1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/types.h> 30 #include <sys/systm.h> 31 #include <sys/stream.h> 32 #include <sys/cmn_err.h> 33 #include <sys/kmem.h> 34 #define _SUN_TPI_VERSION 2 35 #include <sys/tihdr.h> 36 #include <sys/socket.h> 37 #include <sys/strsun.h> 38 #include <sys/strsubr.h> 39 40 #include <netinet/in.h> 41 #include <netinet/ip6.h> 42 #include <netinet/tcp_seq.h> 43 #include <netinet/sctp.h> 44 45 #include <inet/common.h> 46 #include <inet/ip.h> 47 #include <inet/ip6.h> 48 #include <inet/mib2.h> 49 #include <inet/ipclassifier.h> 50 #include <inet/ipp_common.h> 51 #include <inet/ipsec_impl.h> 52 #include <inet/sctp_ip.h> 53 54 #include "sctp_impl.h" 55 #include "sctp_asconf.h" 56 #include "sctp_addr.h" 57 58 static struct kmem_cache *sctp_kmem_set_cache; 59 60 /* 61 * PR-SCTP comments. 62 * 63 * When we get a valid Forward TSN chunk, we check the fragment list for this 64 * SSN and preceeding SSNs free all them. Further, if this Forward TSN causes 65 * the next expected SSN to be present in the stream queue, we deliver any 66 * such stranded messages upstream. We also update the SACK info. appropriately. 67 * When checking for advancing the cumulative ack (in sctp_cumack()) we must 68 * check for abandoned chunks and messages. While traversing the tramsmit 69 * list if we come across an abandoned chunk, we can skip the message (i.e. 70 * take it out of the (re)transmit list) since this message, and hence this 71 * chunk, has been marked abandoned by sctp_rexmit(). If we come across an 72 * unsent chunk for a message this now abandoned we need to check if a 73 * Forward TSN needs to be sent, this could be a case where we deferred sending 74 * a Forward TSN in sctp_get_msg_to_send(). Further, after processing a 75 * SACK we check if the Advanced peer ack point can be moved ahead, i.e. 76 * if we can send a Forward TSN via sctp_check_abandoned_data(). 77 */ 78 void 79 sctp_free_set(sctp_set_t *s) 80 { 81 sctp_set_t *p; 82 83 while (s) { 84 p = s->next; 85 kmem_cache_free(sctp_kmem_set_cache, s); 86 s = p; 87 } 88 } 89 90 static void 91 sctp_ack_add(sctp_set_t **head, uint32_t tsn, int *num) 92 { 93 sctp_set_t *p, *t; 94 95 if (head == NULL || num == NULL) 96 return; 97 98 ASSERT(*num >= 0); 99 ASSERT((*num == 0 && *head == NULL) || (*num > 0 && *head != NULL)); 100 101 if (*head == NULL) { 102 *head = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 103 if (*head == NULL) 104 return; 105 (*head)->prev = (*head)->next = NULL; 106 (*head)->begin = tsn; 107 (*head)->end = tsn; 108 *num = 1; 109 return; 110 } 111 112 ASSERT((*head)->prev == NULL); 113 114 /* 115 * Handle this special case here so we don't have to check 116 * for it each time in the loop. 117 */ 118 if (SEQ_LT(tsn + 1, (*head)->begin)) { 119 /* add a new set, and move the head pointer */ 120 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 121 if (t == NULL) 122 return; 123 t->next = *head; 124 t->prev = NULL; 125 (*head)->prev = t; 126 t->begin = tsn; 127 t->end = tsn; 128 (*num)++; 129 *head = t; 130 return; 131 } 132 133 /* 134 * We need to handle the following cases, where p points to 135 * the current set (as we walk through the loop): 136 * 137 * 1. tsn is entirely less than p; create a new set before p. 138 * 2. tsn borders p from less; coalesce p with tsn. 139 * 3. tsn is withing p; do nothing. 140 * 4. tsn borders p from greater; coalesce p with tsn. 141 * 4a. p may now border p->next from less; if so, coalesce those 142 * two sets. 143 * 5. tsn is entirely greater then all sets; add a new set at 144 * the end. 145 */ 146 for (p = *head; ; p = p->next) { 147 if (SEQ_LT(tsn + 1, p->begin)) { 148 /* 1: add a new set before p. */ 149 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 150 if (t == NULL) 151 return; 152 t->next = p; 153 t->prev = NULL; 154 t->begin = tsn; 155 t->end = tsn; 156 if (p->prev) { 157 t->prev = p->prev; 158 p->prev->next = t; 159 } 160 p->prev = t; 161 (*num)++; 162 return; 163 } 164 165 if ((tsn + 1) == p->begin) { 166 /* 2: adjust p->begin */ 167 p->begin = tsn; 168 return; 169 } 170 171 if (SEQ_GEQ(tsn, p->begin) && SEQ_LEQ(tsn, p->end)) { 172 /* 3; do nothing */ 173 return; 174 } 175 176 if ((p->end + 1) == tsn) { 177 /* 4; adjust p->end */ 178 p->end = tsn; 179 180 if (p->next != NULL && (tsn + 1) == p->next->begin) { 181 /* 4a: coalesce p and p->next */ 182 t = p->next; 183 p->end = t->end; 184 p->next = t->next; 185 if (t->next != NULL) 186 t->next->prev = p; 187 kmem_cache_free(sctp_kmem_set_cache, t); 188 (*num)--; 189 } 190 return; 191 } 192 193 if (p->next == NULL) { 194 /* 5: add new set at the end */ 195 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP); 196 if (t == NULL) 197 return; 198 t->next = NULL; 199 t->prev = p; 200 t->begin = tsn; 201 t->end = tsn; 202 p->next = t; 203 (*num)++; 204 return; 205 } 206 207 if (SEQ_GT(tsn, p->end + 1)) 208 continue; 209 } 210 } 211 212 static void 213 sctp_ack_rem(sctp_set_t **head, uint32_t end, int *num) 214 { 215 sctp_set_t *p, *t; 216 217 if (head == NULL || *head == NULL || num == NULL) 218 return; 219 220 /* Nothing to remove */ 221 if (SEQ_LT(end, (*head)->begin)) 222 return; 223 224 /* Find out where to start removing sets */ 225 for (p = *head; p->next; p = p->next) { 226 if (SEQ_LEQ(end, p->end)) 227 break; 228 } 229 230 if (SEQ_LT(end, p->end) && SEQ_GEQ(end, p->begin)) { 231 /* adjust p */ 232 p->begin = end + 1; 233 /* all done */ 234 if (p == *head) 235 return; 236 } else if (SEQ_GEQ(end, p->end)) { 237 /* remove this set too */ 238 p = p->next; 239 } 240 241 /* unlink everything before this set */ 242 t = *head; 243 *head = p; 244 if (p != NULL && p->prev != NULL) { 245 p->prev->next = NULL; 246 p->prev = NULL; 247 } 248 249 sctp_free_set(t); 250 251 /* recount the number of sets */ 252 *num = 0; 253 254 for (p = *head; p != NULL; p = p->next) 255 (*num)++; 256 } 257 258 void 259 sctp_sets_init() 260 { 261 sctp_kmem_set_cache = kmem_cache_create("sctp_set_cache", 262 sizeof (sctp_set_t), 0, NULL, NULL, NULL, NULL, 263 NULL, 0); 264 } 265 266 void 267 sctp_sets_fini() 268 { 269 kmem_cache_destroy(sctp_kmem_set_cache); 270 } 271 272 sctp_chunk_hdr_t * 273 sctp_first_chunk(uchar_t *rptr, ssize_t remaining) 274 { 275 sctp_chunk_hdr_t *ch; 276 uint16_t ch_len; 277 278 if (remaining < sizeof (*ch)) { 279 return (NULL); 280 } 281 282 ch = (sctp_chunk_hdr_t *)rptr; 283 ch_len = ntohs(ch->sch_len); 284 285 if (ch_len < sizeof (*ch) || remaining < ch_len) { 286 return (NULL); 287 } 288 289 return (ch); 290 } 291 292 sctp_chunk_hdr_t * 293 sctp_next_chunk(sctp_chunk_hdr_t *ch, ssize_t *remaining) 294 { 295 int pad; 296 uint16_t ch_len; 297 298 if (!ch) { 299 return (NULL); 300 } 301 302 ch_len = ntohs(ch->sch_len); 303 304 if ((pad = ch_len & (SCTP_ALIGN - 1)) != 0) { 305 pad = SCTP_ALIGN - pad; 306 } 307 308 *remaining -= (ch_len + pad); 309 ch = (sctp_chunk_hdr_t *)((char *)ch + ch_len + pad); 310 311 return (sctp_first_chunk((uchar_t *)ch, *remaining)); 312 } 313 314 /* 315 * Attach ancillary data to a received SCTP segments. 316 * If the source address (fp) is not the primary, send up a 317 * unitdata_ind so recvfrom() can populate the msg_name field. 318 * If ancillary data is also requested, we append it to the 319 * unitdata_req. Otherwise, we just send up an optdata_ind. 320 */ 321 static int 322 sctp_input_add_ancillary(sctp_t *sctp, mblk_t **mp, sctp_data_hdr_t *dcp, 323 sctp_faddr_t *fp, ip6_pkt_t *ipp) 324 { 325 struct T_unitdata_ind *tudi; 326 int optlen; 327 int hdrlen; 328 uchar_t *optptr; 329 struct cmsghdr *cmsg; 330 mblk_t *mp1; 331 struct sockaddr_in6 sin_buf[1]; 332 struct sockaddr_in6 *sin6; 333 struct sockaddr_in *sin4; 334 uint_t addflag = 0; 335 336 sin4 = NULL; 337 sin6 = NULL; 338 339 optlen = hdrlen = 0; 340 341 /* Figure out address size */ 342 if (sctp->sctp_ipversion == IPV4_VERSION) { 343 sin4 = (struct sockaddr_in *)sin_buf; 344 sin4->sin_family = AF_INET; 345 sin4->sin_port = sctp->sctp_fport; 346 IN6_V4MAPPED_TO_IPADDR(&fp->faddr, sin4->sin_addr.s_addr); 347 hdrlen = sizeof (*tudi) + sizeof (*sin4); 348 } else { 349 sin6 = sin_buf; 350 sin6->sin6_family = AF_INET6; 351 sin6->sin6_port = sctp->sctp_fport; 352 sin6->sin6_addr = fp->faddr; 353 hdrlen = sizeof (*tudi) + sizeof (*sin6); 354 } 355 356 /* If app asked to receive send / recv info */ 357 if (sctp->sctp_recvsndrcvinfo) { 358 optlen += sizeof (*cmsg) + sizeof (struct sctp_sndrcvinfo); 359 if (hdrlen == 0) 360 hdrlen = sizeof (struct T_optdata_ind); 361 } 362 363 if (sctp->sctp_ipv6_recvancillary == 0) 364 goto noancillary; 365 366 if ((ipp->ipp_fields & IPPF_IFINDEX) && 367 ipp->ipp_ifindex != sctp->sctp_recvifindex && 368 (sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVPKTINFO)) { 369 optlen += sizeof (*cmsg) + sizeof (struct in6_pktinfo); 370 if (hdrlen == 0) 371 hdrlen = sizeof (struct T_unitdata_ind); 372 addflag |= SCTP_IPV6_RECVPKTINFO; 373 } 374 /* If app asked for hoplimit and it has changed ... */ 375 if ((ipp->ipp_fields & IPPF_HOPLIMIT) && 376 ipp->ipp_hoplimit != sctp->sctp_recvhops && 377 (sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVHOPLIMIT)) { 378 optlen += sizeof (*cmsg) + sizeof (uint_t); 379 if (hdrlen == 0) 380 hdrlen = sizeof (struct T_unitdata_ind); 381 addflag |= SCTP_IPV6_RECVHOPLIMIT; 382 } 383 /* If app asked for hopbyhop headers and it has changed ... */ 384 if ((sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVHOPOPTS) && 385 ip_cmpbuf(sctp->sctp_hopopts, sctp->sctp_hopoptslen, 386 (ipp->ipp_fields & IPPF_HOPOPTS), 387 ipp->ipp_hopopts, ipp->ipp_hopoptslen)) { 388 optlen += sizeof (*cmsg) + ipp->ipp_hopoptslen - 389 sctp->sctp_v6label_len; 390 if (hdrlen == 0) 391 hdrlen = sizeof (struct T_unitdata_ind); 392 addflag |= SCTP_IPV6_RECVHOPOPTS; 393 if (!ip_allocbuf((void **)&sctp->sctp_hopopts, 394 &sctp->sctp_hopoptslen, 395 (ipp->ipp_fields & IPPF_HOPOPTS), 396 ipp->ipp_hopopts, ipp->ipp_hopoptslen)) 397 return (-1); 398 } 399 /* If app asked for dst headers before routing headers ... */ 400 if ((sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVRTDSTOPTS) && 401 ip_cmpbuf(sctp->sctp_rtdstopts, sctp->sctp_rtdstoptslen, 402 (ipp->ipp_fields & IPPF_RTDSTOPTS), 403 ipp->ipp_rtdstopts, ipp->ipp_rtdstoptslen)) { 404 optlen += sizeof (*cmsg) + ipp->ipp_rtdstoptslen; 405 if (hdrlen == 0) 406 hdrlen = sizeof (struct T_unitdata_ind); 407 addflag |= SCTP_IPV6_RECVRTDSTOPTS; 408 if (!ip_allocbuf((void **)&sctp->sctp_rtdstopts, 409 &sctp->sctp_rtdstoptslen, 410 (ipp->ipp_fields & IPPF_RTDSTOPTS), 411 ipp->ipp_rtdstopts, ipp->ipp_rtdstoptslen)) 412 return (-1); 413 } 414 /* If app asked for routing headers and it has changed ... */ 415 if (sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVRTHDR) { 416 if (ip_cmpbuf(sctp->sctp_rthdr, sctp->sctp_rthdrlen, 417 (ipp->ipp_fields & IPPF_RTHDR), 418 ipp->ipp_rthdr, ipp->ipp_rthdrlen)) { 419 optlen += sizeof (*cmsg) + ipp->ipp_rthdrlen; 420 if (hdrlen == 0) 421 hdrlen = sizeof (struct T_unitdata_ind); 422 addflag |= SCTP_IPV6_RECVRTHDR; 423 if (!ip_allocbuf((void **)&sctp->sctp_rthdr, 424 &sctp->sctp_rthdrlen, 425 (ipp->ipp_fields & IPPF_RTHDR), 426 ipp->ipp_rthdr, ipp->ipp_rthdrlen)) 427 return (-1); 428 } 429 } 430 /* If app asked for dest headers and it has changed ... */ 431 if ((sctp->sctp_ipv6_recvancillary & SCTP_IPV6_RECVDSTOPTS) && 432 ip_cmpbuf(sctp->sctp_dstopts, sctp->sctp_dstoptslen, 433 (ipp->ipp_fields & IPPF_DSTOPTS), 434 ipp->ipp_dstopts, ipp->ipp_dstoptslen)) { 435 optlen += sizeof (*cmsg) + ipp->ipp_dstoptslen; 436 if (hdrlen == 0) 437 hdrlen = sizeof (struct T_unitdata_ind); 438 addflag |= SCTP_IPV6_RECVDSTOPTS; 439 if (!ip_allocbuf((void **)&sctp->sctp_dstopts, 440 &sctp->sctp_dstoptslen, 441 (ipp->ipp_fields & IPPF_DSTOPTS), 442 ipp->ipp_dstopts, ipp->ipp_dstoptslen)) 443 return (-1); 444 } 445 noancillary: 446 /* Nothing to add */ 447 if (hdrlen == 0) 448 return (-1); 449 450 mp1 = allocb(hdrlen + optlen + sizeof (void *), BPRI_MED); 451 if (mp1 == NULL) 452 return (-1); 453 mp1->b_cont = *mp; 454 *mp = mp1; 455 mp1->b_rptr += sizeof (void *); /* pointer worth of padding */ 456 mp1->b_wptr = mp1->b_rptr + hdrlen + optlen; 457 DB_TYPE(mp1) = M_PROTO; 458 tudi = (struct T_unitdata_ind *)mp1->b_rptr; 459 tudi->PRIM_type = T_UNITDATA_IND; 460 tudi->SRC_length = sin4 ? sizeof (*sin4) : sizeof (*sin6); 461 tudi->SRC_offset = sizeof (*tudi); 462 tudi->OPT_offset = sizeof (*tudi) + tudi->SRC_length; 463 tudi->OPT_length = optlen; 464 if (sin4) { 465 bcopy(sin4, tudi + 1, sizeof (*sin4)); 466 } else { 467 bcopy(sin6, tudi + 1, sizeof (*sin6)); 468 } 469 optptr = (uchar_t *)tudi + tudi->OPT_offset; 470 471 if (sctp->sctp_recvsndrcvinfo) { 472 /* XXX need backout method if memory allocation fails. */ 473 struct sctp_sndrcvinfo *sri; 474 475 cmsg = (struct cmsghdr *)optptr; 476 cmsg->cmsg_level = IPPROTO_SCTP; 477 cmsg->cmsg_type = SCTP_SNDRCV; 478 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (*sri); 479 optptr += sizeof (*cmsg); 480 481 sri = (struct sctp_sndrcvinfo *)(cmsg + 1); 482 ASSERT(OK_32PTR(sri)); 483 sri->sinfo_stream = ntohs(dcp->sdh_sid); 484 sri->sinfo_ssn = ntohs(dcp->sdh_ssn); 485 if (SCTP_DATA_GET_UBIT(dcp)) { 486 sri->sinfo_flags = MSG_UNORDERED; 487 } else { 488 sri->sinfo_flags = 0; 489 } 490 sri->sinfo_ppid = dcp->sdh_payload_id; 491 sri->sinfo_context = 0; 492 sri->sinfo_timetolive = 0; 493 sri->sinfo_tsn = ntohl(dcp->sdh_tsn); 494 sri->sinfo_cumtsn = sctp->sctp_ftsn; 495 sri->sinfo_assoc_id = 0; 496 497 optptr += sizeof (*sri); 498 } 499 500 /* 501 * If app asked for pktinfo and the index has changed ... 502 * Note that the local address never changes for the connection. 503 */ 504 if (addflag & SCTP_IPV6_RECVPKTINFO) { 505 struct in6_pktinfo *pkti; 506 507 cmsg = (struct cmsghdr *)optptr; 508 cmsg->cmsg_level = IPPROTO_IPV6; 509 cmsg->cmsg_type = IPV6_PKTINFO; 510 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (*pkti); 511 optptr += sizeof (*cmsg); 512 513 pkti = (struct in6_pktinfo *)optptr; 514 if (sctp->sctp_ipversion == IPV6_VERSION) 515 pkti->ipi6_addr = sctp->sctp_ip6h->ip6_src; 516 else 517 IN6_IPADDR_TO_V4MAPPED(sctp->sctp_ipha->ipha_src, 518 &pkti->ipi6_addr); 519 pkti->ipi6_ifindex = ipp->ipp_ifindex; 520 optptr += sizeof (*pkti); 521 ASSERT(OK_32PTR(optptr)); 522 /* Save as "last" value */ 523 sctp->sctp_recvifindex = ipp->ipp_ifindex; 524 } 525 /* If app asked for hoplimit and it has changed ... */ 526 if (addflag & SCTP_IPV6_RECVHOPLIMIT) { 527 cmsg = (struct cmsghdr *)optptr; 528 cmsg->cmsg_level = IPPROTO_IPV6; 529 cmsg->cmsg_type = IPV6_HOPLIMIT; 530 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (uint_t); 531 optptr += sizeof (*cmsg); 532 533 *(uint_t *)optptr = ipp->ipp_hoplimit; 534 optptr += sizeof (uint_t); 535 ASSERT(OK_32PTR(optptr)); 536 /* Save as "last" value */ 537 sctp->sctp_recvhops = ipp->ipp_hoplimit; 538 } 539 if (addflag & SCTP_IPV6_RECVHOPOPTS) { 540 cmsg = (struct cmsghdr *)optptr; 541 cmsg->cmsg_level = IPPROTO_IPV6; 542 cmsg->cmsg_type = IPV6_HOPOPTS; 543 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_hopoptslen; 544 optptr += sizeof (*cmsg); 545 546 bcopy(ipp->ipp_hopopts, optptr, ipp->ipp_hopoptslen); 547 optptr += ipp->ipp_hopoptslen; 548 ASSERT(OK_32PTR(optptr)); 549 /* Save as last value */ 550 ip_savebuf((void **)&sctp->sctp_hopopts, 551 &sctp->sctp_hopoptslen, 552 (ipp->ipp_fields & IPPF_HOPOPTS), 553 ipp->ipp_hopopts, ipp->ipp_hopoptslen); 554 } 555 if (addflag & SCTP_IPV6_RECVRTDSTOPTS) { 556 cmsg = (struct cmsghdr *)optptr; 557 cmsg->cmsg_level = IPPROTO_IPV6; 558 cmsg->cmsg_type = IPV6_RTHDRDSTOPTS; 559 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_rtdstoptslen; 560 optptr += sizeof (*cmsg); 561 562 bcopy(ipp->ipp_rtdstopts, optptr, ipp->ipp_rtdstoptslen); 563 optptr += ipp->ipp_rtdstoptslen; 564 ASSERT(OK_32PTR(optptr)); 565 /* Save as last value */ 566 ip_savebuf((void **)&sctp->sctp_rtdstopts, 567 &sctp->sctp_rtdstoptslen, 568 (ipp->ipp_fields & IPPF_RTDSTOPTS), 569 ipp->ipp_rtdstopts, ipp->ipp_rtdstoptslen); 570 } 571 if (addflag & SCTP_IPV6_RECVRTHDR) { 572 cmsg = (struct cmsghdr *)optptr; 573 cmsg->cmsg_level = IPPROTO_IPV6; 574 cmsg->cmsg_type = IPV6_RTHDR; 575 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_rthdrlen; 576 optptr += sizeof (*cmsg); 577 578 bcopy(ipp->ipp_rthdr, optptr, ipp->ipp_rthdrlen); 579 optptr += ipp->ipp_rthdrlen; 580 ASSERT(OK_32PTR(optptr)); 581 /* Save as last value */ 582 ip_savebuf((void **)&sctp->sctp_rthdr, 583 &sctp->sctp_rthdrlen, 584 (ipp->ipp_fields & IPPF_RTHDR), 585 ipp->ipp_rthdr, ipp->ipp_rthdrlen); 586 } 587 if (addflag & SCTP_IPV6_RECVDSTOPTS) { 588 cmsg = (struct cmsghdr *)optptr; 589 cmsg->cmsg_level = IPPROTO_IPV6; 590 cmsg->cmsg_type = IPV6_DSTOPTS; 591 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_dstoptslen; 592 optptr += sizeof (*cmsg); 593 594 bcopy(ipp->ipp_dstopts, optptr, ipp->ipp_dstoptslen); 595 optptr += ipp->ipp_dstoptslen; 596 ASSERT(OK_32PTR(optptr)); 597 /* Save as last value */ 598 ip_savebuf((void **)&sctp->sctp_dstopts, 599 &sctp->sctp_dstoptslen, 600 (ipp->ipp_fields & IPPF_DSTOPTS), 601 ipp->ipp_dstopts, ipp->ipp_dstoptslen); 602 } 603 604 ASSERT(optptr == mp1->b_wptr); 605 606 return (0); 607 } 608 609 void 610 sctp_free_reass(sctp_instr_t *sip) 611 { 612 mblk_t *mp, *mpnext, *mctl; 613 614 for (mp = sip->istr_reass; mp != NULL; mp = mpnext) { 615 mpnext = mp->b_next; 616 mp->b_next = NULL; 617 mp->b_prev = NULL; 618 if (DB_TYPE(mp) == M_CTL) { 619 mctl = mp; 620 ASSERT(mp->b_cont != NULL); 621 mp = mp->b_cont; 622 mctl->b_cont = NULL; 623 freeb(mctl); 624 } 625 freemsg(mp); 626 } 627 } 628 629 /* 630 * If the series of data fragments of which dmp is a part is successfully 631 * reassembled, the first mblk in the series is returned. dc is adjusted 632 * to point at the data chunk in the lead mblk, and b_rptr also points to 633 * the data chunk; the following mblk's b_rptr's point at the actual payload. 634 * 635 * If the series is not yet reassembled, NULL is returned. dc is not changed. 636 * XXX should probably move this up into the state machine. 637 */ 638 639 /* Fragment list for un-ordered messages. Partial delivery is not supported */ 640 static mblk_t * 641 sctp_uodata_frag(sctp_t *sctp, mblk_t *dmp, sctp_data_hdr_t **dc) 642 { 643 mblk_t *hmp; 644 mblk_t *begin = NULL; 645 mblk_t *end = NULL; 646 sctp_data_hdr_t *qdc; 647 uint32_t ntsn; 648 uint32_t tsn = ntohl((*dc)->sdh_tsn); 649 #ifdef DEBUG 650 mblk_t *mp1; 651 #endif 652 653 /* First frag. */ 654 if (sctp->sctp_uo_frags == NULL) { 655 sctp->sctp_uo_frags = dmp; 656 return (NULL); 657 } 658 hmp = sctp->sctp_uo_frags; 659 /* 660 * Insert the segment according to the TSN, fragmented unordered 661 * chunks are sequenced by TSN. 662 */ 663 while (hmp != NULL) { 664 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 665 ntsn = ntohl(qdc->sdh_tsn); 666 if (SEQ_GT(ntsn, tsn)) { 667 if (hmp->b_prev == NULL) { 668 dmp->b_next = hmp; 669 hmp->b_prev = dmp; 670 sctp->sctp_uo_frags = dmp; 671 } else { 672 dmp->b_next = hmp; 673 dmp->b_prev = hmp->b_prev; 674 hmp->b_prev->b_next = dmp; 675 hmp->b_prev = dmp; 676 } 677 break; 678 } 679 if (hmp->b_next == NULL) { 680 hmp->b_next = dmp; 681 dmp->b_prev = hmp; 682 break; 683 } 684 hmp = hmp->b_next; 685 } 686 /* check if we completed a msg */ 687 if (SCTP_DATA_GET_BBIT(*dc)) { 688 begin = dmp; 689 } else if (SCTP_DATA_GET_EBIT(*dc)) { 690 end = dmp; 691 } 692 /* 693 * We walk consecutive TSNs backwards till we get a seg. with 694 * the B bit 695 */ 696 if (begin == NULL) { 697 for (hmp = dmp->b_prev; hmp != NULL; hmp = hmp->b_prev) { 698 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 699 ntsn = ntohl(qdc->sdh_tsn); 700 if ((int32_t)(tsn - ntsn) > 1) { 701 return (NULL); 702 } 703 if (SCTP_DATA_GET_BBIT(qdc)) { 704 begin = hmp; 705 break; 706 } 707 tsn = ntsn; 708 } 709 } 710 tsn = ntohl((*dc)->sdh_tsn); 711 /* 712 * We walk consecutive TSNs till we get a seg. with the E bit 713 */ 714 if (end == NULL) { 715 for (hmp = dmp->b_next; hmp != NULL; hmp = hmp->b_next) { 716 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 717 ntsn = ntohl(qdc->sdh_tsn); 718 if ((int32_t)(ntsn - tsn) > 1) { 719 return (NULL); 720 } 721 if (SCTP_DATA_GET_EBIT(qdc)) { 722 end = hmp; 723 break; 724 } 725 tsn = ntsn; 726 } 727 } 728 if (begin == NULL || end == NULL) { 729 return (NULL); 730 } 731 /* Got one!, Remove the msg from the list */ 732 if (sctp->sctp_uo_frags == begin) { 733 ASSERT(begin->b_prev == NULL); 734 sctp->sctp_uo_frags = end->b_next; 735 if (end->b_next != NULL) 736 end->b_next->b_prev = NULL; 737 } else { 738 begin->b_prev->b_next = end->b_next; 739 if (end->b_next != NULL) 740 end->b_next->b_prev = begin->b_prev; 741 } 742 begin->b_prev = NULL; 743 end->b_next = NULL; 744 745 /* 746 * Null out b_next and b_prev and chain using b_cont. 747 */ 748 dmp = end = begin; 749 hmp = begin->b_next; 750 *dc = (sctp_data_hdr_t *)begin->b_rptr; 751 begin->b_next = NULL; 752 while (hmp != NULL) { 753 qdc = (sctp_data_hdr_t *)hmp->b_rptr; 754 hmp->b_rptr = (uchar_t *)(qdc + 1); 755 end = hmp->b_next; 756 dmp->b_cont = hmp; 757 dmp = hmp; 758 759 if (end != NULL) 760 hmp->b_next = NULL; 761 hmp->b_prev = NULL; 762 hmp = end; 763 } 764 BUMP_LOCAL(sctp->sctp_reassmsgs); 765 #ifdef DEBUG 766 mp1 = begin; 767 while (mp1 != NULL) { 768 ASSERT(mp1->b_next == NULL); 769 ASSERT(mp1->b_prev == NULL); 770 mp1 = mp1->b_cont; 771 } 772 #endif 773 return (begin); 774 } 775 /* 776 * Fragment list for ordered messages. 777 * If no error occures, error is set to 0. If we run out of memory, error 778 * is set to 1. If the peer commits a fatal error (like using different 779 * sequence numbers for the same data fragment series), the association is 780 * aborted and error is set to 2. 781 */ 782 static mblk_t * 783 sctp_data_frag(sctp_t *sctp, mblk_t *dmp, sctp_data_hdr_t **dc, int *error, 784 sctp_instr_t *sip, int trypartial, int *tpfinished) 785 { 786 mblk_t *hmp; 787 mblk_t *pmp; 788 mblk_t *qmp; 789 mblk_t *mp; 790 mblk_t *prev; 791 mblk_t *prevprev; 792 mblk_t *first_mp; 793 sctp_reass_t *srp; 794 sctp_data_hdr_t *qdc; 795 sctp_data_hdr_t *bdc; 796 sctp_data_hdr_t *edc; 797 uint32_t tsn; 798 799 /* 800 * We can overwrite the Link Layer + IP header here, I suppose. 801 * The M_CTL does not leave this function. We need to check 802 * DB_REF(dmp) before using DB_BASE(dmp), since there could be 803 * two fragments for different ssns in the same mblk. 804 */ 805 #define SCTP_NEW_REASS(nmp, dmp, srp, seterror) \ 806 if ((DB_REF(dmp) == 2) && (MBLKHEAD(dmp) >= \ 807 (sizeof (*(srp)) + sizeof (sctp_hdr_t))) && \ 808 (IS_P2ALIGNED(DB_BASE(dmp), sizeof (uintptr_t)))) { \ 809 (nmp) = (dmp); \ 810 } else { \ 811 (nmp) = allocb(sizeof (*(srp)), BPRI_MED); \ 812 if ((nmp) == NULL) { \ 813 switch (seterror) { \ 814 case B_TRUE: \ 815 *error = 1; \ 816 break; \ 817 } \ 818 return (NULL); \ 819 } \ 820 DB_TYPE(nmp) = M_CTL; \ 821 (nmp)->b_cont = dmp; \ 822 } \ 823 (srp) = (sctp_reass_t *)DB_BASE(nmp); 824 825 *error = 0; 826 827 /* find the reassembly queue for this data chunk */ 828 hmp = qmp = sip->istr_reass; 829 for (; hmp != NULL; hmp = hmp->b_next) { 830 srp = (sctp_reass_t *)DB_BASE(hmp); 831 if (ntohs((*dc)->sdh_ssn) == srp->ssn) 832 goto foundit; 833 else if (SSN_GT(srp->ssn, ntohs((*dc)->sdh_ssn))) 834 break; 835 qmp = hmp; 836 } 837 838 SCTP_NEW_REASS(pmp, dmp, srp, B_TRUE); 839 srp->ssn = ntohs((*dc)->sdh_ssn); 840 srp->needed = 0; 841 srp->got = 1; 842 srp->tail = dmp; 843 srp->partial_delivered = B_FALSE; 844 845 if (hmp != NULL) { 846 if (sip->istr_reass == hmp) { 847 sip->istr_reass = pmp; 848 pmp->b_next = hmp; 849 pmp->b_prev = NULL; 850 hmp->b_prev = pmp; 851 } else { 852 qmp->b_next = pmp; 853 pmp->b_prev = qmp; 854 pmp->b_next = hmp; 855 hmp->b_prev = pmp; 856 } 857 } else { 858 /* make a new reass head and stick it on the end */ 859 if (sip->istr_reass == NULL) { 860 sip->istr_reass = pmp; 861 pmp->b_prev = NULL; 862 } else { 863 qmp->b_next = pmp; 864 pmp->b_prev = qmp; 865 } 866 pmp->b_next = NULL; 867 } 868 return (NULL); 869 foundit: 870 /* 871 * else already have a reassembly queue. Insert the new data chunk 872 * in the reassemble queue. Try the tail first, on the assumption 873 * that the fragments are coming in in order. 874 */ 875 876 qmp = srp->tail; 877 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 878 ASSERT(qmp->b_cont == NULL); 879 880 /* XXXIs it fine to do this just here? */ 881 if ((*dc)->sdh_sid != qdc->sdh_sid) { 882 /* our peer is fatally confused; XXX abort the assc */ 883 *error = 2; 884 return (NULL); 885 } 886 if (SEQ_GT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 887 qmp->b_cont = dmp; 888 srp->tail = dmp; 889 dmp->b_cont = NULL; 890 goto inserted; 891 } 892 893 /* Next check for insertion at the beginning */ 894 qmp = (DB_TYPE(hmp) == M_DATA) ? hmp : hmp->b_cont; 895 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 896 if (SEQ_LT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 897 if (DB_TYPE(hmp) == M_DATA) { 898 sctp_reass_t *srp1 = srp; 899 900 SCTP_NEW_REASS(pmp, dmp, srp, B_TRUE); 901 ASSERT(pmp->b_prev == NULL && pmp->b_next == NULL); 902 if (sip->istr_reass == hmp) { 903 sip->istr_reass = pmp; 904 if (hmp->b_next != NULL) { 905 hmp->b_next->b_prev = pmp; 906 pmp->b_next = hmp->b_next; 907 } 908 } else { 909 hmp->b_prev->b_next = pmp; 910 pmp->b_prev = hmp->b_prev; 911 if (hmp->b_next != NULL) { 912 hmp->b_next->b_prev = pmp; 913 pmp->b_next = hmp->b_next; 914 } 915 } 916 srp->ssn = srp1->ssn; 917 srp->needed = srp1->needed; 918 srp->got = srp1->got; 919 srp->tail = srp1->tail; 920 srp->partial_delivered = srp1->partial_delivered; 921 hmp->b_next = hmp->b_prev = NULL; 922 dmp->b_cont = hmp; 923 hmp = pmp; 924 } else { 925 ASSERT(DB_TYPE(hmp) == M_CTL); 926 dmp->b_cont = qmp; 927 hmp->b_cont = dmp; 928 } 929 goto inserted; 930 } 931 932 /* Insert somewhere in the middle */ 933 for (;;) { 934 /* Tail check above should have caught this */ 935 ASSERT(qmp->b_cont != NULL); 936 937 qdc = (sctp_data_hdr_t *)qmp->b_cont->b_rptr; 938 if (SEQ_LT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) { 939 /* insert here */ 940 dmp->b_cont = qmp->b_cont; 941 qmp->b_cont = dmp; 942 break; 943 } 944 qmp = qmp->b_cont; 945 } 946 947 inserted: 948 (srp->got)++; 949 first_mp = (DB_TYPE(hmp) == M_DATA) ? hmp : hmp->b_cont; 950 if (srp->needed == 0) { 951 /* check if we have the first and last fragments */ 952 bdc = (sctp_data_hdr_t *)first_mp->b_rptr; 953 edc = (sctp_data_hdr_t *)srp->tail->b_rptr; 954 955 /* calculate how many fragments are needed, if possible */ 956 if (SCTP_DATA_GET_BBIT(bdc) && SCTP_DATA_GET_EBIT(edc)) 957 srp->needed = ntohl(edc->sdh_tsn) - 958 ntohl(bdc->sdh_tsn) + 1; 959 } 960 961 if (srp->needed != srp->got) { 962 if (!trypartial) 963 return (NULL); 964 /* 965 * Try partial delivery. We need a consecutive run of 966 * at least two chunks, starting from the first chunk 967 * (which may have been the last + 1 chunk from a 968 * previous partial delivery). 969 */ 970 dprint(4, ("trypartial: got=%d, needed=%d\n", 971 (int)(srp->got), (int)(srp->needed))); 972 mp = first_mp; 973 if (mp->b_cont == NULL) { 974 /* need at least two chunks */ 975 dprint(4, ("trypartial: only 1 chunk\n")); 976 return (NULL); 977 } 978 979 qdc = (sctp_data_hdr_t *)mp->b_rptr; 980 if (!SCTP_DATA_GET_BBIT(qdc)) { 981 /* don't have first chunk; can't do it. */ 982 dprint(4, ("trypartial: no beginning\n")); 983 return (NULL); 984 } 985 986 tsn = ntohl(qdc->sdh_tsn) + 1; 987 988 /* 989 * This loop has two exit conditions: the 990 * end of received chunks has been reached, or 991 * there is a break in the sequence. We want 992 * to chop the reassembly list as follows (the 993 * numbers are TSNs): 994 * 10 -> 11 -> | 12 (end of chunks) 995 * 10 -> 11 -> | 12 -> 14 (break in sequence) 996 */ 997 prevprev = prev = mp; 998 mp = mp->b_cont; 999 while (mp != NULL) { 1000 qdc = (sctp_data_hdr_t *)mp->b_rptr; 1001 if (ntohl(qdc->sdh_tsn) != tsn) { 1002 /* 1003 * break in sequence. 1004 * 1st and 2nd chunks are not sequntial. 1005 */ 1006 if (mp == first_mp->b_cont) 1007 return (NULL); 1008 /* Back up mp and prev */ 1009 mp = prev; 1010 prev = prevprev; 1011 break; 1012 } 1013 1014 /* end of sequence */ 1015 if (mp->b_cont == NULL) 1016 break; 1017 1018 prevprev = prev; 1019 prev = mp; 1020 mp = mp->b_cont; 1021 tsn++; 1022 } 1023 if (DB_TYPE(hmp) == M_DATA) { 1024 sctp_reass_t *srp1 = srp; 1025 1026 SCTP_NEW_REASS(pmp, mp, srp, B_FALSE); 1027 ASSERT(pmp->b_prev == NULL && pmp->b_next == NULL); 1028 if (sip->istr_reass == hmp) { 1029 sip->istr_reass = pmp; 1030 if (hmp->b_next != NULL) { 1031 hmp->b_next->b_prev = pmp; 1032 pmp->b_next = hmp->b_next; 1033 } 1034 } else { 1035 hmp->b_prev->b_next = pmp; 1036 pmp->b_prev = hmp->b_prev; 1037 if (hmp->b_next != NULL) { 1038 hmp->b_next->b_prev = pmp; 1039 pmp->b_next = hmp->b_next; 1040 } 1041 } 1042 srp->ssn = srp1->ssn; 1043 srp->needed = srp1->needed; 1044 srp->got = srp1->got; 1045 srp->tail = srp1->tail; 1046 hmp->b_next = hmp->b_prev = NULL; 1047 dmp = hmp; 1048 hmp = pmp; 1049 } else { 1050 ASSERT(DB_TYPE(hmp) == M_CTL); 1051 dmp = hmp->b_cont; 1052 hmp->b_cont = mp; 1053 } 1054 /* 1055 * mp now points at the last chunk in the sequence, 1056 * and prev points to mp's previous in the list. 1057 * We chop the list at prev, and convert mp into the 1058 * new list head by setting the B bit. Subsequence 1059 * fragment deliveries will follow the normal reassembly 1060 * path. 1061 */ 1062 prev->b_cont = NULL; 1063 bdc = (sctp_data_hdr_t *)mp->b_rptr; 1064 SCTP_DATA_SET_BBIT(bdc); 1065 *tpfinished = 0; 1066 srp->partial_delivered = B_TRUE; 1067 1068 dprint(4, ("trypartial: got some, got=%d, needed=%d\n", 1069 (int)(srp->got), (int)(srp->needed))); 1070 goto fixup; 1071 } 1072 1073 /* 1074 * else reassembly done; prepare the data for delivery. 1075 * First unlink hmp from the ssn list. 1076 */ 1077 if (sip->istr_reass == hmp) { 1078 sip->istr_reass = hmp->b_next; 1079 if (hmp->b_next) { 1080 hmp->b_next->b_prev = NULL; 1081 } 1082 } else { 1083 ASSERT(hmp->b_prev != NULL); 1084 hmp->b_prev->b_next = hmp->b_next; 1085 if (hmp->b_next) { 1086 hmp->b_next->b_prev = hmp->b_prev; 1087 } 1088 } 1089 1090 /* 1091 * Using b_prev and b_next was a little sinful, but OK since 1092 * this mblk is never put*'d. However, freeb() will still 1093 * ASSERT that they are unused, so we need to NULL them out now. 1094 */ 1095 hmp->b_next = NULL; 1096 hmp->b_prev = NULL; 1097 dmp = hmp; 1098 if (DB_TYPE(hmp) == M_CTL) { 1099 dmp = dmp->b_cont; 1100 hmp->b_cont = NULL; 1101 freeb(hmp); 1102 } 1103 *tpfinished = 1; 1104 1105 fixup: 1106 /* 1107 * Adjust all mblk's except the lead so their rptr's point to the 1108 * payload. sctp_data_chunk() will need to process the lead's 1109 * data chunk section, so leave it's rptr pointing at the data chunk. 1110 */ 1111 *dc = (sctp_data_hdr_t *)dmp->b_rptr; 1112 if (trypartial && !(*tpfinished)) { 1113 (srp->got)--; 1114 ASSERT(srp->got != 0); 1115 if (srp->needed != 0) { 1116 (srp->needed)--; 1117 ASSERT(srp->needed != 0); 1118 } 1119 } 1120 for (qmp = dmp->b_cont; qmp; qmp = qmp->b_cont) { 1121 qdc = (sctp_data_hdr_t *)qmp->b_rptr; 1122 qmp->b_rptr = (uchar_t *)(qdc + 1); 1123 1124 /* 1125 * If in partial delivery, deduct the balance from got 1126 * and needed here, now that we know we are actually 1127 * delivering these data. 1128 */ 1129 if (trypartial && !(*tpfinished)) { 1130 (srp->got)--; 1131 ASSERT(srp->got != 0); 1132 if (srp->needed != 0) { 1133 (srp->needed)--; 1134 ASSERT(srp->needed != 0); 1135 } 1136 } 1137 } 1138 BUMP_LOCAL(sctp->sctp_reassmsgs); 1139 1140 return (dmp); 1141 } 1142 1143 static void 1144 sctp_add_dup(uint32_t tsn, mblk_t **dups) 1145 { 1146 mblk_t *mp; 1147 size_t bsize = SCTP_DUP_MBLK_SZ * sizeof (tsn); 1148 1149 if (dups == NULL) { 1150 return; 1151 } 1152 1153 /* first time? */ 1154 if (*dups == NULL) { 1155 *dups = allocb(bsize, BPRI_MED); 1156 if (*dups == NULL) { 1157 return; 1158 } 1159 } 1160 1161 mp = *dups; 1162 if ((mp->b_wptr - mp->b_rptr) >= bsize) { 1163 /* maximum reached */ 1164 return; 1165 } 1166 1167 /* add the duplicate tsn */ 1168 bcopy(&tsn, mp->b_wptr, sizeof (tsn)); 1169 mp->b_wptr += sizeof (tsn); 1170 ASSERT((mp->b_wptr - mp->b_rptr) <= bsize); 1171 } 1172 1173 static void 1174 sctp_data_chunk(sctp_t *sctp, sctp_chunk_hdr_t *ch, mblk_t *mp, mblk_t **dups, 1175 sctp_faddr_t *fp, ip6_pkt_t *ipp) 1176 { 1177 sctp_data_hdr_t *dc; 1178 mblk_t *dmp, *pmp; 1179 mblk_t *errmp; 1180 sctp_instr_t *instr; 1181 int ubit; 1182 int isfrag; 1183 uint16_t ssn; 1184 uint32_t oftsn; 1185 boolean_t can_deliver = B_TRUE; 1186 uint32_t tsn; 1187 int dlen; 1188 int trypartial = 0; 1189 int tpfinished = 1; 1190 int32_t new_rwnd; 1191 sctp_stack_t *sctps = sctp->sctp_sctps; 1192 1193 /* The following are used multiple times, so we inline them */ 1194 #define SCTP_ACK_IT(sctp, tsn) \ 1195 if (tsn == sctp->sctp_ftsn) { \ 1196 dprint(2, ("data_chunk: acking next %x\n", tsn)); \ 1197 (sctp)->sctp_ftsn++; \ 1198 if ((sctp)->sctp_sack_gaps > 0) \ 1199 (sctp)->sctp_force_sack = 1; \ 1200 } else if (SEQ_GT(tsn, sctp->sctp_ftsn)) { \ 1201 /* Got a gap; record it */ \ 1202 dprint(2, ("data_chunk: acking gap %x\n", tsn)); \ 1203 sctp_ack_add(&sctp->sctp_sack_info, tsn, \ 1204 &sctp->sctp_sack_gaps); \ 1205 sctp->sctp_force_sack = 1; \ 1206 } 1207 1208 errmp = NULL; 1209 dmp = NULL; 1210 1211 dc = (sctp_data_hdr_t *)ch; 1212 tsn = ntohl(dc->sdh_tsn); 1213 1214 dprint(3, ("sctp_data_chunk: mp=%p tsn=%x\n", (void *)mp, tsn)); 1215 1216 /* Check for duplicates */ 1217 if (SEQ_LT(tsn, sctp->sctp_ftsn)) { 1218 dprint(4, ("sctp_data_chunk: dropping duplicate\n")); 1219 sctp->sctp_force_sack = 1; 1220 sctp_add_dup(dc->sdh_tsn, dups); 1221 return; 1222 } 1223 1224 if (sctp->sctp_sack_info != NULL) { 1225 sctp_set_t *sp; 1226 1227 for (sp = sctp->sctp_sack_info; sp; sp = sp->next) { 1228 if (SEQ_GEQ(tsn, sp->begin) && SEQ_LEQ(tsn, sp->end)) { 1229 dprint(4, 1230 ("sctp_data_chunk: dropping dup > cumtsn\n")); 1231 sctp->sctp_force_sack = 1; 1232 sctp_add_dup(dc->sdh_tsn, dups); 1233 return; 1234 } 1235 } 1236 } 1237 1238 /* We cannot deliver anything up now but we still need to handle it. */ 1239 if (SCTP_IS_DETACHED(sctp)) { 1240 BUMP_MIB(&sctps->sctps_mib, sctpInClosed); 1241 can_deliver = B_FALSE; 1242 } 1243 1244 dlen = ntohs(dc->sdh_len) - sizeof (*dc); 1245 1246 /* Check for buffer space */ 1247 if (sctp->sctp_rwnd - sctp->sctp_rxqueued < dlen) { 1248 /* Drop and SACK, but don't advance the cumulative TSN. */ 1249 sctp->sctp_force_sack = 1; 1250 dprint(0, ("sctp_data_chunk: exceed rwnd %d rxqueued %d " 1251 "dlen %d ssn %d tsn %x\n", sctp->sctp_rwnd, 1252 sctp->sctp_rxqueued, dlen, ntohs(dc->sdh_ssn), 1253 ntohl(dc->sdh_tsn))); 1254 return; 1255 } 1256 1257 if (ntohs(dc->sdh_sid) >= sctp->sctp_num_istr) { 1258 uint16_t inval_parm[2]; 1259 1260 inval_parm[0] = dc->sdh_sid; 1261 /* RESERVED to be ignored at the receiving end */ 1262 inval_parm[1] = 0; 1263 /* ack and drop it */ 1264 errmp = sctp_make_err(sctp, SCTP_ERR_BAD_SID, 1265 (char *)inval_parm, sizeof (inval_parm)); 1266 SCTP_ACK_IT(sctp, tsn); 1267 if (errmp != NULL) 1268 sctp_send_err(sctp, errmp, NULL); 1269 return; 1270 } 1271 1272 ubit = SCTP_DATA_GET_UBIT(dc); 1273 ASSERT(sctp->sctp_instr != NULL); 1274 instr = &sctp->sctp_instr[ntohs(dc->sdh_sid)]; 1275 /* Initialize the stream, if not yet used */ 1276 if (instr->sctp == NULL) 1277 instr->sctp = sctp; 1278 /* 1279 * If we are getting low on buffers set trypartial to try 1280 * a partial delivery if we are reassembling a fragmented 1281 * message. Only do this if we can immediately deliver the 1282 * partially assembled message, and only partially deliver 1283 * one message at a time (i.e. messages cannot be intermixed 1284 * arriving at the upper layer). A simple way to enforce 1285 * this is to only try partial delivery if this TSN is 1286 * the next expected TSN. Partial Delivery not supported 1287 * for un-ordered message. 1288 */ 1289 isfrag = !(SCTP_DATA_GET_BBIT(dc) && SCTP_DATA_GET_EBIT(dc)); 1290 ssn = ntohs(dc->sdh_ssn); 1291 if ((sctp->sctp_rwnd - sctp->sctp_rxqueued < SCTP_RECV_LOWATER) && 1292 !ubit && isfrag && (tsn == sctp->sctp_ftsn)) { 1293 trypartial = 1; 1294 } 1295 1296 dmp = dupb(mp); 1297 if (dmp == NULL) { 1298 /* drop it and don't ack it, causing the peer to retransmit */ 1299 return; 1300 } 1301 dmp->b_wptr = (uchar_t *)ch + ntohs(ch->sch_len); 1302 1303 sctp->sctp_rxqueued += dlen; 1304 1305 oftsn = sctp->sctp_ftsn; 1306 1307 if (isfrag) { 1308 int error = 0; 1309 1310 /* fragmented data chunk */ 1311 dmp->b_rptr = (uchar_t *)dc; 1312 if (ubit) { 1313 dmp = sctp_uodata_frag(sctp, dmp, &dc); 1314 #if DEBUG 1315 if (dmp != NULL) { 1316 ASSERT(instr == 1317 &sctp->sctp_instr[ntohs(dc->sdh_sid)]); 1318 } 1319 #endif 1320 } else { 1321 dmp = sctp_data_frag(sctp, dmp, &dc, &error, instr, 1322 trypartial, &tpfinished); 1323 } 1324 if (error != 0) { 1325 sctp->sctp_rxqueued -= dlen; 1326 if (error == 1) { 1327 /* 1328 * out of memory; don't ack it so 1329 * the peer retransmits 1330 */ 1331 return; 1332 } else if (error == 2) { 1333 /* 1334 * fatal error (i.e. peer used different 1335 * ssn's for same fragmented data) -- 1336 * the association has been aborted. 1337 * XXX need to return errval so state 1338 * machine can also abort processing. 1339 */ 1340 dprint(0, ("error 2: must not happen!\n")); 1341 return; 1342 } 1343 } 1344 1345 if (dmp == NULL) { 1346 /* 1347 * Can't process this data now, but the cumulative 1348 * TSN may be advanced, so do the checks at done. 1349 */ 1350 SCTP_ACK_IT(sctp, tsn); 1351 goto done; 1352 } 1353 } 1354 1355 if (!ubit && !trypartial && ssn != instr->nextseq) { 1356 /* Adjust rptr to point at the data chunk for compares */ 1357 dmp->b_rptr = (uchar_t *)dc; 1358 1359 dprint(2, 1360 ("data_chunk: inserted %x in pq (ssn %d expected %d)\n", 1361 ntohl(dc->sdh_tsn), (int)(ssn), (int)(instr->nextseq))); 1362 1363 if (instr->istr_msgs == NULL) { 1364 instr->istr_msgs = dmp; 1365 ASSERT(dmp->b_prev == NULL && dmp->b_next == NULL); 1366 } else { 1367 mblk_t *imblk = instr->istr_msgs; 1368 sctp_data_hdr_t *idc; 1369 1370 /* 1371 * XXXNeed to take sequence wraps into account, 1372 * ... and a more efficient insertion algo. 1373 */ 1374 for (;;) { 1375 idc = (sctp_data_hdr_t *)imblk->b_rptr; 1376 if (SSN_GT(ntohs(idc->sdh_ssn), 1377 ntohs(dc->sdh_ssn))) { 1378 if (instr->istr_msgs == imblk) { 1379 instr->istr_msgs = dmp; 1380 dmp->b_next = imblk; 1381 imblk->b_prev = dmp; 1382 } else { 1383 ASSERT(imblk->b_prev != NULL); 1384 imblk->b_prev->b_next = dmp; 1385 dmp->b_prev = imblk->b_prev; 1386 imblk->b_prev = dmp; 1387 dmp->b_next = imblk; 1388 } 1389 break; 1390 } 1391 if (imblk->b_next == NULL) { 1392 imblk->b_next = dmp; 1393 dmp->b_prev = imblk; 1394 break; 1395 } 1396 imblk = imblk->b_next; 1397 } 1398 } 1399 (instr->istr_nmsgs)++; 1400 (sctp->sctp_istr_nmsgs)++; 1401 SCTP_ACK_IT(sctp, tsn); 1402 return; 1403 } 1404 1405 /* 1406 * Else we can deliver the data directly. Recalculate 1407 * dlen now since we may have reassembled data. 1408 */ 1409 dlen = dmp->b_wptr - (uchar_t *)dc - sizeof (*dc); 1410 for (pmp = dmp->b_cont; pmp != NULL; pmp = pmp->b_cont) 1411 dlen += pmp->b_wptr - pmp->b_rptr; 1412 ASSERT(sctp->sctp_rxqueued >= dlen); 1413 ASSERT(sctp->sctp_rwnd >= dlen); 1414 1415 /* Deliver the message. */ 1416 sctp->sctp_rxqueued -= dlen; 1417 1418 if (can_deliver) { 1419 dmp->b_rptr = (uchar_t *)(dc + 1); 1420 if (sctp_input_add_ancillary(sctp, &dmp, dc, fp, ipp) == 0) { 1421 dprint(1, ("sctp_data_chunk: delivering %lu bytes\n", 1422 msgdsize(dmp))); 1423 sctp->sctp_rwnd -= dlen; 1424 new_rwnd = sctp->sctp_ulp_recv(sctp->sctp_ulpd, dmp, 1425 tpfinished ? 0 : SCTP_PARTIAL_DATA); 1426 if (new_rwnd > sctp->sctp_rwnd) { 1427 sctp->sctp_rwnd = new_rwnd; 1428 } 1429 SCTP_ACK_IT(sctp, tsn); 1430 } else { 1431 /* Just free the message if we don't have memory. */ 1432 freemsg(dmp); 1433 return; 1434 } 1435 } else { 1436 /* About to free the data */ 1437 freemsg(dmp); 1438 SCTP_ACK_IT(sctp, tsn); 1439 } 1440 1441 /* 1442 * data, now enqueued, may already have been processed and free'd 1443 * by the ULP (or we may have just freed it above, if we could not 1444 * deliver it), so we must not reference it (this is why we kept 1445 * the ssn and ubit above). 1446 */ 1447 if (ubit != 0) { 1448 BUMP_LOCAL(sctp->sctp_iudchunks); 1449 goto done; 1450 } 1451 BUMP_LOCAL(sctp->sctp_idchunks); 1452 1453 /* 1454 * If there was a partial delivery and it has not finished, 1455 * don't pull anything from the pqueues. 1456 */ 1457 if (!tpfinished) { 1458 goto done; 1459 } 1460 1461 instr->nextseq = ssn + 1; 1462 /* Deliver any successive data chunks in the instr queue */ 1463 while (instr->istr_nmsgs > 0) { 1464 dmp = (mblk_t *)instr->istr_msgs; 1465 dc = (sctp_data_hdr_t *)dmp->b_rptr; 1466 ssn = ntohs(dc->sdh_ssn); 1467 /* Gap in the sequence */ 1468 if (ssn != instr->nextseq) 1469 break; 1470 1471 /* Else deliver the data */ 1472 (instr->istr_nmsgs)--; 1473 (instr->nextseq)++; 1474 (sctp->sctp_istr_nmsgs)--; 1475 1476 instr->istr_msgs = instr->istr_msgs->b_next; 1477 if (instr->istr_msgs != NULL) 1478 instr->istr_msgs->b_prev = NULL; 1479 dmp->b_next = dmp->b_prev = NULL; 1480 1481 dprint(2, ("data_chunk: pulling %x from pq (ssn %d)\n", 1482 ntohl(dc->sdh_tsn), (int)ssn)); 1483 1484 /* 1485 * If this chunk was reassembled, each b_cont represents 1486 * another TSN; advance ftsn now. 1487 */ 1488 dlen = dmp->b_wptr - dmp->b_rptr - sizeof (*dc); 1489 for (pmp = dmp->b_cont; pmp; pmp = pmp->b_cont) 1490 dlen += pmp->b_wptr - pmp->b_rptr; 1491 1492 ASSERT(sctp->sctp_rxqueued >= dlen); 1493 ASSERT(sctp->sctp_rwnd >= dlen); 1494 1495 sctp->sctp_rxqueued -= dlen; 1496 if (can_deliver) { 1497 dmp->b_rptr = (uchar_t *)(dc + 1); 1498 if (sctp_input_add_ancillary(sctp, &dmp, dc, fp, 1499 ipp) == 0) { 1500 dprint(1, ("sctp_data_chunk: delivering %lu " 1501 "bytes\n", msgdsize(dmp))); 1502 sctp->sctp_rwnd -= dlen; 1503 new_rwnd = sctp->sctp_ulp_recv(sctp->sctp_ulpd, 1504 dmp, tpfinished ? 0 : SCTP_PARTIAL_DATA); 1505 if (new_rwnd > sctp->sctp_rwnd) { 1506 sctp->sctp_rwnd = new_rwnd; 1507 } 1508 SCTP_ACK_IT(sctp, tsn); 1509 } else { 1510 freemsg(dmp); 1511 return; 1512 } 1513 } else { 1514 /* About to free the data */ 1515 freemsg(dmp); 1516 SCTP_ACK_IT(sctp, tsn); 1517 } 1518 } 1519 1520 done: 1521 1522 /* 1523 * If there are gap reports pending, check if advancing 1524 * the ftsn here closes a gap. If so, we can advance 1525 * ftsn to the end of the set. 1526 */ 1527 if (sctp->sctp_sack_info != NULL && 1528 sctp->sctp_ftsn == sctp->sctp_sack_info->begin) { 1529 sctp->sctp_ftsn = sctp->sctp_sack_info->end + 1; 1530 } 1531 /* 1532 * If ftsn has moved forward, maybe we can remove gap reports. 1533 * NB: dmp may now be NULL, so don't dereference it here. 1534 */ 1535 if (oftsn != sctp->sctp_ftsn && sctp->sctp_sack_info != NULL) { 1536 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 1537 &sctp->sctp_sack_gaps); 1538 dprint(2, ("data_chunk: removed acks before %x (num=%d)\n", 1539 sctp->sctp_ftsn - 1, sctp->sctp_sack_gaps)); 1540 } 1541 1542 #ifdef DEBUG 1543 if (sctp->sctp_sack_info != NULL) { 1544 ASSERT(sctp->sctp_ftsn != sctp->sctp_sack_info->begin); 1545 } 1546 #endif 1547 1548 #undef SCTP_ACK_IT 1549 } 1550 1551 void 1552 sctp_fill_sack(sctp_t *sctp, unsigned char *dst, int sacklen) 1553 { 1554 sctp_chunk_hdr_t *sch; 1555 sctp_sack_chunk_t *sc; 1556 sctp_sack_frag_t *sf; 1557 uint16_t num_gaps = sctp->sctp_sack_gaps; 1558 sctp_set_t *sp; 1559 1560 /* Chunk hdr */ 1561 sch = (sctp_chunk_hdr_t *)dst; 1562 sch->sch_id = CHUNK_SACK; 1563 sch->sch_flags = 0; 1564 sch->sch_len = htons(sacklen); 1565 1566 /* SACK chunk */ 1567 sctp->sctp_lastacked = sctp->sctp_ftsn - 1; 1568 1569 sc = (sctp_sack_chunk_t *)(sch + 1); 1570 sc->ssc_cumtsn = htonl(sctp->sctp_lastacked); 1571 if (sctp->sctp_rxqueued < sctp->sctp_rwnd) { 1572 sc->ssc_a_rwnd = htonl(sctp->sctp_rwnd - sctp->sctp_rxqueued); 1573 } else { 1574 sc->ssc_a_rwnd = 0; 1575 } 1576 sc->ssc_numfrags = htons(num_gaps); 1577 sc->ssc_numdups = 0; 1578 1579 /* lay in gap reports */ 1580 sf = (sctp_sack_frag_t *)(sc + 1); 1581 for (sp = sctp->sctp_sack_info; sp; sp = sp->next) { 1582 uint16_t offset; 1583 1584 /* start */ 1585 if (sp->begin > sctp->sctp_lastacked) { 1586 offset = (uint16_t)(sp->begin - sctp->sctp_lastacked); 1587 } else { 1588 /* sequence number wrap */ 1589 offset = (uint16_t)(UINT32_MAX - sctp->sctp_lastacked + 1590 sp->begin); 1591 } 1592 sf->ssf_start = htons(offset); 1593 1594 /* end */ 1595 if (sp->end >= sp->begin) { 1596 offset += (uint16_t)(sp->end - sp->begin); 1597 } else { 1598 /* sequence number wrap */ 1599 offset += (uint16_t)(UINT32_MAX - sp->begin + sp->end); 1600 } 1601 sf->ssf_end = htons(offset); 1602 1603 sf++; 1604 /* This is just for debugging (a la the following assertion) */ 1605 num_gaps--; 1606 } 1607 1608 ASSERT(num_gaps == 0); 1609 1610 /* If the SACK timer is running, stop it */ 1611 if (sctp->sctp_ack_timer_running) { 1612 sctp_timer_stop(sctp->sctp_ack_mp); 1613 sctp->sctp_ack_timer_running = B_FALSE; 1614 } 1615 1616 BUMP_LOCAL(sctp->sctp_obchunks); 1617 } 1618 1619 mblk_t * 1620 sctp_make_sack(sctp_t *sctp, sctp_faddr_t *sendto, mblk_t *dups) 1621 { 1622 mblk_t *smp; 1623 size_t slen; 1624 sctp_chunk_hdr_t *sch; 1625 sctp_sack_chunk_t *sc; 1626 int32_t acks_max; 1627 sctp_stack_t *sctps = sctp->sctp_sctps; 1628 1629 if (sctp->sctp_force_sack) { 1630 sctp->sctp_force_sack = 0; 1631 goto checks_done; 1632 } 1633 1634 acks_max = sctps->sctps_deferred_acks_max; 1635 if (sctp->sctp_state == SCTPS_ESTABLISHED) { 1636 if (sctp->sctp_sack_toggle < acks_max) { 1637 /* no need to SACK right now */ 1638 dprint(2, ("sctp_make_sack: %p no sack (toggle)\n", 1639 (void *)sctp)); 1640 return (NULL); 1641 } else if (sctp->sctp_sack_toggle >= acks_max) { 1642 sctp->sctp_sack_toggle = 0; 1643 } 1644 } 1645 1646 if (sctp->sctp_ftsn == sctp->sctp_lastacked + 1) { 1647 dprint(2, ("sctp_make_sack: %p no sack (already)\n", 1648 (void *)sctp)); 1649 return (NULL); 1650 } 1651 1652 checks_done: 1653 dprint(2, ("sctp_make_sack: acking %x\n", sctp->sctp_ftsn - 1)); 1654 1655 slen = sizeof (*sch) + sizeof (*sc) + 1656 (sizeof (sctp_sack_frag_t) * sctp->sctp_sack_gaps); 1657 smp = sctp_make_mp(sctp, sendto, slen); 1658 if (smp == NULL) { 1659 SCTP_KSTAT(sctps, sctp_send_sack_failed); 1660 return (NULL); 1661 } 1662 sch = (sctp_chunk_hdr_t *)smp->b_wptr; 1663 1664 sctp_fill_sack(sctp, smp->b_wptr, slen); 1665 smp->b_wptr += slen; 1666 if (dups) { 1667 sc = (sctp_sack_chunk_t *)(sch + 1); 1668 sc->ssc_numdups = htons((dups->b_wptr - dups->b_rptr) 1669 / sizeof (uint32_t)); 1670 sch->sch_len = htons(slen + (dups->b_wptr - dups->b_rptr)); 1671 smp->b_cont = dups; 1672 } 1673 1674 return (smp); 1675 } 1676 1677 void 1678 sctp_sack(sctp_t *sctp, mblk_t *dups) 1679 { 1680 mblk_t *smp; 1681 sctp_stack_t *sctps = sctp->sctp_sctps; 1682 1683 /* If we are shutting down, let send_shutdown() bundle the SACK */ 1684 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 1685 sctp_send_shutdown(sctp, 0); 1686 } 1687 1688 ASSERT(sctp->sctp_lastdata != NULL); 1689 1690 if ((smp = sctp_make_sack(sctp, sctp->sctp_lastdata, dups)) == NULL) { 1691 /* The caller of sctp_sack() will not free the dups mblk. */ 1692 if (dups != NULL) 1693 freeb(dups); 1694 return; 1695 } 1696 1697 sctp_set_iplen(sctp, smp); 1698 1699 dprint(2, ("sctp_sack: sending to %p %x:%x:%x:%x\n", 1700 (void *)sctp->sctp_lastdata, 1701 SCTP_PRINTADDR(sctp->sctp_lastdata->faddr))); 1702 1703 sctp->sctp_active = lbolt64; 1704 1705 BUMP_MIB(&sctps->sctps_mib, sctpOutAck); 1706 sctp_add_sendq(sctp, smp); 1707 } 1708 1709 /* 1710 * This is called if we have a message that was partially sent and is 1711 * abandoned. The cum TSN will be the last chunk sent for this message, 1712 * subsequent chunks will be marked ABANDONED. We send a Forward TSN 1713 * chunk in this case with the TSN of the last sent chunk so that the 1714 * peer can clean up its fragment list for this message. This message 1715 * will be removed from the transmit list when the peer sends a SACK 1716 * back. 1717 */ 1718 int 1719 sctp_check_abandoned_msg(sctp_t *sctp, mblk_t *meta) 1720 { 1721 sctp_data_hdr_t *dh; 1722 mblk_t *nmp; 1723 mblk_t *head; 1724 int32_t unsent = 0; 1725 mblk_t *mp1 = meta->b_cont; 1726 uint32_t adv_pap = sctp->sctp_adv_pap; 1727 sctp_faddr_t *fp = sctp->sctp_current; 1728 sctp_stack_t *sctps = sctp->sctp_sctps; 1729 1730 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1731 if (SEQ_GEQ(sctp->sctp_lastack_rxd, ntohl(dh->sdh_tsn))) { 1732 sctp_ftsn_set_t *sets = NULL; 1733 uint_t nsets = 0; 1734 uint32_t seglen = sizeof (uint32_t); 1735 boolean_t ubit = SCTP_DATA_GET_UBIT(dh); 1736 1737 while (mp1->b_next != NULL && SCTP_CHUNK_ISSENT(mp1->b_next)) 1738 mp1 = mp1->b_next; 1739 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1740 sctp->sctp_adv_pap = ntohl(dh->sdh_tsn); 1741 if (!ubit && 1742 !sctp_add_ftsn_set(&sets, fp, meta, &nsets, &seglen)) { 1743 sctp->sctp_adv_pap = adv_pap; 1744 return (ENOMEM); 1745 } 1746 nmp = sctp_make_ftsn_chunk(sctp, fp, sets, nsets, seglen); 1747 sctp_free_ftsn_set(sets); 1748 if (nmp == NULL) { 1749 sctp->sctp_adv_pap = adv_pap; 1750 return (ENOMEM); 1751 } 1752 head = sctp_add_proto_hdr(sctp, fp, nmp, 0, NULL); 1753 if (head == NULL) { 1754 sctp->sctp_adv_pap = adv_pap; 1755 freemsg(nmp); 1756 SCTP_KSTAT(sctps, sctp_send_ftsn_failed); 1757 return (ENOMEM); 1758 } 1759 SCTP_MSG_SET_ABANDONED(meta); 1760 sctp_set_iplen(sctp, head); 1761 sctp_add_sendq(sctp, head); 1762 if (!fp->timer_running) 1763 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->rto); 1764 mp1 = mp1->b_next; 1765 while (mp1 != NULL) { 1766 ASSERT(!SCTP_CHUNK_ISSENT(mp1)); 1767 ASSERT(!SCTP_CHUNK_ABANDONED(mp1)); 1768 SCTP_ABANDON_CHUNK(mp1); 1769 dh = (sctp_data_hdr_t *)mp1->b_rptr; 1770 unsent += ntohs(dh->sdh_len) - sizeof (*dh); 1771 mp1 = mp1->b_next; 1772 } 1773 ASSERT(sctp->sctp_unsent >= unsent); 1774 sctp->sctp_unsent -= unsent; 1775 /* 1776 * Update ULP the amount of queued data, which is 1777 * sent-unack'ed + unsent. 1778 */ 1779 if (!SCTP_IS_DETACHED(sctp)) { 1780 sctp->sctp_ulp_xmitted(sctp->sctp_ulpd, 1781 sctp->sctp_unacked + sctp->sctp_unsent); 1782 } 1783 return (0); 1784 } 1785 return (-1); 1786 } 1787 1788 uint32_t 1789 sctp_cumack(sctp_t *sctp, uint32_t tsn, mblk_t **first_unacked) 1790 { 1791 mblk_t *ump, *nump, *mp = NULL; 1792 uint16_t chunklen; 1793 uint32_t xtsn; 1794 sctp_faddr_t *fp; 1795 sctp_data_hdr_t *sdc; 1796 uint32_t cumack_forward = 0; 1797 sctp_msg_hdr_t *mhdr; 1798 sctp_stack_t *sctps = sctp->sctp_sctps; 1799 1800 ump = sctp->sctp_xmit_head; 1801 1802 /* 1803 * Free messages only when they're completely acked. 1804 */ 1805 while (ump != NULL) { 1806 mhdr = (sctp_msg_hdr_t *)ump->b_rptr; 1807 for (mp = ump->b_cont; mp != NULL; mp = mp->b_next) { 1808 if (SCTP_CHUNK_ABANDONED(mp)) { 1809 ASSERT(SCTP_IS_MSG_ABANDONED(ump)); 1810 mp = NULL; 1811 break; 1812 } 1813 /* 1814 * We check for abandoned message if we are PR-SCTP 1815 * aware, if this is not the first chunk in the 1816 * message (b_cont) and if the message is marked 1817 * abandoned. 1818 */ 1819 if (!SCTP_CHUNK_ISSENT(mp)) { 1820 if (sctp->sctp_prsctp_aware && 1821 mp != ump->b_cont && 1822 (SCTP_IS_MSG_ABANDONED(ump) || 1823 SCTP_MSG_TO_BE_ABANDONED(ump, mhdr, 1824 sctp))) { 1825 (void) sctp_check_abandoned_msg(sctp, 1826 ump); 1827 } 1828 goto cum_ack_done; 1829 } 1830 sdc = (sctp_data_hdr_t *)mp->b_rptr; 1831 xtsn = ntohl(sdc->sdh_tsn); 1832 if (SEQ_GEQ(sctp->sctp_lastack_rxd, xtsn)) 1833 continue; 1834 if (SEQ_GEQ(tsn, xtsn)) { 1835 fp = SCTP_CHUNK_DEST(mp); 1836 chunklen = ntohs(sdc->sdh_len); 1837 1838 if (sctp->sctp_out_time != 0 && 1839 xtsn == sctp->sctp_rtt_tsn) { 1840 /* Got a new RTT measurement */ 1841 sctp_update_rtt(sctp, fp, 1842 lbolt64 - sctp->sctp_out_time); 1843 sctp->sctp_out_time = 0; 1844 } 1845 if (SCTP_CHUNK_ISACKED(mp)) 1846 continue; 1847 SCTP_CHUNK_SET_SACKCNT(mp, 0); 1848 SCTP_CHUNK_ACKED(mp); 1849 ASSERT(fp->suna >= chunklen); 1850 fp->suna -= chunklen; 1851 fp->acked += chunklen; 1852 cumack_forward += chunklen; 1853 ASSERT(sctp->sctp_unacked >= 1854 (chunklen - sizeof (*sdc))); 1855 sctp->sctp_unacked -= 1856 (chunklen - sizeof (*sdc)); 1857 if (fp->suna == 0) { 1858 /* all outstanding data acked */ 1859 fp->pba = 0; 1860 SCTP_FADDR_TIMER_STOP(fp); 1861 } else { 1862 SCTP_FADDR_TIMER_RESTART(sctp, fp, 1863 fp->rto); 1864 } 1865 } else { 1866 goto cum_ack_done; 1867 } 1868 } 1869 nump = ump->b_next; 1870 if (nump != NULL) 1871 nump->b_prev = NULL; 1872 if (ump == sctp->sctp_xmit_tail) 1873 sctp->sctp_xmit_tail = nump; 1874 if (SCTP_IS_MSG_ABANDONED(ump)) { 1875 BUMP_LOCAL(sctp->sctp_prsctpdrop); 1876 ump->b_next = NULL; 1877 sctp_sendfail_event(sctp, ump, 0, B_TRUE); 1878 } else { 1879 sctp_free_msg(ump); 1880 } 1881 sctp->sctp_xmit_head = ump = nump; 1882 } 1883 cum_ack_done: 1884 *first_unacked = mp; 1885 if (cumack_forward > 0) { 1886 BUMP_MIB(&sctps->sctps_mib, sctpInAck); 1887 if (SEQ_GT(sctp->sctp_lastack_rxd, sctp->sctp_recovery_tsn)) { 1888 sctp->sctp_recovery_tsn = sctp->sctp_lastack_rxd; 1889 } 1890 1891 /* 1892 * Update ULP the amount of queued data, which is 1893 * sent-unack'ed + unsent. 1894 */ 1895 if (!SCTP_IS_DETACHED(sctp)) { 1896 sctp->sctp_ulp_xmitted(sctp->sctp_ulpd, 1897 sctp->sctp_unacked + sctp->sctp_unsent); 1898 } 1899 1900 /* Time to send a shutdown? */ 1901 if (sctp->sctp_state == SCTPS_SHUTDOWN_PENDING) { 1902 sctp_send_shutdown(sctp, 0); 1903 } 1904 sctp->sctp_xmit_unacked = mp; 1905 } else { 1906 /* dup ack */ 1907 BUMP_MIB(&sctps->sctps_mib, sctpInDupAck); 1908 } 1909 sctp->sctp_lastack_rxd = tsn; 1910 if (SEQ_LT(sctp->sctp_adv_pap, sctp->sctp_lastack_rxd)) 1911 sctp->sctp_adv_pap = sctp->sctp_lastack_rxd; 1912 ASSERT(sctp->sctp_xmit_head || sctp->sctp_unacked == 0); 1913 1914 return (cumack_forward); 1915 } 1916 1917 static int 1918 sctp_set_frwnd(sctp_t *sctp, uint32_t frwnd) 1919 { 1920 uint32_t orwnd; 1921 1922 if (sctp->sctp_unacked > frwnd) { 1923 sctp->sctp_frwnd = 0; 1924 return (0); 1925 } 1926 orwnd = sctp->sctp_frwnd; 1927 sctp->sctp_frwnd = frwnd - sctp->sctp_unacked; 1928 if (orwnd < sctp->sctp_frwnd) { 1929 return (1); 1930 } else { 1931 return (0); 1932 } 1933 } 1934 1935 /* 1936 * For un-ordered messages. 1937 * Walk the sctp->sctp_uo_frag list and remove any fragments with TSN 1938 * less than/equal to ftsn. Fragments for un-ordered messages are 1939 * strictly in sequence (w.r.t TSN). 1940 */ 1941 static int 1942 sctp_ftsn_check_uo_frag(sctp_t *sctp, uint32_t ftsn) 1943 { 1944 mblk_t *hmp; 1945 mblk_t *hmp_next; 1946 sctp_data_hdr_t *dc; 1947 int dlen = 0; 1948 1949 hmp = sctp->sctp_uo_frags; 1950 while (hmp != NULL) { 1951 hmp_next = hmp->b_next; 1952 dc = (sctp_data_hdr_t *)hmp->b_rptr; 1953 if (SEQ_GT(ntohl(dc->sdh_tsn), ftsn)) 1954 return (dlen); 1955 sctp->sctp_uo_frags = hmp_next; 1956 if (hmp_next != NULL) 1957 hmp_next->b_prev = NULL; 1958 hmp->b_next = NULL; 1959 dlen += ntohs(dc->sdh_len) - sizeof (*dc); 1960 freeb(hmp); 1961 hmp = hmp_next; 1962 } 1963 return (dlen); 1964 } 1965 1966 /* 1967 * For ordered messages. 1968 * Check for existing fragments for an sid-ssn pair reported as abandoned, 1969 * hence will not receive, in the Forward TSN. If there are fragments, then 1970 * we just nuke them. If and when Partial Delivery API is supported, we 1971 * would need to send a notification to the upper layer about this. 1972 */ 1973 static int 1974 sctp_ftsn_check_frag(sctp_t *sctp, uint16_t ssn, sctp_instr_t *sip) 1975 { 1976 sctp_reass_t *srp; 1977 mblk_t *hmp; 1978 mblk_t *dmp; 1979 mblk_t *hmp_next; 1980 sctp_data_hdr_t *dc; 1981 int dlen = 0; 1982 1983 hmp = sip->istr_reass; 1984 while (hmp != NULL) { 1985 hmp_next = hmp->b_next; 1986 srp = (sctp_reass_t *)DB_BASE(hmp); 1987 if (SSN_GT(srp->ssn, ssn)) 1988 return (dlen); 1989 /* 1990 * If we had sent part of this message up, send a partial 1991 * delivery event. Since this is ordered delivery, we should 1992 * have sent partial message only for the next in sequence, 1993 * hence the ASSERT. See comments in sctp_data_chunk() for 1994 * trypartial. 1995 */ 1996 if (srp->partial_delivered) { 1997 ASSERT(sip->nextseq == srp->ssn); 1998 sctp_partial_delivery_event(sctp); 1999 } 2000 /* Take it out of the reass queue */ 2001 sip->istr_reass = hmp_next; 2002 if (hmp_next != NULL) 2003 hmp_next->b_prev = NULL; 2004 hmp->b_next = NULL; 2005 ASSERT(hmp->b_prev == NULL); 2006 dmp = hmp; 2007 if (DB_TYPE(hmp) == M_CTL) { 2008 dmp = hmp->b_cont; 2009 hmp->b_cont = NULL; 2010 freeb(hmp); 2011 hmp = dmp; 2012 } 2013 while (dmp != NULL) { 2014 dc = (sctp_data_hdr_t *)dmp->b_rptr; 2015 dlen += ntohs(dc->sdh_len) - sizeof (*dc); 2016 dmp = dmp->b_cont; 2017 } 2018 freemsg(hmp); 2019 hmp = hmp_next; 2020 } 2021 return (dlen); 2022 } 2023 2024 /* 2025 * Update sctp_ftsn to the cumulative TSN from the Forward TSN chunk. Remove 2026 * any SACK gaps less than the newly updated sctp_ftsn. Walk through the 2027 * sid-ssn pair in the Forward TSN and for each, clean the fragment list 2028 * for this pair, if needed, and check if we can deliver subsequent 2029 * messages, if any, from the instream queue (that were waiting for this 2030 * sid-ssn message to show up). Once we are done try to update the SACK 2031 * info. We could get a duplicate Forward TSN, in which case just send 2032 * a SACK. If any of the sid values in the the Forward TSN is invalid, 2033 * send back an "Invalid Stream Identifier" error and continue processing 2034 * the rest. 2035 */ 2036 static void 2037 sctp_process_forward_tsn(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp, 2038 ip6_pkt_t *ipp) 2039 { 2040 uint32_t *ftsn = (uint32_t *)(ch + 1); 2041 ftsn_entry_t *ftsn_entry; 2042 sctp_instr_t *instr; 2043 boolean_t can_deliver = B_TRUE; 2044 size_t dlen; 2045 int flen; 2046 mblk_t *dmp; 2047 mblk_t *pmp; 2048 sctp_data_hdr_t *dc; 2049 ssize_t remaining; 2050 sctp_stack_t *sctps = sctp->sctp_sctps; 2051 2052 *ftsn = ntohl(*ftsn); 2053 remaining = ntohs(ch->sch_len) - sizeof (*ch) - sizeof (*ftsn); 2054 2055 if (SCTP_IS_DETACHED(sctp)) { 2056 BUMP_MIB(&sctps->sctps_mib, sctpInClosed); 2057 can_deliver = B_FALSE; 2058 } 2059 /* 2060 * un-ordered messages don't have SID-SSN pair entries, we check 2061 * for any fragments (for un-ordered message) to be discarded using 2062 * the cumulative FTSN. 2063 */ 2064 flen = sctp_ftsn_check_uo_frag(sctp, *ftsn); 2065 if (flen > 0) { 2066 ASSERT(sctp->sctp_rxqueued >= flen); 2067 sctp->sctp_rxqueued -= flen; 2068 } 2069 ftsn_entry = (ftsn_entry_t *)(ftsn + 1); 2070 while (remaining >= sizeof (*ftsn_entry)) { 2071 ftsn_entry->ftsn_sid = ntohs(ftsn_entry->ftsn_sid); 2072 ftsn_entry->ftsn_ssn = ntohs(ftsn_entry->ftsn_ssn); 2073 if (ftsn_entry->ftsn_sid >= sctp->sctp_num_istr) { 2074 uint16_t inval_parm[2]; 2075 mblk_t *errmp; 2076 2077 inval_parm[0] = htons(ftsn_entry->ftsn_sid); 2078 /* RESERVED to be ignored at the receiving end */ 2079 inval_parm[1] = 0; 2080 errmp = sctp_make_err(sctp, SCTP_ERR_BAD_SID, 2081 (char *)inval_parm, sizeof (inval_parm)); 2082 if (errmp != NULL) 2083 sctp_send_err(sctp, errmp, NULL); 2084 ftsn_entry++; 2085 remaining -= sizeof (*ftsn_entry); 2086 continue; 2087 } 2088 instr = &sctp->sctp_instr[ftsn_entry->ftsn_sid]; 2089 flen = sctp_ftsn_check_frag(sctp, ftsn_entry->ftsn_ssn, instr); 2090 /* Indicates frags were nuked, update rxqueued */ 2091 if (flen > 0) { 2092 ASSERT(sctp->sctp_rxqueued >= flen); 2093 sctp->sctp_rxqueued -= flen; 2094 } 2095 /* 2096 * It is possible to receive an FTSN chunk with SSN smaller 2097 * than then nextseq if this chunk is a retransmission because 2098 * of incomplete processing when it was first processed. 2099 */ 2100 if (SSN_GE(ftsn_entry->ftsn_ssn, instr->nextseq)) 2101 instr->nextseq = ftsn_entry->ftsn_ssn + 1; 2102 while (instr->istr_nmsgs > 0) { 2103 mblk_t *next; 2104 2105 dmp = (mblk_t *)instr->istr_msgs; 2106 dc = (sctp_data_hdr_t *)dmp->b_rptr; 2107 if (ntohs(dc->sdh_ssn) != instr->nextseq) 2108 break; 2109 2110 next = dmp->b_next; 2111 dlen = dmp->b_wptr - dmp->b_rptr - sizeof (*dc); 2112 for (pmp = dmp->b_cont; pmp != NULL; 2113 pmp = pmp->b_cont) { 2114 dlen += pmp->b_wptr - pmp->b_rptr; 2115 } 2116 if (can_deliver) { 2117 int32_t nrwnd; 2118 2119 dmp->b_rptr = (uchar_t *)(dc + 1); 2120 dmp->b_next = NULL; 2121 ASSERT(dmp->b_prev == NULL); 2122 if (sctp_input_add_ancillary(sctp, 2123 &dmp, dc, fp, ipp) == 0) { 2124 sctp->sctp_rxqueued -= dlen; 2125 sctp->sctp_rwnd -= dlen; 2126 nrwnd = sctp->sctp_ulp_recv( 2127 sctp->sctp_ulpd, dmp, 0); 2128 if (nrwnd > sctp->sctp_rwnd) 2129 sctp->sctp_rwnd = nrwnd; 2130 } else { 2131 /* 2132 * We will resume processing when 2133 * the FTSN chunk is re-xmitted. 2134 */ 2135 dmp->b_rptr = (uchar_t *)dc; 2136 dmp->b_next = next; 2137 dprint(0, 2138 ("FTSN dequeuing %u failed\n", 2139 ntohs(dc->sdh_ssn))); 2140 return; 2141 } 2142 } else { 2143 sctp->sctp_rxqueued -= dlen; 2144 ASSERT(dmp->b_prev == NULL); 2145 dmp->b_next = NULL; 2146 freemsg(dmp); 2147 } 2148 instr->istr_nmsgs--; 2149 instr->nextseq++; 2150 sctp->sctp_istr_nmsgs--; 2151 if (next != NULL) 2152 next->b_prev = NULL; 2153 instr->istr_msgs = next; 2154 } 2155 ftsn_entry++; 2156 remaining -= sizeof (*ftsn_entry); 2157 } 2158 /* Duplicate FTSN */ 2159 if (*ftsn <= (sctp->sctp_ftsn - 1)) { 2160 sctp->sctp_force_sack = 1; 2161 return; 2162 } 2163 /* Advance cum TSN to that reported in the Forward TSN chunk */ 2164 sctp->sctp_ftsn = *ftsn + 1; 2165 2166 /* Remove all the SACK gaps before the new cum TSN */ 2167 if (sctp->sctp_sack_info != NULL) { 2168 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 2169 &sctp->sctp_sack_gaps); 2170 } 2171 /* 2172 * If there are gap reports pending, check if advancing 2173 * the ftsn here closes a gap. If so, we can advance 2174 * ftsn to the end of the set. 2175 * If ftsn has moved forward, maybe we can remove gap reports. 2176 */ 2177 if (sctp->sctp_sack_info != NULL && 2178 sctp->sctp_ftsn == sctp->sctp_sack_info->begin) { 2179 sctp->sctp_ftsn = sctp->sctp_sack_info->end + 1; 2180 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1, 2181 &sctp->sctp_sack_gaps); 2182 } 2183 } 2184 2185 /* 2186 * When we have processed a SACK we check to see if we can advance the 2187 * cumulative TSN if there are abandoned chunks immediately following 2188 * the updated cumulative TSN. If there are, we attempt to send a 2189 * Forward TSN chunk. 2190 */ 2191 static void 2192 sctp_check_abandoned_data(sctp_t *sctp, sctp_faddr_t *fp) 2193 { 2194 mblk_t *meta = sctp->sctp_xmit_head; 2195 mblk_t *mp; 2196 mblk_t *nmp; 2197 uint32_t seglen; 2198 uint32_t adv_pap = sctp->sctp_adv_pap; 2199 2200 /* 2201 * We only check in the first meta since otherwise we can't 2202 * advance the cumulative ack point. We just look for chunks 2203 * marked for retransmission, else we might prematurely 2204 * send an FTSN for a sent, but unacked, chunk. 2205 */ 2206 for (mp = meta->b_cont; mp != NULL; mp = mp->b_next) { 2207 if (!SCTP_CHUNK_ISSENT(mp)) 2208 return; 2209 if (SCTP_CHUNK_WANT_REXMIT(mp)) 2210 break; 2211 } 2212 if (mp == NULL) 2213 return; 2214 sctp_check_adv_ack_pt(sctp, meta, mp); 2215 if (SEQ_GT(sctp->sctp_adv_pap, adv_pap)) { 2216 sctp_make_ftsns(sctp, meta, mp, &nmp, fp, &seglen); 2217 if (nmp == NULL) { 2218 sctp->sctp_adv_pap = adv_pap; 2219 if (!fp->timer_running) 2220 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->rto); 2221 return; 2222 } 2223 sctp_set_iplen(sctp, nmp); 2224 sctp_add_sendq(sctp, nmp); 2225 if (!fp->timer_running) 2226 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->rto); 2227 } 2228 } 2229 2230 /* 2231 * The processing here follows the same logic in sctp_got_sack(), the reason 2232 * we do this separately is because, usually, gap blocks are ordered and 2233 * we can process it in sctp_got_sack(). However if they aren't we would 2234 * need to do some additional non-optimal stuff when we start processing the 2235 * unordered gaps. To that effect sctp_got_sack() does the processing in the 2236 * simple case and this does the same in the more involved case. 2237 */ 2238 static uint32_t 2239 sctp_process_uo_gaps(sctp_t *sctp, uint32_t ctsn, sctp_sack_frag_t *ssf, 2240 int num_gaps, mblk_t *umphead, mblk_t *mphead, int *trysend, 2241 boolean_t *fast_recovery, uint32_t fr_xtsn) 2242 { 2243 uint32_t xtsn; 2244 uint32_t gapstart = 0; 2245 uint32_t gapend = 0; 2246 int gapcnt; 2247 uint16_t chunklen; 2248 sctp_data_hdr_t *sdc; 2249 int gstart; 2250 mblk_t *ump = umphead; 2251 mblk_t *mp = mphead; 2252 sctp_faddr_t *fp; 2253 uint32_t acked = 0; 2254 sctp_stack_t *sctps = sctp->sctp_sctps; 2255 2256 /* 2257 * gstart tracks the last (in the order of TSN) gapstart that 2258 * we process in this SACK gaps walk. 2259 */ 2260 gstart = ctsn; 2261 2262 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2263 xtsn = ntohl(sdc->sdh_tsn); 2264 for (gapcnt = 0; gapcnt < num_gaps; gapcnt++, ssf++) { 2265 if (gapstart != 0) { 2266 /* 2267 * If we have reached the end of the transmit list or 2268 * hit an unsent chunk or encountered an unordered gap 2269 * block start from the ctsn again. 2270 */ 2271 if (ump == NULL || !SCTP_CHUNK_ISSENT(mp) || 2272 SEQ_LT(ctsn + ntohs(ssf->ssf_start), xtsn)) { 2273 ump = umphead; 2274 mp = mphead; 2275 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2276 xtsn = ntohl(sdc->sdh_tsn); 2277 } 2278 } 2279 2280 gapstart = ctsn + ntohs(ssf->ssf_start); 2281 gapend = ctsn + ntohs(ssf->ssf_end); 2282 2283 /* SACK for TSN we have not sent - ABORT */ 2284 if (SEQ_GT(gapstart, sctp->sctp_ltsn - 1) || 2285 SEQ_GT(gapend, sctp->sctp_ltsn - 1)) { 2286 BUMP_MIB(&sctps->sctps_mib, sctpInAckUnsent); 2287 *trysend = -1; 2288 return (acked); 2289 } else if (SEQ_LT(gapend, gapstart)) { 2290 break; 2291 } 2292 /* 2293 * The xtsn can be the TSN processed for the last gap 2294 * (gapend) or it could be the cumulative TSN. We continue 2295 * with the last xtsn as long as the gaps are ordered, when 2296 * we hit an unordered gap, we re-start from the cumulative 2297 * TSN. For the first gap it is always the cumulative TSN. 2298 */ 2299 while (xtsn != gapstart) { 2300 /* 2301 * We can't reliably check for reneged chunks 2302 * when walking the unordered list, so we don't. 2303 * In case the peer reneges then we will end up 2304 * sending the reneged chunk via timeout. 2305 */ 2306 mp = mp->b_next; 2307 if (mp == NULL) { 2308 ump = ump->b_next; 2309 /* 2310 * ump can't be NULL because of the sanity 2311 * check above. 2312 */ 2313 ASSERT(ump != NULL); 2314 mp = ump->b_cont; 2315 } 2316 /* 2317 * mp can't be unsent because of the sanity check 2318 * above. 2319 */ 2320 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2321 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2322 xtsn = ntohl(sdc->sdh_tsn); 2323 } 2324 /* 2325 * Now that we have found the chunk with TSN == 'gapstart', 2326 * let's walk till we hit the chunk with TSN == 'gapend'. 2327 * All intermediate chunks will be marked ACKED, if they 2328 * haven't already been. 2329 */ 2330 while (SEQ_LEQ(xtsn, gapend)) { 2331 /* 2332 * SACKed 2333 */ 2334 SCTP_CHUNK_SET_SACKCNT(mp, 0); 2335 if (!SCTP_CHUNK_ISACKED(mp)) { 2336 SCTP_CHUNK_ACKED(mp); 2337 2338 fp = SCTP_CHUNK_DEST(mp); 2339 chunklen = ntohs(sdc->sdh_len); 2340 ASSERT(fp->suna >= chunklen); 2341 fp->suna -= chunklen; 2342 if (fp->suna == 0) { 2343 /* All outstanding data acked. */ 2344 fp->pba = 0; 2345 SCTP_FADDR_TIMER_STOP(fp); 2346 } 2347 fp->acked += chunklen; 2348 acked += chunklen; 2349 sctp->sctp_unacked -= chunklen - sizeof (*sdc); 2350 ASSERT(sctp->sctp_unacked >= 0); 2351 } 2352 /* 2353 * Move to the next message in the transmit list 2354 * if we are done with all the chunks from the current 2355 * message. Note, it is possible to hit the end of the 2356 * transmit list here, i.e. if we have already completed 2357 * processing the gap block. 2358 */ 2359 mp = mp->b_next; 2360 if (mp == NULL) { 2361 ump = ump->b_next; 2362 if (ump == NULL) { 2363 ASSERT(xtsn == gapend); 2364 break; 2365 } 2366 mp = ump->b_cont; 2367 } 2368 /* 2369 * Likewise, we can hit an unsent chunk once we have 2370 * completed processing the gap block. 2371 */ 2372 if (!SCTP_CHUNK_ISSENT(mp)) { 2373 ASSERT(xtsn == gapend); 2374 break; 2375 } 2376 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2377 xtsn = ntohl(sdc->sdh_tsn); 2378 } 2379 /* 2380 * We keep track of the last gap we successfully processed 2381 * so that we can terminate the walk below for incrementing 2382 * the SACK count. 2383 */ 2384 if (SEQ_LT(gstart, gapstart)) 2385 gstart = gapstart; 2386 } 2387 /* 2388 * Check if have incremented the SACK count for all unacked TSNs in 2389 * sctp_got_sack(), if so we are done. 2390 */ 2391 if (SEQ_LEQ(gstart, fr_xtsn)) 2392 return (acked); 2393 2394 ump = umphead; 2395 mp = mphead; 2396 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2397 xtsn = ntohl(sdc->sdh_tsn); 2398 while (SEQ_LT(xtsn, gstart)) { 2399 /* 2400 * We have incremented SACK count for TSNs less than fr_tsn 2401 * in sctp_got_sack(), so don't increment them again here. 2402 */ 2403 if (SEQ_GT(xtsn, fr_xtsn) && !SCTP_CHUNK_ISACKED(mp)) { 2404 SCTP_CHUNK_SET_SACKCNT(mp, SCTP_CHUNK_SACKCNT(mp) + 1); 2405 if (SCTP_CHUNK_SACKCNT(mp) == 2406 sctps->sctps_fast_rxt_thresh) { 2407 SCTP_CHUNK_REXMIT(mp); 2408 sctp->sctp_chk_fast_rexmit = B_TRUE; 2409 *trysend = 1; 2410 if (!*fast_recovery) { 2411 /* 2412 * Entering fast recovery. 2413 */ 2414 fp = SCTP_CHUNK_DEST(mp); 2415 fp->ssthresh = fp->cwnd / 2; 2416 if (fp->ssthresh < 2 * fp->sfa_pmss) { 2417 fp->ssthresh = 2418 2 * fp->sfa_pmss; 2419 } 2420 fp->cwnd = fp->ssthresh; 2421 fp->pba = 0; 2422 sctp->sctp_recovery_tsn = 2423 sctp->sctp_ltsn - 1; 2424 *fast_recovery = B_TRUE; 2425 } 2426 } 2427 } 2428 mp = mp->b_next; 2429 if (mp == NULL) { 2430 ump = ump->b_next; 2431 /* We can't get to the end of the transmit list here */ 2432 ASSERT(ump != NULL); 2433 mp = ump->b_cont; 2434 } 2435 /* We can't hit an unsent chunk here */ 2436 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2437 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2438 xtsn = ntohl(sdc->sdh_tsn); 2439 } 2440 return (acked); 2441 } 2442 2443 static int 2444 sctp_got_sack(sctp_t *sctp, sctp_chunk_hdr_t *sch) 2445 { 2446 sctp_sack_chunk_t *sc; 2447 sctp_data_hdr_t *sdc; 2448 sctp_sack_frag_t *ssf; 2449 mblk_t *ump; 2450 mblk_t *mp; 2451 mblk_t *mp1; 2452 uint32_t cumtsn; 2453 uint32_t xtsn; 2454 uint32_t gapstart = 0; 2455 uint32_t gapend = 0; 2456 uint32_t acked = 0; 2457 uint16_t chunklen; 2458 sctp_faddr_t *fp; 2459 int num_gaps; 2460 int trysend = 0; 2461 int i; 2462 boolean_t fast_recovery = B_FALSE; 2463 boolean_t cumack_forward = B_FALSE; 2464 boolean_t fwd_tsn = B_FALSE; 2465 sctp_stack_t *sctps = sctp->sctp_sctps; 2466 2467 BUMP_LOCAL(sctp->sctp_ibchunks); 2468 chunklen = ntohs(sch->sch_len); 2469 if (chunklen < (sizeof (*sch) + sizeof (*sc))) 2470 return (0); 2471 2472 sc = (sctp_sack_chunk_t *)(sch + 1); 2473 cumtsn = ntohl(sc->ssc_cumtsn); 2474 2475 dprint(2, ("got sack cumtsn %x -> %x\n", sctp->sctp_lastack_rxd, 2476 cumtsn)); 2477 2478 /* out of order */ 2479 if (SEQ_LT(cumtsn, sctp->sctp_lastack_rxd)) 2480 return (0); 2481 2482 if (SEQ_GT(cumtsn, sctp->sctp_ltsn - 1)) { 2483 BUMP_MIB(&sctps->sctps_mib, sctpInAckUnsent); 2484 /* Send an ABORT */ 2485 return (-1); 2486 } 2487 2488 /* 2489 * Cwnd only done when not in fast recovery mode. 2490 */ 2491 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_recovery_tsn)) 2492 fast_recovery = B_TRUE; 2493 2494 /* 2495 * .. and if the cum TSN is not moving ahead on account Forward TSN 2496 */ 2497 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_adv_pap)) 2498 fwd_tsn = B_TRUE; 2499 2500 if (cumtsn == sctp->sctp_lastack_rxd && 2501 (sctp->sctp_xmit_unacked == NULL || 2502 !SCTP_CHUNK_ABANDONED(sctp->sctp_xmit_unacked))) { 2503 if (sctp->sctp_xmit_unacked != NULL) 2504 mp = sctp->sctp_xmit_unacked; 2505 else if (sctp->sctp_xmit_head != NULL) 2506 mp = sctp->sctp_xmit_head->b_cont; 2507 else 2508 mp = NULL; 2509 BUMP_MIB(&sctps->sctps_mib, sctpInDupAck); 2510 /* 2511 * If we were doing a zero win probe and the win 2512 * has now opened to at least MSS, re-transmit the 2513 * zero win probe via sctp_rexmit_packet(). 2514 */ 2515 if (mp != NULL && sctp->sctp_zero_win_probe && 2516 ntohl(sc->ssc_a_rwnd) >= sctp->sctp_current->sfa_pmss) { 2517 mblk_t *pkt; 2518 uint_t pkt_len; 2519 mblk_t *mp1 = mp; 2520 mblk_t *meta = sctp->sctp_xmit_head; 2521 2522 /* 2523 * Reset the RTO since we have been backing-off 2524 * to send the ZWP. 2525 */ 2526 fp = sctp->sctp_current; 2527 fp->rto = fp->srtt + 4 * fp->rttvar; 2528 /* Resend the ZWP */ 2529 pkt = sctp_rexmit_packet(sctp, &meta, &mp1, fp, 2530 &pkt_len); 2531 if (pkt == NULL) { 2532 SCTP_KSTAT(sctps, sctp_ss_rexmit_failed); 2533 return (0); 2534 } 2535 ASSERT(pkt_len <= fp->sfa_pmss); 2536 sctp->sctp_zero_win_probe = B_FALSE; 2537 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn; 2538 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn; 2539 sctp_set_iplen(sctp, pkt); 2540 sctp_add_sendq(sctp, pkt); 2541 } 2542 } else { 2543 if (sctp->sctp_zero_win_probe) { 2544 /* 2545 * Reset the RTO since we have been backing-off 2546 * to send the ZWP. 2547 */ 2548 fp = sctp->sctp_current; 2549 fp->rto = fp->srtt + 4 * fp->rttvar; 2550 sctp->sctp_zero_win_probe = B_FALSE; 2551 /* This is probably not required */ 2552 if (!sctp->sctp_rexmitting) { 2553 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn; 2554 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn; 2555 } 2556 } 2557 acked = sctp_cumack(sctp, cumtsn, &mp); 2558 sctp->sctp_xmit_unacked = mp; 2559 if (acked > 0) { 2560 trysend = 1; 2561 cumack_forward = B_TRUE; 2562 if (fwd_tsn && SEQ_GEQ(sctp->sctp_lastack_rxd, 2563 sctp->sctp_adv_pap)) { 2564 cumack_forward = B_FALSE; 2565 } 2566 } 2567 } 2568 num_gaps = ntohs(sc->ssc_numfrags); 2569 if (num_gaps == 0 || mp == NULL || !SCTP_CHUNK_ISSENT(mp) || 2570 chunklen < (sizeof (*sch) + sizeof (*sc) + 2571 num_gaps * sizeof (*ssf))) { 2572 goto ret; 2573 } 2574 #ifdef DEBUG 2575 /* 2576 * Since we delete any message that has been acked completely, 2577 * the unacked chunk must belong to sctp_xmit_head (as 2578 * we don't have a back pointer from the mp to the meta data 2579 * we do this). 2580 */ 2581 { 2582 mblk_t *mp2 = sctp->sctp_xmit_head->b_cont; 2583 2584 while (mp2 != NULL) { 2585 if (mp2 == mp) 2586 break; 2587 mp2 = mp2->b_next; 2588 } 2589 ASSERT(mp2 != NULL); 2590 } 2591 #endif 2592 ump = sctp->sctp_xmit_head; 2593 2594 /* 2595 * Just remember where we started from, in case we need to call 2596 * sctp_process_uo_gaps() if the gap blocks are unordered. 2597 */ 2598 mp1 = mp; 2599 2600 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2601 xtsn = ntohl(sdc->sdh_tsn); 2602 ASSERT(xtsn == cumtsn + 1); 2603 2604 /* 2605 * Go through SACK gaps. They are ordered based on start TSN. 2606 */ 2607 ssf = (sctp_sack_frag_t *)(sc + 1); 2608 for (i = 0; i < num_gaps; i++, ssf++) { 2609 if (gapstart != 0) { 2610 /* check for unordered gap */ 2611 if (SEQ_LEQ(cumtsn + ntohs(ssf->ssf_start), gapstart)) { 2612 acked += sctp_process_uo_gaps(sctp, 2613 cumtsn, ssf, num_gaps - i, 2614 sctp->sctp_xmit_head, mp1, 2615 &trysend, &fast_recovery, gapstart); 2616 if (trysend < 0) { 2617 BUMP_MIB(&sctps->sctps_mib, 2618 sctpInAckUnsent); 2619 return (-1); 2620 } 2621 break; 2622 } 2623 } 2624 gapstart = cumtsn + ntohs(ssf->ssf_start); 2625 gapend = cumtsn + ntohs(ssf->ssf_end); 2626 2627 /* SACK for TSN we have not sent - ABORT */ 2628 if (SEQ_GT(gapstart, sctp->sctp_ltsn - 1) || 2629 SEQ_GT(gapend, sctp->sctp_ltsn - 1)) { 2630 BUMP_MIB(&sctps->sctps_mib, sctpInAckUnsent); 2631 return (-1); 2632 } else if (SEQ_LT(gapend, gapstart)) { 2633 break; 2634 } 2635 /* 2636 * Let's start at the current TSN (for the 1st gap we start 2637 * from the cumulative TSN, for subsequent ones we start from 2638 * where the previous gapend was found - second while loop 2639 * below) and walk the transmit list till we find the TSN 2640 * corresponding to gapstart. All the unacked chunks till we 2641 * get to the chunk with TSN == gapstart will have their 2642 * SACKCNT incremented by 1. Note since the gap blocks are 2643 * ordered, we won't be incrementing the SACKCNT for an 2644 * unacked chunk by more than one while processing the gap 2645 * blocks. If the SACKCNT for any unacked chunk exceeds 2646 * the fast retransmit threshold, we will fast retransmit 2647 * after processing all the gap blocks. 2648 */ 2649 ASSERT(SEQ_LT(xtsn, gapstart)); 2650 while (xtsn != gapstart) { 2651 SCTP_CHUNK_SET_SACKCNT(mp, SCTP_CHUNK_SACKCNT(mp) + 1); 2652 if (SCTP_CHUNK_SACKCNT(mp) == 2653 sctps->sctps_fast_rxt_thresh) { 2654 SCTP_CHUNK_REXMIT(mp); 2655 sctp->sctp_chk_fast_rexmit = B_TRUE; 2656 trysend = 1; 2657 if (!fast_recovery) { 2658 /* 2659 * Entering fast recovery. 2660 */ 2661 fp = SCTP_CHUNK_DEST(mp); 2662 fp->ssthresh = fp->cwnd / 2; 2663 if (fp->ssthresh < 2 * fp->sfa_pmss) { 2664 fp->ssthresh = 2665 2 * fp->sfa_pmss; 2666 } 2667 fp->cwnd = fp->ssthresh; 2668 fp->pba = 0; 2669 sctp->sctp_recovery_tsn = 2670 sctp->sctp_ltsn - 1; 2671 fast_recovery = B_TRUE; 2672 } 2673 } 2674 2675 /* 2676 * Peer may have reneged on this chunk, so un-sack 2677 * it now. If the peer did renege, we need to 2678 * readjust unacked. 2679 */ 2680 if (SCTP_CHUNK_ISACKED(mp)) { 2681 chunklen = ntohs(sdc->sdh_len); 2682 fp = SCTP_CHUNK_DEST(mp); 2683 fp->suna += chunklen; 2684 sctp->sctp_unacked += chunklen - sizeof (*sdc); 2685 SCTP_CHUNK_CLEAR_ACKED(mp); 2686 if (!fp->timer_running) { 2687 SCTP_FADDR_TIMER_RESTART(sctp, fp, 2688 fp->rto); 2689 } 2690 } 2691 2692 mp = mp->b_next; 2693 if (mp == NULL) { 2694 ump = ump->b_next; 2695 /* 2696 * ump can't be NULL given the sanity check 2697 * above. 2698 */ 2699 ASSERT(ump != NULL); 2700 mp = ump->b_cont; 2701 } 2702 /* 2703 * mp can't be unsent given the sanity check above. 2704 */ 2705 ASSERT(SCTP_CHUNK_ISSENT(mp)); 2706 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2707 xtsn = ntohl(sdc->sdh_tsn); 2708 } 2709 /* 2710 * Now that we have found the chunk with TSN == 'gapstart', 2711 * let's walk till we hit the chunk with TSN == 'gapend'. 2712 * All intermediate chunks will be marked ACKED, if they 2713 * haven't already been. 2714 */ 2715 while (SEQ_LEQ(xtsn, gapend)) { 2716 /* 2717 * SACKed 2718 */ 2719 SCTP_CHUNK_SET_SACKCNT(mp, 0); 2720 if (!SCTP_CHUNK_ISACKED(mp)) { 2721 SCTP_CHUNK_ACKED(mp); 2722 2723 fp = SCTP_CHUNK_DEST(mp); 2724 chunklen = ntohs(sdc->sdh_len); 2725 ASSERT(fp->suna >= chunklen); 2726 fp->suna -= chunklen; 2727 if (fp->suna == 0) { 2728 /* All outstanding data acked. */ 2729 fp->pba = 0; 2730 SCTP_FADDR_TIMER_STOP(fp); 2731 } 2732 fp->acked += chunklen; 2733 acked += chunklen; 2734 sctp->sctp_unacked -= chunklen - sizeof (*sdc); 2735 ASSERT(sctp->sctp_unacked >= 0); 2736 } 2737 /* Go to the next chunk of the current message */ 2738 mp = mp->b_next; 2739 /* 2740 * Move to the next message in the transmit list 2741 * if we are done with all the chunks from the current 2742 * message. Note, it is possible to hit the end of the 2743 * transmit list here, i.e. if we have already completed 2744 * processing the gap block. 2745 * Also, note that we break here, which means we 2746 * continue processing gap blocks, if any. In case of 2747 * ordered gap blocks there can't be any following 2748 * this (if there is it will fail the sanity check 2749 * above). In case of un-ordered gap blocks we will 2750 * switch to sctp_process_uo_gaps(). In either case 2751 * it should be fine to continue with NULL ump/mp, 2752 * but we just reset it to xmit_head. 2753 */ 2754 if (mp == NULL) { 2755 ump = ump->b_next; 2756 if (ump == NULL) { 2757 ASSERT(xtsn == gapend); 2758 ump = sctp->sctp_xmit_head; 2759 mp = mp1; 2760 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2761 xtsn = ntohl(sdc->sdh_tsn); 2762 break; 2763 } 2764 mp = ump->b_cont; 2765 } 2766 /* 2767 * Likewise, we could hit an unsent chunk once we have 2768 * completed processing the gap block. Again, it is 2769 * fine to continue processing gap blocks with mp 2770 * pointing to the unsent chunk, because if there 2771 * are more ordered gap blocks, they will fail the 2772 * sanity check, and if there are un-ordered gap blocks, 2773 * we will continue processing in sctp_process_uo_gaps() 2774 * We just reset the mp to the one we started with. 2775 */ 2776 if (!SCTP_CHUNK_ISSENT(mp)) { 2777 ASSERT(xtsn == gapend); 2778 ump = sctp->sctp_xmit_head; 2779 mp = mp1; 2780 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2781 xtsn = ntohl(sdc->sdh_tsn); 2782 break; 2783 } 2784 sdc = (sctp_data_hdr_t *)mp->b_rptr; 2785 xtsn = ntohl(sdc->sdh_tsn); 2786 } 2787 } 2788 if (sctp->sctp_prsctp_aware) 2789 sctp_check_abandoned_data(sctp, sctp->sctp_current); 2790 if (sctp->sctp_chk_fast_rexmit) 2791 sctp_fast_rexmit(sctp); 2792 ret: 2793 trysend += sctp_set_frwnd(sctp, ntohl(sc->ssc_a_rwnd)); 2794 2795 /* 2796 * If receive window is closed while there is unsent data, 2797 * set a timer for doing zero window probes. 2798 */ 2799 if (sctp->sctp_frwnd == 0 && sctp->sctp_unacked == 0 && 2800 sctp->sctp_unsent != 0) { 2801 SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current, 2802 sctp->sctp_current->rto); 2803 } 2804 2805 /* 2806 * Set cwnd for all destinations. 2807 * Congestion window gets increased only when cumulative 2808 * TSN moves forward, we're not in fast recovery, and 2809 * cwnd has been fully utilized (almost fully, need to allow 2810 * some leeway due to non-MSS sized messages). 2811 */ 2812 if (sctp->sctp_current->acked == acked) { 2813 /* 2814 * Fast-path, only data sent to sctp_current got acked. 2815 */ 2816 fp = sctp->sctp_current; 2817 if (cumack_forward && !fast_recovery && 2818 (fp->acked + fp->suna > fp->cwnd - fp->sfa_pmss)) { 2819 if (fp->cwnd < fp->ssthresh) { 2820 /* 2821 * Slow start 2822 */ 2823 if (fp->acked > fp->sfa_pmss) { 2824 fp->cwnd += fp->sfa_pmss; 2825 } else { 2826 fp->cwnd += fp->acked; 2827 } 2828 fp->cwnd = MIN(fp->cwnd, sctp->sctp_cwnd_max); 2829 } else { 2830 /* 2831 * Congestion avoidance 2832 */ 2833 fp->pba += fp->acked; 2834 if (fp->pba >= fp->cwnd) { 2835 fp->pba -= fp->cwnd; 2836 fp->cwnd += fp->sfa_pmss; 2837 fp->cwnd = MIN(fp->cwnd, 2838 sctp->sctp_cwnd_max); 2839 } 2840 } 2841 } 2842 /* 2843 * Limit the burst of transmitted data segments. 2844 */ 2845 if (fp->suna + sctps->sctps_maxburst * fp->sfa_pmss < 2846 fp->cwnd) { 2847 fp->cwnd = fp->suna + sctps->sctps_maxburst * 2848 fp->sfa_pmss; 2849 } 2850 fp->acked = 0; 2851 goto check_ss_rxmit; 2852 } 2853 for (fp = sctp->sctp_faddrs; fp != NULL; fp = fp->next) { 2854 if (cumack_forward && fp->acked && !fast_recovery && 2855 (fp->acked + fp->suna > fp->cwnd - fp->sfa_pmss)) { 2856 if (fp->cwnd < fp->ssthresh) { 2857 if (fp->acked > fp->sfa_pmss) { 2858 fp->cwnd += fp->sfa_pmss; 2859 } else { 2860 fp->cwnd += fp->acked; 2861 } 2862 fp->cwnd = MIN(fp->cwnd, sctp->sctp_cwnd_max); 2863 } else { 2864 fp->pba += fp->acked; 2865 if (fp->pba >= fp->cwnd) { 2866 fp->pba -= fp->cwnd; 2867 fp->cwnd += fp->sfa_pmss; 2868 fp->cwnd = MIN(fp->cwnd, 2869 sctp->sctp_cwnd_max); 2870 } 2871 } 2872 } 2873 if (fp->suna + sctps->sctps_maxburst * fp->sfa_pmss < 2874 fp->cwnd) { 2875 fp->cwnd = fp->suna + sctps->sctps_maxburst * 2876 fp->sfa_pmss; 2877 } 2878 fp->acked = 0; 2879 } 2880 check_ss_rxmit: 2881 /* 2882 * If this is a SACK following a timeout, check if there are 2883 * still unacked chunks (sent before the timeout) that we can 2884 * send. 2885 */ 2886 if (sctp->sctp_rexmitting) { 2887 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_rxt_maxtsn)) { 2888 /* 2889 * As we are in retransmission phase, we may get a 2890 * SACK which indicates some new chunks are received 2891 * but cum_tsn does not advance. During this 2892 * phase, the other side advances cum_tsn only because 2893 * it receives our retransmitted chunks. Only 2894 * this signals that some chunks are still 2895 * missing. 2896 */ 2897 if (cumack_forward) { 2898 fp->rxt_unacked -= acked; 2899 sctp_ss_rexmit(sctp); 2900 } 2901 } else { 2902 sctp->sctp_rexmitting = B_FALSE; 2903 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn; 2904 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn; 2905 fp->rxt_unacked = 0; 2906 } 2907 } 2908 return (trysend); 2909 } 2910 2911 /* 2912 * Returns 0 if the caller should stop processing any more chunks, 2913 * 1 if the caller should skip this chunk and continue processing. 2914 */ 2915 static int 2916 sctp_strange_chunk(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp) 2917 { 2918 mblk_t *errmp; 2919 size_t len; 2920 2921 BUMP_LOCAL(sctp->sctp_ibchunks); 2922 /* check top two bits for action required */ 2923 if (ch->sch_id & 0x40) { /* also matches 0xc0 */ 2924 len = ntohs(ch->sch_len); 2925 errmp = sctp_make_err(sctp, SCTP_ERR_UNREC_CHUNK, ch, len); 2926 if (errmp != NULL) 2927 sctp_send_err(sctp, errmp, fp); 2928 if ((ch->sch_id & 0xc0) == 0xc0) { 2929 /* skip and continue */ 2930 return (1); 2931 } else { 2932 /* stop processing */ 2933 return (0); 2934 } 2935 } 2936 if (ch->sch_id & 0x80) { 2937 /* skip and continue, no error */ 2938 return (1); 2939 } 2940 /* top two bits are clear; stop processing and no error */ 2941 return (0); 2942 } 2943 2944 /* 2945 * Basic sanity checks on all input chunks and parameters: they must 2946 * be of legitimate size for their purported type, and must follow 2947 * ordering conventions as defined in rfc2960. 2948 * 2949 * Returns 1 if the chunk and all encloded params are legitimate, 2950 * 0 otherwise. 2951 */ 2952 /*ARGSUSED*/ 2953 static int 2954 sctp_check_input(sctp_t *sctp, sctp_chunk_hdr_t *ch, ssize_t len, int first) 2955 { 2956 sctp_parm_hdr_t *ph; 2957 void *p = NULL; 2958 ssize_t clen; 2959 uint16_t ch_len; 2960 2961 ch_len = ntohs(ch->sch_len); 2962 if (ch_len > len) { 2963 return (0); 2964 } 2965 2966 switch (ch->sch_id) { 2967 case CHUNK_DATA: 2968 if (ch_len < sizeof (sctp_data_hdr_t)) { 2969 return (0); 2970 } 2971 return (1); 2972 case CHUNK_INIT: 2973 case CHUNK_INIT_ACK: 2974 { 2975 ssize_t remlen = len; 2976 2977 /* 2978 * INIT and INIT-ACK chunks must not be bundled with 2979 * any other. 2980 */ 2981 if (!first || sctp_next_chunk(ch, &remlen) != NULL || 2982 (ch_len < (sizeof (*ch) + 2983 sizeof (sctp_init_chunk_t)))) { 2984 return (0); 2985 } 2986 /* may have params that need checking */ 2987 p = (char *)(ch + 1) + sizeof (sctp_init_chunk_t); 2988 clen = ch_len - (sizeof (*ch) + 2989 sizeof (sctp_init_chunk_t)); 2990 } 2991 break; 2992 case CHUNK_SACK: 2993 if (ch_len < (sizeof (*ch) + sizeof (sctp_sack_chunk_t))) { 2994 return (0); 2995 } 2996 /* dup and gap reports checked by got_sack() */ 2997 return (1); 2998 case CHUNK_SHUTDOWN: 2999 if (ch_len < (sizeof (*ch) + sizeof (uint32_t))) { 3000 return (0); 3001 } 3002 return (1); 3003 case CHUNK_ABORT: 3004 case CHUNK_ERROR: 3005 if (ch_len < sizeof (*ch)) { 3006 return (0); 3007 } 3008 /* may have params that need checking */ 3009 p = ch + 1; 3010 clen = ch_len - sizeof (*ch); 3011 break; 3012 case CHUNK_ECNE: 3013 case CHUNK_CWR: 3014 case CHUNK_HEARTBEAT: 3015 case CHUNK_HEARTBEAT_ACK: 3016 /* Full ASCONF chunk and parameter checks are in asconf.c */ 3017 case CHUNK_ASCONF: 3018 case CHUNK_ASCONF_ACK: 3019 if (ch_len < sizeof (*ch)) { 3020 return (0); 3021 } 3022 /* heartbeat data checked by process_heartbeat() */ 3023 return (1); 3024 case CHUNK_SHUTDOWN_COMPLETE: 3025 { 3026 ssize_t remlen = len; 3027 3028 /* 3029 * SHUTDOWN-COMPLETE chunk must not be bundled with any 3030 * other 3031 */ 3032 if (!first || sctp_next_chunk(ch, &remlen) != NULL || 3033 ch_len < sizeof (*ch)) { 3034 return (0); 3035 } 3036 } 3037 return (1); 3038 case CHUNK_COOKIE: 3039 case CHUNK_COOKIE_ACK: 3040 case CHUNK_SHUTDOWN_ACK: 3041 if (ch_len < sizeof (*ch) || !first) { 3042 return (0); 3043 } 3044 return (1); 3045 case CHUNK_FORWARD_TSN: 3046 if (ch_len < (sizeof (*ch) + sizeof (uint32_t))) 3047 return (0); 3048 return (1); 3049 default: 3050 return (1); /* handled by strange_chunk() */ 3051 } 3052 3053 /* check and byteorder parameters */ 3054 if (clen <= 0) { 3055 return (1); 3056 } 3057 ASSERT(p != NULL); 3058 3059 ph = p; 3060 while (ph != NULL && clen > 0) { 3061 ch_len = ntohs(ph->sph_len); 3062 if (ch_len > len || ch_len < sizeof (*ph)) { 3063 return (0); 3064 } 3065 ph = sctp_next_parm(ph, &clen); 3066 } 3067 3068 /* All OK */ 3069 return (1); 3070 } 3071 3072 /* ARGSUSED */ 3073 static sctp_hdr_t * 3074 find_sctp_hdrs(mblk_t *mp, in6_addr_t *src, in6_addr_t *dst, 3075 uint_t *ifindex, uint_t *ip_hdr_len, ip6_pkt_t *ipp, ip_pktinfo_t *pinfo) 3076 { 3077 uchar_t *rptr; 3078 ipha_t *ip4h; 3079 ip6_t *ip6h; 3080 mblk_t *mp1; 3081 3082 rptr = mp->b_rptr; 3083 if (IPH_HDR_VERSION(rptr) == IPV4_VERSION) { 3084 *ip_hdr_len = IPH_HDR_LENGTH(rptr); 3085 ip4h = (ipha_t *)rptr; 3086 IN6_IPADDR_TO_V4MAPPED(ip4h->ipha_src, src); 3087 IN6_IPADDR_TO_V4MAPPED(ip4h->ipha_dst, dst); 3088 3089 ipp->ipp_fields |= IPPF_HOPLIMIT; 3090 ipp->ipp_hoplimit = ((ipha_t *)rptr)->ipha_ttl; 3091 if (pinfo != NULL && (pinfo->ip_pkt_flags & IPF_RECVIF)) { 3092 ipp->ipp_fields |= IPPF_IFINDEX; 3093 ipp->ipp_ifindex = pinfo->ip_pkt_ifindex; 3094 } 3095 } else { 3096 ASSERT(IPH_HDR_VERSION(rptr) == IPV6_VERSION); 3097 ip6h = (ip6_t *)rptr; 3098 ipp->ipp_fields = IPPF_HOPLIMIT; 3099 ipp->ipp_hoplimit = ip6h->ip6_hops; 3100 3101 if (ip6h->ip6_nxt != IPPROTO_SCTP) { 3102 /* Look for ifindex information */ 3103 if (ip6h->ip6_nxt == IPPROTO_RAW) { 3104 ip6i_t *ip6i = (ip6i_t *)ip6h; 3105 3106 if (ip6i->ip6i_flags & IP6I_IFINDEX) { 3107 ASSERT(ip6i->ip6i_ifindex != 0); 3108 ipp->ipp_fields |= IPPF_IFINDEX; 3109 ipp->ipp_ifindex = ip6i->ip6i_ifindex; 3110 } 3111 rptr = (uchar_t *)&ip6i[1]; 3112 mp->b_rptr = rptr; 3113 if (rptr == mp->b_wptr) { 3114 mp1 = mp->b_cont; 3115 freeb(mp); 3116 mp = mp1; 3117 rptr = mp->b_rptr; 3118 } 3119 ASSERT(mp->b_wptr - rptr >= 3120 IPV6_HDR_LEN + sizeof (sctp_hdr_t)); 3121 ip6h = (ip6_t *)rptr; 3122 } 3123 /* 3124 * Find any potentially interesting extension headers 3125 * as well as the length of the IPv6 + extension 3126 * headers. 3127 */ 3128 *ip_hdr_len = ip_find_hdr_v6(mp, ip6h, ipp, NULL); 3129 } else { 3130 *ip_hdr_len = IPV6_HDR_LEN; 3131 } 3132 *src = ip6h->ip6_src; 3133 *dst = ip6h->ip6_dst; 3134 } 3135 ASSERT((uintptr_t)(mp->b_wptr - rptr) <= (uintptr_t)INT_MAX); 3136 return ((sctp_hdr_t *)&rptr[*ip_hdr_len]); 3137 #undef IPVER 3138 } 3139 3140 static mblk_t * 3141 sctp_check_in_policy(mblk_t *mp, mblk_t *ipsec_mp) 3142 { 3143 ipsec_in_t *ii; 3144 boolean_t check = B_TRUE; 3145 boolean_t policy_present; 3146 ipha_t *ipha; 3147 ip6_t *ip6h; 3148 netstack_t *ns; 3149 ipsec_stack_t *ipss; 3150 3151 ii = (ipsec_in_t *)ipsec_mp->b_rptr; 3152 ASSERT(ii->ipsec_in_type == IPSEC_IN); 3153 ns = ii->ipsec_in_ns; 3154 ipss = ns->netstack_ipsec; 3155 3156 if (ii->ipsec_in_dont_check) { 3157 check = B_FALSE; 3158 if (!ii->ipsec_in_secure) { 3159 freeb(ipsec_mp); 3160 ipsec_mp = NULL; 3161 } 3162 } 3163 if (IPH_HDR_VERSION(mp->b_rptr) == IPV4_VERSION) { 3164 policy_present = ipss->ipsec_inbound_v4_policy_present; 3165 ipha = (ipha_t *)mp->b_rptr; 3166 ip6h = NULL; 3167 } else { 3168 policy_present = ipss->ipsec_inbound_v6_policy_present; 3169 ipha = NULL; 3170 ip6h = (ip6_t *)mp->b_rptr; 3171 } 3172 3173 if (check && policy_present) { 3174 /* 3175 * The conn_t parameter is NULL because we already know 3176 * nobody's home. 3177 */ 3178 ipsec_mp = ipsec_check_global_policy(ipsec_mp, (conn_t *)NULL, 3179 ipha, ip6h, B_TRUE, ns); 3180 if (ipsec_mp == NULL) 3181 return (NULL); 3182 } 3183 if (ipsec_mp != NULL) 3184 freeb(ipsec_mp); 3185 return (mp); 3186 } 3187 3188 /* Handle out-of-the-blue packets */ 3189 void 3190 sctp_ootb_input(mblk_t *mp, ill_t *recv_ill, zoneid_t zoneid, 3191 boolean_t mctl_present) 3192 { 3193 sctp_t *sctp; 3194 sctp_chunk_hdr_t *ch; 3195 sctp_hdr_t *sctph; 3196 in6_addr_t src, dst; 3197 uint_t ip_hdr_len; 3198 uint_t ifindex; 3199 ip6_pkt_t ipp; 3200 ssize_t mlen; 3201 ip_pktinfo_t *pinfo = NULL; 3202 mblk_t *first_mp; 3203 sctp_stack_t *sctps; 3204 ip_stack_t *ipst; 3205 3206 ASSERT(recv_ill != NULL); 3207 ipst = recv_ill->ill_ipst; 3208 sctps = ipst->ips_netstack->netstack_sctp; 3209 3210 BUMP_MIB(&sctps->sctps_mib, sctpOutOfBlue); 3211 BUMP_MIB(&sctps->sctps_mib, sctpInSCTPPkts); 3212 3213 if (sctps->sctps_gsctp == NULL) { 3214 /* 3215 * For non-zero stackids the default queue isn't created 3216 * until the first open, thus there can be a need to send 3217 * an error before then. But we can't do that, hence we just 3218 * drop the packet. Later during boot, when the default queue 3219 * has been setup, a retransmitted packet from the peer 3220 * will result in a error. 3221 */ 3222 ASSERT(sctps->sctps_netstack->netstack_stackid != 3223 GLOBAL_NETSTACKID); 3224 freemsg(mp); 3225 return; 3226 } 3227 3228 first_mp = mp; 3229 if (mctl_present) 3230 mp = mp->b_cont; 3231 3232 /* Initiate IPPf processing, if needed. */ 3233 if (IPP_ENABLED(IPP_LOCAL_IN, ipst)) { 3234 ip_process(IPP_LOCAL_IN, &mp, 3235 recv_ill->ill_phyint->phyint_ifindex); 3236 if (mp == NULL) { 3237 if (mctl_present) 3238 freeb(first_mp); 3239 return; 3240 } 3241 } 3242 3243 if (mp->b_cont != NULL) { 3244 /* 3245 * All subsequent code is vastly simplified if it can 3246 * assume a single contiguous chunk of data. 3247 */ 3248 if (pullupmsg(mp, -1) == 0) { 3249 BUMP_MIB(recv_ill->ill_ip_mib, ipIfStatsInDiscards); 3250 freemsg(first_mp); 3251 return; 3252 } 3253 } 3254 3255 /* 3256 * We don't really need to call this function... Need to 3257 * optimize later. 3258 */ 3259 sctph = find_sctp_hdrs(mp, &src, &dst, &ifindex, &ip_hdr_len, 3260 &ipp, pinfo); 3261 mlen = mp->b_wptr - (uchar_t *)(sctph + 1); 3262 if ((ch = sctp_first_chunk((uchar_t *)(sctph + 1), mlen)) == NULL) { 3263 dprint(3, ("sctp_ootb_input: invalid packet\n")); 3264 BUMP_MIB(recv_ill->ill_ip_mib, ipIfStatsInDiscards); 3265 freemsg(first_mp); 3266 return; 3267 } 3268 3269 switch (ch->sch_id) { 3270 case CHUNK_INIT: 3271 /* no listener; send abort */ 3272 if (mctl_present && sctp_check_in_policy(mp, first_mp) == NULL) 3273 return; 3274 sctp_send_abort(sctps->sctps_gsctp, sctp_init2vtag(ch), 0, 3275 NULL, 0, mp, 0, B_TRUE); 3276 break; 3277 case CHUNK_INIT_ACK: 3278 /* check for changed src addr */ 3279 sctp = sctp_addrlist2sctp(mp, sctph, ch, zoneid, sctps); 3280 if (sctp != NULL) { 3281 /* success; proceed to normal path */ 3282 mutex_enter(&sctp->sctp_lock); 3283 if (sctp->sctp_running) { 3284 if (!sctp_add_recvq(sctp, mp, B_FALSE)) { 3285 BUMP_MIB(recv_ill->ill_ip_mib, 3286 ipIfStatsInDiscards); 3287 freemsg(mp); 3288 } 3289 mutex_exit(&sctp->sctp_lock); 3290 } else { 3291 /* 3292 * If the source address is changed, we 3293 * don't need to worry too much about 3294 * out of order processing. So we don't 3295 * check if the recvq is empty or not here. 3296 */ 3297 sctp->sctp_running = B_TRUE; 3298 mutex_exit(&sctp->sctp_lock); 3299 sctp_input_data(sctp, mp, NULL); 3300 WAKE_SCTP(sctp); 3301 sctp_process_sendq(sctp); 3302 } 3303 SCTP_REFRELE(sctp); 3304 return; 3305 } 3306 if (mctl_present) 3307 freeb(first_mp); 3308 /* else bogus init ack; drop it */ 3309 break; 3310 case CHUNK_SHUTDOWN_ACK: 3311 if (mctl_present && sctp_check_in_policy(mp, first_mp) == NULL) 3312 return; 3313 sctp_ootb_shutdown_ack(sctps->sctps_gsctp, mp, ip_hdr_len); 3314 sctp_process_sendq(sctps->sctps_gsctp); 3315 return; 3316 case CHUNK_ERROR: 3317 case CHUNK_ABORT: 3318 case CHUNK_COOKIE_ACK: 3319 case CHUNK_SHUTDOWN_COMPLETE: 3320 if (mctl_present) 3321 freeb(first_mp); 3322 break; 3323 default: 3324 if (mctl_present && sctp_check_in_policy(mp, first_mp) == NULL) 3325 return; 3326 sctp_send_abort(sctps->sctps_gsctp, sctph->sh_verf, 0, 3327 NULL, 0, mp, 0, B_TRUE); 3328 break; 3329 } 3330 sctp_process_sendq(sctps->sctps_gsctp); 3331 freemsg(mp); 3332 } 3333 3334 void 3335 sctp_input(conn_t *connp, ipha_t *ipha, mblk_t *mp, mblk_t *first_mp, 3336 ill_t *recv_ill, boolean_t isv4, boolean_t mctl_present) 3337 { 3338 sctp_t *sctp = CONN2SCTP(connp); 3339 ip_stack_t *ipst = recv_ill->ill_ipst; 3340 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec; 3341 3342 /* 3343 * We check some fields in conn_t without holding a lock. 3344 * This should be fine. 3345 */ 3346 if (CONN_INBOUND_POLICY_PRESENT(connp, ipss) || mctl_present) { 3347 first_mp = ipsec_check_inbound_policy(first_mp, connp, 3348 ipha, NULL, mctl_present); 3349 if (first_mp == NULL) { 3350 BUMP_MIB(recv_ill->ill_ip_mib, ipIfStatsInDiscards); 3351 SCTP_REFRELE(sctp); 3352 return; 3353 } 3354 } 3355 3356 /* Initiate IPPF processing for fastpath */ 3357 if (IPP_ENABLED(IPP_LOCAL_IN, ipst)) { 3358 ip_process(IPP_LOCAL_IN, &mp, 3359 recv_ill->ill_phyint->phyint_ifindex); 3360 if (mp == NULL) { 3361 SCTP_REFRELE(sctp); 3362 if (mctl_present) 3363 freeb(first_mp); 3364 return; 3365 } else if (mctl_present) { 3366 /* 3367 * ip_process might return a new mp. 3368 */ 3369 ASSERT(first_mp != mp); 3370 first_mp->b_cont = mp; 3371 } else { 3372 first_mp = mp; 3373 } 3374 } 3375 3376 if (connp->conn_recvif || connp->conn_recvslla || 3377 connp->conn_ip_recvpktinfo) { 3378 int in_flags = 0; 3379 3380 if (connp->conn_recvif || connp->conn_ip_recvpktinfo) { 3381 in_flags = IPF_RECVIF; 3382 } 3383 if (connp->conn_recvslla) { 3384 in_flags |= IPF_RECVSLLA; 3385 } 3386 if (isv4) { 3387 mp = ip_add_info(mp, recv_ill, in_flags, 3388 IPCL_ZONEID(connp), ipst); 3389 } else { 3390 mp = ip_add_info_v6(mp, recv_ill, 3391 &(((ip6_t *)ipha)->ip6_dst)); 3392 } 3393 if (mp == NULL) { 3394 BUMP_MIB(recv_ill->ill_ip_mib, ipIfStatsInDiscards); 3395 SCTP_REFRELE(sctp); 3396 if (mctl_present) 3397 freeb(first_mp); 3398 return; 3399 } else if (mctl_present) { 3400 /* 3401 * ip_add_info might return a new mp. 3402 */ 3403 ASSERT(first_mp != mp); 3404 first_mp->b_cont = mp; 3405 } else { 3406 first_mp = mp; 3407 } 3408 } 3409 3410 mutex_enter(&sctp->sctp_lock); 3411 if (sctp->sctp_running) { 3412 if (mctl_present) 3413 mp->b_prev = first_mp; 3414 if (!sctp_add_recvq(sctp, mp, B_FALSE)) { 3415 BUMP_MIB(recv_ill->ill_ip_mib, ipIfStatsInDiscards); 3416 freemsg(first_mp); 3417 } 3418 mutex_exit(&sctp->sctp_lock); 3419 SCTP_REFRELE(sctp); 3420 return; 3421 } else { 3422 sctp->sctp_running = B_TRUE; 3423 mutex_exit(&sctp->sctp_lock); 3424 3425 mutex_enter(&sctp->sctp_recvq_lock); 3426 if (sctp->sctp_recvq != NULL) { 3427 if (mctl_present) 3428 mp->b_prev = first_mp; 3429 if (!sctp_add_recvq(sctp, mp, B_TRUE)) { 3430 BUMP_MIB(recv_ill->ill_ip_mib, 3431 ipIfStatsInDiscards); 3432 freemsg(first_mp); 3433 } 3434 mutex_exit(&sctp->sctp_recvq_lock); 3435 WAKE_SCTP(sctp); 3436 SCTP_REFRELE(sctp); 3437 return; 3438 } 3439 } 3440 mutex_exit(&sctp->sctp_recvq_lock); 3441 sctp_input_data(sctp, mp, (mctl_present ? first_mp : NULL)); 3442 WAKE_SCTP(sctp); 3443 sctp_process_sendq(sctp); 3444 SCTP_REFRELE(sctp); 3445 } 3446 3447 static void 3448 sctp_process_abort(sctp_t *sctp, sctp_chunk_hdr_t *ch, int err) 3449 { 3450 sctp_stack_t *sctps = sctp->sctp_sctps; 3451 3452 BUMP_MIB(&sctps->sctps_mib, sctpAborted); 3453 BUMP_LOCAL(sctp->sctp_ibchunks); 3454 3455 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3456 ntohs(((sctp_parm_hdr_t *)(ch + 1))->sph_type), ch); 3457 sctp_clean_death(sctp, err); 3458 } 3459 3460 void 3461 sctp_input_data(sctp_t *sctp, mblk_t *mp, mblk_t *ipsec_mp) 3462 { 3463 sctp_chunk_hdr_t *ch; 3464 ssize_t mlen; 3465 int gotdata; 3466 int trysend; 3467 sctp_faddr_t *fp; 3468 sctp_init_chunk_t *iack; 3469 uint32_t tsn; 3470 sctp_data_hdr_t *sdc; 3471 ip6_pkt_t ipp; 3472 in6_addr_t src; 3473 in6_addr_t dst; 3474 uint_t ifindex; 3475 sctp_hdr_t *sctph; 3476 uint_t ip_hdr_len; 3477 mblk_t *dups = NULL; 3478 int recv_adaption; 3479 boolean_t wake_eager = B_FALSE; 3480 mblk_t *pinfo_mp; 3481 ip_pktinfo_t *pinfo = NULL; 3482 in6_addr_t peer_src; 3483 int64_t now; 3484 sctp_stack_t *sctps = sctp->sctp_sctps; 3485 ip_stack_t *ipst = sctps->sctps_netstack->netstack_ip; 3486 3487 if (DB_TYPE(mp) != M_DATA) { 3488 ASSERT(DB_TYPE(mp) == M_CTL); 3489 if (MBLKL(mp) == sizeof (ip_pktinfo_t) && 3490 ((ip_pktinfo_t *)mp->b_rptr)->ip_pkt_ulp_type == 3491 IN_PKTINFO) { 3492 pinfo = (ip_pktinfo_t *)mp->b_rptr; 3493 pinfo_mp = mp; 3494 mp = mp->b_cont; 3495 } else { 3496 if (ipsec_mp != NULL) 3497 freeb(ipsec_mp); 3498 sctp_icmp_error(sctp, mp); 3499 return; 3500 } 3501 } 3502 ASSERT(DB_TYPE(mp) == M_DATA); 3503 3504 if (mp->b_cont != NULL) { 3505 /* 3506 * All subsequent code is vastly simplified if it can 3507 * assume a single contiguous chunk of data. 3508 */ 3509 if (pullupmsg(mp, -1) == 0) { 3510 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards); 3511 if (ipsec_mp != NULL) 3512 freeb(ipsec_mp); 3513 if (pinfo != NULL) 3514 freeb(pinfo_mp); 3515 freemsg(mp); 3516 return; 3517 } 3518 } 3519 3520 BUMP_LOCAL(sctp->sctp_ipkts); 3521 sctph = find_sctp_hdrs(mp, &src, &dst, &ifindex, &ip_hdr_len, 3522 &ipp, pinfo); 3523 if (pinfo != NULL) 3524 freeb(pinfo_mp); 3525 mlen = mp->b_wptr - (uchar_t *)(sctph + 1); 3526 ch = sctp_first_chunk((uchar_t *)(sctph + 1), mlen); 3527 if (ch == NULL) { 3528 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards); 3529 if (ipsec_mp != NULL) 3530 freeb(ipsec_mp); 3531 freemsg(mp); 3532 return; 3533 } 3534 3535 if (!sctp_check_input(sctp, ch, mlen, 1)) { 3536 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards); 3537 goto done; 3538 } 3539 /* 3540 * Check verfication tag (special handling for INIT, 3541 * COOKIE, SHUTDOWN_COMPLETE and SHUTDOWN_ACK chunks). 3542 * ABORTs are handled in the chunk processing loop, since 3543 * may not appear first. All other checked chunks must 3544 * appear first, or will have been dropped by check_input(). 3545 */ 3546 switch (ch->sch_id) { 3547 case CHUNK_INIT: 3548 if (sctph->sh_verf != 0) { 3549 /* drop it */ 3550 goto done; 3551 } 3552 break; 3553 case CHUNK_SHUTDOWN_COMPLETE: 3554 if (sctph->sh_verf == sctp->sctp_lvtag) 3555 break; 3556 if (sctph->sh_verf == sctp->sctp_fvtag && 3557 SCTP_GET_TBIT(ch)) { 3558 break; 3559 } 3560 /* else drop it */ 3561 goto done; 3562 case CHUNK_ABORT: 3563 case CHUNK_COOKIE: 3564 /* handled below */ 3565 break; 3566 case CHUNK_SHUTDOWN_ACK: 3567 if (sctp->sctp_state > SCTPS_BOUND && 3568 sctp->sctp_state < SCTPS_ESTABLISHED) { 3569 /* treat as OOTB */ 3570 sctp_ootb_shutdown_ack(sctp, mp, ip_hdr_len); 3571 if (ipsec_mp != NULL) 3572 freeb(ipsec_mp); 3573 return; 3574 } 3575 /* else fallthru */ 3576 default: 3577 /* 3578 * All other packets must have a valid 3579 * verification tag, however if this is a 3580 * listener, we use a refined version of 3581 * out-of-the-blue logic. 3582 */ 3583 if (sctph->sh_verf != sctp->sctp_lvtag && 3584 sctp->sctp_state != SCTPS_LISTEN) { 3585 /* drop it */ 3586 goto done; 3587 } 3588 break; 3589 } 3590 3591 /* Have a valid sctp for this packet */ 3592 fp = sctp_lookup_faddr(sctp, &src); 3593 dprint(2, ("sctp_dispatch_rput: mp=%p fp=%p sctp=%p\n", (void *)mp, 3594 (void *)fp, (void *)sctp)); 3595 3596 gotdata = 0; 3597 trysend = 0; 3598 3599 now = lbolt64; 3600 /* Process the chunks */ 3601 do { 3602 dprint(3, ("sctp_dispatch_rput: state=%d, chunk id=%d\n", 3603 sctp->sctp_state, (int)(ch->sch_id))); 3604 3605 if (ch->sch_id == CHUNK_ABORT) { 3606 if (sctph->sh_verf != sctp->sctp_lvtag && 3607 sctph->sh_verf != sctp->sctp_fvtag) { 3608 /* drop it */ 3609 goto done; 3610 } 3611 } 3612 3613 switch (sctp->sctp_state) { 3614 3615 case SCTPS_ESTABLISHED: 3616 case SCTPS_SHUTDOWN_PENDING: 3617 case SCTPS_SHUTDOWN_SENT: 3618 switch (ch->sch_id) { 3619 case CHUNK_DATA: 3620 /* 0-length data chunks are not allowed */ 3621 if (ntohs(ch->sch_len) == sizeof (*sdc)) { 3622 sdc = (sctp_data_hdr_t *)ch; 3623 tsn = sdc->sdh_tsn; 3624 sctp_send_abort(sctp, sctp->sctp_fvtag, 3625 SCTP_ERR_NO_USR_DATA, (char *)&tsn, 3626 sizeof (tsn), mp, 0, B_FALSE); 3627 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3628 0, NULL); 3629 sctp_clean_death(sctp, ECONNABORTED); 3630 goto done; 3631 } 3632 3633 ASSERT(fp != NULL); 3634 sctp->sctp_lastdata = fp; 3635 sctp_data_chunk(sctp, ch, mp, &dups, fp, &ipp); 3636 gotdata = 1; 3637 /* Restart shutdown timer if shutting down */ 3638 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 3639 /* 3640 * If we have exceeded our max 3641 * wait bound for waiting for a 3642 * shutdown ack from the peer, 3643 * abort the association. 3644 */ 3645 if (sctps->sctps_shutack_wait_bound != 3646 0 && 3647 TICK_TO_MSEC(now - 3648 sctp->sctp_out_time) > 3649 sctps->sctps_shutack_wait_bound) { 3650 sctp_send_abort(sctp, 3651 sctp->sctp_fvtag, 0, NULL, 3652 0, mp, 0, B_FALSE); 3653 sctp_assoc_event(sctp, 3654 SCTP_COMM_LOST, 0, NULL); 3655 sctp_clean_death(sctp, 3656 ECONNABORTED); 3657 goto done; 3658 } 3659 SCTP_FADDR_TIMER_RESTART(sctp, fp, 3660 fp->rto); 3661 } 3662 break; 3663 case CHUNK_SACK: 3664 ASSERT(fp != NULL); 3665 /* 3666 * Peer is real and alive if it can ack our 3667 * data. 3668 */ 3669 sctp_faddr_alive(sctp, fp); 3670 trysend = sctp_got_sack(sctp, ch); 3671 if (trysend < 0) { 3672 sctp_send_abort(sctp, sctph->sh_verf, 3673 0, NULL, 0, mp, 0, B_FALSE); 3674 sctp_assoc_event(sctp, 3675 SCTP_COMM_LOST, 0, NULL); 3676 sctp_clean_death(sctp, 3677 ECONNABORTED); 3678 goto done; 3679 } 3680 break; 3681 case CHUNK_HEARTBEAT: 3682 sctp_return_heartbeat(sctp, ch, mp); 3683 break; 3684 case CHUNK_HEARTBEAT_ACK: 3685 sctp_process_heartbeat(sctp, ch); 3686 break; 3687 case CHUNK_SHUTDOWN: 3688 sctp_shutdown_event(sctp); 3689 trysend = sctp_shutdown_received(sctp, ch, 3690 B_FALSE, B_FALSE, fp); 3691 BUMP_LOCAL(sctp->sctp_ibchunks); 3692 break; 3693 case CHUNK_SHUTDOWN_ACK: 3694 BUMP_LOCAL(sctp->sctp_ibchunks); 3695 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) { 3696 sctp_shutdown_complete(sctp); 3697 BUMP_MIB(&sctps->sctps_mib, 3698 sctpShutdowns); 3699 sctp_assoc_event(sctp, 3700 SCTP_SHUTDOWN_COMP, 0, NULL); 3701 sctp_clean_death(sctp, 0); 3702 goto done; 3703 } 3704 break; 3705 case CHUNK_ABORT: { 3706 sctp_saddr_ipif_t *sp; 3707 3708 /* Ignore if delete pending */ 3709 sp = sctp_saddr_lookup(sctp, &dst, 0); 3710 ASSERT(sp != NULL); 3711 if (sp->saddr_ipif_delete_pending) { 3712 BUMP_LOCAL(sctp->sctp_ibchunks); 3713 break; 3714 } 3715 3716 sctp_process_abort(sctp, ch, ECONNRESET); 3717 goto done; 3718 } 3719 case CHUNK_INIT: 3720 sctp_send_initack(sctp, sctph, ch, mp); 3721 break; 3722 case CHUNK_COOKIE: 3723 if (sctp_process_cookie(sctp, ch, mp, &iack, 3724 sctph, &recv_adaption, NULL) != -1) { 3725 sctp_send_cookie_ack(sctp); 3726 sctp_assoc_event(sctp, SCTP_RESTART, 3727 0, NULL); 3728 if (recv_adaption) { 3729 sctp->sctp_recv_adaption = 1; 3730 sctp_adaption_event(sctp); 3731 } 3732 } else { 3733 BUMP_MIB(&sctps->sctps_mib, 3734 sctpInInvalidCookie); 3735 } 3736 break; 3737 case CHUNK_ERROR: { 3738 int error; 3739 3740 BUMP_LOCAL(sctp->sctp_ibchunks); 3741 error = sctp_handle_error(sctp, sctph, ch, mp); 3742 if (error != 0) { 3743 sctp_assoc_event(sctp, SCTP_COMM_LOST, 3744 0, NULL); 3745 sctp_clean_death(sctp, error); 3746 goto done; 3747 } 3748 break; 3749 } 3750 case CHUNK_ASCONF: 3751 ASSERT(fp != NULL); 3752 sctp_input_asconf(sctp, ch, fp); 3753 BUMP_LOCAL(sctp->sctp_ibchunks); 3754 break; 3755 case CHUNK_ASCONF_ACK: 3756 ASSERT(fp != NULL); 3757 sctp_faddr_alive(sctp, fp); 3758 sctp_input_asconf_ack(sctp, ch, fp); 3759 BUMP_LOCAL(sctp->sctp_ibchunks); 3760 break; 3761 case CHUNK_FORWARD_TSN: 3762 ASSERT(fp != NULL); 3763 sctp->sctp_lastdata = fp; 3764 sctp_process_forward_tsn(sctp, ch, fp, &ipp); 3765 gotdata = 1; 3766 BUMP_LOCAL(sctp->sctp_ibchunks); 3767 break; 3768 default: 3769 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 3770 goto nomorechunks; 3771 } /* else skip and continue processing */ 3772 break; 3773 } 3774 break; 3775 3776 case SCTPS_LISTEN: 3777 switch (ch->sch_id) { 3778 case CHUNK_INIT: 3779 sctp_send_initack(sctp, sctph, ch, mp); 3780 break; 3781 case CHUNK_COOKIE: { 3782 sctp_t *eager; 3783 3784 if (sctp_process_cookie(sctp, ch, mp, &iack, 3785 sctph, &recv_adaption, &peer_src) == -1) { 3786 BUMP_MIB(&sctps->sctps_mib, 3787 sctpInInvalidCookie); 3788 goto done; 3789 } 3790 3791 /* 3792 * The cookie is good; ensure that 3793 * the peer used the verification 3794 * tag from the init ack in the header. 3795 */ 3796 if (iack->sic_inittag != sctph->sh_verf) 3797 goto done; 3798 3799 eager = sctp_conn_request(sctp, mp, ifindex, 3800 ip_hdr_len, iack, ipsec_mp); 3801 if (eager == NULL) { 3802 sctp_send_abort(sctp, sctph->sh_verf, 3803 SCTP_ERR_NO_RESOURCES, NULL, 0, mp, 3804 0, B_FALSE); 3805 goto done; 3806 } 3807 3808 /* 3809 * If there were extra chunks 3810 * bundled with the cookie, 3811 * they must be processed 3812 * on the eager's queue. We 3813 * accomplish this by refeeding 3814 * the whole packet into the 3815 * state machine on the right 3816 * q. The packet (mp) gets 3817 * there via the eager's 3818 * cookie_mp field (overloaded 3819 * with the active open role). 3820 * This is picked up when 3821 * processing the null bind 3822 * request put on the eager's 3823 * q by sctp_accept(). We must 3824 * first revert the cookie 3825 * chunk's length field to network 3826 * byteorder so it can be 3827 * properly reprocessed on the 3828 * eager's queue. 3829 */ 3830 BUMP_MIB(&sctps->sctps_mib, sctpPassiveEstab); 3831 if (mlen > ntohs(ch->sch_len)) { 3832 eager->sctp_cookie_mp = dupb(mp); 3833 mblk_setcred(eager->sctp_cookie_mp, 3834 CONN_CRED(eager->sctp_connp)); 3835 /* 3836 * If no mem, just let 3837 * the peer retransmit. 3838 */ 3839 } 3840 sctp_assoc_event(eager, SCTP_COMM_UP, 0, NULL); 3841 if (recv_adaption) { 3842 eager->sctp_recv_adaption = 1; 3843 eager->sctp_rx_adaption_code = 3844 sctp->sctp_rx_adaption_code; 3845 sctp_adaption_event(eager); 3846 } 3847 3848 eager->sctp_active = now; 3849 sctp_send_cookie_ack(eager); 3850 3851 wake_eager = B_TRUE; 3852 3853 /* 3854 * Process rest of the chunks with eager. 3855 */ 3856 sctp = eager; 3857 fp = sctp_lookup_faddr(sctp, &peer_src); 3858 /* 3859 * Confirm peer's original source. fp can 3860 * only be NULL if peer does not use the 3861 * original source as one of its addresses... 3862 */ 3863 if (fp == NULL) 3864 fp = sctp_lookup_faddr(sctp, &src); 3865 else 3866 sctp_faddr_alive(sctp, fp); 3867 3868 /* 3869 * Validate the peer addresses. It also starts 3870 * the heartbeat timer. 3871 */ 3872 sctp_validate_peer(sctp); 3873 break; 3874 } 3875 /* Anything else is considered out-of-the-blue */ 3876 case CHUNK_ERROR: 3877 case CHUNK_ABORT: 3878 case CHUNK_COOKIE_ACK: 3879 case CHUNK_SHUTDOWN_COMPLETE: 3880 BUMP_LOCAL(sctp->sctp_ibchunks); 3881 goto done; 3882 default: 3883 BUMP_LOCAL(sctp->sctp_ibchunks); 3884 sctp_send_abort(sctp, sctph->sh_verf, 0, NULL, 3885 0, mp, 0, B_TRUE); 3886 goto done; 3887 } 3888 break; 3889 3890 case SCTPS_COOKIE_WAIT: 3891 switch (ch->sch_id) { 3892 case CHUNK_INIT_ACK: 3893 sctp_stop_faddr_timers(sctp); 3894 sctp_faddr_alive(sctp, sctp->sctp_current); 3895 sctp_send_cookie_echo(sctp, ch, mp); 3896 BUMP_LOCAL(sctp->sctp_ibchunks); 3897 break; 3898 case CHUNK_ABORT: 3899 sctp_process_abort(sctp, ch, ECONNREFUSED); 3900 goto done; 3901 case CHUNK_INIT: 3902 sctp_send_initack(sctp, sctph, ch, mp); 3903 break; 3904 case CHUNK_COOKIE: 3905 if (sctp_process_cookie(sctp, ch, mp, &iack, 3906 sctph, &recv_adaption, NULL) == -1) { 3907 BUMP_MIB(&sctps->sctps_mib, 3908 sctpInInvalidCookie); 3909 break; 3910 } 3911 sctp_send_cookie_ack(sctp); 3912 sctp_stop_faddr_timers(sctp); 3913 if (!SCTP_IS_DETACHED(sctp)) { 3914 sctp->sctp_ulp_connected(sctp->sctp_ulpd); 3915 sctp_set_ulp_prop(sctp); 3916 } 3917 sctp->sctp_state = SCTPS_ESTABLISHED; 3918 sctp->sctp_assoc_start_time = (uint32_t)lbolt; 3919 BUMP_MIB(&sctps->sctps_mib, sctpActiveEstab); 3920 if (sctp->sctp_cookie_mp) { 3921 freemsg(sctp->sctp_cookie_mp); 3922 sctp->sctp_cookie_mp = NULL; 3923 } 3924 3925 /* Validate the peer addresses. */ 3926 sctp->sctp_active = now; 3927 sctp_validate_peer(sctp); 3928 3929 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 3930 if (recv_adaption) { 3931 sctp->sctp_recv_adaption = 1; 3932 sctp_adaption_event(sctp); 3933 } 3934 /* Try sending queued data, or ASCONFs */ 3935 trysend = 1; 3936 break; 3937 default: 3938 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 3939 goto nomorechunks; 3940 } /* else skip and continue processing */ 3941 break; 3942 } 3943 break; 3944 3945 case SCTPS_COOKIE_ECHOED: 3946 switch (ch->sch_id) { 3947 case CHUNK_COOKIE_ACK: 3948 if (!SCTP_IS_DETACHED(sctp)) { 3949 sctp->sctp_ulp_connected(sctp->sctp_ulpd); 3950 sctp_set_ulp_prop(sctp); 3951 } 3952 if (sctp->sctp_unacked == 0) 3953 sctp_stop_faddr_timers(sctp); 3954 sctp->sctp_state = SCTPS_ESTABLISHED; 3955 sctp->sctp_assoc_start_time = (uint32_t)lbolt; 3956 BUMP_MIB(&sctps->sctps_mib, sctpActiveEstab); 3957 BUMP_LOCAL(sctp->sctp_ibchunks); 3958 if (sctp->sctp_cookie_mp) { 3959 freemsg(sctp->sctp_cookie_mp); 3960 sctp->sctp_cookie_mp = NULL; 3961 } 3962 sctp_faddr_alive(sctp, fp); 3963 /* Validate the peer addresses. */ 3964 sctp->sctp_active = now; 3965 sctp_validate_peer(sctp); 3966 3967 /* Try sending queued data, or ASCONFs */ 3968 trysend = 1; 3969 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 3970 sctp_adaption_event(sctp); 3971 break; 3972 case CHUNK_ABORT: 3973 sctp_process_abort(sctp, ch, ECONNREFUSED); 3974 goto done; 3975 case CHUNK_COOKIE: 3976 if (sctp_process_cookie(sctp, ch, mp, &iack, 3977 sctph, &recv_adaption, NULL) == -1) { 3978 BUMP_MIB(&sctps->sctps_mib, 3979 sctpInInvalidCookie); 3980 break; 3981 } 3982 sctp_send_cookie_ack(sctp); 3983 3984 if (!SCTP_IS_DETACHED(sctp)) { 3985 sctp->sctp_ulp_connected(sctp->sctp_ulpd); 3986 sctp_set_ulp_prop(sctp); 3987 } 3988 if (sctp->sctp_unacked == 0) 3989 sctp_stop_faddr_timers(sctp); 3990 sctp->sctp_state = SCTPS_ESTABLISHED; 3991 sctp->sctp_assoc_start_time = (uint32_t)lbolt; 3992 BUMP_MIB(&sctps->sctps_mib, sctpActiveEstab); 3993 if (sctp->sctp_cookie_mp) { 3994 freemsg(sctp->sctp_cookie_mp); 3995 sctp->sctp_cookie_mp = NULL; 3996 } 3997 /* Validate the peer addresses. */ 3998 sctp->sctp_active = now; 3999 sctp_validate_peer(sctp); 4000 4001 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL); 4002 if (recv_adaption) { 4003 sctp->sctp_recv_adaption = 1; 4004 sctp_adaption_event(sctp); 4005 } 4006 /* Try sending queued data, or ASCONFs */ 4007 trysend = 1; 4008 break; 4009 case CHUNK_INIT: 4010 sctp_send_initack(sctp, sctph, ch, mp); 4011 break; 4012 case CHUNK_ERROR: { 4013 sctp_parm_hdr_t *p; 4014 4015 BUMP_LOCAL(sctp->sctp_ibchunks); 4016 /* check for a stale cookie */ 4017 if (ntohs(ch->sch_len) >= 4018 (sizeof (*p) + sizeof (*ch)) + 4019 sizeof (uint32_t)) { 4020 4021 p = (sctp_parm_hdr_t *)(ch + 1); 4022 if (p->sph_type == 4023 htons(SCTP_ERR_STALE_COOKIE)) { 4024 BUMP_MIB(&sctps->sctps_mib, 4025 sctpAborted); 4026 sctp_error_event(sctp, ch); 4027 sctp_assoc_event(sctp, 4028 SCTP_COMM_LOST, 0, NULL); 4029 sctp_clean_death(sctp, 4030 ECONNREFUSED); 4031 goto done; 4032 } 4033 } 4034 break; 4035 } 4036 case CHUNK_HEARTBEAT: 4037 sctp_return_heartbeat(sctp, ch, mp); 4038 break; 4039 default: 4040 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4041 goto nomorechunks; 4042 } /* else skip and continue processing */ 4043 } /* switch (ch->sch_id) */ 4044 break; 4045 4046 case SCTPS_SHUTDOWN_ACK_SENT: 4047 switch (ch->sch_id) { 4048 case CHUNK_ABORT: 4049 /* Pass gathered wisdom to IP for keeping */ 4050 sctp_update_ire(sctp); 4051 sctp_process_abort(sctp, ch, 0); 4052 goto done; 4053 case CHUNK_SHUTDOWN_COMPLETE: 4054 BUMP_LOCAL(sctp->sctp_ibchunks); 4055 BUMP_MIB(&sctps->sctps_mib, sctpShutdowns); 4056 sctp_assoc_event(sctp, SCTP_SHUTDOWN_COMP, 0, 4057 NULL); 4058 4059 /* Pass gathered wisdom to IP for keeping */ 4060 sctp_update_ire(sctp); 4061 sctp_clean_death(sctp, 0); 4062 goto done; 4063 case CHUNK_SHUTDOWN_ACK: 4064 sctp_shutdown_complete(sctp); 4065 BUMP_LOCAL(sctp->sctp_ibchunks); 4066 BUMP_MIB(&sctps->sctps_mib, sctpShutdowns); 4067 sctp_assoc_event(sctp, SCTP_SHUTDOWN_COMP, 0, 4068 NULL); 4069 sctp_clean_death(sctp, 0); 4070 goto done; 4071 case CHUNK_COOKIE: 4072 (void) sctp_shutdown_received(sctp, NULL, 4073 B_TRUE, B_FALSE, fp); 4074 BUMP_LOCAL(sctp->sctp_ibchunks); 4075 break; 4076 case CHUNK_HEARTBEAT: 4077 sctp_return_heartbeat(sctp, ch, mp); 4078 break; 4079 default: 4080 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4081 goto nomorechunks; 4082 } /* else skip and continue processing */ 4083 break; 4084 } 4085 break; 4086 4087 case SCTPS_SHUTDOWN_RECEIVED: 4088 switch (ch->sch_id) { 4089 case CHUNK_SHUTDOWN: 4090 trysend = sctp_shutdown_received(sctp, ch, 4091 B_FALSE, B_FALSE, fp); 4092 break; 4093 case CHUNK_SACK: 4094 trysend = sctp_got_sack(sctp, ch); 4095 if (trysend < 0) { 4096 sctp_send_abort(sctp, sctph->sh_verf, 4097 0, NULL, 0, mp, 0, B_FALSE); 4098 sctp_assoc_event(sctp, 4099 SCTP_COMM_LOST, 0, NULL); 4100 sctp_clean_death(sctp, 4101 ECONNABORTED); 4102 goto done; 4103 } 4104 break; 4105 case CHUNK_ABORT: 4106 sctp_process_abort(sctp, ch, ECONNRESET); 4107 goto done; 4108 case CHUNK_HEARTBEAT: 4109 sctp_return_heartbeat(sctp, ch, mp); 4110 break; 4111 default: 4112 if (sctp_strange_chunk(sctp, ch, fp) == 0) { 4113 goto nomorechunks; 4114 } /* else skip and continue processing */ 4115 break; 4116 } 4117 break; 4118 4119 default: 4120 /* 4121 * The only remaining states are SCTPS_IDLE and 4122 * SCTPS_BOUND, and we should not be getting here 4123 * for these. 4124 */ 4125 ASSERT(0); 4126 } /* switch (sctp->sctp_state) */ 4127 4128 ch = sctp_next_chunk(ch, &mlen); 4129 if (ch != NULL && !sctp_check_input(sctp, ch, mlen, 0)) 4130 goto done; 4131 } while (ch != NULL); 4132 4133 /* Finished processing all chunks in packet */ 4134 4135 nomorechunks: 4136 /* SACK if necessary */ 4137 if (gotdata) { 4138 (sctp->sctp_sack_toggle)++; 4139 sctp_sack(sctp, dups); 4140 dups = NULL; 4141 4142 if (!sctp->sctp_ack_timer_running) { 4143 sctp->sctp_ack_timer_running = B_TRUE; 4144 sctp_timer(sctp, sctp->sctp_ack_mp, 4145 MSEC_TO_TICK(sctps->sctps_deferred_ack_interval)); 4146 } 4147 } 4148 4149 if (trysend) { 4150 sctp_output(sctp, UINT_MAX); 4151 if (sctp->sctp_cxmit_list != NULL) 4152 sctp_wput_asconf(sctp, NULL); 4153 } 4154 /* If there is unsent data, make sure a timer is running */ 4155 if (sctp->sctp_unsent > 0 && !sctp->sctp_current->timer_running) { 4156 SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current, 4157 sctp->sctp_current->rto); 4158 } 4159 4160 done: 4161 if (dups != NULL) 4162 freeb(dups); 4163 if (ipsec_mp != NULL) 4164 freeb(ipsec_mp); 4165 freemsg(mp); 4166 4167 if (wake_eager) { 4168 /* 4169 * sctp points to newly created control block, need to 4170 * release it before exiting. Before releasing it and 4171 * processing the sendq, need to grab a hold on it. 4172 * Otherwise, another thread can close it while processing 4173 * the sendq. 4174 */ 4175 SCTP_REFHOLD(sctp); 4176 WAKE_SCTP(sctp); 4177 sctp_process_sendq(sctp); 4178 SCTP_REFRELE(sctp); 4179 } 4180 } 4181 4182 /* 4183 * Some amount of data got removed from rx q. 4184 * Check if we should send a window update. 4185 * 4186 * Due to way sctp_rwnd updates are made, ULP can give reports out-of-order. 4187 * To keep from dropping incoming data due to this, we only update 4188 * sctp_rwnd when if it's larger than what we've reported to peer earlier. 4189 */ 4190 void 4191 sctp_recvd(sctp_t *sctp, int len) 4192 { 4193 int32_t old, new; 4194 sctp_stack_t *sctps = sctp->sctp_sctps; 4195 4196 ASSERT(sctp != NULL); 4197 RUN_SCTP(sctp); 4198 4199 if (len < sctp->sctp_rwnd) { 4200 WAKE_SCTP(sctp); 4201 return; 4202 } 4203 ASSERT(sctp->sctp_rwnd >= sctp->sctp_rxqueued); 4204 old = sctp->sctp_rwnd - sctp->sctp_rxqueued; 4205 new = len - sctp->sctp_rxqueued; 4206 sctp->sctp_rwnd = len; 4207 4208 if (sctp->sctp_state >= SCTPS_ESTABLISHED && 4209 ((old <= new >> 1) || (old < sctp->sctp_mss))) { 4210 sctp->sctp_force_sack = 1; 4211 BUMP_MIB(&sctps->sctps_mib, sctpOutWinUpdate); 4212 sctp_sack(sctp, NULL); 4213 old = 1; 4214 } else { 4215 old = 0; 4216 } 4217 WAKE_SCTP(sctp); 4218 if (old > 0) { 4219 sctp_process_sendq(sctp); 4220 } 4221 } 4222