1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #include <sys/types.h> 28 #include <sys/systm.h> 29 #include <sys/stream.h> 30 #include <sys/cmn_err.h> 31 #include <sys/kmem.h> 32 #define _SUN_TPI_VERSION 2 33 #include <sys/tihdr.h> 34 #include <sys/socket.h> 35 #include <sys/strsun.h> 36 #include <sys/strsubr.h> 37 38 #include <netinet/in.h> 39 #include <netinet/ip6.h> 40 #include <netinet/tcp_seq.h> 41 #include <netinet/sctp.h> 42 43 #include <inet/common.h> 44 #include <inet/ip.h> 45 #include <inet/ip6.h> 46 #include <inet/mib2.h> 47 #include <inet/ipclassifier.h> 48 #include <inet/ipp_common.h> 49 #include <inet/ipsec_impl.h> 50 #include <inet/sctp_ip.h> 51 52 #include "sctp_impl.h" 53 #include "sctp_asconf.h" 54 #include "sctp_addr.h" 55 56 static struct kmem_cache *sctp_kmem_set_cache; 57 58 /* 59 * PR-SCTP comments. 60 * 61 * When we get a valid Forward TSN chunk, we check the fragment list for this 62 * SSN and preceeding SSNs free all them. Further, if this Forward TSN causes 63 * the next expected SSN to be present in the stream queue, we deliver any 64 * such stranded messages upstream. We also update the SACK info. appropriately. 65 * When checking for advancing the cumulative ack (in sctp_cumack()) we must 66 * check for abandoned chunks and messages. While traversing the tramsmit 67 * list if we come across an abandoned chunk, we can skip the message (i.e. 68 * take it out of the (re)transmit list) since this message, and hence this 69 * chunk, has been marked abandoned by sctp_rexmit(). If we come across an 70 * unsent chunk for a message this now abandoned we need to check if a 71 * Forward TSN needs to be sent, this could be a case where we deferred sending 72 * a Forward TSN in sctp_get_msg_to_send(). Further, after processing a 73 * SACK we check if the Advanced peer ack point can be moved ahead, i.e. 74 * if we can send a Forward TSN via sctp_check_abandoned_data(). 75 */ 76 void 77 sctp_free_set(sctp_set_t *s) 78 { 79 sctp_set_t *p; 80 81 while (s) { 82 p = s->next; 83 kmem_cache_free(sctp_kmem_set_cache, s); 84 s = p; 85 } 86 } 87 88 static void 89 sctp_ack_add(sctp_set_t **head, uint32_t tsn, int *num) 90 { 91 sctp_set_t *p, *t; 92 93 if (head == NULL || num == NULL) 94 return; 95 96 ASSERT(*num >= 0); 97 ASSERT((*num == 0 && *head == NULL) || (*num > 0 && *head != NULL)); 98 99 if (*head == NULL) { 100 *head = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 101 if (*head == NULL) 102 return; 103 (*head)->prev = (*head)->next = NULL; 104 (*head)->begin = tsn; 105 (*head)->end = tsn; 106 *num = 1; 107 return; 108 } 109 110 ASSERT((*head)->prev == NULL); 111 112 /* 113 * Handle this special case here so we don't have to check 114 * for it each time in the loop. 115 */ 116 if (SEQ_LT(tsn + 1, (*head)->begin)) { 117 /* add a new set, and move the head pointer */ 118 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 119 if (t == NULL) 120 return; 121 t->next = *head; 122 t->prev = NULL; 123 (*head)->prev = t; 124 t->begin = tsn; 125 t->end = tsn; 126 (*num)++; 127 *head = t; 128 return; 129 } 130 131 /* 132 * We need to handle the following cases, where p points to 133 * the current set (as we walk through the loop): 134 * 135 * 1. tsn is entirely less than p; create a new set before p. 136 * 2. tsn borders p from less; coalesce p with tsn. 137 * 3. tsn is withing p; do nothing. 138 * 4. tsn borders p from greater; coalesce p with tsn. 139 * 4a. p may now border p->next from less; if so, coalesce those 140 * two sets. 141 * 5. tsn is entirely greater then all sets; add a new set at 142 * the end. 143 */ 144 for (p = *head; ; p = p->next) { 145 if (SEQ_LT(tsn + 1, p->begin)) { 146 /* 1: add a new set before p. */ 147 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 148 if (t == NULL) 149 return; 150 t->next = p; 151 t->prev = NULL; 152 t->begin = tsn; 153 t->end = tsn; 154 if (p->prev) { 155 t->prev = p->prev; 156 p->prev->next = t; 157 } 158 p->prev = t; 159 (*num)++; 160 return; 161 } 162 163 if ((tsn + 1) == p->begin) { 164 /* 2: adjust p->begin */ 165 p->begin = tsn; 166 return; 167 } 168 169 if (SEQ_GEQ(tsn, p->begin) && SEQ_LEQ(tsn, p->end)) { 170 /* 3; do nothing */ 171 return; 172 } 173 174 if ((p->end + 1) == tsn) { 175 /* 4; adjust p->end */ 176 p->end = tsn; 177 178 if (p->next != NULL && (tsn + 1) == p->next->begin) { 179 /* 4a: coalesce p and p->next */ 180 t = p->next; 181 p->end = t->end; 182 p->next = t->next; 183 if (t->next != NULL) 184 t->next->prev = p; 185 kmem_cache_free(sctp_kmem_set_cache, t); 186 (*num)--; 187 } 188 return; 189 } 190 191 if (p->next == NULL) { 192 /* 5: add new set at the end */ 193 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 194 if (t == NULL) 195 return; 196 t->next = NULL; 197 t->prev = p; 198 t->begin = tsn; 199 t->end = tsn; 200 p->next = t; 201 (*num)++; 202 return; 203 } 204 205 if (SEQ_GT(tsn, p->end + 1)) 206 continue; 207 } 208 } 209 210 static void 211 sctp_ack_rem(sctp_set_t **head, uint32_t end, int *num) 212 { 213 sctp_set_t *p, *t; 214 215 if (head == NULL || *head == NULL || num == NULL) 216 return; 217 218 /* Nothing to remove */ 219 if (SEQ_LT(end, (*head)->begin)) 220 return; 221 222 /* Find out where to start removing sets */ 223 for (p = *head; p->next; p = p->next) { 224 if (SEQ_LEQ(end, p->end)) 225 break; 226 } 227 228 if (SEQ_LT(end, p->end) && SEQ_GEQ(end, p->begin)) { 229 /* adjust p */ 230 p->begin = end + 1; 231 /* all done */ 232 if (p == *head) 233 return; 234 } else if (SEQ_GEQ(end, p->end)) { 235 /* remove this set too */ 236 p = p->next; 237 } 238 239 /* unlink everything before this set */ 240 t = *head; 241 *head = p; 242 if (p != NULL && p->prev != NULL) { 243 p->prev->next = NULL; 244 p->prev = NULL; 245 } 246 247 sctp_free_set(t); 248 249 /* recount the number of sets */ 250 *num = 0; 251 252 for (p = *head; p != NULL; p = p->next) 253 (*num)++; 254 } 255 256 void 257 sctp_sets_init() 258 { 259 sctp_kmem_set_cache = kmem_cache_create("sctp_set_cache", 260 sizeof (sctp_set_t), 0, NULL, NULL, NULL, NULL, 261 NULL, 0); 262 } 263 264 void 265 sctp_sets_fini() 266 { 267 kmem_cache_destroy(sctp_kmem_set_cache); 268 } 269 270 sctp_chunk_hdr_t * 271 sctp_first_chunk(uchar_t *rptr, ssize_t remaining) 272 { 273 sctp_chunk_hdr_t *ch; 274 uint16_t ch_len; 275 276 if (remaining < sizeof (*ch)) { 277 return (NULL); 278 } 279 280 ch = (sctp_chunk_hdr_t *)rptr; 281 ch_len = ntohs(ch->sch_len); 282 283 if (ch_len < sizeof (*ch) || remaining < ch_len) { 284 return (NULL); 285 } 286 287 return (ch); 288 } 289 290 sctp_chunk_hdr_t * 291 sctp_next_chunk(sctp_chunk_hdr_t *ch, ssize_t *remaining) 292 { 293 int pad; 294 uint16_t ch_len; 295 296 if (!ch) { 297 return (NULL); 298 } 299 300 ch_len = ntohs(ch->sch_len); 301 302 if ((pad = ch_len & (SCTP_ALIGN - 1)) != 0) { 303 pad = SCTP_ALIGN - pad; 304 } 305 306 *remaining -= (ch_len + pad); 307 ch = (sctp_chunk_hdr_t *)((char *)ch + ch_len + pad); 308 309 return (sctp_first_chunk((uchar_t *)ch, *remaining)); 310 } 311 312 /* 313 * Attach ancillary data to a received SCTP segments. 314 * If the source address (fp) is not the primary, send up a 315 * unitdata_ind so recvfrom() can populate the msg_name field. 316 * If ancillary data is also requested, we append it to the 317 * unitdata_req. Otherwise, we just send up an optdata_ind. 318 */ 319 static int 320 sctp_input_add_ancillary(sctp_t *sctp, mblk_t **mp, sctp_data_hdr_t *dcp, 321 sctp_faddr_t *fp, ip6_pkt_t *ipp) 322 { 323 struct T_unitdata_ind *tudi; 324 int optlen; 325 int hdrlen; 326 uchar_t *optptr; 327 struct cmsghdr *cmsg; 328 mblk_t *mp1; 329 struct sockaddr_in6 sin_buf[1]; 330 struct sockaddr_in6 *sin6; 331 struct sockaddr_in *sin4; 332 uint_t addflag = 0; 333 334 sin4 = NULL; 335 sin6 = NULL; 336 337 optlen = hdrlen = 0; 338 339 /* Figure out address size */ 340 if (sctp->sctp_ipversion == IPV4_VERSION) { 341 sin4 = (struct sockaddr_in *)sin_buf; 342 sin4->sin_family = AF_INET; 343 sin4->sin_port = sctp->sctp_fport; 344 IN6_V4MAPPED_TO_IPADDR(&fp->faddr, sin4->sin_addr.s_addr); 345 hdrlen = sizeof (*tudi) + sizeof (*sin4); 346 } else { 347 sin6 = sin_buf; 348 sin6->sin6_family = AF_INET6; 349 sin6->sin6_port = sctp->sctp_fport; 350 sin6->sin6_addr = fp->faddr; 351 hdrlen = sizeof (*tudi) + sizeof (*sin6); 352 } 353 354 /* If app asked to receive send / recv info */ 355 if (sctp->sctp_recvsndrcvinfo) { 356 optlen += sizeof (*cmsg) + sizeof (struct sctp_sndrcvinfo); 357 if (hdrlen == 0) 358 hdrlen = sizeof (struct T_optdata_ind); 359 } 360 361 if (sctp->sctp_ipv6_recvancillary == 0) 362 goto noancillary; 363 364 if ((ipp->ipp_fields & IPPF_IFINDEX) && 365 ipp->ipp_ifindex != sctp->sctp_recvifindex && 366 (sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVPKTINFO)) { 367 optlen += sizeof (*cmsg) + sizeof (struct in6_pktinfo); 368 if (hdrlen == 0) 369 hdrlen = sizeof (struct T_unitdata_ind); 370 addflag |= SCTP_IPV6_RECVPKTINFO; 371 } 372 /* If app asked for hoplimit and it has changed ... */ 373 if ((ipp->ipp_fields & IPPF_HOPLIMIT) && 374 ipp->ipp_hoplimit != sctp->sctp_recvhops && 375 (sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVHOPLIMIT)) { 376 optlen += sizeof (*cmsg) + sizeof (uint_t); 377 if (hdrlen == 0) 378 hdrlen = sizeof (struct T_unitdata_ind); 379 addflag |= SCTP_IPV6_RECVHOPLIMIT; 380 } 381 /* If app asked for hopbyhop headers and it has changed ... */ 382 if ((sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVHOPOPTS) && 383 ip_cmpbuf(sctp->sctp_hopopts, sctp->sctp_hopoptslen, 384 (ipp->ipp_fields & IPPF_HOPOPTS), 385 ipp->ipp_hopopts, ipp->ipp_hopoptslen)) { 386 optlen += sizeof (*cmsg) + ipp->ipp_hopoptslen - 387 sctp->sctp_v6label_len; 388 if (hdrlen == 0) 389 hdrlen = sizeof (struct T_unitdata_ind); 390 addflag |= SCTP_IPV6_RECVHOPOPTS; 391 if (!ip_allocbuf((void **)&sctp->sctp_hopopts, 392 &sctp->sctp_hopoptslen, 393 (ipp->ipp_fields & IPPF_HOPOPTS), 394 ipp->ipp_hopopts, ipp->ipp_hopoptslen)) 395 return (-1); 396 } 397 /* If app asked for dst headers before routing headers ... */ 398 if ((sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVRTDSTOPTS) && 399 ip_cmpbuf(sctp->sctp_rtdstopts, sctp->sctp_rtdstoptslen, 400 (ipp->ipp_fields & IPPF_RTDSTOPTS), 401 ipp->ipp_rtdstopts, ipp->ipp_rtdstoptslen)) { 402 optlen += sizeof (*cmsg) + ipp->ipp_rtdstoptslen; 403 if (hdrlen == 0) 404 hdrlen = sizeof (struct T_unitdata_ind); 405 addflag |= SCTP_IPV6_RECVRTDSTOPTS; 406 if (!ip_allocbuf((void **)&sctp->sctp_rtdstopts, 407 &sctp->sctp_rtdstoptslen, 408 (ipp->ipp_fields & IPPF_RTDSTOPTS), 409 ipp->ipp_rtdstopts, ipp->ipp_rtdstoptslen)) 410 return (-1); 411 } 412 /* If app asked for routing headers and it has changed ... */ 413 if (sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVRTHDR) { 414 if (ip_cmpbuf(sctp->sctp_rthdr, sctp->sctp_rthdrlen, 415 (ipp->ipp_fields & IPPF_RTHDR), 416 ipp->ipp_rthdr, ipp->ipp_rthdrlen)) { 417 optlen += sizeof (*cmsg) + ipp->ipp_rthdrlen; 418 if (hdrlen == 0) 419 hdrlen = sizeof (struct T_unitdata_ind); 420 addflag |= SCTP_IPV6_RECVRTHDR; 421 if (!ip_allocbuf((void **)&sctp->sctp_rthdr, 422 &sctp->sctp_rthdrlen, 423 (ipp->ipp_fields & IPPF_RTHDR), 424 ipp->ipp_rthdr, ipp->ipp_rthdrlen)) 425 return (-1); 426 } 427 } 428 /* If app asked for dest headers and it has changed ... */ 429 if ((sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVDSTOPTS) && 430 ip_cmpbuf(sctp->sctp_dstopts, sctp->sctp_dstoptslen, 431 (ipp->ipp_fields & IPPF_DSTOPTS), 432 ipp->ipp_dstopts, ipp->ipp_dstoptslen)) { 433 optlen += sizeof (*cmsg) + ipp->ipp_dstoptslen; 434 if (hdrlen == 0) 435 hdrlen = sizeof (struct T_unitdata_ind); 436 addflag |= SCTP_IPV6_RECVDSTOPTS; 437 if (!ip_allocbuf((void **)&sctp->sctp_dstopts, 438 &sctp->sctp_dstoptslen, 439 (ipp->ipp_fields & IPPF_DSTOPTS), 440 ipp->ipp_dstopts, ipp->ipp_dstoptslen)) 441 return (-1); 442 } 443 noancillary: 444 /* Nothing to add */ 445 if (hdrlen == 0) 446 return (-1); 447 448 mp1 = allocb(hdrlen + optlen + sizeof (void *), BPRI_MED); 449 if (mp1 == NULL) 450 return (-1); 451 mp1->b_cont = *mp; 452 *mp = mp1; 453 mp1->b_rptr += sizeof (void *); /* pointer worth of padding */ 454 mp1->b_wptr = mp1->b_rptr + hdrlen + optlen; 455 DB_TYPE(mp1) = M_PROTO; 456 tudi = (struct T_unitdata_ind *)mp1->b_rptr; 457 tudi->PRIM_type = T_UNITDATA_IND; 458 tudi->SRC_length = sin4 ? sizeof (*sin4) : sizeof (*sin6); 459 tudi->SRC_offset = sizeof (*tudi); 460 tudi->OPT_offset = sizeof (*tudi) + tudi->SRC_length; 461 tudi->OPT_length = optlen; 462 if (sin4) { 463 bcopy(sin4, tudi + 1, sizeof (*sin4)); 464 } else { 465 bcopy(sin6, tudi + 1, sizeof (*sin6)); 466 } 467 optptr = (uchar_t *)tudi + tudi->OPT_offset; 468 469 if (sctp->sctp_recvsndrcvinfo) { 470 /* XXX need backout method if memory allocation fails. */ 471 struct sctp_sndrcvinfo *sri; 472 473 cmsg = (struct cmsghdr *)optptr; 474 cmsg->cmsg_level = IPPROTO_SCTP; 475 cmsg->cmsg_type = SCTP_SNDRCV; 476 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (*sri); 477 optptr += sizeof (*cmsg); 478 479 sri = (struct sctp_sndrcvinfo *)(cmsg + 1); 480 ASSERT(OK_32PTR(sri)); 481 sri->sinfo_stream = ntohs(dcp->sdh_sid); 482 sri->sinfo_ssn = ntohs(dcp->sdh_ssn); 483 if (SCTP_DATA_GET_UBIT(dcp)) { 484 sri->sinfo_flags = MSG_UNORDERED; 485 } else { 486 sri->sinfo_flags = 0; 487 } 488 sri->sinfo_ppid = dcp->sdh_payload_id; 489 sri->sinfo_context = 0; 490 sri->sinfo_timetolive = 0; 491 sri->sinfo_tsn = ntohl(dcp->sdh_tsn); 492 sri->sinfo_cumtsn = sctp->sctp_ftsn; 493 sri->sinfo_assoc_id = 0; 494 495 optptr += sizeof (*sri); 496 } 497 498 /* 499 * If app asked for pktinfo and the index has changed ... 500 * Note that the local address never changes for the connection. 501 */ 502 if (addflag & SCTP_IPV6_RECVPKTINFO) { 503 struct in6_pktinfo *pkti; 504 505 cmsg = (struct cmsghdr *)optptr; 506 cmsg->cmsg_level = IPPROTO_IPV6; 507 cmsg->cmsg_type = IPV6_PKTINFO; 508 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (*pkti); 509 optptr += sizeof (*cmsg); 510 511 pkti = (struct in6_pktinfo *)optptr; 512 if (sctp->sctp_ipversion == IPV6_VERSION) 513 pkti->ipi6_addr = sctp->sctp_ip6h->ip6_src; 514 else 515 IN6_IPADDR_TO_V4MAPPED(sctp->sctp_ipha->ipha_src, 516 &pkti->ipi6_addr); 517 pkti->ipi6_ifindex = ipp->ipp_ifindex; 518 optptr += sizeof (*pkti); 519 ASSERT(OK_32PTR(optptr)); 520 /* Save as "last" value */ 521 sctp->sctp_recvifindex = ipp->ipp_ifindex; 522 } 523 /* If app asked for hoplimit and it has changed ... */ 524 if (addflag & SCTP_IPV6_RECVHOPLIMIT) { 525 cmsg = (struct cmsghdr *)optptr; 526 cmsg->cmsg_level = IPPROTO_IPV6; 527 cmsg->cmsg_type = IPV6_HOPLIMIT; 528 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (uint_t); 529 optptr += sizeof (*cmsg); 530 531 *(uint_t *)optptr = ipp->ipp_hoplimit; 532 optptr += sizeof (uint_t); 533 ASSERT(OK_32PTR(optptr)); 534 /* Save as "last" value */ 535 sctp->sctp_recvhops = ipp->ipp_hoplimit; 536 } 537 if (addflag & SCTP_IPV6_RECVHOPOPTS) { 538 cmsg = (struct cmsghdr *)optptr; 539 cmsg->cmsg_level = IPPROTO_IPV6; 540 cmsg->cmsg_type = IPV6_HOPOPTS; 541 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_hopoptslen; 542 optptr += sizeof (*cmsg); 543 544 bcopy(ipp->ipp_hopopts, optptr, ipp->ipp_hopoptslen); 545 optptr += ipp->ipp_hopoptslen; 546 ASSERT(OK_32PTR(optptr)); 547 /* Save as last value */ 548 ip_savebuf((void **)&sctp->sctp_hopopts, 549 &sctp->sctp_hopoptslen, 550 (ipp->ipp_fields & IPPF_HOPOPTS), 551 ipp->ipp_hopopts, ipp->ipp_hopoptslen); 552 } 553 if (addflag & SCTP_IPV6_RECVRTDSTOPTS) { 554 cmsg = (struct cmsghdr *)optptr; 555 cmsg->cmsg_level = IPPROTO_IPV6; 556 cmsg->cmsg_type = IPV6_RTHDRDSTOPTS; 557 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_rtdstoptslen; 558 optptr += sizeof (*cmsg); 559 560 bcopy(ipp->ipp_rtdstopts, optptr, ipp->ipp_rtdstoptslen); 561 optptr += ipp->ipp_rtdstoptslen; 562 ASSERT(OK_32PTR(optptr)); 563 /* Save as last value */ 564 ip_savebuf((void **)&sctp->sctp_rtdstopts, 565 &sctp->sctp_rtdstoptslen, 566 (ipp->ipp_fields & IPPF_RTDSTOPTS), 567 ipp->ipp_rtdstopts, ipp->ipp_rtdstoptslen); 568 } 569 if (addflag & SCTP_IPV6_RECVRTHDR) { 570 cmsg = (struct cmsghdr *)optptr; 571 cmsg->cmsg_level = IPPROTO_IPV6; 572 cmsg->cmsg_type = IPV6_RTHDR; 573 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_rthdrlen; 574 optptr += sizeof (*cmsg); 575 576 bcopy(ipp->ipp_rthdr, optptr, ipp->ipp_rthdrlen); 577 optptr += ipp->ipp_rthdrlen; 578 ASSERT(OK_32PTR(optptr)); 579 /* Save as last value */ 580 ip_savebuf((void **)&sctp->sctp_rthdr, 581 &sctp->sctp_rthdrlen, 582 (ipp->ipp_fields & IPPF_RTHDR), 583 ipp->ipp_rthdr, ipp->ipp_rthdrlen); 584 } 585 if (addflag & SCTP_IPV6_RECVDSTOPTS) { 586 cmsg = (struct cmsghdr *)optptr; 587 cmsg->cmsg_level = IPPROTO_IPV6; 588 cmsg->cmsg_type = IPV6_DSTOPTS; 589 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_dstoptslen; 590 optptr += sizeof (*cmsg); 591 592 bcopy(ipp->ipp_dstopts, optptr, ipp->ipp_dstoptslen); 593 optptr += ipp->ipp_dstoptslen; 594 ASSERT(OK_32PTR(optptr)); 595 /* Save as last value */ 596 ip_savebuf((void **)&sctp->sctp_dstopts, 597 &sctp->sctp_dstoptslen, 598 (ipp->ipp_fields & IPPF_DSTOPTS), 599 ipp->ipp_dstopts, ipp->ipp_dstoptslen); 600 } 601 602 ASSERT(optptr == mp1->b_wptr); 603 604 return (0); 605 } 606 607 void 608 sctp_free_reass(sctp_instr_t *sip) 609 { 610 mblk_t *mp, *mpnext, *mctl; 611 612 for (mp = sip->istr_reass; mp != NULL; mp = mpnext) { 613 mpnext = mp->b_next; 614 mp->b_next = NULL; 615 mp->b_prev = NULL; 616 if (DB_TYPE(mp) == M_CTL) { 617 mctl = mp; 618 ASSERT(mp->b_cont != NULL); 619 mp = mp->b_cont; 620 mctl->b_cont = NULL; 621 freeb(mctl); 622 } 623 freemsg(mp); 624 } 625 } 626 627 /* 628 * If the series of data fragments of which dmp is a part is successfully 629 * reassembled, the first mblk in the series is returned. dc is adjusted 630 * to point at the data chunk in the lead mblk, and b_rptr also points to 631 * the data chunk; the following mblk's b_rptr's point at the actual payload. 632 * 633 * If the series is not yet reassembled, NULL is returned. dc is not changed. 634 * XXX should probably move this up into the state machine. 635 */ 636 637 /* Fragment list for un-ordered messages. Partial delivery is not supported */ 638 static mblk_t * 639 sctp_uodata_frag(sctp_t *sctp, mblk_t *dmp, sctp_data_hdr_t **dc) 640 { 641 mblk_t *hmp; 642 mblk_t *begin = NULL; 643 mblk_t *end = NULL; 644 sctp_data_hdr_t *qdc; 645 uint32_t ntsn; 646 uint32_t tsn = ntohl((*dc)->sdh_tsn); 647 #ifdef DEBUG 648 mblk_t *mp1; 649 #endif 650 651 /* First frag. */ 652 if (sctp->sctp_uo_frags == NULL) { 653 sctp->sctp_uo_frags = dmp; 654 return (NULL); 655 } 656 hmp = sctp->sctp_uo_frags; 657 /* 658 * Insert the segment according to the TSN, fragmented unordered 659 * chunks are sequenced by TSN. 660 */ 661 while (hmp != NULL) { 662 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 663 ntsn = ntohl(qdc->sdh_tsn); 664 if (SEQ_GT(ntsn, tsn)) { 665 if (hmp->b_prev == NULL) { 666 dmp->b_next = hmp; 667 hmp->b_prev = dmp; 668 sctp->sctp_uo_frags = dmp; 669 } else { 670 dmp->b_next = hmp; 671 dmp->b_prev = hmp->b_prev; 672 hmp->b_prev->b_next = dmp; 673 hmp->b_prev = dmp; 674 } 675 break; 676 } 677 if (hmp->b_next == NULL) { 678 hmp->b_next = dmp; 679 dmp->b_prev = hmp; 680 break; 681 } 682 hmp = hmp->b_next; 683 } 684 /* check if we completed a msg */ 685 if (SCTP_DATA_GET_BBIT(*dc)) { 686 begin = dmp; 687 } else if (SCTP_DATA_GET_EBIT(*dc)) { 688 end = dmp; 689 } 690 /* 691 * We walk consecutive TSNs backwards till we get a seg. with 692 * the B bit 693 */ 694 if (begin == NULL) { 695 for (hmp = dmp->b_prev; hmp != NULL; hmp = hmp->b_prev) { 696 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 697 ntsn = ntohl(qdc->sdh_tsn); 698 if ((int32_t)(tsn - ntsn) > 1) { 699 return (NULL); 700 } 701 if (SCTP_DATA_GET_BBIT(qdc)) { 702 begin = hmp; 703 break; 704 } 705 tsn = ntsn; 706 } 707 } 708 tsn = ntohl((*dc)->sdh_tsn); 709 /* 710 * We walk consecutive TSNs till we get a seg. with the E bit 711 */ 712 if (end == NULL) { 713 for (hmp = dmp->b_next; hmp != NULL; hmp = hmp->b_next) { 714 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 715 ntsn = ntohl(qdc->sdh_tsn); 716 if ((int32_t)(ntsn - tsn) > 1) { 717 return (NULL); 718 } 719 if (SCTP_DATA_GET_EBIT(qdc)) { 720 end = hmp; 721 break; 722 } 723 tsn = ntsn; 724 } 725 } 726 if (begin == NULL || end == NULL) { 727 return (NULL); 728 } 729 /* Got one!, Remove the msg from the list */ 730 if (sctp->sctp_uo_frags == begin) { 731 ASSERT(begin->b_prev == NULL); 732 sctp->sctp_uo_frags = end->b_next; 733 if (end->b_next != NULL) 734 end->b_next->b_prev = NULL; 735 } else { 736 begin->b_prev->b_next = end->b_next; 737 if (end->b_next != NULL) 738 end->b_next->b_prev = begin->b_prev; 739 } 740 begin->b_prev = NULL; 741 end->b_next = NULL; 742 743 /* 744 * Null out b_next and b_prev and chain using b_cont. 745 */ 746 dmp = end = begin; 747 hmp = begin->b_next; 748 *dc = (sctp_data_hdr_t *)begin->b_rptr; 749 begin->b_next = NULL; 750 while (hmp != NULL) { 751 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 752 hmp->b_rptr = (uchar_t *)(qdc + 1); 753 end = hmp->b_next; 754 dmp->b_cont = hmp; 755 dmp = hmp; 756 757 if (end != NULL) 758 hmp->b_next = NULL; 759 hmp->b_prev = NULL; 760 hmp = end; 761 } 762 BUMP_LOCAL(sctp->sctp_reassmsgs); 763 #ifdef DEBUG 764 mp1 = begin; 765 while (mp1 != NULL) { 766 ASSERT(mp1->b_next == NULL); 767 ASSERT(mp1->b_prev == NULL); 768 mp1 = mp1->b_cont; 769 } 770 #endif 771 return (begin); 772 } 773 774 /* 775 * Try partial delivery. 776 */ 777 static mblk_t * 778 sctp_try_partial_delivery(sctp_t *sctp, mblk_t *hmp, sctp_reass_t *srp, 779 sctp_data_hdr_t **dc) 780 { 781 mblk_t *first_mp; 782 mblk_t *mp; 783 mblk_t *dmp; 784 mblk_t *qmp; 785 mblk_t *prev; 786 sctp_data_hdr_t *qdc; 787 uint32_t tsn; 788 789 ASSERT(DB_TYPE(hmp) == M_CTL); 790 791 dprint(4, ("trypartial: got=%d, needed=%d\n", 792 (int)(srp->got), (int)(srp->needed))); 793 794 first_mp = hmp->b_cont; 795 mp = first_mp; 796 qdc = (sctp_data_hdr_t *)mp->b_rptr; 797 798 ASSERT(SCTP_DATA_GET_BBIT(qdc) && srp->hasBchunk); 799 800 tsn = ntohl(qdc->sdh_tsn) + 1; 801 802 /* 803 * This loop has two exit conditions: the 804 * end of received chunks has been reached, or 805 * there is a break in the sequence. We want 806 * to chop the reassembly list as follows (the 807 * numbers are TSNs): 808 * 10 -> 11 -> (end of chunks) 809 * 10 -> 11 -> | 13 (break in sequence) 810 */ 811 prev = mp; 812 mp = mp->b_cont; 813 while (mp != NULL) { 814 qdc = (sctp_data_hdr_t *)mp->b_rptr; 815 if (ntohl(qdc->sdh_tsn) != tsn) 816 break; 817 prev = mp; 818 mp = mp->b_cont; 819 tsn++; 820 } 821 /* 822 * We are sending all the fragments upstream, we have to retain 823 * the srp info for further fragments. 824 */ 825 if (mp == NULL) { 826 dmp = hmp->b_cont; 827 hmp->b_cont = NULL; 828 srp->nexttsn = tsn; 829 srp->msglen = 0; 830 srp->needed = 0; 831 srp->got = 0; 832 srp->partial_delivered = B_TRUE; 833 srp->tail = NULL; 834 } else { 835 dmp = hmp->b_cont; 836 hmp->b_cont = mp; 837 } 838 srp->hasBchunk = B_FALSE; 839 /* 840 * mp now points at the last chunk in the sequence, 841 * and prev points to mp's previous in the list. 842 * We chop the list at prev, and convert mp into the 843 * new list head by setting the B bit. Subsequence 844 * fragment deliveries will follow the normal reassembly 845 * path. 846 */ 847 prev->b_cont = NULL; 848 srp->partial_delivered = B_TRUE; 849 850 dprint(4, ("trypartial: got some, got=%d, needed=%d\n", 851 (int)(srp->got), (int)(srp->needed))); 852 853 /* 854 * Adjust all mblk's except the lead so their rptr's point to the 855 * payload. sctp_data_chunk() will need to process the lead's 856 * data chunk section, so leave it's rptr pointing at the data chunk. 857 */ 858 *dc = (sctp_data_hdr_t *)dmp->b_rptr; 859 if (srp->tail != NULL) { 860 srp->got--; 861 ASSERT(srp->got != 0); 862 if (srp->needed != 0) { 863 srp->needed--; 864 ASSERT(srp->needed != 0); 865 } 866 srp->msglen -= ntohs((*dc)->sdh_len); 867 } 868 for (qmp = dmp->b_cont; qmp != NULL; qmp = qmp->b_cont) { 869 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 870 qmp->b_rptr = (uchar_t *)(qdc + 1); 871 872 /* 873 * Deduct the balance from got and needed here, now that 874 * we know we are actually delivering these data. 875 */ 876 if (srp->tail != NULL) { 877 srp->got--; 878 ASSERT(srp->got != 0); 879 if (srp->needed != 0) { 880 srp->needed--; 881 ASSERT(srp->needed != 0); 882 } 883 srp->msglen -= ntohs(qdc->sdh_len); 884 } 885 } 886 ASSERT(srp->msglen == 0); 887 BUMP_LOCAL(sctp->sctp_reassmsgs); 888 889 return (dmp); 890 } 891 892 /* 893 * Fragment list for ordered messages. 894 * If no error occures, error is set to 0. If we run out of memory, error 895 * is set to 1. If the peer commits a fatal error (like using different 896 * sequence numbers for the same data fragment series), the association is 897 * aborted and error is set to 2. tpfinished indicates whether we have 898 * assembled a complete message, this is used in sctp_data_chunk() to 899 * see if we can try to send any queued message for this stream. 900 */ 901 static mblk_t * 902 sctp_data_frag(sctp_t *sctp, mblk_t *dmp, sctp_data_hdr_t **dc, int *error, 903 sctp_instr_t *sip, boolean_t *tpfinished) 904 { 905 mblk_t *hmp; 906 mblk_t *pmp; 907 mblk_t *qmp; 908 mblk_t *first_mp; 909 sctp_reass_t *srp; 910 sctp_data_hdr_t *qdc; 911 sctp_data_hdr_t *bdc; 912 sctp_data_hdr_t *edc; 913 uint32_t tsn; 914 uint16_t fraglen = 0; 915 916 *error = 0; 917 918 /* find the reassembly queue for this data chunk */ 919 hmp = qmp = sip->istr_reass; 920 for (; hmp != NULL; hmp = hmp->b_next) { 921 srp = (sctp_reass_t *)DB_BASE(hmp); 922 if (ntohs((*dc)->sdh_ssn) == srp->ssn) 923 goto foundit; 924 else if (SSN_GT(srp->ssn, ntohs((*dc)->sdh_ssn))) 925 break; 926 qmp = hmp; 927 } 928 929 /* 930 * Allocate a M_CTL that will contain information about this 931 * fragmented message. 932 */ 933 if ((pmp = allocb(sizeof (*srp), BPRI_MED)) == NULL) { 934 *error = 1; 935 return (NULL); 936 } 937 DB_TYPE(pmp) = M_CTL; 938 srp = (sctp_reass_t *)DB_BASE(pmp); 939 pmp->b_cont = dmp; 940 941 if (hmp != NULL) { 942 if (sip->istr_reass == hmp) { 943 sip->istr_reass = pmp; 944 pmp->b_next = hmp; 945 pmp->b_prev = NULL; 946 hmp->b_prev = pmp; 947 } else { 948 qmp->b_next = pmp; 949 pmp->b_prev = qmp; 950 pmp->b_next = hmp; 951 hmp->b_prev = pmp; 952 } 953 } else { 954 /* make a new reass head and stick it on the end */ 955 if (sip->istr_reass == NULL) { 956 sip->istr_reass = pmp; 957 pmp->b_prev = NULL; 958 } else { 959 qmp->b_next = pmp; 960 pmp->b_prev = qmp; 961 } 962 pmp->b_next = NULL; 963 } 964 srp->partial_delivered = B_FALSE; 965 srp->ssn = ntohs((*dc)->sdh_ssn); 966 empty_srp: 967 srp->needed = 0; 968 srp->got = 1; 969 srp->tail = dmp; 970 if (SCTP_DATA_GET_BBIT(*dc)) { 971 srp->msglen = ntohs((*dc)->sdh_len); 972 srp->nexttsn = ntohl((*dc)->sdh_tsn) + 1; 973 srp->hasBchunk = B_TRUE; 974 } else if (srp->partial_delivered && 975 srp->nexttsn == ntohl((*dc)->sdh_tsn)) { 976 SCTP_DATA_SET_BBIT(*dc); 977 /* Last fragment */ 978 if (SCTP_DATA_GET_EBIT(*dc)) { 979 srp->needed = 1; 980 goto frag_done; 981 } 982 srp->hasBchunk = B_TRUE; 983 srp->msglen = ntohs((*dc)->sdh_len); 984 srp->nexttsn++; 985 } 986 return (NULL); 987 foundit: 988 /* 989 * else already have a reassembly queue. Insert the new data chunk 990 * in the reassemble queue. Try the tail first, on the assumption 991 * that the fragments are coming in in order. 992 */ 993 qmp = srp->tail; 994 995 /* 996 * This means the message was partially delivered. 997 */ 998 if (qmp == NULL) { 999 ASSERT(srp->got == 0 && srp->needed == 0 && 1000 srp->partial_delivered); 1001 ASSERT(hmp->b_cont == NULL); 1002 hmp->b_cont = dmp; 1003 goto empty_srp; 1004 } 1005 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 1006 ASSERT(qmp->b_cont == NULL); 1007 1008 /* XXXIs it fine to do this just here? */ 1009 if ((*dc)->sdh_sid != qdc->sdh_sid) { 1010 /* our peer is fatally confused; XXX abort the assc */ 1011 *error = 2; 1012 return (NULL); 1013 } 1014 if (SEQ_GT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 1015 qmp->b_cont = dmp; 1016 srp->tail = dmp; 1017 dmp->b_cont = NULL; 1018 if (srp->hasBchunk && srp->nexttsn == ntohl((*dc)->sdh_tsn)) { 1019 srp->msglen += ntohs((*dc)->sdh_len); 1020 srp->nexttsn++; 1021 } 1022 goto inserted; 1023 } 1024 1025 /* Next check for insertion at the beginning */ 1026 qmp = hmp->b_cont; 1027 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 1028 if (SEQ_LT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 1029 dmp->b_cont = qmp; 1030 hmp->b_cont = dmp; 1031 if (SCTP_DATA_GET_BBIT(*dc)) { 1032 srp->hasBchunk = B_TRUE; 1033 srp->nexttsn = ntohl((*dc)->sdh_tsn); 1034 } 1035 goto preinserted; 1036 } 1037 1038 /* Insert somewhere in the middle */ 1039 for (;;) { 1040 /* Tail check above should have caught this */ 1041 ASSERT(qmp->b_cont != NULL); 1042 1043 qdc = (sctp_data_hdr_t *)qmp->b_cont->b_rptr; 1044 if (SEQ_LT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 1045 /* insert here */ 1046 dmp->b_cont = qmp->b_cont; 1047 qmp->b_cont = dmp; 1048 break; 1049 } 1050 qmp = qmp->b_cont; 1051 } 1052 preinserted: 1053 if (!srp->hasBchunk || ntohl((*dc)->sdh_tsn) != srp->nexttsn) 1054 goto inserted; 1055 /* 1056 * fraglen contains the length of consecutive chunks of fragments. 1057 * starting from the chunk inserted recently. 1058 */ 1059 tsn = srp->nexttsn; 1060 for (qmp = dmp; qmp != NULL; qmp = qmp->b_cont) { 1061 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 1062 if (tsn != ntohl(qdc->sdh_tsn)) 1063 break; 1064 fraglen += ntohs(qdc->sdh_len); 1065 tsn++; 1066 } 1067 srp->nexttsn = tsn; 1068 srp->msglen += fraglen; 1069 inserted: 1070 srp->got++; 1071 first_mp = hmp->b_cont; 1072 if (srp->needed == 0) { 1073 /* check if we have the first and last fragments */ 1074 bdc = (sctp_data_hdr_t *)first_mp->b_rptr; 1075 edc = (sctp_data_hdr_t *)srp->tail->b_rptr; 1076 1077 /* calculate how many fragments are needed, if possible */ 1078 if (SCTP_DATA_GET_BBIT(bdc) && SCTP_DATA_GET_EBIT(edc)) { 1079 srp->needed = ntohl(edc->sdh_tsn) - 1080 ntohl(bdc->sdh_tsn) + 1; 1081 } 1082 } 1083 1084 /* 1085 * Try partial delivery if the message length has exceeded the 1086 * partial delivery point. Only do this if we can immediately 1087 * deliver the partially assembled message, and only partially 1088 * deliver one message at a time (i.e. messages cannot be 1089 * intermixed arriving at the upper layer). A simple way to 1090 * enforce this is to only try partial delivery if this TSN is 1091 * the next expected TSN. Partial Delivery not supported 1092 * for un-ordered message. 1093 */ 1094 if (srp->needed != srp->got) { 1095 dmp = NULL; 1096 if (ntohl((*dc)->sdh_tsn) == sctp->sctp_ftsn && 1097 srp->msglen >= sctp->sctp_pd_point) { 1098 dmp = sctp_try_partial_delivery(sctp, hmp, srp, dc); 1099 *tpfinished = B_FALSE; 1100 } 1101 return (dmp); 1102 } 1103 frag_done: 1104 /* 1105 * else reassembly done; prepare the data for delivery. 1106 * First unlink hmp from the ssn list. 1107 */ 1108 if (sip->istr_reass == hmp) { 1109 sip->istr_reass = hmp->b_next; 1110 if (hmp->b_next) 1111 hmp->b_next->b_prev = NULL; 1112 } else { 1113 ASSERT(hmp->b_prev != NULL); 1114 hmp->b_prev->b_next = hmp->b_next; 1115 if (hmp->b_next) 1116 hmp->b_next->b_prev = hmp->b_prev; 1117 } 1118 1119 /* 1120 * Using b_prev and b_next was a little sinful, but OK since 1121 * this mblk is never put*'d. However, freeb() will still 1122 * ASSERT that they are unused, so we need to NULL them out now. 1123 */ 1124 hmp->b_next = NULL; 1125 hmp->b_prev = NULL; 1126 dmp = hmp; 1127 dmp = dmp->b_cont; 1128 hmp->b_cont = NULL; 1129 freeb(hmp); 1130 *tpfinished = B_TRUE; 1131 1132 /* 1133 * Adjust all mblk's except the lead so their rptr's point to the 1134 * payload. sctp_data_chunk() will need to process the lead's 1135 * data chunk section, so leave it's rptr pointing at the data chunk. 1136 */ 1137 *dc = (sctp_data_hdr_t *)dmp->b_rptr; 1138 for (qmp = dmp->b_cont; qmp != NULL; qmp = qmp->b_cont) { 1139 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 1140 qmp->b_rptr = (uchar_t *)(qdc + 1); 1141 } 1142 BUMP_LOCAL(sctp->sctp_reassmsgs); 1143 1144 return (dmp); 1145 } 1146 static void 1147 sctp_add_dup(uint32_t tsn, mblk_t **dups) 1148 { 1149 mblk_t *mp; 1150 size_t bsize = SCTP_DUP_MBLK_SZ * sizeof (tsn); 1151 1152 if (dups == NULL) { 1153 return; 1154 } 1155 1156 /* first time? */ 1157 if (*dups == NULL) { 1158 *dups = allocb(bsize, BPRI_MED); 1159 if (*dups == NULL) { 1160 return; 1161 } 1162 } 1163 1164 mp = *dups; 1165 if ((mp->b_wptr - mp->b_rptr) >= bsize) { 1166 /* maximum reached */ 1167 return; 1168 } 1169 1170 /* add the duplicate tsn */ 1171 bcopy(&tsn, mp->b_wptr, sizeof (tsn)); 1172 mp->b_wptr += sizeof (tsn); 1173 ASSERT((mp->b_wptr - mp->b_rptr) <= bsize); 1174 } 1175 1176 static void 1177 sctp_data_chunk(sctp_t *sctp, sctp_chunk_hdr_t *ch, mblk_t *mp, mblk_t **dups, 1178 sctp_faddr_t *fp, ip6_pkt_t *ipp) 1179 { 1180 sctp_data_hdr_t *dc; 1181 mblk_t *dmp, *pmp; 1182 sctp_instr_t *instr; 1183 int ubit; 1184 int isfrag; 1185 uint16_t ssn; 1186 uint32_t oftsn; 1187 boolean_t can_deliver = B_TRUE; 1188 uint32_t tsn; 1189 int dlen; 1190 boolean_t tpfinished = B_TRUE; 1191 int32_t new_rwnd; 1192 sctp_stack_t *sctps = sctp->sctp_sctps; 1193 int error; 1194 1195 /* The following are used multiple times, so we inline them */ 1196 #define SCTP_ACK_IT(sctp, tsn) \ 1197 if (tsn == sctp->sctp_ftsn) { \ 1198 dprint(2, ("data_chunk: acking next %x\n", tsn)); \ 1199 (sctp)->sctp_ftsn++; \ 1200 if ((sctp)->sctp_sack_gaps > 0) \ 1201 (sctp)->sctp_force_sack = 1; \ 1202 } else if (SEQ_GT(tsn, sctp->sctp_ftsn)) { \ 1203 /* Got a gap; record it */ \ 1204 dprint(2, ("data_chunk: acking gap %x\n", tsn)); \ 1205 sctp_ack_add(&sctp->sctp_sack_info, tsn, \ 1206 &sctp->sctp_sack_gaps); \ 1207 sctp->sctp_force_sack = 1; \ 1208 } 1209 1210 dmp = NULL; 1211 1212 dc = (sctp_data_hdr_t *)ch; 1213 tsn = ntohl(dc->sdh_tsn); 1214 1215 dprint(3, ("sctp_data_chunk: mp=%p tsn=%x\n", (void *)mp, tsn)); 1216 1217 /* Check for duplicates */ 1218 if (SEQ_LT(tsn, sctp->sctp_ftsn)) { 1219 dprint(4, ("sctp_data_chunk: dropping duplicate\n")); 1220 sctp->sctp_force_sack = 1; 1221 sctp_add_dup(dc->sdh_tsn, dups); 1222 return; 1223 } 1224 1225 if (sctp->sctp_sack_info != NULL) { 1226 sctp_set_t *sp; 1227 1228 for (sp = sctp->sctp_sack_info; sp; sp = sp->next) { 1229 if (SEQ_GEQ(tsn, sp->begin) && SEQ_LEQ(tsn, sp->end)) { 1230 dprint(4, 1231 ("sctp_data_chunk: dropping dup > " 1232 "cumtsn\n")); 1233 sctp->sctp_force_sack = 1; 1234 sctp_add_dup(dc->sdh_tsn, dups); 1235 return; 1236 } 1237 } 1238 } 1239 1240 /* We cannot deliver anything up now but we still need to handle it. */ 1241 if (SCTP_IS_DETACHED(sctp)) { 1242 BUMP_MIB(&sctps->sctps_mib, sctpInClosed); 1243 can_deliver = B_FALSE; 1244 } 1245 1246 dlen = ntohs(dc->sdh_len) - sizeof (*dc); 1247 1248 /* Check for buffer space */ 1249 if (sctp->sctp_rwnd - sctp->sctp_rxqueued < dlen) { 1250 /* Drop and SACK, but don't advance the cumulative TSN. */ 1251 sctp->sctp_force_sack = 1; 1252 dprint(0, ("sctp_data_chunk: exceed rwnd %d rxqueued %d " 1253 "dlen %d ssn %d tsn %x\n", sctp->sctp_rwnd, 1254 sctp->sctp_rxqueued, dlen, ntohs(dc->sdh_ssn), 1255 ntohl(dc->sdh_tsn))); 1256 return; 1257 } 1258 1259 if (ntohs(dc->sdh_sid) >= sctp->sctp_num_istr) { 1260 uint16_t inval_parm[2]; 1261 1262 inval_parm[0] = dc->sdh_sid; 1263 /* RESERVED to be ignored at the receiving end */ 1264 inval_parm[1] = 0; 1265 /* ack and drop it */ 1266 sctp_add_err(sctp, SCTP_ERR_BAD_SID, inval_parm, 1267 sizeof (inval_parm), fp); 1268 SCTP_ACK_IT(sctp, tsn); 1269 return; 1270 } 1271 1272 ubit = SCTP_DATA_GET_UBIT(dc); 1273 ASSERT(sctp->sctp_instr != NULL); 1274 instr = &sctp->sctp_instr[ntohs(dc->sdh_sid)]; 1275 /* Initialize the stream, if not yet used */ 1276 if (instr->sctp == NULL) 1277 instr->sctp = sctp; 1278 1279 isfrag = !(SCTP_DATA_GET_BBIT(dc) && SCTP_DATA_GET_EBIT(dc)); 1280 ssn = ntohs(dc->sdh_ssn); 1281 1282 dmp = dupb(mp); 1283 if (dmp == NULL) { 1284 /* drop it and don't ack it, causing the peer to retransmit */ 1285 return; 1286 } 1287 dmp->b_wptr = (uchar_t *)ch + ntohs(ch->sch_len); 1288 1289 sctp->sctp_rxqueued += dlen; 1290 1291 oftsn = sctp->sctp_ftsn; 1292 1293 if (isfrag) { 1294 1295 error = 0; 1296 /* fragmented data chunk */ 1297 dmp->b_rptr = (uchar_t *)dc; 1298 if (ubit) { 1299 dmp = sctp_uodata_frag(sctp, dmp, &dc); 1300 #if DEBUG 1301 if (dmp != NULL) { 1302 ASSERT(instr == 1303 &sctp->sctp_instr[ntohs(dc->sdh_sid)]); 1304 } 1305 #endif 1306 } else { 1307 dmp = sctp_data_frag(sctp, dmp, &dc, &error, instr, 1308 &tpfinished); 1309 } 1310 if (error != 0) { 1311 sctp->sctp_rxqueued -= dlen; 1312 if (error == 1) { 1313 /* 1314 * out of memory; don't ack it so 1315 * the peer retransmits 1316 */ 1317 return; 1318 } else if (error == 2) { 1319 /* 1320 * fatal error (i.e. peer used different 1321 * ssn's for same fragmented data) -- 1322 * the association has been aborted. 1323 * XXX need to return errval so state 1324 * machine can also abort processing. 1325 */ 1326 dprint(0, ("error 2: must not happen!\n")); 1327 return; 1328 } 1329 } 1330 1331 if (dmp == NULL) { 1332 /* 1333 * Can't process this data now, but the cumulative 1334 * TSN may be advanced, so do the checks at done. 1335 */ 1336 SCTP_ACK_IT(sctp, tsn); 1337 goto done; 1338 } 1339 } 1340 1341 /* 1342 * Insert complete messages in correct order for ordered delivery. 1343 * tpfinished is true when the incoming chunk contains a complete 1344 * message or is the final missing fragment which completed a message. 1345 */ 1346 if (!ubit && tpfinished && ssn != instr->nextseq) { 1347 /* Adjust rptr to point at the data chunk for compares */ 1348 dmp->b_rptr = (uchar_t *)dc; 1349 1350 dprint(2, 1351 ("data_chunk: inserted %x in pq (ssn %d expected %d)\n", 1352 ntohl(dc->sdh_tsn), (int)(ssn), (int)(instr->nextseq))); 1353 1354 if (instr->istr_msgs == NULL) { 1355 instr->istr_msgs = dmp; 1356 ASSERT(dmp->b_prev == NULL && dmp->b_next == NULL); 1357 } else { 1358 mblk_t *imblk = instr->istr_msgs; 1359 sctp_data_hdr_t *idc; 1360 1361 /* 1362 * XXXNeed to take sequence wraps into account, 1363 * ... and a more efficient insertion algo. 1364 */ 1365 for (;;) { 1366 idc = (sctp_data_hdr_t *)imblk->b_rptr; 1367 if (SSN_GT(ntohs(idc->sdh_ssn), 1368 ntohs(dc->sdh_ssn))) { 1369 if (instr->istr_msgs == imblk) { 1370 instr->istr_msgs = dmp; 1371 dmp->b_next = imblk; 1372 imblk->b_prev = dmp; 1373 } else { 1374 ASSERT(imblk->b_prev != NULL); 1375 imblk->b_prev->b_next = dmp; 1376 dmp->b_prev = imblk->b_prev; 1377 imblk->b_prev = dmp; 1378 dmp->b_next = imblk; 1379 } 1380 break; 1381 } 1382 if (imblk->b_next == NULL) { 1383 imblk->b_next = dmp; 1384 dmp->b_prev = imblk; 1385 break; 1386 } 1387 imblk = imblk->b_next; 1388 } 1389 } 1390 (instr->istr_nmsgs)++; 1391 (sctp->sctp_istr_nmsgs)++; 1392 SCTP_ACK_IT(sctp, tsn); 1393 return; 1394 } 1395 1396 /* 1397 * Else we can deliver the data directly. Recalculate 1398 * dlen now since we may have reassembled data. 1399 */ 1400 dlen = dmp->b_wptr - (uchar_t *)dc - sizeof (*dc); 1401 for (pmp = dmp->b_cont; pmp != NULL; pmp = pmp->b_cont) 1402 dlen += pmp->b_wptr - pmp->b_rptr; 1403 ASSERT(sctp->sctp_rxqueued >= dlen); 1404 ASSERT(sctp->sctp_rwnd >= dlen); 1405 1406 /* Deliver the message. */ 1407 sctp->sctp_rxqueued -= dlen; 1408 1409 if (can_deliver) { 1410 1411 dmp->b_rptr = (uchar_t *)(dc + 1); 1412 if (sctp_input_add_ancillary(sctp, &dmp, dc, fp, ipp) == 0) { 1413 dprint(1, ("sctp_data_chunk: delivering %lu bytes\n", 1414 msgdsize(dmp))); 1415 sctp->sctp_rwnd -= dlen; 1416 /* 1417 * Override b_flag for SCTP sockfs internal use 1418 */ 1419 dmp->b_flag = tpfinished ? 0 : SCTP_PARTIAL_DATA; 1420 new_rwnd = sctp->sctp_ulp_recv(sctp->sctp_ulpd, dmp, 1421 msgdsize(dmp), 0, &error, NULL); 1422 if (new_rwnd > sctp->sctp_rwnd) { 1423 sctp->sctp_rwnd = new_rwnd; 1424 } 1425 SCTP_ACK_IT(sctp, tsn); 1426 } else { 1427 /* Just free the message if we don't have memory. */ 1428 freemsg(dmp); 1429 return; 1430 } 1431 } else { 1432 /* About to free the data */ 1433 freemsg(dmp); 1434 SCTP_ACK_IT(sctp, tsn); 1435 } 1436 1437 /* 1438 * data, now enqueued, may already have been processed and free'd 1439 * by the ULP (or we may have just freed it above, if we could not 1440 * deliver it), so we must not reference it (this is why we kept 1441 * the ssn and ubit above). 1442 */ 1443 if (ubit != 0) { 1444 BUMP_LOCAL(sctp->sctp_iudchunks); 1445 goto done; 1446 } 1447 BUMP_LOCAL(sctp->sctp_idchunks); 1448 1449 /* 1450 * If there was a partial delivery and it has not finished, 1451 * don't pull anything from the pqueues. 1452 */ 1453 if (!tpfinished) { 1454 goto done; 1455 } 1456 1457 instr->nextseq = ssn + 1; 1458 /* Deliver any successive data chunks in the instr queue */ 1459 while (instr->istr_nmsgs > 0) { 1460 dmp = (mblk_t *)instr->istr_msgs; 1461 dc = (sctp_data_hdr_t *)dmp->b_rptr; 1462 ssn = ntohs(dc->sdh_ssn); 1463 /* Gap in the sequence */ 1464 if (ssn != instr->nextseq) 1465 break; 1466 1467 /* Else deliver the data */ 1468 (instr->istr_nmsgs)--; 1469 (instr->nextseq)++; 1470 (sctp->sctp_istr_nmsgs)--; 1471 1472 instr->istr_msgs = instr->istr_msgs->b_next; 1473 if (instr->istr_msgs != NULL) 1474 instr->istr_msgs->b_prev = NULL; 1475 dmp->b_next = dmp->b_prev = NULL; 1476 1477 dprint(2, ("data_chunk: pulling %x from pq (ssn %d)\n", 1478 ntohl(dc->sdh_tsn), (int)ssn)); 1479 1480 /* 1481 * If this chunk was reassembled, each b_cont represents 1482 * another TSN; advance ftsn now. 1483 */ 1484 dlen = dmp->b_wptr - dmp->b_rptr - sizeof (*dc); 1485 for (pmp = dmp->b_cont; pmp; pmp = pmp->b_cont) 1486 dlen += pmp->b_wptr - pmp->b_rptr; 1487 1488 ASSERT(sctp->sctp_rxqueued >= dlen); 1489 ASSERT(sctp->sctp_rwnd >= dlen); 1490 1491 sctp->sctp_rxqueued -= dlen; 1492 if (can_deliver) { 1493 dmp->b_rptr = (uchar_t *)(dc + 1); 1494 if (sctp_input_add_ancillary(sctp, &dmp, dc, fp, 1495 ipp) == 0) { 1496 dprint(1, ("sctp_data_chunk: delivering %lu " 1497 "bytes\n", msgdsize(dmp))); 1498 sctp->sctp_rwnd -= dlen; 1499 /* 1500 * Override b_flag for SCTP sockfs internal use 1501 */ 1502 dmp->b_flag = tpfinished ? 1503 0 : SCTP_PARTIAL_DATA; 1504 new_rwnd = sctp->sctp_ulp_recv(sctp->sctp_ulpd, 1505 dmp, msgdsize(dmp), 0, &error, NULL); 1506 if (new_rwnd > sctp->sctp_rwnd) { 1507 sctp->sctp_rwnd = new_rwnd; 1508 } 1509 SCTP_ACK_IT(sctp, tsn); 1510 } else { 1511 freemsg(dmp); 1512 return; 1513 } 1514 } else { 1515 /* About to free the data */ 1516 freemsg(dmp); 1517 SCTP_ACK_IT(sctp, tsn); 1518 } 1519 } 1520 1521 done: 1522 1523 /* 1524 * If there are gap reports pending, check if advancing 1525 * the ftsn here closes a gap. If so, we can advance 1526 * ftsn to the end of the set. 1527 */ 1528 if (sctp->sctp_sack_info != NULL && 1529 sctp->sctp_ftsn == sctp->sctp_sack_info->begin) { 1530 sctp->sctp_ftsn = sctp->sctp_sack_info->end + 1; 1531 } 1532 /* 1533 * If ftsn has moved forward, maybe we can remove gap reports. 1534 * NB: dmp may now be NULL, so don't dereference it here. 1535 */ 1536 if (oftsn != sctp->sctp_ftsn && sctp->sctp_sack_info != NULL) { 1537 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 1538 &sctp->sctp_sack_gaps); 1539 dprint(2, ("data_chunk: removed acks before %x (num=%d)\n", 1540 sctp->sctp_ftsn - 1, sctp->sctp_sack_gaps)); 1541 } 1542 1543 #ifdef DEBUG 1544 if (sctp->sctp_sack_info != NULL) { 1545 ASSERT(sctp->sctp_ftsn != sctp->sctp_sack_info->begin); 1546 } 1547 #endif 1548 1549 #undef SCTP_ACK_IT 1550 } 1551 1552 void 1553 sctp_fill_sack(sctp_t *sctp, unsigned char *dst, int sacklen) 1554 { 1555 sctp_chunk_hdr_t *sch; 1556 sctp_sack_chunk_t *sc; 1557 sctp_sack_frag_t *sf; 1558 uint16_t num_gaps = sctp->sctp_sack_gaps; 1559 sctp_set_t *sp; 1560 1561 /* Chunk hdr */ 1562 sch = (sctp_chunk_hdr_t *)dst; 1563 sch->sch_id = CHUNK_SACK; 1564 sch->sch_flags = 0; 1565 sch->sch_len = htons(sacklen); 1566 1567 /* SACK chunk */ 1568 sctp->sctp_lastacked = sctp->sctp_ftsn - 1; 1569 1570 sc = (sctp_sack_chunk_t *)(sch + 1); 1571 sc->ssc_cumtsn = htonl(sctp->sctp_lastacked); 1572 if (sctp->sctp_rxqueued < sctp->sctp_rwnd) { 1573 sc->ssc_a_rwnd = htonl(sctp->sctp_rwnd - sctp->sctp_rxqueued); 1574 } else { 1575 sc->ssc_a_rwnd = 0; 1576 } 1577 sc->ssc_numfrags = htons(num_gaps); 1578 sc->ssc_numdups = 0; 1579 1580 /* lay in gap reports */ 1581 sf = (sctp_sack_frag_t *)(sc + 1); 1582 for (sp = sctp->sctp_sack_info; sp; sp = sp->next) { 1583 uint16_t offset; 1584 1585 /* start */ 1586 if (sp->begin > sctp->sctp_lastacked) { 1587 offset = (uint16_t)(sp->begin - sctp->sctp_lastacked); 1588 } else { 1589 /* sequence number wrap */ 1590 offset = (uint16_t)(UINT32_MAX - sctp->sctp_lastacked + 1591 sp->begin); 1592 } 1593 sf->ssf_start = htons(offset); 1594 1595 /* end */ 1596 if (sp->end >= sp->begin) { 1597 offset += (uint16_t)(sp->end - sp->begin); 1598 } else { 1599 /* sequence number wrap */ 1600 offset += (uint16_t)(UINT32_MAX - sp->begin + sp->end); 1601 } 1602 sf->ssf_end = htons(offset); 1603 1604 sf++; 1605 /* This is just for debugging (a la the following assertion) */ 1606 num_gaps--; 1607 } 1608 1609 ASSERT(num_gaps == 0); 1610 1611 /* If the SACK timer is running, stop it */ 1612 if (sctp->sctp_ack_timer_running) { 1613 sctp_timer_stop(sctp->sctp_ack_mp); 1614 sctp->sctp_ack_timer_running = B_FALSE; 1615 } 1616 1617 BUMP_LOCAL(sctp->sctp_obchunks); 1618 } 1619 1620 mblk_t * 1621 sctp_make_sack(sctp_t *sctp, sctp_faddr_t *sendto, mblk_t *dups) 1622 { 1623 mblk_t *smp; 1624 size_t slen; 1625 sctp_chunk_hdr_t *sch; 1626 sctp_sack_chunk_t *sc; 1627 int32_t acks_max; 1628 sctp_stack_t *sctps = sctp->sctp_sctps; 1629 uint32_t dups_len; 1630 sctp_faddr_t *fp; 1631 1632 if (sctp->sctp_force_sack) { 1633 sctp->sctp_force_sack = 0; 1634 goto checks_done; 1635 } 1636 1637 acks_max = sctps->sctps_deferred_acks_max; 1638 if (sctp->sctp_state == SCTPS_ESTABLISHED) { 1639 if (sctp->sctp_sack_toggle < acks_max) { 1640 /* no need to SACK right now */ 1641 dprint(2, ("sctp_make_sack: %p no sack (toggle)\n", 1642 (void *)sctp)); 1643 return (NULL); 1644 } else if (sctp->sctp_sack_toggle >= acks_max) { 1645 sctp->sctp_sack_toggle = 0; 1646 } 1647 } 1648 1649 if (sctp->sctp_ftsn == sctp->sctp_lastacked + 1) { 1650 dprint(2, ("sctp_make_sack: %p no sack (already)\n", 1651 (void *)sctp)); 1652 return (NULL); 1653 } 1654 1655 checks_done: 1656 dprint(2, ("sctp_make_sack: acking %x\n", sctp->sctp_ftsn - 1)); 1657 1658 if (dups != NULL) 1659 dups_len = MBLKL(dups); 1660 else 1661 dups_len = 0; 1662 slen = sizeof (*sch) + sizeof (*sc) + 1663 (sizeof (sctp_sack_frag_t) * sctp->sctp_sack_gaps); 1664 1665 /* 1666 * If there are error chunks, check and see if we can send the 1667 * SACK chunk and error chunks together in one packet. If not, 1668 * send the error chunks out now. 1669 */ 1670 if (sctp->sctp_err_chunks != NULL) { 1671 fp = SCTP_CHUNK_DEST(sctp->sctp_err_chunks); 1672 if (sctp->sctp_err_len + slen + dups_len > fp->sfa_pmss) { 1673 if ((smp = sctp_make_mp(sctp, fp, 0)) == NULL) { 1674 SCTP_KSTAT(sctps, sctp_send_err_failed); 1675 SCTP_KSTAT(sctps, sctp_send_sack_failed); 1676 freemsg(sctp->sctp_err_chunks); 1677 sctp->sctp_err_chunks = NULL; 1678 sctp->sctp_err_len = 0; 1679 return (NULL); 1680 } 1681 smp->b_cont = sctp->sctp_err_chunks; 1682 sctp_set_iplen(sctp, smp); 1683 sctp_add_sendq(sctp, smp); 1684 sctp->sctp_err_chunks = NULL; 1685 sctp->sctp_err_len = 0; 1686 } 1687 } 1688 smp = sctp_make_mp(sctp, sendto, slen); 1689 if (smp == NULL) { 1690 SCTP_KSTAT(sctps, sctp_send_sack_failed); 1691 return (NULL); 1692 } 1693 sch = (sctp_chunk_hdr_t *)smp->b_wptr; 1694 1695 sctp_fill_sack(sctp, smp->b_wptr, slen); 1696 smp->b_wptr += slen; 1697 if (dups != NULL) { 1698 sc = (sctp_sack_chunk_t *)(sch + 1); 1699 sc->ssc_numdups = htons(MBLKL(dups) / sizeof (uint32_t)); 1700 sch->sch_len = htons(slen + dups_len); 1701 smp->b_cont = dups; 1702 } 1703 1704 if (sctp->sctp_err_chunks != NULL) { 1705 linkb(smp, sctp->sctp_err_chunks); 1706 sctp->sctp_err_chunks = NULL; 1707 sctp->sctp_err_len = 0; 1708 } 1709 return (smp); 1710 } 1711 1712 /* 1713 * Check and see if we need to send a SACK chunk. If it is needed, 1714 * send it out. Return true if a SACK chunk is sent, false otherwise. 1715 */ 1716 boolean_t 1717 sctp_sack(sctp_t *sctp, mblk_t *dups) 1718 { 1719 mblk_t *smp; 1720 sctp_stack_t *sctps = sctp->sctp_sctps; 1721 1722 /* If we are shutting down, let send_shutdown() bundle the SACK */ 1723 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 1724 sctp_send_shutdown(sctp, 0); 1725 } 1726 1727 ASSERT(sctp->sctp_lastdata != NULL); 1728 1729 if ((smp = sctp_make_sack(sctp, sctp->sctp_lastdata, dups)) == NULL) { 1730 /* The caller of sctp_sack() will not free the dups mblk. */ 1731 if (dups != NULL) 1732 freeb(dups); 1733 return (B_FALSE); 1734 } 1735 sctp_set_iplen(sctp, smp); 1736 1737 dprint(2, ("sctp_sack: sending to %p %x:%x:%x:%x\n", 1738 (void *)sctp->sctp_lastdata, 1739 SCTP_PRINTADDR(sctp->sctp_lastdata->faddr))); 1740 1741 sctp->sctp_active = lbolt64; 1742 1743 BUMP_MIB(&sctps->sctps_mib, sctpOutAck); 1744 sctp_add_sendq(sctp, smp); 1745 return (B_TRUE); 1746 } 1747 1748 /* 1749 * This is called if we have a message that was partially sent and is 1750 * abandoned. The cum TSN will be the last chunk sent for this message, 1751 * subsequent chunks will be marked ABANDONED. We send a Forward TSN 1752 * chunk in this case with the TSN of the last sent chunk so that the 1753 * peer can clean up its fragment list for this message. This message 1754 * will be removed from the transmit list when the peer sends a SACK 1755 * back. 1756 */ 1757 int 1758 sctp_check_abandoned_msg(sctp_t *sctp, mblk_t *meta) 1759 { 1760 sctp_data_hdr_t *dh; 1761 mblk_t *nmp; 1762 mblk_t *head; 1763 int32_t unsent = 0; 1764 mblk_t *mp1 = meta->b_cont; 1765 uint32_t adv_pap = sctp->sctp_adv_pap; 1766 sctp_faddr_t *fp = sctp->sctp_current; 1767 sctp_stack_t *sctps = sctp->sctp_sctps; 1768 1769 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1770 if (SEQ_GEQ(sctp->sctp_lastack_rxd, ntohl(dh->sdh_tsn))) { 1771 sctp_ftsn_set_t *sets = NULL; 1772 uint_t nsets = 0; 1773 uint32_t seglen = sizeof (uint32_t); 1774 boolean_t ubit = SCTP_DATA_GET_UBIT(dh); 1775 1776 while (mp1->b_next != NULL && SCTP_CHUNK_ISSENT(mp1->b_next)) 1777 mp1 = mp1->b_next; 1778 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1779 sctp->sctp_adv_pap = ntohl(dh->sdh_tsn); 1780 if (!ubit && 1781 !sctp_add_ftsn_set(&sets, fp, meta, &nsets, &seglen)) { 1782 sctp->sctp_adv_pap = adv_pap; 1783 return (ENOMEM); 1784 } 1785 nmp = sctp_make_ftsn_chunk(sctp, fp, sets, nsets, seglen); 1786 sctp_free_ftsn_set(sets); 1787 if (nmp == NULL) { 1788 sctp->sctp_adv_pap = adv_pap; 1789 return (ENOMEM); 1790 } 1791 head = sctp_add_proto_hdr(sctp, fp, nmp, 0, NULL); 1792 if (head == NULL) { 1793 sctp->sctp_adv_pap = adv_pap; 1794 freemsg(nmp); 1795 SCTP_KSTAT(sctps, sctp_send_ftsn_failed); 1796 return (ENOMEM); 1797 } 1798 SCTP_MSG_SET_ABANDONED(meta); 1799 sctp_set_iplen(sctp, head); 1800 sctp_add_sendq(sctp, head); 1801 if (!fp->timer_running) 1802 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->rto); 1803 mp1 = mp1->b_next; 1804 while (mp1 != NULL) { 1805 ASSERT(!SCTP_CHUNK_ISSENT(mp1)); 1806 ASSERT(!SCTP_CHUNK_ABANDONED(mp1)); 1807 SCTP_ABANDON_CHUNK(mp1); 1808 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1809 unsent += ntohs(dh->sdh_len) - sizeof (*dh); 1810 mp1 = mp1->b_next; 1811 } 1812 ASSERT(sctp->sctp_unsent >= unsent); 1813 sctp->sctp_unsent -= unsent; 1814 /* 1815 * Update ULP the amount of queued data, which is 1816 * sent-unack'ed + unsent. 1817 */ 1818 if (!SCTP_IS_DETACHED(sctp)) 1819 SCTP_TXQ_UPDATE(sctp); 1820 return (0); 1821 } 1822 return (-1); 1823 } 1824 1825 uint32_t 1826 sctp_cumack(sctp_t *sctp, uint32_t tsn, mblk_t **first_unacked) 1827 { 1828 mblk_t *ump, *nump, *mp = NULL; 1829 uint16_t chunklen; 1830 uint32_t xtsn; 1831 sctp_faddr_t *fp; 1832 sctp_data_hdr_t *sdc; 1833 uint32_t cumack_forward = 0; 1834 sctp_msg_hdr_t *mhdr; 1835 sctp_stack_t *sctps = sctp->sctp_sctps; 1836 1837 ump = sctp->sctp_xmit_head; 1838 1839 /* 1840 * Free messages only when they're completely acked. 1841 */ 1842 while (ump != NULL) { 1843 mhdr = (sctp_msg_hdr_t *)ump->b_rptr; 1844 for (mp = ump->b_cont; mp != NULL; mp = mp->b_next) { 1845 if (SCTP_CHUNK_ABANDONED(mp)) { 1846 ASSERT(SCTP_IS_MSG_ABANDONED(ump)); 1847 mp = NULL; 1848 break; 1849 } 1850 /* 1851 * We check for abandoned message if we are PR-SCTP 1852 * aware, if this is not the first chunk in the 1853 * message (b_cont) and if the message is marked 1854 * abandoned. 1855 */ 1856 if (!SCTP_CHUNK_ISSENT(mp)) { 1857 if (sctp->sctp_prsctp_aware && 1858 mp != ump->b_cont && 1859 (SCTP_IS_MSG_ABANDONED(ump) || 1860 SCTP_MSG_TO_BE_ABANDONED(ump, mhdr, 1861 sctp))) { 1862 (void) sctp_check_abandoned_msg(sctp, 1863 ump); 1864 } 1865 goto cum_ack_done; 1866 } 1867 sdc = (sctp_data_hdr_t *)mp->b_rptr; 1868 xtsn = ntohl(sdc->sdh_tsn); 1869 if (SEQ_GEQ(sctp->sctp_lastack_rxd, xtsn)) 1870 continue; 1871 if (SEQ_GEQ(tsn, xtsn)) { 1872 fp = SCTP_CHUNK_DEST(mp); 1873 chunklen = ntohs(sdc->sdh_len); 1874 1875 if (sctp->sctp_out_time != 0 && 1876 xtsn == sctp->sctp_rtt_tsn) { 1877 /* Got a new RTT measurement */ 1878 sctp_update_rtt(sctp, fp, 1879 lbolt64 - sctp->sctp_out_time); 1880 sctp->sctp_out_time = 0; 1881 } 1882 if (SCTP_CHUNK_ISACKED(mp)) 1883 continue; 1884 SCTP_CHUNK_SET_SACKCNT(mp, 0); 1885 SCTP_CHUNK_ACKED(mp); 1886 ASSERT(fp->suna >= chunklen); 1887 fp->suna -= chunklen; 1888 fp->acked += chunklen; 1889 cumack_forward += chunklen; 1890 ASSERT(sctp->sctp_unacked >= 1891 (chunklen - sizeof (*sdc))); 1892 sctp->sctp_unacked -= 1893 (chunklen - sizeof (*sdc)); 1894 if (fp->suna == 0) { 1895 /* all outstanding data acked */ 1896 fp->pba = 0; 1897 SCTP_FADDR_TIMER_STOP(fp); 1898 } else { 1899 SCTP_FADDR_TIMER_RESTART(sctp, fp, 1900 fp->rto); 1901 } 1902 } else { 1903 goto cum_ack_done; 1904 } 1905 } 1906 nump = ump->b_next; 1907 if (nump != NULL) 1908 nump->b_prev = NULL; 1909 if (ump == sctp->sctp_xmit_tail) 1910 sctp->sctp_xmit_tail = nump; 1911 if (SCTP_IS_MSG_ABANDONED(ump)) { 1912 BUMP_LOCAL(sctp->sctp_prsctpdrop); 1913 ump->b_next = NULL; 1914 sctp_sendfail_event(sctp, ump, 0, B_TRUE); 1915 } else { 1916 sctp_free_msg(ump); 1917 } 1918 sctp->sctp_xmit_head = ump = nump; 1919 } 1920 cum_ack_done: 1921 *first_unacked = mp; 1922 if (cumack_forward > 0) { 1923 BUMP_MIB(&sctps->sctps_mib, sctpInAck); 1924 if (SEQ_GT(sctp->sctp_lastack_rxd, sctp->sctp_recovery_tsn)) { 1925 sctp->sctp_recovery_tsn = sctp->sctp_lastack_rxd; 1926 } 1927 1928 /* 1929 * Update ULP the amount of queued data, which is 1930 * sent-unack'ed + unsent. 1931 */ 1932 if (!SCTP_IS_DETACHED(sctp)) 1933 SCTP_TXQ_UPDATE(sctp); 1934 1935 /* Time to send a shutdown? */ 1936 if (sctp->sctp_state == SCTPS_SHUTDOWN_PENDING) { 1937 sctp_send_shutdown(sctp, 0); 1938 } 1939 sctp->sctp_xmit_unacked = mp; 1940 } else { 1941 /* dup ack */ 1942 BUMP_MIB(&sctps->sctps_mib, sctpInDupAck); 1943 } 1944 sctp->sctp_lastack_rxd = tsn; 1945 if (SEQ_LT(sctp->sctp_adv_pap, sctp->sctp_lastack_rxd)) 1946 sctp->sctp_adv_pap = sctp->sctp_lastack_rxd; 1947 ASSERT(sctp->sctp_xmit_head || sctp->sctp_unacked == 0); 1948 1949 return (cumack_forward); 1950 } 1951 1952 static int 1953 sctp_set_frwnd(sctp_t *sctp, uint32_t frwnd) 1954 { 1955 uint32_t orwnd; 1956 1957 if (sctp->sctp_unacked > frwnd) { 1958 sctp->sctp_frwnd = 0; 1959 return (0); 1960 } 1961 orwnd = sctp->sctp_frwnd; 1962 sctp->sctp_frwnd = frwnd - sctp->sctp_unacked; 1963 if (orwnd < sctp->sctp_frwnd) { 1964 return (1); 1965 } else { 1966 return (0); 1967 } 1968 } 1969 1970 /* 1971 * For un-ordered messages. 1972 * Walk the sctp->sctp_uo_frag list and remove any fragments with TSN 1973 * less than/equal to ftsn. Fragments for un-ordered messages are 1974 * strictly in sequence (w.r.t TSN). 1975 */ 1976 static int 1977 sctp_ftsn_check_uo_frag(sctp_t *sctp, uint32_t ftsn) 1978 { 1979 mblk_t *hmp; 1980 mblk_t *hmp_next; 1981 sctp_data_hdr_t *dc; 1982 int dlen = 0; 1983 1984 hmp = sctp->sctp_uo_frags; 1985 while (hmp != NULL) { 1986 hmp_next = hmp->b_next; 1987 dc = (sctp_data_hdr_t *)hmp->b_rptr; 1988 if (SEQ_GT(ntohl(dc->sdh_tsn), ftsn)) 1989 return (dlen); 1990 sctp->sctp_uo_frags = hmp_next; 1991 if (hmp_next != NULL) 1992 hmp_next->b_prev = NULL; 1993 hmp->b_next = NULL; 1994 dlen += ntohs(dc->sdh_len) - sizeof (*dc); 1995 freeb(hmp); 1996 hmp = hmp_next; 1997 } 1998 return (dlen); 1999 } 2000 2001 /* 2002 * For ordered messages. 2003 * Check for existing fragments for an sid-ssn pair reported as abandoned, 2004 * hence will not receive, in the Forward TSN. If there are fragments, then 2005 * we just nuke them. If and when Partial Delivery API is supported, we 2006 * would need to send a notification to the upper layer about this. 2007 */ 2008 static int 2009 sctp_ftsn_check_frag(sctp_t *sctp, uint16_t ssn, sctp_instr_t *sip) 2010 { 2011 sctp_reass_t *srp; 2012 mblk_t *hmp; 2013 mblk_t *dmp; 2014 mblk_t *hmp_next; 2015 sctp_data_hdr_t *dc; 2016 int dlen = 0; 2017 2018 hmp = sip->istr_reass; 2019 while (hmp != NULL) { 2020 hmp_next = hmp->b_next; 2021 srp = (sctp_reass_t *)DB_BASE(hmp); 2022 if (SSN_GT(srp->ssn, ssn)) 2023 return (dlen); 2024 /* 2025 * If we had sent part of this message up, send a partial 2026 * delivery event. Since this is ordered delivery, we should 2027 * have sent partial message only for the next in sequence, 2028 * hence the ASSERT. See comments in sctp_data_chunk() for 2029 * trypartial. 2030 */ 2031 if (srp->partial_delivered) { 2032 ASSERT(sip->nextseq == srp->ssn); 2033 sctp_partial_delivery_event(sctp); 2034 } 2035 /* Take it out of the reass queue */ 2036 sip->istr_reass = hmp_next; 2037 if (hmp_next != NULL) 2038 hmp_next->b_prev = NULL; 2039 hmp->b_next = NULL; 2040 ASSERT(hmp->b_prev == NULL); 2041 dmp = hmp; 2042 ASSERT(DB_TYPE(hmp) == M_CTL); 2043 dmp = hmp->b_cont; 2044 hmp->b_cont = NULL; 2045 freeb(hmp); 2046 hmp = dmp; 2047 while (dmp != NULL) { 2048 dc = (sctp_data_hdr_t *)dmp->b_rptr; 2049 dlen += ntohs(dc->sdh_len) - sizeof (*dc); 2050 dmp = dmp->b_cont; 2051 } 2052 freemsg(hmp); 2053 hmp = hmp_next; 2054 } 2055 return (dlen); 2056 } 2057 2058 /* 2059 * Update sctp_ftsn to the cumulative TSN from the Forward TSN chunk. Remove 2060 * any SACK gaps less than the newly updated sctp_ftsn. Walk through the 2061 * sid-ssn pair in the Forward TSN and for each, clean the fragment list 2062 * for this pair, if needed, and check if we can deliver subsequent 2063 * messages, if any, from the instream queue (that were waiting for this 2064 * sid-ssn message to show up). Once we are done try to update the SACK 2065 * info. We could get a duplicate Forward TSN, in which case just send 2066 * a SACK. If any of the sid values in the the Forward TSN is invalid, 2067 * send back an "Invalid Stream Identifier" error and continue processing 2068 * the rest. 2069 */ 2070 static void 2071 sctp_process_forward_tsn(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp, 2072 ip6_pkt_t *ipp) 2073 { 2074 uint32_t *ftsn = (uint32_t *)(ch + 1); 2075 ftsn_entry_t *ftsn_entry; 2076 sctp_instr_t *instr; 2077 boolean_t can_deliver = B_TRUE; 2078 size_t dlen; 2079 int flen; 2080 mblk_t *dmp; 2081 mblk_t *pmp; 2082 sctp_data_hdr_t *dc; 2083 ssize_t remaining; 2084 sctp_stack_t *sctps = sctp->sctp_sctps; 2085 2086 *ftsn = ntohl(*ftsn); 2087 remaining = ntohs(ch->sch_len) - sizeof (*ch) - sizeof (*ftsn); 2088 2089 if (SCTP_IS_DETACHED(sctp)) { 2090 BUMP_MIB(&sctps->sctps_mib, sctpInClosed); 2091 can_deliver = B_FALSE; 2092 } 2093 /* 2094 * un-ordered messages don't have SID-SSN pair entries, we check 2095 * for any fragments (for un-ordered message) to be discarded using 2096 * the cumulative FTSN. 2097 */ 2098 flen = sctp_ftsn_check_uo_frag(sctp, *ftsn); 2099 if (flen > 0) { 2100 ASSERT(sctp->sctp_rxqueued >= flen); 2101 sctp->sctp_rxqueued -= flen; 2102 } 2103 ftsn_entry = (ftsn_entry_t *)(ftsn + 1); 2104 while (remaining >= sizeof (*ftsn_entry)) { 2105 ftsn_entry->ftsn_sid = ntohs(ftsn_entry->ftsn_sid); 2106 ftsn_entry->ftsn_ssn = ntohs(ftsn_entry->ftsn_ssn); 2107 if (ftsn_entry->ftsn_sid >= sctp->sctp_num_istr) { 2108 uint16_t inval_parm[2]; 2109 2110 inval_parm[0] = htons(ftsn_entry->ftsn_sid); 2111 /* RESERVED to be ignored at the receiving end */ 2112 inval_parm[1] = 0; 2113 sctp_add_err(sctp, SCTP_ERR_BAD_SID, inval_parm, 2114 sizeof (inval_parm), fp); 2115 ftsn_entry++; 2116 remaining -= sizeof (*ftsn_entry); 2117 continue; 2118 } 2119 instr = &sctp->sctp_instr[ftsn_entry->ftsn_sid]; 2120 flen = sctp_ftsn_check_frag(sctp, ftsn_entry->ftsn_ssn, instr); 2121 /* Indicates frags were nuked, update rxqueued */ 2122 if (flen > 0) { 2123 ASSERT(sctp->sctp_rxqueued >= flen); 2124 sctp->sctp_rxqueued -= flen; 2125 } 2126 /* 2127 * It is possible to receive an FTSN chunk with SSN smaller 2128 * than then nextseq if this chunk is a retransmission because 2129 * of incomplete processing when it was first processed. 2130 */ 2131 if (SSN_GE(ftsn_entry->ftsn_ssn, instr->nextseq)) 2132 instr->nextseq = ftsn_entry->ftsn_ssn + 1; 2133 while (instr->istr_nmsgs > 0) { 2134 mblk_t *next; 2135 2136 dmp = (mblk_t *)instr->istr_msgs; 2137 dc = (sctp_data_hdr_t *)dmp->b_rptr; 2138 if (ntohs(dc->sdh_ssn) != instr->nextseq) 2139 break; 2140 2141 next = dmp->b_next; 2142 dlen = dmp->b_wptr - dmp->b_rptr - sizeof (*dc); 2143 for (pmp = dmp->b_cont; pmp != NULL; 2144 pmp = pmp->b_cont) { 2145 dlen += pmp->b_wptr - pmp->b_rptr; 2146 } 2147 if (can_deliver) { 2148 int32_t nrwnd; 2149 int error; 2150 2151 dmp->b_rptr = (uchar_t *)(dc + 1); 2152 dmp->b_next = NULL; 2153 ASSERT(dmp->b_prev == NULL); 2154 if (sctp_input_add_ancillary(sctp, 2155 &dmp, dc, fp, ipp) == 0) { 2156 sctp->sctp_rxqueued -= dlen; 2157 sctp->sctp_rwnd -= dlen; 2158 /* 2159 * Override b_flag for SCTP sockfs 2160 * internal use 2161 */ 2162 2163 dmp->b_flag = 0; 2164 nrwnd = sctp->sctp_ulp_recv( 2165 sctp->sctp_ulpd, dmp, msgdsize(dmp), 2166 0, &error, NULL); 2167 if (nrwnd > sctp->sctp_rwnd) 2168 sctp->sctp_rwnd = nrwnd; 2169 } else { 2170 /* 2171 * We will resume processing when 2172 * the FTSN chunk is re-xmitted. 2173 */ 2174 dmp->b_rptr = (uchar_t *)dc; 2175 dmp->b_next = next; 2176 dprint(0, 2177 ("FTSN dequeuing %u failed\n", 2178 ntohs(dc->sdh_ssn))); 2179 return; 2180 } 2181 } else { 2182 sctp->sctp_rxqueued -= dlen; 2183 ASSERT(dmp->b_prev == NULL); 2184 dmp->b_next = NULL; 2185 freemsg(dmp); 2186 } 2187 instr->istr_nmsgs--; 2188 instr->nextseq++; 2189 sctp->sctp_istr_nmsgs--; 2190 if (next != NULL) 2191 next->b_prev = NULL; 2192 instr->istr_msgs = next; 2193 } 2194 ftsn_entry++; 2195 remaining -= sizeof (*ftsn_entry); 2196 } 2197 /* Duplicate FTSN */ 2198 if (*ftsn <= (sctp->sctp_ftsn - 1)) { 2199 sctp->sctp_force_sack = 1; 2200 return; 2201 } 2202 /* Advance cum TSN to that reported in the Forward TSN chunk */ 2203 sctp->sctp_ftsn = *ftsn + 1; 2204 2205 /* Remove all the SACK gaps before the new cum TSN */ 2206 if (sctp->sctp_sack_info != NULL) { 2207 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 2208 &sctp->sctp_sack_gaps); 2209 } 2210 /* 2211 * If there are gap reports pending, check if advancing 2212 * the ftsn here closes a gap. If so, we can advance 2213 * ftsn to the end of the set. 2214 * If ftsn has moved forward, maybe we can remove gap reports. 2215 */ 2216 if (sctp->sctp_sack_info != NULL && 2217 sctp->sctp_ftsn == sctp->sctp_sack_info->begin) { 2218 sctp->sctp_ftsn = sctp->sctp_sack_info->end + 1; 2219 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 2220 &sctp->sctp_sack_gaps); 2221 } 2222 } 2223 2224 /* 2225 * When we have processed a SACK we check to see if we can advance the 2226 * cumulative TSN if there are abandoned chunks immediately following 2227 * the updated cumulative TSN. If there are, we attempt to send a 2228 * Forward TSN chunk. 2229 */ 2230 static void 2231 sctp_check_abandoned_data(sctp_t *sctp, sctp_faddr_t *fp) 2232 { 2233 mblk_t *meta = sctp->sctp_xmit_head; 2234 mblk_t *mp; 2235 mblk_t *nmp; 2236 uint32_t seglen; 2237 uint32_t adv_pap = sctp->sctp_adv_pap; 2238 2239 /* 2240 * We only check in the first meta since otherwise we can't 2241 * advance the cumulative ack point. We just look for chunks 2242 * marked for retransmission, else we might prematurely 2243 * send an FTSN for a sent, but unacked, chunk. 2244 */ 2245 for (mp = meta->b_cont; mp != NULL; mp = mp->b_next) { 2246 if (!SCTP_CHUNK_ISSENT(mp)) 2247 return; 2248 if (SCTP_CHUNK_WANT_REXMIT(mp)) 2249 break; 2250 } 2251 if (mp == NULL) 2252 return; 2253 sctp_check_adv_ack_pt(sctp, meta, mp); 2254 if (SEQ_GT(sctp->sctp_adv_pap, adv_pap)) { 2255 sctp_make_ftsns(sctp, meta, mp, &nmp, fp, &seglen); 2256 if (nmp == NULL) { 2257 sctp->sctp_adv_pap = adv_pap; 2258 if (!fp->timer_running) 2259 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->rto); 2260 return; 2261 } 2262 sctp_set_iplen(sctp, nmp); 2263 sctp_add_sendq(sctp, nmp); 2264 if (!fp->timer_running) 2265 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->rto); 2266 } 2267 } 2268 2269 /* 2270 * The processing here follows the same logic in sctp_got_sack(), the reason 2271 * we do this separately is because, usually, gap blocks are ordered and 2272 * we can process it in sctp_got_sack(). However if they aren't we would 2273 * need to do some additional non-optimal stuff when we start processing the 2274 * unordered gaps. To that effect sctp_got_sack() does the processing in the 2275 * simple case and this does the same in the more involved case. 2276 */ 2277 static uint32_t 2278 sctp_process_uo_gaps(sctp_t *sctp, uint32_t ctsn, sctp_sack_frag_t *ssf, 2279 int num_gaps, mblk_t *umphead, mblk_t *mphead, int *trysend, 2280 boolean_t *fast_recovery, uint32_t fr_xtsn) 2281 { 2282 uint32_t xtsn; 2283 uint32_t gapstart = 0; 2284 uint32_t gapend = 0; 2285 int gapcnt; 2286 uint16_t chunklen; 2287 sctp_data_hdr_t *sdc; 2288 int gstart; 2289 mblk_t *ump = umphead; 2290 mblk_t *mp = mphead; 2291 sctp_faddr_t *fp; 2292 uint32_t acked = 0; 2293 sctp_stack_t *sctps = sctp->sctp_sctps; 2294 2295 /* 2296 * gstart tracks the last (in the order of TSN) gapstart that 2297 * we process in this SACK gaps walk. 2298 */ 2299 gstart = ctsn; 2300 2301 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2302 xtsn = ntohl(sdc->sdh_tsn); 2303 for (gapcnt = 0; gapcnt < num_gaps; gapcnt++, ssf++) { 2304 if (gapstart != 0) { 2305 /* 2306 * If we have reached the end of the transmit list or 2307 * hit an unsent chunk or encountered an unordered gap 2308 * block start from the ctsn again. 2309 */ 2310 if (ump == NULL || !SCTP_CHUNK_ISSENT(mp) || 2311 SEQ_LT(ctsn + ntohs(ssf->ssf_start), xtsn)) { 2312 ump = umphead; 2313 mp = mphead; 2314 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2315 xtsn = ntohl(sdc->sdh_tsn); 2316 } 2317 } 2318 2319 gapstart = ctsn + ntohs(ssf->ssf_start); 2320 gapend = ctsn + ntohs(ssf->ssf_end); 2321 2322 /* SACK for TSN we have not sent - ABORT */ 2323 if (SEQ_GT(gapstart, sctp->sctp_ltsn - 1) || 2324 SEQ_GT(gapend, sctp->sctp_ltsn - 1)) { 2325 BUMP_MIB(&sctps->sctps_mib, sctpInAckUnsent); 2326 *trysend = -1; 2327 return (acked); 2328 } else if (SEQ_LT(gapend, gapstart)) { 2329 break; 2330 } 2331 /* 2332 * The xtsn can be the TSN processed for the last gap 2333 * (gapend) or it could be the cumulative TSN. We continue 2334 * with the last xtsn as long as the gaps are ordered, when 2335 * we hit an unordered gap, we re-start from the cumulative 2336 * TSN. For the first gap it is always the cumulative TSN. 2337 */ 2338 while (xtsn != gapstart) { 2339 /* 2340 * We can't reliably check for reneged chunks 2341 * when walking the unordered list, so we don't. 2342 * In case the peer reneges then we will end up 2343 * sending the reneged chunk via timeout. 2344 */ 2345 mp = mp->b_next; 2346 if (mp == NULL) { 2347 ump = ump->b_next; 2348 /* 2349 * ump can't be NULL because of the sanity 2350 * check above. 2351 */ 2352 ASSERT(ump != NULL); 2353 mp = ump->b_cont; 2354 } 2355 /* 2356 * mp can't be unsent because of the sanity check 2357 * above. 2358 */ 2359 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2360 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2361 xtsn = ntohl(sdc->sdh_tsn); 2362 } 2363 /* 2364 * Now that we have found the chunk with TSN == 'gapstart', 2365 * let's walk till we hit the chunk with TSN == 'gapend'. 2366 * All intermediate chunks will be marked ACKED, if they 2367 * haven't already been. 2368 */ 2369 while (SEQ_LEQ(xtsn, gapend)) { 2370 /* 2371 * SACKed 2372 */ 2373 SCTP_CHUNK_SET_SACKCNT(mp, 0); 2374 if (!SCTP_CHUNK_ISACKED(mp)) { 2375 SCTP_CHUNK_ACKED(mp); 2376 2377 fp = SCTP_CHUNK_DEST(mp); 2378 chunklen = ntohs(sdc->sdh_len); 2379 ASSERT(fp->suna >= chunklen); 2380 fp->suna -= chunklen; 2381 if (fp->suna == 0) { 2382 /* All outstanding data acked. */ 2383 fp->pba = 0; 2384 SCTP_FADDR_TIMER_STOP(fp); 2385 } 2386 fp->acked += chunklen; 2387 acked += chunklen; 2388 sctp->sctp_unacked -= chunklen - sizeof (*sdc); 2389 ASSERT(sctp->sctp_unacked >= 0); 2390 } 2391 /* 2392 * Move to the next message in the transmit list 2393 * if we are done with all the chunks from the current 2394 * message. Note, it is possible to hit the end of the 2395 * transmit list here, i.e. if we have already completed 2396 * processing the gap block. 2397 */ 2398 mp = mp->b_next; 2399 if (mp == NULL) { 2400 ump = ump->b_next; 2401 if (ump == NULL) { 2402 ASSERT(xtsn == gapend); 2403 break; 2404 } 2405 mp = ump->b_cont; 2406 } 2407 /* 2408 * Likewise, we can hit an unsent chunk once we have 2409 * completed processing the gap block. 2410 */ 2411 if (!SCTP_CHUNK_ISSENT(mp)) { 2412 ASSERT(xtsn == gapend); 2413 break; 2414 } 2415 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2416 xtsn = ntohl(sdc->sdh_tsn); 2417 } 2418 /* 2419 * We keep track of the last gap we successfully processed 2420 * so that we can terminate the walk below for incrementing 2421 * the SACK count. 2422 */ 2423 if (SEQ_LT(gstart, gapstart)) 2424 gstart = gapstart; 2425 } 2426 /* 2427 * Check if have incremented the SACK count for all unacked TSNs in 2428 * sctp_got_sack(), if so we are done. 2429 */ 2430 if (SEQ_LEQ(gstart, fr_xtsn)) 2431 return (acked); 2432 2433 ump = umphead; 2434 mp = mphead; 2435 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2436 xtsn = ntohl(sdc->sdh_tsn); 2437 while (SEQ_LT(xtsn, gstart)) { 2438 /* 2439 * We have incremented SACK count for TSNs less than fr_tsn 2440 * in sctp_got_sack(), so don't increment them again here. 2441 */ 2442 if (SEQ_GT(xtsn, fr_xtsn) && !SCTP_CHUNK_ISACKED(mp)) { 2443 SCTP_CHUNK_SET_SACKCNT(mp, SCTP_CHUNK_SACKCNT(mp) + 1); 2444 if (SCTP_CHUNK_SACKCNT(mp) == 2445 sctps->sctps_fast_rxt_thresh) { 2446 SCTP_CHUNK_REXMIT(mp); 2447 sctp->sctp_chk_fast_rexmit = B_TRUE; 2448 *trysend = 1; 2449 if (!*fast_recovery) { 2450 /* 2451 * Entering fast recovery. 2452 */ 2453 fp = SCTP_CHUNK_DEST(mp); 2454 fp->ssthresh = fp->cwnd / 2; 2455 if (fp->ssthresh < 2 * fp->sfa_pmss) { 2456 fp->ssthresh = 2457 2 * fp->sfa_pmss; 2458 } 2459 fp->cwnd = fp->ssthresh; 2460 fp->pba = 0; 2461 sctp->sctp_recovery_tsn = 2462 sctp->sctp_ltsn - 1; 2463 *fast_recovery = B_TRUE; 2464 } 2465 } 2466 } 2467 mp = mp->b_next; 2468 if (mp == NULL) { 2469 ump = ump->b_next; 2470 /* We can't get to the end of the transmit list here */ 2471 ASSERT(ump != NULL); 2472 mp = ump->b_cont; 2473 } 2474 /* We can't hit an unsent chunk here */ 2475 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2476 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2477 xtsn = ntohl(sdc->sdh_tsn); 2478 } 2479 return (acked); 2480 } 2481 2482 static int 2483 sctp_got_sack(sctp_t *sctp, sctp_chunk_hdr_t *sch) 2484 { 2485 sctp_sack_chunk_t *sc; 2486 sctp_data_hdr_t *sdc; 2487 sctp_sack_frag_t *ssf; 2488 mblk_t *ump; 2489 mblk_t *mp; 2490 mblk_t *mp1; 2491 uint32_t cumtsn; 2492 uint32_t xtsn; 2493 uint32_t gapstart = 0; 2494 uint32_t gapend = 0; 2495 uint32_t acked = 0; 2496 uint16_t chunklen; 2497 sctp_faddr_t *fp; 2498 int num_gaps; 2499 int trysend = 0; 2500 int i; 2501 boolean_t fast_recovery = B_FALSE; 2502 boolean_t cumack_forward = B_FALSE; 2503 boolean_t fwd_tsn = B_FALSE; 2504 sctp_stack_t *sctps = sctp->sctp_sctps; 2505 2506 BUMP_LOCAL(sctp->sctp_ibchunks); 2507 chunklen = ntohs(sch->sch_len); 2508 if (chunklen < (sizeof (*sch) + sizeof (*sc))) 2509 return (0); 2510 2511 sc = (sctp_sack_chunk_t *)(sch + 1); 2512 cumtsn = ntohl(sc->ssc_cumtsn); 2513 2514 dprint(2, ("got sack cumtsn %x -> %x\n", sctp->sctp_lastack_rxd, 2515 cumtsn)); 2516 2517 /* out of order */ 2518 if (SEQ_LT(cumtsn, sctp->sctp_lastack_rxd)) 2519 return (0); 2520 2521 if (SEQ_GT(cumtsn, sctp->sctp_ltsn - 1)) { 2522 BUMP_MIB(&sctps->sctps_mib, sctpInAckUnsent); 2523 /* Send an ABORT */ 2524 return (-1); 2525 } 2526 2527 /* 2528 * Cwnd only done when not in fast recovery mode. 2529 */ 2530 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_recovery_tsn)) 2531 fast_recovery = B_TRUE; 2532 2533 /* 2534 * .. and if the cum TSN is not moving ahead on account Forward TSN 2535 */ 2536 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_adv_pap)) 2537 fwd_tsn = B_TRUE; 2538 2539 if (cumtsn == sctp->sctp_lastack_rxd && 2540 (sctp->sctp_xmit_unacked == NULL || 2541 !SCTP_CHUNK_ABANDONED(sctp->sctp_xmit_unacked))) { 2542 if (sctp->sctp_xmit_unacked != NULL) 2543 mp = sctp->sctp_xmit_unacked; 2544 else if (sctp->sctp_xmit_head != NULL) 2545 mp = sctp->sctp_xmit_head->b_cont; 2546 else 2547 mp = NULL; 2548 BUMP_MIB(&sctps->sctps_mib, sctpInDupAck); 2549 /* 2550 * If we were doing a zero win probe and the win 2551 * has now opened to at least MSS, re-transmit the 2552 * zero win probe via sctp_rexmit_packet(). 2553 */ 2554 if (mp != NULL && sctp->sctp_zero_win_probe && 2555 ntohl(sc->ssc_a_rwnd) >= sctp->sctp_current->sfa_pmss) { 2556 mblk_t *pkt; 2557 uint_t pkt_len; 2558 mblk_t *mp1 = mp; 2559 mblk_t *meta = sctp->sctp_xmit_head; 2560 2561 /* 2562 * Reset the RTO since we have been backing-off 2563 * to send the ZWP. 2564 */ 2565 fp = sctp->sctp_current; 2566 fp->rto = fp->srtt + 4 * fp->rttvar; 2567 /* Resend the ZWP */ 2568 pkt = sctp_rexmit_packet(sctp, &meta, &mp1, fp, 2569 &pkt_len); 2570 if (pkt == NULL) { 2571 SCTP_KSTAT(sctps, sctp_ss_rexmit_failed); 2572 return (0); 2573 } 2574 ASSERT(pkt_len <= fp->sfa_pmss); 2575 sctp->sctp_zero_win_probe = B_FALSE; 2576 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn; 2577 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn; 2578 sctp_set_iplen(sctp, pkt); 2579 sctp_add_sendq(sctp, pkt); 2580 } 2581 } else { 2582 if (sctp->sctp_zero_win_probe) { 2583 /* 2584 * Reset the RTO since we have been backing-off 2585 * to send the ZWP. 2586 */ 2587 fp = sctp->sctp_current; 2588 fp->rto = fp->srtt + 4 * fp->rttvar; 2589 sctp->sctp_zero_win_probe = B_FALSE; 2590 /* This is probably not required */ 2591 if (!sctp->sctp_rexmitting) { 2592 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn; 2593 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn; 2594 } 2595 } 2596 acked = sctp_cumack(sctp, cumtsn, &mp); 2597 sctp->sctp_xmit_unacked = mp; 2598 if (acked > 0) { 2599 trysend = 1; 2600 cumack_forward = B_TRUE; 2601 if (fwd_tsn && SEQ_GEQ(sctp->sctp_lastack_rxd, 2602 sctp->sctp_adv_pap)) { 2603 cumack_forward = B_FALSE; 2604 } 2605 } 2606 } 2607 num_gaps = ntohs(sc->ssc_numfrags); 2608 if (num_gaps == 0 || mp == NULL || !SCTP_CHUNK_ISSENT(mp) || 2609 chunklen < (sizeof (*sch) + sizeof (*sc) + 2610 num_gaps * sizeof (*ssf))) { 2611 goto ret; 2612 } 2613 #ifdef DEBUG 2614 /* 2615 * Since we delete any message that has been acked completely, 2616 * the unacked chunk must belong to sctp_xmit_head (as 2617 * we don't have a back pointer from the mp to the meta data 2618 * we do this). 2619 */ 2620 { 2621 mblk_t *mp2 = sctp->sctp_xmit_head->b_cont; 2622 2623 while (mp2 != NULL) { 2624 if (mp2 == mp) 2625 break; 2626 mp2 = mp2->b_next; 2627 } 2628 ASSERT(mp2 != NULL); 2629 } 2630 #endif 2631 ump = sctp->sctp_xmit_head; 2632 2633 /* 2634 * Just remember where we started from, in case we need to call 2635 * sctp_process_uo_gaps() if the gap blocks are unordered. 2636 */ 2637 mp1 = mp; 2638 2639 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2640 xtsn = ntohl(sdc->sdh_tsn); 2641 ASSERT(xtsn == cumtsn + 1); 2642 2643 /* 2644 * Go through SACK gaps. They are ordered based on start TSN. 2645 */ 2646 ssf = (sctp_sack_frag_t *)(sc + 1); 2647 for (i = 0; i < num_gaps; i++, ssf++) { 2648 if (gapstart != 0) { 2649 /* check for unordered gap */ 2650 if (SEQ_LEQ(cumtsn + ntohs(ssf->ssf_start), gapstart)) { 2651 acked += sctp_process_uo_gaps(sctp, 2652 cumtsn, ssf, num_gaps - i, 2653 sctp->sctp_xmit_head, mp1, 2654 &trysend, &fast_recovery, gapstart); 2655 if (trysend < 0) { 2656 BUMP_MIB(&sctps->sctps_mib, 2657 sctpInAckUnsent); 2658 return (-1); 2659 } 2660 break; 2661 } 2662 } 2663 gapstart = cumtsn + ntohs(ssf->ssf_start); 2664 gapend = cumtsn + ntohs(ssf->ssf_end); 2665 2666 /* SACK for TSN we have not sent - ABORT */ 2667 if (SEQ_GT(gapstart, sctp->sctp_ltsn - 1) || 2668 SEQ_GT(gapend, sctp->sctp_ltsn - 1)) { 2669 BUMP_MIB(&sctps->sctps_mib, sctpInAckUnsent); 2670 return (-1); 2671 } else if (SEQ_LT(gapend, gapstart)) { 2672 break; 2673 } 2674 /* 2675 * Let's start at the current TSN (for the 1st gap we start 2676 * from the cumulative TSN, for subsequent ones we start from 2677 * where the previous gapend was found - second while loop 2678 * below) and walk the transmit list till we find the TSN 2679 * corresponding to gapstart. All the unacked chunks till we 2680 * get to the chunk with TSN == gapstart will have their 2681 * SACKCNT incremented by 1. Note since the gap blocks are 2682 * ordered, we won't be incrementing the SACKCNT for an 2683 * unacked chunk by more than one while processing the gap 2684 * blocks. If the SACKCNT for any unacked chunk exceeds 2685 * the fast retransmit threshold, we will fast retransmit 2686 * after processing all the gap blocks. 2687 */ 2688 ASSERT(SEQ_LT(xtsn, gapstart)); 2689 while (xtsn != gapstart) { 2690 SCTP_CHUNK_SET_SACKCNT(mp, SCTP_CHUNK_SACKCNT(mp) + 1); 2691 if (SCTP_CHUNK_SACKCNT(mp) == 2692 sctps->sctps_fast_rxt_thresh) { 2693 SCTP_CHUNK_REXMIT(mp); 2694 sctp->sctp_chk_fast_rexmit = B_TRUE; 2695 trysend = 1; 2696 if (!fast_recovery) { 2697 /* 2698 * Entering fast recovery. 2699 */ 2700 fp = SCTP_CHUNK_DEST(mp); 2701 fp->ssthresh = fp->cwnd / 2; 2702 if (fp->ssthresh < 2 * fp->sfa_pmss) { 2703 fp->ssthresh = 2704 2 * fp->sfa_pmss; 2705 } 2706 fp->cwnd = fp->ssthresh; 2707 fp->pba = 0; 2708 sctp->sctp_recovery_tsn = 2709 sctp->sctp_ltsn - 1; 2710 fast_recovery = B_TRUE; 2711 } 2712 } 2713 2714 /* 2715 * Peer may have reneged on this chunk, so un-sack 2716 * it now. If the peer did renege, we need to 2717 * readjust unacked. 2718 */ 2719 if (SCTP_CHUNK_ISACKED(mp)) { 2720 chunklen = ntohs(sdc->sdh_len); 2721 fp = SCTP_CHUNK_DEST(mp); 2722 fp->suna += chunklen; 2723 sctp->sctp_unacked += chunklen - sizeof (*sdc); 2724 SCTP_CHUNK_CLEAR_ACKED(mp); 2725 if (!fp->timer_running) { 2726 SCTP_FADDR_TIMER_RESTART(sctp, fp, 2727 fp->rto); 2728 } 2729 } 2730 2731 mp = mp->b_next; 2732 if (mp == NULL) { 2733 ump = ump->b_next; 2734 /* 2735 * ump can't be NULL given the sanity check 2736 * above. 2737 */ 2738 ASSERT(ump != NULL); 2739 mp = ump->b_cont; 2740 } 2741 /* 2742 * mp can't be unsent given the sanity check above. 2743 */ 2744 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2745 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2746 xtsn = ntohl(sdc->sdh_tsn); 2747 } 2748 /* 2749 * Now that we have found the chunk with TSN == 'gapstart', 2750 * let's walk till we hit the chunk with TSN == 'gapend'. 2751 * All intermediate chunks will be marked ACKED, if they 2752 * haven't already been. 2753 */ 2754 while (SEQ_LEQ(xtsn, gapend)) { 2755 /* 2756 * SACKed 2757 */ 2758 SCTP_CHUNK_SET_SACKCNT(mp, 0); 2759 if (!SCTP_CHUNK_ISACKED(mp)) { 2760 SCTP_CHUNK_ACKED(mp); 2761 2762 fp = SCTP_CHUNK_DEST(mp); 2763 chunklen = ntohs(sdc->sdh_len); 2764 ASSERT(fp->suna >= chunklen); 2765 fp->suna -= chunklen; 2766 if (fp->suna == 0) { 2767 /* All outstanding data acked. */ 2768 fp->pba = 0; 2769 SCTP_FADDR_TIMER_STOP(fp); 2770 } 2771 fp->acked += chunklen; 2772 acked += chunklen; 2773 sctp->sctp_unacked -= chunklen - sizeof (*sdc); 2774 ASSERT(sctp->sctp_unacked >= 0); 2775 } 2776 /* Go to the next chunk of the current message */ 2777 mp = mp->b_next; 2778 /* 2779 * Move to the next message in the transmit list 2780 * if we are done with all the chunks from the current 2781 * message. Note, it is possible to hit the end of the 2782 * transmit list here, i.e. if we have already completed 2783 * processing the gap block. 2784 * Also, note that we break here, which means we 2785 * continue processing gap blocks, if any. In case of 2786 * ordered gap blocks there can't be any following 2787 * this (if there is it will fail the sanity check 2788 * above). In case of un-ordered gap blocks we will 2789 * switch to sctp_process_uo_gaps(). In either case 2790 * it should be fine to continue with NULL ump/mp, 2791 * but we just reset it to xmit_head. 2792 */ 2793 if (mp == NULL) { 2794 ump = ump->b_next; 2795 if (ump == NULL) { 2796 ASSERT(xtsn == gapend); 2797 ump = sctp->sctp_xmit_head; 2798 mp = mp1; 2799 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2800 xtsn = ntohl(sdc->sdh_tsn); 2801 break; 2802 } 2803 mp = ump->b_cont; 2804 } 2805 /* 2806 * Likewise, we could hit an unsent chunk once we have 2807 * completed processing the gap block. Again, it is 2808 * fine to continue processing gap blocks with mp 2809 * pointing to the unsent chunk, because if there 2810 * are more ordered gap blocks, they will fail the 2811 * sanity check, and if there are un-ordered gap blocks, 2812 * we will continue processing in sctp_process_uo_gaps() 2813 * We just reset the mp to the one we started with. 2814 */ 2815 if (!SCTP_CHUNK_ISSENT(mp)) { 2816 ASSERT(xtsn == gapend); 2817 ump = sctp->sctp_xmit_head; 2818 mp = mp1; 2819 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2820 xtsn = ntohl(sdc->sdh_tsn); 2821 break; 2822 } 2823 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2824 xtsn = ntohl(sdc->sdh_tsn); 2825 } 2826 } 2827 if (sctp->sctp_prsctp_aware) 2828 sctp_check_abandoned_data(sctp, sctp->sctp_current); 2829 if (sctp->sctp_chk_fast_rexmit) 2830 sctp_fast_rexmit(sctp); 2831 ret: 2832 trysend += sctp_set_frwnd(sctp, ntohl(sc->ssc_a_rwnd)); 2833 2834 /* 2835 * If receive window is closed while there is unsent data, 2836 * set a timer for doing zero window probes. 2837 */ 2838 if (sctp->sctp_frwnd == 0 && sctp->sctp_unacked == 0 && 2839 sctp->sctp_unsent != 0) { 2840 SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current, 2841 sctp->sctp_current->rto); 2842 } 2843 2844 /* 2845 * Set cwnd for all destinations. 2846 * Congestion window gets increased only when cumulative 2847 * TSN moves forward, we're not in fast recovery, and 2848 * cwnd has been fully utilized (almost fully, need to allow 2849 * some leeway due to non-MSS sized messages). 2850 */ 2851 if (sctp->sctp_current->acked == acked) { 2852 /* 2853 * Fast-path, only data sent to sctp_current got acked. 2854 */ 2855 fp = sctp->sctp_current; 2856 if (cumack_forward && !fast_recovery && 2857 (fp->acked + fp->suna > fp->cwnd - fp->sfa_pmss)) { 2858 if (fp->cwnd < fp->ssthresh) { 2859 /* 2860 * Slow start 2861 */ 2862 if (fp->acked > fp->sfa_pmss) { 2863 fp->cwnd += fp->sfa_pmss; 2864 } else { 2865 fp->cwnd += fp->acked; 2866 } 2867 fp->cwnd = MIN(fp->cwnd, sctp->sctp_cwnd_max); 2868 } else { 2869 /* 2870 * Congestion avoidance 2871 */ 2872 fp->pba += fp->acked; 2873 if (fp->pba >= fp->cwnd) { 2874 fp->pba -= fp->cwnd; 2875 fp->cwnd += fp->sfa_pmss; 2876 fp->cwnd = MIN(fp->cwnd, 2877 sctp->sctp_cwnd_max); 2878 } 2879 } 2880 } 2881 /* 2882 * Limit the burst of transmitted data segments. 2883 */ 2884 if (fp->suna + sctps->sctps_maxburst * fp->sfa_pmss < 2885 fp->cwnd) { 2886 fp->cwnd = fp->suna + sctps->sctps_maxburst * 2887 fp->sfa_pmss; 2888 } 2889 fp->acked = 0; 2890 goto check_ss_rxmit; 2891 } 2892 for (fp = sctp->sctp_faddrs; fp != NULL; fp = fp->next) { 2893 if (cumack_forward && fp->acked && !fast_recovery && 2894 (fp->acked + fp->suna > fp->cwnd - fp->sfa_pmss)) { 2895 if (fp->cwnd < fp->ssthresh) { 2896 if (fp->acked > fp->sfa_pmss) { 2897 fp->cwnd += fp->sfa_pmss; 2898 } else { 2899 fp->cwnd += fp->acked; 2900 } 2901 fp->cwnd = MIN(fp->cwnd, sctp->sctp_cwnd_max); 2902 } else { 2903 fp->pba += fp->acked; 2904 if (fp->pba >= fp->cwnd) { 2905 fp->pba -= fp->cwnd; 2906 fp->cwnd += fp->sfa_pmss; 2907 fp->cwnd = MIN(fp->cwnd, 2908 sctp->sctp_cwnd_max); 2909 } 2910 } 2911 } 2912 if (fp->suna + sctps->sctps_maxburst * fp->sfa_pmss < 2913 fp->cwnd) { 2914 fp->cwnd = fp->suna + sctps->sctps_maxburst * 2915 fp->sfa_pmss; 2916 } 2917 fp->acked = 0; 2918 } 2919 fp = sctp->sctp_current; 2920 check_ss_rxmit: 2921 /* 2922 * If this is a SACK following a timeout, check if there are 2923 * still unacked chunks (sent before the timeout) that we can 2924 * send. 2925 */ 2926 if (sctp->sctp_rexmitting) { 2927 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_rxt_maxtsn)) { 2928 /* 2929 * As we are in retransmission phase, we may get a 2930 * SACK which indicates some new chunks are received 2931 * but cum_tsn does not advance. During this 2932 * phase, the other side advances cum_tsn only because 2933 * it receives our retransmitted chunks. Only 2934 * this signals that some chunks are still 2935 * missing. 2936 */ 2937 if (cumack_forward) { 2938 fp->rxt_unacked -= acked; 2939 sctp_ss_rexmit(sctp); 2940 } 2941 } else { 2942 sctp->sctp_rexmitting = B_FALSE; 2943 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn; 2944 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn; 2945 fp->rxt_unacked = 0; 2946 } 2947 } 2948 return (trysend); 2949 } 2950 2951 /* 2952 * Returns 0 if the caller should stop processing any more chunks, 2953 * 1 if the caller should skip this chunk and continue processing. 2954 */ 2955 static int 2956 sctp_strange_chunk(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp) 2957 { 2958 size_t len; 2959 2960 BUMP_LOCAL(sctp->sctp_ibchunks); 2961 /* check top two bits for action required */ 2962 if (ch->sch_id & 0x40) { /* also matches 0xc0 */ 2963 len = ntohs(ch->sch_len); 2964 sctp_add_err(sctp, SCTP_ERR_UNREC_CHUNK, ch, len, fp); 2965 2966 if ((ch->sch_id & 0xc0) == 0xc0) { 2967 /* skip and continue */ 2968 return (1); 2969 } else { 2970 /* stop processing */ 2971 return (0); 2972 } 2973 } 2974 if (ch->sch_id & 0x80) { 2975 /* skip and continue, no error */ 2976 return (1); 2977 } 2978 /* top two bits are clear; stop processing and no error */ 2979 return (0); 2980 } 2981 2982 /* 2983 * Basic sanity checks on all input chunks and parameters: they must 2984 * be of legitimate size for their purported type, and must follow 2985 * ordering conventions as defined in rfc2960. 2986 * 2987 * Returns 1 if the chunk and all encloded params are legitimate, 2988 * 0 otherwise. 2989 */ 2990 /*ARGSUSED*/ 2991 static int 2992 sctp_check_input(sctp_t *sctp, sctp_chunk_hdr_t *ch, ssize_t len, int first) 2993 { 2994 sctp_parm_hdr_t *ph; 2995 void *p = NULL; 2996 ssize_t clen; 2997 uint16_t ch_len; 2998 2999 ch_len = ntohs(ch->sch_len); 3000 if (ch_len > len) { 3001 return (0); 3002 } 3003 3004 switch (ch->sch_id) { 3005 case CHUNK_DATA: 3006 if (ch_len < sizeof (sctp_data_hdr_t)) { 3007 return (0); 3008 } 3009 return (1); 3010 case CHUNK_INIT: 3011 case CHUNK_INIT_ACK: 3012 { 3013 ssize_t remlen = len; 3014 3015 /* 3016 * INIT and INIT-ACK chunks must not be bundled with 3017 * any other. 3018 */ 3019 if (!first || sctp_next_chunk(ch, &remlen) != NULL || 3020 (ch_len < (sizeof (*ch) + 3021 sizeof (sctp_init_chunk_t)))) { 3022 return (0); 3023 } 3024 /* may have params that need checking */ 3025 p = (char *)(ch + 1) + sizeof (sctp_init_chunk_t); 3026 clen = ch_len - (sizeof (*ch) + 3027 sizeof (sctp_init_chunk_t)); 3028 } 3029 break; 3030 case CHUNK_SACK: 3031 if (ch_len < (sizeof (*ch) + sizeof (sctp_sack_chunk_t))) { 3032 return (0); 3033 } 3034 /* dup and gap reports checked by got_sack() */ 3035 return (1); 3036 case CHUNK_SHUTDOWN: 3037 if (ch_len < (sizeof (*ch) + sizeof (uint32_t))) { 3038 return (0); 3039 } 3040 return (1); 3041 case CHUNK_ABORT: 3042 case CHUNK_ERROR: 3043 if (ch_len < sizeof (*ch)) { 3044 return (0); 3045 } 3046 /* may have params that need checking */ 3047 p = ch + 1; 3048 clen = ch_len - sizeof (*ch); 3049 break; 3050 case CHUNK_ECNE: 3051 case CHUNK_CWR: 3052 case CHUNK_HEARTBEAT: 3053 case CHUNK_HEARTBEAT_ACK: 3054 /* Full ASCONF chunk and parameter checks are in asconf.c */ 3055 case CHUNK_ASCONF: 3056 case CHUNK_ASCONF_ACK: 3057 if (ch_len < sizeof (*ch)) { 3058 return (0); 3059 } 3060 /* heartbeat data checked by process_heartbeat() */ 3061 return (1); 3062 case CHUNK_SHUTDOWN_COMPLETE: 3063 { 3064 ssize_t remlen = len; 3065 3066 /* 3067 * SHUTDOWN-COMPLETE chunk must not be bundled with any 3068 * other 3069 */ 3070 if (!first || sctp_next_chunk(ch, &remlen) != NULL || 3071 ch_len < sizeof (*ch)) { 3072 return (0); 3073 } 3074 } 3075 return (1); 3076 case CHUNK_COOKIE: 3077 case CHUNK_COOKIE_ACK: 3078 case CHUNK_SHUTDOWN_ACK: 3079 if (ch_len < sizeof (*ch) || !first) { 3080 return (0); 3081 } 3082 return (1); 3083 case CHUNK_FORWARD_TSN: 3084 if (ch_len < (sizeof (*ch) + sizeof (uint32_t))) 3085 return (0); 3086 return (1); 3087 default: 3088 return (1); /* handled by strange_chunk() */ 3089 } 3090 3091 /* check and byteorder parameters */ 3092 if (clen <= 0) { 3093 return (1); 3094 } 3095 ASSERT(p != NULL); 3096 3097 ph = p; 3098 while (ph != NULL && clen > 0) { 3099 ch_len = ntohs(ph->sph_len); 3100 if (ch_len > len || ch_len < sizeof (*ph)) { 3101 return (0); 3102 } 3103 ph = sctp_next_parm(ph, &clen); 3104 } 3105 3106 /* All OK */ 3107 return (1); 3108 } 3109 3110 /* ARGSUSED */ 3111 static sctp_hdr_t * 3112 find_sctp_hdrs(mblk_t *mp, in6_addr_t *src, in6_addr_t *dst, 3113 uint_t *ifindex, uint_t *ip_hdr_len, ip6_pkt_t *ipp, ip_pktinfo_t *pinfo) 3114 { 3115 uchar_t *rptr; 3116 ipha_t *ip4h; 3117 ip6_t *ip6h; 3118 mblk_t *mp1; 3119 3120 rptr = mp->b_rptr; 3121 if (IPH_HDR_VERSION(rptr) == IPV4_VERSION) { 3122 *ip_hdr_len = IPH_HDR_LENGTH(rptr); 3123 ip4h = (ipha_t *)rptr; 3124 IN6_IPADDR_TO_V4MAPPED(ip4h->ipha_src, src); 3125 IN6_IPADDR_TO_V4MAPPED(ip4h->ipha_dst, dst); 3126 3127 ipp->ipp_fields |= IPPF_HOPLIMIT; 3128 ipp->ipp_hoplimit = ((ipha_t *)rptr)->ipha_ttl; 3129 if (pinfo != NULL && (pinfo->ip_pkt_flags & IPF_RECVIF)) { 3130 ipp->ipp_fields |= IPPF_IFINDEX; 3131 ipp->ipp_ifindex = pinfo->ip_pkt_ifindex; 3132 } 3133 } else { 3134 ASSERT(IPH_HDR_VERSION(rptr) == IPV6_VERSION); 3135 ip6h = (ip6_t *)rptr; 3136 ipp->ipp_fields = IPPF_HOPLIMIT; 3137 ipp->ipp_hoplimit = ip6h->ip6_hops; 3138 3139 if (ip6h->ip6_nxt != IPPROTO_SCTP) { 3140 /* Look for ifindex information */ 3141 if (ip6h->ip6_nxt == IPPROTO_RAW) { 3142 ip6i_t *ip6i = (ip6i_t *)ip6h; 3143 3144 if (ip6i->ip6i_flags & IP6I_IFINDEX) { 3145 ASSERT(ip6i->ip6i_ifindex != 0); 3146 ipp->ipp_fields |= IPPF_IFINDEX; 3147 ipp->ipp_ifindex = ip6i->ip6i_ifindex; 3148 } 3149 rptr = (uchar_t *)&ip6i[1]; 3150 mp->b_rptr = rptr; 3151 if (rptr == mp->b_wptr) { 3152 mp1 = mp->b_cont; 3153 freeb(mp); 3154 mp = mp1; 3155 rptr = mp->b_rptr; 3156 } 3157 ASSERT(mp->b_wptr - rptr >= 3158 IPV6_HDR_LEN + sizeof (sctp_hdr_t)); 3159 ip6h = (ip6_t *)rptr; 3160 } 3161 /* 3162 * Find any potentially interesting extension headers 3163 * as well as the length of the IPv6 + extension 3164 * headers. 3165 */ 3166 *ip_hdr_len = ip_find_hdr_v6(mp, ip6h, ipp, NULL); 3167 } else { 3168 *ip_hdr_len = IPV6_HDR_LEN; 3169 } 3170 *src = ip6h->ip6_src; 3171 *dst = ip6h->ip6_dst; 3172 } 3173 ASSERT((uintptr_t)(mp->b_wptr - rptr) <= (uintptr_t)INT_MAX); 3174 return ((sctp_hdr_t *)&rptr[*ip_hdr_len]); 3175 #undef IPVER 3176 } 3177 3178 static mblk_t * 3179 sctp_check_in_policy(mblk_t *mp, mblk_t *ipsec_mp) 3180 { 3181 ipsec_in_t *ii; 3182 boolean_t check = B_TRUE; 3183 boolean_t policy_present; 3184 ipha_t *ipha; 3185 ip6_t *ip6h; 3186 netstack_t *ns; 3187 ipsec_stack_t *ipss; 3188 3189 ii = (ipsec_in_t *)ipsec_mp->b_rptr; 3190 ASSERT(ii->ipsec_in_type == IPSEC_IN); 3191 ns = ii->ipsec_in_ns; 3192 ipss = ns->netstack_ipsec; 3193 3194 if (ii->ipsec_in_dont_check) { 3195 check = B_FALSE; 3196 if (!ii->ipsec_in_secure) { 3197 freeb(ipsec_mp); 3198 ipsec_mp = NULL; 3199 } 3200 } 3201 if (IPH_HDR_VERSION(mp->b_rptr) == IPV4_VERSION) { 3202 policy_present = ipss->ipsec_inbound_v4_policy_present; 3203 ipha = (ipha_t *)mp->b_rptr; 3204 ip6h = NULL; 3205 } else { 3206 policy_present = ipss->ipsec_inbound_v6_policy_present; 3207 ipha = NULL; 3208 ip6h = (ip6_t *)mp->b_rptr; 3209 } 3210 3211 if (check && policy_present) { 3212 /* 3213 * The conn_t parameter is NULL because we already know 3214 * nobody's home. 3215 */ 3216 ipsec_mp = ipsec_check_global_policy(ipsec_mp, (conn_t *)NULL, 3217 ipha, ip6h, B_TRUE, ns); 3218 if (ipsec_mp == NULL) 3219 return (NULL); 3220 } 3221 if (ipsec_mp != NULL) 3222 freeb(ipsec_mp); 3223 return (mp); 3224 } 3225 3226 /* Handle out-of-the-blue packets */ 3227 void 3228 sctp_ootb_input(mblk_t *mp, ill_t *recv_ill, zoneid_t zoneid, 3229 boolean_t mctl_present) 3230 { 3231 sctp_t *sctp; 3232 sctp_chunk_hdr_t *ch; 3233 sctp_hdr_t *sctph; 3234 in6_addr_t src, dst; 3235 uint_t ip_hdr_len; 3236 uint_t ifindex; 3237 ip6_pkt_t ipp; 3238 ssize_t mlen; 3239 ip_pktinfo_t *pinfo = NULL; 3240 mblk_t *first_mp; 3241 sctp_stack_t *sctps; 3242 ip_stack_t *ipst; 3243 3244 ASSERT(recv_ill != NULL); 3245 ipst = recv_ill->ill_ipst; 3246 sctps = ipst->ips_netstack->netstack_sctp; 3247 3248 BUMP_MIB(&sctps->sctps_mib, sctpOutOfBlue); 3249 BUMP_MIB(&sctps->sctps_mib, sctpInSCTPPkts); 3250 3251 if (sctps->sctps_gsctp == NULL) { 3252 /* 3253 * For non-zero stackids the default queue isn't created 3254 * until the first open, thus there can be a need to send 3255 * an error before then. But we can't do that, hence we just 3256 * drop the packet. Later during boot, when the default queue 3257 * has been setup, a retransmitted packet from the peer 3258 * will result in a error. 3259 */ 3260 ASSERT(sctps->sctps_netstack->netstack_stackid != 3261 GLOBAL_NETSTACKID); 3262 freemsg(mp); 3263 return; 3264 } 3265 3266 first_mp = mp; 3267 if (mctl_present) 3268 mp = mp->b_cont; 3269 3270 /* Initiate IPPf processing, if needed. */ 3271 if (IPP_ENABLED(IPP_LOCAL_IN, ipst)) { 3272 ip_process(IPP_LOCAL_IN, &mp, 3273 recv_ill->ill_phyint->phyint_ifindex); 3274 if (mp == NULL) { 3275 if (mctl_present) 3276 freeb(first_mp); 3277 return; 3278 } 3279 } 3280 3281 if (mp->b_cont != NULL) { 3282 /* 3283 * All subsequent code is vastly simplified if it can 3284 * assume a single contiguous chunk of data. 3285 */ 3286 if (pullupmsg(mp, -1) == 0) { 3287 BUMP_MIB(recv_ill->ill_ip_mib, ipIfStatsInDiscards); 3288 freemsg(first_mp); 3289 return; 3290 } 3291 } 3292 3293 /* 3294 * We don't really need to call this function... Need to 3295 * optimize later. 3296 */ 3297 sctph = find_sctp_hdrs(mp, &src, &dst, &ifindex, &ip_hdr_len, 3298 &ipp, pinfo); 3299 mlen = mp->b_wptr - (uchar_t *)(sctph + 1); 3300 if ((ch = sctp_first_chunk((uchar_t *)(sctph + 1), mlen)) == NULL) { 3301 dprint(3, ("sctp_ootb_input: invalid packet\n")); 3302 BUMP_MIB(recv_ill->ill_ip_mib, ipIfStatsInDiscards); 3303 freemsg(first_mp); 3304 return; 3305 } 3306 3307 switch (ch->sch_id) { 3308 case CHUNK_INIT: 3309 /* no listener; send abort */ 3310 if (mctl_present && sctp_check_in_policy(mp, first_mp) == NULL) 3311 return; 3312 sctp_send_abort(sctps->sctps_gsctp, sctp_init2vtag(ch), 0, 3313 NULL, 0, mp, 0, B_TRUE); 3314 break; 3315 case CHUNK_INIT_ACK: 3316 /* check for changed src addr */ 3317 sctp = sctp_addrlist2sctp(mp, sctph, ch, zoneid, sctps); 3318 if (sctp != NULL) { 3319 /* success; proceed to normal path */ 3320 mutex_enter(&sctp->sctp_lock); 3321 if (sctp->sctp_running) { 3322 if (!sctp_add_recvq(sctp, mp, B_FALSE)) { 3323 BUMP_MIB(recv_ill->ill_ip_mib, 3324 ipIfStatsInDiscards); 3325 freemsg(mp); 3326 } 3327 mutex_exit(&sctp->sctp_lock); 3328 } else { 3329 /* 3330 * If the source address is changed, we 3331 * don't need to worry too much about 3332 * out of order processing. So we don't 3333 * check if the recvq is empty or not here. 3334 */ 3335 sctp->sctp_running = B_TRUE; 3336 mutex_exit(&sctp->sctp_lock); 3337 sctp_input_data(sctp, mp, NULL); 3338 WAKE_SCTP(sctp); 3339 sctp_process_sendq(sctp); 3340 } 3341 SCTP_REFRELE(sctp); 3342 return; 3343 } 3344 if (mctl_present) 3345 freeb(first_mp); 3346 /* else bogus init ack; drop it */ 3347 break; 3348 case CHUNK_SHUTDOWN_ACK: 3349 if (mctl_present && sctp_check_in_policy(mp, first_mp) == NULL) 3350 return; 3351 sctp_ootb_shutdown_ack(sctps->sctps_gsctp, mp, ip_hdr_len); 3352 sctp_process_sendq(sctps->sctps_gsctp); 3353 return; 3354 case CHUNK_ERROR: 3355 case CHUNK_ABORT: 3356 case CHUNK_COOKIE_ACK: 3357 case CHUNK_SHUTDOWN_COMPLETE: 3358 if (mctl_present) 3359 freeb(first_mp); 3360 break; 3361 default: 3362 if (mctl_present && sctp_check_in_policy(mp, first_mp) == NULL) 3363 return; 3364 sctp_send_abort(sctps->sctps_gsctp, sctph->sh_verf, 0, 3365 NULL, 0, mp, 0, B_TRUE); 3366 break; 3367 } 3368 sctp_process_sendq(sctps->sctps_gsctp); 3369 freemsg(mp); 3370 } 3371 3372 void 3373 sctp_input(conn_t *connp, ipha_t *ipha, mblk_t *mp, mblk_t *first_mp, 3374 ill_t *recv_ill, boolean_t isv4, boolean_t mctl_present) 3375 { 3376 sctp_t *sctp = CONN2SCTP(connp); 3377 ip_stack_t *ipst = recv_ill->ill_ipst; 3378 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec; 3379 3380 /* 3381 * We check some fields in conn_t without holding a lock. 3382 * This should be fine. 3383 */ 3384 if (CONN_INBOUND_POLICY_PRESENT(connp, ipss) || mctl_present) { 3385 first_mp = ipsec_check_inbound_policy(first_mp, connp, 3386 ipha, NULL, mctl_present); 3387 if (first_mp == NULL) { 3388 BUMP_MIB(recv_ill->ill_ip_mib, ipIfStatsInDiscards); 3389 SCTP_REFRELE(sctp); 3390 return; 3391 } 3392 } 3393 3394 /* Initiate IPPF processing for fastpath */ 3395 if (IPP_ENABLED(IPP_LOCAL_IN, ipst)) { 3396 ip_process(IPP_LOCAL_IN, &mp, 3397 recv_ill->ill_phyint->phyint_ifindex); 3398 if (mp == NULL) { 3399 SCTP_REFRELE(sctp); 3400 if (mctl_present) 3401 freeb(first_mp); 3402 return; 3403 } else if (mctl_present) { 3404 /* 3405 * ip_process might return a new mp. 3406 */ 3407 ASSERT(first_mp != mp); 3408 first_mp->b_cont = mp; 3409 } else { 3410 first_mp = mp; 3411 } 3412 } 3413 3414 if (connp->conn_recvif || connp->conn_recvslla || 3415 connp->conn_ip_recvpktinfo) { 3416 int in_flags = 0; 3417 3418 if (connp->conn_recvif || connp->conn_ip_recvpktinfo) { 3419 in_flags = IPF_RECVIF; 3420 } 3421 if (connp->conn_recvslla) { 3422 in_flags |= IPF_RECVSLLA; 3423 } 3424 if (isv4) { 3425 mp = ip_add_info(mp, recv_ill, in_flags, 3426 IPCL_ZONEID(connp), ipst); 3427 } else { 3428 mp = ip_add_info_v6(mp, recv_ill, 3429 &(((ip6_t *)ipha)->ip6_dst)); 3430 } 3431 if (mp == NULL) { 3432 BUMP_MIB(recv_ill->ill_ip_mib, ipIfStatsInDiscards); 3433 SCTP_REFRELE(sctp); 3434 if (mctl_present) 3435 freeb(first_mp); 3436 return; 3437 } else if (mctl_present) { 3438 /* 3439 * ip_add_info might return a new mp. 3440 */ 3441 ASSERT(first_mp != mp); 3442 first_mp->b_cont = mp; 3443 } else { 3444 first_mp = mp; 3445 } 3446 } 3447 3448 mutex_enter(&sctp->sctp_lock); 3449 if (sctp->sctp_running) { 3450 if (mctl_present) 3451 mp->b_prev = first_mp; 3452 if (!sctp_add_recvq(sctp, mp, B_FALSE)) { 3453 BUMP_MIB(recv_ill->ill_ip_mib, ipIfStatsInDiscards); 3454 freemsg(first_mp); 3455 } 3456 mutex_exit(&sctp->sctp_lock); 3457 SCTP_REFRELE(sctp); 3458 return; 3459 } else { 3460 sctp->sctp_running = B_TRUE; 3461 mutex_exit(&sctp->sctp_lock); 3462 3463 mutex_enter(&sctp->sctp_recvq_lock); 3464 if (sctp->sctp_recvq != NULL) { 3465 if (mctl_present) 3466 mp->b_prev = first_mp; 3467 if (!sctp_add_recvq(sctp, mp, B_TRUE)) { 3468 BUMP_MIB(recv_ill->ill_ip_mib, 3469 ipIfStatsInDiscards); 3470 freemsg(first_mp); 3471 } 3472 mutex_exit(&sctp->sctp_recvq_lock); 3473 WAKE_SCTP(sctp); 3474 SCTP_REFRELE(sctp); 3475 return; 3476 } 3477 } 3478 mutex_exit(&sctp->sctp_recvq_lock); 3479 sctp_input_data(sctp, mp, (mctl_present ? first_mp : NULL)); 3480 WAKE_SCTP(sctp); 3481 sctp_process_sendq(sctp); 3482 SCTP_REFRELE(sctp); 3483 } 3484 3485 static void 3486 sctp_process_abort(sctp_t *sctp, sctp_chunk_hdr_t *ch, int err) 3487 { 3488 sctp_stack_t *sctps = sctp->sctp_sctps; 3489 3490 BUMP_MIB(&sctps->sctps_mib, sctpAborted); 3491 BUMP_LOCAL(sctp->sctp_ibchunks); 3492 3493 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3494 ntohs(((sctp_parm_hdr_t *)(ch + 1))->sph_type), ch); 3495 sctp_clean_death(sctp, err); 3496 } 3497 3498 void 3499 sctp_input_data(sctp_t *sctp, mblk_t *mp, mblk_t *ipsec_mp) 3500 { 3501 sctp_chunk_hdr_t *ch; 3502 ssize_t mlen; 3503 int gotdata; 3504 int trysend; 3505 sctp_faddr_t *fp; 3506 sctp_init_chunk_t *iack; 3507 uint32_t tsn; 3508 sctp_data_hdr_t *sdc; 3509 ip6_pkt_t ipp; 3510 in6_addr_t src; 3511 in6_addr_t dst; 3512 uint_t ifindex; 3513 sctp_hdr_t *sctph; 3514 uint_t ip_hdr_len; 3515 mblk_t *dups = NULL; 3516 int recv_adaptation; 3517 boolean_t wake_eager = B_FALSE; 3518 mblk_t *pinfo_mp; 3519 ip_pktinfo_t *pinfo = NULL; 3520 in6_addr_t peer_src; 3521 int64_t now; 3522 sctp_stack_t *sctps = sctp->sctp_sctps; 3523 ip_stack_t *ipst = sctps->sctps_netstack->netstack_ip; 3524 boolean_t hb_already = B_FALSE; 3525 cred_t *cr; 3526 pid_t cpid; 3527 3528 if (DB_TYPE(mp) != M_DATA) { 3529 ASSERT(DB_TYPE(mp) == M_CTL); 3530 if (MBLKL(mp) == sizeof (ip_pktinfo_t) && 3531 ((ip_pktinfo_t *)mp->b_rptr)->ip_pkt_ulp_type == 3532 IN_PKTINFO) { 3533 pinfo = (ip_pktinfo_t *)mp->b_rptr; 3534 pinfo_mp = mp; 3535 mp = mp->b_cont; 3536 } else { 3537 if (ipsec_mp != NULL) 3538 freeb(ipsec_mp); 3539 sctp_icmp_error(sctp, mp); 3540 return; 3541 } 3542 } 3543 ASSERT(DB_TYPE(mp) == M_DATA); 3544 3545 if (mp->b_cont != NULL) { 3546 /* 3547 * All subsequent code is vastly simplified if it can 3548 * assume a single contiguous chunk of data. 3549 */ 3550 if (pullupmsg(mp, -1) == 0) { 3551 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards); 3552 if (ipsec_mp != NULL) 3553 freeb(ipsec_mp); 3554 if (pinfo != NULL) 3555 freeb(pinfo_mp); 3556 freemsg(mp); 3557 return; 3558 } 3559 } 3560 3561 BUMP_LOCAL(sctp->sctp_ipkts); 3562 sctph = find_sctp_hdrs(mp, &src, &dst, &ifindex, &ip_hdr_len, 3563 &ipp, pinfo); 3564 if (pinfo != NULL) 3565 freeb(pinfo_mp); 3566 mlen = mp->b_wptr - (uchar_t *)(sctph + 1); 3567 ch = sctp_first_chunk((uchar_t *)(sctph + 1), mlen); 3568 if (ch == NULL) { 3569 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards); 3570 if (ipsec_mp != NULL) 3571 freeb(ipsec_mp); 3572 freemsg(mp); 3573 return; 3574 } 3575 3576 if (!sctp_check_input(sctp, ch, mlen, 1)) { 3577 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards); 3578 goto done; 3579 } 3580 /* 3581 * Check verfication tag (special handling for INIT, 3582 * COOKIE, SHUTDOWN_COMPLETE and SHUTDOWN_ACK chunks). 3583 * ABORTs are handled in the chunk processing loop, since 3584 * may not appear first. All other checked chunks must 3585 * appear first, or will have been dropped by check_input(). 3586 */ 3587 switch (ch->sch_id) { 3588 case CHUNK_INIT: 3589 if (sctph->sh_verf != 0) { 3590 /* drop it */ 3591 goto done; 3592 } 3593 break; 3594 case CHUNK_SHUTDOWN_COMPLETE: 3595 if (sctph->sh_verf == sctp->sctp_lvtag) 3596 break; 3597 if (sctph->sh_verf == sctp->sctp_fvtag && 3598 SCTP_GET_TBIT(ch)) { 3599 break; 3600 } 3601 /* else drop it */ 3602 goto done; 3603 case CHUNK_ABORT: 3604 case CHUNK_COOKIE: 3605 /* handled below */ 3606 break; 3607 case CHUNK_SHUTDOWN_ACK: 3608 if (sctp->sctp_state > SCTPS_BOUND && 3609 sctp->sctp_state < SCTPS_ESTABLISHED) { 3610 /* treat as OOTB */ 3611 sctp_ootb_shutdown_ack(sctp, mp, ip_hdr_len); 3612 if (ipsec_mp != NULL) 3613 freeb(ipsec_mp); 3614 return; 3615 } 3616 /* else fallthru */ 3617 default: 3618 /* 3619 * All other packets must have a valid 3620 * verification tag, however if this is a 3621 * listener, we use a refined version of 3622 * out-of-the-blue logic. 3623 */ 3624 if (sctph->sh_verf != sctp->sctp_lvtag && 3625 sctp->sctp_state != SCTPS_LISTEN) { 3626 /* drop it */ 3627 goto done; 3628 } 3629 break; 3630 } 3631 3632 /* Have a valid sctp for this packet */ 3633 fp = sctp_lookup_faddr(sctp, &src); 3634 dprint(2, ("sctp_dispatch_rput: mp=%p fp=%p sctp=%p\n", (void *)mp, 3635 (void *)fp, (void *)sctp)); 3636 3637 gotdata = 0; 3638 trysend = 0; 3639 3640 now = lbolt64; 3641 /* Process the chunks */ 3642 do { 3643 dprint(3, ("sctp_dispatch_rput: state=%d, chunk id=%d\n", 3644 sctp->sctp_state, (int)(ch->sch_id))); 3645 3646 if (ch->sch_id == CHUNK_ABORT) { 3647 if (sctph->sh_verf != sctp->sctp_lvtag && 3648 sctph->sh_verf != sctp->sctp_fvtag) { 3649 /* drop it */ 3650 goto done; 3651 } 3652 } 3653 3654 switch (sctp->sctp_state) { 3655 3656 case SCTPS_ESTABLISHED: 3657 case SCTPS_SHUTDOWN_PENDING: 3658 case SCTPS_SHUTDOWN_SENT: 3659 switch (ch->sch_id) { 3660 case CHUNK_DATA: 3661 /* 0-length data chunks are not allowed */ 3662 if (ntohs(ch->sch_len) == sizeof (*sdc)) { 3663 sdc = (sctp_data_hdr_t *)ch; 3664 tsn = sdc->sdh_tsn; 3665 sctp_send_abort(sctp, sctp->sctp_fvtag, 3666 SCTP_ERR_NO_USR_DATA, (char *)&tsn, 3667 sizeof (tsn), mp, 0, B_FALSE); 3668 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3669 0, NULL); 3670 sctp_clean_death(sctp, ECONNABORTED); 3671 goto done; 3672 } 3673 3674 ASSERT(fp != NULL); 3675 sctp->sctp_lastdata = fp; 3676 sctp_data_chunk(sctp, ch, mp, &dups, fp, &ipp); 3677 gotdata = 1; 3678 /* Restart shutdown timer if shutting down */ 3679 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 3680 /* 3681 * If we have exceeded our max 3682 * wait bound for waiting for a 3683 * shutdown ack from the peer, 3684 * abort the association. 3685 */ 3686 if (sctps->sctps_shutack_wait_bound != 3687 0 && 3688 TICK_TO_MSEC(now - 3689 sctp->sctp_out_time) > 3690 sctps->sctps_shutack_wait_bound) { 3691 sctp_send_abort(sctp, 3692 sctp->sctp_fvtag, 0, NULL, 3693 0, mp, 0, B_FALSE); 3694 sctp_assoc_event(sctp, 3695 SCTP_COMM_LOST, 0, NULL); 3696 sctp_clean_death(sctp, 3697 ECONNABORTED); 3698 goto done; 3699 } 3700 SCTP_FADDR_TIMER_RESTART(sctp, fp, 3701 fp->rto); 3702 } 3703 break; 3704 case CHUNK_SACK: 3705 ASSERT(fp != NULL); 3706 /* 3707 * Peer is real and alive if it can ack our 3708 * data. 3709 */ 3710 sctp_faddr_alive(sctp, fp); 3711 trysend = sctp_got_sack(sctp, ch); 3712 if (trysend < 0) { 3713 sctp_send_abort(sctp, sctph->sh_verf, 3714 0, NULL, 0, mp, 0, B_FALSE); 3715 sctp_assoc_event(sctp, 3716 SCTP_COMM_LOST, 0, NULL); 3717 sctp_clean_death(sctp, 3718 ECONNABORTED); 3719 goto done; 3720 } 3721 break; 3722 case CHUNK_HEARTBEAT: 3723 if (!hb_already) { 3724 /* 3725 * In any one packet, there should 3726 * only be one heartbeat chunk. So 3727 * we should not process more than 3728 * once. 3729 */ 3730 sctp_return_heartbeat(sctp, ch, mp); 3731 hb_already = B_TRUE; 3732 } 3733 break; 3734 case CHUNK_HEARTBEAT_ACK: 3735 sctp_process_heartbeat(sctp, ch); 3736 break; 3737 case CHUNK_SHUTDOWN: 3738 sctp_shutdown_event(sctp); 3739 trysend = sctp_shutdown_received(sctp, ch, 3740 B_FALSE, B_FALSE, fp); 3741 BUMP_LOCAL(sctp->sctp_ibchunks); 3742 break; 3743 case CHUNK_SHUTDOWN_ACK: 3744 BUMP_LOCAL(sctp->sctp_ibchunks); 3745 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 3746 sctp_shutdown_complete(sctp); 3747 BUMP_MIB(&sctps->sctps_mib, 3748 sctpShutdowns); 3749 sctp_assoc_event(sctp, 3750 SCTP_SHUTDOWN_COMP, 0, NULL); 3751 sctp_clean_death(sctp, 0); 3752 goto done; 3753 } 3754 break; 3755 case CHUNK_ABORT: { 3756 sctp_saddr_ipif_t *sp; 3757 3758 /* Ignore if delete pending */ 3759 sp = sctp_saddr_lookup(sctp, &dst, 0); 3760 ASSERT(sp != NULL); 3761 if (sp->saddr_ipif_delete_pending) { 3762 BUMP_LOCAL(sctp->sctp_ibchunks); 3763 break; 3764 } 3765 3766 sctp_process_abort(sctp, ch, ECONNRESET); 3767 goto done; 3768 } 3769 case CHUNK_INIT: 3770 sctp_send_initack(sctp, sctph, ch, mp); 3771 break; 3772 case CHUNK_COOKIE: 3773 if (sctp_process_cookie(sctp, ch, mp, &iack, 3774 sctph, &recv_adaptation, NULL) != -1) { 3775 sctp_send_cookie_ack(sctp); 3776 sctp_assoc_event(sctp, SCTP_RESTART, 3777 0, NULL); 3778 if (recv_adaptation) { 3779 sctp->sctp_recv_adaptation = 1; 3780 sctp_adaptation_event(sctp); 3781 } 3782 } else { 3783 BUMP_MIB(&sctps->sctps_mib, 3784 sctpInInvalidCookie); 3785 } 3786 break; 3787 case CHUNK_ERROR: { 3788 int error; 3789 3790 BUMP_LOCAL(sctp->sctp_ibchunks); 3791 error = sctp_handle_error(sctp, sctph, ch, mp); 3792 if (error != 0) { 3793 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3794 0, NULL); 3795 sctp_clean_death(sctp, error); 3796 goto done; 3797 } 3798 break; 3799 } 3800 case CHUNK_ASCONF: 3801 ASSERT(fp != NULL); 3802 sctp_input_asconf(sctp, ch, fp); 3803 BUMP_LOCAL(sctp->sctp_ibchunks); 3804 break; 3805 case CHUNK_ASCONF_ACK: 3806 ASSERT(fp != NULL); 3807 sctp_faddr_alive(sctp, fp); 3808 sctp_input_asconf_ack(sctp, ch, fp); 3809 BUMP_LOCAL(sctp->sctp_ibchunks); 3810 break; 3811 case CHUNK_FORWARD_TSN: 3812 ASSERT(fp != NULL); 3813 sctp->sctp_lastdata = fp; 3814 sctp_process_forward_tsn(sctp, ch, fp, &ipp); 3815 gotdata = 1; 3816 BUMP_LOCAL(sctp->sctp_ibchunks); 3817 break; 3818 default: 3819 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 3820 goto nomorechunks; 3821 } /* else skip and continue processing */ 3822 break; 3823 } 3824 break; 3825 3826 case SCTPS_LISTEN: 3827 switch (ch->sch_id) { 3828 case CHUNK_INIT: 3829 sctp_send_initack(sctp, sctph, ch, mp); 3830 break; 3831 case CHUNK_COOKIE: { 3832 sctp_t *eager; 3833 3834 if (sctp_process_cookie(sctp, ch, mp, &iack, 3835 sctph, &recv_adaptation, &peer_src) == -1) { 3836 BUMP_MIB(&sctps->sctps_mib, 3837 sctpInInvalidCookie); 3838 goto done; 3839 } 3840 3841 /* 3842 * The cookie is good; ensure that 3843 * the peer used the verification 3844 * tag from the init ack in the header. 3845 */ 3846 if (iack->sic_inittag != sctph->sh_verf) 3847 goto done; 3848 3849 eager = sctp_conn_request(sctp, mp, ifindex, 3850 ip_hdr_len, iack, ipsec_mp); 3851 if (eager == NULL) { 3852 sctp_send_abort(sctp, sctph->sh_verf, 3853 SCTP_ERR_NO_RESOURCES, NULL, 0, mp, 3854 0, B_FALSE); 3855 goto done; 3856 } 3857 3858 /* 3859 * If there were extra chunks 3860 * bundled with the cookie, 3861 * they must be processed 3862 * on the eager's queue. We 3863 * accomplish this by refeeding 3864 * the whole packet into the 3865 * state machine on the right 3866 * q. The packet (mp) gets 3867 * there via the eager's 3868 * cookie_mp field (overloaded 3869 * with the active open role). 3870 * This is picked up when 3871 * processing the null bind 3872 * request put on the eager's 3873 * q by sctp_accept(). We must 3874 * first revert the cookie 3875 * chunk's length field to network 3876 * byteorder so it can be 3877 * properly reprocessed on the 3878 * eager's queue. 3879 */ 3880 BUMP_MIB(&sctps->sctps_mib, sctpPassiveEstab); 3881 if (mlen > ntohs(ch->sch_len)) { 3882 eager->sctp_cookie_mp = dupb(mp); 3883 mblk_setcred(eager->sctp_cookie_mp, 3884 CONN_CRED(eager->sctp_connp), 3885 eager->sctp_cpid); 3886 /* 3887 * If no mem, just let 3888 * the peer retransmit. 3889 */ 3890 } 3891 sctp_assoc_event(eager, SCTP_COMM_UP, 0, NULL); 3892 if (recv_adaptation) { 3893 eager->sctp_recv_adaptation = 1; 3894 eager->sctp_rx_adaptation_code = 3895 sctp->sctp_rx_adaptation_code; 3896 sctp_adaptation_event(eager); 3897 } 3898 3899 eager->sctp_active = now; 3900 sctp_send_cookie_ack(eager); 3901 3902 wake_eager = B_TRUE; 3903 3904 /* 3905 * Process rest of the chunks with eager. 3906 */ 3907 sctp = eager; 3908 fp = sctp_lookup_faddr(sctp, &peer_src); 3909 /* 3910 * Confirm peer's original source. fp can 3911 * only be NULL if peer does not use the 3912 * original source as one of its addresses... 3913 */ 3914 if (fp == NULL) 3915 fp = sctp_lookup_faddr(sctp, &src); 3916 else 3917 sctp_faddr_alive(sctp, fp); 3918 3919 /* 3920 * Validate the peer addresses. It also starts 3921 * the heartbeat timer. 3922 */ 3923 sctp_validate_peer(sctp); 3924 break; 3925 } 3926 /* Anything else is considered out-of-the-blue */ 3927 case CHUNK_ERROR: 3928 case CHUNK_ABORT: 3929 case CHUNK_COOKIE_ACK: 3930 case CHUNK_SHUTDOWN_COMPLETE: 3931 BUMP_LOCAL(sctp->sctp_ibchunks); 3932 goto done; 3933 default: 3934 BUMP_LOCAL(sctp->sctp_ibchunks); 3935 sctp_send_abort(sctp, sctph->sh_verf, 0, NULL, 3936 0, mp, 0, B_TRUE); 3937 goto done; 3938 } 3939 break; 3940 3941 case SCTPS_COOKIE_WAIT: 3942 switch (ch->sch_id) { 3943 case CHUNK_INIT_ACK: 3944 sctp_stop_faddr_timers(sctp); 3945 sctp_faddr_alive(sctp, sctp->sctp_current); 3946 sctp_send_cookie_echo(sctp, ch, mp); 3947 BUMP_LOCAL(sctp->sctp_ibchunks); 3948 break; 3949 case CHUNK_ABORT: 3950 sctp_process_abort(sctp, ch, ECONNREFUSED); 3951 goto done; 3952 case CHUNK_INIT: 3953 sctp_send_initack(sctp, sctph, ch, mp); 3954 break; 3955 case CHUNK_COOKIE: 3956 cr = msg_getcred(mp, &cpid); 3957 3958 if (sctp_process_cookie(sctp, ch, mp, &iack, 3959 sctph, &recv_adaptation, NULL) == -1) { 3960 BUMP_MIB(&sctps->sctps_mib, 3961 sctpInInvalidCookie); 3962 break; 3963 } 3964 sctp_send_cookie_ack(sctp); 3965 sctp_stop_faddr_timers(sctp); 3966 if (!SCTP_IS_DETACHED(sctp)) { 3967 sctp->sctp_ulp_connected( 3968 sctp->sctp_ulpd, 0, cr, cpid); 3969 sctp_set_ulp_prop(sctp); 3970 3971 } 3972 sctp->sctp_state = SCTPS_ESTABLISHED; 3973 sctp->sctp_assoc_start_time = (uint32_t)lbolt; 3974 BUMP_MIB(&sctps->sctps_mib, sctpActiveEstab); 3975 if (sctp->sctp_cookie_mp) { 3976 freemsg(sctp->sctp_cookie_mp); 3977 sctp->sctp_cookie_mp = NULL; 3978 } 3979 3980 /* Validate the peer addresses. */ 3981 sctp->sctp_active = now; 3982 sctp_validate_peer(sctp); 3983 3984 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 3985 if (recv_adaptation) { 3986 sctp->sctp_recv_adaptation = 1; 3987 sctp_adaptation_event(sctp); 3988 } 3989 /* Try sending queued data, or ASCONFs */ 3990 trysend = 1; 3991 break; 3992 default: 3993 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 3994 goto nomorechunks; 3995 } /* else skip and continue processing */ 3996 break; 3997 } 3998 break; 3999 4000 case SCTPS_COOKIE_ECHOED: 4001 switch (ch->sch_id) { 4002 case CHUNK_COOKIE_ACK: 4003 cr = msg_getcred(mp, &cpid); 4004 4005 if (!SCTP_IS_DETACHED(sctp)) { 4006 sctp->sctp_ulp_connected( 4007 sctp->sctp_ulpd, 0, cr, cpid); 4008 sctp_set_ulp_prop(sctp); 4009 } 4010 if (sctp->sctp_unacked == 0) 4011 sctp_stop_faddr_timers(sctp); 4012 sctp->sctp_state = SCTPS_ESTABLISHED; 4013 sctp->sctp_assoc_start_time = (uint32_t)lbolt; 4014 BUMP_MIB(&sctps->sctps_mib, sctpActiveEstab); 4015 BUMP_LOCAL(sctp->sctp_ibchunks); 4016 if (sctp->sctp_cookie_mp) { 4017 freemsg(sctp->sctp_cookie_mp); 4018 sctp->sctp_cookie_mp = NULL; 4019 } 4020 sctp_faddr_alive(sctp, fp); 4021 /* Validate the peer addresses. */ 4022 sctp->sctp_active = now; 4023 sctp_validate_peer(sctp); 4024 4025 /* Try sending queued data, or ASCONFs */ 4026 trysend = 1; 4027 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 4028 sctp_adaptation_event(sctp); 4029 break; 4030 case CHUNK_ABORT: 4031 sctp_process_abort(sctp, ch, ECONNREFUSED); 4032 goto done; 4033 case CHUNK_COOKIE: 4034 cr = msg_getcred(mp, &cpid); 4035 4036 if (sctp_process_cookie(sctp, ch, mp, &iack, 4037 sctph, &recv_adaptation, NULL) == -1) { 4038 BUMP_MIB(&sctps->sctps_mib, 4039 sctpInInvalidCookie); 4040 break; 4041 } 4042 sctp_send_cookie_ack(sctp); 4043 4044 if (!SCTP_IS_DETACHED(sctp)) { 4045 sctp->sctp_ulp_connected( 4046 sctp->sctp_ulpd, 0, cr, cpid); 4047 sctp_set_ulp_prop(sctp); 4048 4049 } 4050 if (sctp->sctp_unacked == 0) 4051 sctp_stop_faddr_timers(sctp); 4052 sctp->sctp_state = SCTPS_ESTABLISHED; 4053 sctp->sctp_assoc_start_time = (uint32_t)lbolt; 4054 BUMP_MIB(&sctps->sctps_mib, sctpActiveEstab); 4055 if (sctp->sctp_cookie_mp) { 4056 freemsg(sctp->sctp_cookie_mp); 4057 sctp->sctp_cookie_mp = NULL; 4058 } 4059 /* Validate the peer addresses. */ 4060 sctp->sctp_active = now; 4061 sctp_validate_peer(sctp); 4062 4063 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 4064 if (recv_adaptation) { 4065 sctp->sctp_recv_adaptation = 1; 4066 sctp_adaptation_event(sctp); 4067 } 4068 /* Try sending queued data, or ASCONFs */ 4069 trysend = 1; 4070 break; 4071 case CHUNK_INIT: 4072 sctp_send_initack(sctp, sctph, ch, mp); 4073 break; 4074 case CHUNK_ERROR: { 4075 sctp_parm_hdr_t *p; 4076 4077 BUMP_LOCAL(sctp->sctp_ibchunks); 4078 /* check for a stale cookie */ 4079 if (ntohs(ch->sch_len) >= 4080 (sizeof (*p) + sizeof (*ch)) + 4081 sizeof (uint32_t)) { 4082 4083 p = (sctp_parm_hdr_t *)(ch + 1); 4084 if (p->sph_type == 4085 htons(SCTP_ERR_STALE_COOKIE)) { 4086 BUMP_MIB(&sctps->sctps_mib, 4087 sctpAborted); 4088 sctp_error_event(sctp, ch); 4089 sctp_assoc_event(sctp, 4090 SCTP_COMM_LOST, 0, NULL); 4091 sctp_clean_death(sctp, 4092 ECONNREFUSED); 4093 goto done; 4094 } 4095 } 4096 break; 4097 } 4098 case CHUNK_HEARTBEAT: 4099 if (!hb_already) { 4100 sctp_return_heartbeat(sctp, ch, mp); 4101 hb_already = B_TRUE; 4102 } 4103 break; 4104 default: 4105 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4106 goto nomorechunks; 4107 } /* else skip and continue processing */ 4108 } /* switch (ch->sch_id) */ 4109 break; 4110 4111 case SCTPS_SHUTDOWN_ACK_SENT: 4112 switch (ch->sch_id) { 4113 case CHUNK_ABORT: 4114 /* Pass gathered wisdom to IP for keeping */ 4115 sctp_update_ire(sctp); 4116 sctp_process_abort(sctp, ch, 0); 4117 goto done; 4118 case CHUNK_SHUTDOWN_COMPLETE: 4119 BUMP_LOCAL(sctp->sctp_ibchunks); 4120 BUMP_MIB(&sctps->sctps_mib, sctpShutdowns); 4121 sctp_assoc_event(sctp, SCTP_SHUTDOWN_COMP, 0, 4122 NULL); 4123 4124 /* Pass gathered wisdom to IP for keeping */ 4125 sctp_update_ire(sctp); 4126 sctp_clean_death(sctp, 0); 4127 goto done; 4128 case CHUNK_SHUTDOWN_ACK: 4129 sctp_shutdown_complete(sctp); 4130 BUMP_LOCAL(sctp->sctp_ibchunks); 4131 BUMP_MIB(&sctps->sctps_mib, sctpShutdowns); 4132 sctp_assoc_event(sctp, SCTP_SHUTDOWN_COMP, 0, 4133 NULL); 4134 sctp_clean_death(sctp, 0); 4135 goto done; 4136 case CHUNK_COOKIE: 4137 (void) sctp_shutdown_received(sctp, NULL, 4138 B_TRUE, B_FALSE, fp); 4139 BUMP_LOCAL(sctp->sctp_ibchunks); 4140 break; 4141 case CHUNK_HEARTBEAT: 4142 if (!hb_already) { 4143 sctp_return_heartbeat(sctp, ch, mp); 4144 hb_already = B_TRUE; 4145 } 4146 break; 4147 default: 4148 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4149 goto nomorechunks; 4150 } /* else skip and continue processing */ 4151 break; 4152 } 4153 break; 4154 4155 case SCTPS_SHUTDOWN_RECEIVED: 4156 switch (ch->sch_id) { 4157 case CHUNK_SHUTDOWN: 4158 trysend = sctp_shutdown_received(sctp, ch, 4159 B_FALSE, B_FALSE, fp); 4160 break; 4161 case CHUNK_SACK: 4162 trysend = sctp_got_sack(sctp, ch); 4163 if (trysend < 0) { 4164 sctp_send_abort(sctp, sctph->sh_verf, 4165 0, NULL, 0, mp, 0, B_FALSE); 4166 sctp_assoc_event(sctp, 4167 SCTP_COMM_LOST, 0, NULL); 4168 sctp_clean_death(sctp, 4169 ECONNABORTED); 4170 goto done; 4171 } 4172 break; 4173 case CHUNK_ABORT: 4174 sctp_process_abort(sctp, ch, ECONNRESET); 4175 goto done; 4176 case CHUNK_HEARTBEAT: 4177 if (!hb_already) { 4178 sctp_return_heartbeat(sctp, ch, mp); 4179 hb_already = B_TRUE; 4180 } 4181 break; 4182 default: 4183 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4184 goto nomorechunks; 4185 } /* else skip and continue processing */ 4186 break; 4187 } 4188 break; 4189 4190 default: 4191 /* 4192 * The only remaining states are SCTPS_IDLE and 4193 * SCTPS_BOUND, and we should not be getting here 4194 * for these. 4195 */ 4196 ASSERT(0); 4197 } /* switch (sctp->sctp_state) */ 4198 4199 ch = sctp_next_chunk(ch, &mlen); 4200 if (ch != NULL && !sctp_check_input(sctp, ch, mlen, 0)) 4201 goto done; 4202 } while (ch != NULL); 4203 4204 /* Finished processing all chunks in packet */ 4205 4206 nomorechunks: 4207 /* SACK if necessary */ 4208 if (gotdata) { 4209 boolean_t sack_sent; 4210 4211 (sctp->sctp_sack_toggle)++; 4212 sack_sent = sctp_sack(sctp, dups); 4213 dups = NULL; 4214 4215 /* If a SACK is sent, no need to restart the timer. */ 4216 if (!sack_sent && !sctp->sctp_ack_timer_running) { 4217 sctp->sctp_ack_timer_running = B_TRUE; 4218 sctp_timer(sctp, sctp->sctp_ack_mp, 4219 MSEC_TO_TICK(sctps->sctps_deferred_ack_interval)); 4220 } 4221 } 4222 4223 if (trysend) { 4224 sctp_output(sctp, UINT_MAX); 4225 if (sctp->sctp_cxmit_list != NULL) 4226 sctp_wput_asconf(sctp, NULL); 4227 } 4228 /* If there is unsent data, make sure a timer is running */ 4229 if (sctp->sctp_unsent > 0 && !sctp->sctp_current->timer_running) { 4230 SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current, 4231 sctp->sctp_current->rto); 4232 } 4233 4234 done: 4235 if (dups != NULL) 4236 freeb(dups); 4237 if (ipsec_mp != NULL) 4238 freeb(ipsec_mp); 4239 freemsg(mp); 4240 4241 if (sctp->sctp_err_chunks != NULL) 4242 sctp_process_err(sctp); 4243 4244 if (wake_eager) { 4245 /* 4246 * sctp points to newly created control block, need to 4247 * release it before exiting. Before releasing it and 4248 * processing the sendq, need to grab a hold on it. 4249 * Otherwise, another thread can close it while processing 4250 * the sendq. 4251 */ 4252 SCTP_REFHOLD(sctp); 4253 WAKE_SCTP(sctp); 4254 sctp_process_sendq(sctp); 4255 SCTP_REFRELE(sctp); 4256 } 4257 } 4258 4259 /* 4260 * Some amount of data got removed from rx q. 4261 * Check if we should send a window update. 4262 * 4263 * Due to way sctp_rwnd updates are made, ULP can give reports out-of-order. 4264 * To keep from dropping incoming data due to this, we only update 4265 * sctp_rwnd when if it's larger than what we've reported to peer earlier. 4266 */ 4267 void 4268 sctp_recvd(sctp_t *sctp, int len) 4269 { 4270 int32_t old, new; 4271 sctp_stack_t *sctps = sctp->sctp_sctps; 4272 4273 ASSERT(sctp != NULL); 4274 RUN_SCTP(sctp); 4275 4276 if (len < sctp->sctp_rwnd) { 4277 WAKE_SCTP(sctp); 4278 return; 4279 } 4280 ASSERT(sctp->sctp_rwnd >= sctp->sctp_rxqueued); 4281 old = sctp->sctp_rwnd - sctp->sctp_rxqueued; 4282 new = len - sctp->sctp_rxqueued; 4283 sctp->sctp_rwnd = len; 4284 4285 if (sctp->sctp_state >= SCTPS_ESTABLISHED && 4286 ((old <= new >> 1) || (old < sctp->sctp_mss))) { 4287 sctp->sctp_force_sack = 1; 4288 BUMP_MIB(&sctps->sctps_mib, sctpOutWinUpdate); 4289 (void) sctp_sack(sctp, NULL); 4290 old = 1; 4291 } else { 4292 old = 0; 4293 } 4294 WAKE_SCTP(sctp); 4295 if (old > 0) { 4296 sctp_process_sendq(sctp); 4297 } 4298 } 4299