1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/systm.h> 28 #include <sys/stream.h> 29 #include <sys/cmn_err.h> 30 #include <sys/kmem.h> 31 #define _SUN_TPI_VERSION 2 32 #include <sys/tihdr.h> 33 #include <sys/socket.h> 34 #include <sys/strsun.h> 35 #include <sys/strsubr.h> 36 37 #include <netinet/in.h> 38 #include <netinet/ip6.h> 39 #include <netinet/tcp_seq.h> 40 #include <netinet/sctp.h> 41 42 #include <inet/common.h> 43 #include <inet/ip.h> 44 #include <inet/ip_if.h> 45 #include <inet/ip6.h> 46 #include <inet/mib2.h> 47 #include <inet/ipclassifier.h> 48 #include <inet/ipp_common.h> 49 #include <inet/ipsec_impl.h> 50 #include <inet/sctp_ip.h> 51 52 #include "sctp_impl.h" 53 #include "sctp_asconf.h" 54 #include "sctp_addr.h" 55 56 static struct kmem_cache *sctp_kmem_set_cache; 57 58 /* 59 * PR-SCTP comments. 60 * 61 * When we get a valid Forward TSN chunk, we check the fragment list for this 62 * SSN and preceeding SSNs free all them. Further, if this Forward TSN causes 63 * the next expected SSN to be present in the stream queue, we deliver any 64 * such stranded messages upstream. We also update the SACK info. appropriately. 65 * When checking for advancing the cumulative ack (in sctp_cumack()) we must 66 * check for abandoned chunks and messages. While traversing the tramsmit 67 * list if we come across an abandoned chunk, we can skip the message (i.e. 68 * take it out of the (re)transmit list) since this message, and hence this 69 * chunk, has been marked abandoned by sctp_rexmit(). If we come across an 70 * unsent chunk for a message this now abandoned we need to check if a 71 * Forward TSN needs to be sent, this could be a case where we deferred sending 72 * a Forward TSN in sctp_get_msg_to_send(). Further, after processing a 73 * SACK we check if the Advanced peer ack point can be moved ahead, i.e. 74 * if we can send a Forward TSN via sctp_check_abandoned_data(). 75 */ 76 void 77 sctp_free_set(sctp_set_t *s) 78 { 79 sctp_set_t *p; 80 81 while (s) { 82 p = s->next; 83 kmem_cache_free(sctp_kmem_set_cache, s); 84 s = p; 85 } 86 } 87 88 static void 89 sctp_ack_add(sctp_set_t **head, uint32_t tsn, int *num) 90 { 91 sctp_set_t *p, *t; 92 93 if (head == NULL || num == NULL) 94 return; 95 96 ASSERT(*num >= 0); 97 ASSERT((*num == 0 && *head == NULL) || (*num > 0 && *head != NULL)); 98 99 if (*head == NULL) { 100 *head = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 101 if (*head == NULL) 102 return; 103 (*head)->prev = (*head)->next = NULL; 104 (*head)->begin = tsn; 105 (*head)->end = tsn; 106 *num = 1; 107 return; 108 } 109 110 ASSERT((*head)->prev == NULL); 111 112 /* 113 * Handle this special case here so we don't have to check 114 * for it each time in the loop. 115 */ 116 if (SEQ_LT(tsn + 1, (*head)->begin)) { 117 /* add a new set, and move the head pointer */ 118 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 119 if (t == NULL) 120 return; 121 t->next = *head; 122 t->prev = NULL; 123 (*head)->prev = t; 124 t->begin = tsn; 125 t->end = tsn; 126 (*num)++; 127 *head = t; 128 return; 129 } 130 131 /* 132 * We need to handle the following cases, where p points to 133 * the current set (as we walk through the loop): 134 * 135 * 1. tsn is entirely less than p; create a new set before p. 136 * 2. tsn borders p from less; coalesce p with tsn. 137 * 3. tsn is withing p; do nothing. 138 * 4. tsn borders p from greater; coalesce p with tsn. 139 * 4a. p may now border p->next from less; if so, coalesce those 140 * two sets. 141 * 5. tsn is entirely greater then all sets; add a new set at 142 * the end. 143 */ 144 for (p = *head; ; p = p->next) { 145 if (SEQ_LT(tsn + 1, p->begin)) { 146 /* 1: add a new set before p. */ 147 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 148 if (t == NULL) 149 return; 150 t->next = p; 151 t->prev = NULL; 152 t->begin = tsn; 153 t->end = tsn; 154 if (p->prev) { 155 t->prev = p->prev; 156 p->prev->next = t; 157 } 158 p->prev = t; 159 (*num)++; 160 return; 161 } 162 163 if ((tsn + 1) == p->begin) { 164 /* 2: adjust p->begin */ 165 p->begin = tsn; 166 return; 167 } 168 169 if (SEQ_GEQ(tsn, p->begin) && SEQ_LEQ(tsn, p->end)) { 170 /* 3; do nothing */ 171 return; 172 } 173 174 if ((p->end + 1) == tsn) { 175 /* 4; adjust p->end */ 176 p->end = tsn; 177 178 if (p->next != NULL && (tsn + 1) == p->next->begin) { 179 /* 4a: coalesce p and p->next */ 180 t = p->next; 181 p->end = t->end; 182 p->next = t->next; 183 if (t->next != NULL) 184 t->next->prev = p; 185 kmem_cache_free(sctp_kmem_set_cache, t); 186 (*num)--; 187 } 188 return; 189 } 190 191 if (p->next == NULL) { 192 /* 5: add new set at the end */ 193 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 194 if (t == NULL) 195 return; 196 t->next = NULL; 197 t->prev = p; 198 t->begin = tsn; 199 t->end = tsn; 200 p->next = t; 201 (*num)++; 202 return; 203 } 204 205 if (SEQ_GT(tsn, p->end + 1)) 206 continue; 207 } 208 } 209 210 static void 211 sctp_ack_rem(sctp_set_t **head, uint32_t end, int *num) 212 { 213 sctp_set_t *p, *t; 214 215 if (head == NULL || *head == NULL || num == NULL) 216 return; 217 218 /* Nothing to remove */ 219 if (SEQ_LT(end, (*head)->begin)) 220 return; 221 222 /* Find out where to start removing sets */ 223 for (p = *head; p->next; p = p->next) { 224 if (SEQ_LEQ(end, p->end)) 225 break; 226 } 227 228 if (SEQ_LT(end, p->end) && SEQ_GEQ(end, p->begin)) { 229 /* adjust p */ 230 p->begin = end + 1; 231 /* all done */ 232 if (p == *head) 233 return; 234 } else if (SEQ_GEQ(end, p->end)) { 235 /* remove this set too */ 236 p = p->next; 237 } 238 239 /* unlink everything before this set */ 240 t = *head; 241 *head = p; 242 if (p != NULL && p->prev != NULL) { 243 p->prev->next = NULL; 244 p->prev = NULL; 245 } 246 247 sctp_free_set(t); 248 249 /* recount the number of sets */ 250 *num = 0; 251 252 for (p = *head; p != NULL; p = p->next) 253 (*num)++; 254 } 255 256 void 257 sctp_sets_init() 258 { 259 sctp_kmem_set_cache = kmem_cache_create("sctp_set_cache", 260 sizeof (sctp_set_t), 0, NULL, NULL, NULL, NULL, 261 NULL, 0); 262 } 263 264 void 265 sctp_sets_fini() 266 { 267 kmem_cache_destroy(sctp_kmem_set_cache); 268 } 269 270 sctp_chunk_hdr_t * 271 sctp_first_chunk(uchar_t *rptr, ssize_t remaining) 272 { 273 sctp_chunk_hdr_t *ch; 274 uint16_t ch_len; 275 276 if (remaining < sizeof (*ch)) { 277 return (NULL); 278 } 279 280 ch = (sctp_chunk_hdr_t *)rptr; 281 ch_len = ntohs(ch->sch_len); 282 283 if (ch_len < sizeof (*ch) || remaining < ch_len) { 284 return (NULL); 285 } 286 287 return (ch); 288 } 289 290 sctp_chunk_hdr_t * 291 sctp_next_chunk(sctp_chunk_hdr_t *ch, ssize_t *remaining) 292 { 293 int pad; 294 uint16_t ch_len; 295 296 if (!ch) { 297 return (NULL); 298 } 299 300 ch_len = ntohs(ch->sch_len); 301 302 if ((pad = ch_len & (SCTP_ALIGN - 1)) != 0) { 303 pad = SCTP_ALIGN - pad; 304 } 305 306 *remaining -= (ch_len + pad); 307 ch = (sctp_chunk_hdr_t *)((char *)ch + ch_len + pad); 308 309 return (sctp_first_chunk((uchar_t *)ch, *remaining)); 310 } 311 312 /* 313 * Attach ancillary data to a received SCTP segments. 314 * If the source address (fp) is not the primary, send up a 315 * unitdata_ind so recvfrom() can populate the msg_name field. 316 * If ancillary data is also requested, we append it to the 317 * unitdata_req. Otherwise, we just send up an optdata_ind. 318 */ 319 static int 320 sctp_input_add_ancillary(sctp_t *sctp, mblk_t **mp, sctp_data_hdr_t *dcp, 321 sctp_faddr_t *fp, ip_pkt_t *ipp, ip_recv_attr_t *ira) 322 { 323 struct T_unitdata_ind *tudi; 324 int optlen; 325 int hdrlen; 326 uchar_t *optptr; 327 struct cmsghdr *cmsg; 328 mblk_t *mp1; 329 struct sockaddr_in6 sin_buf[1]; 330 struct sockaddr_in6 *sin6; 331 struct sockaddr_in *sin4; 332 crb_t addflag; /* Which pieces to add */ 333 conn_t *connp = sctp->sctp_connp; 334 335 sin4 = NULL; 336 sin6 = NULL; 337 338 optlen = hdrlen = 0; 339 addflag.crb_all = 0; 340 341 /* Figure out address size */ 342 if (connp->conn_family == AF_INET) { 343 sin4 = (struct sockaddr_in *)sin_buf; 344 sin4->sin_family = AF_INET; 345 sin4->sin_port = connp->conn_fport; 346 IN6_V4MAPPED_TO_IPADDR(&fp->sf_faddr, sin4->sin_addr.s_addr); 347 hdrlen = sizeof (*tudi) + sizeof (*sin4); 348 } else { 349 sin6 = sin_buf; 350 sin6->sin6_family = AF_INET6; 351 sin6->sin6_port = connp->conn_fport; 352 sin6->sin6_addr = fp->sf_faddr; 353 hdrlen = sizeof (*tudi) + sizeof (*sin6); 354 } 355 /* If app asked to receive send / recv info */ 356 if (sctp->sctp_recvsndrcvinfo) 357 optlen += sizeof (*cmsg) + sizeof (struct sctp_sndrcvinfo); 358 359 if (connp->conn_recv_ancillary.crb_all == 0) 360 goto noancillary; 361 362 if (connp->conn_recv_ancillary.crb_ip_recvpktinfo && 363 ira->ira_ruifindex != sctp->sctp_recvifindex) { 364 optlen += sizeof (*cmsg) + sizeof (struct in6_pktinfo); 365 if (hdrlen == 0) 366 hdrlen = sizeof (struct T_unitdata_ind); 367 addflag.crb_ip_recvpktinfo = 1; 368 } 369 /* If app asked for hoplimit and it has changed ... */ 370 if (connp->conn_recv_ancillary.crb_ipv6_recvhoplimit && 371 ipp->ipp_hoplimit != sctp->sctp_recvhops) { 372 optlen += sizeof (*cmsg) + sizeof (uint_t); 373 if (hdrlen == 0) 374 hdrlen = sizeof (struct T_unitdata_ind); 375 addflag.crb_ipv6_recvhoplimit = 1; 376 } 377 /* If app asked for tclass and it has changed ... */ 378 if (connp->conn_recv_ancillary.crb_ipv6_recvtclass && 379 ipp->ipp_tclass != sctp->sctp_recvtclass) { 380 optlen += sizeof (struct T_opthdr) + sizeof (uint_t); 381 if (hdrlen == 0) 382 hdrlen = sizeof (struct T_unitdata_ind); 383 addflag.crb_ipv6_recvtclass = 1; 384 } 385 /* If app asked for hopbyhop headers and it has changed ... */ 386 if (connp->conn_recv_ancillary.crb_ipv6_recvhopopts && 387 ip_cmpbuf(sctp->sctp_hopopts, sctp->sctp_hopoptslen, 388 (ipp->ipp_fields & IPPF_HOPOPTS), 389 ipp->ipp_hopopts, ipp->ipp_hopoptslen)) { 390 optlen += sizeof (*cmsg) + ipp->ipp_hopoptslen - 391 sctp->sctp_v6label_len; 392 if (hdrlen == 0) 393 hdrlen = sizeof (struct T_unitdata_ind); 394 addflag.crb_ipv6_recvhopopts = 1; 395 if (!ip_allocbuf((void **)&sctp->sctp_hopopts, 396 &sctp->sctp_hopoptslen, 397 (ipp->ipp_fields & IPPF_HOPOPTS), 398 ipp->ipp_hopopts, ipp->ipp_hopoptslen)) 399 return (-1); 400 } 401 /* If app asked for dst headers before routing headers ... */ 402 if (connp->conn_recv_ancillary.crb_ipv6_recvrthdrdstopts && 403 ip_cmpbuf(sctp->sctp_rthdrdstopts, sctp->sctp_rthdrdstoptslen, 404 (ipp->ipp_fields & IPPF_RTHDRDSTOPTS), 405 ipp->ipp_rthdrdstopts, ipp->ipp_rthdrdstoptslen)) { 406 optlen += sizeof (*cmsg) + ipp->ipp_rthdrdstoptslen; 407 if (hdrlen == 0) 408 hdrlen = sizeof (struct T_unitdata_ind); 409 addflag.crb_ipv6_recvrthdrdstopts = 1; 410 if (!ip_allocbuf((void **)&sctp->sctp_rthdrdstopts, 411 &sctp->sctp_rthdrdstoptslen, 412 (ipp->ipp_fields & IPPF_RTHDRDSTOPTS), 413 ipp->ipp_rthdrdstopts, ipp->ipp_rthdrdstoptslen)) 414 return (-1); 415 } 416 /* If app asked for routing headers and it has changed ... */ 417 if (connp->conn_recv_ancillary.crb_ipv6_recvrthdr && 418 ip_cmpbuf(sctp->sctp_rthdr, sctp->sctp_rthdrlen, 419 (ipp->ipp_fields & IPPF_RTHDR), 420 ipp->ipp_rthdr, ipp->ipp_rthdrlen)) { 421 optlen += sizeof (*cmsg) + ipp->ipp_rthdrlen; 422 if (hdrlen == 0) 423 hdrlen = sizeof (struct T_unitdata_ind); 424 addflag.crb_ipv6_recvrthdr = 1; 425 if (!ip_allocbuf((void **)&sctp->sctp_rthdr, 426 &sctp->sctp_rthdrlen, 427 (ipp->ipp_fields & IPPF_RTHDR), 428 ipp->ipp_rthdr, ipp->ipp_rthdrlen)) 429 return (-1); 430 } 431 /* If app asked for dest headers and it has changed ... */ 432 if (connp->conn_recv_ancillary.crb_ipv6_recvdstopts && 433 ip_cmpbuf(sctp->sctp_dstopts, sctp->sctp_dstoptslen, 434 (ipp->ipp_fields & IPPF_DSTOPTS), 435 ipp->ipp_dstopts, ipp->ipp_dstoptslen)) { 436 optlen += sizeof (*cmsg) + ipp->ipp_dstoptslen; 437 if (hdrlen == 0) 438 hdrlen = sizeof (struct T_unitdata_ind); 439 addflag.crb_ipv6_recvdstopts = 1; 440 if (!ip_allocbuf((void **)&sctp->sctp_dstopts, 441 &sctp->sctp_dstoptslen, 442 (ipp->ipp_fields & IPPF_DSTOPTS), 443 ipp->ipp_dstopts, ipp->ipp_dstoptslen)) 444 return (-1); 445 } 446 noancillary: 447 /* Nothing to add */ 448 if (hdrlen == 0) 449 return (-1); 450 451 mp1 = allocb(hdrlen + optlen + sizeof (void *), BPRI_MED); 452 if (mp1 == NULL) 453 return (-1); 454 mp1->b_cont = *mp; 455 *mp = mp1; 456 mp1->b_rptr += sizeof (void *); /* pointer worth of padding */ 457 mp1->b_wptr = mp1->b_rptr + hdrlen + optlen; 458 DB_TYPE(mp1) = M_PROTO; 459 tudi = (struct T_unitdata_ind *)mp1->b_rptr; 460 tudi->PRIM_type = T_UNITDATA_IND; 461 tudi->SRC_length = sin4 ? sizeof (*sin4) : sizeof (*sin6); 462 tudi->SRC_offset = sizeof (*tudi); 463 tudi->OPT_offset = sizeof (*tudi) + tudi->SRC_length; 464 tudi->OPT_length = optlen; 465 if (sin4) { 466 bcopy(sin4, tudi + 1, sizeof (*sin4)); 467 } else { 468 bcopy(sin6, tudi + 1, sizeof (*sin6)); 469 } 470 optptr = (uchar_t *)tudi + tudi->OPT_offset; 471 472 if (sctp->sctp_recvsndrcvinfo) { 473 /* XXX need backout method if memory allocation fails. */ 474 struct sctp_sndrcvinfo *sri; 475 476 cmsg = (struct cmsghdr *)optptr; 477 cmsg->cmsg_level = IPPROTO_SCTP; 478 cmsg->cmsg_type = SCTP_SNDRCV; 479 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (*sri); 480 optptr += sizeof (*cmsg); 481 482 sri = (struct sctp_sndrcvinfo *)(cmsg + 1); 483 ASSERT(OK_32PTR(sri)); 484 sri->sinfo_stream = ntohs(dcp->sdh_sid); 485 sri->sinfo_ssn = ntohs(dcp->sdh_ssn); 486 if (SCTP_DATA_GET_UBIT(dcp)) { 487 sri->sinfo_flags = MSG_UNORDERED; 488 } else { 489 sri->sinfo_flags = 0; 490 } 491 sri->sinfo_ppid = dcp->sdh_payload_id; 492 sri->sinfo_context = 0; 493 sri->sinfo_timetolive = 0; 494 sri->sinfo_tsn = ntohl(dcp->sdh_tsn); 495 sri->sinfo_cumtsn = sctp->sctp_ftsn; 496 sri->sinfo_assoc_id = 0; 497 498 optptr += sizeof (*sri); 499 } 500 501 /* 502 * If app asked for pktinfo and the index has changed ... 503 * Note that the local address never changes for the connection. 504 */ 505 if (addflag.crb_ip_recvpktinfo) { 506 struct in6_pktinfo *pkti; 507 uint_t ifindex; 508 509 ifindex = ira->ira_ruifindex; 510 cmsg = (struct cmsghdr *)optptr; 511 cmsg->cmsg_level = IPPROTO_IPV6; 512 cmsg->cmsg_type = IPV6_PKTINFO; 513 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (*pkti); 514 optptr += sizeof (*cmsg); 515 516 pkti = (struct in6_pktinfo *)optptr; 517 if (connp->conn_family == AF_INET6) 518 pkti->ipi6_addr = sctp->sctp_ip6h->ip6_src; 519 else 520 IN6_IPADDR_TO_V4MAPPED(sctp->sctp_ipha->ipha_src, 521 &pkti->ipi6_addr); 522 523 pkti->ipi6_ifindex = ifindex; 524 optptr += sizeof (*pkti); 525 ASSERT(OK_32PTR(optptr)); 526 /* Save as "last" value */ 527 sctp->sctp_recvifindex = ifindex; 528 } 529 /* If app asked for hoplimit and it has changed ... */ 530 if (addflag.crb_ipv6_recvhoplimit) { 531 cmsg = (struct cmsghdr *)optptr; 532 cmsg->cmsg_level = IPPROTO_IPV6; 533 cmsg->cmsg_type = IPV6_HOPLIMIT; 534 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (uint_t); 535 optptr += sizeof (*cmsg); 536 537 *(uint_t *)optptr = ipp->ipp_hoplimit; 538 optptr += sizeof (uint_t); 539 ASSERT(OK_32PTR(optptr)); 540 /* Save as "last" value */ 541 sctp->sctp_recvhops = ipp->ipp_hoplimit; 542 } 543 /* If app asked for tclass and it has changed ... */ 544 if (addflag.crb_ipv6_recvtclass) { 545 cmsg = (struct cmsghdr *)optptr; 546 cmsg->cmsg_level = IPPROTO_IPV6; 547 cmsg->cmsg_type = IPV6_TCLASS; 548 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (uint_t); 549 optptr += sizeof (*cmsg); 550 551 *(uint_t *)optptr = ipp->ipp_tclass; 552 optptr += sizeof (uint_t); 553 ASSERT(OK_32PTR(optptr)); 554 /* Save as "last" value */ 555 sctp->sctp_recvtclass = ipp->ipp_tclass; 556 } 557 if (addflag.crb_ipv6_recvhopopts) { 558 cmsg = (struct cmsghdr *)optptr; 559 cmsg->cmsg_level = IPPROTO_IPV6; 560 cmsg->cmsg_type = IPV6_HOPOPTS; 561 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_hopoptslen; 562 optptr += sizeof (*cmsg); 563 564 bcopy(ipp->ipp_hopopts, optptr, ipp->ipp_hopoptslen); 565 optptr += ipp->ipp_hopoptslen; 566 ASSERT(OK_32PTR(optptr)); 567 /* Save as last value */ 568 ip_savebuf((void **)&sctp->sctp_hopopts, 569 &sctp->sctp_hopoptslen, 570 (ipp->ipp_fields & IPPF_HOPOPTS), 571 ipp->ipp_hopopts, ipp->ipp_hopoptslen); 572 } 573 if (addflag.crb_ipv6_recvrthdrdstopts) { 574 cmsg = (struct cmsghdr *)optptr; 575 cmsg->cmsg_level = IPPROTO_IPV6; 576 cmsg->cmsg_type = IPV6_RTHDRDSTOPTS; 577 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_rthdrdstoptslen; 578 optptr += sizeof (*cmsg); 579 580 bcopy(ipp->ipp_rthdrdstopts, optptr, ipp->ipp_rthdrdstoptslen); 581 optptr += ipp->ipp_rthdrdstoptslen; 582 ASSERT(OK_32PTR(optptr)); 583 /* Save as last value */ 584 ip_savebuf((void **)&sctp->sctp_rthdrdstopts, 585 &sctp->sctp_rthdrdstoptslen, 586 (ipp->ipp_fields & IPPF_RTHDRDSTOPTS), 587 ipp->ipp_rthdrdstopts, ipp->ipp_rthdrdstoptslen); 588 } 589 if (addflag.crb_ipv6_recvrthdr) { 590 cmsg = (struct cmsghdr *)optptr; 591 cmsg->cmsg_level = IPPROTO_IPV6; 592 cmsg->cmsg_type = IPV6_RTHDR; 593 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_rthdrlen; 594 optptr += sizeof (*cmsg); 595 596 bcopy(ipp->ipp_rthdr, optptr, ipp->ipp_rthdrlen); 597 optptr += ipp->ipp_rthdrlen; 598 ASSERT(OK_32PTR(optptr)); 599 /* Save as last value */ 600 ip_savebuf((void **)&sctp->sctp_rthdr, 601 &sctp->sctp_rthdrlen, 602 (ipp->ipp_fields & IPPF_RTHDR), 603 ipp->ipp_rthdr, ipp->ipp_rthdrlen); 604 } 605 if (addflag.crb_ipv6_recvdstopts) { 606 cmsg = (struct cmsghdr *)optptr; 607 cmsg->cmsg_level = IPPROTO_IPV6; 608 cmsg->cmsg_type = IPV6_DSTOPTS; 609 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_dstoptslen; 610 optptr += sizeof (*cmsg); 611 612 bcopy(ipp->ipp_dstopts, optptr, ipp->ipp_dstoptslen); 613 optptr += ipp->ipp_dstoptslen; 614 ASSERT(OK_32PTR(optptr)); 615 /* Save as last value */ 616 ip_savebuf((void **)&sctp->sctp_dstopts, 617 &sctp->sctp_dstoptslen, 618 (ipp->ipp_fields & IPPF_DSTOPTS), 619 ipp->ipp_dstopts, ipp->ipp_dstoptslen); 620 } 621 622 ASSERT(optptr == mp1->b_wptr); 623 624 return (0); 625 } 626 627 void 628 sctp_free_reass(sctp_instr_t *sip) 629 { 630 mblk_t *mp, *mpnext, *mctl; 631 #ifdef DEBUG 632 sctp_reass_t *srp; 633 #endif 634 635 for (mp = sip->istr_reass; mp != NULL; mp = mpnext) { 636 mpnext = mp->b_next; 637 mp->b_next = NULL; 638 mp->b_prev = NULL; 639 if (DB_TYPE(mp) == M_CTL) { 640 mctl = mp; 641 #ifdef DEBUG 642 srp = (sctp_reass_t *)DB_BASE(mctl); 643 /* Partial delivery can leave empty srp */ 644 ASSERT(mp->b_cont != NULL || srp->sr_got == 0); 645 #endif 646 mp = mp->b_cont; 647 mctl->b_cont = NULL; 648 freeb(mctl); 649 } 650 freemsg(mp); 651 } 652 sip->istr_reass = NULL; 653 } 654 655 /* 656 * If the series of data fragments of which dmp is a part is successfully 657 * reassembled, the first mblk in the series is returned. dc is adjusted 658 * to point at the data chunk in the lead mblk, and b_rptr also points to 659 * the data chunk; the following mblk's b_rptr's point at the actual payload. 660 * 661 * If the series is not yet reassembled, NULL is returned. dc is not changed. 662 * XXX should probably move this up into the state machine. 663 */ 664 665 /* Fragment list for un-ordered messages. Partial delivery is not supported */ 666 static mblk_t * 667 sctp_uodata_frag(sctp_t *sctp, mblk_t *dmp, sctp_data_hdr_t **dc) 668 { 669 mblk_t *hmp; 670 mblk_t *begin = NULL; 671 mblk_t *end = NULL; 672 sctp_data_hdr_t *qdc; 673 uint32_t ntsn; 674 uint32_t tsn = ntohl((*dc)->sdh_tsn); 675 #ifdef DEBUG 676 mblk_t *mp1; 677 #endif 678 679 /* First frag. */ 680 if (sctp->sctp_uo_frags == NULL) { 681 sctp->sctp_uo_frags = dmp; 682 return (NULL); 683 } 684 hmp = sctp->sctp_uo_frags; 685 /* 686 * Insert the segment according to the TSN, fragmented unordered 687 * chunks are sequenced by TSN. 688 */ 689 while (hmp != NULL) { 690 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 691 ntsn = ntohl(qdc->sdh_tsn); 692 if (SEQ_GT(ntsn, tsn)) { 693 if (hmp->b_prev == NULL) { 694 dmp->b_next = hmp; 695 hmp->b_prev = dmp; 696 sctp->sctp_uo_frags = dmp; 697 } else { 698 dmp->b_next = hmp; 699 dmp->b_prev = hmp->b_prev; 700 hmp->b_prev->b_next = dmp; 701 hmp->b_prev = dmp; 702 } 703 break; 704 } 705 if (hmp->b_next == NULL) { 706 hmp->b_next = dmp; 707 dmp->b_prev = hmp; 708 break; 709 } 710 hmp = hmp->b_next; 711 } 712 /* check if we completed a msg */ 713 if (SCTP_DATA_GET_BBIT(*dc)) { 714 begin = dmp; 715 } else if (SCTP_DATA_GET_EBIT(*dc)) { 716 end = dmp; 717 } 718 /* 719 * We walk consecutive TSNs backwards till we get a seg. with 720 * the B bit 721 */ 722 if (begin == NULL) { 723 for (hmp = dmp->b_prev; hmp != NULL; hmp = hmp->b_prev) { 724 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 725 ntsn = ntohl(qdc->sdh_tsn); 726 if ((int32_t)(tsn - ntsn) > 1) { 727 return (NULL); 728 } 729 if (SCTP_DATA_GET_BBIT(qdc)) { 730 begin = hmp; 731 break; 732 } 733 tsn = ntsn; 734 } 735 } 736 tsn = ntohl((*dc)->sdh_tsn); 737 /* 738 * We walk consecutive TSNs till we get a seg. with the E bit 739 */ 740 if (end == NULL) { 741 for (hmp = dmp->b_next; hmp != NULL; hmp = hmp->b_next) { 742 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 743 ntsn = ntohl(qdc->sdh_tsn); 744 if ((int32_t)(ntsn - tsn) > 1) { 745 return (NULL); 746 } 747 if (SCTP_DATA_GET_EBIT(qdc)) { 748 end = hmp; 749 break; 750 } 751 tsn = ntsn; 752 } 753 } 754 if (begin == NULL || end == NULL) { 755 return (NULL); 756 } 757 /* Got one!, Remove the msg from the list */ 758 if (sctp->sctp_uo_frags == begin) { 759 ASSERT(begin->b_prev == NULL); 760 sctp->sctp_uo_frags = end->b_next; 761 if (end->b_next != NULL) 762 end->b_next->b_prev = NULL; 763 } else { 764 begin->b_prev->b_next = end->b_next; 765 if (end->b_next != NULL) 766 end->b_next->b_prev = begin->b_prev; 767 } 768 begin->b_prev = NULL; 769 end->b_next = NULL; 770 771 /* 772 * Null out b_next and b_prev and chain using b_cont. 773 */ 774 dmp = end = begin; 775 hmp = begin->b_next; 776 *dc = (sctp_data_hdr_t *)begin->b_rptr; 777 begin->b_next = NULL; 778 while (hmp != NULL) { 779 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 780 hmp->b_rptr = (uchar_t *)(qdc + 1); 781 end = hmp->b_next; 782 dmp->b_cont = hmp; 783 dmp = hmp; 784 785 if (end != NULL) 786 hmp->b_next = NULL; 787 hmp->b_prev = NULL; 788 hmp = end; 789 } 790 BUMP_LOCAL(sctp->sctp_reassmsgs); 791 #ifdef DEBUG 792 mp1 = begin; 793 while (mp1 != NULL) { 794 ASSERT(mp1->b_next == NULL); 795 ASSERT(mp1->b_prev == NULL); 796 mp1 = mp1->b_cont; 797 } 798 #endif 799 return (begin); 800 } 801 802 /* 803 * Try partial delivery. 804 */ 805 static mblk_t * 806 sctp_try_partial_delivery(sctp_t *sctp, mblk_t *hmp, sctp_reass_t *srp, 807 sctp_data_hdr_t **dc) 808 { 809 mblk_t *mp; 810 mblk_t *dmp; 811 mblk_t *qmp; 812 mblk_t *prev; 813 sctp_data_hdr_t *qdc; 814 uint32_t tsn; 815 816 ASSERT(DB_TYPE(hmp) == M_CTL); 817 818 dprint(4, ("trypartial: got=%d, needed=%d\n", 819 (int)(srp->sr_got), (int)(srp->sr_needed))); 820 821 mp = hmp->b_cont; 822 qdc = (sctp_data_hdr_t *)mp->b_rptr; 823 824 ASSERT(SCTP_DATA_GET_BBIT(qdc) && srp->sr_hasBchunk); 825 826 tsn = ntohl(qdc->sdh_tsn) + 1; 827 828 /* 829 * This loop has two exit conditions: the 830 * end of received chunks has been reached, or 831 * there is a break in the sequence. We want 832 * to chop the reassembly list as follows (the 833 * numbers are TSNs): 834 * 10 -> 11 -> (end of chunks) 835 * 10 -> 11 -> | 13 (break in sequence) 836 */ 837 prev = mp; 838 mp = mp->b_cont; 839 while (mp != NULL) { 840 qdc = (sctp_data_hdr_t *)mp->b_rptr; 841 if (ntohl(qdc->sdh_tsn) != tsn) 842 break; 843 prev = mp; 844 mp = mp->b_cont; 845 tsn++; 846 } 847 /* 848 * We are sending all the fragments upstream, we have to retain 849 * the srp info for further fragments. 850 */ 851 if (mp == NULL) { 852 dmp = hmp->b_cont; 853 hmp->b_cont = NULL; 854 srp->sr_nexttsn = tsn; 855 srp->sr_msglen = 0; 856 srp->sr_needed = 0; 857 srp->sr_got = 0; 858 srp->sr_tail = NULL; 859 } else { 860 /* 861 * There is a gap then some ordered frags which are not 862 * the next deliverable tsn. When the next deliverable 863 * frag arrives it will be set as the new list head in 864 * sctp_data_frag() by setting the B bit. 865 */ 866 dmp = hmp->b_cont; 867 hmp->b_cont = mp; 868 } 869 srp->sr_hasBchunk = B_FALSE; 870 /* 871 * mp now points at the last chunk in the sequence, 872 * and prev points to mp's previous in the list. 873 * We chop the list at prev. Subsequent fragment 874 * deliveries will follow the normal reassembly 875 * path unless they too exceed the sctp_pd_point. 876 */ 877 prev->b_cont = NULL; 878 srp->sr_partial_delivered = B_TRUE; 879 880 dprint(4, ("trypartial: got some, got=%d, needed=%d\n", 881 (int)(srp->sr_got), (int)(srp->sr_needed))); 882 883 /* 884 * Adjust all mblk's except the lead so their rptr's point to the 885 * payload. sctp_data_chunk() will need to process the lead's 886 * data chunk section, so leave it's rptr pointing at the data chunk. 887 */ 888 *dc = (sctp_data_hdr_t *)dmp->b_rptr; 889 if (srp->sr_tail != NULL) { 890 srp->sr_got--; 891 ASSERT(srp->sr_got != 0); 892 if (srp->sr_needed != 0) { 893 srp->sr_needed--; 894 ASSERT(srp->sr_needed != 0); 895 } 896 srp->sr_msglen -= ntohs((*dc)->sdh_len); 897 } 898 for (qmp = dmp->b_cont; qmp != NULL; qmp = qmp->b_cont) { 899 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 900 qmp->b_rptr = (uchar_t *)(qdc + 1); 901 902 /* 903 * Deduct the balance from got and needed here, now that 904 * we know we are actually delivering these data. 905 */ 906 if (srp->sr_tail != NULL) { 907 srp->sr_got--; 908 ASSERT(srp->sr_got != 0); 909 if (srp->sr_needed != 0) { 910 srp->sr_needed--; 911 ASSERT(srp->sr_needed != 0); 912 } 913 srp->sr_msglen -= ntohs(qdc->sdh_len); 914 } 915 } 916 ASSERT(srp->sr_msglen == 0); 917 BUMP_LOCAL(sctp->sctp_reassmsgs); 918 919 return (dmp); 920 } 921 922 /* 923 * Handle received fragments for ordered delivery to upper layer protocol. 924 * Manage the per message reassembly queue and if this fragment completes 925 * reassembly of the message, or qualifies the already reassembled data 926 * for partial delivery, prepare the message for delivery upstream. 927 * 928 * tpfinished in the caller remains set only when the incoming fragment 929 * has completed the reassembly of the message associated with its ssn. 930 */ 931 static mblk_t * 932 sctp_data_frag(sctp_t *sctp, mblk_t *dmp, sctp_data_hdr_t **dc, int *error, 933 sctp_instr_t *sip, boolean_t *tpfinished) 934 { 935 mblk_t *reassq_curr, *reassq_next, *reassq_prev; 936 mblk_t *new_reassq; 937 mblk_t *qmp; 938 mblk_t *first_mp; 939 sctp_reass_t *srp; 940 sctp_data_hdr_t *qdc; 941 sctp_data_hdr_t *bdc; 942 sctp_data_hdr_t *edc; 943 uint32_t tsn; 944 uint16_t fraglen = 0; 945 946 *error = 0; 947 948 /* 949 * Find the reassembly queue for this data chunk, if none 950 * yet exists, a new per message queue will be created and 951 * appended to the end of the list of per message queues. 952 * 953 * sip points on sctp_instr_t representing instream messages 954 * as yet undelivered for this stream (sid) of the association. 955 */ 956 reassq_next = reassq_prev = sip->istr_reass; 957 for (; reassq_next != NULL; reassq_next = reassq_next->b_next) { 958 srp = (sctp_reass_t *)DB_BASE(reassq_next); 959 if (ntohs((*dc)->sdh_ssn) == srp->sr_ssn) { 960 reassq_curr = reassq_next; 961 goto foundit; 962 } else if (SSN_GT(srp->sr_ssn, ntohs((*dc)->sdh_ssn))) 963 break; 964 reassq_prev = reassq_next; 965 } 966 967 /* 968 * First fragment of this message received, allocate a M_CTL that 969 * will head the reassembly queue for this message. The message 970 * and all its fragments are identified by having the same ssn. 971 * 972 * Arriving fragments will be inserted in tsn order on the 973 * reassembly queue for this message (ssn), linked by b_cont. 974 */ 975 if ((new_reassq = allocb(sizeof (*srp), BPRI_MED)) == NULL) { 976 *error = ENOMEM; 977 return (NULL); 978 } 979 DB_TYPE(new_reassq) = M_CTL; 980 srp = (sctp_reass_t *)DB_BASE(new_reassq); 981 new_reassq->b_cont = dmp; 982 983 /* 984 * All per ssn reassembly queues, (one for each message) on 985 * this stream are doubly linked by b_next/b_prev back to the 986 * instr_reass of the instream structure associated with this 987 * stream id, (sip is initialized as sctp->sctp_instr[sid]). 988 * Insert the new reassembly queue in the correct (ssn) order. 989 */ 990 if (reassq_next != NULL) { 991 if (sip->istr_reass == reassq_next) { 992 /* head insertion */ 993 sip->istr_reass = new_reassq; 994 new_reassq->b_next = reassq_next; 995 new_reassq->b_prev = NULL; 996 reassq_next->b_prev = new_reassq; 997 } else { 998 /* mid queue insertion */ 999 reassq_prev->b_next = new_reassq; 1000 new_reassq->b_prev = reassq_prev; 1001 new_reassq->b_next = reassq_next; 1002 reassq_next->b_prev = new_reassq; 1003 } 1004 } else { 1005 /* place new reassembly queue at the end */ 1006 if (sip->istr_reass == NULL) { 1007 sip->istr_reass = new_reassq; 1008 new_reassq->b_prev = NULL; 1009 } else { 1010 reassq_prev->b_next = new_reassq; 1011 new_reassq->b_prev = reassq_prev; 1012 } 1013 new_reassq->b_next = NULL; 1014 } 1015 srp->sr_partial_delivered = B_FALSE; 1016 srp->sr_ssn = ntohs((*dc)->sdh_ssn); 1017 srp->sr_hasBchunk = B_FALSE; 1018 empty_srp: 1019 srp->sr_needed = 0; 1020 srp->sr_got = 1; 1021 /* tail always the highest tsn on the reassembly queue for this ssn */ 1022 srp->sr_tail = dmp; 1023 if (SCTP_DATA_GET_BBIT(*dc)) { 1024 /* Incoming frag is flagged as the beginning of message */ 1025 srp->sr_msglen = ntohs((*dc)->sdh_len); 1026 srp->sr_nexttsn = ntohl((*dc)->sdh_tsn) + 1; 1027 srp->sr_hasBchunk = B_TRUE; 1028 } else if (srp->sr_partial_delivered && 1029 srp->sr_nexttsn == ntohl((*dc)->sdh_tsn)) { 1030 /* 1031 * The real beginning fragment of the message was already 1032 * delivered upward, so this is the earliest frag expected. 1033 * Fake the B-bit then see if this frag also completes the 1034 * message. 1035 */ 1036 SCTP_DATA_SET_BBIT(*dc); 1037 srp->sr_hasBchunk = B_TRUE; 1038 srp->sr_msglen = ntohs((*dc)->sdh_len); 1039 if (SCTP_DATA_GET_EBIT(*dc)) { 1040 /* This frag is marked as the end of message */ 1041 srp->sr_needed = 1; 1042 /* Got all fragments of this message now */ 1043 goto frag_done; 1044 } 1045 srp->sr_nexttsn++; 1046 } 1047 1048 /* The only fragment of this message currently queued */ 1049 *tpfinished = B_FALSE; 1050 return (NULL); 1051 foundit: 1052 /* 1053 * This message already has a reassembly queue. Insert the new frag 1054 * in the reassembly queue. Try the tail first, on the assumption 1055 * that the fragments are arriving in order. 1056 */ 1057 qmp = srp->sr_tail; 1058 1059 /* 1060 * A NULL tail means all existing fragments of the message have 1061 * been entirely consumed during a partially delivery. 1062 */ 1063 if (qmp == NULL) { 1064 ASSERT(srp->sr_got == 0 && srp->sr_needed == 0 && 1065 srp->sr_partial_delivered); 1066 ASSERT(reassq_curr->b_cont == NULL); 1067 reassq_curr->b_cont = dmp; 1068 goto empty_srp; 1069 } else { 1070 /* 1071 * If partial delivery did take place but the next arriving 1072 * fragment was not the next to be delivered, or partial 1073 * delivery broke off due to a gap, fragments remain on the 1074 * tail. The next fragment due to be delivered still has to 1075 * be set as the new head of list upon arrival. Fake B-bit 1076 * on that frag then see if it also completes the message. 1077 */ 1078 if (srp->sr_partial_delivered && 1079 srp->sr_nexttsn == ntohl((*dc)->sdh_tsn)) { 1080 SCTP_DATA_SET_BBIT(*dc); 1081 srp->sr_hasBchunk = B_TRUE; 1082 if (SCTP_DATA_GET_EBIT(*dc)) { 1083 /* Got all fragments of this message now */ 1084 goto frag_done; 1085 } 1086 } 1087 } 1088 1089 /* grab the frag header of already queued tail frag for comparison */ 1090 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 1091 ASSERT(qmp->b_cont == NULL); 1092 1093 /* check if the frag goes on the tail in order */ 1094 if (SEQ_GT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 1095 qmp->b_cont = dmp; 1096 srp->sr_tail = dmp; 1097 dmp->b_cont = NULL; 1098 if (srp->sr_hasBchunk && srp->sr_nexttsn == 1099 ntohl((*dc)->sdh_tsn)) { 1100 srp->sr_msglen += ntohs((*dc)->sdh_len); 1101 srp->sr_nexttsn++; 1102 } 1103 goto inserted; 1104 } 1105 1106 /* Next check if we should insert this frag at the beginning */ 1107 qmp = reassq_curr->b_cont; 1108 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 1109 if (SEQ_LT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 1110 dmp->b_cont = qmp; 1111 reassq_curr->b_cont = dmp; 1112 if (SCTP_DATA_GET_BBIT(*dc)) { 1113 srp->sr_hasBchunk = B_TRUE; 1114 srp->sr_nexttsn = ntohl((*dc)->sdh_tsn); 1115 } 1116 goto preinserted; 1117 } 1118 1119 /* Insert this frag in it's correct order in the middle */ 1120 for (;;) { 1121 /* Tail check above should have caught this */ 1122 ASSERT(qmp->b_cont != NULL); 1123 1124 qdc = (sctp_data_hdr_t *)qmp->b_cont->b_rptr; 1125 if (SEQ_LT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 1126 /* insert here */ 1127 dmp->b_cont = qmp->b_cont; 1128 qmp->b_cont = dmp; 1129 break; 1130 } 1131 qmp = qmp->b_cont; 1132 } 1133 preinserted: 1134 /* 1135 * Need head of message and to be due to deliver, otherwise skip 1136 * the recalculation of the message length below. 1137 */ 1138 if (!srp->sr_hasBchunk || ntohl((*dc)->sdh_tsn) != srp->sr_nexttsn) 1139 goto inserted; 1140 /* 1141 * fraglen contains the length of consecutive chunks of fragments. 1142 * starting from the chunk we just inserted. 1143 */ 1144 tsn = srp->sr_nexttsn; 1145 for (qmp = dmp; qmp != NULL; qmp = qmp->b_cont) { 1146 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 1147 if (tsn != ntohl(qdc->sdh_tsn)) 1148 break; 1149 fraglen += ntohs(qdc->sdh_len); 1150 tsn++; 1151 } 1152 srp->sr_nexttsn = tsn; 1153 srp->sr_msglen += fraglen; 1154 inserted: 1155 srp->sr_got++; 1156 first_mp = reassq_curr->b_cont; 1157 /* Prior to this frag either the beginning or end frag was missing */ 1158 if (srp->sr_needed == 0) { 1159 /* used to check if we have the first and last fragments */ 1160 bdc = (sctp_data_hdr_t *)first_mp->b_rptr; 1161 edc = (sctp_data_hdr_t *)srp->sr_tail->b_rptr; 1162 1163 /* 1164 * If we now have both the beginning and the end of the message, 1165 * calculate how many fragments in the complete message. 1166 */ 1167 if (SCTP_DATA_GET_BBIT(bdc) && SCTP_DATA_GET_EBIT(edc)) { 1168 srp->sr_needed = ntohl(edc->sdh_tsn) - 1169 ntohl(bdc->sdh_tsn) + 1; 1170 } 1171 } 1172 1173 /* 1174 * Try partial delivery if the message length has exceeded the 1175 * partial delivery point. Only do this if we can immediately 1176 * deliver the partially assembled message, and only partially 1177 * deliver one message at a time (i.e. messages cannot be 1178 * intermixed arriving at the upper layer). 1179 * sctp_try_partial_delivery() will return a message consisting 1180 * of only consecutive fragments. 1181 */ 1182 if (srp->sr_needed != srp->sr_got) { 1183 /* we don't have the full message yet */ 1184 dmp = NULL; 1185 if (ntohl((*dc)->sdh_tsn) <= sctp->sctp_ftsn && 1186 srp->sr_msglen >= sctp->sctp_pd_point && 1187 srp->sr_ssn == sip->nextseq) { 1188 dmp = sctp_try_partial_delivery(sctp, reassq_curr, 1189 srp, dc); 1190 } 1191 *tpfinished = B_FALSE; 1192 /* 1193 * NULL unless a segment of the message now qualified for 1194 * partial_delivery and has been prepared for delivery by 1195 * sctp_try_partial_delivery(). 1196 */ 1197 return (dmp); 1198 } 1199 frag_done: 1200 /* 1201 * Reassembly complete for this message, prepare the data for delivery. 1202 * First unlink the reassembly queue for this ssn from the list of 1203 * messages in reassembly. 1204 */ 1205 if (sip->istr_reass == reassq_curr) { 1206 sip->istr_reass = reassq_curr->b_next; 1207 if (reassq_curr->b_next) 1208 reassq_curr->b_next->b_prev = NULL; 1209 } else { 1210 ASSERT(reassq_curr->b_prev != NULL); 1211 reassq_curr->b_prev->b_next = reassq_curr->b_next; 1212 if (reassq_curr->b_next) 1213 reassq_curr->b_next->b_prev = reassq_curr->b_prev; 1214 } 1215 1216 /* 1217 * Need to clean up b_prev and b_next as freeb() will 1218 * ASSERT that they are unused. 1219 */ 1220 reassq_curr->b_next = NULL; 1221 reassq_curr->b_prev = NULL; 1222 1223 dmp = reassq_curr; 1224 /* point to the head of the reassembled data message */ 1225 dmp = dmp->b_cont; 1226 reassq_curr->b_cont = NULL; 1227 freeb(reassq_curr); 1228 /* Tell our caller that we are returning a complete message. */ 1229 *tpfinished = B_TRUE; 1230 1231 /* 1232 * Adjust all mblk's except the lead so their rptr's point to the 1233 * payload. sctp_data_chunk() will need to process the lead's data 1234 * data chunk section, so leave its rptr pointing at the data chunk 1235 * header. 1236 */ 1237 *dc = (sctp_data_hdr_t *)dmp->b_rptr; 1238 for (qmp = dmp->b_cont; qmp != NULL; qmp = qmp->b_cont) { 1239 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 1240 qmp->b_rptr = (uchar_t *)(qdc + 1); 1241 } 1242 BUMP_LOCAL(sctp->sctp_reassmsgs); 1243 1244 return (dmp); 1245 } 1246 1247 static void 1248 sctp_add_dup(uint32_t tsn, mblk_t **dups) 1249 { 1250 mblk_t *mp; 1251 size_t bsize = SCTP_DUP_MBLK_SZ * sizeof (tsn); 1252 1253 if (dups == NULL) { 1254 return; 1255 } 1256 1257 /* first time? */ 1258 if (*dups == NULL) { 1259 *dups = allocb(bsize, BPRI_MED); 1260 if (*dups == NULL) { 1261 return; 1262 } 1263 } 1264 1265 mp = *dups; 1266 if ((mp->b_wptr - mp->b_rptr) >= bsize) { 1267 /* maximum reached */ 1268 return; 1269 } 1270 1271 /* add the duplicate tsn */ 1272 bcopy(&tsn, mp->b_wptr, sizeof (tsn)); 1273 mp->b_wptr += sizeof (tsn); 1274 ASSERT((mp->b_wptr - mp->b_rptr) <= bsize); 1275 } 1276 1277 /* 1278 * All incoming sctp data, complete messages and fragments are handled by 1279 * this function. Unless the U-bit is set in the data chunk it will be 1280 * delivered in order or queued until an in-order delivery can be made. 1281 */ 1282 static void 1283 sctp_data_chunk(sctp_t *sctp, sctp_chunk_hdr_t *ch, mblk_t *mp, mblk_t **dups, 1284 sctp_faddr_t *fp, ip_pkt_t *ipp, ip_recv_attr_t *ira) 1285 { 1286 sctp_data_hdr_t *dc; 1287 mblk_t *dmp, *pmp; 1288 sctp_instr_t *instr; 1289 int ubit; 1290 int sid; 1291 int isfrag; 1292 uint16_t ssn; 1293 uint32_t oftsn; 1294 boolean_t can_deliver = B_TRUE; 1295 uint32_t tsn; 1296 int dlen; 1297 boolean_t tpfinished = B_TRUE; 1298 sctp_stack_t *sctps = sctp->sctp_sctps; 1299 int error; 1300 1301 /* The following are used multiple times, so we inline them */ 1302 #define SCTP_ACK_IT(sctp, tsn) \ 1303 if (tsn == sctp->sctp_ftsn) { \ 1304 dprint(2, ("data_chunk: acking next %x\n", tsn)); \ 1305 (sctp)->sctp_ftsn++; \ 1306 if ((sctp)->sctp_sack_gaps > 0) \ 1307 (sctp)->sctp_force_sack = 1; \ 1308 } else if (SEQ_GT(tsn, sctp->sctp_ftsn)) { \ 1309 /* Got a gap; record it */ \ 1310 BUMP_LOCAL(sctp->sctp_outseqtsns); \ 1311 dprint(2, ("data_chunk: acking gap %x\n", tsn)); \ 1312 sctp_ack_add(&sctp->sctp_sack_info, tsn, \ 1313 &sctp->sctp_sack_gaps); \ 1314 sctp->sctp_force_sack = 1; \ 1315 } 1316 1317 dmp = NULL; 1318 1319 dc = (sctp_data_hdr_t *)ch; 1320 tsn = ntohl(dc->sdh_tsn); 1321 1322 dprint(3, ("sctp_data_chunk: mp=%p tsn=%x\n", (void *)mp, tsn)); 1323 1324 /* Check for duplicates */ 1325 if (SEQ_LT(tsn, sctp->sctp_ftsn)) { 1326 dprint(4, ("sctp_data_chunk: dropping duplicate\n")); 1327 BUMP_LOCAL(sctp->sctp_idupchunks); 1328 sctp->sctp_force_sack = 1; 1329 sctp_add_dup(dc->sdh_tsn, dups); 1330 return; 1331 } 1332 1333 /* Check for dups of sack'ed data */ 1334 if (sctp->sctp_sack_info != NULL) { 1335 sctp_set_t *sp; 1336 1337 for (sp = sctp->sctp_sack_info; sp; sp = sp->next) { 1338 if (SEQ_GEQ(tsn, sp->begin) && SEQ_LEQ(tsn, sp->end)) { 1339 dprint(4, 1340 ("sctp_data_chunk: dropping dup > " 1341 "cumtsn\n")); 1342 BUMP_LOCAL(sctp->sctp_idupchunks); 1343 sctp->sctp_force_sack = 1; 1344 sctp_add_dup(dc->sdh_tsn, dups); 1345 return; 1346 } 1347 } 1348 } 1349 1350 /* We can no longer deliver anything up, but still need to handle it. */ 1351 if (SCTP_IS_DETACHED(sctp)) { 1352 SCTPS_BUMP_MIB(sctps, sctpInClosed); 1353 can_deliver = B_FALSE; 1354 } 1355 1356 dlen = ntohs(dc->sdh_len) - sizeof (*dc); 1357 1358 /* 1359 * Check for buffer space. Note if this is the next expected TSN 1360 * we have to take it to avoid deadlock because we cannot deliver 1361 * later queued TSNs and thus clear buffer space without it. 1362 * We drop anything that is purely zero window probe data here. 1363 */ 1364 if ((sctp->sctp_rwnd - sctp->sctp_rxqueued < dlen) && 1365 (tsn != sctp->sctp_ftsn || sctp->sctp_rwnd == 0)) { 1366 /* Drop and SACK, but don't advance the cumulative TSN. */ 1367 sctp->sctp_force_sack = 1; 1368 dprint(0, ("sctp_data_chunk: exceed rwnd %d rxqueued %d " 1369 "dlen %d ssn %d tsn %x\n", sctp->sctp_rwnd, 1370 sctp->sctp_rxqueued, dlen, ntohs(dc->sdh_ssn), 1371 ntohl(dc->sdh_tsn))); 1372 return; 1373 } 1374 1375 sid = ntohs(dc->sdh_sid); 1376 1377 /* Data received for a stream not negotiated for this association */ 1378 if (sid >= sctp->sctp_num_istr) { 1379 sctp_bsc_t inval_parm; 1380 1381 /* Will populate the CAUSE block in the ERROR chunk. */ 1382 inval_parm.bsc_sid = dc->sdh_sid; 1383 /* RESERVED, ignored at the receiving end */ 1384 inval_parm.bsc_pad = 0; 1385 1386 /* ack and drop it */ 1387 sctp_add_err(sctp, SCTP_ERR_BAD_SID, (void *)&inval_parm, 1388 sizeof (sctp_bsc_t), fp); 1389 SCTP_ACK_IT(sctp, tsn); 1390 return; 1391 } 1392 1393 /* unordered delivery OK for this data if ubit set */ 1394 ubit = SCTP_DATA_GET_UBIT(dc); 1395 ASSERT(sctp->sctp_instr != NULL); 1396 1397 /* select per stream structure for this stream from the array */ 1398 instr = &sctp->sctp_instr[sid]; 1399 /* Initialize the stream, if not yet used */ 1400 if (instr->sctp == NULL) 1401 instr->sctp = sctp; 1402 1403 /* Begin and End bit set would mean a complete message */ 1404 isfrag = !(SCTP_DATA_GET_BBIT(dc) && SCTP_DATA_GET_EBIT(dc)); 1405 1406 /* The ssn of this sctp message and of any fragments in it */ 1407 ssn = ntohs(dc->sdh_ssn); 1408 1409 dmp = dupb(mp); 1410 if (dmp == NULL) { 1411 /* drop it and don't ack, let the peer retransmit */ 1412 return; 1413 } 1414 /* 1415 * Past header and payload, note: the underlying buffer may 1416 * contain further chunks from the same incoming IP packet, 1417 * if so db_ref will be greater than one. 1418 */ 1419 dmp->b_wptr = (uchar_t *)ch + ntohs(ch->sch_len); 1420 1421 sctp->sctp_rxqueued += dlen; 1422 1423 oftsn = sctp->sctp_ftsn; 1424 1425 if (isfrag) { 1426 1427 error = 0; 1428 /* fragmented data chunk */ 1429 dmp->b_rptr = (uchar_t *)dc; 1430 if (ubit) { 1431 /* prepare data for unordered delivery */ 1432 dmp = sctp_uodata_frag(sctp, dmp, &dc); 1433 #if DEBUG 1434 if (dmp != NULL) { 1435 ASSERT(instr == 1436 &sctp->sctp_instr[sid]); 1437 } 1438 #endif 1439 } else { 1440 /* 1441 * Assemble fragments and queue for ordered delivery, 1442 * dmp returned is NULL or the head of a complete or 1443 * "partial delivery" message. Any returned message 1444 * and all its fragments will have the same ssn as the 1445 * input fragment currently being handled. 1446 */ 1447 dmp = sctp_data_frag(sctp, dmp, &dc, &error, instr, 1448 &tpfinished); 1449 } 1450 if (error == ENOMEM) { 1451 /* back out the adjustment made earlier */ 1452 sctp->sctp_rxqueued -= dlen; 1453 /* 1454 * Don't ack the segment, 1455 * the peer will retransmit. 1456 */ 1457 return; 1458 } 1459 1460 if (dmp == NULL) { 1461 /* 1462 * The frag has been queued for later in-order delivery, 1463 * but the cumulative TSN may need to advance, so also 1464 * need to perform the gap ack checks at the done label. 1465 */ 1466 SCTP_ACK_IT(sctp, tsn); 1467 DTRACE_PROBE4(sctp_data_frag_queued, sctp_t *, sctp, 1468 int, sid, int, tsn, uint16_t, ssn); 1469 goto done; 1470 } 1471 } 1472 1473 /* 1474 * Unless message is the next for delivery to the ulp, queue complete 1475 * message in the correct order for ordered delivery. 1476 * Note: tpfinished is true when the incoming chunk contains a complete 1477 * message or is the final missing fragment which completed a message. 1478 */ 1479 if (!ubit && tpfinished && ssn != instr->nextseq) { 1480 /* Adjust rptr to point at the data chunk for compares */ 1481 dmp->b_rptr = (uchar_t *)dc; 1482 1483 dprint(2, 1484 ("data_chunk: inserted %x in pq (ssn %d expected %d)\n", 1485 ntohl(dc->sdh_tsn), (int)(ssn), (int)(instr->nextseq))); 1486 1487 if (instr->istr_msgs == NULL) { 1488 instr->istr_msgs = dmp; 1489 ASSERT(dmp->b_prev == NULL && dmp->b_next == NULL); 1490 } else { 1491 mblk_t *imblk = instr->istr_msgs; 1492 sctp_data_hdr_t *idc; 1493 1494 /* 1495 * XXXNeed to take sequence wraps into account, 1496 * ... and a more efficient insertion algo. 1497 */ 1498 for (;;) { 1499 idc = (sctp_data_hdr_t *)imblk->b_rptr; 1500 if (SSN_GT(ntohs(idc->sdh_ssn), 1501 ntohs(dc->sdh_ssn))) { 1502 if (instr->istr_msgs == imblk) { 1503 instr->istr_msgs = dmp; 1504 dmp->b_next = imblk; 1505 imblk->b_prev = dmp; 1506 } else { 1507 ASSERT(imblk->b_prev != NULL); 1508 imblk->b_prev->b_next = dmp; 1509 dmp->b_prev = imblk->b_prev; 1510 imblk->b_prev = dmp; 1511 dmp->b_next = imblk; 1512 } 1513 break; 1514 } 1515 if (imblk->b_next == NULL) { 1516 imblk->b_next = dmp; 1517 dmp->b_prev = imblk; 1518 break; 1519 } 1520 imblk = imblk->b_next; 1521 } 1522 } 1523 (instr->istr_nmsgs)++; 1524 (sctp->sctp_istr_nmsgs)++; 1525 SCTP_ACK_IT(sctp, tsn); 1526 DTRACE_PROBE4(sctp_pqueue_completemsg, sctp_t *, sctp, 1527 int, sid, int, tsn, uint16_t, ssn); 1528 return; 1529 } 1530 1531 /* 1532 * Deliver the data directly. Recalculate dlen now since 1533 * we may have just reassembled this data. 1534 */ 1535 dlen = dmp->b_wptr - (uchar_t *)dc - sizeof (*dc); 1536 for (pmp = dmp->b_cont; pmp != NULL; pmp = pmp->b_cont) 1537 dlen += MBLKL(pmp); 1538 ASSERT(sctp->sctp_rxqueued >= dlen); 1539 1540 /* Deliver the message. */ 1541 sctp->sctp_rxqueued -= dlen; 1542 1543 if (can_deliver) { 1544 /* step past header to the payload */ 1545 dmp->b_rptr = (uchar_t *)(dc + 1); 1546 if (sctp_input_add_ancillary(sctp, &dmp, dc, fp, 1547 ipp, ira) == 0) { 1548 dprint(1, ("sctp_data_chunk: delivering %lu bytes\n", 1549 msgdsize(dmp))); 1550 /* 1551 * We overload the meaning of b_flag for SCTP sockfs 1552 * internal use, to advise sockfs of partial delivery 1553 * semantics. 1554 */ 1555 dmp->b_flag = tpfinished ? 0 : SCTP_PARTIAL_DATA; 1556 if (sctp->sctp_flowctrld) { 1557 sctp->sctp_rwnd -= dlen; 1558 if (sctp->sctp_rwnd < 0) 1559 sctp->sctp_rwnd = 0; 1560 } 1561 if (sctp->sctp_ulp_recv(sctp->sctp_ulpd, dmp, 1562 msgdsize(dmp), 0, &error, NULL) <= 0) { 1563 sctp->sctp_flowctrld = B_TRUE; 1564 } 1565 SCTP_ACK_IT(sctp, tsn); 1566 } else { 1567 /* No memory don't ack, the peer will retransmit. */ 1568 freemsg(dmp); 1569 return; 1570 } 1571 } else { 1572 /* Closed above, ack to peer and free the data */ 1573 freemsg(dmp); 1574 SCTP_ACK_IT(sctp, tsn); 1575 } 1576 1577 /* 1578 * Data now enqueued, may already have been processed and free'd 1579 * by the ULP (or we may have just freed it above, if we could not 1580 * deliver), so we must not reference it (this is why we saved the 1581 * ssn and ubit earlier). 1582 */ 1583 if (ubit != 0) { 1584 BUMP_LOCAL(sctp->sctp_iudchunks); 1585 goto done; 1586 } 1587 BUMP_LOCAL(sctp->sctp_idchunks); 1588 1589 /* 1590 * There was a partial delivery and it has not finished, 1591 * don't pull anything from the pqueues or increment the 1592 * nextseq. This msg must complete before starting on 1593 * the next ssn and the partial message must have the 1594 * same ssn as the next expected message.. 1595 */ 1596 if (!tpfinished) { 1597 DTRACE_PROBE4(sctp_partial_delivery, sctp_t *, sctp, 1598 int, sid, int, tsn, uint16_t, ssn); 1599 /* 1600 * Verify the partial delivery is part of the 1601 * message expected for ordered delivery. 1602 */ 1603 if (ssn != instr->nextseq) { 1604 DTRACE_PROBE4(sctp_partial_delivery_error, 1605 sctp_t *, sctp, int, sid, int, tsn, 1606 uint16_t, ssn); 1607 cmn_err(CE_WARN, "sctp partial" 1608 " delivery error, sctp 0x%p" 1609 " sid = 0x%x ssn != nextseq" 1610 " tsn 0x%x ftsn 0x%x" 1611 " ssn 0x%x nextseq 0x%x", 1612 (void *)sctp, sid, 1613 tsn, sctp->sctp_ftsn, ssn, 1614 instr->nextseq); 1615 } 1616 1617 ASSERT(ssn == instr->nextseq); 1618 goto done; 1619 } 1620 1621 if (ssn != instr->nextseq) { 1622 DTRACE_PROBE4(sctp_inorder_delivery_error, 1623 sctp_t *, sctp, int, sid, int, tsn, 1624 uint16_t, ssn); 1625 cmn_err(CE_WARN, "sctp in-order delivery error, sctp 0x%p " 1626 "sid = 0x%x ssn != nextseq ssn 0x%x nextseq 0x%x", 1627 (void *)sctp, sid, ssn, instr->nextseq); 1628 } 1629 1630 ASSERT(ssn == instr->nextseq); 1631 1632 DTRACE_PROBE4(sctp_deliver_completemsg, sctp_t *, sctp, int, sid, 1633 int, tsn, uint16_t, ssn); 1634 1635 instr->nextseq = ssn + 1; 1636 1637 /* 1638 * Deliver any successive data chunks waiting in the instr pqueue 1639 * for the data just sent up. 1640 */ 1641 while (instr->istr_nmsgs > 0) { 1642 dmp = (mblk_t *)instr->istr_msgs; 1643 dc = (sctp_data_hdr_t *)dmp->b_rptr; 1644 ssn = ntohs(dc->sdh_ssn); 1645 tsn = ntohl(dc->sdh_tsn); 1646 /* Stop at the first gap in the sequence */ 1647 if (ssn != instr->nextseq) 1648 break; 1649 1650 DTRACE_PROBE4(sctp_deliver_pqueuedmsg, sctp_t *, sctp, 1651 int, sid, int, tsn, uint16_t, ssn); 1652 /* 1653 * Ready to deliver all data before the gap 1654 * to the upper layer. 1655 */ 1656 (instr->istr_nmsgs)--; 1657 (instr->nextseq)++; 1658 (sctp->sctp_istr_nmsgs)--; 1659 1660 instr->istr_msgs = instr->istr_msgs->b_next; 1661 if (instr->istr_msgs != NULL) 1662 instr->istr_msgs->b_prev = NULL; 1663 dmp->b_next = dmp->b_prev = NULL; 1664 1665 dprint(2, ("data_chunk: pulling %x from pq (ssn %d)\n", 1666 ntohl(dc->sdh_tsn), (int)ssn)); 1667 1668 /* 1669 * Composite messages indicate this chunk was reassembled, 1670 * each b_cont represents another TSN; Follow the chain to 1671 * reach the frag with the last tsn in order to advance ftsn 1672 * shortly by calling SCTP_ACK_IT(). 1673 */ 1674 dlen = dmp->b_wptr - dmp->b_rptr - sizeof (*dc); 1675 for (pmp = dmp->b_cont; pmp; pmp = pmp->b_cont) 1676 dlen += MBLKL(pmp); 1677 1678 ASSERT(sctp->sctp_rxqueued >= dlen); 1679 1680 sctp->sctp_rxqueued -= dlen; 1681 if (can_deliver) { 1682 dmp->b_rptr = (uchar_t *)(dc + 1); 1683 if (sctp_input_add_ancillary(sctp, &dmp, dc, fp, 1684 ipp, ira) == 0) { 1685 dprint(1, ("sctp_data_chunk: delivering %lu " 1686 "bytes\n", msgdsize(dmp))); 1687 /* 1688 * Meaning of b_flag overloaded for SCTP sockfs 1689 * internal use, advise sockfs of partial 1690 * delivery semantics. 1691 */ 1692 dmp->b_flag = tpfinished ? 1693 0 : SCTP_PARTIAL_DATA; 1694 if (sctp->sctp_flowctrld) { 1695 sctp->sctp_rwnd -= dlen; 1696 if (sctp->sctp_rwnd < 0) 1697 sctp->sctp_rwnd = 0; 1698 } 1699 if (sctp->sctp_ulp_recv(sctp->sctp_ulpd, dmp, 1700 msgdsize(dmp), 0, &error, NULL) <= 0) { 1701 sctp->sctp_flowctrld = B_TRUE; 1702 } 1703 SCTP_ACK_IT(sctp, tsn); 1704 } else { 1705 /* don't ack, the peer will retransmit */ 1706 freemsg(dmp); 1707 return; 1708 } 1709 } else { 1710 /* Closed above, ack and free the data */ 1711 freemsg(dmp); 1712 SCTP_ACK_IT(sctp, tsn); 1713 } 1714 } 1715 1716 done: 1717 1718 /* 1719 * If there are gap reports pending, check if advancing 1720 * the ftsn here closes a gap. If so, we can advance 1721 * ftsn to the end of the set. 1722 */ 1723 if (sctp->sctp_sack_info != NULL && 1724 sctp->sctp_ftsn == sctp->sctp_sack_info->begin) { 1725 sctp->sctp_ftsn = sctp->sctp_sack_info->end + 1; 1726 } 1727 /* 1728 * If ftsn has moved forward, maybe we can remove gap reports. 1729 * NB: dmp may now be NULL, so don't dereference it here. 1730 */ 1731 if (oftsn != sctp->sctp_ftsn && sctp->sctp_sack_info != NULL) { 1732 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 1733 &sctp->sctp_sack_gaps); 1734 dprint(2, ("data_chunk: removed acks before %x (num=%d)\n", 1735 sctp->sctp_ftsn - 1, sctp->sctp_sack_gaps)); 1736 } 1737 1738 #ifdef DEBUG 1739 if (sctp->sctp_sack_info != NULL) { 1740 ASSERT(sctp->sctp_ftsn != sctp->sctp_sack_info->begin); 1741 } 1742 #endif 1743 1744 #undef SCTP_ACK_IT 1745 } 1746 1747 void 1748 sctp_fill_sack(sctp_t *sctp, unsigned char *dst, int sacklen) 1749 { 1750 sctp_chunk_hdr_t *sch; 1751 sctp_sack_chunk_t *sc; 1752 sctp_sack_frag_t *sf; 1753 uint16_t num_gaps = sctp->sctp_sack_gaps; 1754 sctp_set_t *sp; 1755 1756 /* Chunk hdr */ 1757 sch = (sctp_chunk_hdr_t *)dst; 1758 sch->sch_id = CHUNK_SACK; 1759 sch->sch_flags = 0; 1760 sch->sch_len = htons(sacklen); 1761 1762 /* SACK chunk */ 1763 sctp->sctp_lastacked = sctp->sctp_ftsn - 1; 1764 1765 sc = (sctp_sack_chunk_t *)(sch + 1); 1766 sc->ssc_cumtsn = htonl(sctp->sctp_lastacked); 1767 if (sctp->sctp_rxqueued < sctp->sctp_rwnd) { 1768 sc->ssc_a_rwnd = htonl(sctp->sctp_rwnd - sctp->sctp_rxqueued); 1769 } else { 1770 sc->ssc_a_rwnd = 0; 1771 } 1772 /* Remember the last window sent to peer. */ 1773 sctp->sctp_arwnd = sc->ssc_a_rwnd; 1774 sc->ssc_numfrags = htons(num_gaps); 1775 sc->ssc_numdups = 0; 1776 1777 /* lay in gap reports */ 1778 sf = (sctp_sack_frag_t *)(sc + 1); 1779 for (sp = sctp->sctp_sack_info; sp; sp = sp->next) { 1780 uint16_t offset; 1781 1782 /* start */ 1783 if (sp->begin > sctp->sctp_lastacked) { 1784 offset = (uint16_t)(sp->begin - sctp->sctp_lastacked); 1785 } else { 1786 /* sequence number wrap */ 1787 offset = (uint16_t)(UINT32_MAX - sctp->sctp_lastacked + 1788 sp->begin); 1789 } 1790 sf->ssf_start = htons(offset); 1791 1792 /* end */ 1793 if (sp->end >= sp->begin) { 1794 offset += (uint16_t)(sp->end - sp->begin); 1795 } else { 1796 /* sequence number wrap */ 1797 offset += (uint16_t)(UINT32_MAX - sp->begin + sp->end); 1798 } 1799 sf->ssf_end = htons(offset); 1800 1801 sf++; 1802 /* This is just for debugging (a la the following assertion) */ 1803 num_gaps--; 1804 } 1805 1806 ASSERT(num_gaps == 0); 1807 1808 /* If the SACK timer is running, stop it */ 1809 if (sctp->sctp_ack_timer_running) { 1810 sctp_timer_stop(sctp->sctp_ack_mp); 1811 sctp->sctp_ack_timer_running = B_FALSE; 1812 } 1813 1814 BUMP_LOCAL(sctp->sctp_obchunks); 1815 BUMP_LOCAL(sctp->sctp_osacks); 1816 } 1817 1818 mblk_t * 1819 sctp_make_sack(sctp_t *sctp, sctp_faddr_t *sendto, mblk_t *dups) 1820 { 1821 mblk_t *smp; 1822 size_t slen; 1823 sctp_chunk_hdr_t *sch; 1824 sctp_sack_chunk_t *sc; 1825 int32_t acks_max; 1826 sctp_stack_t *sctps = sctp->sctp_sctps; 1827 uint32_t dups_len; 1828 sctp_faddr_t *fp; 1829 1830 ASSERT(sendto != NULL); 1831 1832 if (sctp->sctp_force_sack) { 1833 sctp->sctp_force_sack = 0; 1834 goto checks_done; 1835 } 1836 1837 acks_max = sctps->sctps_deferred_acks_max; 1838 if (sctp->sctp_state == SCTPS_ESTABLISHED) { 1839 if (sctp->sctp_sack_toggle < acks_max) { 1840 /* no need to SACK right now */ 1841 dprint(2, ("sctp_make_sack: %p no sack (toggle)\n", 1842 (void *)sctp)); 1843 return (NULL); 1844 } else if (sctp->sctp_sack_toggle >= acks_max) { 1845 sctp->sctp_sack_toggle = 0; 1846 } 1847 } 1848 1849 if (sctp->sctp_ftsn == sctp->sctp_lastacked + 1) { 1850 dprint(2, ("sctp_make_sack: %p no sack (already)\n", 1851 (void *)sctp)); 1852 return (NULL); 1853 } 1854 1855 checks_done: 1856 dprint(2, ("sctp_make_sack: acking %x\n", sctp->sctp_ftsn - 1)); 1857 1858 if (dups != NULL) 1859 dups_len = MBLKL(dups); 1860 else 1861 dups_len = 0; 1862 slen = sizeof (*sch) + sizeof (*sc) + 1863 (sizeof (sctp_sack_frag_t) * sctp->sctp_sack_gaps); 1864 1865 /* 1866 * If there are error chunks, check and see if we can send the 1867 * SACK chunk and error chunks together in one packet. If not, 1868 * send the error chunks out now. 1869 */ 1870 if (sctp->sctp_err_chunks != NULL) { 1871 fp = SCTP_CHUNK_DEST(sctp->sctp_err_chunks); 1872 if (sctp->sctp_err_len + slen + dups_len > fp->sf_pmss) { 1873 if ((smp = sctp_make_mp(sctp, fp, 0)) == NULL) { 1874 SCTP_KSTAT(sctps, sctp_send_err_failed); 1875 SCTP_KSTAT(sctps, sctp_send_sack_failed); 1876 freemsg(sctp->sctp_err_chunks); 1877 sctp->sctp_err_chunks = NULL; 1878 sctp->sctp_err_len = 0; 1879 return (NULL); 1880 } 1881 smp->b_cont = sctp->sctp_err_chunks; 1882 sctp_set_iplen(sctp, smp, fp->sf_ixa); 1883 (void) conn_ip_output(smp, fp->sf_ixa); 1884 BUMP_LOCAL(sctp->sctp_opkts); 1885 sctp->sctp_err_chunks = NULL; 1886 sctp->sctp_err_len = 0; 1887 } 1888 } 1889 smp = sctp_make_mp(sctp, sendto, slen); 1890 if (smp == NULL) { 1891 SCTP_KSTAT(sctps, sctp_send_sack_failed); 1892 return (NULL); 1893 } 1894 sch = (sctp_chunk_hdr_t *)smp->b_wptr; 1895 1896 sctp_fill_sack(sctp, smp->b_wptr, slen); 1897 smp->b_wptr += slen; 1898 if (dups != NULL) { 1899 sc = (sctp_sack_chunk_t *)(sch + 1); 1900 sc->ssc_numdups = htons(MBLKL(dups) / sizeof (uint32_t)); 1901 sch->sch_len = htons(slen + dups_len); 1902 smp->b_cont = dups; 1903 } 1904 1905 if (sctp->sctp_err_chunks != NULL) { 1906 linkb(smp, sctp->sctp_err_chunks); 1907 sctp->sctp_err_chunks = NULL; 1908 sctp->sctp_err_len = 0; 1909 } 1910 return (smp); 1911 } 1912 1913 /* 1914 * Check and see if we need to send a SACK chunk. If it is needed, 1915 * send it out. Return true if a SACK chunk is sent, false otherwise. 1916 */ 1917 boolean_t 1918 sctp_sack(sctp_t *sctp, mblk_t *dups) 1919 { 1920 mblk_t *smp; 1921 sctp_stack_t *sctps = sctp->sctp_sctps; 1922 1923 /* If we are shutting down, let send_shutdown() bundle the SACK */ 1924 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 1925 sctp_send_shutdown(sctp, 0); 1926 } 1927 1928 ASSERT(sctp->sctp_lastdata != NULL); 1929 1930 if ((smp = sctp_make_sack(sctp, sctp->sctp_lastdata, dups)) == NULL) { 1931 /* The caller of sctp_sack() will not free the dups mblk. */ 1932 if (dups != NULL) 1933 freeb(dups); 1934 return (B_FALSE); 1935 } 1936 dprint(2, ("sctp_sack: sending to %p %x:%x:%x:%x\n", 1937 (void *)sctp->sctp_lastdata, 1938 SCTP_PRINTADDR(sctp->sctp_lastdata->sf_faddr))); 1939 1940 sctp->sctp_active = LBOLT_FASTPATH64; 1941 1942 SCTPS_BUMP_MIB(sctps, sctpOutAck); 1943 1944 sctp_set_iplen(sctp, smp, sctp->sctp_lastdata->sf_ixa); 1945 (void) conn_ip_output(smp, sctp->sctp_lastdata->sf_ixa); 1946 BUMP_LOCAL(sctp->sctp_opkts); 1947 return (B_TRUE); 1948 } 1949 1950 /* 1951 * This is called if we have a message that was partially sent and is 1952 * abandoned. The cum TSN will be the last chunk sent for this message, 1953 * subsequent chunks will be marked ABANDONED. We send a Forward TSN 1954 * chunk in this case with the TSN of the last sent chunk so that the 1955 * peer can clean up its fragment list for this message. This message 1956 * will be removed from the transmit list when the peer sends a SACK 1957 * back. 1958 */ 1959 int 1960 sctp_check_abandoned_msg(sctp_t *sctp, mblk_t *meta) 1961 { 1962 sctp_data_hdr_t *dh; 1963 mblk_t *nmp; 1964 mblk_t *head; 1965 int32_t unsent = 0; 1966 mblk_t *mp1 = meta->b_cont; 1967 uint32_t adv_pap = sctp->sctp_adv_pap; 1968 sctp_faddr_t *fp = sctp->sctp_current; 1969 sctp_stack_t *sctps = sctp->sctp_sctps; 1970 1971 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1972 if (SEQ_GEQ(sctp->sctp_lastack_rxd, ntohl(dh->sdh_tsn))) { 1973 sctp_ftsn_set_t *sets = NULL; 1974 uint_t nsets = 0; 1975 uint32_t seglen = sizeof (uint32_t); 1976 boolean_t ubit = SCTP_DATA_GET_UBIT(dh); 1977 1978 while (mp1->b_next != NULL && SCTP_CHUNK_ISSENT(mp1->b_next)) 1979 mp1 = mp1->b_next; 1980 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1981 sctp->sctp_adv_pap = ntohl(dh->sdh_tsn); 1982 if (!ubit && 1983 !sctp_add_ftsn_set(&sets, fp, meta, &nsets, &seglen)) { 1984 sctp->sctp_adv_pap = adv_pap; 1985 return (ENOMEM); 1986 } 1987 nmp = sctp_make_ftsn_chunk(sctp, fp, sets, nsets, seglen); 1988 sctp_free_ftsn_set(sets); 1989 if (nmp == NULL) { 1990 sctp->sctp_adv_pap = adv_pap; 1991 return (ENOMEM); 1992 } 1993 head = sctp_add_proto_hdr(sctp, fp, nmp, 0, NULL); 1994 if (head == NULL) { 1995 sctp->sctp_adv_pap = adv_pap; 1996 freemsg(nmp); 1997 SCTP_KSTAT(sctps, sctp_send_ftsn_failed); 1998 return (ENOMEM); 1999 } 2000 SCTP_MSG_SET_ABANDONED(meta); 2001 sctp_set_iplen(sctp, head, fp->sf_ixa); 2002 (void) conn_ip_output(head, fp->sf_ixa); 2003 BUMP_LOCAL(sctp->sctp_opkts); 2004 if (!fp->sf_timer_running) 2005 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->sf_rto); 2006 mp1 = mp1->b_next; 2007 while (mp1 != NULL) { 2008 ASSERT(!SCTP_CHUNK_ISSENT(mp1)); 2009 ASSERT(!SCTP_CHUNK_ABANDONED(mp1)); 2010 SCTP_ABANDON_CHUNK(mp1); 2011 dh = (sctp_data_hdr_t *)mp1->b_rptr; 2012 unsent += ntohs(dh->sdh_len) - sizeof (*dh); 2013 mp1 = mp1->b_next; 2014 } 2015 ASSERT(sctp->sctp_unsent >= unsent); 2016 sctp->sctp_unsent -= unsent; 2017 /* 2018 * Update ULP the amount of queued data, which is 2019 * sent-unack'ed + unsent. 2020 */ 2021 if (!SCTP_IS_DETACHED(sctp)) 2022 SCTP_TXQ_UPDATE(sctp); 2023 return (0); 2024 } 2025 return (-1); 2026 } 2027 2028 uint32_t 2029 sctp_cumack(sctp_t *sctp, uint32_t tsn, mblk_t **first_unacked) 2030 { 2031 mblk_t *ump, *nump, *mp = NULL; 2032 uint16_t chunklen; 2033 uint32_t xtsn; 2034 sctp_faddr_t *fp; 2035 sctp_data_hdr_t *sdc; 2036 uint32_t cumack_forward = 0; 2037 sctp_msg_hdr_t *mhdr; 2038 sctp_stack_t *sctps = sctp->sctp_sctps; 2039 2040 ump = sctp->sctp_xmit_head; 2041 2042 /* 2043 * Free messages only when they're completely acked. 2044 */ 2045 while (ump != NULL) { 2046 mhdr = (sctp_msg_hdr_t *)ump->b_rptr; 2047 for (mp = ump->b_cont; mp != NULL; mp = mp->b_next) { 2048 if (SCTP_CHUNK_ABANDONED(mp)) { 2049 ASSERT(SCTP_IS_MSG_ABANDONED(ump)); 2050 mp = NULL; 2051 break; 2052 } 2053 /* 2054 * We check for abandoned message if we are PR-SCTP 2055 * aware, if this is not the first chunk in the 2056 * message (b_cont) and if the message is marked 2057 * abandoned. 2058 */ 2059 if (!SCTP_CHUNK_ISSENT(mp)) { 2060 if (sctp->sctp_prsctp_aware && 2061 mp != ump->b_cont && 2062 (SCTP_IS_MSG_ABANDONED(ump) || 2063 SCTP_MSG_TO_BE_ABANDONED(ump, mhdr, 2064 sctp))) { 2065 (void) sctp_check_abandoned_msg(sctp, 2066 ump); 2067 } 2068 goto cum_ack_done; 2069 } 2070 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2071 xtsn = ntohl(sdc->sdh_tsn); 2072 if (SEQ_GEQ(sctp->sctp_lastack_rxd, xtsn)) 2073 continue; 2074 if (SEQ_GEQ(tsn, xtsn)) { 2075 fp = SCTP_CHUNK_DEST(mp); 2076 chunklen = ntohs(sdc->sdh_len); 2077 2078 if (sctp->sctp_out_time != 0 && 2079 xtsn == sctp->sctp_rtt_tsn) { 2080 /* Got a new RTT measurement */ 2081 sctp_update_rtt(sctp, fp, 2082 ddi_get_lbolt64() - 2083 sctp->sctp_out_time); 2084 sctp->sctp_out_time = 0; 2085 } 2086 if (SCTP_CHUNK_ISACKED(mp)) 2087 continue; 2088 SCTP_CHUNK_SET_SACKCNT(mp, 0); 2089 SCTP_CHUNK_ACKED(mp); 2090 ASSERT(fp->sf_suna >= chunklen); 2091 fp->sf_suna -= chunklen; 2092 fp->sf_acked += chunklen; 2093 cumack_forward += chunklen; 2094 ASSERT(sctp->sctp_unacked >= 2095 (chunklen - sizeof (*sdc))); 2096 sctp->sctp_unacked -= 2097 (chunklen - sizeof (*sdc)); 2098 if (fp->sf_suna == 0) { 2099 /* all outstanding data acked */ 2100 fp->sf_pba = 0; 2101 SCTP_FADDR_TIMER_STOP(fp); 2102 } else { 2103 SCTP_FADDR_TIMER_RESTART(sctp, fp, 2104 fp->sf_rto); 2105 } 2106 } else { 2107 goto cum_ack_done; 2108 } 2109 } 2110 nump = ump->b_next; 2111 if (nump != NULL) 2112 nump->b_prev = NULL; 2113 if (ump == sctp->sctp_xmit_tail) 2114 sctp->sctp_xmit_tail = nump; 2115 if (SCTP_IS_MSG_ABANDONED(ump)) { 2116 BUMP_LOCAL(sctp->sctp_prsctpdrop); 2117 ump->b_next = NULL; 2118 sctp_sendfail_event(sctp, ump, 0, B_TRUE); 2119 } else { 2120 sctp_free_msg(ump); 2121 } 2122 sctp->sctp_xmit_head = ump = nump; 2123 } 2124 cum_ack_done: 2125 *first_unacked = mp; 2126 if (cumack_forward > 0) { 2127 SCTPS_BUMP_MIB(sctps, sctpInAck); 2128 if (SEQ_GT(sctp->sctp_lastack_rxd, sctp->sctp_recovery_tsn)) { 2129 sctp->sctp_recovery_tsn = sctp->sctp_lastack_rxd; 2130 } 2131 2132 /* 2133 * Update ULP the amount of queued data, which is 2134 * sent-unack'ed + unsent. 2135 */ 2136 if (!SCTP_IS_DETACHED(sctp)) 2137 SCTP_TXQ_UPDATE(sctp); 2138 2139 /* Time to send a shutdown? */ 2140 if (sctp->sctp_state == SCTPS_SHUTDOWN_PENDING) { 2141 sctp_send_shutdown(sctp, 0); 2142 } 2143 sctp->sctp_xmit_unacked = mp; 2144 } else { 2145 /* dup ack */ 2146 SCTPS_BUMP_MIB(sctps, sctpInDupAck); 2147 } 2148 sctp->sctp_lastack_rxd = tsn; 2149 if (SEQ_LT(sctp->sctp_adv_pap, sctp->sctp_lastack_rxd)) 2150 sctp->sctp_adv_pap = sctp->sctp_lastack_rxd; 2151 ASSERT(sctp->sctp_xmit_head || sctp->sctp_unacked == 0); 2152 2153 return (cumack_forward); 2154 } 2155 2156 static int 2157 sctp_set_frwnd(sctp_t *sctp, uint32_t frwnd) 2158 { 2159 uint32_t orwnd; 2160 2161 if (sctp->sctp_unacked > frwnd) { 2162 sctp->sctp_frwnd = 0; 2163 return (0); 2164 } 2165 orwnd = sctp->sctp_frwnd; 2166 sctp->sctp_frwnd = frwnd - sctp->sctp_unacked; 2167 if (orwnd < sctp->sctp_frwnd) { 2168 return (1); 2169 } else { 2170 return (0); 2171 } 2172 } 2173 2174 /* 2175 * For un-ordered messages. 2176 * Walk the sctp->sctp_uo_frag list and remove any fragments with TSN 2177 * less than/equal to ftsn. Fragments for un-ordered messages are 2178 * strictly in sequence (w.r.t TSN). 2179 */ 2180 static int 2181 sctp_ftsn_check_uo_frag(sctp_t *sctp, uint32_t ftsn) 2182 { 2183 mblk_t *hmp; 2184 mblk_t *hmp_next; 2185 sctp_data_hdr_t *dc; 2186 int dlen = 0; 2187 2188 hmp = sctp->sctp_uo_frags; 2189 while (hmp != NULL) { 2190 hmp_next = hmp->b_next; 2191 dc = (sctp_data_hdr_t *)hmp->b_rptr; 2192 if (SEQ_GT(ntohl(dc->sdh_tsn), ftsn)) 2193 return (dlen); 2194 sctp->sctp_uo_frags = hmp_next; 2195 if (hmp_next != NULL) 2196 hmp_next->b_prev = NULL; 2197 hmp->b_next = NULL; 2198 dlen += ntohs(dc->sdh_len) - sizeof (*dc); 2199 freeb(hmp); 2200 hmp = hmp_next; 2201 } 2202 return (dlen); 2203 } 2204 2205 /* 2206 * For ordered messages. 2207 * Check for existing fragments for an sid-ssn pair reported as abandoned, 2208 * hence will not receive, in the Forward TSN. If there are fragments, then 2209 * we just nuke them. If and when Partial Delivery API is supported, we 2210 * would need to send a notification to the upper layer about this. 2211 */ 2212 static int 2213 sctp_ftsn_check_frag(sctp_t *sctp, uint16_t ssn, sctp_instr_t *sip) 2214 { 2215 sctp_reass_t *srp; 2216 mblk_t *hmp; 2217 mblk_t *dmp; 2218 mblk_t *hmp_next; 2219 sctp_data_hdr_t *dc; 2220 int dlen = 0; 2221 2222 hmp = sip->istr_reass; 2223 while (hmp != NULL) { 2224 hmp_next = hmp->b_next; 2225 srp = (sctp_reass_t *)DB_BASE(hmp); 2226 if (SSN_GT(srp->sr_ssn, ssn)) 2227 return (dlen); 2228 /* 2229 * If we had sent part of this message up, send a partial 2230 * delivery event. Since this is ordered delivery, we should 2231 * have sent partial message only for the next in sequence, 2232 * hence the ASSERT. See comments in sctp_data_chunk() for 2233 * trypartial. 2234 */ 2235 if (srp->sr_partial_delivered) { 2236 if (srp->sr_ssn != sip->nextseq) 2237 cmn_err(CE_WARN, "sctp partial" 2238 " delivery notify, sctp 0x%p" 2239 " sip = 0x%p ssn != nextseq" 2240 " ssn 0x%x nextseq 0x%x", 2241 (void *)sctp, (void *)sip, 2242 srp->sr_ssn, sip->nextseq); 2243 ASSERT(sip->nextseq == srp->sr_ssn); 2244 sctp_partial_delivery_event(sctp); 2245 } 2246 /* Take it out of the reass queue */ 2247 sip->istr_reass = hmp_next; 2248 if (hmp_next != NULL) 2249 hmp_next->b_prev = NULL; 2250 hmp->b_next = NULL; 2251 ASSERT(hmp->b_prev == NULL); 2252 dmp = hmp; 2253 ASSERT(DB_TYPE(hmp) == M_CTL); 2254 dmp = hmp->b_cont; 2255 hmp->b_cont = NULL; 2256 freeb(hmp); 2257 hmp = dmp; 2258 while (dmp != NULL) { 2259 dc = (sctp_data_hdr_t *)dmp->b_rptr; 2260 dlen += ntohs(dc->sdh_len) - sizeof (*dc); 2261 dmp = dmp->b_cont; 2262 } 2263 freemsg(hmp); 2264 hmp = hmp_next; 2265 } 2266 return (dlen); 2267 } 2268 2269 /* 2270 * Update sctp_ftsn to the cumulative TSN from the Forward TSN chunk. Remove 2271 * any SACK gaps less than the newly updated sctp_ftsn. Walk through the 2272 * sid-ssn pair in the Forward TSN and for each, clean the fragment list 2273 * for this pair, if needed, and check if we can deliver subsequent 2274 * messages, if any, from the instream queue (that were waiting for this 2275 * sid-ssn message to show up). Once we are done try to update the SACK 2276 * info. We could get a duplicate Forward TSN, in which case just send 2277 * a SACK. If any of the sid values in the Forward TSN is invalid, 2278 * send back an "Invalid Stream Identifier" error and continue processing 2279 * the rest. 2280 */ 2281 static void 2282 sctp_process_forward_tsn(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp, 2283 ip_pkt_t *ipp, ip_recv_attr_t *ira) 2284 { 2285 uint32_t *ftsn = (uint32_t *)(ch + 1); 2286 ftsn_entry_t *ftsn_entry; 2287 sctp_instr_t *instr; 2288 boolean_t can_deliver = B_TRUE; 2289 size_t dlen; 2290 int flen; 2291 mblk_t *dmp; 2292 mblk_t *pmp; 2293 sctp_data_hdr_t *dc; 2294 ssize_t remaining; 2295 sctp_stack_t *sctps = sctp->sctp_sctps; 2296 2297 *ftsn = ntohl(*ftsn); 2298 remaining = ntohs(ch->sch_len) - sizeof (*ch) - sizeof (*ftsn); 2299 2300 if (SCTP_IS_DETACHED(sctp)) { 2301 SCTPS_BUMP_MIB(sctps, sctpInClosed); 2302 can_deliver = B_FALSE; 2303 } 2304 /* 2305 * un-ordered messages don't have SID-SSN pair entries, we check 2306 * for any fragments (for un-ordered message) to be discarded using 2307 * the cumulative FTSN. 2308 */ 2309 flen = sctp_ftsn_check_uo_frag(sctp, *ftsn); 2310 if (flen > 0) { 2311 ASSERT(sctp->sctp_rxqueued >= flen); 2312 sctp->sctp_rxqueued -= flen; 2313 } 2314 ftsn_entry = (ftsn_entry_t *)(ftsn + 1); 2315 while (remaining >= sizeof (*ftsn_entry)) { 2316 ftsn_entry->ftsn_sid = ntohs(ftsn_entry->ftsn_sid); 2317 ftsn_entry->ftsn_ssn = ntohs(ftsn_entry->ftsn_ssn); 2318 if (ftsn_entry->ftsn_sid >= sctp->sctp_num_istr) { 2319 sctp_bsc_t inval_parm; 2320 2321 /* Will populate the CAUSE block in the ERROR chunk. */ 2322 inval_parm.bsc_sid = htons(ftsn_entry->ftsn_sid); 2323 /* RESERVED, ignored at the receiving end */ 2324 inval_parm.bsc_pad = 0; 2325 2326 sctp_add_err(sctp, SCTP_ERR_BAD_SID, 2327 (void *)&inval_parm, sizeof (sctp_bsc_t), fp); 2328 ftsn_entry++; 2329 remaining -= sizeof (*ftsn_entry); 2330 continue; 2331 } 2332 instr = &sctp->sctp_instr[ftsn_entry->ftsn_sid]; 2333 flen = sctp_ftsn_check_frag(sctp, ftsn_entry->ftsn_ssn, instr); 2334 /* Indicates frags were nuked, update rxqueued */ 2335 if (flen > 0) { 2336 ASSERT(sctp->sctp_rxqueued >= flen); 2337 sctp->sctp_rxqueued -= flen; 2338 } 2339 /* 2340 * It is possible to receive an FTSN chunk with SSN smaller 2341 * than then nextseq if this chunk is a retransmission because 2342 * of incomplete processing when it was first processed. 2343 */ 2344 if (SSN_GE(ftsn_entry->ftsn_ssn, instr->nextseq)) 2345 instr->nextseq = ftsn_entry->ftsn_ssn + 1; 2346 while (instr->istr_nmsgs > 0) { 2347 mblk_t *next; 2348 2349 dmp = (mblk_t *)instr->istr_msgs; 2350 dc = (sctp_data_hdr_t *)dmp->b_rptr; 2351 if (ntohs(dc->sdh_ssn) != instr->nextseq) 2352 break; 2353 2354 next = dmp->b_next; 2355 dlen = dmp->b_wptr - dmp->b_rptr - sizeof (*dc); 2356 for (pmp = dmp->b_cont; pmp != NULL; 2357 pmp = pmp->b_cont) { 2358 dlen += MBLKL(pmp); 2359 } 2360 if (can_deliver) { 2361 int error; 2362 2363 dmp->b_rptr = (uchar_t *)(dc + 1); 2364 dmp->b_next = NULL; 2365 ASSERT(dmp->b_prev == NULL); 2366 if (sctp_input_add_ancillary(sctp, 2367 &dmp, dc, fp, ipp, ira) == 0) { 2368 sctp->sctp_rxqueued -= dlen; 2369 /* 2370 * Override b_flag for SCTP sockfs 2371 * internal use 2372 */ 2373 2374 dmp->b_flag = 0; 2375 if (sctp->sctp_flowctrld) { 2376 sctp->sctp_rwnd -= dlen; 2377 if (sctp->sctp_rwnd < 0) 2378 sctp->sctp_rwnd = 0; 2379 } 2380 if (sctp->sctp_ulp_recv( 2381 sctp->sctp_ulpd, dmp, msgdsize(dmp), 2382 0, &error, NULL) <= 0) { 2383 sctp->sctp_flowctrld = B_TRUE; 2384 } 2385 } else { 2386 /* 2387 * We will resume processing when 2388 * the FTSN chunk is re-xmitted. 2389 */ 2390 dmp->b_rptr = (uchar_t *)dc; 2391 dmp->b_next = next; 2392 dprint(0, 2393 ("FTSN dequeuing %u failed\n", 2394 ntohs(dc->sdh_ssn))); 2395 return; 2396 } 2397 } else { 2398 sctp->sctp_rxqueued -= dlen; 2399 ASSERT(dmp->b_prev == NULL); 2400 dmp->b_next = NULL; 2401 freemsg(dmp); 2402 } 2403 instr->istr_nmsgs--; 2404 instr->nextseq++; 2405 sctp->sctp_istr_nmsgs--; 2406 if (next != NULL) 2407 next->b_prev = NULL; 2408 instr->istr_msgs = next; 2409 } 2410 ftsn_entry++; 2411 remaining -= sizeof (*ftsn_entry); 2412 } 2413 /* Duplicate FTSN */ 2414 if (*ftsn <= (sctp->sctp_ftsn - 1)) { 2415 sctp->sctp_force_sack = 1; 2416 return; 2417 } 2418 /* Advance cum TSN to that reported in the Forward TSN chunk */ 2419 sctp->sctp_ftsn = *ftsn + 1; 2420 2421 /* Remove all the SACK gaps before the new cum TSN */ 2422 if (sctp->sctp_sack_info != NULL) { 2423 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 2424 &sctp->sctp_sack_gaps); 2425 } 2426 /* 2427 * If there are gap reports pending, check if advancing 2428 * the ftsn here closes a gap. If so, we can advance 2429 * ftsn to the end of the set. 2430 * If ftsn has moved forward, maybe we can remove gap reports. 2431 */ 2432 if (sctp->sctp_sack_info != NULL && 2433 sctp->sctp_ftsn == sctp->sctp_sack_info->begin) { 2434 sctp->sctp_ftsn = sctp->sctp_sack_info->end + 1; 2435 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 2436 &sctp->sctp_sack_gaps); 2437 } 2438 } 2439 2440 /* 2441 * When we have processed a SACK we check to see if we can advance the 2442 * cumulative TSN if there are abandoned chunks immediately following 2443 * the updated cumulative TSN. If there are, we attempt to send a 2444 * Forward TSN chunk. 2445 */ 2446 static void 2447 sctp_check_abandoned_data(sctp_t *sctp, sctp_faddr_t *fp) 2448 { 2449 mblk_t *meta = sctp->sctp_xmit_head; 2450 mblk_t *mp; 2451 mblk_t *nmp; 2452 uint32_t seglen; 2453 uint32_t adv_pap = sctp->sctp_adv_pap; 2454 2455 /* 2456 * We only check in the first meta since otherwise we can't 2457 * advance the cumulative ack point. We just look for chunks 2458 * marked for retransmission, else we might prematurely 2459 * send an FTSN for a sent, but unacked, chunk. 2460 */ 2461 for (mp = meta->b_cont; mp != NULL; mp = mp->b_next) { 2462 if (!SCTP_CHUNK_ISSENT(mp)) 2463 return; 2464 if (SCTP_CHUNK_WANT_REXMIT(mp)) 2465 break; 2466 } 2467 if (mp == NULL) 2468 return; 2469 sctp_check_adv_ack_pt(sctp, meta, mp); 2470 if (SEQ_GT(sctp->sctp_adv_pap, adv_pap)) { 2471 sctp_make_ftsns(sctp, meta, mp, &nmp, fp, &seglen); 2472 if (nmp == NULL) { 2473 sctp->sctp_adv_pap = adv_pap; 2474 if (!fp->sf_timer_running) 2475 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->sf_rto); 2476 return; 2477 } 2478 sctp_set_iplen(sctp, nmp, fp->sf_ixa); 2479 (void) conn_ip_output(nmp, fp->sf_ixa); 2480 BUMP_LOCAL(sctp->sctp_opkts); 2481 if (!fp->sf_timer_running) 2482 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->sf_rto); 2483 } 2484 } 2485 2486 /* 2487 * The processing here follows the same logic in sctp_got_sack(), the reason 2488 * we do this separately is because, usually, gap blocks are ordered and 2489 * we can process it in sctp_got_sack(). However if they aren't we would 2490 * need to do some additional non-optimal stuff when we start processing the 2491 * unordered gaps. To that effect sctp_got_sack() does the processing in the 2492 * simple case and this does the same in the more involved case. 2493 */ 2494 static uint32_t 2495 sctp_process_uo_gaps(sctp_t *sctp, uint32_t ctsn, sctp_sack_frag_t *ssf, 2496 int num_gaps, mblk_t *umphead, mblk_t *mphead, int *trysend, 2497 boolean_t *fast_recovery, uint32_t fr_xtsn) 2498 { 2499 uint32_t xtsn; 2500 uint32_t gapstart = 0; 2501 uint32_t gapend = 0; 2502 int gapcnt; 2503 uint16_t chunklen; 2504 sctp_data_hdr_t *sdc; 2505 int gstart; 2506 mblk_t *ump = umphead; 2507 mblk_t *mp = mphead; 2508 sctp_faddr_t *fp; 2509 uint32_t acked = 0; 2510 sctp_stack_t *sctps = sctp->sctp_sctps; 2511 2512 /* 2513 * gstart tracks the last (in the order of TSN) gapstart that 2514 * we process in this SACK gaps walk. 2515 */ 2516 gstart = ctsn; 2517 2518 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2519 xtsn = ntohl(sdc->sdh_tsn); 2520 for (gapcnt = 0; gapcnt < num_gaps; gapcnt++, ssf++) { 2521 if (gapstart != 0) { 2522 /* 2523 * If we have reached the end of the transmit list or 2524 * hit an unsent chunk or encountered an unordered gap 2525 * block start from the ctsn again. 2526 */ 2527 if (ump == NULL || !SCTP_CHUNK_ISSENT(mp) || 2528 SEQ_LT(ctsn + ntohs(ssf->ssf_start), xtsn)) { 2529 ump = umphead; 2530 mp = mphead; 2531 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2532 xtsn = ntohl(sdc->sdh_tsn); 2533 } 2534 } 2535 2536 gapstart = ctsn + ntohs(ssf->ssf_start); 2537 gapend = ctsn + ntohs(ssf->ssf_end); 2538 2539 /* 2540 * Sanity checks: 2541 * 2542 * 1. SACK for TSN we have not sent - ABORT 2543 * 2. Invalid or spurious gaps, ignore all gaps 2544 */ 2545 if (SEQ_GT(gapstart, sctp->sctp_ltsn - 1) || 2546 SEQ_GT(gapend, sctp->sctp_ltsn - 1)) { 2547 SCTPS_BUMP_MIB(sctps, sctpInAckUnsent); 2548 *trysend = -1; 2549 return (acked); 2550 } else if (SEQ_LT(gapend, gapstart) || 2551 SEQ_LEQ(gapstart, ctsn)) { 2552 break; 2553 } 2554 /* 2555 * The xtsn can be the TSN processed for the last gap 2556 * (gapend) or it could be the cumulative TSN. We continue 2557 * with the last xtsn as long as the gaps are ordered, when 2558 * we hit an unordered gap, we re-start from the cumulative 2559 * TSN. For the first gap it is always the cumulative TSN. 2560 */ 2561 while (xtsn != gapstart) { 2562 /* 2563 * We can't reliably check for reneged chunks 2564 * when walking the unordered list, so we don't. 2565 * In case the peer reneges then we will end up 2566 * sending the reneged chunk via timeout. 2567 */ 2568 mp = mp->b_next; 2569 if (mp == NULL) { 2570 ump = ump->b_next; 2571 /* 2572 * ump can't be NULL because of the sanity 2573 * check above. 2574 */ 2575 ASSERT(ump != NULL); 2576 mp = ump->b_cont; 2577 } 2578 /* 2579 * mp can't be unsent because of the sanity check 2580 * above. 2581 */ 2582 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2583 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2584 xtsn = ntohl(sdc->sdh_tsn); 2585 } 2586 /* 2587 * Now that we have found the chunk with TSN == 'gapstart', 2588 * let's walk till we hit the chunk with TSN == 'gapend'. 2589 * All intermediate chunks will be marked ACKED, if they 2590 * haven't already been. 2591 */ 2592 while (SEQ_LEQ(xtsn, gapend)) { 2593 /* 2594 * SACKed 2595 */ 2596 SCTP_CHUNK_SET_SACKCNT(mp, 0); 2597 if (!SCTP_CHUNK_ISACKED(mp)) { 2598 SCTP_CHUNK_ACKED(mp); 2599 2600 fp = SCTP_CHUNK_DEST(mp); 2601 chunklen = ntohs(sdc->sdh_len); 2602 ASSERT(fp->sf_suna >= chunklen); 2603 fp->sf_suna -= chunklen; 2604 if (fp->sf_suna == 0) { 2605 /* All outstanding data acked. */ 2606 fp->sf_pba = 0; 2607 SCTP_FADDR_TIMER_STOP(fp); 2608 } 2609 fp->sf_acked += chunklen; 2610 acked += chunklen; 2611 sctp->sctp_unacked -= chunklen - sizeof (*sdc); 2612 ASSERT(sctp->sctp_unacked >= 0); 2613 } 2614 /* 2615 * Move to the next message in the transmit list 2616 * if we are done with all the chunks from the current 2617 * message. Note, it is possible to hit the end of the 2618 * transmit list here, i.e. if we have already completed 2619 * processing the gap block. 2620 */ 2621 mp = mp->b_next; 2622 if (mp == NULL) { 2623 ump = ump->b_next; 2624 if (ump == NULL) { 2625 ASSERT(xtsn == gapend); 2626 break; 2627 } 2628 mp = ump->b_cont; 2629 } 2630 /* 2631 * Likewise, we can hit an unsent chunk once we have 2632 * completed processing the gap block. 2633 */ 2634 if (!SCTP_CHUNK_ISSENT(mp)) { 2635 ASSERT(xtsn == gapend); 2636 break; 2637 } 2638 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2639 xtsn = ntohl(sdc->sdh_tsn); 2640 } 2641 /* 2642 * We keep track of the last gap we successfully processed 2643 * so that we can terminate the walk below for incrementing 2644 * the SACK count. 2645 */ 2646 if (SEQ_LT(gstart, gapstart)) 2647 gstart = gapstart; 2648 } 2649 /* 2650 * Check if have incremented the SACK count for all unacked TSNs in 2651 * sctp_got_sack(), if so we are done. 2652 */ 2653 if (SEQ_LEQ(gstart, fr_xtsn)) 2654 return (acked); 2655 2656 ump = umphead; 2657 mp = mphead; 2658 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2659 xtsn = ntohl(sdc->sdh_tsn); 2660 while (SEQ_LT(xtsn, gstart)) { 2661 /* 2662 * We have incremented SACK count for TSNs less than fr_tsn 2663 * in sctp_got_sack(), so don't increment them again here. 2664 */ 2665 if (SEQ_GT(xtsn, fr_xtsn) && !SCTP_CHUNK_ISACKED(mp)) { 2666 SCTP_CHUNK_SET_SACKCNT(mp, SCTP_CHUNK_SACKCNT(mp) + 1); 2667 if (SCTP_CHUNK_SACKCNT(mp) == 2668 sctps->sctps_fast_rxt_thresh) { 2669 SCTP_CHUNK_REXMIT(sctp, mp); 2670 sctp->sctp_chk_fast_rexmit = B_TRUE; 2671 *trysend = 1; 2672 if (!*fast_recovery) { 2673 /* 2674 * Entering fast recovery. 2675 */ 2676 fp = SCTP_CHUNK_DEST(mp); 2677 fp->sf_ssthresh = fp->sf_cwnd / 2; 2678 if (fp->sf_ssthresh < 2 * fp->sf_pmss) { 2679 fp->sf_ssthresh = 2680 2 * fp->sf_pmss; 2681 } 2682 fp->sf_cwnd = fp->sf_ssthresh; 2683 fp->sf_pba = 0; 2684 sctp->sctp_recovery_tsn = 2685 sctp->sctp_ltsn - 1; 2686 *fast_recovery = B_TRUE; 2687 } 2688 } 2689 } 2690 mp = mp->b_next; 2691 if (mp == NULL) { 2692 ump = ump->b_next; 2693 /* We can't get to the end of the transmit list here */ 2694 ASSERT(ump != NULL); 2695 mp = ump->b_cont; 2696 } 2697 /* We can't hit an unsent chunk here */ 2698 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2699 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2700 xtsn = ntohl(sdc->sdh_tsn); 2701 } 2702 return (acked); 2703 } 2704 2705 static int 2706 sctp_got_sack(sctp_t *sctp, sctp_chunk_hdr_t *sch) 2707 { 2708 sctp_sack_chunk_t *sc; 2709 sctp_data_hdr_t *sdc; 2710 sctp_sack_frag_t *ssf; 2711 mblk_t *ump; 2712 mblk_t *mp; 2713 mblk_t *mp1; 2714 uint32_t cumtsn; 2715 uint32_t xtsn; 2716 uint32_t gapstart = 0; 2717 uint32_t gapend = 0; 2718 uint32_t acked = 0; 2719 uint16_t chunklen; 2720 sctp_faddr_t *fp; 2721 int num_gaps; 2722 int trysend = 0; 2723 int i; 2724 boolean_t fast_recovery = B_FALSE; 2725 boolean_t cumack_forward = B_FALSE; 2726 boolean_t fwd_tsn = B_FALSE; 2727 sctp_stack_t *sctps = sctp->sctp_sctps; 2728 2729 BUMP_LOCAL(sctp->sctp_ibchunks); 2730 BUMP_LOCAL(sctp->sctp_isacks); 2731 chunklen = ntohs(sch->sch_len); 2732 if (chunklen < (sizeof (*sch) + sizeof (*sc))) 2733 return (0); 2734 2735 sc = (sctp_sack_chunk_t *)(sch + 1); 2736 cumtsn = ntohl(sc->ssc_cumtsn); 2737 2738 dprint(2, ("got sack cumtsn %x -> %x\n", sctp->sctp_lastack_rxd, 2739 cumtsn)); 2740 2741 /* out of order */ 2742 if (SEQ_LT(cumtsn, sctp->sctp_lastack_rxd)) 2743 return (0); 2744 2745 if (SEQ_GT(cumtsn, sctp->sctp_ltsn - 1)) { 2746 SCTPS_BUMP_MIB(sctps, sctpInAckUnsent); 2747 /* Send an ABORT */ 2748 return (-1); 2749 } 2750 2751 /* 2752 * Cwnd only done when not in fast recovery mode. 2753 */ 2754 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_recovery_tsn)) 2755 fast_recovery = B_TRUE; 2756 2757 /* 2758 * .. and if the cum TSN is not moving ahead on account Forward TSN 2759 */ 2760 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_adv_pap)) 2761 fwd_tsn = B_TRUE; 2762 2763 if (cumtsn == sctp->sctp_lastack_rxd && 2764 (sctp->sctp_xmit_unacked == NULL || 2765 !SCTP_CHUNK_ABANDONED(sctp->sctp_xmit_unacked))) { 2766 if (sctp->sctp_xmit_unacked != NULL) 2767 mp = sctp->sctp_xmit_unacked; 2768 else if (sctp->sctp_xmit_head != NULL) 2769 mp = sctp->sctp_xmit_head->b_cont; 2770 else 2771 mp = NULL; 2772 SCTPS_BUMP_MIB(sctps, sctpInDupAck); 2773 /* 2774 * If we were doing a zero win probe and the win 2775 * has now opened to at least MSS, re-transmit the 2776 * zero win probe via sctp_rexmit_packet(). 2777 */ 2778 if (mp != NULL && sctp->sctp_zero_win_probe && 2779 ntohl(sc->ssc_a_rwnd) >= sctp->sctp_current->sf_pmss) { 2780 mblk_t *pkt; 2781 uint_t pkt_len; 2782 mblk_t *mp1 = mp; 2783 mblk_t *meta = sctp->sctp_xmit_head; 2784 2785 /* 2786 * Reset the RTO since we have been backing-off 2787 * to send the ZWP. 2788 */ 2789 fp = sctp->sctp_current; 2790 fp->sf_rto = fp->sf_srtt + 4 * fp->sf_rttvar; 2791 SCTP_MAX_RTO(sctp, fp); 2792 /* Resend the ZWP */ 2793 pkt = sctp_rexmit_packet(sctp, &meta, &mp1, fp, 2794 &pkt_len); 2795 if (pkt == NULL) { 2796 SCTP_KSTAT(sctps, sctp_ss_rexmit_failed); 2797 return (0); 2798 } 2799 ASSERT(pkt_len <= fp->sf_pmss); 2800 sctp->sctp_zero_win_probe = B_FALSE; 2801 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn; 2802 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn; 2803 sctp_set_iplen(sctp, pkt, fp->sf_ixa); 2804 (void) conn_ip_output(pkt, fp->sf_ixa); 2805 BUMP_LOCAL(sctp->sctp_opkts); 2806 } 2807 } else { 2808 if (sctp->sctp_zero_win_probe) { 2809 /* 2810 * Reset the RTO since we have been backing-off 2811 * to send the ZWP. 2812 */ 2813 fp = sctp->sctp_current; 2814 fp->sf_rto = fp->sf_srtt + 4 * fp->sf_rttvar; 2815 SCTP_MAX_RTO(sctp, fp); 2816 sctp->sctp_zero_win_probe = B_FALSE; 2817 /* This is probably not required */ 2818 if (!sctp->sctp_rexmitting) { 2819 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn; 2820 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn; 2821 } 2822 } 2823 acked = sctp_cumack(sctp, cumtsn, &mp); 2824 sctp->sctp_xmit_unacked = mp; 2825 if (acked > 0) { 2826 trysend = 1; 2827 cumack_forward = B_TRUE; 2828 if (fwd_tsn && SEQ_GEQ(sctp->sctp_lastack_rxd, 2829 sctp->sctp_adv_pap)) { 2830 cumack_forward = B_FALSE; 2831 } 2832 } 2833 } 2834 num_gaps = ntohs(sc->ssc_numfrags); 2835 UPDATE_LOCAL(sctp->sctp_gapcnt, num_gaps); 2836 if (num_gaps == 0 || mp == NULL || !SCTP_CHUNK_ISSENT(mp) || 2837 chunklen < (sizeof (*sch) + sizeof (*sc) + 2838 num_gaps * sizeof (*ssf))) { 2839 goto ret; 2840 } 2841 #ifdef DEBUG 2842 /* 2843 * Since we delete any message that has been acked completely, 2844 * the unacked chunk must belong to sctp_xmit_head (as 2845 * we don't have a back pointer from the mp to the meta data 2846 * we do this). 2847 */ 2848 { 2849 mblk_t *mp2 = sctp->sctp_xmit_head->b_cont; 2850 2851 while (mp2 != NULL) { 2852 if (mp2 == mp) 2853 break; 2854 mp2 = mp2->b_next; 2855 } 2856 ASSERT(mp2 != NULL); 2857 } 2858 #endif 2859 ump = sctp->sctp_xmit_head; 2860 2861 /* 2862 * Just remember where we started from, in case we need to call 2863 * sctp_process_uo_gaps() if the gap blocks are unordered. 2864 */ 2865 mp1 = mp; 2866 2867 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2868 xtsn = ntohl(sdc->sdh_tsn); 2869 ASSERT(xtsn == cumtsn + 1); 2870 2871 /* 2872 * Go through SACK gaps. They are ordered based on start TSN. 2873 */ 2874 ssf = (sctp_sack_frag_t *)(sc + 1); 2875 for (i = 0; i < num_gaps; i++, ssf++) { 2876 if (gapstart != 0) { 2877 /* check for unordered gap */ 2878 if (SEQ_LEQ(cumtsn + ntohs(ssf->ssf_start), gapstart)) { 2879 acked += sctp_process_uo_gaps(sctp, 2880 cumtsn, ssf, num_gaps - i, 2881 sctp->sctp_xmit_head, mp1, 2882 &trysend, &fast_recovery, gapstart); 2883 if (trysend < 0) { 2884 SCTPS_BUMP_MIB(sctps, sctpInAckUnsent); 2885 return (-1); 2886 } 2887 break; 2888 } 2889 } 2890 gapstart = cumtsn + ntohs(ssf->ssf_start); 2891 gapend = cumtsn + ntohs(ssf->ssf_end); 2892 2893 /* 2894 * Sanity checks: 2895 * 2896 * 1. SACK for TSN we have not sent - ABORT 2897 * 2. Invalid or spurious gaps, ignore all gaps 2898 */ 2899 if (SEQ_GT(gapstart, sctp->sctp_ltsn - 1) || 2900 SEQ_GT(gapend, sctp->sctp_ltsn - 1)) { 2901 SCTPS_BUMP_MIB(sctps, sctpInAckUnsent); 2902 return (-1); 2903 } else if (SEQ_LT(gapend, gapstart) || 2904 SEQ_LEQ(gapstart, cumtsn)) { 2905 break; 2906 } 2907 /* 2908 * Let's start at the current TSN (for the 1st gap we start 2909 * from the cumulative TSN, for subsequent ones we start from 2910 * where the previous gapend was found - second while loop 2911 * below) and walk the transmit list till we find the TSN 2912 * corresponding to gapstart. All the unacked chunks till we 2913 * get to the chunk with TSN == gapstart will have their 2914 * SACKCNT incremented by 1. Note since the gap blocks are 2915 * ordered, we won't be incrementing the SACKCNT for an 2916 * unacked chunk by more than one while processing the gap 2917 * blocks. If the SACKCNT for any unacked chunk exceeds 2918 * the fast retransmit threshold, we will fast retransmit 2919 * after processing all the gap blocks. 2920 */ 2921 ASSERT(SEQ_LEQ(xtsn, gapstart)); 2922 while (xtsn != gapstart) { 2923 SCTP_CHUNK_SET_SACKCNT(mp, SCTP_CHUNK_SACKCNT(mp) + 1); 2924 if (SCTP_CHUNK_SACKCNT(mp) == 2925 sctps->sctps_fast_rxt_thresh) { 2926 SCTP_CHUNK_REXMIT(sctp, mp); 2927 sctp->sctp_chk_fast_rexmit = B_TRUE; 2928 trysend = 1; 2929 if (!fast_recovery) { 2930 /* 2931 * Entering fast recovery. 2932 */ 2933 fp = SCTP_CHUNK_DEST(mp); 2934 fp->sf_ssthresh = fp->sf_cwnd / 2; 2935 if (fp->sf_ssthresh < 2 * fp->sf_pmss) { 2936 fp->sf_ssthresh = 2937 2 * fp->sf_pmss; 2938 } 2939 fp->sf_cwnd = fp->sf_ssthresh; 2940 fp->sf_pba = 0; 2941 sctp->sctp_recovery_tsn = 2942 sctp->sctp_ltsn - 1; 2943 fast_recovery = B_TRUE; 2944 } 2945 } 2946 2947 /* 2948 * Peer may have reneged on this chunk, so un-sack 2949 * it now. If the peer did renege, we need to 2950 * readjust unacked. 2951 */ 2952 if (SCTP_CHUNK_ISACKED(mp)) { 2953 chunklen = ntohs(sdc->sdh_len); 2954 fp = SCTP_CHUNK_DEST(mp); 2955 fp->sf_suna += chunklen; 2956 sctp->sctp_unacked += chunklen - sizeof (*sdc); 2957 SCTP_CHUNK_CLEAR_ACKED(sctp, mp); 2958 if (!fp->sf_timer_running) { 2959 SCTP_FADDR_TIMER_RESTART(sctp, fp, 2960 fp->sf_rto); 2961 } 2962 } 2963 2964 mp = mp->b_next; 2965 if (mp == NULL) { 2966 ump = ump->b_next; 2967 /* 2968 * ump can't be NULL given the sanity check 2969 * above. But if it is NULL, it means that 2970 * there is a data corruption. We'd better 2971 * panic. 2972 */ 2973 if (ump == NULL) { 2974 panic("Memory corruption detected: gap " 2975 "start TSN 0x%x missing from the " 2976 "xmit list: %p", gapstart, 2977 (void *)sctp); 2978 } 2979 mp = ump->b_cont; 2980 } 2981 /* 2982 * mp can't be unsent given the sanity check above. 2983 */ 2984 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2985 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2986 xtsn = ntohl(sdc->sdh_tsn); 2987 } 2988 /* 2989 * Now that we have found the chunk with TSN == 'gapstart', 2990 * let's walk till we hit the chunk with TSN == 'gapend'. 2991 * All intermediate chunks will be marked ACKED, if they 2992 * haven't already been. 2993 */ 2994 while (SEQ_LEQ(xtsn, gapend)) { 2995 /* 2996 * SACKed 2997 */ 2998 SCTP_CHUNK_SET_SACKCNT(mp, 0); 2999 if (!SCTP_CHUNK_ISACKED(mp)) { 3000 SCTP_CHUNK_ACKED(mp); 3001 3002 fp = SCTP_CHUNK_DEST(mp); 3003 chunklen = ntohs(sdc->sdh_len); 3004 ASSERT(fp->sf_suna >= chunklen); 3005 fp->sf_suna -= chunklen; 3006 if (fp->sf_suna == 0) { 3007 /* All outstanding data acked. */ 3008 fp->sf_pba = 0; 3009 SCTP_FADDR_TIMER_STOP(fp); 3010 } 3011 fp->sf_acked += chunklen; 3012 acked += chunklen; 3013 sctp->sctp_unacked -= chunklen - sizeof (*sdc); 3014 ASSERT(sctp->sctp_unacked >= 0); 3015 } 3016 /* Go to the next chunk of the current message */ 3017 mp = mp->b_next; 3018 /* 3019 * Move to the next message in the transmit list 3020 * if we are done with all the chunks from the current 3021 * message. Note, it is possible to hit the end of the 3022 * transmit list here, i.e. if we have already completed 3023 * processing the gap block. But the TSN must be equal 3024 * to the gapend because of the above sanity check. 3025 * If it is not equal, it means that some data is 3026 * missing. 3027 * Also, note that we break here, which means we 3028 * continue processing gap blocks, if any. In case of 3029 * ordered gap blocks there can't be any following 3030 * this (if there is it will fail the sanity check 3031 * above). In case of un-ordered gap blocks we will 3032 * switch to sctp_process_uo_gaps(). In either case 3033 * it should be fine to continue with NULL ump/mp, 3034 * but we just reset it to xmit_head. 3035 */ 3036 if (mp == NULL) { 3037 ump = ump->b_next; 3038 if (ump == NULL) { 3039 if (xtsn != gapend) { 3040 panic("Memory corruption " 3041 "detected: gap end TSN " 3042 "0x%x missing from the " 3043 "xmit list: %p", gapend, 3044 (void *)sctp); 3045 } 3046 ump = sctp->sctp_xmit_head; 3047 mp = mp1; 3048 sdc = (sctp_data_hdr_t *)mp->b_rptr; 3049 xtsn = ntohl(sdc->sdh_tsn); 3050 break; 3051 } 3052 mp = ump->b_cont; 3053 } 3054 /* 3055 * Likewise, we could hit an unsent chunk once we have 3056 * completed processing the gap block. Again, it is 3057 * fine to continue processing gap blocks with mp 3058 * pointing to the unsent chunk, because if there 3059 * are more ordered gap blocks, they will fail the 3060 * sanity check, and if there are un-ordered gap blocks, 3061 * we will continue processing in sctp_process_uo_gaps() 3062 * We just reset the mp to the one we started with. 3063 */ 3064 if (!SCTP_CHUNK_ISSENT(mp)) { 3065 ASSERT(xtsn == gapend); 3066 ump = sctp->sctp_xmit_head; 3067 mp = mp1; 3068 sdc = (sctp_data_hdr_t *)mp->b_rptr; 3069 xtsn = ntohl(sdc->sdh_tsn); 3070 break; 3071 } 3072 sdc = (sctp_data_hdr_t *)mp->b_rptr; 3073 xtsn = ntohl(sdc->sdh_tsn); 3074 } 3075 } 3076 if (sctp->sctp_prsctp_aware) 3077 sctp_check_abandoned_data(sctp, sctp->sctp_current); 3078 if (sctp->sctp_chk_fast_rexmit) 3079 sctp_fast_rexmit(sctp); 3080 ret: 3081 trysend += sctp_set_frwnd(sctp, ntohl(sc->ssc_a_rwnd)); 3082 3083 /* 3084 * If receive window is closed while there is unsent data, 3085 * set a timer for doing zero window probes. 3086 */ 3087 if (sctp->sctp_frwnd == 0 && sctp->sctp_unacked == 0 && 3088 sctp->sctp_unsent != 0) { 3089 SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current, 3090 sctp->sctp_current->sf_rto); 3091 } 3092 3093 /* 3094 * Set cwnd for all destinations. 3095 * Congestion window gets increased only when cumulative 3096 * TSN moves forward, we're not in fast recovery, and 3097 * cwnd has been fully utilized (almost fully, need to allow 3098 * some leeway due to non-MSS sized messages). 3099 */ 3100 if (sctp->sctp_current->sf_acked == acked) { 3101 /* 3102 * Fast-path, only data sent to sctp_current got acked. 3103 */ 3104 fp = sctp->sctp_current; 3105 if (cumack_forward && !fast_recovery && 3106 (fp->sf_acked + fp->sf_suna > fp->sf_cwnd - fp->sf_pmss)) { 3107 if (fp->sf_cwnd < fp->sf_ssthresh) { 3108 /* 3109 * Slow start 3110 */ 3111 if (fp->sf_acked > fp->sf_pmss) { 3112 fp->sf_cwnd += fp->sf_pmss; 3113 } else { 3114 fp->sf_cwnd += fp->sf_acked; 3115 } 3116 fp->sf_cwnd = MIN(fp->sf_cwnd, 3117 sctp->sctp_cwnd_max); 3118 } else { 3119 /* 3120 * Congestion avoidance 3121 */ 3122 fp->sf_pba += fp->sf_acked; 3123 if (fp->sf_pba >= fp->sf_cwnd) { 3124 fp->sf_pba -= fp->sf_cwnd; 3125 fp->sf_cwnd += fp->sf_pmss; 3126 fp->sf_cwnd = MIN(fp->sf_cwnd, 3127 sctp->sctp_cwnd_max); 3128 } 3129 } 3130 } 3131 /* 3132 * Limit the burst of transmitted data segments. 3133 */ 3134 if (fp->sf_suna + sctps->sctps_maxburst * fp->sf_pmss < 3135 fp->sf_cwnd) { 3136 fp->sf_cwnd = fp->sf_suna + sctps->sctps_maxburst * 3137 fp->sf_pmss; 3138 } 3139 fp->sf_acked = 0; 3140 goto check_ss_rxmit; 3141 } 3142 for (fp = sctp->sctp_faddrs; fp != NULL; fp = fp->sf_next) { 3143 if (cumack_forward && fp->sf_acked && !fast_recovery && 3144 (fp->sf_acked + fp->sf_suna > fp->sf_cwnd - fp->sf_pmss)) { 3145 if (fp->sf_cwnd < fp->sf_ssthresh) { 3146 if (fp->sf_acked > fp->sf_pmss) { 3147 fp->sf_cwnd += fp->sf_pmss; 3148 } else { 3149 fp->sf_cwnd += fp->sf_acked; 3150 } 3151 fp->sf_cwnd = MIN(fp->sf_cwnd, 3152 sctp->sctp_cwnd_max); 3153 } else { 3154 fp->sf_pba += fp->sf_acked; 3155 if (fp->sf_pba >= fp->sf_cwnd) { 3156 fp->sf_pba -= fp->sf_cwnd; 3157 fp->sf_cwnd += fp->sf_pmss; 3158 fp->sf_cwnd = MIN(fp->sf_cwnd, 3159 sctp->sctp_cwnd_max); 3160 } 3161 } 3162 } 3163 if (fp->sf_suna + sctps->sctps_maxburst * fp->sf_pmss < 3164 fp->sf_cwnd) { 3165 fp->sf_cwnd = fp->sf_suna + sctps->sctps_maxburst * 3166 fp->sf_pmss; 3167 } 3168 fp->sf_acked = 0; 3169 } 3170 fp = sctp->sctp_current; 3171 check_ss_rxmit: 3172 /* 3173 * If this is a SACK following a timeout, check if there are 3174 * still unacked chunks (sent before the timeout) that we can 3175 * send. 3176 */ 3177 if (sctp->sctp_rexmitting) { 3178 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_rxt_maxtsn)) { 3179 /* 3180 * As we are in retransmission phase, we may get a 3181 * SACK which indicates some new chunks are received 3182 * but cum_tsn does not advance. During this 3183 * phase, the other side advances cum_tsn only because 3184 * it receives our retransmitted chunks. Only 3185 * this signals that some chunks are still 3186 * missing. 3187 */ 3188 if (cumack_forward) { 3189 fp->sf_rxt_unacked -= acked; 3190 sctp_ss_rexmit(sctp); 3191 } 3192 } else { 3193 sctp->sctp_rexmitting = B_FALSE; 3194 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn; 3195 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn; 3196 fp->sf_rxt_unacked = 0; 3197 } 3198 } 3199 return (trysend); 3200 } 3201 3202 /* 3203 * Returns 0 if the caller should stop processing any more chunks, 3204 * 1 if the caller should skip this chunk and continue processing. 3205 */ 3206 static int 3207 sctp_strange_chunk(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp) 3208 { 3209 size_t len; 3210 3211 BUMP_LOCAL(sctp->sctp_ibchunks); 3212 /* check top two bits for action required */ 3213 if (ch->sch_id & 0x40) { /* also matches 0xc0 */ 3214 len = ntohs(ch->sch_len); 3215 sctp_add_err(sctp, SCTP_ERR_UNREC_CHUNK, ch, len, fp); 3216 3217 if ((ch->sch_id & 0xc0) == 0xc0) { 3218 /* skip and continue */ 3219 return (1); 3220 } else { 3221 /* stop processing */ 3222 return (0); 3223 } 3224 } 3225 if (ch->sch_id & 0x80) { 3226 /* skip and continue, no error */ 3227 return (1); 3228 } 3229 /* top two bits are clear; stop processing and no error */ 3230 return (0); 3231 } 3232 3233 /* 3234 * Basic sanity checks on all input chunks and parameters: they must 3235 * be of legitimate size for their purported type, and must follow 3236 * ordering conventions as defined in rfc2960. 3237 * 3238 * Returns 1 if the chunk and all encloded params are legitimate, 3239 * 0 otherwise. 3240 */ 3241 /*ARGSUSED*/ 3242 static int 3243 sctp_check_input(sctp_t *sctp, sctp_chunk_hdr_t *ch, ssize_t len, int first) 3244 { 3245 sctp_parm_hdr_t *ph; 3246 void *p = NULL; 3247 ssize_t clen; 3248 uint16_t ch_len; 3249 3250 ch_len = ntohs(ch->sch_len); 3251 if (ch_len > len) { 3252 return (0); 3253 } 3254 3255 switch (ch->sch_id) { 3256 case CHUNK_DATA: 3257 if (ch_len < sizeof (sctp_data_hdr_t)) { 3258 return (0); 3259 } 3260 return (1); 3261 case CHUNK_INIT: 3262 case CHUNK_INIT_ACK: 3263 { 3264 ssize_t remlen = len; 3265 3266 /* 3267 * INIT and INIT-ACK chunks must not be bundled with 3268 * any other. 3269 */ 3270 if (!first || sctp_next_chunk(ch, &remlen) != NULL || 3271 (ch_len < (sizeof (*ch) + 3272 sizeof (sctp_init_chunk_t)))) { 3273 return (0); 3274 } 3275 /* may have params that need checking */ 3276 p = (char *)(ch + 1) + sizeof (sctp_init_chunk_t); 3277 clen = ch_len - (sizeof (*ch) + 3278 sizeof (sctp_init_chunk_t)); 3279 } 3280 break; 3281 case CHUNK_SACK: 3282 if (ch_len < (sizeof (*ch) + sizeof (sctp_sack_chunk_t))) { 3283 return (0); 3284 } 3285 /* dup and gap reports checked by got_sack() */ 3286 return (1); 3287 case CHUNK_SHUTDOWN: 3288 if (ch_len < (sizeof (*ch) + sizeof (uint32_t))) { 3289 return (0); 3290 } 3291 return (1); 3292 case CHUNK_ABORT: 3293 case CHUNK_ERROR: 3294 if (ch_len < sizeof (*ch)) { 3295 return (0); 3296 } 3297 /* may have params that need checking */ 3298 p = ch + 1; 3299 clen = ch_len - sizeof (*ch); 3300 break; 3301 case CHUNK_ECNE: 3302 case CHUNK_CWR: 3303 case CHUNK_HEARTBEAT: 3304 case CHUNK_HEARTBEAT_ACK: 3305 /* Full ASCONF chunk and parameter checks are in asconf.c */ 3306 case CHUNK_ASCONF: 3307 case CHUNK_ASCONF_ACK: 3308 if (ch_len < sizeof (*ch)) { 3309 return (0); 3310 } 3311 /* heartbeat data checked by process_heartbeat() */ 3312 return (1); 3313 case CHUNK_SHUTDOWN_COMPLETE: 3314 { 3315 ssize_t remlen = len; 3316 3317 /* 3318 * SHUTDOWN-COMPLETE chunk must not be bundled with any 3319 * other 3320 */ 3321 if (!first || sctp_next_chunk(ch, &remlen) != NULL || 3322 ch_len < sizeof (*ch)) { 3323 return (0); 3324 } 3325 } 3326 return (1); 3327 case CHUNK_COOKIE: 3328 case CHUNK_COOKIE_ACK: 3329 case CHUNK_SHUTDOWN_ACK: 3330 if (ch_len < sizeof (*ch) || !first) { 3331 return (0); 3332 } 3333 return (1); 3334 case CHUNK_FORWARD_TSN: 3335 if (ch_len < (sizeof (*ch) + sizeof (uint32_t))) 3336 return (0); 3337 return (1); 3338 default: 3339 return (1); /* handled by strange_chunk() */ 3340 } 3341 3342 /* check and byteorder parameters */ 3343 if (clen <= 0) { 3344 return (1); 3345 } 3346 ASSERT(p != NULL); 3347 3348 ph = p; 3349 while (ph != NULL && clen > 0) { 3350 ch_len = ntohs(ph->sph_len); 3351 if (ch_len > len || ch_len < sizeof (*ph)) { 3352 return (0); 3353 } 3354 ph = sctp_next_parm(ph, &clen); 3355 } 3356 3357 /* All OK */ 3358 return (1); 3359 } 3360 3361 static mblk_t * 3362 sctp_check_in_policy(mblk_t *mp, ip_recv_attr_t *ira, ip_stack_t *ipst) 3363 { 3364 boolean_t policy_present; 3365 ipha_t *ipha; 3366 ip6_t *ip6h; 3367 netstack_t *ns = ipst->ips_netstack; 3368 ipsec_stack_t *ipss = ns->netstack_ipsec; 3369 3370 if (IPH_HDR_VERSION(mp->b_rptr) == IPV4_VERSION) { 3371 policy_present = ipss->ipsec_inbound_v4_policy_present; 3372 ipha = (ipha_t *)mp->b_rptr; 3373 ip6h = NULL; 3374 } else { 3375 policy_present = ipss->ipsec_inbound_v6_policy_present; 3376 ipha = NULL; 3377 ip6h = (ip6_t *)mp->b_rptr; 3378 } 3379 3380 if (policy_present) { 3381 /* 3382 * The conn_t parameter is NULL because we already know 3383 * nobody's home. 3384 */ 3385 mp = ipsec_check_global_policy(mp, (conn_t *)NULL, 3386 ipha, ip6h, ira, ns); 3387 if (mp == NULL) 3388 return (NULL); 3389 } 3390 return (mp); 3391 } 3392 3393 /* Handle out-of-the-blue packets */ 3394 void 3395 sctp_ootb_input(mblk_t *mp, ip_recv_attr_t *ira, ip_stack_t *ipst) 3396 { 3397 sctp_t *sctp; 3398 sctp_chunk_hdr_t *ch; 3399 sctp_hdr_t *sctph; 3400 in6_addr_t src, dst; 3401 uint_t ip_hdr_len = ira->ira_ip_hdr_length; 3402 ssize_t mlen; 3403 sctp_stack_t *sctps; 3404 boolean_t secure; 3405 zoneid_t zoneid = ira->ira_zoneid; 3406 uchar_t *rptr; 3407 3408 ASSERT(ira->ira_ill == NULL); 3409 3410 secure = ira->ira_flags & IRAF_IPSEC_SECURE; 3411 3412 sctps = ipst->ips_netstack->netstack_sctp; 3413 3414 SCTPS_BUMP_MIB(sctps, sctpOutOfBlue); 3415 SCTPS_BUMP_MIB(sctps, sctpInSCTPPkts); 3416 3417 if (mp->b_cont != NULL) { 3418 /* 3419 * All subsequent code is vastly simplified if it can 3420 * assume a single contiguous chunk of data. 3421 */ 3422 if (pullupmsg(mp, -1) == 0) { 3423 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards); 3424 ip_drop_input("ipIfStatsInDiscards", mp, NULL); 3425 freemsg(mp); 3426 return; 3427 } 3428 } 3429 3430 rptr = mp->b_rptr; 3431 sctph = ((sctp_hdr_t *)&rptr[ip_hdr_len]); 3432 if (ira->ira_flags & IRAF_IS_IPV4) { 3433 ipha_t *ipha; 3434 3435 ipha = (ipha_t *)rptr; 3436 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_src, &src); 3437 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_dst, &dst); 3438 } else { 3439 ip6_t *ip6h; 3440 3441 ip6h = (ip6_t *)rptr; 3442 src = ip6h->ip6_src; 3443 dst = ip6h->ip6_dst; 3444 } 3445 3446 mlen = mp->b_wptr - (uchar_t *)(sctph + 1); 3447 if ((ch = sctp_first_chunk((uchar_t *)(sctph + 1), mlen)) == NULL) { 3448 dprint(3, ("sctp_ootb_input: invalid packet\n")); 3449 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards); 3450 ip_drop_input("ipIfStatsInDiscards", mp, NULL); 3451 freemsg(mp); 3452 return; 3453 } 3454 3455 switch (ch->sch_id) { 3456 case CHUNK_INIT: 3457 /* no listener; send abort */ 3458 if (secure && sctp_check_in_policy(mp, ira, ipst) == NULL) 3459 return; 3460 sctp_ootb_send_abort(sctp_init2vtag(ch), 0, 3461 NULL, 0, mp, 0, B_TRUE, ira, ipst); 3462 break; 3463 case CHUNK_INIT_ACK: 3464 /* check for changed src addr */ 3465 sctp = sctp_addrlist2sctp(mp, sctph, ch, zoneid, sctps); 3466 if (sctp != NULL) { 3467 /* success; proceed to normal path */ 3468 mutex_enter(&sctp->sctp_lock); 3469 if (sctp->sctp_running) { 3470 sctp_add_recvq(sctp, mp, B_FALSE, ira); 3471 mutex_exit(&sctp->sctp_lock); 3472 } else { 3473 /* 3474 * If the source address is changed, we 3475 * don't need to worry too much about 3476 * out of order processing. So we don't 3477 * check if the recvq is empty or not here. 3478 */ 3479 sctp->sctp_running = B_TRUE; 3480 mutex_exit(&sctp->sctp_lock); 3481 sctp_input_data(sctp, mp, ira); 3482 WAKE_SCTP(sctp); 3483 } 3484 SCTP_REFRELE(sctp); 3485 return; 3486 } 3487 /* else bogus init ack; drop it */ 3488 break; 3489 case CHUNK_SHUTDOWN_ACK: 3490 if (secure && sctp_check_in_policy(mp, ira, ipst) == NULL) 3491 return; 3492 sctp_ootb_shutdown_ack(mp, ip_hdr_len, ira, ipst); 3493 return; 3494 case CHUNK_ERROR: 3495 case CHUNK_ABORT: 3496 case CHUNK_COOKIE_ACK: 3497 case CHUNK_SHUTDOWN_COMPLETE: 3498 break; 3499 default: 3500 if (secure && sctp_check_in_policy(mp, ira, ipst) == NULL) 3501 return; 3502 sctp_ootb_send_abort(sctph->sh_verf, 0, 3503 NULL, 0, mp, 0, B_TRUE, ira, ipst); 3504 break; 3505 } 3506 freemsg(mp); 3507 } 3508 3509 /* 3510 * Handle sctp packets. 3511 * Note that we rele the sctp_t (the caller got a reference on it). 3512 */ 3513 void 3514 sctp_input(conn_t *connp, ipha_t *ipha, ip6_t *ip6h, mblk_t *mp, 3515 ip_recv_attr_t *ira) 3516 { 3517 sctp_t *sctp = CONN2SCTP(connp); 3518 boolean_t secure; 3519 ill_t *ill = ira->ira_ill; 3520 ip_stack_t *ipst = ill->ill_ipst; 3521 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec; 3522 iaflags_t iraflags = ira->ira_flags; 3523 ill_t *rill = ira->ira_rill; 3524 3525 secure = iraflags & IRAF_IPSEC_SECURE; 3526 3527 /* 3528 * We check some fields in conn_t without holding a lock. 3529 * This should be fine. 3530 */ 3531 if (((iraflags & IRAF_IS_IPV4) ? 3532 CONN_INBOUND_POLICY_PRESENT(connp, ipss) : 3533 CONN_INBOUND_POLICY_PRESENT_V6(connp, ipss)) || 3534 secure) { 3535 mp = ipsec_check_inbound_policy(mp, connp, ipha, 3536 ip6h, ira); 3537 if (mp == NULL) { 3538 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 3539 /* Note that mp is NULL */ 3540 ip_drop_input("ipIfStatsInDiscards", mp, ill); 3541 SCTP_REFRELE(sctp); 3542 return; 3543 } 3544 } 3545 3546 ira->ira_ill = ira->ira_rill = NULL; 3547 3548 mutex_enter(&sctp->sctp_lock); 3549 if (sctp->sctp_running) { 3550 sctp_add_recvq(sctp, mp, B_FALSE, ira); 3551 mutex_exit(&sctp->sctp_lock); 3552 goto done; 3553 } else { 3554 sctp->sctp_running = B_TRUE; 3555 mutex_exit(&sctp->sctp_lock); 3556 3557 mutex_enter(&sctp->sctp_recvq_lock); 3558 if (sctp->sctp_recvq != NULL) { 3559 sctp_add_recvq(sctp, mp, B_TRUE, ira); 3560 mutex_exit(&sctp->sctp_recvq_lock); 3561 WAKE_SCTP(sctp); 3562 goto done; 3563 } 3564 } 3565 mutex_exit(&sctp->sctp_recvq_lock); 3566 if (ira->ira_flags & IRAF_ICMP_ERROR) 3567 sctp_icmp_error(sctp, mp); 3568 else 3569 sctp_input_data(sctp, mp, ira); 3570 WAKE_SCTP(sctp); 3571 3572 done: 3573 SCTP_REFRELE(sctp); 3574 ira->ira_ill = ill; 3575 ira->ira_rill = rill; 3576 } 3577 3578 static void 3579 sctp_process_abort(sctp_t *sctp, sctp_chunk_hdr_t *ch, int err) 3580 { 3581 sctp_stack_t *sctps = sctp->sctp_sctps; 3582 3583 SCTPS_BUMP_MIB(sctps, sctpAborted); 3584 BUMP_LOCAL(sctp->sctp_ibchunks); 3585 3586 /* 3587 * SCTP_COMM_LOST is only sent up if the association is 3588 * established (sctp_state >= SCTPS_ESTABLISHED). 3589 */ 3590 if (sctp->sctp_state >= SCTPS_ESTABLISHED) { 3591 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3592 ntohs(((sctp_parm_hdr_t *)(ch + 1))->sph_type), ch); 3593 } 3594 3595 sctp_clean_death(sctp, err); 3596 } 3597 3598 void 3599 sctp_input_data(sctp_t *sctp, mblk_t *mp, ip_recv_attr_t *ira) 3600 { 3601 sctp_chunk_hdr_t *ch; 3602 ssize_t mlen; 3603 int gotdata; 3604 int trysend; 3605 sctp_faddr_t *fp; 3606 sctp_init_chunk_t *iack; 3607 uint32_t tsn; 3608 sctp_data_hdr_t *sdc; 3609 ip_pkt_t ipp; 3610 in6_addr_t src; 3611 in6_addr_t dst; 3612 uint_t ifindex; 3613 sctp_hdr_t *sctph; 3614 uint_t ip_hdr_len = ira->ira_ip_hdr_length; 3615 mblk_t *dups = NULL; 3616 int recv_adaptation; 3617 boolean_t wake_eager = B_FALSE; 3618 in6_addr_t peer_src; 3619 int64_t now; 3620 sctp_stack_t *sctps = sctp->sctp_sctps; 3621 ip_stack_t *ipst = sctps->sctps_netstack->netstack_ip; 3622 boolean_t hb_already = B_FALSE; 3623 cred_t *cr; 3624 pid_t cpid; 3625 uchar_t *rptr; 3626 conn_t *connp = sctp->sctp_connp; 3627 boolean_t shutdown_ack_needed = B_FALSE; 3628 3629 ASSERT(DB_TYPE(mp) == M_DATA); 3630 ASSERT(ira->ira_ill == NULL); 3631 3632 if (mp->b_cont != NULL) { 3633 /* 3634 * All subsequent code is vastly simplified if it can 3635 * assume a single contiguous chunk of data. 3636 */ 3637 if (pullupmsg(mp, -1) == 0) { 3638 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards); 3639 ip_drop_input("ipIfStatsInDiscards", mp, NULL); 3640 freemsg(mp); 3641 return; 3642 } 3643 } 3644 3645 BUMP_LOCAL(sctp->sctp_ipkts); 3646 ifindex = ira->ira_ruifindex; 3647 3648 rptr = mp->b_rptr; 3649 3650 ipp.ipp_fields = 0; 3651 if (connp->conn_recv_ancillary.crb_all != 0) { 3652 /* 3653 * Record packet information in the ip_pkt_t 3654 */ 3655 if (ira->ira_flags & IRAF_IS_IPV4) { 3656 (void) ip_find_hdr_v4((ipha_t *)rptr, &ipp, 3657 B_FALSE); 3658 } else { 3659 uint8_t nexthdrp; 3660 3661 /* 3662 * IPv6 packets can only be received by applications 3663 * that are prepared to receive IPv6 addresses. 3664 * The IP fanout must ensure this. 3665 */ 3666 ASSERT(connp->conn_family == AF_INET6); 3667 3668 (void) ip_find_hdr_v6(mp, (ip6_t *)rptr, B_TRUE, &ipp, 3669 &nexthdrp); 3670 ASSERT(nexthdrp == IPPROTO_SCTP); 3671 3672 /* Could have caused a pullup? */ 3673 rptr = mp->b_rptr; 3674 } 3675 } 3676 3677 sctph = ((sctp_hdr_t *)&rptr[ip_hdr_len]); 3678 3679 if (ira->ira_flags & IRAF_IS_IPV4) { 3680 ipha_t *ipha; 3681 3682 ipha = (ipha_t *)rptr; 3683 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_src, &src); 3684 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_dst, &dst); 3685 } else { 3686 ip6_t *ip6h; 3687 3688 ip6h = (ip6_t *)rptr; 3689 src = ip6h->ip6_src; 3690 dst = ip6h->ip6_dst; 3691 } 3692 3693 mlen = mp->b_wptr - (uchar_t *)(sctph + 1); 3694 ch = sctp_first_chunk((uchar_t *)(sctph + 1), mlen); 3695 if (ch == NULL) { 3696 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards); 3697 ip_drop_input("ipIfStatsInDiscards", mp, NULL); 3698 freemsg(mp); 3699 return; 3700 } 3701 3702 if (!sctp_check_input(sctp, ch, mlen, 1)) { 3703 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards); 3704 ip_drop_input("ipIfStatsInDiscards", mp, NULL); 3705 goto done; 3706 } 3707 /* 3708 * Check verfication tag (special handling for INIT, 3709 * COOKIE, SHUTDOWN_COMPLETE and SHUTDOWN_ACK chunks). 3710 * ABORTs are handled in the chunk processing loop, since 3711 * may not appear first. All other checked chunks must 3712 * appear first, or will have been dropped by check_input(). 3713 */ 3714 switch (ch->sch_id) { 3715 case CHUNK_INIT: 3716 if (sctph->sh_verf != 0) { 3717 /* drop it */ 3718 goto done; 3719 } 3720 break; 3721 case CHUNK_SHUTDOWN_COMPLETE: 3722 if (sctph->sh_verf == sctp->sctp_lvtag) 3723 break; 3724 if (sctph->sh_verf == sctp->sctp_fvtag && 3725 SCTP_GET_TBIT(ch)) { 3726 break; 3727 } 3728 /* else drop it */ 3729 goto done; 3730 case CHUNK_ABORT: 3731 case CHUNK_COOKIE: 3732 /* handled below */ 3733 break; 3734 case CHUNK_SHUTDOWN_ACK: 3735 if (sctp->sctp_state > SCTPS_BOUND && 3736 sctp->sctp_state < SCTPS_ESTABLISHED) { 3737 /* treat as OOTB */ 3738 sctp_ootb_shutdown_ack(mp, ip_hdr_len, ira, ipst); 3739 return; 3740 } 3741 /* else fallthru */ 3742 default: 3743 /* 3744 * All other packets must have a valid 3745 * verification tag, however if this is a 3746 * listener, we use a refined version of 3747 * out-of-the-blue logic. 3748 */ 3749 if (sctph->sh_verf != sctp->sctp_lvtag && 3750 sctp->sctp_state != SCTPS_LISTEN) { 3751 /* drop it */ 3752 goto done; 3753 } 3754 break; 3755 } 3756 3757 /* Have a valid sctp for this packet */ 3758 fp = sctp_lookup_faddr(sctp, &src); 3759 dprint(2, ("sctp_dispatch_rput: mp=%p fp=%p sctp=%p\n", (void *)mp, 3760 (void *)fp, (void *)sctp)); 3761 3762 gotdata = 0; 3763 trysend = 0; 3764 3765 now = LBOLT_FASTPATH64; 3766 /* Process the chunks */ 3767 do { 3768 dprint(3, ("sctp_dispatch_rput: state=%d, chunk id=%d\n", 3769 sctp->sctp_state, (int)(ch->sch_id))); 3770 3771 if (ch->sch_id == CHUNK_ABORT) { 3772 if (sctph->sh_verf != sctp->sctp_lvtag && 3773 sctph->sh_verf != sctp->sctp_fvtag) { 3774 /* drop it */ 3775 goto done; 3776 } 3777 } 3778 3779 switch (sctp->sctp_state) { 3780 3781 case SCTPS_ESTABLISHED: 3782 case SCTPS_SHUTDOWN_PENDING: 3783 case SCTPS_SHUTDOWN_SENT: 3784 switch (ch->sch_id) { 3785 case CHUNK_DATA: 3786 /* 0-length data chunks are not allowed */ 3787 if (ntohs(ch->sch_len) == sizeof (*sdc)) { 3788 sdc = (sctp_data_hdr_t *)ch; 3789 tsn = sdc->sdh_tsn; 3790 sctp_send_abort(sctp, sctp->sctp_fvtag, 3791 SCTP_ERR_NO_USR_DATA, (char *)&tsn, 3792 sizeof (tsn), mp, 0, B_FALSE, ira); 3793 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3794 0, NULL); 3795 sctp_clean_death(sctp, ECONNABORTED); 3796 goto done; 3797 } 3798 3799 ASSERT(fp != NULL); 3800 sctp->sctp_lastdata = fp; 3801 sctp_data_chunk(sctp, ch, mp, &dups, fp, 3802 &ipp, ira); 3803 gotdata = 1; 3804 /* Restart shutdown timer if shutting down */ 3805 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 3806 /* 3807 * If we have exceeded our max 3808 * wait bound for waiting for a 3809 * shutdown ack from the peer, 3810 * abort the association. 3811 */ 3812 if (sctps->sctps_shutack_wait_bound != 3813 0 && 3814 TICK_TO_MSEC(now - 3815 sctp->sctp_out_time) > 3816 sctps->sctps_shutack_wait_bound) { 3817 sctp_send_abort(sctp, 3818 sctp->sctp_fvtag, 0, NULL, 3819 0, mp, 0, B_FALSE, ira); 3820 sctp_assoc_event(sctp, 3821 SCTP_COMM_LOST, 0, NULL); 3822 sctp_clean_death(sctp, 3823 ECONNABORTED); 3824 goto done; 3825 } 3826 SCTP_FADDR_TIMER_RESTART(sctp, fp, 3827 fp->sf_rto); 3828 } 3829 break; 3830 case CHUNK_SACK: 3831 ASSERT(fp != NULL); 3832 /* 3833 * Peer is real and alive if it can ack our 3834 * data. 3835 */ 3836 sctp_faddr_alive(sctp, fp); 3837 trysend = sctp_got_sack(sctp, ch); 3838 if (trysend < 0) { 3839 sctp_send_abort(sctp, sctph->sh_verf, 3840 0, NULL, 0, mp, 0, B_FALSE, ira); 3841 sctp_assoc_event(sctp, 3842 SCTP_COMM_LOST, 0, NULL); 3843 sctp_clean_death(sctp, 3844 ECONNABORTED); 3845 goto done; 3846 } 3847 break; 3848 case CHUNK_HEARTBEAT: 3849 if (!hb_already) { 3850 /* 3851 * In any one packet, there should 3852 * only be one heartbeat chunk. So 3853 * we should not process more than 3854 * once. 3855 */ 3856 sctp_return_heartbeat(sctp, ch, mp); 3857 hb_already = B_TRUE; 3858 } 3859 break; 3860 case CHUNK_HEARTBEAT_ACK: 3861 sctp_process_heartbeat(sctp, ch); 3862 break; 3863 case CHUNK_SHUTDOWN: 3864 sctp_shutdown_event(sctp); 3865 trysend = sctp_shutdown_received(sctp, ch, 3866 B_FALSE, B_FALSE, fp); 3867 BUMP_LOCAL(sctp->sctp_ibchunks); 3868 break; 3869 case CHUNK_SHUTDOWN_ACK: 3870 BUMP_LOCAL(sctp->sctp_ibchunks); 3871 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 3872 sctp_shutdown_complete(sctp); 3873 SCTPS_BUMP_MIB(sctps, sctpShutdowns); 3874 sctp_assoc_event(sctp, 3875 SCTP_SHUTDOWN_COMP, 0, NULL); 3876 sctp_clean_death(sctp, 0); 3877 goto done; 3878 } 3879 break; 3880 case CHUNK_ABORT: { 3881 sctp_saddr_ipif_t *sp; 3882 3883 /* Ignore if delete pending */ 3884 sp = sctp_saddr_lookup(sctp, &dst, 0); 3885 ASSERT(sp != NULL); 3886 if (sp->saddr_ipif_delete_pending) { 3887 BUMP_LOCAL(sctp->sctp_ibchunks); 3888 break; 3889 } 3890 3891 sctp_process_abort(sctp, ch, ECONNRESET); 3892 goto done; 3893 } 3894 case CHUNK_INIT: 3895 sctp_send_initack(sctp, sctph, ch, mp, ira); 3896 break; 3897 case CHUNK_COOKIE: 3898 if (sctp_process_cookie(sctp, ch, mp, &iack, 3899 sctph, &recv_adaptation, NULL, ira) != -1) { 3900 sctp_send_cookie_ack(sctp); 3901 sctp_assoc_event(sctp, SCTP_RESTART, 3902 0, NULL); 3903 if (recv_adaptation) { 3904 sctp->sctp_recv_adaptation = 1; 3905 sctp_adaptation_event(sctp); 3906 } 3907 } else { 3908 SCTPS_BUMP_MIB(sctps, 3909 sctpInInvalidCookie); 3910 } 3911 break; 3912 case CHUNK_ERROR: { 3913 int error; 3914 3915 BUMP_LOCAL(sctp->sctp_ibchunks); 3916 error = sctp_handle_error(sctp, sctph, ch, mp, 3917 ira); 3918 if (error != 0) { 3919 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3920 0, NULL); 3921 sctp_clean_death(sctp, error); 3922 goto done; 3923 } 3924 break; 3925 } 3926 case CHUNK_ASCONF: 3927 ASSERT(fp != NULL); 3928 sctp_input_asconf(sctp, ch, fp); 3929 BUMP_LOCAL(sctp->sctp_ibchunks); 3930 break; 3931 case CHUNK_ASCONF_ACK: 3932 ASSERT(fp != NULL); 3933 sctp_faddr_alive(sctp, fp); 3934 sctp_input_asconf_ack(sctp, ch, fp); 3935 BUMP_LOCAL(sctp->sctp_ibchunks); 3936 break; 3937 case CHUNK_FORWARD_TSN: 3938 ASSERT(fp != NULL); 3939 sctp->sctp_lastdata = fp; 3940 sctp_process_forward_tsn(sctp, ch, fp, 3941 &ipp, ira); 3942 gotdata = 1; 3943 BUMP_LOCAL(sctp->sctp_ibchunks); 3944 break; 3945 default: 3946 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 3947 goto nomorechunks; 3948 } /* else skip and continue processing */ 3949 break; 3950 } 3951 break; 3952 3953 case SCTPS_LISTEN: 3954 switch (ch->sch_id) { 3955 case CHUNK_INIT: 3956 sctp_send_initack(sctp, sctph, ch, mp, ira); 3957 break; 3958 case CHUNK_COOKIE: { 3959 sctp_t *eager; 3960 3961 if (sctp_process_cookie(sctp, ch, mp, &iack, 3962 sctph, &recv_adaptation, &peer_src, 3963 ira) == -1) { 3964 SCTPS_BUMP_MIB(sctps, 3965 sctpInInvalidCookie); 3966 goto done; 3967 } 3968 3969 /* 3970 * The cookie is good; ensure that 3971 * the peer used the verification 3972 * tag from the init ack in the header. 3973 */ 3974 if (iack->sic_inittag != sctph->sh_verf) 3975 goto done; 3976 3977 eager = sctp_conn_request(sctp, mp, ifindex, 3978 ip_hdr_len, iack, ira); 3979 if (eager == NULL) { 3980 sctp_send_abort(sctp, sctph->sh_verf, 3981 SCTP_ERR_NO_RESOURCES, NULL, 0, mp, 3982 0, B_FALSE, ira); 3983 goto done; 3984 } 3985 3986 /* 3987 * If there were extra chunks 3988 * bundled with the cookie, 3989 * they must be processed 3990 * on the eager's queue. We 3991 * accomplish this by refeeding 3992 * the whole packet into the 3993 * state machine on the right 3994 * q. The packet (mp) gets 3995 * there via the eager's 3996 * cookie_mp field (overloaded 3997 * with the active open role). 3998 * This is picked up when 3999 * processing the null bind 4000 * request put on the eager's 4001 * q by sctp_accept(). We must 4002 * first revert the cookie 4003 * chunk's length field to network 4004 * byteorder so it can be 4005 * properly reprocessed on the 4006 * eager's queue. 4007 */ 4008 SCTPS_BUMP_MIB(sctps, sctpPassiveEstab); 4009 if (mlen > ntohs(ch->sch_len)) { 4010 eager->sctp_cookie_mp = dupb(mp); 4011 /* 4012 * If no mem, just let 4013 * the peer retransmit. 4014 */ 4015 } 4016 sctp_assoc_event(eager, SCTP_COMM_UP, 0, NULL); 4017 if (recv_adaptation) { 4018 eager->sctp_recv_adaptation = 1; 4019 eager->sctp_rx_adaptation_code = 4020 sctp->sctp_rx_adaptation_code; 4021 sctp_adaptation_event(eager); 4022 } 4023 4024 eager->sctp_active = now; 4025 sctp_send_cookie_ack(eager); 4026 4027 wake_eager = B_TRUE; 4028 4029 /* 4030 * Process rest of the chunks with eager. 4031 */ 4032 sctp = eager; 4033 fp = sctp_lookup_faddr(sctp, &peer_src); 4034 /* 4035 * Confirm peer's original source. fp can 4036 * only be NULL if peer does not use the 4037 * original source as one of its addresses... 4038 */ 4039 if (fp == NULL) 4040 fp = sctp_lookup_faddr(sctp, &src); 4041 else 4042 sctp_faddr_alive(sctp, fp); 4043 4044 /* 4045 * Validate the peer addresses. It also starts 4046 * the heartbeat timer. 4047 */ 4048 sctp_validate_peer(sctp); 4049 break; 4050 } 4051 /* Anything else is considered out-of-the-blue */ 4052 case CHUNK_ERROR: 4053 case CHUNK_ABORT: 4054 case CHUNK_COOKIE_ACK: 4055 case CHUNK_SHUTDOWN_COMPLETE: 4056 BUMP_LOCAL(sctp->sctp_ibchunks); 4057 goto done; 4058 default: 4059 BUMP_LOCAL(sctp->sctp_ibchunks); 4060 sctp_send_abort(sctp, sctph->sh_verf, 0, NULL, 4061 0, mp, 0, B_TRUE, ira); 4062 goto done; 4063 } 4064 break; 4065 4066 case SCTPS_COOKIE_WAIT: 4067 switch (ch->sch_id) { 4068 case CHUNK_INIT_ACK: 4069 sctp_stop_faddr_timers(sctp); 4070 sctp_faddr_alive(sctp, sctp->sctp_current); 4071 sctp_send_cookie_echo(sctp, ch, mp, ira); 4072 BUMP_LOCAL(sctp->sctp_ibchunks); 4073 break; 4074 case CHUNK_ABORT: 4075 sctp_process_abort(sctp, ch, ECONNREFUSED); 4076 goto done; 4077 case CHUNK_INIT: 4078 sctp_send_initack(sctp, sctph, ch, mp, ira); 4079 break; 4080 case CHUNK_COOKIE: 4081 cr = ira->ira_cred; 4082 cpid = ira->ira_cpid; 4083 4084 if (sctp_process_cookie(sctp, ch, mp, &iack, 4085 sctph, &recv_adaptation, NULL, ira) == -1) { 4086 SCTPS_BUMP_MIB(sctps, 4087 sctpInInvalidCookie); 4088 break; 4089 } 4090 sctp_send_cookie_ack(sctp); 4091 sctp_stop_faddr_timers(sctp); 4092 if (!SCTP_IS_DETACHED(sctp)) { 4093 sctp->sctp_ulp_connected( 4094 sctp->sctp_ulpd, 0, cr, cpid); 4095 sctp_set_ulp_prop(sctp); 4096 4097 } 4098 SCTP_ASSOC_EST(sctps, sctp); 4099 SCTPS_BUMP_MIB(sctps, sctpActiveEstab); 4100 if (sctp->sctp_cookie_mp) { 4101 freemsg(sctp->sctp_cookie_mp); 4102 sctp->sctp_cookie_mp = NULL; 4103 } 4104 4105 /* Validate the peer addresses. */ 4106 sctp->sctp_active = now; 4107 sctp_validate_peer(sctp); 4108 4109 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 4110 if (recv_adaptation) { 4111 sctp->sctp_recv_adaptation = 1; 4112 sctp_adaptation_event(sctp); 4113 } 4114 /* Try sending queued data, or ASCONFs */ 4115 trysend = 1; 4116 break; 4117 default: 4118 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4119 goto nomorechunks; 4120 } /* else skip and continue processing */ 4121 break; 4122 } 4123 break; 4124 4125 case SCTPS_COOKIE_ECHOED: 4126 switch (ch->sch_id) { 4127 case CHUNK_COOKIE_ACK: 4128 cr = ira->ira_cred; 4129 cpid = ira->ira_cpid; 4130 4131 if (!SCTP_IS_DETACHED(sctp)) { 4132 sctp->sctp_ulp_connected( 4133 sctp->sctp_ulpd, 0, cr, cpid); 4134 sctp_set_ulp_prop(sctp); 4135 } 4136 if (sctp->sctp_unacked == 0) 4137 sctp_stop_faddr_timers(sctp); 4138 SCTP_ASSOC_EST(sctps, sctp); 4139 SCTPS_BUMP_MIB(sctps, sctpActiveEstab); 4140 BUMP_LOCAL(sctp->sctp_ibchunks); 4141 if (sctp->sctp_cookie_mp) { 4142 freemsg(sctp->sctp_cookie_mp); 4143 sctp->sctp_cookie_mp = NULL; 4144 } 4145 sctp_faddr_alive(sctp, fp); 4146 /* Validate the peer addresses. */ 4147 sctp->sctp_active = now; 4148 sctp_validate_peer(sctp); 4149 4150 /* Try sending queued data, or ASCONFs */ 4151 trysend = 1; 4152 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 4153 sctp_adaptation_event(sctp); 4154 break; 4155 case CHUNK_ABORT: 4156 sctp_process_abort(sctp, ch, ECONNREFUSED); 4157 goto done; 4158 case CHUNK_COOKIE: 4159 cr = ira->ira_cred; 4160 cpid = ira->ira_cpid; 4161 4162 if (sctp_process_cookie(sctp, ch, mp, &iack, 4163 sctph, &recv_adaptation, NULL, ira) == -1) { 4164 SCTPS_BUMP_MIB(sctps, 4165 sctpInInvalidCookie); 4166 break; 4167 } 4168 sctp_send_cookie_ack(sctp); 4169 4170 if (!SCTP_IS_DETACHED(sctp)) { 4171 sctp->sctp_ulp_connected( 4172 sctp->sctp_ulpd, 0, cr, cpid); 4173 sctp_set_ulp_prop(sctp); 4174 4175 } 4176 if (sctp->sctp_unacked == 0) 4177 sctp_stop_faddr_timers(sctp); 4178 SCTP_ASSOC_EST(sctps, sctp); 4179 SCTPS_BUMP_MIB(sctps, sctpActiveEstab); 4180 if (sctp->sctp_cookie_mp) { 4181 freemsg(sctp->sctp_cookie_mp); 4182 sctp->sctp_cookie_mp = NULL; 4183 } 4184 /* Validate the peer addresses. */ 4185 sctp->sctp_active = now; 4186 sctp_validate_peer(sctp); 4187 4188 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 4189 if (recv_adaptation) { 4190 sctp->sctp_recv_adaptation = 1; 4191 sctp_adaptation_event(sctp); 4192 } 4193 /* Try sending queued data, or ASCONFs */ 4194 trysend = 1; 4195 break; 4196 case CHUNK_INIT: 4197 sctp_send_initack(sctp, sctph, ch, mp, ira); 4198 break; 4199 case CHUNK_ERROR: { 4200 sctp_parm_hdr_t *p; 4201 4202 BUMP_LOCAL(sctp->sctp_ibchunks); 4203 /* check for a stale cookie */ 4204 if (ntohs(ch->sch_len) >= 4205 (sizeof (*p) + sizeof (*ch)) + 4206 sizeof (uint32_t)) { 4207 4208 p = (sctp_parm_hdr_t *)(ch + 1); 4209 if (p->sph_type == 4210 htons(SCTP_ERR_STALE_COOKIE)) { 4211 SCTPS_BUMP_MIB(sctps, 4212 sctpAborted); 4213 sctp_error_event(sctp, 4214 ch, B_FALSE); 4215 sctp_assoc_event(sctp, 4216 SCTP_COMM_LOST, 0, NULL); 4217 sctp_clean_death(sctp, 4218 ECONNREFUSED); 4219 goto done; 4220 } 4221 } 4222 break; 4223 } 4224 case CHUNK_HEARTBEAT: 4225 if (!hb_already) { 4226 sctp_return_heartbeat(sctp, ch, mp); 4227 hb_already = B_TRUE; 4228 } 4229 break; 4230 default: 4231 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4232 goto nomorechunks; 4233 } /* else skip and continue processing */ 4234 } /* switch (ch->sch_id) */ 4235 break; 4236 4237 case SCTPS_SHUTDOWN_ACK_SENT: 4238 switch (ch->sch_id) { 4239 case CHUNK_ABORT: 4240 /* Pass gathered wisdom to IP for keeping */ 4241 sctp_update_dce(sctp); 4242 sctp_process_abort(sctp, ch, 0); 4243 goto done; 4244 case CHUNK_SHUTDOWN_COMPLETE: 4245 BUMP_LOCAL(sctp->sctp_ibchunks); 4246 SCTPS_BUMP_MIB(sctps, sctpShutdowns); 4247 sctp_assoc_event(sctp, SCTP_SHUTDOWN_COMP, 0, 4248 NULL); 4249 4250 /* Pass gathered wisdom to IP for keeping */ 4251 sctp_update_dce(sctp); 4252 sctp_clean_death(sctp, 0); 4253 goto done; 4254 case CHUNK_SHUTDOWN_ACK: 4255 sctp_shutdown_complete(sctp); 4256 BUMP_LOCAL(sctp->sctp_ibchunks); 4257 SCTPS_BUMP_MIB(sctps, sctpShutdowns); 4258 sctp_assoc_event(sctp, SCTP_SHUTDOWN_COMP, 0, 4259 NULL); 4260 sctp_clean_death(sctp, 0); 4261 goto done; 4262 case CHUNK_COOKIE: 4263 (void) sctp_shutdown_received(sctp, NULL, 4264 B_TRUE, B_FALSE, fp); 4265 BUMP_LOCAL(sctp->sctp_ibchunks); 4266 break; 4267 case CHUNK_HEARTBEAT: 4268 if (!hb_already) { 4269 sctp_return_heartbeat(sctp, ch, mp); 4270 hb_already = B_TRUE; 4271 } 4272 break; 4273 default: 4274 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4275 goto nomorechunks; 4276 } /* else skip and continue processing */ 4277 break; 4278 } 4279 break; 4280 4281 case SCTPS_SHUTDOWN_RECEIVED: 4282 switch (ch->sch_id) { 4283 case CHUNK_SHUTDOWN: 4284 trysend = sctp_shutdown_received(sctp, ch, 4285 B_FALSE, B_FALSE, fp); 4286 /* 4287 * shutdown_ack_needed may have been set as 4288 * mentioned in the case CHUNK_SACK below. 4289 * If sctp_shutdown_received() above found 4290 * the xmit queue empty the SHUTDOWN ACK chunk 4291 * has already been sent (or scheduled to be 4292 * sent on the timer) and the SCTP state 4293 * changed, so reset shutdown_ack_needed. 4294 */ 4295 if (shutdown_ack_needed && (sctp->sctp_state == 4296 SCTPS_SHUTDOWN_ACK_SENT)) 4297 shutdown_ack_needed = B_FALSE; 4298 break; 4299 case CHUNK_SACK: 4300 trysend = sctp_got_sack(sctp, ch); 4301 if (trysend < 0) { 4302 sctp_send_abort(sctp, sctph->sh_verf, 4303 0, NULL, 0, mp, 0, B_FALSE, ira); 4304 sctp_assoc_event(sctp, 4305 SCTP_COMM_LOST, 0, NULL); 4306 sctp_clean_death(sctp, 4307 ECONNABORTED); 4308 goto done; 4309 } 4310 4311 /* 4312 * All data acknowledgement after a shutdown 4313 * should be done with SHUTDOWN chunk. 4314 * However some peer SCTP do not conform with 4315 * this and can unexpectedly send a SACK chunk. 4316 * If all data are acknowledged, set 4317 * shutdown_ack_needed here indicating that 4318 * SHUTDOWN ACK needs to be sent later by 4319 * sctp_send_shutdown_ack(). 4320 */ 4321 if ((sctp->sctp_xmit_head == NULL) && 4322 (sctp->sctp_xmit_unsent == NULL)) 4323 shutdown_ack_needed = B_TRUE; 4324 break; 4325 case CHUNK_ABORT: 4326 sctp_process_abort(sctp, ch, ECONNRESET); 4327 goto done; 4328 case CHUNK_HEARTBEAT: 4329 if (!hb_already) { 4330 sctp_return_heartbeat(sctp, ch, mp); 4331 hb_already = B_TRUE; 4332 } 4333 break; 4334 default: 4335 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4336 goto nomorechunks; 4337 } /* else skip and continue processing */ 4338 break; 4339 } 4340 break; 4341 4342 default: 4343 /* 4344 * The only remaining states are SCTPS_IDLE and 4345 * SCTPS_BOUND, and we should not be getting here 4346 * for these. 4347 */ 4348 ASSERT(0); 4349 } /* switch (sctp->sctp_state) */ 4350 4351 ch = sctp_next_chunk(ch, &mlen); 4352 if (ch != NULL && !sctp_check_input(sctp, ch, mlen, 0)) 4353 goto done; 4354 } while (ch != NULL); 4355 4356 /* Finished processing all chunks in packet */ 4357 4358 nomorechunks: 4359 4360 if (shutdown_ack_needed) 4361 sctp_send_shutdown_ack(sctp, fp, B_FALSE); 4362 4363 /* SACK if necessary */ 4364 if (gotdata) { 4365 boolean_t sack_sent; 4366 4367 (sctp->sctp_sack_toggle)++; 4368 sack_sent = sctp_sack(sctp, dups); 4369 dups = NULL; 4370 4371 /* If a SACK is sent, no need to restart the timer. */ 4372 if (!sack_sent && !sctp->sctp_ack_timer_running) { 4373 sctp->sctp_ack_timer_running = B_TRUE; 4374 sctp_timer(sctp, sctp->sctp_ack_mp, 4375 MSEC_TO_TICK(sctps->sctps_deferred_ack_interval)); 4376 } 4377 } 4378 4379 if (trysend) { 4380 sctp_output(sctp, UINT_MAX); 4381 if (sctp->sctp_cxmit_list != NULL) 4382 sctp_wput_asconf(sctp, NULL); 4383 } 4384 /* 4385 * If there is unsent data, make sure a timer is running, check 4386 * timer_mp, if sctp_closei_local() ran the timers may be free. 4387 */ 4388 if (sctp->sctp_unsent > 0 && !sctp->sctp_current->sf_timer_running && 4389 sctp->sctp_current->sf_timer_mp != NULL) { 4390 SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current, 4391 sctp->sctp_current->sf_rto); 4392 } 4393 4394 done: 4395 if (dups != NULL) 4396 freeb(dups); 4397 freemsg(mp); 4398 4399 if (sctp->sctp_err_chunks != NULL) 4400 sctp_process_err(sctp); 4401 4402 if (wake_eager) { 4403 /* 4404 * sctp points to newly created control block, need to 4405 * release it before exiting. 4406 */ 4407 WAKE_SCTP(sctp); 4408 } 4409 } 4410 4411 /* 4412 * Some amount of data got removed from ULP's receive queue and we can 4413 * push messages up if we are flow controlled before. Reset the receive 4414 * window to full capacity (conn_rcvbuf) and check if we should send a 4415 * window update. 4416 */ 4417 void 4418 sctp_recvd(sctp_t *sctp, int len) 4419 { 4420 sctp_stack_t *sctps = sctp->sctp_sctps; 4421 conn_t *connp = sctp->sctp_connp; 4422 boolean_t send_sack = B_FALSE; 4423 4424 ASSERT(sctp != NULL); 4425 RUN_SCTP(sctp); 4426 4427 sctp->sctp_flowctrld = B_FALSE; 4428 /* This is the amount of data queued in ULP. */ 4429 sctp->sctp_ulp_rxqueued = connp->conn_rcvbuf - len; 4430 4431 if (connp->conn_rcvbuf - sctp->sctp_arwnd >= sctp->sctp_mss) 4432 send_sack = B_TRUE; 4433 sctp->sctp_rwnd = connp->conn_rcvbuf; 4434 4435 if (sctp->sctp_state >= SCTPS_ESTABLISHED && send_sack) { 4436 sctp->sctp_force_sack = 1; 4437 SCTPS_BUMP_MIB(sctps, sctpOutWinUpdate); 4438 (void) sctp_sack(sctp, NULL); 4439 } 4440 WAKE_SCTP(sctp); 4441 } 4442