2 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved.
3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * a) Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
12 * b) Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the distribution.
16 * c) Neither the name of Cisco Systems, Inc. nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
30 * THE POSSIBILITY OF SUCH DAMAGE.
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <netinet/sctp_os.h>
37 #include <netinet/sctp_var.h>
38 #include <netinet/sctp_sysctl.h>
39 #include <netinet/sctp_pcb.h>
40 #include <netinet/sctp_header.h>
41 #include <netinet/sctputil.h>
42 #include <netinet/sctp_output.h>
43 #include <netinet/sctp_input.h>
44 #include <netinet/sctp_indata.h>
45 #include <netinet/sctp_uio.h>
46 #include <netinet/sctp_timer.h>
50 * NOTES: On the outbound side of things I need to check the sack timer to
51 * see if I should generate a sack into the chunk queue (if I have data to
52 * send that is and will be sending it .. for bundling.
54 * The callback in sctp_usrreq.c will get called when the socket is read from.
55 * This will cause sctp_service_queues() to get called on the top entry in
60 sctp_set_rwnd(struct sctp_tcb *stcb, struct sctp_association *asoc)
62 asoc->my_rwnd = sctp_calc_rwnd(stcb, asoc);
65 /* Calculate what the rwnd would be */
67 sctp_calc_rwnd(struct sctp_tcb *stcb, struct sctp_association *asoc)
72 * This is really set wrong with respect to a 1-2-m socket. Since
73 * the sb_cc is the count that everyone as put up. When we re-write
74 * sctp_soreceive then we will fix this so that ONLY this
75 * associations data is taken into account.
77 if (stcb->sctp_socket == NULL)
80 if (stcb->asoc.sb_cc == 0 &&
81 asoc->size_on_reasm_queue == 0 &&
82 asoc->size_on_all_streams == 0) {
83 /* Full rwnd granted */
84 calc = max(SCTP_SB_LIMIT_RCV(stcb->sctp_socket), SCTP_MINIMAL_RWND);
87 /* get actual space */
88 calc = (uint32_t) sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv);
91 * take out what has NOT been put on socket queue and we yet hold
94 calc = sctp_sbspace_sub(calc, (uint32_t) (asoc->size_on_reasm_queue +
95 asoc->cnt_on_reasm_queue * MSIZE));
96 calc = sctp_sbspace_sub(calc, (uint32_t) (asoc->size_on_all_streams +
97 asoc->cnt_on_all_streams * MSIZE));
103 /* what is the overhead of all these rwnd's */
104 calc = sctp_sbspace_sub(calc, stcb->asoc.my_rwnd_control_len);
106 * If the window gets too small due to ctrl-stuff, reduce it to 1,
107 * even it is 0. SWS engaged
109 if (calc < stcb->asoc.my_rwnd_control_len) {
118 * Build out our readq entry based on the incoming packet.
120 struct sctp_queued_to_read *
121 sctp_build_readq_entry(struct sctp_tcb *stcb,
122 struct sctp_nets *net,
123 uint32_t tsn, uint32_t ppid,
124 uint32_t context, uint16_t stream_no,
125 uint16_t stream_seq, uint8_t flags,
128 struct sctp_queued_to_read *read_queue_e = NULL;
130 sctp_alloc_a_readq(stcb, read_queue_e);
131 if (read_queue_e == NULL) {
134 read_queue_e->sinfo_stream = stream_no;
135 read_queue_e->sinfo_ssn = stream_seq;
136 read_queue_e->sinfo_flags = (flags << 8);
137 read_queue_e->sinfo_ppid = ppid;
138 read_queue_e->sinfo_context = context;
139 read_queue_e->sinfo_timetolive = 0;
140 read_queue_e->sinfo_tsn = tsn;
141 read_queue_e->sinfo_cumtsn = tsn;
142 read_queue_e->sinfo_assoc_id = sctp_get_associd(stcb);
143 read_queue_e->whoFrom = net;
144 read_queue_e->length = 0;
145 atomic_add_int(&net->ref_count, 1);
146 read_queue_e->data = dm;
147 read_queue_e->spec_flags = 0;
148 read_queue_e->tail_mbuf = NULL;
149 read_queue_e->aux_data = NULL;
150 read_queue_e->stcb = stcb;
151 read_queue_e->port_from = stcb->rport;
152 read_queue_e->do_not_ref_stcb = 0;
153 read_queue_e->end_added = 0;
154 read_queue_e->some_taken = 0;
155 read_queue_e->pdapi_aborted = 0;
157 return (read_queue_e);
162 * Build out our readq entry based on the incoming packet.
164 static struct sctp_queued_to_read *
165 sctp_build_readq_entry_chk(struct sctp_tcb *stcb,
166 struct sctp_tmit_chunk *chk)
168 struct sctp_queued_to_read *read_queue_e = NULL;
170 sctp_alloc_a_readq(stcb, read_queue_e);
171 if (read_queue_e == NULL) {
174 read_queue_e->sinfo_stream = chk->rec.data.stream_number;
175 read_queue_e->sinfo_ssn = chk->rec.data.stream_seq;
176 read_queue_e->sinfo_flags = (chk->rec.data.rcv_flags << 8);
177 read_queue_e->sinfo_ppid = chk->rec.data.payloadtype;
178 read_queue_e->sinfo_context = stcb->asoc.context;
179 read_queue_e->sinfo_timetolive = 0;
180 read_queue_e->sinfo_tsn = chk->rec.data.TSN_seq;
181 read_queue_e->sinfo_cumtsn = chk->rec.data.TSN_seq;
182 read_queue_e->sinfo_assoc_id = sctp_get_associd(stcb);
183 read_queue_e->whoFrom = chk->whoTo;
184 read_queue_e->aux_data = NULL;
185 read_queue_e->length = 0;
186 atomic_add_int(&chk->whoTo->ref_count, 1);
187 read_queue_e->data = chk->data;
188 read_queue_e->tail_mbuf = NULL;
189 read_queue_e->stcb = stcb;
190 read_queue_e->port_from = stcb->rport;
191 read_queue_e->spec_flags = 0;
192 read_queue_e->do_not_ref_stcb = 0;
193 read_queue_e->end_added = 0;
194 read_queue_e->some_taken = 0;
195 read_queue_e->pdapi_aborted = 0;
197 return (read_queue_e);
202 sctp_build_ctl_nchunk(struct sctp_inpcb *inp, struct sctp_sndrcvinfo *sinfo)
204 struct sctp_extrcvinfo *seinfo;
205 struct sctp_sndrcvinfo *outinfo;
206 struct sctp_rcvinfo *rcvinfo;
207 struct sctp_nxtinfo *nxtinfo;
214 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT) &&
215 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVRCVINFO) &&
216 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) {
217 /* user does not want any ancillary data */
221 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVRCVINFO)) {
222 len += CMSG_SPACE(sizeof(struct sctp_rcvinfo));
224 seinfo = (struct sctp_extrcvinfo *)sinfo;
225 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO) &&
226 (seinfo->sreinfo_next_flags & SCTP_NEXT_MSG_AVAIL)) {
228 len += CMSG_SPACE(sizeof(struct sctp_rcvinfo));
232 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT)) {
233 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO)) {
235 len += CMSG_SPACE(sizeof(struct sctp_extrcvinfo));
238 len += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
244 ret = sctp_get_mbuf_for_msg(len, 0, M_DONTWAIT, 1, MT_DATA);
249 SCTP_BUF_LEN(ret) = 0;
251 /* We need a CMSG header followed by the struct */
252 cmh = mtod(ret, struct cmsghdr *);
253 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVRCVINFO)) {
254 cmh->cmsg_level = IPPROTO_SCTP;
255 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_rcvinfo));
256 cmh->cmsg_type = SCTP_RCVINFO;
257 rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmh);
258 rcvinfo->rcv_sid = sinfo->sinfo_stream;
259 rcvinfo->rcv_ssn = sinfo->sinfo_ssn;
260 rcvinfo->rcv_flags = sinfo->sinfo_flags;
261 rcvinfo->rcv_ppid = sinfo->sinfo_ppid;
262 rcvinfo->rcv_tsn = sinfo->sinfo_tsn;
263 rcvinfo->rcv_cumtsn = sinfo->sinfo_cumtsn;
264 rcvinfo->rcv_context = sinfo->sinfo_context;
265 rcvinfo->rcv_assoc_id = sinfo->sinfo_assoc_id;
266 cmh = (struct cmsghdr *)((caddr_t)cmh + CMSG_SPACE(sizeof(struct sctp_rcvinfo)));
267 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_rcvinfo));
270 cmh->cmsg_level = IPPROTO_SCTP;
271 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_nxtinfo));
272 cmh->cmsg_type = SCTP_NXTINFO;
273 nxtinfo = (struct sctp_nxtinfo *)CMSG_DATA(cmh);
274 nxtinfo->nxt_sid = seinfo->sreinfo_next_stream;
275 nxtinfo->nxt_flags = 0;
276 if (seinfo->sreinfo_next_flags & SCTP_NEXT_MSG_IS_UNORDERED) {
277 nxtinfo->nxt_flags |= SCTP_UNORDERED;
279 if (seinfo->sreinfo_next_flags & SCTP_NEXT_MSG_IS_NOTIFICATION) {
280 nxtinfo->nxt_flags |= SCTP_NOTIFICATION;
282 if (seinfo->sreinfo_next_flags & SCTP_NEXT_MSG_ISCOMPLETE) {
283 nxtinfo->nxt_flags |= SCTP_COMPLETE;
285 nxtinfo->nxt_ppid = seinfo->sreinfo_next_ppid;
286 nxtinfo->nxt_length = seinfo->sreinfo_next_length;
287 nxtinfo->nxt_assoc_id = seinfo->sreinfo_next_aid;
288 cmh = (struct cmsghdr *)((caddr_t)cmh + CMSG_SPACE(sizeof(struct sctp_nxtinfo)));
289 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_nxtinfo));
291 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT)) {
292 cmh->cmsg_level = IPPROTO_SCTP;
293 outinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmh);
295 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_extrcvinfo));
296 cmh->cmsg_type = SCTP_EXTRCV;
297 memcpy(outinfo, sinfo, sizeof(struct sctp_extrcvinfo));
298 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_extrcvinfo));
300 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
301 cmh->cmsg_type = SCTP_SNDRCV;
303 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
311 sctp_mark_non_revokable(struct sctp_association *asoc, uint32_t tsn)
313 uint32_t gap, i, cumackp1;
316 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) {
319 cumackp1 = asoc->cumulative_tsn + 1;
320 if (SCTP_TSN_GT(cumackp1, tsn)) {
322 * this tsn is behind the cum ack and thus we don't need to
323 * worry about it being moved from one to the other.
327 SCTP_CALC_TSN_TO_GAP(gap, tsn, asoc->mapping_array_base_tsn);
328 if (!SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) {
329 SCTP_PRINTF("gap:%x tsn:%x\n", gap, tsn);
330 sctp_print_mapping_array(asoc);
332 panic("Things are really messed up now!!");
335 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
336 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
337 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
338 asoc->highest_tsn_inside_nr_map = tsn;
340 if (tsn == asoc->highest_tsn_inside_map) {
341 /* We must back down to see what the new highest is */
342 for (i = tsn - 1; SCTP_TSN_GE(i, asoc->mapping_array_base_tsn); i--) {
343 SCTP_CALC_TSN_TO_GAP(gap, i, asoc->mapping_array_base_tsn);
344 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) {
345 asoc->highest_tsn_inside_map = i;
351 asoc->highest_tsn_inside_map = asoc->mapping_array_base_tsn - 1;
358 * We are delivering currently from the reassembly queue. We must continue to
359 * deliver until we either: 1) run out of space. 2) run out of sequential
360 * TSN's 3) hit the SCTP_DATA_LAST_FRAG flag.
363 sctp_service_reassembly(struct sctp_tcb *stcb, struct sctp_association *asoc)
365 struct sctp_tmit_chunk *chk, *nchk;
370 struct sctp_queued_to_read *control, *ctl, *nctl;
375 cntDel = stream_no = 0;
376 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
377 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) ||
378 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) {
379 /* socket above is long gone or going.. */
381 asoc->fragmented_delivery_inprogress = 0;
382 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
383 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
384 asoc->size_on_reasm_queue -= chk->send_size;
385 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
387 * Lose the data pointer, since its in the socket
391 sctp_m_freem(chk->data);
394 /* Now free the address and data */
395 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
396 /* sa_ignore FREED_MEMORY */
400 SCTP_TCB_LOCK_ASSERT(stcb);
401 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
402 if (chk->rec.data.TSN_seq != (asoc->tsn_last_delivered + 1)) {
403 /* Can't deliver more :< */
406 stream_no = chk->rec.data.stream_number;
407 nxt_todel = asoc->strmin[stream_no].last_sequence_delivered + 1;
408 if (nxt_todel != chk->rec.data.stream_seq &&
409 (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0) {
411 * Not the next sequence to deliver in its stream OR
416 if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
418 control = sctp_build_readq_entry_chk(stcb, chk);
419 if (control == NULL) {
423 /* save it off for our future deliveries */
424 stcb->asoc.control_pdapi = control;
425 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG)
429 sctp_mark_non_revokable(asoc, chk->rec.data.TSN_seq);
430 sctp_add_to_readq(stcb->sctp_ep,
431 stcb, control, &stcb->sctp_socket->so_rcv, end,
432 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
435 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG)
439 sctp_mark_non_revokable(asoc, chk->rec.data.TSN_seq);
440 if (sctp_append_to_readq(stcb->sctp_ep, stcb,
441 stcb->asoc.control_pdapi,
442 chk->data, end, chk->rec.data.TSN_seq,
443 &stcb->sctp_socket->so_rcv)) {
445 * something is very wrong, either
446 * control_pdapi is NULL, or the tail_mbuf
447 * is corrupt, or there is a EOM already on
450 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
454 if ((stcb->asoc.control_pdapi == NULL) || (stcb->asoc.control_pdapi->tail_mbuf == NULL)) {
455 panic("This should not happen control_pdapi NULL?");
457 /* if we did not panic, it was a EOM */
458 panic("Bad chunking ??");
460 if ((stcb->asoc.control_pdapi == NULL) || (stcb->asoc.control_pdapi->tail_mbuf == NULL)) {
461 SCTP_PRINTF("This should not happen control_pdapi NULL?\n");
463 SCTP_PRINTF("Bad chunking ??\n");
464 SCTP_PRINTF("Dumping re-assembly queue this will probably hose the association\n");
472 /* pull it we did it */
473 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
474 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) {
475 asoc->fragmented_delivery_inprogress = 0;
476 if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0) {
477 asoc->strmin[stream_no].last_sequence_delivered++;
479 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0) {
480 SCTP_STAT_INCR_COUNTER64(sctps_reasmusrmsgs);
482 } else if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
484 * turn the flag back on since we just delivered
487 asoc->fragmented_delivery_inprogress = 1;
489 asoc->tsn_of_pdapi_last_delivered = chk->rec.data.TSN_seq;
490 asoc->last_flags_delivered = chk->rec.data.rcv_flags;
491 asoc->last_strm_seq_delivered = chk->rec.data.stream_seq;
492 asoc->last_strm_no_delivered = chk->rec.data.stream_number;
494 asoc->tsn_last_delivered = chk->rec.data.TSN_seq;
495 asoc->size_on_reasm_queue -= chk->send_size;
496 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
497 /* free up the chk */
499 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
501 if (asoc->fragmented_delivery_inprogress == 0) {
503 * Now lets see if we can deliver the next one on
506 struct sctp_stream_in *strm;
508 strm = &asoc->strmin[stream_no];
509 nxt_todel = strm->last_sequence_delivered + 1;
510 TAILQ_FOREACH_SAFE(ctl, &strm->inqueue, next, nctl) {
511 /* Deliver more if we can. */
512 if (nxt_todel == ctl->sinfo_ssn) {
513 TAILQ_REMOVE(&strm->inqueue, ctl, next);
514 asoc->size_on_all_streams -= ctl->length;
515 sctp_ucount_decr(asoc->cnt_on_all_streams);
516 strm->last_sequence_delivered++;
517 sctp_mark_non_revokable(asoc, ctl->sinfo_tsn);
518 sctp_add_to_readq(stcb->sctp_ep, stcb,
520 &stcb->sctp_socket->so_rcv, 1,
521 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
525 nxt_todel = strm->last_sequence_delivered + 1;
533 * Queue the chunk either right into the socket buffer if it is the next one
534 * to go OR put it in the correct place in the delivery queue. If we do
535 * append to the so_buf, keep doing so until we are out of order. One big
536 * question still remains, what to do when the socket buffer is FULL??
539 sctp_queue_data_to_stream(struct sctp_tcb *stcb, struct sctp_association *asoc,
540 struct sctp_queued_to_read *control, int *abort_flag)
543 * FIX-ME maybe? What happens when the ssn wraps? If we are getting
544 * all the data in one stream this could happen quite rapidly. One
545 * could use the TSN to keep track of things, but this scheme breaks
546 * down in the other type of stream useage that could occur. Send a
547 * single msg to stream 0, send 4Billion messages to stream 1, now
548 * send a message to stream 0. You have a situation where the TSN
549 * has wrapped but not in the stream. Is this worth worrying about
550 * or should we just change our queue sort at the bottom to be by
553 * Could it also be legal for a peer to send ssn 1 with TSN 2 and ssn 2
554 * with TSN 1? If the peer is doing some sort of funky TSN/SSN
555 * assignment this could happen... and I don't see how this would be
556 * a violation. So for now I am undecided an will leave the sort by
557 * SSN alone. Maybe a hybred approach is the answer
560 struct sctp_stream_in *strm;
561 struct sctp_queued_to_read *at;
567 asoc->size_on_all_streams += control->length;
568 sctp_ucount_incr(asoc->cnt_on_all_streams);
569 strm = &asoc->strmin[control->sinfo_stream];
570 nxt_todel = strm->last_sequence_delivered + 1;
571 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
572 sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_INTO_STRD);
574 SCTPDBG(SCTP_DEBUG_INDATA1,
575 "queue to stream called for ssn:%u lastdel:%u nxt:%u\n",
576 (uint32_t) control->sinfo_stream,
577 (uint32_t) strm->last_sequence_delivered,
578 (uint32_t) nxt_todel);
579 if (SCTP_SSN_GE(strm->last_sequence_delivered, control->sinfo_ssn)) {
580 /* The incoming sseq is behind where we last delivered? */
581 SCTPDBG(SCTP_DEBUG_INDATA1, "Duplicate S-SEQ:%d delivered:%d from peer, Abort association\n",
582 control->sinfo_ssn, strm->last_sequence_delivered);
585 * throw it in the stream so it gets cleaned up in
586 * association destruction
588 TAILQ_INSERT_HEAD(&strm->inqueue, control, next);
589 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
590 0, M_DONTWAIT, 1, MT_DATA);
592 struct sctp_paramhdr *ph;
595 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
596 (sizeof(uint32_t) * 3);
597 ph = mtod(oper, struct sctp_paramhdr *);
598 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
599 ph->param_length = htons(SCTP_BUF_LEN(oper));
600 ippp = (uint32_t *) (ph + 1);
601 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_1);
603 *ippp = control->sinfo_tsn;
605 *ippp = ((control->sinfo_stream << 16) | control->sinfo_ssn);
607 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_1;
608 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
613 if (nxt_todel == control->sinfo_ssn) {
614 /* can be delivered right away? */
615 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
616 sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_IMMED_DEL);
618 /* EY it wont be queued if it could be delivered directly */
620 asoc->size_on_all_streams -= control->length;
621 sctp_ucount_decr(asoc->cnt_on_all_streams);
622 strm->last_sequence_delivered++;
624 sctp_mark_non_revokable(asoc, control->sinfo_tsn);
625 sctp_add_to_readq(stcb->sctp_ep, stcb,
627 &stcb->sctp_socket->so_rcv, 1,
628 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
629 TAILQ_FOREACH_SAFE(control, &strm->inqueue, next, at) {
631 nxt_todel = strm->last_sequence_delivered + 1;
632 if (nxt_todel == control->sinfo_ssn) {
633 TAILQ_REMOVE(&strm->inqueue, control, next);
634 asoc->size_on_all_streams -= control->length;
635 sctp_ucount_decr(asoc->cnt_on_all_streams);
636 strm->last_sequence_delivered++;
638 * We ignore the return of deliver_data here
639 * since we always can hold the chunk on the
640 * d-queue. And we have a finite number that
641 * can be delivered from the strq.
643 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
644 sctp_log_strm_del(control, NULL,
645 SCTP_STR_LOG_FROM_IMMED_DEL);
647 sctp_mark_non_revokable(asoc, control->sinfo_tsn);
648 sctp_add_to_readq(stcb->sctp_ep, stcb,
650 &stcb->sctp_socket->so_rcv, 1,
651 SCTP_READ_LOCK_NOT_HELD,
660 * Ok, we did not deliver this guy, find the correct place
661 * to put it on the queue.
663 if (SCTP_TSN_GE(asoc->cumulative_tsn, control->sinfo_tsn)) {
666 if (TAILQ_EMPTY(&strm->inqueue)) {
668 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
669 sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_INSERT_HD);
671 TAILQ_INSERT_HEAD(&strm->inqueue, control, next);
673 TAILQ_FOREACH(at, &strm->inqueue, next) {
674 if (SCTP_SSN_GT(at->sinfo_ssn, control->sinfo_ssn)) {
676 * one in queue is bigger than the
677 * new one, insert before this one
679 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
680 sctp_log_strm_del(control, at,
681 SCTP_STR_LOG_FROM_INSERT_MD);
683 TAILQ_INSERT_BEFORE(at, control, next);
685 } else if (at->sinfo_ssn == control->sinfo_ssn) {
687 * Gak, He sent me a duplicate str
691 * foo bar, I guess I will just free
692 * this new guy, should we abort
693 * too? FIX ME MAYBE? Or it COULD be
694 * that the SSN's have wrapped.
695 * Maybe I should compare to TSN
696 * somehow... sigh for now just blow
701 sctp_m_freem(control->data);
702 control->data = NULL;
703 asoc->size_on_all_streams -= control->length;
704 sctp_ucount_decr(asoc->cnt_on_all_streams);
705 if (control->whoFrom) {
706 sctp_free_remote_addr(control->whoFrom);
707 control->whoFrom = NULL;
709 sctp_free_a_readq(stcb, control);
712 if (TAILQ_NEXT(at, next) == NULL) {
714 * We are at the end, insert
717 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
718 sctp_log_strm_del(control, at,
719 SCTP_STR_LOG_FROM_INSERT_TL);
721 TAILQ_INSERT_AFTER(&strm->inqueue,
732 * Returns two things: You get the total size of the deliverable parts of the
733 * first fragmented message on the reassembly queue. And you get a 1 back if
734 * all of the message is ready or a 0 back if the message is still incomplete
737 sctp_is_all_msg_on_reasm(struct sctp_association *asoc, uint32_t * t_size)
739 struct sctp_tmit_chunk *chk;
743 chk = TAILQ_FIRST(&asoc->reasmqueue);
745 /* nothing on the queue */
748 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0) {
749 /* Not a first on the queue */
752 tsn = chk->rec.data.TSN_seq;
753 TAILQ_FOREACH(chk, &asoc->reasmqueue, sctp_next) {
754 if (tsn != chk->rec.data.TSN_seq) {
757 *t_size += chk->send_size;
758 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) {
767 sctp_deliver_reasm_check(struct sctp_tcb *stcb, struct sctp_association *asoc)
769 struct sctp_tmit_chunk *chk;
771 uint32_t tsize, pd_point;
774 chk = TAILQ_FIRST(&asoc->reasmqueue);
777 asoc->size_on_reasm_queue = 0;
778 asoc->cnt_on_reasm_queue = 0;
781 if (asoc->fragmented_delivery_inprogress == 0) {
783 asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered + 1;
784 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) &&
785 (nxt_todel == chk->rec.data.stream_seq ||
786 (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED))) {
788 * Yep the first one is here and its ok to deliver
791 if (stcb->sctp_socket) {
792 pd_point = min(SCTP_SB_LIMIT_RCV(stcb->sctp_socket),
793 stcb->sctp_ep->partial_delivery_point);
795 pd_point = stcb->sctp_ep->partial_delivery_point;
797 if (sctp_is_all_msg_on_reasm(asoc, &tsize) || (tsize >= pd_point)) {
800 * Yes, we setup to start reception, by
801 * backing down the TSN just in case we
802 * can't deliver. If we
804 asoc->fragmented_delivery_inprogress = 1;
805 asoc->tsn_last_delivered =
806 chk->rec.data.TSN_seq - 1;
808 chk->rec.data.stream_number;
809 asoc->ssn_of_pdapi = chk->rec.data.stream_seq;
810 asoc->pdapi_ppid = chk->rec.data.payloadtype;
811 asoc->fragment_flags = chk->rec.data.rcv_flags;
812 sctp_service_reassembly(stcb, asoc);
817 * Service re-assembly will deliver stream data queued at
818 * the end of fragmented delivery.. but it wont know to go
819 * back and call itself again... we do that here with the
822 sctp_service_reassembly(stcb, asoc);
823 if (asoc->fragmented_delivery_inprogress == 0) {
825 * finished our Fragmented delivery, could be more
834 * Dump onto the re-assembly queue, in its proper place. After dumping on the
835 * queue, see if anthing can be delivered. If so pull it off (or as much as
836 * we can. If we run out of space then we must dump what we can and set the
837 * appropriate flag to say we queued what we could.
840 sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struct sctp_association *asoc,
841 struct sctp_tmit_chunk *chk, int *abort_flag)
844 uint32_t cum_ackp1, prev_tsn, post_tsn;
845 struct sctp_tmit_chunk *at, *prev, *next;
848 cum_ackp1 = asoc->tsn_last_delivered + 1;
849 if (TAILQ_EMPTY(&asoc->reasmqueue)) {
850 /* This is the first one on the queue */
851 TAILQ_INSERT_HEAD(&asoc->reasmqueue, chk, sctp_next);
853 * we do not check for delivery of anything when only one
856 asoc->size_on_reasm_queue = chk->send_size;
857 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
858 if (chk->rec.data.TSN_seq == cum_ackp1) {
859 if (asoc->fragmented_delivery_inprogress == 0 &&
860 (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) !=
861 SCTP_DATA_FIRST_FRAG) {
863 * An empty queue, no delivery inprogress,
864 * we hit the next one and it does NOT have
865 * a FIRST fragment mark.
867 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, its not first, no fragmented delivery in progress\n");
868 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
869 0, M_DONTWAIT, 1, MT_DATA);
872 struct sctp_paramhdr *ph;
876 sizeof(struct sctp_paramhdr) +
877 (sizeof(uint32_t) * 3);
878 ph = mtod(oper, struct sctp_paramhdr *);
880 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
881 ph->param_length = htons(SCTP_BUF_LEN(oper));
882 ippp = (uint32_t *) (ph + 1);
883 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_2);
885 *ippp = chk->rec.data.TSN_seq;
887 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
890 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_2;
891 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
893 } else if (asoc->fragmented_delivery_inprogress &&
894 (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == SCTP_DATA_FIRST_FRAG) {
896 * We are doing a partial delivery and the
897 * NEXT chunk MUST be either the LAST or
898 * MIDDLE fragment NOT a FIRST
900 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it IS a first and fragmented delivery in progress\n");
901 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
902 0, M_DONTWAIT, 1, MT_DATA);
904 struct sctp_paramhdr *ph;
908 sizeof(struct sctp_paramhdr) +
909 (3 * sizeof(uint32_t));
910 ph = mtod(oper, struct sctp_paramhdr *);
912 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
913 ph->param_length = htons(SCTP_BUF_LEN(oper));
914 ippp = (uint32_t *) (ph + 1);
915 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_3);
917 *ippp = chk->rec.data.TSN_seq;
919 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
921 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_3;
922 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
924 } else if (asoc->fragmented_delivery_inprogress) {
926 * Here we are ok with a MIDDLE or LAST
929 if (chk->rec.data.stream_number !=
930 asoc->str_of_pdapi) {
931 /* Got to be the right STR No */
932 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it IS not same stream number %d vs %d\n",
933 chk->rec.data.stream_number,
935 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
936 0, M_DONTWAIT, 1, MT_DATA);
938 struct sctp_paramhdr *ph;
942 sizeof(struct sctp_paramhdr) +
943 (sizeof(uint32_t) * 3);
945 struct sctp_paramhdr *);
947 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
949 htons(SCTP_BUF_LEN(oper));
950 ippp = (uint32_t *) (ph + 1);
951 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_4);
953 *ippp = chk->rec.data.TSN_seq;
955 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
957 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_4;
958 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
960 } else if ((asoc->fragment_flags & SCTP_DATA_UNORDERED) !=
961 SCTP_DATA_UNORDERED &&
962 chk->rec.data.stream_seq != asoc->ssn_of_pdapi) {
963 /* Got to be the right STR Seq */
964 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it IS not same stream seq %d vs %d\n",
965 chk->rec.data.stream_seq,
967 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
968 0, M_DONTWAIT, 1, MT_DATA);
970 struct sctp_paramhdr *ph;
974 sizeof(struct sctp_paramhdr) +
975 (3 * sizeof(uint32_t));
977 struct sctp_paramhdr *);
979 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
981 htons(SCTP_BUF_LEN(oper));
982 ippp = (uint32_t *) (ph + 1);
983 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_5);
985 *ippp = chk->rec.data.TSN_seq;
987 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
990 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_5;
991 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
999 TAILQ_FOREACH(at, &asoc->reasmqueue, sctp_next) {
1000 if (SCTP_TSN_GT(at->rec.data.TSN_seq, chk->rec.data.TSN_seq)) {
1002 * one in queue is bigger than the new one, insert
1006 asoc->size_on_reasm_queue += chk->send_size;
1007 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
1009 TAILQ_INSERT_BEFORE(at, chk, sctp_next);
1011 } else if (at->rec.data.TSN_seq == chk->rec.data.TSN_seq) {
1012 /* Gak, He sent me a duplicate str seq number */
1014 * foo bar, I guess I will just free this new guy,
1015 * should we abort too? FIX ME MAYBE? Or it COULD be
1016 * that the SSN's have wrapped. Maybe I should
1017 * compare to TSN somehow... sigh for now just blow
1021 sctp_m_freem(chk->data);
1024 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
1028 if (TAILQ_NEXT(at, sctp_next) == NULL) {
1030 * We are at the end, insert it after this
1033 /* check it first */
1034 asoc->size_on_reasm_queue += chk->send_size;
1035 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
1036 TAILQ_INSERT_AFTER(&asoc->reasmqueue, at, chk, sctp_next);
1041 /* Now the audits */
1043 prev_tsn = chk->rec.data.TSN_seq - 1;
1044 if (prev_tsn == prev->rec.data.TSN_seq) {
1046 * Ok the one I am dropping onto the end is the
1047 * NEXT. A bit of valdiation here.
1049 if ((prev->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1050 SCTP_DATA_FIRST_FRAG ||
1051 (prev->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1052 SCTP_DATA_MIDDLE_FRAG) {
1054 * Insert chk MUST be a MIDDLE or LAST
1057 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1058 SCTP_DATA_FIRST_FRAG) {
1059 SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - It can be a midlle or last but not a first\n");
1060 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it's a FIRST!\n");
1061 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1062 0, M_DONTWAIT, 1, MT_DATA);
1064 struct sctp_paramhdr *ph;
1067 SCTP_BUF_LEN(oper) =
1068 sizeof(struct sctp_paramhdr) +
1069 (3 * sizeof(uint32_t));
1071 struct sctp_paramhdr *);
1073 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1075 htons(SCTP_BUF_LEN(oper));
1076 ippp = (uint32_t *) (ph + 1);
1077 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_6);
1079 *ippp = chk->rec.data.TSN_seq;
1081 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1084 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_6;
1085 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1089 if (chk->rec.data.stream_number !=
1090 prev->rec.data.stream_number) {
1092 * Huh, need the correct STR here,
1093 * they must be the same.
1095 SCTP_PRINTF("Prev check - Gak, Evil plot, ssn:%d not the same as at:%d\n",
1096 chk->rec.data.stream_number,
1097 prev->rec.data.stream_number);
1098 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1099 0, M_DONTWAIT, 1, MT_DATA);
1101 struct sctp_paramhdr *ph;
1104 SCTP_BUF_LEN(oper) =
1105 sizeof(struct sctp_paramhdr) +
1106 (3 * sizeof(uint32_t));
1108 struct sctp_paramhdr *);
1110 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1112 htons(SCTP_BUF_LEN(oper));
1113 ippp = (uint32_t *) (ph + 1);
1114 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_7);
1116 *ippp = chk->rec.data.TSN_seq;
1118 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1120 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_7;
1121 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1125 if ((prev->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0 &&
1126 chk->rec.data.stream_seq !=
1127 prev->rec.data.stream_seq) {
1129 * Huh, need the correct STR here,
1130 * they must be the same.
1132 SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - Gak, Evil plot, sseq:%d not the same as at:%d\n",
1133 chk->rec.data.stream_seq,
1134 prev->rec.data.stream_seq);
1135 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1136 0, M_DONTWAIT, 1, MT_DATA);
1138 struct sctp_paramhdr *ph;
1141 SCTP_BUF_LEN(oper) =
1142 sizeof(struct sctp_paramhdr) +
1143 (3 * sizeof(uint32_t));
1145 struct sctp_paramhdr *);
1147 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1149 htons(SCTP_BUF_LEN(oper));
1150 ippp = (uint32_t *) (ph + 1);
1151 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_8);
1153 *ippp = chk->rec.data.TSN_seq;
1155 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1157 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_8;
1158 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1162 } else if ((prev->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1163 SCTP_DATA_LAST_FRAG) {
1164 /* Insert chk MUST be a FIRST */
1165 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) !=
1166 SCTP_DATA_FIRST_FRAG) {
1167 SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - Gak, evil plot, its not FIRST and it must be!\n");
1168 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1169 0, M_DONTWAIT, 1, MT_DATA);
1171 struct sctp_paramhdr *ph;
1174 SCTP_BUF_LEN(oper) =
1175 sizeof(struct sctp_paramhdr) +
1176 (3 * sizeof(uint32_t));
1178 struct sctp_paramhdr *);
1180 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1182 htons(SCTP_BUF_LEN(oper));
1183 ippp = (uint32_t *) (ph + 1);
1184 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_9);
1186 *ippp = chk->rec.data.TSN_seq;
1188 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1191 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_9;
1192 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1200 post_tsn = chk->rec.data.TSN_seq + 1;
1201 if (post_tsn == next->rec.data.TSN_seq) {
1203 * Ok the one I am inserting ahead of is my NEXT
1204 * one. A bit of valdiation here.
1206 if (next->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
1207 /* Insert chk MUST be a last fragment */
1208 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK)
1209 != SCTP_DATA_LAST_FRAG) {
1210 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Next is FIRST, we must be LAST\n");
1211 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, its not a last!\n");
1212 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1213 0, M_DONTWAIT, 1, MT_DATA);
1215 struct sctp_paramhdr *ph;
1218 SCTP_BUF_LEN(oper) =
1219 sizeof(struct sctp_paramhdr) +
1220 (3 * sizeof(uint32_t));
1222 struct sctp_paramhdr *);
1224 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1226 htons(SCTP_BUF_LEN(oper));
1227 ippp = (uint32_t *) (ph + 1);
1228 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_10);
1230 *ippp = chk->rec.data.TSN_seq;
1232 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1234 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_10;
1235 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1239 } else if ((next->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1240 SCTP_DATA_MIDDLE_FRAG ||
1241 (next->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1242 SCTP_DATA_LAST_FRAG) {
1244 * Insert chk CAN be MIDDLE or FIRST NOT
1247 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1248 SCTP_DATA_LAST_FRAG) {
1249 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Next is a MIDDLE/LAST\n");
1250 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, new prev chunk is a LAST\n");
1251 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1252 0, M_DONTWAIT, 1, MT_DATA);
1254 struct sctp_paramhdr *ph;
1257 SCTP_BUF_LEN(oper) =
1258 sizeof(struct sctp_paramhdr) +
1259 (3 * sizeof(uint32_t));
1261 struct sctp_paramhdr *);
1263 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1265 htons(SCTP_BUF_LEN(oper));
1266 ippp = (uint32_t *) (ph + 1);
1267 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_11);
1269 *ippp = chk->rec.data.TSN_seq;
1271 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1274 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_11;
1275 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1279 if (chk->rec.data.stream_number !=
1280 next->rec.data.stream_number) {
1282 * Huh, need the correct STR here,
1283 * they must be the same.
1285 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Gak, Evil plot, ssn:%d not the same as at:%d\n",
1286 chk->rec.data.stream_number,
1287 next->rec.data.stream_number);
1288 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1289 0, M_DONTWAIT, 1, MT_DATA);
1291 struct sctp_paramhdr *ph;
1294 SCTP_BUF_LEN(oper) =
1295 sizeof(struct sctp_paramhdr) +
1296 (3 * sizeof(uint32_t));
1298 struct sctp_paramhdr *);
1300 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1302 htons(SCTP_BUF_LEN(oper));
1303 ippp = (uint32_t *) (ph + 1);
1304 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_12);
1306 *ippp = chk->rec.data.TSN_seq;
1308 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1311 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_12;
1312 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1316 if ((next->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0 &&
1317 chk->rec.data.stream_seq !=
1318 next->rec.data.stream_seq) {
1320 * Huh, need the correct STR here,
1321 * they must be the same.
1323 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Gak, Evil plot, sseq:%d not the same as at:%d\n",
1324 chk->rec.data.stream_seq,
1325 next->rec.data.stream_seq);
1326 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1327 0, M_DONTWAIT, 1, MT_DATA);
1329 struct sctp_paramhdr *ph;
1332 SCTP_BUF_LEN(oper) =
1333 sizeof(struct sctp_paramhdr) +
1334 (3 * sizeof(uint32_t));
1336 struct sctp_paramhdr *);
1338 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1340 htons(SCTP_BUF_LEN(oper));
1341 ippp = (uint32_t *) (ph + 1);
1342 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_13);
1344 *ippp = chk->rec.data.TSN_seq;
1346 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1348 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_13;
1349 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1356 /* Do we need to do some delivery? check */
1357 sctp_deliver_reasm_check(stcb, asoc);
1361 * This is an unfortunate routine. It checks to make sure a evil guy is not
1362 * stuffing us full of bad packet fragments. A broken peer could also do this
1363 * but this is doubtful. It is to bad I must worry about evil crackers sigh
1367 sctp_does_tsn_belong_to_reasm(struct sctp_association *asoc,
1370 struct sctp_tmit_chunk *at;
1373 TAILQ_FOREACH(at, &asoc->reasmqueue, sctp_next) {
1374 if (SCTP_TSN_GT(TSN_seq, at->rec.data.TSN_seq)) {
1375 /* is it one bigger? */
1376 tsn_est = at->rec.data.TSN_seq + 1;
1377 if (tsn_est == TSN_seq) {
1378 /* yep. It better be a last then */
1379 if ((at->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) !=
1380 SCTP_DATA_LAST_FRAG) {
1382 * Ok this guy belongs next to a guy
1383 * that is NOT last, it should be a
1384 * middle/last, not a complete
1390 * This guy is ok since its a LAST
1391 * and the new chunk is a fully
1392 * self- contained one.
1397 } else if (TSN_seq == at->rec.data.TSN_seq) {
1398 /* Software error since I have a dup? */
1402 * Ok, 'at' is larger than new chunk but does it
1403 * need to be right before it.
1405 tsn_est = TSN_seq + 1;
1406 if (tsn_est == at->rec.data.TSN_seq) {
1407 /* Yep, It better be a first */
1408 if ((at->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) !=
1409 SCTP_DATA_FIRST_FRAG) {
1422 sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc,
1423 struct mbuf **m, int offset, struct sctp_data_chunk *ch, int chk_length,
1424 struct sctp_nets *net, uint32_t * high_tsn, int *abort_flag,
1425 int *break_flag, int last_chunk)
1427 /* Process a data chunk */
1428 /* struct sctp_tmit_chunk *chk; */
1429 struct sctp_tmit_chunk *chk;
1433 int need_reasm_check = 0;
1434 uint16_t strmno, strmseq;
1436 struct sctp_queued_to_read *control;
1438 uint32_t protocol_id;
1439 uint8_t chunk_flags;
1440 struct sctp_stream_reset_list *liste;
1443 tsn = ntohl(ch->dp.tsn);
1444 chunk_flags = ch->ch.chunk_flags;
1445 if ((chunk_flags & SCTP_DATA_SACK_IMMEDIATELY) == SCTP_DATA_SACK_IMMEDIATELY) {
1446 asoc->send_sack = 1;
1448 protocol_id = ch->dp.protocol_id;
1449 ordered = ((chunk_flags & SCTP_DATA_UNORDERED) == 0);
1450 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
1451 sctp_log_map(tsn, asoc->cumulative_tsn, asoc->highest_tsn_inside_map, SCTP_MAP_TSN_ENTERS);
1456 SCTP_LTRACE_CHK(stcb->sctp_ep, stcb, ch->ch.chunk_type, tsn);
1457 if (SCTP_TSN_GE(asoc->cumulative_tsn, tsn)) {
1458 /* It is a duplicate */
1459 SCTP_STAT_INCR(sctps_recvdupdata);
1460 if (asoc->numduptsns < SCTP_MAX_DUP_TSNS) {
1461 /* Record a dup for the next outbound sack */
1462 asoc->dup_tsns[asoc->numduptsns] = tsn;
1465 asoc->send_sack = 1;
1468 /* Calculate the number of TSN's between the base and this TSN */
1469 SCTP_CALC_TSN_TO_GAP(gap, tsn, asoc->mapping_array_base_tsn);
1470 if (gap >= (SCTP_MAPPING_ARRAY << 3)) {
1471 /* Can't hold the bit in the mapping at max array, toss it */
1474 if (gap >= (uint32_t) (asoc->mapping_array_size << 3)) {
1475 SCTP_TCB_LOCK_ASSERT(stcb);
1476 if (sctp_expand_mapping_array(asoc, gap)) {
1477 /* Can't expand, drop it */
1481 if (SCTP_TSN_GT(tsn, *high_tsn)) {
1484 /* See if we have received this one already */
1485 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap) ||
1486 SCTP_IS_TSN_PRESENT(asoc->nr_mapping_array, gap)) {
1487 SCTP_STAT_INCR(sctps_recvdupdata);
1488 if (asoc->numduptsns < SCTP_MAX_DUP_TSNS) {
1489 /* Record a dup for the next outbound sack */
1490 asoc->dup_tsns[asoc->numduptsns] = tsn;
1493 asoc->send_sack = 1;
1497 * Check to see about the GONE flag, duplicates would cause a sack
1498 * to be sent up above
1500 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
1501 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
1502 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET))
1505 * wait a minute, this guy is gone, there is no longer a
1506 * receiver. Send peer an ABORT!
1508 struct mbuf *op_err;
1510 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
1511 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
1516 * Now before going further we see if there is room. If NOT then we
1517 * MAY let one through only IF this TSN is the one we are waiting
1518 * for on a partial delivery API.
1521 /* now do the tests */
1522 if (((asoc->cnt_on_all_streams +
1523 asoc->cnt_on_reasm_queue +
1524 asoc->cnt_msg_on_sb) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)) ||
1525 (((int)asoc->my_rwnd) <= 0)) {
1527 * When we have NO room in the rwnd we check to make sure
1528 * the reader is doing its job...
1530 if (stcb->sctp_socket->so_rcv.sb_cc) {
1531 /* some to read, wake-up */
1532 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1535 so = SCTP_INP_SO(stcb->sctp_ep);
1536 atomic_add_int(&stcb->asoc.refcnt, 1);
1537 SCTP_TCB_UNLOCK(stcb);
1538 SCTP_SOCKET_LOCK(so, 1);
1539 SCTP_TCB_LOCK(stcb);
1540 atomic_subtract_int(&stcb->asoc.refcnt, 1);
1541 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
1542 /* assoc was freed while we were unlocked */
1543 SCTP_SOCKET_UNLOCK(so, 1);
1547 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket);
1548 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1549 SCTP_SOCKET_UNLOCK(so, 1);
1552 /* now is it in the mapping array of what we have accepted? */
1553 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_map) &&
1554 SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1555 /* Nope not in the valid range dump it */
1556 sctp_set_rwnd(stcb, asoc);
1557 if ((asoc->cnt_on_all_streams +
1558 asoc->cnt_on_reasm_queue +
1559 asoc->cnt_msg_on_sb) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)) {
1560 SCTP_STAT_INCR(sctps_datadropchklmt);
1562 SCTP_STAT_INCR(sctps_datadroprwnd);
1568 strmno = ntohs(ch->dp.stream_id);
1569 if (strmno >= asoc->streamincnt) {
1570 struct sctp_paramhdr *phdr;
1573 mb = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) * 2),
1574 0, M_DONTWAIT, 1, MT_DATA);
1576 /* add some space up front so prepend will work well */
1577 SCTP_BUF_RESV_UF(mb, sizeof(struct sctp_chunkhdr));
1578 phdr = mtod(mb, struct sctp_paramhdr *);
1580 * Error causes are just param's and this one has
1581 * two back to back phdr, one with the error type
1582 * and size, the other with the streamid and a rsvd
1584 SCTP_BUF_LEN(mb) = (sizeof(struct sctp_paramhdr) * 2);
1585 phdr->param_type = htons(SCTP_CAUSE_INVALID_STREAM);
1586 phdr->param_length =
1587 htons(sizeof(struct sctp_paramhdr) * 2);
1589 /* We insert the stream in the type field */
1590 phdr->param_type = ch->dp.stream_id;
1591 /* And set the length to 0 for the rsvd field */
1592 phdr->param_length = 0;
1593 sctp_queue_op_err(stcb, mb);
1595 SCTP_STAT_INCR(sctps_badsid);
1596 SCTP_TCB_LOCK_ASSERT(stcb);
1597 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
1598 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1599 asoc->highest_tsn_inside_nr_map = tsn;
1601 if (tsn == (asoc->cumulative_tsn + 1)) {
1602 /* Update cum-ack */
1603 asoc->cumulative_tsn = tsn;
1608 * Before we continue lets validate that we are not being fooled by
1609 * an evil attacker. We can only have 4k chunks based on our TSN
1610 * spread allowed by the mapping array 512 * 8 bits, so there is no
1611 * way our stream sequence numbers could have wrapped. We of course
1612 * only validate the FIRST fragment so the bit must be set.
1614 strmseq = ntohs(ch->dp.stream_sequence);
1615 #ifdef SCTP_ASOCLOG_OF_TSNS
1616 SCTP_TCB_LOCK_ASSERT(stcb);
1617 if (asoc->tsn_in_at >= SCTP_TSN_LOG_SIZE) {
1618 asoc->tsn_in_at = 0;
1619 asoc->tsn_in_wrapped = 1;
1621 asoc->in_tsnlog[asoc->tsn_in_at].tsn = tsn;
1622 asoc->in_tsnlog[asoc->tsn_in_at].strm = strmno;
1623 asoc->in_tsnlog[asoc->tsn_in_at].seq = strmseq;
1624 asoc->in_tsnlog[asoc->tsn_in_at].sz = chk_length;
1625 asoc->in_tsnlog[asoc->tsn_in_at].flgs = chunk_flags;
1626 asoc->in_tsnlog[asoc->tsn_in_at].stcb = (void *)stcb;
1627 asoc->in_tsnlog[asoc->tsn_in_at].in_pos = asoc->tsn_in_at;
1628 asoc->in_tsnlog[asoc->tsn_in_at].in_out = 1;
1631 if ((chunk_flags & SCTP_DATA_FIRST_FRAG) &&
1632 (TAILQ_EMPTY(&asoc->resetHead)) &&
1633 (chunk_flags & SCTP_DATA_UNORDERED) == 0 &&
1634 SCTP_SSN_GE(asoc->strmin[strmno].last_sequence_delivered, strmseq)) {
1635 /* The incoming sseq is behind where we last delivered? */
1636 SCTPDBG(SCTP_DEBUG_INDATA1, "EVIL/Broken-Dup S-SEQ:%d delivered:%d from peer, Abort!\n",
1637 strmseq, asoc->strmin[strmno].last_sequence_delivered);
1638 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1639 0, M_DONTWAIT, 1, MT_DATA);
1641 struct sctp_paramhdr *ph;
1644 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
1645 (3 * sizeof(uint32_t));
1646 ph = mtod(oper, struct sctp_paramhdr *);
1647 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1648 ph->param_length = htons(SCTP_BUF_LEN(oper));
1649 ippp = (uint32_t *) (ph + 1);
1650 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_14);
1654 *ippp = ((strmno << 16) | strmseq);
1657 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_14;
1658 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1662 /************************************
1663 * From here down we may find ch-> invalid
1664 * so its a good idea NOT to use it.
1665 *************************************/
1667 the_len = (chk_length - sizeof(struct sctp_data_chunk));
1668 if (last_chunk == 0) {
1669 dmbuf = SCTP_M_COPYM(*m,
1670 (offset + sizeof(struct sctp_data_chunk)),
1671 the_len, M_DONTWAIT);
1672 #ifdef SCTP_MBUF_LOGGING
1673 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
1676 for (mat = dmbuf; mat; mat = SCTP_BUF_NEXT(mat)) {
1677 if (SCTP_BUF_IS_EXTENDED(mat)) {
1678 sctp_log_mb(mat, SCTP_MBUF_ICOPY);
1684 /* We can steal the last chunk */
1688 /* lop off the top part */
1689 m_adj(dmbuf, (offset + sizeof(struct sctp_data_chunk)));
1690 if (SCTP_BUF_NEXT(dmbuf) == NULL) {
1691 l_len = SCTP_BUF_LEN(dmbuf);
1694 * need to count up the size hopefully does not hit
1700 for (lat = dmbuf; lat; lat = SCTP_BUF_NEXT(lat)) {
1701 l_len += SCTP_BUF_LEN(lat);
1704 if (l_len > the_len) {
1705 /* Trim the end round bytes off too */
1706 m_adj(dmbuf, -(l_len - the_len));
1709 if (dmbuf == NULL) {
1710 SCTP_STAT_INCR(sctps_nomem);
1713 if ((chunk_flags & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG &&
1714 asoc->fragmented_delivery_inprogress == 0 &&
1715 TAILQ_EMPTY(&asoc->resetHead) &&
1717 ((uint16_t) (asoc->strmin[strmno].last_sequence_delivered + 1) == strmseq &&
1718 TAILQ_EMPTY(&asoc->strmin[strmno].inqueue)))) {
1719 /* Candidate for express delivery */
1721 * Its not fragmented, No PD-API is up, Nothing in the
1722 * delivery queue, Its un-ordered OR ordered and the next to
1723 * deliver AND nothing else is stuck on the stream queue,
1724 * And there is room for it in the socket buffer. Lets just
1725 * stuff it up the buffer....
1728 /* It would be nice to avoid this copy if we could :< */
1729 sctp_alloc_a_readq(stcb, control);
1730 sctp_build_readq_entry_mac(control, stcb, asoc->context, net, tsn,
1736 if (control == NULL) {
1737 goto failed_express_del;
1739 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
1740 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1741 asoc->highest_tsn_inside_nr_map = tsn;
1743 sctp_add_to_readq(stcb->sctp_ep, stcb,
1744 control, &stcb->sctp_socket->so_rcv,
1745 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
1747 if ((chunk_flags & SCTP_DATA_UNORDERED) == 0) {
1748 /* for ordered, bump what we delivered */
1749 asoc->strmin[strmno].last_sequence_delivered++;
1751 SCTP_STAT_INCR(sctps_recvexpress);
1752 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
1753 sctp_log_strm_del_alt(stcb, tsn, strmseq, strmno,
1754 SCTP_STR_LOG_FROM_EXPRS_DEL);
1758 goto finish_express_del;
1761 /* If we reach here this is a new chunk */
1764 /* Express for fragmented delivery? */
1765 if ((asoc->fragmented_delivery_inprogress) &&
1766 (stcb->asoc.control_pdapi) &&
1767 (asoc->str_of_pdapi == strmno) &&
1768 (asoc->ssn_of_pdapi == strmseq)
1770 control = stcb->asoc.control_pdapi;
1771 if ((chunk_flags & SCTP_DATA_FIRST_FRAG) == SCTP_DATA_FIRST_FRAG) {
1772 /* Can't be another first? */
1773 goto failed_pdapi_express_del;
1775 if (tsn == (control->sinfo_tsn + 1)) {
1776 /* Yep, we can add it on */
1779 if (chunk_flags & SCTP_DATA_LAST_FRAG) {
1782 if (sctp_append_to_readq(stcb->sctp_ep, stcb, control, dmbuf, end,
1784 &stcb->sctp_socket->so_rcv)) {
1785 SCTP_PRINTF("Append fails end:%d\n", end);
1786 goto failed_pdapi_express_del;
1788 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
1789 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1790 asoc->highest_tsn_inside_nr_map = tsn;
1792 SCTP_STAT_INCR(sctps_recvexpressm);
1793 control->sinfo_tsn = tsn;
1794 asoc->tsn_last_delivered = tsn;
1795 asoc->fragment_flags = chunk_flags;
1796 asoc->tsn_of_pdapi_last_delivered = tsn;
1797 asoc->last_flags_delivered = chunk_flags;
1798 asoc->last_strm_seq_delivered = strmseq;
1799 asoc->last_strm_no_delivered = strmno;
1801 /* clean up the flags and such */
1802 asoc->fragmented_delivery_inprogress = 0;
1803 if ((chunk_flags & SCTP_DATA_UNORDERED) == 0) {
1804 asoc->strmin[strmno].last_sequence_delivered++;
1806 stcb->asoc.control_pdapi = NULL;
1807 if (TAILQ_EMPTY(&asoc->reasmqueue) == 0) {
1809 * There could be another message
1812 need_reasm_check = 1;
1816 goto finish_express_del;
1819 failed_pdapi_express_del:
1821 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) {
1822 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
1823 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1824 asoc->highest_tsn_inside_nr_map = tsn;
1827 SCTP_SET_TSN_PRESENT(asoc->mapping_array, gap);
1828 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_map)) {
1829 asoc->highest_tsn_inside_map = tsn;
1832 if ((chunk_flags & SCTP_DATA_NOT_FRAG) != SCTP_DATA_NOT_FRAG) {
1833 sctp_alloc_a_chunk(stcb, chk);
1835 /* No memory so we drop the chunk */
1836 SCTP_STAT_INCR(sctps_nomem);
1837 if (last_chunk == 0) {
1838 /* we copied it, free the copy */
1839 sctp_m_freem(dmbuf);
1843 chk->rec.data.TSN_seq = tsn;
1844 chk->no_fr_allowed = 0;
1845 chk->rec.data.stream_seq = strmseq;
1846 chk->rec.data.stream_number = strmno;
1847 chk->rec.data.payloadtype = protocol_id;
1848 chk->rec.data.context = stcb->asoc.context;
1849 chk->rec.data.doing_fast_retransmit = 0;
1850 chk->rec.data.rcv_flags = chunk_flags;
1852 chk->send_size = the_len;
1854 atomic_add_int(&net->ref_count, 1);
1857 sctp_alloc_a_readq(stcb, control);
1858 sctp_build_readq_entry_mac(control, stcb, asoc->context, net, tsn,
1864 if (control == NULL) {
1865 /* No memory so we drop the chunk */
1866 SCTP_STAT_INCR(sctps_nomem);
1867 if (last_chunk == 0) {
1868 /* we copied it, free the copy */
1869 sctp_m_freem(dmbuf);
1873 control->length = the_len;
1876 /* Mark it as received */
1877 /* Now queue it where it belongs */
1878 if (control != NULL) {
1879 /* First a sanity check */
1880 if (asoc->fragmented_delivery_inprogress) {
1882 * Ok, we have a fragmented delivery in progress if
1883 * this chunk is next to deliver OR belongs in our
1884 * view to the reassembly, the peer is evil or
1887 uint32_t estimate_tsn;
1889 estimate_tsn = asoc->tsn_last_delivered + 1;
1890 if (TAILQ_EMPTY(&asoc->reasmqueue) &&
1891 (estimate_tsn == control->sinfo_tsn)) {
1892 /* Evil/Broke peer */
1893 sctp_m_freem(control->data);
1894 control->data = NULL;
1895 if (control->whoFrom) {
1896 sctp_free_remote_addr(control->whoFrom);
1897 control->whoFrom = NULL;
1899 sctp_free_a_readq(stcb, control);
1900 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1901 0, M_DONTWAIT, 1, MT_DATA);
1903 struct sctp_paramhdr *ph;
1906 SCTP_BUF_LEN(oper) =
1907 sizeof(struct sctp_paramhdr) +
1908 (3 * sizeof(uint32_t));
1909 ph = mtod(oper, struct sctp_paramhdr *);
1911 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1912 ph->param_length = htons(SCTP_BUF_LEN(oper));
1913 ippp = (uint32_t *) (ph + 1);
1914 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_15);
1918 *ippp = ((strmno << 16) | strmseq);
1920 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_15;
1921 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1925 if (sctp_does_tsn_belong_to_reasm(asoc, control->sinfo_tsn)) {
1926 sctp_m_freem(control->data);
1927 control->data = NULL;
1928 if (control->whoFrom) {
1929 sctp_free_remote_addr(control->whoFrom);
1930 control->whoFrom = NULL;
1932 sctp_free_a_readq(stcb, control);
1934 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1935 0, M_DONTWAIT, 1, MT_DATA);
1937 struct sctp_paramhdr *ph;
1940 SCTP_BUF_LEN(oper) =
1941 sizeof(struct sctp_paramhdr) +
1942 (3 * sizeof(uint32_t));
1944 struct sctp_paramhdr *);
1946 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1948 htons(SCTP_BUF_LEN(oper));
1949 ippp = (uint32_t *) (ph + 1);
1950 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_16);
1954 *ippp = ((strmno << 16) | strmseq);
1956 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_16;
1957 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
1963 /* No PDAPI running */
1964 if (!TAILQ_EMPTY(&asoc->reasmqueue)) {
1966 * Reassembly queue is NOT empty validate
1967 * that this tsn does not need to be in
1968 * reasembly queue. If it does then our peer
1969 * is broken or evil.
1971 if (sctp_does_tsn_belong_to_reasm(asoc, control->sinfo_tsn)) {
1972 sctp_m_freem(control->data);
1973 control->data = NULL;
1974 if (control->whoFrom) {
1975 sctp_free_remote_addr(control->whoFrom);
1976 control->whoFrom = NULL;
1978 sctp_free_a_readq(stcb, control);
1979 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1980 0, M_DONTWAIT, 1, MT_DATA);
1982 struct sctp_paramhdr *ph;
1985 SCTP_BUF_LEN(oper) =
1986 sizeof(struct sctp_paramhdr) +
1987 (3 * sizeof(uint32_t));
1989 struct sctp_paramhdr *);
1991 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1993 htons(SCTP_BUF_LEN(oper));
1994 ippp = (uint32_t *) (ph + 1);
1995 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_17);
1999 *ippp = ((strmno << 16) | strmseq);
2001 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_17;
2002 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
2008 /* ok, if we reach here we have passed the sanity checks */
2009 if (chunk_flags & SCTP_DATA_UNORDERED) {
2010 /* queue directly into socket buffer */
2011 sctp_mark_non_revokable(asoc, control->sinfo_tsn);
2012 sctp_add_to_readq(stcb->sctp_ep, stcb,
2014 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
2017 * Special check for when streams are resetting. We
2018 * could be more smart about this and check the
2019 * actual stream to see if it is not being reset..
2020 * that way we would not create a HOLB when amongst
2021 * streams being reset and those not being reset.
2023 * We take complete messages that have a stream reset
2024 * intervening (aka the TSN is after where our
2025 * cum-ack needs to be) off and put them on a
2026 * pending_reply_queue. The reassembly ones we do
2027 * not have to worry about since they are all sorted
2028 * and proceessed by TSN order. It is only the
2029 * singletons I must worry about.
2031 if (((liste = TAILQ_FIRST(&asoc->resetHead)) != NULL) &&
2032 SCTP_TSN_GT(tsn, liste->tsn)) {
2034 * yep its past where we need to reset... go
2035 * ahead and queue it.
2037 if (TAILQ_EMPTY(&asoc->pending_reply_queue)) {
2039 TAILQ_INSERT_TAIL(&asoc->pending_reply_queue, control, next);
2041 struct sctp_queued_to_read *ctlOn,
2043 unsigned char inserted = 0;
2045 TAILQ_FOREACH_SAFE(ctlOn, &asoc->pending_reply_queue, next, nctlOn) {
2046 if (SCTP_TSN_GT(control->sinfo_tsn, ctlOn->sinfo_tsn)) {
2050 TAILQ_INSERT_BEFORE(ctlOn, control, next);
2055 if (inserted == 0) {
2057 * must be put at end, use
2058 * prevP (all setup from
2059 * loop) to setup nextP.
2061 TAILQ_INSERT_TAIL(&asoc->pending_reply_queue, control, next);
2065 sctp_queue_data_to_stream(stcb, asoc, control, abort_flag);
2072 /* Into the re-assembly queue */
2073 sctp_queue_data_for_reasm(stcb, asoc, chk, abort_flag);
2076 * the assoc is now gone and chk was put onto the
2077 * reasm queue, which has all been freed.
2084 if (tsn == (asoc->cumulative_tsn + 1)) {
2085 /* Update cum-ack */
2086 asoc->cumulative_tsn = tsn;
2092 SCTP_STAT_INCR_COUNTER64(sctps_inorderchunks);
2094 SCTP_STAT_INCR_COUNTER64(sctps_inunorderchunks);
2096 SCTP_STAT_INCR(sctps_recvdata);
2097 /* Set it present please */
2098 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
2099 sctp_log_strm_del_alt(stcb, tsn, strmseq, strmno, SCTP_STR_LOG_FROM_MARK_TSN);
2101 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2102 sctp_log_map(asoc->mapping_array_base_tsn, asoc->cumulative_tsn,
2103 asoc->highest_tsn_inside_map, SCTP_MAP_PREPARE_SLIDE);
2105 /* check the special flag for stream resets */
2106 if (((liste = TAILQ_FIRST(&asoc->resetHead)) != NULL) &&
2107 SCTP_TSN_GE(asoc->cumulative_tsn, liste->tsn)) {
2109 * we have finished working through the backlogged TSN's now
2110 * time to reset streams. 1: call reset function. 2: free
2111 * pending_reply space 3: distribute any chunks in
2112 * pending_reply_queue.
2114 struct sctp_queued_to_read *ctl, *nctl;
2116 sctp_reset_in_stream(stcb, liste->number_entries, liste->req.list_of_streams);
2117 TAILQ_REMOVE(&asoc->resetHead, liste, next_resp);
2118 SCTP_FREE(liste, SCTP_M_STRESET);
2119 /* sa_ignore FREED_MEMORY */
2120 liste = TAILQ_FIRST(&asoc->resetHead);
2121 if (TAILQ_EMPTY(&asoc->resetHead)) {
2122 /* All can be removed */
2123 TAILQ_FOREACH_SAFE(ctl, &asoc->pending_reply_queue, next, nctl) {
2124 TAILQ_REMOVE(&asoc->pending_reply_queue, ctl, next);
2125 sctp_queue_data_to_stream(stcb, asoc, ctl, abort_flag);
2131 TAILQ_FOREACH_SAFE(ctl, &asoc->pending_reply_queue, next, nctl) {
2132 if (SCTP_TSN_GT(ctl->sinfo_tsn, liste->tsn)) {
2136 * if ctl->sinfo_tsn is <= liste->tsn we can
2137 * process it which is the NOT of
2138 * ctl->sinfo_tsn > liste->tsn
2140 TAILQ_REMOVE(&asoc->pending_reply_queue, ctl, next);
2141 sctp_queue_data_to_stream(stcb, asoc, ctl, abort_flag);
2148 * Now service re-assembly to pick up anything that has been
2149 * held on reassembly queue?
2151 sctp_deliver_reasm_check(stcb, asoc);
2152 need_reasm_check = 0;
2154 if (need_reasm_check) {
2155 /* Another one waits ? */
2156 sctp_deliver_reasm_check(stcb, asoc);
2161 int8_t sctp_map_lookup_tab[256] = {
2162 0, 1, 0, 2, 0, 1, 0, 3,
2163 0, 1, 0, 2, 0, 1, 0, 4,
2164 0, 1, 0, 2, 0, 1, 0, 3,
2165 0, 1, 0, 2, 0, 1, 0, 5,
2166 0, 1, 0, 2, 0, 1, 0, 3,
2167 0, 1, 0, 2, 0, 1, 0, 4,
2168 0, 1, 0, 2, 0, 1, 0, 3,
2169 0, 1, 0, 2, 0, 1, 0, 6,
2170 0, 1, 0, 2, 0, 1, 0, 3,
2171 0, 1, 0, 2, 0, 1, 0, 4,
2172 0, 1, 0, 2, 0, 1, 0, 3,
2173 0, 1, 0, 2, 0, 1, 0, 5,
2174 0, 1, 0, 2, 0, 1, 0, 3,
2175 0, 1, 0, 2, 0, 1, 0, 4,
2176 0, 1, 0, 2, 0, 1, 0, 3,
2177 0, 1, 0, 2, 0, 1, 0, 7,
2178 0, 1, 0, 2, 0, 1, 0, 3,
2179 0, 1, 0, 2, 0, 1, 0, 4,
2180 0, 1, 0, 2, 0, 1, 0, 3,
2181 0, 1, 0, 2, 0, 1, 0, 5,
2182 0, 1, 0, 2, 0, 1, 0, 3,
2183 0, 1, 0, 2, 0, 1, 0, 4,
2184 0, 1, 0, 2, 0, 1, 0, 3,
2185 0, 1, 0, 2, 0, 1, 0, 6,
2186 0, 1, 0, 2, 0, 1, 0, 3,
2187 0, 1, 0, 2, 0, 1, 0, 4,
2188 0, 1, 0, 2, 0, 1, 0, 3,
2189 0, 1, 0, 2, 0, 1, 0, 5,
2190 0, 1, 0, 2, 0, 1, 0, 3,
2191 0, 1, 0, 2, 0, 1, 0, 4,
2192 0, 1, 0, 2, 0, 1, 0, 3,
2193 0, 1, 0, 2, 0, 1, 0, 8
2198 sctp_slide_mapping_arrays(struct sctp_tcb *stcb)
2201 * Now we also need to check the mapping array in a couple of ways.
2202 * 1) Did we move the cum-ack point?
2204 * When you first glance at this you might think that all entries that
2205 * make up the postion of the cum-ack would be in the nr-mapping
2206 * array only.. i.e. things up to the cum-ack are always
2207 * deliverable. Thats true with one exception, when its a fragmented
2208 * message we may not deliver the data until some threshold (or all
2209 * of it) is in place. So we must OR the nr_mapping_array and
2210 * mapping_array to get a true picture of the cum-ack.
2212 struct sctp_association *asoc;
2215 int slide_from, slide_end, lgap, distance;
2216 uint32_t old_cumack, old_base, old_highest, highest_tsn;
2220 old_cumack = asoc->cumulative_tsn;
2221 old_base = asoc->mapping_array_base_tsn;
2222 old_highest = asoc->highest_tsn_inside_map;
2224 * We could probably improve this a small bit by calculating the
2225 * offset of the current cum-ack as the starting point.
2228 for (slide_from = 0; slide_from < stcb->asoc.mapping_array_size; slide_from++) {
2229 val = asoc->nr_mapping_array[slide_from] | asoc->mapping_array[slide_from];
2233 /* there is a 0 bit */
2234 at += sctp_map_lookup_tab[val];
2238 asoc->cumulative_tsn = asoc->mapping_array_base_tsn + (at - 1);
2240 if (SCTP_TSN_GT(asoc->cumulative_tsn, asoc->highest_tsn_inside_map) &&
2241 SCTP_TSN_GT(asoc->cumulative_tsn, asoc->highest_tsn_inside_nr_map)) {
2243 panic("huh, cumack 0x%x greater than high-tsn 0x%x in map",
2244 asoc->cumulative_tsn, asoc->highest_tsn_inside_map);
2246 SCTP_PRINTF("huh, cumack 0x%x greater than high-tsn 0x%x in map - should panic?\n",
2247 asoc->cumulative_tsn, asoc->highest_tsn_inside_map);
2248 sctp_print_mapping_array(asoc);
2249 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2250 sctp_log_map(0, 6, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
2252 asoc->highest_tsn_inside_map = asoc->cumulative_tsn;
2253 asoc->highest_tsn_inside_nr_map = asoc->cumulative_tsn;
2256 if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->highest_tsn_inside_map)) {
2257 highest_tsn = asoc->highest_tsn_inside_nr_map;
2259 highest_tsn = asoc->highest_tsn_inside_map;
2261 if ((asoc->cumulative_tsn == highest_tsn) && (at >= 8)) {
2262 /* The complete array was completed by a single FR */
2263 /* highest becomes the cum-ack */
2271 /* clear the array */
2272 clr = ((at + 7) >> 3);
2273 if (clr > asoc->mapping_array_size) {
2274 clr = asoc->mapping_array_size;
2276 memset(asoc->mapping_array, 0, clr);
2277 memset(asoc->nr_mapping_array, 0, clr);
2279 for (i = 0; i < asoc->mapping_array_size; i++) {
2280 if ((asoc->mapping_array[i]) || (asoc->nr_mapping_array[i])) {
2281 SCTP_PRINTF("Error Mapping array's not clean at clear\n");
2282 sctp_print_mapping_array(asoc);
2286 asoc->mapping_array_base_tsn = asoc->cumulative_tsn + 1;
2287 asoc->highest_tsn_inside_nr_map = asoc->highest_tsn_inside_map = asoc->cumulative_tsn;
2288 } else if (at >= 8) {
2289 /* we can slide the mapping array down */
2290 /* slide_from holds where we hit the first NON 0xff byte */
2293 * now calculate the ceiling of the move using our highest
2296 SCTP_CALC_TSN_TO_GAP(lgap, highest_tsn, asoc->mapping_array_base_tsn);
2297 slide_end = (lgap >> 3);
2298 if (slide_end < slide_from) {
2299 sctp_print_mapping_array(asoc);
2301 panic("impossible slide");
2303 SCTP_PRINTF("impossible slide lgap:%x slide_end:%x slide_from:%x? at:%d\n",
2304 lgap, slide_end, slide_from, at);
2308 if (slide_end > asoc->mapping_array_size) {
2310 panic("would overrun buffer");
2312 SCTP_PRINTF("Gak, would have overrun map end:%d slide_end:%d\n",
2313 asoc->mapping_array_size, slide_end);
2314 slide_end = asoc->mapping_array_size;
2317 distance = (slide_end - slide_from) + 1;
2318 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2319 sctp_log_map(old_base, old_cumack, old_highest,
2320 SCTP_MAP_PREPARE_SLIDE);
2321 sctp_log_map((uint32_t) slide_from, (uint32_t) slide_end,
2322 (uint32_t) lgap, SCTP_MAP_SLIDE_FROM);
2324 if (distance + slide_from > asoc->mapping_array_size ||
2327 * Here we do NOT slide forward the array so that
2328 * hopefully when more data comes in to fill it up
2329 * we will be able to slide it forward. Really I
2330 * don't think this should happen :-0
2333 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2334 sctp_log_map((uint32_t) distance, (uint32_t) slide_from,
2335 (uint32_t) asoc->mapping_array_size,
2336 SCTP_MAP_SLIDE_NONE);
2341 for (ii = 0; ii < distance; ii++) {
2342 asoc->mapping_array[ii] = asoc->mapping_array[slide_from + ii];
2343 asoc->nr_mapping_array[ii] = asoc->nr_mapping_array[slide_from + ii];
2346 for (ii = distance; ii < asoc->mapping_array_size; ii++) {
2347 asoc->mapping_array[ii] = 0;
2348 asoc->nr_mapping_array[ii] = 0;
2350 if (asoc->highest_tsn_inside_map + 1 == asoc->mapping_array_base_tsn) {
2351 asoc->highest_tsn_inside_map += (slide_from << 3);
2353 if (asoc->highest_tsn_inside_nr_map + 1 == asoc->mapping_array_base_tsn) {
2354 asoc->highest_tsn_inside_nr_map += (slide_from << 3);
2356 asoc->mapping_array_base_tsn += (slide_from << 3);
2357 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2358 sctp_log_map(asoc->mapping_array_base_tsn,
2359 asoc->cumulative_tsn, asoc->highest_tsn_inside_map,
2360 SCTP_MAP_SLIDE_RESULT);
2367 sctp_sack_check(struct sctp_tcb *stcb, int was_a_gap)
2369 struct sctp_association *asoc;
2370 uint32_t highest_tsn;
2373 if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->highest_tsn_inside_map)) {
2374 highest_tsn = asoc->highest_tsn_inside_nr_map;
2376 highest_tsn = asoc->highest_tsn_inside_map;
2380 * Now we need to see if we need to queue a sack or just start the
2381 * timer (if allowed).
2383 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) {
2385 * Ok special case, in SHUTDOWN-SENT case. here we maker
2386 * sure SACK timer is off and instead send a SHUTDOWN and a
2389 if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) {
2390 sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
2391 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_INDATA + SCTP_LOC_18);
2393 sctp_send_shutdown(stcb,
2394 ((stcb->asoc.alternate) ? stcb->asoc.alternate : stcb->asoc.primary_destination));
2395 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED);
2399 /* is there a gap now ? */
2400 is_a_gap = SCTP_TSN_GT(highest_tsn, stcb->asoc.cumulative_tsn);
2403 * CMT DAC algorithm: increase number of packets received
2406 stcb->asoc.cmt_dac_pkts_rcvd++;
2408 if ((stcb->asoc.send_sack == 1) || /* We need to send a
2410 ((was_a_gap) && (is_a_gap == 0)) || /* was a gap, but no
2412 (stcb->asoc.numduptsns) || /* we have dup's */
2413 (is_a_gap) || /* is still a gap */
2414 (stcb->asoc.delayed_ack == 0) || /* Delayed sack disabled */
2415 (stcb->asoc.data_pkts_seen >= stcb->asoc.sack_freq) /* hit limit of pkts */
2418 if ((stcb->asoc.sctp_cmt_on_off > 0) &&
2419 (SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) &&
2420 (stcb->asoc.send_sack == 0) &&
2421 (stcb->asoc.numduptsns == 0) &&
2422 (stcb->asoc.delayed_ack) &&
2423 (!SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer))) {
2426 * CMT DAC algorithm: With CMT, delay acks
2427 * even in the face of
2429 * reordering. Therefore, if acks that do not
2430 * have to be sent because of the above
2431 * reasons, will be delayed. That is, acks
2432 * that would have been sent due to gap
2433 * reports will be delayed with DAC. Start
2434 * the delayed ack timer.
2436 sctp_timer_start(SCTP_TIMER_TYPE_RECV,
2437 stcb->sctp_ep, stcb, NULL);
2440 * Ok we must build a SACK since the timer
2441 * is pending, we got our first packet OR
2442 * there are gaps or duplicates.
2444 (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer);
2445 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED);
2448 if (!SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) {
2449 sctp_timer_start(SCTP_TIMER_TYPE_RECV,
2450 stcb->sctp_ep, stcb, NULL);
2457 sctp_service_queues(struct sctp_tcb *stcb, struct sctp_association *asoc)
2459 struct sctp_tmit_chunk *chk;
2460 uint32_t tsize, pd_point;
2463 if (asoc->fragmented_delivery_inprogress) {
2464 sctp_service_reassembly(stcb, asoc);
2466 /* Can we proceed further, i.e. the PD-API is complete */
2467 if (asoc->fragmented_delivery_inprogress) {
2472 * Now is there some other chunk I can deliver from the reassembly
2476 chk = TAILQ_FIRST(&asoc->reasmqueue);
2478 asoc->size_on_reasm_queue = 0;
2479 asoc->cnt_on_reasm_queue = 0;
2482 nxt_todel = asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered + 1;
2483 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) &&
2484 ((nxt_todel == chk->rec.data.stream_seq) ||
2485 (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED))) {
2487 * Yep the first one is here. We setup to start reception,
2488 * by backing down the TSN just in case we can't deliver.
2492 * Before we start though either all of the message should
2493 * be here or the socket buffer max or nothing on the
2494 * delivery queue and something can be delivered.
2496 if (stcb->sctp_socket) {
2497 pd_point = min(SCTP_SB_LIMIT_RCV(stcb->sctp_socket),
2498 stcb->sctp_ep->partial_delivery_point);
2500 pd_point = stcb->sctp_ep->partial_delivery_point;
2502 if (sctp_is_all_msg_on_reasm(asoc, &tsize) || (tsize >= pd_point)) {
2503 asoc->fragmented_delivery_inprogress = 1;
2504 asoc->tsn_last_delivered = chk->rec.data.TSN_seq - 1;
2505 asoc->str_of_pdapi = chk->rec.data.stream_number;
2506 asoc->ssn_of_pdapi = chk->rec.data.stream_seq;
2507 asoc->pdapi_ppid = chk->rec.data.payloadtype;
2508 asoc->fragment_flags = chk->rec.data.rcv_flags;
2509 sctp_service_reassembly(stcb, asoc);
2510 if (asoc->fragmented_delivery_inprogress == 0) {
2518 sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length,
2519 struct sockaddr *src, struct sockaddr *dst,
2520 struct sctphdr *sh, struct sctp_inpcb *inp,
2521 struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t * high_tsn,
2522 uint8_t use_mflowid, uint32_t mflowid,
2523 uint32_t vrf_id, uint16_t port)
2525 struct sctp_data_chunk *ch, chunk_buf;
2526 struct sctp_association *asoc;
2527 int num_chunks = 0; /* number of control chunks processed */
2529 int chk_length, break_flag, last_chunk;
2530 int abort_flag = 0, was_a_gap;
2532 uint32_t highest_tsn;
2535 sctp_set_rwnd(stcb, &stcb->asoc);
2538 SCTP_TCB_LOCK_ASSERT(stcb);
2540 if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->highest_tsn_inside_map)) {
2541 highest_tsn = asoc->highest_tsn_inside_nr_map;
2543 highest_tsn = asoc->highest_tsn_inside_map;
2545 was_a_gap = SCTP_TSN_GT(highest_tsn, stcb->asoc.cumulative_tsn);
2547 * setup where we got the last DATA packet from for any SACK that
2548 * may need to go out. Don't bump the net. This is done ONLY when a
2549 * chunk is assigned.
2551 asoc->last_data_chunk_from = net;
2554 * Now before we proceed we must figure out if this is a wasted
2555 * cluster... i.e. it is a small packet sent in and yet the driver
2556 * underneath allocated a full cluster for it. If so we must copy it
2557 * to a smaller mbuf and free up the cluster mbuf. This will help
2558 * with cluster starvation. Note for __Panda__ we don't do this
2559 * since it has clusters all the way down to 64 bytes.
2561 if (SCTP_BUF_LEN(m) < (long)MLEN && SCTP_BUF_NEXT(m) == NULL) {
2562 /* we only handle mbufs that are singletons.. not chains */
2563 m = sctp_get_mbuf_for_msg(SCTP_BUF_LEN(m), 0, M_DONTWAIT, 1, MT_DATA);
2565 /* ok lets see if we can copy the data up */
2568 /* get the pointers and copy */
2569 to = mtod(m, caddr_t *);
2570 from = mtod((*mm), caddr_t *);
2571 memcpy(to, from, SCTP_BUF_LEN((*mm)));
2572 /* copy the length and free up the old */
2573 SCTP_BUF_LEN(m) = SCTP_BUF_LEN((*mm));
2575 /* sucess, back copy */
2578 /* We are in trouble in the mbuf world .. yikes */
2582 /* get pointer to the first chunk header */
2583 ch = (struct sctp_data_chunk *)sctp_m_getptr(m, *offset,
2584 sizeof(struct sctp_data_chunk), (uint8_t *) & chunk_buf);
2589 * process all DATA chunks...
2591 *high_tsn = asoc->cumulative_tsn;
2593 asoc->data_pkts_seen++;
2594 while (stop_proc == 0) {
2595 /* validate chunk length */
2596 chk_length = ntohs(ch->ch.chunk_length);
2597 if (length - *offset < chk_length) {
2598 /* all done, mutulated chunk */
2602 if (ch->ch.chunk_type == SCTP_DATA) {
2603 if ((size_t)chk_length < sizeof(struct sctp_data_chunk) + 1) {
2605 * Need to send an abort since we had a
2606 * invalid data chunk.
2608 struct mbuf *op_err;
2610 op_err = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 2 * sizeof(uint32_t)),
2611 0, M_DONTWAIT, 1, MT_DATA);
2614 struct sctp_paramhdr *ph;
2617 SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr) +
2618 (2 * sizeof(uint32_t));
2619 ph = mtod(op_err, struct sctp_paramhdr *);
2621 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
2622 ph->param_length = htons(SCTP_BUF_LEN(op_err));
2623 ippp = (uint32_t *) (ph + 1);
2624 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_19);
2626 *ippp = asoc->cumulative_tsn;
2629 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_19;
2630 sctp_abort_association(inp, stcb, m, iphlen,
2631 src, dst, sh, op_err,
2632 use_mflowid, mflowid,
2636 #ifdef SCTP_AUDITING_ENABLED
2637 sctp_audit_log(0xB1, 0);
2639 if (SCTP_SIZE32(chk_length) == (length - *offset)) {
2644 if (sctp_process_a_data_chunk(stcb, asoc, mm, *offset, ch,
2645 chk_length, net, high_tsn, &abort_flag, &break_flag,
2654 * Set because of out of rwnd space and no
2655 * drop rep space left.
2661 /* not a data chunk in the data region */
2662 switch (ch->ch.chunk_type) {
2663 case SCTP_INITIATION:
2664 case SCTP_INITIATION_ACK:
2665 case SCTP_SELECTIVE_ACK:
2666 case SCTP_NR_SELECTIVE_ACK:
2667 case SCTP_HEARTBEAT_REQUEST:
2668 case SCTP_HEARTBEAT_ACK:
2669 case SCTP_ABORT_ASSOCIATION:
2671 case SCTP_SHUTDOWN_ACK:
2672 case SCTP_OPERATION_ERROR:
2673 case SCTP_COOKIE_ECHO:
2674 case SCTP_COOKIE_ACK:
2677 case SCTP_SHUTDOWN_COMPLETE:
2678 case SCTP_AUTHENTICATION:
2679 case SCTP_ASCONF_ACK:
2680 case SCTP_PACKET_DROPPED:
2681 case SCTP_STREAM_RESET:
2682 case SCTP_FORWARD_CUM_TSN:
2685 * Now, what do we do with KNOWN chunks that
2686 * are NOT in the right place?
2688 * For now, I do nothing but ignore them. We
2689 * may later want to add sysctl stuff to
2690 * switch out and do either an ABORT() or
2691 * possibly process them.
2693 if (SCTP_BASE_SYSCTL(sctp_strict_data_order)) {
2694 struct mbuf *op_err;
2696 op_err = sctp_generate_invmanparam(SCTP_CAUSE_PROTOCOL_VIOLATION);
2697 sctp_abort_association(inp, stcb,
2701 use_mflowid, mflowid,
2707 /* unknown chunk type, use bit rules */
2708 if (ch->ch.chunk_type & 0x40) {
2709 /* Add a error report to the queue */
2711 struct sctp_paramhdr *phd;
2713 merr = sctp_get_mbuf_for_msg(sizeof(*phd), 0, M_DONTWAIT, 1, MT_DATA);
2715 phd = mtod(merr, struct sctp_paramhdr *);
2717 * We cheat and use param
2718 * type since we did not
2719 * bother to define a error
2720 * cause struct. They are
2721 * the same basic format
2722 * with different names.
2725 htons(SCTP_CAUSE_UNRECOG_CHUNK);
2727 htons(chk_length + sizeof(*phd));
2728 SCTP_BUF_LEN(merr) = sizeof(*phd);
2729 SCTP_BUF_NEXT(merr) = SCTP_M_COPYM(m, *offset, chk_length, M_DONTWAIT);
2730 if (SCTP_BUF_NEXT(merr)) {
2731 if (sctp_pad_lastmbuf(SCTP_BUF_NEXT(merr), SCTP_SIZE32(chk_length) - chk_length, NULL)) {
2734 sctp_queue_op_err(stcb, merr);
2741 if ((ch->ch.chunk_type & 0x80) == 0) {
2742 /* discard the rest of this packet */
2744 } /* else skip this bad chunk and
2747 } /* switch of chunk type */
2749 *offset += SCTP_SIZE32(chk_length);
2750 if ((*offset >= length) || stop_proc) {
2751 /* no more data left in the mbuf chain */
2755 ch = (struct sctp_data_chunk *)sctp_m_getptr(m, *offset,
2756 sizeof(struct sctp_data_chunk), (uint8_t *) & chunk_buf);
2765 * we need to report rwnd overrun drops.
2767 sctp_send_packet_dropped(stcb, net, *mm, length, iphlen, 0);
2771 * Did we get data, if so update the time for auto-close and
2772 * give peer credit for being alive.
2774 SCTP_STAT_INCR(sctps_recvpktwithdata);
2775 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
2776 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
2777 stcb->asoc.overall_error_count,
2779 SCTP_FROM_SCTP_INDATA,
2782 stcb->asoc.overall_error_count = 0;
2783 (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_last_rcvd);
2785 /* now service all of the reassm queue if needed */
2786 if (!(TAILQ_EMPTY(&asoc->reasmqueue)))
2787 sctp_service_queues(stcb, asoc);
2789 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) {
2790 /* Assure that we ack right away */
2791 stcb->asoc.send_sack = 1;
2793 /* Start a sack timer or QUEUE a SACK for sending */
2794 sctp_sack_check(stcb, was_a_gap);
2799 sctp_process_segment_range(struct sctp_tcb *stcb, struct sctp_tmit_chunk **p_tp1, uint32_t last_tsn,
2800 uint16_t frag_strt, uint16_t frag_end, int nr_sacking,
2802 uint32_t * biggest_newly_acked_tsn,
2803 uint32_t * this_sack_lowest_newack,
2806 struct sctp_tmit_chunk *tp1;
2807 unsigned int theTSN;
2808 int j, wake_him = 0, circled = 0;
2810 /* Recover the tp1 we last saw */
2813 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
2815 for (j = frag_strt; j <= frag_end; j++) {
2816 theTSN = j + last_tsn;
2818 if (tp1->rec.data.doing_fast_retransmit)
2822 * CMT: CUCv2 algorithm. For each TSN being
2823 * processed from the sent queue, track the
2824 * next expected pseudo-cumack, or
2825 * rtx_pseudo_cumack, if required. Separate
2826 * cumack trackers for first transmissions,
2827 * and retransmissions.
2829 if ((tp1->whoTo->find_pseudo_cumack == 1) && (tp1->sent < SCTP_DATAGRAM_RESEND) &&
2830 (tp1->snd_count == 1)) {
2831 tp1->whoTo->pseudo_cumack = tp1->rec.data.TSN_seq;
2832 tp1->whoTo->find_pseudo_cumack = 0;
2834 if ((tp1->whoTo->find_rtx_pseudo_cumack == 1) && (tp1->sent < SCTP_DATAGRAM_RESEND) &&
2835 (tp1->snd_count > 1)) {
2836 tp1->whoTo->rtx_pseudo_cumack = tp1->rec.data.TSN_seq;
2837 tp1->whoTo->find_rtx_pseudo_cumack = 0;
2839 if (tp1->rec.data.TSN_seq == theTSN) {
2840 if (tp1->sent != SCTP_DATAGRAM_UNSENT) {
2842 * must be held until
2845 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
2847 * If it is less than RESEND, it is
2848 * now no-longer in flight.
2849 * Higher values may already be set
2850 * via previous Gap Ack Blocks...
2851 * i.e. ACKED or RESEND.
2853 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq,
2854 *biggest_newly_acked_tsn)) {
2855 *biggest_newly_acked_tsn = tp1->rec.data.TSN_seq;
2858 * CMT: SFR algo (and HTNA) - set
2859 * saw_newack to 1 for dest being
2860 * newly acked. update
2861 * this_sack_highest_newack if
2864 if (tp1->rec.data.chunk_was_revoked == 0)
2865 tp1->whoTo->saw_newack = 1;
2867 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq,
2868 tp1->whoTo->this_sack_highest_newack)) {
2869 tp1->whoTo->this_sack_highest_newack =
2870 tp1->rec.data.TSN_seq;
2873 * CMT DAC algo: also update
2874 * this_sack_lowest_newack
2876 if (*this_sack_lowest_newack == 0) {
2877 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
2878 sctp_log_sack(*this_sack_lowest_newack,
2880 tp1->rec.data.TSN_seq,
2883 SCTP_LOG_TSN_ACKED);
2885 *this_sack_lowest_newack = tp1->rec.data.TSN_seq;
2888 * CMT: CUCv2 algorithm. If (rtx-)pseudo-cumack for corresp
2889 * dest is being acked, then we have a new (rtx-)pseudo-cumack. Set
2890 * new_(rtx_)pseudo_cumack to TRUE so that the cwnd for this dest can be
2891 * updated. Also trigger search for the next expected (rtx-)pseudo-cumack.
2892 * Separate pseudo_cumack trackers for first transmissions and
2895 if (tp1->rec.data.TSN_seq == tp1->whoTo->pseudo_cumack) {
2896 if (tp1->rec.data.chunk_was_revoked == 0) {
2897 tp1->whoTo->new_pseudo_cumack = 1;
2899 tp1->whoTo->find_pseudo_cumack = 1;
2901 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
2902 sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.TSN_seq, SCTP_CWND_LOG_FROM_SACK);
2904 if (tp1->rec.data.TSN_seq == tp1->whoTo->rtx_pseudo_cumack) {
2905 if (tp1->rec.data.chunk_was_revoked == 0) {
2906 tp1->whoTo->new_pseudo_cumack = 1;
2908 tp1->whoTo->find_rtx_pseudo_cumack = 1;
2910 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
2911 sctp_log_sack(*biggest_newly_acked_tsn,
2913 tp1->rec.data.TSN_seq,
2916 SCTP_LOG_TSN_ACKED);
2918 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
2919 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_GAP,
2920 tp1->whoTo->flight_size,
2922 (uintptr_t) tp1->whoTo,
2923 tp1->rec.data.TSN_seq);
2925 sctp_flight_size_decrease(tp1);
2926 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
2927 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
2930 sctp_total_flight_decrease(stcb, tp1);
2932 tp1->whoTo->net_ack += tp1->send_size;
2933 if (tp1->snd_count < 2) {
2935 * True non-retransmited chunk
2937 tp1->whoTo->net_ack2 += tp1->send_size;
2945 sctp_calculate_rto(stcb,
2948 &tp1->sent_rcv_time,
2949 sctp_align_safe_nocopy,
2950 SCTP_RTT_FROM_DATA);
2953 if (tp1->whoTo->rto_needed == 0) {
2954 tp1->whoTo->rto_needed = 1;
2960 if (tp1->sent <= SCTP_DATAGRAM_RESEND) {
2961 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq,
2962 stcb->asoc.this_sack_highest_gap)) {
2963 stcb->asoc.this_sack_highest_gap =
2964 tp1->rec.data.TSN_seq;
2966 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
2967 sctp_ucount_decr(stcb->asoc.sent_queue_retran_cnt);
2968 #ifdef SCTP_AUDITING_ENABLED
2969 sctp_audit_log(0xB2,
2970 (stcb->asoc.sent_queue_retran_cnt & 0x000000ff));
2975 * All chunks NOT UNSENT fall through here and are marked
2976 * (leave PR-SCTP ones that are to skip alone though)
2978 if (tp1->sent != SCTP_FORWARD_TSN_SKIP)
2979 tp1->sent = SCTP_DATAGRAM_MARKED;
2981 if (tp1->rec.data.chunk_was_revoked) {
2982 /* deflate the cwnd */
2983 tp1->whoTo->cwnd -= tp1->book_size;
2984 tp1->rec.data.chunk_was_revoked = 0;
2986 /* NR Sack code here */
2993 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1);
2994 sctp_m_freem(tp1->data);
3001 } /* if (tp1->TSN_seq == theTSN) */
3002 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, theTSN)) {
3005 tp1 = TAILQ_NEXT(tp1, sctp_next);
3006 if ((tp1 == NULL) && (circled == 0)) {
3008 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
3010 } /* end while (tp1) */
3013 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
3015 /* In case the fragments were not in order we must reset */
3016 } /* end for (j = fragStart */
3018 return (wake_him); /* Return value only used for nr-sack */
3023 sctp_handle_segments(struct mbuf *m, int *offset, struct sctp_tcb *stcb, struct sctp_association *asoc,
3024 uint32_t last_tsn, uint32_t * biggest_tsn_acked,
3025 uint32_t * biggest_newly_acked_tsn, uint32_t * this_sack_lowest_newack,
3026 int num_seg, int num_nr_seg, int *rto_ok)
3028 struct sctp_gap_ack_block *frag, block;
3029 struct sctp_tmit_chunk *tp1;
3034 uint16_t frag_strt, frag_end, prev_frag_end;
3036 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3040 for (i = 0; i < (num_seg + num_nr_seg); i++) {
3043 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3045 frag = (struct sctp_gap_ack_block *)sctp_m_getptr(m, *offset,
3046 sizeof(struct sctp_gap_ack_block), (uint8_t *) & block);
3047 *offset += sizeof(block);
3049 return (chunk_freed);
3051 frag_strt = ntohs(frag->start);
3052 frag_end = ntohs(frag->end);
3054 if (frag_strt > frag_end) {
3055 /* This gap report is malformed, skip it. */
3058 if (frag_strt <= prev_frag_end) {
3059 /* This gap report is not in order, so restart. */
3060 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3062 if (SCTP_TSN_GT((last_tsn + frag_end), *biggest_tsn_acked)) {
3063 *biggest_tsn_acked = last_tsn + frag_end;
3070 if (sctp_process_segment_range(stcb, &tp1, last_tsn, frag_strt, frag_end,
3071 non_revocable, &num_frs, biggest_newly_acked_tsn,
3072 this_sack_lowest_newack, rto_ok)) {
3075 prev_frag_end = frag_end;
3077 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3079 sctp_log_fr(*biggest_tsn_acked,
3080 *biggest_newly_acked_tsn,
3081 last_tsn, SCTP_FR_LOG_BIGGEST_TSNS);
3083 return (chunk_freed);
3087 sctp_check_for_revoked(struct sctp_tcb *stcb,
3088 struct sctp_association *asoc, uint32_t cumack,
3089 uint32_t biggest_tsn_acked)
3091 struct sctp_tmit_chunk *tp1;
3092 int tot_revoked = 0;
3094 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
3095 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, cumack)) {
3097 * ok this guy is either ACK or MARKED. If it is
3098 * ACKED it has been previously acked but not this
3099 * time i.e. revoked. If it is MARKED it was ACK'ed
3102 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, biggest_tsn_acked)) {
3105 if (tp1->sent == SCTP_DATAGRAM_ACKED) {
3106 /* it has been revoked */
3107 tp1->sent = SCTP_DATAGRAM_SENT;
3108 tp1->rec.data.chunk_was_revoked = 1;
3110 * We must add this stuff back in to assure
3111 * timers and such get started.
3113 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3114 sctp_misc_ints(SCTP_FLIGHT_LOG_UP_REVOKE,
3115 tp1->whoTo->flight_size,
3117 (uintptr_t) tp1->whoTo,
3118 tp1->rec.data.TSN_seq);
3120 sctp_flight_size_increase(tp1);
3121 sctp_total_flight_increase(stcb, tp1);
3123 * We inflate the cwnd to compensate for our
3124 * artificial inflation of the flight_size.
3126 tp1->whoTo->cwnd += tp1->book_size;
3128 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
3129 sctp_log_sack(asoc->last_acked_seq,
3131 tp1->rec.data.TSN_seq,
3134 SCTP_LOG_TSN_REVOKED);
3136 } else if (tp1->sent == SCTP_DATAGRAM_MARKED) {
3137 /* it has been re-acked in this SACK */
3138 tp1->sent = SCTP_DATAGRAM_ACKED;
3141 if (tp1->sent == SCTP_DATAGRAM_UNSENT)
3148 sctp_strike_gap_ack_chunks(struct sctp_tcb *stcb, struct sctp_association *asoc,
3149 uint32_t biggest_tsn_acked, uint32_t biggest_tsn_newly_acked, uint32_t this_sack_lowest_newack, int accum_moved)
3151 struct sctp_tmit_chunk *tp1;
3152 int strike_flag = 0;
3154 int tot_retrans = 0;
3155 uint32_t sending_seq;
3156 struct sctp_nets *net;
3157 int num_dests_sacked = 0;
3160 * select the sending_seq, this is either the next thing ready to be
3161 * sent but not transmitted, OR, the next seq we assign.
3163 tp1 = TAILQ_FIRST(&stcb->asoc.send_queue);
3165 sending_seq = asoc->sending_seq;
3167 sending_seq = tp1->rec.data.TSN_seq;
3170 /* CMT DAC algo: finding out if SACK is a mixed SACK */
3171 if ((asoc->sctp_cmt_on_off > 0) &&
3172 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3173 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
3174 if (net->saw_newack)
3178 if (stcb->asoc.peer_supports_prsctp) {
3179 (void)SCTP_GETTIME_TIMEVAL(&now);
3181 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
3183 if (tp1->no_fr_allowed) {
3184 /* this one had a timeout or something */
3187 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3188 if (tp1->sent < SCTP_DATAGRAM_RESEND)
3189 sctp_log_fr(biggest_tsn_newly_acked,
3190 tp1->rec.data.TSN_seq,
3192 SCTP_FR_LOG_CHECK_STRIKE);
3194 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, biggest_tsn_acked) ||
3195 tp1->sent == SCTP_DATAGRAM_UNSENT) {
3199 if (stcb->asoc.peer_supports_prsctp) {
3200 if ((PR_SCTP_TTL_ENABLED(tp1->flags)) && tp1->sent < SCTP_DATAGRAM_ACKED) {
3201 /* Is it expired? */
3202 if (timevalcmp(&now, &tp1->rec.data.timetodrop, >)) {
3203 /* Yes so drop it */
3204 if (tp1->data != NULL) {
3205 (void)sctp_release_pr_sctp_chunk(stcb, tp1, 1,
3206 SCTP_SO_NOT_LOCKED);
3212 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, asoc->this_sack_highest_gap)) {
3213 /* we are beyond the tsn in the sack */
3216 if (tp1->sent >= SCTP_DATAGRAM_RESEND) {
3217 /* either a RESEND, ACKED, or MARKED */
3219 if (tp1->sent == SCTP_FORWARD_TSN_SKIP) {
3220 /* Continue strikin FWD-TSN chunks */
3221 tp1->rec.data.fwd_tsn_cnt++;
3226 * CMT : SFR algo (covers part of DAC and HTNA as well)
3228 if (tp1->whoTo && tp1->whoTo->saw_newack == 0) {
3230 * No new acks were receieved for data sent to this
3231 * dest. Therefore, according to the SFR algo for
3232 * CMT, no data sent to this dest can be marked for
3233 * FR using this SACK.
3236 } else if (tp1->whoTo && SCTP_TSN_GT(tp1->rec.data.TSN_seq,
3237 tp1->whoTo->this_sack_highest_newack)) {
3239 * CMT: New acks were receieved for data sent to
3240 * this dest. But no new acks were seen for data
3241 * sent after tp1. Therefore, according to the SFR
3242 * algo for CMT, tp1 cannot be marked for FR using
3243 * this SACK. This step covers part of the DAC algo
3244 * and the HTNA algo as well.
3249 * Here we check to see if we were have already done a FR
3250 * and if so we see if the biggest TSN we saw in the sack is
3251 * smaller than the recovery point. If so we don't strike
3252 * the tsn... otherwise we CAN strike the TSN.
3255 * @@@ JRI: Check for CMT if (accum_moved &&
3256 * asoc->fast_retran_loss_recovery && (sctp_cmt_on_off ==
3259 if (accum_moved && asoc->fast_retran_loss_recovery) {
3261 * Strike the TSN if in fast-recovery and cum-ack
3264 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3265 sctp_log_fr(biggest_tsn_newly_acked,
3266 tp1->rec.data.TSN_seq,
3268 SCTP_FR_LOG_STRIKE_CHUNK);
3270 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3273 if ((asoc->sctp_cmt_on_off > 0) &&
3274 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3276 * CMT DAC algorithm: If SACK flag is set to
3277 * 0, then lowest_newack test will not pass
3278 * because it would have been set to the
3279 * cumack earlier. If not already to be
3280 * rtx'd, If not a mixed sack and if tp1 is
3281 * not between two sacked TSNs, then mark by
3282 * one more. NOTE that we are marking by one
3283 * additional time since the SACK DAC flag
3284 * indicates that two packets have been
3285 * received after this missing TSN.
3287 if ((tp1->sent < SCTP_DATAGRAM_RESEND) && (num_dests_sacked == 1) &&
3288 SCTP_TSN_GT(this_sack_lowest_newack, tp1->rec.data.TSN_seq)) {
3289 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3290 sctp_log_fr(16 + num_dests_sacked,
3291 tp1->rec.data.TSN_seq,
3293 SCTP_FR_LOG_STRIKE_CHUNK);
3298 } else if ((tp1->rec.data.doing_fast_retransmit) &&
3299 (asoc->sctp_cmt_on_off == 0)) {
3301 * For those that have done a FR we must take
3302 * special consideration if we strike. I.e the
3303 * biggest_newly_acked must be higher than the
3304 * sending_seq at the time we did the FR.
3307 #ifdef SCTP_FR_TO_ALTERNATE
3309 * If FR's go to new networks, then we must only do
3310 * this for singly homed asoc's. However if the FR's
3311 * go to the same network (Armando's work) then its
3312 * ok to FR multiple times.
3320 if (SCTP_TSN_GE(biggest_tsn_newly_acked,
3321 tp1->rec.data.fast_retran_tsn)) {
3323 * Strike the TSN, since this ack is
3324 * beyond where things were when we
3327 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3328 sctp_log_fr(biggest_tsn_newly_acked,
3329 tp1->rec.data.TSN_seq,
3331 SCTP_FR_LOG_STRIKE_CHUNK);
3333 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3337 if ((asoc->sctp_cmt_on_off > 0) &&
3338 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3340 * CMT DAC algorithm: If
3341 * SACK flag is set to 0,
3342 * then lowest_newack test
3343 * will not pass because it
3344 * would have been set to
3345 * the cumack earlier. If
3346 * not already to be rtx'd,
3347 * If not a mixed sack and
3348 * if tp1 is not between two
3349 * sacked TSNs, then mark by
3350 * one more. NOTE that we
3351 * are marking by one
3352 * additional time since the
3353 * SACK DAC flag indicates
3354 * that two packets have
3355 * been received after this
3358 if ((tp1->sent < SCTP_DATAGRAM_RESEND) &&
3359 (num_dests_sacked == 1) &&
3360 SCTP_TSN_GT(this_sack_lowest_newack,
3361 tp1->rec.data.TSN_seq)) {
3362 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3363 sctp_log_fr(32 + num_dests_sacked,
3364 tp1->rec.data.TSN_seq,
3366 SCTP_FR_LOG_STRIKE_CHUNK);
3368 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3376 * JRI: TODO: remove code for HTNA algo. CMT's SFR
3379 } else if (SCTP_TSN_GT(tp1->rec.data.TSN_seq,
3380 biggest_tsn_newly_acked)) {
3382 * We don't strike these: This is the HTNA
3383 * algorithm i.e. we don't strike If our TSN is
3384 * larger than the Highest TSN Newly Acked.
3388 /* Strike the TSN */
3389 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3390 sctp_log_fr(biggest_tsn_newly_acked,
3391 tp1->rec.data.TSN_seq,
3393 SCTP_FR_LOG_STRIKE_CHUNK);
3395 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3398 if ((asoc->sctp_cmt_on_off > 0) &&
3399 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3401 * CMT DAC algorithm: If SACK flag is set to
3402 * 0, then lowest_newack test will not pass
3403 * because it would have been set to the
3404 * cumack earlier. If not already to be
3405 * rtx'd, If not a mixed sack and if tp1 is
3406 * not between two sacked TSNs, then mark by
3407 * one more. NOTE that we are marking by one
3408 * additional time since the SACK DAC flag
3409 * indicates that two packets have been
3410 * received after this missing TSN.
3412 if ((tp1->sent < SCTP_DATAGRAM_RESEND) && (num_dests_sacked == 1) &&
3413 SCTP_TSN_GT(this_sack_lowest_newack, tp1->rec.data.TSN_seq)) {
3414 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3415 sctp_log_fr(48 + num_dests_sacked,
3416 tp1->rec.data.TSN_seq,
3418 SCTP_FR_LOG_STRIKE_CHUNK);
3424 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
3425 struct sctp_nets *alt;
3427 /* fix counts and things */
3428 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3429 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_RSND,
3430 (tp1->whoTo ? (tp1->whoTo->flight_size) : 0),
3432 (uintptr_t) tp1->whoTo,
3433 tp1->rec.data.TSN_seq);
3436 tp1->whoTo->net_ack++;
3437 sctp_flight_size_decrease(tp1);
3438 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
3439 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
3443 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
3444 sctp_log_rwnd(SCTP_INCREASE_PEER_RWND,
3445 asoc->peers_rwnd, tp1->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh));
3447 /* add back to the rwnd */
3448 asoc->peers_rwnd += (tp1->send_size + SCTP_BASE_SYSCTL(sctp_peer_chunk_oh));
3450 /* remove from the total flight */
3451 sctp_total_flight_decrease(stcb, tp1);
3453 if ((stcb->asoc.peer_supports_prsctp) &&
3454 (PR_SCTP_RTX_ENABLED(tp1->flags))) {
3456 * Has it been retransmitted tv_sec times? -
3457 * we store the retran count there.
3459 if (tp1->snd_count > tp1->rec.data.timetodrop.tv_sec) {
3460 /* Yes, so drop it */
3461 if (tp1->data != NULL) {
3462 (void)sctp_release_pr_sctp_chunk(stcb, tp1, 1,
3463 SCTP_SO_NOT_LOCKED);
3465 /* Make sure to flag we had a FR */
3466 tp1->whoTo->net_ack++;
3471 * SCTP_PRINTF("OK, we are now ready to FR this
3474 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3475 sctp_log_fr(tp1->rec.data.TSN_seq, tp1->snd_count,
3479 /* This is a subsequent FR */
3480 SCTP_STAT_INCR(sctps_sendmultfastretrans);
3482 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
3483 if (asoc->sctp_cmt_on_off > 0) {
3485 * CMT: Using RTX_SSTHRESH policy for CMT.
3486 * If CMT is being used, then pick dest with
3487 * largest ssthresh for any retransmission.
3489 tp1->no_fr_allowed = 1;
3491 /* sa_ignore NO_NULL_CHK */
3492 if (asoc->sctp_cmt_pf > 0) {
3494 * JRS 5/18/07 - If CMT PF is on,
3495 * use the PF version of
3498 alt = sctp_find_alternate_net(stcb, alt, 2);
3501 * JRS 5/18/07 - If only CMT is on,
3502 * use the CMT version of
3505 /* sa_ignore NO_NULL_CHK */
3506 alt = sctp_find_alternate_net(stcb, alt, 1);
3512 * CUCv2: If a different dest is picked for
3513 * the retransmission, then new
3514 * (rtx-)pseudo_cumack needs to be tracked
3515 * for orig dest. Let CUCv2 track new (rtx-)
3516 * pseudo-cumack always.
3519 tp1->whoTo->find_pseudo_cumack = 1;
3520 tp1->whoTo->find_rtx_pseudo_cumack = 1;
3522 } else {/* CMT is OFF */
3524 #ifdef SCTP_FR_TO_ALTERNATE
3525 /* Can we find an alternate? */
3526 alt = sctp_find_alternate_net(stcb, tp1->whoTo, 0);
3529 * default behavior is to NOT retransmit
3530 * FR's to an alternate. Armando Caro's
3531 * paper details why.
3537 tp1->rec.data.doing_fast_retransmit = 1;
3539 /* mark the sending seq for possible subsequent FR's */
3541 * SCTP_PRINTF("Marking TSN for FR new value %x\n",
3542 * (uint32_t)tpi->rec.data.TSN_seq);
3544 if (TAILQ_EMPTY(&asoc->send_queue)) {
3546 * If the queue of send is empty then its
3547 * the next sequence number that will be
3548 * assigned so we subtract one from this to
3549 * get the one we last sent.
3551 tp1->rec.data.fast_retran_tsn = sending_seq;
3554 * If there are chunks on the send queue
3555 * (unsent data that has made it from the
3556 * stream queues but not out the door, we
3557 * take the first one (which will have the
3558 * lowest TSN) and subtract one to get the
3561 struct sctp_tmit_chunk *ttt;
3563 ttt = TAILQ_FIRST(&asoc->send_queue);
3564 tp1->rec.data.fast_retran_tsn =
3565 ttt->rec.data.TSN_seq;
3570 * this guy had a RTO calculation pending on
3573 if ((tp1->whoTo != NULL) &&
3574 (tp1->whoTo->rto_needed == 0)) {
3575 tp1->whoTo->rto_needed = 1;
3579 if (alt != tp1->whoTo) {
3580 /* yes, there is an alternate. */
3581 sctp_free_remote_addr(tp1->whoTo);
3582 /* sa_ignore FREED_MEMORY */
3584 atomic_add_int(&alt->ref_count, 1);
3590 struct sctp_tmit_chunk *
3591 sctp_try_advance_peer_ack_point(struct sctp_tcb *stcb,
3592 struct sctp_association *asoc)
3594 struct sctp_tmit_chunk *tp1, *tp2, *a_adv = NULL;
3598 if (asoc->peer_supports_prsctp == 0) {
3601 TAILQ_FOREACH_SAFE(tp1, &asoc->sent_queue, sctp_next, tp2) {
3602 if (tp1->sent != SCTP_FORWARD_TSN_SKIP &&
3603 tp1->sent != SCTP_DATAGRAM_RESEND) {
3604 /* no chance to advance, out of here */
3607 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
3608 if (tp1->sent == SCTP_FORWARD_TSN_SKIP) {
3609 sctp_misc_ints(SCTP_FWD_TSN_CHECK,
3610 asoc->advanced_peer_ack_point,
3611 tp1->rec.data.TSN_seq, 0, 0);
3614 if (!PR_SCTP_ENABLED(tp1->flags)) {
3616 * We can't fwd-tsn past any that are reliable aka
3617 * retransmitted until the asoc fails.
3622 (void)SCTP_GETTIME_TIMEVAL(&now);
3626 * now we got a chunk which is marked for another
3627 * retransmission to a PR-stream but has run out its chances
3628 * already maybe OR has been marked to skip now. Can we skip
3629 * it if its a resend?
3631 if (tp1->sent == SCTP_DATAGRAM_RESEND &&
3632 (PR_SCTP_TTL_ENABLED(tp1->flags))) {
3634 * Now is this one marked for resend and its time is
3637 if (timevalcmp(&now, &tp1->rec.data.timetodrop, >)) {
3638 /* Yes so drop it */
3640 (void)sctp_release_pr_sctp_chunk(stcb, tp1,
3641 1, SCTP_SO_NOT_LOCKED);
3645 * No, we are done when hit one for resend
3646 * whos time as not expired.
3652 * Ok now if this chunk is marked to drop it we can clean up
3653 * the chunk, advance our peer ack point and we can check
3656 if (tp1->sent == SCTP_FORWARD_TSN_SKIP) {
3657 /* advance PeerAckPoint goes forward */
3658 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, asoc->advanced_peer_ack_point)) {
3659 asoc->advanced_peer_ack_point = tp1->rec.data.TSN_seq;
3661 } else if (tp1->rec.data.TSN_seq == asoc->advanced_peer_ack_point) {
3662 /* No update but we do save the chk */
3667 * If it is still in RESEND we can advance no
3677 sctp_fs_audit(struct sctp_association *asoc)
3679 struct sctp_tmit_chunk *chk;
3680 int inflight = 0, resend = 0, inbetween = 0, acked = 0, above = 0;
3681 int entry_flight, entry_cnt, ret;
3683 entry_flight = asoc->total_flight;
3684 entry_cnt = asoc->total_flight_count;
3687 if (asoc->pr_sctp_cnt >= asoc->sent_queue_cnt)
3690 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
3691 if (chk->sent < SCTP_DATAGRAM_RESEND) {
3692 SCTP_PRINTF("Chk TSN:%u size:%d inflight cnt:%d\n",
3693 chk->rec.data.TSN_seq,
3697 } else if (chk->sent == SCTP_DATAGRAM_RESEND) {
3699 } else if (chk->sent < SCTP_DATAGRAM_ACKED) {
3701 } else if (chk->sent > SCTP_DATAGRAM_ACKED) {
3708 if ((inflight > 0) || (inbetween > 0)) {
3710 panic("Flight size-express incorrect? \n");
3712 SCTP_PRINTF("asoc->total_flight:%d cnt:%d\n",
3713 entry_flight, entry_cnt);
3715 SCTP_PRINTF("Flight size-express incorrect F:%d I:%d R:%d Ab:%d ACK:%d\n",
3716 inflight, inbetween, resend, above, acked);
3725 sctp_window_probe_recovery(struct sctp_tcb *stcb,
3726 struct sctp_association *asoc,
3727 struct sctp_tmit_chunk *tp1)
3729 tp1->window_probe = 0;
3730 if ((tp1->sent >= SCTP_DATAGRAM_ACKED) || (tp1->data == NULL)) {
3731 /* TSN's skipped we do NOT move back. */
3732 sctp_misc_ints(SCTP_FLIGHT_LOG_DWN_WP_FWD,
3733 tp1->whoTo->flight_size,
3735 (uintptr_t) tp1->whoTo,
3736 tp1->rec.data.TSN_seq);
3739 /* First setup this by shrinking flight */
3740 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
3741 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
3744 sctp_flight_size_decrease(tp1);
3745 sctp_total_flight_decrease(stcb, tp1);
3746 /* Now mark for resend */
3747 tp1->sent = SCTP_DATAGRAM_RESEND;
3748 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
3750 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3751 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_WP,
3752 tp1->whoTo->flight_size,
3754 (uintptr_t) tp1->whoTo,
3755 tp1->rec.data.TSN_seq);
3760 sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack,
3761 uint32_t rwnd, int *abort_now, int ecne_seen)
3763 struct sctp_nets *net;
3764 struct sctp_association *asoc;
3765 struct sctp_tmit_chunk *tp1, *tp2;
3767 int win_probe_recovery = 0;
3768 int win_probe_recovered = 0;
3769 int j, done_once = 0;
3772 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_SACK_ARRIVALS_ENABLE) {
3773 sctp_misc_ints(SCTP_SACK_LOG_EXPRESS, cumack,
3774 rwnd, stcb->asoc.last_acked_seq, stcb->asoc.peers_rwnd);
3776 SCTP_TCB_LOCK_ASSERT(stcb);
3777 #ifdef SCTP_ASOCLOG_OF_TSNS
3778 stcb->asoc.cumack_log[stcb->asoc.cumack_log_at] = cumack;
3779 stcb->asoc.cumack_log_at++;
3780 if (stcb->asoc.cumack_log_at > SCTP_TSN_LOG_SIZE) {
3781 stcb->asoc.cumack_log_at = 0;
3785 old_rwnd = asoc->peers_rwnd;
3786 if (SCTP_TSN_GT(asoc->last_acked_seq, cumack)) {
3789 } else if (asoc->last_acked_seq == cumack) {
3790 /* Window update sack */
3791 asoc->peers_rwnd = sctp_sbspace_sub(rwnd,
3792 (uint32_t) (asoc->total_flight + (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))));
3793 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
3794 /* SWS sender side engages */
3795 asoc->peers_rwnd = 0;
3797 if (asoc->peers_rwnd > old_rwnd) {
3802 /* First setup for CC stuff */
3803 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
3804 if (SCTP_TSN_GT(cumack, net->cwr_window_tsn)) {
3805 /* Drag along the window_tsn for cwr's */
3806 net->cwr_window_tsn = cumack;
3808 net->prev_cwnd = net->cwnd;
3813 * CMT: Reset CUC and Fast recovery algo variables before
3816 net->new_pseudo_cumack = 0;
3817 net->will_exit_fast_recovery = 0;
3818 if (stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) {
3819 (*stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) (stcb, net);
3822 if (SCTP_BASE_SYSCTL(sctp_strict_sacks)) {
3825 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
3826 tp1 = TAILQ_LAST(&asoc->sent_queue,
3827 sctpchunk_listhead);
3828 send_s = tp1->rec.data.TSN_seq + 1;
3830 send_s = asoc->sending_seq;
3832 if (SCTP_TSN_GE(cumack, send_s)) {
3838 panic("Impossible sack 1");
3843 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
3844 0, M_DONTWAIT, 1, MT_DATA);
3846 struct sctp_paramhdr *ph;
3849 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
3851 ph = mtod(oper, struct sctp_paramhdr *);
3852 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
3853 ph->param_length = htons(SCTP_BUF_LEN(oper));
3854 ippp = (uint32_t *) (ph + 1);
3855 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_25);
3857 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_25;
3858 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
3863 asoc->this_sack_highest_gap = cumack;
3864 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
3865 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
3866 stcb->asoc.overall_error_count,
3868 SCTP_FROM_SCTP_INDATA,
3871 stcb->asoc.overall_error_count = 0;
3872 if (SCTP_TSN_GT(cumack, asoc->last_acked_seq)) {
3873 /* process the new consecutive TSN first */
3874 TAILQ_FOREACH_SAFE(tp1, &asoc->sent_queue, sctp_next, tp2) {
3875 if (SCTP_TSN_GE(cumack, tp1->rec.data.TSN_seq)) {
3876 if (tp1->sent == SCTP_DATAGRAM_UNSENT) {
3877 SCTP_PRINTF("Warning, an unsent is now acked?\n");
3879 if (tp1->sent < SCTP_DATAGRAM_ACKED) {
3881 * If it is less than ACKED, it is
3882 * now no-longer in flight. Higher
3883 * values may occur during marking
3885 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3886 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3887 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_CA,
3888 tp1->whoTo->flight_size,
3890 (uintptr_t) tp1->whoTo,
3891 tp1->rec.data.TSN_seq);
3893 sctp_flight_size_decrease(tp1);
3894 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
3895 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
3898 /* sa_ignore NO_NULL_CHK */
3899 sctp_total_flight_decrease(stcb, tp1);
3901 tp1->whoTo->net_ack += tp1->send_size;
3902 if (tp1->snd_count < 2) {
3904 * True non-retransmited
3907 tp1->whoTo->net_ack2 +=
3910 /* update RTO too? */
3919 sctp_calculate_rto(stcb,
3921 &tp1->sent_rcv_time,
3922 sctp_align_safe_nocopy,
3923 SCTP_RTT_FROM_DATA);
3926 if (tp1->whoTo->rto_needed == 0) {
3927 tp1->whoTo->rto_needed = 1;
3933 * CMT: CUCv2 algorithm. From the
3934 * cumack'd TSNs, for each TSN being
3935 * acked for the first time, set the
3936 * following variables for the
3937 * corresp destination.
3938 * new_pseudo_cumack will trigger a
3940 * find_(rtx_)pseudo_cumack will
3941 * trigger search for the next
3942 * expected (rtx-)pseudo-cumack.
3944 tp1->whoTo->new_pseudo_cumack = 1;
3945 tp1->whoTo->find_pseudo_cumack = 1;
3946 tp1->whoTo->find_rtx_pseudo_cumack = 1;
3948 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
3949 /* sa_ignore NO_NULL_CHK */
3950 sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.TSN_seq, SCTP_CWND_LOG_FROM_SACK);
3953 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
3954 sctp_ucount_decr(asoc->sent_queue_retran_cnt);
3956 if (tp1->rec.data.chunk_was_revoked) {
3957 /* deflate the cwnd */
3958 tp1->whoTo->cwnd -= tp1->book_size;
3959 tp1->rec.data.chunk_was_revoked = 0;
3961 tp1->sent = SCTP_DATAGRAM_ACKED;
3962 TAILQ_REMOVE(&asoc->sent_queue, tp1, sctp_next);
3964 /* sa_ignore NO_NULL_CHK */
3965 sctp_free_bufspace(stcb, asoc, tp1, 1);
3966 sctp_m_freem(tp1->data);
3969 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
3970 sctp_log_sack(asoc->last_acked_seq,
3972 tp1->rec.data.TSN_seq,
3975 SCTP_LOG_FREE_SENT);
3977 asoc->sent_queue_cnt--;
3978 sctp_free_a_chunk(stcb, tp1, SCTP_SO_NOT_LOCKED);
3985 /* sa_ignore NO_NULL_CHK */
3986 if (stcb->sctp_socket) {
3987 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3991 SOCKBUF_LOCK(&stcb->sctp_socket->so_snd);
3992 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
3993 /* sa_ignore NO_NULL_CHK */
3994 sctp_wakeup_log(stcb, 1, SCTP_WAKESND_FROM_SACK);
3996 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3997 so = SCTP_INP_SO(stcb->sctp_ep);
3998 atomic_add_int(&stcb->asoc.refcnt, 1);
3999 SCTP_TCB_UNLOCK(stcb);
4000 SCTP_SOCKET_LOCK(so, 1);
4001 SCTP_TCB_LOCK(stcb);
4002 atomic_subtract_int(&stcb->asoc.refcnt, 1);
4003 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
4004 /* assoc was freed while we were unlocked */
4005 SCTP_SOCKET_UNLOCK(so, 1);
4009 sctp_sowwakeup_locked(stcb->sctp_ep, stcb->sctp_socket);
4010 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4011 SCTP_SOCKET_UNLOCK(so, 1);
4014 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
4015 sctp_wakeup_log(stcb, 1, SCTP_NOWAKE_FROM_SACK);
4019 /* JRS - Use the congestion control given in the CC module */
4020 if ((asoc->last_acked_seq != cumack) && (ecne_seen == 0)) {
4021 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4022 if (net->net_ack2 > 0) {
4024 * Karn's rule applies to clearing error
4025 * count, this is optional.
4027 net->error_count = 0;
4028 if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
4029 /* addr came good */
4030 net->dest_state |= SCTP_ADDR_REACHABLE;
4031 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb,
4032 0, (void *)net, SCTP_SO_NOT_LOCKED);
4034 if (net == stcb->asoc.primary_destination) {
4035 if (stcb->asoc.alternate) {
4037 * release the alternate,
4040 sctp_free_remote_addr(stcb->asoc.alternate);
4041 stcb->asoc.alternate = NULL;
4044 if (net->dest_state & SCTP_ADDR_PF) {
4045 net->dest_state &= ~SCTP_ADDR_PF;
4046 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_3);
4047 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net);
4048 asoc->cc_functions.sctp_cwnd_update_exit_pf(stcb, net);
4049 /* Done with this net */
4052 /* restore any doubled timers */
4053 net->RTO = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
4054 if (net->RTO < stcb->asoc.minrto) {
4055 net->RTO = stcb->asoc.minrto;
4057 if (net->RTO > stcb->asoc.maxrto) {
4058 net->RTO = stcb->asoc.maxrto;
4062 asoc->cc_functions.sctp_cwnd_update_after_sack(stcb, asoc, 1, 0, 0);
4064 asoc->last_acked_seq = cumack;
4066 if (TAILQ_EMPTY(&asoc->sent_queue)) {
4067 /* nothing left in-flight */
4068 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4069 net->flight_size = 0;
4070 net->partial_bytes_acked = 0;
4072 asoc->total_flight = 0;
4073 asoc->total_flight_count = 0;
4076 asoc->peers_rwnd = sctp_sbspace_sub(rwnd,
4077 (uint32_t) (asoc->total_flight + (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))));
4078 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4079 /* SWS sender side engages */
4080 asoc->peers_rwnd = 0;
4082 if (asoc->peers_rwnd > old_rwnd) {
4083 win_probe_recovery = 1;
4085 /* Now assure a timer where data is queued at */
4088 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4091 if (win_probe_recovery && (net->window_probe)) {
4092 win_probe_recovered = 1;
4094 * Find first chunk that was used with window probe
4095 * and clear the sent
4097 /* sa_ignore FREED_MEMORY */
4098 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4099 if (tp1->window_probe) {
4100 /* move back to data send queue */
4101 sctp_window_probe_recovery(stcb, asoc, tp1);
4106 if (net->RTO == 0) {
4107 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto);
4109 to_ticks = MSEC_TO_TICKS(net->RTO);
4111 if (net->flight_size) {
4113 (void)SCTP_OS_TIMER_START(&net->rxt_timer.timer, to_ticks,
4114 sctp_timeout_handler, &net->rxt_timer);
4115 if (net->window_probe) {
4116 net->window_probe = 0;
4119 if (net->window_probe) {
4121 * In window probes we must assure a timer
4122 * is still running there
4124 net->window_probe = 0;
4125 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
4126 SCTP_OS_TIMER_START(&net->rxt_timer.timer, to_ticks,
4127 sctp_timeout_handler, &net->rxt_timer);
4129 } else if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
4130 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4132 SCTP_FROM_SCTP_INDATA + SCTP_LOC_22);
4137 (!TAILQ_EMPTY(&asoc->sent_queue)) &&
4138 (asoc->sent_queue_retran_cnt == 0) &&
4139 (win_probe_recovered == 0) &&
4142 * huh, this should not happen unless all packets are
4143 * PR-SCTP and marked to skip of course.
4145 if (sctp_fs_audit(asoc)) {
4146 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4147 net->flight_size = 0;
4149 asoc->total_flight = 0;
4150 asoc->total_flight_count = 0;
4151 asoc->sent_queue_retran_cnt = 0;
4152 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4153 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
4154 sctp_flight_size_increase(tp1);
4155 sctp_total_flight_increase(stcb, tp1);
4156 } else if (tp1->sent == SCTP_DATAGRAM_RESEND) {
4157 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
4164 /**********************************/
4165 /* Now what about shutdown issues */
4166 /**********************************/
4167 if (TAILQ_EMPTY(&asoc->send_queue) && TAILQ_EMPTY(&asoc->sent_queue)) {
4168 /* nothing left on sendqueue.. consider done */
4170 if ((asoc->stream_queue_cnt == 1) &&
4171 ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) ||
4172 (asoc->state & SCTP_STATE_SHUTDOWN_RECEIVED)) &&
4173 (asoc->locked_on_sending)
4175 struct sctp_stream_queue_pending *sp;
4178 * I may be in a state where we got all across.. but
4179 * cannot write more due to a shutdown... we abort
4180 * since the user did not indicate EOR in this case.
4181 * The sp will be cleaned during free of the asoc.
4183 sp = TAILQ_LAST(&((asoc->locked_on_sending)->outqueue),
4185 if ((sp) && (sp->length == 0)) {
4186 /* Let cleanup code purge it */
4187 if (sp->msg_is_complete) {
4188 asoc->stream_queue_cnt--;
4190 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT;
4191 asoc->locked_on_sending = NULL;
4192 asoc->stream_queue_cnt--;
4196 if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) &&
4197 (asoc->stream_queue_cnt == 0)) {
4198 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4199 /* Need to abort here */
4205 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
4206 0, M_DONTWAIT, 1, MT_DATA);
4208 struct sctp_paramhdr *ph;
4211 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
4213 ph = mtod(oper, struct sctp_paramhdr *);
4214 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
4215 ph->param_length = htons(SCTP_BUF_LEN(oper));
4216 ippp = (uint32_t *) (ph + 1);
4217 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_24);
4219 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_24;
4220 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
4222 struct sctp_nets *netp;
4224 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) ||
4225 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
4226 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4228 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
4229 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4230 sctp_stop_timers_for_shutdown(stcb);
4231 if (asoc->alternate) {
4232 netp = asoc->alternate;
4234 netp = asoc->primary_destination;
4236 sctp_send_shutdown(stcb, netp);
4237 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
4238 stcb->sctp_ep, stcb, netp);
4239 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
4240 stcb->sctp_ep, stcb, netp);
4242 } else if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) &&
4243 (asoc->stream_queue_cnt == 0)) {
4244 struct sctp_nets *netp;
4246 if (asoc->alternate) {
4247 netp = asoc->alternate;
4249 netp = asoc->primary_destination;
4251 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4254 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4255 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_ACK_SENT);
4256 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4257 sctp_send_shutdown_ack(stcb, netp);
4258 sctp_stop_timers_for_shutdown(stcb);
4259 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK,
4260 stcb->sctp_ep, stcb, netp);
4263 /*********************************************/
4264 /* Here we perform PR-SCTP procedures */
4266 /*********************************************/
4267 /* C1. update advancedPeerAckPoint */
4268 if (SCTP_TSN_GT(cumack, asoc->advanced_peer_ack_point)) {
4269 asoc->advanced_peer_ack_point = cumack;
4271 /* PR-Sctp issues need to be addressed too */
4272 if ((asoc->peer_supports_prsctp) && (asoc->pr_sctp_cnt > 0)) {
4273 struct sctp_tmit_chunk *lchk;
4274 uint32_t old_adv_peer_ack_point;
4276 old_adv_peer_ack_point = asoc->advanced_peer_ack_point;
4277 lchk = sctp_try_advance_peer_ack_point(stcb, asoc);
4278 /* C3. See if we need to send a Fwd-TSN */
4279 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, cumack)) {
4281 * ISSUE with ECN, see FWD-TSN processing.
4283 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, old_adv_peer_ack_point)) {
4284 send_forward_tsn(stcb, asoc);
4286 /* try to FR fwd-tsn's that get lost too */
4287 if (lchk->rec.data.fwd_tsn_cnt >= 3) {
4288 send_forward_tsn(stcb, asoc);
4293 /* Assure a timer is up */
4294 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
4295 stcb->sctp_ep, stcb, lchk->whoTo);
4298 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_RWND_LOGGING_ENABLE) {
4299 sctp_misc_ints(SCTP_SACK_RWND_UPDATE,
4301 stcb->asoc.peers_rwnd,
4302 stcb->asoc.total_flight,
4303 stcb->asoc.total_output_queue_size);
4308 sctp_handle_sack(struct mbuf *m, int offset_seg, int offset_dup,
4309 struct sctp_tcb *stcb,
4310 uint16_t num_seg, uint16_t num_nr_seg, uint16_t num_dup,
4311 int *abort_now, uint8_t flags,
4312 uint32_t cum_ack, uint32_t rwnd, int ecne_seen)
4314 struct sctp_association *asoc;
4315 struct sctp_tmit_chunk *tp1, *tp2;
4316 uint32_t last_tsn, biggest_tsn_acked, biggest_tsn_newly_acked, this_sack_lowest_newack;
4317 uint16_t wake_him = 0;
4318 uint32_t send_s = 0;
4320 int accum_moved = 0;
4321 int will_exit_fast_recovery = 0;
4322 uint32_t a_rwnd, old_rwnd;
4323 int win_probe_recovery = 0;
4324 int win_probe_recovered = 0;
4325 struct sctp_nets *net = NULL;
4328 uint8_t reneged_all = 0;
4329 uint8_t cmt_dac_flag;
4332 * we take any chance we can to service our queues since we cannot
4333 * get awoken when the socket is read from :<
4336 * Now perform the actual SACK handling: 1) Verify that it is not an
4337 * old sack, if so discard. 2) If there is nothing left in the send
4338 * queue (cum-ack is equal to last acked) then you have a duplicate
4339 * too, update any rwnd change and verify no timers are running.
4340 * then return. 3) Process any new consequtive data i.e. cum-ack
4341 * moved process these first and note that it moved. 4) Process any
4342 * sack blocks. 5) Drop any acked from the queue. 6) Check for any
4343 * revoked blocks and mark. 7) Update the cwnd. 8) Nothing left,
4344 * sync up flightsizes and things, stop all timers and also check
4345 * for shutdown_pending state. If so then go ahead and send off the
4346 * shutdown. If in shutdown recv, send off the shutdown-ack and
4347 * start that timer, Ret. 9) Strike any non-acked things and do FR
4348 * procedure if needed being sure to set the FR flag. 10) Do pr-sctp
4349 * procedures. 11) Apply any FR penalties. 12) Assure we will SACK
4350 * if in shutdown_recv state.
4352 SCTP_TCB_LOCK_ASSERT(stcb);
4354 this_sack_lowest_newack = 0;
4355 SCTP_STAT_INCR(sctps_slowpath_sack);
4357 cmt_dac_flag = flags & SCTP_SACK_CMT_DAC;
4358 #ifdef SCTP_ASOCLOG_OF_TSNS
4359 stcb->asoc.cumack_log[stcb->asoc.cumack_log_at] = cum_ack;
4360 stcb->asoc.cumack_log_at++;
4361 if (stcb->asoc.cumack_log_at > SCTP_TSN_LOG_SIZE) {
4362 stcb->asoc.cumack_log_at = 0;
4367 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_SACK_ARRIVALS_ENABLE) {
4368 sctp_misc_ints(SCTP_SACK_LOG_NORMAL, cum_ack,
4369 rwnd, stcb->asoc.last_acked_seq, stcb->asoc.peers_rwnd);
4371 old_rwnd = stcb->asoc.peers_rwnd;
4372 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4373 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4374 stcb->asoc.overall_error_count,
4376 SCTP_FROM_SCTP_INDATA,
4379 stcb->asoc.overall_error_count = 0;
4381 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
4382 sctp_log_sack(asoc->last_acked_seq,
4389 if ((num_dup) && (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE)) {
4391 uint32_t *dupdata, dblock;
4393 for (i = 0; i < num_dup; i++) {
4394 dupdata = (uint32_t *) sctp_m_getptr(m, offset_dup + i * sizeof(uint32_t),
4395 sizeof(uint32_t), (uint8_t *) & dblock);
4396 if (dupdata == NULL) {
4399 sctp_log_fr(*dupdata, 0, 0, SCTP_FR_DUPED);
4402 if (SCTP_BASE_SYSCTL(sctp_strict_sacks)) {
4404 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
4405 tp1 = TAILQ_LAST(&asoc->sent_queue,
4406 sctpchunk_listhead);
4407 send_s = tp1->rec.data.TSN_seq + 1;
4410 send_s = asoc->sending_seq;
4412 if (SCTP_TSN_GE(cum_ack, send_s)) {
4416 * no way, we have not even sent this TSN out yet.
4417 * Peer is hopelessly messed up with us.
4419 SCTP_PRINTF("NEW cum_ack:%x send_s:%x is smaller or equal\n",
4422 SCTP_PRINTF("Got send_s from tsn:%x + 1 of tp1:%p\n",
4423 tp1->rec.data.TSN_seq, (void *)tp1);
4428 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
4429 0, M_DONTWAIT, 1, MT_DATA);
4431 struct sctp_paramhdr *ph;
4434 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
4436 ph = mtod(oper, struct sctp_paramhdr *);
4437 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
4438 ph->param_length = htons(SCTP_BUF_LEN(oper));
4439 ippp = (uint32_t *) (ph + 1);
4440 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_25);
4442 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_25;
4443 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
4447 /**********************/
4448 /* 1) check the range */
4449 /**********************/
4450 if (SCTP_TSN_GT(asoc->last_acked_seq, last_tsn)) {
4451 /* acking something behind */
4454 /* update the Rwnd of the peer */
4455 if (TAILQ_EMPTY(&asoc->sent_queue) &&
4456 TAILQ_EMPTY(&asoc->send_queue) &&
4457 (asoc->stream_queue_cnt == 0)) {
4458 /* nothing left on send/sent and strmq */
4459 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
4460 sctp_log_rwnd_set(SCTP_SET_PEER_RWND_VIA_SACK,
4461 asoc->peers_rwnd, 0, 0, a_rwnd);
4463 asoc->peers_rwnd = a_rwnd;
4464 if (asoc->sent_queue_retran_cnt) {
4465 asoc->sent_queue_retran_cnt = 0;
4467 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4468 /* SWS sender side engages */
4469 asoc->peers_rwnd = 0;
4471 /* stop any timers */
4472 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4473 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4474 stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_26);
4475 net->partial_bytes_acked = 0;
4476 net->flight_size = 0;
4478 asoc->total_flight = 0;
4479 asoc->total_flight_count = 0;
4483 * We init netAckSz and netAckSz2 to 0. These are used to track 2
4484 * things. The total byte count acked is tracked in netAckSz AND
4485 * netAck2 is used to track the total bytes acked that are un-
4486 * amibguious and were never retransmitted. We track these on a per
4487 * destination address basis.
4489 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4490 if (SCTP_TSN_GT(cum_ack, net->cwr_window_tsn)) {
4491 /* Drag along the window_tsn for cwr's */
4492 net->cwr_window_tsn = cum_ack;
4494 net->prev_cwnd = net->cwnd;
4499 * CMT: Reset CUC and Fast recovery algo variables before
4502 net->new_pseudo_cumack = 0;
4503 net->will_exit_fast_recovery = 0;
4504 if (stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) {
4505 (*stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) (stcb, net);
4508 /* process the new consecutive TSN first */
4509 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4510 if (SCTP_TSN_GE(last_tsn, tp1->rec.data.TSN_seq)) {
4511 if (tp1->sent != SCTP_DATAGRAM_UNSENT) {
4513 if (tp1->sent < SCTP_DATAGRAM_ACKED) {
4515 * If it is less than ACKED, it is
4516 * now no-longer in flight. Higher
4517 * values may occur during marking
4519 if ((tp1->whoTo->dest_state &
4520 SCTP_ADDR_UNCONFIRMED) &&
4521 (tp1->snd_count < 2)) {
4523 * If there was no retran
4524 * and the address is
4525 * un-confirmed and we sent
4527 * sacked.. its confirmed,
4530 tp1->whoTo->dest_state &=
4531 ~SCTP_ADDR_UNCONFIRMED;
4533 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
4534 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
4535 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_CA,
4536 tp1->whoTo->flight_size,
4538 (uintptr_t) tp1->whoTo,
4539 tp1->rec.data.TSN_seq);
4541 sctp_flight_size_decrease(tp1);
4542 sctp_total_flight_decrease(stcb, tp1);
4543 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
4544 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
4548 tp1->whoTo->net_ack += tp1->send_size;
4550 /* CMT SFR and DAC algos */
4551 this_sack_lowest_newack = tp1->rec.data.TSN_seq;
4552 tp1->whoTo->saw_newack = 1;
4554 if (tp1->snd_count < 2) {
4556 * True non-retransmited
4559 tp1->whoTo->net_ack2 +=
4562 /* update RTO too? */
4566 sctp_calculate_rto(stcb,
4568 &tp1->sent_rcv_time,
4569 sctp_align_safe_nocopy,
4570 SCTP_RTT_FROM_DATA);
4573 if (tp1->whoTo->rto_needed == 0) {
4574 tp1->whoTo->rto_needed = 1;
4580 * CMT: CUCv2 algorithm. From the
4581 * cumack'd TSNs, for each TSN being
4582 * acked for the first time, set the
4583 * following variables for the
4584 * corresp destination.
4585 * new_pseudo_cumack will trigger a
4587 * find_(rtx_)pseudo_cumack will
4588 * trigger search for the next
4589 * expected (rtx-)pseudo-cumack.
4591 tp1->whoTo->new_pseudo_cumack = 1;
4592 tp1->whoTo->find_pseudo_cumack = 1;
4593 tp1->whoTo->find_rtx_pseudo_cumack = 1;
4596 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
4597 sctp_log_sack(asoc->last_acked_seq,
4599 tp1->rec.data.TSN_seq,
4602 SCTP_LOG_TSN_ACKED);
4604 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
4605 sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.TSN_seq, SCTP_CWND_LOG_FROM_SACK);
4608 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
4609 sctp_ucount_decr(asoc->sent_queue_retran_cnt);
4610 #ifdef SCTP_AUDITING_ENABLED
4611 sctp_audit_log(0xB3,
4612 (asoc->sent_queue_retran_cnt & 0x000000ff));
4615 if (tp1->rec.data.chunk_was_revoked) {
4616 /* deflate the cwnd */
4617 tp1->whoTo->cwnd -= tp1->book_size;
4618 tp1->rec.data.chunk_was_revoked = 0;
4620 tp1->sent = SCTP_DATAGRAM_ACKED;
4626 biggest_tsn_newly_acked = biggest_tsn_acked = last_tsn;
4627 /* always set this up to cum-ack */
4628 asoc->this_sack_highest_gap = last_tsn;
4630 if ((num_seg > 0) || (num_nr_seg > 0)) {
4633 * CMT: SFR algo (and HTNA) - this_sack_highest_newack has
4634 * to be greater than the cumack. Also reset saw_newack to 0
4637 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4638 net->saw_newack = 0;
4639 net->this_sack_highest_newack = last_tsn;
4643 * thisSackHighestGap will increase while handling NEW
4644 * segments this_sack_highest_newack will increase while
4645 * handling NEWLY ACKED chunks. this_sack_lowest_newack is
4646 * used for CMT DAC algo. saw_newack will also change.
4648 if (sctp_handle_segments(m, &offset_seg, stcb, asoc, last_tsn, &biggest_tsn_acked,
4649 &biggest_tsn_newly_acked, &this_sack_lowest_newack,
4650 num_seg, num_nr_seg, &rto_ok)) {
4653 if (SCTP_BASE_SYSCTL(sctp_strict_sacks)) {
4655 * validate the biggest_tsn_acked in the gap acks if
4656 * strict adherence is wanted.
4658 if (SCTP_TSN_GE(biggest_tsn_acked, send_s)) {
4660 * peer is either confused or we are under
4661 * attack. We must abort.
4663 SCTP_PRINTF("Hopeless peer! biggest_tsn_acked:%x largest seq:%x\n",
4664 biggest_tsn_acked, send_s);
4669 /*******************************************/
4670 /* cancel ALL T3-send timer if accum moved */
4671 /*******************************************/
4672 if (asoc->sctp_cmt_on_off > 0) {
4673 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4674 if (net->new_pseudo_cumack)
4675 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4677 SCTP_FROM_SCTP_INDATA + SCTP_LOC_27);
4682 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4683 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4684 stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_28);
4688 /********************************************/
4689 /* drop the acked chunks from the sentqueue */
4690 /********************************************/
4691 asoc->last_acked_seq = cum_ack;
4693 TAILQ_FOREACH_SAFE(tp1, &asoc->sent_queue, sctp_next, tp2) {
4694 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, cum_ack)) {
4697 if (tp1->sent == SCTP_DATAGRAM_UNSENT) {
4698 /* no more sent on list */
4699 SCTP_PRINTF("Warning, tp1->sent == %d and its now acked?\n",
4702 TAILQ_REMOVE(&asoc->sent_queue, tp1, sctp_next);
4703 if (tp1->pr_sctp_on) {
4704 if (asoc->pr_sctp_cnt != 0)
4705 asoc->pr_sctp_cnt--;
4707 asoc->sent_queue_cnt--;
4709 /* sa_ignore NO_NULL_CHK */
4710 sctp_free_bufspace(stcb, asoc, tp1, 1);
4711 sctp_m_freem(tp1->data);
4713 if (asoc->peer_supports_prsctp && PR_SCTP_BUF_ENABLED(tp1->flags)) {
4714 asoc->sent_queue_cnt_removeable--;
4717 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
4718 sctp_log_sack(asoc->last_acked_seq,
4720 tp1->rec.data.TSN_seq,
4723 SCTP_LOG_FREE_SENT);
4725 sctp_free_a_chunk(stcb, tp1, SCTP_SO_NOT_LOCKED);
4728 if (TAILQ_EMPTY(&asoc->sent_queue) && (asoc->total_flight > 0)) {
4730 panic("Warning flight size is postive and should be 0");
4732 SCTP_PRINTF("Warning flight size incorrect should be 0 is %d\n",
4733 asoc->total_flight);
4735 asoc->total_flight = 0;
4737 /* sa_ignore NO_NULL_CHK */
4738 if ((wake_him) && (stcb->sctp_socket)) {
4739 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4743 SOCKBUF_LOCK(&stcb->sctp_socket->so_snd);
4744 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
4745 sctp_wakeup_log(stcb, wake_him, SCTP_WAKESND_FROM_SACK);
4747 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4748 so = SCTP_INP_SO(stcb->sctp_ep);
4749 atomic_add_int(&stcb->asoc.refcnt, 1);
4750 SCTP_TCB_UNLOCK(stcb);
4751 SCTP_SOCKET_LOCK(so, 1);
4752 SCTP_TCB_LOCK(stcb);
4753 atomic_subtract_int(&stcb->asoc.refcnt, 1);
4754 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
4755 /* assoc was freed while we were unlocked */
4756 SCTP_SOCKET_UNLOCK(so, 1);
4760 sctp_sowwakeup_locked(stcb->sctp_ep, stcb->sctp_socket);
4761 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4762 SCTP_SOCKET_UNLOCK(so, 1);
4765 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
4766 sctp_wakeup_log(stcb, wake_him, SCTP_NOWAKE_FROM_SACK);
4770 if (asoc->fast_retran_loss_recovery && accum_moved) {
4771 if (SCTP_TSN_GE(asoc->last_acked_seq, asoc->fast_recovery_tsn)) {
4772 /* Setup so we will exit RFC2582 fast recovery */
4773 will_exit_fast_recovery = 1;
4777 * Check for revoked fragments:
4779 * if Previous sack - Had no frags then we can't have any revoked if
4780 * Previous sack - Had frag's then - If we now have frags aka
4781 * num_seg > 0 call sctp_check_for_revoked() to tell if peer revoked
4782 * some of them. else - The peer revoked all ACKED fragments, since
4783 * we had some before and now we have NONE.
4787 sctp_check_for_revoked(stcb, asoc, cum_ack, biggest_tsn_acked);
4788 asoc->saw_sack_with_frags = 1;
4789 } else if (asoc->saw_sack_with_frags) {
4790 int cnt_revoked = 0;
4792 /* Peer revoked all dg's marked or acked */
4793 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4794 if (tp1->sent == SCTP_DATAGRAM_ACKED) {
4795 tp1->sent = SCTP_DATAGRAM_SENT;
4796 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
4797 sctp_misc_ints(SCTP_FLIGHT_LOG_UP_REVOKE,
4798 tp1->whoTo->flight_size,
4800 (uintptr_t) tp1->whoTo,
4801 tp1->rec.data.TSN_seq);
4803 sctp_flight_size_increase(tp1);
4804 sctp_total_flight_increase(stcb, tp1);
4805 tp1->rec.data.chunk_was_revoked = 1;
4807 * To ensure that this increase in
4808 * flightsize, which is artificial, does not
4809 * throttle the sender, we also increase the
4810 * cwnd artificially.
4812 tp1->whoTo->cwnd += tp1->book_size;
4819 asoc->saw_sack_with_frags = 0;
4822 asoc->saw_sack_with_nr_frags = 1;
4824 asoc->saw_sack_with_nr_frags = 0;
4826 /* JRS - Use the congestion control given in the CC module */
4827 if (ecne_seen == 0) {
4828 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4829 if (net->net_ack2 > 0) {
4831 * Karn's rule applies to clearing error
4832 * count, this is optional.
4834 net->error_count = 0;
4835 if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
4836 /* addr came good */
4837 net->dest_state |= SCTP_ADDR_REACHABLE;
4838 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb,
4839 0, (void *)net, SCTP_SO_NOT_LOCKED);
4841 if (net == stcb->asoc.primary_destination) {
4842 if (stcb->asoc.alternate) {
4844 * release the alternate,
4847 sctp_free_remote_addr(stcb->asoc.alternate);
4848 stcb->asoc.alternate = NULL;
4851 if (net->dest_state & SCTP_ADDR_PF) {
4852 net->dest_state &= ~SCTP_ADDR_PF;
4853 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_3);
4854 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net);
4855 asoc->cc_functions.sctp_cwnd_update_exit_pf(stcb, net);
4856 /* Done with this net */
4859 /* restore any doubled timers */
4860 net->RTO = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
4861 if (net->RTO < stcb->asoc.minrto) {
4862 net->RTO = stcb->asoc.minrto;
4864 if (net->RTO > stcb->asoc.maxrto) {
4865 net->RTO = stcb->asoc.maxrto;
4869 asoc->cc_functions.sctp_cwnd_update_after_sack(stcb, asoc, accum_moved, reneged_all, will_exit_fast_recovery);
4871 if (TAILQ_EMPTY(&asoc->sent_queue)) {
4872 /* nothing left in-flight */
4873 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4874 /* stop all timers */
4875 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4876 stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_30);
4877 net->flight_size = 0;
4878 net->partial_bytes_acked = 0;
4880 asoc->total_flight = 0;
4881 asoc->total_flight_count = 0;
4883 /**********************************/
4884 /* Now what about shutdown issues */
4885 /**********************************/
4886 if (TAILQ_EMPTY(&asoc->send_queue) && TAILQ_EMPTY(&asoc->sent_queue)) {
4887 /* nothing left on sendqueue.. consider done */
4888 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
4889 sctp_log_rwnd_set(SCTP_SET_PEER_RWND_VIA_SACK,
4890 asoc->peers_rwnd, 0, 0, a_rwnd);
4892 asoc->peers_rwnd = a_rwnd;
4893 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4894 /* SWS sender side engages */
4895 asoc->peers_rwnd = 0;
4898 if ((asoc->stream_queue_cnt == 1) &&
4899 ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) ||
4900 (asoc->state & SCTP_STATE_SHUTDOWN_RECEIVED)) &&
4901 (asoc->locked_on_sending)
4903 struct sctp_stream_queue_pending *sp;
4906 * I may be in a state where we got all across.. but
4907 * cannot write more due to a shutdown... we abort
4908 * since the user did not indicate EOR in this case.
4910 sp = TAILQ_LAST(&((asoc->locked_on_sending)->outqueue),
4912 if ((sp) && (sp->length == 0)) {
4913 asoc->locked_on_sending = NULL;
4914 if (sp->msg_is_complete) {
4915 asoc->stream_queue_cnt--;
4917 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT;
4918 asoc->stream_queue_cnt--;
4922 if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) &&
4923 (asoc->stream_queue_cnt == 0)) {
4924 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4925 /* Need to abort here */
4931 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
4932 0, M_DONTWAIT, 1, MT_DATA);
4934 struct sctp_paramhdr *ph;
4937 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
4939 ph = mtod(oper, struct sctp_paramhdr *);
4940 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
4941 ph->param_length = htons(SCTP_BUF_LEN(oper));
4942 ippp = (uint32_t *) (ph + 1);
4943 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_31);
4945 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_31;
4946 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
4949 struct sctp_nets *netp;
4951 if (asoc->alternate) {
4952 netp = asoc->alternate;
4954 netp = asoc->primary_destination;
4956 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) ||
4957 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
4958 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4960 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
4961 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4962 sctp_stop_timers_for_shutdown(stcb);
4963 sctp_send_shutdown(stcb, netp);
4964 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
4965 stcb->sctp_ep, stcb, netp);
4966 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
4967 stcb->sctp_ep, stcb, netp);
4970 } else if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) &&
4971 (asoc->stream_queue_cnt == 0)) {
4972 struct sctp_nets *netp;
4974 if (asoc->alternate) {
4975 netp = asoc->alternate;
4977 netp = asoc->primary_destination;
4979 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4982 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4983 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_ACK_SENT);
4984 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4985 sctp_send_shutdown_ack(stcb, netp);
4986 sctp_stop_timers_for_shutdown(stcb);
4987 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK,
4988 stcb->sctp_ep, stcb, netp);
4993 * Now here we are going to recycle net_ack for a different use...
4996 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5001 * CMT DAC algorithm: If SACK DAC flag was 0, then no extra marking
5002 * to be done. Setting this_sack_lowest_newack to the cum_ack will
5003 * automatically ensure that.
5005 if ((asoc->sctp_cmt_on_off > 0) &&
5006 SCTP_BASE_SYSCTL(sctp_cmt_use_dac) &&
5007 (cmt_dac_flag == 0)) {
5008 this_sack_lowest_newack = cum_ack;
5010 if ((num_seg > 0) || (num_nr_seg > 0)) {
5011 sctp_strike_gap_ack_chunks(stcb, asoc, biggest_tsn_acked,
5012 biggest_tsn_newly_acked, this_sack_lowest_newack, accum_moved);
5014 /* JRS - Use the congestion control given in the CC module */
5015 asoc->cc_functions.sctp_cwnd_update_after_fr(stcb, asoc);
5017 /* Now are we exiting loss recovery ? */
5018 if (will_exit_fast_recovery) {
5019 /* Ok, we must exit fast recovery */
5020 asoc->fast_retran_loss_recovery = 0;
5022 if ((asoc->sat_t3_loss_recovery) &&
5023 SCTP_TSN_GE(asoc->last_acked_seq, asoc->sat_t3_recovery_tsn)) {
5024 /* end satellite t3 loss recovery */
5025 asoc->sat_t3_loss_recovery = 0;
5030 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5031 if (net->will_exit_fast_recovery) {
5032 /* Ok, we must exit fast recovery */
5033 net->fast_retran_loss_recovery = 0;
5037 /* Adjust and set the new rwnd value */
5038 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
5039 sctp_log_rwnd_set(SCTP_SET_PEER_RWND_VIA_SACK,
5040 asoc->peers_rwnd, asoc->total_flight, (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)), a_rwnd);
5042 asoc->peers_rwnd = sctp_sbspace_sub(a_rwnd,
5043 (uint32_t) (asoc->total_flight + (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))));
5044 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
5045 /* SWS sender side engages */
5046 asoc->peers_rwnd = 0;
5048 if (asoc->peers_rwnd > old_rwnd) {
5049 win_probe_recovery = 1;
5052 * Now we must setup so we have a timer up for anyone with
5058 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5059 if (win_probe_recovery && (net->window_probe)) {
5060 win_probe_recovered = 1;
5062 * Find first chunk that was used with
5063 * window probe and clear the event. Put
5064 * it back into the send queue as if has
5067 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
5068 if (tp1->window_probe) {
5069 sctp_window_probe_recovery(stcb, asoc, tp1);
5074 if (net->flight_size) {
5076 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
5077 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
5078 stcb->sctp_ep, stcb, net);
5080 if (net->window_probe) {
5081 net->window_probe = 0;
5084 if (net->window_probe) {
5086 * In window probes we must assure a timer
5087 * is still running there
5089 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
5090 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
5091 stcb->sctp_ep, stcb, net);
5094 } else if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
5095 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
5097 SCTP_FROM_SCTP_INDATA + SCTP_LOC_22);
5102 (!TAILQ_EMPTY(&asoc->sent_queue)) &&
5103 (asoc->sent_queue_retran_cnt == 0) &&
5104 (win_probe_recovered == 0) &&
5107 * huh, this should not happen unless all packets are
5108 * PR-SCTP and marked to skip of course.
5110 if (sctp_fs_audit(asoc)) {
5111 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5112 net->flight_size = 0;
5114 asoc->total_flight = 0;
5115 asoc->total_flight_count = 0;
5116 asoc->sent_queue_retran_cnt = 0;
5117 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
5118 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
5119 sctp_flight_size_increase(tp1);
5120 sctp_total_flight_increase(stcb, tp1);
5121 } else if (tp1->sent == SCTP_DATAGRAM_RESEND) {
5122 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
5129 /*********************************************/
5130 /* Here we perform PR-SCTP procedures */
5132 /*********************************************/
5133 /* C1. update advancedPeerAckPoint */
5134 if (SCTP_TSN_GT(cum_ack, asoc->advanced_peer_ack_point)) {
5135 asoc->advanced_peer_ack_point = cum_ack;
5137 /* C2. try to further move advancedPeerAckPoint ahead */
5138 if ((asoc->peer_supports_prsctp) && (asoc->pr_sctp_cnt > 0)) {
5139 struct sctp_tmit_chunk *lchk;
5140 uint32_t old_adv_peer_ack_point;
5142 old_adv_peer_ack_point = asoc->advanced_peer_ack_point;
5143 lchk = sctp_try_advance_peer_ack_point(stcb, asoc);
5144 /* C3. See if we need to send a Fwd-TSN */
5145 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, cum_ack)) {
5147 * ISSUE with ECN, see FWD-TSN processing.
5149 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
5150 sctp_misc_ints(SCTP_FWD_TSN_CHECK,
5151 0xee, cum_ack, asoc->advanced_peer_ack_point,
5152 old_adv_peer_ack_point);
5154 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, old_adv_peer_ack_point)) {
5155 send_forward_tsn(stcb, asoc);
5157 /* try to FR fwd-tsn's that get lost too */
5158 if (lchk->rec.data.fwd_tsn_cnt >= 3) {
5159 send_forward_tsn(stcb, asoc);
5164 /* Assure a timer is up */
5165 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
5166 stcb->sctp_ep, stcb, lchk->whoTo);
5169 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_RWND_LOGGING_ENABLE) {
5170 sctp_misc_ints(SCTP_SACK_RWND_UPDATE,
5172 stcb->asoc.peers_rwnd,
5173 stcb->asoc.total_flight,
5174 stcb->asoc.total_output_queue_size);
5179 sctp_update_acked(struct sctp_tcb *stcb, struct sctp_shutdown_chunk *cp, int *abort_flag)
5182 uint32_t cum_ack, a_rwnd;
5184 cum_ack = ntohl(cp->cumulative_tsn_ack);
5185 /* Arrange so a_rwnd does NOT change */
5186 a_rwnd = stcb->asoc.peers_rwnd + stcb->asoc.total_flight;
5188 /* Now call the express sack handling */
5189 sctp_express_handle_sack(stcb, cum_ack, a_rwnd, abort_flag, 0);
5193 sctp_kick_prsctp_reorder_queue(struct sctp_tcb *stcb,
5194 struct sctp_stream_in *strmin)
5196 struct sctp_queued_to_read *ctl, *nctl;
5197 struct sctp_association *asoc;
5201 tt = strmin->last_sequence_delivered;
5203 * First deliver anything prior to and including the stream no that
5206 TAILQ_FOREACH_SAFE(ctl, &strmin->inqueue, next, nctl) {
5207 if (SCTP_SSN_GE(tt, ctl->sinfo_ssn)) {
5208 /* this is deliverable now */
5209 TAILQ_REMOVE(&strmin->inqueue, ctl, next);
5210 /* subtract pending on streams */
5211 asoc->size_on_all_streams -= ctl->length;
5212 sctp_ucount_decr(asoc->cnt_on_all_streams);
5213 /* deliver it to at least the delivery-q */
5214 if (stcb->sctp_socket) {
5215 sctp_mark_non_revokable(asoc, ctl->sinfo_tsn);
5216 sctp_add_to_readq(stcb->sctp_ep, stcb,
5218 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED);
5221 /* no more delivery now. */
5226 * now we must deliver things in queue the normal way if any are
5229 tt = strmin->last_sequence_delivered + 1;
5230 TAILQ_FOREACH_SAFE(ctl, &strmin->inqueue, next, nctl) {
5231 if (tt == ctl->sinfo_ssn) {
5232 /* this is deliverable now */
5233 TAILQ_REMOVE(&strmin->inqueue, ctl, next);
5234 /* subtract pending on streams */
5235 asoc->size_on_all_streams -= ctl->length;
5236 sctp_ucount_decr(asoc->cnt_on_all_streams);
5237 /* deliver it to at least the delivery-q */
5238 strmin->last_sequence_delivered = ctl->sinfo_ssn;
5239 if (stcb->sctp_socket) {
5240 sctp_mark_non_revokable(asoc, ctl->sinfo_tsn);
5241 sctp_add_to_readq(stcb->sctp_ep, stcb,
5243 &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED);
5246 tt = strmin->last_sequence_delivered + 1;
5254 sctp_flush_reassm_for_str_seq(struct sctp_tcb *stcb,
5255 struct sctp_association *asoc,
5256 uint16_t stream, uint16_t seq)
5258 struct sctp_tmit_chunk *chk, *nchk;
5260 /* For each one on here see if we need to toss it */
5262 * For now large messages held on the reasmqueue that are complete
5263 * will be tossed too. We could in theory do more work to spin
5264 * through and stop after dumping one msg aka seeing the start of a
5265 * new msg at the head, and call the delivery function... to see if
5266 * it can be delivered... But for now we just dump everything on the
5269 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
5271 * Do not toss it if on a different stream or marked for
5272 * unordered delivery in which case the stream sequence
5273 * number has no meaning.
5275 if ((chk->rec.data.stream_number != stream) ||
5276 ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == SCTP_DATA_UNORDERED)) {
5279 if (chk->rec.data.stream_seq == seq) {
5280 /* It needs to be tossed */
5281 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
5282 if (SCTP_TSN_GT(chk->rec.data.TSN_seq, asoc->tsn_last_delivered)) {
5283 asoc->tsn_last_delivered = chk->rec.data.TSN_seq;
5284 asoc->str_of_pdapi = chk->rec.data.stream_number;
5285 asoc->ssn_of_pdapi = chk->rec.data.stream_seq;
5286 asoc->fragment_flags = chk->rec.data.rcv_flags;
5288 asoc->size_on_reasm_queue -= chk->send_size;
5289 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
5291 /* Clear up any stream problem */
5292 if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) != SCTP_DATA_UNORDERED &&
5293 SCTP_SSN_GT(chk->rec.data.stream_seq, asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered)) {
5295 * We must dump forward this streams
5296 * sequence number if the chunk is not
5297 * unordered that is being skipped. There is
5298 * a chance that if the peer does not
5299 * include the last fragment in its FWD-TSN
5300 * we WILL have a problem here since you
5301 * would have a partial chunk in queue that
5302 * may not be deliverable. Also if a Partial
5303 * delivery API as started the user may get
5304 * a partial chunk. The next read returning
5305 * a new chunk... really ugly but I see no
5306 * way around it! Maybe a notify??
5308 asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered = chk->rec.data.stream_seq;
5311 sctp_m_freem(chk->data);
5314 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
5315 } else if (SCTP_SSN_GT(chk->rec.data.stream_seq, seq)) {
5317 * If the stream_seq is > than the purging one, we
5327 sctp_handle_forward_tsn(struct sctp_tcb *stcb,
5328 struct sctp_forward_tsn_chunk *fwd,
5329 int *abort_flag, struct mbuf *m, int offset)
5331 /* The pr-sctp fwd tsn */
5333 * here we will perform all the data receiver side steps for
5334 * processing FwdTSN, as required in by pr-sctp draft:
5336 * Assume we get FwdTSN(x):
5338 * 1) update local cumTSN to x 2) try to further advance cumTSN to x +
5339 * others we have 3) examine and update re-ordering queue on
5340 * pr-in-streams 4) clean up re-assembly queue 5) Send a sack to
5341 * report where we are.
5343 struct sctp_association *asoc;
5344 uint32_t new_cum_tsn, gap;
5345 unsigned int i, fwd_sz, m_size;
5347 struct sctp_stream_in *strm;
5348 struct sctp_tmit_chunk *chk, *nchk;
5349 struct sctp_queued_to_read *ctl, *sv;
5352 if ((fwd_sz = ntohs(fwd->ch.chunk_length)) < sizeof(struct sctp_forward_tsn_chunk)) {
5353 SCTPDBG(SCTP_DEBUG_INDATA1,
5354 "Bad size too small/big fwd-tsn\n");
5357 m_size = (stcb->asoc.mapping_array_size << 3);
5358 /*************************************************************/
5359 /* 1. Here we update local cumTSN and shift the bitmap array */
5360 /*************************************************************/
5361 new_cum_tsn = ntohl(fwd->new_cumulative_tsn);
5363 if (SCTP_TSN_GE(asoc->cumulative_tsn, new_cum_tsn)) {
5364 /* Already got there ... */
5368 * now we know the new TSN is more advanced, let's find the actual
5371 SCTP_CALC_TSN_TO_GAP(gap, new_cum_tsn, asoc->mapping_array_base_tsn);
5372 asoc->cumulative_tsn = new_cum_tsn;
5373 if (gap >= m_size) {
5374 if ((long)gap > sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv)) {
5378 * out of range (of single byte chunks in the rwnd I
5379 * give out). This must be an attacker.
5382 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
5383 0, M_DONTWAIT, 1, MT_DATA);
5385 struct sctp_paramhdr *ph;
5388 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
5389 (sizeof(uint32_t) * 3);
5390 ph = mtod(oper, struct sctp_paramhdr *);
5391 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
5392 ph->param_length = htons(SCTP_BUF_LEN(oper));
5393 ippp = (uint32_t *) (ph + 1);
5394 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_33);
5396 *ippp = asoc->highest_tsn_inside_map;
5398 *ippp = new_cum_tsn;
5400 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_33;
5401 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
5404 SCTP_STAT_INCR(sctps_fwdtsn_map_over);
5406 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
5407 asoc->mapping_array_base_tsn = new_cum_tsn + 1;
5408 asoc->highest_tsn_inside_map = new_cum_tsn;
5410 memset(stcb->asoc.nr_mapping_array, 0, stcb->asoc.mapping_array_size);
5411 asoc->highest_tsn_inside_nr_map = new_cum_tsn;
5413 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
5414 sctp_log_map(0, 3, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
5417 SCTP_TCB_LOCK_ASSERT(stcb);
5418 for (i = 0; i <= gap; i++) {
5419 if (!SCTP_IS_TSN_PRESENT(asoc->mapping_array, i) &&
5420 !SCTP_IS_TSN_PRESENT(asoc->nr_mapping_array, i)) {
5421 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, i);
5422 if (SCTP_TSN_GT(asoc->mapping_array_base_tsn + i, asoc->highest_tsn_inside_nr_map)) {
5423 asoc->highest_tsn_inside_nr_map = asoc->mapping_array_base_tsn + i;
5428 /*************************************************************/
5429 /* 2. Clear up re-assembly queue */
5430 /*************************************************************/
5432 * First service it if pd-api is up, just in case we can progress it
5435 if (asoc->fragmented_delivery_inprogress) {
5436 sctp_service_reassembly(stcb, asoc);
5438 /* For each one on here see if we need to toss it */
5440 * For now large messages held on the reasmqueue that are complete
5441 * will be tossed too. We could in theory do more work to spin
5442 * through and stop after dumping one msg aka seeing the start of a
5443 * new msg at the head, and call the delivery function... to see if
5444 * it can be delivered... But for now we just dump everything on the
5447 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
5448 if (SCTP_TSN_GE(new_cum_tsn, chk->rec.data.TSN_seq)) {
5449 /* It needs to be tossed */
5450 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
5451 if (SCTP_TSN_GT(chk->rec.data.TSN_seq, asoc->tsn_last_delivered)) {
5452 asoc->tsn_last_delivered = chk->rec.data.TSN_seq;
5453 asoc->str_of_pdapi = chk->rec.data.stream_number;
5454 asoc->ssn_of_pdapi = chk->rec.data.stream_seq;
5455 asoc->fragment_flags = chk->rec.data.rcv_flags;
5457 asoc->size_on_reasm_queue -= chk->send_size;
5458 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
5460 /* Clear up any stream problem */
5461 if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) != SCTP_DATA_UNORDERED &&
5462 SCTP_SSN_GT(chk->rec.data.stream_seq, asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered)) {
5464 * We must dump forward this streams
5465 * sequence number if the chunk is not
5466 * unordered that is being skipped. There is
5467 * a chance that if the peer does not
5468 * include the last fragment in its FWD-TSN
5469 * we WILL have a problem here since you
5470 * would have a partial chunk in queue that
5471 * may not be deliverable. Also if a Partial
5472 * delivery API as started the user may get
5473 * a partial chunk. The next read returning
5474 * a new chunk... really ugly but I see no
5475 * way around it! Maybe a notify??
5477 asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered = chk->rec.data.stream_seq;
5480 sctp_m_freem(chk->data);
5483 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
5486 * Ok we have gone beyond the end of the fwd-tsn's
5492 /*******************************************************/
5493 /* 3. Update the PR-stream re-ordering queues and fix */
5494 /* delivery issues as needed. */
5495 /*******************************************************/
5496 fwd_sz -= sizeof(*fwd);
5499 unsigned int num_str;
5500 struct sctp_strseq *stseq, strseqbuf;
5502 offset += sizeof(*fwd);
5504 SCTP_INP_READ_LOCK(stcb->sctp_ep);
5505 num_str = fwd_sz / sizeof(struct sctp_strseq);
5506 for (i = 0; i < num_str; i++) {
5509 stseq = (struct sctp_strseq *)sctp_m_getptr(m, offset,
5510 sizeof(struct sctp_strseq),
5511 (uint8_t *) & strseqbuf);
5512 offset += sizeof(struct sctp_strseq);
5513 if (stseq == NULL) {
5517 st = ntohs(stseq->stream);
5519 st = ntohs(stseq->sequence);
5520 stseq->sequence = st;
5525 * Ok we now look for the stream/seq on the read
5526 * queue where its not all delivered. If we find it
5527 * we transmute the read entry into a PDI_ABORTED.
5529 if (stseq->stream >= asoc->streamincnt) {
5530 /* screwed up streams, stop! */
5533 if ((asoc->str_of_pdapi == stseq->stream) &&
5534 (asoc->ssn_of_pdapi == stseq->sequence)) {
5536 * If this is the one we were partially
5537 * delivering now then we no longer are.
5538 * Note this will change with the reassembly
5541 asoc->fragmented_delivery_inprogress = 0;
5543 sctp_flush_reassm_for_str_seq(stcb, asoc, stseq->stream, stseq->sequence);
5544 TAILQ_FOREACH(ctl, &stcb->sctp_ep->read_queue, next) {
5545 if ((ctl->sinfo_stream == stseq->stream) &&
5546 (ctl->sinfo_ssn == stseq->sequence)) {
5547 str_seq = (stseq->stream << 16) | stseq->sequence;
5549 ctl->pdapi_aborted = 1;
5550 sv = stcb->asoc.control_pdapi;
5551 stcb->asoc.control_pdapi = ctl;
5552 sctp_ulp_notify(SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION,
5554 SCTP_PARTIAL_DELIVERY_ABORTED,
5556 SCTP_SO_NOT_LOCKED);
5557 stcb->asoc.control_pdapi = sv;
5559 } else if ((ctl->sinfo_stream == stseq->stream) &&
5560 SCTP_SSN_GT(ctl->sinfo_ssn, stseq->sequence)) {
5561 /* We are past our victim SSN */
5565 strm = &asoc->strmin[stseq->stream];
5566 if (SCTP_SSN_GT(stseq->sequence, strm->last_sequence_delivered)) {
5567 /* Update the sequence number */
5568 strm->last_sequence_delivered = stseq->sequence;
5570 /* now kick the stream the new way */
5571 /* sa_ignore NO_NULL_CHK */
5572 sctp_kick_prsctp_reorder_queue(stcb, strm);
5574 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
5577 * Now slide thing forward.
5579 sctp_slide_mapping_arrays(stcb);
5581 if (!TAILQ_EMPTY(&asoc->reasmqueue)) {
5582 /* now lets kick out and check for more fragmented delivery */
5583 /* sa_ignore NO_NULL_CHK */
5584 sctp_deliver_reasm_check(stcb, &stcb->asoc);
projects / FreeBSD / stable / 8.git / blob