1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/types.h> 29 #include <sys/systm.h> 30 #include <sys/stream.h> 31 #include <sys/cmn_err.h> 32 #include <sys/kmem.h> 33 #define _SUN_TPI_VERSION 2 34 #include <sys/tihdr.h> 35 #include <sys/socket.h> 36 #include <sys/strsun.h> 37 #include <sys/strsubr.h> 38 39 #include <netinet/in.h> 40 #include <netinet/ip6.h> 41 #include <netinet/tcp_seq.h> 42 #include <netinet/sctp.h> 43 44 #include <inet/common.h> 45 #include <inet/ip.h> 46 #include <inet/ip6.h> 47 #include <inet/mib2.h> 48 #include <inet/ipclassifier.h> 49 #include <inet/ipp_common.h> 50 #include <inet/ipsec_impl.h> 51 #include <inet/sctp_ip.h> 52 53 #include "sctp_impl.h" 54 #include "sctp_asconf.h" 55 #include "sctp_addr.h" 56 57 static struct kmem_cache *sctp_kmem_set_cache; 58 59 /* 60 * PR-SCTP comments. 61 * 62 * When we get a valid Forward TSN chunk, we check the fragment list for this 63 * SSN and preceeding SSNs free all them. Further, if this Forward TSN causes 64 * the next expected SSN to be present in the stream queue, we deliver any 65 * such stranded messages upstream. We also update the SACK info. appropriately. 66 * When checking for advancing the cumulative ack (in sctp_cumack()) we must 67 * check for abandoned chunks and messages. While traversing the tramsmit 68 * list if we come across an abandoned chunk, we can skip the message (i.e. 69 * take it out of the (re)transmit list) since this message, and hence this 70 * chunk, has been marked abandoned by sctp_rexmit(). If we come across an 71 * unsent chunk for a message this now abandoned we need to check if a 72 * Forward TSN needs to be sent, this could be a case where we deferred sending 73 * a Forward TSN in sctp_get_msg_to_send(). Further, after processing a 74 * SACK we check if the Advanced peer ack point can be moved ahead, i.e. 75 * if we can send a Forward TSN via sctp_check_abandoned_data(). 76 */ 77 void 78 sctp_free_set(sctp_set_t *s) 79 { 80 sctp_set_t *p; 81 82 while (s) { 83 p = s->next; 84 kmem_cache_free(sctp_kmem_set_cache, s); 85 s = p; 86 } 87 } 88 89 static void 90 sctp_ack_add(sctp_set_t **head, uint32_t tsn, int *num) 91 { 92 sctp_set_t *p, *t; 93 94 if (head == NULL || num == NULL) 95 return; 96 97 ASSERT(*num >= 0); 98 ASSERT((*num == 0 && *head == NULL) || (*num > 0 && *head != NULL)); 99 100 if (*head == NULL) { 101 *head = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 102 if (*head == NULL) 103 return; 104 (*head)->prev = (*head)->next = NULL; 105 (*head)->begin = tsn; 106 (*head)->end = tsn; 107 *num = 1; 108 return; 109 } 110 111 ASSERT((*head)->prev == NULL); 112 113 /* 114 * Handle this special case here so we don't have to check 115 * for it each time in the loop. 116 */ 117 if (SEQ_LT(tsn + 1, (*head)->begin)) { 118 /* add a new set, and move the head pointer */ 119 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 120 if (t == NULL) 121 return; 122 t->next = *head; 123 t->prev = NULL; 124 (*head)->prev = t; 125 t->begin = tsn; 126 t->end = tsn; 127 (*num)++; 128 *head = t; 129 return; 130 } 131 132 /* 133 * We need to handle the following cases, where p points to 134 * the current set (as we walk through the loop): 135 * 136 * 1. tsn is entirely less than p; create a new set before p. 137 * 2. tsn borders p from less; coalesce p with tsn. 138 * 3. tsn is withing p; do nothing. 139 * 4. tsn borders p from greater; coalesce p with tsn. 140 * 4a. p may now border p->next from less; if so, coalesce those 141 * two sets. 142 * 5. tsn is entirely greater then all sets; add a new set at 143 * the end. 144 */ 145 for (p = *head; ; p = p->next) { 146 if (SEQ_LT(tsn + 1, p->begin)) { 147 /* 1: add a new set before p. */ 148 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 149 if (t == NULL) 150 return; 151 t->next = p; 152 t->prev = NULL; 153 t->begin = tsn; 154 t->end = tsn; 155 if (p->prev) { 156 t->prev = p->prev; 157 p->prev->next = t; 158 } 159 p->prev = t; 160 (*num)++; 161 return; 162 } 163 164 if ((tsn + 1) == p->begin) { 165 /* 2: adjust p->begin */ 166 p->begin = tsn; 167 return; 168 } 169 170 if (SEQ_GEQ(tsn, p->begin) && SEQ_LEQ(tsn, p->end)) { 171 /* 3; do nothing */ 172 return; 173 } 174 175 if ((p->end + 1) == tsn) { 176 /* 4; adjust p->end */ 177 p->end = tsn; 178 179 if (p->next != NULL && (tsn + 1) == p->next->begin) { 180 /* 4a: coalesce p and p->next */ 181 t = p->next; 182 p->end = t->end; 183 p->next = t->next; 184 if (t->next != NULL) 185 t->next->prev = p; 186 kmem_cache_free(sctp_kmem_set_cache, t); 187 (*num)--; 188 } 189 return; 190 } 191 192 if (p->next == NULL) { 193 /* 5: add new set at the end */ 194 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 195 if (t == NULL) 196 return; 197 t->next = NULL; 198 t->prev = p; 199 t->begin = tsn; 200 t->end = tsn; 201 p->next = t; 202 (*num)++; 203 return; 204 } 205 206 if (SEQ_GT(tsn, p->end + 1)) 207 continue; 208 } 209 } 210 211 static void 212 sctp_ack_rem(sctp_set_t **head, uint32_t end, int *num) 213 { 214 sctp_set_t *p, *t; 215 216 if (head == NULL || *head == NULL || num == NULL) 217 return; 218 219 /* Nothing to remove */ 220 if (SEQ_LT(end, (*head)->begin)) 221 return; 222 223 /* Find out where to start removing sets */ 224 for (p = *head; p->next; p = p->next) { 225 if (SEQ_LEQ(end, p->end)) 226 break; 227 } 228 229 if (SEQ_LT(end, p->end) && SEQ_GEQ(end, p->begin)) { 230 /* adjust p */ 231 p->begin = end + 1; 232 /* all done */ 233 if (p == *head) 234 return; 235 } else if (SEQ_GEQ(end, p->end)) { 236 /* remove this set too */ 237 p = p->next; 238 } 239 240 /* unlink everything before this set */ 241 t = *head; 242 *head = p; 243 if (p != NULL && p->prev != NULL) { 244 p->prev->next = NULL; 245 p->prev = NULL; 246 } 247 248 sctp_free_set(t); 249 250 /* recount the number of sets */ 251 *num = 0; 252 253 for (p = *head; p != NULL; p = p->next) 254 (*num)++; 255 } 256 257 void 258 sctp_sets_init() 259 { 260 sctp_kmem_set_cache = kmem_cache_create("sctp_set_cache", 261 sizeof (sctp_set_t), 0, NULL, NULL, NULL, NULL, 262 NULL, 0); 263 } 264 265 void 266 sctp_sets_fini() 267 { 268 kmem_cache_destroy(sctp_kmem_set_cache); 269 } 270 271 sctp_chunk_hdr_t * 272 sctp_first_chunk(uchar_t *rptr, ssize_t remaining) 273 { 274 sctp_chunk_hdr_t *ch; 275 uint16_t ch_len; 276 277 if (remaining < sizeof (*ch)) { 278 return (NULL); 279 } 280 281 ch = (sctp_chunk_hdr_t *)rptr; 282 ch_len = ntohs(ch->sch_len); 283 284 if (ch_len < sizeof (*ch) || remaining < ch_len) { 285 return (NULL); 286 } 287 288 return (ch); 289 } 290 291 sctp_chunk_hdr_t * 292 sctp_next_chunk(sctp_chunk_hdr_t *ch, ssize_t *remaining) 293 { 294 int pad; 295 uint16_t ch_len; 296 297 if (!ch) { 298 return (NULL); 299 } 300 301 ch_len = ntohs(ch->sch_len); 302 303 if ((pad = ch_len & (SCTP_ALIGN - 1)) != 0) { 304 pad = SCTP_ALIGN - pad; 305 } 306 307 *remaining -= (ch_len + pad); 308 ch = (sctp_chunk_hdr_t *)((char *)ch + ch_len + pad); 309 310 return (sctp_first_chunk((uchar_t *)ch, *remaining)); 311 } 312 313 /* 314 * Attach ancillary data to a received SCTP segments. 315 * If the source address (fp) is not the primary, send up a 316 * unitdata_ind so recvfrom() can populate the msg_name field. 317 * If ancillary data is also requested, we append it to the 318 * unitdata_req. Otherwise, we just send up an optdata_ind. 319 */ 320 static int 321 sctp_input_add_ancillary(sctp_t *sctp, mblk_t **mp, sctp_data_hdr_t *dcp, 322 sctp_faddr_t *fp, ip6_pkt_t *ipp) 323 { 324 struct T_unitdata_ind *tudi; 325 int optlen; 326 int hdrlen; 327 uchar_t *optptr; 328 struct cmsghdr *cmsg; 329 mblk_t *mp1; 330 struct sockaddr_in6 sin_buf[1]; 331 struct sockaddr_in6 *sin6; 332 struct sockaddr_in *sin4; 333 uint_t addflag = 0; 334 335 sin4 = NULL; 336 sin6 = NULL; 337 338 optlen = hdrlen = 0; 339 340 /* Figure out address size */ 341 if (sctp->sctp_ipversion == IPV4_VERSION) { 342 sin4 = (struct sockaddr_in *)sin_buf; 343 sin4->sin_family = AF_INET; 344 sin4->sin_port = sctp->sctp_fport; 345 IN6_V4MAPPED_TO_IPADDR(&fp->faddr, sin4->sin_addr.s_addr); 346 hdrlen = sizeof (*tudi) + sizeof (*sin4); 347 } else { 348 sin6 = sin_buf; 349 sin6->sin6_family = AF_INET6; 350 sin6->sin6_port = sctp->sctp_fport; 351 sin6->sin6_addr = fp->faddr; 352 hdrlen = sizeof (*tudi) + sizeof (*sin6); 353 } 354 355 /* If app asked to receive send / recv info */ 356 if (sctp->sctp_recvsndrcvinfo) { 357 optlen += sizeof (*cmsg) + sizeof (struct sctp_sndrcvinfo); 358 if (hdrlen == 0) 359 hdrlen = sizeof (struct T_optdata_ind); 360 } 361 362 if (sctp->sctp_ipv6_recvancillary == 0) 363 goto noancillary; 364 365 if ((ipp->ipp_fields & IPPF_IFINDEX) && 366 ipp->ipp_ifindex != sctp->sctp_recvifindex && 367 (sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVPKTINFO)) { 368 optlen += sizeof (*cmsg) + sizeof (struct in6_pktinfo); 369 if (hdrlen == 0) 370 hdrlen = sizeof (struct T_unitdata_ind); 371 addflag |= SCTP_IPV6_RECVPKTINFO; 372 } 373 /* If app asked for hoplimit and it has changed ... */ 374 if ((ipp->ipp_fields & IPPF_HOPLIMIT) && 375 ipp->ipp_hoplimit != sctp->sctp_recvhops && 376 (sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVHOPLIMIT)) { 377 optlen += sizeof (*cmsg) + sizeof (uint_t); 378 if (hdrlen == 0) 379 hdrlen = sizeof (struct T_unitdata_ind); 380 addflag |= SCTP_IPV6_RECVHOPLIMIT; 381 } 382 /* If app asked for hopbyhop headers and it has changed ... */ 383 if ((sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVHOPOPTS) && 384 ip_cmpbuf(sctp->sctp_hopopts, sctp->sctp_hopoptslen, 385 (ipp->ipp_fields & IPPF_HOPOPTS), 386 ipp->ipp_hopopts, ipp->ipp_hopoptslen)) { 387 optlen += sizeof (*cmsg) + ipp->ipp_hopoptslen - 388 sctp->sctp_v6label_len; 389 if (hdrlen == 0) 390 hdrlen = sizeof (struct T_unitdata_ind); 391 addflag |= SCTP_IPV6_RECVHOPOPTS; 392 if (!ip_allocbuf((void **)&sctp->sctp_hopopts, 393 &sctp->sctp_hopoptslen, 394 (ipp->ipp_fields & IPPF_HOPOPTS), 395 ipp->ipp_hopopts, ipp->ipp_hopoptslen)) 396 return (-1); 397 } 398 /* If app asked for dst headers before routing headers ... */ 399 if ((sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVRTDSTOPTS) && 400 ip_cmpbuf(sctp->sctp_rtdstopts, sctp->sctp_rtdstoptslen, 401 (ipp->ipp_fields & IPPF_RTDSTOPTS), 402 ipp->ipp_rtdstopts, ipp->ipp_rtdstoptslen)) { 403 optlen += sizeof (*cmsg) + ipp->ipp_rtdstoptslen; 404 if (hdrlen == 0) 405 hdrlen = sizeof (struct T_unitdata_ind); 406 addflag |= SCTP_IPV6_RECVRTDSTOPTS; 407 if (!ip_allocbuf((void **)&sctp->sctp_rtdstopts, 408 &sctp->sctp_rtdstoptslen, 409 (ipp->ipp_fields & IPPF_RTDSTOPTS), 410 ipp->ipp_rtdstopts, ipp->ipp_rtdstoptslen)) 411 return (-1); 412 } 413 /* If app asked for routing headers and it has changed ... */ 414 if (sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVRTHDR) { 415 if (ip_cmpbuf(sctp->sctp_rthdr, sctp->sctp_rthdrlen, 416 (ipp->ipp_fields & IPPF_RTHDR), 417 ipp->ipp_rthdr, ipp->ipp_rthdrlen)) { 418 optlen += sizeof (*cmsg) + ipp->ipp_rthdrlen; 419 if (hdrlen == 0) 420 hdrlen = sizeof (struct T_unitdata_ind); 421 addflag |= SCTP_IPV6_RECVRTHDR; 422 if (!ip_allocbuf((void **)&sctp->sctp_rthdr, 423 &sctp->sctp_rthdrlen, 424 (ipp->ipp_fields & IPPF_RTHDR), 425 ipp->ipp_rthdr, ipp->ipp_rthdrlen)) 426 return (-1); 427 } 428 } 429 /* If app asked for dest headers and it has changed ... */ 430 if ((sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVDSTOPTS) && 431 ip_cmpbuf(sctp->sctp_dstopts, sctp->sctp_dstoptslen, 432 (ipp->ipp_fields & IPPF_DSTOPTS), 433 ipp->ipp_dstopts, ipp->ipp_dstoptslen)) { 434 optlen += sizeof (*cmsg) + ipp->ipp_dstoptslen; 435 if (hdrlen == 0) 436 hdrlen = sizeof (struct T_unitdata_ind); 437 addflag |= SCTP_IPV6_RECVDSTOPTS; 438 if (!ip_allocbuf((void **)&sctp->sctp_dstopts, 439 &sctp->sctp_dstoptslen, 440 (ipp->ipp_fields & IPPF_DSTOPTS), 441 ipp->ipp_dstopts, ipp->ipp_dstoptslen)) 442 return (-1); 443 } 444 noancillary: 445 /* Nothing to add */ 446 if (hdrlen == 0) 447 return (-1); 448 449 mp1 = allocb(hdrlen + optlen + sizeof (void *), BPRI_MED); 450 if (mp1 == NULL) 451 return (-1); 452 mp1->b_cont = *mp; 453 *mp = mp1; 454 mp1->b_rptr += sizeof (void *); /* pointer worth of padding */ 455 mp1->b_wptr = mp1->b_rptr + hdrlen + optlen; 456 DB_TYPE(mp1) = M_PROTO; 457 tudi = (struct T_unitdata_ind *)mp1->b_rptr; 458 tudi->PRIM_type = T_UNITDATA_IND; 459 tudi->SRC_length = sin4 ? sizeof (*sin4) : sizeof (*sin6); 460 tudi->SRC_offset = sizeof (*tudi); 461 tudi->OPT_offset = sizeof (*tudi) + tudi->SRC_length; 462 tudi->OPT_length = optlen; 463 if (sin4) { 464 bcopy(sin4, tudi + 1, sizeof (*sin4)); 465 } else { 466 bcopy(sin6, tudi + 1, sizeof (*sin6)); 467 } 468 optptr = (uchar_t *)tudi + tudi->OPT_offset; 469 470 if (sctp->sctp_recvsndrcvinfo) { 471 /* XXX need backout method if memory allocation fails. */ 472 struct sctp_sndrcvinfo *sri; 473 474 cmsg = (struct cmsghdr *)optptr; 475 cmsg->cmsg_level = IPPROTO_SCTP; 476 cmsg->cmsg_type = SCTP_SNDRCV; 477 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (*sri); 478 optptr += sizeof (*cmsg); 479 480 sri = (struct sctp_sndrcvinfo *)(cmsg + 1); 481 ASSERT(OK_32PTR(sri)); 482 sri->sinfo_stream = ntohs(dcp->sdh_sid); 483 sri->sinfo_ssn = ntohs(dcp->sdh_ssn); 484 if (SCTP_DATA_GET_UBIT(dcp)) { 485 sri->sinfo_flags = MSG_UNORDERED; 486 } else { 487 sri->sinfo_flags = 0; 488 } 489 sri->sinfo_ppid = dcp->sdh_payload_id; 490 sri->sinfo_context = 0; 491 sri->sinfo_timetolive = 0; 492 sri->sinfo_tsn = ntohl(dcp->sdh_tsn); 493 sri->sinfo_cumtsn = sctp->sctp_ftsn; 494 sri->sinfo_assoc_id = 0; 495 496 optptr += sizeof (*sri); 497 } 498 499 /* 500 * If app asked for pktinfo and the index has changed ... 501 * Note that the local address never changes for the connection. 502 */ 503 if (addflag & SCTP_IPV6_RECVPKTINFO) { 504 struct in6_pktinfo *pkti; 505 506 cmsg = (struct cmsghdr *)optptr; 507 cmsg->cmsg_level = IPPROTO_IPV6; 508 cmsg->cmsg_type = IPV6_PKTINFO; 509 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (*pkti); 510 optptr += sizeof (*cmsg); 511 512 pkti = (struct in6_pktinfo *)optptr; 513 if (sctp->sctp_ipversion == IPV6_VERSION) 514 pkti->ipi6_addr = sctp->sctp_ip6h->ip6_src; 515 else 516 IN6_IPADDR_TO_V4MAPPED(sctp->sctp_ipha->ipha_src, 517 &pkti->ipi6_addr); 518 pkti->ipi6_ifindex = ipp->ipp_ifindex; 519 optptr += sizeof (*pkti); 520 ASSERT(OK_32PTR(optptr)); 521 /* Save as "last" value */ 522 sctp->sctp_recvifindex = ipp->ipp_ifindex; 523 } 524 /* If app asked for hoplimit and it has changed ... */ 525 if (addflag & SCTP_IPV6_RECVHOPLIMIT) { 526 cmsg = (struct cmsghdr *)optptr; 527 cmsg->cmsg_level = IPPROTO_IPV6; 528 cmsg->cmsg_type = IPV6_HOPLIMIT; 529 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (uint_t); 530 optptr += sizeof (*cmsg); 531 532 *(uint_t *)optptr = ipp->ipp_hoplimit; 533 optptr += sizeof (uint_t); 534 ASSERT(OK_32PTR(optptr)); 535 /* Save as "last" value */ 536 sctp->sctp_recvhops = ipp->ipp_hoplimit; 537 } 538 if (addflag & SCTP_IPV6_RECVHOPOPTS) { 539 cmsg = (struct cmsghdr *)optptr; 540 cmsg->cmsg_level = IPPROTO_IPV6; 541 cmsg->cmsg_type = IPV6_HOPOPTS; 542 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_hopoptslen; 543 optptr += sizeof (*cmsg); 544 545 bcopy(ipp->ipp_hopopts, optptr, ipp->ipp_hopoptslen); 546 optptr += ipp->ipp_hopoptslen; 547 ASSERT(OK_32PTR(optptr)); 548 /* Save as last value */ 549 ip_savebuf((void **)&sctp->sctp_hopopts, 550 &sctp->sctp_hopoptslen, 551 (ipp->ipp_fields & IPPF_HOPOPTS), 552 ipp->ipp_hopopts, ipp->ipp_hopoptslen); 553 } 554 if (addflag & SCTP_IPV6_RECVRTDSTOPTS) { 555 cmsg = (struct cmsghdr *)optptr; 556 cmsg->cmsg_level = IPPROTO_IPV6; 557 cmsg->cmsg_type = IPV6_RTHDRDSTOPTS; 558 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_rtdstoptslen; 559 optptr += sizeof (*cmsg); 560 561 bcopy(ipp->ipp_rtdstopts, optptr, ipp->ipp_rtdstoptslen); 562 optptr += ipp->ipp_rtdstoptslen; 563 ASSERT(OK_32PTR(optptr)); 564 /* Save as last value */ 565 ip_savebuf((void **)&sctp->sctp_rtdstopts, 566 &sctp->sctp_rtdstoptslen, 567 (ipp->ipp_fields & IPPF_RTDSTOPTS), 568 ipp->ipp_rtdstopts, ipp->ipp_rtdstoptslen); 569 } 570 if (addflag & SCTP_IPV6_RECVRTHDR) { 571 cmsg = (struct cmsghdr *)optptr; 572 cmsg->cmsg_level = IPPROTO_IPV6; 573 cmsg->cmsg_type = IPV6_RTHDR; 574 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_rthdrlen; 575 optptr += sizeof (*cmsg); 576 577 bcopy(ipp->ipp_rthdr, optptr, ipp->ipp_rthdrlen); 578 optptr += ipp->ipp_rthdrlen; 579 ASSERT(OK_32PTR(optptr)); 580 /* Save as last value */ 581 ip_savebuf((void **)&sctp->sctp_rthdr, 582 &sctp->sctp_rthdrlen, 583 (ipp->ipp_fields & IPPF_RTHDR), 584 ipp->ipp_rthdr, ipp->ipp_rthdrlen); 585 } 586 if (addflag & SCTP_IPV6_RECVDSTOPTS) { 587 cmsg = (struct cmsghdr *)optptr; 588 cmsg->cmsg_level = IPPROTO_IPV6; 589 cmsg->cmsg_type = IPV6_DSTOPTS; 590 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_dstoptslen; 591 optptr += sizeof (*cmsg); 592 593 bcopy(ipp->ipp_dstopts, optptr, ipp->ipp_dstoptslen); 594 optptr += ipp->ipp_dstoptslen; 595 ASSERT(OK_32PTR(optptr)); 596 /* Save as last value */ 597 ip_savebuf((void **)&sctp->sctp_dstopts, 598 &sctp->sctp_dstoptslen, 599 (ipp->ipp_fields & IPPF_DSTOPTS), 600 ipp->ipp_dstopts, ipp->ipp_dstoptslen); 601 } 602 603 ASSERT(optptr == mp1->b_wptr); 604 605 return (0); 606 } 607 608 void 609 sctp_free_reass(sctp_instr_t *sip) 610 { 611 mblk_t *mp, *mpnext, *mctl; 612 613 for (mp = sip->istr_reass; mp != NULL; mp = mpnext) { 614 mpnext = mp->b_next; 615 mp->b_next = NULL; 616 mp->b_prev = NULL; 617 if (DB_TYPE(mp) == M_CTL) { 618 mctl = mp; 619 ASSERT(mp->b_cont != NULL); 620 mp = mp->b_cont; 621 mctl->b_cont = NULL; 622 freeb(mctl); 623 } 624 freemsg(mp); 625 } 626 } 627 628 /* 629 * If the series of data fragments of which dmp is a part is successfully 630 * reassembled, the first mblk in the series is returned. dc is adjusted 631 * to point at the data chunk in the lead mblk, and b_rptr also points to 632 * the data chunk; the following mblk's b_rptr's point at the actual payload. 633 * 634 * If the series is not yet reassembled, NULL is returned. dc is not changed. 635 * XXX should probably move this up into the state machine. 636 */ 637 638 /* Fragment list for un-ordered messages. Partial delivery is not supported */ 639 static mblk_t * 640 sctp_uodata_frag(sctp_t *sctp, mblk_t *dmp, sctp_data_hdr_t **dc) 641 { 642 mblk_t *hmp; 643 mblk_t *begin = NULL; 644 mblk_t *end = NULL; 645 sctp_data_hdr_t *qdc; 646 uint32_t ntsn; 647 uint32_t tsn = ntohl((*dc)->sdh_tsn); 648 #ifdef DEBUG 649 mblk_t *mp1; 650 #endif 651 652 /* First frag. */ 653 if (sctp->sctp_uo_frags == NULL) { 654 sctp->sctp_uo_frags = dmp; 655 return (NULL); 656 } 657 hmp = sctp->sctp_uo_frags; 658 /* 659 * Insert the segment according to the TSN, fragmented unordered 660 * chunks are sequenced by TSN. 661 */ 662 while (hmp != NULL) { 663 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 664 ntsn = ntohl(qdc->sdh_tsn); 665 if (SEQ_GT(ntsn, tsn)) { 666 if (hmp->b_prev == NULL) { 667 dmp->b_next = hmp; 668 hmp->b_prev = dmp; 669 sctp->sctp_uo_frags = dmp; 670 } else { 671 dmp->b_next = hmp; 672 dmp->b_prev = hmp->b_prev; 673 hmp->b_prev->b_next = dmp; 674 hmp->b_prev = dmp; 675 } 676 break; 677 } 678 if (hmp->b_next == NULL) { 679 hmp->b_next = dmp; 680 dmp->b_prev = hmp; 681 break; 682 } 683 hmp = hmp->b_next; 684 } 685 /* check if we completed a msg */ 686 if (SCTP_DATA_GET_BBIT(*dc)) { 687 begin = dmp; 688 } else if (SCTP_DATA_GET_EBIT(*dc)) { 689 end = dmp; 690 } 691 /* 692 * We walk consecutive TSNs backwards till we get a seg. with 693 * the B bit 694 */ 695 if (begin == NULL) { 696 for (hmp = dmp->b_prev; hmp != NULL; hmp = hmp->b_prev) { 697 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 698 ntsn = ntohl(qdc->sdh_tsn); 699 if ((int32_t)(tsn - ntsn) > 1) { 700 return (NULL); 701 } 702 if (SCTP_DATA_GET_BBIT(qdc)) { 703 begin = hmp; 704 break; 705 } 706 tsn = ntsn; 707 } 708 } 709 tsn = ntohl((*dc)->sdh_tsn); 710 /* 711 * We walk consecutive TSNs till we get a seg. with the E bit 712 */ 713 if (end == NULL) { 714 for (hmp = dmp->b_next; hmp != NULL; hmp = hmp->b_next) { 715 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 716 ntsn = ntohl(qdc->sdh_tsn); 717 if ((int32_t)(ntsn - tsn) > 1) { 718 return (NULL); 719 } 720 if (SCTP_DATA_GET_EBIT(qdc)) { 721 end = hmp; 722 break; 723 } 724 tsn = ntsn; 725 } 726 } 727 if (begin == NULL || end == NULL) { 728 return (NULL); 729 } 730 /* Got one!, Remove the msg from the list */ 731 if (sctp->sctp_uo_frags == begin) { 732 ASSERT(begin->b_prev == NULL); 733 sctp->sctp_uo_frags = end->b_next; 734 if (end->b_next != NULL) 735 end->b_next->b_prev = NULL; 736 } else { 737 begin->b_prev->b_next = end->b_next; 738 if (end->b_next != NULL) 739 end->b_next->b_prev = begin->b_prev; 740 } 741 begin->b_prev = NULL; 742 end->b_next = NULL; 743 744 /* 745 * Null out b_next and b_prev and chain using b_cont. 746 */ 747 dmp = end = begin; 748 hmp = begin->b_next; 749 *dc = (sctp_data_hdr_t *)begin->b_rptr; 750 begin->b_next = NULL; 751 while (hmp != NULL) { 752 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 753 hmp->b_rptr = (uchar_t *)(qdc + 1); 754 end = hmp->b_next; 755 dmp->b_cont = hmp; 756 dmp = hmp; 757 758 if (end != NULL) 759 hmp->b_next = NULL; 760 hmp->b_prev = NULL; 761 hmp = end; 762 } 763 BUMP_LOCAL(sctp->sctp_reassmsgs); 764 #ifdef DEBUG 765 mp1 = begin; 766 while (mp1 != NULL) { 767 ASSERT(mp1->b_next == NULL); 768 ASSERT(mp1->b_prev == NULL); 769 mp1 = mp1->b_cont; 770 } 771 #endif 772 return (begin); 773 } 774 /* 775 * Fragment list for ordered messages. 776 * If no error occures, error is set to 0. If we run out of memory, error 777 * is set to 1. If the peer commits a fatal error (like using different 778 * sequence numbers for the same data fragment series), the association is 779 * aborted and error is set to 2. 780 */ 781 static mblk_t * 782 sctp_data_frag(sctp_t *sctp, mblk_t *dmp, sctp_data_hdr_t **dc, int *error, 783 sctp_instr_t *sip, int trypartial, int *tpfinished) 784 { 785 mblk_t *hmp; 786 mblk_t *pmp; 787 mblk_t *qmp; 788 mblk_t *mp; 789 mblk_t *prev; 790 mblk_t *prevprev; 791 mblk_t *first_mp; 792 sctp_reass_t *srp; 793 sctp_data_hdr_t *qdc; 794 sctp_data_hdr_t *bdc; 795 sctp_data_hdr_t *edc; 796 uint32_t tsn; 797 798 /* 799 * We can overwrite the Link Layer + IP header here, I suppose. 800 * The M_CTL does not leave this function. We need to check 801 * DB_REF(dmp) before using DB_BASE(dmp), since there could be 802 * two fragments for different ssns in the same mblk. 803 */ 804 #define SCTP_NEW_REASS(nmp, dmp, srp, seterror) \ 805 if ((DB_REF(dmp) == 2) && (MBLKHEAD(dmp) >= \ 806 (sizeof (*(srp)) + sizeof (sctp_hdr_t)))) { \ 807 (nmp) = (dmp); \ 808 } else { \ 809 (nmp) = allocb(sizeof (*(srp)), BPRI_MED); \ 810 if ((nmp) == NULL) { \ 811 switch (seterror) { \ 812 case B_TRUE: \ 813 *error = 1; \ 814 break; \ 815 } \ 816 return (NULL); \ 817 } \ 818 DB_TYPE(nmp) = M_CTL; \ 819 (nmp)->b_cont = dmp; \ 820 } \ 821 (srp) = (sctp_reass_t *)DB_BASE(nmp); 822 823 *error = 0; 824 825 /* find the reassembly queue for this data chunk */ 826 hmp = qmp = sip->istr_reass; 827 for (; hmp != NULL; hmp = hmp->b_next) { 828 srp = (sctp_reass_t *)DB_BASE(hmp); 829 if (ntohs((*dc)->sdh_ssn) == srp->ssn) 830 goto foundit; 831 else if (SSN_GT(srp->ssn, ntohs((*dc)->sdh_ssn))) 832 break; 833 qmp = hmp; 834 } 835 836 SCTP_NEW_REASS(pmp, dmp, srp, B_TRUE); 837 srp->ssn = ntohs((*dc)->sdh_ssn); 838 srp->needed = 0; 839 srp->got = 1; 840 srp->tail = dmp; 841 srp->partial_delivered = B_FALSE; 842 843 if (hmp != NULL) { 844 if (sip->istr_reass == hmp) { 845 sip->istr_reass = pmp; 846 pmp->b_next = hmp; 847 pmp->b_prev = NULL; 848 hmp->b_prev = pmp; 849 } else { 850 qmp->b_next = pmp; 851 pmp->b_prev = qmp; 852 pmp->b_next = hmp; 853 hmp->b_prev = pmp; 854 } 855 } else { 856 /* make a new reass head and stick it on the end */ 857 if (sip->istr_reass == NULL) { 858 sip->istr_reass = pmp; 859 pmp->b_prev = NULL; 860 } else { 861 qmp->b_next = pmp; 862 pmp->b_prev = qmp; 863 } 864 pmp->b_next = NULL; 865 } 866 return (NULL); 867 foundit: 868 /* 869 * else already have a reassembly queue. Insert the new data chunk 870 * in the reassemble queue. Try the tail first, on the assumption 871 * that the fragments are coming in in order. 872 */ 873 874 qmp = srp->tail; 875 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 876 ASSERT(qmp->b_cont == NULL); 877 878 /* XXXIs it fine to do this just here? */ 879 if ((*dc)->sdh_sid != qdc->sdh_sid) { 880 /* our peer is fatally confused; XXX abort the assc */ 881 *error = 2; 882 return (NULL); 883 } 884 if (SEQ_GT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 885 qmp->b_cont = dmp; 886 srp->tail = dmp; 887 dmp->b_cont = NULL; 888 goto inserted; 889 } 890 891 /* Next check for insertion at the beginning */ 892 qmp = (DB_TYPE(hmp) == M_DATA) ? hmp : hmp->b_cont; 893 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 894 if (SEQ_LT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 895 if (DB_TYPE(hmp) == M_DATA) { 896 sctp_reass_t *srp1 = srp; 897 898 SCTP_NEW_REASS(pmp, dmp, srp, B_TRUE); 899 ASSERT(pmp->b_prev == NULL && pmp->b_next == NULL); 900 if (sip->istr_reass == hmp) { 901 sip->istr_reass = pmp; 902 if (hmp->b_next != NULL) { 903 hmp->b_next->b_prev = pmp; 904 pmp->b_next = hmp->b_next; 905 } 906 } else { 907 hmp->b_prev->b_next = pmp; 908 pmp->b_prev = hmp->b_prev; 909 if (hmp->b_next != NULL) { 910 hmp->b_next->b_prev = pmp; 911 pmp->b_next = hmp->b_next; 912 } 913 } 914 srp->ssn = srp1->ssn; 915 srp->needed = srp1->needed; 916 srp->got = srp1->got; 917 srp->tail = srp1->tail; 918 srp->partial_delivered = srp1->partial_delivered; 919 hmp->b_next = hmp->b_prev = NULL; 920 dmp->b_cont = hmp; 921 hmp = pmp; 922 } else { 923 ASSERT(DB_TYPE(hmp) == M_CTL); 924 dmp->b_cont = qmp; 925 hmp->b_cont = dmp; 926 } 927 goto inserted; 928 } 929 930 /* Insert somewhere in the middle */ 931 for (;;) { 932 /* Tail check above should have caught this */ 933 ASSERT(qmp->b_cont != NULL); 934 935 qdc = (sctp_data_hdr_t *)qmp->b_cont->b_rptr; 936 if (SEQ_LT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 937 /* insert here */ 938 dmp->b_cont = qmp->b_cont; 939 qmp->b_cont = dmp; 940 break; 941 } 942 qmp = qmp->b_cont; 943 } 944 945 inserted: 946 (srp->got)++; 947 first_mp = (DB_TYPE(hmp) == M_DATA) ? hmp : hmp->b_cont; 948 if (srp->needed == 0) { 949 /* check if we have the first and last fragments */ 950 bdc = (sctp_data_hdr_t *)first_mp->b_rptr; 951 edc = (sctp_data_hdr_t *)srp->tail->b_rptr; 952 953 /* calculate how many fragments are needed, if possible */ 954 if (SCTP_DATA_GET_BBIT(bdc) && SCTP_DATA_GET_EBIT(edc)) 955 srp->needed = ntohl(edc->sdh_tsn) - 956 ntohl(bdc->sdh_tsn) + 1; 957 } 958 959 if (srp->needed != srp->got) { 960 if (!trypartial) 961 return (NULL); 962 /* 963 * Try partial delivery. We need a consecutive run of 964 * at least two chunks, starting from the first chunk 965 * (which may have been the last + 1 chunk from a 966 * previous partial delivery). 967 */ 968 dprint(4, ("trypartial: got=%d, needed=%d\n", 969 (int)(srp->got), (int)(srp->needed))); 970 mp = first_mp; 971 if (mp->b_cont == NULL) { 972 /* need at least two chunks */ 973 dprint(4, ("trypartial: only 1 chunk\n")); 974 return (NULL); 975 } 976 977 qdc = (sctp_data_hdr_t *)mp->b_rptr; 978 if (!SCTP_DATA_GET_BBIT(qdc)) { 979 /* don't have first chunk; can't do it. */ 980 dprint(4, ("trypartial: no beginning\n")); 981 return (NULL); 982 } 983 984 tsn = ntohl(qdc->sdh_tsn) + 1; 985 986 /* 987 * This loop has two exit conditions: the 988 * end of received chunks has been reached, or 989 * there is a break in the sequence. We want 990 * to chop the reassembly list as follows (the 991 * numbers are TSNs): 992 * 10 -> 11 -> | 12 (end of chunks) 993 * 10 -> 11 -> | 12 -> 14 (break in sequence) 994 */ 995 prevprev = prev = mp; 996 mp = mp->b_cont; 997 while (mp != NULL) { 998 qdc = (sctp_data_hdr_t *)mp->b_rptr; 999 if (ntohl(qdc->sdh_tsn) != tsn) { 1000 /* 1001 * break in sequence. 1002 * 1st and 2nd chunks are not sequntial. 1003 */ 1004 if (mp == first_mp->b_cont) 1005 return (NULL); 1006 /* Back up mp and prev */ 1007 mp = prev; 1008 prev = prevprev; 1009 break; 1010 } 1011 1012 /* end of sequence */ 1013 if (mp->b_cont == NULL) 1014 break; 1015 1016 prevprev = prev; 1017 prev = mp; 1018 mp = mp->b_cont; 1019 tsn++; 1020 } 1021 if (DB_TYPE(hmp) == M_DATA) { 1022 sctp_reass_t *srp1 = srp; 1023 1024 SCTP_NEW_REASS(pmp, mp, srp, B_FALSE); 1025 ASSERT(pmp->b_prev == NULL && pmp->b_next == NULL); 1026 if (sip->istr_reass == hmp) { 1027 sip->istr_reass = pmp; 1028 if (hmp->b_next != NULL) { 1029 hmp->b_next->b_prev = pmp; 1030 pmp->b_next = hmp->b_next; 1031 } 1032 } else { 1033 hmp->b_prev->b_next = pmp; 1034 pmp->b_prev = hmp->b_prev; 1035 if (hmp->b_next != NULL) { 1036 hmp->b_next->b_prev = pmp; 1037 pmp->b_next = hmp->b_next; 1038 } 1039 } 1040 srp->ssn = srp1->ssn; 1041 srp->needed = srp1->needed; 1042 srp->got = srp1->got; 1043 srp->tail = srp1->tail; 1044 hmp->b_next = hmp->b_prev = NULL; 1045 dmp = hmp; 1046 hmp = pmp; 1047 } else { 1048 ASSERT(DB_TYPE(hmp) == M_CTL); 1049 dmp = hmp->b_cont; 1050 hmp->b_cont = mp; 1051 } 1052 /* 1053 * mp now points at the last chunk in the sequence, 1054 * and prev points to mp's previous in the list. 1055 * We chop the list at prev, and convert mp into the 1056 * new list head by setting the B bit. Subsequence 1057 * fragment deliveries will follow the normal reassembly 1058 * path. 1059 */ 1060 prev->b_cont = NULL; 1061 bdc = (sctp_data_hdr_t *)mp->b_rptr; 1062 SCTP_DATA_SET_BBIT(bdc); 1063 *tpfinished = 0; 1064 srp->partial_delivered = B_TRUE; 1065 1066 dprint(4, ("trypartial: got some, got=%d, needed=%d\n", 1067 (int)(srp->got), (int)(srp->needed))); 1068 goto fixup; 1069 } 1070 1071 /* 1072 * else reassembly done; prepare the data for delivery. 1073 * First unlink hmp from the ssn list. 1074 */ 1075 if (sip->istr_reass == hmp) { 1076 sip->istr_reass = hmp->b_next; 1077 if (hmp->b_next) { 1078 hmp->b_next->b_prev = NULL; 1079 } 1080 } else { 1081 ASSERT(hmp->b_prev != NULL); 1082 hmp->b_prev->b_next = hmp->b_next; 1083 if (hmp->b_next) { 1084 hmp->b_next->b_prev = hmp->b_prev; 1085 } 1086 } 1087 1088 /* 1089 * Using b_prev and b_next was a little sinful, but OK since 1090 * this mblk is never put*'d. However, freeb() will still 1091 * ASSERT that they are unused, so we need to NULL them out now. 1092 */ 1093 hmp->b_next = NULL; 1094 hmp->b_prev = NULL; 1095 dmp = hmp; 1096 if (DB_TYPE(hmp) == M_CTL) { 1097 dmp = dmp->b_cont; 1098 hmp->b_cont = NULL; 1099 freeb(hmp); 1100 } 1101 *tpfinished = 1; 1102 1103 fixup: 1104 /* 1105 * Adjust all mblk's except the lead so their rptr's point to the 1106 * payload. sctp_data_chunk() will need to process the lead's 1107 * data chunk section, so leave it's rptr pointing at the data chunk. 1108 */ 1109 *dc = (sctp_data_hdr_t *)dmp->b_rptr; 1110 if (trypartial && !(*tpfinished)) { 1111 (srp->got)--; 1112 ASSERT(srp->got != 0); 1113 if (srp->needed != 0) { 1114 (srp->needed)--; 1115 ASSERT(srp->needed != 0); 1116 } 1117 } 1118 for (qmp = dmp->b_cont; qmp; qmp = qmp->b_cont) { 1119 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 1120 qmp->b_rptr = (uchar_t *)(qdc + 1); 1121 1122 /* 1123 * If in partial delivery, deduct the balance from got 1124 * and needed here, now that we know we are actually 1125 * delivering these data. 1126 */ 1127 if (trypartial && !(*tpfinished)) { 1128 (srp->got)--; 1129 ASSERT(srp->got != 0); 1130 if (srp->needed != 0) { 1131 (srp->needed)--; 1132 ASSERT(srp->needed != 0); 1133 } 1134 } 1135 } 1136 BUMP_LOCAL(sctp->sctp_reassmsgs); 1137 1138 return (dmp); 1139 } 1140 1141 static void 1142 sctp_add_dup(uint32_t tsn, mblk_t **dups) 1143 { 1144 mblk_t *mp; 1145 size_t bsize = SCTP_DUP_MBLK_SZ * sizeof (tsn); 1146 1147 if (dups == NULL) { 1148 return; 1149 } 1150 1151 /* first time? */ 1152 if (*dups == NULL) { 1153 *dups = allocb(bsize, BPRI_MED); 1154 if (*dups == NULL) { 1155 return; 1156 } 1157 } 1158 1159 mp = *dups; 1160 if ((mp->b_wptr - mp->b_rptr) >= bsize) { 1161 /* maximum reached */ 1162 return; 1163 } 1164 1165 /* add the duplicate tsn */ 1166 bcopy(&tsn, mp->b_wptr, sizeof (tsn)); 1167 mp->b_wptr += sizeof (tsn); 1168 ASSERT((mp->b_wptr - mp->b_rptr) <= bsize); 1169 } 1170 1171 static void 1172 sctp_data_chunk(sctp_t *sctp, sctp_chunk_hdr_t *ch, mblk_t *mp, mblk_t **dups, 1173 sctp_faddr_t *fp, ip6_pkt_t *ipp) 1174 { 1175 sctp_data_hdr_t *dc; 1176 mblk_t *dmp, *pmp; 1177 mblk_t *errmp; 1178 sctp_instr_t *instr; 1179 int ubit; 1180 int isfrag; 1181 uint16_t ssn; 1182 uint32_t oftsn; 1183 boolean_t can_deliver = B_TRUE; 1184 uint32_t tsn; 1185 int dlen; 1186 int trypartial = 0; 1187 int tpfinished = 1; 1188 int32_t new_rwnd; 1189 1190 /* The following are used multiple times, so we inline them */ 1191 #define SCTP_ACK_IT(sctp, tsn) \ 1192 if (tsn == sctp->sctp_ftsn) { \ 1193 dprint(2, ("data_chunk: acking next %x\n", tsn)); \ 1194 (sctp->sctp_ftsn)++; \ 1195 } else if (SEQ_GT(tsn, sctp->sctp_ftsn)) { \ 1196 /* Got a gap; record it */ \ 1197 dprint(2, ("data_chunk: acking gap %x\n", tsn)); \ 1198 sctp_ack_add(&sctp->sctp_sack_info, \ 1199 tsn, \ 1200 &sctp->sctp_sack_gaps); \ 1201 sctp->sctp_force_sack = 1; \ 1202 } 1203 1204 errmp = NULL; 1205 dmp = NULL; 1206 1207 dc = (sctp_data_hdr_t *)ch; 1208 tsn = ntohl(dc->sdh_tsn); 1209 1210 dprint(3, ("sctp_data_chunk: mp=%p tsn=%x\n", (void *)mp, tsn)); 1211 1212 /* Check for duplicates */ 1213 if (SEQ_LT(tsn, sctp->sctp_ftsn)) { 1214 dprint(4, ("sctp_data_chunk: dropping duplicate\n")); 1215 sctp->sctp_force_sack = 1; 1216 sctp_add_dup(dc->sdh_tsn, dups); 1217 return; 1218 } 1219 1220 if (sctp->sctp_sack_info != NULL) { 1221 sctp_set_t *sp; 1222 1223 for (sp = sctp->sctp_sack_info; sp; sp = sp->next) { 1224 if (SEQ_GEQ(tsn, sp->begin) && SEQ_LEQ(tsn, sp->end)) { 1225 dprint(4, 1226 ("sctp_data_chunk: dropping dup > cumtsn\n")); 1227 sctp->sctp_force_sack = 1; 1228 sctp_add_dup(dc->sdh_tsn, dups); 1229 return; 1230 } 1231 } 1232 } 1233 1234 /* We cannot deliver anything up now but we still need to handle it. */ 1235 if (SCTP_IS_DETACHED(sctp)) { 1236 BUMP_MIB(&sctp_mib, sctpInClosed); 1237 can_deliver = B_FALSE; 1238 } 1239 1240 dlen = ntohs(dc->sdh_len) - sizeof (*dc); 1241 1242 /* Check for buffer space */ 1243 if (sctp->sctp_rwnd - sctp->sctp_rxqueued < dlen) { 1244 /* Drop and SACK, but don't advance the cumulative TSN. */ 1245 sctp->sctp_force_sack = 1; 1246 dprint(0, ("sctp_data_chunk: exceed rwnd %d rxqueued %d " 1247 "ssn %d tsn %x\n", sctp->sctp_rwnd, 1248 sctp->sctp_rxqueued, dc->sdh_ssn, ntohl(dc->sdh_tsn))); 1249 return; 1250 } 1251 1252 if (ntohs(dc->sdh_sid) >= sctp->sctp_num_istr) { 1253 uint16_t inval_parm[2]; 1254 1255 inval_parm[0] = dc->sdh_sid; 1256 /* RESERVED to be ignored at the receiving end */ 1257 inval_parm[1] = 0; 1258 /* ack and drop it */ 1259 errmp = sctp_make_err(sctp, SCTP_ERR_BAD_SID, 1260 (char *)inval_parm, sizeof (inval_parm)); 1261 SCTP_ACK_IT(sctp, tsn); 1262 if (errmp != NULL) 1263 sctp_send_err(sctp, errmp, NULL); 1264 return; 1265 } 1266 1267 ubit = SCTP_DATA_GET_UBIT(dc); 1268 ASSERT(sctp->sctp_instr != NULL); 1269 instr = &sctp->sctp_instr[ntohs(dc->sdh_sid)]; 1270 /* Initialize the stream, if not yet used */ 1271 if (instr->sctp == NULL) 1272 instr->sctp = sctp; 1273 /* 1274 * If we are getting low on buffers set trypartial to try 1275 * a partial delivery if we are reassembling a fragmented 1276 * message. Only do this if we can immediately deliver the 1277 * partially assembled message, and only partially deliver 1278 * one message at a time (i.e. messages cannot be intermixed 1279 * arriving at the upper layer). A simple way to enforce 1280 * this is to only try partial delivery if this TSN is 1281 * the next expected TSN. Partial Delivery not supported 1282 * for un-ordered message. 1283 */ 1284 isfrag = !(SCTP_DATA_GET_BBIT(dc) && SCTP_DATA_GET_EBIT(dc)); 1285 ssn = ntohs(dc->sdh_ssn); 1286 if ((sctp->sctp_rwnd - sctp->sctp_rxqueued < SCTP_RECV_LOWATER) && 1287 !ubit && isfrag && (tsn == sctp->sctp_ftsn)) { 1288 trypartial = 1; 1289 } 1290 1291 dmp = dupb(mp); 1292 if (dmp == NULL) { 1293 /* drop it and don't ack it, causing the peer to retransmit */ 1294 return; 1295 } 1296 dmp->b_wptr = (uchar_t *)ch + ntohs(ch->sch_len); 1297 1298 sctp->sctp_rxqueued += dlen; 1299 1300 oftsn = sctp->sctp_ftsn; 1301 1302 if (isfrag) { 1303 int error = 0; 1304 1305 /* fragmented data chunk */ 1306 dmp->b_rptr = (uchar_t *)dc; 1307 if (ubit) { 1308 dmp = sctp_uodata_frag(sctp, dmp, &dc); 1309 #if DEBUG 1310 if (dmp != NULL) { 1311 ASSERT(instr == 1312 &sctp->sctp_instr[ntohs(dc->sdh_sid)]); 1313 } 1314 #endif 1315 } else { 1316 dmp = sctp_data_frag(sctp, dmp, &dc, &error, instr, 1317 trypartial, &tpfinished); 1318 } 1319 if (error != 0) { 1320 sctp->sctp_rxqueued -= dlen; 1321 if (error == 1) { 1322 /* 1323 * out of memory; don't ack it so 1324 * the peer retransmits 1325 */ 1326 return; 1327 } else if (error == 2) { 1328 /* 1329 * fatal error (i.e. peer used different 1330 * ssn's for same fragmented data) -- 1331 * the association has been aborted. 1332 * XXX need to return errval so state 1333 * machine can also abort processing. 1334 */ 1335 dprint(0, ("error 2: must not happen!\n")); 1336 return; 1337 } 1338 } 1339 1340 if (dmp == NULL) { 1341 /* 1342 * Can't process this data now, but the cumulative 1343 * TSN may be advanced, so do the checks at done. 1344 */ 1345 SCTP_ACK_IT(sctp, tsn); 1346 goto done; 1347 } 1348 } 1349 1350 if (!ubit && !trypartial && ssn != instr->nextseq) { 1351 /* Adjust rptr to point at the data chunk for compares */ 1352 dmp->b_rptr = (uchar_t *)dc; 1353 1354 dprint(2, 1355 ("data_chunk: inserted %x in pq (ssn %d expected %d)\n", 1356 ntohl(dc->sdh_tsn), (int)(ssn), (int)(instr->nextseq))); 1357 1358 if (instr->istr_msgs == NULL) { 1359 instr->istr_msgs = dmp; 1360 ASSERT(dmp->b_prev == NULL && dmp->b_next == NULL); 1361 } else { 1362 mblk_t *imblk = instr->istr_msgs; 1363 sctp_data_hdr_t *idc; 1364 1365 /* 1366 * XXXNeed to take sequence wraps into account, 1367 * ... and a more efficient insertion algo. 1368 */ 1369 for (;;) { 1370 idc = (sctp_data_hdr_t *)imblk->b_rptr; 1371 if (SSN_GT(ntohs(idc->sdh_ssn), 1372 ntohs(dc->sdh_ssn))) { 1373 if (instr->istr_msgs == imblk) { 1374 instr->istr_msgs = dmp; 1375 dmp->b_next = imblk; 1376 imblk->b_prev = dmp; 1377 } else { 1378 ASSERT(imblk->b_prev != NULL); 1379 imblk->b_prev->b_next = dmp; 1380 dmp->b_prev = imblk->b_prev; 1381 imblk->b_prev = dmp; 1382 dmp->b_next = imblk; 1383 } 1384 break; 1385 } 1386 if (imblk->b_next == NULL) { 1387 imblk->b_next = dmp; 1388 dmp->b_prev = imblk; 1389 break; 1390 } 1391 imblk = imblk->b_next; 1392 } 1393 } 1394 (instr->istr_nmsgs)++; 1395 (sctp->sctp_istr_nmsgs)++; 1396 SCTP_ACK_IT(sctp, tsn); 1397 return; 1398 } 1399 1400 /* 1401 * Else we can deliver the data directly. Recalculate 1402 * dlen now since we may have reassembled data. 1403 */ 1404 dlen = dmp->b_wptr - (uchar_t *)dc - sizeof (*dc); 1405 for (pmp = dmp->b_cont; pmp != NULL; pmp = pmp->b_cont) 1406 dlen += pmp->b_wptr - pmp->b_rptr; 1407 ASSERT(sctp->sctp_rxqueued >= dlen); 1408 ASSERT(sctp->sctp_rwnd >= dlen); 1409 1410 /* Deliver the message. */ 1411 sctp->sctp_rxqueued -= dlen; 1412 1413 if (can_deliver) { 1414 dmp->b_rptr = (uchar_t *)(dc + 1); 1415 if (sctp_input_add_ancillary(sctp, &dmp, dc, fp, ipp) == 0) { 1416 dprint(1, ("sctp_data_chunk: delivering %lu bytes\n", 1417 msgdsize(dmp))); 1418 sctp->sctp_rwnd -= dlen; 1419 new_rwnd = sctp->sctp_ulp_recv(sctp->sctp_ulpd, dmp, 1420 tpfinished ? 0 : SCTP_PARTIAL_DATA); 1421 if (new_rwnd > sctp->sctp_rwnd) { 1422 sctp->sctp_rwnd = new_rwnd; 1423 } 1424 SCTP_ACK_IT(sctp, tsn); 1425 } else { 1426 /* Just free the message if we don't have memory. */ 1427 freemsg(dmp); 1428 return; 1429 } 1430 } else { 1431 /* About to free the data */ 1432 freemsg(dmp); 1433 SCTP_ACK_IT(sctp, tsn); 1434 } 1435 1436 /* 1437 * data, now enqueued, may already have been processed and free'd 1438 * by the ULP (or we may have just freed it above, if we could not 1439 * deliver it), so we must not reference it (this is why we kept 1440 * the ssn and ubit above). 1441 */ 1442 if (ubit != 0) { 1443 BUMP_LOCAL(sctp->sctp_iudchunks); 1444 goto done; 1445 } 1446 BUMP_LOCAL(sctp->sctp_idchunks); 1447 1448 /* 1449 * If there was a partial delivery and it has not finished, 1450 * don't pull anything from the pqueues. 1451 */ 1452 if (!tpfinished) { 1453 goto done; 1454 } 1455 1456 instr->nextseq = ssn + 1; 1457 /* Deliver any successive data chunks in the instr queue */ 1458 while (instr->istr_nmsgs > 0) { 1459 dmp = (mblk_t *)instr->istr_msgs; 1460 dc = (sctp_data_hdr_t *)dmp->b_rptr; 1461 ssn = ntohs(dc->sdh_ssn); 1462 /* Gap in the sequence */ 1463 if (ssn != instr->nextseq) 1464 break; 1465 1466 /* Else deliver the data */ 1467 (instr->istr_nmsgs)--; 1468 (instr->nextseq)++; 1469 (sctp->sctp_istr_nmsgs)--; 1470 1471 instr->istr_msgs = instr->istr_msgs->b_next; 1472 if (instr->istr_msgs != NULL) 1473 instr->istr_msgs->b_prev = NULL; 1474 dmp->b_next = dmp->b_prev = NULL; 1475 1476 dprint(2, ("data_chunk: pulling %x from pq (ssn %d)\n", 1477 ntohl(dc->sdh_tsn), (int)ssn)); 1478 1479 /* 1480 * If this chunk was reassembled, each b_cont represents 1481 * another TSN; advance ftsn now. 1482 */ 1483 dlen = dmp->b_wptr - dmp->b_rptr - sizeof (*dc); 1484 for (pmp = dmp->b_cont; pmp; pmp = pmp->b_cont) 1485 dlen += pmp->b_wptr - pmp->b_rptr; 1486 1487 ASSERT(sctp->sctp_rxqueued >= dlen); 1488 ASSERT(sctp->sctp_rwnd >= dlen); 1489 1490 sctp->sctp_rxqueued -= dlen; 1491 if (can_deliver) { 1492 dmp->b_rptr = (uchar_t *)(dc + 1); 1493 if (sctp_input_add_ancillary(sctp, &dmp, dc, fp, 1494 ipp) == 0) { 1495 dprint(1, ("sctp_data_chunk: delivering %lu " 1496 "bytes\n", msgdsize(dmp))); 1497 sctp->sctp_rwnd -= dlen; 1498 new_rwnd = sctp->sctp_ulp_recv(sctp->sctp_ulpd, 1499 dmp, tpfinished ? 0 : SCTP_PARTIAL_DATA); 1500 if (new_rwnd > sctp->sctp_rwnd) { 1501 sctp->sctp_rwnd = new_rwnd; 1502 } 1503 SCTP_ACK_IT(sctp, tsn); 1504 } else { 1505 freemsg(dmp); 1506 return; 1507 } 1508 } else { 1509 /* About to free the data */ 1510 freemsg(dmp); 1511 SCTP_ACK_IT(sctp, tsn); 1512 } 1513 } 1514 1515 done: 1516 1517 /* 1518 * If there are gap reports pending, check if advancing 1519 * the ftsn here closes a gap. If so, we can advance 1520 * ftsn to the end of the set. 1521 */ 1522 if (sctp->sctp_sack_info != NULL && 1523 sctp->sctp_ftsn == sctp->sctp_sack_info->begin) { 1524 sctp->sctp_ftsn = sctp->sctp_sack_info->end + 1; 1525 } 1526 /* 1527 * If ftsn has moved forward, maybe we can remove gap reports. 1528 * NB: dmp may now be NULL, so don't dereference it here. 1529 */ 1530 if (oftsn != sctp->sctp_ftsn && sctp->sctp_sack_info != NULL) { 1531 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 1532 &sctp->sctp_sack_gaps); 1533 dprint(2, ("data_chunk: removed acks before %x (num=%d)\n", 1534 sctp->sctp_ftsn - 1, sctp->sctp_sack_gaps)); 1535 } 1536 1537 #ifdef DEBUG 1538 if (sctp->sctp_sack_info != NULL) { 1539 ASSERT(sctp->sctp_ftsn != sctp->sctp_sack_info->begin); 1540 } 1541 #endif 1542 1543 #undef SCTP_ACK_IT 1544 } 1545 1546 void 1547 sctp_fill_sack(sctp_t *sctp, unsigned char *dst, int sacklen) 1548 { 1549 sctp_chunk_hdr_t *sch; 1550 sctp_sack_chunk_t *sc; 1551 sctp_sack_frag_t *sf; 1552 uint16_t num_gaps = sctp->sctp_sack_gaps; 1553 sctp_set_t *sp; 1554 1555 /* Chunk hdr */ 1556 sch = (sctp_chunk_hdr_t *)dst; 1557 sch->sch_id = CHUNK_SACK; 1558 sch->sch_flags = 0; 1559 sch->sch_len = htons(sacklen); 1560 1561 /* SACK chunk */ 1562 sctp->sctp_lastacked = sctp->sctp_ftsn - 1; 1563 1564 sc = (sctp_sack_chunk_t *)(sch + 1); 1565 sc->ssc_cumtsn = htonl(sctp->sctp_lastacked); 1566 if (sctp->sctp_rxqueued < sctp->sctp_rwnd) { 1567 sc->ssc_a_rwnd = htonl(sctp->sctp_rwnd - sctp->sctp_rxqueued); 1568 } else { 1569 sc->ssc_a_rwnd = 0; 1570 } 1571 sc->ssc_numfrags = htons(num_gaps); 1572 sc->ssc_numdups = 0; 1573 1574 /* lay in gap reports */ 1575 sf = (sctp_sack_frag_t *)(sc + 1); 1576 for (sp = sctp->sctp_sack_info; sp; sp = sp->next) { 1577 uint16_t offset; 1578 1579 /* start */ 1580 if (sp->begin > sctp->sctp_lastacked) { 1581 offset = (uint16_t)(sp->begin - sctp->sctp_lastacked); 1582 } else { 1583 /* sequence number wrap */ 1584 offset = (uint16_t)(UINT32_MAX - sctp->sctp_lastacked + 1585 sp->begin); 1586 } 1587 sf->ssf_start = htons(offset); 1588 1589 /* end */ 1590 if (sp->end >= sp->begin) { 1591 offset += (uint16_t)(sp->end - sp->begin); 1592 } else { 1593 /* sequence number wrap */ 1594 offset += (uint16_t)(UINT32_MAX - sp->begin + sp->end); 1595 } 1596 sf->ssf_end = htons(offset); 1597 1598 sf++; 1599 /* This is just for debugging (a la the following assertion) */ 1600 num_gaps--; 1601 } 1602 1603 ASSERT(num_gaps == 0); 1604 1605 /* If the SACK timer is running, stop it */ 1606 if (sctp->sctp_ack_timer_running) { 1607 sctp_timer_stop(sctp->sctp_ack_mp); 1608 sctp->sctp_ack_timer_running = B_FALSE; 1609 } 1610 1611 BUMP_LOCAL(sctp->sctp_obchunks); 1612 } 1613 1614 mblk_t * 1615 sctp_make_sack(sctp_t *sctp, sctp_faddr_t *sendto, mblk_t *dups) 1616 { 1617 mblk_t *smp; 1618 size_t slen; 1619 sctp_chunk_hdr_t *sch; 1620 sctp_sack_chunk_t *sc; 1621 1622 if (sctp->sctp_force_sack) { 1623 sctp->sctp_force_sack = 0; 1624 goto checks_done; 1625 } 1626 1627 if (sctp->sctp_state == SCTPS_ESTABLISHED) { 1628 if (sctp->sctp_sack_toggle < 2) { 1629 /* no need to SACK right now */ 1630 dprint(2, ("sctp_make_sack: %p no sack (toggle)\n", 1631 (void *)sctp)); 1632 return (NULL); 1633 } else if (sctp->sctp_sack_toggle >= 2) { 1634 sctp->sctp_sack_toggle = 0; 1635 } 1636 } 1637 1638 if (sctp->sctp_ftsn == sctp->sctp_lastacked + 1) { 1639 dprint(2, ("sctp_make_sack: %p no sack (already)\n", 1640 (void *)sctp)); 1641 return (NULL); 1642 } 1643 1644 checks_done: 1645 dprint(2, ("sctp_make_sack: acking %x\n", sctp->sctp_ftsn - 1)); 1646 1647 slen = sizeof (*sch) + sizeof (*sc) + 1648 (sizeof (sctp_sack_frag_t) * sctp->sctp_sack_gaps); 1649 smp = sctp_make_mp(sctp, sendto, slen); 1650 if (smp == NULL) { 1651 return (NULL); 1652 } 1653 sch = (sctp_chunk_hdr_t *)smp->b_wptr; 1654 1655 sctp_fill_sack(sctp, smp->b_wptr, slen); 1656 smp->b_wptr += slen; 1657 if (dups) { 1658 sc = (sctp_sack_chunk_t *)(sch + 1); 1659 sc->ssc_numdups = htons((dups->b_wptr - dups->b_rptr) 1660 / sizeof (uint32_t)); 1661 sch->sch_len = htons(slen + (dups->b_wptr - dups->b_rptr)); 1662 smp->b_cont = dups; 1663 } 1664 1665 return (smp); 1666 } 1667 1668 void 1669 sctp_sack(sctp_t *sctp, mblk_t *dups) 1670 { 1671 mblk_t *smp; 1672 1673 /* If we are shutting down, let send_shutdown() bundle the SACK */ 1674 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 1675 sctp_send_shutdown(sctp, 0); 1676 } 1677 1678 ASSERT(sctp->sctp_lastdata != NULL); 1679 1680 if ((smp = sctp_make_sack(sctp, sctp->sctp_lastdata, dups)) == NULL) { 1681 /* The caller of sctp_sack() will not free the dups mblk. */ 1682 if (dups != NULL) 1683 freeb(dups); 1684 return; 1685 } 1686 1687 sctp_set_iplen(sctp, smp); 1688 1689 dprint(2, ("sctp_sack: sending to %p %x:%x:%x:%x\n", 1690 (void *)sctp->sctp_lastdata, 1691 SCTP_PRINTADDR(sctp->sctp_lastdata->faddr))); 1692 1693 sctp->sctp_active = lbolt64; 1694 1695 BUMP_MIB(&sctp_mib, sctpOutAck); 1696 sctp_add_sendq(sctp, smp); 1697 } 1698 1699 /* 1700 * This is called if we have a message that was partially sent and is 1701 * abandoned. The cum TSN will be the last chunk sent for this message, 1702 * subsequent chunks will be marked ABANDONED. We send a Forward TSN 1703 * chunk in this case with the TSN of the last sent chunk so that the 1704 * peer can clean up its fragment list for this message. This message 1705 * will be removed from the transmit list when the peer sends a SACK 1706 * back. 1707 */ 1708 int 1709 sctp_check_abandoned_msg(sctp_t *sctp, mblk_t *meta) 1710 { 1711 sctp_data_hdr_t *dh; 1712 mblk_t *nmp; 1713 mblk_t *head; 1714 int32_t unsent = 0; 1715 mblk_t *mp1 = meta->b_cont; 1716 uint32_t adv_pap = sctp->sctp_adv_pap; 1717 sctp_faddr_t *fp = sctp->sctp_current; 1718 1719 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1720 if (SEQ_GEQ(sctp->sctp_lastack_rxd, ntohl(dh->sdh_tsn))) { 1721 sctp_ftsn_set_t *sets = NULL; 1722 uint_t nsets = 0; 1723 uint32_t seglen = sizeof (uint32_t); 1724 boolean_t ubit = SCTP_DATA_GET_UBIT(dh); 1725 1726 while (mp1->b_next != NULL && SCTP_CHUNK_ISSENT(mp1->b_next)) 1727 mp1 = mp1->b_next; 1728 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1729 sctp->sctp_adv_pap = ntohl(dh->sdh_tsn); 1730 if (!ubit && 1731 !sctp_add_ftsn_set(&sets, fp, meta, &nsets, &seglen)) { 1732 sctp->sctp_adv_pap = adv_pap; 1733 return (ENOMEM); 1734 } 1735 nmp = sctp_make_ftsn_chunk(sctp, fp, sets, nsets, seglen); 1736 sctp_free_ftsn_set(sets); 1737 if (nmp == NULL) { 1738 sctp->sctp_adv_pap = adv_pap; 1739 return (ENOMEM); 1740 } 1741 head = sctp_add_proto_hdr(sctp, fp, nmp, 0, NULL); 1742 if (head == NULL) { 1743 sctp->sctp_adv_pap = adv_pap; 1744 freemsg(nmp); 1745 return (ENOMEM); 1746 } 1747 SCTP_MSG_SET_ABANDONED(meta); 1748 sctp_set_iplen(sctp, head); 1749 sctp_add_sendq(sctp, head); 1750 if (!fp->timer_running) 1751 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->rto); 1752 mp1 = mp1->b_next; 1753 while (mp1 != NULL) { 1754 ASSERT(!SCTP_CHUNK_ISSENT(mp1)); 1755 ASSERT(!SCTP_CHUNK_ABANDONED(mp1)); 1756 SCTP_ABANDON_CHUNK(mp1); 1757 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1758 unsent += ntohs(dh->sdh_len) - sizeof (*dh); 1759 mp1 = mp1->b_next; 1760 } 1761 ASSERT(sctp->sctp_unsent >= unsent); 1762 sctp->sctp_unsent -= unsent; 1763 /* 1764 * Update ULP the amount of queued data, which is 1765 * sent-unack'ed + unsent. 1766 */ 1767 if (!SCTP_IS_DETACHED(sctp)) { 1768 sctp->sctp_ulp_xmitted(sctp->sctp_ulpd, 1769 sctp->sctp_unacked + sctp->sctp_unsent); 1770 } 1771 return (0); 1772 } 1773 return (-1); 1774 } 1775 1776 uint32_t 1777 sctp_cumack(sctp_t *sctp, uint32_t tsn, mblk_t **first_unacked) 1778 { 1779 mblk_t *ump, *nump, *mp = NULL; 1780 uint16_t chunklen; 1781 uint32_t xtsn; 1782 sctp_faddr_t *fp; 1783 sctp_data_hdr_t *sdc; 1784 uint32_t cumack_forward = 0; 1785 sctp_msg_hdr_t *mhdr; 1786 1787 ump = sctp->sctp_xmit_head; 1788 1789 /* 1790 * Free messages only when they're completely acked. 1791 */ 1792 while (ump != NULL) { 1793 mhdr = (sctp_msg_hdr_t *)ump->b_rptr; 1794 for (mp = ump->b_cont; mp != NULL; mp = mp->b_next) { 1795 if (SCTP_CHUNK_ABANDONED(mp)) { 1796 ASSERT(SCTP_IS_MSG_ABANDONED(ump)); 1797 mp = NULL; 1798 break; 1799 } 1800 /* 1801 * We check for abandoned message if we are PR-SCTP 1802 * aware, if this is not the first chunk in the 1803 * message (b_cont) and if the message is marked 1804 * abandoned. 1805 */ 1806 if (!SCTP_CHUNK_ISSENT(mp)) { 1807 if (sctp->sctp_prsctp_aware && 1808 mp != ump->b_cont && 1809 (SCTP_IS_MSG_ABANDONED(ump) || 1810 SCTP_MSG_TO_BE_ABANDONED(ump, mhdr, 1811 sctp))) { 1812 (void) sctp_check_abandoned_msg(sctp, 1813 ump); 1814 } 1815 goto cum_ack_done; 1816 } 1817 sdc = (sctp_data_hdr_t *)mp->b_rptr; 1818 xtsn = ntohl(sdc->sdh_tsn); 1819 if (SEQ_GEQ(sctp->sctp_lastack_rxd, xtsn)) 1820 continue; 1821 if (SEQ_GEQ(tsn, xtsn)) { 1822 fp = SCTP_CHUNK_DEST(mp); 1823 chunklen = ntohs(sdc->sdh_len); 1824 1825 if (sctp->sctp_out_time != 0 && 1826 xtsn == sctp->sctp_rtt_tsn) { 1827 /* Got a new RTT measurement */ 1828 sctp_update_rtt(sctp, fp, 1829 lbolt64 - sctp->sctp_out_time); 1830 sctp->sctp_out_time = 0; 1831 } 1832 if (SCTP_CHUNK_ISACKED(mp)) 1833 continue; 1834 SCTP_CHUNK_ACKED(mp); 1835 ASSERT(fp->suna >= chunklen); 1836 fp->suna -= chunklen; 1837 fp->acked += chunklen; 1838 cumack_forward += chunklen; 1839 ASSERT(sctp->sctp_unacked >= 1840 (chunklen - sizeof (*sdc))); 1841 sctp->sctp_unacked -= 1842 (chunklen - sizeof (*sdc)); 1843 if (fp->suna == 0) { 1844 /* all outstanding data acked */ 1845 fp->pba = 0; 1846 SCTP_FADDR_TIMER_STOP(fp); 1847 } else { 1848 SCTP_FADDR_TIMER_RESTART(sctp, fp, 1849 fp->rto); 1850 } 1851 } else { 1852 goto cum_ack_done; 1853 } 1854 } 1855 nump = ump->b_next; 1856 if (nump != NULL) 1857 nump->b_prev = NULL; 1858 if (ump == sctp->sctp_xmit_tail) 1859 sctp->sctp_xmit_tail = nump; 1860 if (SCTP_IS_MSG_ABANDONED(ump)) { 1861 BUMP_LOCAL(sctp->sctp_prsctpdrop); 1862 ump->b_next = NULL; 1863 sctp_sendfail_event(sctp, ump, 0, B_TRUE); 1864 } else { 1865 sctp_free_msg(ump); 1866 } 1867 sctp->sctp_xmit_head = ump = nump; 1868 } 1869 cum_ack_done: 1870 *first_unacked = mp; 1871 if (cumack_forward > 0) { 1872 BUMP_MIB(&sctp_mib, sctpInAck); 1873 if (SEQ_GT(sctp->sctp_lastack_rxd, sctp->sctp_recovery_tsn)) { 1874 sctp->sctp_recovery_tsn = sctp->sctp_lastack_rxd; 1875 } 1876 1877 /* 1878 * Update ULP the amount of queued data, which is 1879 * sent-unack'ed + unsent. 1880 */ 1881 if (!SCTP_IS_DETACHED(sctp)) { 1882 sctp->sctp_ulp_xmitted(sctp->sctp_ulpd, 1883 sctp->sctp_unacked + sctp->sctp_unsent); 1884 } 1885 1886 /* Time to send a shutdown? */ 1887 if (sctp->sctp_state == SCTPS_SHUTDOWN_PENDING) { 1888 sctp_send_shutdown(sctp, 0); 1889 } 1890 sctp->sctp_xmit_unacked = mp; 1891 } else { 1892 /* dup ack */ 1893 BUMP_MIB(&sctp_mib, sctpInDupAck); 1894 } 1895 sctp->sctp_lastack_rxd = tsn; 1896 if (SEQ_LT(sctp->sctp_adv_pap, sctp->sctp_lastack_rxd)) 1897 sctp->sctp_adv_pap = sctp->sctp_lastack_rxd; 1898 ASSERT(sctp->sctp_xmit_head || sctp->sctp_unacked == 0); 1899 1900 return (cumack_forward); 1901 } 1902 1903 static int 1904 sctp_set_frwnd(sctp_t *sctp, uint32_t frwnd) 1905 { 1906 uint32_t orwnd; 1907 1908 if (sctp->sctp_unacked > frwnd) { 1909 sctp->sctp_frwnd = 0; 1910 return (0); 1911 } 1912 orwnd = sctp->sctp_frwnd; 1913 sctp->sctp_frwnd = frwnd - sctp->sctp_unacked; 1914 if (orwnd < sctp->sctp_frwnd) { 1915 return (1); 1916 } else { 1917 return (0); 1918 } 1919 } 1920 1921 /* 1922 * For un-ordered messages. 1923 * Walk the sctp->sctp_uo_frag list and remove any fragments with TSN 1924 * less than/equal to ftsn. Fragments for un-ordered messages are 1925 * strictly in sequence (w.r.t TSN). 1926 */ 1927 static int 1928 sctp_ftsn_check_uo_frag(sctp_t *sctp, uint32_t ftsn) 1929 { 1930 mblk_t *hmp; 1931 mblk_t *hmp_next; 1932 sctp_data_hdr_t *dc; 1933 int dlen = 0; 1934 1935 hmp = sctp->sctp_uo_frags; 1936 while (hmp != NULL) { 1937 hmp_next = hmp->b_next; 1938 dc = (sctp_data_hdr_t *)hmp->b_rptr; 1939 if (SEQ_GT(ntohl(dc->sdh_tsn), ftsn)) 1940 return (dlen); 1941 sctp->sctp_uo_frags = hmp_next; 1942 if (hmp_next != NULL) 1943 hmp_next->b_prev = NULL; 1944 hmp->b_next = NULL; 1945 dlen += ntohs(dc->sdh_len) - sizeof (*dc); 1946 freeb(hmp); 1947 hmp = hmp_next; 1948 } 1949 return (dlen); 1950 } 1951 1952 /* 1953 * For ordered messages. 1954 * Check for existing fragments for an sid-ssn pair reported as abandoned, 1955 * hence will not receive, in the Forward TSN. If there are fragments, then 1956 * we just nuke them. If and when Partial Delivery API is supported, we 1957 * would need to send a notification to the upper layer about this. 1958 */ 1959 static int 1960 sctp_ftsn_check_frag(sctp_t *sctp, uint16_t ssn, sctp_instr_t *sip) 1961 { 1962 sctp_reass_t *srp; 1963 mblk_t *hmp; 1964 mblk_t *dmp; 1965 mblk_t *hmp_next; 1966 sctp_data_hdr_t *dc; 1967 int dlen = 0; 1968 1969 hmp = sip->istr_reass; 1970 while (hmp != NULL) { 1971 hmp_next = hmp->b_next; 1972 srp = (sctp_reass_t *)DB_BASE(hmp); 1973 if (SSN_GT(srp->ssn, ssn)) 1974 return (dlen); 1975 /* 1976 * If we had sent part of this message up, send a partial 1977 * delivery event. Since this is ordered delivery, we should 1978 * have sent partial message only for the next in sequence, 1979 * hence the ASSERT. See comments in sctp_data_chunk() for 1980 * trypartial. 1981 */ 1982 if (srp->partial_delivered) { 1983 ASSERT(sip->nextseq == srp->ssn); 1984 sctp_partial_delivery_event(sctp); 1985 } 1986 /* Take it out of the reass queue */ 1987 sip->istr_reass = hmp_next; 1988 if (hmp_next != NULL) 1989 hmp_next->b_prev = NULL; 1990 hmp->b_next = NULL; 1991 ASSERT(hmp->b_prev == NULL); 1992 dmp = hmp; 1993 if (DB_TYPE(hmp) == M_CTL) { 1994 dmp = hmp->b_cont; 1995 hmp->b_cont = NULL; 1996 freeb(hmp); 1997 hmp = dmp; 1998 } 1999 while (dmp != NULL) { 2000 dc = (sctp_data_hdr_t *)dmp->b_rptr; 2001 dlen += ntohs(dc->sdh_len) - sizeof (*dc); 2002 dmp = dmp->b_cont; 2003 } 2004 freemsg(hmp); 2005 hmp = hmp_next; 2006 } 2007 return (dlen); 2008 } 2009 2010 /* 2011 * Update sctp_ftsn to the cumulative TSN from the Forward TSN chunk. Remove 2012 * any SACK gaps less than the newly updated sctp_ftsn. Walk through the 2013 * sid-ssn pair in the Forward TSN and for each, clean the fragment list 2014 * for this pair, if needed, and check if we can deliver subsequent 2015 * messages, if any, from the instream queue (that were waiting for this 2016 * sid-ssn message to show up). Once we are done try to update the SACK 2017 * info. We could get a duplicate Forward TSN, in which case just send 2018 * a SACK. If any of the sid values in the the Forward TSN is invalid, 2019 * send back an "Invalid Stream Identifier" error and continue processing 2020 * the rest. 2021 */ 2022 static void 2023 sctp_process_forward_tsn(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp, 2024 ip6_pkt_t *ipp) 2025 { 2026 uint32_t *ftsn = (uint32_t *)(ch + 1); 2027 ftsn_entry_t *ftsn_entry; 2028 sctp_instr_t *instr; 2029 boolean_t can_deliver = B_TRUE; 2030 size_t dlen; 2031 int flen; 2032 mblk_t *dmp; 2033 mblk_t *pmp; 2034 sctp_data_hdr_t *dc; 2035 ssize_t remaining; 2036 2037 *ftsn = ntohl(*ftsn); 2038 remaining = ntohs(ch->sch_len) - sizeof (*ch) - sizeof (*ftsn); 2039 2040 if (SCTP_IS_DETACHED(sctp)) { 2041 BUMP_MIB(&sctp_mib, sctpInClosed); 2042 can_deliver = B_FALSE; 2043 } 2044 /* 2045 * un-ordered messages don't have SID-SSN pair entries, we check 2046 * for any fragments (for un-ordered message) to be discarded using 2047 * the cumulative FTSN. 2048 */ 2049 flen = sctp_ftsn_check_uo_frag(sctp, *ftsn); 2050 if (flen > 0) { 2051 ASSERT(sctp->sctp_rxqueued >= flen); 2052 sctp->sctp_rxqueued -= flen; 2053 } 2054 ftsn_entry = (ftsn_entry_t *)(ftsn + 1); 2055 while (remaining >= sizeof (*ftsn_entry)) { 2056 ftsn_entry->ftsn_sid = ntohs(ftsn_entry->ftsn_sid); 2057 ftsn_entry->ftsn_ssn = ntohs(ftsn_entry->ftsn_ssn); 2058 if (ftsn_entry->ftsn_sid >= sctp->sctp_num_istr) { 2059 uint16_t inval_parm[2]; 2060 mblk_t *errmp; 2061 2062 inval_parm[0] = htons(ftsn_entry->ftsn_sid); 2063 /* RESERVED to be ignored at the receiving end */ 2064 inval_parm[1] = 0; 2065 errmp = sctp_make_err(sctp, SCTP_ERR_BAD_SID, 2066 (char *)inval_parm, sizeof (inval_parm)); 2067 if (errmp != NULL) 2068 sctp_send_err(sctp, errmp, NULL); 2069 ftsn_entry++; 2070 remaining -= sizeof (*ftsn_entry); 2071 continue; 2072 } 2073 instr = &sctp->sctp_instr[ftsn_entry->ftsn_sid]; 2074 flen = sctp_ftsn_check_frag(sctp, ftsn_entry->ftsn_ssn, instr); 2075 /* Indicates frags were nuked, update rxqueued */ 2076 if (flen > 0) { 2077 ASSERT(sctp->sctp_rxqueued >= flen); 2078 sctp->sctp_rxqueued -= flen; 2079 } 2080 /* 2081 * It is possible to receive an FTSN chunk with SSN smaller 2082 * than then nextseq if this chunk is a retransmission because 2083 * of incomplete processing when it was first processed. 2084 */ 2085 if (SSN_GE(ftsn_entry->ftsn_ssn, instr->nextseq)) 2086 instr->nextseq = ftsn_entry->ftsn_ssn + 1; 2087 while (instr->istr_nmsgs > 0) { 2088 mblk_t *next; 2089 2090 dmp = (mblk_t *)instr->istr_msgs; 2091 dc = (sctp_data_hdr_t *)dmp->b_rptr; 2092 if (ntohs(dc->sdh_ssn) != instr->nextseq) 2093 break; 2094 2095 next = dmp->b_next; 2096 dlen = dmp->b_wptr - dmp->b_rptr - sizeof (*dc); 2097 for (pmp = dmp->b_cont; pmp != NULL; 2098 pmp = pmp->b_cont) { 2099 dlen += pmp->b_wptr - pmp->b_rptr; 2100 } 2101 if (can_deliver) { 2102 int32_t nrwnd; 2103 2104 dmp->b_rptr = (uchar_t *)(dc + 1); 2105 dmp->b_next = NULL; 2106 ASSERT(dmp->b_prev == NULL); 2107 if (sctp_input_add_ancillary(sctp, 2108 &dmp, dc, fp, ipp) == 0) { 2109 sctp->sctp_rxqueued -= dlen; 2110 sctp->sctp_rwnd -= dlen; 2111 nrwnd = sctp->sctp_ulp_recv( 2112 sctp->sctp_ulpd, dmp, 0); 2113 if (nrwnd > sctp->sctp_rwnd) 2114 sctp->sctp_rwnd = nrwnd; 2115 } else { 2116 /* 2117 * We will resume processing when 2118 * the FTSN chunk is re-xmitted. 2119 */ 2120 dmp->b_rptr = (uchar_t *)dc; 2121 dmp->b_next = next; 2122 dprint(0, 2123 ("FTSN dequeuing %u failed\n", 2124 ntohs(dc->sdh_ssn))); 2125 return; 2126 } 2127 } else { 2128 sctp->sctp_rxqueued -= dlen; 2129 ASSERT(dmp->b_prev == NULL); 2130 dmp->b_next = NULL; 2131 freemsg(dmp); 2132 } 2133 instr->istr_nmsgs--; 2134 instr->nextseq++; 2135 sctp->sctp_istr_nmsgs--; 2136 if (next != NULL) 2137 next->b_prev = NULL; 2138 instr->istr_msgs = next; 2139 } 2140 ftsn_entry++; 2141 remaining -= sizeof (*ftsn_entry); 2142 } 2143 /* Duplicate FTSN */ 2144 if (*ftsn <= (sctp->sctp_ftsn - 1)) { 2145 sctp->sctp_force_sack = 1; 2146 return; 2147 } 2148 /* Advance cum TSN to that reported in the Forward TSN chunk */ 2149 sctp->sctp_ftsn = *ftsn + 1; 2150 2151 /* Remove all the SACK gaps before the new cum TSN */ 2152 if (sctp->sctp_sack_info != NULL) { 2153 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 2154 &sctp->sctp_sack_gaps); 2155 } 2156 /* 2157 * If there are gap reports pending, check if advancing 2158 * the ftsn here closes a gap. If so, we can advance 2159 * ftsn to the end of the set. 2160 * If ftsn has moved forward, maybe we can remove gap reports. 2161 */ 2162 if (sctp->sctp_sack_info != NULL && 2163 sctp->sctp_ftsn == sctp->sctp_sack_info->begin) { 2164 sctp->sctp_ftsn = sctp->sctp_sack_info->end + 1; 2165 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 2166 &sctp->sctp_sack_gaps); 2167 } 2168 } 2169 2170 /* 2171 * When we have processed a SACK we check to see if we can advance the 2172 * cumulative TSN if there are abandoned chunks immediately following 2173 * the updated cumulative TSN. If there are, we attempt to send a 2174 * Forward TSN chunk. 2175 */ 2176 static void 2177 sctp_check_abandoned_data(sctp_t *sctp, sctp_faddr_t *fp) 2178 { 2179 mblk_t *meta = sctp->sctp_xmit_head; 2180 mblk_t *mp; 2181 mblk_t *nmp; 2182 uint32_t seglen; 2183 uint32_t adv_pap = sctp->sctp_adv_pap; 2184 2185 /* 2186 * We only check in the first meta since otherwise we can't 2187 * advance the cumulative ack point. We just look for chunks 2188 * marked for retransmission, else we might prematurely 2189 * send an FTSN for a sent, but unacked, chunk. 2190 */ 2191 for (mp = meta->b_cont; mp != NULL; mp = mp->b_next) { 2192 if (!SCTP_CHUNK_ISSENT(mp)) 2193 return; 2194 if (SCTP_CHUNK_WANT_REXMIT(mp)) 2195 break; 2196 } 2197 if (mp == NULL) 2198 return; 2199 sctp_check_adv_ack_pt(sctp, meta, mp); 2200 if (SEQ_GT(sctp->sctp_adv_pap, adv_pap)) { 2201 sctp_make_ftsns(sctp, meta, mp, &nmp, fp, &seglen); 2202 if (nmp == NULL) { 2203 sctp->sctp_adv_pap = adv_pap; 2204 if (!fp->timer_running) 2205 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->rto); 2206 return; 2207 } 2208 sctp_set_iplen(sctp, nmp); 2209 sctp_add_sendq(sctp, nmp); 2210 if (!fp->timer_running) 2211 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->rto); 2212 } 2213 } 2214 2215 /* 2216 * The processing here follows the same logic in sctp_got_sack(), the reason 2217 * we do this separately is because, usually, gap blocks are ordered and 2218 * we can process it in sctp_got_sack(). However if they aren't we would 2219 * need to do some additional non-optimal stuff when we start processing the 2220 * unordered gaps. To that effect sctp_got_sack() does the processing in the 2221 * simple case and this does the same in the more involved case. 2222 */ 2223 static uint32_t 2224 sctp_process_uo_gaps(sctp_t *sctp, uint32_t ctsn, sctp_sack_frag_t *ssf, 2225 int num_gaps, mblk_t *umphead, mblk_t *mphead, int *trysend, 2226 boolean_t *fast_recovery, uint32_t fr_xtsn) 2227 { 2228 uint32_t xtsn; 2229 uint32_t gapstart = 0; 2230 uint32_t gapend = 0; 2231 int gapcnt; 2232 uint16_t chunklen; 2233 sctp_data_hdr_t *sdc; 2234 int gstart; 2235 mblk_t *ump = umphead; 2236 mblk_t *mp = mphead; 2237 sctp_faddr_t *fp; 2238 uint32_t acked = 0; 2239 2240 /* 2241 * gstart tracks the last (in the order of TSN) gapstart that 2242 * we process in this SACK gaps walk. 2243 */ 2244 gstart = ctsn; 2245 2246 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2247 xtsn = ntohl(sdc->sdh_tsn); 2248 for (gapcnt = 0; gapcnt < num_gaps; gapcnt++, ssf++) { 2249 if (gapstart != 0) { 2250 /* 2251 * If we have reached the end of the transmit list or 2252 * hit an unsent chunk or encountered an unordered gap 2253 * block start from the ctsn again. 2254 */ 2255 if (ump == NULL || !SCTP_CHUNK_ISSENT(mp) || 2256 SEQ_LT(ctsn + ntohs(ssf->ssf_start), xtsn)) { 2257 ump = umphead; 2258 mp = mphead; 2259 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2260 xtsn = ntohl(sdc->sdh_tsn); 2261 } 2262 } 2263 2264 gapstart = ctsn + ntohs(ssf->ssf_start); 2265 gapend = ctsn + ntohs(ssf->ssf_end); 2266 2267 /* SACK for TSN we have not sent - ABORT */ 2268 if (SEQ_GT(gapstart, sctp->sctp_ltsn - 1) || 2269 SEQ_GT(gapend, sctp->sctp_ltsn - 1)) { 2270 BUMP_MIB(&sctp_mib, sctpInAckUnsent); 2271 *trysend = -1; 2272 return (acked); 2273 } else if (SEQ_LT(gapend, gapstart)) { 2274 break; 2275 } 2276 /* 2277 * The xtsn can be the TSN processed for the last gap 2278 * (gapend) or it could be the cumulative TSN. We continue 2279 * with the last xtsn as long as the gaps are ordered, when 2280 * we hit an unordered gap, we re-start from the cumulative 2281 * TSN. For the first gap it is always the cumulative TSN. 2282 */ 2283 while (xtsn != gapstart) { 2284 /* 2285 * We can't reliably check for reneged chunks 2286 * when walking the unordered list, so we don't. 2287 * In case the peer reneges then we will end up 2288 * sending the reneged chunk via timeout. 2289 */ 2290 mp = mp->b_next; 2291 if (mp == NULL) { 2292 ump = ump->b_next; 2293 /* 2294 * ump can't be NULL because of the sanity 2295 * check above. 2296 */ 2297 ASSERT(ump != NULL); 2298 mp = ump->b_cont; 2299 } 2300 /* 2301 * mp can't be unsent because of the sanity check 2302 * above. 2303 */ 2304 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2305 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2306 xtsn = ntohl(sdc->sdh_tsn); 2307 } 2308 /* 2309 * Now that we have found the chunk with TSN == 'gapstart', 2310 * let's walk till we hit the chunk with TSN == 'gapend'. 2311 * All intermediate chunks will be marked ACKED, if they 2312 * haven't already been. 2313 */ 2314 while (SEQ_LEQ(xtsn, gapend)) { 2315 /* 2316 * SACKed 2317 */ 2318 SCTP_CHUNK_SET_SACKCNT(mp, 0); 2319 if (!SCTP_CHUNK_ISACKED(mp)) { 2320 SCTP_CHUNK_ACKED(mp); 2321 2322 fp = SCTP_CHUNK_DEST(mp); 2323 chunklen = ntohs(sdc->sdh_len); 2324 ASSERT(fp->suna >= chunklen); 2325 fp->suna -= chunklen; 2326 if (fp->suna == 0) { 2327 /* All outstanding data acked. */ 2328 fp->pba = 0; 2329 SCTP_FADDR_TIMER_STOP(fp); 2330 } 2331 fp->acked += chunklen; 2332 acked += chunklen; 2333 sctp->sctp_unacked -= chunklen - sizeof (*sdc); 2334 ASSERT(sctp->sctp_unacked >= 0); 2335 } 2336 /* 2337 * Move to the next message in the transmit list 2338 * if we are done with all the chunks from the current 2339 * message. Note, it is possible to hit the end of the 2340 * transmit list here, i.e. if we have already completed 2341 * processing the gap block. 2342 */ 2343 mp = mp->b_next; 2344 if (mp == NULL) { 2345 ump = ump->b_next; 2346 if (ump == NULL) { 2347 ASSERT(xtsn == gapend); 2348 break; 2349 } 2350 mp = ump->b_cont; 2351 } 2352 /* 2353 * Likewise, we can hit an unsent chunk once we have 2354 * completed processing the gap block. 2355 */ 2356 if (!SCTP_CHUNK_ISSENT(mp)) { 2357 ASSERT(xtsn == gapend); 2358 break; 2359 } 2360 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2361 xtsn = ntohl(sdc->sdh_tsn); 2362 } 2363 /* 2364 * We keep track of the last gap we successfully processed 2365 * so that we can terminate the walk below for incrementing 2366 * the SACK count. 2367 */ 2368 if (SEQ_LT(gstart, gapstart)) 2369 gstart = gapstart; 2370 } 2371 /* 2372 * Check if have incremented the SACK count for all unacked TSNs in 2373 * sctp_got_sack(), if so we are done. 2374 */ 2375 if (SEQ_LEQ(gstart, fr_xtsn)) 2376 return (acked); 2377 2378 ump = umphead; 2379 mp = mphead; 2380 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2381 xtsn = ntohl(sdc->sdh_tsn); 2382 while (SEQ_LT(xtsn, gstart)) { 2383 /* 2384 * We have incremented SACK count for TSNs less than fr_tsn 2385 * in sctp_got_sack(), so don't increment them again here. 2386 */ 2387 if (SEQ_GT(xtsn, fr_xtsn) && !SCTP_CHUNK_ISACKED(mp)) { 2388 SCTP_CHUNK_SET_SACKCNT(mp, SCTP_CHUNK_SACKCNT(mp) + 1); 2389 if (SCTP_CHUNK_SACKCNT(mp) == sctp_fast_rxt_thresh) { 2390 SCTP_CHUNK_REXMIT(mp); 2391 sctp->sctp_chk_fast_rexmit = B_TRUE; 2392 *trysend = 1; 2393 if (!*fast_recovery) { 2394 /* 2395 * Entering fast recovery. 2396 */ 2397 fp = SCTP_CHUNK_DEST(mp); 2398 fp->ssthresh = fp->cwnd / 2; 2399 if (fp->ssthresh < 2 * fp->sfa_pmss) { 2400 fp->ssthresh = 2401 2 * fp->sfa_pmss; 2402 } 2403 fp->cwnd = fp->ssthresh; 2404 fp->pba = 0; 2405 sctp->sctp_recovery_tsn = 2406 sctp->sctp_ltsn - 1; 2407 *fast_recovery = B_TRUE; 2408 } 2409 } 2410 } 2411 mp = mp->b_next; 2412 if (mp == NULL) { 2413 ump = ump->b_next; 2414 /* We can't get to the end of the transmit list here */ 2415 ASSERT(ump != NULL); 2416 mp = ump->b_cont; 2417 } 2418 /* We can't hit an unsent chunk here */ 2419 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2420 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2421 xtsn = ntohl(sdc->sdh_tsn); 2422 } 2423 return (acked); 2424 } 2425 2426 static int 2427 sctp_got_sack(sctp_t *sctp, sctp_chunk_hdr_t *sch) 2428 { 2429 sctp_sack_chunk_t *sc; 2430 sctp_data_hdr_t *sdc; 2431 sctp_sack_frag_t *ssf; 2432 mblk_t *ump; 2433 mblk_t *mp; 2434 mblk_t *mp1; 2435 uint32_t cumtsn; 2436 uint32_t xtsn; 2437 uint32_t gapstart = 0; 2438 uint32_t gapend = 0; 2439 uint32_t acked = 0; 2440 uint16_t chunklen; 2441 sctp_faddr_t *fp; 2442 int num_gaps; 2443 int trysend = 0; 2444 int i; 2445 boolean_t fast_recovery = B_FALSE; 2446 boolean_t cumack_forward = B_FALSE; 2447 boolean_t fwd_tsn = B_FALSE; 2448 2449 BUMP_LOCAL(sctp->sctp_ibchunks); 2450 chunklen = ntohs(sch->sch_len); 2451 if (chunklen < (sizeof (*sch) + sizeof (*sc))) 2452 return (0); 2453 2454 sc = (sctp_sack_chunk_t *)(sch + 1); 2455 cumtsn = ntohl(sc->ssc_cumtsn); 2456 2457 dprint(2, ("got sack cumtsn %x -> %x\n", sctp->sctp_lastack_rxd, 2458 cumtsn)); 2459 2460 /* out of order */ 2461 if (SEQ_LT(cumtsn, sctp->sctp_lastack_rxd)) 2462 return (0); 2463 2464 if (SEQ_GT(cumtsn, sctp->sctp_ltsn - 1)) { 2465 BUMP_MIB(&sctp_mib, sctpInAckUnsent); 2466 /* Send an ABORT */ 2467 return (-1); 2468 } 2469 2470 /* 2471 * Cwnd only done when not in fast recovery mode. 2472 */ 2473 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_recovery_tsn)) 2474 fast_recovery = B_TRUE; 2475 2476 /* 2477 * .. and if the cum TSN is not moving ahead on account Forward TSN 2478 */ 2479 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_adv_pap)) 2480 fwd_tsn = B_TRUE; 2481 2482 if (cumtsn == sctp->sctp_lastack_rxd && 2483 (sctp->sctp_xmit_unacked == NULL || 2484 !SCTP_CHUNK_ABANDONED(sctp->sctp_xmit_unacked))) { 2485 if (sctp->sctp_xmit_unacked != NULL) 2486 mp = sctp->sctp_xmit_unacked; 2487 else if (sctp->sctp_xmit_head != NULL) 2488 mp = sctp->sctp_xmit_head->b_cont; 2489 else 2490 mp = NULL; 2491 BUMP_MIB(&sctp_mib, sctpInDupAck); 2492 } else { 2493 acked = sctp_cumack(sctp, cumtsn, &mp); 2494 sctp->sctp_xmit_unacked = mp; 2495 if (acked > 0) { 2496 trysend = 1; 2497 cumack_forward = B_TRUE; 2498 if (fwd_tsn && SEQ_GEQ(sctp->sctp_lastack_rxd, 2499 sctp->sctp_adv_pap)) { 2500 cumack_forward = B_FALSE; 2501 } 2502 } 2503 } 2504 num_gaps = ntohs(sc->ssc_numfrags); 2505 if (num_gaps == 0 || mp == NULL || !SCTP_CHUNK_ISSENT(mp) || 2506 chunklen < (sizeof (*sch) + sizeof (*sc) + 2507 num_gaps * sizeof (*ssf))) { 2508 goto ret; 2509 } 2510 #ifdef DEBUG 2511 /* 2512 * Since we delete any message that has been acked completely, 2513 * the unacked chunk must belong to sctp_xmit_head (as 2514 * we don't have a back pointer from the mp to the meta data 2515 * we do this). 2516 */ 2517 { 2518 mblk_t *mp2 = sctp->sctp_xmit_head->b_cont; 2519 2520 while (mp2 != NULL) { 2521 if (mp2 == mp) 2522 break; 2523 mp2 = mp2->b_next; 2524 } 2525 ASSERT(mp2 != NULL); 2526 } 2527 #endif 2528 ump = sctp->sctp_xmit_head; 2529 2530 /* 2531 * Just remember where we started from, in case we need to call 2532 * sctp_process_uo_gaps() if the gap blocks are unordered. 2533 */ 2534 mp1 = mp; 2535 2536 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2537 xtsn = ntohl(sdc->sdh_tsn); 2538 ASSERT(xtsn == cumtsn + 1); 2539 2540 /* 2541 * Go through SACK gaps. They are ordered based on start TSN. 2542 */ 2543 ssf = (sctp_sack_frag_t *)(sc + 1); 2544 for (i = 0; i < num_gaps; i++, ssf++) { 2545 if (gapstart != 0) { 2546 /* check for unordered gap */ 2547 if (SEQ_LEQ(cumtsn + ntohs(ssf->ssf_start), gapstart)) { 2548 acked += sctp_process_uo_gaps(sctp, 2549 cumtsn, ssf, num_gaps - i, 2550 sctp->sctp_xmit_head, mp1, 2551 &trysend, &fast_recovery, gapstart); 2552 if (trysend < 0) { 2553 BUMP_MIB(&sctp_mib, sctpInAckUnsent); 2554 return (-1); 2555 } 2556 break; 2557 } 2558 } 2559 gapstart = cumtsn + ntohs(ssf->ssf_start); 2560 gapend = cumtsn + ntohs(ssf->ssf_end); 2561 2562 /* SACK for TSN we have not sent - ABORT */ 2563 if (SEQ_GT(gapstart, sctp->sctp_ltsn - 1) || 2564 SEQ_GT(gapend, sctp->sctp_ltsn - 1)) { 2565 BUMP_MIB(&sctp_mib, sctpInAckUnsent); 2566 return (-1); 2567 } else if (SEQ_LT(gapend, gapstart)) { 2568 break; 2569 } 2570 /* 2571 * Let's start at the current TSN (for the 1st gap we start 2572 * from the cumulative TSN, for subsequent ones we start from 2573 * where the previous gapend was found - second while loop 2574 * below) and walk the transmit list till we find the TSN 2575 * corresponding to gapstart. All the unacked chunks till we 2576 * get to the chunk with TSN == gapstart will have their 2577 * SACKCNT incremented by 1. Note since the gap blocks are 2578 * ordered, we won't be incrementing the SACKCNT for an 2579 * unacked chunk by more than one while processing the gap 2580 * blocks. If the SACKCNT for any unacked chunk exceeds 2581 * the fast retransmit threshold, we will fast retransmit 2582 * after processing all the gap blocks. 2583 */ 2584 ASSERT(SEQ_LT(xtsn, gapstart)); 2585 while (xtsn != gapstart) { 2586 SCTP_CHUNK_SET_SACKCNT(mp, SCTP_CHUNK_SACKCNT(mp) + 1); 2587 if (SCTP_CHUNK_SACKCNT(mp) == sctp_fast_rxt_thresh) { 2588 SCTP_CHUNK_REXMIT(mp); 2589 sctp->sctp_chk_fast_rexmit = B_TRUE; 2590 trysend = 1; 2591 if (!fast_recovery) { 2592 /* 2593 * Entering fast recovery. 2594 */ 2595 fp = SCTP_CHUNK_DEST(mp); 2596 fp->ssthresh = fp->cwnd / 2; 2597 if (fp->ssthresh < 2 * fp->sfa_pmss) { 2598 fp->ssthresh = 2599 2 * fp->sfa_pmss; 2600 } 2601 fp->cwnd = fp->ssthresh; 2602 fp->pba = 0; 2603 sctp->sctp_recovery_tsn = 2604 sctp->sctp_ltsn - 1; 2605 fast_recovery = B_TRUE; 2606 } 2607 } 2608 2609 /* 2610 * Peer may have reneged on this chunk, so un-sack 2611 * it now. If the peer did renege, we need to 2612 * readjust unacked. 2613 */ 2614 if (SCTP_CHUNK_ISACKED(mp)) { 2615 chunklen = ntohs(sdc->sdh_len); 2616 fp = SCTP_CHUNK_DEST(mp); 2617 fp->suna += chunklen; 2618 sctp->sctp_unacked += chunklen - sizeof (*sdc); 2619 SCTP_CHUNK_CLEAR_ACKED(mp); 2620 if (!fp->timer_running) { 2621 SCTP_FADDR_TIMER_RESTART(sctp, fp, 2622 fp->rto); 2623 } 2624 } 2625 2626 mp = mp->b_next; 2627 if (mp == NULL) { 2628 ump = ump->b_next; 2629 /* 2630 * ump can't be NULL given the sanity check 2631 * above. 2632 */ 2633 ASSERT(ump != NULL); 2634 mp = ump->b_cont; 2635 } 2636 /* 2637 * mp can't be unsent given the sanity check above. 2638 */ 2639 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2640 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2641 xtsn = ntohl(sdc->sdh_tsn); 2642 } 2643 /* 2644 * Now that we have found the chunk with TSN == 'gapstart', 2645 * let's walk till we hit the chunk with TSN == 'gapend'. 2646 * All intermediate chunks will be marked ACKED, if they 2647 * haven't already been. 2648 */ 2649 while (SEQ_LEQ(xtsn, gapend)) { 2650 /* 2651 * SACKed 2652 */ 2653 SCTP_CHUNK_SET_SACKCNT(mp, 0); 2654 if (!SCTP_CHUNK_ISACKED(mp)) { 2655 SCTP_CHUNK_ACKED(mp); 2656 2657 fp = SCTP_CHUNK_DEST(mp); 2658 chunklen = ntohs(sdc->sdh_len); 2659 ASSERT(fp->suna >= chunklen); 2660 fp->suna -= chunklen; 2661 if (fp->suna == 0) { 2662 /* All outstanding data acked. */ 2663 fp->pba = 0; 2664 SCTP_FADDR_TIMER_STOP(fp); 2665 } 2666 fp->acked += chunklen; 2667 acked += chunklen; 2668 sctp->sctp_unacked -= chunklen - sizeof (*sdc); 2669 ASSERT(sctp->sctp_unacked >= 0); 2670 } 2671 /* Go to the next chunk of the current message */ 2672 mp = mp->b_next; 2673 /* 2674 * Move to the next message in the transmit list 2675 * if we are done with all the chunks from the current 2676 * message. Note, it is possible to hit the end of the 2677 * transmit list here, i.e. if we have already completed 2678 * processing the gap block. 2679 * Also, note that we break here, which means we 2680 * continue processing gap blocks, if any. In case of 2681 * ordered gap blocks there can't be any following 2682 * this (if there is it will fail the sanity check 2683 * above). In case of un-ordered gap blocks we will 2684 * switch to sctp_process_uo_gaps(). In either case 2685 * it should be fine to continue with NULL ump/mp, 2686 * but we just reset it to xmit_head. 2687 */ 2688 if (mp == NULL) { 2689 ump = ump->b_next; 2690 if (ump == NULL) { 2691 ASSERT(xtsn == gapend); 2692 ump = sctp->sctp_xmit_head; 2693 mp = mp1; 2694 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2695 xtsn = ntohl(sdc->sdh_tsn); 2696 break; 2697 } 2698 mp = ump->b_cont; 2699 } 2700 /* 2701 * Likewise, we could hit an unsent chunk once we have 2702 * completed processing the gap block. Again, it is 2703 * fine to continue processing gap blocks with mp 2704 * pointing to the unsent chunk, because if there 2705 * are more ordered gap blocks, they will fail the 2706 * sanity check, and if there are un-ordered gap blocks, 2707 * we will continue processing in sctp_process_uo_gaps() 2708 * We just reset the mp to the one we started with. 2709 */ 2710 if (!SCTP_CHUNK_ISSENT(mp)) { 2711 ASSERT(xtsn == gapend); 2712 ump = sctp->sctp_xmit_head; 2713 mp = mp1; 2714 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2715 xtsn = ntohl(sdc->sdh_tsn); 2716 break; 2717 } 2718 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2719 xtsn = ntohl(sdc->sdh_tsn); 2720 } 2721 } 2722 if (sctp->sctp_prsctp_aware) 2723 sctp_check_abandoned_data(sctp, sctp->sctp_current); 2724 if (sctp->sctp_chk_fast_rexmit) 2725 sctp_fast_rexmit(sctp); 2726 ret: 2727 trysend += sctp_set_frwnd(sctp, ntohl(sc->ssc_a_rwnd)); 2728 2729 /* 2730 * If receive window is closed while there is unsent data, 2731 * set a timer for doing zero window probes. 2732 */ 2733 if (sctp->sctp_frwnd == 0 && sctp->sctp_unacked == 0 && 2734 sctp->sctp_unsent != 0) { 2735 SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current, 2736 sctp->sctp_current->rto); 2737 } 2738 2739 /* 2740 * Set cwnd for all destinations. 2741 * Congestion window gets increased only when cumulative 2742 * TSN moves forward, we're not in fast recovery, and 2743 * cwnd has been fully utilized (almost fully, need to allow 2744 * some leeway due to non-MSS sized messages). 2745 */ 2746 if (sctp->sctp_current->acked == acked) { 2747 /* 2748 * Fast-path, only data sent to sctp_current got acked. 2749 */ 2750 fp = sctp->sctp_current; 2751 if (cumack_forward && !fast_recovery && 2752 (fp->acked + fp->suna > fp->cwnd - fp->sfa_pmss)) { 2753 if (fp->cwnd < fp->ssthresh) { 2754 /* 2755 * Slow start 2756 */ 2757 if (fp->acked > fp->sfa_pmss) { 2758 fp->cwnd += fp->sfa_pmss; 2759 } else { 2760 fp->cwnd += fp->acked; 2761 } 2762 fp->cwnd = MIN(fp->cwnd, sctp->sctp_cwnd_max); 2763 } else { 2764 /* 2765 * Congestion avoidance 2766 */ 2767 fp->pba += fp->acked; 2768 if (fp->pba >= fp->cwnd) { 2769 fp->pba -= fp->cwnd; 2770 fp->cwnd += fp->sfa_pmss; 2771 fp->cwnd = MIN(fp->cwnd, 2772 sctp->sctp_cwnd_max); 2773 } 2774 } 2775 } 2776 /* 2777 * Limit the burst of transmitted data segments. 2778 */ 2779 if (fp->suna + sctp_maxburst * fp->sfa_pmss < fp->cwnd) { 2780 fp->cwnd = fp->suna + sctp_maxburst * fp->sfa_pmss; 2781 } 2782 fp->acked = 0; 2783 return (trysend); 2784 } 2785 for (fp = sctp->sctp_faddrs; fp; fp = fp->next) { 2786 if (cumack_forward && fp->acked && !fast_recovery && 2787 (fp->acked + fp->suna > fp->cwnd - fp->sfa_pmss)) { 2788 if (fp->cwnd < fp->ssthresh) { 2789 if (fp->acked > fp->sfa_pmss) { 2790 fp->cwnd += fp->sfa_pmss; 2791 } else { 2792 fp->cwnd += fp->acked; 2793 } 2794 fp->cwnd = MIN(fp->cwnd, sctp->sctp_cwnd_max); 2795 } else { 2796 fp->pba += fp->acked; 2797 if (fp->pba >= fp->cwnd) { 2798 fp->pba -= fp->cwnd; 2799 fp->cwnd += fp->sfa_pmss; 2800 fp->cwnd = MIN(fp->cwnd, 2801 sctp->sctp_cwnd_max); 2802 } 2803 } 2804 } 2805 if (fp->suna + sctp_maxburst * fp->sfa_pmss < fp->cwnd) { 2806 fp->cwnd = fp->suna + sctp_maxburst * fp->sfa_pmss; 2807 } 2808 fp->acked = 0; 2809 } 2810 return (trysend); 2811 } 2812 2813 /* 2814 * Returns 0 if the caller should stop processing any more chunks, 2815 * 1 if the caller should skip this chunk and continue processing. 2816 */ 2817 static int 2818 sctp_strange_chunk(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp) 2819 { 2820 mblk_t *errmp; 2821 size_t len; 2822 2823 BUMP_LOCAL(sctp->sctp_ibchunks); 2824 /* check top two bits for action required */ 2825 if (ch->sch_id & 0x40) { /* also matches 0xc0 */ 2826 len = ntohs(ch->sch_len); 2827 errmp = sctp_make_err(sctp, SCTP_ERR_UNREC_CHUNK, ch, len); 2828 if (errmp != NULL) 2829 sctp_send_err(sctp, errmp, fp); 2830 if ((ch->sch_id & 0xc0) == 0xc0) { 2831 /* skip and continue */ 2832 return (1); 2833 } else { 2834 /* stop processing */ 2835 return (0); 2836 } 2837 } 2838 if (ch->sch_id & 0x80) { 2839 /* skip and continue, no error */ 2840 return (1); 2841 } 2842 /* top two bits are clear; stop processing and no error */ 2843 return (0); 2844 } 2845 2846 /* 2847 * Basic sanity checks on all input chunks and parameters: they must 2848 * be of legitimate size for their purported type, and must follow 2849 * ordering conventions as defined in rfc2960. 2850 * 2851 * Returns 1 if the chunk and all encloded params are legitimate, 2852 * 0 otherwise. 2853 */ 2854 /*ARGSUSED*/ 2855 static int 2856 sctp_check_input(sctp_t *sctp, sctp_chunk_hdr_t *ch, ssize_t len, int first) 2857 { 2858 sctp_parm_hdr_t *ph; 2859 void *p = NULL; 2860 ssize_t clen; 2861 uint16_t ch_len; 2862 2863 ch_len = ntohs(ch->sch_len); 2864 if (ch_len > len) { 2865 return (0); 2866 } 2867 2868 switch (ch->sch_id) { 2869 case CHUNK_DATA: 2870 if (ch_len < sizeof (sctp_data_hdr_t)) { 2871 return (0); 2872 } 2873 return (1); 2874 case CHUNK_INIT: 2875 case CHUNK_INIT_ACK: 2876 { 2877 ssize_t remlen = len; 2878 2879 /* 2880 * INIT and INIT-ACK chunks must not be bundled with 2881 * any other. 2882 */ 2883 if (!first || sctp_next_chunk(ch, &remlen) != NULL || 2884 (ch_len < (sizeof (*ch) + 2885 sizeof (sctp_init_chunk_t)))) { 2886 return (0); 2887 } 2888 /* may have params that need checking */ 2889 p = (char *)(ch + 1) + sizeof (sctp_init_chunk_t); 2890 clen = ch_len - (sizeof (*ch) + 2891 sizeof (sctp_init_chunk_t)); 2892 } 2893 break; 2894 case CHUNK_SACK: 2895 if (ch_len < (sizeof (*ch) + sizeof (sctp_sack_chunk_t))) { 2896 return (0); 2897 } 2898 /* dup and gap reports checked by got_sack() */ 2899 return (1); 2900 case CHUNK_SHUTDOWN: 2901 if (ch_len < (sizeof (*ch) + sizeof (uint32_t))) { 2902 return (0); 2903 } 2904 return (1); 2905 case CHUNK_ABORT: 2906 case CHUNK_ERROR: 2907 if (ch_len < sizeof (*ch)) { 2908 return (0); 2909 } 2910 /* may have params that need checking */ 2911 p = ch + 1; 2912 clen = ch_len - sizeof (*ch); 2913 break; 2914 case CHUNK_ECNE: 2915 case CHUNK_CWR: 2916 case CHUNK_HEARTBEAT: 2917 case CHUNK_HEARTBEAT_ACK: 2918 /* Full ASCONF chunk and parameter checks are in asconf.c */ 2919 case CHUNK_ASCONF: 2920 case CHUNK_ASCONF_ACK: 2921 if (ch_len < sizeof (*ch)) { 2922 return (0); 2923 } 2924 /* heartbeat data checked by process_heartbeat() */ 2925 return (1); 2926 case CHUNK_SHUTDOWN_COMPLETE: 2927 { 2928 ssize_t remlen = len; 2929 2930 /* 2931 * SHUTDOWN-COMPLETE chunk must not be bundled with any 2932 * other 2933 */ 2934 if (!first || sctp_next_chunk(ch, &remlen) != NULL || 2935 ch_len < sizeof (*ch)) { 2936 return (0); 2937 } 2938 } 2939 return (1); 2940 case CHUNK_COOKIE: 2941 case CHUNK_COOKIE_ACK: 2942 case CHUNK_SHUTDOWN_ACK: 2943 if (ch_len < sizeof (*ch) || !first) { 2944 return (0); 2945 } 2946 return (1); 2947 case CHUNK_FORWARD_TSN: 2948 if (ch_len < (sizeof (*ch) + sizeof (uint32_t))) 2949 return (0); 2950 return (1); 2951 default: 2952 return (1); /* handled by strange_chunk() */ 2953 } 2954 2955 /* check and byteorder parameters */ 2956 if (clen <= 0) { 2957 return (1); 2958 } 2959 ASSERT(p != NULL); 2960 2961 ph = p; 2962 while (ph != NULL && clen > 0) { 2963 ch_len = ntohs(ph->sph_len); 2964 if (ch_len > len || ch_len < sizeof (*ph)) { 2965 return (0); 2966 } 2967 ph = sctp_next_parm(ph, &clen); 2968 } 2969 2970 /* All OK */ 2971 return (1); 2972 } 2973 2974 /* ARGSUSED */ 2975 static sctp_hdr_t * 2976 find_sctp_hdrs(mblk_t *mp, in6_addr_t *src, in6_addr_t *dst, 2977 uint_t *ifindex, uint_t *ip_hdr_len, ip6_pkt_t *ipp, in_pktinfo_t *pinfo) 2978 { 2979 uchar_t *rptr; 2980 ipha_t *ip4h; 2981 ip6_t *ip6h; 2982 mblk_t *mp1; 2983 2984 rptr = mp->b_rptr; 2985 if (IPH_HDR_VERSION(rptr) == IPV4_VERSION) { 2986 *ip_hdr_len = IPH_HDR_LENGTH(rptr); 2987 ip4h = (ipha_t *)rptr; 2988 IN6_IPADDR_TO_V4MAPPED(ip4h->ipha_src, src); 2989 IN6_IPADDR_TO_V4MAPPED(ip4h->ipha_dst, dst); 2990 2991 ipp->ipp_fields |= IPPF_HOPLIMIT; 2992 ipp->ipp_hoplimit = ((ipha_t *)rptr)->ipha_ttl; 2993 if (pinfo != NULL && (pinfo->in_pkt_flags & IPF_RECVIF)) { 2994 ipp->ipp_fields |= IPPF_IFINDEX; 2995 ipp->ipp_ifindex = pinfo->in_pkt_ifindex; 2996 } 2997 } else { 2998 ASSERT(IPH_HDR_VERSION(rptr) == IPV6_VERSION); 2999 ip6h = (ip6_t *)rptr; 3000 ipp->ipp_fields = IPPF_HOPLIMIT; 3001 ipp->ipp_hoplimit = ip6h->ip6_hops; 3002 3003 if (ip6h->ip6_nxt != IPPROTO_SCTP) { 3004 /* Look for ifindex information */ 3005 if (ip6h->ip6_nxt == IPPROTO_RAW) { 3006 ip6i_t *ip6i = (ip6i_t *)ip6h; 3007 3008 if (ip6i->ip6i_flags & IP6I_IFINDEX) { 3009 ASSERT(ip6i->ip6i_ifindex != 0); 3010 ipp->ipp_fields |= IPPF_IFINDEX; 3011 ipp->ipp_ifindex = ip6i->ip6i_ifindex; 3012 } 3013 rptr = (uchar_t *)&ip6i[1]; 3014 mp->b_rptr = rptr; 3015 if (rptr == mp->b_wptr) { 3016 mp1 = mp->b_cont; 3017 freeb(mp); 3018 mp = mp1; 3019 rptr = mp->b_rptr; 3020 } 3021 ASSERT(mp->b_wptr - rptr >= 3022 IPV6_HDR_LEN + sizeof (sctp_hdr_t)); 3023 ip6h = (ip6_t *)rptr; 3024 } 3025 /* 3026 * Find any potentially interesting extension headers 3027 * as well as the length of the IPv6 + extension 3028 * headers. 3029 */ 3030 *ip_hdr_len = ip_find_hdr_v6(mp, ip6h, ipp, NULL); 3031 } else { 3032 *ip_hdr_len = IPV6_HDR_LEN; 3033 } 3034 *src = ip6h->ip6_src; 3035 *dst = ip6h->ip6_dst; 3036 } 3037 ASSERT((uintptr_t)(mp->b_wptr - rptr) <= (uintptr_t)INT_MAX); 3038 return ((sctp_hdr_t *)&rptr[*ip_hdr_len]); 3039 #undef IPVER 3040 } 3041 3042 static mblk_t * 3043 sctp_check_in_policy(mblk_t *mp, mblk_t *ipsec_mp) 3044 { 3045 ipsec_in_t *ii; 3046 boolean_t check = B_TRUE; 3047 boolean_t policy_present; 3048 ipha_t *ipha; 3049 ip6_t *ip6h; 3050 3051 ii = (ipsec_in_t *)ipsec_mp->b_rptr; 3052 ASSERT(ii->ipsec_in_type == IPSEC_IN); 3053 if (ii->ipsec_in_dont_check) { 3054 check = B_FALSE; 3055 if (!ii->ipsec_in_secure) { 3056 freeb(ipsec_mp); 3057 ipsec_mp = NULL; 3058 } 3059 } 3060 if (IPH_HDR_VERSION(mp->b_rptr) == IPV4_VERSION) { 3061 policy_present = ipsec_inbound_v4_policy_present; 3062 ipha = (ipha_t *)mp->b_rptr; 3063 ip6h = NULL; 3064 } else { 3065 policy_present = ipsec_inbound_v6_policy_present; 3066 ipha = NULL; 3067 ip6h = (ip6_t *)mp->b_rptr; 3068 } 3069 3070 if (check && policy_present) { 3071 /* 3072 * The conn_t parameter is NULL because we already know 3073 * nobody's home. 3074 */ 3075 ipsec_mp = ipsec_check_global_policy(ipsec_mp, (conn_t *)NULL, 3076 ipha, ip6h, B_TRUE); 3077 if (ipsec_mp == NULL) 3078 return (NULL); 3079 } 3080 if (ipsec_mp != NULL) 3081 freeb(ipsec_mp); 3082 return (mp); 3083 } 3084 3085 /* Handle out-of-the-blue packets */ 3086 void 3087 sctp_ootb_input(mblk_t *mp, ill_t *recv_ill, uint_t ipif_seqid, 3088 zoneid_t zoneid, boolean_t mctl_present) 3089 { 3090 sctp_t *sctp; 3091 sctp_chunk_hdr_t *ch; 3092 sctp_hdr_t *sctph; 3093 in6_addr_t src, dst; 3094 uint_t ip_hdr_len; 3095 uint_t ifindex; 3096 ip6_pkt_t ipp; 3097 ssize_t mlen; 3098 in_pktinfo_t *pinfo = NULL; 3099 mblk_t *first_mp; 3100 3101 BUMP_MIB(&sctp_mib, sctpOutOfBlue); 3102 BUMP_MIB(&sctp_mib, sctpInSCTPPkts); 3103 3104 first_mp = mp; 3105 if (mctl_present) 3106 mp = mp->b_cont; 3107 3108 /* Initiate IPPf processing, if needed. */ 3109 if (IPP_ENABLED(IPP_LOCAL_IN)) { 3110 ip_process(IPP_LOCAL_IN, &mp, 3111 recv_ill->ill_phyint->phyint_ifindex); 3112 if (mp == NULL) { 3113 if (mctl_present) 3114 freeb(first_mp); 3115 return; 3116 } 3117 } 3118 3119 if (mp->b_cont != NULL) { 3120 /* 3121 * All subsequent code is vastly simplified if it can 3122 * assume a single contiguous chunk of data. 3123 */ 3124 if (pullupmsg(mp, -1) == 0) { 3125 BUMP_MIB(&ip_mib, ipInDiscards); 3126 freemsg(first_mp); 3127 return; 3128 } 3129 } 3130 3131 /* 3132 * We don't really need to call this function... Need to 3133 * optimize later. 3134 */ 3135 sctph = find_sctp_hdrs(mp, &src, &dst, &ifindex, &ip_hdr_len, 3136 &ipp, pinfo); 3137 mlen = mp->b_wptr - (uchar_t *)(sctph + 1); 3138 if ((ch = sctp_first_chunk((uchar_t *)(sctph + 1), mlen)) == NULL) { 3139 dprint(3, ("sctp_ootb_input: invalid packet\n")); 3140 BUMP_MIB(&ip_mib, ipInDiscards); 3141 freemsg(first_mp); 3142 return; 3143 } 3144 3145 switch (ch->sch_id) { 3146 case CHUNK_INIT: 3147 /* no listener; send abort */ 3148 if (mctl_present && sctp_check_in_policy(mp, first_mp) == NULL) 3149 return; 3150 sctp_send_abort(gsctp, sctp_init2vtag(ch), 0, 3151 NULL, 0, mp, 0, B_TRUE); 3152 break; 3153 case CHUNK_INIT_ACK: 3154 /* check for changed src addr */ 3155 sctp = sctp_addrlist2sctp(mp, sctph, ch, ipif_seqid, zoneid); 3156 if (sctp != NULL) { 3157 /* success; proceed to normal path */ 3158 mutex_enter(&sctp->sctp_lock); 3159 if (sctp->sctp_running) { 3160 if (!sctp_add_recvq(sctp, mp, B_FALSE)) { 3161 BUMP_MIB(&ip_mib, ipInDiscards); 3162 freemsg(mp); 3163 } 3164 mutex_exit(&sctp->sctp_lock); 3165 } else { 3166 /* 3167 * If the source address is changed, we 3168 * don't need to worry too much about 3169 * out of order processing. So we don't 3170 * check if the recvq is empty or not here. 3171 */ 3172 sctp->sctp_running = B_TRUE; 3173 mutex_exit(&sctp->sctp_lock); 3174 sctp_input_data(sctp, mp, NULL); 3175 WAKE_SCTP(sctp); 3176 sctp_process_sendq(sctp); 3177 } 3178 SCTP_REFRELE(sctp); 3179 return; 3180 } 3181 if (mctl_present) 3182 freeb(first_mp); 3183 /* else bogus init ack; drop it */ 3184 break; 3185 case CHUNK_SHUTDOWN_ACK: 3186 if (mctl_present && sctp_check_in_policy(mp, first_mp) == NULL) 3187 return; 3188 sctp_ootb_shutdown_ack(gsctp, mp, ip_hdr_len); 3189 sctp_process_sendq(gsctp); 3190 return; 3191 case CHUNK_ERROR: 3192 case CHUNK_ABORT: 3193 case CHUNK_COOKIE_ACK: 3194 case CHUNK_SHUTDOWN_COMPLETE: 3195 if (mctl_present) 3196 freeb(first_mp); 3197 break; 3198 default: 3199 if (mctl_present && sctp_check_in_policy(mp, first_mp) == NULL) 3200 return; 3201 sctp_send_abort(gsctp, sctph->sh_verf, 0, NULL, 0, mp, 0, 3202 B_TRUE); 3203 break; 3204 } 3205 sctp_process_sendq(gsctp); 3206 freemsg(mp); 3207 } 3208 3209 void 3210 sctp_input(conn_t *connp, ipha_t *ipha, mblk_t *mp, mblk_t *first_mp, 3211 ill_t *recv_ill, boolean_t isv4, boolean_t mctl_present) 3212 { 3213 sctp_t *sctp = CONN2SCTP(connp); 3214 3215 /* 3216 * We check some fields in conn_t without holding a lock. 3217 * This should be fine. 3218 */ 3219 if (CONN_INBOUND_POLICY_PRESENT(connp) || mctl_present) { 3220 first_mp = ipsec_check_inbound_policy(first_mp, connp, 3221 ipha, NULL, mctl_present); 3222 if (first_mp == NULL) { 3223 SCTP_REFRELE(sctp); 3224 return; 3225 } 3226 } 3227 3228 /* Initiate IPPF processing for fastpath */ 3229 if (IPP_ENABLED(IPP_LOCAL_IN)) { 3230 ip_process(IPP_LOCAL_IN, &mp, 3231 recv_ill->ill_phyint->phyint_ifindex); 3232 if (mp == NULL) { 3233 SCTP_REFRELE(sctp); 3234 if (mctl_present) 3235 freeb(first_mp); 3236 return; 3237 } else if (mctl_present) { 3238 /* 3239 * ip_process might return a new mp. 3240 */ 3241 ASSERT(first_mp != mp); 3242 first_mp->b_cont = mp; 3243 } else { 3244 first_mp = mp; 3245 } 3246 } 3247 3248 if (connp->conn_recvif || connp->conn_recvslla || 3249 connp->conn_ipv6_recvpktinfo) { 3250 int in_flags = 0; 3251 3252 if (connp->conn_recvif || connp->conn_ipv6_recvpktinfo) { 3253 in_flags = IPF_RECVIF; 3254 } 3255 if (connp->conn_recvslla) { 3256 in_flags |= IPF_RECVSLLA; 3257 } 3258 if (isv4) { 3259 mp = ip_add_info(mp, recv_ill, in_flags); 3260 } else { 3261 mp = ip_add_info_v6(mp, recv_ill, 3262 &(((ip6_t *)ipha)->ip6_dst)); 3263 } 3264 if (mp == NULL) { 3265 SCTP_REFRELE(sctp); 3266 if (mctl_present) 3267 freeb(first_mp); 3268 return; 3269 } else if (mctl_present) { 3270 /* 3271 * ip_add_info might return a new mp. 3272 */ 3273 ASSERT(first_mp != mp); 3274 first_mp->b_cont = mp; 3275 } else { 3276 first_mp = mp; 3277 } 3278 } 3279 3280 mutex_enter(&sctp->sctp_lock); 3281 if (sctp->sctp_running) { 3282 if (mctl_present) 3283 mp->b_prev = first_mp; 3284 if (!sctp_add_recvq(sctp, mp, B_FALSE)) { 3285 BUMP_MIB(&ip_mib, ipInDiscards); 3286 freemsg(first_mp); 3287 } 3288 mutex_exit(&sctp->sctp_lock); 3289 SCTP_REFRELE(sctp); 3290 return; 3291 } else { 3292 sctp->sctp_running = B_TRUE; 3293 mutex_exit(&sctp->sctp_lock); 3294 3295 mutex_enter(&sctp->sctp_recvq_lock); 3296 if (sctp->sctp_recvq != NULL) { 3297 if (mctl_present) 3298 mp->b_prev = first_mp; 3299 if (!sctp_add_recvq(sctp, mp, B_TRUE)) { 3300 BUMP_MIB(&ip_mib, ipInDiscards); 3301 freemsg(first_mp); 3302 } 3303 mutex_exit(&sctp->sctp_recvq_lock); 3304 WAKE_SCTP(sctp); 3305 SCTP_REFRELE(sctp); 3306 return; 3307 } 3308 } 3309 mutex_exit(&sctp->sctp_recvq_lock); 3310 sctp_input_data(sctp, mp, (mctl_present ? first_mp : NULL)); 3311 WAKE_SCTP(sctp); 3312 sctp_process_sendq(sctp); 3313 SCTP_REFRELE(sctp); 3314 } 3315 3316 static void 3317 sctp_process_abort(sctp_t *sctp, sctp_chunk_hdr_t *ch, int err) 3318 { 3319 BUMP_MIB(&sctp_mib, sctpAborted); 3320 BUMP_LOCAL(sctp->sctp_ibchunks); 3321 3322 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3323 ntohs(((sctp_parm_hdr_t *)(ch + 1))->sph_type), ch); 3324 sctp_clean_death(sctp, err); 3325 } 3326 3327 void 3328 sctp_input_data(sctp_t *sctp, mblk_t *mp, mblk_t *ipsec_mp) 3329 { 3330 sctp_chunk_hdr_t *ch; 3331 ssize_t mlen; 3332 int gotdata; 3333 int trysend; 3334 sctp_faddr_t *fp; 3335 sctp_init_chunk_t *iack; 3336 uint32_t tsn; 3337 sctp_data_hdr_t *sdc; 3338 ip6_pkt_t ipp; 3339 in6_addr_t src; 3340 in6_addr_t dst; 3341 uint_t ifindex; 3342 sctp_hdr_t *sctph; 3343 uint_t ip_hdr_len; 3344 mblk_t *dups = NULL; 3345 int recv_adaption; 3346 boolean_t wake_eager = B_FALSE; 3347 mblk_t *pinfo_mp; 3348 in_pktinfo_t *pinfo = NULL; 3349 in6_addr_t peer_src; 3350 int64_t now; 3351 3352 if (DB_TYPE(mp) != M_DATA) { 3353 ASSERT(DB_TYPE(mp) == M_CTL); 3354 if (MBLKL(mp) == sizeof (in_pktinfo_t) && 3355 ((in_pktinfo_t *)mp->b_rptr)->in_pkt_ulp_type == 3356 IN_PKTINFO) { 3357 pinfo = (in_pktinfo_t *)mp->b_rptr; 3358 pinfo_mp = mp; 3359 mp = mp->b_cont; 3360 } else { 3361 if (ipsec_mp != NULL) 3362 freeb(ipsec_mp); 3363 sctp_icmp_error(sctp, mp); 3364 return; 3365 } 3366 } 3367 ASSERT(DB_TYPE(mp) == M_DATA); 3368 3369 if (mp->b_cont != NULL) { 3370 /* 3371 * All subsequent code is vastly simplified if it can 3372 * assume a single contiguous chunk of data. 3373 */ 3374 if (pullupmsg(mp, -1) == 0) { 3375 BUMP_MIB(&ip_mib, ipInDiscards); 3376 if (ipsec_mp != NULL) 3377 freeb(ipsec_mp); 3378 if (pinfo != NULL) 3379 freeb(pinfo_mp); 3380 freemsg(mp); 3381 return; 3382 } 3383 } 3384 3385 BUMP_LOCAL(sctp->sctp_ipkts); 3386 sctph = find_sctp_hdrs(mp, &src, &dst, &ifindex, &ip_hdr_len, 3387 &ipp, pinfo); 3388 if (pinfo != NULL) 3389 freeb(pinfo_mp); 3390 mlen = mp->b_wptr - (uchar_t *)(sctph + 1); 3391 ch = sctp_first_chunk((uchar_t *)(sctph + 1), mlen); 3392 if (ch == NULL) { 3393 BUMP_MIB(&ip_mib, ipInDiscards); 3394 if (ipsec_mp != NULL) 3395 freeb(ipsec_mp); 3396 freemsg(mp); 3397 return; 3398 } 3399 3400 if (!sctp_check_input(sctp, ch, mlen, 1)) { 3401 BUMP_MIB(&ip_mib, ipInDiscards); 3402 goto done; 3403 } 3404 /* 3405 * Check verfication tag (special handling for INIT, 3406 * COOKIE, SHUTDOWN_COMPLETE and SHUTDOWN_ACK chunks). 3407 * ABORTs are handled in the chunk processing loop, since 3408 * may not appear first. All other checked chunks must 3409 * appear first, or will have been dropped by check_input(). 3410 */ 3411 switch (ch->sch_id) { 3412 case CHUNK_INIT: 3413 if (sctph->sh_verf != 0) { 3414 /* drop it */ 3415 goto done; 3416 } 3417 break; 3418 case CHUNK_SHUTDOWN_COMPLETE: 3419 if (sctph->sh_verf == sctp->sctp_lvtag) 3420 break; 3421 if (sctph->sh_verf == sctp->sctp_fvtag && 3422 SCTP_GET_TBIT(ch)) { 3423 break; 3424 } 3425 /* else drop it */ 3426 goto done; 3427 case CHUNK_ABORT: 3428 case CHUNK_COOKIE: 3429 /* handled below */ 3430 break; 3431 case CHUNK_SHUTDOWN_ACK: 3432 if (sctp->sctp_state > SCTPS_BOUND && 3433 sctp->sctp_state < SCTPS_ESTABLISHED) { 3434 /* treat as OOTB */ 3435 sctp_ootb_shutdown_ack(sctp, mp, ip_hdr_len); 3436 if (ipsec_mp != NULL) 3437 freeb(ipsec_mp); 3438 return; 3439 } 3440 /* else fallthru */ 3441 default: 3442 /* 3443 * All other packets must have a valid 3444 * verification tag, however if this is a 3445 * listener, we use a refined version of 3446 * out-of-the-blue logic. 3447 */ 3448 if (sctph->sh_verf != sctp->sctp_lvtag && 3449 sctp->sctp_state != SCTPS_LISTEN) { 3450 /* drop it */ 3451 goto done; 3452 } 3453 break; 3454 } 3455 3456 /* Have a valid sctp for this packet */ 3457 fp = sctp_lookup_faddr(sctp, &src); 3458 dprint(2, ("sctp_dispatch_rput: mp=%p fp=%p sctp=%p\n", (void *)mp, 3459 (void *)fp, (void *)sctp)); 3460 3461 gotdata = 0; 3462 trysend = 0; 3463 3464 now = lbolt64; 3465 /* Process the chunks */ 3466 do { 3467 dprint(3, ("sctp_dispatch_rput: state=%d, chunk id=%d\n", 3468 sctp->sctp_state, (int)(ch->sch_id))); 3469 3470 if (ch->sch_id == CHUNK_ABORT) { 3471 if (sctph->sh_verf != sctp->sctp_lvtag && 3472 sctph->sh_verf != sctp->sctp_fvtag) { 3473 /* drop it */ 3474 goto done; 3475 } 3476 } 3477 3478 switch (sctp->sctp_state) { 3479 3480 case SCTPS_ESTABLISHED: 3481 case SCTPS_SHUTDOWN_PENDING: 3482 case SCTPS_SHUTDOWN_SENT: 3483 switch (ch->sch_id) { 3484 case CHUNK_DATA: 3485 /* 0-length data chunks are not allowed */ 3486 if (ntohs(ch->sch_len) == sizeof (*sdc)) { 3487 sdc = (sctp_data_hdr_t *)ch; 3488 tsn = sdc->sdh_tsn; 3489 sctp_send_abort(sctp, sctp->sctp_fvtag, 3490 SCTP_ERR_NO_USR_DATA, (char *)&tsn, 3491 sizeof (tsn), mp, 0, B_FALSE); 3492 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3493 0, NULL); 3494 sctp_clean_death(sctp, ECONNABORTED); 3495 goto done; 3496 } 3497 3498 ASSERT(fp != NULL); 3499 sctp->sctp_lastdata = fp; 3500 sctp_data_chunk(sctp, ch, mp, &dups, fp, &ipp); 3501 gotdata = 1; 3502 /* Restart shutdown timer if shutting down */ 3503 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 3504 /* 3505 * If we have exceeded our max 3506 * wait bound for waiting for a 3507 * shutdown ack from the peer, 3508 * abort the association. 3509 */ 3510 if (sctp_shutack_wait_bound != 0 && 3511 TICK_TO_MSEC(now - 3512 sctp->sctp_out_time) > 3513 sctp_shutack_wait_bound) { 3514 sctp_send_abort(sctp, 3515 sctp->sctp_fvtag, 0, NULL, 3516 0, mp, 0, B_FALSE); 3517 sctp_assoc_event(sctp, 3518 SCTP_COMM_LOST, 0, NULL); 3519 sctp_clean_death(sctp, 3520 ECONNABORTED); 3521 goto done; 3522 } 3523 SCTP_FADDR_TIMER_RESTART(sctp, fp, 3524 fp->rto); 3525 } 3526 break; 3527 case CHUNK_SACK: 3528 ASSERT(fp != NULL); 3529 /* 3530 * Peer is real and alive if it can ack our 3531 * data. 3532 */ 3533 sctp_faddr_alive(sctp, fp); 3534 trysend = sctp_got_sack(sctp, ch); 3535 if (trysend < 0) { 3536 sctp_send_abort(sctp, sctph->sh_verf, 3537 0, NULL, 0, mp, 0, B_FALSE); 3538 sctp_assoc_event(sctp, 3539 SCTP_COMM_LOST, 0, NULL); 3540 sctp_clean_death(sctp, 3541 ECONNABORTED); 3542 goto done; 3543 } 3544 break; 3545 case CHUNK_HEARTBEAT: 3546 sctp_return_heartbeat(sctp, ch, mp); 3547 break; 3548 case CHUNK_HEARTBEAT_ACK: 3549 sctp_process_heartbeat(sctp, ch); 3550 break; 3551 case CHUNK_SHUTDOWN: 3552 sctp_shutdown_event(sctp); 3553 trysend = sctp_shutdown_received(sctp, ch, 3554 0, 0); 3555 BUMP_LOCAL(sctp->sctp_ibchunks); 3556 break; 3557 case CHUNK_SHUTDOWN_ACK: 3558 BUMP_LOCAL(sctp->sctp_ibchunks); 3559 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 3560 sctp_shutdown_complete(sctp); 3561 BUMP_MIB(&sctp_mib, sctpShutdowns); 3562 sctp_assoc_event(sctp, 3563 SCTP_SHUTDOWN_COMP, 0, NULL); 3564 sctp_clean_death(sctp, 0); 3565 goto done; 3566 } 3567 break; 3568 case CHUNK_ABORT: { 3569 sctp_saddr_ipif_t *sp; 3570 3571 /* Ignore if delete pending */ 3572 sp = sctp_saddr_lookup(sctp, &dst, 0); 3573 ASSERT(sp != NULL); 3574 if (sp->saddr_ipif_delete_pending) { 3575 BUMP_LOCAL(sctp->sctp_ibchunks); 3576 break; 3577 } 3578 3579 sctp_process_abort(sctp, ch, ECONNRESET); 3580 goto done; 3581 } 3582 case CHUNK_INIT: 3583 sctp_send_initack(sctp, ch, mp); 3584 break; 3585 case CHUNK_COOKIE: 3586 if (sctp_process_cookie(sctp, ch, mp, &iack, 3587 sctph, &recv_adaption, NULL) != -1) { 3588 sctp_send_cookie_ack(sctp); 3589 sctp_assoc_event(sctp, SCTP_RESTART, 3590 0, NULL); 3591 if (recv_adaption) { 3592 sctp->sctp_recv_adaption = 1; 3593 sctp_adaption_event(sctp); 3594 } 3595 } else { 3596 BUMP_MIB(&sctp_mib, 3597 sctpInInvalidCookie); 3598 } 3599 break; 3600 case CHUNK_ERROR: { 3601 int error; 3602 3603 BUMP_LOCAL(sctp->sctp_ibchunks); 3604 error = sctp_handle_error(sctp, sctph, ch, mp); 3605 if (error != 0) { 3606 sctp_clean_death(sctp, error); 3607 goto done; 3608 } 3609 break; 3610 } 3611 case CHUNK_ASCONF: 3612 ASSERT(fp != NULL); 3613 sctp_input_asconf(sctp, ch, fp); 3614 BUMP_LOCAL(sctp->sctp_ibchunks); 3615 break; 3616 case CHUNK_ASCONF_ACK: 3617 ASSERT(fp != NULL); 3618 sctp_faddr_alive(sctp, fp); 3619 sctp_input_asconf_ack(sctp, ch, fp); 3620 BUMP_LOCAL(sctp->sctp_ibchunks); 3621 break; 3622 case CHUNK_FORWARD_TSN: 3623 ASSERT(fp != NULL); 3624 sctp->sctp_lastdata = fp; 3625 sctp_process_forward_tsn(sctp, ch, fp, &ipp); 3626 gotdata = 1; 3627 BUMP_LOCAL(sctp->sctp_ibchunks); 3628 break; 3629 default: 3630 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 3631 goto nomorechunks; 3632 } /* else skip and continue processing */ 3633 break; 3634 } 3635 break; 3636 3637 case SCTPS_LISTEN: 3638 switch (ch->sch_id) { 3639 case CHUNK_INIT: 3640 sctp_send_initack(sctp, ch, mp); 3641 break; 3642 case CHUNK_COOKIE: { 3643 sctp_t *eager; 3644 3645 if (sctp_process_cookie(sctp, ch, mp, &iack, 3646 sctph, &recv_adaption, &peer_src) == -1) { 3647 BUMP_MIB(&sctp_mib, 3648 sctpInInvalidCookie); 3649 goto done; 3650 } 3651 3652 /* 3653 * The cookie is good; ensure that 3654 * the peer used the verification 3655 * tag from the init ack in the header. 3656 */ 3657 if (iack->sic_inittag != sctph->sh_verf) 3658 goto done; 3659 3660 eager = sctp_conn_request(sctp, mp, ifindex, 3661 ip_hdr_len, iack, ipsec_mp); 3662 if (eager == NULL) { 3663 sctp_send_abort(sctp, sctph->sh_verf, 3664 SCTP_ERR_NO_RESOURCES, NULL, 0, mp, 3665 0, B_FALSE); 3666 goto done; 3667 } 3668 3669 /* 3670 * If there were extra chunks 3671 * bundled with the cookie, 3672 * they must be processed 3673 * on the eager's queue. We 3674 * accomplish this by refeeding 3675 * the whole packet into the 3676 * state machine on the right 3677 * q. The packet (mp) gets 3678 * there via the eager's 3679 * cookie_mp field (overloaded 3680 * with the active open role). 3681 * This is picked up when 3682 * processing the null bind 3683 * request put on the eager's 3684 * q by sctp_accept(). We must 3685 * first revert the cookie 3686 * chunk's length field to network 3687 * byteorder so it can be 3688 * properly reprocessed on the 3689 * eager's queue. 3690 */ 3691 BUMP_MIB(&sctp_mib, sctpPassiveEstab); 3692 if (mlen > ntohs(ch->sch_len)) { 3693 eager->sctp_cookie_mp = dupb(mp); 3694 mblk_setcred(eager->sctp_cookie_mp, 3695 CONN_CRED(eager->sctp_connp)); 3696 /* 3697 * If no mem, just let 3698 * the peer retransmit. 3699 */ 3700 } 3701 sctp_assoc_event(eager, SCTP_COMM_UP, 0, NULL); 3702 if (recv_adaption) { 3703 eager->sctp_recv_adaption = 1; 3704 eager->sctp_rx_adaption_code = 3705 sctp->sctp_rx_adaption_code; 3706 sctp_adaption_event(eager); 3707 } 3708 3709 eager->sctp_active = now; 3710 sctp_send_cookie_ack(eager); 3711 3712 wake_eager = B_TRUE; 3713 3714 /* 3715 * Process rest of the chunks with eager. 3716 */ 3717 sctp = eager; 3718 fp = sctp_lookup_faddr(sctp, &peer_src); 3719 /* 3720 * Confirm peer's original source. fp can 3721 * only be NULL if peer does not use the 3722 * original source as one of its addresses... 3723 */ 3724 if (fp == NULL) 3725 fp = sctp_lookup_faddr(sctp, &src); 3726 else 3727 sctp_faddr_alive(sctp, fp); 3728 3729 /* 3730 * Validate the peer addresses. It also starts 3731 * the heartbeat timer. 3732 */ 3733 sctp_validate_peer(sctp); 3734 break; 3735 } 3736 /* Anything else is considered out-of-the-blue */ 3737 case CHUNK_ERROR: 3738 case CHUNK_ABORT: 3739 case CHUNK_COOKIE_ACK: 3740 case CHUNK_SHUTDOWN_COMPLETE: 3741 BUMP_LOCAL(sctp->sctp_ibchunks); 3742 goto done; 3743 default: 3744 BUMP_LOCAL(sctp->sctp_ibchunks); 3745 sctp_send_abort(sctp, sctph->sh_verf, 0, NULL, 3746 0, mp, 0, B_TRUE); 3747 goto done; 3748 } 3749 break; 3750 3751 case SCTPS_COOKIE_WAIT: 3752 switch (ch->sch_id) { 3753 case CHUNK_INIT_ACK: 3754 sctp_stop_faddr_timers(sctp); 3755 sctp_faddr_alive(sctp, sctp->sctp_current); 3756 sctp_send_cookie_echo(sctp, ch, mp); 3757 BUMP_LOCAL(sctp->sctp_ibchunks); 3758 break; 3759 case CHUNK_ABORT: 3760 sctp_process_abort(sctp, ch, ECONNREFUSED); 3761 goto done; 3762 case CHUNK_INIT: 3763 sctp_send_initack(sctp, ch, mp); 3764 break; 3765 case CHUNK_COOKIE: 3766 if (sctp_process_cookie(sctp, ch, mp, &iack, 3767 sctph, &recv_adaption, NULL) == -1) { 3768 BUMP_MIB(&sctp_mib, 3769 sctpInInvalidCookie); 3770 break; 3771 } 3772 sctp_send_cookie_ack(sctp); 3773 sctp_stop_faddr_timers(sctp); 3774 if (!SCTP_IS_DETACHED(sctp)) { 3775 sctp->sctp_ulp_connected(sctp->sctp_ulpd); 3776 sctp_set_ulp_prop(sctp); 3777 } 3778 sctp->sctp_state = SCTPS_ESTABLISHED; 3779 sctp->sctp_assoc_start_time = (uint32_t)lbolt; 3780 BUMP_MIB(&sctp_mib, sctpActiveEstab); 3781 if (sctp->sctp_cookie_mp) { 3782 freemsg(sctp->sctp_cookie_mp); 3783 sctp->sctp_cookie_mp = NULL; 3784 } 3785 3786 /* Validate the peer addresses. */ 3787 sctp->sctp_active = now; 3788 sctp_validate_peer(sctp); 3789 3790 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 3791 if (recv_adaption) { 3792 sctp->sctp_recv_adaption = 1; 3793 sctp_adaption_event(sctp); 3794 } 3795 /* Try sending queued data, or ASCONFs */ 3796 trysend = 1; 3797 break; 3798 default: 3799 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 3800 goto nomorechunks; 3801 } /* else skip and continue processing */ 3802 break; 3803 } 3804 break; 3805 3806 case SCTPS_COOKIE_ECHOED: 3807 switch (ch->sch_id) { 3808 case CHUNK_COOKIE_ACK: 3809 if (!SCTP_IS_DETACHED(sctp)) { 3810 sctp->sctp_ulp_connected(sctp->sctp_ulpd); 3811 sctp_set_ulp_prop(sctp); 3812 } 3813 if (sctp->sctp_unacked == 0) 3814 sctp_stop_faddr_timers(sctp); 3815 sctp->sctp_state = SCTPS_ESTABLISHED; 3816 sctp->sctp_assoc_start_time = (uint32_t)lbolt; 3817 BUMP_MIB(&sctp_mib, sctpActiveEstab); 3818 BUMP_LOCAL(sctp->sctp_ibchunks); 3819 if (sctp->sctp_cookie_mp) { 3820 freemsg(sctp->sctp_cookie_mp); 3821 sctp->sctp_cookie_mp = NULL; 3822 } 3823 sctp_faddr_alive(sctp, fp); 3824 /* Validate the peer addresses. */ 3825 sctp->sctp_active = now; 3826 sctp_validate_peer(sctp); 3827 3828 /* Try sending queued data, or ASCONFs */ 3829 trysend = 1; 3830 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 3831 sctp_adaption_event(sctp); 3832 break; 3833 case CHUNK_ABORT: 3834 sctp_process_abort(sctp, ch, ECONNREFUSED); 3835 goto done; 3836 case CHUNK_COOKIE: 3837 if (sctp_process_cookie(sctp, ch, mp, &iack, 3838 sctph, &recv_adaption, NULL) == -1) { 3839 BUMP_MIB(&sctp_mib, 3840 sctpInInvalidCookie); 3841 break; 3842 } 3843 sctp_send_cookie_ack(sctp); 3844 3845 if (!SCTP_IS_DETACHED(sctp)) { 3846 sctp->sctp_ulp_connected(sctp->sctp_ulpd); 3847 sctp_set_ulp_prop(sctp); 3848 } 3849 if (sctp->sctp_unacked == 0) 3850 sctp_stop_faddr_timers(sctp); 3851 sctp->sctp_state = SCTPS_ESTABLISHED; 3852 sctp->sctp_assoc_start_time = (uint32_t)lbolt; 3853 BUMP_MIB(&sctp_mib, sctpActiveEstab); 3854 if (sctp->sctp_cookie_mp) { 3855 freemsg(sctp->sctp_cookie_mp); 3856 sctp->sctp_cookie_mp = NULL; 3857 } 3858 /* Validate the peer addresses. */ 3859 sctp->sctp_active = now; 3860 sctp_validate_peer(sctp); 3861 3862 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 3863 if (recv_adaption) { 3864 sctp->sctp_recv_adaption = 1; 3865 sctp_adaption_event(sctp); 3866 } 3867 /* Try sending queued data, or ASCONFs */ 3868 trysend = 1; 3869 break; 3870 case CHUNK_INIT: 3871 sctp_send_initack(sctp, ch, mp); 3872 break; 3873 case CHUNK_ERROR: { 3874 sctp_parm_hdr_t *p; 3875 3876 BUMP_LOCAL(sctp->sctp_ibchunks); 3877 /* check for a stale cookie */ 3878 if (ntohs(ch->sch_len) >= 3879 (sizeof (*p) + sizeof (*ch)) + 3880 sizeof (uint32_t)) { 3881 3882 p = (sctp_parm_hdr_t *)(ch + 1); 3883 if (p->sph_type == 3884 htons(SCTP_ERR_STALE_COOKIE)) { 3885 BUMP_MIB(&sctp_mib, 3886 sctpAborted); 3887 sctp_error_event(sctp, ch); 3888 sctp_clean_death(sctp, 3889 ECONNREFUSED); 3890 goto done; 3891 } 3892 } 3893 break; 3894 } 3895 case CHUNK_HEARTBEAT: 3896 sctp_return_heartbeat(sctp, ch, mp); 3897 break; 3898 default: 3899 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 3900 goto nomorechunks; 3901 } /* else skip and continue processing */ 3902 } /* switch (ch->sch_id) */ 3903 break; 3904 3905 case SCTPS_SHUTDOWN_ACK_SENT: 3906 switch (ch->sch_id) { 3907 case CHUNK_ABORT: 3908 /* Pass gathered wisdom to IP for keeping */ 3909 for (fp = sctp->sctp_faddrs; fp != NULL; 3910 fp = fp->next) { 3911 sctp_faddr2ire(sctp, fp); 3912 } 3913 sctp_process_abort(sctp, ch, 0); 3914 goto done; 3915 case CHUNK_SHUTDOWN_COMPLETE: 3916 BUMP_LOCAL(sctp->sctp_ibchunks); 3917 BUMP_MIB(&sctp_mib, sctpShutdowns); 3918 sctp_assoc_event(sctp, SCTP_SHUTDOWN_COMP, 0, 3919 NULL); 3920 3921 /* Pass gathered wisdom to IP for keeping */ 3922 for (fp = sctp->sctp_faddrs; fp != NULL; 3923 fp = fp->next) { 3924 sctp_faddr2ire(sctp, fp); 3925 } 3926 sctp_clean_death(sctp, 0); 3927 goto done; 3928 case CHUNK_SHUTDOWN_ACK: 3929 sctp_shutdown_complete(sctp); 3930 BUMP_LOCAL(sctp->sctp_ibchunks); 3931 BUMP_MIB(&sctp_mib, sctpShutdowns); 3932 sctp_assoc_event(sctp, SCTP_SHUTDOWN_COMP, 0, 3933 NULL); 3934 sctp_clean_death(sctp, 0); 3935 goto done; 3936 case CHUNK_COOKIE: 3937 (void) sctp_shutdown_received(sctp, NULL, 3938 1, 0); 3939 BUMP_LOCAL(sctp->sctp_ibchunks); 3940 break; 3941 case CHUNK_HEARTBEAT: 3942 sctp_return_heartbeat(sctp, ch, mp); 3943 break; 3944 default: 3945 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 3946 goto nomorechunks; 3947 } /* else skip and continue processing */ 3948 break; 3949 } 3950 break; 3951 3952 case SCTPS_SHUTDOWN_RECEIVED: 3953 switch (ch->sch_id) { 3954 case CHUNK_SHUTDOWN: 3955 trysend = sctp_shutdown_received(sctp, ch, 3956 0, 0); 3957 break; 3958 case CHUNK_SACK: 3959 trysend = sctp_got_sack(sctp, ch); 3960 if (trysend < 0) { 3961 sctp_send_abort(sctp, sctph->sh_verf, 3962 0, NULL, 0, mp, 0, B_FALSE); 3963 sctp_assoc_event(sctp, 3964 SCTP_COMM_LOST, 0, NULL); 3965 sctp_clean_death(sctp, 3966 ECONNABORTED); 3967 goto done; 3968 } 3969 break; 3970 case CHUNK_ABORT: 3971 sctp_process_abort(sctp, ch, ECONNRESET); 3972 goto done; 3973 case CHUNK_HEARTBEAT: 3974 sctp_return_heartbeat(sctp, ch, mp); 3975 break; 3976 default: 3977 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 3978 goto nomorechunks; 3979 } /* else skip and continue processing */ 3980 break; 3981 } 3982 break; 3983 3984 default: 3985 BUMP_LOCAL(sctp->sctp_ibchunks); 3986 cmn_err(CE_WARN, "XXXdefault in dispatch state %d", 3987 sctp->sctp_state); 3988 break; 3989 } /* switch (sctp->sctp_state) */ 3990 3991 ch = sctp_next_chunk(ch, &mlen); 3992 if (ch != NULL && !sctp_check_input(sctp, ch, mlen, 0)) 3993 goto done; 3994 } while (ch != NULL); 3995 3996 /* Finished processing all chunks in packet */ 3997 3998 nomorechunks: 3999 /* SACK if necessary */ 4000 if (gotdata) { 4001 (sctp->sctp_sack_toggle)++; 4002 sctp_sack(sctp, dups); 4003 dups = NULL; 4004 4005 if (!sctp->sctp_ack_timer_running) { 4006 sctp->sctp_ack_timer_running = B_TRUE; 4007 sctp_timer(sctp, sctp->sctp_ack_mp, 4008 MSEC_TO_TICK(sctp_deferred_ack_interval)); 4009 } 4010 } 4011 4012 if (trysend) { 4013 sctp_output(sctp); 4014 if (sctp->sctp_cxmit_list != NULL) 4015 sctp_wput_asconf(sctp, NULL); 4016 } 4017 /* If there is unsent data, make sure a timer is running */ 4018 if (sctp->sctp_unsent > 0 && !sctp->sctp_current->timer_running) { 4019 SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current, 4020 sctp->sctp_current->rto); 4021 } 4022 4023 done: 4024 if (dups != NULL) 4025 freeb(dups); 4026 if (ipsec_mp != NULL) 4027 freeb(ipsec_mp); 4028 freemsg(mp); 4029 4030 if (wake_eager) { 4031 /* 4032 * sctp points to newly created control block, need to 4033 * release it before exiting. Before releasing it and 4034 * processing the sendq, need to grab a hold on it. 4035 * Otherwise, another thread can close it while processing 4036 * the sendq. 4037 */ 4038 SCTP_REFHOLD(sctp); 4039 WAKE_SCTP(sctp); 4040 sctp_process_sendq(sctp); 4041 SCTP_REFRELE(sctp); 4042 } 4043 } 4044 4045 /* 4046 * Some amount of data got removed from rx q. 4047 * Check if we should send a window update. 4048 * 4049 * Due to way sctp_rwnd updates are made, ULP can give reports out-of-order. 4050 * To keep from dropping incoming data due to this, we only update 4051 * sctp_rwnd when if it's larger than what we've reported to peer earlier. 4052 */ 4053 void 4054 sctp_recvd(sctp_t *sctp, int len) 4055 { 4056 int32_t old, new; 4057 4058 ASSERT(sctp != NULL); 4059 RUN_SCTP(sctp); 4060 4061 if (len < sctp->sctp_rwnd) { 4062 WAKE_SCTP(sctp); 4063 return; 4064 } 4065 ASSERT(sctp->sctp_rwnd >= sctp->sctp_rxqueued); 4066 old = sctp->sctp_rwnd - sctp->sctp_rxqueued; 4067 new = len - sctp->sctp_rxqueued; 4068 sctp->sctp_rwnd = len; 4069 4070 if (sctp->sctp_state >= SCTPS_ESTABLISHED && 4071 ((old <= new >> 1) || (old < sctp->sctp_mss))) { 4072 sctp->sctp_force_sack = 1; 4073 BUMP_MIB(&sctp_mib, sctpOutWinUpdate); 4074 sctp_sack(sctp, NULL); 4075 old = 1; 4076 } else { 4077 old = 0; 4078 } 4079 WAKE_SCTP(sctp); 4080 if (old > 0) { 4081 sctp_process_sendq(sctp); 4082 } 4083 } 4084