iphlen, sh, vtag, op_err); 3358 if (stcb != NULL) { 3359 /* Ok, now lets free it */ 3360 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTPUTIL + SCTP_LOC_4); 3361 } else { 3362 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 3363 if (LIST_FIRST(&inp->sctp_asoc_list) == NULL) { 3364 sctp_inpcb_free(inp, 1, 0); 3365 } 3366 } 3367 } 3368 } 3369 3370 void 3371 sctp_abort_an_association(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 3372 int error, struct mbuf *op_err) 3373 { 3374 uint32_t vtag; 3375 3376 if (stcb == NULL) { 3377 /* Got to have a TCB */ 3378 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 3379 if (LIST_FIRST(&inp->sctp_asoc_list) == NULL) { 3380 sctp_inpcb_free(inp, 1, 0); 3381 } 3382 } 3383 return; 3384 } 3385 vtag = stcb->asoc.peer_vtag; 3386 /* notify the ulp */ 3387 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) 3388 sctp_abort_notification(stcb, error); 3389 /* notify the peer */ 3390 sctp_send_abort_tcb(stcb, op_err); 3391 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 3392 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) || 3393 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 3394 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 3395 } 3396 /* now free the asoc */ 3397 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTPUTIL + SCTP_LOC_5); 3398 } 3399 3400 void 3401 sctp_handle_ootb(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh, 3402 struct sctp_inpcb *inp, struct mbuf *op_err) 3403 { 3404 struct sctp_chunkhdr *ch, chunk_buf; 3405 unsigned int chk_length; 3406 3407 SCTP_STAT_INCR_COUNTER32(sctps_outoftheblue); 3408 /* Generate a TO address for future reference */ 3409 if (inp && (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) { 3410 if (LIST_FIRST(&inp->sctp_asoc_list) == NULL) { 3411 sctp_inpcb_free(inp, 1, 0); 3412 } 3413 } 3414 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 3415 sizeof(*ch), (uint8_t *) & chunk_buf); 3416 while (ch != NULL) { 3417 chk_length = ntohs(ch->chunk_length); 3418 if (chk_length < sizeof(*ch)) { 3419 /* break to abort land */ 3420 break; 3421 } 3422 switch (ch->chunk_type) { 3423 case SCTP_PACKET_DROPPED: 3424 /* we don't respond to pkt-dropped */ 3425 return; 3426 case SCTP_ABORT_ASSOCIATION: 3427 /* we don't respond with an ABORT to an ABORT */ 3428 return; 3429 case SCTP_SHUTDOWN_COMPLETE: 3430 /* 3431 * we ignore it since we are not waiting for it and 3432 * peer is gone 3433 */ 3434 return; 3435 case SCTP_SHUTDOWN_ACK: 3436 sctp_send_shutdown_complete2(m, iphlen, sh); 3437 return; 3438 default: 3439 break; 3440 } 3441 offset += SCTP_SIZE32(chk_length); 3442 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 3443 sizeof(*ch), (uint8_t *) & chunk_buf); 3444 } 3445 sctp_send_abort(m, iphlen, sh, 0, op_err); 3446 } 3447 3448 /* 3449 * check the inbound datagram to make sure there is not an abort inside it, 3450 * if there is return 1, else return 0. 3451 */ 3452 int 3453 sctp_is_there_an_abort_here(struct mbuf *m, int iphlen, uint32_t * vtagfill) 3454 { 3455 struct sctp_chunkhdr *ch; 3456 struct sctp_init_chunk *init_chk, chunk_buf; 3457 int offset; 3458 unsigned int chk_length; 3459 3460 offset = iphlen + sizeof(struct sctphdr); 3461 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, sizeof(*ch), 3462 (uint8_t *) & chunk_buf); 3463 while (ch != NULL) { 3464 chk_length = ntohs(ch->chunk_length); 3465 if (chk_length < sizeof(*ch)) { 3466 /* packet is probably corrupt */ 3467 break; 3468 } 3469 /* we seem to be ok, is it an abort? */ 3470 if (ch->chunk_type == SCTP_ABORT_ASSOCIATION) { 3471 /* yep, tell them */ 3472 return (1); 3473 } 3474 if (ch->chunk_type == SCTP_INITIATION) { 3475 /* need to update the Vtag */ 3476 init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m, 3477 offset, sizeof(*init_chk), (uint8_t *) & chunk_buf); 3478 if (init_chk != NULL) { 3479 *vtagfill = ntohl(init_chk->init.initiate_tag); 3480 } 3481 } 3482 /* Nope, move to the next chunk */ 3483 offset += SCTP_SIZE32(chk_length); 3484 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 3485 sizeof(*ch), (uint8_t *) & chunk_buf); 3486 } 3487 return (0); 3488 } 3489 3490 /* 3491 * currently (2/02), ifa_addr embeds scope_id's and don't have sin6_scope_id 3492 * set (i.e. it's 0) so, create this function to compare link local scopes 3493 */ 3494 uint32_t 3495 sctp_is_same_scope(struct sockaddr_in6 *addr1, struct sockaddr_in6 *addr2) 3496 { 3497 struct sockaddr_in6 a, b; 3498 3499 /* save copies */ 3500 a = *addr1; 3501 b = *addr2; 3502 3503 if (a.sin6_scope_id == 0) 3504 if (sa6_recoverscope(&a)) { 3505 /* can't get scope, so can't match */ 3506 return (0); 3507 } 3508 if (b.sin6_scope_id == 0) 3509 if (sa6_recoverscope(&b)) { 3510 /* can't get scope, so can't match */ 3511 return (0); 3512 } 3513 if (a.sin6_scope_id != b.sin6_scope_id) 3514 return (0); 3515 3516 return (1); 3517 } 3518 3519 /* 3520 * returns a sockaddr_in6 with embedded scope recovered and removed 3521 */ 3522 struct sockaddr_in6 * 3523 sctp_recover_scope(struct sockaddr_in6 *addr, struct sockaddr_in6 *store) 3524 { 3525 3526 /* check and strip embedded scope junk */ 3527 if (addr->sin6_family == AF_INET6) { 3528 if (IN6_IS_SCOPE_LINKLOCAL(&addr->sin6_addr)) { 3529 if (addr->sin6_scope_id == 0) { 3530 *store = *addr; 3531 if (!sa6_recoverscope(store)) { 3532 /* use the recovered scope */ 3533 addr = store; 3534 } 3535 /* else, return the original "to" addr */ 3536 } 3537 } 3538 } 3539 return (addr); 3540 } 3541 3542 /* 3543 * are the two addresses the same? currently a "scopeless" check returns: 1 3544 * if same, 0 if not 3545 */ 3546 __inline int 3547 sctp_cmpaddr(struct sockaddr *sa1, struct sockaddr *sa2) 3548 { 3549 3550 /* must be valid */ 3551 if (sa1 == NULL || sa2 == NULL) 3552 return (0); 3553 3554 /* must be the same family */ 3555 if (sa1->sa_family != sa2->sa_family) 3556 return (0); 3557 3558 if (sa1->sa_family == AF_INET6) { 3559 /* IPv6 addresses */ 3560 struct sockaddr_in6 *sin6_1, *sin6_2; 3561 3562 sin6_1 = (struct sockaddr_in6 *)sa1; 3563 sin6_2 = (struct sockaddr_in6 *)sa2; 3564 return (SCTP6_ARE_ADDR_EQUAL(&sin6_1->sin6_addr, 3565 &sin6_2->sin6_addr)); 3566 } else if (sa1->sa_family == AF_INET) { 3567 /* IPv4 addresses */ 3568 struct sockaddr_in *sin_1, *sin_2; 3569 3570 sin_1 = (struct sockaddr_in *)sa1; 3571 sin_2 = (struct sockaddr_in *)sa2; 3572 return (sin_1->sin_addr.s_addr == sin_2->sin_addr.s_addr); 3573 } else { 3574 /* we don't do these... */ 3575 return (0); 3576 } 3577 } 3578 3579 void 3580 sctp_print_address(struct sockaddr *sa) 3581 { 3582 3583 if (sa->sa_family == AF_INET6) { 3584 struct sockaddr_in6 *sin6; 3585 char ip6buf[INET6_ADDRSTRLEN]; 3586 3587 sin6 = (struct sockaddr_in6 *)sa; 3588 printf("IPv6 address: %s:%d scope:%u\n", 3589 ip6_sprintf(ip6buf, &sin6->sin6_addr), 3590 ntohs(sin6->sin6_port), 3591 sin6->sin6_scope_id); 3592 } else if (sa->sa_family == AF_INET) { 3593 struct sockaddr_in *sin; 3594 unsigned char *p; 3595 3596 sin = (struct sockaddr_in *)sa; 3597 p = (unsigned char *)&sin->sin_addr; 3598 printf("IPv4 address: %u.%u.%u.%u:%d\n", 3599 p[0], p[1], p[2], p[3], ntohs(sin->sin_port)); 3600 } else { 3601 printf("?\n"); 3602 } 3603 } 3604 3605 void 3606 sctp_print_address_pkt(struct ip *iph, struct sctphdr *sh) 3607 { 3608 if (iph->ip_v == IPVERSION) { 3609 struct sockaddr_in lsa, fsa; 3610 3611 bzero(&lsa, sizeof(lsa)); 3612 lsa.sin_len = sizeof(lsa); 3613 lsa.sin_family = AF_INET; 3614 lsa.sin_addr = iph->ip_src; 3615 lsa.sin_port = sh->src_port; 3616 bzero(&fsa, sizeof(fsa)); 3617 fsa.sin_len = sizeof(fsa); 3618 fsa.sin_family = AF_INET; 3619 fsa.sin_addr = iph->ip_dst; 3620 fsa.sin_port = sh->dest_port; 3621 printf("src: "); 3622 sctp_print_address((struct sockaddr *)&lsa); 3623 printf("dest: "); 3624 sctp_print_address((struct sockaddr *)&fsa); 3625 } else if (iph->ip_v == (IPV6_VERSION >> 4)) { 3626 struct ip6_hdr *ip6; 3627 struct sockaddr_in6 lsa6, fsa6; 3628 3629 ip6 = (struct ip6_hdr *)iph; 3630 bzero(&lsa6, sizeof(lsa6)); 3631 lsa6.sin6_len = sizeof(lsa6); 3632 lsa6.sin6_family = AF_INET6; 3633 lsa6.sin6_addr = ip6->ip6_src; 3634 lsa6.sin6_port = sh->src_port; 3635 bzero(&fsa6, sizeof(fsa6)); 3636 fsa6.sin6_len = sizeof(fsa6); 3637 fsa6.sin6_family = AF_INET6; 3638 fsa6.sin6_addr = ip6->ip6_dst; 3639 fsa6.sin6_port = sh->dest_port; 3640 printf("src: "); 3641 sctp_print_address((struct sockaddr *)&lsa6); 3642 printf("dest: "); 3643 sctp_print_address((struct sockaddr *)&fsa6); 3644 } 3645 } 3646 3647 #if defined(HAVE_SCTP_SO_LASTRECORD) 3648 3649 /* cloned from uipc_socket.c */ 3650 3651 #define SCTP_SBLINKRECORD(sb, m0) do { \ 3652 if ((sb)->sb_lastrecord != NULL) \ 3653 SCTP_BUF_NEXT_PKT((sb)->sb_lastrecord) = (m0); \ 3654 else \ 3655 (sb)->sb_mb = (m0); \ 3656 (sb)->sb_lastrecord = (m0); \ 3657 } while (/*CONSTCOND*/0) 3658 #endif 3659 3660 void 3661 sctp_pull_off_control_to_new_inp(struct sctp_inpcb *old_inp, 3662 struct sctp_inpcb *new_inp, 3663 struct sctp_tcb *stcb) 3664 { 3665 /* 3666 * go through our old INP and pull off any control structures that 3667 * belong to stcb and move then to the new inp. 3668 */ 3669 struct socket *old_so, *new_so; 3670 struct sctp_queued_to_read *control, *nctl; 3671 struct sctp_readhead tmp_queue; 3672 struct mbuf *m; 3673 int error; 3674 3675 old_so = old_inp->sctp_socket; 3676 new_so = new_inp->sctp_socket; 3677 TAILQ_INIT(&tmp_queue); 3678 3679 SOCKBUF_LOCK(&(old_so->so_rcv)); 3680 3681 error = sblock(&old_so->so_rcv, 0); 3682 3683 SOCKBUF_UNLOCK(&(old_so->so_rcv)); 3684 if (error) { 3685 /* 3686 * Gak, can't get sblock, we have a problem. data will be 3687 * left stranded.. and we don't dare look at it since the 3688 * other thread may be reading something. Oh well, its a 3689 * screwed up app that does a peeloff OR a accept while 3690 * reading from the main socket... actually its only the 3691 * peeloff() case, since I think read will fail on a 3692 * listening socket.. 3693 */ 3694 return; 3695 } 3696 /* lock the socket buffers */ 3697 SCTP_INP_READ_LOCK(old_inp); 3698 control = TAILQ_FIRST(&old_inp->read_queue); 3699 /* Pull off all for out target stcb */ 3700 while (control) { 3701 nctl = TAILQ_NEXT(control, next); 3702 if (control->stcb == stcb) { 3703 /* remove it we want it */ 3704 TAILQ_REMOVE(&old_inp->read_queue, control, next); 3705 TAILQ_INSERT_TAIL(&tmp_queue, control, next); 3706 m = control->data; 3707 while (m) { 3708 #ifdef SCTP_SB_LOGGING 3709 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 3710 #endif 3711 sctp_sbfree(control, stcb, &old_so->so_rcv, m); 3712 #ifdef SCTP_SB_LOGGING 3713 sctp_sblog(&old_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 3714 #endif 3715 m = SCTP_BUF_NEXT(m); 3716 } 3717 } 3718 control = nctl; 3719 } 3720 SCTP_INP_READ_UNLOCK(old_inp); 3721 3722 /* Remove the sb-lock on the old socket */ 3723 SOCKBUF_LOCK(&(old_so->so_rcv)); 3724 3725 sbunlock(&old_so->so_rcv); 3726 SOCKBUF_UNLOCK(&(old_so->so_rcv)); 3727 3728 /* Now we move them over to the new socket buffer */ 3729 control = TAILQ_FIRST(&tmp_queue); 3730 SCTP_INP_READ_LOCK(new_inp); 3731 while (control) { 3732 nctl = TAILQ_NEXT(control, next); 3733 TAILQ_INSERT_TAIL(&new_inp->read_queue, control, next); 3734 m = control->data; 3735 while (m) { 3736 #ifdef SCTP_SB_LOGGING 3737 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m)); 3738 #endif 3739 sctp_sballoc(stcb, &new_so->so_rcv, m); 3740 #ifdef SCTP_SB_LOGGING 3741 sctp_sblog(&new_so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 3742 #endif 3743 m = SCTP_BUF_NEXT(m); 3744 } 3745 control = nctl; 3746 } 3747 SCTP_INP_READ_UNLOCK(new_inp); 3748 } 3749 3750 3751 void 3752 sctp_add_to_readq(struct sctp_inpcb *inp, 3753 struct sctp_tcb *stcb, 3754 struct sctp_queued_to_read *control, 3755 struct sockbuf *sb, 3756 int end) 3757 { 3758 /* 3759 * Here we must place the control on the end of the socket read 3760 * queue AND increment sb_cc so that select will work properly on 3761 * read. 3762 */ 3763 struct mbuf *m, *prev = NULL; 3764 3765 if (inp == NULL) { 3766 /* Gak, TSNH!! */ 3767 #ifdef INVARIANTS 3768 panic("Gak, inp NULL on add_to_readq"); 3769 #endif 3770 return; 3771 } 3772 SCTP_INP_READ_LOCK(inp); 3773 atomic_add_int(&inp->total_recvs, 1); 3774 atomic_add_int(&stcb->total_recvs, 1); 3775 m = control->data; 3776 control->held_length = 0; 3777 control->length = 0; 3778 while (m) { 3779 if (SCTP_BUF_LEN(m) == 0) { 3780 /* Skip mbufs with NO length */ 3781 if (prev == NULL) { 3782 /* First one */ 3783 control->data = sctp_m_free(m); 3784 m = control->data; 3785 } else { 3786 SCTP_BUF_NEXT(prev) = sctp_m_free(m); 3787 m = SCTP_BUF_NEXT(prev); 3788 } 3789 if (m == NULL) { 3790 control->tail_mbuf = prev;; 3791 } 3792 continue; 3793 } 3794 prev = m; 3795 #ifdef SCTP_SB_LOGGING 3796 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(m)); 3797 #endif 3798 sctp_sballoc(stcb, sb, m); 3799 #ifdef SCTP_SB_LOGGING 3800 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 3801 #endif 3802 atomic_add_int(&control->length, SCTP_BUF_LEN(m)); 3803 m = SCTP_BUF_NEXT(m); 3804 } 3805 if (prev != NULL) { 3806 control->tail_mbuf = prev; 3807 } else { 3808 /* Everything got collapsed out?? */ 3809 return; 3810 } 3811 if (end) { 3812 control->end_added = 1; 3813 } 3814 TAILQ_INSERT_TAIL(&inp->read_queue, control, next); 3815 SCTP_INP_READ_UNLOCK(inp); 3816 if (inp && inp->sctp_socket) { 3817 sctp_sorwakeup(inp, inp->sctp_socket); 3818 } 3819 } 3820 3821 3822 int 3823 sctp_append_to_readq(struct sctp_inpcb *inp, 3824 struct sctp_tcb *stcb, 3825 struct sctp_queued_to_read *control, 3826 struct mbuf *m, 3827 int end, 3828 int ctls_cumack, 3829 struct sockbuf *sb) 3830 { 3831 /* 3832 * A partial delivery API event is underway. OR we are appending on 3833 * the reassembly queue. 3834 * 3835 * If PDAPI this means we need to add m to the end of the data. 3836 * Increase the length in the control AND increment the sb_cc. 3837 * Otherwise sb is NULL and all we need to do is put it at the end 3838 * of the mbuf chain. 3839 */ 3840 int len = 0; 3841 struct mbuf *mm, *tail = NULL, *prev = NULL; 3842 3843 if (inp) { 3844 SCTP_INP_READ_LOCK(inp); 3845 } 3846 if (control == NULL) { 3847 get_out: 3848 if (inp) { 3849 SCTP_INP_READ_UNLOCK(inp); 3850 } 3851 return (-1); 3852 } 3853 if (control->end_added) { 3854 /* huh this one is complete? */ 3855 goto get_out; 3856 } 3857 mm = m; 3858 if (mm == NULL) { 3859 goto get_out; 3860 } 3861 while (mm) { 3862 if (SCTP_BUF_LEN(mm) == 0) { 3863 /* Skip mbufs with NO lenght */ 3864 if (prev == NULL) { 3865 /* First one */ 3866 m = sctp_m_free(mm); 3867 mm = m; 3868 } else { 3869 SCTP_BUF_NEXT(prev) = sctp_m_free(mm); 3870 mm = SCTP_BUF_NEXT(prev); 3871 } 3872 continue; 3873 } 3874 prev = mm; 3875 len += SCTP_BUF_LEN(mm); 3876 if (sb) { 3877 #ifdef SCTP_SB_LOGGING 3878 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBALLOC, SCTP_BUF_LEN(mm)); 3879 #endif 3880 sctp_sballoc(stcb, sb, mm); 3881 #ifdef SCTP_SB_LOGGING 3882 sctp_sblog(sb, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 3883 #endif 3884 } 3885 mm = SCTP_BUF_NEXT(mm); 3886 } 3887 if (prev) { 3888 tail = prev; 3889 } else { 3890 /* Really there should always be a prev */ 3891 if (m == NULL) { 3892 /* Huh nothing left? */ 3893 #ifdef INVARIANTS 3894 panic("Nothing left to add?"); 3895 #else 3896 goto get_out; 3897 #endif 3898 } 3899 tail = m; 3900 } 3901 if (end) { 3902 /* message is complete */ 3903 if (control == stcb->asoc.control_pdapi) { 3904 stcb->asoc.control_pdapi = NULL; 3905 } 3906 control->held_length = 0; 3907 control->end_added = 1; 3908 } 3909 atomic_add_int(&control->length, len); 3910 if (control->tail_mbuf) { 3911 /* append */ 3912 SCTP_BUF_NEXT(control->tail_mbuf) = m; 3913 control->tail_mbuf = tail; 3914 } else { 3915 /* nothing there */ 3916 #ifdef INVARIANTS 3917 if (control->data != NULL) { 3918 panic("This should NOT happen"); 3919 } 3920 #endif 3921 control->data = m; 3922 control->tail_mbuf = tail; 3923 } 3924 /* 3925 * When we are appending in partial delivery, the cum-ack is used 3926 * for the actual pd-api highest tsn on this mbuf. The true cum-ack 3927 * is populated in the outbound sinfo structure from the true cumack 3928 * if the association exists... 3929 */ 3930 control->sinfo_tsn = control->sinfo_cumtsn = ctls_cumack; 3931 if (inp) { 3932 SCTP_INP_READ_UNLOCK(inp); 3933 } 3934 if (inp && inp->sctp_socket) { 3935 sctp_sorwakeup(inp, inp->sctp_socket); 3936 } 3937 return (0); 3938 } 3939 3940 3941 3942 /*************HOLD THIS COMMENT FOR PATCH FILE OF 3943 *************ALTERNATE ROUTING CODE 3944 */ 3945 3946 /*************HOLD THIS COMMENT FOR END OF PATCH FILE OF 3947 *************ALTERNATE ROUTING CODE 3948 */ 3949 3950 struct mbuf * 3951 sctp_generate_invmanparam(int err) 3952 { 3953 /* Return a MBUF with a invalid mandatory parameter */ 3954 struct mbuf *m; 3955 3956 m = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr), 0, M_DONTWAIT, 1, MT_DATA); 3957 if (m) { 3958 struct sctp_paramhdr *ph; 3959 3960 SCTP_BUF_LEN(m) = sizeof(struct sctp_paramhdr); 3961 ph = mtod(m, struct sctp_paramhdr *); 3962 ph->param_length = htons(sizeof(struct sctp_paramhdr)); 3963 ph->param_type = htons(err); 3964 } 3965 return (m); 3966 } 3967 3968 #ifdef SCTP_MBCNT_LOGGING 3969 void 3970 sctp_free_bufspace(struct sctp_tcb *stcb, struct sctp_association *asoc, 3971 struct sctp_tmit_chunk *tp1, int chk_cnt) 3972 { 3973 if (tp1->data == NULL) { 3974 return; 3975 } 3976 asoc->chunks_on_out_queue -= chk_cnt; 3977 sctp_log_mbcnt(SCTP_LOG_MBCNT_DECREASE, 3978 asoc->total_output_queue_size, 3979 tp1->book_size, 3980 0, 3981 tp1->mbcnt); 3982 if (asoc->total_output_queue_size >= tp1->book_size) { 3983 asoc->total_output_queue_size -= tp1->book_size; 3984 } else { 3985 asoc->total_output_queue_size = 0; 3986 } 3987 3988 if (stcb->sctp_socket && (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) || 3989 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)))) { 3990 if (stcb->sctp_socket->so_snd.sb_cc >= tp1->book_size) { 3991 stcb->sctp_socket->so_snd.sb_cc -= tp1->book_size; 3992 } else { 3993 stcb->sctp_socket->so_snd.sb_cc = 0; 3994 3995 } 3996 } 3997 } 3998 3999 #endif 4000 4001 int 4002 sctp_release_pr_sctp_chunk(struct sctp_tcb *stcb, struct sctp_tmit_chunk *tp1, 4003 int reason, struct sctpchunk_listhead *queue) 4004 { 4005 int ret_sz = 0; 4006 int notdone; 4007 uint8_t foundeom = 0; 4008 4009 do { 4010 ret_sz += tp1->book_size; 4011 tp1->sent = SCTP_FORWARD_TSN_SKIP; 4012 if (tp1->data) { 4013 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1); 4014 sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb, reason, tp1); 4015 sctp_m_freem(tp1->data); 4016 tp1->data = NULL; 4017 sctp_sowwakeup(stcb->sctp_ep, stcb->sctp_socket); 4018 } 4019 if (PR_SCTP_BUF_ENABLED(tp1->flags)) { 4020 stcb->asoc.sent_queue_cnt_removeable--; 4021 } 4022 if (queue == &stcb->asoc.send_queue) { 4023 TAILQ_REMOVE(&stcb->asoc.send_queue, tp1, sctp_next); 4024 /* on to the sent queue */ 4025 TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, tp1, 4026 sctp_next); 4027 stcb->asoc.sent_queue_cnt++; 4028 } 4029 if ((tp1->rec.data.rcv_flags & SCTP_DATA_NOT_FRAG) == 4030 SCTP_DATA_NOT_FRAG) { 4031 /* not frag'ed we ae done */ 4032 notdone = 0; 4033 foundeom = 1; 4034 } else if (tp1->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { 4035 /* end of frag, we are done */ 4036 notdone = 0; 4037 foundeom = 1; 4038 } else { 4039 /* 4040 * Its a begin or middle piece, we must mark all of 4041 * it 4042 */ 4043 notdone = 1; 4044 tp1 = TAILQ_NEXT(tp1, sctp_next); 4045 } 4046 } while (tp1 && notdone); 4047 if ((foundeom == 0) && (queue == &stcb->asoc.sent_queue)) { 4048 /* 4049 * The multi-part message was scattered across the send and 4050 * sent queue. 4051 */ 4052 tp1 = TAILQ_FIRST(&stcb->asoc.send_queue); 4053 /* 4054 * recurse throught the send_queue too, starting at the 4055 * beginning. 4056 */ 4057 if (tp1) { 4058 ret_sz += sctp_release_pr_sctp_chunk(stcb, tp1, reason, 4059 &stcb->asoc.send_queue); 4060 } else { 4061 printf("hmm, nothing on the send queue and no EOM?\n"); 4062 } 4063 } 4064 return (ret_sz); 4065 } 4066 4067 /* 4068 * checks to see if the given address, sa, is one that is currently known by 4069 * the kernel note: can't distinguish the same address on multiple interfaces 4070 * and doesn't handle multiple addresses with different zone/scope id's note: 4071 * ifa_ifwithaddr() compares the entire sockaddr struct 4072 */ 4073 struct ifaddr * 4074 sctp_find_ifa_by_addr(struct sockaddr *sa) 4075 { 4076 struct ifnet *ifn; 4077 struct ifaddr *ifa; 4078 4079 /* go through all our known interfaces */ 4080 TAILQ_FOREACH(ifn, &ifnet, if_list) { 4081 /* go through each interface addresses */ 4082 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 4083 /* correct family? */ 4084 if (ifa->ifa_addr->sa_family != sa->sa_family) 4085 continue; 4086 4087 #ifdef INET6 4088 if (ifa->ifa_addr->sa_family == AF_INET6) { 4089 /* IPv6 address */ 4090 struct sockaddr_in6 *sin1, *sin2, sin6_tmp; 4091 4092 sin1 = (struct sockaddr_in6 *)ifa->ifa_addr; 4093 if (IN6_IS_SCOPE_LINKLOCAL(&sin1->sin6_addr)) { 4094 /* create a copy and clear scope */ 4095 memcpy(&sin6_tmp, sin1, 4096 sizeof(struct sockaddr_in6)); 4097 sin1 = &sin6_tmp; 4098 in6_clearscope(&sin1->sin6_addr); 4099 } 4100 sin2 = (struct sockaddr_in6 *)sa; 4101 if (memcmp(&sin1->sin6_addr, &sin2->sin6_addr, 4102 sizeof(struct in6_addr)) == 0) { 4103 /* found it */ 4104 return (ifa); 4105 } 4106 } else 4107 #endif 4108 if (ifa->ifa_addr->sa_family == AF_INET) { 4109 /* IPv4 address */ 4110 struct sockaddr_in *sin1, *sin2; 4111 4112 sin1 = (struct sockaddr_in *)ifa->ifa_addr; 4113 sin2 = (struct sockaddr_in *)sa; 4114 if (sin1->sin_addr.s_addr == 4115 sin2->sin_addr.s_addr) { 4116 /* found it */ 4117 return (ifa); 4118 } 4119 } 4120 /* else, not AF_INET or AF_INET6, so skip */ 4121 } /* end foreach ifa */ 4122 } /* end foreach ifn */ 4123 /* not found! */ 4124 return (NULL); 4125 } 4126 4127 static void 4128 sctp_user_rcvd(struct sctp_tcb *stcb, int *freed_so_far, int hold_rlock, 4129 uint32_t rwnd_req) 4130 { 4131 /* User pulled some data, do we need a rwnd update? */ 4132 int r_unlocked = 0; 4133 uint32_t dif, rwnd; 4134 struct socket *so = NULL; 4135 4136 if (stcb == NULL) 4137 return; 4138 4139 atomic_add_int(&stcb->asoc.refcnt, 1); 4140 4141 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 4142 /* Pre-check If we are freeing no update */ 4143 goto no_lock; 4144 } 4145 SCTP_INP_INCR_REF(stcb->sctp_ep); 4146 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 4147 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 4148 goto out; 4149 } 4150 so = stcb->sctp_socket; 4151 if (so == NULL) { 4152 goto out; 4153 } 4154 atomic_add_int(&stcb->freed_by_sorcv_sincelast, *freed_so_far); 4155 /* Have you have freed enough to look */ 4156 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4157 sctp_misc_ints(SCTP_ENTER_USER_RECV, 4158 (stcb->asoc.my_rwnd - stcb->asoc.my_last_reported_rwnd), 4159 *freed_so_far, 4160 stcb->freed_by_sorcv_sincelast, 4161 rwnd_req); 4162 #endif 4163 *freed_so_far = 0; 4164 /* Yep, its worth a look and the lock overhead */ 4165 4166 /* Figure out what the rwnd would be */ 4167 rwnd = sctp_calc_rwnd(stcb, &stcb->asoc); 4168 if (rwnd >= stcb->asoc.my_last_reported_rwnd) { 4169 dif = rwnd - stcb->asoc.my_last_reported_rwnd; 4170 } else { 4171 dif = 0; 4172 } 4173 if (dif >= rwnd_req) { 4174 if (hold_rlock) { 4175 SCTP_INP_READ_UNLOCK(stcb->sctp_ep); 4176 r_unlocked = 1; 4177 } 4178 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 4179 /* 4180 * One last check before we allow the guy possibly 4181 * to get in. There is a race, where the guy has not 4182 * reached the gate. In that case 4183 */ 4184 goto out; 4185 } 4186 SCTP_TCB_LOCK(stcb); 4187 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 4188 /* No reports here */ 4189 SCTP_TCB_UNLOCK(stcb); 4190 goto out; 4191 } 4192 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4193 sctp_misc_ints(SCTP_USER_RECV_SACKS, 4194 stcb->asoc.my_rwnd, 4195 stcb->asoc.my_last_reported_rwnd, 4196 stcb->freed_by_sorcv_sincelast, 4197 dif); 4198 #endif 4199 SCTP_STAT_INCR(sctps_wu_sacks_sent); 4200 sctp_send_sack(stcb); 4201 sctp_chunk_output(stcb->sctp_ep, stcb, 4202 SCTP_OUTPUT_FROM_USR_RCVD); 4203 /* make sure no timer is running */ 4204 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTPUTIL + SCTP_LOC_6); 4205 SCTP_TCB_UNLOCK(stcb); 4206 } else { 4207 /* Update how much we have pending */ 4208 stcb->freed_by_sorcv_sincelast = dif; 4209 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4210 sctp_misc_ints(SCTP_USER_RECV_SACKS, 4211 stcb->asoc.my_rwnd, 4212 stcb->asoc.my_last_reported_rwnd, 4213 stcb->freed_by_sorcv_sincelast, 4214 0); 4215 #endif 4216 } 4217 out: 4218 if (so && r_unlocked && hold_rlock) { 4219 SCTP_INP_READ_LOCK(stcb->sctp_ep); 4220 } 4221 SCTP_INP_DECR_REF(stcb->sctp_ep); 4222 no_lock: 4223 atomic_add_int(&stcb->asoc.refcnt, -1); 4224 return; 4225 } 4226 4227 int 4228 sctp_sorecvmsg(struct socket *so, 4229 struct uio *uio, 4230 struct mbuf **mp, 4231 struct sockaddr *from, 4232 int fromlen, 4233 int *msg_flags, 4234 struct sctp_sndrcvinfo *sinfo, 4235 int filling_sinfo) 4236 { 4237 /* 4238 * MSG flags we will look at MSG_DONTWAIT - non-blocking IO. 4239 * MSG_PEEK - Look don't touch :-D (only valid with OUT mbuf copy 4240 * mp=NULL thus uio is the copy method to userland) MSG_WAITALL - ?? 4241 * On the way out we may send out any combination of: 4242 * MSG_NOTIFICATION MSG_EOR 4243 * 4244 */ 4245 struct sctp_inpcb *inp = NULL; 4246 int my_len = 0; 4247 int cp_len = 0, error = 0; 4248 struct sctp_queued_to_read *control = NULL, *ctl = NULL, *nxt = NULL; 4249 struct mbuf *m = NULL, *embuf = NULL; 4250 struct sctp_tcb *stcb = NULL; 4251 int wakeup_read_socket = 0; 4252 int freecnt_applied = 0; 4253 int out_flags = 0, in_flags = 0; 4254 int block_allowed = 1; 4255 int freed_so_far = 0; 4256 int copied_so_far = 0; 4257 int s, in_eeor_mode = 0; 4258 int no_rcv_needed = 0; 4259 uint32_t rwnd_req = 0; 4260 int hold_sblock = 0; 4261 int hold_rlock = 0; 4262 int alen = 0, slen = 0; 4263 int held_length = 0; 4264 4265 if (msg_flags) { 4266 in_flags = *msg_flags; 4267 } else { 4268 in_flags = 0; 4269 } 4270 slen = uio->uio_resid; 4271 /* Pull in and set up our int flags */ 4272 if (in_flags & MSG_OOB) { 4273 /* Out of band's NOT supported */ 4274 return (EOPNOTSUPP); 4275 } 4276 if ((in_flags & MSG_PEEK) && (mp != NULL)) { 4277 return (EINVAL); 4278 } 4279 if ((in_flags & (MSG_DONTWAIT 4280 | MSG_NBIO 4281 )) || 4282 (so->so_state & SS_NBIO)) { 4283 block_allowed = 0; 4284 } 4285 /* setup the endpoint */ 4286 inp = (struct sctp_inpcb *)so->so_pcb; 4287 if (inp == NULL) { 4288 return (EFAULT); 4289 } 4290 s = splnet(); 4291 rwnd_req = (so->so_rcv.sb_hiwat >> SCTP_RWND_HIWAT_SHIFT); 4292 /* Must be at least a MTU's worth */ 4293 if (rwnd_req < SCTP_MIN_RWND) 4294 rwnd_req = SCTP_MIN_RWND; 4295 in_eeor_mode = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR); 4296 #ifdef SCTP_RECV_RWND_LOGGING 4297 sctp_misc_ints(SCTP_SORECV_ENTER, 4298 rwnd_req, in_eeor_mode, so->so_rcv.sb_cc, uio->uio_resid); 4299 #endif 4300 SOCKBUF_LOCK(&so->so_rcv); 4301 hold_sblock = 1; 4302 #ifdef SCTP_RECV_RWND_LOGGING 4303 sctp_misc_ints(SCTP_SORECV_ENTERPL, 4304 rwnd_req, block_allowed, so->so_rcv.sb_cc, uio->uio_resid); 4305 #endif 4306 4307 4308 error = sblock(&so->so_rcv, (block_allowed ? M_WAITOK : 0)); 4309 if (error) { 4310 goto release_unlocked; 4311 } 4312 restart: 4313 if (hold_sblock == 0) { 4314 SOCKBUF_LOCK(&so->so_rcv); 4315 hold_sblock = 1; 4316 } 4317 sbunlock(&so->so_rcv); 4318 4319 restart_nosblocks: 4320 if (hold_sblock == 0) { 4321 SOCKBUF_LOCK(&so->so_rcv); 4322 hold_sblock = 1; 4323 } 4324 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 4325 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 4326 goto out; 4327 } 4328 if (so->so_error || so->so_rcv.sb_state & SBS_CANTRCVMORE) { 4329 if (so->so_error) { 4330 error = so->so_error; 4331 } else { 4332 error = ENOTCONN; 4333 } 4334 goto out; 4335 } 4336 if ((so->so_rcv.sb_cc <= held_length) && block_allowed) { 4337 /* we need to wait for data */ 4338 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4339 sctp_misc_ints(SCTP_SORECV_BLOCKSA, 4340 0, 0, so->so_rcv.sb_cc, uio->uio_resid); 4341 #endif 4342 if ((so->so_rcv.sb_cc == 0) && 4343 ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 4344 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL))) { 4345 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0) { 4346 /* 4347 * For active open side clear flags for 4348 * re-use passive open is blocked by 4349 * connect. 4350 */ 4351 if (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED) { 4352 /* 4353 * You were aborted, passive side 4354 * always hits here 4355 */ 4356 error = ECONNRESET; 4357 /* 4358 * You get this once if you are 4359 * active open side 4360 */ 4361 if (!(inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 4362 /* 4363 * Remove flag if on the 4364 * active open side 4365 */ 4366 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAS_ABORTED; 4367 } 4368 } 4369 so->so_state &= ~(SS_ISCONNECTING | 4370 SS_ISDISCONNECTING | 4371 SS_ISCONFIRMING | 4372 SS_ISCONNECTED); 4373 if (error == 0) { 4374 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) == 0) { 4375 error = ENOTCONN; 4376 } else { 4377 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAS_CONNECTED; 4378 } 4379 } 4380 goto out; 4381 } 4382 } 4383 error = sbwait(&so->so_rcv); 4384 if (error) { 4385 goto out; 4386 } 4387 held_length = 0; 4388 goto restart_nosblocks; 4389 } else if (so->so_rcv.sb_cc == 0) { 4390 error = EWOULDBLOCK; 4391 goto out; 4392 } 4393 error = sblock(&so->so_rcv, (block_allowed ? M_WAITOK : 0)); 4394 /* we possibly have data we can read */ 4395 control = TAILQ_FIRST(&inp->read_queue); 4396 if (control == NULL) { 4397 /* 4398 * This could be happening since the appender did the 4399 * increment but as not yet did the tailq insert onto the 4400 * read_queue 4401 */ 4402 if (hold_rlock == 0) { 4403 SCTP_INP_READ_LOCK(inp); 4404 hold_rlock = 1; 4405 } 4406 control = TAILQ_FIRST(&inp->read_queue); 4407 if ((control == NULL) && (so->so_rcv.sb_cc != 0)) { 4408 #ifdef INVARIANTS 4409 panic("Huh, its non zero and nothing on control?"); 4410 #endif 4411 so->so_rcv.sb_cc = 0; 4412 } 4413 SCTP_INP_READ_UNLOCK(inp); 4414 hold_rlock = 0; 4415 goto restart; 4416 } 4417 if ((control->length == 0) && 4418 (control->do_not_ref_stcb)) { 4419 /* 4420 * Clean up code for freeing assoc that left behind a 4421 * pdapi.. maybe a peer in EEOR that just closed after 4422 * sending and never indicated a EOR. 4423 */ 4424 if (hold_rlock == 0) { 4425 hold_rlock = 1; 4426 SCTP_INP_READ_LOCK(inp); 4427 } 4428 control->held_length = 0; 4429 if (control->data) { 4430 /* Hmm there is data here .. fix */ 4431 struct mbuf *m; 4432 int cnt = 0; 4433 4434 m = control->data; 4435 while (m) { 4436 cnt += SCTP_BUF_LEN(m); 4437 if (SCTP_BUF_NEXT(m) == NULL) { 4438 control->tail_mbuf = m; 4439 control->end_added = 1; 4440 } 4441 m = SCTP_BUF_NEXT(m); 4442 } 4443 control->length = cnt; 4444 } else { 4445 /* remove it */ 4446 TAILQ_REMOVE(&inp->read_queue, control, next); 4447 /* Add back any hiddend data */ 4448 sctp_free_remote_addr(control->whoFrom); 4449 sctp_free_a_readq(stcb, control); 4450 } 4451 if (hold_rlock) { 4452 hold_rlock = 0; 4453 SCTP_INP_READ_UNLOCK(inp); 4454 } 4455 goto restart; 4456 } 4457 if (control->length == 0) { 4458 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE)) && 4459 (filling_sinfo)) { 4460 /* find a more suitable one then this */ 4461 ctl = TAILQ_NEXT(control, next); 4462 while (ctl) { 4463 if ((ctl->stcb != control->stcb) && (ctl->length)) { 4464 /* found one */ 4465 control = ctl; 4466 goto found_one; 4467 } 4468 ctl = TAILQ_NEXT(ctl, next); 4469 } 4470 } 4471 /* 4472 * if we reach here, not suitable replacement is available 4473 * <or> fragment interleave is NOT on. So stuff the sb_cc 4474 * into the our held count, and its time to sleep again. 4475 */ 4476 held_length = so->so_rcv.sb_cc; 4477 control->held_length = so->so_rcv.sb_cc; 4478 goto restart; 4479 } 4480 /* Clear the held length since there is something to read */ 4481 control->held_length = 0; 4482 if (hold_rlock) { 4483 SCTP_INP_READ_UNLOCK(inp); 4484 hold_rlock = 0; 4485 } 4486 found_one: 4487 /* 4488 * If we reach here, control has a some data for us to read off. 4489 * Note that stcb COULD be NULL. 4490 */ 4491 if (hold_sblock) { 4492 SOCKBUF_UNLOCK(&so->so_rcv); 4493 hold_sblock = 0; 4494 } 4495 stcb = control->stcb; 4496 if (stcb) { 4497 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) && 4498 (control->do_not_ref_stcb == 0)) { 4499 if (freecnt_applied == 0) 4500 stcb = NULL; 4501 } else if (control->do_not_ref_stcb == 0) { 4502 /* you can't free it on me please */ 4503 /* 4504 * The lock on the socket buffer protects us so the 4505 * free code will stop. But since we used the 4506 * socketbuf lock and the sender uses the tcb_lock 4507 * to increment, we need to use the atomic add to 4508 * the refcnt 4509 */ 4510 atomic_add_int(&stcb->asoc.refcnt, 1); 4511 freecnt_applied = 1; 4512 /* 4513 * Setup to remember how much we have not yet told 4514 * the peer our rwnd has opened up. Note we grab the 4515 * value from the tcb from last time. Note too that 4516 * sack sending clears this when a sack is sent.. 4517 * which is fine. Once we hit the rwnd_req, we then 4518 * will go to the sctp_user_rcvd() that will not 4519 * lock until it KNOWs it MUST send a WUP-SACK. 4520 * 4521 */ 4522 freed_so_far = stcb->freed_by_sorcv_sincelast; 4523 stcb->freed_by_sorcv_sincelast = 0; 4524 } 4525 } 4526 /* First lets get off the sinfo and sockaddr info */ 4527 if ((sinfo) && filling_sinfo) { 4528 memcpy(sinfo, control, sizeof(struct sctp_nonpad_sndrcvinfo)); 4529 nxt = TAILQ_NEXT(control, next); 4530 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO)) { 4531 struct sctp_extrcvinfo *s_extra; 4532 4533 s_extra = (struct sctp_extrcvinfo *)sinfo; 4534 if (nxt) { 4535 s_extra->next_flags = SCTP_NEXT_MSG_AVAIL; 4536 if (nxt->sinfo_flags & SCTP_UNORDERED) { 4537 s_extra->next_flags |= SCTP_NEXT_MSG_IS_UNORDERED; 4538 } 4539 s_extra->next_asocid = nxt->sinfo_assoc_id; 4540 s_extra->next_length = nxt->length; 4541 s_extra->next_ppid = nxt->sinfo_ppid; 4542 s_extra->next_stream = nxt->sinfo_stream; 4543 if (nxt->tail_mbuf != NULL) { 4544 if (nxt->end_added) { 4545 s_extra->next_flags |= SCTP_NEXT_MSG_ISCOMPLETE; 4546 } 4547 } 4548 } else { 4549 /* 4550 * we explicitly 0 this, since the memcpy 4551 * got some other things beyond the older 4552 * sinfo_ that is on the control's structure 4553 * :-D 4554 */ 4555 s_extra->next_flags = SCTP_NO_NEXT_MSG; 4556 s_extra->next_asocid = 0; 4557 s_extra->next_length = 0; 4558 s_extra->next_ppid = 0; 4559 s_extra->next_stream = 0; 4560 } 4561 } 4562 /* 4563 * update off the real current cum-ack, if we have an stcb. 4564 */ 4565 if (stcb) 4566 sinfo->sinfo_cumtsn = stcb->asoc.cumulative_tsn; 4567 /* 4568 * mask off the high bits, we keep the actual chunk bits in 4569 * there. 4570 */ 4571 sinfo->sinfo_flags &= 0x00ff; 4572 } 4573 if (fromlen && from) { 4574 struct sockaddr *to; 4575 4576 #ifdef AF_INET 4577 cp_len = min(fromlen, control->whoFrom->ro._l_addr.sin.sin_len); 4578 memcpy(from, &control->whoFrom->ro._l_addr, cp_len); 4579 ((struct sockaddr_in *)from)->sin_port = control->port_from; 4580 #else 4581 /* No AF_INET use AF_INET6 */ 4582 cp_len = min(fromlen, control->whoFrom->ro._l_addr.sin6.sin6_len); 4583 memcpy(from, &control->whoFrom->ro._l_addr, cp_len); 4584 ((struct sockaddr_in6 *)from)->sin6_port = control->port_from; 4585 #endif 4586 4587 to = from; 4588 #if defined(AF_INET) && defined(AF_INET6) 4589 if ((inp->sctp_flags & SCTP_PCB_FLAGS_NEEDS_MAPPED_V4) && 4590 (to->sa_family == AF_INET) && 4591 ((size_t)fromlen >= sizeof(struct sockaddr_in6))) { 4592 struct sockaddr_in *sin; 4593 struct sockaddr_in6 sin6; 4594 4595 sin = (struct sockaddr_in *)to; 4596 bzero(&sin6, sizeof(sin6)); 4597 sin6.sin6_family = AF_INET6; 4598 sin6.sin6_len = sizeof(struct sockaddr_in6); 4599 sin6.sin6_addr.s6_addr16[2] = 0xffff; 4600 bcopy(&sin->sin_addr, 4601 &sin6.sin6_addr.s6_addr16[3], 4602 sizeof(sin6.sin6_addr.s6_addr16[3])); 4603 sin6.sin6_port = sin->sin_port; 4604 memcpy(from, (caddr_t)&sin6, sizeof(sin6)); 4605 } 4606 #endif 4607 #if defined(AF_INET6) 4608 { 4609 struct sockaddr_in6 lsa6, *to6; 4610 4611 to6 = (struct sockaddr_in6 *)to; 4612 sctp_recover_scope_mac(to6, (&lsa6)); 4613 4614 } 4615 #endif 4616 } 4617 /* now copy out what data we can */ 4618 if (mp == NULL) { 4619 /* copy out each mbuf in the chain up to length */ 4620 get_more_data: 4621 m = control->data; 4622 while (m) { 4623 /* Move out all we can */ 4624 cp_len = (int)uio->uio_resid; 4625 my_len = (int)SCTP_BUF_LEN(m); 4626 if (cp_len > my_len) { 4627 /* not enough in this buf */ 4628 cp_len = my_len; 4629 } 4630 if (hold_rlock) { 4631 SCTP_INP_READ_UNLOCK(inp); 4632 hold_rlock = 0; 4633 } 4634 splx(s); 4635 if (cp_len > 0) 4636 error = uiomove(mtod(m, char *), cp_len, uio); 4637 s = splnet(); 4638 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4639 sctp_misc_ints(SCTP_SORCV_DOESCPY, 4640 so->so_rcv.sb_cc, 4641 cp_len, 4642 0, 4643 0); 4644 #endif 4645 /* re-read */ 4646 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 4647 goto release; 4648 } 4649 if (stcb && 4650 stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 4651 no_rcv_needed = 1; 4652 } 4653 if (error) { 4654 /* error we are out of here */ 4655 goto release; 4656 } 4657 if ((SCTP_BUF_NEXT(m) == NULL) && 4658 (cp_len >= SCTP_BUF_LEN(m)) && 4659 ((control->end_added == 0) || 4660 (control->end_added && (TAILQ_NEXT(control, next) == NULL))) 4661 ) { 4662 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4663 sctp_misc_ints(SCTP_SORCV_DOESLCK, 4664 so->so_rcv.sb_cc, 4665 cp_len, 4666 SCTP_BUF_LEN(m), 4667 control->length); 4668 #endif 4669 SCTP_INP_READ_LOCK(inp); 4670 hold_rlock = 1; 4671 } 4672 if (cp_len == SCTP_BUF_LEN(m)) { 4673 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4674 sctp_misc_ints(SCTP_SORCV_DOESADJ, 4675 so->so_rcv.sb_cc, 4676 control->length, 4677 cp_len, 4678 0); 4679 #endif 4680 if ((SCTP_BUF_NEXT(m) == NULL) && 4681 (control->end_added)) { 4682 out_flags |= MSG_EOR; 4683 } 4684 if (control->spec_flags & M_NOTIFICATION) { 4685 out_flags |= MSG_NOTIFICATION; 4686 } 4687 /* we ate up the mbuf */ 4688 if (in_flags & MSG_PEEK) { 4689 /* just looking */ 4690 m = SCTP_BUF_NEXT(m); 4691 copied_so_far += cp_len; 4692 } else { 4693 /* dispose of the mbuf */ 4694 #ifdef SCTP_SB_LOGGING 4695 sctp_sblog(&so->so_rcv, 4696 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 4697 #endif 4698 sctp_sbfree(control, stcb, &so->so_rcv, m); 4699 #ifdef SCTP_SB_LOGGING 4700 sctp_sblog(&so->so_rcv, 4701 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 4702 #endif 4703 embuf = m; 4704 copied_so_far += cp_len; 4705 freed_so_far += cp_len; 4706 alen = atomic_fetchadd_int(&control->length, -(cp_len)); 4707 if (alen < cp_len) { 4708 panic("Control length goes negative?"); 4709 } 4710 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4711 sctp_misc_ints(SCTP_SORCV_PASSBF, 4712 so->so_rcv.sb_cc, 4713 control->length, 4714 0, 4715 0); 4716 #endif 4717 control->data = sctp_m_free(m); 4718 m = control->data; 4719 /* 4720 * been through it all, must hold sb 4721 * lock ok to null tail 4722 */ 4723 if (control->data == NULL) { 4724 #ifdef INVARIANTS 4725 if ((control->end_added == 0) || 4726 (TAILQ_NEXT(control, next) == NULL)) { 4727 /* 4728 * If the end is not 4729 * added, OR the 4730 * next is NOT null 4731 * we MUST have the 4732 * lock. 4733 */ 4734 if (mtx_owned(&inp->inp_rdata_mtx) == 0) { 4735 panic("Hmm we don't own the lock?"); 4736 } 4737 } 4738 #endif 4739 control->tail_mbuf = NULL; 4740 #ifdef INVARIANTS 4741 if ((control->end_added) && ((out_flags & MSG_EOR) == 0)) { 4742 panic("end_added, nothing left and no MSG_EOR"); 4743 } 4744 #endif 4745 } 4746 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4747 sctp_misc_ints(SCTP_SORCV_ADJD, 4748 so->so_rcv.sb_cc, 4749 control->length, 4750 0, 4751 0); 4752 #endif 4753 } 4754 } else { 4755 /* Do we need to trim the mbuf? */ 4756 if (control->spec_flags & M_NOTIFICATION) { 4757 out_flags |= MSG_NOTIFICATION; 4758 } 4759 if ((in_flags & MSG_PEEK) == 0) { 4760 SCTP_BUF_RESV_UF(m, cp_len); 4761 SCTP_BUF_LEN(m) -= cp_len; 4762 #ifdef SCTP_SB_LOGGING 4763 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, cp_len); 4764 #endif 4765 atomic_subtract_int(&so->so_rcv.sb_cc, cp_len); 4766 if (stcb) { 4767 atomic_subtract_int(&stcb->asoc.sb_cc, cp_len); 4768 } 4769 copied_so_far += cp_len; 4770 embuf = m; 4771 freed_so_far += cp_len; 4772 #ifdef SCTP_SB_LOGGING 4773 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, 4774 SCTP_LOG_SBRESULT, 0); 4775 #endif 4776 alen = atomic_fetchadd_int(&control->length, -(cp_len)); 4777 if (alen < cp_len) { 4778 panic("Control length goes negative2?"); 4779 } 4780 } else { 4781 copied_so_far += cp_len; 4782 } 4783 } 4784 if ((out_flags & MSG_EOR) || 4785 (uio->uio_resid == 0) 4786 ) { 4787 break; 4788 } 4789 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 4790 (control->do_not_ref_stcb == 0) && 4791 (freed_so_far >= rwnd_req)) { 4792 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 4793 } 4794 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4795 sctp_misc_ints(SCTP_SORCV_BOTWHILE, 4796 so->so_rcv.sb_cc, 4797 control->length, 4798 0, 4799 0); 4800 #endif 4801 4802 } /* end while(m) */ 4803 /* 4804 * At this point we have looked at it all and we either have 4805 * a MSG_EOR/or read all the user wants... <OR> 4806 * control->length == 0. 4807 */ 4808 if ((out_flags & MSG_EOR) && 4809 ((in_flags & MSG_PEEK) == 0)) { 4810 /* we are done with this control */ 4811 if (control->length == 0) { 4812 if (control->data) { 4813 #ifdef INVARIANTS 4814 panic("control->data not null at read eor?"); 4815 #else 4816 printf("Strange, data left in the control buffer .. invarients would panic?\n"); 4817 sctp_m_freem(control->data); 4818 control->data = NULL; 4819 #endif 4820 } 4821 done_with_control: 4822 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4823 sctp_misc_ints(SCTP_SORCV_FREECTL, 4824 so->so_rcv.sb_cc, 4825 0, 4826 0, 4827 0); 4828 #endif 4829 if (TAILQ_NEXT(control, next) == NULL) { 4830 /* 4831 * If we don't have a next we need a 4832 * lock, if there is a next interupt 4833 * is filling ahead of us and we 4834 * don't need a lock to remove this 4835 * guy (which is the head of the 4836 * queue). 4837 */ 4838 if (hold_rlock == 0) { 4839 SCTP_INP_READ_LOCK(inp); 4840 hold_rlock = 1; 4841 } 4842 } 4843 TAILQ_REMOVE(&inp->read_queue, control, next); 4844 /* Add back any hiddend data */ 4845 if (control->held_length) { 4846 held_length = 0; 4847 control->held_length = 0; 4848 wakeup_read_socket = 1; 4849 } 4850 no_rcv_needed = control->do_not_ref_stcb; 4851 sctp_free_remote_addr(control->whoFrom); 4852 control->data = NULL; 4853 sctp_free_a_readq(stcb, control); 4854 control = NULL; 4855 if ((freed_so_far >= rwnd_req) && (no_rcv_needed == 0)) 4856 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 4857 4858 } else { 4859 /* 4860 * The user did not read all of this 4861 * message, turn off the returned MSG_EOR 4862 * since we are leaving more behind on the 4863 * control to read. 4864 */ 4865 #ifdef INVARIANTS 4866 if (control->end_added && (control->data == NULL) && 4867 (control->tail_mbuf == NULL)) { 4868 panic("Gak, control->length is corrupt?"); 4869 } 4870 #endif 4871 no_rcv_needed = control->do_not_ref_stcb; 4872 out_flags &= ~MSG_EOR; 4873 } 4874 } 4875 if (out_flags & MSG_EOR) { 4876 goto release; 4877 } 4878 if ((uio->uio_resid == 0) || 4879 ((in_eeor_mode) && (copied_so_far >= max(so->so_rcv.sb_lowat, 1))) 4880 ) { 4881 goto release; 4882 } 4883 /* 4884 * If I hit here the receiver wants more and this message is 4885 * NOT done (pd-api). So two questions. Can we block? if not 4886 * we are done. Did the user NOT set MSG_WAITALL? 4887 */ 4888 if (block_allowed == 0) { 4889 goto release; 4890 } 4891 /* 4892 * We need to wait for more data a few things: - We don't 4893 * sbunlock() so we don't get someone else reading. - We 4894 * must be sure to account for the case where what is added 4895 * is NOT to our control when we wakeup. 4896 */ 4897 4898 /* 4899 * Do we need to tell the transport a rwnd update might be 4900 * needed before we go to sleep? 4901 */ 4902 if (((stcb) && (in_flags & MSG_PEEK) == 0) && 4903 ((freed_so_far >= rwnd_req) && 4904 (control->do_not_ref_stcb == 0) && 4905 (no_rcv_needed == 0))) { 4906 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 4907 } 4908 wait_some_more: 4909 if (so->so_error || so->so_rcv.sb_state & SBS_CANTRCVMORE) { 4910 goto release; 4911 } 4912 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) 4913 goto release; 4914 4915 if (hold_rlock == 1) { 4916 SCTP_INP_READ_UNLOCK(inp); 4917 hold_rlock = 0; 4918 } 4919 if (hold_sblock == 0) { 4920 SOCKBUF_LOCK(&so->so_rcv); 4921 hold_sblock = 1; 4922 } 4923 #ifdef SCTP_RECV_DETAIL_RWND_LOGGING 4924 if (stcb) 4925 sctp_misc_ints(SCTP_SORECV_BLOCKSB, 4926 freed_so_far, 4927 stcb->asoc.my_rwnd, 4928 so->so_rcv.sb_cc, 4929 uio->uio_resid); 4930 else 4931 sctp_misc_ints(SCTP_SORECV_BLOCKSB, 4932 freed_so_far, 4933 0, 4934 so->so_rcv.sb_cc, 4935 uio->uio_resid); 4936 #endif 4937 if (so->so_rcv.sb_cc <= control->held_length) { 4938 error = sbwait(&so->so_rcv); 4939 if (error) { 4940 goto release; 4941 } 4942 control->held_length = 0; 4943 } 4944 if (hold_sblock) { 4945 SOCKBUF_UNLOCK(&so->so_rcv); 4946 hold_sblock = 0; 4947 } 4948 if (control->length == 0) { 4949 /* still nothing here */ 4950 if (control->end_added == 1) { 4951 /* he aborted, or is done i.e.did a shutdown */ 4952 out_flags |= MSG_EOR; 4953 if (control->pdapi_aborted) 4954 out_flags |= MSG_TRUNC; 4955 goto done_with_control; 4956 } 4957 if (so->so_rcv.sb_cc > held_length) { 4958 control->held_length = so->so_rcv.sb_cc; 4959 held_length = 0; 4960 } 4961 goto wait_some_more; 4962 } else if (control->data == NULL) { 4963 /* 4964 * we must re-sync since data is probably being 4965 * added 4966 */ 4967 SCTP_INP_READ_LOCK(inp); 4968 if ((control->length > 0) && (control->data == NULL)) { 4969 /* 4970 * big trouble.. we have the lock and its 4971 * corrupt? 4972 */ 4973 panic("Impossible data==NULL length !=0"); 4974 } 4975 SCTP_INP_READ_UNLOCK(inp); 4976 /* We will fall around to get more data */ 4977 } 4978 goto get_more_data; 4979 } else { 4980 /* copy out the mbuf chain */ 4981 get_more_data2: 4982 /* 4983 * Do we have a uio, I doubt it if so we grab the size from 4984 * it, if not you get it all 4985 */ 4986 if (uio) 4987 cp_len = uio->uio_resid; 4988 else 4989 cp_len = control->length; 4990 4991 if ((uint32_t) cp_len >= control->length) { 4992 /* easy way */ 4993 if ((control->end_added == 0) || 4994 (TAILQ_NEXT(control, next) == NULL)) { 4995 /* Need to get rlock */ 4996 if (hold_rlock == 0) { 4997 SCTP_INP_READ_LOCK(inp); 4998 hold_rlock = 1; 4999 } 5000 } 5001 if (control->end_added) { 5002 out_flags |= MSG_EOR; 5003 } 5004 if (control->spec_flags & M_NOTIFICATION) { 5005 out_flags |= MSG_NOTIFICATION; 5006 } 5007 if (uio) 5008 uio->uio_resid -= control->length; 5009 *mp = control->data; 5010 m = control->data; 5011 while (m) { 5012 #ifdef SCTP_SB_LOGGING 5013 sctp_sblog(&so->so_rcv, 5014 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 5015 #endif 5016 sctp_sbfree(control, stcb, &so->so_rcv, m); 5017 freed_so_far += SCTP_BUF_LEN(m); 5018 #ifdef SCTP_SB_LOGGING 5019 sctp_sblog(&so->so_rcv, 5020 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 5021 #endif 5022 m = SCTP_BUF_NEXT(m); 5023 } 5024 control->data = control->tail_mbuf = NULL; 5025 control->length = 0; 5026 if (out_flags & MSG_EOR) { 5027 /* Done with this control */ 5028 goto done_with_control; 5029 } 5030 /* still more to do with this conntrol */ 5031 /* do we really support msg_waitall here? */ 5032 if ((block_allowed == 0) || 5033 ((in_flags & MSG_WAITALL) == 0)) { 5034 goto release; 5035 } 5036 wait_some_more2: 5037 if (so->so_error || so->so_rcv.sb_state & SBS_CANTRCVMORE) 5038 goto release; 5039 if (hold_rlock == 1) { 5040 SCTP_INP_READ_UNLOCK(inp); 5041 hold_rlock = 0; 5042 } 5043 if (hold_sblock == 0) { 5044 SOCKBUF_LOCK(&so->so_rcv); 5045 hold_sblock = 1; 5046 } 5047 if (so->so_rcv.sb_cc <= control->held_length) { 5048 error = sbwait(&so->so_rcv); 5049 if (error) { 5050 goto release; 5051 } 5052 } 5053 if (hold_sblock) { 5054 SOCKBUF_UNLOCK(&so->so_rcv); 5055 hold_sblock = 0; 5056 } 5057 if (control->length == 0) { 5058 /* still nothing here */ 5059 if (control->end_added == 1) { 5060 /* 5061 * he aborted, or is done i.e. 5062 * shutdown 5063 */ 5064 out_flags |= MSG_EOR; 5065 if (control->pdapi_aborted) 5066 out_flags |= MSG_TRUNC; 5067 goto done_with_control; 5068 } 5069 if (so->so_rcv.sb_cc > held_length) { 5070 control->held_length = so->so_rcv.sb_cc; 5071 /* 5072 * We don't use held_length while 5073 * getting a message 5074 */ 5075 held_length = 0; 5076 } 5077 goto wait_some_more2; 5078 } 5079 goto get_more_data2; 5080 } else { 5081 /* hard way mbuf by mbuf */ 5082 m = control->data; 5083 if (control->end_added == 0) { 5084 /* need the rlock */ 5085 if (hold_rlock == 0) { 5086 SCTP_INP_READ_LOCK(inp); 5087 hold_rlock = 1; 5088 } 5089 } 5090 if (control->spec_flags & M_NOTIFICATION) { 5091 out_flags |= MSG_NOTIFICATION; 5092 } 5093 while ((m) && (cp_len > 0)) { 5094 if (cp_len >= SCTP_BUF_LEN(m)) { 5095 *mp = m; 5096 atomic_subtract_int(&control->length, SCTP_BUF_LEN(m)); 5097 if (uio) 5098 uio->uio_resid -= SCTP_BUF_LEN(m); 5099 cp_len -= SCTP_BUF_LEN(m); 5100 control->data = SCTP_BUF_NEXT(m); 5101 SCTP_BUF_NEXT(m) = NULL; 5102 #ifdef SCTP_SB_LOGGING 5103 sctp_sblog(&so->so_rcv, 5104 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, SCTP_BUF_LEN(m)); 5105 #endif 5106 sctp_sbfree(control, stcb, &so->so_rcv, m); 5107 freed_so_far += SCTP_BUF_LEN(m); 5108 #ifdef SCTP_SB_LOGGING 5109 sctp_sblog(&so->so_rcv, 5110 control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBRESULT, 0); 5111 #endif 5112 mp = &SCTP_BUF_NEXT(m); 5113 m = control->data; 5114 } else { 5115 /* 5116 * got all he wants and its part of 5117 * this mbuf only. 5118 */ 5119 if (uio) 5120 uio->uio_resid -= SCTP_BUF_LEN(m); 5121 cp_len -= SCTP_BUF_LEN(m); 5122 if (hold_rlock) { 5123 SCTP_INP_READ_UNLOCK(inp); 5124 hold_rlock = 0; 5125 } 5126 if (hold_sblock) { 5127 SOCKBUF_UNLOCK(&so->so_rcv); 5128 hold_sblock = 0; 5129 } 5130 splx(s); 5131 *mp = sctp_m_copym(m, 0, cp_len, 5132 M_TRYWAIT 5133 ); 5134 s = splnet(); 5135 #ifdef SCTP_LOCK_LOGGING 5136 sctp_log_lock(inp, stcb, SCTP_LOG_LOCK_SOCKBUF_R); 5137 #endif 5138 if (hold_sblock == 0) { 5139 SOCKBUF_LOCK(&so->so_rcv); 5140 hold_sblock = 1; 5141 } 5142 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) 5143 goto release; 5144 5145 if (stcb && 5146 stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 5147 no_rcv_needed = 1; 5148 } 5149 SCTP_BUF_RESV_UF(m, cp_len); 5150 SCTP_BUF_LEN(m) -= cp_len; 5151 #ifdef SCTP_SB_LOGGING 5152 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, SCTP_LOG_SBFREE, cp_len); 5153 #endif 5154 freed_so_far += cp_len; 5155 atomic_subtract_int(&so->so_rcv.sb_cc, cp_len); 5156 if (stcb) { 5157 atomic_subtract_int(&stcb->asoc.sb_cc, cp_len); 5158 if ((freed_so_far >= rwnd_req) && 5159 (control->do_not_ref_stcb == 0) && 5160 (no_rcv_needed == 0)) 5161 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5162 } 5163 #ifdef SCTP_SB_LOGGING 5164 sctp_sblog(&so->so_rcv, control->do_not_ref_stcb ? NULL : stcb, 5165 SCTP_LOG_SBRESULT, 0); 5166 #endif 5167 goto release; 5168 } 5169 } 5170 } 5171 } 5172 release: 5173 if (hold_rlock == 1) { 5174 SCTP_INP_READ_UNLOCK(inp); 5175 hold_rlock = 0; 5176 } 5177 if (hold_sblock == 0) { 5178 SOCKBUF_LOCK(&so->so_rcv); 5179 hold_sblock = 1; 5180 } 5181 sbunlock(&so->so_rcv); 5182 5183 release_unlocked: 5184 if (hold_sblock) { 5185 SOCKBUF_UNLOCK(&so->so_rcv); 5186 hold_sblock = 0; 5187 } 5188 if ((stcb) && (in_flags & MSG_PEEK) == 0) { 5189 if ((freed_so_far >= rwnd_req) && 5190 (control && (control->do_not_ref_stcb == 0)) && 5191 (no_rcv_needed == 0)) 5192 sctp_user_rcvd(stcb, &freed_so_far, hold_rlock, rwnd_req); 5193 } 5194 if (msg_flags) 5195 *msg_flags |= out_flags; 5196 out: 5197 if (hold_rlock == 1) { 5198 SCTP_INP_READ_UNLOCK(inp); 5199 hold_rlock = 0; 5200 } 5201 if (hold_sblock) { 5202 SOCKBUF_UNLOCK(&so->so_rcv); 5203 hold_sblock = 0; 5204 } 5205 if (freecnt_applied) { 5206 /* 5207 * The lock on the socket buffer protects us so the free 5208 * code will stop. But since we used the socketbuf lock and 5209 * the sender uses the tcb_lock to increment, we need to use 5210 * the atomic add to the refcnt. 5211 */ 5212 if (stcb == NULL) { 5213 panic("stcb for refcnt has gone NULL?"); 5214 } 5215 atomic_add_int(&stcb->asoc.refcnt, -1); 5216 freecnt_applied = 0; 5217 /* Save the value back for next time */ 5218 stcb->freed_by_sorcv_sincelast = freed_so_far; 5219 } 5220 splx(s); 5221 #ifdef SCTP_RECV_RWND_LOGGING 5222 if (stcb) { 5223 sctp_misc_ints(SCTP_SORECV_DONE, 5224 freed_so_far, 5225 ((uio) ? (slen - uio->uio_resid) : slen), 5226 stcb->asoc.my_rwnd, 5227 so->so_rcv.sb_cc); 5228 } else { 5229 sctp_misc_ints(SCTP_SORECV_DONE, 5230 freed_so_far, 5231 ((uio) ? (slen - uio->uio_resid) : slen), 5232 0, 5233 so->so_rcv.sb_cc); 5234 } 5235 #endif 5236 if (wakeup_read_socket) { 5237 sctp_sorwakeup(inp, so); 5238 } 5239 return (error); 5240 } 5241 5242 5243 #ifdef SCTP_MBUF_LOGGING 5244 struct mbuf * 5245 sctp_m_free(struct mbuf *m) 5246 { 5247 if (SCTP_BUF_IS_EXTENDED(m)) { 5248 sctp_log_mb(m, SCTP_MBUF_IFREE); 5249 } 5250 return (m_free(m)); 5251 } 5252 5253 void 5254 sctp_m_freem(struct mbuf *mb) 5255 { 5256 while (mb != NULL) 5257 mb = sctp_m_free(mb); 5258 } 5259 5260 #endif 5261 5262 5263 int 5264 sctp_soreceive(so, psa, uio, mp0, controlp, flagsp) 5265 struct socket *so; 5266 struct sockaddr **psa; 5267 struct uio *uio; 5268 struct mbuf **mp0; 5269 struct mbuf **controlp; 5270 int *flagsp; 5271 { 5272 int error, fromlen; 5273 uint8_t sockbuf[256]; 5274 struct sockaddr *from; 5275 struct sctp_extrcvinfo sinfo; 5276 int filling_sinfo = 1; 5277 struct sctp_inpcb *inp; 5278 5279 inp = (struct sctp_inpcb *)so->so_pcb; 5280 /* pickup the assoc we are reading from */ 5281 if (inp == NULL) { 5282 return (EINVAL); 5283 } 5284 if ((sctp_is_feature_off(inp, 5285 SCTP_PCB_FLAGS_RECVDATAIOEVNT)) || 5286 (controlp == NULL)) { 5287 /* user does not want the sndrcv ctl */ 5288 filling_sinfo = 0; 5289 } 5290 if (psa) { 5291 from = (struct sockaddr *)sockbuf; 5292 fromlen = sizeof(sockbuf); 5293 from->sa_len = 0; 5294 } else { 5295 from = NULL; 5296 fromlen = 0; 5297 } 5298 5299 error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, flagsp, 5300 (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo); 5301 if ((controlp) && (filling_sinfo)) { 5302 /* copy back the sinfo in a CMSG format */ 5303 if (filling_sinfo) 5304 *controlp = sctp_build_ctl_nchunk(inp, 5305 (struct sctp_sndrcvinfo *)&sinfo); 5306 else 5307 *controlp = NULL; 5308 } 5309 if (psa) { 5310 /* copy back the address info */ 5311 if (from && from->sa_len) { 5312 *psa = sodupsockaddr(from, M_NOWAIT); 5313 } else { 5314 *psa = NULL; 5315 } 5316 } 5317 return (error); 5318 } 5319