1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/types.h> 30 #include <sys/systm.h> 31 #include <sys/stream.h> 32 #include <sys/cmn_err.h> 33 #include <sys/kmem.h> 34 #define _SUN_TPI_VERSION 2 35 #include <sys/tihdr.h> 36 #include <sys/socket.h> 37 #include <sys/strsun.h> 38 #include <sys/strsubr.h> 39 40 #include <netinet/in.h> 41 #include <netinet/ip6.h> 42 #include <netinet/tcp_seq.h> 43 #include <netinet/sctp.h> 44 45 #include <inet/common.h> 46 #include <inet/ip.h> 47 #include <inet/ip6.h> 48 #include <inet/mib2.h> 49 #include <inet/ipclassifier.h> 50 #include <inet/ipp_common.h> 51 #include <inet/ipsec_impl.h> 52 #include <inet/sctp_ip.h> 53 54 #include "sctp_impl.h" 55 #include "sctp_asconf.h" 56 #include "sctp_addr.h" 57 58 static struct kmem_cache *sctp_kmem_set_cache; 59 60 /* 61 * PR-SCTP comments. 62 * 63 * When we get a valid Forward TSN chunk, we check the fragment list for this 64 * SSN and preceeding SSNs free all them. Further, if this Forward TSN causes 65 * the next expected SSN to be present in the stream queue, we deliver any 66 * such stranded messages upstream. We also update the SACK info. appropriately. 67 * When checking for advancing the cumulative ack (in sctp_cumack()) we must 68 * check for abandoned chunks and messages. While traversing the tramsmit 69 * list if we come across an abandoned chunk, we can skip the message (i.e. 70 * take it out of the (re)transmit list) since this message, and hence this 71 * chunk, has been marked abandoned by sctp_rexmit(). If we come across an 72 * unsent chunk for a message this now abandoned we need to check if a 73 * Forward TSN needs to be sent, this could be a case where we deferred sending 74 * a Forward TSN in sctp_get_msg_to_send(). Further, after processing a 75 * SACK we check if the Advanced peer ack point can be moved ahead, i.e. 76 * if we can send a Forward TSN via sctp_check_abandoned_data(). 77 */ 78 void 79 sctp_free_set(sctp_set_t *s) 80 { 81 sctp_set_t *p; 82 83 while (s) { 84 p = s->next; 85 kmem_cache_free(sctp_kmem_set_cache, s); 86 s = p; 87 } 88 } 89 90 static void 91 sctp_ack_add(sctp_set_t **head, uint32_t tsn, int *num) 92 { 93 sctp_set_t *p, *t; 94 95 if (head == NULL || num == NULL) 96 return; 97 98 ASSERT(*num >= 0); 99 ASSERT((*num == 0 && *head == NULL) || (*num > 0 && *head != NULL)); 100 101 if (*head == NULL) { 102 *head = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 103 if (*head == NULL) 104 return; 105 (*head)->prev = (*head)->next = NULL; 106 (*head)->begin = tsn; 107 (*head)->end = tsn; 108 *num = 1; 109 return; 110 } 111 112 ASSERT((*head)->prev == NULL); 113 114 /* 115 * Handle this special case here so we don't have to check 116 * for it each time in the loop. 117 */ 118 if (SEQ_LT(tsn + 1, (*head)->begin)) { 119 /* add a new set, and move the head pointer */ 120 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 121 if (t == NULL) 122 return; 123 t->next = *head; 124 t->prev = NULL; 125 (*head)->prev = t; 126 t->begin = tsn; 127 t->end = tsn; 128 (*num)++; 129 *head = t; 130 return; 131 } 132 133 /* 134 * We need to handle the following cases, where p points to 135 * the current set (as we walk through the loop): 136 * 137 * 1. tsn is entirely less than p; create a new set before p. 138 * 2. tsn borders p from less; coalesce p with tsn. 139 * 3. tsn is withing p; do nothing. 140 * 4. tsn borders p from greater; coalesce p with tsn. 141 * 4a. p may now border p->next from less; if so, coalesce those 142 * two sets. 143 * 5. tsn is entirely greater then all sets; add a new set at 144 * the end. 145 */ 146 for (p = *head; ; p = p->next) { 147 if (SEQ_LT(tsn + 1, p->begin)) { 148 /* 1: add a new set before p. */ 149 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 150 if (t == NULL) 151 return; 152 t->next = p; 153 t->prev = NULL; 154 t->begin = tsn; 155 t->end = tsn; 156 if (p->prev) { 157 t->prev = p->prev; 158 p->prev->next = t; 159 } 160 p->prev = t; 161 (*num)++; 162 return; 163 } 164 165 if ((tsn + 1) == p->begin) { 166 /* 2: adjust p->begin */ 167 p->begin = tsn; 168 return; 169 } 170 171 if (SEQ_GEQ(tsn, p->begin) && SEQ_LEQ(tsn, p->end)) { 172 /* 3; do nothing */ 173 return; 174 } 175 176 if ((p->end + 1) == tsn) { 177 /* 4; adjust p->end */ 178 p->end = tsn; 179 180 if (p->next != NULL && (tsn + 1) == p->next->begin) { 181 /* 4a: coalesce p and p->next */ 182 t = p->next; 183 p->end = t->end; 184 p->next = t->next; 185 if (t->next != NULL) 186 t->next->prev = p; 187 kmem_cache_free(sctp_kmem_set_cache, t); 188 (*num)--; 189 } 190 return; 191 } 192 193 if (p->next == NULL) { 194 /* 5: add new set at the end */ 195 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 196 if (t == NULL) 197 return; 198 t->next = NULL; 199 t->prev = p; 200 t->begin = tsn; 201 t->end = tsn; 202 p->next = t; 203 (*num)++; 204 return; 205 } 206 207 if (SEQ_GT(tsn, p->end + 1)) 208 continue; 209 } 210 } 211 212 static void 213 sctp_ack_rem(sctp_set_t **head, uint32_t end, int *num) 214 { 215 sctp_set_t *p, *t; 216 217 if (head == NULL || *head == NULL || num == NULL) 218 return; 219 220 /* Nothing to remove */ 221 if (SEQ_LT(end, (*head)->begin)) 222 return; 223 224 /* Find out where to start removing sets */ 225 for (p = *head; p->next; p = p->next) { 226 if (SEQ_LEQ(end, p->end)) 227 break; 228 } 229 230 if (SEQ_LT(end, p->end) && SEQ_GEQ(end, p->begin)) { 231 /* adjust p */ 232 p->begin = end + 1; 233 /* all done */ 234 if (p == *head) 235 return; 236 } else if (SEQ_GEQ(end, p->end)) { 237 /* remove this set too */ 238 p = p->next; 239 } 240 241 /* unlink everything before this set */ 242 t = *head; 243 *head = p; 244 if (p != NULL && p->prev != NULL) { 245 p->prev->next = NULL; 246 p->prev = NULL; 247 } 248 249 sctp_free_set(t); 250 251 /* recount the number of sets */ 252 *num = 0; 253 254 for (p = *head; p != NULL; p = p->next) 255 (*num)++; 256 } 257 258 void 259 sctp_sets_init() 260 { 261 sctp_kmem_set_cache = kmem_cache_create("sctp_set_cache", 262 sizeof (sctp_set_t), 0, NULL, NULL, NULL, NULL, 263 NULL, 0); 264 } 265 266 void 267 sctp_sets_fini() 268 { 269 kmem_cache_destroy(sctp_kmem_set_cache); 270 } 271 272 sctp_chunk_hdr_t * 273 sctp_first_chunk(uchar_t *rptr, ssize_t remaining) 274 { 275 sctp_chunk_hdr_t *ch; 276 uint16_t ch_len; 277 278 if (remaining < sizeof (*ch)) { 279 return (NULL); 280 } 281 282 ch = (sctp_chunk_hdr_t *)rptr; 283 ch_len = ntohs(ch->sch_len); 284 285 if (ch_len < sizeof (*ch) || remaining < ch_len) { 286 return (NULL); 287 } 288 289 return (ch); 290 } 291 292 sctp_chunk_hdr_t * 293 sctp_next_chunk(sctp_chunk_hdr_t *ch, ssize_t *remaining) 294 { 295 int pad; 296 uint16_t ch_len; 297 298 if (!ch) { 299 return (NULL); 300 } 301 302 ch_len = ntohs(ch->sch_len); 303 304 if ((pad = ch_len & (SCTP_ALIGN - 1)) != 0) { 305 pad = SCTP_ALIGN - pad; 306 } 307 308 *remaining -= (ch_len + pad); 309 ch = (sctp_chunk_hdr_t *)((char *)ch + ch_len + pad); 310 311 return (sctp_first_chunk((uchar_t *)ch, *remaining)); 312 } 313 314 /* 315 * Attach ancillary data to a received SCTP segments. 316 * If the source address (fp) is not the primary, send up a 317 * unitdata_ind so recvfrom() can populate the msg_name field. 318 * If ancillary data is also requested, we append it to the 319 * unitdata_req. Otherwise, we just send up an optdata_ind. 320 */ 321 static int 322 sctp_input_add_ancillary(sctp_t *sctp, mblk_t **mp, sctp_data_hdr_t *dcp, 323 sctp_faddr_t *fp, ip6_pkt_t *ipp) 324 { 325 struct T_unitdata_ind *tudi; 326 int optlen; 327 int hdrlen; 328 uchar_t *optptr; 329 struct cmsghdr *cmsg; 330 mblk_t *mp1; 331 struct sockaddr_in6 sin_buf[1]; 332 struct sockaddr_in6 *sin6; 333 struct sockaddr_in *sin4; 334 uint_t addflag = 0; 335 336 sin4 = NULL; 337 sin6 = NULL; 338 339 optlen = hdrlen = 0; 340 341 /* Figure out address size */ 342 if (sctp->sctp_ipversion == IPV4_VERSION) { 343 sin4 = (struct sockaddr_in *)sin_buf; 344 sin4->sin_family = AF_INET; 345 sin4->sin_port = sctp->sctp_fport; 346 IN6_V4MAPPED_TO_IPADDR(&fp->faddr, sin4->sin_addr.s_addr); 347 hdrlen = sizeof (*tudi) + sizeof (*sin4); 348 } else { 349 sin6 = sin_buf; 350 sin6->sin6_family = AF_INET6; 351 sin6->sin6_port = sctp->sctp_fport; 352 sin6->sin6_addr = fp->faddr; 353 hdrlen = sizeof (*tudi) + sizeof (*sin6); 354 } 355 356 /* If app asked to receive send / recv info */ 357 if (sctp->sctp_recvsndrcvinfo) { 358 optlen += sizeof (*cmsg) + sizeof (struct sctp_sndrcvinfo); 359 if (hdrlen == 0) 360 hdrlen = sizeof (struct T_optdata_ind); 361 } 362 363 if (sctp->sctp_ipv6_recvancillary == 0) 364 goto noancillary; 365 366 if ((ipp->ipp_fields & IPPF_IFINDEX) && 367 ipp->ipp_ifindex != sctp->sctp_recvifindex && 368 (sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVPKTINFO)) { 369 optlen += sizeof (*cmsg) + sizeof (struct in6_pktinfo); 370 if (hdrlen == 0) 371 hdrlen = sizeof (struct T_unitdata_ind); 372 addflag |= SCTP_IPV6_RECVPKTINFO; 373 } 374 /* If app asked for hoplimit and it has changed ... */ 375 if ((ipp->ipp_fields & IPPF_HOPLIMIT) && 376 ipp->ipp_hoplimit != sctp->sctp_recvhops && 377 (sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVHOPLIMIT)) { 378 optlen += sizeof (*cmsg) + sizeof (uint_t); 379 if (hdrlen == 0) 380 hdrlen = sizeof (struct T_unitdata_ind); 381 addflag |= SCTP_IPV6_RECVHOPLIMIT; 382 } 383 /* If app asked for hopbyhop headers and it has changed ... */ 384 if ((sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVHOPOPTS) && 385 ip_cmpbuf(sctp->sctp_hopopts, sctp->sctp_hopoptslen, 386 (ipp->ipp_fields & IPPF_HOPOPTS), 387 ipp->ipp_hopopts, ipp->ipp_hopoptslen)) { 388 optlen += sizeof (*cmsg) + ipp->ipp_hopoptslen - 389 sctp->sctp_v6label_len; 390 if (hdrlen == 0) 391 hdrlen = sizeof (struct T_unitdata_ind); 392 addflag |= SCTP_IPV6_RECVHOPOPTS; 393 if (!ip_allocbuf((void **)&sctp->sctp_hopopts, 394 &sctp->sctp_hopoptslen, 395 (ipp->ipp_fields & IPPF_HOPOPTS), 396 ipp->ipp_hopopts, ipp->ipp_hopoptslen)) 397 return (-1); 398 } 399 /* If app asked for dst headers before routing headers ... */ 400 if ((sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVRTDSTOPTS) && 401 ip_cmpbuf(sctp->sctp_rtdstopts, sctp->sctp_rtdstoptslen, 402 (ipp->ipp_fields & IPPF_RTDSTOPTS), 403 ipp->ipp_rtdstopts, ipp->ipp_rtdstoptslen)) { 404 optlen += sizeof (*cmsg) + ipp->ipp_rtdstoptslen; 405 if (hdrlen == 0) 406 hdrlen = sizeof (struct T_unitdata_ind); 407 addflag |= SCTP_IPV6_RECVRTDSTOPTS; 408 if (!ip_allocbuf((void **)&sctp->sctp_rtdstopts, 409 &sctp->sctp_rtdstoptslen, 410 (ipp->ipp_fields & IPPF_RTDSTOPTS), 411 ipp->ipp_rtdstopts, ipp->ipp_rtdstoptslen)) 412 return (-1); 413 } 414 /* If app asked for routing headers and it has changed ... */ 415 if (sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVRTHDR) { 416 if (ip_cmpbuf(sctp->sctp_rthdr, sctp->sctp_rthdrlen, 417 (ipp->ipp_fields & IPPF_RTHDR), 418 ipp->ipp_rthdr, ipp->ipp_rthdrlen)) { 419 optlen += sizeof (*cmsg) + ipp->ipp_rthdrlen; 420 if (hdrlen == 0) 421 hdrlen = sizeof (struct T_unitdata_ind); 422 addflag |= SCTP_IPV6_RECVRTHDR; 423 if (!ip_allocbuf((void **)&sctp->sctp_rthdr, 424 &sctp->sctp_rthdrlen, 425 (ipp->ipp_fields & IPPF_RTHDR), 426 ipp->ipp_rthdr, ipp->ipp_rthdrlen)) 427 return (-1); 428 } 429 } 430 /* If app asked for dest headers and it has changed ... */ 431 if ((sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVDSTOPTS) && 432 ip_cmpbuf(sctp->sctp_dstopts, sctp->sctp_dstoptslen, 433 (ipp->ipp_fields & IPPF_DSTOPTS), 434 ipp->ipp_dstopts, ipp->ipp_dstoptslen)) { 435 optlen += sizeof (*cmsg) + ipp->ipp_dstoptslen; 436 if (hdrlen == 0) 437 hdrlen = sizeof (struct T_unitdata_ind); 438 addflag |= SCTP_IPV6_RECVDSTOPTS; 439 if (!ip_allocbuf((void **)&sctp->sctp_dstopts, 440 &sctp->sctp_dstoptslen, 441 (ipp->ipp_fields & IPPF_DSTOPTS), 442 ipp->ipp_dstopts, ipp->ipp_dstoptslen)) 443 return (-1); 444 } 445 noancillary: 446 /* Nothing to add */ 447 if (hdrlen == 0) 448 return (-1); 449 450 mp1 = allocb(hdrlen + optlen + sizeof (void *), BPRI_MED); 451 if (mp1 == NULL) 452 return (-1); 453 mp1->b_cont = *mp; 454 *mp = mp1; 455 mp1->b_rptr += sizeof (void *); /* pointer worth of padding */ 456 mp1->b_wptr = mp1->b_rptr + hdrlen + optlen; 457 DB_TYPE(mp1) = M_PROTO; 458 tudi = (struct T_unitdata_ind *)mp1->b_rptr; 459 tudi->PRIM_type = T_UNITDATA_IND; 460 tudi->SRC_length = sin4 ? sizeof (*sin4) : sizeof (*sin6); 461 tudi->SRC_offset = sizeof (*tudi); 462 tudi->OPT_offset = sizeof (*tudi) + tudi->SRC_length; 463 tudi->OPT_length = optlen; 464 if (sin4) { 465 bcopy(sin4, tudi + 1, sizeof (*sin4)); 466 } else { 467 bcopy(sin6, tudi + 1, sizeof (*sin6)); 468 } 469 optptr = (uchar_t *)tudi + tudi->OPT_offset; 470 471 if (sctp->sctp_recvsndrcvinfo) { 472 /* XXX need backout method if memory allocation fails. */ 473 struct sctp_sndrcvinfo *sri; 474 475 cmsg = (struct cmsghdr *)optptr; 476 cmsg->cmsg_level = IPPROTO_SCTP; 477 cmsg->cmsg_type = SCTP_SNDRCV; 478 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (*sri); 479 optptr += sizeof (*cmsg); 480 481 sri = (struct sctp_sndrcvinfo *)(cmsg + 1); 482 ASSERT(OK_32PTR(sri)); 483 sri->sinfo_stream = ntohs(dcp->sdh_sid); 484 sri->sinfo_ssn = ntohs(dcp->sdh_ssn); 485 if (SCTP_DATA_GET_UBIT(dcp)) { 486 sri->sinfo_flags = MSG_UNORDERED; 487 } else { 488 sri->sinfo_flags = 0; 489 } 490 sri->sinfo_ppid = dcp->sdh_payload_id; 491 sri->sinfo_context = 0; 492 sri->sinfo_timetolive = 0; 493 sri->sinfo_tsn = ntohl(dcp->sdh_tsn); 494 sri->sinfo_cumtsn = sctp->sctp_ftsn; 495 sri->sinfo_assoc_id = 0; 496 497 optptr += sizeof (*sri); 498 } 499 500 /* 501 * If app asked for pktinfo and the index has changed ... 502 * Note that the local address never changes for the connection. 503 */ 504 if (addflag & SCTP_IPV6_RECVPKTINFO) { 505 struct in6_pktinfo *pkti; 506 507 cmsg = (struct cmsghdr *)optptr; 508 cmsg->cmsg_level = IPPROTO_IPV6; 509 cmsg->cmsg_type = IPV6_PKTINFO; 510 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (*pkti); 511 optptr += sizeof (*cmsg); 512 513 pkti = (struct in6_pktinfo *)optptr; 514 if (sctp->sctp_ipversion == IPV6_VERSION) 515 pkti->ipi6_addr = sctp->sctp_ip6h->ip6_src; 516 else 517 IN6_IPADDR_TO_V4MAPPED(sctp->sctp_ipha->ipha_src, 518 &pkti->ipi6_addr); 519 pkti->ipi6_ifindex = ipp->ipp_ifindex; 520 optptr += sizeof (*pkti); 521 ASSERT(OK_32PTR(optptr)); 522 /* Save as "last" value */ 523 sctp->sctp_recvifindex = ipp->ipp_ifindex; 524 } 525 /* If app asked for hoplimit and it has changed ... */ 526 if (addflag & SCTP_IPV6_RECVHOPLIMIT) { 527 cmsg = (struct cmsghdr *)optptr; 528 cmsg->cmsg_level = IPPROTO_IPV6; 529 cmsg->cmsg_type = IPV6_HOPLIMIT; 530 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (uint_t); 531 optptr += sizeof (*cmsg); 532 533 *(uint_t *)optptr = ipp->ipp_hoplimit; 534 optptr += sizeof (uint_t); 535 ASSERT(OK_32PTR(optptr)); 536 /* Save as "last" value */ 537 sctp->sctp_recvhops = ipp->ipp_hoplimit; 538 } 539 if (addflag & SCTP_IPV6_RECVHOPOPTS) { 540 cmsg = (struct cmsghdr *)optptr; 541 cmsg->cmsg_level = IPPROTO_IPV6; 542 cmsg->cmsg_type = IPV6_HOPOPTS; 543 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_hopoptslen; 544 optptr += sizeof (*cmsg); 545 546 bcopy(ipp->ipp_hopopts, optptr, ipp->ipp_hopoptslen); 547 optptr += ipp->ipp_hopoptslen; 548 ASSERT(OK_32PTR(optptr)); 549 /* Save as last value */ 550 ip_savebuf((void **)&sctp->sctp_hopopts, 551 &sctp->sctp_hopoptslen, 552 (ipp->ipp_fields & IPPF_HOPOPTS), 553 ipp->ipp_hopopts, ipp->ipp_hopoptslen); 554 } 555 if (addflag & SCTP_IPV6_RECVRTDSTOPTS) { 556 cmsg = (struct cmsghdr *)optptr; 557 cmsg->cmsg_level = IPPROTO_IPV6; 558 cmsg->cmsg_type = IPV6_RTHDRDSTOPTS; 559 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_rtdstoptslen; 560 optptr += sizeof (*cmsg); 561 562 bcopy(ipp->ipp_rtdstopts, optptr, ipp->ipp_rtdstoptslen); 563 optptr += ipp->ipp_rtdstoptslen; 564 ASSERT(OK_32PTR(optptr)); 565 /* Save as last value */ 566 ip_savebuf((void **)&sctp->sctp_rtdstopts, 567 &sctp->sctp_rtdstoptslen, 568 (ipp->ipp_fields & IPPF_RTDSTOPTS), 569 ipp->ipp_rtdstopts, ipp->ipp_rtdstoptslen); 570 } 571 if (addflag & SCTP_IPV6_RECVRTHDR) { 572 cmsg = (struct cmsghdr *)optptr; 573 cmsg->cmsg_level = IPPROTO_IPV6; 574 cmsg->cmsg_type = IPV6_RTHDR; 575 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_rthdrlen; 576 optptr += sizeof (*cmsg); 577 578 bcopy(ipp->ipp_rthdr, optptr, ipp->ipp_rthdrlen); 579 optptr += ipp->ipp_rthdrlen; 580 ASSERT(OK_32PTR(optptr)); 581 /* Save as last value */ 582 ip_savebuf((void **)&sctp->sctp_rthdr, 583 &sctp->sctp_rthdrlen, 584 (ipp->ipp_fields & IPPF_RTHDR), 585 ipp->ipp_rthdr, ipp->ipp_rthdrlen); 586 } 587 if (addflag & SCTP_IPV6_RECVDSTOPTS) { 588 cmsg = (struct cmsghdr *)optptr; 589 cmsg->cmsg_level = IPPROTO_IPV6; 590 cmsg->cmsg_type = IPV6_DSTOPTS; 591 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_dstoptslen; 592 optptr += sizeof (*cmsg); 593 594 bcopy(ipp->ipp_dstopts, optptr, ipp->ipp_dstoptslen); 595 optptr += ipp->ipp_dstoptslen; 596 ASSERT(OK_32PTR(optptr)); 597 /* Save as last value */ 598 ip_savebuf((void **)&sctp->sctp_dstopts, 599 &sctp->sctp_dstoptslen, 600 (ipp->ipp_fields & IPPF_DSTOPTS), 601 ipp->ipp_dstopts, ipp->ipp_dstoptslen); 602 } 603 604 ASSERT(optptr == mp1->b_wptr); 605 606 return (0); 607 } 608 609 void 610 sctp_free_reass(sctp_instr_t *sip) 611 { 612 mblk_t *mp, *mpnext, *mctl; 613 614 for (mp = sip->istr_reass; mp != NULL; mp = mpnext) { 615 mpnext = mp->b_next; 616 mp->b_next = NULL; 617 mp->b_prev = NULL; 618 if (DB_TYPE(mp) == M_CTL) { 619 mctl = mp; 620 ASSERT(mp->b_cont != NULL); 621 mp = mp->b_cont; 622 mctl->b_cont = NULL; 623 freeb(mctl); 624 } 625 freemsg(mp); 626 } 627 } 628 629 /* 630 * If the series of data fragments of which dmp is a part is successfully 631 * reassembled, the first mblk in the series is returned. dc is adjusted 632 * to point at the data chunk in the lead mblk, and b_rptr also points to 633 * the data chunk; the following mblk's b_rptr's point at the actual payload. 634 * 635 * If the series is not yet reassembled, NULL is returned. dc is not changed. 636 * XXX should probably move this up into the state machine. 637 */ 638 639 /* Fragment list for un-ordered messages. Partial delivery is not supported */ 640 static mblk_t * 641 sctp_uodata_frag(sctp_t *sctp, mblk_t *dmp, sctp_data_hdr_t **dc) 642 { 643 mblk_t *hmp; 644 mblk_t *begin = NULL; 645 mblk_t *end = NULL; 646 sctp_data_hdr_t *qdc; 647 uint32_t ntsn; 648 uint32_t tsn = ntohl((*dc)->sdh_tsn); 649 #ifdef DEBUG 650 mblk_t *mp1; 651 #endif 652 653 /* First frag. */ 654 if (sctp->sctp_uo_frags == NULL) { 655 sctp->sctp_uo_frags = dmp; 656 return (NULL); 657 } 658 hmp = sctp->sctp_uo_frags; 659 /* 660 * Insert the segment according to the TSN, fragmented unordered 661 * chunks are sequenced by TSN. 662 */ 663 while (hmp != NULL) { 664 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 665 ntsn = ntohl(qdc->sdh_tsn); 666 if (SEQ_GT(ntsn, tsn)) { 667 if (hmp->b_prev == NULL) { 668 dmp->b_next = hmp; 669 hmp->b_prev = dmp; 670 sctp->sctp_uo_frags = dmp; 671 } else { 672 dmp->b_next = hmp; 673 dmp->b_prev = hmp->b_prev; 674 hmp->b_prev->b_next = dmp; 675 hmp->b_prev = dmp; 676 } 677 break; 678 } 679 if (hmp->b_next == NULL) { 680 hmp->b_next = dmp; 681 dmp->b_prev = hmp; 682 break; 683 } 684 hmp = hmp->b_next; 685 } 686 /* check if we completed a msg */ 687 if (SCTP_DATA_GET_BBIT(*dc)) { 688 begin = dmp; 689 } else if (SCTP_DATA_GET_EBIT(*dc)) { 690 end = dmp; 691 } 692 /* 693 * We walk consecutive TSNs backwards till we get a seg. with 694 * the B bit 695 */ 696 if (begin == NULL) { 697 for (hmp = dmp->b_prev; hmp != NULL; hmp = hmp->b_prev) { 698 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 699 ntsn = ntohl(qdc->sdh_tsn); 700 if ((int32_t)(tsn - ntsn) > 1) { 701 return (NULL); 702 } 703 if (SCTP_DATA_GET_BBIT(qdc)) { 704 begin = hmp; 705 break; 706 } 707 tsn = ntsn; 708 } 709 } 710 tsn = ntohl((*dc)->sdh_tsn); 711 /* 712 * We walk consecutive TSNs till we get a seg. with the E bit 713 */ 714 if (end == NULL) { 715 for (hmp = dmp->b_next; hmp != NULL; hmp = hmp->b_next) { 716 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 717 ntsn = ntohl(qdc->sdh_tsn); 718 if ((int32_t)(ntsn - tsn) > 1) { 719 return (NULL); 720 } 721 if (SCTP_DATA_GET_EBIT(qdc)) { 722 end = hmp; 723 break; 724 } 725 tsn = ntsn; 726 } 727 } 728 if (begin == NULL || end == NULL) { 729 return (NULL); 730 } 731 /* Got one!, Remove the msg from the list */ 732 if (sctp->sctp_uo_frags == begin) { 733 ASSERT(begin->b_prev == NULL); 734 sctp->sctp_uo_frags = end->b_next; 735 if (end->b_next != NULL) 736 end->b_next->b_prev = NULL; 737 } else { 738 begin->b_prev->b_next = end->b_next; 739 if (end->b_next != NULL) 740 end->b_next->b_prev = begin->b_prev; 741 } 742 begin->b_prev = NULL; 743 end->b_next = NULL; 744 745 /* 746 * Null out b_next and b_prev and chain using b_cont. 747 */ 748 dmp = end = begin; 749 hmp = begin->b_next; 750 *dc = (sctp_data_hdr_t *)begin->b_rptr; 751 begin->b_next = NULL; 752 while (hmp != NULL) { 753 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 754 hmp->b_rptr = (uchar_t *)(qdc + 1); 755 end = hmp->b_next; 756 dmp->b_cont = hmp; 757 dmp = hmp; 758 759 if (end != NULL) 760 hmp->b_next = NULL; 761 hmp->b_prev = NULL; 762 hmp = end; 763 } 764 BUMP_LOCAL(sctp->sctp_reassmsgs); 765 #ifdef DEBUG 766 mp1 = begin; 767 while (mp1 != NULL) { 768 ASSERT(mp1->b_next == NULL); 769 ASSERT(mp1->b_prev == NULL); 770 mp1 = mp1->b_cont; 771 } 772 #endif 773 return (begin); 774 } 775 /* 776 * Fragment list for ordered messages. 777 * If no error occures, error is set to 0. If we run out of memory, error 778 * is set to 1. If the peer commits a fatal error (like using different 779 * sequence numbers for the same data fragment series), the association is 780 * aborted and error is set to 2. 781 */ 782 static mblk_t * 783 sctp_data_frag(sctp_t *sctp, mblk_t *dmp, sctp_data_hdr_t **dc, int *error, 784 sctp_instr_t *sip, int trypartial, int *tpfinished) 785 { 786 mblk_t *hmp; 787 mblk_t *pmp; 788 mblk_t *qmp; 789 mblk_t *mp; 790 mblk_t *prev; 791 mblk_t *prevprev; 792 mblk_t *first_mp; 793 sctp_reass_t *srp; 794 sctp_data_hdr_t *qdc; 795 sctp_data_hdr_t *bdc; 796 sctp_data_hdr_t *edc; 797 uint32_t tsn; 798 799 /* 800 * We can overwrite the Link Layer + IP header here, I suppose. 801 * The M_CTL does not leave this function. We need to check 802 * DB_REF(dmp) before using DB_BASE(dmp), since there could be 803 * two fragments for different ssns in the same mblk. 804 */ 805 #define SCTP_NEW_REASS(nmp, dmp, srp, seterror) \ 806 if ((DB_REF(dmp) == 2) && (MBLKHEAD(dmp) >= \ 807 (sizeof (*(srp)) + sizeof (sctp_hdr_t)))) { \ 808 (nmp) = (dmp); \ 809 } else { \ 810 (nmp) = allocb(sizeof (*(srp)), BPRI_MED); \ 811 if ((nmp) == NULL) { \ 812 switch (seterror) { \ 813 case B_TRUE: \ 814 *error = 1; \ 815 break; \ 816 } \ 817 return (NULL); \ 818 } \ 819 DB_TYPE(nmp) = M_CTL; \ 820 (nmp)->b_cont = dmp; \ 821 } \ 822 (srp) = (sctp_reass_t *)DB_BASE(nmp); 823 824 *error = 0; 825 826 /* find the reassembly queue for this data chunk */ 827 hmp = qmp = sip->istr_reass; 828 for (; hmp != NULL; hmp = hmp->b_next) { 829 srp = (sctp_reass_t *)DB_BASE(hmp); 830 if (ntohs((*dc)->sdh_ssn) == srp->ssn) 831 goto foundit; 832 else if (SSN_GT(srp->ssn, ntohs((*dc)->sdh_ssn))) 833 break; 834 qmp = hmp; 835 } 836 837 SCTP_NEW_REASS(pmp, dmp, srp, B_TRUE); 838 srp->ssn = ntohs((*dc)->sdh_ssn); 839 srp->needed = 0; 840 srp->got = 1; 841 srp->tail = dmp; 842 srp->partial_delivered = B_FALSE; 843 844 if (hmp != NULL) { 845 if (sip->istr_reass == hmp) { 846 sip->istr_reass = pmp; 847 pmp->b_next = hmp; 848 pmp->b_prev = NULL; 849 hmp->b_prev = pmp; 850 } else { 851 qmp->b_next = pmp; 852 pmp->b_prev = qmp; 853 pmp->b_next = hmp; 854 hmp->b_prev = pmp; 855 } 856 } else { 857 /* make a new reass head and stick it on the end */ 858 if (sip->istr_reass == NULL) { 859 sip->istr_reass = pmp; 860 pmp->b_prev = NULL; 861 } else { 862 qmp->b_next = pmp; 863 pmp->b_prev = qmp; 864 } 865 pmp->b_next = NULL; 866 } 867 return (NULL); 868 foundit: 869 /* 870 * else already have a reassembly queue. Insert the new data chunk 871 * in the reassemble queue. Try the tail first, on the assumption 872 * that the fragments are coming in in order. 873 */ 874 875 qmp = srp->tail; 876 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 877 ASSERT(qmp->b_cont == NULL); 878 879 /* XXXIs it fine to do this just here? */ 880 if ((*dc)->sdh_sid != qdc->sdh_sid) { 881 /* our peer is fatally confused; XXX abort the assc */ 882 *error = 2; 883 return (NULL); 884 } 885 if (SEQ_GT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 886 qmp->b_cont = dmp; 887 srp->tail = dmp; 888 dmp->b_cont = NULL; 889 goto inserted; 890 } 891 892 /* Next check for insertion at the beginning */ 893 qmp = (DB_TYPE(hmp) == M_DATA) ? hmp : hmp->b_cont; 894 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 895 if (SEQ_LT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 896 if (DB_TYPE(hmp) == M_DATA) { 897 sctp_reass_t *srp1 = srp; 898 899 SCTP_NEW_REASS(pmp, dmp, srp, B_TRUE); 900 ASSERT(pmp->b_prev == NULL && pmp->b_next == NULL); 901 if (sip->istr_reass == hmp) { 902 sip->istr_reass = pmp; 903 if (hmp->b_next != NULL) { 904 hmp->b_next->b_prev = pmp; 905 pmp->b_next = hmp->b_next; 906 } 907 } else { 908 hmp->b_prev->b_next = pmp; 909 pmp->b_prev = hmp->b_prev; 910 if (hmp->b_next != NULL) { 911 hmp->b_next->b_prev = pmp; 912 pmp->b_next = hmp->b_next; 913 } 914 } 915 srp->ssn = srp1->ssn; 916 srp->needed = srp1->needed; 917 srp->got = srp1->got; 918 srp->tail = srp1->tail; 919 srp->partial_delivered = srp1->partial_delivered; 920 hmp->b_next = hmp->b_prev = NULL; 921 dmp->b_cont = hmp; 922 hmp = pmp; 923 } else { 924 ASSERT(DB_TYPE(hmp) == M_CTL); 925 dmp->b_cont = qmp; 926 hmp->b_cont = dmp; 927 } 928 goto inserted; 929 } 930 931 /* Insert somewhere in the middle */ 932 for (;;) { 933 /* Tail check above should have caught this */ 934 ASSERT(qmp->b_cont != NULL); 935 936 qdc = (sctp_data_hdr_t *)qmp->b_cont->b_rptr; 937 if (SEQ_LT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 938 /* insert here */ 939 dmp->b_cont = qmp->b_cont; 940 qmp->b_cont = dmp; 941 break; 942 } 943 qmp = qmp->b_cont; 944 } 945 946 inserted: 947 (srp->got)++; 948 first_mp = (DB_TYPE(hmp) == M_DATA) ? hmp : hmp->b_cont; 949 if (srp->needed == 0) { 950 /* check if we have the first and last fragments */ 951 bdc = (sctp_data_hdr_t *)first_mp->b_rptr; 952 edc = (sctp_data_hdr_t *)srp->tail->b_rptr; 953 954 /* calculate how many fragments are needed, if possible */ 955 if (SCTP_DATA_GET_BBIT(bdc) && SCTP_DATA_GET_EBIT(edc)) 956 srp->needed = ntohl(edc->sdh_tsn) - 957 ntohl(bdc->sdh_tsn) + 1; 958 } 959 960 if (srp->needed != srp->got) { 961 if (!trypartial) 962 return (NULL); 963 /* 964 * Try partial delivery. We need a consecutive run of 965 * at least two chunks, starting from the first chunk 966 * (which may have been the last + 1 chunk from a 967 * previous partial delivery). 968 */ 969 dprint(4, ("trypartial: got=%d, needed=%d\n", 970 (int)(srp->got), (int)(srp->needed))); 971 mp = first_mp; 972 if (mp->b_cont == NULL) { 973 /* need at least two chunks */ 974 dprint(4, ("trypartial: only 1 chunk\n")); 975 return (NULL); 976 } 977 978 qdc = (sctp_data_hdr_t *)mp->b_rptr; 979 if (!SCTP_DATA_GET_BBIT(qdc)) { 980 /* don't have first chunk; can't do it. */ 981 dprint(4, ("trypartial: no beginning\n")); 982 return (NULL); 983 } 984 985 tsn = ntohl(qdc->sdh_tsn) + 1; 986 987 /* 988 * This loop has two exit conditions: the 989 * end of received chunks has been reached, or 990 * there is a break in the sequence. We want 991 * to chop the reassembly list as follows (the 992 * numbers are TSNs): 993 * 10 -> 11 -> | 12 (end of chunks) 994 * 10 -> 11 -> | 12 -> 14 (break in sequence) 995 */ 996 prevprev = prev = mp; 997 mp = mp->b_cont; 998 while (mp != NULL) { 999 qdc = (sctp_data_hdr_t *)mp->b_rptr; 1000 if (ntohl(qdc->sdh_tsn) != tsn) { 1001 /* 1002 * break in sequence. 1003 * 1st and 2nd chunks are not sequntial. 1004 */ 1005 if (mp == first_mp->b_cont) 1006 return (NULL); 1007 /* Back up mp and prev */ 1008 mp = prev; 1009 prev = prevprev; 1010 break; 1011 } 1012 1013 /* end of sequence */ 1014 if (mp->b_cont == NULL) 1015 break; 1016 1017 prevprev = prev; 1018 prev = mp; 1019 mp = mp->b_cont; 1020 tsn++; 1021 } 1022 if (DB_TYPE(hmp) == M_DATA) { 1023 sctp_reass_t *srp1 = srp; 1024 1025 SCTP_NEW_REASS(pmp, mp, srp, B_FALSE); 1026 ASSERT(pmp->b_prev == NULL && pmp->b_next == NULL); 1027 if (sip->istr_reass == hmp) { 1028 sip->istr_reass = pmp; 1029 if (hmp->b_next != NULL) { 1030 hmp->b_next->b_prev = pmp; 1031 pmp->b_next = hmp->b_next; 1032 } 1033 } else { 1034 hmp->b_prev->b_next = pmp; 1035 pmp->b_prev = hmp->b_prev; 1036 if (hmp->b_next != NULL) { 1037 hmp->b_next->b_prev = pmp; 1038 pmp->b_next = hmp->b_next; 1039 } 1040 } 1041 srp->ssn = srp1->ssn; 1042 srp->needed = srp1->needed; 1043 srp->got = srp1->got; 1044 srp->tail = srp1->tail; 1045 hmp->b_next = hmp->b_prev = NULL; 1046 dmp = hmp; 1047 hmp = pmp; 1048 } else { 1049 ASSERT(DB_TYPE(hmp) == M_CTL); 1050 dmp = hmp->b_cont; 1051 hmp->b_cont = mp; 1052 } 1053 /* 1054 * mp now points at the last chunk in the sequence, 1055 * and prev points to mp's previous in the list. 1056 * We chop the list at prev, and convert mp into the 1057 * new list head by setting the B bit. Subsequence 1058 * fragment deliveries will follow the normal reassembly 1059 * path. 1060 */ 1061 prev->b_cont = NULL; 1062 bdc = (sctp_data_hdr_t *)mp->b_rptr; 1063 SCTP_DATA_SET_BBIT(bdc); 1064 *tpfinished = 0; 1065 srp->partial_delivered = B_TRUE; 1066 1067 dprint(4, ("trypartial: got some, got=%d, needed=%d\n", 1068 (int)(srp->got), (int)(srp->needed))); 1069 goto fixup; 1070 } 1071 1072 /* 1073 * else reassembly done; prepare the data for delivery. 1074 * First unlink hmp from the ssn list. 1075 */ 1076 if (sip->istr_reass == hmp) { 1077 sip->istr_reass = hmp->b_next; 1078 if (hmp->b_next) { 1079 hmp->b_next->b_prev = NULL; 1080 } 1081 } else { 1082 ASSERT(hmp->b_prev != NULL); 1083 hmp->b_prev->b_next = hmp->b_next; 1084 if (hmp->b_next) { 1085 hmp->b_next->b_prev = hmp->b_prev; 1086 } 1087 } 1088 1089 /* 1090 * Using b_prev and b_next was a little sinful, but OK since 1091 * this mblk is never put*'d. However, freeb() will still 1092 * ASSERT that they are unused, so we need to NULL them out now. 1093 */ 1094 hmp->b_next = NULL; 1095 hmp->b_prev = NULL; 1096 dmp = hmp; 1097 if (DB_TYPE(hmp) == M_CTL) { 1098 dmp = dmp->b_cont; 1099 hmp->b_cont = NULL; 1100 freeb(hmp); 1101 } 1102 *tpfinished = 1; 1103 1104 fixup: 1105 /* 1106 * Adjust all mblk's except the lead so their rptr's point to the 1107 * payload. sctp_data_chunk() will need to process the lead's 1108 * data chunk section, so leave it's rptr pointing at the data chunk. 1109 */ 1110 *dc = (sctp_data_hdr_t *)dmp->b_rptr; 1111 if (trypartial && !(*tpfinished)) { 1112 (srp->got)--; 1113 ASSERT(srp->got != 0); 1114 if (srp->needed != 0) { 1115 (srp->needed)--; 1116 ASSERT(srp->needed != 0); 1117 } 1118 } 1119 for (qmp = dmp->b_cont; qmp; qmp = qmp->b_cont) { 1120 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 1121 qmp->b_rptr = (uchar_t *)(qdc + 1); 1122 1123 /* 1124 * If in partial delivery, deduct the balance from got 1125 * and needed here, now that we know we are actually 1126 * delivering these data. 1127 */ 1128 if (trypartial && !(*tpfinished)) { 1129 (srp->got)--; 1130 ASSERT(srp->got != 0); 1131 if (srp->needed != 0) { 1132 (srp->needed)--; 1133 ASSERT(srp->needed != 0); 1134 } 1135 } 1136 } 1137 BUMP_LOCAL(sctp->sctp_reassmsgs); 1138 1139 return (dmp); 1140 } 1141 1142 static void 1143 sctp_add_dup(uint32_t tsn, mblk_t **dups) 1144 { 1145 mblk_t *mp; 1146 size_t bsize = SCTP_DUP_MBLK_SZ * sizeof (tsn); 1147 1148 if (dups == NULL) { 1149 return; 1150 } 1151 1152 /* first time? */ 1153 if (*dups == NULL) { 1154 *dups = allocb(bsize, BPRI_MED); 1155 if (*dups == NULL) { 1156 return; 1157 } 1158 } 1159 1160 mp = *dups; 1161 if ((mp->b_wptr - mp->b_rptr) >= bsize) { 1162 /* maximum reached */ 1163 return; 1164 } 1165 1166 /* add the duplicate tsn */ 1167 bcopy(&tsn, mp->b_wptr, sizeof (tsn)); 1168 mp->b_wptr += sizeof (tsn); 1169 ASSERT((mp->b_wptr - mp->b_rptr) <= bsize); 1170 } 1171 1172 static void 1173 sctp_data_chunk(sctp_t *sctp, sctp_chunk_hdr_t *ch, mblk_t *mp, mblk_t **dups, 1174 sctp_faddr_t *fp, ip6_pkt_t *ipp) 1175 { 1176 sctp_data_hdr_t *dc; 1177 mblk_t *dmp, *pmp; 1178 mblk_t *errmp; 1179 sctp_instr_t *instr; 1180 int ubit; 1181 int isfrag; 1182 uint16_t ssn; 1183 uint32_t oftsn; 1184 boolean_t can_deliver = B_TRUE; 1185 uint32_t tsn; 1186 int dlen; 1187 int trypartial = 0; 1188 int tpfinished = 1; 1189 int32_t new_rwnd; 1190 1191 /* The following are used multiple times, so we inline them */ 1192 #define SCTP_ACK_IT(sctp, tsn) \ 1193 if (tsn == sctp->sctp_ftsn) { \ 1194 dprint(2, ("data_chunk: acking next %x\n", tsn)); \ 1195 (sctp)->sctp_ftsn++; \ 1196 if ((sctp)->sctp_sack_gaps > 0) \ 1197 (sctp)->sctp_force_sack = 1; \ 1198 } else if (SEQ_GT(tsn, sctp->sctp_ftsn)) { \ 1199 /* Got a gap; record it */ \ 1200 dprint(2, ("data_chunk: acking gap %x\n", tsn)); \ 1201 sctp_ack_add(&sctp->sctp_sack_info, tsn, \ 1202 &sctp->sctp_sack_gaps); \ 1203 sctp->sctp_force_sack = 1; \ 1204 } 1205 1206 errmp = NULL; 1207 dmp = NULL; 1208 1209 dc = (sctp_data_hdr_t *)ch; 1210 tsn = ntohl(dc->sdh_tsn); 1211 1212 dprint(3, ("sctp_data_chunk: mp=%p tsn=%x\n", (void *)mp, tsn)); 1213 1214 /* Check for duplicates */ 1215 if (SEQ_LT(tsn, sctp->sctp_ftsn)) { 1216 dprint(4, ("sctp_data_chunk: dropping duplicate\n")); 1217 sctp->sctp_force_sack = 1; 1218 sctp_add_dup(dc->sdh_tsn, dups); 1219 return; 1220 } 1221 1222 if (sctp->sctp_sack_info != NULL) { 1223 sctp_set_t *sp; 1224 1225 for (sp = sctp->sctp_sack_info; sp; sp = sp->next) { 1226 if (SEQ_GEQ(tsn, sp->begin) && SEQ_LEQ(tsn, sp->end)) { 1227 dprint(4, 1228 ("sctp_data_chunk: dropping dup > cumtsn\n")); 1229 sctp->sctp_force_sack = 1; 1230 sctp_add_dup(dc->sdh_tsn, dups); 1231 return; 1232 } 1233 } 1234 } 1235 1236 /* We cannot deliver anything up now but we still need to handle it. */ 1237 if (SCTP_IS_DETACHED(sctp)) { 1238 BUMP_MIB(&sctp_mib, sctpInClosed); 1239 can_deliver = B_FALSE; 1240 } 1241 1242 dlen = ntohs(dc->sdh_len) - sizeof (*dc); 1243 1244 /* Check for buffer space */ 1245 if (sctp->sctp_rwnd - sctp->sctp_rxqueued < dlen) { 1246 /* Drop and SACK, but don't advance the cumulative TSN. */ 1247 sctp->sctp_force_sack = 1; 1248 dprint(0, ("sctp_data_chunk: exceed rwnd %d rxqueued %d " 1249 "ssn %d tsn %x\n", sctp->sctp_rwnd, 1250 sctp->sctp_rxqueued, dc->sdh_ssn, ntohl(dc->sdh_tsn))); 1251 return; 1252 } 1253 1254 if (ntohs(dc->sdh_sid) >= sctp->sctp_num_istr) { 1255 uint16_t inval_parm[2]; 1256 1257 inval_parm[0] = dc->sdh_sid; 1258 /* RESERVED to be ignored at the receiving end */ 1259 inval_parm[1] = 0; 1260 /* ack and drop it */ 1261 errmp = sctp_make_err(sctp, SCTP_ERR_BAD_SID, 1262 (char *)inval_parm, sizeof (inval_parm)); 1263 SCTP_ACK_IT(sctp, tsn); 1264 if (errmp != NULL) 1265 sctp_send_err(sctp, errmp, NULL); 1266 return; 1267 } 1268 1269 ubit = SCTP_DATA_GET_UBIT(dc); 1270 ASSERT(sctp->sctp_instr != NULL); 1271 instr = &sctp->sctp_instr[ntohs(dc->sdh_sid)]; 1272 /* Initialize the stream, if not yet used */ 1273 if (instr->sctp == NULL) 1274 instr->sctp = sctp; 1275 /* 1276 * If we are getting low on buffers set trypartial to try 1277 * a partial delivery if we are reassembling a fragmented 1278 * message. Only do this if we can immediately deliver the 1279 * partially assembled message, and only partially deliver 1280 * one message at a time (i.e. messages cannot be intermixed 1281 * arriving at the upper layer). A simple way to enforce 1282 * this is to only try partial delivery if this TSN is 1283 * the next expected TSN. Partial Delivery not supported 1284 * for un-ordered message. 1285 */ 1286 isfrag = !(SCTP_DATA_GET_BBIT(dc) && SCTP_DATA_GET_EBIT(dc)); 1287 ssn = ntohs(dc->sdh_ssn); 1288 if ((sctp->sctp_rwnd - sctp->sctp_rxqueued < SCTP_RECV_LOWATER) && 1289 !ubit && isfrag && (tsn == sctp->sctp_ftsn)) { 1290 trypartial = 1; 1291 } 1292 1293 dmp = dupb(mp); 1294 if (dmp == NULL) { 1295 /* drop it and don't ack it, causing the peer to retransmit */ 1296 return; 1297 } 1298 dmp->b_wptr = (uchar_t *)ch + ntohs(ch->sch_len); 1299 1300 sctp->sctp_rxqueued += dlen; 1301 1302 oftsn = sctp->sctp_ftsn; 1303 1304 if (isfrag) { 1305 int error = 0; 1306 1307 /* fragmented data chunk */ 1308 dmp->b_rptr = (uchar_t *)dc; 1309 if (ubit) { 1310 dmp = sctp_uodata_frag(sctp, dmp, &dc); 1311 #if DEBUG 1312 if (dmp != NULL) { 1313 ASSERT(instr == 1314 &sctp->sctp_instr[ntohs(dc->sdh_sid)]); 1315 } 1316 #endif 1317 } else { 1318 dmp = sctp_data_frag(sctp, dmp, &dc, &error, instr, 1319 trypartial, &tpfinished); 1320 } 1321 if (error != 0) { 1322 sctp->sctp_rxqueued -= dlen; 1323 if (error == 1) { 1324 /* 1325 * out of memory; don't ack it so 1326 * the peer retransmits 1327 */ 1328 return; 1329 } else if (error == 2) { 1330 /* 1331 * fatal error (i.e. peer used different 1332 * ssn's for same fragmented data) -- 1333 * the association has been aborted. 1334 * XXX need to return errval so state 1335 * machine can also abort processing. 1336 */ 1337 dprint(0, ("error 2: must not happen!\n")); 1338 return; 1339 } 1340 } 1341 1342 if (dmp == NULL) { 1343 /* 1344 * Can't process this data now, but the cumulative 1345 * TSN may be advanced, so do the checks at done. 1346 */ 1347 SCTP_ACK_IT(sctp, tsn); 1348 goto done; 1349 } 1350 } 1351 1352 if (!ubit && !trypartial && ssn != instr->nextseq) { 1353 /* Adjust rptr to point at the data chunk for compares */ 1354 dmp->b_rptr = (uchar_t *)dc; 1355 1356 dprint(2, 1357 ("data_chunk: inserted %x in pq (ssn %d expected %d)\n", 1358 ntohl(dc->sdh_tsn), (int)(ssn), (int)(instr->nextseq))); 1359 1360 if (instr->istr_msgs == NULL) { 1361 instr->istr_msgs = dmp; 1362 ASSERT(dmp->b_prev == NULL && dmp->b_next == NULL); 1363 } else { 1364 mblk_t *imblk = instr->istr_msgs; 1365 sctp_data_hdr_t *idc; 1366 1367 /* 1368 * XXXNeed to take sequence wraps into account, 1369 * ... and a more efficient insertion algo. 1370 */ 1371 for (;;) { 1372 idc = (sctp_data_hdr_t *)imblk->b_rptr; 1373 if (SSN_GT(ntohs(idc->sdh_ssn), 1374 ntohs(dc->sdh_ssn))) { 1375 if (instr->istr_msgs == imblk) { 1376 instr->istr_msgs = dmp; 1377 dmp->b_next = imblk; 1378 imblk->b_prev = dmp; 1379 } else { 1380 ASSERT(imblk->b_prev != NULL); 1381 imblk->b_prev->b_next = dmp; 1382 dmp->b_prev = imblk->b_prev; 1383 imblk->b_prev = dmp; 1384 dmp->b_next = imblk; 1385 } 1386 break; 1387 } 1388 if (imblk->b_next == NULL) { 1389 imblk->b_next = dmp; 1390 dmp->b_prev = imblk; 1391 break; 1392 } 1393 imblk = imblk->b_next; 1394 } 1395 } 1396 (instr->istr_nmsgs)++; 1397 (sctp->sctp_istr_nmsgs)++; 1398 SCTP_ACK_IT(sctp, tsn); 1399 return; 1400 } 1401 1402 /* 1403 * Else we can deliver the data directly. Recalculate 1404 * dlen now since we may have reassembled data. 1405 */ 1406 dlen = dmp->b_wptr - (uchar_t *)dc - sizeof (*dc); 1407 for (pmp = dmp->b_cont; pmp != NULL; pmp = pmp->b_cont) 1408 dlen += pmp->b_wptr - pmp->b_rptr; 1409 ASSERT(sctp->sctp_rxqueued >= dlen); 1410 ASSERT(sctp->sctp_rwnd >= dlen); 1411 1412 /* Deliver the message. */ 1413 sctp->sctp_rxqueued -= dlen; 1414 1415 if (can_deliver) { 1416 dmp->b_rptr = (uchar_t *)(dc + 1); 1417 if (sctp_input_add_ancillary(sctp, &dmp, dc, fp, ipp) == 0) { 1418 dprint(1, ("sctp_data_chunk: delivering %lu bytes\n", 1419 msgdsize(dmp))); 1420 sctp->sctp_rwnd -= dlen; 1421 new_rwnd = sctp->sctp_ulp_recv(sctp->sctp_ulpd, dmp, 1422 tpfinished ? 0 : SCTP_PARTIAL_DATA); 1423 if (new_rwnd > sctp->sctp_rwnd) { 1424 sctp->sctp_rwnd = new_rwnd; 1425 } 1426 SCTP_ACK_IT(sctp, tsn); 1427 } else { 1428 /* Just free the message if we don't have memory. */ 1429 freemsg(dmp); 1430 return; 1431 } 1432 } else { 1433 /* About to free the data */ 1434 freemsg(dmp); 1435 SCTP_ACK_IT(sctp, tsn); 1436 } 1437 1438 /* 1439 * data, now enqueued, may already have been processed and free'd 1440 * by the ULP (or we may have just freed it above, if we could not 1441 * deliver it), so we must not reference it (this is why we kept 1442 * the ssn and ubit above). 1443 */ 1444 if (ubit != 0) { 1445 BUMP_LOCAL(sctp->sctp_iudchunks); 1446 goto done; 1447 } 1448 BUMP_LOCAL(sctp->sctp_idchunks); 1449 1450 /* 1451 * If there was a partial delivery and it has not finished, 1452 * don't pull anything from the pqueues. 1453 */ 1454 if (!tpfinished) { 1455 goto done; 1456 } 1457 1458 instr->nextseq = ssn + 1; 1459 /* Deliver any successive data chunks in the instr queue */ 1460 while (instr->istr_nmsgs > 0) { 1461 dmp = (mblk_t *)instr->istr_msgs; 1462 dc = (sctp_data_hdr_t *)dmp->b_rptr; 1463 ssn = ntohs(dc->sdh_ssn); 1464 /* Gap in the sequence */ 1465 if (ssn != instr->nextseq) 1466 break; 1467 1468 /* Else deliver the data */ 1469 (instr->istr_nmsgs)--; 1470 (instr->nextseq)++; 1471 (sctp->sctp_istr_nmsgs)--; 1472 1473 instr->istr_msgs = instr->istr_msgs->b_next; 1474 if (instr->istr_msgs != NULL) 1475 instr->istr_msgs->b_prev = NULL; 1476 dmp->b_next = dmp->b_prev = NULL; 1477 1478 dprint(2, ("data_chunk: pulling %x from pq (ssn %d)\n", 1479 ntohl(dc->sdh_tsn), (int)ssn)); 1480 1481 /* 1482 * If this chunk was reassembled, each b_cont represents 1483 * another TSN; advance ftsn now. 1484 */ 1485 dlen = dmp->b_wptr - dmp->b_rptr - sizeof (*dc); 1486 for (pmp = dmp->b_cont; pmp; pmp = pmp->b_cont) 1487 dlen += pmp->b_wptr - pmp->b_rptr; 1488 1489 ASSERT(sctp->sctp_rxqueued >= dlen); 1490 ASSERT(sctp->sctp_rwnd >= dlen); 1491 1492 sctp->sctp_rxqueued -= dlen; 1493 if (can_deliver) { 1494 dmp->b_rptr = (uchar_t *)(dc + 1); 1495 if (sctp_input_add_ancillary(sctp, &dmp, dc, fp, 1496 ipp) == 0) { 1497 dprint(1, ("sctp_data_chunk: delivering %lu " 1498 "bytes\n", msgdsize(dmp))); 1499 sctp->sctp_rwnd -= dlen; 1500 new_rwnd = sctp->sctp_ulp_recv(sctp->sctp_ulpd, 1501 dmp, tpfinished ? 0 : SCTP_PARTIAL_DATA); 1502 if (new_rwnd > sctp->sctp_rwnd) { 1503 sctp->sctp_rwnd = new_rwnd; 1504 } 1505 SCTP_ACK_IT(sctp, tsn); 1506 } else { 1507 freemsg(dmp); 1508 return; 1509 } 1510 } else { 1511 /* About to free the data */ 1512 freemsg(dmp); 1513 SCTP_ACK_IT(sctp, tsn); 1514 } 1515 } 1516 1517 done: 1518 1519 /* 1520 * If there are gap reports pending, check if advancing 1521 * the ftsn here closes a gap. If so, we can advance 1522 * ftsn to the end of the set. 1523 */ 1524 if (sctp->sctp_sack_info != NULL && 1525 sctp->sctp_ftsn == sctp->sctp_sack_info->begin) { 1526 sctp->sctp_ftsn = sctp->sctp_sack_info->end + 1; 1527 } 1528 /* 1529 * If ftsn has moved forward, maybe we can remove gap reports. 1530 * NB: dmp may now be NULL, so don't dereference it here. 1531 */ 1532 if (oftsn != sctp->sctp_ftsn && sctp->sctp_sack_info != NULL) { 1533 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 1534 &sctp->sctp_sack_gaps); 1535 dprint(2, ("data_chunk: removed acks before %x (num=%d)\n", 1536 sctp->sctp_ftsn - 1, sctp->sctp_sack_gaps)); 1537 } 1538 1539 #ifdef DEBUG 1540 if (sctp->sctp_sack_info != NULL) { 1541 ASSERT(sctp->sctp_ftsn != sctp->sctp_sack_info->begin); 1542 } 1543 #endif 1544 1545 #undef SCTP_ACK_IT 1546 } 1547 1548 void 1549 sctp_fill_sack(sctp_t *sctp, unsigned char *dst, int sacklen) 1550 { 1551 sctp_chunk_hdr_t *sch; 1552 sctp_sack_chunk_t *sc; 1553 sctp_sack_frag_t *sf; 1554 uint16_t num_gaps = sctp->sctp_sack_gaps; 1555 sctp_set_t *sp; 1556 1557 /* Chunk hdr */ 1558 sch = (sctp_chunk_hdr_t *)dst; 1559 sch->sch_id = CHUNK_SACK; 1560 sch->sch_flags = 0; 1561 sch->sch_len = htons(sacklen); 1562 1563 /* SACK chunk */ 1564 sctp->sctp_lastacked = sctp->sctp_ftsn - 1; 1565 1566 sc = (sctp_sack_chunk_t *)(sch + 1); 1567 sc->ssc_cumtsn = htonl(sctp->sctp_lastacked); 1568 if (sctp->sctp_rxqueued < sctp->sctp_rwnd) { 1569 sc->ssc_a_rwnd = htonl(sctp->sctp_rwnd - sctp->sctp_rxqueued); 1570 } else { 1571 sc->ssc_a_rwnd = 0; 1572 } 1573 sc->ssc_numfrags = htons(num_gaps); 1574 sc->ssc_numdups = 0; 1575 1576 /* lay in gap reports */ 1577 sf = (sctp_sack_frag_t *)(sc + 1); 1578 for (sp = sctp->sctp_sack_info; sp; sp = sp->next) { 1579 uint16_t offset; 1580 1581 /* start */ 1582 if (sp->begin > sctp->sctp_lastacked) { 1583 offset = (uint16_t)(sp->begin - sctp->sctp_lastacked); 1584 } else { 1585 /* sequence number wrap */ 1586 offset = (uint16_t)(UINT32_MAX - sctp->sctp_lastacked + 1587 sp->begin); 1588 } 1589 sf->ssf_start = htons(offset); 1590 1591 /* end */ 1592 if (sp->end >= sp->begin) { 1593 offset += (uint16_t)(sp->end - sp->begin); 1594 } else { 1595 /* sequence number wrap */ 1596 offset += (uint16_t)(UINT32_MAX - sp->begin + sp->end); 1597 } 1598 sf->ssf_end = htons(offset); 1599 1600 sf++; 1601 /* This is just for debugging (a la the following assertion) */ 1602 num_gaps--; 1603 } 1604 1605 ASSERT(num_gaps == 0); 1606 1607 /* If the SACK timer is running, stop it */ 1608 if (sctp->sctp_ack_timer_running) { 1609 sctp_timer_stop(sctp->sctp_ack_mp); 1610 sctp->sctp_ack_timer_running = B_FALSE; 1611 } 1612 1613 BUMP_LOCAL(sctp->sctp_obchunks); 1614 } 1615 1616 mblk_t * 1617 sctp_make_sack(sctp_t *sctp, sctp_faddr_t *sendto, mblk_t *dups) 1618 { 1619 mblk_t *smp; 1620 size_t slen; 1621 sctp_chunk_hdr_t *sch; 1622 sctp_sack_chunk_t *sc; 1623 1624 if (sctp->sctp_force_sack) { 1625 sctp->sctp_force_sack = 0; 1626 goto checks_done; 1627 } 1628 1629 if (sctp->sctp_state == SCTPS_ESTABLISHED) { 1630 if (sctp->sctp_sack_toggle < 2) { 1631 /* no need to SACK right now */ 1632 dprint(2, ("sctp_make_sack: %p no sack (toggle)\n", 1633 (void *)sctp)); 1634 return (NULL); 1635 } else if (sctp->sctp_sack_toggle >= 2) { 1636 sctp->sctp_sack_toggle = 0; 1637 } 1638 } 1639 1640 if (sctp->sctp_ftsn == sctp->sctp_lastacked + 1) { 1641 dprint(2, ("sctp_make_sack: %p no sack (already)\n", 1642 (void *)sctp)); 1643 return (NULL); 1644 } 1645 1646 checks_done: 1647 dprint(2, ("sctp_make_sack: acking %x\n", sctp->sctp_ftsn - 1)); 1648 1649 slen = sizeof (*sch) + sizeof (*sc) + 1650 (sizeof (sctp_sack_frag_t) * sctp->sctp_sack_gaps); 1651 smp = sctp_make_mp(sctp, sendto, slen); 1652 if (smp == NULL) { 1653 SCTP_KSTAT(sctp_send_sack_failed); 1654 return (NULL); 1655 } 1656 sch = (sctp_chunk_hdr_t *)smp->b_wptr; 1657 1658 sctp_fill_sack(sctp, smp->b_wptr, slen); 1659 smp->b_wptr += slen; 1660 if (dups) { 1661 sc = (sctp_sack_chunk_t *)(sch + 1); 1662 sc->ssc_numdups = htons((dups->b_wptr - dups->b_rptr) 1663 / sizeof (uint32_t)); 1664 sch->sch_len = htons(slen + (dups->b_wptr - dups->b_rptr)); 1665 smp->b_cont = dups; 1666 } 1667 1668 return (smp); 1669 } 1670 1671 void 1672 sctp_sack(sctp_t *sctp, mblk_t *dups) 1673 { 1674 mblk_t *smp; 1675 1676 /* If we are shutting down, let send_shutdown() bundle the SACK */ 1677 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 1678 sctp_send_shutdown(sctp, 0); 1679 } 1680 1681 ASSERT(sctp->sctp_lastdata != NULL); 1682 1683 if ((smp = sctp_make_sack(sctp, sctp->sctp_lastdata, dups)) == NULL) { 1684 /* The caller of sctp_sack() will not free the dups mblk. */ 1685 if (dups != NULL) 1686 freeb(dups); 1687 return; 1688 } 1689 1690 sctp_set_iplen(sctp, smp); 1691 1692 dprint(2, ("sctp_sack: sending to %p %x:%x:%x:%x\n", 1693 (void *)sctp->sctp_lastdata, 1694 SCTP_PRINTADDR(sctp->sctp_lastdata->faddr))); 1695 1696 sctp->sctp_active = lbolt64; 1697 1698 BUMP_MIB(&sctp_mib, sctpOutAck); 1699 sctp_add_sendq(sctp, smp); 1700 } 1701 1702 /* 1703 * This is called if we have a message that was partially sent and is 1704 * abandoned. The cum TSN will be the last chunk sent for this message, 1705 * subsequent chunks will be marked ABANDONED. We send a Forward TSN 1706 * chunk in this case with the TSN of the last sent chunk so that the 1707 * peer can clean up its fragment list for this message. This message 1708 * will be removed from the transmit list when the peer sends a SACK 1709 * back. 1710 */ 1711 int 1712 sctp_check_abandoned_msg(sctp_t *sctp, mblk_t *meta) 1713 { 1714 sctp_data_hdr_t *dh; 1715 mblk_t *nmp; 1716 mblk_t *head; 1717 int32_t unsent = 0; 1718 mblk_t *mp1 = meta->b_cont; 1719 uint32_t adv_pap = sctp->sctp_adv_pap; 1720 sctp_faddr_t *fp = sctp->sctp_current; 1721 1722 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1723 if (SEQ_GEQ(sctp->sctp_lastack_rxd, ntohl(dh->sdh_tsn))) { 1724 sctp_ftsn_set_t *sets = NULL; 1725 uint_t nsets = 0; 1726 uint32_t seglen = sizeof (uint32_t); 1727 boolean_t ubit = SCTP_DATA_GET_UBIT(dh); 1728 1729 while (mp1->b_next != NULL && SCTP_CHUNK_ISSENT(mp1->b_next)) 1730 mp1 = mp1->b_next; 1731 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1732 sctp->sctp_adv_pap = ntohl(dh->sdh_tsn); 1733 if (!ubit && 1734 !sctp_add_ftsn_set(&sets, fp, meta, &nsets, &seglen)) { 1735 sctp->sctp_adv_pap = adv_pap; 1736 return (ENOMEM); 1737 } 1738 nmp = sctp_make_ftsn_chunk(sctp, fp, sets, nsets, seglen); 1739 sctp_free_ftsn_set(sets); 1740 if (nmp == NULL) { 1741 sctp->sctp_adv_pap = adv_pap; 1742 return (ENOMEM); 1743 } 1744 head = sctp_add_proto_hdr(sctp, fp, nmp, 0, NULL); 1745 if (head == NULL) { 1746 sctp->sctp_adv_pap = adv_pap; 1747 freemsg(nmp); 1748 SCTP_KSTAT(sctp_send_ftsn_failed); 1749 return (ENOMEM); 1750 } 1751 SCTP_MSG_SET_ABANDONED(meta); 1752 sctp_set_iplen(sctp, head); 1753 sctp_add_sendq(sctp, head); 1754 if (!fp->timer_running) 1755 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->rto); 1756 mp1 = mp1->b_next; 1757 while (mp1 != NULL) { 1758 ASSERT(!SCTP_CHUNK_ISSENT(mp1)); 1759 ASSERT(!SCTP_CHUNK_ABANDONED(mp1)); 1760 SCTP_ABANDON_CHUNK(mp1); 1761 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1762 unsent += ntohs(dh->sdh_len) - sizeof (*dh); 1763 mp1 = mp1->b_next; 1764 } 1765 ASSERT(sctp->sctp_unsent >= unsent); 1766 sctp->sctp_unsent -= unsent; 1767 /* 1768 * Update ULP the amount of queued data, which is 1769 * sent-unack'ed + unsent. 1770 */ 1771 if (!SCTP_IS_DETACHED(sctp)) { 1772 sctp->sctp_ulp_xmitted(sctp->sctp_ulpd, 1773 sctp->sctp_unacked + sctp->sctp_unsent); 1774 } 1775 return (0); 1776 } 1777 return (-1); 1778 } 1779 1780 uint32_t 1781 sctp_cumack(sctp_t *sctp, uint32_t tsn, mblk_t **first_unacked) 1782 { 1783 mblk_t *ump, *nump, *mp = NULL; 1784 uint16_t chunklen; 1785 uint32_t xtsn; 1786 sctp_faddr_t *fp; 1787 sctp_data_hdr_t *sdc; 1788 uint32_t cumack_forward = 0; 1789 sctp_msg_hdr_t *mhdr; 1790 1791 ump = sctp->sctp_xmit_head; 1792 1793 /* 1794 * Free messages only when they're completely acked. 1795 */ 1796 while (ump != NULL) { 1797 mhdr = (sctp_msg_hdr_t *)ump->b_rptr; 1798 for (mp = ump->b_cont; mp != NULL; mp = mp->b_next) { 1799 if (SCTP_CHUNK_ABANDONED(mp)) { 1800 ASSERT(SCTP_IS_MSG_ABANDONED(ump)); 1801 mp = NULL; 1802 break; 1803 } 1804 /* 1805 * We check for abandoned message if we are PR-SCTP 1806 * aware, if this is not the first chunk in the 1807 * message (b_cont) and if the message is marked 1808 * abandoned. 1809 */ 1810 if (!SCTP_CHUNK_ISSENT(mp)) { 1811 if (sctp->sctp_prsctp_aware && 1812 mp != ump->b_cont && 1813 (SCTP_IS_MSG_ABANDONED(ump) || 1814 SCTP_MSG_TO_BE_ABANDONED(ump, mhdr, 1815 sctp))) { 1816 (void) sctp_check_abandoned_msg(sctp, 1817 ump); 1818 } 1819 goto cum_ack_done; 1820 } 1821 sdc = (sctp_data_hdr_t *)mp->b_rptr; 1822 xtsn = ntohl(sdc->sdh_tsn); 1823 if (SEQ_GEQ(sctp->sctp_lastack_rxd, xtsn)) 1824 continue; 1825 if (SEQ_GEQ(tsn, xtsn)) { 1826 fp = SCTP_CHUNK_DEST(mp); 1827 chunklen = ntohs(sdc->sdh_len); 1828 1829 if (sctp->sctp_out_time != 0 && 1830 xtsn == sctp->sctp_rtt_tsn) { 1831 /* Got a new RTT measurement */ 1832 sctp_update_rtt(sctp, fp, 1833 lbolt64 - sctp->sctp_out_time); 1834 sctp->sctp_out_time = 0; 1835 } 1836 if (SCTP_CHUNK_ISACKED(mp)) 1837 continue; 1838 SCTP_CHUNK_SET_SACKCNT(mp, 0); 1839 SCTP_CHUNK_ACKED(mp); 1840 ASSERT(fp->suna >= chunklen); 1841 fp->suna -= chunklen; 1842 fp->acked += chunklen; 1843 cumack_forward += chunklen; 1844 ASSERT(sctp->sctp_unacked >= 1845 (chunklen - sizeof (*sdc))); 1846 sctp->sctp_unacked -= 1847 (chunklen - sizeof (*sdc)); 1848 if (fp->suna == 0) { 1849 /* all outstanding data acked */ 1850 fp->pba = 0; 1851 SCTP_FADDR_TIMER_STOP(fp); 1852 } else { 1853 SCTP_FADDR_TIMER_RESTART(sctp, fp, 1854 fp->rto); 1855 } 1856 } else { 1857 goto cum_ack_done; 1858 } 1859 } 1860 nump = ump->b_next; 1861 if (nump != NULL) 1862 nump->b_prev = NULL; 1863 if (ump == sctp->sctp_xmit_tail) 1864 sctp->sctp_xmit_tail = nump; 1865 if (SCTP_IS_MSG_ABANDONED(ump)) { 1866 BUMP_LOCAL(sctp->sctp_prsctpdrop); 1867 ump->b_next = NULL; 1868 sctp_sendfail_event(sctp, ump, 0, B_TRUE); 1869 } else { 1870 sctp_free_msg(ump); 1871 } 1872 sctp->sctp_xmit_head = ump = nump; 1873 } 1874 cum_ack_done: 1875 *first_unacked = mp; 1876 if (cumack_forward > 0) { 1877 BUMP_MIB(&sctp_mib, sctpInAck); 1878 if (SEQ_GT(sctp->sctp_lastack_rxd, sctp->sctp_recovery_tsn)) { 1879 sctp->sctp_recovery_tsn = sctp->sctp_lastack_rxd; 1880 } 1881 1882 /* 1883 * Update ULP the amount of queued data, which is 1884 * sent-unack'ed + unsent. 1885 */ 1886 if (!SCTP_IS_DETACHED(sctp)) { 1887 sctp->sctp_ulp_xmitted(sctp->sctp_ulpd, 1888 sctp->sctp_unacked + sctp->sctp_unsent); 1889 } 1890 1891 /* Time to send a shutdown? */ 1892 if (sctp->sctp_state == SCTPS_SHUTDOWN_PENDING) { 1893 sctp_send_shutdown(sctp, 0); 1894 } 1895 sctp->sctp_xmit_unacked = mp; 1896 } else { 1897 /* dup ack */ 1898 BUMP_MIB(&sctp_mib, sctpInDupAck); 1899 } 1900 sctp->sctp_lastack_rxd = tsn; 1901 if (SEQ_LT(sctp->sctp_adv_pap, sctp->sctp_lastack_rxd)) 1902 sctp->sctp_adv_pap = sctp->sctp_lastack_rxd; 1903 ASSERT(sctp->sctp_xmit_head || sctp->sctp_unacked == 0); 1904 1905 return (cumack_forward); 1906 } 1907 1908 static int 1909 sctp_set_frwnd(sctp_t *sctp, uint32_t frwnd) 1910 { 1911 uint32_t orwnd; 1912 1913 if (sctp->sctp_unacked > frwnd) { 1914 sctp->sctp_frwnd = 0; 1915 return (0); 1916 } 1917 orwnd = sctp->sctp_frwnd; 1918 sctp->sctp_frwnd = frwnd - sctp->sctp_unacked; 1919 if (orwnd < sctp->sctp_frwnd) { 1920 return (1); 1921 } else { 1922 return (0); 1923 } 1924 } 1925 1926 /* 1927 * For un-ordered messages. 1928 * Walk the sctp->sctp_uo_frag list and remove any fragments with TSN 1929 * less than/equal to ftsn. Fragments for un-ordered messages are 1930 * strictly in sequence (w.r.t TSN). 1931 */ 1932 static int 1933 sctp_ftsn_check_uo_frag(sctp_t *sctp, uint32_t ftsn) 1934 { 1935 mblk_t *hmp; 1936 mblk_t *hmp_next; 1937 sctp_data_hdr_t *dc; 1938 int dlen = 0; 1939 1940 hmp = sctp->sctp_uo_frags; 1941 while (hmp != NULL) { 1942 hmp_next = hmp->b_next; 1943 dc = (sctp_data_hdr_t *)hmp->b_rptr; 1944 if (SEQ_GT(ntohl(dc->sdh_tsn), ftsn)) 1945 return (dlen); 1946 sctp->sctp_uo_frags = hmp_next; 1947 if (hmp_next != NULL) 1948 hmp_next->b_prev = NULL; 1949 hmp->b_next = NULL; 1950 dlen += ntohs(dc->sdh_len) - sizeof (*dc); 1951 freeb(hmp); 1952 hmp = hmp_next; 1953 } 1954 return (dlen); 1955 } 1956 1957 /* 1958 * For ordered messages. 1959 * Check for existing fragments for an sid-ssn pair reported as abandoned, 1960 * hence will not receive, in the Forward TSN. If there are fragments, then 1961 * we just nuke them. If and when Partial Delivery API is supported, we 1962 * would need to send a notification to the upper layer about this. 1963 */ 1964 static int 1965 sctp_ftsn_check_frag(sctp_t *sctp, uint16_t ssn, sctp_instr_t *sip) 1966 { 1967 sctp_reass_t *srp; 1968 mblk_t *hmp; 1969 mblk_t *dmp; 1970 mblk_t *hmp_next; 1971 sctp_data_hdr_t *dc; 1972 int dlen = 0; 1973 1974 hmp = sip->istr_reass; 1975 while (hmp != NULL) { 1976 hmp_next = hmp->b_next; 1977 srp = (sctp_reass_t *)DB_BASE(hmp); 1978 if (SSN_GT(srp->ssn, ssn)) 1979 return (dlen); 1980 /* 1981 * If we had sent part of this message up, send a partial 1982 * delivery event. Since this is ordered delivery, we should 1983 * have sent partial message only for the next in sequence, 1984 * hence the ASSERT. See comments in sctp_data_chunk() for 1985 * trypartial. 1986 */ 1987 if (srp->partial_delivered) { 1988 ASSERT(sip->nextseq == srp->ssn); 1989 sctp_partial_delivery_event(sctp); 1990 } 1991 /* Take it out of the reass queue */ 1992 sip->istr_reass = hmp_next; 1993 if (hmp_next != NULL) 1994 hmp_next->b_prev = NULL; 1995 hmp->b_next = NULL; 1996 ASSERT(hmp->b_prev == NULL); 1997 dmp = hmp; 1998 if (DB_TYPE(hmp) == M_CTL) { 1999 dmp = hmp->b_cont; 2000 hmp->b_cont = NULL; 2001 freeb(hmp); 2002 hmp = dmp; 2003 } 2004 while (dmp != NULL) { 2005 dc = (sctp_data_hdr_t *)dmp->b_rptr; 2006 dlen += ntohs(dc->sdh_len) - sizeof (*dc); 2007 dmp = dmp->b_cont; 2008 } 2009 freemsg(hmp); 2010 hmp = hmp_next; 2011 } 2012 return (dlen); 2013 } 2014 2015 /* 2016 * Update sctp_ftsn to the cumulative TSN from the Forward TSN chunk. Remove 2017 * any SACK gaps less than the newly updated sctp_ftsn. Walk through the 2018 * sid-ssn pair in the Forward TSN and for each, clean the fragment list 2019 * for this pair, if needed, and check if we can deliver subsequent 2020 * messages, if any, from the instream queue (that were waiting for this 2021 * sid-ssn message to show up). Once we are done try to update the SACK 2022 * info. We could get a duplicate Forward TSN, in which case just send 2023 * a SACK. If any of the sid values in the the Forward TSN is invalid, 2024 * send back an "Invalid Stream Identifier" error and continue processing 2025 * the rest. 2026 */ 2027 static void 2028 sctp_process_forward_tsn(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp, 2029 ip6_pkt_t *ipp) 2030 { 2031 uint32_t *ftsn = (uint32_t *)(ch + 1); 2032 ftsn_entry_t *ftsn_entry; 2033 sctp_instr_t *instr; 2034 boolean_t can_deliver = B_TRUE; 2035 size_t dlen; 2036 int flen; 2037 mblk_t *dmp; 2038 mblk_t *pmp; 2039 sctp_data_hdr_t *dc; 2040 ssize_t remaining; 2041 2042 *ftsn = ntohl(*ftsn); 2043 remaining = ntohs(ch->sch_len) - sizeof (*ch) - sizeof (*ftsn); 2044 2045 if (SCTP_IS_DETACHED(sctp)) { 2046 BUMP_MIB(&sctp_mib, sctpInClosed); 2047 can_deliver = B_FALSE; 2048 } 2049 /* 2050 * un-ordered messages don't have SID-SSN pair entries, we check 2051 * for any fragments (for un-ordered message) to be discarded using 2052 * the cumulative FTSN. 2053 */ 2054 flen = sctp_ftsn_check_uo_frag(sctp, *ftsn); 2055 if (flen > 0) { 2056 ASSERT(sctp->sctp_rxqueued >= flen); 2057 sctp->sctp_rxqueued -= flen; 2058 } 2059 ftsn_entry = (ftsn_entry_t *)(ftsn + 1); 2060 while (remaining >= sizeof (*ftsn_entry)) { 2061 ftsn_entry->ftsn_sid = ntohs(ftsn_entry->ftsn_sid); 2062 ftsn_entry->ftsn_ssn = ntohs(ftsn_entry->ftsn_ssn); 2063 if (ftsn_entry->ftsn_sid >= sctp->sctp_num_istr) { 2064 uint16_t inval_parm[2]; 2065 mblk_t *errmp; 2066 2067 inval_parm[0] = htons(ftsn_entry->ftsn_sid); 2068 /* RESERVED to be ignored at the receiving end */ 2069 inval_parm[1] = 0; 2070 errmp = sctp_make_err(sctp, SCTP_ERR_BAD_SID, 2071 (char *)inval_parm, sizeof (inval_parm)); 2072 if (errmp != NULL) 2073 sctp_send_err(sctp, errmp, NULL); 2074 ftsn_entry++; 2075 remaining -= sizeof (*ftsn_entry); 2076 continue; 2077 } 2078 instr = &sctp->sctp_instr[ftsn_entry->ftsn_sid]; 2079 flen = sctp_ftsn_check_frag(sctp, ftsn_entry->ftsn_ssn, instr); 2080 /* Indicates frags were nuked, update rxqueued */ 2081 if (flen > 0) { 2082 ASSERT(sctp->sctp_rxqueued >= flen); 2083 sctp->sctp_rxqueued -= flen; 2084 } 2085 /* 2086 * It is possible to receive an FTSN chunk with SSN smaller 2087 * than then nextseq if this chunk is a retransmission because 2088 * of incomplete processing when it was first processed. 2089 */ 2090 if (SSN_GE(ftsn_entry->ftsn_ssn, instr->nextseq)) 2091 instr->nextseq = ftsn_entry->ftsn_ssn + 1; 2092 while (instr->istr_nmsgs > 0) { 2093 mblk_t *next; 2094 2095 dmp = (mblk_t *)instr->istr_msgs; 2096 dc = (sctp_data_hdr_t *)dmp->b_rptr; 2097 if (ntohs(dc->sdh_ssn) != instr->nextseq) 2098 break; 2099 2100 next = dmp->b_next; 2101 dlen = dmp->b_wptr - dmp->b_rptr - sizeof (*dc); 2102 for (pmp = dmp->b_cont; pmp != NULL; 2103 pmp = pmp->b_cont) { 2104 dlen += pmp->b_wptr - pmp->b_rptr; 2105 } 2106 if (can_deliver) { 2107 int32_t nrwnd; 2108 2109 dmp->b_rptr = (uchar_t *)(dc + 1); 2110 dmp->b_next = NULL; 2111 ASSERT(dmp->b_prev == NULL); 2112 if (sctp_input_add_ancillary(sctp, 2113 &dmp, dc, fp, ipp) == 0) { 2114 sctp->sctp_rxqueued -= dlen; 2115 sctp->sctp_rwnd -= dlen; 2116 nrwnd = sctp->sctp_ulp_recv( 2117 sctp->sctp_ulpd, dmp, 0); 2118 if (nrwnd > sctp->sctp_rwnd) 2119 sctp->sctp_rwnd = nrwnd; 2120 } else { 2121 /* 2122 * We will resume processing when 2123 * the FTSN chunk is re-xmitted. 2124 */ 2125 dmp->b_rptr = (uchar_t *)dc; 2126 dmp->b_next = next; 2127 dprint(0, 2128 ("FTSN dequeuing %u failed\n", 2129 ntohs(dc->sdh_ssn))); 2130 return; 2131 } 2132 } else { 2133 sctp->sctp_rxqueued -= dlen; 2134 ASSERT(dmp->b_prev == NULL); 2135 dmp->b_next = NULL; 2136 freemsg(dmp); 2137 } 2138 instr->istr_nmsgs--; 2139 instr->nextseq++; 2140 sctp->sctp_istr_nmsgs--; 2141 if (next != NULL) 2142 next->b_prev = NULL; 2143 instr->istr_msgs = next; 2144 } 2145 ftsn_entry++; 2146 remaining -= sizeof (*ftsn_entry); 2147 } 2148 /* Duplicate FTSN */ 2149 if (*ftsn <= (sctp->sctp_ftsn - 1)) { 2150 sctp->sctp_force_sack = 1; 2151 return; 2152 } 2153 /* Advance cum TSN to that reported in the Forward TSN chunk */ 2154 sctp->sctp_ftsn = *ftsn + 1; 2155 2156 /* Remove all the SACK gaps before the new cum TSN */ 2157 if (sctp->sctp_sack_info != NULL) { 2158 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 2159 &sctp->sctp_sack_gaps); 2160 } 2161 /* 2162 * If there are gap reports pending, check if advancing 2163 * the ftsn here closes a gap. If so, we can advance 2164 * ftsn to the end of the set. 2165 * If ftsn has moved forward, maybe we can remove gap reports. 2166 */ 2167 if (sctp->sctp_sack_info != NULL && 2168 sctp->sctp_ftsn == sctp->sctp_sack_info->begin) { 2169 sctp->sctp_ftsn = sctp->sctp_sack_info->end + 1; 2170 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 2171 &sctp->sctp_sack_gaps); 2172 } 2173 } 2174 2175 /* 2176 * When we have processed a SACK we check to see if we can advance the 2177 * cumulative TSN if there are abandoned chunks immediately following 2178 * the updated cumulative TSN. If there are, we attempt to send a 2179 * Forward TSN chunk. 2180 */ 2181 static void 2182 sctp_check_abandoned_data(sctp_t *sctp, sctp_faddr_t *fp) 2183 { 2184 mblk_t *meta = sctp->sctp_xmit_head; 2185 mblk_t *mp; 2186 mblk_t *nmp; 2187 uint32_t seglen; 2188 uint32_t adv_pap = sctp->sctp_adv_pap; 2189 2190 /* 2191 * We only check in the first meta since otherwise we can't 2192 * advance the cumulative ack point. We just look for chunks 2193 * marked for retransmission, else we might prematurely 2194 * send an FTSN for a sent, but unacked, chunk. 2195 */ 2196 for (mp = meta->b_cont; mp != NULL; mp = mp->b_next) { 2197 if (!SCTP_CHUNK_ISSENT(mp)) 2198 return; 2199 if (SCTP_CHUNK_WANT_REXMIT(mp)) 2200 break; 2201 } 2202 if (mp == NULL) 2203 return; 2204 sctp_check_adv_ack_pt(sctp, meta, mp); 2205 if (SEQ_GT(sctp->sctp_adv_pap, adv_pap)) { 2206 sctp_make_ftsns(sctp, meta, mp, &nmp, fp, &seglen); 2207 if (nmp == NULL) { 2208 sctp->sctp_adv_pap = adv_pap; 2209 if (!fp->timer_running) 2210 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->rto); 2211 return; 2212 } 2213 sctp_set_iplen(sctp, nmp); 2214 sctp_add_sendq(sctp, nmp); 2215 if (!fp->timer_running) 2216 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->rto); 2217 } 2218 } 2219 2220 /* 2221 * The processing here follows the same logic in sctp_got_sack(), the reason 2222 * we do this separately is because, usually, gap blocks are ordered and 2223 * we can process it in sctp_got_sack(). However if they aren't we would 2224 * need to do some additional non-optimal stuff when we start processing the 2225 * unordered gaps. To that effect sctp_got_sack() does the processing in the 2226 * simple case and this does the same in the more involved case. 2227 */ 2228 static uint32_t 2229 sctp_process_uo_gaps(sctp_t *sctp, uint32_t ctsn, sctp_sack_frag_t *ssf, 2230 int num_gaps, mblk_t *umphead, mblk_t *mphead, int *trysend, 2231 boolean_t *fast_recovery, uint32_t fr_xtsn) 2232 { 2233 uint32_t xtsn; 2234 uint32_t gapstart = 0; 2235 uint32_t gapend = 0; 2236 int gapcnt; 2237 uint16_t chunklen; 2238 sctp_data_hdr_t *sdc; 2239 int gstart; 2240 mblk_t *ump = umphead; 2241 mblk_t *mp = mphead; 2242 sctp_faddr_t *fp; 2243 uint32_t acked = 0; 2244 2245 /* 2246 * gstart tracks the last (in the order of TSN) gapstart that 2247 * we process in this SACK gaps walk. 2248 */ 2249 gstart = ctsn; 2250 2251 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2252 xtsn = ntohl(sdc->sdh_tsn); 2253 for (gapcnt = 0; gapcnt < num_gaps; gapcnt++, ssf++) { 2254 if (gapstart != 0) { 2255 /* 2256 * If we have reached the end of the transmit list or 2257 * hit an unsent chunk or encountered an unordered gap 2258 * block start from the ctsn again. 2259 */ 2260 if (ump == NULL || !SCTP_CHUNK_ISSENT(mp) || 2261 SEQ_LT(ctsn + ntohs(ssf->ssf_start), xtsn)) { 2262 ump = umphead; 2263 mp = mphead; 2264 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2265 xtsn = ntohl(sdc->sdh_tsn); 2266 } 2267 } 2268 2269 gapstart = ctsn + ntohs(ssf->ssf_start); 2270 gapend = ctsn + ntohs(ssf->ssf_end); 2271 2272 /* SACK for TSN we have not sent - ABORT */ 2273 if (SEQ_GT(gapstart, sctp->sctp_ltsn - 1) || 2274 SEQ_GT(gapend, sctp->sctp_ltsn - 1)) { 2275 BUMP_MIB(&sctp_mib, sctpInAckUnsent); 2276 *trysend = -1; 2277 return (acked); 2278 } else if (SEQ_LT(gapend, gapstart)) { 2279 break; 2280 } 2281 /* 2282 * The xtsn can be the TSN processed for the last gap 2283 * (gapend) or it could be the cumulative TSN. We continue 2284 * with the last xtsn as long as the gaps are ordered, when 2285 * we hit an unordered gap, we re-start from the cumulative 2286 * TSN. For the first gap it is always the cumulative TSN. 2287 */ 2288 while (xtsn != gapstart) { 2289 /* 2290 * We can't reliably check for reneged chunks 2291 * when walking the unordered list, so we don't. 2292 * In case the peer reneges then we will end up 2293 * sending the reneged chunk via timeout. 2294 */ 2295 mp = mp->b_next; 2296 if (mp == NULL) { 2297 ump = ump->b_next; 2298 /* 2299 * ump can't be NULL because of the sanity 2300 * check above. 2301 */ 2302 ASSERT(ump != NULL); 2303 mp = ump->b_cont; 2304 } 2305 /* 2306 * mp can't be unsent because of the sanity check 2307 * above. 2308 */ 2309 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2310 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2311 xtsn = ntohl(sdc->sdh_tsn); 2312 } 2313 /* 2314 * Now that we have found the chunk with TSN == 'gapstart', 2315 * let's walk till we hit the chunk with TSN == 'gapend'. 2316 * All intermediate chunks will be marked ACKED, if they 2317 * haven't already been. 2318 */ 2319 while (SEQ_LEQ(xtsn, gapend)) { 2320 /* 2321 * SACKed 2322 */ 2323 SCTP_CHUNK_SET_SACKCNT(mp, 0); 2324 if (!SCTP_CHUNK_ISACKED(mp)) { 2325 SCTP_CHUNK_ACKED(mp); 2326 2327 fp = SCTP_CHUNK_DEST(mp); 2328 chunklen = ntohs(sdc->sdh_len); 2329 ASSERT(fp->suna >= chunklen); 2330 fp->suna -= chunklen; 2331 if (fp->suna == 0) { 2332 /* All outstanding data acked. */ 2333 fp->pba = 0; 2334 SCTP_FADDR_TIMER_STOP(fp); 2335 } 2336 fp->acked += chunklen; 2337 acked += chunklen; 2338 sctp->sctp_unacked -= chunklen - sizeof (*sdc); 2339 ASSERT(sctp->sctp_unacked >= 0); 2340 } 2341 /* 2342 * Move to the next message in the transmit list 2343 * if we are done with all the chunks from the current 2344 * message. Note, it is possible to hit the end of the 2345 * transmit list here, i.e. if we have already completed 2346 * processing the gap block. 2347 */ 2348 mp = mp->b_next; 2349 if (mp == NULL) { 2350 ump = ump->b_next; 2351 if (ump == NULL) { 2352 ASSERT(xtsn == gapend); 2353 break; 2354 } 2355 mp = ump->b_cont; 2356 } 2357 /* 2358 * Likewise, we can hit an unsent chunk once we have 2359 * completed processing the gap block. 2360 */ 2361 if (!SCTP_CHUNK_ISSENT(mp)) { 2362 ASSERT(xtsn == gapend); 2363 break; 2364 } 2365 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2366 xtsn = ntohl(sdc->sdh_tsn); 2367 } 2368 /* 2369 * We keep track of the last gap we successfully processed 2370 * so that we can terminate the walk below for incrementing 2371 * the SACK count. 2372 */ 2373 if (SEQ_LT(gstart, gapstart)) 2374 gstart = gapstart; 2375 } 2376 /* 2377 * Check if have incremented the SACK count for all unacked TSNs in 2378 * sctp_got_sack(), if so we are done. 2379 */ 2380 if (SEQ_LEQ(gstart, fr_xtsn)) 2381 return (acked); 2382 2383 ump = umphead; 2384 mp = mphead; 2385 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2386 xtsn = ntohl(sdc->sdh_tsn); 2387 while (SEQ_LT(xtsn, gstart)) { 2388 /* 2389 * We have incremented SACK count for TSNs less than fr_tsn 2390 * in sctp_got_sack(), so don't increment them again here. 2391 */ 2392 if (SEQ_GT(xtsn, fr_xtsn) && !SCTP_CHUNK_ISACKED(mp)) { 2393 SCTP_CHUNK_SET_SACKCNT(mp, SCTP_CHUNK_SACKCNT(mp) + 1); 2394 if (SCTP_CHUNK_SACKCNT(mp) == sctp_fast_rxt_thresh) { 2395 SCTP_CHUNK_REXMIT(mp); 2396 sctp->sctp_chk_fast_rexmit = B_TRUE; 2397 *trysend = 1; 2398 if (!*fast_recovery) { 2399 /* 2400 * Entering fast recovery. 2401 */ 2402 fp = SCTP_CHUNK_DEST(mp); 2403 fp->ssthresh = fp->cwnd / 2; 2404 if (fp->ssthresh < 2 * fp->sfa_pmss) { 2405 fp->ssthresh = 2406 2 * fp->sfa_pmss; 2407 } 2408 fp->cwnd = fp->ssthresh; 2409 fp->pba = 0; 2410 sctp->sctp_recovery_tsn = 2411 sctp->sctp_ltsn - 1; 2412 *fast_recovery = B_TRUE; 2413 } 2414 } 2415 } 2416 mp = mp->b_next; 2417 if (mp == NULL) { 2418 ump = ump->b_next; 2419 /* We can't get to the end of the transmit list here */ 2420 ASSERT(ump != NULL); 2421 mp = ump->b_cont; 2422 } 2423 /* We can't hit an unsent chunk here */ 2424 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2425 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2426 xtsn = ntohl(sdc->sdh_tsn); 2427 } 2428 return (acked); 2429 } 2430 2431 static int 2432 sctp_got_sack(sctp_t *sctp, sctp_chunk_hdr_t *sch) 2433 { 2434 sctp_sack_chunk_t *sc; 2435 sctp_data_hdr_t *sdc; 2436 sctp_sack_frag_t *ssf; 2437 mblk_t *ump; 2438 mblk_t *mp; 2439 mblk_t *mp1; 2440 uint32_t cumtsn; 2441 uint32_t xtsn; 2442 uint32_t gapstart = 0; 2443 uint32_t gapend = 0; 2444 uint32_t acked = 0; 2445 uint16_t chunklen; 2446 sctp_faddr_t *fp; 2447 int num_gaps; 2448 int trysend = 0; 2449 int i; 2450 boolean_t fast_recovery = B_FALSE; 2451 boolean_t cumack_forward = B_FALSE; 2452 boolean_t fwd_tsn = B_FALSE; 2453 2454 BUMP_LOCAL(sctp->sctp_ibchunks); 2455 chunklen = ntohs(sch->sch_len); 2456 if (chunklen < (sizeof (*sch) + sizeof (*sc))) 2457 return (0); 2458 2459 sc = (sctp_sack_chunk_t *)(sch + 1); 2460 cumtsn = ntohl(sc->ssc_cumtsn); 2461 2462 dprint(2, ("got sack cumtsn %x -> %x\n", sctp->sctp_lastack_rxd, 2463 cumtsn)); 2464 2465 /* out of order */ 2466 if (SEQ_LT(cumtsn, sctp->sctp_lastack_rxd)) 2467 return (0); 2468 2469 if (SEQ_GT(cumtsn, sctp->sctp_ltsn - 1)) { 2470 BUMP_MIB(&sctp_mib, sctpInAckUnsent); 2471 /* Send an ABORT */ 2472 return (-1); 2473 } 2474 2475 /* 2476 * Cwnd only done when not in fast recovery mode. 2477 */ 2478 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_recovery_tsn)) 2479 fast_recovery = B_TRUE; 2480 2481 /* 2482 * .. and if the cum TSN is not moving ahead on account Forward TSN 2483 */ 2484 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_adv_pap)) 2485 fwd_tsn = B_TRUE; 2486 2487 if (cumtsn == sctp->sctp_lastack_rxd && 2488 (sctp->sctp_xmit_unacked == NULL || 2489 !SCTP_CHUNK_ABANDONED(sctp->sctp_xmit_unacked))) { 2490 if (sctp->sctp_xmit_unacked != NULL) 2491 mp = sctp->sctp_xmit_unacked; 2492 else if (sctp->sctp_xmit_head != NULL) 2493 mp = sctp->sctp_xmit_head->b_cont; 2494 else 2495 mp = NULL; 2496 BUMP_MIB(&sctp_mib, sctpInDupAck); 2497 /* 2498 * If we were doing a zero win probe and the win 2499 * has now opened to at least MSS, re-transmit the 2500 * zero win probe via sctp_rexmit_packet(). 2501 */ 2502 if (mp != NULL && sctp->sctp_zero_win_probe && 2503 ntohl(sc->ssc_a_rwnd) >= sctp->sctp_current->sfa_pmss) { 2504 mblk_t *pkt; 2505 uint_t pkt_len; 2506 mblk_t *mp1 = mp; 2507 mblk_t *meta = sctp->sctp_xmit_head; 2508 2509 /* 2510 * Reset the RTO since we have been backing-off 2511 * to send the ZWP. 2512 */ 2513 fp = sctp->sctp_current; 2514 fp->rto = fp->srtt + 4 * fp->rttvar; 2515 /* Resend the ZWP */ 2516 pkt = sctp_rexmit_packet(sctp, &meta, &mp1, fp, 2517 &pkt_len); 2518 if (pkt == NULL) { 2519 SCTP_KSTAT(sctp_ss_rexmit_failed); 2520 return (0); 2521 } 2522 ASSERT(pkt_len <= fp->sfa_pmss); 2523 sctp->sctp_zero_win_probe = B_FALSE; 2524 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn; 2525 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn; 2526 sctp_set_iplen(sctp, pkt); 2527 sctp_add_sendq(sctp, pkt); 2528 } 2529 } else { 2530 if (sctp->sctp_zero_win_probe) { 2531 /* 2532 * Reset the RTO since we have been backing-off 2533 * to send the ZWP. 2534 */ 2535 fp = sctp->sctp_current; 2536 fp->rto = fp->srtt + 4 * fp->rttvar; 2537 sctp->sctp_zero_win_probe = B_FALSE; 2538 /* This is probably not required */ 2539 if (!sctp->sctp_rexmitting) { 2540 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn; 2541 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn; 2542 } 2543 } 2544 acked = sctp_cumack(sctp, cumtsn, &mp); 2545 sctp->sctp_xmit_unacked = mp; 2546 if (acked > 0) { 2547 trysend = 1; 2548 cumack_forward = B_TRUE; 2549 if (fwd_tsn && SEQ_GEQ(sctp->sctp_lastack_rxd, 2550 sctp->sctp_adv_pap)) { 2551 cumack_forward = B_FALSE; 2552 } 2553 } 2554 } 2555 num_gaps = ntohs(sc->ssc_numfrags); 2556 if (num_gaps == 0 || mp == NULL || !SCTP_CHUNK_ISSENT(mp) || 2557 chunklen < (sizeof (*sch) + sizeof (*sc) + 2558 num_gaps * sizeof (*ssf))) { 2559 goto ret; 2560 } 2561 #ifdef DEBUG 2562 /* 2563 * Since we delete any message that has been acked completely, 2564 * the unacked chunk must belong to sctp_xmit_head (as 2565 * we don't have a back pointer from the mp to the meta data 2566 * we do this). 2567 */ 2568 { 2569 mblk_t *mp2 = sctp->sctp_xmit_head->b_cont; 2570 2571 while (mp2 != NULL) { 2572 if (mp2 == mp) 2573 break; 2574 mp2 = mp2->b_next; 2575 } 2576 ASSERT(mp2 != NULL); 2577 } 2578 #endif 2579 ump = sctp->sctp_xmit_head; 2580 2581 /* 2582 * Just remember where we started from, in case we need to call 2583 * sctp_process_uo_gaps() if the gap blocks are unordered. 2584 */ 2585 mp1 = mp; 2586 2587 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2588 xtsn = ntohl(sdc->sdh_tsn); 2589 ASSERT(xtsn == cumtsn + 1); 2590 2591 /* 2592 * Go through SACK gaps. They are ordered based on start TSN. 2593 */ 2594 ssf = (sctp_sack_frag_t *)(sc + 1); 2595 for (i = 0; i < num_gaps; i++, ssf++) { 2596 if (gapstart != 0) { 2597 /* check for unordered gap */ 2598 if (SEQ_LEQ(cumtsn + ntohs(ssf->ssf_start), gapstart)) { 2599 acked += sctp_process_uo_gaps(sctp, 2600 cumtsn, ssf, num_gaps - i, 2601 sctp->sctp_xmit_head, mp1, 2602 &trysend, &fast_recovery, gapstart); 2603 if (trysend < 0) { 2604 BUMP_MIB(&sctp_mib, sctpInAckUnsent); 2605 return (-1); 2606 } 2607 break; 2608 } 2609 } 2610 gapstart = cumtsn + ntohs(ssf->ssf_start); 2611 gapend = cumtsn + ntohs(ssf->ssf_end); 2612 2613 /* SACK for TSN we have not sent - ABORT */ 2614 if (SEQ_GT(gapstart, sctp->sctp_ltsn - 1) || 2615 SEQ_GT(gapend, sctp->sctp_ltsn - 1)) { 2616 BUMP_MIB(&sctp_mib, sctpInAckUnsent); 2617 return (-1); 2618 } else if (SEQ_LT(gapend, gapstart)) { 2619 break; 2620 } 2621 /* 2622 * Let's start at the current TSN (for the 1st gap we start 2623 * from the cumulative TSN, for subsequent ones we start from 2624 * where the previous gapend was found - second while loop 2625 * below) and walk the transmit list till we find the TSN 2626 * corresponding to gapstart. All the unacked chunks till we 2627 * get to the chunk with TSN == gapstart will have their 2628 * SACKCNT incremented by 1. Note since the gap blocks are 2629 * ordered, we won't be incrementing the SACKCNT for an 2630 * unacked chunk by more than one while processing the gap 2631 * blocks. If the SACKCNT for any unacked chunk exceeds 2632 * the fast retransmit threshold, we will fast retransmit 2633 * after processing all the gap blocks. 2634 */ 2635 ASSERT(SEQ_LT(xtsn, gapstart)); 2636 while (xtsn != gapstart) { 2637 SCTP_CHUNK_SET_SACKCNT(mp, SCTP_CHUNK_SACKCNT(mp) + 1); 2638 if (SCTP_CHUNK_SACKCNT(mp) == sctp_fast_rxt_thresh) { 2639 SCTP_CHUNK_REXMIT(mp); 2640 sctp->sctp_chk_fast_rexmit = B_TRUE; 2641 trysend = 1; 2642 if (!fast_recovery) { 2643 /* 2644 * Entering fast recovery. 2645 */ 2646 fp = SCTP_CHUNK_DEST(mp); 2647 fp->ssthresh = fp->cwnd / 2; 2648 if (fp->ssthresh < 2 * fp->sfa_pmss) { 2649 fp->ssthresh = 2650 2 * fp->sfa_pmss; 2651 } 2652 fp->cwnd = fp->ssthresh; 2653 fp->pba = 0; 2654 sctp->sctp_recovery_tsn = 2655 sctp->sctp_ltsn - 1; 2656 fast_recovery = B_TRUE; 2657 } 2658 } 2659 2660 /* 2661 * Peer may have reneged on this chunk, so un-sack 2662 * it now. If the peer did renege, we need to 2663 * readjust unacked. 2664 */ 2665 if (SCTP_CHUNK_ISACKED(mp)) { 2666 chunklen = ntohs(sdc->sdh_len); 2667 fp = SCTP_CHUNK_DEST(mp); 2668 fp->suna += chunklen; 2669 sctp->sctp_unacked += chunklen - sizeof (*sdc); 2670 SCTP_CHUNK_CLEAR_ACKED(mp); 2671 if (!fp->timer_running) { 2672 SCTP_FADDR_TIMER_RESTART(sctp, fp, 2673 fp->rto); 2674 } 2675 } 2676 2677 mp = mp->b_next; 2678 if (mp == NULL) { 2679 ump = ump->b_next; 2680 /* 2681 * ump can't be NULL given the sanity check 2682 * above. 2683 */ 2684 ASSERT(ump != NULL); 2685 mp = ump->b_cont; 2686 } 2687 /* 2688 * mp can't be unsent given the sanity check above. 2689 */ 2690 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2691 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2692 xtsn = ntohl(sdc->sdh_tsn); 2693 } 2694 /* 2695 * Now that we have found the chunk with TSN == 'gapstart', 2696 * let's walk till we hit the chunk with TSN == 'gapend'. 2697 * All intermediate chunks will be marked ACKED, if they 2698 * haven't already been. 2699 */ 2700 while (SEQ_LEQ(xtsn, gapend)) { 2701 /* 2702 * SACKed 2703 */ 2704 SCTP_CHUNK_SET_SACKCNT(mp, 0); 2705 if (!SCTP_CHUNK_ISACKED(mp)) { 2706 SCTP_CHUNK_ACKED(mp); 2707 2708 fp = SCTP_CHUNK_DEST(mp); 2709 chunklen = ntohs(sdc->sdh_len); 2710 ASSERT(fp->suna >= chunklen); 2711 fp->suna -= chunklen; 2712 if (fp->suna == 0) { 2713 /* All outstanding data acked. */ 2714 fp->pba = 0; 2715 SCTP_FADDR_TIMER_STOP(fp); 2716 } 2717 fp->acked += chunklen; 2718 acked += chunklen; 2719 sctp->sctp_unacked -= chunklen - sizeof (*sdc); 2720 ASSERT(sctp->sctp_unacked >= 0); 2721 } 2722 /* Go to the next chunk of the current message */ 2723 mp = mp->b_next; 2724 /* 2725 * Move to the next message in the transmit list 2726 * if we are done with all the chunks from the current 2727 * message. Note, it is possible to hit the end of the 2728 * transmit list here, i.e. if we have already completed 2729 * processing the gap block. 2730 * Also, note that we break here, which means we 2731 * continue processing gap blocks, if any. In case of 2732 * ordered gap blocks there can't be any following 2733 * this (if there is it will fail the sanity check 2734 * above). In case of un-ordered gap blocks we will 2735 * switch to sctp_process_uo_gaps(). In either case 2736 * it should be fine to continue with NULL ump/mp, 2737 * but we just reset it to xmit_head. 2738 */ 2739 if (mp == NULL) { 2740 ump = ump->b_next; 2741 if (ump == NULL) { 2742 ASSERT(xtsn == gapend); 2743 ump = sctp->sctp_xmit_head; 2744 mp = mp1; 2745 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2746 xtsn = ntohl(sdc->sdh_tsn); 2747 break; 2748 } 2749 mp = ump->b_cont; 2750 } 2751 /* 2752 * Likewise, we could hit an unsent chunk once we have 2753 * completed processing the gap block. Again, it is 2754 * fine to continue processing gap blocks with mp 2755 * pointing to the unsent chunk, because if there 2756 * are more ordered gap blocks, they will fail the 2757 * sanity check, and if there are un-ordered gap blocks, 2758 * we will continue processing in sctp_process_uo_gaps() 2759 * We just reset the mp to the one we started with. 2760 */ 2761 if (!SCTP_CHUNK_ISSENT(mp)) { 2762 ASSERT(xtsn == gapend); 2763 ump = sctp->sctp_xmit_head; 2764 mp = mp1; 2765 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2766 xtsn = ntohl(sdc->sdh_tsn); 2767 break; 2768 } 2769 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2770 xtsn = ntohl(sdc->sdh_tsn); 2771 } 2772 } 2773 if (sctp->sctp_prsctp_aware) 2774 sctp_check_abandoned_data(sctp, sctp->sctp_current); 2775 if (sctp->sctp_chk_fast_rexmit) 2776 sctp_fast_rexmit(sctp); 2777 ret: 2778 trysend += sctp_set_frwnd(sctp, ntohl(sc->ssc_a_rwnd)); 2779 2780 /* 2781 * If receive window is closed while there is unsent data, 2782 * set a timer for doing zero window probes. 2783 */ 2784 if (sctp->sctp_frwnd == 0 && sctp->sctp_unacked == 0 && 2785 sctp->sctp_unsent != 0) { 2786 SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current, 2787 sctp->sctp_current->rto); 2788 } 2789 2790 /* 2791 * Set cwnd for all destinations. 2792 * Congestion window gets increased only when cumulative 2793 * TSN moves forward, we're not in fast recovery, and 2794 * cwnd has been fully utilized (almost fully, need to allow 2795 * some leeway due to non-MSS sized messages). 2796 */ 2797 if (sctp->sctp_current->acked == acked) { 2798 /* 2799 * Fast-path, only data sent to sctp_current got acked. 2800 */ 2801 fp = sctp->sctp_current; 2802 if (cumack_forward && !fast_recovery && 2803 (fp->acked + fp->suna > fp->cwnd - fp->sfa_pmss)) { 2804 if (fp->cwnd < fp->ssthresh) { 2805 /* 2806 * Slow start 2807 */ 2808 if (fp->acked > fp->sfa_pmss) { 2809 fp->cwnd += fp->sfa_pmss; 2810 } else { 2811 fp->cwnd += fp->acked; 2812 } 2813 fp->cwnd = MIN(fp->cwnd, sctp->sctp_cwnd_max); 2814 } else { 2815 /* 2816 * Congestion avoidance 2817 */ 2818 fp->pba += fp->acked; 2819 if (fp->pba >= fp->cwnd) { 2820 fp->pba -= fp->cwnd; 2821 fp->cwnd += fp->sfa_pmss; 2822 fp->cwnd = MIN(fp->cwnd, 2823 sctp->sctp_cwnd_max); 2824 } 2825 } 2826 } 2827 /* 2828 * Limit the burst of transmitted data segments. 2829 */ 2830 if (fp->suna + sctp_maxburst * fp->sfa_pmss < fp->cwnd) { 2831 fp->cwnd = fp->suna + sctp_maxburst * fp->sfa_pmss; 2832 } 2833 fp->acked = 0; 2834 goto check_ss_rxmit; 2835 } 2836 for (fp = sctp->sctp_faddrs; fp != NULL; fp = fp->next) { 2837 if (cumack_forward && fp->acked && !fast_recovery && 2838 (fp->acked + fp->suna > fp->cwnd - fp->sfa_pmss)) { 2839 if (fp->cwnd < fp->ssthresh) { 2840 if (fp->acked > fp->sfa_pmss) { 2841 fp->cwnd += fp->sfa_pmss; 2842 } else { 2843 fp->cwnd += fp->acked; 2844 } 2845 fp->cwnd = MIN(fp->cwnd, sctp->sctp_cwnd_max); 2846 } else { 2847 fp->pba += fp->acked; 2848 if (fp->pba >= fp->cwnd) { 2849 fp->pba -= fp->cwnd; 2850 fp->cwnd += fp->sfa_pmss; 2851 fp->cwnd = MIN(fp->cwnd, 2852 sctp->sctp_cwnd_max); 2853 } 2854 } 2855 } 2856 if (fp->suna + sctp_maxburst * fp->sfa_pmss < fp->cwnd) { 2857 fp->cwnd = fp->suna + sctp_maxburst * fp->sfa_pmss; 2858 } 2859 fp->acked = 0; 2860 } 2861 check_ss_rxmit: 2862 /* 2863 * If this is a SACK following a timeout, check if there are 2864 * still unacked chunks (sent before the timeout) that we can 2865 * send. 2866 */ 2867 if (sctp->sctp_rexmitting) { 2868 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_rxt_maxtsn)) { 2869 /* 2870 * As we are in retransmission phase, we may get a 2871 * SACK which indicates some new chunks are received 2872 * but cum_tsn does not advance. During this 2873 * phase, the other side advances cum_tsn only because 2874 * it receives our retransmitted chunks. Only 2875 * this signals that some chunks are still 2876 * missing. 2877 */ 2878 if (cumack_forward) 2879 sctp_ss_rexmit(sctp); 2880 } else { 2881 sctp->sctp_rexmitting = B_FALSE; 2882 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn; 2883 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn; 2884 } 2885 } 2886 return (trysend); 2887 } 2888 2889 /* 2890 * Returns 0 if the caller should stop processing any more chunks, 2891 * 1 if the caller should skip this chunk and continue processing. 2892 */ 2893 static int 2894 sctp_strange_chunk(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp) 2895 { 2896 mblk_t *errmp; 2897 size_t len; 2898 2899 BUMP_LOCAL(sctp->sctp_ibchunks); 2900 /* check top two bits for action required */ 2901 if (ch->sch_id & 0x40) { /* also matches 0xc0 */ 2902 len = ntohs(ch->sch_len); 2903 errmp = sctp_make_err(sctp, SCTP_ERR_UNREC_CHUNK, ch, len); 2904 if (errmp != NULL) 2905 sctp_send_err(sctp, errmp, fp); 2906 if ((ch->sch_id & 0xc0) == 0xc0) { 2907 /* skip and continue */ 2908 return (1); 2909 } else { 2910 /* stop processing */ 2911 return (0); 2912 } 2913 } 2914 if (ch->sch_id & 0x80) { 2915 /* skip and continue, no error */ 2916 return (1); 2917 } 2918 /* top two bits are clear; stop processing and no error */ 2919 return (0); 2920 } 2921 2922 /* 2923 * Basic sanity checks on all input chunks and parameters: they must 2924 * be of legitimate size for their purported type, and must follow 2925 * ordering conventions as defined in rfc2960. 2926 * 2927 * Returns 1 if the chunk and all encloded params are legitimate, 2928 * 0 otherwise. 2929 */ 2930 /*ARGSUSED*/ 2931 static int 2932 sctp_check_input(sctp_t *sctp, sctp_chunk_hdr_t *ch, ssize_t len, int first) 2933 { 2934 sctp_parm_hdr_t *ph; 2935 void *p = NULL; 2936 ssize_t clen; 2937 uint16_t ch_len; 2938 2939 ch_len = ntohs(ch->sch_len); 2940 if (ch_len > len) { 2941 return (0); 2942 } 2943 2944 switch (ch->sch_id) { 2945 case CHUNK_DATA: 2946 if (ch_len < sizeof (sctp_data_hdr_t)) { 2947 return (0); 2948 } 2949 return (1); 2950 case CHUNK_INIT: 2951 case CHUNK_INIT_ACK: 2952 { 2953 ssize_t remlen = len; 2954 2955 /* 2956 * INIT and INIT-ACK chunks must not be bundled with 2957 * any other. 2958 */ 2959 if (!first || sctp_next_chunk(ch, &remlen) != NULL || 2960 (ch_len < (sizeof (*ch) + 2961 sizeof (sctp_init_chunk_t)))) { 2962 return (0); 2963 } 2964 /* may have params that need checking */ 2965 p = (char *)(ch + 1) + sizeof (sctp_init_chunk_t); 2966 clen = ch_len - (sizeof (*ch) + 2967 sizeof (sctp_init_chunk_t)); 2968 } 2969 break; 2970 case CHUNK_SACK: 2971 if (ch_len < (sizeof (*ch) + sizeof (sctp_sack_chunk_t))) { 2972 return (0); 2973 } 2974 /* dup and gap reports checked by got_sack() */ 2975 return (1); 2976 case CHUNK_SHUTDOWN: 2977 if (ch_len < (sizeof (*ch) + sizeof (uint32_t))) { 2978 return (0); 2979 } 2980 return (1); 2981 case CHUNK_ABORT: 2982 case CHUNK_ERROR: 2983 if (ch_len < sizeof (*ch)) { 2984 return (0); 2985 } 2986 /* may have params that need checking */ 2987 p = ch + 1; 2988 clen = ch_len - sizeof (*ch); 2989 break; 2990 case CHUNK_ECNE: 2991 case CHUNK_CWR: 2992 case CHUNK_HEARTBEAT: 2993 case CHUNK_HEARTBEAT_ACK: 2994 /* Full ASCONF chunk and parameter checks are in asconf.c */ 2995 case CHUNK_ASCONF: 2996 case CHUNK_ASCONF_ACK: 2997 if (ch_len < sizeof (*ch)) { 2998 return (0); 2999 } 3000 /* heartbeat data checked by process_heartbeat() */ 3001 return (1); 3002 case CHUNK_SHUTDOWN_COMPLETE: 3003 { 3004 ssize_t remlen = len; 3005 3006 /* 3007 * SHUTDOWN-COMPLETE chunk must not be bundled with any 3008 * other 3009 */ 3010 if (!first || sctp_next_chunk(ch, &remlen) != NULL || 3011 ch_len < sizeof (*ch)) { 3012 return (0); 3013 } 3014 } 3015 return (1); 3016 case CHUNK_COOKIE: 3017 case CHUNK_COOKIE_ACK: 3018 case CHUNK_SHUTDOWN_ACK: 3019 if (ch_len < sizeof (*ch) || !first) { 3020 return (0); 3021 } 3022 return (1); 3023 case CHUNK_FORWARD_TSN: 3024 if (ch_len < (sizeof (*ch) + sizeof (uint32_t))) 3025 return (0); 3026 return (1); 3027 default: 3028 return (1); /* handled by strange_chunk() */ 3029 } 3030 3031 /* check and byteorder parameters */ 3032 if (clen <= 0) { 3033 return (1); 3034 } 3035 ASSERT(p != NULL); 3036 3037 ph = p; 3038 while (ph != NULL && clen > 0) { 3039 ch_len = ntohs(ph->sph_len); 3040 if (ch_len > len || ch_len < sizeof (*ph)) { 3041 return (0); 3042 } 3043 ph = sctp_next_parm(ph, &clen); 3044 } 3045 3046 /* All OK */ 3047 return (1); 3048 } 3049 3050 /* ARGSUSED */ 3051 static sctp_hdr_t * 3052 find_sctp_hdrs(mblk_t *mp, in6_addr_t *src, in6_addr_t *dst, 3053 uint_t *ifindex, uint_t *ip_hdr_len, ip6_pkt_t *ipp, in_pktinfo_t *pinfo) 3054 { 3055 uchar_t *rptr; 3056 ipha_t *ip4h; 3057 ip6_t *ip6h; 3058 mblk_t *mp1; 3059 3060 rptr = mp->b_rptr; 3061 if (IPH_HDR_VERSION(rptr) == IPV4_VERSION) { 3062 *ip_hdr_len = IPH_HDR_LENGTH(rptr); 3063 ip4h = (ipha_t *)rptr; 3064 IN6_IPADDR_TO_V4MAPPED(ip4h->ipha_src, src); 3065 IN6_IPADDR_TO_V4MAPPED(ip4h->ipha_dst, dst); 3066 3067 ipp->ipp_fields |= IPPF_HOPLIMIT; 3068 ipp->ipp_hoplimit = ((ipha_t *)rptr)->ipha_ttl; 3069 if (pinfo != NULL && (pinfo->in_pkt_flags & IPF_RECVIF)) { 3070 ipp->ipp_fields |= IPPF_IFINDEX; 3071 ipp->ipp_ifindex = pinfo->in_pkt_ifindex; 3072 } 3073 } else { 3074 ASSERT(IPH_HDR_VERSION(rptr) == IPV6_VERSION); 3075 ip6h = (ip6_t *)rptr; 3076 ipp->ipp_fields = IPPF_HOPLIMIT; 3077 ipp->ipp_hoplimit = ip6h->ip6_hops; 3078 3079 if (ip6h->ip6_nxt != IPPROTO_SCTP) { 3080 /* Look for ifindex information */ 3081 if (ip6h->ip6_nxt == IPPROTO_RAW) { 3082 ip6i_t *ip6i = (ip6i_t *)ip6h; 3083 3084 if (ip6i->ip6i_flags & IP6I_IFINDEX) { 3085 ASSERT(ip6i->ip6i_ifindex != 0); 3086 ipp->ipp_fields |= IPPF_IFINDEX; 3087 ipp->ipp_ifindex = ip6i->ip6i_ifindex; 3088 } 3089 rptr = (uchar_t *)&ip6i[1]; 3090 mp->b_rptr = rptr; 3091 if (rptr == mp->b_wptr) { 3092 mp1 = mp->b_cont; 3093 freeb(mp); 3094 mp = mp1; 3095 rptr = mp->b_rptr; 3096 } 3097 ASSERT(mp->b_wptr - rptr >= 3098 IPV6_HDR_LEN + sizeof (sctp_hdr_t)); 3099 ip6h = (ip6_t *)rptr; 3100 } 3101 /* 3102 * Find any potentially interesting extension headers 3103 * as well as the length of the IPv6 + extension 3104 * headers. 3105 */ 3106 *ip_hdr_len = ip_find_hdr_v6(mp, ip6h, ipp, NULL); 3107 } else { 3108 *ip_hdr_len = IPV6_HDR_LEN; 3109 } 3110 *src = ip6h->ip6_src; 3111 *dst = ip6h->ip6_dst; 3112 } 3113 ASSERT((uintptr_t)(mp->b_wptr - rptr) <= (uintptr_t)INT_MAX); 3114 return ((sctp_hdr_t *)&rptr[*ip_hdr_len]); 3115 #undef IPVER 3116 } 3117 3118 static mblk_t * 3119 sctp_check_in_policy(mblk_t *mp, mblk_t *ipsec_mp) 3120 { 3121 ipsec_in_t *ii; 3122 boolean_t check = B_TRUE; 3123 boolean_t policy_present; 3124 ipha_t *ipha; 3125 ip6_t *ip6h; 3126 3127 ii = (ipsec_in_t *)ipsec_mp->b_rptr; 3128 ASSERT(ii->ipsec_in_type == IPSEC_IN); 3129 if (ii->ipsec_in_dont_check) { 3130 check = B_FALSE; 3131 if (!ii->ipsec_in_secure) { 3132 freeb(ipsec_mp); 3133 ipsec_mp = NULL; 3134 } 3135 } 3136 if (IPH_HDR_VERSION(mp->b_rptr) == IPV4_VERSION) { 3137 policy_present = ipsec_inbound_v4_policy_present; 3138 ipha = (ipha_t *)mp->b_rptr; 3139 ip6h = NULL; 3140 } else { 3141 policy_present = ipsec_inbound_v6_policy_present; 3142 ipha = NULL; 3143 ip6h = (ip6_t *)mp->b_rptr; 3144 } 3145 3146 if (check && policy_present) { 3147 /* 3148 * The conn_t parameter is NULL because we already know 3149 * nobody's home. 3150 */ 3151 ipsec_mp = ipsec_check_global_policy(ipsec_mp, (conn_t *)NULL, 3152 ipha, ip6h, B_TRUE); 3153 if (ipsec_mp == NULL) 3154 return (NULL); 3155 } 3156 if (ipsec_mp != NULL) 3157 freeb(ipsec_mp); 3158 return (mp); 3159 } 3160 3161 /* Handle out-of-the-blue packets */ 3162 void 3163 sctp_ootb_input(mblk_t *mp, ill_t *recv_ill, uint_t ipif_seqid, 3164 zoneid_t zoneid, boolean_t mctl_present) 3165 { 3166 sctp_t *sctp; 3167 sctp_chunk_hdr_t *ch; 3168 sctp_hdr_t *sctph; 3169 in6_addr_t src, dst; 3170 uint_t ip_hdr_len; 3171 uint_t ifindex; 3172 ip6_pkt_t ipp; 3173 ssize_t mlen; 3174 in_pktinfo_t *pinfo = NULL; 3175 mblk_t *first_mp; 3176 3177 BUMP_MIB(&sctp_mib, sctpOutOfBlue); 3178 BUMP_MIB(&sctp_mib, sctpInSCTPPkts); 3179 3180 first_mp = mp; 3181 if (mctl_present) 3182 mp = mp->b_cont; 3183 3184 /* Initiate IPPf processing, if needed. */ 3185 if (IPP_ENABLED(IPP_LOCAL_IN)) { 3186 ip_process(IPP_LOCAL_IN, &mp, 3187 recv_ill->ill_phyint->phyint_ifindex); 3188 if (mp == NULL) { 3189 if (mctl_present) 3190 freeb(first_mp); 3191 return; 3192 } 3193 } 3194 3195 if (mp->b_cont != NULL) { 3196 /* 3197 * All subsequent code is vastly simplified if it can 3198 * assume a single contiguous chunk of data. 3199 */ 3200 if (pullupmsg(mp, -1) == 0) { 3201 BUMP_MIB(&ip_mib, ipInDiscards); 3202 freemsg(first_mp); 3203 return; 3204 } 3205 } 3206 3207 /* 3208 * We don't really need to call this function... Need to 3209 * optimize later. 3210 */ 3211 sctph = find_sctp_hdrs(mp, &src, &dst, &ifindex, &ip_hdr_len, 3212 &ipp, pinfo); 3213 mlen = mp->b_wptr - (uchar_t *)(sctph + 1); 3214 if ((ch = sctp_first_chunk((uchar_t *)(sctph + 1), mlen)) == NULL) { 3215 dprint(3, ("sctp_ootb_input: invalid packet\n")); 3216 BUMP_MIB(&ip_mib, ipInDiscards); 3217 freemsg(first_mp); 3218 return; 3219 } 3220 3221 switch (ch->sch_id) { 3222 case CHUNK_INIT: 3223 /* no listener; send abort */ 3224 if (mctl_present && sctp_check_in_policy(mp, first_mp) == NULL) 3225 return; 3226 sctp_send_abort(gsctp, sctp_init2vtag(ch), 0, 3227 NULL, 0, mp, 0, B_TRUE); 3228 break; 3229 case CHUNK_INIT_ACK: 3230 /* check for changed src addr */ 3231 sctp = sctp_addrlist2sctp(mp, sctph, ch, ipif_seqid, zoneid); 3232 if (sctp != NULL) { 3233 /* success; proceed to normal path */ 3234 mutex_enter(&sctp->sctp_lock); 3235 if (sctp->sctp_running) { 3236 if (!sctp_add_recvq(sctp, mp, B_FALSE)) { 3237 BUMP_MIB(&ip_mib, ipInDiscards); 3238 freemsg(mp); 3239 } 3240 mutex_exit(&sctp->sctp_lock); 3241 } else { 3242 /* 3243 * If the source address is changed, we 3244 * don't need to worry too much about 3245 * out of order processing. So we don't 3246 * check if the recvq is empty or not here. 3247 */ 3248 sctp->sctp_running = B_TRUE; 3249 mutex_exit(&sctp->sctp_lock); 3250 sctp_input_data(sctp, mp, NULL); 3251 WAKE_SCTP(sctp); 3252 sctp_process_sendq(sctp); 3253 } 3254 SCTP_REFRELE(sctp); 3255 return; 3256 } 3257 if (mctl_present) 3258 freeb(first_mp); 3259 /* else bogus init ack; drop it */ 3260 break; 3261 case CHUNK_SHUTDOWN_ACK: 3262 if (mctl_present && sctp_check_in_policy(mp, first_mp) == NULL) 3263 return; 3264 sctp_ootb_shutdown_ack(gsctp, mp, ip_hdr_len); 3265 sctp_process_sendq(gsctp); 3266 return; 3267 case CHUNK_ERROR: 3268 case CHUNK_ABORT: 3269 case CHUNK_COOKIE_ACK: 3270 case CHUNK_SHUTDOWN_COMPLETE: 3271 if (mctl_present) 3272 freeb(first_mp); 3273 break; 3274 default: 3275 if (mctl_present && sctp_check_in_policy(mp, first_mp) == NULL) 3276 return; 3277 sctp_send_abort(gsctp, sctph->sh_verf, 0, NULL, 0, mp, 0, 3278 B_TRUE); 3279 break; 3280 } 3281 sctp_process_sendq(gsctp); 3282 freemsg(mp); 3283 } 3284 3285 void 3286 sctp_input(conn_t *connp, ipha_t *ipha, mblk_t *mp, mblk_t *first_mp, 3287 ill_t *recv_ill, boolean_t isv4, boolean_t mctl_present) 3288 { 3289 sctp_t *sctp = CONN2SCTP(connp); 3290 3291 /* 3292 * We check some fields in conn_t without holding a lock. 3293 * This should be fine. 3294 */ 3295 if (CONN_INBOUND_POLICY_PRESENT(connp) || mctl_present) { 3296 first_mp = ipsec_check_inbound_policy(first_mp, connp, 3297 ipha, NULL, mctl_present); 3298 if (first_mp == NULL) { 3299 SCTP_REFRELE(sctp); 3300 return; 3301 } 3302 } 3303 3304 /* Initiate IPPF processing for fastpath */ 3305 if (IPP_ENABLED(IPP_LOCAL_IN)) { 3306 ip_process(IPP_LOCAL_IN, &mp, 3307 recv_ill->ill_phyint->phyint_ifindex); 3308 if (mp == NULL) { 3309 SCTP_REFRELE(sctp); 3310 if (mctl_present) 3311 freeb(first_mp); 3312 return; 3313 } else if (mctl_present) { 3314 /* 3315 * ip_process might return a new mp. 3316 */ 3317 ASSERT(first_mp != mp); 3318 first_mp->b_cont = mp; 3319 } else { 3320 first_mp = mp; 3321 } 3322 } 3323 3324 if (connp->conn_recvif || connp->conn_recvslla || 3325 connp->conn_ipv6_recvpktinfo) { 3326 int in_flags = 0; 3327 3328 if (connp->conn_recvif || connp->conn_ipv6_recvpktinfo) { 3329 in_flags = IPF_RECVIF; 3330 } 3331 if (connp->conn_recvslla) { 3332 in_flags |= IPF_RECVSLLA; 3333 } 3334 if (isv4) { 3335 mp = ip_add_info(mp, recv_ill, in_flags); 3336 } else { 3337 mp = ip_add_info_v6(mp, recv_ill, 3338 &(((ip6_t *)ipha)->ip6_dst)); 3339 } 3340 if (mp == NULL) { 3341 SCTP_REFRELE(sctp); 3342 if (mctl_present) 3343 freeb(first_mp); 3344 return; 3345 } else if (mctl_present) { 3346 /* 3347 * ip_add_info might return a new mp. 3348 */ 3349 ASSERT(first_mp != mp); 3350 first_mp->b_cont = mp; 3351 } else { 3352 first_mp = mp; 3353 } 3354 } 3355 3356 mutex_enter(&sctp->sctp_lock); 3357 if (sctp->sctp_running) { 3358 if (mctl_present) 3359 mp->b_prev = first_mp; 3360 if (!sctp_add_recvq(sctp, mp, B_FALSE)) { 3361 BUMP_MIB(&ip_mib, ipInDiscards); 3362 freemsg(first_mp); 3363 } 3364 mutex_exit(&sctp->sctp_lock); 3365 SCTP_REFRELE(sctp); 3366 return; 3367 } else { 3368 sctp->sctp_running = B_TRUE; 3369 mutex_exit(&sctp->sctp_lock); 3370 3371 mutex_enter(&sctp->sctp_recvq_lock); 3372 if (sctp->sctp_recvq != NULL) { 3373 if (mctl_present) 3374 mp->b_prev = first_mp; 3375 if (!sctp_add_recvq(sctp, mp, B_TRUE)) { 3376 BUMP_MIB(&ip_mib, ipInDiscards); 3377 freemsg(first_mp); 3378 } 3379 mutex_exit(&sctp->sctp_recvq_lock); 3380 WAKE_SCTP(sctp); 3381 SCTP_REFRELE(sctp); 3382 return; 3383 } 3384 } 3385 mutex_exit(&sctp->sctp_recvq_lock); 3386 sctp_input_data(sctp, mp, (mctl_present ? first_mp : NULL)); 3387 WAKE_SCTP(sctp); 3388 sctp_process_sendq(sctp); 3389 SCTP_REFRELE(sctp); 3390 } 3391 3392 static void 3393 sctp_process_abort(sctp_t *sctp, sctp_chunk_hdr_t *ch, int err) 3394 { 3395 BUMP_MIB(&sctp_mib, sctpAborted); 3396 BUMP_LOCAL(sctp->sctp_ibchunks); 3397 3398 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3399 ntohs(((sctp_parm_hdr_t *)(ch + 1))->sph_type), ch); 3400 sctp_clean_death(sctp, err); 3401 } 3402 3403 void 3404 sctp_input_data(sctp_t *sctp, mblk_t *mp, mblk_t *ipsec_mp) 3405 { 3406 sctp_chunk_hdr_t *ch; 3407 ssize_t mlen; 3408 int gotdata; 3409 int trysend; 3410 sctp_faddr_t *fp; 3411 sctp_init_chunk_t *iack; 3412 uint32_t tsn; 3413 sctp_data_hdr_t *sdc; 3414 ip6_pkt_t ipp; 3415 in6_addr_t src; 3416 in6_addr_t dst; 3417 uint_t ifindex; 3418 sctp_hdr_t *sctph; 3419 uint_t ip_hdr_len; 3420 mblk_t *dups = NULL; 3421 int recv_adaption; 3422 boolean_t wake_eager = B_FALSE; 3423 mblk_t *pinfo_mp; 3424 in_pktinfo_t *pinfo = NULL; 3425 in6_addr_t peer_src; 3426 int64_t now; 3427 3428 if (DB_TYPE(mp) != M_DATA) { 3429 ASSERT(DB_TYPE(mp) == M_CTL); 3430 if (MBLKL(mp) == sizeof (in_pktinfo_t) && 3431 ((in_pktinfo_t *)mp->b_rptr)->in_pkt_ulp_type == 3432 IN_PKTINFO) { 3433 pinfo = (in_pktinfo_t *)mp->b_rptr; 3434 pinfo_mp = mp; 3435 mp = mp->b_cont; 3436 } else { 3437 if (ipsec_mp != NULL) 3438 freeb(ipsec_mp); 3439 sctp_icmp_error(sctp, mp); 3440 return; 3441 } 3442 } 3443 ASSERT(DB_TYPE(mp) == M_DATA); 3444 3445 if (mp->b_cont != NULL) { 3446 /* 3447 * All subsequent code is vastly simplified if it can 3448 * assume a single contiguous chunk of data. 3449 */ 3450 if (pullupmsg(mp, -1) == 0) { 3451 BUMP_MIB(&ip_mib, ipInDiscards); 3452 if (ipsec_mp != NULL) 3453 freeb(ipsec_mp); 3454 if (pinfo != NULL) 3455 freeb(pinfo_mp); 3456 freemsg(mp); 3457 return; 3458 } 3459 } 3460 3461 BUMP_LOCAL(sctp->sctp_ipkts); 3462 sctph = find_sctp_hdrs(mp, &src, &dst, &ifindex, &ip_hdr_len, 3463 &ipp, pinfo); 3464 if (pinfo != NULL) 3465 freeb(pinfo_mp); 3466 mlen = mp->b_wptr - (uchar_t *)(sctph + 1); 3467 ch = sctp_first_chunk((uchar_t *)(sctph + 1), mlen); 3468 if (ch == NULL) { 3469 BUMP_MIB(&ip_mib, ipInDiscards); 3470 if (ipsec_mp != NULL) 3471 freeb(ipsec_mp); 3472 freemsg(mp); 3473 return; 3474 } 3475 3476 if (!sctp_check_input(sctp, ch, mlen, 1)) { 3477 BUMP_MIB(&ip_mib, ipInDiscards); 3478 goto done; 3479 } 3480 /* 3481 * Check verfication tag (special handling for INIT, 3482 * COOKIE, SHUTDOWN_COMPLETE and SHUTDOWN_ACK chunks). 3483 * ABORTs are handled in the chunk processing loop, since 3484 * may not appear first. All other checked chunks must 3485 * appear first, or will have been dropped by check_input(). 3486 */ 3487 switch (ch->sch_id) { 3488 case CHUNK_INIT: 3489 if (sctph->sh_verf != 0) { 3490 /* drop it */ 3491 goto done; 3492 } 3493 break; 3494 case CHUNK_SHUTDOWN_COMPLETE: 3495 if (sctph->sh_verf == sctp->sctp_lvtag) 3496 break; 3497 if (sctph->sh_verf == sctp->sctp_fvtag && 3498 SCTP_GET_TBIT(ch)) { 3499 break; 3500 } 3501 /* else drop it */ 3502 goto done; 3503 case CHUNK_ABORT: 3504 case CHUNK_COOKIE: 3505 /* handled below */ 3506 break; 3507 case CHUNK_SHUTDOWN_ACK: 3508 if (sctp->sctp_state > SCTPS_BOUND && 3509 sctp->sctp_state < SCTPS_ESTABLISHED) { 3510 /* treat as OOTB */ 3511 sctp_ootb_shutdown_ack(sctp, mp, ip_hdr_len); 3512 if (ipsec_mp != NULL) 3513 freeb(ipsec_mp); 3514 return; 3515 } 3516 /* else fallthru */ 3517 default: 3518 /* 3519 * All other packets must have a valid 3520 * verification tag, however if this is a 3521 * listener, we use a refined version of 3522 * out-of-the-blue logic. 3523 */ 3524 if (sctph->sh_verf != sctp->sctp_lvtag && 3525 sctp->sctp_state != SCTPS_LISTEN) { 3526 /* drop it */ 3527 goto done; 3528 } 3529 break; 3530 } 3531 3532 /* Have a valid sctp for this packet */ 3533 fp = sctp_lookup_faddr(sctp, &src); 3534 dprint(2, ("sctp_dispatch_rput: mp=%p fp=%p sctp=%p\n", (void *)mp, 3535 (void *)fp, (void *)sctp)); 3536 3537 gotdata = 0; 3538 trysend = 0; 3539 3540 now = lbolt64; 3541 /* Process the chunks */ 3542 do { 3543 dprint(3, ("sctp_dispatch_rput: state=%d, chunk id=%d\n", 3544 sctp->sctp_state, (int)(ch->sch_id))); 3545 3546 if (ch->sch_id == CHUNK_ABORT) { 3547 if (sctph->sh_verf != sctp->sctp_lvtag && 3548 sctph->sh_verf != sctp->sctp_fvtag) { 3549 /* drop it */ 3550 goto done; 3551 } 3552 } 3553 3554 switch (sctp->sctp_state) { 3555 3556 case SCTPS_ESTABLISHED: 3557 case SCTPS_SHUTDOWN_PENDING: 3558 case SCTPS_SHUTDOWN_SENT: 3559 switch (ch->sch_id) { 3560 case CHUNK_DATA: 3561 /* 0-length data chunks are not allowed */ 3562 if (ntohs(ch->sch_len) == sizeof (*sdc)) { 3563 sdc = (sctp_data_hdr_t *)ch; 3564 tsn = sdc->sdh_tsn; 3565 sctp_send_abort(sctp, sctp->sctp_fvtag, 3566 SCTP_ERR_NO_USR_DATA, (char *)&tsn, 3567 sizeof (tsn), mp, 0, B_FALSE); 3568 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3569 0, NULL); 3570 sctp_clean_death(sctp, ECONNABORTED); 3571 goto done; 3572 } 3573 3574 ASSERT(fp != NULL); 3575 sctp->sctp_lastdata = fp; 3576 sctp_data_chunk(sctp, ch, mp, &dups, fp, &ipp); 3577 gotdata = 1; 3578 /* Restart shutdown timer if shutting down */ 3579 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 3580 /* 3581 * If we have exceeded our max 3582 * wait bound for waiting for a 3583 * shutdown ack from the peer, 3584 * abort the association. 3585 */ 3586 if (sctp_shutack_wait_bound != 0 && 3587 TICK_TO_MSEC(now - 3588 sctp->sctp_out_time) > 3589 sctp_shutack_wait_bound) { 3590 sctp_send_abort(sctp, 3591 sctp->sctp_fvtag, 0, NULL, 3592 0, mp, 0, B_FALSE); 3593 sctp_assoc_event(sctp, 3594 SCTP_COMM_LOST, 0, NULL); 3595 sctp_clean_death(sctp, 3596 ECONNABORTED); 3597 goto done; 3598 } 3599 SCTP_FADDR_TIMER_RESTART(sctp, fp, 3600 fp->rto); 3601 } 3602 break; 3603 case CHUNK_SACK: 3604 ASSERT(fp != NULL); 3605 /* 3606 * Peer is real and alive if it can ack our 3607 * data. 3608 */ 3609 sctp_faddr_alive(sctp, fp); 3610 trysend = sctp_got_sack(sctp, ch); 3611 if (trysend < 0) { 3612 sctp_send_abort(sctp, sctph->sh_verf, 3613 0, NULL, 0, mp, 0, B_FALSE); 3614 sctp_assoc_event(sctp, 3615 SCTP_COMM_LOST, 0, NULL); 3616 sctp_clean_death(sctp, 3617 ECONNABORTED); 3618 goto done; 3619 } 3620 break; 3621 case CHUNK_HEARTBEAT: 3622 sctp_return_heartbeat(sctp, ch, mp); 3623 break; 3624 case CHUNK_HEARTBEAT_ACK: 3625 sctp_process_heartbeat(sctp, ch); 3626 break; 3627 case CHUNK_SHUTDOWN: 3628 sctp_shutdown_event(sctp); 3629 trysend = sctp_shutdown_received(sctp, ch, 3630 B_FALSE, B_FALSE, fp); 3631 BUMP_LOCAL(sctp->sctp_ibchunks); 3632 break; 3633 case CHUNK_SHUTDOWN_ACK: 3634 BUMP_LOCAL(sctp->sctp_ibchunks); 3635 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 3636 sctp_shutdown_complete(sctp); 3637 BUMP_MIB(&sctp_mib, sctpShutdowns); 3638 sctp_assoc_event(sctp, 3639 SCTP_SHUTDOWN_COMP, 0, NULL); 3640 sctp_clean_death(sctp, 0); 3641 goto done; 3642 } 3643 break; 3644 case CHUNK_ABORT: { 3645 sctp_saddr_ipif_t *sp; 3646 3647 /* Ignore if delete pending */ 3648 sp = sctp_saddr_lookup(sctp, &dst, 0); 3649 ASSERT(sp != NULL); 3650 if (sp->saddr_ipif_delete_pending) { 3651 BUMP_LOCAL(sctp->sctp_ibchunks); 3652 break; 3653 } 3654 3655 sctp_process_abort(sctp, ch, ECONNRESET); 3656 goto done; 3657 } 3658 case CHUNK_INIT: 3659 sctp_send_initack(sctp, sctph, ch, mp); 3660 break; 3661 case CHUNK_COOKIE: 3662 if (sctp_process_cookie(sctp, ch, mp, &iack, 3663 sctph, &recv_adaption, NULL) != -1) { 3664 sctp_send_cookie_ack(sctp); 3665 sctp_assoc_event(sctp, SCTP_RESTART, 3666 0, NULL); 3667 if (recv_adaption) { 3668 sctp->sctp_recv_adaption = 1; 3669 sctp_adaption_event(sctp); 3670 } 3671 } else { 3672 BUMP_MIB(&sctp_mib, 3673 sctpInInvalidCookie); 3674 } 3675 break; 3676 case CHUNK_ERROR: { 3677 int error; 3678 3679 BUMP_LOCAL(sctp->sctp_ibchunks); 3680 error = sctp_handle_error(sctp, sctph, ch, mp); 3681 if (error != 0) { 3682 sctp_clean_death(sctp, error); 3683 goto done; 3684 } 3685 break; 3686 } 3687 case CHUNK_ASCONF: 3688 ASSERT(fp != NULL); 3689 sctp_input_asconf(sctp, ch, fp); 3690 BUMP_LOCAL(sctp->sctp_ibchunks); 3691 break; 3692 case CHUNK_ASCONF_ACK: 3693 ASSERT(fp != NULL); 3694 sctp_faddr_alive(sctp, fp); 3695 sctp_input_asconf_ack(sctp, ch, fp); 3696 BUMP_LOCAL(sctp->sctp_ibchunks); 3697 break; 3698 case CHUNK_FORWARD_TSN: 3699 ASSERT(fp != NULL); 3700 sctp->sctp_lastdata = fp; 3701 sctp_process_forward_tsn(sctp, ch, fp, &ipp); 3702 gotdata = 1; 3703 BUMP_LOCAL(sctp->sctp_ibchunks); 3704 break; 3705 default: 3706 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 3707 goto nomorechunks; 3708 } /* else skip and continue processing */ 3709 break; 3710 } 3711 break; 3712 3713 case SCTPS_LISTEN: 3714 switch (ch->sch_id) { 3715 case CHUNK_INIT: 3716 sctp_send_initack(sctp, sctph, ch, mp); 3717 break; 3718 case CHUNK_COOKIE: { 3719 sctp_t *eager; 3720 3721 if (sctp_process_cookie(sctp, ch, mp, &iack, 3722 sctph, &recv_adaption, &peer_src) == -1) { 3723 BUMP_MIB(&sctp_mib, 3724 sctpInInvalidCookie); 3725 goto done; 3726 } 3727 3728 /* 3729 * The cookie is good; ensure that 3730 * the peer used the verification 3731 * tag from the init ack in the header. 3732 */ 3733 if (iack->sic_inittag != sctph->sh_verf) 3734 goto done; 3735 3736 eager = sctp_conn_request(sctp, mp, ifindex, 3737 ip_hdr_len, iack, ipsec_mp); 3738 if (eager == NULL) { 3739 sctp_send_abort(sctp, sctph->sh_verf, 3740 SCTP_ERR_NO_RESOURCES, NULL, 0, mp, 3741 0, B_FALSE); 3742 goto done; 3743 } 3744 3745 /* 3746 * If there were extra chunks 3747 * bundled with the cookie, 3748 * they must be processed 3749 * on the eager's queue. We 3750 * accomplish this by refeeding 3751 * the whole packet into the 3752 * state machine on the right 3753 * q. The packet (mp) gets 3754 * there via the eager's 3755 * cookie_mp field (overloaded 3756 * with the active open role). 3757 * This is picked up when 3758 * processing the null bind 3759 * request put on the eager's 3760 * q by sctp_accept(). We must 3761 * first revert the cookie 3762 * chunk's length field to network 3763 * byteorder so it can be 3764 * properly reprocessed on the 3765 * eager's queue. 3766 */ 3767 BUMP_MIB(&sctp_mib, sctpPassiveEstab); 3768 if (mlen > ntohs(ch->sch_len)) { 3769 eager->sctp_cookie_mp = dupb(mp); 3770 mblk_setcred(eager->sctp_cookie_mp, 3771 CONN_CRED(eager->sctp_connp)); 3772 /* 3773 * If no mem, just let 3774 * the peer retransmit. 3775 */ 3776 } 3777 sctp_assoc_event(eager, SCTP_COMM_UP, 0, NULL); 3778 if (recv_adaption) { 3779 eager->sctp_recv_adaption = 1; 3780 eager->sctp_rx_adaption_code = 3781 sctp->sctp_rx_adaption_code; 3782 sctp_adaption_event(eager); 3783 } 3784 3785 eager->sctp_active = now; 3786 sctp_send_cookie_ack(eager); 3787 3788 wake_eager = B_TRUE; 3789 3790 /* 3791 * Process rest of the chunks with eager. 3792 */ 3793 sctp = eager; 3794 fp = sctp_lookup_faddr(sctp, &peer_src); 3795 /* 3796 * Confirm peer's original source. fp can 3797 * only be NULL if peer does not use the 3798 * original source as one of its addresses... 3799 */ 3800 if (fp == NULL) 3801 fp = sctp_lookup_faddr(sctp, &src); 3802 else 3803 sctp_faddr_alive(sctp, fp); 3804 3805 /* 3806 * Validate the peer addresses. It also starts 3807 * the heartbeat timer. 3808 */ 3809 sctp_validate_peer(sctp); 3810 break; 3811 } 3812 /* Anything else is considered out-of-the-blue */ 3813 case CHUNK_ERROR: 3814 case CHUNK_ABORT: 3815 case CHUNK_COOKIE_ACK: 3816 case CHUNK_SHUTDOWN_COMPLETE: 3817 BUMP_LOCAL(sctp->sctp_ibchunks); 3818 goto done; 3819 default: 3820 BUMP_LOCAL(sctp->sctp_ibchunks); 3821 sctp_send_abort(sctp, sctph->sh_verf, 0, NULL, 3822 0, mp, 0, B_TRUE); 3823 goto done; 3824 } 3825 break; 3826 3827 case SCTPS_COOKIE_WAIT: 3828 switch (ch->sch_id) { 3829 case CHUNK_INIT_ACK: 3830 sctp_stop_faddr_timers(sctp); 3831 sctp_faddr_alive(sctp, sctp->sctp_current); 3832 sctp_send_cookie_echo(sctp, ch, mp); 3833 BUMP_LOCAL(sctp->sctp_ibchunks); 3834 break; 3835 case CHUNK_ABORT: 3836 sctp_process_abort(sctp, ch, ECONNREFUSED); 3837 goto done; 3838 case CHUNK_INIT: 3839 sctp_send_initack(sctp, sctph, ch, mp); 3840 break; 3841 case CHUNK_COOKIE: 3842 if (sctp_process_cookie(sctp, ch, mp, &iack, 3843 sctph, &recv_adaption, NULL) == -1) { 3844 BUMP_MIB(&sctp_mib, 3845 sctpInInvalidCookie); 3846 break; 3847 } 3848 sctp_send_cookie_ack(sctp); 3849 sctp_stop_faddr_timers(sctp); 3850 if (!SCTP_IS_DETACHED(sctp)) { 3851 sctp->sctp_ulp_connected(sctp->sctp_ulpd); 3852 sctp_set_ulp_prop(sctp); 3853 } 3854 sctp->sctp_state = SCTPS_ESTABLISHED; 3855 sctp->sctp_assoc_start_time = (uint32_t)lbolt; 3856 BUMP_MIB(&sctp_mib, sctpActiveEstab); 3857 if (sctp->sctp_cookie_mp) { 3858 freemsg(sctp->sctp_cookie_mp); 3859 sctp->sctp_cookie_mp = NULL; 3860 } 3861 3862 /* Validate the peer addresses. */ 3863 sctp->sctp_active = now; 3864 sctp_validate_peer(sctp); 3865 3866 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 3867 if (recv_adaption) { 3868 sctp->sctp_recv_adaption = 1; 3869 sctp_adaption_event(sctp); 3870 } 3871 /* Try sending queued data, or ASCONFs */ 3872 trysend = 1; 3873 break; 3874 default: 3875 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 3876 goto nomorechunks; 3877 } /* else skip and continue processing */ 3878 break; 3879 } 3880 break; 3881 3882 case SCTPS_COOKIE_ECHOED: 3883 switch (ch->sch_id) { 3884 case CHUNK_COOKIE_ACK: 3885 if (!SCTP_IS_DETACHED(sctp)) { 3886 sctp->sctp_ulp_connected(sctp->sctp_ulpd); 3887 sctp_set_ulp_prop(sctp); 3888 } 3889 if (sctp->sctp_unacked == 0) 3890 sctp_stop_faddr_timers(sctp); 3891 sctp->sctp_state = SCTPS_ESTABLISHED; 3892 sctp->sctp_assoc_start_time = (uint32_t)lbolt; 3893 BUMP_MIB(&sctp_mib, sctpActiveEstab); 3894 BUMP_LOCAL(sctp->sctp_ibchunks); 3895 if (sctp->sctp_cookie_mp) { 3896 freemsg(sctp->sctp_cookie_mp); 3897 sctp->sctp_cookie_mp = NULL; 3898 } 3899 sctp_faddr_alive(sctp, fp); 3900 /* Validate the peer addresses. */ 3901 sctp->sctp_active = now; 3902 sctp_validate_peer(sctp); 3903 3904 /* Try sending queued data, or ASCONFs */ 3905 trysend = 1; 3906 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 3907 sctp_adaption_event(sctp); 3908 break; 3909 case CHUNK_ABORT: 3910 sctp_process_abort(sctp, ch, ECONNREFUSED); 3911 goto done; 3912 case CHUNK_COOKIE: 3913 if (sctp_process_cookie(sctp, ch, mp, &iack, 3914 sctph, &recv_adaption, NULL) == -1) { 3915 BUMP_MIB(&sctp_mib, 3916 sctpInInvalidCookie); 3917 break; 3918 } 3919 sctp_send_cookie_ack(sctp); 3920 3921 if (!SCTP_IS_DETACHED(sctp)) { 3922 sctp->sctp_ulp_connected(sctp->sctp_ulpd); 3923 sctp_set_ulp_prop(sctp); 3924 } 3925 if (sctp->sctp_unacked == 0) 3926 sctp_stop_faddr_timers(sctp); 3927 sctp->sctp_state = SCTPS_ESTABLISHED; 3928 sctp->sctp_assoc_start_time = (uint32_t)lbolt; 3929 BUMP_MIB(&sctp_mib, sctpActiveEstab); 3930 if (sctp->sctp_cookie_mp) { 3931 freemsg(sctp->sctp_cookie_mp); 3932 sctp->sctp_cookie_mp = NULL; 3933 } 3934 /* Validate the peer addresses. */ 3935 sctp->sctp_active = now; 3936 sctp_validate_peer(sctp); 3937 3938 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 3939 if (recv_adaption) { 3940 sctp->sctp_recv_adaption = 1; 3941 sctp_adaption_event(sctp); 3942 } 3943 /* Try sending queued data, or ASCONFs */ 3944 trysend = 1; 3945 break; 3946 case CHUNK_INIT: 3947 sctp_send_initack(sctp, sctph, ch, mp); 3948 break; 3949 case CHUNK_ERROR: { 3950 sctp_parm_hdr_t *p; 3951 3952 BUMP_LOCAL(sctp->sctp_ibchunks); 3953 /* check for a stale cookie */ 3954 if (ntohs(ch->sch_len) >= 3955 (sizeof (*p) + sizeof (*ch)) + 3956 sizeof (uint32_t)) { 3957 3958 p = (sctp_parm_hdr_t *)(ch + 1); 3959 if (p->sph_type == 3960 htons(SCTP_ERR_STALE_COOKIE)) { 3961 BUMP_MIB(&sctp_mib, 3962 sctpAborted); 3963 sctp_error_event(sctp, ch); 3964 sctp_clean_death(sctp, 3965 ECONNREFUSED); 3966 goto done; 3967 } 3968 } 3969 break; 3970 } 3971 case CHUNK_HEARTBEAT: 3972 sctp_return_heartbeat(sctp, ch, mp); 3973 break; 3974 default: 3975 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 3976 goto nomorechunks; 3977 } /* else skip and continue processing */ 3978 } /* switch (ch->sch_id) */ 3979 break; 3980 3981 case SCTPS_SHUTDOWN_ACK_SENT: 3982 switch (ch->sch_id) { 3983 case CHUNK_ABORT: 3984 /* Pass gathered wisdom to IP for keeping */ 3985 sctp_update_ire(sctp); 3986 sctp_process_abort(sctp, ch, 0); 3987 goto done; 3988 case CHUNK_SHUTDOWN_COMPLETE: 3989 BUMP_LOCAL(sctp->sctp_ibchunks); 3990 BUMP_MIB(&sctp_mib, sctpShutdowns); 3991 sctp_assoc_event(sctp, SCTP_SHUTDOWN_COMP, 0, 3992 NULL); 3993 3994 /* Pass gathered wisdom to IP for keeping */ 3995 sctp_update_ire(sctp); 3996 sctp_clean_death(sctp, 0); 3997 goto done; 3998 case CHUNK_SHUTDOWN_ACK: 3999 sctp_shutdown_complete(sctp); 4000 BUMP_LOCAL(sctp->sctp_ibchunks); 4001 BUMP_MIB(&sctp_mib, sctpShutdowns); 4002 sctp_assoc_event(sctp, SCTP_SHUTDOWN_COMP, 0, 4003 NULL); 4004 sctp_clean_death(sctp, 0); 4005 goto done; 4006 case CHUNK_COOKIE: 4007 (void) sctp_shutdown_received(sctp, NULL, 4008 B_TRUE, B_FALSE, fp); 4009 BUMP_LOCAL(sctp->sctp_ibchunks); 4010 break; 4011 case CHUNK_HEARTBEAT: 4012 sctp_return_heartbeat(sctp, ch, mp); 4013 break; 4014 default: 4015 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4016 goto nomorechunks; 4017 } /* else skip and continue processing */ 4018 break; 4019 } 4020 break; 4021 4022 case SCTPS_SHUTDOWN_RECEIVED: 4023 switch (ch->sch_id) { 4024 case CHUNK_SHUTDOWN: 4025 trysend = sctp_shutdown_received(sctp, ch, 4026 B_FALSE, B_FALSE, fp); 4027 break; 4028 case CHUNK_SACK: 4029 trysend = sctp_got_sack(sctp, ch); 4030 if (trysend < 0) { 4031 sctp_send_abort(sctp, sctph->sh_verf, 4032 0, NULL, 0, mp, 0, B_FALSE); 4033 sctp_assoc_event(sctp, 4034 SCTP_COMM_LOST, 0, NULL); 4035 sctp_clean_death(sctp, 4036 ECONNABORTED); 4037 goto done; 4038 } 4039 break; 4040 case CHUNK_ABORT: 4041 sctp_process_abort(sctp, ch, ECONNRESET); 4042 goto done; 4043 case CHUNK_HEARTBEAT: 4044 sctp_return_heartbeat(sctp, ch, mp); 4045 break; 4046 default: 4047 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4048 goto nomorechunks; 4049 } /* else skip and continue processing */ 4050 break; 4051 } 4052 break; 4053 4054 default: 4055 /* 4056 * The only remaining states are SCTPS_IDLE and 4057 * SCTPS_BOUND, and we should not be getting here 4058 * for these. 4059 */ 4060 ASSERT(0); 4061 } /* switch (sctp->sctp_state) */ 4062 4063 ch = sctp_next_chunk(ch, &mlen); 4064 if (ch != NULL && !sctp_check_input(sctp, ch, mlen, 0)) 4065 goto done; 4066 } while (ch != NULL); 4067 4068 /* Finished processing all chunks in packet */ 4069 4070 nomorechunks: 4071 /* SACK if necessary */ 4072 if (gotdata) { 4073 (sctp->sctp_sack_toggle)++; 4074 sctp_sack(sctp, dups); 4075 dups = NULL; 4076 4077 if (!sctp->sctp_ack_timer_running) { 4078 sctp->sctp_ack_timer_running = B_TRUE; 4079 sctp_timer(sctp, sctp->sctp_ack_mp, 4080 MSEC_TO_TICK(sctp_deferred_ack_interval)); 4081 } 4082 } 4083 4084 if (trysend) { 4085 sctp_output(sctp); 4086 if (sctp->sctp_cxmit_list != NULL) 4087 sctp_wput_asconf(sctp, NULL); 4088 } 4089 /* If there is unsent data, make sure a timer is running */ 4090 if (sctp->sctp_unsent > 0 && !sctp->sctp_current->timer_running) { 4091 SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current, 4092 sctp->sctp_current->rto); 4093 } 4094 4095 done: 4096 if (dups != NULL) 4097 freeb(dups); 4098 if (ipsec_mp != NULL) 4099 freeb(ipsec_mp); 4100 freemsg(mp); 4101 4102 if (wake_eager) { 4103 /* 4104 * sctp points to newly created control block, need to 4105 * release it before exiting. Before releasing it and 4106 * processing the sendq, need to grab a hold on it. 4107 * Otherwise, another thread can close it while processing 4108 * the sendq. 4109 */ 4110 SCTP_REFHOLD(sctp); 4111 WAKE_SCTP(sctp); 4112 sctp_process_sendq(sctp); 4113 SCTP_REFRELE(sctp); 4114 } 4115 } 4116 4117 /* 4118 * Some amount of data got removed from rx q. 4119 * Check if we should send a window update. 4120 * 4121 * Due to way sctp_rwnd updates are made, ULP can give reports out-of-order. 4122 * To keep from dropping incoming data due to this, we only update 4123 * sctp_rwnd when if it's larger than what we've reported to peer earlier. 4124 */ 4125 void 4126 sctp_recvd(sctp_t *sctp, int len) 4127 { 4128 int32_t old, new; 4129 4130 ASSERT(sctp != NULL); 4131 RUN_SCTP(sctp); 4132 4133 if (len < sctp->sctp_rwnd) { 4134 WAKE_SCTP(sctp); 4135 return; 4136 } 4137 ASSERT(sctp->sctp_rwnd >= sctp->sctp_rxqueued); 4138 old = sctp->sctp_rwnd - sctp->sctp_rxqueued; 4139 new = len - sctp->sctp_rxqueued; 4140 sctp->sctp_rwnd = len; 4141 4142 if (sctp->sctp_state >= SCTPS_ESTABLISHED && 4143 ((old <= new >> 1) || (old < sctp->sctp_mss))) { 4144 sctp->sctp_force_sack = 1; 4145 BUMP_MIB(&sctp_mib, sctpOutWinUpdate); 4146 sctp_sack(sctp, NULL); 4147 old = 1; 4148 } else { 4149 old = 0; 4150 } 4151 WAKE_SCTP(sctp); 4152 if (old > 0) { 4153 sctp_process_sendq(sctp); 4154 } 4155 } 4156