1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #include <sys/types.h> 28 #include <sys/systm.h> 29 #include <sys/stream.h> 30 #include <sys/cmn_err.h> 31 #include <sys/kmem.h> 32 #define _SUN_TPI_VERSION 2 33 #include <sys/tihdr.h> 34 #include <sys/socket.h> 35 #include <sys/strsun.h> 36 #include <sys/strsubr.h> 37 38 #include <netinet/in.h> 39 #include <netinet/ip6.h> 40 #include <netinet/tcp_seq.h> 41 #include <netinet/sctp.h> 42 43 #include <inet/common.h> 44 #include <inet/ip.h> 45 #include <inet/ip6.h> 46 #include <inet/mib2.h> 47 #include <inet/ipclassifier.h> 48 #include <inet/ipp_common.h> 49 #include <inet/ipsec_impl.h> 50 #include <inet/sctp_ip.h> 51 52 #include "sctp_impl.h" 53 #include "sctp_asconf.h" 54 #include "sctp_addr.h" 55 56 static struct kmem_cache *sctp_kmem_set_cache; 57 58 /* 59 * PR-SCTP comments. 60 * 61 * When we get a valid Forward TSN chunk, we check the fragment list for this 62 * SSN and preceeding SSNs free all them. Further, if this Forward TSN causes 63 * the next expected SSN to be present in the stream queue, we deliver any 64 * such stranded messages upstream. We also update the SACK info. appropriately. 65 * When checking for advancing the cumulative ack (in sctp_cumack()) we must 66 * check for abandoned chunks and messages. While traversing the tramsmit 67 * list if we come across an abandoned chunk, we can skip the message (i.e. 68 * take it out of the (re)transmit list) since this message, and hence this 69 * chunk, has been marked abandoned by sctp_rexmit(). If we come across an 70 * unsent chunk for a message this now abandoned we need to check if a 71 * Forward TSN needs to be sent, this could be a case where we deferred sending 72 * a Forward TSN in sctp_get_msg_to_send(). Further, after processing a 73 * SACK we check if the Advanced peer ack point can be moved ahead, i.e. 74 * if we can send a Forward TSN via sctp_check_abandoned_data(). 75 */ 76 void 77 sctp_free_set(sctp_set_t *s) 78 { 79 sctp_set_t *p; 80 81 while (s) { 82 p = s->next; 83 kmem_cache_free(sctp_kmem_set_cache, s); 84 s = p; 85 } 86 } 87 88 static void 89 sctp_ack_add(sctp_set_t **head, uint32_t tsn, int *num) 90 { 91 sctp_set_t *p, *t; 92 93 if (head == NULL || num == NULL) 94 return; 95 96 ASSERT(*num >= 0); 97 ASSERT((*num == 0 && *head == NULL) || (*num > 0 && *head != NULL)); 98 99 if (*head == NULL) { 100 *head = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 101 if (*head == NULL) 102 return; 103 (*head)->prev = (*head)->next = NULL; 104 (*head)->begin = tsn; 105 (*head)->end = tsn; 106 *num = 1; 107 return; 108 } 109 110 ASSERT((*head)->prev == NULL); 111 112 /* 113 * Handle this special case here so we don't have to check 114 * for it each time in the loop. 115 */ 116 if (SEQ_LT(tsn + 1, (*head)->begin)) { 117 /* add a new set, and move the head pointer */ 118 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 119 if (t == NULL) 120 return; 121 t->next = *head; 122 t->prev = NULL; 123 (*head)->prev = t; 124 t->begin = tsn; 125 t->end = tsn; 126 (*num)++; 127 *head = t; 128 return; 129 } 130 131 /* 132 * We need to handle the following cases, where p points to 133 * the current set (as we walk through the loop): 134 * 135 * 1. tsn is entirely less than p; create a new set before p. 136 * 2. tsn borders p from less; coalesce p with tsn. 137 * 3. tsn is withing p; do nothing. 138 * 4. tsn borders p from greater; coalesce p with tsn. 139 * 4a. p may now border p->next from less; if so, coalesce those 140 * two sets. 141 * 5. tsn is entirely greater then all sets; add a new set at 142 * the end. 143 */ 144 for (p = *head; ; p = p->next) { 145 if (SEQ_LT(tsn + 1, p->begin)) { 146 /* 1: add a new set before p. */ 147 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 148 if (t == NULL) 149 return; 150 t->next = p; 151 t->prev = NULL; 152 t->begin = tsn; 153 t->end = tsn; 154 if (p->prev) { 155 t->prev = p->prev; 156 p->prev->next = t; 157 } 158 p->prev = t; 159 (*num)++; 160 return; 161 } 162 163 if ((tsn + 1) == p->begin) { 164 /* 2: adjust p->begin */ 165 p->begin = tsn; 166 return; 167 } 168 169 if (SEQ_GEQ(tsn, p->begin) && SEQ_LEQ(tsn, p->end)) { 170 /* 3; do nothing */ 171 return; 172 } 173 174 if ((p->end + 1) == tsn) { 175 /* 4; adjust p->end */ 176 p->end = tsn; 177 178 if (p->next != NULL && (tsn + 1) == p->next->begin) { 179 /* 4a: coalesce p and p->next */ 180 t = p->next; 181 p->end = t->end; 182 p->next = t->next; 183 if (t->next != NULL) 184 t->next->prev = p; 185 kmem_cache_free(sctp_kmem_set_cache, t); 186 (*num)--; 187 } 188 return; 189 } 190 191 if (p->next == NULL) { 192 /* 5: add new set at the end */ 193 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 194 if (t == NULL) 195 return; 196 t->next = NULL; 197 t->prev = p; 198 t->begin = tsn; 199 t->end = tsn; 200 p->next = t; 201 (*num)++; 202 return; 203 } 204 205 if (SEQ_GT(tsn, p->end + 1)) 206 continue; 207 } 208 } 209 210 static void 211 sctp_ack_rem(sctp_set_t **head, uint32_t end, int *num) 212 { 213 sctp_set_t *p, *t; 214 215 if (head == NULL || *head == NULL || num == NULL) 216 return; 217 218 /* Nothing to remove */ 219 if (SEQ_LT(end, (*head)->begin)) 220 return; 221 222 /* Find out where to start removing sets */ 223 for (p = *head; p->next; p = p->next) { 224 if (SEQ_LEQ(end, p->end)) 225 break; 226 } 227 228 if (SEQ_LT(end, p->end) && SEQ_GEQ(end, p->begin)) { 229 /* adjust p */ 230 p->begin = end + 1; 231 /* all done */ 232 if (p == *head) 233 return; 234 } else if (SEQ_GEQ(end, p->end)) { 235 /* remove this set too */ 236 p = p->next; 237 } 238 239 /* unlink everything before this set */ 240 t = *head; 241 *head = p; 242 if (p != NULL && p->prev != NULL) { 243 p->prev->next = NULL; 244 p->prev = NULL; 245 } 246 247 sctp_free_set(t); 248 249 /* recount the number of sets */ 250 *num = 0; 251 252 for (p = *head; p != NULL; p = p->next) 253 (*num)++; 254 } 255 256 void 257 sctp_sets_init() 258 { 259 sctp_kmem_set_cache = kmem_cache_create("sctp_set_cache", 260 sizeof (sctp_set_t), 0, NULL, NULL, NULL, NULL, 261 NULL, 0); 262 } 263 264 void 265 sctp_sets_fini() 266 { 267 kmem_cache_destroy(sctp_kmem_set_cache); 268 } 269 270 sctp_chunk_hdr_t * 271 sctp_first_chunk(uchar_t *rptr, ssize_t remaining) 272 { 273 sctp_chunk_hdr_t *ch; 274 uint16_t ch_len; 275 276 if (remaining < sizeof (*ch)) { 277 return (NULL); 278 } 279 280 ch = (sctp_chunk_hdr_t *)rptr; 281 ch_len = ntohs(ch->sch_len); 282 283 if (ch_len < sizeof (*ch) || remaining < ch_len) { 284 return (NULL); 285 } 286 287 return (ch); 288 } 289 290 sctp_chunk_hdr_t * 291 sctp_next_chunk(sctp_chunk_hdr_t *ch, ssize_t *remaining) 292 { 293 int pad; 294 uint16_t ch_len; 295 296 if (!ch) { 297 return (NULL); 298 } 299 300 ch_len = ntohs(ch->sch_len); 301 302 if ((pad = ch_len & (SCTP_ALIGN - 1)) != 0) { 303 pad = SCTP_ALIGN - pad; 304 } 305 306 *remaining -= (ch_len + pad); 307 ch = (sctp_chunk_hdr_t *)((char *)ch + ch_len + pad); 308 309 return (sctp_first_chunk((uchar_t *)ch, *remaining)); 310 } 311 312 /* 313 * Attach ancillary data to a received SCTP segments. 314 * If the source address (fp) is not the primary, send up a 315 * unitdata_ind so recvfrom() can populate the msg_name field. 316 * If ancillary data is also requested, we append it to the 317 * unitdata_req. Otherwise, we just send up an optdata_ind. 318 */ 319 static int 320 sctp_input_add_ancillary(sctp_t *sctp, mblk_t **mp, sctp_data_hdr_t *dcp, 321 sctp_faddr_t *fp, ip6_pkt_t *ipp) 322 { 323 struct T_unitdata_ind *tudi; 324 int optlen; 325 int hdrlen; 326 uchar_t *optptr; 327 struct cmsghdr *cmsg; 328 mblk_t *mp1; 329 struct sockaddr_in6 sin_buf[1]; 330 struct sockaddr_in6 *sin6; 331 struct sockaddr_in *sin4; 332 uint_t addflag = 0; 333 334 sin4 = NULL; 335 sin6 = NULL; 336 337 optlen = hdrlen = 0; 338 339 /* Figure out address size */ 340 if (sctp->sctp_ipversion == IPV4_VERSION) { 341 sin4 = (struct sockaddr_in *)sin_buf; 342 sin4->sin_family = AF_INET; 343 sin4->sin_port = sctp->sctp_fport; 344 IN6_V4MAPPED_TO_IPADDR(&fp->faddr, sin4->sin_addr.s_addr); 345 hdrlen = sizeof (*tudi) + sizeof (*sin4); 346 } else { 347 sin6 = sin_buf; 348 sin6->sin6_family = AF_INET6; 349 sin6->sin6_port = sctp->sctp_fport; 350 sin6->sin6_addr = fp->faddr; 351 hdrlen = sizeof (*tudi) + sizeof (*sin6); 352 } 353 354 /* If app asked to receive send / recv info */ 355 if (sctp->sctp_recvsndrcvinfo) { 356 optlen += sizeof (*cmsg) + sizeof (struct sctp_sndrcvinfo); 357 if (hdrlen == 0) 358 hdrlen = sizeof (struct T_optdata_ind); 359 } 360 361 if (sctp->sctp_ipv6_recvancillary == 0) 362 goto noancillary; 363 364 if ((ipp->ipp_fields & IPPF_IFINDEX) && 365 ipp->ipp_ifindex != sctp->sctp_recvifindex && 366 (sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVPKTINFO)) { 367 optlen += sizeof (*cmsg) + sizeof (struct in6_pktinfo); 368 if (hdrlen == 0) 369 hdrlen = sizeof (struct T_unitdata_ind); 370 addflag |= SCTP_IPV6_RECVPKTINFO; 371 } 372 /* If app asked for hoplimit and it has changed ... */ 373 if ((ipp->ipp_fields & IPPF_HOPLIMIT) && 374 ipp->ipp_hoplimit != sctp->sctp_recvhops && 375 (sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVHOPLIMIT)) { 376 optlen += sizeof (*cmsg) + sizeof (uint_t); 377 if (hdrlen == 0) 378 hdrlen = sizeof (struct T_unitdata_ind); 379 addflag |= SCTP_IPV6_RECVHOPLIMIT; 380 } 381 /* If app asked for hopbyhop headers and it has changed ... */ 382 if ((sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVHOPOPTS) && 383 ip_cmpbuf(sctp->sctp_hopopts, sctp->sctp_hopoptslen, 384 (ipp->ipp_fields & IPPF_HOPOPTS), 385 ipp->ipp_hopopts, ipp->ipp_hopoptslen)) { 386 optlen += sizeof (*cmsg) + ipp->ipp_hopoptslen - 387 sctp->sctp_v6label_len; 388 if (hdrlen == 0) 389 hdrlen = sizeof (struct T_unitdata_ind); 390 addflag |= SCTP_IPV6_RECVHOPOPTS; 391 if (!ip_allocbuf((void **)&sctp->sctp_hopopts, 392 &sctp->sctp_hopoptslen, 393 (ipp->ipp_fields & IPPF_HOPOPTS), 394 ipp->ipp_hopopts, ipp->ipp_hopoptslen)) 395 return (-1); 396 } 397 /* If app asked for dst headers before routing headers ... */ 398 if ((sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVRTDSTOPTS) && 399 ip_cmpbuf(sctp->sctp_rtdstopts, sctp->sctp_rtdstoptslen, 400 (ipp->ipp_fields & IPPF_RTDSTOPTS), 401 ipp->ipp_rtdstopts, ipp->ipp_rtdstoptslen)) { 402 optlen += sizeof (*cmsg) + ipp->ipp_rtdstoptslen; 403 if (hdrlen == 0) 404 hdrlen = sizeof (struct T_unitdata_ind); 405 addflag |= SCTP_IPV6_RECVRTDSTOPTS; 406 if (!ip_allocbuf((void **)&sctp->sctp_rtdstopts, 407 &sctp->sctp_rtdstoptslen, 408 (ipp->ipp_fields & IPPF_RTDSTOPTS), 409 ipp->ipp_rtdstopts, ipp->ipp_rtdstoptslen)) 410 return (-1); 411 } 412 /* If app asked for routing headers and it has changed ... */ 413 if (sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVRTHDR) { 414 if (ip_cmpbuf(sctp->sctp_rthdr, sctp->sctp_rthdrlen, 415 (ipp->ipp_fields & IPPF_RTHDR), 416 ipp->ipp_rthdr, ipp->ipp_rthdrlen)) { 417 optlen += sizeof (*cmsg) + ipp->ipp_rthdrlen; 418 if (hdrlen == 0) 419 hdrlen = sizeof (struct T_unitdata_ind); 420 addflag |= SCTP_IPV6_RECVRTHDR; 421 if (!ip_allocbuf((void **)&sctp->sctp_rthdr, 422 &sctp->sctp_rthdrlen, 423 (ipp->ipp_fields & IPPF_RTHDR), 424 ipp->ipp_rthdr, ipp->ipp_rthdrlen)) 425 return (-1); 426 } 427 } 428 /* If app asked for dest headers and it has changed ... */ 429 if ((sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVDSTOPTS) && 430 ip_cmpbuf(sctp->sctp_dstopts, sctp->sctp_dstoptslen, 431 (ipp->ipp_fields & IPPF_DSTOPTS), 432 ipp->ipp_dstopts, ipp->ipp_dstoptslen)) { 433 optlen += sizeof (*cmsg) + ipp->ipp_dstoptslen; 434 if (hdrlen == 0) 435 hdrlen = sizeof (struct T_unitdata_ind); 436 addflag |= SCTP_IPV6_RECVDSTOPTS; 437 if (!ip_allocbuf((void **)&sctp->sctp_dstopts, 438 &sctp->sctp_dstoptslen, 439 (ipp->ipp_fields & IPPF_DSTOPTS), 440 ipp->ipp_dstopts, ipp->ipp_dstoptslen)) 441 return (-1); 442 } 443 noancillary: 444 /* Nothing to add */ 445 if (hdrlen == 0) 446 return (-1); 447 448 mp1 = allocb(hdrlen + optlen + sizeof (void *), BPRI_MED); 449 if (mp1 == NULL) 450 return (-1); 451 mp1->b_cont = *mp; 452 *mp = mp1; 453 mp1->b_rptr += sizeof (void *); /* pointer worth of padding */ 454 mp1->b_wptr = mp1->b_rptr + hdrlen + optlen; 455 DB_TYPE(mp1) = M_PROTO; 456 tudi = (struct T_unitdata_ind *)mp1->b_rptr; 457 tudi->PRIM_type = T_UNITDATA_IND; 458 tudi->SRC_length = sin4 ? sizeof (*sin4) : sizeof (*sin6); 459 tudi->SRC_offset = sizeof (*tudi); 460 tudi->OPT_offset = sizeof (*tudi) + tudi->SRC_length; 461 tudi->OPT_length = optlen; 462 if (sin4) { 463 bcopy(sin4, tudi + 1, sizeof (*sin4)); 464 } else { 465 bcopy(sin6, tudi + 1, sizeof (*sin6)); 466 } 467 optptr = (uchar_t *)tudi + tudi->OPT_offset; 468 469 if (sctp->sctp_recvsndrcvinfo) { 470 /* XXX need backout method if memory allocation fails. */ 471 struct sctp_sndrcvinfo *sri; 472 473 cmsg = (struct cmsghdr *)optptr; 474 cmsg->cmsg_level = IPPROTO_SCTP; 475 cmsg->cmsg_type = SCTP_SNDRCV; 476 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (*sri); 477 optptr += sizeof (*cmsg); 478 479 sri = (struct sctp_sndrcvinfo *)(cmsg + 1); 480 ASSERT(OK_32PTR(sri)); 481 sri->sinfo_stream = ntohs(dcp->sdh_sid); 482 sri->sinfo_ssn = ntohs(dcp->sdh_ssn); 483 if (SCTP_DATA_GET_UBIT(dcp)) { 484 sri->sinfo_flags = MSG_UNORDERED; 485 } else { 486 sri->sinfo_flags = 0; 487 } 488 sri->sinfo_ppid = dcp->sdh_payload_id; 489 sri->sinfo_context = 0; 490 sri->sinfo_timetolive = 0; 491 sri->sinfo_tsn = ntohl(dcp->sdh_tsn); 492 sri->sinfo_cumtsn = sctp->sctp_ftsn; 493 sri->sinfo_assoc_id = 0; 494 495 optptr += sizeof (*sri); 496 } 497 498 /* 499 * If app asked for pktinfo and the index has changed ... 500 * Note that the local address never changes for the connection. 501 */ 502 if (addflag & SCTP_IPV6_RECVPKTINFO) { 503 struct in6_pktinfo *pkti; 504 505 cmsg = (struct cmsghdr *)optptr; 506 cmsg->cmsg_level = IPPROTO_IPV6; 507 cmsg->cmsg_type = IPV6_PKTINFO; 508 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (*pkti); 509 optptr += sizeof (*cmsg); 510 511 pkti = (struct in6_pktinfo *)optptr; 512 if (sctp->sctp_ipversion == IPV6_VERSION) 513 pkti->ipi6_addr = sctp->sctp_ip6h->ip6_src; 514 else 515 IN6_IPADDR_TO_V4MAPPED(sctp->sctp_ipha->ipha_src, 516 &pkti->ipi6_addr); 517 pkti->ipi6_ifindex = ipp->ipp_ifindex; 518 optptr += sizeof (*pkti); 519 ASSERT(OK_32PTR(optptr)); 520 /* Save as "last" value */ 521 sctp->sctp_recvifindex = ipp->ipp_ifindex; 522 } 523 /* If app asked for hoplimit and it has changed ... */ 524 if (addflag & SCTP_IPV6_RECVHOPLIMIT) { 525 cmsg = (struct cmsghdr *)optptr; 526 cmsg->cmsg_level = IPPROTO_IPV6; 527 cmsg->cmsg_type = IPV6_HOPLIMIT; 528 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (uint_t); 529 optptr += sizeof (*cmsg); 530 531 *(uint_t *)optptr = ipp->ipp_hoplimit; 532 optptr += sizeof (uint_t); 533 ASSERT(OK_32PTR(optptr)); 534 /* Save as "last" value */ 535 sctp->sctp_recvhops = ipp->ipp_hoplimit; 536 } 537 if (addflag & SCTP_IPV6_RECVHOPOPTS) { 538 cmsg = (struct cmsghdr *)optptr; 539 cmsg->cmsg_level = IPPROTO_IPV6; 540 cmsg->cmsg_type = IPV6_HOPOPTS; 541 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_hopoptslen; 542 optptr += sizeof (*cmsg); 543 544 bcopy(ipp->ipp_hopopts, optptr, ipp->ipp_hopoptslen); 545 optptr += ipp->ipp_hopoptslen; 546 ASSERT(OK_32PTR(optptr)); 547 /* Save as last value */ 548 ip_savebuf((void **)&sctp->sctp_hopopts, 549 &sctp->sctp_hopoptslen, 550 (ipp->ipp_fields & IPPF_HOPOPTS), 551 ipp->ipp_hopopts, ipp->ipp_hopoptslen); 552 } 553 if (addflag & SCTP_IPV6_RECVRTDSTOPTS) { 554 cmsg = (struct cmsghdr *)optptr; 555 cmsg->cmsg_level = IPPROTO_IPV6; 556 cmsg->cmsg_type = IPV6_RTHDRDSTOPTS; 557 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_rtdstoptslen; 558 optptr += sizeof (*cmsg); 559 560 bcopy(ipp->ipp_rtdstopts, optptr, ipp->ipp_rtdstoptslen); 561 optptr += ipp->ipp_rtdstoptslen; 562 ASSERT(OK_32PTR(optptr)); 563 /* Save as last value */ 564 ip_savebuf((void **)&sctp->sctp_rtdstopts, 565 &sctp->sctp_rtdstoptslen, 566 (ipp->ipp_fields & IPPF_RTDSTOPTS), 567 ipp->ipp_rtdstopts, ipp->ipp_rtdstoptslen); 568 } 569 if (addflag & SCTP_IPV6_RECVRTHDR) { 570 cmsg = (struct cmsghdr *)optptr; 571 cmsg->cmsg_level = IPPROTO_IPV6; 572 cmsg->cmsg_type = IPV6_RTHDR; 573 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_rthdrlen; 574 optptr += sizeof (*cmsg); 575 576 bcopy(ipp->ipp_rthdr, optptr, ipp->ipp_rthdrlen); 577 optptr += ipp->ipp_rthdrlen; 578 ASSERT(OK_32PTR(optptr)); 579 /* Save as last value */ 580 ip_savebuf((void **)&sctp->sctp_rthdr, 581 &sctp->sctp_rthdrlen, 582 (ipp->ipp_fields & IPPF_RTHDR), 583 ipp->ipp_rthdr, ipp->ipp_rthdrlen); 584 } 585 if (addflag & SCTP_IPV6_RECVDSTOPTS) { 586 cmsg = (struct cmsghdr *)optptr; 587 cmsg->cmsg_level = IPPROTO_IPV6; 588 cmsg->cmsg_type = IPV6_DSTOPTS; 589 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_dstoptslen; 590 optptr += sizeof (*cmsg); 591 592 bcopy(ipp->ipp_dstopts, optptr, ipp->ipp_dstoptslen); 593 optptr += ipp->ipp_dstoptslen; 594 ASSERT(OK_32PTR(optptr)); 595 /* Save as last value */ 596 ip_savebuf((void **)&sctp->sctp_dstopts, 597 &sctp->sctp_dstoptslen, 598 (ipp->ipp_fields & IPPF_DSTOPTS), 599 ipp->ipp_dstopts, ipp->ipp_dstoptslen); 600 } 601 602 ASSERT(optptr == mp1->b_wptr); 603 604 return (0); 605 } 606 607 void 608 sctp_free_reass(sctp_instr_t *sip) 609 { 610 mblk_t *mp, *mpnext, *mctl; 611 612 for (mp = sip->istr_reass; mp != NULL; mp = mpnext) { 613 mpnext = mp->b_next; 614 mp->b_next = NULL; 615 mp->b_prev = NULL; 616 if (DB_TYPE(mp) == M_CTL) { 617 mctl = mp; 618 ASSERT(mp->b_cont != NULL); 619 mp = mp->b_cont; 620 mctl->b_cont = NULL; 621 freeb(mctl); 622 } 623 freemsg(mp); 624 } 625 } 626 627 /* 628 * If the series of data fragments of which dmp is a part is successfully 629 * reassembled, the first mblk in the series is returned. dc is adjusted 630 * to point at the data chunk in the lead mblk, and b_rptr also points to 631 * the data chunk; the following mblk's b_rptr's point at the actual payload. 632 * 633 * If the series is not yet reassembled, NULL is returned. dc is not changed. 634 * XXX should probably move this up into the state machine. 635 */ 636 637 /* Fragment list for un-ordered messages. Partial delivery is not supported */ 638 static mblk_t * 639 sctp_uodata_frag(sctp_t *sctp, mblk_t *dmp, sctp_data_hdr_t **dc) 640 { 641 mblk_t *hmp; 642 mblk_t *begin = NULL; 643 mblk_t *end = NULL; 644 sctp_data_hdr_t *qdc; 645 uint32_t ntsn; 646 uint32_t tsn = ntohl((*dc)->sdh_tsn); 647 #ifdef DEBUG 648 mblk_t *mp1; 649 #endif 650 651 /* First frag. */ 652 if (sctp->sctp_uo_frags == NULL) { 653 sctp->sctp_uo_frags = dmp; 654 return (NULL); 655 } 656 hmp = sctp->sctp_uo_frags; 657 /* 658 * Insert the segment according to the TSN, fragmented unordered 659 * chunks are sequenced by TSN. 660 */ 661 while (hmp != NULL) { 662 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 663 ntsn = ntohl(qdc->sdh_tsn); 664 if (SEQ_GT(ntsn, tsn)) { 665 if (hmp->b_prev == NULL) { 666 dmp->b_next = hmp; 667 hmp->b_prev = dmp; 668 sctp->sctp_uo_frags = dmp; 669 } else { 670 dmp->b_next = hmp; 671 dmp->b_prev = hmp->b_prev; 672 hmp->b_prev->b_next = dmp; 673 hmp->b_prev = dmp; 674 } 675 break; 676 } 677 if (hmp->b_next == NULL) { 678 hmp->b_next = dmp; 679 dmp->b_prev = hmp; 680 break; 681 } 682 hmp = hmp->b_next; 683 } 684 /* check if we completed a msg */ 685 if (SCTP_DATA_GET_BBIT(*dc)) { 686 begin = dmp; 687 } else if (SCTP_DATA_GET_EBIT(*dc)) { 688 end = dmp; 689 } 690 /* 691 * We walk consecutive TSNs backwards till we get a seg. with 692 * the B bit 693 */ 694 if (begin == NULL) { 695 for (hmp = dmp->b_prev; hmp != NULL; hmp = hmp->b_prev) { 696 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 697 ntsn = ntohl(qdc->sdh_tsn); 698 if ((int32_t)(tsn - ntsn) > 1) { 699 return (NULL); 700 } 701 if (SCTP_DATA_GET_BBIT(qdc)) { 702 begin = hmp; 703 break; 704 } 705 tsn = ntsn; 706 } 707 } 708 tsn = ntohl((*dc)->sdh_tsn); 709 /* 710 * We walk consecutive TSNs till we get a seg. with the E bit 711 */ 712 if (end == NULL) { 713 for (hmp = dmp->b_next; hmp != NULL; hmp = hmp->b_next) { 714 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 715 ntsn = ntohl(qdc->sdh_tsn); 716 if ((int32_t)(ntsn - tsn) > 1) { 717 return (NULL); 718 } 719 if (SCTP_DATA_GET_EBIT(qdc)) { 720 end = hmp; 721 break; 722 } 723 tsn = ntsn; 724 } 725 } 726 if (begin == NULL || end == NULL) { 727 return (NULL); 728 } 729 /* Got one!, Remove the msg from the list */ 730 if (sctp->sctp_uo_frags == begin) { 731 ASSERT(begin->b_prev == NULL); 732 sctp->sctp_uo_frags = end->b_next; 733 if (end->b_next != NULL) 734 end->b_next->b_prev = NULL; 735 } else { 736 begin->b_prev->b_next = end->b_next; 737 if (end->b_next != NULL) 738 end->b_next->b_prev = begin->b_prev; 739 } 740 begin->b_prev = NULL; 741 end->b_next = NULL; 742 743 /* 744 * Null out b_next and b_prev and chain using b_cont. 745 */ 746 dmp = end = begin; 747 hmp = begin->b_next; 748 *dc = (sctp_data_hdr_t *)begin->b_rptr; 749 begin->b_next = NULL; 750 while (hmp != NULL) { 751 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 752 hmp->b_rptr = (uchar_t *)(qdc + 1); 753 end = hmp->b_next; 754 dmp->b_cont = hmp; 755 dmp = hmp; 756 757 if (end != NULL) 758 hmp->b_next = NULL; 759 hmp->b_prev = NULL; 760 hmp = end; 761 } 762 BUMP_LOCAL(sctp->sctp_reassmsgs); 763 #ifdef DEBUG 764 mp1 = begin; 765 while (mp1 != NULL) { 766 ASSERT(mp1->b_next == NULL); 767 ASSERT(mp1->b_prev == NULL); 768 mp1 = mp1->b_cont; 769 } 770 #endif 771 return (begin); 772 } 773 774 /* 775 * Try partial delivery. 776 */ 777 static mblk_t * 778 sctp_try_partial_delivery(sctp_t *sctp, mblk_t *hmp, sctp_reass_t *srp, 779 sctp_data_hdr_t **dc) 780 { 781 mblk_t *first_mp; 782 mblk_t *mp; 783 mblk_t *dmp; 784 mblk_t *qmp; 785 mblk_t *prev; 786 sctp_data_hdr_t *qdc; 787 uint32_t tsn; 788 789 ASSERT(DB_TYPE(hmp) == M_CTL); 790 791 dprint(4, ("trypartial: got=%d, needed=%d\n", 792 (int)(srp->got), (int)(srp->needed))); 793 794 first_mp = hmp->b_cont; 795 mp = first_mp; 796 qdc = (sctp_data_hdr_t *)mp->b_rptr; 797 798 ASSERT(SCTP_DATA_GET_BBIT(qdc) && srp->hasBchunk); 799 800 tsn = ntohl(qdc->sdh_tsn) + 1; 801 802 /* 803 * This loop has two exit conditions: the 804 * end of received chunks has been reached, or 805 * there is a break in the sequence. We want 806 * to chop the reassembly list as follows (the 807 * numbers are TSNs): 808 * 10 -> 11 -> (end of chunks) 809 * 10 -> 11 -> | 13 (break in sequence) 810 */ 811 prev = mp; 812 mp = mp->b_cont; 813 while (mp != NULL) { 814 qdc = (sctp_data_hdr_t *)mp->b_rptr; 815 if (ntohl(qdc->sdh_tsn) != tsn) 816 break; 817 prev = mp; 818 mp = mp->b_cont; 819 tsn++; 820 } 821 /* 822 * We are sending all the fragments upstream, we have to retain 823 * the srp info for further fragments. 824 */ 825 if (mp == NULL) { 826 dmp = hmp->b_cont; 827 hmp->b_cont = NULL; 828 srp->nexttsn = tsn; 829 srp->msglen = 0; 830 srp->needed = 0; 831 srp->got = 0; 832 srp->partial_delivered = B_TRUE; 833 srp->tail = NULL; 834 } else { 835 dmp = hmp->b_cont; 836 hmp->b_cont = mp; 837 } 838 srp->hasBchunk = B_FALSE; 839 /* 840 * mp now points at the last chunk in the sequence, 841 * and prev points to mp's previous in the list. 842 * We chop the list at prev, and convert mp into the 843 * new list head by setting the B bit. Subsequence 844 * fragment deliveries will follow the normal reassembly 845 * path. 846 */ 847 prev->b_cont = NULL; 848 srp->partial_delivered = B_TRUE; 849 850 dprint(4, ("trypartial: got some, got=%d, needed=%d\n", 851 (int)(srp->got), (int)(srp->needed))); 852 853 /* 854 * Adjust all mblk's except the lead so their rptr's point to the 855 * payload. sctp_data_chunk() will need to process the lead's 856 * data chunk section, so leave it's rptr pointing at the data chunk. 857 */ 858 *dc = (sctp_data_hdr_t *)dmp->b_rptr; 859 if (srp->tail != NULL) { 860 srp->got--; 861 ASSERT(srp->got != 0); 862 if (srp->needed != 0) { 863 srp->needed--; 864 ASSERT(srp->needed != 0); 865 } 866 srp->msglen -= ntohs((*dc)->sdh_len); 867 } 868 for (qmp = dmp->b_cont; qmp != NULL; qmp = qmp->b_cont) { 869 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 870 qmp->b_rptr = (uchar_t *)(qdc + 1); 871 872 /* 873 * Deduct the balance from got and needed here, now that 874 * we know we are actually delivering these data. 875 */ 876 if (srp->tail != NULL) { 877 srp->got--; 878 ASSERT(srp->got != 0); 879 if (srp->needed != 0) { 880 srp->needed--; 881 ASSERT(srp->needed != 0); 882 } 883 srp->msglen -= ntohs(qdc->sdh_len); 884 } 885 } 886 ASSERT(srp->msglen == 0); 887 BUMP_LOCAL(sctp->sctp_reassmsgs); 888 889 return (dmp); 890 } 891 892 /* 893 * Fragment list for ordered messages. 894 * If no error occures, error is set to 0. If we run out of memory, error 895 * is set to 1. If the peer commits a fatal error (like using different 896 * sequence numbers for the same data fragment series), the association is 897 * aborted and error is set to 2. tpfinished indicates whether we have 898 * assembled a complete message, this is used in sctp_data_chunk() to 899 * see if we can try to send any queued message for this stream. 900 */ 901 static mblk_t * 902 sctp_data_frag(sctp_t *sctp, mblk_t *dmp, sctp_data_hdr_t **dc, int *error, 903 sctp_instr_t *sip, boolean_t *tpfinished) 904 { 905 mblk_t *hmp; 906 mblk_t *pmp; 907 mblk_t *qmp; 908 mblk_t *first_mp; 909 sctp_reass_t *srp; 910 sctp_data_hdr_t *qdc; 911 sctp_data_hdr_t *bdc; 912 sctp_data_hdr_t *edc; 913 uint32_t tsn; 914 uint16_t fraglen = 0; 915 916 *error = 0; 917 918 /* find the reassembly queue for this data chunk */ 919 hmp = qmp = sip->istr_reass; 920 for (; hmp != NULL; hmp = hmp->b_next) { 921 srp = (sctp_reass_t *)DB_BASE(hmp); 922 if (ntohs((*dc)->sdh_ssn) == srp->ssn) 923 goto foundit; 924 else if (SSN_GT(srp->ssn, ntohs((*dc)->sdh_ssn))) 925 break; 926 qmp = hmp; 927 } 928 929 /* 930 * Allocate a M_CTL that will contain information about this 931 * fragmented message. 932 */ 933 if ((pmp = allocb(sizeof (*srp), BPRI_MED)) == NULL) { 934 *error = 1; 935 return (NULL); 936 } 937 DB_TYPE(pmp) = M_CTL; 938 srp = (sctp_reass_t *)DB_BASE(pmp); 939 pmp->b_cont = dmp; 940 941 if (hmp != NULL) { 942 if (sip->istr_reass == hmp) { 943 sip->istr_reass = pmp; 944 pmp->b_next = hmp; 945 pmp->b_prev = NULL; 946 hmp->b_prev = pmp; 947 } else { 948 qmp->b_next = pmp; 949 pmp->b_prev = qmp; 950 pmp->b_next = hmp; 951 hmp->b_prev = pmp; 952 } 953 } else { 954 /* make a new reass head and stick it on the end */ 955 if (sip->istr_reass == NULL) { 956 sip->istr_reass = pmp; 957 pmp->b_prev = NULL; 958 } else { 959 qmp->b_next = pmp; 960 pmp->b_prev = qmp; 961 } 962 pmp->b_next = NULL; 963 } 964 srp->partial_delivered = B_FALSE; 965 srp->ssn = ntohs((*dc)->sdh_ssn); 966 empty_srp: 967 srp->needed = 0; 968 srp->got = 1; 969 srp->tail = dmp; 970 if (SCTP_DATA_GET_BBIT(*dc)) { 971 srp->msglen = ntohs((*dc)->sdh_len); 972 srp->nexttsn = ntohl((*dc)->sdh_tsn) + 1; 973 srp->hasBchunk = B_TRUE; 974 } else if (srp->partial_delivered && 975 srp->nexttsn == ntohl((*dc)->sdh_tsn)) { 976 SCTP_DATA_SET_BBIT(*dc); 977 /* Last fragment */ 978 if (SCTP_DATA_GET_EBIT(*dc)) { 979 srp->needed = 1; 980 goto frag_done; 981 } 982 srp->hasBchunk = B_TRUE; 983 srp->msglen = ntohs((*dc)->sdh_len); 984 srp->nexttsn++; 985 } 986 return (NULL); 987 foundit: 988 /* 989 * else already have a reassembly queue. Insert the new data chunk 990 * in the reassemble queue. Try the tail first, on the assumption 991 * that the fragments are coming in in order. 992 */ 993 qmp = srp->tail; 994 995 /* 996 * This means the message was partially delivered. 997 */ 998 if (qmp == NULL) { 999 ASSERT(srp->got == 0 && srp->needed == 0 && 1000 srp->partial_delivered); 1001 ASSERT(hmp->b_cont == NULL); 1002 hmp->b_cont = dmp; 1003 goto empty_srp; 1004 } 1005 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 1006 ASSERT(qmp->b_cont == NULL); 1007 1008 /* XXXIs it fine to do this just here? */ 1009 if ((*dc)->sdh_sid != qdc->sdh_sid) { 1010 /* our peer is fatally confused; XXX abort the assc */ 1011 *error = 2; 1012 return (NULL); 1013 } 1014 if (SEQ_GT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 1015 qmp->b_cont = dmp; 1016 srp->tail = dmp; 1017 dmp->b_cont = NULL; 1018 if (srp->hasBchunk && srp->nexttsn == ntohl((*dc)->sdh_tsn)) { 1019 srp->msglen += ntohs((*dc)->sdh_len); 1020 srp->nexttsn++; 1021 } 1022 goto inserted; 1023 } 1024 1025 /* Next check for insertion at the beginning */ 1026 qmp = hmp->b_cont; 1027 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 1028 if (SEQ_LT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 1029 dmp->b_cont = qmp; 1030 hmp->b_cont = dmp; 1031 if (SCTP_DATA_GET_BBIT(*dc)) { 1032 srp->hasBchunk = B_TRUE; 1033 srp->nexttsn = ntohl((*dc)->sdh_tsn); 1034 } 1035 goto preinserted; 1036 } 1037 1038 /* Insert somewhere in the middle */ 1039 for (;;) { 1040 /* Tail check above should have caught this */ 1041 ASSERT(qmp->b_cont != NULL); 1042 1043 qdc = (sctp_data_hdr_t *)qmp->b_cont->b_rptr; 1044 if (SEQ_LT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 1045 /* insert here */ 1046 dmp->b_cont = qmp->b_cont; 1047 qmp->b_cont = dmp; 1048 break; 1049 } 1050 qmp = qmp->b_cont; 1051 } 1052 preinserted: 1053 if (!srp->hasBchunk || ntohl((*dc)->sdh_tsn) != srp->nexttsn) 1054 goto inserted; 1055 /* 1056 * fraglen contains the length of consecutive chunks of fragments. 1057 * starting from the chunk inserted recently. 1058 */ 1059 tsn = srp->nexttsn; 1060 for (qmp = dmp; qmp != NULL; qmp = qmp->b_cont) { 1061 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 1062 if (tsn != ntohl(qdc->sdh_tsn)) 1063 break; 1064 fraglen += ntohs(qdc->sdh_len); 1065 tsn++; 1066 } 1067 srp->nexttsn = tsn; 1068 srp->msglen += fraglen; 1069 inserted: 1070 srp->got++; 1071 first_mp = hmp->b_cont; 1072 if (srp->needed == 0) { 1073 /* check if we have the first and last fragments */ 1074 bdc = (sctp_data_hdr_t *)first_mp->b_rptr; 1075 edc = (sctp_data_hdr_t *)srp->tail->b_rptr; 1076 1077 /* calculate how many fragments are needed, if possible */ 1078 if (SCTP_DATA_GET_BBIT(bdc) && SCTP_DATA_GET_EBIT(edc)) { 1079 srp->needed = ntohl(edc->sdh_tsn) - 1080 ntohl(bdc->sdh_tsn) + 1; 1081 } 1082 } 1083 1084 /* 1085 * Try partial delivery if the message length has exceeded the 1086 * partial delivery point. Only do this if we can immediately 1087 * deliver the partially assembled message, and only partially 1088 * deliver one message at a time (i.e. messages cannot be 1089 * intermixed arriving at the upper layer). A simple way to 1090 * enforce this is to only try partial delivery if this TSN is 1091 * the next expected TSN. Partial Delivery not supported 1092 * for un-ordered message. 1093 */ 1094 if (srp->needed != srp->got) { 1095 dmp = NULL; 1096 if (ntohl((*dc)->sdh_tsn) == sctp->sctp_ftsn && 1097 srp->msglen >= sctp->sctp_pd_point) { 1098 dmp = sctp_try_partial_delivery(sctp, hmp, srp, dc); 1099 *tpfinished = B_FALSE; 1100 } 1101 return (dmp); 1102 } 1103 frag_done: 1104 /* 1105 * else reassembly done; prepare the data for delivery. 1106 * First unlink hmp from the ssn list. 1107 */ 1108 if (sip->istr_reass == hmp) { 1109 sip->istr_reass = hmp->b_next; 1110 if (hmp->b_next) 1111 hmp->b_next->b_prev = NULL; 1112 } else { 1113 ASSERT(hmp->b_prev != NULL); 1114 hmp->b_prev->b_next = hmp->b_next; 1115 if (hmp->b_next) 1116 hmp->b_next->b_prev = hmp->b_prev; 1117 } 1118 1119 /* 1120 * Using b_prev and b_next was a little sinful, but OK since 1121 * this mblk is never put*'d. However, freeb() will still 1122 * ASSERT that they are unused, so we need to NULL them out now. 1123 */ 1124 hmp->b_next = NULL; 1125 hmp->b_prev = NULL; 1126 dmp = hmp; 1127 dmp = dmp->b_cont; 1128 hmp->b_cont = NULL; 1129 freeb(hmp); 1130 *tpfinished = B_TRUE; 1131 1132 /* 1133 * Adjust all mblk's except the lead so their rptr's point to the 1134 * payload. sctp_data_chunk() will need to process the lead's 1135 * data chunk section, so leave it's rptr pointing at the data chunk. 1136 */ 1137 *dc = (sctp_data_hdr_t *)dmp->b_rptr; 1138 for (qmp = dmp->b_cont; qmp != NULL; qmp = qmp->b_cont) { 1139 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 1140 qmp->b_rptr = (uchar_t *)(qdc + 1); 1141 } 1142 BUMP_LOCAL(sctp->sctp_reassmsgs); 1143 1144 return (dmp); 1145 } 1146 static void 1147 sctp_add_dup(uint32_t tsn, mblk_t **dups) 1148 { 1149 mblk_t *mp; 1150 size_t bsize = SCTP_DUP_MBLK_SZ * sizeof (tsn); 1151 1152 if (dups == NULL) { 1153 return; 1154 } 1155 1156 /* first time? */ 1157 if (*dups == NULL) { 1158 *dups = allocb(bsize, BPRI_MED); 1159 if (*dups == NULL) { 1160 return; 1161 } 1162 } 1163 1164 mp = *dups; 1165 if ((mp->b_wptr - mp->b_rptr) >= bsize) { 1166 /* maximum reached */ 1167 return; 1168 } 1169 1170 /* add the duplicate tsn */ 1171 bcopy(&tsn, mp->b_wptr, sizeof (tsn)); 1172 mp->b_wptr += sizeof (tsn); 1173 ASSERT((mp->b_wptr - mp->b_rptr) <= bsize); 1174 } 1175 1176 static void 1177 sctp_data_chunk(sctp_t *sctp, sctp_chunk_hdr_t *ch, mblk_t *mp, mblk_t **dups, 1178 sctp_faddr_t *fp, ip6_pkt_t *ipp) 1179 { 1180 sctp_data_hdr_t *dc; 1181 mblk_t *dmp, *pmp; 1182 sctp_instr_t *instr; 1183 int ubit; 1184 int isfrag; 1185 uint16_t ssn; 1186 uint32_t oftsn; 1187 boolean_t can_deliver = B_TRUE; 1188 uint32_t tsn; 1189 int dlen; 1190 boolean_t tpfinished = B_TRUE; 1191 int32_t new_rwnd; 1192 sctp_stack_t *sctps = sctp->sctp_sctps; 1193 int error; 1194 1195 /* The following are used multiple times, so we inline them */ 1196 #define SCTP_ACK_IT(sctp, tsn) \ 1197 if (tsn == sctp->sctp_ftsn) { \ 1198 dprint(2, ("data_chunk: acking next %x\n", tsn)); \ 1199 (sctp)->sctp_ftsn++; \ 1200 if ((sctp)->sctp_sack_gaps > 0) \ 1201 (sctp)->sctp_force_sack = 1; \ 1202 } else if (SEQ_GT(tsn, sctp->sctp_ftsn)) { \ 1203 /* Got a gap; record it */ \ 1204 BUMP_LOCAL(sctp->sctp_outseqtsns); \ 1205 dprint(2, ("data_chunk: acking gap %x\n", tsn)); \ 1206 sctp_ack_add(&sctp->sctp_sack_info, tsn, \ 1207 &sctp->sctp_sack_gaps); \ 1208 sctp->sctp_force_sack = 1; \ 1209 } 1210 1211 dmp = NULL; 1212 1213 dc = (sctp_data_hdr_t *)ch; 1214 tsn = ntohl(dc->sdh_tsn); 1215 1216 dprint(3, ("sctp_data_chunk: mp=%p tsn=%x\n", (void *)mp, tsn)); 1217 1218 /* Check for duplicates */ 1219 if (SEQ_LT(tsn, sctp->sctp_ftsn)) { 1220 dprint(4, ("sctp_data_chunk: dropping duplicate\n")); 1221 BUMP_LOCAL(sctp->sctp_idupchunks); 1222 sctp->sctp_force_sack = 1; 1223 sctp_add_dup(dc->sdh_tsn, dups); 1224 return; 1225 } 1226 1227 if (sctp->sctp_sack_info != NULL) { 1228 sctp_set_t *sp; 1229 1230 for (sp = sctp->sctp_sack_info; sp; sp = sp->next) { 1231 if (SEQ_GEQ(tsn, sp->begin) && SEQ_LEQ(tsn, sp->end)) { 1232 dprint(4, 1233 ("sctp_data_chunk: dropping dup > " 1234 "cumtsn\n")); 1235 BUMP_LOCAL(sctp->sctp_idupchunks); 1236 sctp->sctp_force_sack = 1; 1237 sctp_add_dup(dc->sdh_tsn, dups); 1238 return; 1239 } 1240 } 1241 } 1242 1243 /* We cannot deliver anything up now but we still need to handle it. */ 1244 if (SCTP_IS_DETACHED(sctp)) { 1245 BUMP_MIB(&sctps->sctps_mib, sctpInClosed); 1246 can_deliver = B_FALSE; 1247 } 1248 1249 dlen = ntohs(dc->sdh_len) - sizeof (*dc); 1250 1251 /* 1252 * Check for buffer space. Note if this is the next expected TSN 1253 * we have to take it to avoid deadlock because we cannot deliver 1254 * later queued TSNs and thus clear buffer space without it. 1255 * We drop anything that is purely zero window probe data here. 1256 */ 1257 if ((sctp->sctp_rwnd - sctp->sctp_rxqueued < dlen) && 1258 (tsn != sctp->sctp_ftsn || sctp->sctp_rwnd == 0)) { 1259 /* Drop and SACK, but don't advance the cumulative TSN. */ 1260 sctp->sctp_force_sack = 1; 1261 dprint(0, ("sctp_data_chunk: exceed rwnd %d rxqueued %d " 1262 "dlen %d ssn %d tsn %x\n", sctp->sctp_rwnd, 1263 sctp->sctp_rxqueued, dlen, ntohs(dc->sdh_ssn), 1264 ntohl(dc->sdh_tsn))); 1265 return; 1266 } 1267 1268 if (ntohs(dc->sdh_sid) >= sctp->sctp_num_istr) { 1269 sctp_bsc_t inval_parm; 1270 1271 /* Will populate the CAUSE block in the ERROR chunk. */ 1272 inval_parm.bsc_sid = dc->sdh_sid; 1273 /* RESERVED, ignored at the receiving end */ 1274 inval_parm.bsc_pad = 0; 1275 1276 /* ack and drop it */ 1277 sctp_add_err(sctp, SCTP_ERR_BAD_SID, (void *)&inval_parm, 1278 sizeof (sctp_bsc_t), fp); 1279 SCTP_ACK_IT(sctp, tsn); 1280 return; 1281 } 1282 1283 ubit = SCTP_DATA_GET_UBIT(dc); 1284 ASSERT(sctp->sctp_instr != NULL); 1285 instr = &sctp->sctp_instr[ntohs(dc->sdh_sid)]; 1286 /* Initialize the stream, if not yet used */ 1287 if (instr->sctp == NULL) 1288 instr->sctp = sctp; 1289 1290 isfrag = !(SCTP_DATA_GET_BBIT(dc) && SCTP_DATA_GET_EBIT(dc)); 1291 ssn = ntohs(dc->sdh_ssn); 1292 1293 dmp = dupb(mp); 1294 if (dmp == NULL) { 1295 /* drop it and don't ack it, causing the peer to retransmit */ 1296 return; 1297 } 1298 dmp->b_wptr = (uchar_t *)ch + ntohs(ch->sch_len); 1299 1300 sctp->sctp_rxqueued += dlen; 1301 1302 oftsn = sctp->sctp_ftsn; 1303 1304 if (isfrag) { 1305 1306 error = 0; 1307 /* fragmented data chunk */ 1308 dmp->b_rptr = (uchar_t *)dc; 1309 if (ubit) { 1310 dmp = sctp_uodata_frag(sctp, dmp, &dc); 1311 #if DEBUG 1312 if (dmp != NULL) { 1313 ASSERT(instr == 1314 &sctp->sctp_instr[ntohs(dc->sdh_sid)]); 1315 } 1316 #endif 1317 } else { 1318 dmp = sctp_data_frag(sctp, dmp, &dc, &error, instr, 1319 &tpfinished); 1320 } 1321 if (error != 0) { 1322 sctp->sctp_rxqueued -= dlen; 1323 if (error == 1) { 1324 /* 1325 * out of memory; don't ack it so 1326 * the peer retransmits 1327 */ 1328 return; 1329 } else if (error == 2) { 1330 /* 1331 * fatal error (i.e. peer used different 1332 * ssn's for same fragmented data) -- 1333 * the association has been aborted. 1334 * XXX need to return errval so state 1335 * machine can also abort processing. 1336 */ 1337 dprint(0, ("error 2: must not happen!\n")); 1338 return; 1339 } 1340 } 1341 1342 if (dmp == NULL) { 1343 /* 1344 * Can't process this data now, but the cumulative 1345 * TSN may be advanced, so do the checks at done. 1346 */ 1347 SCTP_ACK_IT(sctp, tsn); 1348 goto done; 1349 } 1350 } 1351 1352 /* 1353 * Insert complete messages in correct order for ordered delivery. 1354 * tpfinished is true when the incoming chunk contains a complete 1355 * message or is the final missing fragment which completed a message. 1356 */ 1357 if (!ubit && tpfinished && ssn != instr->nextseq) { 1358 /* Adjust rptr to point at the data chunk for compares */ 1359 dmp->b_rptr = (uchar_t *)dc; 1360 1361 dprint(2, 1362 ("data_chunk: inserted %x in pq (ssn %d expected %d)\n", 1363 ntohl(dc->sdh_tsn), (int)(ssn), (int)(instr->nextseq))); 1364 1365 if (instr->istr_msgs == NULL) { 1366 instr->istr_msgs = dmp; 1367 ASSERT(dmp->b_prev == NULL && dmp->b_next == NULL); 1368 } else { 1369 mblk_t *imblk = instr->istr_msgs; 1370 sctp_data_hdr_t *idc; 1371 1372 /* 1373 * XXXNeed to take sequence wraps into account, 1374 * ... and a more efficient insertion algo. 1375 */ 1376 for (;;) { 1377 idc = (sctp_data_hdr_t *)imblk->b_rptr; 1378 if (SSN_GT(ntohs(idc->sdh_ssn), 1379 ntohs(dc->sdh_ssn))) { 1380 if (instr->istr_msgs == imblk) { 1381 instr->istr_msgs = dmp; 1382 dmp->b_next = imblk; 1383 imblk->b_prev = dmp; 1384 } else { 1385 ASSERT(imblk->b_prev != NULL); 1386 imblk->b_prev->b_next = dmp; 1387 dmp->b_prev = imblk->b_prev; 1388 imblk->b_prev = dmp; 1389 dmp->b_next = imblk; 1390 } 1391 break; 1392 } 1393 if (imblk->b_next == NULL) { 1394 imblk->b_next = dmp; 1395 dmp->b_prev = imblk; 1396 break; 1397 } 1398 imblk = imblk->b_next; 1399 } 1400 } 1401 (instr->istr_nmsgs)++; 1402 (sctp->sctp_istr_nmsgs)++; 1403 SCTP_ACK_IT(sctp, tsn); 1404 return; 1405 } 1406 1407 /* 1408 * Else we can deliver the data directly. Recalculate 1409 * dlen now since we may have reassembled data. 1410 */ 1411 dlen = dmp->b_wptr - (uchar_t *)dc - sizeof (*dc); 1412 for (pmp = dmp->b_cont; pmp != NULL; pmp = pmp->b_cont) 1413 dlen += MBLKL(pmp); 1414 ASSERT(sctp->sctp_rxqueued >= dlen); 1415 1416 /* Deliver the message. */ 1417 sctp->sctp_rxqueued -= dlen; 1418 1419 if (can_deliver) { 1420 1421 dmp->b_rptr = (uchar_t *)(dc + 1); 1422 if (sctp_input_add_ancillary(sctp, &dmp, dc, fp, ipp) == 0) { 1423 dprint(1, ("sctp_data_chunk: delivering %lu bytes\n", 1424 msgdsize(dmp))); 1425 sctp->sctp_rwnd -= dlen; 1426 /* 1427 * Override b_flag for SCTP sockfs internal use 1428 */ 1429 dmp->b_flag = tpfinished ? 0 : SCTP_PARTIAL_DATA; 1430 new_rwnd = sctp->sctp_ulp_recv(sctp->sctp_ulpd, dmp, 1431 msgdsize(dmp), 0, &error, NULL); 1432 /* 1433 * Since we always deliver the next TSN data chunk, 1434 * we may buffer a little more than allowed. In 1435 * that case, just mark the window as 0. 1436 */ 1437 if (new_rwnd < 0) 1438 sctp->sctp_rwnd = 0; 1439 else if (new_rwnd > sctp->sctp_rwnd) 1440 sctp->sctp_rwnd = new_rwnd; 1441 SCTP_ACK_IT(sctp, tsn); 1442 } else { 1443 /* Just free the message if we don't have memory. */ 1444 freemsg(dmp); 1445 return; 1446 } 1447 } else { 1448 /* About to free the data */ 1449 freemsg(dmp); 1450 SCTP_ACK_IT(sctp, tsn); 1451 } 1452 1453 /* 1454 * data, now enqueued, may already have been processed and free'd 1455 * by the ULP (or we may have just freed it above, if we could not 1456 * deliver it), so we must not reference it (this is why we kept 1457 * the ssn and ubit above). 1458 */ 1459 if (ubit != 0) { 1460 BUMP_LOCAL(sctp->sctp_iudchunks); 1461 goto done; 1462 } 1463 BUMP_LOCAL(sctp->sctp_idchunks); 1464 1465 /* 1466 * If there was a partial delivery and it has not finished, 1467 * don't pull anything from the pqueues. 1468 */ 1469 if (!tpfinished) { 1470 goto done; 1471 } 1472 1473 instr->nextseq = ssn + 1; 1474 /* Deliver any successive data chunks in the instr queue */ 1475 while (instr->istr_nmsgs > 0) { 1476 dmp = (mblk_t *)instr->istr_msgs; 1477 dc = (sctp_data_hdr_t *)dmp->b_rptr; 1478 ssn = ntohs(dc->sdh_ssn); 1479 /* Gap in the sequence */ 1480 if (ssn != instr->nextseq) 1481 break; 1482 1483 /* Else deliver the data */ 1484 (instr->istr_nmsgs)--; 1485 (instr->nextseq)++; 1486 (sctp->sctp_istr_nmsgs)--; 1487 1488 instr->istr_msgs = instr->istr_msgs->b_next; 1489 if (instr->istr_msgs != NULL) 1490 instr->istr_msgs->b_prev = NULL; 1491 dmp->b_next = dmp->b_prev = NULL; 1492 1493 dprint(2, ("data_chunk: pulling %x from pq (ssn %d)\n", 1494 ntohl(dc->sdh_tsn), (int)ssn)); 1495 1496 /* 1497 * If this chunk was reassembled, each b_cont represents 1498 * another TSN; advance ftsn now. 1499 */ 1500 dlen = dmp->b_wptr - dmp->b_rptr - sizeof (*dc); 1501 for (pmp = dmp->b_cont; pmp; pmp = pmp->b_cont) 1502 dlen += MBLKL(pmp); 1503 1504 ASSERT(sctp->sctp_rxqueued >= dlen); 1505 1506 sctp->sctp_rxqueued -= dlen; 1507 if (can_deliver) { 1508 dmp->b_rptr = (uchar_t *)(dc + 1); 1509 if (sctp_input_add_ancillary(sctp, &dmp, dc, fp, 1510 ipp) == 0) { 1511 dprint(1, ("sctp_data_chunk: delivering %lu " 1512 "bytes\n", msgdsize(dmp))); 1513 sctp->sctp_rwnd -= dlen; 1514 /* 1515 * Override b_flag for SCTP sockfs internal use 1516 */ 1517 dmp->b_flag = tpfinished ? 1518 0 : SCTP_PARTIAL_DATA; 1519 new_rwnd = sctp->sctp_ulp_recv(sctp->sctp_ulpd, 1520 dmp, msgdsize(dmp), 0, &error, NULL); 1521 if (new_rwnd < 0) 1522 sctp->sctp_rwnd = 0; 1523 else if (new_rwnd > sctp->sctp_rwnd) 1524 sctp->sctp_rwnd = new_rwnd; 1525 SCTP_ACK_IT(sctp, tsn); 1526 } else { 1527 freemsg(dmp); 1528 return; 1529 } 1530 } else { 1531 /* About to free the data */ 1532 freemsg(dmp); 1533 SCTP_ACK_IT(sctp, tsn); 1534 } 1535 } 1536 1537 done: 1538 1539 /* 1540 * If there are gap reports pending, check if advancing 1541 * the ftsn here closes a gap. If so, we can advance 1542 * ftsn to the end of the set. 1543 */ 1544 if (sctp->sctp_sack_info != NULL && 1545 sctp->sctp_ftsn == sctp->sctp_sack_info->begin) { 1546 sctp->sctp_ftsn = sctp->sctp_sack_info->end + 1; 1547 } 1548 /* 1549 * If ftsn has moved forward, maybe we can remove gap reports. 1550 * NB: dmp may now be NULL, so don't dereference it here. 1551 */ 1552 if (oftsn != sctp->sctp_ftsn && sctp->sctp_sack_info != NULL) { 1553 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 1554 &sctp->sctp_sack_gaps); 1555 dprint(2, ("data_chunk: removed acks before %x (num=%d)\n", 1556 sctp->sctp_ftsn - 1, sctp->sctp_sack_gaps)); 1557 } 1558 1559 #ifdef DEBUG 1560 if (sctp->sctp_sack_info != NULL) { 1561 ASSERT(sctp->sctp_ftsn != sctp->sctp_sack_info->begin); 1562 } 1563 #endif 1564 1565 #undef SCTP_ACK_IT 1566 } 1567 1568 void 1569 sctp_fill_sack(sctp_t *sctp, unsigned char *dst, int sacklen) 1570 { 1571 sctp_chunk_hdr_t *sch; 1572 sctp_sack_chunk_t *sc; 1573 sctp_sack_frag_t *sf; 1574 uint16_t num_gaps = sctp->sctp_sack_gaps; 1575 sctp_set_t *sp; 1576 1577 /* Chunk hdr */ 1578 sch = (sctp_chunk_hdr_t *)dst; 1579 sch->sch_id = CHUNK_SACK; 1580 sch->sch_flags = 0; 1581 sch->sch_len = htons(sacklen); 1582 1583 /* SACK chunk */ 1584 sctp->sctp_lastacked = sctp->sctp_ftsn - 1; 1585 1586 sc = (sctp_sack_chunk_t *)(sch + 1); 1587 sc->ssc_cumtsn = htonl(sctp->sctp_lastacked); 1588 if (sctp->sctp_rxqueued < sctp->sctp_rwnd) { 1589 sc->ssc_a_rwnd = htonl(sctp->sctp_rwnd - sctp->sctp_rxqueued); 1590 } else { 1591 sc->ssc_a_rwnd = 0; 1592 } 1593 sc->ssc_numfrags = htons(num_gaps); 1594 sc->ssc_numdups = 0; 1595 1596 /* lay in gap reports */ 1597 sf = (sctp_sack_frag_t *)(sc + 1); 1598 for (sp = sctp->sctp_sack_info; sp; sp = sp->next) { 1599 uint16_t offset; 1600 1601 /* start */ 1602 if (sp->begin > sctp->sctp_lastacked) { 1603 offset = (uint16_t)(sp->begin - sctp->sctp_lastacked); 1604 } else { 1605 /* sequence number wrap */ 1606 offset = (uint16_t)(UINT32_MAX - sctp->sctp_lastacked + 1607 sp->begin); 1608 } 1609 sf->ssf_start = htons(offset); 1610 1611 /* end */ 1612 if (sp->end >= sp->begin) { 1613 offset += (uint16_t)(sp->end - sp->begin); 1614 } else { 1615 /* sequence number wrap */ 1616 offset += (uint16_t)(UINT32_MAX - sp->begin + sp->end); 1617 } 1618 sf->ssf_end = htons(offset); 1619 1620 sf++; 1621 /* This is just for debugging (a la the following assertion) */ 1622 num_gaps--; 1623 } 1624 1625 ASSERT(num_gaps == 0); 1626 1627 /* If the SACK timer is running, stop it */ 1628 if (sctp->sctp_ack_timer_running) { 1629 sctp_timer_stop(sctp->sctp_ack_mp); 1630 sctp->sctp_ack_timer_running = B_FALSE; 1631 } 1632 1633 BUMP_LOCAL(sctp->sctp_obchunks); 1634 BUMP_LOCAL(sctp->sctp_osacks); 1635 } 1636 1637 mblk_t * 1638 sctp_make_sack(sctp_t *sctp, sctp_faddr_t *sendto, mblk_t *dups) 1639 { 1640 mblk_t *smp; 1641 size_t slen; 1642 sctp_chunk_hdr_t *sch; 1643 sctp_sack_chunk_t *sc; 1644 int32_t acks_max; 1645 sctp_stack_t *sctps = sctp->sctp_sctps; 1646 uint32_t dups_len; 1647 sctp_faddr_t *fp; 1648 1649 if (sctp->sctp_force_sack) { 1650 sctp->sctp_force_sack = 0; 1651 goto checks_done; 1652 } 1653 1654 acks_max = sctps->sctps_deferred_acks_max; 1655 if (sctp->sctp_state == SCTPS_ESTABLISHED) { 1656 if (sctp->sctp_sack_toggle < acks_max) { 1657 /* no need to SACK right now */ 1658 dprint(2, ("sctp_make_sack: %p no sack (toggle)\n", 1659 (void *)sctp)); 1660 return (NULL); 1661 } else if (sctp->sctp_sack_toggle >= acks_max) { 1662 sctp->sctp_sack_toggle = 0; 1663 } 1664 } 1665 1666 if (sctp->sctp_ftsn == sctp->sctp_lastacked + 1) { 1667 dprint(2, ("sctp_make_sack: %p no sack (already)\n", 1668 (void *)sctp)); 1669 return (NULL); 1670 } 1671 1672 checks_done: 1673 dprint(2, ("sctp_make_sack: acking %x\n", sctp->sctp_ftsn - 1)); 1674 1675 if (dups != NULL) 1676 dups_len = MBLKL(dups); 1677 else 1678 dups_len = 0; 1679 slen = sizeof (*sch) + sizeof (*sc) + 1680 (sizeof (sctp_sack_frag_t) * sctp->sctp_sack_gaps); 1681 1682 /* 1683 * If there are error chunks, check and see if we can send the 1684 * SACK chunk and error chunks together in one packet. If not, 1685 * send the error chunks out now. 1686 */ 1687 if (sctp->sctp_err_chunks != NULL) { 1688 fp = SCTP_CHUNK_DEST(sctp->sctp_err_chunks); 1689 if (sctp->sctp_err_len + slen + dups_len > fp->sfa_pmss) { 1690 if ((smp = sctp_make_mp(sctp, fp, 0)) == NULL) { 1691 SCTP_KSTAT(sctps, sctp_send_err_failed); 1692 SCTP_KSTAT(sctps, sctp_send_sack_failed); 1693 freemsg(sctp->sctp_err_chunks); 1694 sctp->sctp_err_chunks = NULL; 1695 sctp->sctp_err_len = 0; 1696 return (NULL); 1697 } 1698 smp->b_cont = sctp->sctp_err_chunks; 1699 sctp_set_iplen(sctp, smp); 1700 sctp_add_sendq(sctp, smp); 1701 sctp->sctp_err_chunks = NULL; 1702 sctp->sctp_err_len = 0; 1703 } 1704 } 1705 smp = sctp_make_mp(sctp, sendto, slen); 1706 if (smp == NULL) { 1707 SCTP_KSTAT(sctps, sctp_send_sack_failed); 1708 return (NULL); 1709 } 1710 sch = (sctp_chunk_hdr_t *)smp->b_wptr; 1711 1712 sctp_fill_sack(sctp, smp->b_wptr, slen); 1713 smp->b_wptr += slen; 1714 if (dups != NULL) { 1715 sc = (sctp_sack_chunk_t *)(sch + 1); 1716 sc->ssc_numdups = htons(MBLKL(dups) / sizeof (uint32_t)); 1717 sch->sch_len = htons(slen + dups_len); 1718 smp->b_cont = dups; 1719 } 1720 1721 if (sctp->sctp_err_chunks != NULL) { 1722 linkb(smp, sctp->sctp_err_chunks); 1723 sctp->sctp_err_chunks = NULL; 1724 sctp->sctp_err_len = 0; 1725 } 1726 return (smp); 1727 } 1728 1729 /* 1730 * Check and see if we need to send a SACK chunk. If it is needed, 1731 * send it out. Return true if a SACK chunk is sent, false otherwise. 1732 */ 1733 boolean_t 1734 sctp_sack(sctp_t *sctp, mblk_t *dups) 1735 { 1736 mblk_t *smp; 1737 sctp_stack_t *sctps = sctp->sctp_sctps; 1738 1739 /* If we are shutting down, let send_shutdown() bundle the SACK */ 1740 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 1741 sctp_send_shutdown(sctp, 0); 1742 } 1743 1744 ASSERT(sctp->sctp_lastdata != NULL); 1745 1746 if ((smp = sctp_make_sack(sctp, sctp->sctp_lastdata, dups)) == NULL) { 1747 /* The caller of sctp_sack() will not free the dups mblk. */ 1748 if (dups != NULL) 1749 freeb(dups); 1750 return (B_FALSE); 1751 } 1752 sctp_set_iplen(sctp, smp); 1753 1754 dprint(2, ("sctp_sack: sending to %p %x:%x:%x:%x\n", 1755 (void *)sctp->sctp_lastdata, 1756 SCTP_PRINTADDR(sctp->sctp_lastdata->faddr))); 1757 1758 sctp->sctp_active = lbolt64; 1759 1760 BUMP_MIB(&sctps->sctps_mib, sctpOutAck); 1761 sctp_add_sendq(sctp, smp); 1762 return (B_TRUE); 1763 } 1764 1765 /* 1766 * This is called if we have a message that was partially sent and is 1767 * abandoned. The cum TSN will be the last chunk sent for this message, 1768 * subsequent chunks will be marked ABANDONED. We send a Forward TSN 1769 * chunk in this case with the TSN of the last sent chunk so that the 1770 * peer can clean up its fragment list for this message. This message 1771 * will be removed from the transmit list when the peer sends a SACK 1772 * back. 1773 */ 1774 int 1775 sctp_check_abandoned_msg(sctp_t *sctp, mblk_t *meta) 1776 { 1777 sctp_data_hdr_t *dh; 1778 mblk_t *nmp; 1779 mblk_t *head; 1780 int32_t unsent = 0; 1781 mblk_t *mp1 = meta->b_cont; 1782 uint32_t adv_pap = sctp->sctp_adv_pap; 1783 sctp_faddr_t *fp = sctp->sctp_current; 1784 sctp_stack_t *sctps = sctp->sctp_sctps; 1785 1786 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1787 if (SEQ_GEQ(sctp->sctp_lastack_rxd, ntohl(dh->sdh_tsn))) { 1788 sctp_ftsn_set_t *sets = NULL; 1789 uint_t nsets = 0; 1790 uint32_t seglen = sizeof (uint32_t); 1791 boolean_t ubit = SCTP_DATA_GET_UBIT(dh); 1792 1793 while (mp1->b_next != NULL && SCTP_CHUNK_ISSENT(mp1->b_next)) 1794 mp1 = mp1->b_next; 1795 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1796 sctp->sctp_adv_pap = ntohl(dh->sdh_tsn); 1797 if (!ubit && 1798 !sctp_add_ftsn_set(&sets, fp, meta, &nsets, &seglen)) { 1799 sctp->sctp_adv_pap = adv_pap; 1800 return (ENOMEM); 1801 } 1802 nmp = sctp_make_ftsn_chunk(sctp, fp, sets, nsets, seglen); 1803 sctp_free_ftsn_set(sets); 1804 if (nmp == NULL) { 1805 sctp->sctp_adv_pap = adv_pap; 1806 return (ENOMEM); 1807 } 1808 head = sctp_add_proto_hdr(sctp, fp, nmp, 0, NULL); 1809 if (head == NULL) { 1810 sctp->sctp_adv_pap = adv_pap; 1811 freemsg(nmp); 1812 SCTP_KSTAT(sctps, sctp_send_ftsn_failed); 1813 return (ENOMEM); 1814 } 1815 SCTP_MSG_SET_ABANDONED(meta); 1816 sctp_set_iplen(sctp, head); 1817 sctp_add_sendq(sctp, head); 1818 if (!fp->timer_running) 1819 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->rto); 1820 mp1 = mp1->b_next; 1821 while (mp1 != NULL) { 1822 ASSERT(!SCTP_CHUNK_ISSENT(mp1)); 1823 ASSERT(!SCTP_CHUNK_ABANDONED(mp1)); 1824 SCTP_ABANDON_CHUNK(mp1); 1825 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1826 unsent += ntohs(dh->sdh_len) - sizeof (*dh); 1827 mp1 = mp1->b_next; 1828 } 1829 ASSERT(sctp->sctp_unsent >= unsent); 1830 sctp->sctp_unsent -= unsent; 1831 /* 1832 * Update ULP the amount of queued data, which is 1833 * sent-unack'ed + unsent. 1834 */ 1835 if (!SCTP_IS_DETACHED(sctp)) 1836 SCTP_TXQ_UPDATE(sctp); 1837 return (0); 1838 } 1839 return (-1); 1840 } 1841 1842 uint32_t 1843 sctp_cumack(sctp_t *sctp, uint32_t tsn, mblk_t **first_unacked) 1844 { 1845 mblk_t *ump, *nump, *mp = NULL; 1846 uint16_t chunklen; 1847 uint32_t xtsn; 1848 sctp_faddr_t *fp; 1849 sctp_data_hdr_t *sdc; 1850 uint32_t cumack_forward = 0; 1851 sctp_msg_hdr_t *mhdr; 1852 sctp_stack_t *sctps = sctp->sctp_sctps; 1853 1854 ump = sctp->sctp_xmit_head; 1855 1856 /* 1857 * Free messages only when they're completely acked. 1858 */ 1859 while (ump != NULL) { 1860 mhdr = (sctp_msg_hdr_t *)ump->b_rptr; 1861 for (mp = ump->b_cont; mp != NULL; mp = mp->b_next) { 1862 if (SCTP_CHUNK_ABANDONED(mp)) { 1863 ASSERT(SCTP_IS_MSG_ABANDONED(ump)); 1864 mp = NULL; 1865 break; 1866 } 1867 /* 1868 * We check for abandoned message if we are PR-SCTP 1869 * aware, if this is not the first chunk in the 1870 * message (b_cont) and if the message is marked 1871 * abandoned. 1872 */ 1873 if (!SCTP_CHUNK_ISSENT(mp)) { 1874 if (sctp->sctp_prsctp_aware && 1875 mp != ump->b_cont && 1876 (SCTP_IS_MSG_ABANDONED(ump) || 1877 SCTP_MSG_TO_BE_ABANDONED(ump, mhdr, 1878 sctp))) { 1879 (void) sctp_check_abandoned_msg(sctp, 1880 ump); 1881 } 1882 goto cum_ack_done; 1883 } 1884 sdc = (sctp_data_hdr_t *)mp->b_rptr; 1885 xtsn = ntohl(sdc->sdh_tsn); 1886 if (SEQ_GEQ(sctp->sctp_lastack_rxd, xtsn)) 1887 continue; 1888 if (SEQ_GEQ(tsn, xtsn)) { 1889 fp = SCTP_CHUNK_DEST(mp); 1890 chunklen = ntohs(sdc->sdh_len); 1891 1892 if (sctp->sctp_out_time != 0 && 1893 xtsn == sctp->sctp_rtt_tsn) { 1894 /* Got a new RTT measurement */ 1895 sctp_update_rtt(sctp, fp, 1896 lbolt64 - sctp->sctp_out_time); 1897 sctp->sctp_out_time = 0; 1898 } 1899 if (SCTP_CHUNK_ISACKED(mp)) 1900 continue; 1901 SCTP_CHUNK_SET_SACKCNT(mp, 0); 1902 SCTP_CHUNK_ACKED(mp); 1903 ASSERT(fp->suna >= chunklen); 1904 fp->suna -= chunklen; 1905 fp->acked += chunklen; 1906 cumack_forward += chunklen; 1907 ASSERT(sctp->sctp_unacked >= 1908 (chunklen - sizeof (*sdc))); 1909 sctp->sctp_unacked -= 1910 (chunklen - sizeof (*sdc)); 1911 if (fp->suna == 0) { 1912 /* all outstanding data acked */ 1913 fp->pba = 0; 1914 SCTP_FADDR_TIMER_STOP(fp); 1915 } else { 1916 SCTP_FADDR_TIMER_RESTART(sctp, fp, 1917 fp->rto); 1918 } 1919 } else { 1920 goto cum_ack_done; 1921 } 1922 } 1923 nump = ump->b_next; 1924 if (nump != NULL) 1925 nump->b_prev = NULL; 1926 if (ump == sctp->sctp_xmit_tail) 1927 sctp->sctp_xmit_tail = nump; 1928 if (SCTP_IS_MSG_ABANDONED(ump)) { 1929 BUMP_LOCAL(sctp->sctp_prsctpdrop); 1930 ump->b_next = NULL; 1931 sctp_sendfail_event(sctp, ump, 0, B_TRUE); 1932 } else { 1933 sctp_free_msg(ump); 1934 } 1935 sctp->sctp_xmit_head = ump = nump; 1936 } 1937 cum_ack_done: 1938 *first_unacked = mp; 1939 if (cumack_forward > 0) { 1940 BUMP_MIB(&sctps->sctps_mib, sctpInAck); 1941 if (SEQ_GT(sctp->sctp_lastack_rxd, sctp->sctp_recovery_tsn)) { 1942 sctp->sctp_recovery_tsn = sctp->sctp_lastack_rxd; 1943 } 1944 1945 /* 1946 * Update ULP the amount of queued data, which is 1947 * sent-unack'ed + unsent. 1948 */ 1949 if (!SCTP_IS_DETACHED(sctp)) 1950 SCTP_TXQ_UPDATE(sctp); 1951 1952 /* Time to send a shutdown? */ 1953 if (sctp->sctp_state == SCTPS_SHUTDOWN_PENDING) { 1954 sctp_send_shutdown(sctp, 0); 1955 } 1956 sctp->sctp_xmit_unacked = mp; 1957 } else { 1958 /* dup ack */ 1959 BUMP_MIB(&sctps->sctps_mib, sctpInDupAck); 1960 } 1961 sctp->sctp_lastack_rxd = tsn; 1962 if (SEQ_LT(sctp->sctp_adv_pap, sctp->sctp_lastack_rxd)) 1963 sctp->sctp_adv_pap = sctp->sctp_lastack_rxd; 1964 ASSERT(sctp->sctp_xmit_head || sctp->sctp_unacked == 0); 1965 1966 return (cumack_forward); 1967 } 1968 1969 static int 1970 sctp_set_frwnd(sctp_t *sctp, uint32_t frwnd) 1971 { 1972 uint32_t orwnd; 1973 1974 if (sctp->sctp_unacked > frwnd) { 1975 sctp->sctp_frwnd = 0; 1976 return (0); 1977 } 1978 orwnd = sctp->sctp_frwnd; 1979 sctp->sctp_frwnd = frwnd - sctp->sctp_unacked; 1980 if (orwnd < sctp->sctp_frwnd) { 1981 return (1); 1982 } else { 1983 return (0); 1984 } 1985 } 1986 1987 /* 1988 * For un-ordered messages. 1989 * Walk the sctp->sctp_uo_frag list and remove any fragments with TSN 1990 * less than/equal to ftsn. Fragments for un-ordered messages are 1991 * strictly in sequence (w.r.t TSN). 1992 */ 1993 static int 1994 sctp_ftsn_check_uo_frag(sctp_t *sctp, uint32_t ftsn) 1995 { 1996 mblk_t *hmp; 1997 mblk_t *hmp_next; 1998 sctp_data_hdr_t *dc; 1999 int dlen = 0; 2000 2001 hmp = sctp->sctp_uo_frags; 2002 while (hmp != NULL) { 2003 hmp_next = hmp->b_next; 2004 dc = (sctp_data_hdr_t *)hmp->b_rptr; 2005 if (SEQ_GT(ntohl(dc->sdh_tsn), ftsn)) 2006 return (dlen); 2007 sctp->sctp_uo_frags = hmp_next; 2008 if (hmp_next != NULL) 2009 hmp_next->b_prev = NULL; 2010 hmp->b_next = NULL; 2011 dlen += ntohs(dc->sdh_len) - sizeof (*dc); 2012 freeb(hmp); 2013 hmp = hmp_next; 2014 } 2015 return (dlen); 2016 } 2017 2018 /* 2019 * For ordered messages. 2020 * Check for existing fragments for an sid-ssn pair reported as abandoned, 2021 * hence will not receive, in the Forward TSN. If there are fragments, then 2022 * we just nuke them. If and when Partial Delivery API is supported, we 2023 * would need to send a notification to the upper layer about this. 2024 */ 2025 static int 2026 sctp_ftsn_check_frag(sctp_t *sctp, uint16_t ssn, sctp_instr_t *sip) 2027 { 2028 sctp_reass_t *srp; 2029 mblk_t *hmp; 2030 mblk_t *dmp; 2031 mblk_t *hmp_next; 2032 sctp_data_hdr_t *dc; 2033 int dlen = 0; 2034 2035 hmp = sip->istr_reass; 2036 while (hmp != NULL) { 2037 hmp_next = hmp->b_next; 2038 srp = (sctp_reass_t *)DB_BASE(hmp); 2039 if (SSN_GT(srp->ssn, ssn)) 2040 return (dlen); 2041 /* 2042 * If we had sent part of this message up, send a partial 2043 * delivery event. Since this is ordered delivery, we should 2044 * have sent partial message only for the next in sequence, 2045 * hence the ASSERT. See comments in sctp_data_chunk() for 2046 * trypartial. 2047 */ 2048 if (srp->partial_delivered) { 2049 ASSERT(sip->nextseq == srp->ssn); 2050 sctp_partial_delivery_event(sctp); 2051 } 2052 /* Take it out of the reass queue */ 2053 sip->istr_reass = hmp_next; 2054 if (hmp_next != NULL) 2055 hmp_next->b_prev = NULL; 2056 hmp->b_next = NULL; 2057 ASSERT(hmp->b_prev == NULL); 2058 dmp = hmp; 2059 ASSERT(DB_TYPE(hmp) == M_CTL); 2060 dmp = hmp->b_cont; 2061 hmp->b_cont = NULL; 2062 freeb(hmp); 2063 hmp = dmp; 2064 while (dmp != NULL) { 2065 dc = (sctp_data_hdr_t *)dmp->b_rptr; 2066 dlen += ntohs(dc->sdh_len) - sizeof (*dc); 2067 dmp = dmp->b_cont; 2068 } 2069 freemsg(hmp); 2070 hmp = hmp_next; 2071 } 2072 return (dlen); 2073 } 2074 2075 /* 2076 * Update sctp_ftsn to the cumulative TSN from the Forward TSN chunk. Remove 2077 * any SACK gaps less than the newly updated sctp_ftsn. Walk through the 2078 * sid-ssn pair in the Forward TSN and for each, clean the fragment list 2079 * for this pair, if needed, and check if we can deliver subsequent 2080 * messages, if any, from the instream queue (that were waiting for this 2081 * sid-ssn message to show up). Once we are done try to update the SACK 2082 * info. We could get a duplicate Forward TSN, in which case just send 2083 * a SACK. If any of the sid values in the the Forward TSN is invalid, 2084 * send back an "Invalid Stream Identifier" error and continue processing 2085 * the rest. 2086 */ 2087 static void 2088 sctp_process_forward_tsn(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp, 2089 ip6_pkt_t *ipp) 2090 { 2091 uint32_t *ftsn = (uint32_t *)(ch + 1); 2092 ftsn_entry_t *ftsn_entry; 2093 sctp_instr_t *instr; 2094 boolean_t can_deliver = B_TRUE; 2095 size_t dlen; 2096 int flen; 2097 mblk_t *dmp; 2098 mblk_t *pmp; 2099 sctp_data_hdr_t *dc; 2100 ssize_t remaining; 2101 sctp_stack_t *sctps = sctp->sctp_sctps; 2102 2103 *ftsn = ntohl(*ftsn); 2104 remaining = ntohs(ch->sch_len) - sizeof (*ch) - sizeof (*ftsn); 2105 2106 if (SCTP_IS_DETACHED(sctp)) { 2107 BUMP_MIB(&sctps->sctps_mib, sctpInClosed); 2108 can_deliver = B_FALSE; 2109 } 2110 /* 2111 * un-ordered messages don't have SID-SSN pair entries, we check 2112 * for any fragments (for un-ordered message) to be discarded using 2113 * the cumulative FTSN. 2114 */ 2115 flen = sctp_ftsn_check_uo_frag(sctp, *ftsn); 2116 if (flen > 0) { 2117 ASSERT(sctp->sctp_rxqueued >= flen); 2118 sctp->sctp_rxqueued -= flen; 2119 } 2120 ftsn_entry = (ftsn_entry_t *)(ftsn + 1); 2121 while (remaining >= sizeof (*ftsn_entry)) { 2122 ftsn_entry->ftsn_sid = ntohs(ftsn_entry->ftsn_sid); 2123 ftsn_entry->ftsn_ssn = ntohs(ftsn_entry->ftsn_ssn); 2124 if (ftsn_entry->ftsn_sid >= sctp->sctp_num_istr) { 2125 sctp_bsc_t inval_parm; 2126 2127 /* Will populate the CAUSE block in the ERROR chunk. */ 2128 inval_parm.bsc_sid = htons(ftsn_entry->ftsn_sid); 2129 /* RESERVED, ignored at the receiving end */ 2130 inval_parm.bsc_pad = 0; 2131 2132 sctp_add_err(sctp, SCTP_ERR_BAD_SID, 2133 (void *)&inval_parm, sizeof (sctp_bsc_t), fp); 2134 ftsn_entry++; 2135 remaining -= sizeof (*ftsn_entry); 2136 continue; 2137 } 2138 instr = &sctp->sctp_instr[ftsn_entry->ftsn_sid]; 2139 flen = sctp_ftsn_check_frag(sctp, ftsn_entry->ftsn_ssn, instr); 2140 /* Indicates frags were nuked, update rxqueued */ 2141 if (flen > 0) { 2142 ASSERT(sctp->sctp_rxqueued >= flen); 2143 sctp->sctp_rxqueued -= flen; 2144 } 2145 /* 2146 * It is possible to receive an FTSN chunk with SSN smaller 2147 * than then nextseq if this chunk is a retransmission because 2148 * of incomplete processing when it was first processed. 2149 */ 2150 if (SSN_GE(ftsn_entry->ftsn_ssn, instr->nextseq)) 2151 instr->nextseq = ftsn_entry->ftsn_ssn + 1; 2152 while (instr->istr_nmsgs > 0) { 2153 mblk_t *next; 2154 2155 dmp = (mblk_t *)instr->istr_msgs; 2156 dc = (sctp_data_hdr_t *)dmp->b_rptr; 2157 if (ntohs(dc->sdh_ssn) != instr->nextseq) 2158 break; 2159 2160 next = dmp->b_next; 2161 dlen = dmp->b_wptr - dmp->b_rptr - sizeof (*dc); 2162 for (pmp = dmp->b_cont; pmp != NULL; 2163 pmp = pmp->b_cont) { 2164 dlen += MBLKL(pmp); 2165 } 2166 if (can_deliver) { 2167 int32_t nrwnd; 2168 int error; 2169 2170 dmp->b_rptr = (uchar_t *)(dc + 1); 2171 dmp->b_next = NULL; 2172 ASSERT(dmp->b_prev == NULL); 2173 if (sctp_input_add_ancillary(sctp, 2174 &dmp, dc, fp, ipp) == 0) { 2175 sctp->sctp_rxqueued -= dlen; 2176 sctp->sctp_rwnd -= dlen; 2177 /* 2178 * Override b_flag for SCTP sockfs 2179 * internal use 2180 */ 2181 2182 dmp->b_flag = 0; 2183 nrwnd = sctp->sctp_ulp_recv( 2184 sctp->sctp_ulpd, dmp, msgdsize(dmp), 2185 0, &error, NULL); 2186 if (nrwnd < 0) 2187 sctp->sctp_rwnd = 0; 2188 else if (nrwnd > sctp->sctp_rwnd) 2189 sctp->sctp_rwnd = nrwnd; 2190 } else { 2191 /* 2192 * We will resume processing when 2193 * the FTSN chunk is re-xmitted. 2194 */ 2195 dmp->b_rptr = (uchar_t *)dc; 2196 dmp->b_next = next; 2197 dprint(0, 2198 ("FTSN dequeuing %u failed\n", 2199 ntohs(dc->sdh_ssn))); 2200 return; 2201 } 2202 } else { 2203 sctp->sctp_rxqueued -= dlen; 2204 ASSERT(dmp->b_prev == NULL); 2205 dmp->b_next = NULL; 2206 freemsg(dmp); 2207 } 2208 instr->istr_nmsgs--; 2209 instr->nextseq++; 2210 sctp->sctp_istr_nmsgs--; 2211 if (next != NULL) 2212 next->b_prev = NULL; 2213 instr->istr_msgs = next; 2214 } 2215 ftsn_entry++; 2216 remaining -= sizeof (*ftsn_entry); 2217 } 2218 /* Duplicate FTSN */ 2219 if (*ftsn <= (sctp->sctp_ftsn - 1)) { 2220 sctp->sctp_force_sack = 1; 2221 return; 2222 } 2223 /* Advance cum TSN to that reported in the Forward TSN chunk */ 2224 sctp->sctp_ftsn = *ftsn + 1; 2225 2226 /* Remove all the SACK gaps before the new cum TSN */ 2227 if (sctp->sctp_sack_info != NULL) { 2228 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 2229 &sctp->sctp_sack_gaps); 2230 } 2231 /* 2232 * If there are gap reports pending, check if advancing 2233 * the ftsn here closes a gap. If so, we can advance 2234 * ftsn to the end of the set. 2235 * If ftsn has moved forward, maybe we can remove gap reports. 2236 */ 2237 if (sctp->sctp_sack_info != NULL && 2238 sctp->sctp_ftsn == sctp->sctp_sack_info->begin) { 2239 sctp->sctp_ftsn = sctp->sctp_sack_info->end + 1; 2240 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 2241 &sctp->sctp_sack_gaps); 2242 } 2243 } 2244 2245 /* 2246 * When we have processed a SACK we check to see if we can advance the 2247 * cumulative TSN if there are abandoned chunks immediately following 2248 * the updated cumulative TSN. If there are, we attempt to send a 2249 * Forward TSN chunk. 2250 */ 2251 static void 2252 sctp_check_abandoned_data(sctp_t *sctp, sctp_faddr_t *fp) 2253 { 2254 mblk_t *meta = sctp->sctp_xmit_head; 2255 mblk_t *mp; 2256 mblk_t *nmp; 2257 uint32_t seglen; 2258 uint32_t adv_pap = sctp->sctp_adv_pap; 2259 2260 /* 2261 * We only check in the first meta since otherwise we can't 2262 * advance the cumulative ack point. We just look for chunks 2263 * marked for retransmission, else we might prematurely 2264 * send an FTSN for a sent, but unacked, chunk. 2265 */ 2266 for (mp = meta->b_cont; mp != NULL; mp = mp->b_next) { 2267 if (!SCTP_CHUNK_ISSENT(mp)) 2268 return; 2269 if (SCTP_CHUNK_WANT_REXMIT(mp)) 2270 break; 2271 } 2272 if (mp == NULL) 2273 return; 2274 sctp_check_adv_ack_pt(sctp, meta, mp); 2275 if (SEQ_GT(sctp->sctp_adv_pap, adv_pap)) { 2276 sctp_make_ftsns(sctp, meta, mp, &nmp, fp, &seglen); 2277 if (nmp == NULL) { 2278 sctp->sctp_adv_pap = adv_pap; 2279 if (!fp->timer_running) 2280 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->rto); 2281 return; 2282 } 2283 sctp_set_iplen(sctp, nmp); 2284 sctp_add_sendq(sctp, nmp); 2285 if (!fp->timer_running) 2286 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->rto); 2287 } 2288 } 2289 2290 /* 2291 * The processing here follows the same logic in sctp_got_sack(), the reason 2292 * we do this separately is because, usually, gap blocks are ordered and 2293 * we can process it in sctp_got_sack(). However if they aren't we would 2294 * need to do some additional non-optimal stuff when we start processing the 2295 * unordered gaps. To that effect sctp_got_sack() does the processing in the 2296 * simple case and this does the same in the more involved case. 2297 */ 2298 static uint32_t 2299 sctp_process_uo_gaps(sctp_t *sctp, uint32_t ctsn, sctp_sack_frag_t *ssf, 2300 int num_gaps, mblk_t *umphead, mblk_t *mphead, int *trysend, 2301 boolean_t *fast_recovery, uint32_t fr_xtsn) 2302 { 2303 uint32_t xtsn; 2304 uint32_t gapstart = 0; 2305 uint32_t gapend = 0; 2306 int gapcnt; 2307 uint16_t chunklen; 2308 sctp_data_hdr_t *sdc; 2309 int gstart; 2310 mblk_t *ump = umphead; 2311 mblk_t *mp = mphead; 2312 sctp_faddr_t *fp; 2313 uint32_t acked = 0; 2314 sctp_stack_t *sctps = sctp->sctp_sctps; 2315 2316 /* 2317 * gstart tracks the last (in the order of TSN) gapstart that 2318 * we process in this SACK gaps walk. 2319 */ 2320 gstart = ctsn; 2321 2322 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2323 xtsn = ntohl(sdc->sdh_tsn); 2324 for (gapcnt = 0; gapcnt < num_gaps; gapcnt++, ssf++) { 2325 if (gapstart != 0) { 2326 /* 2327 * If we have reached the end of the transmit list or 2328 * hit an unsent chunk or encountered an unordered gap 2329 * block start from the ctsn again. 2330 */ 2331 if (ump == NULL || !SCTP_CHUNK_ISSENT(mp) || 2332 SEQ_LT(ctsn + ntohs(ssf->ssf_start), xtsn)) { 2333 ump = umphead; 2334 mp = mphead; 2335 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2336 xtsn = ntohl(sdc->sdh_tsn); 2337 } 2338 } 2339 2340 gapstart = ctsn + ntohs(ssf->ssf_start); 2341 gapend = ctsn + ntohs(ssf->ssf_end); 2342 2343 /* 2344 * Sanity checks: 2345 * 2346 * 1. SACK for TSN we have not sent - ABORT 2347 * 2. Invalid or spurious gaps, ignore all gaps 2348 */ 2349 if (SEQ_GT(gapstart, sctp->sctp_ltsn - 1) || 2350 SEQ_GT(gapend, sctp->sctp_ltsn - 1)) { 2351 BUMP_MIB(&sctps->sctps_mib, sctpInAckUnsent); 2352 *trysend = -1; 2353 return (acked); 2354 } else if (SEQ_LT(gapend, gapstart) || 2355 SEQ_LEQ(gapstart, ctsn)) { 2356 break; 2357 } 2358 /* 2359 * The xtsn can be the TSN processed for the last gap 2360 * (gapend) or it could be the cumulative TSN. We continue 2361 * with the last xtsn as long as the gaps are ordered, when 2362 * we hit an unordered gap, we re-start from the cumulative 2363 * TSN. For the first gap it is always the cumulative TSN. 2364 */ 2365 while (xtsn != gapstart) { 2366 /* 2367 * We can't reliably check for reneged chunks 2368 * when walking the unordered list, so we don't. 2369 * In case the peer reneges then we will end up 2370 * sending the reneged chunk via timeout. 2371 */ 2372 mp = mp->b_next; 2373 if (mp == NULL) { 2374 ump = ump->b_next; 2375 /* 2376 * ump can't be NULL because of the sanity 2377 * check above. 2378 */ 2379 ASSERT(ump != NULL); 2380 mp = ump->b_cont; 2381 } 2382 /* 2383 * mp can't be unsent because of the sanity check 2384 * above. 2385 */ 2386 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2387 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2388 xtsn = ntohl(sdc->sdh_tsn); 2389 } 2390 /* 2391 * Now that we have found the chunk with TSN == 'gapstart', 2392 * let's walk till we hit the chunk with TSN == 'gapend'. 2393 * All intermediate chunks will be marked ACKED, if they 2394 * haven't already been. 2395 */ 2396 while (SEQ_LEQ(xtsn, gapend)) { 2397 /* 2398 * SACKed 2399 */ 2400 SCTP_CHUNK_SET_SACKCNT(mp, 0); 2401 if (!SCTP_CHUNK_ISACKED(mp)) { 2402 SCTP_CHUNK_ACKED(mp); 2403 2404 fp = SCTP_CHUNK_DEST(mp); 2405 chunklen = ntohs(sdc->sdh_len); 2406 ASSERT(fp->suna >= chunklen); 2407 fp->suna -= chunklen; 2408 if (fp->suna == 0) { 2409 /* All outstanding data acked. */ 2410 fp->pba = 0; 2411 SCTP_FADDR_TIMER_STOP(fp); 2412 } 2413 fp->acked += chunklen; 2414 acked += chunklen; 2415 sctp->sctp_unacked -= chunklen - sizeof (*sdc); 2416 ASSERT(sctp->sctp_unacked >= 0); 2417 } 2418 /* 2419 * Move to the next message in the transmit list 2420 * if we are done with all the chunks from the current 2421 * message. Note, it is possible to hit the end of the 2422 * transmit list here, i.e. if we have already completed 2423 * processing the gap block. 2424 */ 2425 mp = mp->b_next; 2426 if (mp == NULL) { 2427 ump = ump->b_next; 2428 if (ump == NULL) { 2429 ASSERT(xtsn == gapend); 2430 break; 2431 } 2432 mp = ump->b_cont; 2433 } 2434 /* 2435 * Likewise, we can hit an unsent chunk once we have 2436 * completed processing the gap block. 2437 */ 2438 if (!SCTP_CHUNK_ISSENT(mp)) { 2439 ASSERT(xtsn == gapend); 2440 break; 2441 } 2442 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2443 xtsn = ntohl(sdc->sdh_tsn); 2444 } 2445 /* 2446 * We keep track of the last gap we successfully processed 2447 * so that we can terminate the walk below for incrementing 2448 * the SACK count. 2449 */ 2450 if (SEQ_LT(gstart, gapstart)) 2451 gstart = gapstart; 2452 } 2453 /* 2454 * Check if have incremented the SACK count for all unacked TSNs in 2455 * sctp_got_sack(), if so we are done. 2456 */ 2457 if (SEQ_LEQ(gstart, fr_xtsn)) 2458 return (acked); 2459 2460 ump = umphead; 2461 mp = mphead; 2462 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2463 xtsn = ntohl(sdc->sdh_tsn); 2464 while (SEQ_LT(xtsn, gstart)) { 2465 /* 2466 * We have incremented SACK count for TSNs less than fr_tsn 2467 * in sctp_got_sack(), so don't increment them again here. 2468 */ 2469 if (SEQ_GT(xtsn, fr_xtsn) && !SCTP_CHUNK_ISACKED(mp)) { 2470 SCTP_CHUNK_SET_SACKCNT(mp, SCTP_CHUNK_SACKCNT(mp) + 1); 2471 if (SCTP_CHUNK_SACKCNT(mp) == 2472 sctps->sctps_fast_rxt_thresh) { 2473 SCTP_CHUNK_REXMIT(mp); 2474 sctp->sctp_chk_fast_rexmit = B_TRUE; 2475 *trysend = 1; 2476 if (!*fast_recovery) { 2477 /* 2478 * Entering fast recovery. 2479 */ 2480 fp = SCTP_CHUNK_DEST(mp); 2481 fp->ssthresh = fp->cwnd / 2; 2482 if (fp->ssthresh < 2 * fp->sfa_pmss) { 2483 fp->ssthresh = 2484 2 * fp->sfa_pmss; 2485 } 2486 fp->cwnd = fp->ssthresh; 2487 fp->pba = 0; 2488 sctp->sctp_recovery_tsn = 2489 sctp->sctp_ltsn - 1; 2490 *fast_recovery = B_TRUE; 2491 } 2492 } 2493 } 2494 mp = mp->b_next; 2495 if (mp == NULL) { 2496 ump = ump->b_next; 2497 /* We can't get to the end of the transmit list here */ 2498 ASSERT(ump != NULL); 2499 mp = ump->b_cont; 2500 } 2501 /* We can't hit an unsent chunk here */ 2502 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2503 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2504 xtsn = ntohl(sdc->sdh_tsn); 2505 } 2506 return (acked); 2507 } 2508 2509 static int 2510 sctp_got_sack(sctp_t *sctp, sctp_chunk_hdr_t *sch) 2511 { 2512 sctp_sack_chunk_t *sc; 2513 sctp_data_hdr_t *sdc; 2514 sctp_sack_frag_t *ssf; 2515 mblk_t *ump; 2516 mblk_t *mp; 2517 mblk_t *mp1; 2518 uint32_t cumtsn; 2519 uint32_t xtsn; 2520 uint32_t gapstart = 0; 2521 uint32_t gapend = 0; 2522 uint32_t acked = 0; 2523 uint16_t chunklen; 2524 sctp_faddr_t *fp; 2525 int num_gaps; 2526 int trysend = 0; 2527 int i; 2528 boolean_t fast_recovery = B_FALSE; 2529 boolean_t cumack_forward = B_FALSE; 2530 boolean_t fwd_tsn = B_FALSE; 2531 sctp_stack_t *sctps = sctp->sctp_sctps; 2532 2533 BUMP_LOCAL(sctp->sctp_ibchunks); 2534 BUMP_LOCAL(sctp->sctp_isacks); 2535 chunklen = ntohs(sch->sch_len); 2536 if (chunklen < (sizeof (*sch) + sizeof (*sc))) 2537 return (0); 2538 2539 sc = (sctp_sack_chunk_t *)(sch + 1); 2540 cumtsn = ntohl(sc->ssc_cumtsn); 2541 2542 dprint(2, ("got sack cumtsn %x -> %x\n", sctp->sctp_lastack_rxd, 2543 cumtsn)); 2544 2545 /* out of order */ 2546 if (SEQ_LT(cumtsn, sctp->sctp_lastack_rxd)) 2547 return (0); 2548 2549 if (SEQ_GT(cumtsn, sctp->sctp_ltsn - 1)) { 2550 BUMP_MIB(&sctps->sctps_mib, sctpInAckUnsent); 2551 /* Send an ABORT */ 2552 return (-1); 2553 } 2554 2555 /* 2556 * Cwnd only done when not in fast recovery mode. 2557 */ 2558 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_recovery_tsn)) 2559 fast_recovery = B_TRUE; 2560 2561 /* 2562 * .. and if the cum TSN is not moving ahead on account Forward TSN 2563 */ 2564 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_adv_pap)) 2565 fwd_tsn = B_TRUE; 2566 2567 if (cumtsn == sctp->sctp_lastack_rxd && 2568 (sctp->sctp_xmit_unacked == NULL || 2569 !SCTP_CHUNK_ABANDONED(sctp->sctp_xmit_unacked))) { 2570 if (sctp->sctp_xmit_unacked != NULL) 2571 mp = sctp->sctp_xmit_unacked; 2572 else if (sctp->sctp_xmit_head != NULL) 2573 mp = sctp->sctp_xmit_head->b_cont; 2574 else 2575 mp = NULL; 2576 BUMP_MIB(&sctps->sctps_mib, sctpInDupAck); 2577 /* 2578 * If we were doing a zero win probe and the win 2579 * has now opened to at least MSS, re-transmit the 2580 * zero win probe via sctp_rexmit_packet(). 2581 */ 2582 if (mp != NULL && sctp->sctp_zero_win_probe && 2583 ntohl(sc->ssc_a_rwnd) >= sctp->sctp_current->sfa_pmss) { 2584 mblk_t *pkt; 2585 uint_t pkt_len; 2586 mblk_t *mp1 = mp; 2587 mblk_t *meta = sctp->sctp_xmit_head; 2588 2589 /* 2590 * Reset the RTO since we have been backing-off 2591 * to send the ZWP. 2592 */ 2593 fp = sctp->sctp_current; 2594 fp->rto = fp->srtt + 4 * fp->rttvar; 2595 SCTP_MAX_RTO(sctp, fp); 2596 /* Resend the ZWP */ 2597 pkt = sctp_rexmit_packet(sctp, &meta, &mp1, fp, 2598 &pkt_len); 2599 if (pkt == NULL) { 2600 SCTP_KSTAT(sctps, sctp_ss_rexmit_failed); 2601 return (0); 2602 } 2603 ASSERT(pkt_len <= fp->sfa_pmss); 2604 sctp->sctp_zero_win_probe = B_FALSE; 2605 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn; 2606 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn; 2607 sctp_set_iplen(sctp, pkt); 2608 sctp_add_sendq(sctp, pkt); 2609 } 2610 } else { 2611 if (sctp->sctp_zero_win_probe) { 2612 /* 2613 * Reset the RTO since we have been backing-off 2614 * to send the ZWP. 2615 */ 2616 fp = sctp->sctp_current; 2617 fp->rto = fp->srtt + 4 * fp->rttvar; 2618 SCTP_MAX_RTO(sctp, fp); 2619 sctp->sctp_zero_win_probe = B_FALSE; 2620 /* This is probably not required */ 2621 if (!sctp->sctp_rexmitting) { 2622 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn; 2623 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn; 2624 } 2625 } 2626 acked = sctp_cumack(sctp, cumtsn, &mp); 2627 sctp->sctp_xmit_unacked = mp; 2628 if (acked > 0) { 2629 trysend = 1; 2630 cumack_forward = B_TRUE; 2631 if (fwd_tsn && SEQ_GEQ(sctp->sctp_lastack_rxd, 2632 sctp->sctp_adv_pap)) { 2633 cumack_forward = B_FALSE; 2634 } 2635 } 2636 } 2637 num_gaps = ntohs(sc->ssc_numfrags); 2638 UPDATE_LOCAL(sctp->sctp_gapcnt, num_gaps); 2639 if (num_gaps == 0 || mp == NULL || !SCTP_CHUNK_ISSENT(mp) || 2640 chunklen < (sizeof (*sch) + sizeof (*sc) + 2641 num_gaps * sizeof (*ssf))) { 2642 goto ret; 2643 } 2644 #ifdef DEBUG 2645 /* 2646 * Since we delete any message that has been acked completely, 2647 * the unacked chunk must belong to sctp_xmit_head (as 2648 * we don't have a back pointer from the mp to the meta data 2649 * we do this). 2650 */ 2651 { 2652 mblk_t *mp2 = sctp->sctp_xmit_head->b_cont; 2653 2654 while (mp2 != NULL) { 2655 if (mp2 == mp) 2656 break; 2657 mp2 = mp2->b_next; 2658 } 2659 ASSERT(mp2 != NULL); 2660 } 2661 #endif 2662 ump = sctp->sctp_xmit_head; 2663 2664 /* 2665 * Just remember where we started from, in case we need to call 2666 * sctp_process_uo_gaps() if the gap blocks are unordered. 2667 */ 2668 mp1 = mp; 2669 2670 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2671 xtsn = ntohl(sdc->sdh_tsn); 2672 ASSERT(xtsn == cumtsn + 1); 2673 2674 /* 2675 * Go through SACK gaps. They are ordered based on start TSN. 2676 */ 2677 ssf = (sctp_sack_frag_t *)(sc + 1); 2678 for (i = 0; i < num_gaps; i++, ssf++) { 2679 if (gapstart != 0) { 2680 /* check for unordered gap */ 2681 if (SEQ_LEQ(cumtsn + ntohs(ssf->ssf_start), gapstart)) { 2682 acked += sctp_process_uo_gaps(sctp, 2683 cumtsn, ssf, num_gaps - i, 2684 sctp->sctp_xmit_head, mp1, 2685 &trysend, &fast_recovery, gapstart); 2686 if (trysend < 0) { 2687 BUMP_MIB(&sctps->sctps_mib, 2688 sctpInAckUnsent); 2689 return (-1); 2690 } 2691 break; 2692 } 2693 } 2694 gapstart = cumtsn + ntohs(ssf->ssf_start); 2695 gapend = cumtsn + ntohs(ssf->ssf_end); 2696 2697 /* 2698 * Sanity checks: 2699 * 2700 * 1. SACK for TSN we have not sent - ABORT 2701 * 2. Invalid or spurious gaps, ignore all gaps 2702 */ 2703 if (SEQ_GT(gapstart, sctp->sctp_ltsn - 1) || 2704 SEQ_GT(gapend, sctp->sctp_ltsn - 1)) { 2705 BUMP_MIB(&sctps->sctps_mib, sctpInAckUnsent); 2706 return (-1); 2707 } else if (SEQ_LT(gapend, gapstart) || 2708 SEQ_LEQ(gapstart, cumtsn)) { 2709 break; 2710 } 2711 /* 2712 * Let's start at the current TSN (for the 1st gap we start 2713 * from the cumulative TSN, for subsequent ones we start from 2714 * where the previous gapend was found - second while loop 2715 * below) and walk the transmit list till we find the TSN 2716 * corresponding to gapstart. All the unacked chunks till we 2717 * get to the chunk with TSN == gapstart will have their 2718 * SACKCNT incremented by 1. Note since the gap blocks are 2719 * ordered, we won't be incrementing the SACKCNT for an 2720 * unacked chunk by more than one while processing the gap 2721 * blocks. If the SACKCNT for any unacked chunk exceeds 2722 * the fast retransmit threshold, we will fast retransmit 2723 * after processing all the gap blocks. 2724 */ 2725 ASSERT(SEQ_LEQ(xtsn, gapstart)); 2726 while (xtsn != gapstart) { 2727 SCTP_CHUNK_SET_SACKCNT(mp, SCTP_CHUNK_SACKCNT(mp) + 1); 2728 if (SCTP_CHUNK_SACKCNT(mp) == 2729 sctps->sctps_fast_rxt_thresh) { 2730 SCTP_CHUNK_REXMIT(mp); 2731 sctp->sctp_chk_fast_rexmit = B_TRUE; 2732 trysend = 1; 2733 if (!fast_recovery) { 2734 /* 2735 * Entering fast recovery. 2736 */ 2737 fp = SCTP_CHUNK_DEST(mp); 2738 fp->ssthresh = fp->cwnd / 2; 2739 if (fp->ssthresh < 2 * fp->sfa_pmss) { 2740 fp->ssthresh = 2741 2 * fp->sfa_pmss; 2742 } 2743 fp->cwnd = fp->ssthresh; 2744 fp->pba = 0; 2745 sctp->sctp_recovery_tsn = 2746 sctp->sctp_ltsn - 1; 2747 fast_recovery = B_TRUE; 2748 } 2749 } 2750 2751 /* 2752 * Peer may have reneged on this chunk, so un-sack 2753 * it now. If the peer did renege, we need to 2754 * readjust unacked. 2755 */ 2756 if (SCTP_CHUNK_ISACKED(mp)) { 2757 chunklen = ntohs(sdc->sdh_len); 2758 fp = SCTP_CHUNK_DEST(mp); 2759 fp->suna += chunklen; 2760 sctp->sctp_unacked += chunklen - sizeof (*sdc); 2761 SCTP_CHUNK_CLEAR_ACKED(mp); 2762 if (!fp->timer_running) { 2763 SCTP_FADDR_TIMER_RESTART(sctp, fp, 2764 fp->rto); 2765 } 2766 } 2767 2768 mp = mp->b_next; 2769 if (mp == NULL) { 2770 ump = ump->b_next; 2771 /* 2772 * ump can't be NULL given the sanity check 2773 * above. But if it is NULL, it means that 2774 * there is a data corruption. We'd better 2775 * panic. 2776 */ 2777 if (ump == NULL) { 2778 panic("Memory corruption detected: gap " 2779 "start TSN 0x%x missing from the " 2780 "xmit list: %p", gapstart, 2781 (void *)sctp); 2782 } 2783 mp = ump->b_cont; 2784 } 2785 /* 2786 * mp can't be unsent given the sanity check above. 2787 */ 2788 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2789 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2790 xtsn = ntohl(sdc->sdh_tsn); 2791 } 2792 /* 2793 * Now that we have found the chunk with TSN == 'gapstart', 2794 * let's walk till we hit the chunk with TSN == 'gapend'. 2795 * All intermediate chunks will be marked ACKED, if they 2796 * haven't already been. 2797 */ 2798 while (SEQ_LEQ(xtsn, gapend)) { 2799 /* 2800 * SACKed 2801 */ 2802 SCTP_CHUNK_SET_SACKCNT(mp, 0); 2803 if (!SCTP_CHUNK_ISACKED(mp)) { 2804 SCTP_CHUNK_ACKED(mp); 2805 2806 fp = SCTP_CHUNK_DEST(mp); 2807 chunklen = ntohs(sdc->sdh_len); 2808 ASSERT(fp->suna >= chunklen); 2809 fp->suna -= chunklen; 2810 if (fp->suna == 0) { 2811 /* All outstanding data acked. */ 2812 fp->pba = 0; 2813 SCTP_FADDR_TIMER_STOP(fp); 2814 } 2815 fp->acked += chunklen; 2816 acked += chunklen; 2817 sctp->sctp_unacked -= chunklen - sizeof (*sdc); 2818 ASSERT(sctp->sctp_unacked >= 0); 2819 } 2820 /* Go to the next chunk of the current message */ 2821 mp = mp->b_next; 2822 /* 2823 * Move to the next message in the transmit list 2824 * if we are done with all the chunks from the current 2825 * message. Note, it is possible to hit the end of the 2826 * transmit list here, i.e. if we have already completed 2827 * processing the gap block. But the TSN must be equal 2828 * to the gapend because of the above sanity check. 2829 * If it is not equal, it means that some data is 2830 * missing. 2831 * Also, note that we break here, which means we 2832 * continue processing gap blocks, if any. In case of 2833 * ordered gap blocks there can't be any following 2834 * this (if there is it will fail the sanity check 2835 * above). In case of un-ordered gap blocks we will 2836 * switch to sctp_process_uo_gaps(). In either case 2837 * it should be fine to continue with NULL ump/mp, 2838 * but we just reset it to xmit_head. 2839 */ 2840 if (mp == NULL) { 2841 ump = ump->b_next; 2842 if (ump == NULL) { 2843 if (xtsn != gapend) { 2844 panic("Memory corruption " 2845 "detected: gap end TSN " 2846 "0x%x missing from the " 2847 "xmit list: %p", gapend, 2848 (void *)sctp); 2849 } 2850 ump = sctp->sctp_xmit_head; 2851 mp = mp1; 2852 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2853 xtsn = ntohl(sdc->sdh_tsn); 2854 break; 2855 } 2856 mp = ump->b_cont; 2857 } 2858 /* 2859 * Likewise, we could hit an unsent chunk once we have 2860 * completed processing the gap block. Again, it is 2861 * fine to continue processing gap blocks with mp 2862 * pointing to the unsent chunk, because if there 2863 * are more ordered gap blocks, they will fail the 2864 * sanity check, and if there are un-ordered gap blocks, 2865 * we will continue processing in sctp_process_uo_gaps() 2866 * We just reset the mp to the one we started with. 2867 */ 2868 if (!SCTP_CHUNK_ISSENT(mp)) { 2869 ASSERT(xtsn == gapend); 2870 ump = sctp->sctp_xmit_head; 2871 mp = mp1; 2872 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2873 xtsn = ntohl(sdc->sdh_tsn); 2874 break; 2875 } 2876 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2877 xtsn = ntohl(sdc->sdh_tsn); 2878 } 2879 } 2880 if (sctp->sctp_prsctp_aware) 2881 sctp_check_abandoned_data(sctp, sctp->sctp_current); 2882 if (sctp->sctp_chk_fast_rexmit) 2883 sctp_fast_rexmit(sctp); 2884 ret: 2885 trysend += sctp_set_frwnd(sctp, ntohl(sc->ssc_a_rwnd)); 2886 2887 /* 2888 * If receive window is closed while there is unsent data, 2889 * set a timer for doing zero window probes. 2890 */ 2891 if (sctp->sctp_frwnd == 0 && sctp->sctp_unacked == 0 && 2892 sctp->sctp_unsent != 0) { 2893 SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current, 2894 sctp->sctp_current->rto); 2895 } 2896 2897 /* 2898 * Set cwnd for all destinations. 2899 * Congestion window gets increased only when cumulative 2900 * TSN moves forward, we're not in fast recovery, and 2901 * cwnd has been fully utilized (almost fully, need to allow 2902 * some leeway due to non-MSS sized messages). 2903 */ 2904 if (sctp->sctp_current->acked == acked) { 2905 /* 2906 * Fast-path, only data sent to sctp_current got acked. 2907 */ 2908 fp = sctp->sctp_current; 2909 if (cumack_forward && !fast_recovery && 2910 (fp->acked + fp->suna > fp->cwnd - fp->sfa_pmss)) { 2911 if (fp->cwnd < fp->ssthresh) { 2912 /* 2913 * Slow start 2914 */ 2915 if (fp->acked > fp->sfa_pmss) { 2916 fp->cwnd += fp->sfa_pmss; 2917 } else { 2918 fp->cwnd += fp->acked; 2919 } 2920 fp->cwnd = MIN(fp->cwnd, sctp->sctp_cwnd_max); 2921 } else { 2922 /* 2923 * Congestion avoidance 2924 */ 2925 fp->pba += fp->acked; 2926 if (fp->pba >= fp->cwnd) { 2927 fp->pba -= fp->cwnd; 2928 fp->cwnd += fp->sfa_pmss; 2929 fp->cwnd = MIN(fp->cwnd, 2930 sctp->sctp_cwnd_max); 2931 } 2932 } 2933 } 2934 /* 2935 * Limit the burst of transmitted data segments. 2936 */ 2937 if (fp->suna + sctps->sctps_maxburst * fp->sfa_pmss < 2938 fp->cwnd) { 2939 fp->cwnd = fp->suna + sctps->sctps_maxburst * 2940 fp->sfa_pmss; 2941 } 2942 fp->acked = 0; 2943 goto check_ss_rxmit; 2944 } 2945 for (fp = sctp->sctp_faddrs; fp != NULL; fp = fp->next) { 2946 if (cumack_forward && fp->acked && !fast_recovery && 2947 (fp->acked + fp->suna > fp->cwnd - fp->sfa_pmss)) { 2948 if (fp->cwnd < fp->ssthresh) { 2949 if (fp->acked > fp->sfa_pmss) { 2950 fp->cwnd += fp->sfa_pmss; 2951 } else { 2952 fp->cwnd += fp->acked; 2953 } 2954 fp->cwnd = MIN(fp->cwnd, sctp->sctp_cwnd_max); 2955 } else { 2956 fp->pba += fp->acked; 2957 if (fp->pba >= fp->cwnd) { 2958 fp->pba -= fp->cwnd; 2959 fp->cwnd += fp->sfa_pmss; 2960 fp->cwnd = MIN(fp->cwnd, 2961 sctp->sctp_cwnd_max); 2962 } 2963 } 2964 } 2965 if (fp->suna + sctps->sctps_maxburst * fp->sfa_pmss < 2966 fp->cwnd) { 2967 fp->cwnd = fp->suna + sctps->sctps_maxburst * 2968 fp->sfa_pmss; 2969 } 2970 fp->acked = 0; 2971 } 2972 fp = sctp->sctp_current; 2973 check_ss_rxmit: 2974 /* 2975 * If this is a SACK following a timeout, check if there are 2976 * still unacked chunks (sent before the timeout) that we can 2977 * send. 2978 */ 2979 if (sctp->sctp_rexmitting) { 2980 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_rxt_maxtsn)) { 2981 /* 2982 * As we are in retransmission phase, we may get a 2983 * SACK which indicates some new chunks are received 2984 * but cum_tsn does not advance. During this 2985 * phase, the other side advances cum_tsn only because 2986 * it receives our retransmitted chunks. Only 2987 * this signals that some chunks are still 2988 * missing. 2989 */ 2990 if (cumack_forward) { 2991 fp->rxt_unacked -= acked; 2992 sctp_ss_rexmit(sctp); 2993 } 2994 } else { 2995 sctp->sctp_rexmitting = B_FALSE; 2996 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn; 2997 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn; 2998 fp->rxt_unacked = 0; 2999 } 3000 } 3001 return (trysend); 3002 } 3003 3004 /* 3005 * Returns 0 if the caller should stop processing any more chunks, 3006 * 1 if the caller should skip this chunk and continue processing. 3007 */ 3008 static int 3009 sctp_strange_chunk(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp) 3010 { 3011 size_t len; 3012 3013 BUMP_LOCAL(sctp->sctp_ibchunks); 3014 /* check top two bits for action required */ 3015 if (ch->sch_id & 0x40) { /* also matches 0xc0 */ 3016 len = ntohs(ch->sch_len); 3017 sctp_add_err(sctp, SCTP_ERR_UNREC_CHUNK, ch, len, fp); 3018 3019 if ((ch->sch_id & 0xc0) == 0xc0) { 3020 /* skip and continue */ 3021 return (1); 3022 } else { 3023 /* stop processing */ 3024 return (0); 3025 } 3026 } 3027 if (ch->sch_id & 0x80) { 3028 /* skip and continue, no error */ 3029 return (1); 3030 } 3031 /* top two bits are clear; stop processing and no error */ 3032 return (0); 3033 } 3034 3035 /* 3036 * Basic sanity checks on all input chunks and parameters: they must 3037 * be of legitimate size for their purported type, and must follow 3038 * ordering conventions as defined in rfc2960. 3039 * 3040 * Returns 1 if the chunk and all encloded params are legitimate, 3041 * 0 otherwise. 3042 */ 3043 /*ARGSUSED*/ 3044 static int 3045 sctp_check_input(sctp_t *sctp, sctp_chunk_hdr_t *ch, ssize_t len, int first) 3046 { 3047 sctp_parm_hdr_t *ph; 3048 void *p = NULL; 3049 ssize_t clen; 3050 uint16_t ch_len; 3051 3052 ch_len = ntohs(ch->sch_len); 3053 if (ch_len > len) { 3054 return (0); 3055 } 3056 3057 switch (ch->sch_id) { 3058 case CHUNK_DATA: 3059 if (ch_len < sizeof (sctp_data_hdr_t)) { 3060 return (0); 3061 } 3062 return (1); 3063 case CHUNK_INIT: 3064 case CHUNK_INIT_ACK: 3065 { 3066 ssize_t remlen = len; 3067 3068 /* 3069 * INIT and INIT-ACK chunks must not be bundled with 3070 * any other. 3071 */ 3072 if (!first || sctp_next_chunk(ch, &remlen) != NULL || 3073 (ch_len < (sizeof (*ch) + 3074 sizeof (sctp_init_chunk_t)))) { 3075 return (0); 3076 } 3077 /* may have params that need checking */ 3078 p = (char *)(ch + 1) + sizeof (sctp_init_chunk_t); 3079 clen = ch_len - (sizeof (*ch) + 3080 sizeof (sctp_init_chunk_t)); 3081 } 3082 break; 3083 case CHUNK_SACK: 3084 if (ch_len < (sizeof (*ch) + sizeof (sctp_sack_chunk_t))) { 3085 return (0); 3086 } 3087 /* dup and gap reports checked by got_sack() */ 3088 return (1); 3089 case CHUNK_SHUTDOWN: 3090 if (ch_len < (sizeof (*ch) + sizeof (uint32_t))) { 3091 return (0); 3092 } 3093 return (1); 3094 case CHUNK_ABORT: 3095 case CHUNK_ERROR: 3096 if (ch_len < sizeof (*ch)) { 3097 return (0); 3098 } 3099 /* may have params that need checking */ 3100 p = ch + 1; 3101 clen = ch_len - sizeof (*ch); 3102 break; 3103 case CHUNK_ECNE: 3104 case CHUNK_CWR: 3105 case CHUNK_HEARTBEAT: 3106 case CHUNK_HEARTBEAT_ACK: 3107 /* Full ASCONF chunk and parameter checks are in asconf.c */ 3108 case CHUNK_ASCONF: 3109 case CHUNK_ASCONF_ACK: 3110 if (ch_len < sizeof (*ch)) { 3111 return (0); 3112 } 3113 /* heartbeat data checked by process_heartbeat() */ 3114 return (1); 3115 case CHUNK_SHUTDOWN_COMPLETE: 3116 { 3117 ssize_t remlen = len; 3118 3119 /* 3120 * SHUTDOWN-COMPLETE chunk must not be bundled with any 3121 * other 3122 */ 3123 if (!first || sctp_next_chunk(ch, &remlen) != NULL || 3124 ch_len < sizeof (*ch)) { 3125 return (0); 3126 } 3127 } 3128 return (1); 3129 case CHUNK_COOKIE: 3130 case CHUNK_COOKIE_ACK: 3131 case CHUNK_SHUTDOWN_ACK: 3132 if (ch_len < sizeof (*ch) || !first) { 3133 return (0); 3134 } 3135 return (1); 3136 case CHUNK_FORWARD_TSN: 3137 if (ch_len < (sizeof (*ch) + sizeof (uint32_t))) 3138 return (0); 3139 return (1); 3140 default: 3141 return (1); /* handled by strange_chunk() */ 3142 } 3143 3144 /* check and byteorder parameters */ 3145 if (clen <= 0) { 3146 return (1); 3147 } 3148 ASSERT(p != NULL); 3149 3150 ph = p; 3151 while (ph != NULL && clen > 0) { 3152 ch_len = ntohs(ph->sph_len); 3153 if (ch_len > len || ch_len < sizeof (*ph)) { 3154 return (0); 3155 } 3156 ph = sctp_next_parm(ph, &clen); 3157 } 3158 3159 /* All OK */ 3160 return (1); 3161 } 3162 3163 /* ARGSUSED */ 3164 static sctp_hdr_t * 3165 find_sctp_hdrs(mblk_t *mp, in6_addr_t *src, in6_addr_t *dst, 3166 uint_t *ifindex, uint_t *ip_hdr_len, ip6_pkt_t *ipp, ip_pktinfo_t *pinfo) 3167 { 3168 uchar_t *rptr; 3169 ipha_t *ip4h; 3170 ip6_t *ip6h; 3171 mblk_t *mp1; 3172 3173 rptr = mp->b_rptr; 3174 if (IPH_HDR_VERSION(rptr) == IPV4_VERSION) { 3175 *ip_hdr_len = IPH_HDR_LENGTH(rptr); 3176 ip4h = (ipha_t *)rptr; 3177 IN6_IPADDR_TO_V4MAPPED(ip4h->ipha_src, src); 3178 IN6_IPADDR_TO_V4MAPPED(ip4h->ipha_dst, dst); 3179 3180 ipp->ipp_fields |= IPPF_HOPLIMIT; 3181 ipp->ipp_hoplimit = ((ipha_t *)rptr)->ipha_ttl; 3182 if (pinfo != NULL && (pinfo->ip_pkt_flags & IPF_RECVIF)) { 3183 ipp->ipp_fields |= IPPF_IFINDEX; 3184 ipp->ipp_ifindex = pinfo->ip_pkt_ifindex; 3185 } 3186 } else { 3187 ASSERT(IPH_HDR_VERSION(rptr) == IPV6_VERSION); 3188 ip6h = (ip6_t *)rptr; 3189 ipp->ipp_fields = IPPF_HOPLIMIT; 3190 ipp->ipp_hoplimit = ip6h->ip6_hops; 3191 3192 if (ip6h->ip6_nxt != IPPROTO_SCTP) { 3193 /* Look for ifindex information */ 3194 if (ip6h->ip6_nxt == IPPROTO_RAW) { 3195 ip6i_t *ip6i = (ip6i_t *)ip6h; 3196 3197 if (ip6i->ip6i_flags & IP6I_IFINDEX) { 3198 ASSERT(ip6i->ip6i_ifindex != 0); 3199 ipp->ipp_fields |= IPPF_IFINDEX; 3200 ipp->ipp_ifindex = ip6i->ip6i_ifindex; 3201 } 3202 rptr = (uchar_t *)&ip6i[1]; 3203 mp->b_rptr = rptr; 3204 if (rptr == mp->b_wptr) { 3205 mp1 = mp->b_cont; 3206 freeb(mp); 3207 mp = mp1; 3208 rptr = mp->b_rptr; 3209 } 3210 ASSERT(mp->b_wptr - rptr >= 3211 IPV6_HDR_LEN + sizeof (sctp_hdr_t)); 3212 ip6h = (ip6_t *)rptr; 3213 } 3214 /* 3215 * Find any potentially interesting extension headers 3216 * as well as the length of the IPv6 + extension 3217 * headers. 3218 */ 3219 *ip_hdr_len = ip_find_hdr_v6(mp, ip6h, ipp, NULL); 3220 } else { 3221 *ip_hdr_len = IPV6_HDR_LEN; 3222 } 3223 *src = ip6h->ip6_src; 3224 *dst = ip6h->ip6_dst; 3225 } 3226 ASSERT((uintptr_t)(mp->b_wptr - rptr) <= (uintptr_t)INT_MAX); 3227 return ((sctp_hdr_t *)&rptr[*ip_hdr_len]); 3228 #undef IPVER 3229 } 3230 3231 static mblk_t * 3232 sctp_check_in_policy(mblk_t *mp, mblk_t *ipsec_mp) 3233 { 3234 ipsec_in_t *ii; 3235 boolean_t check = B_TRUE; 3236 boolean_t policy_present; 3237 ipha_t *ipha; 3238 ip6_t *ip6h; 3239 netstack_t *ns; 3240 ipsec_stack_t *ipss; 3241 3242 ii = (ipsec_in_t *)ipsec_mp->b_rptr; 3243 ASSERT(ii->ipsec_in_type == IPSEC_IN); 3244 ns = ii->ipsec_in_ns; 3245 ipss = ns->netstack_ipsec; 3246 3247 if (ii->ipsec_in_dont_check) { 3248 check = B_FALSE; 3249 if (!ii->ipsec_in_secure) { 3250 freeb(ipsec_mp); 3251 ipsec_mp = NULL; 3252 } 3253 } 3254 if (IPH_HDR_VERSION(mp->b_rptr) == IPV4_VERSION) { 3255 policy_present = ipss->ipsec_inbound_v4_policy_present; 3256 ipha = (ipha_t *)mp->b_rptr; 3257 ip6h = NULL; 3258 } else { 3259 policy_present = ipss->ipsec_inbound_v6_policy_present; 3260 ipha = NULL; 3261 ip6h = (ip6_t *)mp->b_rptr; 3262 } 3263 3264 if (check && policy_present) { 3265 /* 3266 * The conn_t parameter is NULL because we already know 3267 * nobody's home. 3268 */ 3269 ipsec_mp = ipsec_check_global_policy(ipsec_mp, (conn_t *)NULL, 3270 ipha, ip6h, B_TRUE, ns); 3271 if (ipsec_mp == NULL) 3272 return (NULL); 3273 } 3274 if (ipsec_mp != NULL) 3275 freeb(ipsec_mp); 3276 return (mp); 3277 } 3278 3279 /* Handle out-of-the-blue packets */ 3280 void 3281 sctp_ootb_input(mblk_t *mp, ill_t *recv_ill, zoneid_t zoneid, 3282 boolean_t mctl_present) 3283 { 3284 sctp_t *sctp; 3285 sctp_chunk_hdr_t *ch; 3286 sctp_hdr_t *sctph; 3287 in6_addr_t src, dst; 3288 uint_t ip_hdr_len; 3289 uint_t ifindex; 3290 ip6_pkt_t ipp; 3291 ssize_t mlen; 3292 ip_pktinfo_t *pinfo = NULL; 3293 mblk_t *first_mp; 3294 sctp_stack_t *sctps; 3295 ip_stack_t *ipst; 3296 3297 ASSERT(recv_ill != NULL); 3298 ipst = recv_ill->ill_ipst; 3299 sctps = ipst->ips_netstack->netstack_sctp; 3300 3301 BUMP_MIB(&sctps->sctps_mib, sctpOutOfBlue); 3302 BUMP_MIB(&sctps->sctps_mib, sctpInSCTPPkts); 3303 3304 if (sctps->sctps_gsctp == NULL) { 3305 /* 3306 * For non-zero stackids the default queue isn't created 3307 * until the first open, thus there can be a need to send 3308 * an error before then. But we can't do that, hence we just 3309 * drop the packet. Later during boot, when the default queue 3310 * has been setup, a retransmitted packet from the peer 3311 * will result in a error. 3312 */ 3313 ASSERT(sctps->sctps_netstack->netstack_stackid != 3314 GLOBAL_NETSTACKID); 3315 freemsg(mp); 3316 return; 3317 } 3318 3319 first_mp = mp; 3320 if (mctl_present) 3321 mp = mp->b_cont; 3322 3323 /* Initiate IPPf processing, if needed. */ 3324 if (IPP_ENABLED(IPP_LOCAL_IN, ipst)) { 3325 ip_process(IPP_LOCAL_IN, &mp, 3326 recv_ill->ill_phyint->phyint_ifindex); 3327 if (mp == NULL) { 3328 if (mctl_present) 3329 freeb(first_mp); 3330 return; 3331 } 3332 } 3333 3334 if (mp->b_cont != NULL) { 3335 /* 3336 * All subsequent code is vastly simplified if it can 3337 * assume a single contiguous chunk of data. 3338 */ 3339 if (pullupmsg(mp, -1) == 0) { 3340 BUMP_MIB(recv_ill->ill_ip_mib, ipIfStatsInDiscards); 3341 freemsg(first_mp); 3342 return; 3343 } 3344 } 3345 3346 /* 3347 * We don't really need to call this function... Need to 3348 * optimize later. 3349 */ 3350 sctph = find_sctp_hdrs(mp, &src, &dst, &ifindex, &ip_hdr_len, 3351 &ipp, pinfo); 3352 mlen = mp->b_wptr - (uchar_t *)(sctph + 1); 3353 if ((ch = sctp_first_chunk((uchar_t *)(sctph + 1), mlen)) == NULL) { 3354 dprint(3, ("sctp_ootb_input: invalid packet\n")); 3355 BUMP_MIB(recv_ill->ill_ip_mib, ipIfStatsInDiscards); 3356 freemsg(first_mp); 3357 return; 3358 } 3359 3360 switch (ch->sch_id) { 3361 case CHUNK_INIT: 3362 /* no listener; send abort */ 3363 if (mctl_present && sctp_check_in_policy(mp, first_mp) == NULL) 3364 return; 3365 sctp_send_abort(sctps->sctps_gsctp, sctp_init2vtag(ch), 0, 3366 NULL, 0, mp, 0, B_TRUE); 3367 break; 3368 case CHUNK_INIT_ACK: 3369 /* check for changed src addr */ 3370 sctp = sctp_addrlist2sctp(mp, sctph, ch, zoneid, sctps); 3371 if (sctp != NULL) { 3372 /* success; proceed to normal path */ 3373 mutex_enter(&sctp->sctp_lock); 3374 if (sctp->sctp_running) { 3375 if (!sctp_add_recvq(sctp, mp, B_FALSE)) { 3376 BUMP_MIB(recv_ill->ill_ip_mib, 3377 ipIfStatsInDiscards); 3378 freemsg(mp); 3379 } 3380 mutex_exit(&sctp->sctp_lock); 3381 } else { 3382 /* 3383 * If the source address is changed, we 3384 * don't need to worry too much about 3385 * out of order processing. So we don't 3386 * check if the recvq is empty or not here. 3387 */ 3388 sctp->sctp_running = B_TRUE; 3389 mutex_exit(&sctp->sctp_lock); 3390 sctp_input_data(sctp, mp, NULL); 3391 WAKE_SCTP(sctp); 3392 sctp_process_sendq(sctp); 3393 } 3394 SCTP_REFRELE(sctp); 3395 return; 3396 } 3397 if (mctl_present) 3398 freeb(first_mp); 3399 /* else bogus init ack; drop it */ 3400 break; 3401 case CHUNK_SHUTDOWN_ACK: 3402 if (mctl_present && sctp_check_in_policy(mp, first_mp) == NULL) 3403 return; 3404 sctp_ootb_shutdown_ack(sctps->sctps_gsctp, mp, ip_hdr_len); 3405 sctp_process_sendq(sctps->sctps_gsctp); 3406 return; 3407 case CHUNK_ERROR: 3408 case CHUNK_ABORT: 3409 case CHUNK_COOKIE_ACK: 3410 case CHUNK_SHUTDOWN_COMPLETE: 3411 if (mctl_present) 3412 freeb(first_mp); 3413 break; 3414 default: 3415 if (mctl_present && sctp_check_in_policy(mp, first_mp) == NULL) 3416 return; 3417 sctp_send_abort(sctps->sctps_gsctp, sctph->sh_verf, 0, 3418 NULL, 0, mp, 0, B_TRUE); 3419 break; 3420 } 3421 sctp_process_sendq(sctps->sctps_gsctp); 3422 freemsg(mp); 3423 } 3424 3425 void 3426 sctp_input(conn_t *connp, ipha_t *ipha, mblk_t *mp, mblk_t *first_mp, 3427 ill_t *recv_ill, boolean_t isv4, boolean_t mctl_present) 3428 { 3429 sctp_t *sctp = CONN2SCTP(connp); 3430 ip_stack_t *ipst = recv_ill->ill_ipst; 3431 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec; 3432 3433 /* 3434 * We check some fields in conn_t without holding a lock. 3435 * This should be fine. 3436 */ 3437 if (CONN_INBOUND_POLICY_PRESENT(connp, ipss) || mctl_present) { 3438 first_mp = ipsec_check_inbound_policy(first_mp, connp, 3439 ipha, NULL, mctl_present); 3440 if (first_mp == NULL) { 3441 BUMP_MIB(recv_ill->ill_ip_mib, ipIfStatsInDiscards); 3442 SCTP_REFRELE(sctp); 3443 return; 3444 } 3445 } 3446 3447 /* Initiate IPPF processing for fastpath */ 3448 if (IPP_ENABLED(IPP_LOCAL_IN, ipst)) { 3449 ip_process(IPP_LOCAL_IN, &mp, 3450 recv_ill->ill_phyint->phyint_ifindex); 3451 if (mp == NULL) { 3452 SCTP_REFRELE(sctp); 3453 if (mctl_present) 3454 freeb(first_mp); 3455 return; 3456 } else if (mctl_present) { 3457 /* 3458 * ip_process might return a new mp. 3459 */ 3460 ASSERT(first_mp != mp); 3461 first_mp->b_cont = mp; 3462 } else { 3463 first_mp = mp; 3464 } 3465 } 3466 3467 if (connp->conn_recvif || connp->conn_recvslla || 3468 connp->conn_ip_recvpktinfo) { 3469 int in_flags = 0; 3470 3471 if (connp->conn_recvif || connp->conn_ip_recvpktinfo) { 3472 in_flags = IPF_RECVIF; 3473 } 3474 if (connp->conn_recvslla) { 3475 in_flags |= IPF_RECVSLLA; 3476 } 3477 if (isv4) { 3478 mp = ip_add_info(mp, recv_ill, in_flags, 3479 IPCL_ZONEID(connp), ipst); 3480 } else { 3481 mp = ip_add_info_v6(mp, recv_ill, 3482 &(((ip6_t *)ipha)->ip6_dst)); 3483 } 3484 if (mp == NULL) { 3485 BUMP_MIB(recv_ill->ill_ip_mib, ipIfStatsInDiscards); 3486 SCTP_REFRELE(sctp); 3487 if (mctl_present) 3488 freeb(first_mp); 3489 return; 3490 } else if (mctl_present) { 3491 /* 3492 * ip_add_info might return a new mp. 3493 */ 3494 ASSERT(first_mp != mp); 3495 first_mp->b_cont = mp; 3496 } else { 3497 first_mp = mp; 3498 } 3499 } 3500 3501 mutex_enter(&sctp->sctp_lock); 3502 if (sctp->sctp_running) { 3503 if (mctl_present) 3504 mp->b_prev = first_mp; 3505 if (!sctp_add_recvq(sctp, mp, B_FALSE)) { 3506 BUMP_MIB(recv_ill->ill_ip_mib, ipIfStatsInDiscards); 3507 freemsg(first_mp); 3508 } 3509 mutex_exit(&sctp->sctp_lock); 3510 SCTP_REFRELE(sctp); 3511 return; 3512 } else { 3513 sctp->sctp_running = B_TRUE; 3514 mutex_exit(&sctp->sctp_lock); 3515 3516 mutex_enter(&sctp->sctp_recvq_lock); 3517 if (sctp->sctp_recvq != NULL) { 3518 if (mctl_present) 3519 mp->b_prev = first_mp; 3520 if (!sctp_add_recvq(sctp, mp, B_TRUE)) { 3521 BUMP_MIB(recv_ill->ill_ip_mib, 3522 ipIfStatsInDiscards); 3523 freemsg(first_mp); 3524 } 3525 mutex_exit(&sctp->sctp_recvq_lock); 3526 WAKE_SCTP(sctp); 3527 SCTP_REFRELE(sctp); 3528 return; 3529 } 3530 } 3531 mutex_exit(&sctp->sctp_recvq_lock); 3532 sctp_input_data(sctp, mp, (mctl_present ? first_mp : NULL)); 3533 WAKE_SCTP(sctp); 3534 sctp_process_sendq(sctp); 3535 SCTP_REFRELE(sctp); 3536 } 3537 3538 static void 3539 sctp_process_abort(sctp_t *sctp, sctp_chunk_hdr_t *ch, int err) 3540 { 3541 sctp_stack_t *sctps = sctp->sctp_sctps; 3542 3543 BUMP_MIB(&sctps->sctps_mib, sctpAborted); 3544 BUMP_LOCAL(sctp->sctp_ibchunks); 3545 3546 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3547 ntohs(((sctp_parm_hdr_t *)(ch + 1))->sph_type), ch); 3548 sctp_clean_death(sctp, err); 3549 } 3550 3551 void 3552 sctp_input_data(sctp_t *sctp, mblk_t *mp, mblk_t *ipsec_mp) 3553 { 3554 sctp_chunk_hdr_t *ch; 3555 ssize_t mlen; 3556 int gotdata; 3557 int trysend; 3558 sctp_faddr_t *fp; 3559 sctp_init_chunk_t *iack; 3560 uint32_t tsn; 3561 sctp_data_hdr_t *sdc; 3562 ip6_pkt_t ipp; 3563 in6_addr_t src; 3564 in6_addr_t dst; 3565 uint_t ifindex; 3566 sctp_hdr_t *sctph; 3567 uint_t ip_hdr_len; 3568 mblk_t *dups = NULL; 3569 int recv_adaptation; 3570 boolean_t wake_eager = B_FALSE; 3571 mblk_t *pinfo_mp; 3572 ip_pktinfo_t *pinfo = NULL; 3573 in6_addr_t peer_src; 3574 int64_t now; 3575 sctp_stack_t *sctps = sctp->sctp_sctps; 3576 ip_stack_t *ipst = sctps->sctps_netstack->netstack_ip; 3577 boolean_t hb_already = B_FALSE; 3578 cred_t *cr; 3579 pid_t cpid; 3580 3581 if (DB_TYPE(mp) != M_DATA) { 3582 ASSERT(DB_TYPE(mp) == M_CTL); 3583 if (MBLKL(mp) == sizeof (ip_pktinfo_t) && 3584 ((ip_pktinfo_t *)mp->b_rptr)->ip_pkt_ulp_type == 3585 IN_PKTINFO) { 3586 pinfo = (ip_pktinfo_t *)mp->b_rptr; 3587 pinfo_mp = mp; 3588 mp = mp->b_cont; 3589 } else { 3590 if (ipsec_mp != NULL) 3591 freeb(ipsec_mp); 3592 sctp_icmp_error(sctp, mp); 3593 return; 3594 } 3595 } 3596 ASSERT(DB_TYPE(mp) == M_DATA); 3597 3598 if (mp->b_cont != NULL) { 3599 /* 3600 * All subsequent code is vastly simplified if it can 3601 * assume a single contiguous chunk of data. 3602 */ 3603 if (pullupmsg(mp, -1) == 0) { 3604 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards); 3605 if (ipsec_mp != NULL) 3606 freeb(ipsec_mp); 3607 if (pinfo != NULL) 3608 freeb(pinfo_mp); 3609 freemsg(mp); 3610 return; 3611 } 3612 } 3613 3614 BUMP_LOCAL(sctp->sctp_ipkts); 3615 sctph = find_sctp_hdrs(mp, &src, &dst, &ifindex, &ip_hdr_len, 3616 &ipp, pinfo); 3617 if (pinfo != NULL) 3618 freeb(pinfo_mp); 3619 mlen = mp->b_wptr - (uchar_t *)(sctph + 1); 3620 ch = sctp_first_chunk((uchar_t *)(sctph + 1), mlen); 3621 if (ch == NULL) { 3622 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards); 3623 if (ipsec_mp != NULL) 3624 freeb(ipsec_mp); 3625 freemsg(mp); 3626 return; 3627 } 3628 3629 if (!sctp_check_input(sctp, ch, mlen, 1)) { 3630 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards); 3631 goto done; 3632 } 3633 /* 3634 * Check verfication tag (special handling for INIT, 3635 * COOKIE, SHUTDOWN_COMPLETE and SHUTDOWN_ACK chunks). 3636 * ABORTs are handled in the chunk processing loop, since 3637 * may not appear first. All other checked chunks must 3638 * appear first, or will have been dropped by check_input(). 3639 */ 3640 switch (ch->sch_id) { 3641 case CHUNK_INIT: 3642 if (sctph->sh_verf != 0) { 3643 /* drop it */ 3644 goto done; 3645 } 3646 break; 3647 case CHUNK_SHUTDOWN_COMPLETE: 3648 if (sctph->sh_verf == sctp->sctp_lvtag) 3649 break; 3650 if (sctph->sh_verf == sctp->sctp_fvtag && 3651 SCTP_GET_TBIT(ch)) { 3652 break; 3653 } 3654 /* else drop it */ 3655 goto done; 3656 case CHUNK_ABORT: 3657 case CHUNK_COOKIE: 3658 /* handled below */ 3659 break; 3660 case CHUNK_SHUTDOWN_ACK: 3661 if (sctp->sctp_state > SCTPS_BOUND && 3662 sctp->sctp_state < SCTPS_ESTABLISHED) { 3663 /* treat as OOTB */ 3664 sctp_ootb_shutdown_ack(sctp, mp, ip_hdr_len); 3665 if (ipsec_mp != NULL) 3666 freeb(ipsec_mp); 3667 return; 3668 } 3669 /* else fallthru */ 3670 default: 3671 /* 3672 * All other packets must have a valid 3673 * verification tag, however if this is a 3674 * listener, we use a refined version of 3675 * out-of-the-blue logic. 3676 */ 3677 if (sctph->sh_verf != sctp->sctp_lvtag && 3678 sctp->sctp_state != SCTPS_LISTEN) { 3679 /* drop it */ 3680 goto done; 3681 } 3682 break; 3683 } 3684 3685 /* Have a valid sctp for this packet */ 3686 fp = sctp_lookup_faddr(sctp, &src); 3687 dprint(2, ("sctp_dispatch_rput: mp=%p fp=%p sctp=%p\n", (void *)mp, 3688 (void *)fp, (void *)sctp)); 3689 3690 gotdata = 0; 3691 trysend = 0; 3692 3693 now = lbolt64; 3694 /* Process the chunks */ 3695 do { 3696 dprint(3, ("sctp_dispatch_rput: state=%d, chunk id=%d\n", 3697 sctp->sctp_state, (int)(ch->sch_id))); 3698 3699 if (ch->sch_id == CHUNK_ABORT) { 3700 if (sctph->sh_verf != sctp->sctp_lvtag && 3701 sctph->sh_verf != sctp->sctp_fvtag) { 3702 /* drop it */ 3703 goto done; 3704 } 3705 } 3706 3707 switch (sctp->sctp_state) { 3708 3709 case SCTPS_ESTABLISHED: 3710 case SCTPS_SHUTDOWN_PENDING: 3711 case SCTPS_SHUTDOWN_SENT: 3712 switch (ch->sch_id) { 3713 case CHUNK_DATA: 3714 /* 0-length data chunks are not allowed */ 3715 if (ntohs(ch->sch_len) == sizeof (*sdc)) { 3716 sdc = (sctp_data_hdr_t *)ch; 3717 tsn = sdc->sdh_tsn; 3718 sctp_send_abort(sctp, sctp->sctp_fvtag, 3719 SCTP_ERR_NO_USR_DATA, (char *)&tsn, 3720 sizeof (tsn), mp, 0, B_FALSE); 3721 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3722 0, NULL); 3723 sctp_clean_death(sctp, ECONNABORTED); 3724 goto done; 3725 } 3726 3727 ASSERT(fp != NULL); 3728 sctp->sctp_lastdata = fp; 3729 sctp_data_chunk(sctp, ch, mp, &dups, fp, &ipp); 3730 gotdata = 1; 3731 /* Restart shutdown timer if shutting down */ 3732 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 3733 /* 3734 * If we have exceeded our max 3735 * wait bound for waiting for a 3736 * shutdown ack from the peer, 3737 * abort the association. 3738 */ 3739 if (sctps->sctps_shutack_wait_bound != 3740 0 && 3741 TICK_TO_MSEC(now - 3742 sctp->sctp_out_time) > 3743 sctps->sctps_shutack_wait_bound) { 3744 sctp_send_abort(sctp, 3745 sctp->sctp_fvtag, 0, NULL, 3746 0, mp, 0, B_FALSE); 3747 sctp_assoc_event(sctp, 3748 SCTP_COMM_LOST, 0, NULL); 3749 sctp_clean_death(sctp, 3750 ECONNABORTED); 3751 goto done; 3752 } 3753 SCTP_FADDR_TIMER_RESTART(sctp, fp, 3754 fp->rto); 3755 } 3756 break; 3757 case CHUNK_SACK: 3758 ASSERT(fp != NULL); 3759 /* 3760 * Peer is real and alive if it can ack our 3761 * data. 3762 */ 3763 sctp_faddr_alive(sctp, fp); 3764 trysend = sctp_got_sack(sctp, ch); 3765 if (trysend < 0) { 3766 sctp_send_abort(sctp, sctph->sh_verf, 3767 0, NULL, 0, mp, 0, B_FALSE); 3768 sctp_assoc_event(sctp, 3769 SCTP_COMM_LOST, 0, NULL); 3770 sctp_clean_death(sctp, 3771 ECONNABORTED); 3772 goto done; 3773 } 3774 break; 3775 case CHUNK_HEARTBEAT: 3776 if (!hb_already) { 3777 /* 3778 * In any one packet, there should 3779 * only be one heartbeat chunk. So 3780 * we should not process more than 3781 * once. 3782 */ 3783 sctp_return_heartbeat(sctp, ch, mp); 3784 hb_already = B_TRUE; 3785 } 3786 break; 3787 case CHUNK_HEARTBEAT_ACK: 3788 sctp_process_heartbeat(sctp, ch); 3789 break; 3790 case CHUNK_SHUTDOWN: 3791 sctp_shutdown_event(sctp); 3792 trysend = sctp_shutdown_received(sctp, ch, 3793 B_FALSE, B_FALSE, fp); 3794 BUMP_LOCAL(sctp->sctp_ibchunks); 3795 break; 3796 case CHUNK_SHUTDOWN_ACK: 3797 BUMP_LOCAL(sctp->sctp_ibchunks); 3798 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 3799 sctp_shutdown_complete(sctp); 3800 BUMP_MIB(&sctps->sctps_mib, 3801 sctpShutdowns); 3802 sctp_assoc_event(sctp, 3803 SCTP_SHUTDOWN_COMP, 0, NULL); 3804 sctp_clean_death(sctp, 0); 3805 goto done; 3806 } 3807 break; 3808 case CHUNK_ABORT: { 3809 sctp_saddr_ipif_t *sp; 3810 3811 /* Ignore if delete pending */ 3812 sp = sctp_saddr_lookup(sctp, &dst, 0); 3813 ASSERT(sp != NULL); 3814 if (sp->saddr_ipif_delete_pending) { 3815 BUMP_LOCAL(sctp->sctp_ibchunks); 3816 break; 3817 } 3818 3819 sctp_process_abort(sctp, ch, ECONNRESET); 3820 goto done; 3821 } 3822 case CHUNK_INIT: 3823 sctp_send_initack(sctp, sctph, ch, mp); 3824 break; 3825 case CHUNK_COOKIE: 3826 if (sctp_process_cookie(sctp, ch, mp, &iack, 3827 sctph, &recv_adaptation, NULL) != -1) { 3828 sctp_send_cookie_ack(sctp); 3829 sctp_assoc_event(sctp, SCTP_RESTART, 3830 0, NULL); 3831 if (recv_adaptation) { 3832 sctp->sctp_recv_adaptation = 1; 3833 sctp_adaptation_event(sctp); 3834 } 3835 } else { 3836 BUMP_MIB(&sctps->sctps_mib, 3837 sctpInInvalidCookie); 3838 } 3839 break; 3840 case CHUNK_ERROR: { 3841 int error; 3842 3843 BUMP_LOCAL(sctp->sctp_ibchunks); 3844 error = sctp_handle_error(sctp, sctph, ch, mp); 3845 if (error != 0) { 3846 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3847 0, NULL); 3848 sctp_clean_death(sctp, error); 3849 goto done; 3850 } 3851 break; 3852 } 3853 case CHUNK_ASCONF: 3854 ASSERT(fp != NULL); 3855 sctp_input_asconf(sctp, ch, fp); 3856 BUMP_LOCAL(sctp->sctp_ibchunks); 3857 break; 3858 case CHUNK_ASCONF_ACK: 3859 ASSERT(fp != NULL); 3860 sctp_faddr_alive(sctp, fp); 3861 sctp_input_asconf_ack(sctp, ch, fp); 3862 BUMP_LOCAL(sctp->sctp_ibchunks); 3863 break; 3864 case CHUNK_FORWARD_TSN: 3865 ASSERT(fp != NULL); 3866 sctp->sctp_lastdata = fp; 3867 sctp_process_forward_tsn(sctp, ch, fp, &ipp); 3868 gotdata = 1; 3869 BUMP_LOCAL(sctp->sctp_ibchunks); 3870 break; 3871 default: 3872 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 3873 goto nomorechunks; 3874 } /* else skip and continue processing */ 3875 break; 3876 } 3877 break; 3878 3879 case SCTPS_LISTEN: 3880 switch (ch->sch_id) { 3881 case CHUNK_INIT: 3882 sctp_send_initack(sctp, sctph, ch, mp); 3883 break; 3884 case CHUNK_COOKIE: { 3885 sctp_t *eager; 3886 3887 if (sctp_process_cookie(sctp, ch, mp, &iack, 3888 sctph, &recv_adaptation, &peer_src) == -1) { 3889 BUMP_MIB(&sctps->sctps_mib, 3890 sctpInInvalidCookie); 3891 goto done; 3892 } 3893 3894 /* 3895 * The cookie is good; ensure that 3896 * the peer used the verification 3897 * tag from the init ack in the header. 3898 */ 3899 if (iack->sic_inittag != sctph->sh_verf) 3900 goto done; 3901 3902 eager = sctp_conn_request(sctp, mp, ifindex, 3903 ip_hdr_len, iack, ipsec_mp); 3904 if (eager == NULL) { 3905 sctp_send_abort(sctp, sctph->sh_verf, 3906 SCTP_ERR_NO_RESOURCES, NULL, 0, mp, 3907 0, B_FALSE); 3908 goto done; 3909 } 3910 3911 /* 3912 * If there were extra chunks 3913 * bundled with the cookie, 3914 * they must be processed 3915 * on the eager's queue. We 3916 * accomplish this by refeeding 3917 * the whole packet into the 3918 * state machine on the right 3919 * q. The packet (mp) gets 3920 * there via the eager's 3921 * cookie_mp field (overloaded 3922 * with the active open role). 3923 * This is picked up when 3924 * processing the null bind 3925 * request put on the eager's 3926 * q by sctp_accept(). We must 3927 * first revert the cookie 3928 * chunk's length field to network 3929 * byteorder so it can be 3930 * properly reprocessed on the 3931 * eager's queue. 3932 */ 3933 BUMP_MIB(&sctps->sctps_mib, sctpPassiveEstab); 3934 if (mlen > ntohs(ch->sch_len)) { 3935 eager->sctp_cookie_mp = dupb(mp); 3936 mblk_setcred(eager->sctp_cookie_mp, 3937 CONN_CRED(eager->sctp_connp), 3938 eager->sctp_cpid); 3939 /* 3940 * If no mem, just let 3941 * the peer retransmit. 3942 */ 3943 } 3944 sctp_assoc_event(eager, SCTP_COMM_UP, 0, NULL); 3945 if (recv_adaptation) { 3946 eager->sctp_recv_adaptation = 1; 3947 eager->sctp_rx_adaptation_code = 3948 sctp->sctp_rx_adaptation_code; 3949 sctp_adaptation_event(eager); 3950 } 3951 3952 eager->sctp_active = now; 3953 sctp_send_cookie_ack(eager); 3954 3955 wake_eager = B_TRUE; 3956 3957 /* 3958 * Process rest of the chunks with eager. 3959 */ 3960 sctp = eager; 3961 fp = sctp_lookup_faddr(sctp, &peer_src); 3962 /* 3963 * Confirm peer's original source. fp can 3964 * only be NULL if peer does not use the 3965 * original source as one of its addresses... 3966 */ 3967 if (fp == NULL) 3968 fp = sctp_lookup_faddr(sctp, &src); 3969 else 3970 sctp_faddr_alive(sctp, fp); 3971 3972 /* 3973 * Validate the peer addresses. It also starts 3974 * the heartbeat timer. 3975 */ 3976 sctp_validate_peer(sctp); 3977 break; 3978 } 3979 /* Anything else is considered out-of-the-blue */ 3980 case CHUNK_ERROR: 3981 case CHUNK_ABORT: 3982 case CHUNK_COOKIE_ACK: 3983 case CHUNK_SHUTDOWN_COMPLETE: 3984 BUMP_LOCAL(sctp->sctp_ibchunks); 3985 goto done; 3986 default: 3987 BUMP_LOCAL(sctp->sctp_ibchunks); 3988 sctp_send_abort(sctp, sctph->sh_verf, 0, NULL, 3989 0, mp, 0, B_TRUE); 3990 goto done; 3991 } 3992 break; 3993 3994 case SCTPS_COOKIE_WAIT: 3995 switch (ch->sch_id) { 3996 case CHUNK_INIT_ACK: 3997 sctp_stop_faddr_timers(sctp); 3998 sctp_faddr_alive(sctp, sctp->sctp_current); 3999 sctp_send_cookie_echo(sctp, ch, mp); 4000 BUMP_LOCAL(sctp->sctp_ibchunks); 4001 break; 4002 case CHUNK_ABORT: 4003 sctp_process_abort(sctp, ch, ECONNREFUSED); 4004 goto done; 4005 case CHUNK_INIT: 4006 sctp_send_initack(sctp, sctph, ch, mp); 4007 break; 4008 case CHUNK_COOKIE: 4009 cr = msg_getcred(mp, &cpid); 4010 4011 if (sctp_process_cookie(sctp, ch, mp, &iack, 4012 sctph, &recv_adaptation, NULL) == -1) { 4013 BUMP_MIB(&sctps->sctps_mib, 4014 sctpInInvalidCookie); 4015 break; 4016 } 4017 sctp_send_cookie_ack(sctp); 4018 sctp_stop_faddr_timers(sctp); 4019 if (!SCTP_IS_DETACHED(sctp)) { 4020 sctp->sctp_ulp_connected( 4021 sctp->sctp_ulpd, 0, cr, cpid); 4022 sctp_set_ulp_prop(sctp); 4023 4024 } 4025 sctp->sctp_state = SCTPS_ESTABLISHED; 4026 sctp->sctp_assoc_start_time = (uint32_t)lbolt; 4027 BUMP_MIB(&sctps->sctps_mib, sctpActiveEstab); 4028 if (sctp->sctp_cookie_mp) { 4029 freemsg(sctp->sctp_cookie_mp); 4030 sctp->sctp_cookie_mp = NULL; 4031 } 4032 4033 /* Validate the peer addresses. */ 4034 sctp->sctp_active = now; 4035 sctp_validate_peer(sctp); 4036 4037 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 4038 if (recv_adaptation) { 4039 sctp->sctp_recv_adaptation = 1; 4040 sctp_adaptation_event(sctp); 4041 } 4042 /* Try sending queued data, or ASCONFs */ 4043 trysend = 1; 4044 break; 4045 default: 4046 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4047 goto nomorechunks; 4048 } /* else skip and continue processing */ 4049 break; 4050 } 4051 break; 4052 4053 case SCTPS_COOKIE_ECHOED: 4054 switch (ch->sch_id) { 4055 case CHUNK_COOKIE_ACK: 4056 cr = msg_getcred(mp, &cpid); 4057 4058 if (!SCTP_IS_DETACHED(sctp)) { 4059 sctp->sctp_ulp_connected( 4060 sctp->sctp_ulpd, 0, cr, cpid); 4061 sctp_set_ulp_prop(sctp); 4062 } 4063 if (sctp->sctp_unacked == 0) 4064 sctp_stop_faddr_timers(sctp); 4065 sctp->sctp_state = SCTPS_ESTABLISHED; 4066 sctp->sctp_assoc_start_time = (uint32_t)lbolt; 4067 BUMP_MIB(&sctps->sctps_mib, sctpActiveEstab); 4068 BUMP_LOCAL(sctp->sctp_ibchunks); 4069 if (sctp->sctp_cookie_mp) { 4070 freemsg(sctp->sctp_cookie_mp); 4071 sctp->sctp_cookie_mp = NULL; 4072 } 4073 sctp_faddr_alive(sctp, fp); 4074 /* Validate the peer addresses. */ 4075 sctp->sctp_active = now; 4076 sctp_validate_peer(sctp); 4077 4078 /* Try sending queued data, or ASCONFs */ 4079 trysend = 1; 4080 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 4081 sctp_adaptation_event(sctp); 4082 break; 4083 case CHUNK_ABORT: 4084 sctp_process_abort(sctp, ch, ECONNREFUSED); 4085 goto done; 4086 case CHUNK_COOKIE: 4087 cr = msg_getcred(mp, &cpid); 4088 4089 if (sctp_process_cookie(sctp, ch, mp, &iack, 4090 sctph, &recv_adaptation, NULL) == -1) { 4091 BUMP_MIB(&sctps->sctps_mib, 4092 sctpInInvalidCookie); 4093 break; 4094 } 4095 sctp_send_cookie_ack(sctp); 4096 4097 if (!SCTP_IS_DETACHED(sctp)) { 4098 sctp->sctp_ulp_connected( 4099 sctp->sctp_ulpd, 0, cr, cpid); 4100 sctp_set_ulp_prop(sctp); 4101 4102 } 4103 if (sctp->sctp_unacked == 0) 4104 sctp_stop_faddr_timers(sctp); 4105 sctp->sctp_state = SCTPS_ESTABLISHED; 4106 sctp->sctp_assoc_start_time = (uint32_t)lbolt; 4107 BUMP_MIB(&sctps->sctps_mib, sctpActiveEstab); 4108 if (sctp->sctp_cookie_mp) { 4109 freemsg(sctp->sctp_cookie_mp); 4110 sctp->sctp_cookie_mp = NULL; 4111 } 4112 /* Validate the peer addresses. */ 4113 sctp->sctp_active = now; 4114 sctp_validate_peer(sctp); 4115 4116 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 4117 if (recv_adaptation) { 4118 sctp->sctp_recv_adaptation = 1; 4119 sctp_adaptation_event(sctp); 4120 } 4121 /* Try sending queued data, or ASCONFs */ 4122 trysend = 1; 4123 break; 4124 case CHUNK_INIT: 4125 sctp_send_initack(sctp, sctph, ch, mp); 4126 break; 4127 case CHUNK_ERROR: { 4128 sctp_parm_hdr_t *p; 4129 4130 BUMP_LOCAL(sctp->sctp_ibchunks); 4131 /* check for a stale cookie */ 4132 if (ntohs(ch->sch_len) >= 4133 (sizeof (*p) + sizeof (*ch)) + 4134 sizeof (uint32_t)) { 4135 4136 p = (sctp_parm_hdr_t *)(ch + 1); 4137 if (p->sph_type == 4138 htons(SCTP_ERR_STALE_COOKIE)) { 4139 BUMP_MIB(&sctps->sctps_mib, 4140 sctpAborted); 4141 sctp_error_event(sctp, ch); 4142 sctp_assoc_event(sctp, 4143 SCTP_COMM_LOST, 0, NULL); 4144 sctp_clean_death(sctp, 4145 ECONNREFUSED); 4146 goto done; 4147 } 4148 } 4149 break; 4150 } 4151 case CHUNK_HEARTBEAT: 4152 if (!hb_already) { 4153 sctp_return_heartbeat(sctp, ch, mp); 4154 hb_already = B_TRUE; 4155 } 4156 break; 4157 default: 4158 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4159 goto nomorechunks; 4160 } /* else skip and continue processing */ 4161 } /* switch (ch->sch_id) */ 4162 break; 4163 4164 case SCTPS_SHUTDOWN_ACK_SENT: 4165 switch (ch->sch_id) { 4166 case CHUNK_ABORT: 4167 /* Pass gathered wisdom to IP for keeping */ 4168 sctp_update_ire(sctp); 4169 sctp_process_abort(sctp, ch, 0); 4170 goto done; 4171 case CHUNK_SHUTDOWN_COMPLETE: 4172 BUMP_LOCAL(sctp->sctp_ibchunks); 4173 BUMP_MIB(&sctps->sctps_mib, sctpShutdowns); 4174 sctp_assoc_event(sctp, SCTP_SHUTDOWN_COMP, 0, 4175 NULL); 4176 4177 /* Pass gathered wisdom to IP for keeping */ 4178 sctp_update_ire(sctp); 4179 sctp_clean_death(sctp, 0); 4180 goto done; 4181 case CHUNK_SHUTDOWN_ACK: 4182 sctp_shutdown_complete(sctp); 4183 BUMP_LOCAL(sctp->sctp_ibchunks); 4184 BUMP_MIB(&sctps->sctps_mib, sctpShutdowns); 4185 sctp_assoc_event(sctp, SCTP_SHUTDOWN_COMP, 0, 4186 NULL); 4187 sctp_clean_death(sctp, 0); 4188 goto done; 4189 case CHUNK_COOKIE: 4190 (void) sctp_shutdown_received(sctp, NULL, 4191 B_TRUE, B_FALSE, fp); 4192 BUMP_LOCAL(sctp->sctp_ibchunks); 4193 break; 4194 case CHUNK_HEARTBEAT: 4195 if (!hb_already) { 4196 sctp_return_heartbeat(sctp, ch, mp); 4197 hb_already = B_TRUE; 4198 } 4199 break; 4200 default: 4201 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4202 goto nomorechunks; 4203 } /* else skip and continue processing */ 4204 break; 4205 } 4206 break; 4207 4208 case SCTPS_SHUTDOWN_RECEIVED: 4209 switch (ch->sch_id) { 4210 case CHUNK_SHUTDOWN: 4211 trysend = sctp_shutdown_received(sctp, ch, 4212 B_FALSE, B_FALSE, fp); 4213 break; 4214 case CHUNK_SACK: 4215 trysend = sctp_got_sack(sctp, ch); 4216 if (trysend < 0) { 4217 sctp_send_abort(sctp, sctph->sh_verf, 4218 0, NULL, 0, mp, 0, B_FALSE); 4219 sctp_assoc_event(sctp, 4220 SCTP_COMM_LOST, 0, NULL); 4221 sctp_clean_death(sctp, 4222 ECONNABORTED); 4223 goto done; 4224 } 4225 break; 4226 case CHUNK_ABORT: 4227 sctp_process_abort(sctp, ch, ECONNRESET); 4228 goto done; 4229 case CHUNK_HEARTBEAT: 4230 if (!hb_already) { 4231 sctp_return_heartbeat(sctp, ch, mp); 4232 hb_already = B_TRUE; 4233 } 4234 break; 4235 default: 4236 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4237 goto nomorechunks; 4238 } /* else skip and continue processing */ 4239 break; 4240 } 4241 break; 4242 4243 default: 4244 /* 4245 * The only remaining states are SCTPS_IDLE and 4246 * SCTPS_BOUND, and we should not be getting here 4247 * for these. 4248 */ 4249 ASSERT(0); 4250 } /* switch (sctp->sctp_state) */ 4251 4252 ch = sctp_next_chunk(ch, &mlen); 4253 if (ch != NULL && !sctp_check_input(sctp, ch, mlen, 0)) 4254 goto done; 4255 } while (ch != NULL); 4256 4257 /* Finished processing all chunks in packet */ 4258 4259 nomorechunks: 4260 /* SACK if necessary */ 4261 if (gotdata) { 4262 boolean_t sack_sent; 4263 4264 (sctp->sctp_sack_toggle)++; 4265 sack_sent = sctp_sack(sctp, dups); 4266 dups = NULL; 4267 4268 /* If a SACK is sent, no need to restart the timer. */ 4269 if (!sack_sent && !sctp->sctp_ack_timer_running) { 4270 sctp->sctp_ack_timer_running = B_TRUE; 4271 sctp_timer(sctp, sctp->sctp_ack_mp, 4272 MSEC_TO_TICK(sctps->sctps_deferred_ack_interval)); 4273 } 4274 } 4275 4276 if (trysend) { 4277 sctp_output(sctp, UINT_MAX); 4278 if (sctp->sctp_cxmit_list != NULL) 4279 sctp_wput_asconf(sctp, NULL); 4280 } 4281 /* If there is unsent data, make sure a timer is running */ 4282 if (sctp->sctp_unsent > 0 && !sctp->sctp_current->timer_running) { 4283 SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current, 4284 sctp->sctp_current->rto); 4285 } 4286 4287 done: 4288 if (dups != NULL) 4289 freeb(dups); 4290 if (ipsec_mp != NULL) 4291 freeb(ipsec_mp); 4292 freemsg(mp); 4293 4294 if (sctp->sctp_err_chunks != NULL) 4295 sctp_process_err(sctp); 4296 4297 if (wake_eager) { 4298 /* 4299 * sctp points to newly created control block, need to 4300 * release it before exiting. Before releasing it and 4301 * processing the sendq, need to grab a hold on it. 4302 * Otherwise, another thread can close it while processing 4303 * the sendq. 4304 */ 4305 SCTP_REFHOLD(sctp); 4306 WAKE_SCTP(sctp); 4307 sctp_process_sendq(sctp); 4308 SCTP_REFRELE(sctp); 4309 } 4310 } 4311 4312 /* 4313 * Some amount of data got removed from rx q. 4314 * Check if we should send a window update. 4315 * 4316 * Due to way sctp_rwnd updates are made, ULP can give reports out-of-order. 4317 * To keep from dropping incoming data due to this, we only update 4318 * sctp_rwnd when if it's larger than what we've reported to peer earlier. 4319 */ 4320 void 4321 sctp_recvd(sctp_t *sctp, int len) 4322 { 4323 int32_t old, new; 4324 sctp_stack_t *sctps = sctp->sctp_sctps; 4325 4326 ASSERT(sctp != NULL); 4327 RUN_SCTP(sctp); 4328 4329 if (len < sctp->sctp_rwnd) { 4330 WAKE_SCTP(sctp); 4331 return; 4332 } 4333 ASSERT(sctp->sctp_rwnd >= sctp->sctp_rxqueued); 4334 old = sctp->sctp_rwnd - sctp->sctp_rxqueued; 4335 new = len - sctp->sctp_rxqueued; 4336 sctp->sctp_rwnd = len; 4337 4338 if (sctp->sctp_state >= SCTPS_ESTABLISHED && 4339 ((old <= new >> 1) || (old < sctp->sctp_mss))) { 4340 sctp->sctp_force_sack = 1; 4341 BUMP_MIB(&sctps->sctps_mib, sctpOutWinUpdate); 4342 (void) sctp_sack(sctp, NULL); 4343 old = 1; 4344 } else { 4345 old = 0; 4346 } 4347 WAKE_SCTP(sctp); 4348 if (old > 0) { 4349 sctp_process_sendq(sctp); 4350 } 4351 } 4352