2 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved.
3 * Copyright (c) 2008-2011, by Randall Stewart. All rights reserved.
4 * Copyright (c) 2008-2011, by Michael Tuexen. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * a) Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
12 * b) Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the distribution.
16 * c) Neither the name of Cisco Systems, Inc. nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
30 * THE POSSIBILITY OF SUCH DAMAGE.
33 /* $KAME: sctp_indata.c,v 1.36 2005/03/06 16:04:17 itojun Exp $ */
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
38 #include <netinet/sctp_os.h>
39 #include <netinet/sctp_var.h>
40 #include <netinet/sctp_sysctl.h>
41 #include <netinet/sctp_pcb.h>
42 #include <netinet/sctp_header.h>
43 #include <netinet/sctputil.h>
44 #include <netinet/sctp_output.h>
45 #include <netinet/sctp_input.h>
46 #include <netinet/sctp_indata.h>
47 #include <netinet/sctp_uio.h>
48 #include <netinet/sctp_timer.h>
52 * NOTES: On the outbound side of things I need to check the sack timer to
53 * see if I should generate a sack into the chunk queue (if I have data to
54 * send that is and will be sending it .. for bundling.
56 * The callback in sctp_usrreq.c will get called when the socket is read from.
57 * This will cause sctp_service_queues() to get called on the top entry in
62 sctp_set_rwnd(struct sctp_tcb *stcb, struct sctp_association *asoc)
64 asoc->my_rwnd = sctp_calc_rwnd(stcb, asoc);
67 /* Calculate what the rwnd would be */
69 sctp_calc_rwnd(struct sctp_tcb *stcb, struct sctp_association *asoc)
74 * This is really set wrong with respect to a 1-2-m socket. Since
75 * the sb_cc is the count that everyone as put up. When we re-write
76 * sctp_soreceive then we will fix this so that ONLY this
77 * associations data is taken into account.
79 if (stcb->sctp_socket == NULL)
82 if (stcb->asoc.sb_cc == 0 &&
83 asoc->size_on_reasm_queue == 0 &&
84 asoc->size_on_all_streams == 0) {
85 /* Full rwnd granted */
86 calc = max(SCTP_SB_LIMIT_RCV(stcb->sctp_socket), SCTP_MINIMAL_RWND);
89 /* get actual space */
90 calc = (uint32_t) sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv);
93 * take out what has NOT been put on socket queue and we yet hold
96 calc = sctp_sbspace_sub(calc, (uint32_t) (asoc->size_on_reasm_queue +
97 asoc->cnt_on_reasm_queue * MSIZE));
98 calc = sctp_sbspace_sub(calc, (uint32_t) (asoc->size_on_all_streams +
99 asoc->cnt_on_all_streams * MSIZE));
105 /* what is the overhead of all these rwnd's */
106 calc = sctp_sbspace_sub(calc, stcb->asoc.my_rwnd_control_len);
108 * If the window gets too small due to ctrl-stuff, reduce it to 1,
109 * even it is 0. SWS engaged
111 if (calc < stcb->asoc.my_rwnd_control_len) {
120 * Build out our readq entry based on the incoming packet.
122 struct sctp_queued_to_read *
123 sctp_build_readq_entry(struct sctp_tcb *stcb,
124 struct sctp_nets *net,
125 uint32_t tsn, uint32_t ppid,
126 uint32_t context, uint16_t stream_no,
127 uint16_t stream_seq, uint8_t flags,
130 struct sctp_queued_to_read *read_queue_e = NULL;
132 sctp_alloc_a_readq(stcb, read_queue_e);
133 if (read_queue_e == NULL) {
136 read_queue_e->sinfo_stream = stream_no;
137 read_queue_e->sinfo_ssn = stream_seq;
138 read_queue_e->sinfo_flags = (flags << 8);
139 read_queue_e->sinfo_ppid = ppid;
140 read_queue_e->sinfo_context = context;
141 read_queue_e->sinfo_timetolive = 0;
142 read_queue_e->sinfo_tsn = tsn;
143 read_queue_e->sinfo_cumtsn = tsn;
144 read_queue_e->sinfo_assoc_id = sctp_get_associd(stcb);
145 read_queue_e->whoFrom = net;
146 read_queue_e->length = 0;
147 atomic_add_int(&net->ref_count, 1);
148 read_queue_e->data = dm;
149 read_queue_e->spec_flags = 0;
150 read_queue_e->tail_mbuf = NULL;
151 read_queue_e->aux_data = NULL;
152 read_queue_e->stcb = stcb;
153 read_queue_e->port_from = stcb->rport;
154 read_queue_e->do_not_ref_stcb = 0;
155 read_queue_e->end_added = 0;
156 read_queue_e->some_taken = 0;
157 read_queue_e->pdapi_aborted = 0;
159 return (read_queue_e);
164 * Build out our readq entry based on the incoming packet.
166 static struct sctp_queued_to_read *
167 sctp_build_readq_entry_chk(struct sctp_tcb *stcb,
168 struct sctp_tmit_chunk *chk)
170 struct sctp_queued_to_read *read_queue_e = NULL;
172 sctp_alloc_a_readq(stcb, read_queue_e);
173 if (read_queue_e == NULL) {
176 read_queue_e->sinfo_stream = chk->rec.data.stream_number;
177 read_queue_e->sinfo_ssn = chk->rec.data.stream_seq;
178 read_queue_e->sinfo_flags = (chk->rec.data.rcv_flags << 8);
179 read_queue_e->sinfo_ppid = chk->rec.data.payloadtype;
180 read_queue_e->sinfo_context = stcb->asoc.context;
181 read_queue_e->sinfo_timetolive = 0;
182 read_queue_e->sinfo_tsn = chk->rec.data.TSN_seq;
183 read_queue_e->sinfo_cumtsn = chk->rec.data.TSN_seq;
184 read_queue_e->sinfo_assoc_id = sctp_get_associd(stcb);
185 read_queue_e->whoFrom = chk->whoTo;
186 read_queue_e->aux_data = NULL;
187 read_queue_e->length = 0;
188 atomic_add_int(&chk->whoTo->ref_count, 1);
189 read_queue_e->data = chk->data;
190 read_queue_e->tail_mbuf = NULL;
191 read_queue_e->stcb = stcb;
192 read_queue_e->port_from = stcb->rport;
193 read_queue_e->spec_flags = 0;
194 read_queue_e->do_not_ref_stcb = 0;
195 read_queue_e->end_added = 0;
196 read_queue_e->some_taken = 0;
197 read_queue_e->pdapi_aborted = 0;
199 return (read_queue_e);
204 sctp_build_ctl_nchunk(struct sctp_inpcb *inp, struct sctp_sndrcvinfo *sinfo)
206 struct sctp_extrcvinfo *seinfo;
207 struct sctp_sndrcvinfo *outinfo;
208 struct sctp_rcvinfo *rcvinfo;
209 struct sctp_nxtinfo *nxtinfo;
216 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT) &&
217 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVRCVINFO) &&
218 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) {
219 /* user does not want any ancillary data */
223 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVRCVINFO)) {
224 len += CMSG_SPACE(sizeof(struct sctp_rcvinfo));
226 seinfo = (struct sctp_extrcvinfo *)sinfo;
227 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO) &&
228 (seinfo->sreinfo_next_flags & SCTP_NEXT_MSG_AVAIL)) {
230 len += CMSG_SPACE(sizeof(struct sctp_rcvinfo));
234 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT)) {
235 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO)) {
237 len += CMSG_SPACE(sizeof(struct sctp_extrcvinfo));
240 len += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
246 ret = sctp_get_mbuf_for_msg(len, 0, M_DONTWAIT, 1, MT_DATA);
251 SCTP_BUF_LEN(ret) = 0;
253 /* We need a CMSG header followed by the struct */
254 cmh = mtod(ret, struct cmsghdr *);
255 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVRCVINFO)) {
256 cmh->cmsg_level = IPPROTO_SCTP;
257 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_rcvinfo));
258 cmh->cmsg_type = SCTP_RCVINFO;
259 rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmh);
260 rcvinfo->rcv_sid = sinfo->sinfo_stream;
261 rcvinfo->rcv_ssn = sinfo->sinfo_ssn;
262 rcvinfo->rcv_flags = sinfo->sinfo_flags;
263 rcvinfo->rcv_ppid = sinfo->sinfo_ppid;
264 rcvinfo->rcv_tsn = sinfo->sinfo_tsn;
265 rcvinfo->rcv_cumtsn = sinfo->sinfo_cumtsn;
266 rcvinfo->rcv_context = sinfo->sinfo_context;
267 rcvinfo->rcv_assoc_id = sinfo->sinfo_assoc_id;
268 cmh = (struct cmsghdr *)((caddr_t)cmh + CMSG_SPACE(sizeof(struct sctp_rcvinfo)));
269 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_rcvinfo));
272 cmh->cmsg_level = IPPROTO_SCTP;
273 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_nxtinfo));
274 cmh->cmsg_type = SCTP_NXTINFO;
275 nxtinfo = (struct sctp_nxtinfo *)CMSG_DATA(cmh);
276 nxtinfo->nxt_sid = seinfo->sreinfo_next_stream;
277 nxtinfo->nxt_flags = 0;
278 if (seinfo->sreinfo_next_flags & SCTP_NEXT_MSG_IS_UNORDERED) {
279 nxtinfo->nxt_flags |= SCTP_UNORDERED;
281 if (seinfo->sreinfo_next_flags & SCTP_NEXT_MSG_IS_NOTIFICATION) {
282 nxtinfo->nxt_flags |= SCTP_NOTIFICATION;
284 if (seinfo->sreinfo_next_flags & SCTP_NEXT_MSG_ISCOMPLETE) {
285 nxtinfo->nxt_flags |= SCTP_COMPLETE;
287 nxtinfo->nxt_ppid = seinfo->sreinfo_next_ppid;
288 nxtinfo->nxt_length = seinfo->sreinfo_next_length;
289 nxtinfo->nxt_assoc_id = seinfo->sreinfo_next_aid;
290 cmh = (struct cmsghdr *)((caddr_t)cmh + CMSG_SPACE(sizeof(struct sctp_nxtinfo)));
291 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_nxtinfo));
293 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT)) {
294 cmh->cmsg_level = IPPROTO_SCTP;
295 outinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmh);
297 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_extrcvinfo));
298 cmh->cmsg_type = SCTP_EXTRCV;
299 memcpy(outinfo, sinfo, sizeof(struct sctp_extrcvinfo));
300 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_extrcvinfo));
302 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
303 cmh->cmsg_type = SCTP_SNDRCV;
305 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
313 sctp_mark_non_revokable(struct sctp_association *asoc, uint32_t tsn)
315 uint32_t gap, i, cumackp1;
318 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) {
321 cumackp1 = asoc->cumulative_tsn + 1;
322 if (SCTP_TSN_GT(cumackp1, tsn)) {
324 * this tsn is behind the cum ack and thus we don't need to
325 * worry about it being moved from one to the other.
329 SCTP_CALC_TSN_TO_GAP(gap, tsn, asoc->mapping_array_base_tsn);
330 if (!SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) {
331 SCTP_PRINTF("gap:%x tsn:%x\n", gap, tsn);
332 sctp_print_mapping_array(asoc);
334 panic("Things are really messed up now!!");
337 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
338 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
339 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
340 asoc->highest_tsn_inside_nr_map = tsn;
342 if (tsn == asoc->highest_tsn_inside_map) {
343 /* We must back down to see what the new highest is */
344 for (i = tsn - 1; SCTP_TSN_GE(i, asoc->mapping_array_base_tsn); i--) {
345 SCTP_CALC_TSN_TO_GAP(gap, i, asoc->mapping_array_base_tsn);
346 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) {
347 asoc->highest_tsn_inside_map = i;
353 asoc->highest_tsn_inside_map = asoc->mapping_array_base_tsn - 1;
360 * We are delivering currently from the reassembly queue. We must continue to
361 * deliver until we either: 1) run out of space. 2) run out of sequential
362 * TSN's 3) hit the SCTP_DATA_LAST_FRAG flag.
365 sctp_service_reassembly(struct sctp_tcb *stcb, struct sctp_association *asoc)
367 struct sctp_tmit_chunk *chk, *nchk;
372 struct sctp_queued_to_read *control, *ctl, *nctl;
377 cntDel = stream_no = 0;
378 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
379 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) ||
380 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) {
381 /* socket above is long gone or going.. */
383 asoc->fragmented_delivery_inprogress = 0;
384 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
385 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
386 asoc->size_on_reasm_queue -= chk->send_size;
387 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
389 * Lose the data pointer, since its in the socket
393 sctp_m_freem(chk->data);
396 /* Now free the address and data */
397 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
398 /* sa_ignore FREED_MEMORY */
402 SCTP_TCB_LOCK_ASSERT(stcb);
403 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
404 if (chk->rec.data.TSN_seq != (asoc->tsn_last_delivered + 1)) {
405 /* Can't deliver more :< */
408 stream_no = chk->rec.data.stream_number;
409 nxt_todel = asoc->strmin[stream_no].last_sequence_delivered + 1;
410 if (nxt_todel != chk->rec.data.stream_seq &&
411 (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0) {
413 * Not the next sequence to deliver in its stream OR
418 if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
420 control = sctp_build_readq_entry_chk(stcb, chk);
421 if (control == NULL) {
425 /* save it off for our future deliveries */
426 stcb->asoc.control_pdapi = control;
427 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG)
431 sctp_mark_non_revokable(asoc, chk->rec.data.TSN_seq);
432 sctp_add_to_readq(stcb->sctp_ep,
433 stcb, control, &stcb->sctp_socket->so_rcv, end,
434 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
437 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG)
441 sctp_mark_non_revokable(asoc, chk->rec.data.TSN_seq);
442 if (sctp_append_to_readq(stcb->sctp_ep, stcb,
443 stcb->asoc.control_pdapi,
444 chk->data, end, chk->rec.data.TSN_seq,
445 &stcb->sctp_socket->so_rcv)) {
447 * something is very wrong, either
448 * control_pdapi is NULL, or the tail_mbuf
449 * is corrupt, or there is a EOM already on
452 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
456 if ((stcb->asoc.control_pdapi == NULL) || (stcb->asoc.control_pdapi->tail_mbuf == NULL)) {
457 panic("This should not happen control_pdapi NULL?");
459 /* if we did not panic, it was a EOM */
460 panic("Bad chunking ??");
462 if ((stcb->asoc.control_pdapi == NULL) || (stcb->asoc.control_pdapi->tail_mbuf == NULL)) {
463 SCTP_PRINTF("This should not happen control_pdapi NULL?\n");
465 SCTP_PRINTF("Bad chunking ??\n");
466 SCTP_PRINTF("Dumping re-assembly queue this will probably hose the association\n");
474 /* pull it we did it */
475 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
476 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) {
477 asoc->fragmented_delivery_inprogress = 0;
478 if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0) {
479 asoc->strmin[stream_no].last_sequence_delivered++;
481 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0) {
482 SCTP_STAT_INCR_COUNTER64(sctps_reasmusrmsgs);
484 } else if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
486 * turn the flag back on since we just delivered
489 asoc->fragmented_delivery_inprogress = 1;
491 asoc->tsn_of_pdapi_last_delivered = chk->rec.data.TSN_seq;
492 asoc->last_flags_delivered = chk->rec.data.rcv_flags;
493 asoc->last_strm_seq_delivered = chk->rec.data.stream_seq;
494 asoc->last_strm_no_delivered = chk->rec.data.stream_number;
496 asoc->tsn_last_delivered = chk->rec.data.TSN_seq;
497 asoc->size_on_reasm_queue -= chk->send_size;
498 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
499 /* free up the chk */
501 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
503 if (asoc->fragmented_delivery_inprogress == 0) {
505 * Now lets see if we can deliver the next one on
508 struct sctp_stream_in *strm;
510 strm = &asoc->strmin[stream_no];
511 nxt_todel = strm->last_sequence_delivered + 1;
512 TAILQ_FOREACH_SAFE(ctl, &strm->inqueue, next, nctl) {
513 /* Deliver more if we can. */
514 if (nxt_todel == ctl->sinfo_ssn) {
515 TAILQ_REMOVE(&strm->inqueue, ctl, next);
516 asoc->size_on_all_streams -= ctl->length;
517 sctp_ucount_decr(asoc->cnt_on_all_streams);
518 strm->last_sequence_delivered++;
519 sctp_mark_non_revokable(asoc, ctl->sinfo_tsn);
520 sctp_add_to_readq(stcb->sctp_ep, stcb,
522 &stcb->sctp_socket->so_rcv, 1,
523 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
527 nxt_todel = strm->last_sequence_delivered + 1;
535 * Queue the chunk either right into the socket buffer if it is the next one
536 * to go OR put it in the correct place in the delivery queue. If we do
537 * append to the so_buf, keep doing so until we are out of order. One big
538 * question still remains, what to do when the socket buffer is FULL??
541 sctp_queue_data_to_stream(struct sctp_tcb *stcb, struct sctp_association *asoc,
542 struct sctp_queued_to_read *control, int *abort_flag)
545 * FIX-ME maybe? What happens when the ssn wraps? If we are getting
546 * all the data in one stream this could happen quite rapidly. One
547 * could use the TSN to keep track of things, but this scheme breaks
548 * down in the other type of stream useage that could occur. Send a
549 * single msg to stream 0, send 4Billion messages to stream 1, now
550 * send a message to stream 0. You have a situation where the TSN
551 * has wrapped but not in the stream. Is this worth worrying about
552 * or should we just change our queue sort at the bottom to be by
555 * Could it also be legal for a peer to send ssn 1 with TSN 2 and ssn 2
556 * with TSN 1? If the peer is doing some sort of funky TSN/SSN
557 * assignment this could happen... and I don't see how this would be
558 * a violation. So for now I am undecided an will leave the sort by
559 * SSN alone. Maybe a hybred approach is the answer
562 struct sctp_stream_in *strm;
563 struct sctp_queued_to_read *at;
569 asoc->size_on_all_streams += control->length;
570 sctp_ucount_incr(asoc->cnt_on_all_streams);
571 strm = &asoc->strmin[control->sinfo_stream];
572 nxt_todel = strm->last_sequence_delivered + 1;
573 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
574 sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_INTO_STRD);
576 SCTPDBG(SCTP_DEBUG_INDATA1,
577 "queue to stream called for ssn:%u lastdel:%u nxt:%u\n",
578 (uint32_t) control->sinfo_stream,
579 (uint32_t) strm->last_sequence_delivered,
580 (uint32_t) nxt_todel);
581 if (SCTP_SSN_GE(strm->last_sequence_delivered, control->sinfo_ssn)) {
582 /* The incoming sseq is behind where we last delivered? */
583 SCTPDBG(SCTP_DEBUG_INDATA1, "Duplicate S-SEQ:%d delivered:%d from peer, Abort association\n",
584 control->sinfo_ssn, strm->last_sequence_delivered);
587 * throw it in the stream so it gets cleaned up in
588 * association destruction
590 TAILQ_INSERT_HEAD(&strm->inqueue, control, next);
591 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
592 0, M_DONTWAIT, 1, MT_DATA);
594 struct sctp_paramhdr *ph;
597 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
598 (sizeof(uint32_t) * 3);
599 ph = mtod(oper, struct sctp_paramhdr *);
600 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
601 ph->param_length = htons(SCTP_BUF_LEN(oper));
602 ippp = (uint32_t *) (ph + 1);
603 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_1);
605 *ippp = control->sinfo_tsn;
607 *ippp = ((control->sinfo_stream << 16) | control->sinfo_ssn);
609 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_1;
610 sctp_abort_an_association(stcb->sctp_ep, stcb,
611 SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
617 if (nxt_todel == control->sinfo_ssn) {
618 /* can be delivered right away? */
619 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
620 sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_IMMED_DEL);
622 /* EY it wont be queued if it could be delivered directly */
624 asoc->size_on_all_streams -= control->length;
625 sctp_ucount_decr(asoc->cnt_on_all_streams);
626 strm->last_sequence_delivered++;
628 sctp_mark_non_revokable(asoc, control->sinfo_tsn);
629 sctp_add_to_readq(stcb->sctp_ep, stcb,
631 &stcb->sctp_socket->so_rcv, 1,
632 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
633 TAILQ_FOREACH_SAFE(control, &strm->inqueue, next, at) {
635 nxt_todel = strm->last_sequence_delivered + 1;
636 if (nxt_todel == control->sinfo_ssn) {
637 TAILQ_REMOVE(&strm->inqueue, control, next);
638 asoc->size_on_all_streams -= control->length;
639 sctp_ucount_decr(asoc->cnt_on_all_streams);
640 strm->last_sequence_delivered++;
642 * We ignore the return of deliver_data here
643 * since we always can hold the chunk on the
644 * d-queue. And we have a finite number that
645 * can be delivered from the strq.
647 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
648 sctp_log_strm_del(control, NULL,
649 SCTP_STR_LOG_FROM_IMMED_DEL);
651 sctp_mark_non_revokable(asoc, control->sinfo_tsn);
652 sctp_add_to_readq(stcb->sctp_ep, stcb,
654 &stcb->sctp_socket->so_rcv, 1,
655 SCTP_READ_LOCK_NOT_HELD,
664 * Ok, we did not deliver this guy, find the correct place
665 * to put it on the queue.
667 if (SCTP_TSN_GE(asoc->cumulative_tsn, control->sinfo_tsn)) {
670 if (TAILQ_EMPTY(&strm->inqueue)) {
672 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
673 sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_INSERT_HD);
675 TAILQ_INSERT_HEAD(&strm->inqueue, control, next);
677 TAILQ_FOREACH(at, &strm->inqueue, next) {
678 if (SCTP_SSN_GT(at->sinfo_ssn, control->sinfo_ssn)) {
680 * one in queue is bigger than the
681 * new one, insert before this one
683 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
684 sctp_log_strm_del(control, at,
685 SCTP_STR_LOG_FROM_INSERT_MD);
687 TAILQ_INSERT_BEFORE(at, control, next);
689 } else if (at->sinfo_ssn == control->sinfo_ssn) {
691 * Gak, He sent me a duplicate str
695 * foo bar, I guess I will just free
696 * this new guy, should we abort
697 * too? FIX ME MAYBE? Or it COULD be
698 * that the SSN's have wrapped.
699 * Maybe I should compare to TSN
700 * somehow... sigh for now just blow
705 sctp_m_freem(control->data);
706 control->data = NULL;
707 asoc->size_on_all_streams -= control->length;
708 sctp_ucount_decr(asoc->cnt_on_all_streams);
709 if (control->whoFrom) {
710 sctp_free_remote_addr(control->whoFrom);
711 control->whoFrom = NULL;
713 sctp_free_a_readq(stcb, control);
716 if (TAILQ_NEXT(at, next) == NULL) {
718 * We are at the end, insert
721 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
722 sctp_log_strm_del(control, at,
723 SCTP_STR_LOG_FROM_INSERT_TL);
725 TAILQ_INSERT_AFTER(&strm->inqueue,
736 * Returns two things: You get the total size of the deliverable parts of the
737 * first fragmented message on the reassembly queue. And you get a 1 back if
738 * all of the message is ready or a 0 back if the message is still incomplete
741 sctp_is_all_msg_on_reasm(struct sctp_association *asoc, uint32_t * t_size)
743 struct sctp_tmit_chunk *chk;
747 chk = TAILQ_FIRST(&asoc->reasmqueue);
749 /* nothing on the queue */
752 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0) {
753 /* Not a first on the queue */
756 tsn = chk->rec.data.TSN_seq;
757 TAILQ_FOREACH(chk, &asoc->reasmqueue, sctp_next) {
758 if (tsn != chk->rec.data.TSN_seq) {
761 *t_size += chk->send_size;
762 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) {
771 sctp_deliver_reasm_check(struct sctp_tcb *stcb, struct sctp_association *asoc)
773 struct sctp_tmit_chunk *chk;
775 uint32_t tsize, pd_point;
778 chk = TAILQ_FIRST(&asoc->reasmqueue);
781 asoc->size_on_reasm_queue = 0;
782 asoc->cnt_on_reasm_queue = 0;
785 if (asoc->fragmented_delivery_inprogress == 0) {
787 asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered + 1;
788 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) &&
789 (nxt_todel == chk->rec.data.stream_seq ||
790 (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED))) {
792 * Yep the first one is here and its ok to deliver
795 if (stcb->sctp_socket) {
796 pd_point = min(SCTP_SB_LIMIT_RCV(stcb->sctp_socket),
797 stcb->sctp_ep->partial_delivery_point);
799 pd_point = stcb->sctp_ep->partial_delivery_point;
801 if (sctp_is_all_msg_on_reasm(asoc, &tsize) || (tsize >= pd_point)) {
804 * Yes, we setup to start reception, by
805 * backing down the TSN just in case we
806 * can't deliver. If we
808 asoc->fragmented_delivery_inprogress = 1;
809 asoc->tsn_last_delivered =
810 chk->rec.data.TSN_seq - 1;
812 chk->rec.data.stream_number;
813 asoc->ssn_of_pdapi = chk->rec.data.stream_seq;
814 asoc->pdapi_ppid = chk->rec.data.payloadtype;
815 asoc->fragment_flags = chk->rec.data.rcv_flags;
816 sctp_service_reassembly(stcb, asoc);
821 * Service re-assembly will deliver stream data queued at
822 * the end of fragmented delivery.. but it wont know to go
823 * back and call itself again... we do that here with the
826 sctp_service_reassembly(stcb, asoc);
827 if (asoc->fragmented_delivery_inprogress == 0) {
829 * finished our Fragmented delivery, could be more
838 * Dump onto the re-assembly queue, in its proper place. After dumping on the
839 * queue, see if anthing can be delivered. If so pull it off (or as much as
840 * we can. If we run out of space then we must dump what we can and set the
841 * appropriate flag to say we queued what we could.
844 sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struct sctp_association *asoc,
845 struct sctp_tmit_chunk *chk, int *abort_flag)
848 uint32_t cum_ackp1, prev_tsn, post_tsn;
849 struct sctp_tmit_chunk *at, *prev, *next;
852 cum_ackp1 = asoc->tsn_last_delivered + 1;
853 if (TAILQ_EMPTY(&asoc->reasmqueue)) {
854 /* This is the first one on the queue */
855 TAILQ_INSERT_HEAD(&asoc->reasmqueue, chk, sctp_next);
857 * we do not check for delivery of anything when only one
860 asoc->size_on_reasm_queue = chk->send_size;
861 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
862 if (chk->rec.data.TSN_seq == cum_ackp1) {
863 if (asoc->fragmented_delivery_inprogress == 0 &&
864 (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) !=
865 SCTP_DATA_FIRST_FRAG) {
867 * An empty queue, no delivery inprogress,
868 * we hit the next one and it does NOT have
869 * a FIRST fragment mark.
871 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, its not first, no fragmented delivery in progress\n");
872 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
873 0, M_DONTWAIT, 1, MT_DATA);
876 struct sctp_paramhdr *ph;
880 sizeof(struct sctp_paramhdr) +
881 (sizeof(uint32_t) * 3);
882 ph = mtod(oper, struct sctp_paramhdr *);
884 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
885 ph->param_length = htons(SCTP_BUF_LEN(oper));
886 ippp = (uint32_t *) (ph + 1);
887 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_2);
889 *ippp = chk->rec.data.TSN_seq;
891 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
894 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_2;
895 sctp_abort_an_association(stcb->sctp_ep, stcb,
896 SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
898 } else if (asoc->fragmented_delivery_inprogress &&
899 (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == SCTP_DATA_FIRST_FRAG) {
901 * We are doing a partial delivery and the
902 * NEXT chunk MUST be either the LAST or
903 * MIDDLE fragment NOT a FIRST
905 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it IS a first and fragmented delivery in progress\n");
906 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
907 0, M_DONTWAIT, 1, MT_DATA);
909 struct sctp_paramhdr *ph;
913 sizeof(struct sctp_paramhdr) +
914 (3 * sizeof(uint32_t));
915 ph = mtod(oper, struct sctp_paramhdr *);
917 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
918 ph->param_length = htons(SCTP_BUF_LEN(oper));
919 ippp = (uint32_t *) (ph + 1);
920 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_3);
922 *ippp = chk->rec.data.TSN_seq;
924 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
926 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_3;
927 sctp_abort_an_association(stcb->sctp_ep, stcb,
928 SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
930 } else if (asoc->fragmented_delivery_inprogress) {
932 * Here we are ok with a MIDDLE or LAST
935 if (chk->rec.data.stream_number !=
936 asoc->str_of_pdapi) {
937 /* Got to be the right STR No */
938 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it IS not same stream number %d vs %d\n",
939 chk->rec.data.stream_number,
941 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
942 0, M_DONTWAIT, 1, MT_DATA);
944 struct sctp_paramhdr *ph;
948 sizeof(struct sctp_paramhdr) +
949 (sizeof(uint32_t) * 3);
951 struct sctp_paramhdr *);
953 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
955 htons(SCTP_BUF_LEN(oper));
956 ippp = (uint32_t *) (ph + 1);
957 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_4);
959 *ippp = chk->rec.data.TSN_seq;
961 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
963 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_4;
964 sctp_abort_an_association(stcb->sctp_ep,
965 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
967 } else if ((asoc->fragment_flags & SCTP_DATA_UNORDERED) !=
968 SCTP_DATA_UNORDERED &&
969 chk->rec.data.stream_seq != asoc->ssn_of_pdapi) {
970 /* Got to be the right STR Seq */
971 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it IS not same stream seq %d vs %d\n",
972 chk->rec.data.stream_seq,
974 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
975 0, M_DONTWAIT, 1, MT_DATA);
977 struct sctp_paramhdr *ph;
981 sizeof(struct sctp_paramhdr) +
982 (3 * sizeof(uint32_t));
984 struct sctp_paramhdr *);
986 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
988 htons(SCTP_BUF_LEN(oper));
989 ippp = (uint32_t *) (ph + 1);
990 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_5);
992 *ippp = chk->rec.data.TSN_seq;
994 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
997 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_5;
998 sctp_abort_an_association(stcb->sctp_ep,
999 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1006 /* Find its place */
1007 TAILQ_FOREACH(at, &asoc->reasmqueue, sctp_next) {
1008 if (SCTP_TSN_GT(at->rec.data.TSN_seq, chk->rec.data.TSN_seq)) {
1010 * one in queue is bigger than the new one, insert
1014 asoc->size_on_reasm_queue += chk->send_size;
1015 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
1017 TAILQ_INSERT_BEFORE(at, chk, sctp_next);
1019 } else if (at->rec.data.TSN_seq == chk->rec.data.TSN_seq) {
1020 /* Gak, He sent me a duplicate str seq number */
1022 * foo bar, I guess I will just free this new guy,
1023 * should we abort too? FIX ME MAYBE? Or it COULD be
1024 * that the SSN's have wrapped. Maybe I should
1025 * compare to TSN somehow... sigh for now just blow
1029 sctp_m_freem(chk->data);
1032 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
1036 if (TAILQ_NEXT(at, sctp_next) == NULL) {
1038 * We are at the end, insert it after this
1041 /* check it first */
1042 asoc->size_on_reasm_queue += chk->send_size;
1043 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
1044 TAILQ_INSERT_AFTER(&asoc->reasmqueue, at, chk, sctp_next);
1049 /* Now the audits */
1051 prev_tsn = chk->rec.data.TSN_seq - 1;
1052 if (prev_tsn == prev->rec.data.TSN_seq) {
1054 * Ok the one I am dropping onto the end is the
1055 * NEXT. A bit of valdiation here.
1057 if ((prev->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1058 SCTP_DATA_FIRST_FRAG ||
1059 (prev->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1060 SCTP_DATA_MIDDLE_FRAG) {
1062 * Insert chk MUST be a MIDDLE or LAST
1065 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1066 SCTP_DATA_FIRST_FRAG) {
1067 SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - It can be a midlle or last but not a first\n");
1068 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it's a FIRST!\n");
1069 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1070 0, M_DONTWAIT, 1, MT_DATA);
1072 struct sctp_paramhdr *ph;
1075 SCTP_BUF_LEN(oper) =
1076 sizeof(struct sctp_paramhdr) +
1077 (3 * sizeof(uint32_t));
1079 struct sctp_paramhdr *);
1081 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1083 htons(SCTP_BUF_LEN(oper));
1084 ippp = (uint32_t *) (ph + 1);
1085 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_6);
1087 *ippp = chk->rec.data.TSN_seq;
1089 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1092 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_6;
1093 sctp_abort_an_association(stcb->sctp_ep,
1094 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1098 if (chk->rec.data.stream_number !=
1099 prev->rec.data.stream_number) {
1101 * Huh, need the correct STR here,
1102 * they must be the same.
1104 SCTP_PRINTF("Prev check - Gak, Evil plot, ssn:%d not the same as at:%d\n",
1105 chk->rec.data.stream_number,
1106 prev->rec.data.stream_number);
1107 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1108 0, M_DONTWAIT, 1, MT_DATA);
1110 struct sctp_paramhdr *ph;
1113 SCTP_BUF_LEN(oper) =
1114 sizeof(struct sctp_paramhdr) +
1115 (3 * sizeof(uint32_t));
1117 struct sctp_paramhdr *);
1119 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1121 htons(SCTP_BUF_LEN(oper));
1122 ippp = (uint32_t *) (ph + 1);
1123 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_7);
1125 *ippp = chk->rec.data.TSN_seq;
1127 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1129 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_7;
1130 sctp_abort_an_association(stcb->sctp_ep,
1131 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1136 if ((prev->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0 &&
1137 chk->rec.data.stream_seq !=
1138 prev->rec.data.stream_seq) {
1140 * Huh, need the correct STR here,
1141 * they must be the same.
1143 SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - Gak, Evil plot, sseq:%d not the same as at:%d\n",
1144 chk->rec.data.stream_seq,
1145 prev->rec.data.stream_seq);
1146 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1147 0, M_DONTWAIT, 1, MT_DATA);
1149 struct sctp_paramhdr *ph;
1152 SCTP_BUF_LEN(oper) =
1153 sizeof(struct sctp_paramhdr) +
1154 (3 * sizeof(uint32_t));
1156 struct sctp_paramhdr *);
1158 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1160 htons(SCTP_BUF_LEN(oper));
1161 ippp = (uint32_t *) (ph + 1);
1162 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_8);
1164 *ippp = chk->rec.data.TSN_seq;
1166 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1168 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_8;
1169 sctp_abort_an_association(stcb->sctp_ep,
1170 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1175 } else if ((prev->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1176 SCTP_DATA_LAST_FRAG) {
1177 /* Insert chk MUST be a FIRST */
1178 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) !=
1179 SCTP_DATA_FIRST_FRAG) {
1180 SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - Gak, evil plot, its not FIRST and it must be!\n");
1181 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1182 0, M_DONTWAIT, 1, MT_DATA);
1184 struct sctp_paramhdr *ph;
1187 SCTP_BUF_LEN(oper) =
1188 sizeof(struct sctp_paramhdr) +
1189 (3 * sizeof(uint32_t));
1191 struct sctp_paramhdr *);
1193 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1195 htons(SCTP_BUF_LEN(oper));
1196 ippp = (uint32_t *) (ph + 1);
1197 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_9);
1199 *ippp = chk->rec.data.TSN_seq;
1201 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1204 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_9;
1205 sctp_abort_an_association(stcb->sctp_ep,
1206 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1215 post_tsn = chk->rec.data.TSN_seq + 1;
1216 if (post_tsn == next->rec.data.TSN_seq) {
1218 * Ok the one I am inserting ahead of is my NEXT
1219 * one. A bit of valdiation here.
1221 if (next->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
1222 /* Insert chk MUST be a last fragment */
1223 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK)
1224 != SCTP_DATA_LAST_FRAG) {
1225 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Next is FIRST, we must be LAST\n");
1226 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, its not a last!\n");
1227 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1228 0, M_DONTWAIT, 1, MT_DATA);
1230 struct sctp_paramhdr *ph;
1233 SCTP_BUF_LEN(oper) =
1234 sizeof(struct sctp_paramhdr) +
1235 (3 * sizeof(uint32_t));
1237 struct sctp_paramhdr *);
1239 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1241 htons(SCTP_BUF_LEN(oper));
1242 ippp = (uint32_t *) (ph + 1);
1243 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_10);
1245 *ippp = chk->rec.data.TSN_seq;
1247 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1249 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_10;
1250 sctp_abort_an_association(stcb->sctp_ep,
1251 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1256 } else if ((next->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1257 SCTP_DATA_MIDDLE_FRAG ||
1258 (next->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1259 SCTP_DATA_LAST_FRAG) {
1261 * Insert chk CAN be MIDDLE or FIRST NOT
1264 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1265 SCTP_DATA_LAST_FRAG) {
1266 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Next is a MIDDLE/LAST\n");
1267 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, new prev chunk is a LAST\n");
1268 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1269 0, M_DONTWAIT, 1, MT_DATA);
1271 struct sctp_paramhdr *ph;
1274 SCTP_BUF_LEN(oper) =
1275 sizeof(struct sctp_paramhdr) +
1276 (3 * sizeof(uint32_t));
1278 struct sctp_paramhdr *);
1280 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1282 htons(SCTP_BUF_LEN(oper));
1283 ippp = (uint32_t *) (ph + 1);
1284 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_11);
1286 *ippp = chk->rec.data.TSN_seq;
1288 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1291 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_11;
1292 sctp_abort_an_association(stcb->sctp_ep,
1293 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1298 if (chk->rec.data.stream_number !=
1299 next->rec.data.stream_number) {
1301 * Huh, need the correct STR here,
1302 * they must be the same.
1304 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Gak, Evil plot, ssn:%d not the same as at:%d\n",
1305 chk->rec.data.stream_number,
1306 next->rec.data.stream_number);
1307 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1308 0, M_DONTWAIT, 1, MT_DATA);
1310 struct sctp_paramhdr *ph;
1313 SCTP_BUF_LEN(oper) =
1314 sizeof(struct sctp_paramhdr) +
1315 (3 * sizeof(uint32_t));
1317 struct sctp_paramhdr *);
1319 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1321 htons(SCTP_BUF_LEN(oper));
1322 ippp = (uint32_t *) (ph + 1);
1323 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_12);
1325 *ippp = chk->rec.data.TSN_seq;
1327 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1330 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_12;
1331 sctp_abort_an_association(stcb->sctp_ep,
1332 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1337 if ((next->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0 &&
1338 chk->rec.data.stream_seq !=
1339 next->rec.data.stream_seq) {
1341 * Huh, need the correct STR here,
1342 * they must be the same.
1344 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Gak, Evil plot, sseq:%d not the same as at:%d\n",
1345 chk->rec.data.stream_seq,
1346 next->rec.data.stream_seq);
1347 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1348 0, M_DONTWAIT, 1, MT_DATA);
1350 struct sctp_paramhdr *ph;
1353 SCTP_BUF_LEN(oper) =
1354 sizeof(struct sctp_paramhdr) +
1355 (3 * sizeof(uint32_t));
1357 struct sctp_paramhdr *);
1359 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1361 htons(SCTP_BUF_LEN(oper));
1362 ippp = (uint32_t *) (ph + 1);
1363 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_13);
1365 *ippp = chk->rec.data.TSN_seq;
1367 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1369 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_13;
1370 sctp_abort_an_association(stcb->sctp_ep,
1371 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1379 /* Do we need to do some delivery? check */
1380 sctp_deliver_reasm_check(stcb, asoc);
1384 * This is an unfortunate routine. It checks to make sure a evil guy is not
1385 * stuffing us full of bad packet fragments. A broken peer could also do this
1386 * but this is doubtful. It is to bad I must worry about evil crackers sigh
1390 sctp_does_tsn_belong_to_reasm(struct sctp_association *asoc,
1393 struct sctp_tmit_chunk *at;
1396 TAILQ_FOREACH(at, &asoc->reasmqueue, sctp_next) {
1397 if (SCTP_TSN_GT(TSN_seq, at->rec.data.TSN_seq)) {
1398 /* is it one bigger? */
1399 tsn_est = at->rec.data.TSN_seq + 1;
1400 if (tsn_est == TSN_seq) {
1401 /* yep. It better be a last then */
1402 if ((at->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) !=
1403 SCTP_DATA_LAST_FRAG) {
1405 * Ok this guy belongs next to a guy
1406 * that is NOT last, it should be a
1407 * middle/last, not a complete
1413 * This guy is ok since its a LAST
1414 * and the new chunk is a fully
1415 * self- contained one.
1420 } else if (TSN_seq == at->rec.data.TSN_seq) {
1421 /* Software error since I have a dup? */
1425 * Ok, 'at' is larger than new chunk but does it
1426 * need to be right before it.
1428 tsn_est = TSN_seq + 1;
1429 if (tsn_est == at->rec.data.TSN_seq) {
1430 /* Yep, It better be a first */
1431 if ((at->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) !=
1432 SCTP_DATA_FIRST_FRAG) {
1445 sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc,
1446 struct mbuf **m, int offset, struct sctp_data_chunk *ch, int chk_length,
1447 struct sctp_nets *net, uint32_t * high_tsn, int *abort_flag,
1448 int *break_flag, int last_chunk)
1450 /* Process a data chunk */
1451 /* struct sctp_tmit_chunk *chk; */
1452 struct sctp_tmit_chunk *chk;
1456 int need_reasm_check = 0;
1457 uint16_t strmno, strmseq;
1459 struct sctp_queued_to_read *control;
1461 uint32_t protocol_id;
1462 uint8_t chunk_flags;
1463 struct sctp_stream_reset_list *liste;
1466 tsn = ntohl(ch->dp.tsn);
1467 chunk_flags = ch->ch.chunk_flags;
1468 if ((chunk_flags & SCTP_DATA_SACK_IMMEDIATELY) == SCTP_DATA_SACK_IMMEDIATELY) {
1469 asoc->send_sack = 1;
1471 protocol_id = ch->dp.protocol_id;
1472 ordered = ((chunk_flags & SCTP_DATA_UNORDERED) == 0);
1473 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
1474 sctp_log_map(tsn, asoc->cumulative_tsn, asoc->highest_tsn_inside_map, SCTP_MAP_TSN_ENTERS);
1479 SCTP_LTRACE_CHK(stcb->sctp_ep, stcb, ch->ch.chunk_type, tsn);
1480 if (SCTP_TSN_GE(asoc->cumulative_tsn, tsn)) {
1481 /* It is a duplicate */
1482 SCTP_STAT_INCR(sctps_recvdupdata);
1483 if (asoc->numduptsns < SCTP_MAX_DUP_TSNS) {
1484 /* Record a dup for the next outbound sack */
1485 asoc->dup_tsns[asoc->numduptsns] = tsn;
1488 asoc->send_sack = 1;
1491 /* Calculate the number of TSN's between the base and this TSN */
1492 SCTP_CALC_TSN_TO_GAP(gap, tsn, asoc->mapping_array_base_tsn);
1493 if (gap >= (SCTP_MAPPING_ARRAY << 3)) {
1494 /* Can't hold the bit in the mapping at max array, toss it */
1497 if (gap >= (uint32_t) (asoc->mapping_array_size << 3)) {
1498 SCTP_TCB_LOCK_ASSERT(stcb);
1499 if (sctp_expand_mapping_array(asoc, gap)) {
1500 /* Can't expand, drop it */
1504 if (SCTP_TSN_GT(tsn, *high_tsn)) {
1507 /* See if we have received this one already */
1508 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap) ||
1509 SCTP_IS_TSN_PRESENT(asoc->nr_mapping_array, gap)) {
1510 SCTP_STAT_INCR(sctps_recvdupdata);
1511 if (asoc->numduptsns < SCTP_MAX_DUP_TSNS) {
1512 /* Record a dup for the next outbound sack */
1513 asoc->dup_tsns[asoc->numduptsns] = tsn;
1516 asoc->send_sack = 1;
1520 * Check to see about the GONE flag, duplicates would cause a sack
1521 * to be sent up above
1523 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
1524 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
1525 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET))
1528 * wait a minute, this guy is gone, there is no longer a
1529 * receiver. Send peer an ABORT!
1531 struct mbuf *op_err;
1533 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
1534 sctp_abort_an_association(stcb->sctp_ep, stcb, 0, op_err, SCTP_SO_NOT_LOCKED);
1539 * Now before going further we see if there is room. If NOT then we
1540 * MAY let one through only IF this TSN is the one we are waiting
1541 * for on a partial delivery API.
1544 /* now do the tests */
1545 if (((asoc->cnt_on_all_streams +
1546 asoc->cnt_on_reasm_queue +
1547 asoc->cnt_msg_on_sb) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)) ||
1548 (((int)asoc->my_rwnd) <= 0)) {
1550 * When we have NO room in the rwnd we check to make sure
1551 * the reader is doing its job...
1553 if (stcb->sctp_socket->so_rcv.sb_cc) {
1554 /* some to read, wake-up */
1555 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1558 so = SCTP_INP_SO(stcb->sctp_ep);
1559 atomic_add_int(&stcb->asoc.refcnt, 1);
1560 SCTP_TCB_UNLOCK(stcb);
1561 SCTP_SOCKET_LOCK(so, 1);
1562 SCTP_TCB_LOCK(stcb);
1563 atomic_subtract_int(&stcb->asoc.refcnt, 1);
1564 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
1565 /* assoc was freed while we were unlocked */
1566 SCTP_SOCKET_UNLOCK(so, 1);
1570 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket);
1571 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1572 SCTP_SOCKET_UNLOCK(so, 1);
1575 /* now is it in the mapping array of what we have accepted? */
1576 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_map) &&
1577 SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1578 /* Nope not in the valid range dump it */
1579 sctp_set_rwnd(stcb, asoc);
1580 if ((asoc->cnt_on_all_streams +
1581 asoc->cnt_on_reasm_queue +
1582 asoc->cnt_msg_on_sb) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)) {
1583 SCTP_STAT_INCR(sctps_datadropchklmt);
1585 SCTP_STAT_INCR(sctps_datadroprwnd);
1591 strmno = ntohs(ch->dp.stream_id);
1592 if (strmno >= asoc->streamincnt) {
1593 struct sctp_paramhdr *phdr;
1596 mb = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) * 2),
1597 0, M_DONTWAIT, 1, MT_DATA);
1599 /* add some space up front so prepend will work well */
1600 SCTP_BUF_RESV_UF(mb, sizeof(struct sctp_chunkhdr));
1601 phdr = mtod(mb, struct sctp_paramhdr *);
1603 * Error causes are just param's and this one has
1604 * two back to back phdr, one with the error type
1605 * and size, the other with the streamid and a rsvd
1607 SCTP_BUF_LEN(mb) = (sizeof(struct sctp_paramhdr) * 2);
1608 phdr->param_type = htons(SCTP_CAUSE_INVALID_STREAM);
1609 phdr->param_length =
1610 htons(sizeof(struct sctp_paramhdr) * 2);
1612 /* We insert the stream in the type field */
1613 phdr->param_type = ch->dp.stream_id;
1614 /* And set the length to 0 for the rsvd field */
1615 phdr->param_length = 0;
1616 sctp_queue_op_err(stcb, mb);
1618 SCTP_STAT_INCR(sctps_badsid);
1619 SCTP_TCB_LOCK_ASSERT(stcb);
1620 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
1621 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1622 asoc->highest_tsn_inside_nr_map = tsn;
1624 if (tsn == (asoc->cumulative_tsn + 1)) {
1625 /* Update cum-ack */
1626 asoc->cumulative_tsn = tsn;
1631 * Before we continue lets validate that we are not being fooled by
1632 * an evil attacker. We can only have 4k chunks based on our TSN
1633 * spread allowed by the mapping array 512 * 8 bits, so there is no
1634 * way our stream sequence numbers could have wrapped. We of course
1635 * only validate the FIRST fragment so the bit must be set.
1637 strmseq = ntohs(ch->dp.stream_sequence);
1638 #ifdef SCTP_ASOCLOG_OF_TSNS
1639 SCTP_TCB_LOCK_ASSERT(stcb);
1640 if (asoc->tsn_in_at >= SCTP_TSN_LOG_SIZE) {
1641 asoc->tsn_in_at = 0;
1642 asoc->tsn_in_wrapped = 1;
1644 asoc->in_tsnlog[asoc->tsn_in_at].tsn = tsn;
1645 asoc->in_tsnlog[asoc->tsn_in_at].strm = strmno;
1646 asoc->in_tsnlog[asoc->tsn_in_at].seq = strmseq;
1647 asoc->in_tsnlog[asoc->tsn_in_at].sz = chk_length;
1648 asoc->in_tsnlog[asoc->tsn_in_at].flgs = chunk_flags;
1649 asoc->in_tsnlog[asoc->tsn_in_at].stcb = (void *)stcb;
1650 asoc->in_tsnlog[asoc->tsn_in_at].in_pos = asoc->tsn_in_at;
1651 asoc->in_tsnlog[asoc->tsn_in_at].in_out = 1;
1654 if ((chunk_flags & SCTP_DATA_FIRST_FRAG) &&
1655 (TAILQ_EMPTY(&asoc->resetHead)) &&
1656 (chunk_flags & SCTP_DATA_UNORDERED) == 0 &&
1657 SCTP_SSN_GE(asoc->strmin[strmno].last_sequence_delivered, strmseq)) {
1658 /* The incoming sseq is behind where we last delivered? */
1659 SCTPDBG(SCTP_DEBUG_INDATA1, "EVIL/Broken-Dup S-SEQ:%d delivered:%d from peer, Abort!\n",
1660 strmseq, asoc->strmin[strmno].last_sequence_delivered);
1661 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1662 0, M_DONTWAIT, 1, MT_DATA);
1664 struct sctp_paramhdr *ph;
1667 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
1668 (3 * sizeof(uint32_t));
1669 ph = mtod(oper, struct sctp_paramhdr *);
1670 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1671 ph->param_length = htons(SCTP_BUF_LEN(oper));
1672 ippp = (uint32_t *) (ph + 1);
1673 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_14);
1677 *ippp = ((strmno << 16) | strmseq);
1680 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_14;
1681 sctp_abort_an_association(stcb->sctp_ep, stcb,
1682 SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1686 /************************************
1687 * From here down we may find ch-> invalid
1688 * so its a good idea NOT to use it.
1689 *************************************/
1691 the_len = (chk_length - sizeof(struct sctp_data_chunk));
1692 if (last_chunk == 0) {
1693 dmbuf = SCTP_M_COPYM(*m,
1694 (offset + sizeof(struct sctp_data_chunk)),
1695 the_len, M_DONTWAIT);
1696 #ifdef SCTP_MBUF_LOGGING
1697 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
1700 for (mat = dmbuf; mat; mat = SCTP_BUF_NEXT(mat)) {
1701 if (SCTP_BUF_IS_EXTENDED(mat)) {
1702 sctp_log_mb(mat, SCTP_MBUF_ICOPY);
1708 /* We can steal the last chunk */
1712 /* lop off the top part */
1713 m_adj(dmbuf, (offset + sizeof(struct sctp_data_chunk)));
1714 if (SCTP_BUF_NEXT(dmbuf) == NULL) {
1715 l_len = SCTP_BUF_LEN(dmbuf);
1718 * need to count up the size hopefully does not hit
1724 for (lat = dmbuf; lat; lat = SCTP_BUF_NEXT(lat)) {
1725 l_len += SCTP_BUF_LEN(lat);
1728 if (l_len > the_len) {
1729 /* Trim the end round bytes off too */
1730 m_adj(dmbuf, -(l_len - the_len));
1733 if (dmbuf == NULL) {
1734 SCTP_STAT_INCR(sctps_nomem);
1737 if ((chunk_flags & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG &&
1738 asoc->fragmented_delivery_inprogress == 0 &&
1739 TAILQ_EMPTY(&asoc->resetHead) &&
1741 ((uint16_t) (asoc->strmin[strmno].last_sequence_delivered + 1) == strmseq &&
1742 TAILQ_EMPTY(&asoc->strmin[strmno].inqueue)))) {
1743 /* Candidate for express delivery */
1745 * Its not fragmented, No PD-API is up, Nothing in the
1746 * delivery queue, Its un-ordered OR ordered and the next to
1747 * deliver AND nothing else is stuck on the stream queue,
1748 * And there is room for it in the socket buffer. Lets just
1749 * stuff it up the buffer....
1752 /* It would be nice to avoid this copy if we could :< */
1753 sctp_alloc_a_readq(stcb, control);
1754 sctp_build_readq_entry_mac(control, stcb, asoc->context, net, tsn,
1760 if (control == NULL) {
1761 goto failed_express_del;
1763 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
1764 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1765 asoc->highest_tsn_inside_nr_map = tsn;
1767 sctp_add_to_readq(stcb->sctp_ep, stcb,
1768 control, &stcb->sctp_socket->so_rcv,
1769 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
1771 if ((chunk_flags & SCTP_DATA_UNORDERED) == 0) {
1772 /* for ordered, bump what we delivered */
1773 asoc->strmin[strmno].last_sequence_delivered++;
1775 SCTP_STAT_INCR(sctps_recvexpress);
1776 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
1777 sctp_log_strm_del_alt(stcb, tsn, strmseq, strmno,
1778 SCTP_STR_LOG_FROM_EXPRS_DEL);
1782 goto finish_express_del;
1785 /* If we reach here this is a new chunk */
1788 /* Express for fragmented delivery? */
1789 if ((asoc->fragmented_delivery_inprogress) &&
1790 (stcb->asoc.control_pdapi) &&
1791 (asoc->str_of_pdapi == strmno) &&
1792 (asoc->ssn_of_pdapi == strmseq)
1794 control = stcb->asoc.control_pdapi;
1795 if ((chunk_flags & SCTP_DATA_FIRST_FRAG) == SCTP_DATA_FIRST_FRAG) {
1796 /* Can't be another first? */
1797 goto failed_pdapi_express_del;
1799 if (tsn == (control->sinfo_tsn + 1)) {
1800 /* Yep, we can add it on */
1803 if (chunk_flags & SCTP_DATA_LAST_FRAG) {
1806 if (sctp_append_to_readq(stcb->sctp_ep, stcb, control, dmbuf, end,
1808 &stcb->sctp_socket->so_rcv)) {
1809 SCTP_PRINTF("Append fails end:%d\n", end);
1810 goto failed_pdapi_express_del;
1812 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
1813 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1814 asoc->highest_tsn_inside_nr_map = tsn;
1816 SCTP_STAT_INCR(sctps_recvexpressm);
1817 control->sinfo_tsn = tsn;
1818 asoc->tsn_last_delivered = tsn;
1819 asoc->fragment_flags = chunk_flags;
1820 asoc->tsn_of_pdapi_last_delivered = tsn;
1821 asoc->last_flags_delivered = chunk_flags;
1822 asoc->last_strm_seq_delivered = strmseq;
1823 asoc->last_strm_no_delivered = strmno;
1825 /* clean up the flags and such */
1826 asoc->fragmented_delivery_inprogress = 0;
1827 if ((chunk_flags & SCTP_DATA_UNORDERED) == 0) {
1828 asoc->strmin[strmno].last_sequence_delivered++;
1830 stcb->asoc.control_pdapi = NULL;
1831 if (TAILQ_EMPTY(&asoc->reasmqueue) == 0) {
1833 * There could be another message
1836 need_reasm_check = 1;
1840 goto finish_express_del;
1843 failed_pdapi_express_del:
1845 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) {
1846 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
1847 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1848 asoc->highest_tsn_inside_nr_map = tsn;
1851 SCTP_SET_TSN_PRESENT(asoc->mapping_array, gap);
1852 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_map)) {
1853 asoc->highest_tsn_inside_map = tsn;
1856 if ((chunk_flags & SCTP_DATA_NOT_FRAG) != SCTP_DATA_NOT_FRAG) {
1857 sctp_alloc_a_chunk(stcb, chk);
1859 /* No memory so we drop the chunk */
1860 SCTP_STAT_INCR(sctps_nomem);
1861 if (last_chunk == 0) {
1862 /* we copied it, free the copy */
1863 sctp_m_freem(dmbuf);
1867 chk->rec.data.TSN_seq = tsn;
1868 chk->no_fr_allowed = 0;
1869 chk->rec.data.stream_seq = strmseq;
1870 chk->rec.data.stream_number = strmno;
1871 chk->rec.data.payloadtype = protocol_id;
1872 chk->rec.data.context = stcb->asoc.context;
1873 chk->rec.data.doing_fast_retransmit = 0;
1874 chk->rec.data.rcv_flags = chunk_flags;
1876 chk->send_size = the_len;
1878 atomic_add_int(&net->ref_count, 1);
1881 sctp_alloc_a_readq(stcb, control);
1882 sctp_build_readq_entry_mac(control, stcb, asoc->context, net, tsn,
1888 if (control == NULL) {
1889 /* No memory so we drop the chunk */
1890 SCTP_STAT_INCR(sctps_nomem);
1891 if (last_chunk == 0) {
1892 /* we copied it, free the copy */
1893 sctp_m_freem(dmbuf);
1897 control->length = the_len;
1900 /* Mark it as received */
1901 /* Now queue it where it belongs */
1902 if (control != NULL) {
1903 /* First a sanity check */
1904 if (asoc->fragmented_delivery_inprogress) {
1906 * Ok, we have a fragmented delivery in progress if
1907 * this chunk is next to deliver OR belongs in our
1908 * view to the reassembly, the peer is evil or
1911 uint32_t estimate_tsn;
1913 estimate_tsn = asoc->tsn_last_delivered + 1;
1914 if (TAILQ_EMPTY(&asoc->reasmqueue) &&
1915 (estimate_tsn == control->sinfo_tsn)) {
1916 /* Evil/Broke peer */
1917 sctp_m_freem(control->data);
1918 control->data = NULL;
1919 if (control->whoFrom) {
1920 sctp_free_remote_addr(control->whoFrom);
1921 control->whoFrom = NULL;
1923 sctp_free_a_readq(stcb, control);
1924 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1925 0, M_DONTWAIT, 1, MT_DATA);
1927 struct sctp_paramhdr *ph;
1930 SCTP_BUF_LEN(oper) =
1931 sizeof(struct sctp_paramhdr) +
1932 (3 * sizeof(uint32_t));
1933 ph = mtod(oper, struct sctp_paramhdr *);
1935 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1936 ph->param_length = htons(SCTP_BUF_LEN(oper));
1937 ippp = (uint32_t *) (ph + 1);
1938 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_15);
1942 *ippp = ((strmno << 16) | strmseq);
1944 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_15;
1945 sctp_abort_an_association(stcb->sctp_ep, stcb,
1946 SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1951 if (sctp_does_tsn_belong_to_reasm(asoc, control->sinfo_tsn)) {
1952 sctp_m_freem(control->data);
1953 control->data = NULL;
1954 if (control->whoFrom) {
1955 sctp_free_remote_addr(control->whoFrom);
1956 control->whoFrom = NULL;
1958 sctp_free_a_readq(stcb, control);
1960 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1961 0, M_DONTWAIT, 1, MT_DATA);
1963 struct sctp_paramhdr *ph;
1966 SCTP_BUF_LEN(oper) =
1967 sizeof(struct sctp_paramhdr) +
1968 (3 * sizeof(uint32_t));
1970 struct sctp_paramhdr *);
1972 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1974 htons(SCTP_BUF_LEN(oper));
1975 ippp = (uint32_t *) (ph + 1);
1976 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_16);
1980 *ippp = ((strmno << 16) | strmseq);
1982 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_16;
1983 sctp_abort_an_association(stcb->sctp_ep,
1984 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1991 /* No PDAPI running */
1992 if (!TAILQ_EMPTY(&asoc->reasmqueue)) {
1994 * Reassembly queue is NOT empty validate
1995 * that this tsn does not need to be in
1996 * reasembly queue. If it does then our peer
1997 * is broken or evil.
1999 if (sctp_does_tsn_belong_to_reasm(asoc, control->sinfo_tsn)) {
2000 sctp_m_freem(control->data);
2001 control->data = NULL;
2002 if (control->whoFrom) {
2003 sctp_free_remote_addr(control->whoFrom);
2004 control->whoFrom = NULL;
2006 sctp_free_a_readq(stcb, control);
2007 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
2008 0, M_DONTWAIT, 1, MT_DATA);
2010 struct sctp_paramhdr *ph;
2013 SCTP_BUF_LEN(oper) =
2014 sizeof(struct sctp_paramhdr) +
2015 (3 * sizeof(uint32_t));
2017 struct sctp_paramhdr *);
2019 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
2021 htons(SCTP_BUF_LEN(oper));
2022 ippp = (uint32_t *) (ph + 1);
2023 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_17);
2027 *ippp = ((strmno << 16) | strmseq);
2029 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_17;
2030 sctp_abort_an_association(stcb->sctp_ep,
2031 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
2038 /* ok, if we reach here we have passed the sanity checks */
2039 if (chunk_flags & SCTP_DATA_UNORDERED) {
2040 /* queue directly into socket buffer */
2041 sctp_mark_non_revokable(asoc, control->sinfo_tsn);
2042 sctp_add_to_readq(stcb->sctp_ep, stcb,
2044 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
2047 * Special check for when streams are resetting. We
2048 * could be more smart about this and check the
2049 * actual stream to see if it is not being reset..
2050 * that way we would not create a HOLB when amongst
2051 * streams being reset and those not being reset.
2053 * We take complete messages that have a stream reset
2054 * intervening (aka the TSN is after where our
2055 * cum-ack needs to be) off and put them on a
2056 * pending_reply_queue. The reassembly ones we do
2057 * not have to worry about since they are all sorted
2058 * and proceessed by TSN order. It is only the
2059 * singletons I must worry about.
2061 if (((liste = TAILQ_FIRST(&asoc->resetHead)) != NULL) &&
2062 SCTP_TSN_GT(tsn, liste->tsn)) {
2064 * yep its past where we need to reset... go
2065 * ahead and queue it.
2067 if (TAILQ_EMPTY(&asoc->pending_reply_queue)) {
2069 TAILQ_INSERT_TAIL(&asoc->pending_reply_queue, control, next);
2071 struct sctp_queued_to_read *ctlOn,
2073 unsigned char inserted = 0;
2075 TAILQ_FOREACH_SAFE(ctlOn, &asoc->pending_reply_queue, next, nctlOn) {
2076 if (SCTP_TSN_GT(control->sinfo_tsn, ctlOn->sinfo_tsn)) {
2080 TAILQ_INSERT_BEFORE(ctlOn, control, next);
2085 if (inserted == 0) {
2087 * must be put at end, use
2088 * prevP (all setup from
2089 * loop) to setup nextP.
2091 TAILQ_INSERT_TAIL(&asoc->pending_reply_queue, control, next);
2095 sctp_queue_data_to_stream(stcb, asoc, control, abort_flag);
2102 /* Into the re-assembly queue */
2103 sctp_queue_data_for_reasm(stcb, asoc, chk, abort_flag);
2106 * the assoc is now gone and chk was put onto the
2107 * reasm queue, which has all been freed.
2114 if (tsn == (asoc->cumulative_tsn + 1)) {
2115 /* Update cum-ack */
2116 asoc->cumulative_tsn = tsn;
2122 SCTP_STAT_INCR_COUNTER64(sctps_inorderchunks);
2124 SCTP_STAT_INCR_COUNTER64(sctps_inunorderchunks);
2126 SCTP_STAT_INCR(sctps_recvdata);
2127 /* Set it present please */
2128 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
2129 sctp_log_strm_del_alt(stcb, tsn, strmseq, strmno, SCTP_STR_LOG_FROM_MARK_TSN);
2131 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2132 sctp_log_map(asoc->mapping_array_base_tsn, asoc->cumulative_tsn,
2133 asoc->highest_tsn_inside_map, SCTP_MAP_PREPARE_SLIDE);
2135 /* check the special flag for stream resets */
2136 if (((liste = TAILQ_FIRST(&asoc->resetHead)) != NULL) &&
2137 SCTP_TSN_GE(asoc->cumulative_tsn, liste->tsn)) {
2139 * we have finished working through the backlogged TSN's now
2140 * time to reset streams. 1: call reset function. 2: free
2141 * pending_reply space 3: distribute any chunks in
2142 * pending_reply_queue.
2144 struct sctp_queued_to_read *ctl, *nctl;
2146 sctp_reset_in_stream(stcb, liste->number_entries, liste->req.list_of_streams);
2147 TAILQ_REMOVE(&asoc->resetHead, liste, next_resp);
2148 SCTP_FREE(liste, SCTP_M_STRESET);
2149 /* sa_ignore FREED_MEMORY */
2150 liste = TAILQ_FIRST(&asoc->resetHead);
2151 if (TAILQ_EMPTY(&asoc->resetHead)) {
2152 /* All can be removed */
2153 TAILQ_FOREACH_SAFE(ctl, &asoc->pending_reply_queue, next, nctl) {
2154 TAILQ_REMOVE(&asoc->pending_reply_queue, ctl, next);
2155 sctp_queue_data_to_stream(stcb, asoc, ctl, abort_flag);
2161 TAILQ_FOREACH_SAFE(ctl, &asoc->pending_reply_queue, next, nctl) {
2162 if (SCTP_TSN_GT(ctl->sinfo_tsn, liste->tsn)) {
2166 * if ctl->sinfo_tsn is <= liste->tsn we can
2167 * process it which is the NOT of
2168 * ctl->sinfo_tsn > liste->tsn
2170 TAILQ_REMOVE(&asoc->pending_reply_queue, ctl, next);
2171 sctp_queue_data_to_stream(stcb, asoc, ctl, abort_flag);
2178 * Now service re-assembly to pick up anything that has been
2179 * held on reassembly queue?
2181 sctp_deliver_reasm_check(stcb, asoc);
2182 need_reasm_check = 0;
2184 if (need_reasm_check) {
2185 /* Another one waits ? */
2186 sctp_deliver_reasm_check(stcb, asoc);
2191 int8_t sctp_map_lookup_tab[256] = {
2192 0, 1, 0, 2, 0, 1, 0, 3,
2193 0, 1, 0, 2, 0, 1, 0, 4,
2194 0, 1, 0, 2, 0, 1, 0, 3,
2195 0, 1, 0, 2, 0, 1, 0, 5,
2196 0, 1, 0, 2, 0, 1, 0, 3,
2197 0, 1, 0, 2, 0, 1, 0, 4,
2198 0, 1, 0, 2, 0, 1, 0, 3,
2199 0, 1, 0, 2, 0, 1, 0, 6,
2200 0, 1, 0, 2, 0, 1, 0, 3,
2201 0, 1, 0, 2, 0, 1, 0, 4,
2202 0, 1, 0, 2, 0, 1, 0, 3,
2203 0, 1, 0, 2, 0, 1, 0, 5,
2204 0, 1, 0, 2, 0, 1, 0, 3,
2205 0, 1, 0, 2, 0, 1, 0, 4,
2206 0, 1, 0, 2, 0, 1, 0, 3,
2207 0, 1, 0, 2, 0, 1, 0, 7,
2208 0, 1, 0, 2, 0, 1, 0, 3,
2209 0, 1, 0, 2, 0, 1, 0, 4,
2210 0, 1, 0, 2, 0, 1, 0, 3,
2211 0, 1, 0, 2, 0, 1, 0, 5,
2212 0, 1, 0, 2, 0, 1, 0, 3,
2213 0, 1, 0, 2, 0, 1, 0, 4,
2214 0, 1, 0, 2, 0, 1, 0, 3,
2215 0, 1, 0, 2, 0, 1, 0, 6,
2216 0, 1, 0, 2, 0, 1, 0, 3,
2217 0, 1, 0, 2, 0, 1, 0, 4,
2218 0, 1, 0, 2, 0, 1, 0, 3,
2219 0, 1, 0, 2, 0, 1, 0, 5,
2220 0, 1, 0, 2, 0, 1, 0, 3,
2221 0, 1, 0, 2, 0, 1, 0, 4,
2222 0, 1, 0, 2, 0, 1, 0, 3,
2223 0, 1, 0, 2, 0, 1, 0, 8
2228 sctp_slide_mapping_arrays(struct sctp_tcb *stcb)
2231 * Now we also need to check the mapping array in a couple of ways.
2232 * 1) Did we move the cum-ack point?
2234 * When you first glance at this you might think that all entries that
2235 * make up the postion of the cum-ack would be in the nr-mapping
2236 * array only.. i.e. things up to the cum-ack are always
2237 * deliverable. Thats true with one exception, when its a fragmented
2238 * message we may not deliver the data until some threshold (or all
2239 * of it) is in place. So we must OR the nr_mapping_array and
2240 * mapping_array to get a true picture of the cum-ack.
2242 struct sctp_association *asoc;
2245 int slide_from, slide_end, lgap, distance;
2246 uint32_t old_cumack, old_base, old_highest, highest_tsn;
2250 old_cumack = asoc->cumulative_tsn;
2251 old_base = asoc->mapping_array_base_tsn;
2252 old_highest = asoc->highest_tsn_inside_map;
2254 * We could probably improve this a small bit by calculating the
2255 * offset of the current cum-ack as the starting point.
2258 for (slide_from = 0; slide_from < stcb->asoc.mapping_array_size; slide_from++) {
2259 val = asoc->nr_mapping_array[slide_from] | asoc->mapping_array[slide_from];
2263 /* there is a 0 bit */
2264 at += sctp_map_lookup_tab[val];
2268 asoc->cumulative_tsn = asoc->mapping_array_base_tsn + (at - 1);
2270 if (SCTP_TSN_GT(asoc->cumulative_tsn, asoc->highest_tsn_inside_map) &&
2271 SCTP_TSN_GT(asoc->cumulative_tsn, asoc->highest_tsn_inside_nr_map)) {
2273 panic("huh, cumack 0x%x greater than high-tsn 0x%x in map",
2274 asoc->cumulative_tsn, asoc->highest_tsn_inside_map);
2276 SCTP_PRINTF("huh, cumack 0x%x greater than high-tsn 0x%x in map - should panic?\n",
2277 asoc->cumulative_tsn, asoc->highest_tsn_inside_map);
2278 sctp_print_mapping_array(asoc);
2279 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2280 sctp_log_map(0, 6, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
2282 asoc->highest_tsn_inside_map = asoc->cumulative_tsn;
2283 asoc->highest_tsn_inside_nr_map = asoc->cumulative_tsn;
2286 if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->highest_tsn_inside_map)) {
2287 highest_tsn = asoc->highest_tsn_inside_nr_map;
2289 highest_tsn = asoc->highest_tsn_inside_map;
2291 if ((asoc->cumulative_tsn == highest_tsn) && (at >= 8)) {
2292 /* The complete array was completed by a single FR */
2293 /* highest becomes the cum-ack */
2301 /* clear the array */
2302 clr = ((at + 7) >> 3);
2303 if (clr > asoc->mapping_array_size) {
2304 clr = asoc->mapping_array_size;
2306 memset(asoc->mapping_array, 0, clr);
2307 memset(asoc->nr_mapping_array, 0, clr);
2309 for (i = 0; i < asoc->mapping_array_size; i++) {
2310 if ((asoc->mapping_array[i]) || (asoc->nr_mapping_array[i])) {
2311 SCTP_PRINTF("Error Mapping array's not clean at clear\n");
2312 sctp_print_mapping_array(asoc);
2316 asoc->mapping_array_base_tsn = asoc->cumulative_tsn + 1;
2317 asoc->highest_tsn_inside_nr_map = asoc->highest_tsn_inside_map = asoc->cumulative_tsn;
2318 } else if (at >= 8) {
2319 /* we can slide the mapping array down */
2320 /* slide_from holds where we hit the first NON 0xff byte */
2323 * now calculate the ceiling of the move using our highest
2326 SCTP_CALC_TSN_TO_GAP(lgap, highest_tsn, asoc->mapping_array_base_tsn);
2327 slide_end = (lgap >> 3);
2328 if (slide_end < slide_from) {
2329 sctp_print_mapping_array(asoc);
2331 panic("impossible slide");
2333 SCTP_PRINTF("impossible slide lgap:%x slide_end:%x slide_from:%x? at:%d\n",
2334 lgap, slide_end, slide_from, at);
2338 if (slide_end > asoc->mapping_array_size) {
2340 panic("would overrun buffer");
2342 SCTP_PRINTF("Gak, would have overrun map end:%d slide_end:%d\n",
2343 asoc->mapping_array_size, slide_end);
2344 slide_end = asoc->mapping_array_size;
2347 distance = (slide_end - slide_from) + 1;
2348 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2349 sctp_log_map(old_base, old_cumack, old_highest,
2350 SCTP_MAP_PREPARE_SLIDE);
2351 sctp_log_map((uint32_t) slide_from, (uint32_t) slide_end,
2352 (uint32_t) lgap, SCTP_MAP_SLIDE_FROM);
2354 if (distance + slide_from > asoc->mapping_array_size ||
2357 * Here we do NOT slide forward the array so that
2358 * hopefully when more data comes in to fill it up
2359 * we will be able to slide it forward. Really I
2360 * don't think this should happen :-0
2363 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2364 sctp_log_map((uint32_t) distance, (uint32_t) slide_from,
2365 (uint32_t) asoc->mapping_array_size,
2366 SCTP_MAP_SLIDE_NONE);
2371 for (ii = 0; ii < distance; ii++) {
2372 asoc->mapping_array[ii] = asoc->mapping_array[slide_from + ii];
2373 asoc->nr_mapping_array[ii] = asoc->nr_mapping_array[slide_from + ii];
2376 for (ii = distance; ii < asoc->mapping_array_size; ii++) {
2377 asoc->mapping_array[ii] = 0;
2378 asoc->nr_mapping_array[ii] = 0;
2380 if (asoc->highest_tsn_inside_map + 1 == asoc->mapping_array_base_tsn) {
2381 asoc->highest_tsn_inside_map += (slide_from << 3);
2383 if (asoc->highest_tsn_inside_nr_map + 1 == asoc->mapping_array_base_tsn) {
2384 asoc->highest_tsn_inside_nr_map += (slide_from << 3);
2386 asoc->mapping_array_base_tsn += (slide_from << 3);
2387 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2388 sctp_log_map(asoc->mapping_array_base_tsn,
2389 asoc->cumulative_tsn, asoc->highest_tsn_inside_map,
2390 SCTP_MAP_SLIDE_RESULT);
2397 sctp_sack_check(struct sctp_tcb *stcb, int was_a_gap)
2399 struct sctp_association *asoc;
2400 uint32_t highest_tsn;
2403 if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->highest_tsn_inside_map)) {
2404 highest_tsn = asoc->highest_tsn_inside_nr_map;
2406 highest_tsn = asoc->highest_tsn_inside_map;
2410 * Now we need to see if we need to queue a sack or just start the
2411 * timer (if allowed).
2413 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) {
2415 * Ok special case, in SHUTDOWN-SENT case. here we maker
2416 * sure SACK timer is off and instead send a SHUTDOWN and a
2419 if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) {
2420 sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
2421 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_INDATA + SCTP_LOC_18);
2423 sctp_send_shutdown(stcb,
2424 ((stcb->asoc.alternate) ? stcb->asoc.alternate : stcb->asoc.primary_destination));
2425 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED);
2429 /* is there a gap now ? */
2430 is_a_gap = SCTP_TSN_GT(highest_tsn, stcb->asoc.cumulative_tsn);
2433 * CMT DAC algorithm: increase number of packets received
2436 stcb->asoc.cmt_dac_pkts_rcvd++;
2438 if ((stcb->asoc.send_sack == 1) || /* We need to send a
2440 ((was_a_gap) && (is_a_gap == 0)) || /* was a gap, but no
2442 (stcb->asoc.numduptsns) || /* we have dup's */
2443 (is_a_gap) || /* is still a gap */
2444 (stcb->asoc.delayed_ack == 0) || /* Delayed sack disabled */
2445 (stcb->asoc.data_pkts_seen >= stcb->asoc.sack_freq) /* hit limit of pkts */
2448 if ((stcb->asoc.sctp_cmt_on_off > 0) &&
2449 (SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) &&
2450 (stcb->asoc.send_sack == 0) &&
2451 (stcb->asoc.numduptsns == 0) &&
2452 (stcb->asoc.delayed_ack) &&
2453 (!SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer))) {
2456 * CMT DAC algorithm: With CMT, delay acks
2457 * even in the face of
2459 * reordering. Therefore, if acks that do not
2460 * have to be sent because of the above
2461 * reasons, will be delayed. That is, acks
2462 * that would have been sent due to gap
2463 * reports will be delayed with DAC. Start
2464 * the delayed ack timer.
2466 sctp_timer_start(SCTP_TIMER_TYPE_RECV,
2467 stcb->sctp_ep, stcb, NULL);
2470 * Ok we must build a SACK since the timer
2471 * is pending, we got our first packet OR
2472 * there are gaps or duplicates.
2474 (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer);
2475 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED);
2478 if (!SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) {
2479 sctp_timer_start(SCTP_TIMER_TYPE_RECV,
2480 stcb->sctp_ep, stcb, NULL);
2487 sctp_service_queues(struct sctp_tcb *stcb, struct sctp_association *asoc)
2489 struct sctp_tmit_chunk *chk;
2490 uint32_t tsize, pd_point;
2493 if (asoc->fragmented_delivery_inprogress) {
2494 sctp_service_reassembly(stcb, asoc);
2496 /* Can we proceed further, i.e. the PD-API is complete */
2497 if (asoc->fragmented_delivery_inprogress) {
2502 * Now is there some other chunk I can deliver from the reassembly
2506 chk = TAILQ_FIRST(&asoc->reasmqueue);
2508 asoc->size_on_reasm_queue = 0;
2509 asoc->cnt_on_reasm_queue = 0;
2512 nxt_todel = asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered + 1;
2513 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) &&
2514 ((nxt_todel == chk->rec.data.stream_seq) ||
2515 (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED))) {
2517 * Yep the first one is here. We setup to start reception,
2518 * by backing down the TSN just in case we can't deliver.
2522 * Before we start though either all of the message should
2523 * be here or the socket buffer max or nothing on the
2524 * delivery queue and something can be delivered.
2526 if (stcb->sctp_socket) {
2527 pd_point = min(SCTP_SB_LIMIT_RCV(stcb->sctp_socket),
2528 stcb->sctp_ep->partial_delivery_point);
2530 pd_point = stcb->sctp_ep->partial_delivery_point;
2532 if (sctp_is_all_msg_on_reasm(asoc, &tsize) || (tsize >= pd_point)) {
2533 asoc->fragmented_delivery_inprogress = 1;
2534 asoc->tsn_last_delivered = chk->rec.data.TSN_seq - 1;
2535 asoc->str_of_pdapi = chk->rec.data.stream_number;
2536 asoc->ssn_of_pdapi = chk->rec.data.stream_seq;
2537 asoc->pdapi_ppid = chk->rec.data.payloadtype;
2538 asoc->fragment_flags = chk->rec.data.rcv_flags;
2539 sctp_service_reassembly(stcb, asoc);
2540 if (asoc->fragmented_delivery_inprogress == 0) {
2548 sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length,
2549 struct sctphdr *sh, struct sctp_inpcb *inp, struct sctp_tcb *stcb,
2550 struct sctp_nets *net, uint32_t * high_tsn)
2552 struct sctp_data_chunk *ch, chunk_buf;
2553 struct sctp_association *asoc;
2554 int num_chunks = 0; /* number of control chunks processed */
2556 int chk_length, break_flag, last_chunk;
2557 int abort_flag = 0, was_a_gap;
2559 uint32_t highest_tsn;
2562 sctp_set_rwnd(stcb, &stcb->asoc);
2565 SCTP_TCB_LOCK_ASSERT(stcb);
2567 if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->highest_tsn_inside_map)) {
2568 highest_tsn = asoc->highest_tsn_inside_nr_map;
2570 highest_tsn = asoc->highest_tsn_inside_map;
2572 was_a_gap = SCTP_TSN_GT(highest_tsn, stcb->asoc.cumulative_tsn);
2574 * setup where we got the last DATA packet from for any SACK that
2575 * may need to go out. Don't bump the net. This is done ONLY when a
2576 * chunk is assigned.
2578 asoc->last_data_chunk_from = net;
2581 * Now before we proceed we must figure out if this is a wasted
2582 * cluster... i.e. it is a small packet sent in and yet the driver
2583 * underneath allocated a full cluster for it. If so we must copy it
2584 * to a smaller mbuf and free up the cluster mbuf. This will help
2585 * with cluster starvation. Note for __Panda__ we don't do this
2586 * since it has clusters all the way down to 64 bytes.
2588 if (SCTP_BUF_LEN(m) < (long)MLEN && SCTP_BUF_NEXT(m) == NULL) {
2589 /* we only handle mbufs that are singletons.. not chains */
2590 m = sctp_get_mbuf_for_msg(SCTP_BUF_LEN(m), 0, M_DONTWAIT, 1, MT_DATA);
2592 /* ok lets see if we can copy the data up */
2595 /* get the pointers and copy */
2596 to = mtod(m, caddr_t *);
2597 from = mtod((*mm), caddr_t *);
2598 memcpy(to, from, SCTP_BUF_LEN((*mm)));
2599 /* copy the length and free up the old */
2600 SCTP_BUF_LEN(m) = SCTP_BUF_LEN((*mm));
2602 /* sucess, back copy */
2605 /* We are in trouble in the mbuf world .. yikes */
2609 /* get pointer to the first chunk header */
2610 ch = (struct sctp_data_chunk *)sctp_m_getptr(m, *offset,
2611 sizeof(struct sctp_data_chunk), (uint8_t *) & chunk_buf);
2616 * process all DATA chunks...
2618 *high_tsn = asoc->cumulative_tsn;
2620 asoc->data_pkts_seen++;
2621 while (stop_proc == 0) {
2622 /* validate chunk length */
2623 chk_length = ntohs(ch->ch.chunk_length);
2624 if (length - *offset < chk_length) {
2625 /* all done, mutulated chunk */
2629 if (ch->ch.chunk_type == SCTP_DATA) {
2630 if ((size_t)chk_length < sizeof(struct sctp_data_chunk) + 1) {
2632 * Need to send an abort since we had a
2633 * invalid data chunk.
2635 struct mbuf *op_err;
2637 op_err = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 2 * sizeof(uint32_t)),
2638 0, M_DONTWAIT, 1, MT_DATA);
2641 struct sctp_paramhdr *ph;
2644 SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr) +
2645 (2 * sizeof(uint32_t));
2646 ph = mtod(op_err, struct sctp_paramhdr *);
2648 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
2649 ph->param_length = htons(SCTP_BUF_LEN(op_err));
2650 ippp = (uint32_t *) (ph + 1);
2651 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_19);
2653 *ippp = asoc->cumulative_tsn;
2656 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_19;
2657 sctp_abort_association(inp, stcb, m, iphlen, sh,
2658 op_err, 0, net->port);
2661 #ifdef SCTP_AUDITING_ENABLED
2662 sctp_audit_log(0xB1, 0);
2664 if (SCTP_SIZE32(chk_length) == (length - *offset)) {
2669 if (sctp_process_a_data_chunk(stcb, asoc, mm, *offset, ch,
2670 chk_length, net, high_tsn, &abort_flag, &break_flag,
2679 * Set because of out of rwnd space and no
2680 * drop rep space left.
2686 /* not a data chunk in the data region */
2687 switch (ch->ch.chunk_type) {
2688 case SCTP_INITIATION:
2689 case SCTP_INITIATION_ACK:
2690 case SCTP_SELECTIVE_ACK:
2691 case SCTP_NR_SELECTIVE_ACK:
2692 case SCTP_HEARTBEAT_REQUEST:
2693 case SCTP_HEARTBEAT_ACK:
2694 case SCTP_ABORT_ASSOCIATION:
2696 case SCTP_SHUTDOWN_ACK:
2697 case SCTP_OPERATION_ERROR:
2698 case SCTP_COOKIE_ECHO:
2699 case SCTP_COOKIE_ACK:
2702 case SCTP_SHUTDOWN_COMPLETE:
2703 case SCTP_AUTHENTICATION:
2704 case SCTP_ASCONF_ACK:
2705 case SCTP_PACKET_DROPPED:
2706 case SCTP_STREAM_RESET:
2707 case SCTP_FORWARD_CUM_TSN:
2710 * Now, what do we do with KNOWN chunks that
2711 * are NOT in the right place?
2713 * For now, I do nothing but ignore them. We
2714 * may later want to add sysctl stuff to
2715 * switch out and do either an ABORT() or
2716 * possibly process them.
2718 if (SCTP_BASE_SYSCTL(sctp_strict_data_order)) {
2719 struct mbuf *op_err;
2721 op_err = sctp_generate_invmanparam(SCTP_CAUSE_PROTOCOL_VIOLATION);
2722 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err, 0, net->port);
2727 /* unknown chunk type, use bit rules */
2728 if (ch->ch.chunk_type & 0x40) {
2729 /* Add a error report to the queue */
2731 struct sctp_paramhdr *phd;
2733 merr = sctp_get_mbuf_for_msg(sizeof(*phd), 0, M_DONTWAIT, 1, MT_DATA);
2735 phd = mtod(merr, struct sctp_paramhdr *);
2737 * We cheat and use param
2738 * type since we did not
2739 * bother to define a error
2740 * cause struct. They are
2741 * the same basic format
2742 * with different names.
2745 htons(SCTP_CAUSE_UNRECOG_CHUNK);
2747 htons(chk_length + sizeof(*phd));
2748 SCTP_BUF_LEN(merr) = sizeof(*phd);
2749 SCTP_BUF_NEXT(merr) = SCTP_M_COPYM(m, *offset, chk_length, M_DONTWAIT);
2750 if (SCTP_BUF_NEXT(merr)) {
2751 if (sctp_pad_lastmbuf(SCTP_BUF_NEXT(merr), SCTP_SIZE32(chk_length) - chk_length, NULL)) {
2754 sctp_queue_op_err(stcb, merr);
2761 if ((ch->ch.chunk_type & 0x80) == 0) {
2762 /* discard the rest of this packet */
2764 } /* else skip this bad chunk and
2767 } /* switch of chunk type */
2769 *offset += SCTP_SIZE32(chk_length);
2770 if ((*offset >= length) || stop_proc) {
2771 /* no more data left in the mbuf chain */
2775 ch = (struct sctp_data_chunk *)sctp_m_getptr(m, *offset,
2776 sizeof(struct sctp_data_chunk), (uint8_t *) & chunk_buf);
2785 * we need to report rwnd overrun drops.
2787 sctp_send_packet_dropped(stcb, net, *mm, iphlen, 0);
2791 * Did we get data, if so update the time for auto-close and
2792 * give peer credit for being alive.
2794 SCTP_STAT_INCR(sctps_recvpktwithdata);
2795 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
2796 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
2797 stcb->asoc.overall_error_count,
2799 SCTP_FROM_SCTP_INDATA,
2802 stcb->asoc.overall_error_count = 0;
2803 (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_last_rcvd);
2805 /* now service all of the reassm queue if needed */
2806 if (!(TAILQ_EMPTY(&asoc->reasmqueue)))
2807 sctp_service_queues(stcb, asoc);
2809 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) {
2810 /* Assure that we ack right away */
2811 stcb->asoc.send_sack = 1;
2813 /* Start a sack timer or QUEUE a SACK for sending */
2814 sctp_sack_check(stcb, was_a_gap);
2819 sctp_process_segment_range(struct sctp_tcb *stcb, struct sctp_tmit_chunk **p_tp1, uint32_t last_tsn,
2820 uint16_t frag_strt, uint16_t frag_end, int nr_sacking,
2822 uint32_t * biggest_newly_acked_tsn,
2823 uint32_t * this_sack_lowest_newack,
2826 struct sctp_tmit_chunk *tp1;
2827 unsigned int theTSN;
2828 int j, wake_him = 0, circled = 0;
2830 /* Recover the tp1 we last saw */
2833 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
2835 for (j = frag_strt; j <= frag_end; j++) {
2836 theTSN = j + last_tsn;
2838 if (tp1->rec.data.doing_fast_retransmit)
2842 * CMT: CUCv2 algorithm. For each TSN being
2843 * processed from the sent queue, track the
2844 * next expected pseudo-cumack, or
2845 * rtx_pseudo_cumack, if required. Separate
2846 * cumack trackers for first transmissions,
2847 * and retransmissions.
2849 if ((tp1->whoTo->find_pseudo_cumack == 1) && (tp1->sent < SCTP_DATAGRAM_RESEND) &&
2850 (tp1->snd_count == 1)) {
2851 tp1->whoTo->pseudo_cumack = tp1->rec.data.TSN_seq;
2852 tp1->whoTo->find_pseudo_cumack = 0;
2854 if ((tp1->whoTo->find_rtx_pseudo_cumack == 1) && (tp1->sent < SCTP_DATAGRAM_RESEND) &&
2855 (tp1->snd_count > 1)) {
2856 tp1->whoTo->rtx_pseudo_cumack = tp1->rec.data.TSN_seq;
2857 tp1->whoTo->find_rtx_pseudo_cumack = 0;
2859 if (tp1->rec.data.TSN_seq == theTSN) {
2860 if (tp1->sent != SCTP_DATAGRAM_UNSENT) {
2862 * must be held until
2865 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
2867 * If it is less than RESEND, it is
2868 * now no-longer in flight.
2869 * Higher values may already be set
2870 * via previous Gap Ack Blocks...
2871 * i.e. ACKED or RESEND.
2873 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq,
2874 *biggest_newly_acked_tsn)) {
2875 *biggest_newly_acked_tsn = tp1->rec.data.TSN_seq;
2878 * CMT: SFR algo (and HTNA) - set
2879 * saw_newack to 1 for dest being
2880 * newly acked. update
2881 * this_sack_highest_newack if
2884 if (tp1->rec.data.chunk_was_revoked == 0)
2885 tp1->whoTo->saw_newack = 1;
2887 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq,
2888 tp1->whoTo->this_sack_highest_newack)) {
2889 tp1->whoTo->this_sack_highest_newack =
2890 tp1->rec.data.TSN_seq;
2893 * CMT DAC algo: also update
2894 * this_sack_lowest_newack
2896 if (*this_sack_lowest_newack == 0) {
2897 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
2898 sctp_log_sack(*this_sack_lowest_newack,
2900 tp1->rec.data.TSN_seq,
2903 SCTP_LOG_TSN_ACKED);
2905 *this_sack_lowest_newack = tp1->rec.data.TSN_seq;
2908 * CMT: CUCv2 algorithm. If (rtx-)pseudo-cumack for corresp
2909 * dest is being acked, then we have a new (rtx-)pseudo-cumack. Set
2910 * new_(rtx_)pseudo_cumack to TRUE so that the cwnd for this dest can be
2911 * updated. Also trigger search for the next expected (rtx-)pseudo-cumack.
2912 * Separate pseudo_cumack trackers for first transmissions and
2915 if (tp1->rec.data.TSN_seq == tp1->whoTo->pseudo_cumack) {
2916 if (tp1->rec.data.chunk_was_revoked == 0) {
2917 tp1->whoTo->new_pseudo_cumack = 1;
2919 tp1->whoTo->find_pseudo_cumack = 1;
2921 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
2922 sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.TSN_seq, SCTP_CWND_LOG_FROM_SACK);
2924 if (tp1->rec.data.TSN_seq == tp1->whoTo->rtx_pseudo_cumack) {
2925 if (tp1->rec.data.chunk_was_revoked == 0) {
2926 tp1->whoTo->new_pseudo_cumack = 1;
2928 tp1->whoTo->find_rtx_pseudo_cumack = 1;
2930 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
2931 sctp_log_sack(*biggest_newly_acked_tsn,
2933 tp1->rec.data.TSN_seq,
2936 SCTP_LOG_TSN_ACKED);
2938 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
2939 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_GAP,
2940 tp1->whoTo->flight_size,
2942 (uintptr_t) tp1->whoTo,
2943 tp1->rec.data.TSN_seq);
2945 sctp_flight_size_decrease(tp1);
2946 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
2947 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
2950 sctp_total_flight_decrease(stcb, tp1);
2952 tp1->whoTo->net_ack += tp1->send_size;
2953 if (tp1->snd_count < 2) {
2955 * True non-retransmited chunk
2957 tp1->whoTo->net_ack2 += tp1->send_size;
2965 sctp_calculate_rto(stcb,
2968 &tp1->sent_rcv_time,
2969 sctp_align_safe_nocopy,
2970 SCTP_RTT_FROM_DATA);
2973 if (tp1->whoTo->rto_needed == 0) {
2974 tp1->whoTo->rto_needed = 1;
2980 if (tp1->sent <= SCTP_DATAGRAM_RESEND) {
2981 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq,
2982 stcb->asoc.this_sack_highest_gap)) {
2983 stcb->asoc.this_sack_highest_gap =
2984 tp1->rec.data.TSN_seq;
2986 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
2987 sctp_ucount_decr(stcb->asoc.sent_queue_retran_cnt);
2988 #ifdef SCTP_AUDITING_ENABLED
2989 sctp_audit_log(0xB2,
2990 (stcb->asoc.sent_queue_retran_cnt & 0x000000ff));
2995 * All chunks NOT UNSENT fall through here and are marked
2996 * (leave PR-SCTP ones that are to skip alone though)
2998 if (tp1->sent != SCTP_FORWARD_TSN_SKIP)
2999 tp1->sent = SCTP_DATAGRAM_MARKED;
3001 if (tp1->rec.data.chunk_was_revoked) {
3002 /* deflate the cwnd */
3003 tp1->whoTo->cwnd -= tp1->book_size;
3004 tp1->rec.data.chunk_was_revoked = 0;
3006 /* NR Sack code here */
3013 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1);
3014 sctp_m_freem(tp1->data);
3021 } /* if (tp1->TSN_seq == theTSN) */
3022 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, theTSN)) {
3025 tp1 = TAILQ_NEXT(tp1, sctp_next);
3026 if ((tp1 == NULL) && (circled == 0)) {
3028 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
3030 } /* end while (tp1) */
3033 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
3035 /* In case the fragments were not in order we must reset */
3036 } /* end for (j = fragStart */
3038 return (wake_him); /* Return value only used for nr-sack */
3043 sctp_handle_segments(struct mbuf *m, int *offset, struct sctp_tcb *stcb, struct sctp_association *asoc,
3044 uint32_t last_tsn, uint32_t * biggest_tsn_acked,
3045 uint32_t * biggest_newly_acked_tsn, uint32_t * this_sack_lowest_newack,
3046 int num_seg, int num_nr_seg, int *rto_ok)
3048 struct sctp_gap_ack_block *frag, block;
3049 struct sctp_tmit_chunk *tp1;
3054 uint16_t frag_strt, frag_end, prev_frag_end;
3056 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3060 for (i = 0; i < (num_seg + num_nr_seg); i++) {
3063 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3065 frag = (struct sctp_gap_ack_block *)sctp_m_getptr(m, *offset,
3066 sizeof(struct sctp_gap_ack_block), (uint8_t *) & block);
3067 *offset += sizeof(block);
3069 return (chunk_freed);
3071 frag_strt = ntohs(frag->start);
3072 frag_end = ntohs(frag->end);
3074 if (frag_strt > frag_end) {
3075 /* This gap report is malformed, skip it. */
3078 if (frag_strt <= prev_frag_end) {
3079 /* This gap report is not in order, so restart. */
3080 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3082 if (SCTP_TSN_GT((last_tsn + frag_end), *biggest_tsn_acked)) {
3083 *biggest_tsn_acked = last_tsn + frag_end;
3090 if (sctp_process_segment_range(stcb, &tp1, last_tsn, frag_strt, frag_end,
3091 non_revocable, &num_frs, biggest_newly_acked_tsn,
3092 this_sack_lowest_newack, rto_ok)) {
3095 prev_frag_end = frag_end;
3097 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3099 sctp_log_fr(*biggest_tsn_acked,
3100 *biggest_newly_acked_tsn,
3101 last_tsn, SCTP_FR_LOG_BIGGEST_TSNS);
3103 return (chunk_freed);
3107 sctp_check_for_revoked(struct sctp_tcb *stcb,
3108 struct sctp_association *asoc, uint32_t cumack,
3109 uint32_t biggest_tsn_acked)
3111 struct sctp_tmit_chunk *tp1;
3112 int tot_revoked = 0;
3114 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
3115 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, cumack)) {
3117 * ok this guy is either ACK or MARKED. If it is
3118 * ACKED it has been previously acked but not this
3119 * time i.e. revoked. If it is MARKED it was ACK'ed
3122 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, biggest_tsn_acked)) {
3125 if (tp1->sent == SCTP_DATAGRAM_ACKED) {
3126 /* it has been revoked */
3127 tp1->sent = SCTP_DATAGRAM_SENT;
3128 tp1->rec.data.chunk_was_revoked = 1;
3130 * We must add this stuff back in to assure
3131 * timers and such get started.
3133 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3134 sctp_misc_ints(SCTP_FLIGHT_LOG_UP_REVOKE,
3135 tp1->whoTo->flight_size,
3137 (uintptr_t) tp1->whoTo,
3138 tp1->rec.data.TSN_seq);
3140 sctp_flight_size_increase(tp1);
3141 sctp_total_flight_increase(stcb, tp1);
3143 * We inflate the cwnd to compensate for our
3144 * artificial inflation of the flight_size.
3146 tp1->whoTo->cwnd += tp1->book_size;
3148 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
3149 sctp_log_sack(asoc->last_acked_seq,
3151 tp1->rec.data.TSN_seq,
3154 SCTP_LOG_TSN_REVOKED);
3156 } else if (tp1->sent == SCTP_DATAGRAM_MARKED) {
3157 /* it has been re-acked in this SACK */
3158 tp1->sent = SCTP_DATAGRAM_ACKED;
3161 if (tp1->sent == SCTP_DATAGRAM_UNSENT)
3168 sctp_strike_gap_ack_chunks(struct sctp_tcb *stcb, struct sctp_association *asoc,
3169 uint32_t biggest_tsn_acked, uint32_t biggest_tsn_newly_acked, uint32_t this_sack_lowest_newack, int accum_moved)
3171 struct sctp_tmit_chunk *tp1;
3172 int strike_flag = 0;
3174 int tot_retrans = 0;
3175 uint32_t sending_seq;
3176 struct sctp_nets *net;
3177 int num_dests_sacked = 0;
3180 * select the sending_seq, this is either the next thing ready to be
3181 * sent but not transmitted, OR, the next seq we assign.
3183 tp1 = TAILQ_FIRST(&stcb->asoc.send_queue);
3185 sending_seq = asoc->sending_seq;
3187 sending_seq = tp1->rec.data.TSN_seq;
3190 /* CMT DAC algo: finding out if SACK is a mixed SACK */
3191 if ((asoc->sctp_cmt_on_off > 0) &&
3192 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3193 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
3194 if (net->saw_newack)
3198 if (stcb->asoc.peer_supports_prsctp) {
3199 (void)SCTP_GETTIME_TIMEVAL(&now);
3201 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
3203 if (tp1->no_fr_allowed) {
3204 /* this one had a timeout or something */
3207 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3208 if (tp1->sent < SCTP_DATAGRAM_RESEND)
3209 sctp_log_fr(biggest_tsn_newly_acked,
3210 tp1->rec.data.TSN_seq,
3212 SCTP_FR_LOG_CHECK_STRIKE);
3214 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, biggest_tsn_acked) ||
3215 tp1->sent == SCTP_DATAGRAM_UNSENT) {
3219 if (stcb->asoc.peer_supports_prsctp) {
3220 if ((PR_SCTP_TTL_ENABLED(tp1->flags)) && tp1->sent < SCTP_DATAGRAM_ACKED) {
3221 /* Is it expired? */
3222 if (timevalcmp(&now, &tp1->rec.data.timetodrop, >)) {
3223 /* Yes so drop it */
3224 if (tp1->data != NULL) {
3225 (void)sctp_release_pr_sctp_chunk(stcb, tp1,
3226 (SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_SENT),
3227 SCTP_SO_NOT_LOCKED);
3233 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, asoc->this_sack_highest_gap)) {
3234 /* we are beyond the tsn in the sack */
3237 if (tp1->sent >= SCTP_DATAGRAM_RESEND) {
3238 /* either a RESEND, ACKED, or MARKED */
3240 if (tp1->sent == SCTP_FORWARD_TSN_SKIP) {
3241 /* Continue strikin FWD-TSN chunks */
3242 tp1->rec.data.fwd_tsn_cnt++;
3247 * CMT : SFR algo (covers part of DAC and HTNA as well)
3249 if (tp1->whoTo && tp1->whoTo->saw_newack == 0) {
3251 * No new acks were receieved for data sent to this
3252 * dest. Therefore, according to the SFR algo for
3253 * CMT, no data sent to this dest can be marked for
3254 * FR using this SACK.
3257 } else if (tp1->whoTo && SCTP_TSN_GT(tp1->rec.data.TSN_seq,
3258 tp1->whoTo->this_sack_highest_newack)) {
3260 * CMT: New acks were receieved for data sent to
3261 * this dest. But no new acks were seen for data
3262 * sent after tp1. Therefore, according to the SFR
3263 * algo for CMT, tp1 cannot be marked for FR using
3264 * this SACK. This step covers part of the DAC algo
3265 * and the HTNA algo as well.
3270 * Here we check to see if we were have already done a FR
3271 * and if so we see if the biggest TSN we saw in the sack is
3272 * smaller than the recovery point. If so we don't strike
3273 * the tsn... otherwise we CAN strike the TSN.
3276 * @@@ JRI: Check for CMT if (accum_moved &&
3277 * asoc->fast_retran_loss_recovery && (sctp_cmt_on_off ==
3280 if (accum_moved && asoc->fast_retran_loss_recovery) {
3282 * Strike the TSN if in fast-recovery and cum-ack
3285 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3286 sctp_log_fr(biggest_tsn_newly_acked,
3287 tp1->rec.data.TSN_seq,
3289 SCTP_FR_LOG_STRIKE_CHUNK);
3291 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3294 if ((asoc->sctp_cmt_on_off > 0) &&
3295 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3297 * CMT DAC algorithm: If SACK flag is set to
3298 * 0, then lowest_newack test will not pass
3299 * because it would have been set to the
3300 * cumack earlier. If not already to be
3301 * rtx'd, If not a mixed sack and if tp1 is
3302 * not between two sacked TSNs, then mark by
3303 * one more. NOTE that we are marking by one
3304 * additional time since the SACK DAC flag
3305 * indicates that two packets have been
3306 * received after this missing TSN.
3308 if ((tp1->sent < SCTP_DATAGRAM_RESEND) && (num_dests_sacked == 1) &&
3309 SCTP_TSN_GT(this_sack_lowest_newack, tp1->rec.data.TSN_seq)) {
3310 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3311 sctp_log_fr(16 + num_dests_sacked,
3312 tp1->rec.data.TSN_seq,
3314 SCTP_FR_LOG_STRIKE_CHUNK);
3319 } else if ((tp1->rec.data.doing_fast_retransmit) &&
3320 (asoc->sctp_cmt_on_off == 0)) {
3322 * For those that have done a FR we must take
3323 * special consideration if we strike. I.e the
3324 * biggest_newly_acked must be higher than the
3325 * sending_seq at the time we did the FR.
3328 #ifdef SCTP_FR_TO_ALTERNATE
3330 * If FR's go to new networks, then we must only do
3331 * this for singly homed asoc's. However if the FR's
3332 * go to the same network (Armando's work) then its
3333 * ok to FR multiple times.
3341 if (SCTP_TSN_GE(biggest_tsn_newly_acked,
3342 tp1->rec.data.fast_retran_tsn)) {
3344 * Strike the TSN, since this ack is
3345 * beyond where things were when we
3348 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3349 sctp_log_fr(biggest_tsn_newly_acked,
3350 tp1->rec.data.TSN_seq,
3352 SCTP_FR_LOG_STRIKE_CHUNK);
3354 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3358 if ((asoc->sctp_cmt_on_off > 0) &&
3359 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3361 * CMT DAC algorithm: If
3362 * SACK flag is set to 0,
3363 * then lowest_newack test
3364 * will not pass because it
3365 * would have been set to
3366 * the cumack earlier. If
3367 * not already to be rtx'd,
3368 * If not a mixed sack and
3369 * if tp1 is not between two
3370 * sacked TSNs, then mark by
3371 * one more. NOTE that we
3372 * are marking by one
3373 * additional time since the
3374 * SACK DAC flag indicates
3375 * that two packets have
3376 * been received after this
3379 if ((tp1->sent < SCTP_DATAGRAM_RESEND) &&
3380 (num_dests_sacked == 1) &&
3381 SCTP_TSN_GT(this_sack_lowest_newack,
3382 tp1->rec.data.TSN_seq)) {
3383 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3384 sctp_log_fr(32 + num_dests_sacked,
3385 tp1->rec.data.TSN_seq,
3387 SCTP_FR_LOG_STRIKE_CHUNK);
3389 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3397 * JRI: TODO: remove code for HTNA algo. CMT's SFR
3400 } else if (SCTP_TSN_GT(tp1->rec.data.TSN_seq,
3401 biggest_tsn_newly_acked)) {
3403 * We don't strike these: This is the HTNA
3404 * algorithm i.e. we don't strike If our TSN is
3405 * larger than the Highest TSN Newly Acked.
3409 /* Strike the TSN */
3410 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3411 sctp_log_fr(biggest_tsn_newly_acked,
3412 tp1->rec.data.TSN_seq,
3414 SCTP_FR_LOG_STRIKE_CHUNK);
3416 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3419 if ((asoc->sctp_cmt_on_off > 0) &&
3420 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3422 * CMT DAC algorithm: If SACK flag is set to
3423 * 0, then lowest_newack test will not pass
3424 * because it would have been set to the
3425 * cumack earlier. If not already to be
3426 * rtx'd, If not a mixed sack and if tp1 is
3427 * not between two sacked TSNs, then mark by
3428 * one more. NOTE that we are marking by one
3429 * additional time since the SACK DAC flag
3430 * indicates that two packets have been
3431 * received after this missing TSN.
3433 if ((tp1->sent < SCTP_DATAGRAM_RESEND) && (num_dests_sacked == 1) &&
3434 SCTP_TSN_GT(this_sack_lowest_newack, tp1->rec.data.TSN_seq)) {
3435 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3436 sctp_log_fr(48 + num_dests_sacked,
3437 tp1->rec.data.TSN_seq,
3439 SCTP_FR_LOG_STRIKE_CHUNK);
3445 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
3446 struct sctp_nets *alt;
3448 /* fix counts and things */
3449 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3450 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_RSND,
3451 (tp1->whoTo ? (tp1->whoTo->flight_size) : 0),
3453 (uintptr_t) tp1->whoTo,
3454 tp1->rec.data.TSN_seq);
3457 tp1->whoTo->net_ack++;
3458 sctp_flight_size_decrease(tp1);
3459 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
3460 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
3464 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
3465 sctp_log_rwnd(SCTP_INCREASE_PEER_RWND,
3466 asoc->peers_rwnd, tp1->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh));
3468 /* add back to the rwnd */
3469 asoc->peers_rwnd += (tp1->send_size + SCTP_BASE_SYSCTL(sctp_peer_chunk_oh));
3471 /* remove from the total flight */
3472 sctp_total_flight_decrease(stcb, tp1);
3474 if ((stcb->asoc.peer_supports_prsctp) &&
3475 (PR_SCTP_RTX_ENABLED(tp1->flags))) {
3477 * Has it been retransmitted tv_sec times? -
3478 * we store the retran count there.
3480 if (tp1->snd_count > tp1->rec.data.timetodrop.tv_sec) {
3481 /* Yes, so drop it */
3482 if (tp1->data != NULL) {
3483 (void)sctp_release_pr_sctp_chunk(stcb, tp1,
3484 (SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_SENT),
3485 SCTP_SO_NOT_LOCKED);
3487 /* Make sure to flag we had a FR */
3488 tp1->whoTo->net_ack++;
3493 * SCTP_PRINTF("OK, we are now ready to FR this
3496 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3497 sctp_log_fr(tp1->rec.data.TSN_seq, tp1->snd_count,
3501 /* This is a subsequent FR */
3502 SCTP_STAT_INCR(sctps_sendmultfastretrans);
3504 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
3505 if (asoc->sctp_cmt_on_off > 0) {
3507 * CMT: Using RTX_SSTHRESH policy for CMT.
3508 * If CMT is being used, then pick dest with
3509 * largest ssthresh for any retransmission.
3511 tp1->no_fr_allowed = 1;
3513 /* sa_ignore NO_NULL_CHK */
3514 if (asoc->sctp_cmt_pf > 0) {
3516 * JRS 5/18/07 - If CMT PF is on,
3517 * use the PF version of
3520 alt = sctp_find_alternate_net(stcb, alt, 2);
3523 * JRS 5/18/07 - If only CMT is on,
3524 * use the CMT version of
3527 /* sa_ignore NO_NULL_CHK */
3528 alt = sctp_find_alternate_net(stcb, alt, 1);
3534 * CUCv2: If a different dest is picked for
3535 * the retransmission, then new
3536 * (rtx-)pseudo_cumack needs to be tracked
3537 * for orig dest. Let CUCv2 track new (rtx-)
3538 * pseudo-cumack always.
3541 tp1->whoTo->find_pseudo_cumack = 1;
3542 tp1->whoTo->find_rtx_pseudo_cumack = 1;
3544 } else {/* CMT is OFF */
3546 #ifdef SCTP_FR_TO_ALTERNATE
3547 /* Can we find an alternate? */
3548 alt = sctp_find_alternate_net(stcb, tp1->whoTo, 0);
3551 * default behavior is to NOT retransmit
3552 * FR's to an alternate. Armando Caro's
3553 * paper details why.
3559 tp1->rec.data.doing_fast_retransmit = 1;
3561 /* mark the sending seq for possible subsequent FR's */
3563 * SCTP_PRINTF("Marking TSN for FR new value %x\n",
3564 * (uint32_t)tpi->rec.data.TSN_seq);
3566 if (TAILQ_EMPTY(&asoc->send_queue)) {
3568 * If the queue of send is empty then its
3569 * the next sequence number that will be
3570 * assigned so we subtract one from this to
3571 * get the one we last sent.
3573 tp1->rec.data.fast_retran_tsn = sending_seq;
3576 * If there are chunks on the send queue
3577 * (unsent data that has made it from the
3578 * stream queues but not out the door, we
3579 * take the first one (which will have the
3580 * lowest TSN) and subtract one to get the
3583 struct sctp_tmit_chunk *ttt;
3585 ttt = TAILQ_FIRST(&asoc->send_queue);
3586 tp1->rec.data.fast_retran_tsn =
3587 ttt->rec.data.TSN_seq;
3592 * this guy had a RTO calculation pending on
3595 if ((tp1->whoTo != NULL) &&
3596 (tp1->whoTo->rto_needed == 0)) {
3597 tp1->whoTo->rto_needed = 1;
3601 if (alt != tp1->whoTo) {
3602 /* yes, there is an alternate. */
3603 sctp_free_remote_addr(tp1->whoTo);
3604 /* sa_ignore FREED_MEMORY */
3606 atomic_add_int(&alt->ref_count, 1);
3612 struct sctp_tmit_chunk *
3613 sctp_try_advance_peer_ack_point(struct sctp_tcb *stcb,
3614 struct sctp_association *asoc)
3616 struct sctp_tmit_chunk *tp1, *tp2, *a_adv = NULL;
3620 if (asoc->peer_supports_prsctp == 0) {
3623 TAILQ_FOREACH_SAFE(tp1, &asoc->sent_queue, sctp_next, tp2) {
3624 if (tp1->sent != SCTP_FORWARD_TSN_SKIP &&
3625 tp1->sent != SCTP_DATAGRAM_RESEND) {
3626 /* no chance to advance, out of here */
3629 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
3630 if (tp1->sent == SCTP_FORWARD_TSN_SKIP) {
3631 sctp_misc_ints(SCTP_FWD_TSN_CHECK,
3632 asoc->advanced_peer_ack_point,
3633 tp1->rec.data.TSN_seq, 0, 0);
3636 if (!PR_SCTP_ENABLED(tp1->flags)) {
3638 * We can't fwd-tsn past any that are reliable aka
3639 * retransmitted until the asoc fails.
3644 (void)SCTP_GETTIME_TIMEVAL(&now);
3648 * now we got a chunk which is marked for another
3649 * retransmission to a PR-stream but has run out its chances
3650 * already maybe OR has been marked to skip now. Can we skip
3651 * it if its a resend?
3653 if (tp1->sent == SCTP_DATAGRAM_RESEND &&
3654 (PR_SCTP_TTL_ENABLED(tp1->flags))) {
3656 * Now is this one marked for resend and its time is
3659 if (timevalcmp(&now, &tp1->rec.data.timetodrop, >)) {
3660 /* Yes so drop it */
3662 (void)sctp_release_pr_sctp_chunk(stcb, tp1,
3663 (SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_SENT),
3664 SCTP_SO_NOT_LOCKED);
3668 * No, we are done when hit one for resend
3669 * whos time as not expired.
3675 * Ok now if this chunk is marked to drop it we can clean up
3676 * the chunk, advance our peer ack point and we can check
3679 if (tp1->sent == SCTP_FORWARD_TSN_SKIP) {
3680 /* advance PeerAckPoint goes forward */
3681 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, asoc->advanced_peer_ack_point)) {
3682 asoc->advanced_peer_ack_point = tp1->rec.data.TSN_seq;
3684 } else if (tp1->rec.data.TSN_seq == asoc->advanced_peer_ack_point) {
3685 /* No update but we do save the chk */
3690 * If it is still in RESEND we can advance no
3700 sctp_fs_audit(struct sctp_association *asoc)
3702 struct sctp_tmit_chunk *chk;
3703 int inflight = 0, resend = 0, inbetween = 0, acked = 0, above = 0;
3704 int entry_flight, entry_cnt, ret;
3706 entry_flight = asoc->total_flight;
3707 entry_cnt = asoc->total_flight_count;
3710 if (asoc->pr_sctp_cnt >= asoc->sent_queue_cnt)
3713 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
3714 if (chk->sent < SCTP_DATAGRAM_RESEND) {
3715 SCTP_PRINTF("Chk TSN:%u size:%d inflight cnt:%d\n",
3716 chk->rec.data.TSN_seq,
3720 } else if (chk->sent == SCTP_DATAGRAM_RESEND) {
3722 } else if (chk->sent < SCTP_DATAGRAM_ACKED) {
3724 } else if (chk->sent > SCTP_DATAGRAM_ACKED) {
3731 if ((inflight > 0) || (inbetween > 0)) {
3733 panic("Flight size-express incorrect? \n");
3735 SCTP_PRINTF("asoc->total_flight:%d cnt:%d\n",
3736 entry_flight, entry_cnt);
3738 SCTP_PRINTF("Flight size-express incorrect F:%d I:%d R:%d Ab:%d ACK:%d\n",
3739 inflight, inbetween, resend, above, acked);
3748 sctp_window_probe_recovery(struct sctp_tcb *stcb,
3749 struct sctp_association *asoc,
3750 struct sctp_tmit_chunk *tp1)
3752 tp1->window_probe = 0;
3753 if ((tp1->sent >= SCTP_DATAGRAM_ACKED) || (tp1->data == NULL)) {
3754 /* TSN's skipped we do NOT move back. */
3755 sctp_misc_ints(SCTP_FLIGHT_LOG_DWN_WP_FWD,
3756 tp1->whoTo->flight_size,
3758 (uintptr_t) tp1->whoTo,
3759 tp1->rec.data.TSN_seq);
3762 /* First setup this by shrinking flight */
3763 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
3764 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
3767 sctp_flight_size_decrease(tp1);
3768 sctp_total_flight_decrease(stcb, tp1);
3769 /* Now mark for resend */
3770 tp1->sent = SCTP_DATAGRAM_RESEND;
3771 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
3773 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3774 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_WP,
3775 tp1->whoTo->flight_size,
3777 (uintptr_t) tp1->whoTo,
3778 tp1->rec.data.TSN_seq);
3783 sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack,
3784 uint32_t rwnd, int *abort_now, int ecne_seen)
3786 struct sctp_nets *net;
3787 struct sctp_association *asoc;
3788 struct sctp_tmit_chunk *tp1, *tp2;
3790 int win_probe_recovery = 0;
3791 int win_probe_recovered = 0;
3792 int j, done_once = 0;
3795 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_SACK_ARRIVALS_ENABLE) {
3796 sctp_misc_ints(SCTP_SACK_LOG_EXPRESS, cumack,
3797 rwnd, stcb->asoc.last_acked_seq, stcb->asoc.peers_rwnd);
3799 SCTP_TCB_LOCK_ASSERT(stcb);
3800 #ifdef SCTP_ASOCLOG_OF_TSNS
3801 stcb->asoc.cumack_log[stcb->asoc.cumack_log_at] = cumack;
3802 stcb->asoc.cumack_log_at++;
3803 if (stcb->asoc.cumack_log_at > SCTP_TSN_LOG_SIZE) {
3804 stcb->asoc.cumack_log_at = 0;
3808 old_rwnd = asoc->peers_rwnd;
3809 if (SCTP_TSN_GT(asoc->last_acked_seq, cumack)) {
3812 } else if (asoc->last_acked_seq == cumack) {
3813 /* Window update sack */
3814 asoc->peers_rwnd = sctp_sbspace_sub(rwnd,
3815 (uint32_t) (asoc->total_flight + (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))));
3816 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
3817 /* SWS sender side engages */
3818 asoc->peers_rwnd = 0;
3820 if (asoc->peers_rwnd > old_rwnd) {
3825 /* First setup for CC stuff */
3826 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
3827 if (SCTP_TSN_GT(cumack, net->cwr_window_tsn)) {
3828 /* Drag along the window_tsn for cwr's */
3829 net->cwr_window_tsn = cumack;
3831 net->prev_cwnd = net->cwnd;
3836 * CMT: Reset CUC and Fast recovery algo variables before
3839 net->new_pseudo_cumack = 0;
3840 net->will_exit_fast_recovery = 0;
3841 if (stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) {
3842 (*stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) (stcb, net);
3845 if (SCTP_BASE_SYSCTL(sctp_strict_sacks)) {
3848 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
3849 tp1 = TAILQ_LAST(&asoc->sent_queue,
3850 sctpchunk_listhead);
3851 send_s = tp1->rec.data.TSN_seq + 1;
3853 send_s = asoc->sending_seq;
3855 if (SCTP_TSN_GE(cumack, send_s)) {
3861 panic("Impossible sack 1");
3866 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
3867 0, M_DONTWAIT, 1, MT_DATA);
3869 struct sctp_paramhdr *ph;
3872 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
3874 ph = mtod(oper, struct sctp_paramhdr *);
3875 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
3876 ph->param_length = htons(SCTP_BUF_LEN(oper));
3877 ippp = (uint32_t *) (ph + 1);
3878 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_25);
3880 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_25;
3881 sctp_abort_an_association(stcb->sctp_ep, stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
3886 asoc->this_sack_highest_gap = cumack;
3887 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
3888 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
3889 stcb->asoc.overall_error_count,
3891 SCTP_FROM_SCTP_INDATA,
3894 stcb->asoc.overall_error_count = 0;
3895 if (SCTP_TSN_GT(cumack, asoc->last_acked_seq)) {
3896 /* process the new consecutive TSN first */
3897 TAILQ_FOREACH_SAFE(tp1, &asoc->sent_queue, sctp_next, tp2) {
3898 if (SCTP_TSN_GE(cumack, tp1->rec.data.TSN_seq)) {
3899 if (tp1->sent == SCTP_DATAGRAM_UNSENT) {
3900 SCTP_PRINTF("Warning, an unsent is now acked?\n");
3902 if (tp1->sent < SCTP_DATAGRAM_ACKED) {
3904 * If it is less than ACKED, it is
3905 * now no-longer in flight. Higher
3906 * values may occur during marking
3908 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3909 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3910 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_CA,
3911 tp1->whoTo->flight_size,
3913 (uintptr_t) tp1->whoTo,
3914 tp1->rec.data.TSN_seq);
3916 sctp_flight_size_decrease(tp1);
3917 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
3918 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
3921 /* sa_ignore NO_NULL_CHK */
3922 sctp_total_flight_decrease(stcb, tp1);
3924 tp1->whoTo->net_ack += tp1->send_size;
3925 if (tp1->snd_count < 2) {
3927 * True non-retransmited
3930 tp1->whoTo->net_ack2 +=
3933 /* update RTO too? */
3942 sctp_calculate_rto(stcb,
3944 &tp1->sent_rcv_time,
3945 sctp_align_safe_nocopy,
3946 SCTP_RTT_FROM_DATA);
3949 if (tp1->whoTo->rto_needed == 0) {
3950 tp1->whoTo->rto_needed = 1;
3956 * CMT: CUCv2 algorithm. From the
3957 * cumack'd TSNs, for each TSN being
3958 * acked for the first time, set the
3959 * following variables for the
3960 * corresp destination.
3961 * new_pseudo_cumack will trigger a
3963 * find_(rtx_)pseudo_cumack will
3964 * trigger search for the next
3965 * expected (rtx-)pseudo-cumack.
3967 tp1->whoTo->new_pseudo_cumack = 1;
3968 tp1->whoTo->find_pseudo_cumack = 1;
3969 tp1->whoTo->find_rtx_pseudo_cumack = 1;
3971 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
3972 /* sa_ignore NO_NULL_CHK */
3973 sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.TSN_seq, SCTP_CWND_LOG_FROM_SACK);
3976 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
3977 sctp_ucount_decr(asoc->sent_queue_retran_cnt);
3979 if (tp1->rec.data.chunk_was_revoked) {
3980 /* deflate the cwnd */
3981 tp1->whoTo->cwnd -= tp1->book_size;
3982 tp1->rec.data.chunk_was_revoked = 0;
3984 tp1->sent = SCTP_DATAGRAM_ACKED;
3985 TAILQ_REMOVE(&asoc->sent_queue, tp1, sctp_next);
3987 /* sa_ignore NO_NULL_CHK */
3988 sctp_free_bufspace(stcb, asoc, tp1, 1);
3989 sctp_m_freem(tp1->data);
3992 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
3993 sctp_log_sack(asoc->last_acked_seq,
3995 tp1->rec.data.TSN_seq,
3998 SCTP_LOG_FREE_SENT);
4000 asoc->sent_queue_cnt--;
4001 sctp_free_a_chunk(stcb, tp1, SCTP_SO_NOT_LOCKED);
4008 /* sa_ignore NO_NULL_CHK */
4009 if (stcb->sctp_socket) {
4010 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4014 SOCKBUF_LOCK(&stcb->sctp_socket->so_snd);
4015 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
4016 /* sa_ignore NO_NULL_CHK */
4017 sctp_wakeup_log(stcb, 1, SCTP_WAKESND_FROM_SACK);
4019 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4020 so = SCTP_INP_SO(stcb->sctp_ep);
4021 atomic_add_int(&stcb->asoc.refcnt, 1);
4022 SCTP_TCB_UNLOCK(stcb);
4023 SCTP_SOCKET_LOCK(so, 1);
4024 SCTP_TCB_LOCK(stcb);
4025 atomic_subtract_int(&stcb->asoc.refcnt, 1);
4026 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
4027 /* assoc was freed while we were unlocked */
4028 SCTP_SOCKET_UNLOCK(so, 1);
4032 sctp_sowwakeup_locked(stcb->sctp_ep, stcb->sctp_socket);
4033 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4034 SCTP_SOCKET_UNLOCK(so, 1);
4037 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
4038 sctp_wakeup_log(stcb, 1, SCTP_NOWAKE_FROM_SACK);
4042 /* JRS - Use the congestion control given in the CC module */
4043 if ((asoc->last_acked_seq != cumack) && (ecne_seen == 0)) {
4044 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4045 if (net->net_ack2 > 0) {
4047 * Karn's rule applies to clearing error
4048 * count, this is optional.
4050 net->error_count = 0;
4051 if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
4052 /* addr came good */
4053 net->dest_state |= SCTP_ADDR_REACHABLE;
4054 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb,
4055 SCTP_RECEIVED_SACK, (void *)net, SCTP_SO_NOT_LOCKED);
4057 if (net == stcb->asoc.primary_destination) {
4058 if (stcb->asoc.alternate) {
4060 * release the alternate,
4063 sctp_free_remote_addr(stcb->asoc.alternate);
4064 stcb->asoc.alternate = NULL;
4067 if (net->dest_state & SCTP_ADDR_PF) {
4068 net->dest_state &= ~SCTP_ADDR_PF;
4069 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_3);
4070 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net);
4071 asoc->cc_functions.sctp_cwnd_update_exit_pf(stcb, net);
4072 /* Done with this net */
4075 /* restore any doubled timers */
4076 net->RTO = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
4077 if (net->RTO < stcb->asoc.minrto) {
4078 net->RTO = stcb->asoc.minrto;
4080 if (net->RTO > stcb->asoc.maxrto) {
4081 net->RTO = stcb->asoc.maxrto;
4085 asoc->cc_functions.sctp_cwnd_update_after_sack(stcb, asoc, 1, 0, 0);
4087 asoc->last_acked_seq = cumack;
4089 if (TAILQ_EMPTY(&asoc->sent_queue)) {
4090 /* nothing left in-flight */
4091 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4092 net->flight_size = 0;
4093 net->partial_bytes_acked = 0;
4095 asoc->total_flight = 0;
4096 asoc->total_flight_count = 0;
4099 asoc->peers_rwnd = sctp_sbspace_sub(rwnd,
4100 (uint32_t) (asoc->total_flight + (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))));
4101 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4102 /* SWS sender side engages */
4103 asoc->peers_rwnd = 0;
4105 if (asoc->peers_rwnd > old_rwnd) {
4106 win_probe_recovery = 1;
4108 /* Now assure a timer where data is queued at */
4111 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4114 if (win_probe_recovery && (net->window_probe)) {
4115 win_probe_recovered = 1;
4117 * Find first chunk that was used with window probe
4118 * and clear the sent
4120 /* sa_ignore FREED_MEMORY */
4121 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4122 if (tp1->window_probe) {
4123 /* move back to data send queue */
4124 sctp_window_probe_recovery(stcb, asoc, tp1);
4129 if (net->RTO == 0) {
4130 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto);
4132 to_ticks = MSEC_TO_TICKS(net->RTO);
4134 if (net->flight_size) {
4136 (void)SCTP_OS_TIMER_START(&net->rxt_timer.timer, to_ticks,
4137 sctp_timeout_handler, &net->rxt_timer);
4138 if (net->window_probe) {
4139 net->window_probe = 0;
4142 if (net->window_probe) {
4144 * In window probes we must assure a timer
4145 * is still running there
4147 net->window_probe = 0;
4148 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
4149 SCTP_OS_TIMER_START(&net->rxt_timer.timer, to_ticks,
4150 sctp_timeout_handler, &net->rxt_timer);
4152 } else if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
4153 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4155 SCTP_FROM_SCTP_INDATA + SCTP_LOC_22);
4160 (!TAILQ_EMPTY(&asoc->sent_queue)) &&
4161 (asoc->sent_queue_retran_cnt == 0) &&
4162 (win_probe_recovered == 0) &&
4165 * huh, this should not happen unless all packets are
4166 * PR-SCTP and marked to skip of course.
4168 if (sctp_fs_audit(asoc)) {
4169 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4170 net->flight_size = 0;
4172 asoc->total_flight = 0;
4173 asoc->total_flight_count = 0;
4174 asoc->sent_queue_retran_cnt = 0;
4175 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4176 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
4177 sctp_flight_size_increase(tp1);
4178 sctp_total_flight_increase(stcb, tp1);
4179 } else if (tp1->sent == SCTP_DATAGRAM_RESEND) {
4180 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
4187 /**********************************/
4188 /* Now what about shutdown issues */
4189 /**********************************/
4190 if (TAILQ_EMPTY(&asoc->send_queue) && TAILQ_EMPTY(&asoc->sent_queue)) {
4191 /* nothing left on sendqueue.. consider done */
4193 if ((asoc->stream_queue_cnt == 1) &&
4194 ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) ||
4195 (asoc->state & SCTP_STATE_SHUTDOWN_RECEIVED)) &&
4196 (asoc->locked_on_sending)
4198 struct sctp_stream_queue_pending *sp;
4201 * I may be in a state where we got all across.. but
4202 * cannot write more due to a shutdown... we abort
4203 * since the user did not indicate EOR in this case.
4204 * The sp will be cleaned during free of the asoc.
4206 sp = TAILQ_LAST(&((asoc->locked_on_sending)->outqueue),
4208 if ((sp) && (sp->length == 0)) {
4209 /* Let cleanup code purge it */
4210 if (sp->msg_is_complete) {
4211 asoc->stream_queue_cnt--;
4213 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT;
4214 asoc->locked_on_sending = NULL;
4215 asoc->stream_queue_cnt--;
4219 if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) &&
4220 (asoc->stream_queue_cnt == 0)) {
4221 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4222 /* Need to abort here */
4228 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
4229 0, M_DONTWAIT, 1, MT_DATA);
4231 struct sctp_paramhdr *ph;
4234 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
4236 ph = mtod(oper, struct sctp_paramhdr *);
4237 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
4238 ph->param_length = htons(SCTP_BUF_LEN(oper));
4239 ippp = (uint32_t *) (ph + 1);
4240 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_24);
4242 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_24;
4243 sctp_abort_an_association(stcb->sctp_ep, stcb, SCTP_RESPONSE_TO_USER_REQ, oper, SCTP_SO_NOT_LOCKED);
4245 struct sctp_nets *netp;
4247 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) ||
4248 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
4249 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4251 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
4252 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4253 sctp_stop_timers_for_shutdown(stcb);
4254 if (asoc->alternate) {
4255 netp = asoc->alternate;
4257 netp = asoc->primary_destination;
4259 sctp_send_shutdown(stcb, netp);
4260 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
4261 stcb->sctp_ep, stcb, netp);
4262 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
4263 stcb->sctp_ep, stcb, netp);
4265 } else if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) &&
4266 (asoc->stream_queue_cnt == 0)) {
4267 struct sctp_nets *netp;
4269 if (asoc->alternate) {
4270 netp = asoc->alternate;
4272 netp = asoc->primary_destination;
4274 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4277 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4278 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_ACK_SENT);
4279 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4280 sctp_send_shutdown_ack(stcb, netp);
4281 sctp_stop_timers_for_shutdown(stcb);
4282 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK,
4283 stcb->sctp_ep, stcb, netp);
4286 /*********************************************/
4287 /* Here we perform PR-SCTP procedures */
4289 /*********************************************/
4290 /* C1. update advancedPeerAckPoint */
4291 if (SCTP_TSN_GT(cumack, asoc->advanced_peer_ack_point)) {
4292 asoc->advanced_peer_ack_point = cumack;
4294 /* PR-Sctp issues need to be addressed too */
4295 if ((asoc->peer_supports_prsctp) && (asoc->pr_sctp_cnt > 0)) {
4296 struct sctp_tmit_chunk *lchk;
4297 uint32_t old_adv_peer_ack_point;
4299 old_adv_peer_ack_point = asoc->advanced_peer_ack_point;
4300 lchk = sctp_try_advance_peer_ack_point(stcb, asoc);
4301 /* C3. See if we need to send a Fwd-TSN */
4302 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, cumack)) {
4304 * ISSUE with ECN, see FWD-TSN processing.
4306 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, old_adv_peer_ack_point)) {
4307 send_forward_tsn(stcb, asoc);
4309 /* try to FR fwd-tsn's that get lost too */
4310 if (lchk->rec.data.fwd_tsn_cnt >= 3) {
4311 send_forward_tsn(stcb, asoc);
4316 /* Assure a timer is up */
4317 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
4318 stcb->sctp_ep, stcb, lchk->whoTo);
4321 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_RWND_LOGGING_ENABLE) {
4322 sctp_misc_ints(SCTP_SACK_RWND_UPDATE,
4324 stcb->asoc.peers_rwnd,
4325 stcb->asoc.total_flight,
4326 stcb->asoc.total_output_queue_size);
4331 sctp_handle_sack(struct mbuf *m, int offset_seg, int offset_dup,
4332 struct sctp_tcb *stcb,
4333 uint16_t num_seg, uint16_t num_nr_seg, uint16_t num_dup,
4334 int *abort_now, uint8_t flags,
4335 uint32_t cum_ack, uint32_t rwnd, int ecne_seen)
4337 struct sctp_association *asoc;
4338 struct sctp_tmit_chunk *tp1, *tp2;
4339 uint32_t last_tsn, biggest_tsn_acked, biggest_tsn_newly_acked, this_sack_lowest_newack;
4340 uint16_t wake_him = 0;
4341 uint32_t send_s = 0;
4343 int accum_moved = 0;
4344 int will_exit_fast_recovery = 0;
4345 uint32_t a_rwnd, old_rwnd;
4346 int win_probe_recovery = 0;
4347 int win_probe_recovered = 0;
4348 struct sctp_nets *net = NULL;
4351 uint8_t reneged_all = 0;
4352 uint8_t cmt_dac_flag;
4355 * we take any chance we can to service our queues since we cannot
4356 * get awoken when the socket is read from :<
4359 * Now perform the actual SACK handling: 1) Verify that it is not an
4360 * old sack, if so discard. 2) If there is nothing left in the send
4361 * queue (cum-ack is equal to last acked) then you have a duplicate
4362 * too, update any rwnd change and verify no timers are running.
4363 * then return. 3) Process any new consequtive data i.e. cum-ack
4364 * moved process these first and note that it moved. 4) Process any
4365 * sack blocks. 5) Drop any acked from the queue. 6) Check for any
4366 * revoked blocks and mark. 7) Update the cwnd. 8) Nothing left,
4367 * sync up flightsizes and things, stop all timers and also check
4368 * for shutdown_pending state. If so then go ahead and send off the
4369 * shutdown. If in shutdown recv, send off the shutdown-ack and
4370 * start that timer, Ret. 9) Strike any non-acked things and do FR
4371 * procedure if needed being sure to set the FR flag. 10) Do pr-sctp
4372 * procedures. 11) Apply any FR penalties. 12) Assure we will SACK
4373 * if in shutdown_recv state.
4375 SCTP_TCB_LOCK_ASSERT(stcb);
4377 this_sack_lowest_newack = 0;
4378 SCTP_STAT_INCR(sctps_slowpath_sack);
4380 cmt_dac_flag = flags & SCTP_SACK_CMT_DAC;
4381 #ifdef SCTP_ASOCLOG_OF_TSNS
4382 stcb->asoc.cumack_log[stcb->asoc.cumack_log_at] = cum_ack;
4383 stcb->asoc.cumack_log_at++;
4384 if (stcb->asoc.cumack_log_at > SCTP_TSN_LOG_SIZE) {
4385 stcb->asoc.cumack_log_at = 0;
4390 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_SACK_ARRIVALS_ENABLE) {
4391 sctp_misc_ints(SCTP_SACK_LOG_NORMAL, cum_ack,
4392 rwnd, stcb->asoc.last_acked_seq, stcb->asoc.peers_rwnd);
4394 old_rwnd = stcb->asoc.peers_rwnd;
4395 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4396 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4397 stcb->asoc.overall_error_count,
4399 SCTP_FROM_SCTP_INDATA,
4402 stcb->asoc.overall_error_count = 0;
4404 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
4405 sctp_log_sack(asoc->last_acked_seq,
4412 if ((num_dup) && (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE)) {
4414 uint32_t *dupdata, dblock;
4416 for (i = 0; i < num_dup; i++) {
4417 dupdata = (uint32_t *) sctp_m_getptr(m, offset_dup + i * sizeof(uint32_t),
4418 sizeof(uint32_t), (uint8_t *) & dblock);
4419 if (dupdata == NULL) {
4422 sctp_log_fr(*dupdata, 0, 0, SCTP_FR_DUPED);
4425 if (SCTP_BASE_SYSCTL(sctp_strict_sacks)) {
4427 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
4428 tp1 = TAILQ_LAST(&asoc->sent_queue,
4429 sctpchunk_listhead);
4430 send_s = tp1->rec.data.TSN_seq + 1;
4433 send_s = asoc->sending_seq;
4435 if (SCTP_TSN_GE(cum_ack, send_s)) {
4439 * no way, we have not even sent this TSN out yet.
4440 * Peer is hopelessly messed up with us.
4442 SCTP_PRINTF("NEW cum_ack:%x send_s:%x is smaller or equal\n",
4445 SCTP_PRINTF("Got send_s from tsn:%x + 1 of tp1:%p\n",
4446 tp1->rec.data.TSN_seq, tp1);
4451 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
4452 0, M_DONTWAIT, 1, MT_DATA);
4454 struct sctp_paramhdr *ph;
4457 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
4459 ph = mtod(oper, struct sctp_paramhdr *);
4460 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
4461 ph->param_length = htons(SCTP_BUF_LEN(oper));
4462 ippp = (uint32_t *) (ph + 1);
4463 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_25);
4465 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_25;
4466 sctp_abort_an_association(stcb->sctp_ep, stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
4470 /**********************/
4471 /* 1) check the range */
4472 /**********************/
4473 if (SCTP_TSN_GT(asoc->last_acked_seq, last_tsn)) {
4474 /* acking something behind */
4477 /* update the Rwnd of the peer */
4478 if (TAILQ_EMPTY(&asoc->sent_queue) &&
4479 TAILQ_EMPTY(&asoc->send_queue) &&
4480 (asoc->stream_queue_cnt == 0)) {
4481 /* nothing left on send/sent and strmq */
4482 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
4483 sctp_log_rwnd_set(SCTP_SET_PEER_RWND_VIA_SACK,
4484 asoc->peers_rwnd, 0, 0, a_rwnd);
4486 asoc->peers_rwnd = a_rwnd;
4487 if (asoc->sent_queue_retran_cnt) {
4488 asoc->sent_queue_retran_cnt = 0;
4490 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4491 /* SWS sender side engages */
4492 asoc->peers_rwnd = 0;
4494 /* stop any timers */
4495 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4496 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4497 stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_26);
4498 net->partial_bytes_acked = 0;
4499 net->flight_size = 0;
4501 asoc->total_flight = 0;
4502 asoc->total_flight_count = 0;
4506 * We init netAckSz and netAckSz2 to 0. These are used to track 2
4507 * things. The total byte count acked is tracked in netAckSz AND
4508 * netAck2 is used to track the total bytes acked that are un-
4509 * amibguious and were never retransmitted. We track these on a per
4510 * destination address basis.
4512 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4513 if (SCTP_TSN_GT(cum_ack, net->cwr_window_tsn)) {
4514 /* Drag along the window_tsn for cwr's */
4515 net->cwr_window_tsn = cum_ack;
4517 net->prev_cwnd = net->cwnd;
4522 * CMT: Reset CUC and Fast recovery algo variables before
4525 net->new_pseudo_cumack = 0;
4526 net->will_exit_fast_recovery = 0;
4527 if (stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) {
4528 (*stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) (stcb, net);
4531 /* process the new consecutive TSN first */
4532 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4533 if (SCTP_TSN_GE(last_tsn, tp1->rec.data.TSN_seq)) {
4534 if (tp1->sent != SCTP_DATAGRAM_UNSENT) {
4536 if (tp1->sent < SCTP_DATAGRAM_ACKED) {
4538 * If it is less than ACKED, it is
4539 * now no-longer in flight. Higher
4540 * values may occur during marking
4542 if ((tp1->whoTo->dest_state &
4543 SCTP_ADDR_UNCONFIRMED) &&
4544 (tp1->snd_count < 2)) {
4546 * If there was no retran
4547 * and the address is
4548 * un-confirmed and we sent
4550 * sacked.. its confirmed,
4553 tp1->whoTo->dest_state &=
4554 ~SCTP_ADDR_UNCONFIRMED;
4556 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
4557 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
4558 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_CA,
4559 tp1->whoTo->flight_size,
4561 (uintptr_t) tp1->whoTo,
4562 tp1->rec.data.TSN_seq);
4564 sctp_flight_size_decrease(tp1);
4565 sctp_total_flight_decrease(stcb, tp1);
4566 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
4567 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
4571 tp1->whoTo->net_ack += tp1->send_size;
4573 /* CMT SFR and DAC algos */
4574 this_sack_lowest_newack = tp1->rec.data.TSN_seq;
4575 tp1->whoTo->saw_newack = 1;
4577 if (tp1->snd_count < 2) {
4579 * True non-retransmited
4582 tp1->whoTo->net_ack2 +=
4585 /* update RTO too? */
4589 sctp_calculate_rto(stcb,
4591 &tp1->sent_rcv_time,
4592 sctp_align_safe_nocopy,
4593 SCTP_RTT_FROM_DATA);
4596 if (tp1->whoTo->rto_needed == 0) {
4597 tp1->whoTo->rto_needed = 1;
4603 * CMT: CUCv2 algorithm. From the
4604 * cumack'd TSNs, for each TSN being
4605 * acked for the first time, set the
4606 * following variables for the
4607 * corresp destination.
4608 * new_pseudo_cumack will trigger a
4610 * find_(rtx_)pseudo_cumack will
4611 * trigger search for the next
4612 * expected (rtx-)pseudo-cumack.
4614 tp1->whoTo->new_pseudo_cumack = 1;
4615 tp1->whoTo->find_pseudo_cumack = 1;
4616 tp1->whoTo->find_rtx_pseudo_cumack = 1;
4619 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
4620 sctp_log_sack(asoc->last_acked_seq,
4622 tp1->rec.data.TSN_seq,
4625 SCTP_LOG_TSN_ACKED);
4627 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
4628 sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.TSN_seq, SCTP_CWND_LOG_FROM_SACK);
4631 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
4632 sctp_ucount_decr(asoc->sent_queue_retran_cnt);
4633 #ifdef SCTP_AUDITING_ENABLED
4634 sctp_audit_log(0xB3,
4635 (asoc->sent_queue_retran_cnt & 0x000000ff));
4638 if (tp1->rec.data.chunk_was_revoked) {
4639 /* deflate the cwnd */
4640 tp1->whoTo->cwnd -= tp1->book_size;
4641 tp1->rec.data.chunk_was_revoked = 0;
4643 tp1->sent = SCTP_DATAGRAM_ACKED;
4649 biggest_tsn_newly_acked = biggest_tsn_acked = last_tsn;
4650 /* always set this up to cum-ack */
4651 asoc->this_sack_highest_gap = last_tsn;
4653 if ((num_seg > 0) || (num_nr_seg > 0)) {
4656 * CMT: SFR algo (and HTNA) - this_sack_highest_newack has
4657 * to be greater than the cumack. Also reset saw_newack to 0
4660 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4661 net->saw_newack = 0;
4662 net->this_sack_highest_newack = last_tsn;
4666 * thisSackHighestGap will increase while handling NEW
4667 * segments this_sack_highest_newack will increase while
4668 * handling NEWLY ACKED chunks. this_sack_lowest_newack is
4669 * used for CMT DAC algo. saw_newack will also change.
4671 if (sctp_handle_segments(m, &offset_seg, stcb, asoc, last_tsn, &biggest_tsn_acked,
4672 &biggest_tsn_newly_acked, &this_sack_lowest_newack,
4673 num_seg, num_nr_seg, &rto_ok)) {
4676 if (SCTP_BASE_SYSCTL(sctp_strict_sacks)) {
4678 * validate the biggest_tsn_acked in the gap acks if
4679 * strict adherence is wanted.
4681 if (SCTP_TSN_GE(biggest_tsn_acked, send_s)) {
4683 * peer is either confused or we are under
4684 * attack. We must abort.
4686 SCTP_PRINTF("Hopeless peer! biggest_tsn_acked:%x largest seq:%x\n",
4687 biggest_tsn_acked, send_s);
4692 /*******************************************/
4693 /* cancel ALL T3-send timer if accum moved */
4694 /*******************************************/
4695 if (asoc->sctp_cmt_on_off > 0) {
4696 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4697 if (net->new_pseudo_cumack)
4698 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4700 SCTP_FROM_SCTP_INDATA + SCTP_LOC_27);
4705 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4706 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4707 stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_28);
4711 /********************************************/
4712 /* drop the acked chunks from the sentqueue */
4713 /********************************************/
4714 asoc->last_acked_seq = cum_ack;
4716 TAILQ_FOREACH_SAFE(tp1, &asoc->sent_queue, sctp_next, tp2) {
4717 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, cum_ack)) {
4720 if (tp1->sent == SCTP_DATAGRAM_UNSENT) {
4721 /* no more sent on list */
4722 SCTP_PRINTF("Warning, tp1->sent == %d and its now acked?\n",
4725 TAILQ_REMOVE(&asoc->sent_queue, tp1, sctp_next);
4726 if (tp1->pr_sctp_on) {
4727 if (asoc->pr_sctp_cnt != 0)
4728 asoc->pr_sctp_cnt--;
4730 asoc->sent_queue_cnt--;
4732 /* sa_ignore NO_NULL_CHK */
4733 sctp_free_bufspace(stcb, asoc, tp1, 1);
4734 sctp_m_freem(tp1->data);
4736 if (asoc->peer_supports_prsctp && PR_SCTP_BUF_ENABLED(tp1->flags)) {
4737 asoc->sent_queue_cnt_removeable--;
4740 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
4741 sctp_log_sack(asoc->last_acked_seq,
4743 tp1->rec.data.TSN_seq,
4746 SCTP_LOG_FREE_SENT);
4748 sctp_free_a_chunk(stcb, tp1, SCTP_SO_NOT_LOCKED);
4751 if (TAILQ_EMPTY(&asoc->sent_queue) && (asoc->total_flight > 0)) {
4753 panic("Warning flight size is postive and should be 0");
4755 SCTP_PRINTF("Warning flight size incorrect should be 0 is %d\n",
4756 asoc->total_flight);
4758 asoc->total_flight = 0;
4760 /* sa_ignore NO_NULL_CHK */
4761 if ((wake_him) && (stcb->sctp_socket)) {
4762 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4766 SOCKBUF_LOCK(&stcb->sctp_socket->so_snd);
4767 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
4768 sctp_wakeup_log(stcb, wake_him, SCTP_WAKESND_FROM_SACK);
4770 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4771 so = SCTP_INP_SO(stcb->sctp_ep);
4772 atomic_add_int(&stcb->asoc.refcnt, 1);
4773 SCTP_TCB_UNLOCK(stcb);
4774 SCTP_SOCKET_LOCK(so, 1);
4775 SCTP_TCB_LOCK(stcb);
4776 atomic_subtract_int(&stcb->asoc.refcnt, 1);
4777 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
4778 /* assoc was freed while we were unlocked */
4779 SCTP_SOCKET_UNLOCK(so, 1);
4783 sctp_sowwakeup_locked(stcb->sctp_ep, stcb->sctp_socket);
4784 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4785 SCTP_SOCKET_UNLOCK(so, 1);
4788 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
4789 sctp_wakeup_log(stcb, wake_him, SCTP_NOWAKE_FROM_SACK);
4793 if (asoc->fast_retran_loss_recovery && accum_moved) {
4794 if (SCTP_TSN_GE(asoc->last_acked_seq, asoc->fast_recovery_tsn)) {
4795 /* Setup so we will exit RFC2582 fast recovery */
4796 will_exit_fast_recovery = 1;
4800 * Check for revoked fragments:
4802 * if Previous sack - Had no frags then we can't have any revoked if
4803 * Previous sack - Had frag's then - If we now have frags aka
4804 * num_seg > 0 call sctp_check_for_revoked() to tell if peer revoked
4805 * some of them. else - The peer revoked all ACKED fragments, since
4806 * we had some before and now we have NONE.
4810 sctp_check_for_revoked(stcb, asoc, cum_ack, biggest_tsn_acked);
4811 asoc->saw_sack_with_frags = 1;
4812 } else if (asoc->saw_sack_with_frags) {
4813 int cnt_revoked = 0;
4815 /* Peer revoked all dg's marked or acked */
4816 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4817 if (tp1->sent == SCTP_DATAGRAM_ACKED) {
4818 tp1->sent = SCTP_DATAGRAM_SENT;
4819 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
4820 sctp_misc_ints(SCTP_FLIGHT_LOG_UP_REVOKE,
4821 tp1->whoTo->flight_size,
4823 (uintptr_t) tp1->whoTo,
4824 tp1->rec.data.TSN_seq);
4826 sctp_flight_size_increase(tp1);
4827 sctp_total_flight_increase(stcb, tp1);
4828 tp1->rec.data.chunk_was_revoked = 1;
4830 * To ensure that this increase in
4831 * flightsize, which is artificial, does not
4832 * throttle the sender, we also increase the
4833 * cwnd artificially.
4835 tp1->whoTo->cwnd += tp1->book_size;
4842 asoc->saw_sack_with_frags = 0;
4845 asoc->saw_sack_with_nr_frags = 1;
4847 asoc->saw_sack_with_nr_frags = 0;
4849 /* JRS - Use the congestion control given in the CC module */
4850 if (ecne_seen == 0) {
4851 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4852 if (net->net_ack2 > 0) {
4854 * Karn's rule applies to clearing error
4855 * count, this is optional.
4857 net->error_count = 0;
4858 if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
4859 /* addr came good */
4860 net->dest_state |= SCTP_ADDR_REACHABLE;
4861 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb,
4862 SCTP_RECEIVED_SACK, (void *)net, SCTP_SO_NOT_LOCKED);
4864 if (net == stcb->asoc.primary_destination) {
4865 if (stcb->asoc.alternate) {
4867 * release the alternate,
4870 sctp_free_remote_addr(stcb->asoc.alternate);
4871 stcb->asoc.alternate = NULL;
4874 if (net->dest_state & SCTP_ADDR_PF) {
4875 net->dest_state &= ~SCTP_ADDR_PF;
4876 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_3);
4877 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net);
4878 asoc->cc_functions.sctp_cwnd_update_exit_pf(stcb, net);
4879 /* Done with this net */
4882 /* restore any doubled timers */
4883 net->RTO = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
4884 if (net->RTO < stcb->asoc.minrto) {
4885 net->RTO = stcb->asoc.minrto;
4887 if (net->RTO > stcb->asoc.maxrto) {
4888 net->RTO = stcb->asoc.maxrto;
4892 asoc->cc_functions.sctp_cwnd_update_after_sack(stcb, asoc, accum_moved, reneged_all, will_exit_fast_recovery);
4894 if (TAILQ_EMPTY(&asoc->sent_queue)) {
4895 /* nothing left in-flight */
4896 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4897 /* stop all timers */
4898 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4899 stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_30);
4900 net->flight_size = 0;
4901 net->partial_bytes_acked = 0;
4903 asoc->total_flight = 0;
4904 asoc->total_flight_count = 0;
4906 /**********************************/
4907 /* Now what about shutdown issues */
4908 /**********************************/
4909 if (TAILQ_EMPTY(&asoc->send_queue) && TAILQ_EMPTY(&asoc->sent_queue)) {
4910 /* nothing left on sendqueue.. consider done */
4911 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
4912 sctp_log_rwnd_set(SCTP_SET_PEER_RWND_VIA_SACK,
4913 asoc->peers_rwnd, 0, 0, a_rwnd);
4915 asoc->peers_rwnd = a_rwnd;
4916 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4917 /* SWS sender side engages */
4918 asoc->peers_rwnd = 0;
4921 if ((asoc->stream_queue_cnt == 1) &&
4922 ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) ||
4923 (asoc->state & SCTP_STATE_SHUTDOWN_RECEIVED)) &&
4924 (asoc->locked_on_sending)
4926 struct sctp_stream_queue_pending *sp;
4929 * I may be in a state where we got all across.. but
4930 * cannot write more due to a shutdown... we abort
4931 * since the user did not indicate EOR in this case.
4933 sp = TAILQ_LAST(&((asoc->locked_on_sending)->outqueue),
4935 if ((sp) && (sp->length == 0)) {
4936 asoc->locked_on_sending = NULL;
4937 if (sp->msg_is_complete) {
4938 asoc->stream_queue_cnt--;
4940 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT;
4941 asoc->stream_queue_cnt--;
4945 if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) &&
4946 (asoc->stream_queue_cnt == 0)) {
4947 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4948 /* Need to abort here */
4954 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
4955 0, M_DONTWAIT, 1, MT_DATA);
4957 struct sctp_paramhdr *ph;
4960 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
4962 ph = mtod(oper, struct sctp_paramhdr *);
4963 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
4964 ph->param_length = htons(SCTP_BUF_LEN(oper));
4965 ippp = (uint32_t *) (ph + 1);
4966 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_31);
4968 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_31;
4969 sctp_abort_an_association(stcb->sctp_ep, stcb, SCTP_RESPONSE_TO_USER_REQ, oper, SCTP_SO_NOT_LOCKED);
4972 struct sctp_nets *netp;
4974 if (asoc->alternate) {
4975 netp = asoc->alternate;
4977 netp = asoc->primary_destination;
4979 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) ||
4980 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
4981 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4983 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
4984 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4985 sctp_stop_timers_for_shutdown(stcb);
4986 sctp_send_shutdown(stcb, netp);
4987 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
4988 stcb->sctp_ep, stcb, netp);
4989 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
4990 stcb->sctp_ep, stcb, netp);
4993 } else if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) &&
4994 (asoc->stream_queue_cnt == 0)) {
4995 struct sctp_nets *netp;
4997 if (asoc->alternate) {
4998 netp = asoc->alternate;
5000 netp = asoc->primary_destination;
5002 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
5005 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
5006 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_ACK_SENT);
5007 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
5008 sctp_send_shutdown_ack(stcb, netp);
5009 sctp_stop_timers_for_shutdown(stcb);
5010 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK,
5011 stcb->sctp_ep, stcb, netp);
5016 * Now here we are going to recycle net_ack for a different use...
5019 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5024 * CMT DAC algorithm: If SACK DAC flag was 0, then no extra marking
5025 * to be done. Setting this_sack_lowest_newack to the cum_ack will
5026 * automatically ensure that.
5028 if ((asoc->sctp_cmt_on_off > 0) &&
5029 SCTP_BASE_SYSCTL(sctp_cmt_use_dac) &&
5030 (cmt_dac_flag == 0)) {
5031 this_sack_lowest_newack = cum_ack;
5033 if ((num_seg > 0) || (num_nr_seg > 0)) {
5034 sctp_strike_gap_ack_chunks(stcb, asoc, biggest_tsn_acked,
5035 biggest_tsn_newly_acked, this_sack_lowest_newack, accum_moved);
5037 /* JRS - Use the congestion control given in the CC module */
5038 asoc->cc_functions.sctp_cwnd_update_after_fr(stcb, asoc);
5040 /* Now are we exiting loss recovery ? */
5041 if (will_exit_fast_recovery) {
5042 /* Ok, we must exit fast recovery */
5043 asoc->fast_retran_loss_recovery = 0;
5045 if ((asoc->sat_t3_loss_recovery) &&
5046 SCTP_TSN_GE(asoc->last_acked_seq, asoc->sat_t3_recovery_tsn)) {
5047 /* end satellite t3 loss recovery */
5048 asoc->sat_t3_loss_recovery = 0;
5053 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5054 if (net->will_exit_fast_recovery) {
5055 /* Ok, we must exit fast recovery */
5056 net->fast_retran_loss_recovery = 0;
5060 /* Adjust and set the new rwnd value */
5061 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
5062 sctp_log_rwnd_set(SCTP_SET_PEER_RWND_VIA_SACK,
5063 asoc->peers_rwnd, asoc->total_flight, (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)), a_rwnd);
5065 asoc->peers_rwnd = sctp_sbspace_sub(a_rwnd,
5066 (uint32_t) (asoc->total_flight + (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))));
5067 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
5068 /* SWS sender side engages */
5069 asoc->peers_rwnd = 0;
5071 if (asoc->peers_rwnd > old_rwnd) {
5072 win_probe_recovery = 1;
5075 * Now we must setup so we have a timer up for anyone with
5081 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5082 if (win_probe_recovery && (net->window_probe)) {
5083 win_probe_recovered = 1;
5085 * Find first chunk that was used with
5086 * window probe and clear the event. Put
5087 * it back into the send queue as if has
5090 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
5091 if (tp1->window_probe) {
5092 sctp_window_probe_recovery(stcb, asoc, tp1);
5097 if (net->flight_size) {
5099 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
5100 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
5101 stcb->sctp_ep, stcb, net);
5103 if (net->window_probe) {
5104 net->window_probe = 0;
5107 if (net->window_probe) {
5109 * In window probes we must assure a timer
5110 * is still running there
5112 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
5113 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
5114 stcb->sctp_ep, stcb, net);
5117 } else if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
5118 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
5120 SCTP_FROM_SCTP_INDATA + SCTP_LOC_22);
5125 (!TAILQ_EMPTY(&asoc->sent_queue)) &&
5126 (asoc->sent_queue_retran_cnt == 0) &&
5127 (win_probe_recovered == 0) &&
5130 * huh, this should not happen unless all packets are
5131 * PR-SCTP and marked to skip of course.
5133 if (sctp_fs_audit(asoc)) {
5134 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5135 net->flight_size = 0;
5137 asoc->total_flight = 0;
5138 asoc->total_flight_count = 0;
5139 asoc->sent_queue_retran_cnt = 0;
5140 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
5141 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
5142 sctp_flight_size_increase(tp1);
5143 sctp_total_flight_increase(stcb, tp1);
5144 } else if (tp1->sent == SCTP_DATAGRAM_RESEND) {
5145 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
5152 /*********************************************/
5153 /* Here we perform PR-SCTP procedures */
5155 /*********************************************/
5156 /* C1. update advancedPeerAckPoint */
5157 if (SCTP_TSN_GT(cum_ack, asoc->advanced_peer_ack_point)) {
5158 asoc->advanced_peer_ack_point = cum_ack;
5160 /* C2. try to further move advancedPeerAckPoint ahead */
5161 if ((asoc->peer_supports_prsctp) && (asoc->pr_sctp_cnt > 0)) {
5162 struct sctp_tmit_chunk *lchk;
5163 uint32_t old_adv_peer_ack_point;
5165 old_adv_peer_ack_point = asoc->advanced_peer_ack_point;
5166 lchk = sctp_try_advance_peer_ack_point(stcb, asoc);
5167 /* C3. See if we need to send a Fwd-TSN */
5168 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, cum_ack)) {
5170 * ISSUE with ECN, see FWD-TSN processing.
5172 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
5173 sctp_misc_ints(SCTP_FWD_TSN_CHECK,
5174 0xee, cum_ack, asoc->advanced_peer_ack_point,
5175 old_adv_peer_ack_point);
5177 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, old_adv_peer_ack_point)) {
5178 send_forward_tsn(stcb, asoc);
5180 /* try to FR fwd-tsn's that get lost too */
5181 if (lchk->rec.data.fwd_tsn_cnt >= 3) {
5182 send_forward_tsn(stcb, asoc);
5187 /* Assure a timer is up */
5188 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
5189 stcb->sctp_ep, stcb, lchk->whoTo);
5192 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_RWND_LOGGING_ENABLE) {
5193 sctp_misc_ints(SCTP_SACK_RWND_UPDATE,
5195 stcb->asoc.peers_rwnd,
5196 stcb->asoc.total_flight,
5197 stcb->asoc.total_output_queue_size);
5202 sctp_update_acked(struct sctp_tcb *stcb, struct sctp_shutdown_chunk *cp, int *abort_flag)
5205 uint32_t cum_ack, a_rwnd;
5207 cum_ack = ntohl(cp->cumulative_tsn_ack);
5208 /* Arrange so a_rwnd does NOT change */
5209 a_rwnd = stcb->asoc.peers_rwnd + stcb->asoc.total_flight;
5211 /* Now call the express sack handling */
5212 sctp_express_handle_sack(stcb, cum_ack, a_rwnd, abort_flag, 0);
5216 sctp_kick_prsctp_reorder_queue(struct sctp_tcb *stcb,
5217 struct sctp_stream_in *strmin)
5219 struct sctp_queued_to_read *ctl, *nctl;
5220 struct sctp_association *asoc;
5224 tt = strmin->last_sequence_delivered;
5226 * First deliver anything prior to and including the stream no that
5229 TAILQ_FOREACH_SAFE(ctl, &strmin->inqueue, next, nctl) {
5230 if (SCTP_SSN_GE(tt, ctl->sinfo_ssn)) {
5231 /* this is deliverable now */
5232 TAILQ_REMOVE(&strmin->inqueue, ctl, next);
5233 /* subtract pending on streams */
5234 asoc->size_on_all_streams -= ctl->length;
5235 sctp_ucount_decr(asoc->cnt_on_all_streams);
5236 /* deliver it to at least the delivery-q */
5237 if (stcb->sctp_socket) {
5238 sctp_mark_non_revokable(asoc, ctl->sinfo_tsn);
5239 sctp_add_to_readq(stcb->sctp_ep, stcb,
5241 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED);
5244 /* no more delivery now. */
5249 * now we must deliver things in queue the normal way if any are
5252 tt = strmin->last_sequence_delivered + 1;
5253 TAILQ_FOREACH_SAFE(ctl, &strmin->inqueue, next, nctl) {
5254 if (tt == ctl->sinfo_ssn) {
5255 /* this is deliverable now */
5256 TAILQ_REMOVE(&strmin->inqueue, ctl, next);
5257 /* subtract pending on streams */
5258 asoc->size_on_all_streams -= ctl->length;
5259 sctp_ucount_decr(asoc->cnt_on_all_streams);
5260 /* deliver it to at least the delivery-q */
5261 strmin->last_sequence_delivered = ctl->sinfo_ssn;
5262 if (stcb->sctp_socket) {
5263 sctp_mark_non_revokable(asoc, ctl->sinfo_tsn);
5264 sctp_add_to_readq(stcb->sctp_ep, stcb,
5266 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED);
5269 tt = strmin->last_sequence_delivered + 1;
5277 sctp_flush_reassm_for_str_seq(struct sctp_tcb *stcb,
5278 struct sctp_association *asoc,
5279 uint16_t stream, uint16_t seq)
5281 struct sctp_tmit_chunk *chk, *nchk;
5283 /* For each one on here see if we need to toss it */
5285 * For now large messages held on the reasmqueue that are complete
5286 * will be tossed too. We could in theory do more work to spin
5287 * through and stop after dumping one msg aka seeing the start of a
5288 * new msg at the head, and call the delivery function... to see if
5289 * it can be delivered... But for now we just dump everything on the
5292 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
5294 * Do not toss it if on a different stream or marked for
5295 * unordered delivery in which case the stream sequence
5296 * number has no meaning.
5298 if ((chk->rec.data.stream_number != stream) ||
5299 ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == SCTP_DATA_UNORDERED)) {
5302 if (chk->rec.data.stream_seq == seq) {
5303 /* It needs to be tossed */
5304 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
5305 if (SCTP_TSN_GT(chk->rec.data.TSN_seq, asoc->tsn_last_delivered)) {
5306 asoc->tsn_last_delivered = chk->rec.data.TSN_seq;
5307 asoc->str_of_pdapi = chk->rec.data.stream_number;
5308 asoc->ssn_of_pdapi = chk->rec.data.stream_seq;
5309 asoc->fragment_flags = chk->rec.data.rcv_flags;
5311 asoc->size_on_reasm_queue -= chk->send_size;
5312 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
5314 /* Clear up any stream problem */
5315 if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) != SCTP_DATA_UNORDERED &&
5316 SCTP_SSN_GT(chk->rec.data.stream_seq, asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered)) {
5318 * We must dump forward this streams
5319 * sequence number if the chunk is not
5320 * unordered that is being skipped. There is
5321 * a chance that if the peer does not
5322 * include the last fragment in its FWD-TSN
5323 * we WILL have a problem here since you
5324 * would have a partial chunk in queue that
5325 * may not be deliverable. Also if a Partial
5326 * delivery API as started the user may get
5327 * a partial chunk. The next read returning
5328 * a new chunk... really ugly but I see no
5329 * way around it! Maybe a notify??
5331 asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered = chk->rec.data.stream_seq;
5334 sctp_m_freem(chk->data);
5337 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
5338 } else if (SCTP_SSN_GT(chk->rec.data.stream_seq, seq)) {
5340 * If the stream_seq is > than the purging one, we
5350 sctp_handle_forward_tsn(struct sctp_tcb *stcb,
5351 struct sctp_forward_tsn_chunk *fwd,
5352 int *abort_flag, struct mbuf *m, int offset)
5354 /* The pr-sctp fwd tsn */
5356 * here we will perform all the data receiver side steps for
5357 * processing FwdTSN, as required in by pr-sctp draft:
5359 * Assume we get FwdTSN(x):
5361 * 1) update local cumTSN to x 2) try to further advance cumTSN to x +
5362 * others we have 3) examine and update re-ordering queue on
5363 * pr-in-streams 4) clean up re-assembly queue 5) Send a sack to
5364 * report where we are.
5366 struct sctp_association *asoc;
5367 uint32_t new_cum_tsn, gap;
5368 unsigned int i, fwd_sz, m_size;
5370 struct sctp_stream_in *strm;
5371 struct sctp_tmit_chunk *chk, *nchk;
5372 struct sctp_queued_to_read *ctl, *sv;
5375 if ((fwd_sz = ntohs(fwd->ch.chunk_length)) < sizeof(struct sctp_forward_tsn_chunk)) {
5376 SCTPDBG(SCTP_DEBUG_INDATA1,
5377 "Bad size too small/big fwd-tsn\n");
5380 m_size = (stcb->asoc.mapping_array_size << 3);
5381 /*************************************************************/
5382 /* 1. Here we update local cumTSN and shift the bitmap array */
5383 /*************************************************************/
5384 new_cum_tsn = ntohl(fwd->new_cumulative_tsn);
5386 if (SCTP_TSN_GE(asoc->cumulative_tsn, new_cum_tsn)) {
5387 /* Already got there ... */
5391 * now we know the new TSN is more advanced, let's find the actual
5394 SCTP_CALC_TSN_TO_GAP(gap, new_cum_tsn, asoc->mapping_array_base_tsn);
5395 asoc->cumulative_tsn = new_cum_tsn;
5396 if (gap >= m_size) {
5397 if ((long)gap > sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv)) {
5401 * out of range (of single byte chunks in the rwnd I
5402 * give out). This must be an attacker.
5405 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
5406 0, M_DONTWAIT, 1, MT_DATA);
5408 struct sctp_paramhdr *ph;
5411 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
5412 (sizeof(uint32_t) * 3);
5413 ph = mtod(oper, struct sctp_paramhdr *);
5414 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
5415 ph->param_length = htons(SCTP_BUF_LEN(oper));
5416 ippp = (uint32_t *) (ph + 1);
5417 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_33);
5419 *ippp = asoc->highest_tsn_inside_map;
5421 *ippp = new_cum_tsn;
5423 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_33;
5424 sctp_abort_an_association(stcb->sctp_ep, stcb,
5425 SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
5428 SCTP_STAT_INCR(sctps_fwdtsn_map_over);
5430 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
5431 asoc->mapping_array_base_tsn = new_cum_tsn + 1;
5432 asoc->highest_tsn_inside_map = new_cum_tsn;
5434 memset(stcb->asoc.nr_mapping_array, 0, stcb->asoc.mapping_array_size);
5435 asoc->highest_tsn_inside_nr_map = new_cum_tsn;
5437 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
5438 sctp_log_map(0, 3, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
5441 SCTP_TCB_LOCK_ASSERT(stcb);
5442 for (i = 0; i <= gap; i++) {
5443 if (!SCTP_IS_TSN_PRESENT(asoc->mapping_array, i) &&
5444 !SCTP_IS_TSN_PRESENT(asoc->nr_mapping_array, i)) {
5445 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, i);
5446 if (SCTP_TSN_GT(asoc->mapping_array_base_tsn + i, asoc->highest_tsn_inside_nr_map)) {
5447 asoc->highest_tsn_inside_nr_map = asoc->mapping_array_base_tsn + i;
5452 /*************************************************************/
5453 /* 2. Clear up re-assembly queue */
5454 /*************************************************************/
5456 * First service it if pd-api is up, just in case we can progress it
5459 if (asoc->fragmented_delivery_inprogress) {
5460 sctp_service_reassembly(stcb, asoc);
5462 /* For each one on here see if we need to toss it */
5464 * For now large messages held on the reasmqueue that are complete
5465 * will be tossed too. We could in theory do more work to spin
5466 * through and stop after dumping one msg aka seeing the start of a
5467 * new msg at the head, and call the delivery function... to see if
5468 * it can be delivered... But for now we just dump everything on the
5471 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
5472 if (SCTP_TSN_GE(new_cum_tsn, chk->rec.data.TSN_seq)) {
5473 /* It needs to be tossed */
5474 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
5475 if (SCTP_TSN_GT(chk->rec.data.TSN_seq, asoc->tsn_last_delivered)) {
5476 asoc->tsn_last_delivered = chk->rec.data.TSN_seq;
5477 asoc->str_of_pdapi = chk->rec.data.stream_number;
5478 asoc->ssn_of_pdapi = chk->rec.data.stream_seq;
5479 asoc->fragment_flags = chk->rec.data.rcv_flags;
5481 asoc->size_on_reasm_queue -= chk->send_size;
5482 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
5484 /* Clear up any stream problem */
5485 if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) != SCTP_DATA_UNORDERED &&
5486 SCTP_SSN_GT(chk->rec.data.stream_seq, asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered)) {
5488 * We must dump forward this streams
5489 * sequence number if the chunk is not
5490 * unordered that is being skipped. There is
5491 * a chance that if the peer does not
5492 * include the last fragment in its FWD-TSN
5493 * we WILL have a problem here since you
5494 * would have a partial chunk in queue that
5495 * may not be deliverable. Also if a Partial
5496 * delivery API as started the user may get
5497 * a partial chunk. The next read returning
5498 * a new chunk... really ugly but I see no
5499 * way around it! Maybe a notify??
5501 asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered = chk->rec.data.stream_seq;
5504 sctp_m_freem(chk->data);
5507 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
5510 * Ok we have gone beyond the end of the fwd-tsn's
5516 /*******************************************************/
5517 /* 3. Update the PR-stream re-ordering queues and fix */
5518 /* delivery issues as needed. */
5519 /*******************************************************/
5520 fwd_sz -= sizeof(*fwd);
5523 unsigned int num_str;
5524 struct sctp_strseq *stseq, strseqbuf;
5526 offset += sizeof(*fwd);
5528 SCTP_INP_READ_LOCK(stcb->sctp_ep);
5529 num_str = fwd_sz / sizeof(struct sctp_strseq);
5530 for (i = 0; i < num_str; i++) {
5533 stseq = (struct sctp_strseq *)sctp_m_getptr(m, offset,
5534 sizeof(struct sctp_strseq),
5535 (uint8_t *) & strseqbuf);
5536 offset += sizeof(struct sctp_strseq);
5537 if (stseq == NULL) {
5541 st = ntohs(stseq->stream);
5543 st = ntohs(stseq->sequence);
5544 stseq->sequence = st;
5549 * Ok we now look for the stream/seq on the read
5550 * queue where its not all delivered. If we find it
5551 * we transmute the read entry into a PDI_ABORTED.
5553 if (stseq->stream >= asoc->streamincnt) {
5554 /* screwed up streams, stop! */
5557 if ((asoc->str_of_pdapi == stseq->stream) &&
5558 (asoc->ssn_of_pdapi == stseq->sequence)) {
5560 * If this is the one we were partially
5561 * delivering now then we no longer are.
5562 * Note this will change with the reassembly
5565 asoc->fragmented_delivery_inprogress = 0;
5567 sctp_flush_reassm_for_str_seq(stcb, asoc, stseq->stream, stseq->sequence);
5568 TAILQ_FOREACH(ctl, &stcb->sctp_ep->read_queue, next) {
5569 if ((ctl->sinfo_stream == stseq->stream) &&
5570 (ctl->sinfo_ssn == stseq->sequence)) {
5571 str_seq = (stseq->stream << 16) | stseq->sequence;
5573 ctl->pdapi_aborted = 1;
5574 sv = stcb->asoc.control_pdapi;
5575 stcb->asoc.control_pdapi = ctl;
5576 sctp_ulp_notify(SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION,
5578 SCTP_PARTIAL_DELIVERY_ABORTED,
5580 SCTP_SO_NOT_LOCKED);
5581 stcb->asoc.control_pdapi = sv;
5583 } else if ((ctl->sinfo_stream == stseq->stream) &&
5584 SCTP_SSN_GT(ctl->sinfo_ssn, stseq->sequence)) {
5585 /* We are past our victim SSN */
5589 strm = &asoc->strmin[stseq->stream];
5590 if (SCTP_SSN_GT(stseq->sequence, strm->last_sequence_delivered)) {
5591 /* Update the sequence number */
5592 strm->last_sequence_delivered = stseq->sequence;
5594 /* now kick the stream the new way */
5595 /* sa_ignore NO_NULL_CHK */
5596 sctp_kick_prsctp_reorder_queue(stcb, strm);
5598 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
5601 * Now slide thing forward.
5603 sctp_slide_mapping_arrays(stcb);
5605 if (!TAILQ_EMPTY(&asoc->reasmqueue)) {
5606 /* now lets kick out and check for more fragmented delivery */
5607 /* sa_ignore NO_NULL_CHK */
5608 sctp_deliver_reasm_check(stcb, &stcb->asoc);
projects / FreeBSD / stable / 8.git / blob