2 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
7 * a) Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
10 * b) Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the distribution.
14 * c) Neither the name of Cisco Systems, Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
20 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
28 * THE POSSIBILITY OF SUCH DAMAGE.
31 /* $KAME: sctp_indata.c,v 1.36 2005/03/06 16:04:17 itojun Exp $ */
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <netinet/sctp_os.h>
37 #include <netinet/sctp_var.h>
38 #include <netinet/sctp_sysctl.h>
39 #include <netinet/sctp_pcb.h>
40 #include <netinet/sctp_header.h>
41 #include <netinet/sctputil.h>
42 #include <netinet/sctp_output.h>
43 #include <netinet/sctp_input.h>
44 #include <netinet/sctp_indata.h>
45 #include <netinet/sctp_uio.h>
46 #include <netinet/sctp_timer.h>
50 * NOTES: On the outbound side of things I need to check the sack timer to
51 * see if I should generate a sack into the chunk queue (if I have data to
52 * send that is and will be sending it .. for bundling.
54 * The callback in sctp_usrreq.c will get called when the socket is read from.
55 * This will cause sctp_service_queues() to get called on the top entry in
60 sctp_set_rwnd(struct sctp_tcb *stcb, struct sctp_association *asoc)
62 uint32_t calc, calc_save;
65 * This is really set wrong with respect to a 1-2-m socket. Since
66 * the sb_cc is the count that everyone as put up. When we re-write
67 * sctp_soreceive then we will fix this so that ONLY this
68 * associations data is taken into account.
70 if (stcb->sctp_socket == NULL)
73 if (stcb->asoc.sb_cc == 0 &&
74 asoc->size_on_reasm_queue == 0 &&
75 asoc->size_on_all_streams == 0) {
76 /* Full rwnd granted */
77 asoc->my_rwnd = max(SCTP_SB_LIMIT_RCV(stcb->sctp_socket),
81 /* get actual space */
82 calc = (uint32_t) sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv);
85 * take out what has NOT been put on socket queue and we yet hold
88 calc = sctp_sbspace_sub(calc, (uint32_t) asoc->size_on_reasm_queue);
89 calc = sctp_sbspace_sub(calc, (uint32_t) asoc->size_on_all_streams);
96 /* what is the overhead of all these rwnd's */
98 calc = sctp_sbspace_sub(calc, stcb->asoc.my_rwnd_control_len);
101 asoc->my_rwnd = calc;
102 if ((asoc->my_rwnd == 0) &&
103 (calc < stcb->asoc.my_rwnd_control_len)) {
105 * If our rwnd == 0 && the overhead is greater than the
106 * data onqueue, we clamp the rwnd to 1. This lets us
107 * still accept inbound segments, but hopefully will shut
108 * the sender down when he finally gets the message. This
109 * hopefully will gracefully avoid discarding packets.
114 (asoc->my_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_receiver)) {
115 /* SWS engaged, tell peer none left */
120 /* Calculate what the rwnd would be */
122 sctp_calc_rwnd(struct sctp_tcb *stcb, struct sctp_association *asoc)
124 uint32_t calc = 0, calc_save = 0, result = 0;
127 * This is really set wrong with respect to a 1-2-m socket. Since
128 * the sb_cc is the count that everyone as put up. When we re-write
129 * sctp_soreceive then we will fix this so that ONLY this
130 * associations data is taken into account.
132 if (stcb->sctp_socket == NULL)
135 if (stcb->asoc.sb_cc == 0 &&
136 asoc->size_on_reasm_queue == 0 &&
137 asoc->size_on_all_streams == 0) {
138 /* Full rwnd granted */
139 calc = max(SCTP_SB_LIMIT_RCV(stcb->sctp_socket),
143 /* get actual space */
144 calc = (uint32_t) sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv);
147 * take out what has NOT been put on socket queue and we yet hold
150 calc = sctp_sbspace_sub(calc, (uint32_t) asoc->size_on_reasm_queue);
151 calc = sctp_sbspace_sub(calc, (uint32_t) asoc->size_on_all_streams);
157 /* what is the overhead of all these rwnd's */
158 calc = sctp_sbspace_sub(calc, stcb->asoc.my_rwnd_control_len);
163 (calc < stcb->asoc.my_rwnd_control_len)) {
165 * If our rwnd == 0 && the overhead is greater than the
166 * data onqueue, we clamp the rwnd to 1. This lets us
167 * still accept inbound segments, but hopefully will shut
168 * the sender down when he finally gets the message. This
169 * hopefully will gracefully avoid discarding packets.
174 (result < stcb->sctp_ep->sctp_ep.sctp_sws_receiver)) {
175 /* SWS engaged, tell peer none left */
184 * Build out our readq entry based on the incoming packet.
186 struct sctp_queued_to_read *
187 sctp_build_readq_entry(struct sctp_tcb *stcb,
188 struct sctp_nets *net,
189 uint32_t tsn, uint32_t ppid,
190 uint32_t context, uint16_t stream_no,
191 uint16_t stream_seq, uint8_t flags,
194 struct sctp_queued_to_read *read_queue_e = NULL;
196 sctp_alloc_a_readq(stcb, read_queue_e);
197 if (read_queue_e == NULL) {
200 read_queue_e->sinfo_stream = stream_no;
201 read_queue_e->sinfo_ssn = stream_seq;
202 read_queue_e->sinfo_flags = (flags << 8);
203 read_queue_e->sinfo_ppid = ppid;
204 read_queue_e->sinfo_context = stcb->asoc.context;
205 read_queue_e->sinfo_timetolive = 0;
206 read_queue_e->sinfo_tsn = tsn;
207 read_queue_e->sinfo_cumtsn = tsn;
208 read_queue_e->sinfo_assoc_id = sctp_get_associd(stcb);
209 read_queue_e->whoFrom = net;
210 read_queue_e->length = 0;
211 atomic_add_int(&net->ref_count, 1);
212 read_queue_e->data = dm;
213 read_queue_e->spec_flags = 0;
214 read_queue_e->tail_mbuf = NULL;
215 read_queue_e->aux_data = NULL;
216 read_queue_e->stcb = stcb;
217 read_queue_e->port_from = stcb->rport;
218 read_queue_e->do_not_ref_stcb = 0;
219 read_queue_e->end_added = 0;
220 read_queue_e->some_taken = 0;
221 read_queue_e->pdapi_aborted = 0;
223 return (read_queue_e);
228 * Build out our readq entry based on the incoming packet.
230 static struct sctp_queued_to_read *
231 sctp_build_readq_entry_chk(struct sctp_tcb *stcb,
232 struct sctp_tmit_chunk *chk)
234 struct sctp_queued_to_read *read_queue_e = NULL;
236 sctp_alloc_a_readq(stcb, read_queue_e);
237 if (read_queue_e == NULL) {
240 read_queue_e->sinfo_stream = chk->rec.data.stream_number;
241 read_queue_e->sinfo_ssn = chk->rec.data.stream_seq;
242 read_queue_e->sinfo_flags = (chk->rec.data.rcv_flags << 8);
243 read_queue_e->sinfo_ppid = chk->rec.data.payloadtype;
244 read_queue_e->sinfo_context = stcb->asoc.context;
245 read_queue_e->sinfo_timetolive = 0;
246 read_queue_e->sinfo_tsn = chk->rec.data.TSN_seq;
247 read_queue_e->sinfo_cumtsn = chk->rec.data.TSN_seq;
248 read_queue_e->sinfo_assoc_id = sctp_get_associd(stcb);
249 read_queue_e->whoFrom = chk->whoTo;
250 read_queue_e->aux_data = NULL;
251 read_queue_e->length = 0;
252 atomic_add_int(&chk->whoTo->ref_count, 1);
253 read_queue_e->data = chk->data;
254 read_queue_e->tail_mbuf = NULL;
255 read_queue_e->stcb = stcb;
256 read_queue_e->port_from = stcb->rport;
257 read_queue_e->spec_flags = 0;
258 read_queue_e->do_not_ref_stcb = 0;
259 read_queue_e->end_added = 0;
260 read_queue_e->some_taken = 0;
261 read_queue_e->pdapi_aborted = 0;
263 return (read_queue_e);
268 sctp_build_ctl_nchunk(struct sctp_inpcb *inp,
269 struct sctp_sndrcvinfo *sinfo)
271 struct sctp_sndrcvinfo *outinfo;
275 int use_extended = 0;
277 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT)) {
278 /* user does not want the sndrcv ctl */
281 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO)) {
283 len = CMSG_LEN(sizeof(struct sctp_extrcvinfo));
285 len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
289 ret = sctp_get_mbuf_for_msg(len,
290 0, M_DONTWAIT, 1, MT_DATA);
296 /* We need a CMSG header followed by the struct */
297 cmh = mtod(ret, struct cmsghdr *);
298 outinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmh);
299 cmh->cmsg_level = IPPROTO_SCTP;
301 cmh->cmsg_type = SCTP_EXTRCV;
303 memcpy(outinfo, sinfo, len);
305 cmh->cmsg_type = SCTP_SNDRCV;
309 SCTP_BUF_LEN(ret) = cmh->cmsg_len;
315 sctp_build_ctl_cchunk(struct sctp_inpcb *inp,
317 struct sctp_sndrcvinfo *sinfo)
319 struct sctp_sndrcvinfo *outinfo;
323 int use_extended = 0;
325 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT)) {
326 /* user does not want the sndrcv ctl */
329 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO)) {
331 len = CMSG_LEN(sizeof(struct sctp_extrcvinfo));
333 len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
335 SCTP_MALLOC(buf, char *, len, SCTP_M_CMSG);
340 /* We need a CMSG header followed by the struct */
341 cmh = (struct cmsghdr *)buf;
342 outinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmh);
343 cmh->cmsg_level = IPPROTO_SCTP;
345 cmh->cmsg_type = SCTP_EXTRCV;
347 memcpy(outinfo, sinfo, len);
349 cmh->cmsg_type = SCTP_SNDRCV;
359 * We are delivering currently from the reassembly queue. We must continue to
360 * deliver until we either: 1) run out of space. 2) run out of sequential
361 * TSN's 3) hit the SCTP_DATA_LAST_FRAG flag.
364 sctp_service_reassembly(struct sctp_tcb *stcb, struct sctp_association *asoc)
366 struct sctp_tmit_chunk *chk;
371 struct sctp_queued_to_read *control, *ctl, *ctlat;
376 cntDel = stream_no = 0;
377 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
378 (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) ||
379 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) {
380 /* socket above is long gone or going.. */
382 asoc->fragmented_delivery_inprogress = 0;
383 chk = TAILQ_FIRST(&asoc->reasmqueue);
385 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
386 asoc->size_on_reasm_queue -= chk->send_size;
387 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
389 * Lose the data pointer, since its in the socket
393 sctp_m_freem(chk->data);
396 /* Now free the address and data */
397 sctp_free_a_chunk(stcb, chk);
398 /* sa_ignore FREED_MEMORY */
399 chk = TAILQ_FIRST(&asoc->reasmqueue);
403 SCTP_TCB_LOCK_ASSERT(stcb);
405 chk = TAILQ_FIRST(&asoc->reasmqueue);
409 if (chk->rec.data.TSN_seq != (asoc->tsn_last_delivered + 1)) {
410 /* Can't deliver more :< */
413 stream_no = chk->rec.data.stream_number;
414 nxt_todel = asoc->strmin[stream_no].last_sequence_delivered + 1;
415 if (nxt_todel != chk->rec.data.stream_seq &&
416 (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0) {
418 * Not the next sequence to deliver in its stream OR
423 if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
425 control = sctp_build_readq_entry_chk(stcb, chk);
426 if (control == NULL) {
430 /* save it off for our future deliveries */
431 stcb->asoc.control_pdapi = control;
432 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG)
436 sctp_add_to_readq(stcb->sctp_ep,
437 stcb, control, &stcb->sctp_socket->so_rcv, end, SCTP_SO_NOT_LOCKED);
440 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG)
444 if (sctp_append_to_readq(stcb->sctp_ep, stcb,
445 stcb->asoc.control_pdapi,
446 chk->data, end, chk->rec.data.TSN_seq,
447 &stcb->sctp_socket->so_rcv)) {
449 * something is very wrong, either
450 * control_pdapi is NULL, or the tail_mbuf
451 * is corrupt, or there is a EOM already on
454 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
457 if ((stcb->asoc.control_pdapi == NULL) || (stcb->asoc.control_pdapi->tail_mbuf == NULL)) {
458 panic("This should not happen control_pdapi NULL?");
460 /* if we did not panic, it was a EOM */
461 panic("Bad chunking ??");
467 /* pull it we did it */
468 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
469 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) {
470 asoc->fragmented_delivery_inprogress = 0;
471 if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0) {
472 asoc->strmin[stream_no].last_sequence_delivered++;
474 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0) {
475 SCTP_STAT_INCR_COUNTER64(sctps_reasmusrmsgs);
477 } else if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
479 * turn the flag back on since we just delivered
482 asoc->fragmented_delivery_inprogress = 1;
484 asoc->tsn_of_pdapi_last_delivered = chk->rec.data.TSN_seq;
485 asoc->last_flags_delivered = chk->rec.data.rcv_flags;
486 asoc->last_strm_seq_delivered = chk->rec.data.stream_seq;
487 asoc->last_strm_no_delivered = chk->rec.data.stream_number;
489 asoc->tsn_last_delivered = chk->rec.data.TSN_seq;
490 asoc->size_on_reasm_queue -= chk->send_size;
491 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
492 /* free up the chk */
494 sctp_free_a_chunk(stcb, chk);
496 if (asoc->fragmented_delivery_inprogress == 0) {
498 * Now lets see if we can deliver the next one on
501 struct sctp_stream_in *strm;
503 strm = &asoc->strmin[stream_no];
504 nxt_todel = strm->last_sequence_delivered + 1;
505 ctl = TAILQ_FIRST(&strm->inqueue);
506 if (ctl && (nxt_todel == ctl->sinfo_ssn)) {
507 while (ctl != NULL) {
508 /* Deliver more if we can. */
509 if (nxt_todel == ctl->sinfo_ssn) {
510 ctlat = TAILQ_NEXT(ctl, next);
511 TAILQ_REMOVE(&strm->inqueue, ctl, next);
512 asoc->size_on_all_streams -= ctl->length;
513 sctp_ucount_decr(asoc->cnt_on_all_streams);
514 strm->last_sequence_delivered++;
515 sctp_add_to_readq(stcb->sctp_ep, stcb,
517 &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED);
522 nxt_todel = strm->last_sequence_delivered + 1;
527 /* sa_ignore FREED_MEMORY */
528 chk = TAILQ_FIRST(&asoc->reasmqueue);
533 * Queue the chunk either right into the socket buffer if it is the next one
534 * to go OR put it in the correct place in the delivery queue. If we do
535 * append to the so_buf, keep doing so until we are out of order. One big
536 * question still remains, what to do when the socket buffer is FULL??
539 sctp_queue_data_to_stream(struct sctp_tcb *stcb, struct sctp_association *asoc,
540 struct sctp_queued_to_read *control, int *abort_flag)
543 * FIX-ME maybe? What happens when the ssn wraps? If we are getting
544 * all the data in one stream this could happen quite rapidly. One
545 * could use the TSN to keep track of things, but this scheme breaks
546 * down in the other type of stream useage that could occur. Send a
547 * single msg to stream 0, send 4Billion messages to stream 1, now
548 * send a message to stream 0. You have a situation where the TSN
549 * has wrapped but not in the stream. Is this worth worrying about
550 * or should we just change our queue sort at the bottom to be by
553 * Could it also be legal for a peer to send ssn 1 with TSN 2 and ssn 2
554 * with TSN 1? If the peer is doing some sort of funky TSN/SSN
555 * assignment this could happen... and I don't see how this would be
556 * a violation. So for now I am undecided an will leave the sort by
557 * SSN alone. Maybe a hybred approach is the answer
560 struct sctp_stream_in *strm;
561 struct sctp_queued_to_read *at;
567 asoc->size_on_all_streams += control->length;
568 sctp_ucount_incr(asoc->cnt_on_all_streams);
569 strm = &asoc->strmin[control->sinfo_stream];
570 nxt_todel = strm->last_sequence_delivered + 1;
571 if (sctp_logging_level & SCTP_STR_LOGGING_ENABLE) {
572 sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_INTO_STRD);
574 SCTPDBG(SCTP_DEBUG_INDATA1,
575 "queue to stream called for ssn:%u lastdel:%u nxt:%u\n",
576 (uint32_t) control->sinfo_stream,
577 (uint32_t) strm->last_sequence_delivered,
578 (uint32_t) nxt_todel);
579 if (compare_with_wrap(strm->last_sequence_delivered,
580 control->sinfo_ssn, MAX_SEQ) ||
581 (strm->last_sequence_delivered == control->sinfo_ssn)) {
582 /* The incoming sseq is behind where we last delivered? */
583 SCTPDBG(SCTP_DEBUG_INDATA1, "Duplicate S-SEQ:%d delivered:%d from peer, Abort association\n",
584 control->sinfo_ssn, strm->last_sequence_delivered);
587 * throw it in the stream so it gets cleaned up in
588 * association destruction
590 TAILQ_INSERT_HEAD(&strm->inqueue, control, next);
591 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
592 0, M_DONTWAIT, 1, MT_DATA);
594 struct sctp_paramhdr *ph;
597 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
598 (sizeof(uint32_t) * 3);
599 ph = mtod(oper, struct sctp_paramhdr *);
600 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
601 ph->param_length = htons(SCTP_BUF_LEN(oper));
602 ippp = (uint32_t *) (ph + 1);
603 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_1);
605 *ippp = control->sinfo_tsn;
607 *ippp = ((control->sinfo_stream << 16) | control->sinfo_ssn);
609 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_1;
610 sctp_abort_an_association(stcb->sctp_ep, stcb,
611 SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
617 if (nxt_todel == control->sinfo_ssn) {
618 /* can be delivered right away? */
619 if (sctp_logging_level & SCTP_STR_LOGGING_ENABLE) {
620 sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_IMMED_DEL);
623 asoc->size_on_all_streams -= control->length;
624 sctp_ucount_decr(asoc->cnt_on_all_streams);
625 strm->last_sequence_delivered++;
626 sctp_add_to_readq(stcb->sctp_ep, stcb,
628 &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED);
629 control = TAILQ_FIRST(&strm->inqueue);
630 while (control != NULL) {
632 nxt_todel = strm->last_sequence_delivered + 1;
633 if (nxt_todel == control->sinfo_ssn) {
634 at = TAILQ_NEXT(control, next);
635 TAILQ_REMOVE(&strm->inqueue, control, next);
636 asoc->size_on_all_streams -= control->length;
637 sctp_ucount_decr(asoc->cnt_on_all_streams);
638 strm->last_sequence_delivered++;
640 * We ignore the return of deliver_data here
641 * since we always can hold the chunk on the
642 * d-queue. And we have a finite number that
643 * can be delivered from the strq.
645 if (sctp_logging_level & SCTP_STR_LOGGING_ENABLE) {
646 sctp_log_strm_del(control, NULL,
647 SCTP_STR_LOG_FROM_IMMED_DEL);
649 sctp_add_to_readq(stcb->sctp_ep, stcb,
651 &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED);
660 * Ok, we did not deliver this guy, find the correct place
661 * to put it on the queue.
663 if ((compare_with_wrap(asoc->cumulative_tsn,
664 control->sinfo_tsn, MAX_TSN)) ||
665 (control->sinfo_tsn == asoc->cumulative_tsn)) {
668 if (TAILQ_EMPTY(&strm->inqueue)) {
670 if (sctp_logging_level & SCTP_STR_LOGGING_ENABLE) {
671 sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_INSERT_HD);
673 TAILQ_INSERT_HEAD(&strm->inqueue, control, next);
675 TAILQ_FOREACH(at, &strm->inqueue, next) {
676 if (compare_with_wrap(at->sinfo_ssn,
677 control->sinfo_ssn, MAX_SEQ)) {
679 * one in queue is bigger than the
680 * new one, insert before this one
682 if (sctp_logging_level & SCTP_STR_LOGGING_ENABLE) {
683 sctp_log_strm_del(control, at,
684 SCTP_STR_LOG_FROM_INSERT_MD);
686 TAILQ_INSERT_BEFORE(at, control, next);
688 } else if (at->sinfo_ssn == control->sinfo_ssn) {
690 * Gak, He sent me a duplicate str
694 * foo bar, I guess I will just free
695 * this new guy, should we abort
696 * too? FIX ME MAYBE? Or it COULD be
697 * that the SSN's have wrapped.
698 * Maybe I should compare to TSN
699 * somehow... sigh for now just blow
704 sctp_m_freem(control->data);
705 control->data = NULL;
706 asoc->size_on_all_streams -= control->length;
707 sctp_ucount_decr(asoc->cnt_on_all_streams);
708 if (control->whoFrom)
709 sctp_free_remote_addr(control->whoFrom);
710 control->whoFrom = NULL;
711 sctp_free_a_readq(stcb, control);
714 if (TAILQ_NEXT(at, next) == NULL) {
716 * We are at the end, insert
719 if (sctp_logging_level & SCTP_STR_LOGGING_ENABLE) {
720 sctp_log_strm_del(control, at,
721 SCTP_STR_LOG_FROM_INSERT_TL);
723 TAILQ_INSERT_AFTER(&strm->inqueue,
734 * Returns two things: You get the total size of the deliverable parts of the
735 * first fragmented message on the reassembly queue. And you get a 1 back if
736 * all of the message is ready or a 0 back if the message is still incomplete
739 sctp_is_all_msg_on_reasm(struct sctp_association *asoc, uint32_t * t_size)
741 struct sctp_tmit_chunk *chk;
745 chk = TAILQ_FIRST(&asoc->reasmqueue);
747 /* nothing on the queue */
750 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0) {
751 /* Not a first on the queue */
754 tsn = chk->rec.data.TSN_seq;
756 if (tsn != chk->rec.data.TSN_seq) {
759 *t_size += chk->send_size;
760 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) {
764 chk = TAILQ_NEXT(chk, sctp_next);
770 sctp_deliver_reasm_check(struct sctp_tcb *stcb, struct sctp_association *asoc)
772 struct sctp_tmit_chunk *chk;
777 chk = TAILQ_FIRST(&asoc->reasmqueue);
780 asoc->size_on_reasm_queue = 0;
781 asoc->cnt_on_reasm_queue = 0;
784 if (asoc->fragmented_delivery_inprogress == 0) {
786 asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered + 1;
787 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) &&
788 (nxt_todel == chk->rec.data.stream_seq ||
789 (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED))) {
791 * Yep the first one is here and its ok to deliver
794 if ((sctp_is_all_msg_on_reasm(asoc, &tsize) ||
795 (tsize >= stcb->sctp_ep->partial_delivery_point))) {
798 * Yes, we setup to start reception, by
799 * backing down the TSN just in case we
800 * can't deliver. If we
802 asoc->fragmented_delivery_inprogress = 1;
803 asoc->tsn_last_delivered =
804 chk->rec.data.TSN_seq - 1;
806 chk->rec.data.stream_number;
807 asoc->ssn_of_pdapi = chk->rec.data.stream_seq;
808 asoc->pdapi_ppid = chk->rec.data.payloadtype;
809 asoc->fragment_flags = chk->rec.data.rcv_flags;
810 sctp_service_reassembly(stcb, asoc);
815 * Service re-assembly will deliver stream data queued at
816 * the end of fragmented delivery.. but it wont know to go
817 * back and call itself again... we do that here with the
820 sctp_service_reassembly(stcb, asoc);
821 if (asoc->fragmented_delivery_inprogress == 0) {
823 * finished our Fragmented delivery, could be more
832 * Dump onto the re-assembly queue, in its proper place. After dumping on the
833 * queue, see if anthing can be delivered. If so pull it off (or as much as
834 * we can. If we run out of space then we must dump what we can and set the
835 * appropriate flag to say we queued what we could.
838 sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struct sctp_association *asoc,
839 struct sctp_tmit_chunk *chk, int *abort_flag)
842 uint32_t cum_ackp1, last_tsn, prev_tsn, post_tsn;
844 struct sctp_tmit_chunk *at, *prev, *next;
847 cum_ackp1 = asoc->tsn_last_delivered + 1;
848 if (TAILQ_EMPTY(&asoc->reasmqueue)) {
849 /* This is the first one on the queue */
850 TAILQ_INSERT_HEAD(&asoc->reasmqueue, chk, sctp_next);
852 * we do not check for delivery of anything when only one
855 asoc->size_on_reasm_queue = chk->send_size;
856 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
857 if (chk->rec.data.TSN_seq == cum_ackp1) {
858 if (asoc->fragmented_delivery_inprogress == 0 &&
859 (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) !=
860 SCTP_DATA_FIRST_FRAG) {
862 * An empty queue, no delivery inprogress,
863 * we hit the next one and it does NOT have
864 * a FIRST fragment mark.
866 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, its not first, no fragmented delivery in progress\n");
867 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
868 0, M_DONTWAIT, 1, MT_DATA);
871 struct sctp_paramhdr *ph;
875 sizeof(struct sctp_paramhdr) +
876 (sizeof(uint32_t) * 3);
877 ph = mtod(oper, struct sctp_paramhdr *);
879 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
880 ph->param_length = htons(SCTP_BUF_LEN(oper));
881 ippp = (uint32_t *) (ph + 1);
882 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_2);
884 *ippp = chk->rec.data.TSN_seq;
886 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
889 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_2;
890 sctp_abort_an_association(stcb->sctp_ep, stcb,
891 SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
893 } else if (asoc->fragmented_delivery_inprogress &&
894 (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == SCTP_DATA_FIRST_FRAG) {
896 * We are doing a partial delivery and the
897 * NEXT chunk MUST be either the LAST or
898 * MIDDLE fragment NOT a FIRST
900 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it IS a first and fragmented delivery in progress\n");
901 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
902 0, M_DONTWAIT, 1, MT_DATA);
904 struct sctp_paramhdr *ph;
908 sizeof(struct sctp_paramhdr) +
909 (3 * sizeof(uint32_t));
910 ph = mtod(oper, struct sctp_paramhdr *);
912 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
913 ph->param_length = htons(SCTP_BUF_LEN(oper));
914 ippp = (uint32_t *) (ph + 1);
915 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_3);
917 *ippp = chk->rec.data.TSN_seq;
919 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
921 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_3;
922 sctp_abort_an_association(stcb->sctp_ep, stcb,
923 SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
925 } else if (asoc->fragmented_delivery_inprogress) {
927 * Here we are ok with a MIDDLE or LAST
930 if (chk->rec.data.stream_number !=
931 asoc->str_of_pdapi) {
932 /* Got to be the right STR No */
933 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it IS not same stream number %d vs %d\n",
934 chk->rec.data.stream_number,
936 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
937 0, M_DONTWAIT, 1, MT_DATA);
939 struct sctp_paramhdr *ph;
943 sizeof(struct sctp_paramhdr) +
944 (sizeof(uint32_t) * 3);
946 struct sctp_paramhdr *);
948 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
950 htons(SCTP_BUF_LEN(oper));
951 ippp = (uint32_t *) (ph + 1);
952 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_4);
954 *ippp = chk->rec.data.TSN_seq;
956 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
958 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_4;
959 sctp_abort_an_association(stcb->sctp_ep,
960 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
962 } else if ((asoc->fragment_flags & SCTP_DATA_UNORDERED) !=
963 SCTP_DATA_UNORDERED &&
964 chk->rec.data.stream_seq !=
965 asoc->ssn_of_pdapi) {
966 /* Got to be the right STR Seq */
967 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it IS not same stream seq %d vs %d\n",
968 chk->rec.data.stream_seq,
970 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
971 0, M_DONTWAIT, 1, MT_DATA);
973 struct sctp_paramhdr *ph;
977 sizeof(struct sctp_paramhdr) +
978 (3 * sizeof(uint32_t));
980 struct sctp_paramhdr *);
982 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
984 htons(SCTP_BUF_LEN(oper));
985 ippp = (uint32_t *) (ph + 1);
986 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_5);
988 *ippp = chk->rec.data.TSN_seq;
990 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
993 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_5;
994 sctp_abort_an_association(stcb->sctp_ep,
995 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1002 /* Find its place */
1003 TAILQ_FOREACH(at, &asoc->reasmqueue, sctp_next) {
1004 if (compare_with_wrap(at->rec.data.TSN_seq,
1005 chk->rec.data.TSN_seq, MAX_TSN)) {
1007 * one in queue is bigger than the new one, insert
1011 asoc->size_on_reasm_queue += chk->send_size;
1012 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
1014 TAILQ_INSERT_BEFORE(at, chk, sctp_next);
1016 } else if (at->rec.data.TSN_seq == chk->rec.data.TSN_seq) {
1017 /* Gak, He sent me a duplicate str seq number */
1019 * foo bar, I guess I will just free this new guy,
1020 * should we abort too? FIX ME MAYBE? Or it COULD be
1021 * that the SSN's have wrapped. Maybe I should
1022 * compare to TSN somehow... sigh for now just blow
1026 sctp_m_freem(chk->data);
1029 sctp_free_a_chunk(stcb, chk);
1032 last_flags = at->rec.data.rcv_flags;
1033 last_tsn = at->rec.data.TSN_seq;
1035 if (TAILQ_NEXT(at, sctp_next) == NULL) {
1037 * We are at the end, insert it after this
1040 /* check it first */
1041 asoc->size_on_reasm_queue += chk->send_size;
1042 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
1043 TAILQ_INSERT_AFTER(&asoc->reasmqueue, at, chk, sctp_next);
1048 /* Now the audits */
1050 prev_tsn = chk->rec.data.TSN_seq - 1;
1051 if (prev_tsn == prev->rec.data.TSN_seq) {
1053 * Ok the one I am dropping onto the end is the
1054 * NEXT. A bit of valdiation here.
1056 if ((prev->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1057 SCTP_DATA_FIRST_FRAG ||
1058 (prev->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1059 SCTP_DATA_MIDDLE_FRAG) {
1061 * Insert chk MUST be a MIDDLE or LAST
1064 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1065 SCTP_DATA_FIRST_FRAG) {
1066 SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - It can be a midlle or last but not a first\n");
1067 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it's a FIRST!\n");
1068 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1069 0, M_DONTWAIT, 1, MT_DATA);
1071 struct sctp_paramhdr *ph;
1074 SCTP_BUF_LEN(oper) =
1075 sizeof(struct sctp_paramhdr) +
1076 (3 * sizeof(uint32_t));
1078 struct sctp_paramhdr *);
1080 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1082 htons(SCTP_BUF_LEN(oper));
1083 ippp = (uint32_t *) (ph + 1);
1084 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_6);
1086 *ippp = chk->rec.data.TSN_seq;
1088 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1091 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_6;
1092 sctp_abort_an_association(stcb->sctp_ep,
1093 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1097 if (chk->rec.data.stream_number !=
1098 prev->rec.data.stream_number) {
1100 * Huh, need the correct STR here,
1101 * they must be the same.
1103 SCTP_PRINTF("Prev check - Gak, Evil plot, ssn:%d not the same as at:%d\n",
1104 chk->rec.data.stream_number,
1105 prev->rec.data.stream_number);
1106 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1107 0, M_DONTWAIT, 1, MT_DATA);
1109 struct sctp_paramhdr *ph;
1112 SCTP_BUF_LEN(oper) =
1113 sizeof(struct sctp_paramhdr) +
1114 (3 * sizeof(uint32_t));
1116 struct sctp_paramhdr *);
1118 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1120 htons(SCTP_BUF_LEN(oper));
1121 ippp = (uint32_t *) (ph + 1);
1122 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_7);
1124 *ippp = chk->rec.data.TSN_seq;
1126 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1128 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_7;
1129 sctp_abort_an_association(stcb->sctp_ep,
1130 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1135 if ((prev->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0 &&
1136 chk->rec.data.stream_seq !=
1137 prev->rec.data.stream_seq) {
1139 * Huh, need the correct STR here,
1140 * they must be the same.
1142 SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - Gak, Evil plot, sseq:%d not the same as at:%d\n",
1143 chk->rec.data.stream_seq,
1144 prev->rec.data.stream_seq);
1145 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1146 0, M_DONTWAIT, 1, MT_DATA);
1148 struct sctp_paramhdr *ph;
1151 SCTP_BUF_LEN(oper) =
1152 sizeof(struct sctp_paramhdr) +
1153 (3 * sizeof(uint32_t));
1155 struct sctp_paramhdr *);
1157 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1159 htons(SCTP_BUF_LEN(oper));
1160 ippp = (uint32_t *) (ph + 1);
1161 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_8);
1163 *ippp = chk->rec.data.TSN_seq;
1165 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1167 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_8;
1168 sctp_abort_an_association(stcb->sctp_ep,
1169 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1174 } else if ((prev->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1175 SCTP_DATA_LAST_FRAG) {
1176 /* Insert chk MUST be a FIRST */
1177 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) !=
1178 SCTP_DATA_FIRST_FRAG) {
1179 SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - Gak, evil plot, its not FIRST and it must be!\n");
1180 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1181 0, M_DONTWAIT, 1, MT_DATA);
1183 struct sctp_paramhdr *ph;
1186 SCTP_BUF_LEN(oper) =
1187 sizeof(struct sctp_paramhdr) +
1188 (3 * sizeof(uint32_t));
1190 struct sctp_paramhdr *);
1192 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1194 htons(SCTP_BUF_LEN(oper));
1195 ippp = (uint32_t *) (ph + 1);
1196 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_9);
1198 *ippp = chk->rec.data.TSN_seq;
1200 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1203 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_9;
1204 sctp_abort_an_association(stcb->sctp_ep,
1205 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1214 post_tsn = chk->rec.data.TSN_seq + 1;
1215 if (post_tsn == next->rec.data.TSN_seq) {
1217 * Ok the one I am inserting ahead of is my NEXT
1218 * one. A bit of valdiation here.
1220 if (next->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
1221 /* Insert chk MUST be a last fragment */
1222 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK)
1223 != SCTP_DATA_LAST_FRAG) {
1224 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Next is FIRST, we must be LAST\n");
1225 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, its not a last!\n");
1226 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1227 0, M_DONTWAIT, 1, MT_DATA);
1229 struct sctp_paramhdr *ph;
1232 SCTP_BUF_LEN(oper) =
1233 sizeof(struct sctp_paramhdr) +
1234 (3 * sizeof(uint32_t));
1236 struct sctp_paramhdr *);
1238 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1240 htons(SCTP_BUF_LEN(oper));
1241 ippp = (uint32_t *) (ph + 1);
1242 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_10);
1244 *ippp = chk->rec.data.TSN_seq;
1246 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1248 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_10;
1249 sctp_abort_an_association(stcb->sctp_ep,
1250 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1255 } else if ((next->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1256 SCTP_DATA_MIDDLE_FRAG ||
1257 (next->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1258 SCTP_DATA_LAST_FRAG) {
1260 * Insert chk CAN be MIDDLE or FIRST NOT
1263 if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) ==
1264 SCTP_DATA_LAST_FRAG) {
1265 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Next is a MIDDLE/LAST\n");
1266 SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, new prev chunk is a LAST\n");
1267 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1268 0, M_DONTWAIT, 1, MT_DATA);
1270 struct sctp_paramhdr *ph;
1273 SCTP_BUF_LEN(oper) =
1274 sizeof(struct sctp_paramhdr) +
1275 (3 * sizeof(uint32_t));
1277 struct sctp_paramhdr *);
1279 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1281 htons(SCTP_BUF_LEN(oper));
1282 ippp = (uint32_t *) (ph + 1);
1283 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_11);
1285 *ippp = chk->rec.data.TSN_seq;
1287 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1290 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_11;
1291 sctp_abort_an_association(stcb->sctp_ep,
1292 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1297 if (chk->rec.data.stream_number !=
1298 next->rec.data.stream_number) {
1300 * Huh, need the correct STR here,
1301 * they must be the same.
1303 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Gak, Evil plot, ssn:%d not the same as at:%d\n",
1304 chk->rec.data.stream_number,
1305 next->rec.data.stream_number);
1306 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1307 0, M_DONTWAIT, 1, MT_DATA);
1309 struct sctp_paramhdr *ph;
1312 SCTP_BUF_LEN(oper) =
1313 sizeof(struct sctp_paramhdr) +
1314 (3 * sizeof(uint32_t));
1316 struct sctp_paramhdr *);
1318 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1320 htons(SCTP_BUF_LEN(oper));
1321 ippp = (uint32_t *) (ph + 1);
1322 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_12);
1324 *ippp = chk->rec.data.TSN_seq;
1326 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1329 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_12;
1330 sctp_abort_an_association(stcb->sctp_ep,
1331 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1336 if ((next->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0 &&
1337 chk->rec.data.stream_seq !=
1338 next->rec.data.stream_seq) {
1340 * Huh, need the correct STR here,
1341 * they must be the same.
1343 SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Gak, Evil plot, sseq:%d not the same as at:%d\n",
1344 chk->rec.data.stream_seq,
1345 next->rec.data.stream_seq);
1346 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1347 0, M_DONTWAIT, 1, MT_DATA);
1349 struct sctp_paramhdr *ph;
1352 SCTP_BUF_LEN(oper) =
1353 sizeof(struct sctp_paramhdr) +
1354 (3 * sizeof(uint32_t));
1356 struct sctp_paramhdr *);
1358 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1360 htons(SCTP_BUF_LEN(oper));
1361 ippp = (uint32_t *) (ph + 1);
1362 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_13);
1364 *ippp = chk->rec.data.TSN_seq;
1366 *ippp = ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq);
1368 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_13;
1369 sctp_abort_an_association(stcb->sctp_ep,
1370 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1378 /* Do we need to do some delivery? check */
1379 sctp_deliver_reasm_check(stcb, asoc);
1383 * This is an unfortunate routine. It checks to make sure a evil guy is not
1384 * stuffing us full of bad packet fragments. A broken peer could also do this
1385 * but this is doubtful. It is to bad I must worry about evil crackers sigh
1389 sctp_does_tsn_belong_to_reasm(struct sctp_association *asoc,
1392 struct sctp_tmit_chunk *at;
1395 TAILQ_FOREACH(at, &asoc->reasmqueue, sctp_next) {
1396 if (compare_with_wrap(TSN_seq,
1397 at->rec.data.TSN_seq, MAX_TSN)) {
1398 /* is it one bigger? */
1399 tsn_est = at->rec.data.TSN_seq + 1;
1400 if (tsn_est == TSN_seq) {
1401 /* yep. It better be a last then */
1402 if ((at->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) !=
1403 SCTP_DATA_LAST_FRAG) {
1405 * Ok this guy belongs next to a guy
1406 * that is NOT last, it should be a
1407 * middle/last, not a complete
1413 * This guy is ok since its a LAST
1414 * and the new chunk is a fully
1415 * self- contained one.
1420 } else if (TSN_seq == at->rec.data.TSN_seq) {
1421 /* Software error since I have a dup? */
1425 * Ok, 'at' is larger than new chunk but does it
1426 * need to be right before it.
1428 tsn_est = TSN_seq + 1;
1429 if (tsn_est == at->rec.data.TSN_seq) {
1430 /* Yep, It better be a first */
1431 if ((at->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) !=
1432 SCTP_DATA_FIRST_FRAG) {
1445 sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc,
1446 struct mbuf **m, int offset, struct sctp_data_chunk *ch, int chk_length,
1447 struct sctp_nets *net, uint32_t * high_tsn, int *abort_flag,
1448 int *break_flag, int last_chunk)
1450 /* Process a data chunk */
1451 /* struct sctp_tmit_chunk *chk; */
1452 struct sctp_tmit_chunk *chk;
1456 int need_reasm_check = 0;
1457 uint16_t strmno, strmseq;
1459 struct sctp_queued_to_read *control;
1461 uint32_t protocol_id;
1462 uint8_t chunk_flags;
1463 struct sctp_stream_reset_list *liste;
1466 tsn = ntohl(ch->dp.tsn);
1467 chunk_flags = ch->ch.chunk_flags;
1468 protocol_id = ch->dp.protocol_id;
1469 ordered = ((ch->ch.chunk_flags & SCTP_DATA_UNORDERED) == 0);
1470 if (sctp_logging_level & SCTP_MAP_LOGGING_ENABLE) {
1471 sctp_log_map(tsn, asoc->cumulative_tsn, asoc->highest_tsn_inside_map, SCTP_MAP_TSN_ENTERS);
1476 SCTP_LTRACE_CHK(stcb->sctp_ep, stcb, ch->ch.chunk_type, tsn);
1477 if (compare_with_wrap(asoc->cumulative_tsn, tsn, MAX_TSN) ||
1478 asoc->cumulative_tsn == tsn) {
1479 /* It is a duplicate */
1480 SCTP_STAT_INCR(sctps_recvdupdata);
1481 if (asoc->numduptsns < SCTP_MAX_DUP_TSNS) {
1482 /* Record a dup for the next outbound sack */
1483 asoc->dup_tsns[asoc->numduptsns] = tsn;
1486 asoc->send_sack = 1;
1489 /* Calculate the number of TSN's between the base and this TSN */
1490 if (tsn >= asoc->mapping_array_base_tsn) {
1491 gap = tsn - asoc->mapping_array_base_tsn;
1493 gap = (MAX_TSN - asoc->mapping_array_base_tsn) + tsn + 1;
1495 if (gap >= (SCTP_MAPPING_ARRAY << 3)) {
1496 /* Can't hold the bit in the mapping at max array, toss it */
1499 if (gap >= (uint32_t) (asoc->mapping_array_size << 3)) {
1500 SCTP_TCB_LOCK_ASSERT(stcb);
1501 if (sctp_expand_mapping_array(asoc, gap)) {
1502 /* Can't expand, drop it */
1506 if (compare_with_wrap(tsn, *high_tsn, MAX_TSN)) {
1509 /* See if we have received this one already */
1510 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) {
1511 SCTP_STAT_INCR(sctps_recvdupdata);
1512 if (asoc->numduptsns < SCTP_MAX_DUP_TSNS) {
1513 /* Record a dup for the next outbound sack */
1514 asoc->dup_tsns[asoc->numduptsns] = tsn;
1517 asoc->send_sack = 1;
1521 * Check to see about the GONE flag, duplicates would cause a sack
1522 * to be sent up above
1524 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
1525 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
1526 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET))
1529 * wait a minute, this guy is gone, there is no longer a
1530 * receiver. Send peer an ABORT!
1532 struct mbuf *op_err;
1534 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
1535 sctp_abort_an_association(stcb->sctp_ep, stcb, 0, op_err, SCTP_SO_NOT_LOCKED);
1540 * Now before going further we see if there is room. If NOT then we
1541 * MAY let one through only IF this TSN is the one we are waiting
1542 * for on a partial delivery API.
1545 /* now do the tests */
1546 if (((asoc->cnt_on_all_streams +
1547 asoc->cnt_on_reasm_queue +
1548 asoc->cnt_msg_on_sb) > sctp_max_chunks_on_queue) ||
1549 (((int)asoc->my_rwnd) <= 0)) {
1551 * When we have NO room in the rwnd we check to make sure
1552 * the reader is doing its job...
1554 if (stcb->sctp_socket->so_rcv.sb_cc) {
1555 /* some to read, wake-up */
1556 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1559 so = SCTP_INP_SO(stcb->sctp_ep);
1560 atomic_add_int(&stcb->asoc.refcnt, 1);
1561 SCTP_TCB_UNLOCK(stcb);
1562 SCTP_SOCKET_LOCK(so, 1);
1563 SCTP_TCB_LOCK(stcb);
1564 atomic_subtract_int(&stcb->asoc.refcnt, 1);
1565 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
1566 /* assoc was freed while we were unlocked */
1567 SCTP_SOCKET_UNLOCK(so, 1);
1571 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket);
1572 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1573 SCTP_SOCKET_UNLOCK(so, 1);
1576 /* now is it in the mapping array of what we have accepted? */
1577 if (compare_with_wrap(tsn,
1578 asoc->highest_tsn_inside_map, MAX_TSN)) {
1580 /* Nope not in the valid range dump it */
1581 sctp_set_rwnd(stcb, asoc);
1582 if ((asoc->cnt_on_all_streams +
1583 asoc->cnt_on_reasm_queue +
1584 asoc->cnt_msg_on_sb) > sctp_max_chunks_on_queue) {
1585 SCTP_STAT_INCR(sctps_datadropchklmt);
1587 SCTP_STAT_INCR(sctps_datadroprwnd);
1594 strmno = ntohs(ch->dp.stream_id);
1595 if (strmno >= asoc->streamincnt) {
1596 struct sctp_paramhdr *phdr;
1599 mb = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) * 2),
1600 0, M_DONTWAIT, 1, MT_DATA);
1602 /* add some space up front so prepend will work well */
1603 SCTP_BUF_RESV_UF(mb, sizeof(struct sctp_chunkhdr));
1604 phdr = mtod(mb, struct sctp_paramhdr *);
1606 * Error causes are just param's and this one has
1607 * two back to back phdr, one with the error type
1608 * and size, the other with the streamid and a rsvd
1610 SCTP_BUF_LEN(mb) = (sizeof(struct sctp_paramhdr) * 2);
1611 phdr->param_type = htons(SCTP_CAUSE_INVALID_STREAM);
1612 phdr->param_length =
1613 htons(sizeof(struct sctp_paramhdr) * 2);
1615 /* We insert the stream in the type field */
1616 phdr->param_type = ch->dp.stream_id;
1617 /* And set the length to 0 for the rsvd field */
1618 phdr->param_length = 0;
1619 sctp_queue_op_err(stcb, mb);
1621 SCTP_STAT_INCR(sctps_badsid);
1622 SCTP_TCB_LOCK_ASSERT(stcb);
1623 SCTP_SET_TSN_PRESENT(asoc->mapping_array, gap);
1624 if (compare_with_wrap(tsn, asoc->highest_tsn_inside_map, MAX_TSN)) {
1625 /* we have a new high score */
1626 asoc->highest_tsn_inside_map = tsn;
1627 if (sctp_logging_level & SCTP_MAP_LOGGING_ENABLE) {
1628 sctp_log_map(0, 2, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
1631 if (tsn == (asoc->cumulative_tsn + 1)) {
1632 /* Update cum-ack */
1633 asoc->cumulative_tsn = tsn;
1638 * Before we continue lets validate that we are not being fooled by
1639 * an evil attacker. We can only have 4k chunks based on our TSN
1640 * spread allowed by the mapping array 512 * 8 bits, so there is no
1641 * way our stream sequence numbers could have wrapped. We of course
1642 * only validate the FIRST fragment so the bit must be set.
1644 strmseq = ntohs(ch->dp.stream_sequence);
1645 #ifdef SCTP_ASOCLOG_OF_TSNS
1646 SCTP_TCB_LOCK_ASSERT(stcb);
1647 if (asoc->tsn_in_at >= SCTP_TSN_LOG_SIZE) {
1648 asoc->tsn_in_at = 0;
1649 asoc->tsn_in_wrapped = 1;
1651 asoc->in_tsnlog[asoc->tsn_in_at].tsn = tsn;
1652 asoc->in_tsnlog[asoc->tsn_in_at].strm = strmno;
1653 asoc->in_tsnlog[asoc->tsn_in_at].seq = strmseq;
1654 asoc->in_tsnlog[asoc->tsn_in_at].sz = chk_length;
1655 asoc->in_tsnlog[asoc->tsn_in_at].flgs = chunk_flags;
1656 asoc->in_tsnlog[asoc->tsn_in_at].stcb = (void *)stcb;
1657 asoc->in_tsnlog[asoc->tsn_in_at].in_pos = asoc->tsn_in_at;
1658 asoc->in_tsnlog[asoc->tsn_in_at].in_out = 1;
1661 if ((chunk_flags & SCTP_DATA_FIRST_FRAG) &&
1662 (TAILQ_EMPTY(&asoc->resetHead)) &&
1663 (chunk_flags & SCTP_DATA_UNORDERED) == 0 &&
1664 (compare_with_wrap(asoc->strmin[strmno].last_sequence_delivered,
1665 strmseq, MAX_SEQ) ||
1666 asoc->strmin[strmno].last_sequence_delivered == strmseq)) {
1667 /* The incoming sseq is behind where we last delivered? */
1668 SCTPDBG(SCTP_DEBUG_INDATA1, "EVIL/Broken-Dup S-SEQ:%d delivered:%d from peer, Abort!\n",
1669 strmseq, asoc->strmin[strmno].last_sequence_delivered);
1670 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1671 0, M_DONTWAIT, 1, MT_DATA);
1673 struct sctp_paramhdr *ph;
1676 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
1677 (3 * sizeof(uint32_t));
1678 ph = mtod(oper, struct sctp_paramhdr *);
1679 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1680 ph->param_length = htons(SCTP_BUF_LEN(oper));
1681 ippp = (uint32_t *) (ph + 1);
1682 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_14);
1686 *ippp = ((strmno << 16) | strmseq);
1689 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_14;
1690 sctp_abort_an_association(stcb->sctp_ep, stcb,
1691 SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1695 /************************************
1696 * From here down we may find ch-> invalid
1697 * so its a good idea NOT to use it.
1698 *************************************/
1700 the_len = (chk_length - sizeof(struct sctp_data_chunk));
1701 if (last_chunk == 0) {
1702 dmbuf = SCTP_M_COPYM(*m,
1703 (offset + sizeof(struct sctp_data_chunk)),
1704 the_len, M_DONTWAIT);
1705 #ifdef SCTP_MBUF_LOGGING
1706 if (sctp_logging_level & SCTP_MBUF_LOGGING_ENABLE) {
1711 if (SCTP_BUF_IS_EXTENDED(mat)) {
1712 sctp_log_mb(mat, SCTP_MBUF_ICOPY);
1714 mat = SCTP_BUF_NEXT(mat);
1719 /* We can steal the last chunk */
1723 /* lop off the top part */
1724 m_adj(dmbuf, (offset + sizeof(struct sctp_data_chunk)));
1725 if (SCTP_BUF_NEXT(dmbuf) == NULL) {
1726 l_len = SCTP_BUF_LEN(dmbuf);
1729 * need to count up the size hopefully does not hit
1737 l_len += SCTP_BUF_LEN(lat);
1738 lat = SCTP_BUF_NEXT(lat);
1741 if (l_len > the_len) {
1742 /* Trim the end round bytes off too */
1743 m_adj(dmbuf, -(l_len - the_len));
1746 if (dmbuf == NULL) {
1747 SCTP_STAT_INCR(sctps_nomem);
1750 if ((chunk_flags & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG &&
1751 asoc->fragmented_delivery_inprogress == 0 &&
1752 TAILQ_EMPTY(&asoc->resetHead) &&
1754 ((asoc->strmin[strmno].last_sequence_delivered + 1) == strmseq &&
1755 TAILQ_EMPTY(&asoc->strmin[strmno].inqueue)))) {
1756 /* Candidate for express delivery */
1758 * Its not fragmented, No PD-API is up, Nothing in the
1759 * delivery queue, Its un-ordered OR ordered and the next to
1760 * deliver AND nothing else is stuck on the stream queue,
1761 * And there is room for it in the socket buffer. Lets just
1762 * stuff it up the buffer....
1765 /* It would be nice to avoid this copy if we could :< */
1766 sctp_alloc_a_readq(stcb, control);
1767 sctp_build_readq_entry_mac(control, stcb, asoc->context, net, tsn,
1773 if (control == NULL) {
1774 goto failed_express_del;
1776 sctp_add_to_readq(stcb->sctp_ep, stcb, control, &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED);
1777 if ((chunk_flags & SCTP_DATA_UNORDERED) == 0) {
1778 /* for ordered, bump what we delivered */
1779 asoc->strmin[strmno].last_sequence_delivered++;
1781 SCTP_STAT_INCR(sctps_recvexpress);
1782 if (sctp_logging_level & SCTP_STR_LOGGING_ENABLE) {
1783 sctp_log_strm_del_alt(stcb, tsn, strmseq, strmno,
1784 SCTP_STR_LOG_FROM_EXPRS_DEL);
1787 goto finish_express_del;
1790 /* If we reach here this is a new chunk */
1793 /* Express for fragmented delivery? */
1794 if ((asoc->fragmented_delivery_inprogress) &&
1795 (stcb->asoc.control_pdapi) &&
1796 (asoc->str_of_pdapi == strmno) &&
1797 (asoc->ssn_of_pdapi == strmseq)
1799 control = stcb->asoc.control_pdapi;
1800 if ((chunk_flags & SCTP_DATA_FIRST_FRAG) == SCTP_DATA_FIRST_FRAG) {
1801 /* Can't be another first? */
1802 goto failed_pdapi_express_del;
1804 if (tsn == (control->sinfo_tsn + 1)) {
1805 /* Yep, we can add it on */
1809 if (chunk_flags & SCTP_DATA_LAST_FRAG) {
1812 cumack = asoc->cumulative_tsn;
1813 if ((cumack + 1) == tsn)
1816 if (sctp_append_to_readq(stcb->sctp_ep, stcb, control, dmbuf, end,
1818 &stcb->sctp_socket->so_rcv)) {
1819 SCTP_PRINTF("Append fails end:%d\n", end);
1820 goto failed_pdapi_express_del;
1822 SCTP_STAT_INCR(sctps_recvexpressm);
1823 control->sinfo_tsn = tsn;
1824 asoc->tsn_last_delivered = tsn;
1825 asoc->fragment_flags = chunk_flags;
1826 asoc->tsn_of_pdapi_last_delivered = tsn;
1827 asoc->last_flags_delivered = chunk_flags;
1828 asoc->last_strm_seq_delivered = strmseq;
1829 asoc->last_strm_no_delivered = strmno;
1831 /* clean up the flags and such */
1832 asoc->fragmented_delivery_inprogress = 0;
1833 if ((chunk_flags & SCTP_DATA_UNORDERED) == 0) {
1834 asoc->strmin[strmno].last_sequence_delivered++;
1836 stcb->asoc.control_pdapi = NULL;
1837 if (TAILQ_EMPTY(&asoc->reasmqueue) == 0) {
1839 * There could be another message
1842 need_reasm_check = 1;
1846 goto finish_express_del;
1849 failed_pdapi_express_del:
1851 if ((chunk_flags & SCTP_DATA_NOT_FRAG) != SCTP_DATA_NOT_FRAG) {
1852 sctp_alloc_a_chunk(stcb, chk);
1854 /* No memory so we drop the chunk */
1855 SCTP_STAT_INCR(sctps_nomem);
1856 if (last_chunk == 0) {
1857 /* we copied it, free the copy */
1858 sctp_m_freem(dmbuf);
1862 chk->rec.data.TSN_seq = tsn;
1863 chk->no_fr_allowed = 0;
1864 chk->rec.data.stream_seq = strmseq;
1865 chk->rec.data.stream_number = strmno;
1866 chk->rec.data.payloadtype = protocol_id;
1867 chk->rec.data.context = stcb->asoc.context;
1868 chk->rec.data.doing_fast_retransmit = 0;
1869 chk->rec.data.rcv_flags = chunk_flags;
1871 chk->send_size = the_len;
1873 atomic_add_int(&net->ref_count, 1);
1876 sctp_alloc_a_readq(stcb, control);
1877 sctp_build_readq_entry_mac(control, stcb, asoc->context, net, tsn,
1883 if (control == NULL) {
1884 /* No memory so we drop the chunk */
1885 SCTP_STAT_INCR(sctps_nomem);
1886 if (last_chunk == 0) {
1887 /* we copied it, free the copy */
1888 sctp_m_freem(dmbuf);
1892 control->length = the_len;
1895 /* Mark it as received */
1896 /* Now queue it where it belongs */
1897 if (control != NULL) {
1898 /* First a sanity check */
1899 if (asoc->fragmented_delivery_inprogress) {
1901 * Ok, we have a fragmented delivery in progress if
1902 * this chunk is next to deliver OR belongs in our
1903 * view to the reassembly, the peer is evil or
1906 uint32_t estimate_tsn;
1908 estimate_tsn = asoc->tsn_last_delivered + 1;
1909 if (TAILQ_EMPTY(&asoc->reasmqueue) &&
1910 (estimate_tsn == control->sinfo_tsn)) {
1911 /* Evil/Broke peer */
1912 sctp_m_freem(control->data);
1913 control->data = NULL;
1914 if (control->whoFrom) {
1915 sctp_free_remote_addr(control->whoFrom);
1916 control->whoFrom = NULL;
1918 sctp_free_a_readq(stcb, control);
1919 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1920 0, M_DONTWAIT, 1, MT_DATA);
1922 struct sctp_paramhdr *ph;
1925 SCTP_BUF_LEN(oper) =
1926 sizeof(struct sctp_paramhdr) +
1927 (3 * sizeof(uint32_t));
1928 ph = mtod(oper, struct sctp_paramhdr *);
1930 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1931 ph->param_length = htons(SCTP_BUF_LEN(oper));
1932 ippp = (uint32_t *) (ph + 1);
1933 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_15);
1937 *ippp = ((strmno << 16) | strmseq);
1939 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_15;
1940 sctp_abort_an_association(stcb->sctp_ep, stcb,
1941 SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1946 if (sctp_does_tsn_belong_to_reasm(asoc, control->sinfo_tsn)) {
1947 sctp_m_freem(control->data);
1948 control->data = NULL;
1949 if (control->whoFrom) {
1950 sctp_free_remote_addr(control->whoFrom);
1951 control->whoFrom = NULL;
1953 sctp_free_a_readq(stcb, control);
1955 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
1956 0, M_DONTWAIT, 1, MT_DATA);
1958 struct sctp_paramhdr *ph;
1961 SCTP_BUF_LEN(oper) =
1962 sizeof(struct sctp_paramhdr) +
1963 (3 * sizeof(uint32_t));
1965 struct sctp_paramhdr *);
1967 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
1969 htons(SCTP_BUF_LEN(oper));
1970 ippp = (uint32_t *) (ph + 1);
1971 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_16);
1975 *ippp = ((strmno << 16) | strmseq);
1977 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_16;
1978 sctp_abort_an_association(stcb->sctp_ep,
1979 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
1986 /* No PDAPI running */
1987 if (!TAILQ_EMPTY(&asoc->reasmqueue)) {
1989 * Reassembly queue is NOT empty validate
1990 * that this tsn does not need to be in
1991 * reasembly queue. If it does then our peer
1992 * is broken or evil.
1994 if (sctp_does_tsn_belong_to_reasm(asoc, control->sinfo_tsn)) {
1995 sctp_m_freem(control->data);
1996 control->data = NULL;
1997 if (control->whoFrom) {
1998 sctp_free_remote_addr(control->whoFrom);
1999 control->whoFrom = NULL;
2001 sctp_free_a_readq(stcb, control);
2002 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
2003 0, M_DONTWAIT, 1, MT_DATA);
2005 struct sctp_paramhdr *ph;
2008 SCTP_BUF_LEN(oper) =
2009 sizeof(struct sctp_paramhdr) +
2010 (3 * sizeof(uint32_t));
2012 struct sctp_paramhdr *);
2014 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
2016 htons(SCTP_BUF_LEN(oper));
2017 ippp = (uint32_t *) (ph + 1);
2018 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_17);
2022 *ippp = ((strmno << 16) | strmseq);
2024 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_17;
2025 sctp_abort_an_association(stcb->sctp_ep,
2026 stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
2033 /* ok, if we reach here we have passed the sanity checks */
2034 if (chunk_flags & SCTP_DATA_UNORDERED) {
2035 /* queue directly into socket buffer */
2036 sctp_add_to_readq(stcb->sctp_ep, stcb,
2038 &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED);
2041 * Special check for when streams are resetting. We
2042 * could be more smart about this and check the
2043 * actual stream to see if it is not being reset..
2044 * that way we would not create a HOLB when amongst
2045 * streams being reset and those not being reset.
2047 * We take complete messages that have a stream reset
2048 * intervening (aka the TSN is after where our
2049 * cum-ack needs to be) off and put them on a
2050 * pending_reply_queue. The reassembly ones we do
2051 * not have to worry about since they are all sorted
2052 * and proceessed by TSN order. It is only the
2053 * singletons I must worry about.
2055 if (((liste = TAILQ_FIRST(&asoc->resetHead)) != NULL) &&
2056 ((compare_with_wrap(tsn, liste->tsn, MAX_TSN)))
2059 * yep its past where we need to reset... go
2060 * ahead and queue it.
2062 if (TAILQ_EMPTY(&asoc->pending_reply_queue)) {
2064 TAILQ_INSERT_TAIL(&asoc->pending_reply_queue, control, next);
2066 struct sctp_queued_to_read *ctlOn;
2067 unsigned char inserted = 0;
2069 ctlOn = TAILQ_FIRST(&asoc->pending_reply_queue);
2071 if (compare_with_wrap(control->sinfo_tsn,
2072 ctlOn->sinfo_tsn, MAX_TSN)) {
2073 ctlOn = TAILQ_NEXT(ctlOn, next);
2076 TAILQ_INSERT_BEFORE(ctlOn, control, next);
2081 if (inserted == 0) {
2083 * must be put at end, use
2084 * prevP (all setup from
2085 * loop) to setup nextP.
2087 TAILQ_INSERT_TAIL(&asoc->pending_reply_queue, control, next);
2091 sctp_queue_data_to_stream(stcb, asoc, control, abort_flag);
2098 /* Into the re-assembly queue */
2099 sctp_queue_data_for_reasm(stcb, asoc, chk, abort_flag);
2102 * the assoc is now gone and chk was put onto the
2103 * reasm queue, which has all been freed.
2110 if (compare_with_wrap(tsn, asoc->highest_tsn_inside_map, MAX_TSN)) {
2111 /* we have a new high score */
2112 asoc->highest_tsn_inside_map = tsn;
2113 if (sctp_logging_level & SCTP_MAP_LOGGING_ENABLE) {
2114 sctp_log_map(0, 2, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
2117 if (tsn == (asoc->cumulative_tsn + 1)) {
2118 /* Update cum-ack */
2119 asoc->cumulative_tsn = tsn;
2125 SCTP_STAT_INCR_COUNTER64(sctps_inorderchunks);
2127 SCTP_STAT_INCR_COUNTER64(sctps_inunorderchunks);
2129 SCTP_STAT_INCR(sctps_recvdata);
2130 /* Set it present please */
2131 if (sctp_logging_level & SCTP_STR_LOGGING_ENABLE) {
2132 sctp_log_strm_del_alt(stcb, tsn, strmseq, strmno, SCTP_STR_LOG_FROM_MARK_TSN);
2134 if (sctp_logging_level & SCTP_MAP_LOGGING_ENABLE) {
2135 sctp_log_map(asoc->mapping_array_base_tsn, asoc->cumulative_tsn,
2136 asoc->highest_tsn_inside_map, SCTP_MAP_PREPARE_SLIDE);
2138 SCTP_TCB_LOCK_ASSERT(stcb);
2139 SCTP_SET_TSN_PRESENT(asoc->mapping_array, gap);
2140 /* check the special flag for stream resets */
2141 if (((liste = TAILQ_FIRST(&asoc->resetHead)) != NULL) &&
2142 ((compare_with_wrap(asoc->cumulative_tsn, liste->tsn, MAX_TSN)) ||
2143 (asoc->cumulative_tsn == liste->tsn))
2146 * we have finished working through the backlogged TSN's now
2147 * time to reset streams. 1: call reset function. 2: free
2148 * pending_reply space 3: distribute any chunks in
2149 * pending_reply_queue.
2151 struct sctp_queued_to_read *ctl;
2153 sctp_reset_in_stream(stcb, liste->number_entries, liste->req.list_of_streams);
2154 TAILQ_REMOVE(&asoc->resetHead, liste, next_resp);
2155 SCTP_FREE(liste, SCTP_M_STRESET);
2156 /* sa_ignore FREED_MEMORY */
2157 liste = TAILQ_FIRST(&asoc->resetHead);
2158 ctl = TAILQ_FIRST(&asoc->pending_reply_queue);
2159 if (ctl && (liste == NULL)) {
2160 /* All can be removed */
2162 TAILQ_REMOVE(&asoc->pending_reply_queue, ctl, next);
2163 sctp_queue_data_to_stream(stcb, asoc, ctl, abort_flag);
2167 ctl = TAILQ_FIRST(&asoc->pending_reply_queue);
2170 /* more than one in queue */
2171 while (!compare_with_wrap(ctl->sinfo_tsn, liste->tsn, MAX_TSN)) {
2173 * if ctl->sinfo_tsn is <= liste->tsn we can
2174 * process it which is the NOT of
2175 * ctl->sinfo_tsn > liste->tsn
2177 TAILQ_REMOVE(&asoc->pending_reply_queue, ctl, next);
2178 sctp_queue_data_to_stream(stcb, asoc, ctl, abort_flag);
2182 ctl = TAILQ_FIRST(&asoc->pending_reply_queue);
2186 * Now service re-assembly to pick up anything that has been
2187 * held on reassembly queue?
2189 sctp_deliver_reasm_check(stcb, asoc);
2190 need_reasm_check = 0;
2192 if (need_reasm_check) {
2193 /* Another one waits ? */
2194 sctp_deliver_reasm_check(stcb, asoc);
2199 int8_t sctp_map_lookup_tab[256] = {
2200 -1, 0, -1, 1, -1, 0, -1, 2,
2201 -1, 0, -1, 1, -1, 0, -1, 3,
2202 -1, 0, -1, 1, -1, 0, -1, 2,
2203 -1, 0, -1, 1, -1, 0, -1, 4,
2204 -1, 0, -1, 1, -1, 0, -1, 2,
2205 -1, 0, -1, 1, -1, 0, -1, 3,
2206 -1, 0, -1, 1, -1, 0, -1, 2,
2207 -1, 0, -1, 1, -1, 0, -1, 5,
2208 -1, 0, -1, 1, -1, 0, -1, 2,
2209 -1, 0, -1, 1, -1, 0, -1, 3,
2210 -1, 0, -1, 1, -1, 0, -1, 2,
2211 -1, 0, -1, 1, -1, 0, -1, 4,
2212 -1, 0, -1, 1, -1, 0, -1, 2,
2213 -1, 0, -1, 1, -1, 0, -1, 3,
2214 -1, 0, -1, 1, -1, 0, -1, 2,
2215 -1, 0, -1, 1, -1, 0, -1, 6,
2216 -1, 0, -1, 1, -1, 0, -1, 2,
2217 -1, 0, -1, 1, -1, 0, -1, 3,
2218 -1, 0, -1, 1, -1, 0, -1, 2,
2219 -1, 0, -1, 1, -1, 0, -1, 4,
2220 -1, 0, -1, 1, -1, 0, -1, 2,
2221 -1, 0, -1, 1, -1, 0, -1, 3,
2222 -1, 0, -1, 1, -1, 0, -1, 2,
2223 -1, 0, -1, 1, -1, 0, -1, 5,
2224 -1, 0, -1, 1, -1, 0, -1, 2,
2225 -1, 0, -1, 1, -1, 0, -1, 3,
2226 -1, 0, -1, 1, -1, 0, -1, 2,
2227 -1, 0, -1, 1, -1, 0, -1, 4,
2228 -1, 0, -1, 1, -1, 0, -1, 2,
2229 -1, 0, -1, 1, -1, 0, -1, 3,
2230 -1, 0, -1, 1, -1, 0, -1, 2,
2231 -1, 0, -1, 1, -1, 0, -1, 7,
2236 sctp_sack_check(struct sctp_tcb *stcb, int ok_to_sack, int was_a_gap, int *abort_flag)
2239 * Now we also need to check the mapping array in a couple of ways.
2240 * 1) Did we move the cum-ack point?
2242 struct sctp_association *asoc;
2244 int last_all_ones = 0;
2245 int slide_from, slide_end, lgap, distance;
2246 uint32_t old_cumack, old_base, old_highest;
2247 unsigned char aux_array[64];
2253 old_cumack = asoc->cumulative_tsn;
2254 old_base = asoc->mapping_array_base_tsn;
2255 old_highest = asoc->highest_tsn_inside_map;
2256 if (asoc->mapping_array_size < 64)
2257 memcpy(aux_array, asoc->mapping_array,
2258 asoc->mapping_array_size);
2260 memcpy(aux_array, asoc->mapping_array, 64);
2263 * We could probably improve this a small bit by calculating the
2264 * offset of the current cum-ack as the starting point.
2267 for (i = 0; i < stcb->asoc.mapping_array_size; i++) {
2269 if (asoc->mapping_array[i] == 0xff) {
2273 /* there is a 0 bit */
2274 at += sctp_map_lookup_tab[asoc->mapping_array[i]];
2279 asoc->cumulative_tsn = asoc->mapping_array_base_tsn + (at - last_all_ones);
2280 /* at is one off, since in the table a embedded -1 is present */
2283 if (compare_with_wrap(asoc->cumulative_tsn,
2284 asoc->highest_tsn_inside_map,
2287 panic("huh, cumack 0x%x greater than high-tsn 0x%x in map",
2288 asoc->cumulative_tsn, asoc->highest_tsn_inside_map);
2290 SCTP_PRINTF("huh, cumack 0x%x greater than high-tsn 0x%x in map - should panic?\n",
2291 asoc->cumulative_tsn, asoc->highest_tsn_inside_map);
2292 asoc->highest_tsn_inside_map = asoc->cumulative_tsn;
2295 if ((asoc->cumulative_tsn == asoc->highest_tsn_inside_map) && (at >= 8)) {
2296 /* The complete array was completed by a single FR */
2297 /* higest becomes the cum-ack */
2300 asoc->cumulative_tsn = asoc->highest_tsn_inside_map;
2301 /* clear the array */
2302 clr = (at >> 3) + 1;
2303 if (clr > asoc->mapping_array_size) {
2304 clr = asoc->mapping_array_size;
2306 memset(asoc->mapping_array, 0, clr);
2307 /* base becomes one ahead of the cum-ack */
2308 asoc->mapping_array_base_tsn = asoc->cumulative_tsn + 1;
2309 if (sctp_logging_level & SCTP_MAP_LOGGING_ENABLE) {
2310 sctp_log_map(old_base, old_cumack, old_highest,
2311 SCTP_MAP_PREPARE_SLIDE);
2312 sctp_log_map(asoc->mapping_array_base_tsn, asoc->cumulative_tsn,
2313 asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_CLEARED);
2315 } else if (at >= 8) {
2316 /* we can slide the mapping array down */
2317 /* Calculate the new byte postion we can move down */
2318 slide_from = at >> 3;
2320 * now calculate the ceiling of the move using our highest
2323 if (asoc->highest_tsn_inside_map >= asoc->mapping_array_base_tsn) {
2324 lgap = asoc->highest_tsn_inside_map -
2325 asoc->mapping_array_base_tsn;
2327 lgap = (MAX_TSN - asoc->mapping_array_base_tsn) +
2328 asoc->highest_tsn_inside_map + 1;
2330 slide_end = lgap >> 3;
2331 if (slide_end < slide_from) {
2333 panic("impossible slide");
2335 printf("impossible slide?\n");
2339 distance = (slide_end - slide_from) + 1;
2340 if (sctp_logging_level & SCTP_MAP_LOGGING_ENABLE) {
2341 sctp_log_map(old_base, old_cumack, old_highest,
2342 SCTP_MAP_PREPARE_SLIDE);
2343 sctp_log_map((uint32_t) slide_from, (uint32_t) slide_end,
2344 (uint32_t) lgap, SCTP_MAP_SLIDE_FROM);
2346 if (distance + slide_from > asoc->mapping_array_size ||
2349 * Here we do NOT slide forward the array so that
2350 * hopefully when more data comes in to fill it up
2351 * we will be able to slide it forward. Really I
2352 * don't think this should happen :-0
2355 if (sctp_logging_level & SCTP_MAP_LOGGING_ENABLE) {
2356 sctp_log_map((uint32_t) distance, (uint32_t) slide_from,
2357 (uint32_t) asoc->mapping_array_size,
2358 SCTP_MAP_SLIDE_NONE);
2363 for (ii = 0; ii < distance; ii++) {
2364 asoc->mapping_array[ii] =
2365 asoc->mapping_array[slide_from + ii];
2367 for (ii = distance; ii <= slide_end; ii++) {
2368 asoc->mapping_array[ii] = 0;
2370 asoc->mapping_array_base_tsn += (slide_from << 3);
2371 if (sctp_logging_level & SCTP_MAP_LOGGING_ENABLE) {
2372 sctp_log_map(asoc->mapping_array_base_tsn,
2373 asoc->cumulative_tsn, asoc->highest_tsn_inside_map,
2374 SCTP_MAP_SLIDE_RESULT);
2379 * Now we need to see if we need to queue a sack or just start the
2380 * timer (if allowed).
2383 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) {
2385 * Ok special case, in SHUTDOWN-SENT case. here we
2386 * maker sure SACK timer is off and instead send a
2387 * SHUTDOWN and a SACK
2389 if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) {
2390 sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
2391 stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTP_INDATA + SCTP_LOC_18);
2393 sctp_send_shutdown(stcb, stcb->asoc.primary_destination);
2394 sctp_send_sack(stcb);
2398 /* is there a gap now ? */
2399 is_a_gap = compare_with_wrap(stcb->asoc.highest_tsn_inside_map,
2400 stcb->asoc.cumulative_tsn, MAX_TSN);
2403 * CMT DAC algorithm: increase number of packets
2404 * received since last ack
2406 stcb->asoc.cmt_dac_pkts_rcvd++;
2408 if ((stcb->asoc.send_sack == 1) || /* We need to send a
2410 ((was_a_gap) && (is_a_gap == 0)) || /* was a gap, but no
2412 (stcb->asoc.numduptsns) || /* we have dup's */
2413 (is_a_gap) || /* is still a gap */
2414 (stcb->asoc.delayed_ack == 0) || /* Delayed sack disabled */
2415 (stcb->asoc.data_pkts_seen >= stcb->asoc.sack_freq) /* hit limit of pkts */
2418 if ((sctp_cmt_on_off) && (sctp_cmt_use_dac) &&
2419 (stcb->asoc.send_sack == 0) &&
2420 (stcb->asoc.numduptsns == 0) &&
2421 (stcb->asoc.delayed_ack) &&
2422 (!SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer))) {
2425 * CMT DAC algorithm: With CMT,
2426 * delay acks even in the face of
2428 * reordering. Therefore, if acks that
2429 * do not have to be sent because of
2430 * the above reasons, will be
2431 * delayed. That is, acks that would
2432 * have been sent due to gap reports
2433 * will be delayed with DAC. Start
2434 * the delayed ack timer.
2436 sctp_timer_start(SCTP_TIMER_TYPE_RECV,
2437 stcb->sctp_ep, stcb, NULL);
2440 * Ok we must build a SACK since the
2441 * timer is pending, we got our
2442 * first packet OR there are gaps or
2445 (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer);
2446 sctp_send_sack(stcb);
2449 if (!SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) {
2450 sctp_timer_start(SCTP_TIMER_TYPE_RECV,
2451 stcb->sctp_ep, stcb, NULL);
2459 sctp_service_queues(struct sctp_tcb *stcb, struct sctp_association *asoc)
2461 struct sctp_tmit_chunk *chk;
2465 if (asoc->fragmented_delivery_inprogress) {
2466 sctp_service_reassembly(stcb, asoc);
2468 /* Can we proceed further, i.e. the PD-API is complete */
2469 if (asoc->fragmented_delivery_inprogress) {
2474 * Now is there some other chunk I can deliver from the reassembly
2478 chk = TAILQ_FIRST(&asoc->reasmqueue);
2480 asoc->size_on_reasm_queue = 0;
2481 asoc->cnt_on_reasm_queue = 0;
2484 nxt_todel = asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered + 1;
2485 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) &&
2486 ((nxt_todel == chk->rec.data.stream_seq) ||
2487 (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED))) {
2489 * Yep the first one is here. We setup to start reception,
2490 * by backing down the TSN just in case we can't deliver.
2494 * Before we start though either all of the message should
2495 * be here or 1/4 the socket buffer max or nothing on the
2496 * delivery queue and something can be delivered.
2498 if ((sctp_is_all_msg_on_reasm(asoc, &tsize) ||
2499 (tsize >= stcb->sctp_ep->partial_delivery_point))) {
2500 asoc->fragmented_delivery_inprogress = 1;
2501 asoc->tsn_last_delivered = chk->rec.data.TSN_seq - 1;
2502 asoc->str_of_pdapi = chk->rec.data.stream_number;
2503 asoc->ssn_of_pdapi = chk->rec.data.stream_seq;
2504 asoc->pdapi_ppid = chk->rec.data.payloadtype;
2505 asoc->fragment_flags = chk->rec.data.rcv_flags;
2506 sctp_service_reassembly(stcb, asoc);
2507 if (asoc->fragmented_delivery_inprogress == 0) {
2515 sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length,
2516 struct sctphdr *sh, struct sctp_inpcb *inp, struct sctp_tcb *stcb,
2517 struct sctp_nets *net, uint32_t * high_tsn)
2519 struct sctp_data_chunk *ch, chunk_buf;
2520 struct sctp_association *asoc;
2521 int num_chunks = 0; /* number of control chunks processed */
2523 int chk_length, break_flag, last_chunk;
2524 int abort_flag = 0, was_a_gap = 0;
2528 sctp_set_rwnd(stcb, &stcb->asoc);
2531 SCTP_TCB_LOCK_ASSERT(stcb);
2533 if (compare_with_wrap(stcb->asoc.highest_tsn_inside_map,
2534 stcb->asoc.cumulative_tsn, MAX_TSN)) {
2535 /* there was a gap before this data was processed */
2539 * setup where we got the last DATA packet from for any SACK that
2540 * may need to go out. Don't bump the net. This is done ONLY when a
2541 * chunk is assigned.
2543 asoc->last_data_chunk_from = net;
2546 * Now before we proceed we must figure out if this is a wasted
2547 * cluster... i.e. it is a small packet sent in and yet the driver
2548 * underneath allocated a full cluster for it. If so we must copy it
2549 * to a smaller mbuf and free up the cluster mbuf. This will help
2550 * with cluster starvation. Note for __Panda__ we don't do this
2551 * since it has clusters all the way down to 64 bytes.
2553 if (SCTP_BUF_LEN(m) < (long)MLEN && SCTP_BUF_NEXT(m) == NULL) {
2554 /* we only handle mbufs that are singletons.. not chains */
2555 m = sctp_get_mbuf_for_msg(SCTP_BUF_LEN(m), 0, M_DONTWAIT, 1, MT_DATA);
2557 /* ok lets see if we can copy the data up */
2560 /* get the pointers and copy */
2561 to = mtod(m, caddr_t *);
2562 from = mtod((*mm), caddr_t *);
2563 memcpy(to, from, SCTP_BUF_LEN((*mm)));
2564 /* copy the length and free up the old */
2565 SCTP_BUF_LEN(m) = SCTP_BUF_LEN((*mm));
2567 /* sucess, back copy */
2570 /* We are in trouble in the mbuf world .. yikes */
2574 /* get pointer to the first chunk header */
2575 ch = (struct sctp_data_chunk *)sctp_m_getptr(m, *offset,
2576 sizeof(struct sctp_data_chunk), (uint8_t *) & chunk_buf);
2581 * process all DATA chunks...
2583 *high_tsn = asoc->cumulative_tsn;
2585 asoc->data_pkts_seen++;
2586 while (stop_proc == 0) {
2587 /* validate chunk length */
2588 chk_length = ntohs(ch->ch.chunk_length);
2589 if (length - *offset < chk_length) {
2590 /* all done, mutulated chunk */
2594 if (ch->ch.chunk_type == SCTP_DATA) {
2595 if ((size_t)chk_length < sizeof(struct sctp_data_chunk) + 1) {
2597 * Need to send an abort since we had a
2598 * invalid data chunk.
2600 struct mbuf *op_err;
2602 op_err = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 2 * sizeof(uint32_t)),
2603 0, M_DONTWAIT, 1, MT_DATA);
2606 struct sctp_paramhdr *ph;
2609 SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr) +
2610 (2 * sizeof(uint32_t));
2611 ph = mtod(op_err, struct sctp_paramhdr *);
2613 htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
2614 ph->param_length = htons(SCTP_BUF_LEN(op_err));
2615 ippp = (uint32_t *) (ph + 1);
2616 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_19);
2618 *ippp = asoc->cumulative_tsn;
2621 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_19;
2622 sctp_abort_association(inp, stcb, m, iphlen, sh,
2623 op_err, 0, net->port);
2626 #ifdef SCTP_AUDITING_ENABLED
2627 sctp_audit_log(0xB1, 0);
2629 if (SCTP_SIZE32(chk_length) == (length - *offset)) {
2634 if (sctp_process_a_data_chunk(stcb, asoc, mm, *offset, ch,
2635 chk_length, net, high_tsn, &abort_flag, &break_flag,
2644 * Set because of out of rwnd space and no
2645 * drop rep space left.
2651 /* not a data chunk in the data region */
2652 switch (ch->ch.chunk_type) {
2653 case SCTP_INITIATION:
2654 case SCTP_INITIATION_ACK:
2655 case SCTP_SELECTIVE_ACK:
2656 case SCTP_HEARTBEAT_REQUEST:
2657 case SCTP_HEARTBEAT_ACK:
2658 case SCTP_ABORT_ASSOCIATION:
2660 case SCTP_SHUTDOWN_ACK:
2661 case SCTP_OPERATION_ERROR:
2662 case SCTP_COOKIE_ECHO:
2663 case SCTP_COOKIE_ACK:
2666 case SCTP_SHUTDOWN_COMPLETE:
2667 case SCTP_AUTHENTICATION:
2668 case SCTP_ASCONF_ACK:
2669 case SCTP_PACKET_DROPPED:
2670 case SCTP_STREAM_RESET:
2671 case SCTP_FORWARD_CUM_TSN:
2674 * Now, what do we do with KNOWN chunks that
2675 * are NOT in the right place?
2677 * For now, I do nothing but ignore them. We
2678 * may later want to add sysctl stuff to
2679 * switch out and do either an ABORT() or
2680 * possibly process them.
2682 if (sctp_strict_data_order) {
2683 struct mbuf *op_err;
2685 op_err = sctp_generate_invmanparam(SCTP_CAUSE_PROTOCOL_VIOLATION);
2686 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err, 0, net->port);
2691 /* unknown chunk type, use bit rules */
2692 if (ch->ch.chunk_type & 0x40) {
2693 /* Add a error report to the queue */
2695 struct sctp_paramhdr *phd;
2697 merr = sctp_get_mbuf_for_msg(sizeof(*phd), 0, M_DONTWAIT, 1, MT_DATA);
2699 phd = mtod(merr, struct sctp_paramhdr *);
2701 * We cheat and use param
2702 * type since we did not
2703 * bother to define a error
2704 * cause struct. They are
2705 * the same basic format
2706 * with different names.
2709 htons(SCTP_CAUSE_UNRECOG_CHUNK);
2711 htons(chk_length + sizeof(*phd));
2712 SCTP_BUF_LEN(merr) = sizeof(*phd);
2713 SCTP_BUF_NEXT(merr) = SCTP_M_COPYM(m, *offset,
2714 SCTP_SIZE32(chk_length),
2716 if (SCTP_BUF_NEXT(merr)) {
2717 sctp_queue_op_err(stcb, merr);
2723 if ((ch->ch.chunk_type & 0x80) == 0) {
2724 /* discard the rest of this packet */
2726 } /* else skip this bad chunk and
2729 }; /* switch of chunk type */
2731 *offset += SCTP_SIZE32(chk_length);
2732 if ((*offset >= length) || stop_proc) {
2733 /* no more data left in the mbuf chain */
2737 ch = (struct sctp_data_chunk *)sctp_m_getptr(m, *offset,
2738 sizeof(struct sctp_data_chunk), (uint8_t *) & chunk_buf);
2748 * we need to report rwnd overrun drops.
2750 sctp_send_packet_dropped(stcb, net, *mm, iphlen, 0);
2754 * Did we get data, if so update the time for auto-close and
2755 * give peer credit for being alive.
2757 SCTP_STAT_INCR(sctps_recvpktwithdata);
2758 if (sctp_logging_level & SCTP_THRESHOLD_LOGGING) {
2759 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
2760 stcb->asoc.overall_error_count,
2762 SCTP_FROM_SCTP_INDATA,
2765 stcb->asoc.overall_error_count = 0;
2766 (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_last_rcvd);
2768 /* now service all of the reassm queue if needed */
2769 if (!(TAILQ_EMPTY(&asoc->reasmqueue)))
2770 sctp_service_queues(stcb, asoc);
2772 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) {
2773 /* Assure that we ack right away */
2774 stcb->asoc.send_sack = 1;
2776 /* Start a sack timer or QUEUE a SACK for sending */
2777 if ((stcb->asoc.cumulative_tsn == stcb->asoc.highest_tsn_inside_map) &&
2778 (stcb->asoc.mapping_array[0] != 0xff)) {
2779 if ((stcb->asoc.data_pkts_seen >= stcb->asoc.sack_freq) ||
2780 (stcb->asoc.delayed_ack == 0) ||
2781 (stcb->asoc.numduptsns) ||
2782 (stcb->asoc.send_sack == 1)) {
2783 if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) {
2784 (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer);
2786 sctp_send_sack(stcb);
2788 if (!SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) {
2789 sctp_timer_start(SCTP_TIMER_TYPE_RECV,
2790 stcb->sctp_ep, stcb, NULL);
2794 sctp_sack_check(stcb, 1, was_a_gap, &abort_flag);
2803 sctp_handle_segments(struct mbuf *m, int *offset, struct sctp_tcb *stcb, struct sctp_association *asoc,
2804 struct sctp_sack_chunk *ch, uint32_t last_tsn, uint32_t * biggest_tsn_acked,
2805 uint32_t * biggest_newly_acked_tsn, uint32_t * this_sack_lowest_newack,
2806 int num_seg, int *ecn_seg_sums)
2808 /************************************************/
2809 /* process fragments and update sendqueue */
2810 /************************************************/
2811 struct sctp_sack *sack;
2812 struct sctp_gap_ack_block *frag, block;
2813 struct sctp_tmit_chunk *tp1;
2818 uint16_t frag_strt, frag_end, primary_flag_set;
2819 u_long last_frag_high;
2822 * @@@ JRI : TODO: This flag is not used anywhere .. remove?
2824 if (asoc->primary_destination->dest_state & SCTP_ADDR_SWITCH_PRIMARY) {
2825 primary_flag_set = 1;
2827 primary_flag_set = 0;
2831 frag = (struct sctp_gap_ack_block *)sctp_m_getptr(m, *offset,
2832 sizeof(struct sctp_gap_ack_block), (uint8_t *) & block);
2833 *offset += sizeof(block);
2839 for (i = 0; i < num_seg; i++) {
2840 frag_strt = ntohs(frag->start);
2841 frag_end = ntohs(frag->end);
2842 /* some sanity checks on the fargment offsets */
2843 if (frag_strt > frag_end) {
2844 /* this one is malformed, skip */
2848 if (compare_with_wrap((frag_end + last_tsn), *biggest_tsn_acked,
2850 *biggest_tsn_acked = frag_end + last_tsn;
2852 /* mark acked dgs and find out the highestTSN being acked */
2854 tp1 = TAILQ_FIRST(&asoc->sent_queue);
2856 /* save the locations of the last frags */
2857 last_frag_high = frag_end + last_tsn;
2860 * now lets see if we need to reset the queue due to
2861 * a out-of-order SACK fragment
2863 if (compare_with_wrap(frag_strt + last_tsn,
2864 last_frag_high, MAX_TSN)) {
2866 * if the new frag starts after the last TSN
2867 * frag covered, we are ok and this one is
2868 * beyond the last one
2873 * ok, they have reset us, so we need to
2874 * reset the queue this will cause extra
2875 * hunting but hey, they chose the
2876 * performance hit when they failed to order
2879 tp1 = TAILQ_FIRST(&asoc->sent_queue);
2881 last_frag_high = frag_end + last_tsn;
2883 for (j = frag_strt + last_tsn; (compare_with_wrap((frag_end + last_tsn), j, MAX_TSN)); j++) {
2885 if (tp1->rec.data.doing_fast_retransmit)
2889 * CMT: CUCv2 algorithm. For each TSN being
2890 * processed from the sent queue, track the
2891 * next expected pseudo-cumack, or
2892 * rtx_pseudo_cumack, if required. Separate
2893 * cumack trackers for first transmissions,
2894 * and retransmissions.
2896 if ((tp1->whoTo->find_pseudo_cumack == 1) && (tp1->sent < SCTP_DATAGRAM_RESEND) &&
2897 (tp1->snd_count == 1)) {
2898 tp1->whoTo->pseudo_cumack = tp1->rec.data.TSN_seq;
2899 tp1->whoTo->find_pseudo_cumack = 0;
2901 if ((tp1->whoTo->find_rtx_pseudo_cumack == 1) && (tp1->sent < SCTP_DATAGRAM_RESEND) &&
2902 (tp1->snd_count > 1)) {
2903 tp1->whoTo->rtx_pseudo_cumack = tp1->rec.data.TSN_seq;
2904 tp1->whoTo->find_rtx_pseudo_cumack = 0;
2906 if (tp1->rec.data.TSN_seq == j) {
2907 if (tp1->sent != SCTP_DATAGRAM_UNSENT) {
2909 * must be held until
2913 * ECN Nonce: Add the nonce
2914 * value to the sender's
2917 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
2919 * If it is less than RESEND, it is
2920 * now no-longer in flight.
2921 * Higher values may already be set
2922 * via previous Gap Ack Blocks...
2923 * i.e. ACKED or RESEND.
2925 if (compare_with_wrap(tp1->rec.data.TSN_seq,
2926 *biggest_newly_acked_tsn, MAX_TSN)) {
2927 *biggest_newly_acked_tsn = tp1->rec.data.TSN_seq;
2936 * this_sack_highest_
2940 if (tp1->rec.data.chunk_was_revoked == 0)
2941 tp1->whoTo->saw_newack = 1;
2943 if (compare_with_wrap(tp1->rec.data.TSN_seq,
2944 tp1->whoTo->this_sack_highest_newack,
2946 tp1->whoTo->this_sack_highest_newack =
2947 tp1->rec.data.TSN_seq;
2952 * this_sack_lowest_n
2955 if (*this_sack_lowest_newack == 0) {
2956 if (sctp_logging_level & SCTP_SACK_LOGGING_ENABLE) {
2957 sctp_log_sack(*this_sack_lowest_newack,
2959 tp1->rec.data.TSN_seq,
2962 SCTP_LOG_TSN_ACKED);
2964 *this_sack_lowest_newack = tp1->rec.data.TSN_seq;
2969 * (rtx-)pseudo-cumac
2974 * (rtx-)pseudo-cumac
2976 * new_(rtx_)pseudo_c
2984 * (rtx-)pseudo-cumac
2992 if (tp1->rec.data.TSN_seq == tp1->whoTo->pseudo_cumack) {
2993 if (tp1->rec.data.chunk_was_revoked == 0) {
2994 tp1->whoTo->new_pseudo_cumack = 1;
2996 tp1->whoTo->find_pseudo_cumack = 1;
2998 if (sctp_logging_level & SCTP_CWND_LOGGING_ENABLE) {
2999 sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.TSN_seq, SCTP_CWND_LOG_FROM_SACK);
3001 if (tp1->rec.data.TSN_seq == tp1->whoTo->rtx_pseudo_cumack) {
3002 if (tp1->rec.data.chunk_was_revoked == 0) {
3003 tp1->whoTo->new_pseudo_cumack = 1;
3005 tp1->whoTo->find_rtx_pseudo_cumack = 1;
3007 if (sctp_logging_level & SCTP_SACK_LOGGING_ENABLE) {
3008 sctp_log_sack(*biggest_newly_acked_tsn,
3010 tp1->rec.data.TSN_seq,
3013 SCTP_LOG_TSN_ACKED);
3015 if (sctp_logging_level & SCTP_FLIGHT_LOGGING_ENABLE) {
3016 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_GAP,
3017 tp1->whoTo->flight_size,
3019 (uintptr_t) tp1->whoTo,
3020 tp1->rec.data.TSN_seq);
3022 sctp_flight_size_decrease(tp1);
3023 sctp_total_flight_decrease(stcb, tp1);
3025 tp1->whoTo->net_ack += tp1->send_size;
3026 if (tp1->snd_count < 2) {
3032 tp1->whoTo->net_ack2 += tp1->send_size;
3039 sctp_calculate_rto(stcb,
3042 &tp1->sent_rcv_time,
3043 sctp_align_safe_nocopy);
3048 if (tp1->sent <= SCTP_DATAGRAM_RESEND) {
3049 (*ecn_seg_sums) += tp1->rec.data.ect_nonce;
3050 (*ecn_seg_sums) &= SCTP_SACK_NONCE_SUM;
3051 if (compare_with_wrap(tp1->rec.data.TSN_seq,
3052 asoc->this_sack_highest_gap,
3054 asoc->this_sack_highest_gap =
3055 tp1->rec.data.TSN_seq;
3057 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
3058 sctp_ucount_decr(asoc->sent_queue_retran_cnt);
3059 #ifdef SCTP_AUDITING_ENABLED
3060 sctp_audit_log(0xB2,
3061 (asoc->sent_queue_retran_cnt & 0x000000ff));
3066 * All chunks NOT UNSENT
3067 * fall through here and are
3070 tp1->sent = SCTP_DATAGRAM_MARKED;
3071 if (tp1->rec.data.chunk_was_revoked) {
3072 /* deflate the cwnd */
3073 tp1->whoTo->cwnd -= tp1->book_size;
3074 tp1->rec.data.chunk_was_revoked = 0;
3078 } /* if (tp1->TSN_seq == j) */
3079 if (compare_with_wrap(tp1->rec.data.TSN_seq, j,
3083 tp1 = TAILQ_NEXT(tp1, sctp_next);
3084 } /* end while (tp1) */
3085 } /* end for (j = fragStart */
3086 frag = (struct sctp_gap_ack_block *)sctp_m_getptr(m, *offset,
3087 sizeof(struct sctp_gap_ack_block), (uint8_t *) & block);
3088 *offset += sizeof(block);
3093 if (sctp_logging_level & SCTP_FR_LOGGING_ENABLE) {
3095 sctp_log_fr(*biggest_tsn_acked,
3096 *biggest_newly_acked_tsn,
3097 last_tsn, SCTP_FR_LOG_BIGGEST_TSNS);
3102 sctp_check_for_revoked(struct sctp_tcb *stcb,
3103 struct sctp_association *asoc, uint32_t cumack,
3104 u_long biggest_tsn_acked)
3106 struct sctp_tmit_chunk *tp1;
3107 int tot_revoked = 0;
3109 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3111 if (compare_with_wrap(tp1->rec.data.TSN_seq, cumack,
3114 * ok this guy is either ACK or MARKED. If it is
3115 * ACKED it has been previously acked but not this
3116 * time i.e. revoked. If it is MARKED it was ACK'ed
3119 if (compare_with_wrap(tp1->rec.data.TSN_seq, biggest_tsn_acked,
3124 if (tp1->sent == SCTP_DATAGRAM_ACKED) {
3125 /* it has been revoked */
3126 tp1->sent = SCTP_DATAGRAM_SENT;
3127 tp1->rec.data.chunk_was_revoked = 1;
3129 * We must add this stuff back in to assure
3130 * timers and such get started.
3132 if (sctp_logging_level & SCTP_FLIGHT_LOGGING_ENABLE) {
3133 sctp_misc_ints(SCTP_FLIGHT_LOG_UP_REVOKE,
3134 tp1->whoTo->flight_size,
3136 (uintptr_t) tp1->whoTo,
3137 tp1->rec.data.TSN_seq);
3139 sctp_flight_size_increase(tp1);
3140 sctp_total_flight_increase(stcb, tp1);
3142 * We inflate the cwnd to compensate for our
3143 * artificial inflation of the flight_size.
3145 tp1->whoTo->cwnd += tp1->book_size;
3147 if (sctp_logging_level & SCTP_SACK_LOGGING_ENABLE) {
3148 sctp_log_sack(asoc->last_acked_seq,
3150 tp1->rec.data.TSN_seq,
3153 SCTP_LOG_TSN_REVOKED);
3155 } else if (tp1->sent == SCTP_DATAGRAM_MARKED) {
3156 /* it has been re-acked in this SACK */
3157 tp1->sent = SCTP_DATAGRAM_ACKED;
3160 if (tp1->sent == SCTP_DATAGRAM_UNSENT)
3162 tp1 = TAILQ_NEXT(tp1, sctp_next);
3164 if (tot_revoked > 0) {
3166 * Setup the ecn nonce re-sync point. We do this since once
3167 * data is revoked we begin to retransmit things, which do
3168 * NOT have the ECN bits set. This means we are now out of
3169 * sync and must wait until we get back in sync with the
3170 * peer to check ECN bits.
3172 tp1 = TAILQ_FIRST(&asoc->send_queue);
3174 asoc->nonce_resync_tsn = asoc->sending_seq;
3176 asoc->nonce_resync_tsn = tp1->rec.data.TSN_seq;
3178 asoc->nonce_wait_for_ecne = 0;
3179 asoc->nonce_sum_check = 0;
3184 sctp_strike_gap_ack_chunks(struct sctp_tcb *stcb, struct sctp_association *asoc,
3185 u_long biggest_tsn_acked, u_long biggest_tsn_newly_acked, u_long this_sack_lowest_newack, int accum_moved)
3187 struct sctp_tmit_chunk *tp1;
3188 int strike_flag = 0;
3190 int tot_retrans = 0;
3191 uint32_t sending_seq;
3192 struct sctp_nets *net;
3193 int num_dests_sacked = 0;
3196 * select the sending_seq, this is either the next thing ready to be
3197 * sent but not transmitted, OR, the next seq we assign.
3199 tp1 = TAILQ_FIRST(&stcb->asoc.send_queue);
3201 sending_seq = asoc->sending_seq;
3203 sending_seq = tp1->rec.data.TSN_seq;
3206 /* CMT DAC algo: finding out if SACK is a mixed SACK */
3207 if (sctp_cmt_on_off && sctp_cmt_use_dac) {
3208 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
3209 if (net->saw_newack)
3213 if (stcb->asoc.peer_supports_prsctp) {
3214 (void)SCTP_GETTIME_TIMEVAL(&now);
3216 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3219 if (tp1->no_fr_allowed) {
3220 /* this one had a timeout or something */
3221 tp1 = TAILQ_NEXT(tp1, sctp_next);
3224 if (sctp_logging_level & SCTP_FR_LOGGING_ENABLE) {
3225 if (tp1->sent < SCTP_DATAGRAM_RESEND)
3226 sctp_log_fr(biggest_tsn_newly_acked,
3227 tp1->rec.data.TSN_seq,
3229 SCTP_FR_LOG_CHECK_STRIKE);
3231 if (compare_with_wrap(tp1->rec.data.TSN_seq, biggest_tsn_acked,
3233 tp1->sent == SCTP_DATAGRAM_UNSENT) {
3237 if (stcb->asoc.peer_supports_prsctp) {
3238 if ((PR_SCTP_TTL_ENABLED(tp1->flags)) && tp1->sent < SCTP_DATAGRAM_ACKED) {
3239 /* Is it expired? */
3241 (timevalcmp(&now, &tp1->rec.data.timetodrop, >))
3243 /* Yes so drop it */
3244 if (tp1->data != NULL) {
3245 (void)sctp_release_pr_sctp_chunk(stcb, tp1,
3246 (SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_SENT),
3247 &asoc->sent_queue, SCTP_SO_NOT_LOCKED);
3249 tp1 = TAILQ_NEXT(tp1, sctp_next);
3253 if ((PR_SCTP_RTX_ENABLED(tp1->flags)) && tp1->sent < SCTP_DATAGRAM_ACKED) {
3254 /* Has it been retransmitted tv_sec times? */
3255 if (tp1->snd_count > tp1->rec.data.timetodrop.tv_sec) {
3256 /* Yes, so drop it */
3257 if (tp1->data != NULL) {
3258 (void)sctp_release_pr_sctp_chunk(stcb, tp1,
3259 (SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_SENT),
3260 &asoc->sent_queue, SCTP_SO_NOT_LOCKED);
3262 tp1 = TAILQ_NEXT(tp1, sctp_next);
3267 if (compare_with_wrap(tp1->rec.data.TSN_seq,
3268 asoc->this_sack_highest_gap, MAX_TSN)) {
3269 /* we are beyond the tsn in the sack */
3272 if (tp1->sent >= SCTP_DATAGRAM_RESEND) {
3273 /* either a RESEND, ACKED, or MARKED */
3275 tp1 = TAILQ_NEXT(tp1, sctp_next);
3279 * CMT : SFR algo (covers part of DAC and HTNA as well)
3281 if (tp1->whoTo && tp1->whoTo->saw_newack == 0) {
3283 * No new acks were receieved for data sent to this
3284 * dest. Therefore, according to the SFR algo for
3285 * CMT, no data sent to this dest can be marked for
3286 * FR using this SACK.
3288 tp1 = TAILQ_NEXT(tp1, sctp_next);
3290 } else if (tp1->whoTo && compare_with_wrap(tp1->rec.data.TSN_seq,
3291 tp1->whoTo->this_sack_highest_newack, MAX_TSN)) {
3293 * CMT: New acks were receieved for data sent to
3294 * this dest. But no new acks were seen for data
3295 * sent after tp1. Therefore, according to the SFR
3296 * algo for CMT, tp1 cannot be marked for FR using
3297 * this SACK. This step covers part of the DAC algo
3298 * and the HTNA algo as well.
3300 tp1 = TAILQ_NEXT(tp1, sctp_next);
3304 * Here we check to see if we were have already done a FR
3305 * and if so we see if the biggest TSN we saw in the sack is
3306 * smaller than the recovery point. If so we don't strike
3307 * the tsn... otherwise we CAN strike the TSN.
3310 * @@@ JRI: Check for CMT if (accum_moved &&
3311 * asoc->fast_retran_loss_recovery && (sctp_cmt_on_off ==
3314 if (accum_moved && asoc->fast_retran_loss_recovery) {
3316 * Strike the TSN if in fast-recovery and cum-ack
3319 if (sctp_logging_level & SCTP_FR_LOGGING_ENABLE) {
3320 sctp_log_fr(biggest_tsn_newly_acked,
3321 tp1->rec.data.TSN_seq,
3323 SCTP_FR_LOG_STRIKE_CHUNK);
3325 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3328 if (sctp_cmt_on_off && sctp_cmt_use_dac) {
3330 * CMT DAC algorithm: If SACK flag is set to
3331 * 0, then lowest_newack test will not pass
3332 * because it would have been set to the
3333 * cumack earlier. If not already to be
3334 * rtx'd, If not a mixed sack and if tp1 is
3335 * not between two sacked TSNs, then mark by
3336 * one more. NOTE that we are marking by one
3337 * additional time since the SACK DAC flag
3338 * indicates that two packets have been
3339 * received after this missing TSN.
3341 if ((tp1->sent < SCTP_DATAGRAM_RESEND) && (num_dests_sacked == 1) &&
3342 compare_with_wrap(this_sack_lowest_newack, tp1->rec.data.TSN_seq, MAX_TSN)) {
3343 if (sctp_logging_level & SCTP_FR_LOGGING_ENABLE) {
3344 sctp_log_fr(16 + num_dests_sacked,
3345 tp1->rec.data.TSN_seq,
3347 SCTP_FR_LOG_STRIKE_CHUNK);
3352 } else if ((tp1->rec.data.doing_fast_retransmit) && (sctp_cmt_on_off == 0)) {
3354 * For those that have done a FR we must take
3355 * special consideration if we strike. I.e the
3356 * biggest_newly_acked must be higher than the
3357 * sending_seq at the time we did the FR.
3360 #ifdef SCTP_FR_TO_ALTERNATE
3362 * If FR's go to new networks, then we must only do
3363 * this for singly homed asoc's. However if the FR's
3364 * go to the same network (Armando's work) then its
3365 * ok to FR multiple times.
3373 if ((compare_with_wrap(biggest_tsn_newly_acked,
3374 tp1->rec.data.fast_retran_tsn, MAX_TSN)) ||
3375 (biggest_tsn_newly_acked ==
3376 tp1->rec.data.fast_retran_tsn)) {
3378 * Strike the TSN, since this ack is
3379 * beyond where things were when we
3382 if (sctp_logging_level & SCTP_FR_LOGGING_ENABLE) {
3383 sctp_log_fr(biggest_tsn_newly_acked,
3384 tp1->rec.data.TSN_seq,
3386 SCTP_FR_LOG_STRIKE_CHUNK);
3388 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3392 if (sctp_cmt_on_off && sctp_cmt_use_dac) {
3394 * CMT DAC algorithm: If
3395 * SACK flag is set to 0,
3396 * then lowest_newack test
3397 * will not pass because it
3398 * would have been set to
3399 * the cumack earlier. If
3400 * not already to be rtx'd,
3401 * If not a mixed sack and
3402 * if tp1 is not between two
3403 * sacked TSNs, then mark by
3404 * one more. NOTE that we
3405 * are marking by one
3406 * additional time since the
3407 * SACK DAC flag indicates
3408 * that two packets have
3409 * been received after this
3412 if ((tp1->sent < SCTP_DATAGRAM_RESEND) &&
3413 (num_dests_sacked == 1) &&
3414 compare_with_wrap(this_sack_lowest_newack,
3415 tp1->rec.data.TSN_seq, MAX_TSN)) {
3416 if (sctp_logging_level & SCTP_FR_LOGGING_ENABLE) {
3417 sctp_log_fr(32 + num_dests_sacked,
3418 tp1->rec.data.TSN_seq,
3420 SCTP_FR_LOG_STRIKE_CHUNK);
3422 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3430 * JRI: TODO: remove code for HTNA algo. CMT's SFR
3433 } else if (compare_with_wrap(tp1->rec.data.TSN_seq,
3434 biggest_tsn_newly_acked, MAX_TSN)) {
3436 * We don't strike these: This is the HTNA
3437 * algorithm i.e. we don't strike If our TSN is
3438 * larger than the Highest TSN Newly Acked.
3442 /* Strike the TSN */
3443 if (sctp_logging_level & SCTP_FR_LOGGING_ENABLE) {
3444 sctp_log_fr(biggest_tsn_newly_acked,
3445 tp1->rec.data.TSN_seq,
3447 SCTP_FR_LOG_STRIKE_CHUNK);
3449 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3452 if (sctp_cmt_on_off && sctp_cmt_use_dac) {
3454 * CMT DAC algorithm: If SACK flag is set to
3455 * 0, then lowest_newack test will not pass
3456 * because it would have been set to the
3457 * cumack earlier. If not already to be
3458 * rtx'd, If not a mixed sack and if tp1 is
3459 * not between two sacked TSNs, then mark by
3460 * one more. NOTE that we are marking by one
3461 * additional time since the SACK DAC flag
3462 * indicates that two packets have been
3463 * received after this missing TSN.
3465 if ((tp1->sent < SCTP_DATAGRAM_RESEND) && (num_dests_sacked == 1) &&
3466 compare_with_wrap(this_sack_lowest_newack, tp1->rec.data.TSN_seq, MAX_TSN)) {
3467 if (sctp_logging_level & SCTP_FR_LOGGING_ENABLE) {
3468 sctp_log_fr(48 + num_dests_sacked,
3469 tp1->rec.data.TSN_seq,
3471 SCTP_FR_LOG_STRIKE_CHUNK);
3477 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
3478 /* Increment the count to resend */
3479 struct sctp_nets *alt;
3481 /* printf("OK, we are now ready to FR this guy\n"); */
3482 if (sctp_logging_level & SCTP_FR_LOGGING_ENABLE) {
3483 sctp_log_fr(tp1->rec.data.TSN_seq, tp1->snd_count,
3487 /* This is a subsequent FR */
3488 SCTP_STAT_INCR(sctps_sendmultfastretrans);
3490 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
3491 if (sctp_cmt_on_off) {
3493 * CMT: Using RTX_SSTHRESH policy for CMT.
3494 * If CMT is being used, then pick dest with
3495 * largest ssthresh for any retransmission.
3497 tp1->no_fr_allowed = 1;
3499 /* sa_ignore NO_NULL_CHK */
3500 if (sctp_cmt_on_off && sctp_cmt_pf) {
3502 * JRS 5/18/07 - If CMT PF is on,
3503 * use the PF version of
3506 alt = sctp_find_alternate_net(stcb, alt, 2);
3509 * JRS 5/18/07 - If only CMT is on,
3510 * use the CMT version of
3513 /* sa_ignore NO_NULL_CHK */
3514 alt = sctp_find_alternate_net(stcb, alt, 1);
3520 * CUCv2: If a different dest is picked for
3521 * the retransmission, then new
3522 * (rtx-)pseudo_cumack needs to be tracked
3523 * for orig dest. Let CUCv2 track new (rtx-)
3524 * pseudo-cumack always.
3527 tp1->whoTo->find_pseudo_cumack = 1;
3528 tp1->whoTo->find_rtx_pseudo_cumack = 1;
3530 } else {/* CMT is OFF */
3532 #ifdef SCTP_FR_TO_ALTERNATE
3533 /* Can we find an alternate? */
3534 alt = sctp_find_alternate_net(stcb, tp1->whoTo, 0);
3537 * default behavior is to NOT retransmit
3538 * FR's to an alternate. Armando Caro's
3539 * paper details why.
3545 tp1->rec.data.doing_fast_retransmit = 1;
3547 /* mark the sending seq for possible subsequent FR's */
3549 * printf("Marking TSN for FR new value %x\n",
3550 * (uint32_t)tpi->rec.data.TSN_seq);
3552 if (TAILQ_EMPTY(&asoc->send_queue)) {
3554 * If the queue of send is empty then its
3555 * the next sequence number that will be
3556 * assigned so we subtract one from this to
3557 * get the one we last sent.
3559 tp1->rec.data.fast_retran_tsn = sending_seq;
3562 * If there are chunks on the send queue
3563 * (unsent data that has made it from the
3564 * stream queues but not out the door, we
3565 * take the first one (which will have the
3566 * lowest TSN) and subtract one to get the
3569 struct sctp_tmit_chunk *ttt;
3571 ttt = TAILQ_FIRST(&asoc->send_queue);
3572 tp1->rec.data.fast_retran_tsn =
3573 ttt->rec.data.TSN_seq;
3578 * this guy had a RTO calculation pending on
3583 /* fix counts and things */
3584 if (sctp_logging_level & SCTP_FLIGHT_LOGGING_ENABLE) {
3585 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_RSND,
3586 (tp1->whoTo ? (tp1->whoTo->flight_size) : 0),
3588 (uintptr_t) tp1->whoTo,
3589 tp1->rec.data.TSN_seq);
3592 tp1->whoTo->net_ack++;
3593 sctp_flight_size_decrease(tp1);
3595 if (sctp_logging_level & SCTP_LOG_RWND_ENABLE) {
3596 sctp_log_rwnd(SCTP_INCREASE_PEER_RWND,
3597 asoc->peers_rwnd, tp1->send_size, sctp_peer_chunk_oh);
3599 /* add back to the rwnd */
3600 asoc->peers_rwnd += (tp1->send_size + sctp_peer_chunk_oh);
3602 /* remove from the total flight */
3603 sctp_total_flight_decrease(stcb, tp1);
3604 if (alt != tp1->whoTo) {
3605 /* yes, there is an alternate. */
3606 sctp_free_remote_addr(tp1->whoTo);
3607 /* sa_ignore FREED_MEMORY */
3609 atomic_add_int(&alt->ref_count, 1);
3612 tp1 = TAILQ_NEXT(tp1, sctp_next);
3615 if (tot_retrans > 0) {
3617 * Setup the ecn nonce re-sync point. We do this since once
3618 * we go to FR something we introduce a Karn's rule scenario
3619 * and won't know the totals for the ECN bits.
3621 asoc->nonce_resync_tsn = sending_seq;
3622 asoc->nonce_wait_for_ecne = 0;
3623 asoc->nonce_sum_check = 0;
3627 struct sctp_tmit_chunk *
3628 sctp_try_advance_peer_ack_point(struct sctp_tcb *stcb,
3629 struct sctp_association *asoc)
3631 struct sctp_tmit_chunk *tp1, *tp2, *a_adv = NULL;
3635 if (asoc->peer_supports_prsctp == 0) {
3638 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3640 if (tp1->sent != SCTP_FORWARD_TSN_SKIP &&
3641 tp1->sent != SCTP_DATAGRAM_RESEND) {
3642 /* no chance to advance, out of here */
3645 if (!PR_SCTP_ENABLED(tp1->flags)) {
3647 * We can't fwd-tsn past any that are reliable aka
3648 * retransmitted until the asoc fails.
3653 (void)SCTP_GETTIME_TIMEVAL(&now);
3656 tp2 = TAILQ_NEXT(tp1, sctp_next);
3658 * now we got a chunk which is marked for another
3659 * retransmission to a PR-stream but has run out its chances
3660 * already maybe OR has been marked to skip now. Can we skip
3661 * it if its a resend?
3663 if (tp1->sent == SCTP_DATAGRAM_RESEND &&
3664 (PR_SCTP_TTL_ENABLED(tp1->flags))) {
3666 * Now is this one marked for resend and its time is
3669 if (timevalcmp(&now, &tp1->rec.data.timetodrop, >)) {
3670 /* Yes so drop it */
3672 (void)sctp_release_pr_sctp_chunk(stcb, tp1,
3673 (SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_SENT),
3674 &asoc->sent_queue, SCTP_SO_NOT_LOCKED);
3678 * No, we are done when hit one for resend
3679 * whos time as not expired.
3685 * Ok now if this chunk is marked to drop it we can clean up
3686 * the chunk, advance our peer ack point and we can check
3689 if (tp1->sent == SCTP_FORWARD_TSN_SKIP) {
3690 /* advance PeerAckPoint goes forward */
3691 asoc->advanced_peer_ack_point = tp1->rec.data.TSN_seq;
3694 * we don't want to de-queue it here. Just wait for
3695 * the next peer SACK to come with a new cumTSN and
3696 * then the chunk will be droped in the normal
3700 sctp_free_bufspace(stcb, asoc, tp1, 1);
3702 * Maybe there should be another
3705 sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb,
3706 (SCTP_RESPONSE_TO_USER_REQ | SCTP_NOTIFY_DATAGRAM_SENT),
3707 tp1, SCTP_SO_NOT_LOCKED);
3708 sctp_m_freem(tp1->data);
3710 if (stcb->sctp_socket) {
3711 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3714 so = SCTP_INP_SO(stcb->sctp_ep);
3715 atomic_add_int(&stcb->asoc.refcnt, 1);
3716 SCTP_TCB_UNLOCK(stcb);
3717 SCTP_SOCKET_LOCK(so, 1);
3718 SCTP_TCB_LOCK(stcb);
3719 atomic_subtract_int(&stcb->asoc.refcnt, 1);
3720 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
3722 * assoc was freed while we
3725 SCTP_SOCKET_UNLOCK(so, 1);
3729 sctp_sowwakeup(stcb->sctp_ep, stcb->sctp_socket);
3730 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
3731 SCTP_SOCKET_UNLOCK(so, 1);
3733 if (sctp_logging_level & SCTP_WAKE_LOGGING_ENABLE) {
3734 sctp_wakeup_log(stcb, tp1->rec.data.TSN_seq, 1, SCTP_WAKESND_FROM_FWDTSN);
3740 * If it is still in RESEND we can advance no
3746 * If we hit here we just dumped tp1, move to next tsn on
3755 sctp_fs_audit(struct sctp_association *asoc)
3757 struct sctp_tmit_chunk *chk;
3758 int inflight = 0, resend = 0, inbetween = 0, acked = 0, above = 0;
3760 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
3761 if (chk->sent < SCTP_DATAGRAM_RESEND) {
3763 } else if (chk->sent == SCTP_DATAGRAM_RESEND) {
3765 } else if (chk->sent < SCTP_DATAGRAM_ACKED) {
3767 } else if (chk->sent > SCTP_DATAGRAM_ACKED) {
3774 if ((inflight > 0) || (inbetween > 0)) {
3776 panic("Flight size-express incorrect? \n");
3778 SCTP_PRINTF("Flight size-express incorrect inflight:%d inbetween:%d\n",
3779 inflight, inbetween);
3786 sctp_window_probe_recovery(struct sctp_tcb *stcb,
3787 struct sctp_association *asoc,
3788 struct sctp_nets *net,
3789 struct sctp_tmit_chunk *tp1)
3791 struct sctp_tmit_chunk *chk;
3793 /* First setup this one and get it moved back */
3794 tp1->sent = SCTP_DATAGRAM_UNSENT;
3795 if (sctp_logging_level & SCTP_FLIGHT_LOGGING_ENABLE) {
3796 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_WP,
3797 tp1->whoTo->flight_size,
3799 (uintptr_t) tp1->whoTo,
3800 tp1->rec.data.TSN_seq);
3802 sctp_flight_size_decrease(tp1);
3803 sctp_total_flight_decrease(stcb, tp1);
3804 TAILQ_REMOVE(&asoc->sent_queue, tp1, sctp_next);
3805 TAILQ_INSERT_HEAD(&asoc->send_queue, tp1, sctp_next);
3806 asoc->sent_queue_cnt--;
3807 asoc->send_queue_cnt++;
3809 * Now all guys marked for RESEND on the sent_queue must be moved
3812 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
3813 if (chk->sent == SCTP_DATAGRAM_RESEND) {
3814 /* Another chunk to move */
3815 chk->sent = SCTP_DATAGRAM_UNSENT;
3816 /* It should not be in flight */
3817 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next);
3818 TAILQ_INSERT_AFTER(&asoc->send_queue, tp1, chk, sctp_next);
3819 asoc->sent_queue_cnt--;
3820 asoc->send_queue_cnt++;
3821 sctp_ucount_decr(asoc->sent_queue_retran_cnt);
3827 sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack,
3828 uint32_t rwnd, int nonce_sum_flag, int *abort_now)
3830 struct sctp_nets *net;
3831 struct sctp_association *asoc;
3832 struct sctp_tmit_chunk *tp1, *tp2;
3834 int win_probe_recovery = 0;
3835 int win_probe_recovered = 0;
3836 int j, done_once = 0;
3838 if (sctp_logging_level & SCTP_LOG_SACK_ARRIVALS_ENABLE) {
3839 sctp_misc_ints(SCTP_SACK_LOG_EXPRESS, cumack,
3840 rwnd, stcb->asoc.last_acked_seq, stcb->asoc.peers_rwnd);
3842 SCTP_TCB_LOCK_ASSERT(stcb);
3843 #ifdef SCTP_ASOCLOG_OF_TSNS
3844 stcb->asoc.cumack_log[stcb->asoc.cumack_log_at] = cumack;
3845 stcb->asoc.cumack_log_at++;
3846 if (stcb->asoc.cumack_log_at > SCTP_TSN_LOG_SIZE) {
3847 stcb->asoc.cumack_log_at = 0;
3851 old_rwnd = asoc->peers_rwnd;
3852 if (compare_with_wrap(asoc->last_acked_seq, cumack, MAX_TSN)) {
3855 } else if (asoc->last_acked_seq == cumack) {
3856 /* Window update sack */
3857 asoc->peers_rwnd = sctp_sbspace_sub(rwnd,
3858 (uint32_t) (asoc->total_flight + (asoc->sent_queue_cnt * sctp_peer_chunk_oh)));
3859 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
3860 /* SWS sender side engages */
3861 asoc->peers_rwnd = 0;
3863 if (asoc->peers_rwnd > old_rwnd) {
3868 /* First setup for CC stuff */
3869 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
3870 net->prev_cwnd = net->cwnd;
3875 * CMT: Reset CUC and Fast recovery algo variables before
3878 net->new_pseudo_cumack = 0;
3879 net->will_exit_fast_recovery = 0;
3881 if (sctp_strict_sacks) {
3884 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
3885 tp1 = TAILQ_LAST(&asoc->sent_queue,
3886 sctpchunk_listhead);
3887 send_s = tp1->rec.data.TSN_seq + 1;
3889 send_s = asoc->sending_seq;
3891 if ((cumack == send_s) ||
3892 compare_with_wrap(cumack, send_s, MAX_TSN)) {
3898 panic("Impossible sack 1");
3902 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
3903 0, M_DONTWAIT, 1, MT_DATA);
3905 struct sctp_paramhdr *ph;
3908 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
3910 ph = mtod(oper, struct sctp_paramhdr *);
3911 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
3912 ph->param_length = htons(SCTP_BUF_LEN(oper));
3913 ippp = (uint32_t *) (ph + 1);
3914 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_25);
3916 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_25;
3917 sctp_abort_an_association(stcb->sctp_ep, stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
3922 asoc->this_sack_highest_gap = cumack;
3923 if (sctp_logging_level & SCTP_THRESHOLD_LOGGING) {
3924 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
3925 stcb->asoc.overall_error_count,
3927 SCTP_FROM_SCTP_INDATA,
3930 stcb->asoc.overall_error_count = 0;
3931 if (compare_with_wrap(cumack, asoc->last_acked_seq, MAX_TSN)) {
3932 /* process the new consecutive TSN first */
3933 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3935 tp2 = TAILQ_NEXT(tp1, sctp_next);
3936 if (compare_with_wrap(cumack, tp1->rec.data.TSN_seq,
3938 cumack == tp1->rec.data.TSN_seq) {
3939 if (tp1->sent == SCTP_DATAGRAM_UNSENT) {
3940 printf("Warning, an unsent is now acked?\n");
3943 * ECN Nonce: Add the nonce to the sender's
3946 asoc->nonce_sum_expect_base += tp1->rec.data.ect_nonce;
3947 if (tp1->sent < SCTP_DATAGRAM_ACKED) {
3949 * If it is less than ACKED, it is
3950 * now no-longer in flight. Higher
3951 * values may occur during marking
3953 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3954 if (sctp_logging_level & SCTP_FLIGHT_LOGGING_ENABLE) {
3955 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_CA,
3956 tp1->whoTo->flight_size,
3958 (uintptr_t) tp1->whoTo,
3959 tp1->rec.data.TSN_seq);
3961 sctp_flight_size_decrease(tp1);
3962 /* sa_ignore NO_NULL_CHK */
3963 sctp_total_flight_decrease(stcb, tp1);
3965 tp1->whoTo->net_ack += tp1->send_size;
3966 if (tp1->snd_count < 2) {
3968 * True non-retransmited
3971 tp1->whoTo->net_ack2 +=
3974 /* update RTO too? */
3981 sctp_calculate_rto(stcb,
3983 &tp1->sent_rcv_time,
3984 sctp_align_safe_nocopy);
3989 * CMT: CUCv2 algorithm. From the
3990 * cumack'd TSNs, for each TSN being
3991 * acked for the first time, set the
3992 * following variables for the
3993 * corresp destination.
3994 * new_pseudo_cumack will trigger a
3996 * find_(rtx_)pseudo_cumack will
3997 * trigger search for the next
3998 * expected (rtx-)pseudo-cumack.
4000 tp1->whoTo->new_pseudo_cumack = 1;
4001 tp1->whoTo->find_pseudo_cumack = 1;
4002 tp1->whoTo->find_rtx_pseudo_cumack = 1;
4004 if (sctp_logging_level & SCTP_CWND_LOGGING_ENABLE) {
4005 /* sa_ignore NO_NULL_CHK */
4006 sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.TSN_seq, SCTP_CWND_LOG_FROM_SACK);
4009 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
4010 sctp_ucount_decr(asoc->sent_queue_retran_cnt);
4012 if (tp1->rec.data.chunk_was_revoked) {
4013 /* deflate the cwnd */
4014 tp1->whoTo->cwnd -= tp1->book_size;
4015 tp1->rec.data.chunk_was_revoked = 0;
4017 tp1->sent = SCTP_DATAGRAM_ACKED;
4018 TAILQ_REMOVE(&asoc->sent_queue, tp1, sctp_next);
4020 /* sa_ignore NO_NULL_CHK */
4021 sctp_free_bufspace(stcb, asoc, tp1, 1);
4022 sctp_m_freem(tp1->data);
4024 if (sctp_logging_level & SCTP_SACK_LOGGING_ENABLE) {
4025 sctp_log_sack(asoc->last_acked_seq,
4027 tp1->rec.data.TSN_seq,
4030 SCTP_LOG_FREE_SENT);
4033 asoc->sent_queue_cnt--;
4034 sctp_free_a_chunk(stcb, tp1);
4042 /* sa_ignore NO_NULL_CHK */
4043 if (stcb->sctp_socket) {
4044 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4049 SOCKBUF_LOCK(&stcb->sctp_socket->so_snd);
4050 if (sctp_logging_level & SCTP_WAKE_LOGGING_ENABLE) {
4051 /* sa_ignore NO_NULL_CHK */
4052 sctp_wakeup_log(stcb, cumack, 1, SCTP_WAKESND_FROM_SACK);
4054 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4055 so = SCTP_INP_SO(stcb->sctp_ep);
4056 atomic_add_int(&stcb->asoc.refcnt, 1);
4057 SCTP_TCB_UNLOCK(stcb);
4058 SCTP_SOCKET_LOCK(so, 1);
4059 SCTP_TCB_LOCK(stcb);
4060 atomic_subtract_int(&stcb->asoc.refcnt, 1);
4061 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
4062 /* assoc was freed while we were unlocked */
4063 SCTP_SOCKET_UNLOCK(so, 1);
4067 sctp_sowwakeup_locked(stcb->sctp_ep, stcb->sctp_socket);
4068 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4069 SCTP_SOCKET_UNLOCK(so, 1);
4072 if (sctp_logging_level & SCTP_WAKE_LOGGING_ENABLE) {
4073 sctp_wakeup_log(stcb, cumack, 1, SCTP_NOWAKE_FROM_SACK);
4077 /* JRS - Use the congestion control given in the CC module */
4078 if (asoc->last_acked_seq != cumack)
4079 asoc->cc_functions.sctp_cwnd_update_after_sack(stcb, asoc, 1, 0, 0);
4081 asoc->last_acked_seq = cumack;
4083 if (TAILQ_EMPTY(&asoc->sent_queue)) {
4084 /* nothing left in-flight */
4085 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4086 net->flight_size = 0;
4087 net->partial_bytes_acked = 0;
4089 asoc->total_flight = 0;
4090 asoc->total_flight_count = 0;
4092 /* Fix up the a-p-a-p for future PR-SCTP sends */
4093 if (compare_with_wrap(cumack, asoc->advanced_peer_ack_point, MAX_TSN)) {
4094 asoc->advanced_peer_ack_point = cumack;
4096 /* ECN Nonce updates */
4097 if (asoc->ecn_nonce_allowed) {
4098 if (asoc->nonce_sum_check) {
4099 if (nonce_sum_flag != ((asoc->nonce_sum_expect_base) & SCTP_SACK_NONCE_SUM)) {
4100 if (asoc->nonce_wait_for_ecne == 0) {
4101 struct sctp_tmit_chunk *lchk;
4103 lchk = TAILQ_FIRST(&asoc->send_queue);
4104 asoc->nonce_wait_for_ecne = 1;
4106 asoc->nonce_wait_tsn = lchk->rec.data.TSN_seq;
4108 asoc->nonce_wait_tsn = asoc->sending_seq;
4111 if (compare_with_wrap(asoc->last_acked_seq, asoc->nonce_wait_tsn, MAX_TSN) ||
4112 (asoc->last_acked_seq == asoc->nonce_wait_tsn)) {
4114 * Misbehaving peer. We need
4115 * to react to this guy
4117 asoc->ecn_allowed = 0;
4118 asoc->ecn_nonce_allowed = 0;
4123 /* See if Resynchronization Possible */
4124 if (compare_with_wrap(asoc->last_acked_seq, asoc->nonce_resync_tsn, MAX_TSN)) {
4125 asoc->nonce_sum_check = 1;
4127 * now we must calculate what the base is.
4128 * We do this based on two things, we know
4129 * the total's for all the segments
4130 * gap-acked in the SACK (none), We also
4131 * know the SACK's nonce sum, its in
4132 * nonce_sum_flag. So we can build a truth
4133 * table to back-calculate the new value of
4134 * asoc->nonce_sum_expect_base:
4136 * SACK-flag-Value Seg-Sums Base 0 0 0
4140 asoc->nonce_sum_expect_base = (0 ^ nonce_sum_flag) & SCTP_SACK_NONCE_SUM;
4145 asoc->peers_rwnd = sctp_sbspace_sub(rwnd,
4146 (uint32_t) (asoc->total_flight + (asoc->sent_queue_cnt * sctp_peer_chunk_oh)));
4147 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4148 /* SWS sender side engages */
4149 asoc->peers_rwnd = 0;
4151 if (asoc->peers_rwnd > old_rwnd) {
4152 win_probe_recovery = 1;
4154 /* Now assure a timer where data is queued at */
4157 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4158 if (win_probe_recovery && (net->window_probe)) {
4159 net->window_probe = 0;
4160 win_probe_recovered = 1;
4162 * Find first chunk that was used with window probe
4163 * and clear the sent
4165 /* sa_ignore FREED_MEMORY */
4166 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4167 if (tp1->window_probe) {
4168 /* move back to data send queue */
4169 sctp_window_probe_recovery(stcb, asoc, net, tp1);
4174 if (net->flight_size) {
4177 if (net->RTO == 0) {
4178 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto);
4180 to_ticks = MSEC_TO_TICKS(net->RTO);
4183 (void)SCTP_OS_TIMER_START(&net->rxt_timer.timer, to_ticks,
4184 sctp_timeout_handler, &net->rxt_timer);
4186 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
4187 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4189 SCTP_FROM_SCTP_INDATA + SCTP_LOC_22);
4191 if (sctp_early_fr) {
4192 if (SCTP_OS_TIMER_PENDING(&net->fr_timer.timer)) {
4193 SCTP_STAT_INCR(sctps_earlyfrstpidsck4);
4194 sctp_timer_stop(SCTP_TIMER_TYPE_EARLYFR, stcb->sctp_ep, stcb, net,
4195 SCTP_FROM_SCTP_INDATA + SCTP_LOC_23);
4201 (!TAILQ_EMPTY(&asoc->sent_queue)) &&
4202 (asoc->sent_queue_retran_cnt == 0) &&
4203 (win_probe_recovered == 0) &&
4205 /* huh, this should not happen */
4206 sctp_fs_audit(asoc);
4207 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4208 net->flight_size = 0;
4210 asoc->total_flight = 0;
4211 asoc->total_flight_count = 0;
4212 asoc->sent_queue_retran_cnt = 0;
4213 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4214 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
4215 sctp_flight_size_increase(tp1);
4216 sctp_total_flight_increase(stcb, tp1);
4217 } else if (tp1->sent == SCTP_DATAGRAM_RESEND) {
4218 asoc->sent_queue_retran_cnt++;
4224 /**********************************/
4225 /* Now what about shutdown issues */
4226 /**********************************/
4227 if (TAILQ_EMPTY(&asoc->send_queue) && TAILQ_EMPTY(&asoc->sent_queue)) {
4228 /* nothing left on sendqueue.. consider done */
4230 if ((asoc->stream_queue_cnt == 1) &&
4231 ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) ||
4232 (asoc->state & SCTP_STATE_SHUTDOWN_RECEIVED)) &&
4233 (asoc->locked_on_sending)
4235 struct sctp_stream_queue_pending *sp;
4238 * I may be in a state where we got all across.. but
4239 * cannot write more due to a shutdown... we abort
4240 * since the user did not indicate EOR in this case.
4241 * The sp will be cleaned during free of the asoc.
4243 sp = TAILQ_LAST(&((asoc->locked_on_sending)->outqueue),
4245 if ((sp) && (sp->length == 0)) {
4246 /* Let cleanup code purge it */
4247 if (sp->msg_is_complete) {
4248 asoc->stream_queue_cnt--;
4250 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT;
4251 asoc->locked_on_sending = NULL;
4252 asoc->stream_queue_cnt--;
4256 if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) &&
4257 (asoc->stream_queue_cnt == 0)) {
4258 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4259 /* Need to abort here */
4265 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
4266 0, M_DONTWAIT, 1, MT_DATA);
4268 struct sctp_paramhdr *ph;
4271 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
4273 ph = mtod(oper, struct sctp_paramhdr *);
4274 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
4275 ph->param_length = htons(SCTP_BUF_LEN(oper));
4276 ippp = (uint32_t *) (ph + 1);
4277 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_24);
4279 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_24;
4280 sctp_abort_an_association(stcb->sctp_ep, stcb, SCTP_RESPONSE_TO_USER_REQ, oper, SCTP_SO_NOT_LOCKED);
4282 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) ||
4283 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
4284 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4286 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
4287 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4288 sctp_stop_timers_for_shutdown(stcb);
4289 sctp_send_shutdown(stcb,
4290 stcb->asoc.primary_destination);
4291 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
4292 stcb->sctp_ep, stcb, asoc->primary_destination);
4293 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
4294 stcb->sctp_ep, stcb, asoc->primary_destination);
4296 } else if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) &&
4297 (asoc->stream_queue_cnt == 0)) {
4298 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4301 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4302 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_ACK_SENT);
4303 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4304 sctp_send_shutdown_ack(stcb,
4305 stcb->asoc.primary_destination);
4307 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK,
4308 stcb->sctp_ep, stcb, asoc->primary_destination);
4311 if (sctp_logging_level & SCTP_SACK_RWND_LOGGING_ENABLE) {
4312 sctp_misc_ints(SCTP_SACK_RWND_UPDATE,
4314 stcb->asoc.peers_rwnd,
4315 stcb->asoc.total_flight,
4316 stcb->asoc.total_output_queue_size);
4321 sctp_handle_sack(struct mbuf *m, int offset,
4322 struct sctp_sack_chunk *ch, struct sctp_tcb *stcb,
4323 struct sctp_nets *net_from, int *abort_now, int sack_len, uint32_t rwnd)
4325 struct sctp_association *asoc;
4326 struct sctp_sack *sack;
4327 struct sctp_tmit_chunk *tp1, *tp2;
4328 uint32_t cum_ack, last_tsn, biggest_tsn_acked, biggest_tsn_newly_acked,
4329 this_sack_lowest_newack;
4330 uint32_t sav_cum_ack;
4331 uint16_t num_seg, num_dup;
4332 uint16_t wake_him = 0;
4333 unsigned int sack_length;
4334 uint32_t send_s = 0;
4336 int accum_moved = 0;
4337 int will_exit_fast_recovery = 0;
4338 uint32_t a_rwnd, old_rwnd;
4339 int win_probe_recovery = 0;
4340 int win_probe_recovered = 0;
4341 struct sctp_nets *net = NULL;
4342 int nonce_sum_flag, ecn_seg_sums = 0;
4344 uint8_t reneged_all = 0;
4345 uint8_t cmt_dac_flag;
4348 * we take any chance we can to service our queues since we cannot
4349 * get awoken when the socket is read from :<
4352 * Now perform the actual SACK handling: 1) Verify that it is not an
4353 * old sack, if so discard. 2) If there is nothing left in the send
4354 * queue (cum-ack is equal to last acked) then you have a duplicate
4355 * too, update any rwnd change and verify no timers are running.
4356 * then return. 3) Process any new consequtive data i.e. cum-ack
4357 * moved process these first and note that it moved. 4) Process any
4358 * sack blocks. 5) Drop any acked from the queue. 6) Check for any
4359 * revoked blocks and mark. 7) Update the cwnd. 8) Nothing left,
4360 * sync up flightsizes and things, stop all timers and also check
4361 * for shutdown_pending state. If so then go ahead and send off the
4362 * shutdown. If in shutdown recv, send off the shutdown-ack and
4363 * start that timer, Ret. 9) Strike any non-acked things and do FR
4364 * procedure if needed being sure to set the FR flag. 10) Do pr-sctp
4365 * procedures. 11) Apply any FR penalties. 12) Assure we will SACK
4366 * if in shutdown_recv state.
4368 SCTP_TCB_LOCK_ASSERT(stcb);
4371 this_sack_lowest_newack = 0;
4373 sack_length = (unsigned int)sack_len;
4375 SCTP_STAT_INCR(sctps_slowpath_sack);
4376 nonce_sum_flag = ch->ch.chunk_flags & SCTP_SACK_NONCE_SUM;
4377 cum_ack = last_tsn = ntohl(sack->cum_tsn_ack);
4378 #ifdef SCTP_ASOCLOG_OF_TSNS
4379 stcb->asoc.cumack_log[stcb->asoc.cumack_log_at] = cum_ack;
4380 stcb->asoc.cumack_log_at++;
4381 if (stcb->asoc.cumack_log_at > SCTP_TSN_LOG_SIZE) {
4382 stcb->asoc.cumack_log_at = 0;
4385 num_seg = ntohs(sack->num_gap_ack_blks);
4388 if (sctp_logging_level & SCTP_LOG_SACK_ARRIVALS_ENABLE) {
4389 sctp_misc_ints(SCTP_SACK_LOG_NORMAL, cum_ack,
4390 rwnd, stcb->asoc.last_acked_seq, stcb->asoc.peers_rwnd);
4393 cmt_dac_flag = ch->ch.chunk_flags & SCTP_SACK_CMT_DAC;
4394 num_dup = ntohs(sack->num_dup_tsns);
4396 old_rwnd = stcb->asoc.peers_rwnd;
4397 if (sctp_logging_level & SCTP_THRESHOLD_LOGGING) {
4398 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4399 stcb->asoc.overall_error_count,
4401 SCTP_FROM_SCTP_INDATA,
4404 stcb->asoc.overall_error_count = 0;
4406 if (sctp_logging_level & SCTP_SACK_LOGGING_ENABLE) {
4407 sctp_log_sack(asoc->last_acked_seq,
4414 if ((num_dup) && (sctp_logging_level & (SCTP_FR_LOGGING_ENABLE | SCTP_EARLYFR_LOGGING_ENABLE))) {
4415 int off_to_dup, iii;
4416 uint32_t *dupdata, dblock;
4418 off_to_dup = (num_seg * sizeof(struct sctp_gap_ack_block)) + sizeof(struct sctp_sack_chunk);
4419 if ((off_to_dup + (num_dup * sizeof(uint32_t))) <= sack_length) {
4420 dupdata = (uint32_t *) sctp_m_getptr(m, off_to_dup,
4421 sizeof(uint32_t), (uint8_t *) & dblock);
4422 off_to_dup += sizeof(uint32_t);
4424 for (iii = 0; iii < num_dup; iii++) {
4425 sctp_log_fr(*dupdata, 0, 0, SCTP_FR_DUPED);
4426 dupdata = (uint32_t *) sctp_m_getptr(m, off_to_dup,
4427 sizeof(uint32_t), (uint8_t *) & dblock);
4428 if (dupdata == NULL)
4430 off_to_dup += sizeof(uint32_t);
4434 SCTP_PRINTF("Size invalid offset to dups:%d number dups:%d sack_len:%d num gaps:%d\n",
4435 off_to_dup, num_dup, sack_length, num_seg);
4438 if (sctp_strict_sacks) {
4440 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
4441 tp1 = TAILQ_LAST(&asoc->sent_queue,
4442 sctpchunk_listhead);
4443 send_s = tp1->rec.data.TSN_seq + 1;
4445 send_s = asoc->sending_seq;
4447 if (cum_ack == send_s ||
4448 compare_with_wrap(cum_ack, send_s, MAX_TSN)) {
4455 panic("Impossible sack 1");
4460 * no way, we have not even sent this TSN out yet.
4461 * Peer is hopelessly messed up with us.
4466 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
4467 0, M_DONTWAIT, 1, MT_DATA);
4469 struct sctp_paramhdr *ph;
4472 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
4474 ph = mtod(oper, struct sctp_paramhdr *);
4475 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
4476 ph->param_length = htons(SCTP_BUF_LEN(oper));
4477 ippp = (uint32_t *) (ph + 1);
4478 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_25);
4480 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_25;
4481 sctp_abort_an_association(stcb->sctp_ep, stcb, SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
4486 /**********************/
4487 /* 1) check the range */
4488 /**********************/
4489 if (compare_with_wrap(asoc->last_acked_seq, last_tsn, MAX_TSN)) {
4490 /* acking something behind */
4493 sav_cum_ack = asoc->last_acked_seq;
4495 /* update the Rwnd of the peer */
4496 if (TAILQ_EMPTY(&asoc->sent_queue) &&
4497 TAILQ_EMPTY(&asoc->send_queue) &&
4498 (asoc->stream_queue_cnt == 0)
4500 /* nothing left on send/sent and strmq */
4501 if (sctp_logging_level & SCTP_LOG_RWND_ENABLE) {
4502 sctp_log_rwnd_set(SCTP_SET_PEER_RWND_VIA_SACK,
4503 asoc->peers_rwnd, 0, 0, a_rwnd);
4505 asoc->peers_rwnd = a_rwnd;
4506 if (asoc->sent_queue_retran_cnt) {
4507 asoc->sent_queue_retran_cnt = 0;
4509 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4510 /* SWS sender side engages */
4511 asoc->peers_rwnd = 0;
4513 /* stop any timers */
4514 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4515 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4516 stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_26);
4517 if (sctp_early_fr) {
4518 if (SCTP_OS_TIMER_PENDING(&net->fr_timer.timer)) {
4519 SCTP_STAT_INCR(sctps_earlyfrstpidsck1);
4520 sctp_timer_stop(SCTP_TIMER_TYPE_EARLYFR, stcb->sctp_ep, stcb, net,
4521 SCTP_FROM_SCTP_INDATA + SCTP_LOC_26);
4524 net->partial_bytes_acked = 0;
4525 net->flight_size = 0;
4527 asoc->total_flight = 0;
4528 asoc->total_flight_count = 0;
4532 * We init netAckSz and netAckSz2 to 0. These are used to track 2
4533 * things. The total byte count acked is tracked in netAckSz AND
4534 * netAck2 is used to track the total bytes acked that are un-
4535 * amibguious and were never retransmitted. We track these on a per
4536 * destination address basis.
4538 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4539 net->prev_cwnd = net->cwnd;
4544 * CMT: Reset CUC and Fast recovery algo variables before
4547 net->new_pseudo_cumack = 0;
4548 net->will_exit_fast_recovery = 0;
4550 /* process the new consecutive TSN first */
4551 tp1 = TAILQ_FIRST(&asoc->sent_queue);
4553 if (compare_with_wrap(last_tsn, tp1->rec.data.TSN_seq,
4555 last_tsn == tp1->rec.data.TSN_seq) {
4556 if (tp1->sent != SCTP_DATAGRAM_UNSENT) {
4558 * ECN Nonce: Add the nonce to the sender's
4561 asoc->nonce_sum_expect_base += tp1->rec.data.ect_nonce;
4563 if (tp1->sent < SCTP_DATAGRAM_ACKED) {
4565 * If it is less than ACKED, it is
4566 * now no-longer in flight. Higher
4567 * values may occur during marking
4569 if ((tp1->whoTo->dest_state &
4570 SCTP_ADDR_UNCONFIRMED) &&
4571 (tp1->snd_count < 2)) {
4573 * If there was no retran
4574 * and the address is
4575 * un-confirmed and we sent
4577 * sacked.. its confirmed,
4580 tp1->whoTo->dest_state &=
4581 ~SCTP_ADDR_UNCONFIRMED;
4583 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
4584 if (sctp_logging_level & SCTP_FLIGHT_LOGGING_ENABLE) {
4585 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_CA,
4586 tp1->whoTo->flight_size,
4588 (uintptr_t) tp1->whoTo,
4589 tp1->rec.data.TSN_seq);
4591 sctp_flight_size_decrease(tp1);
4592 sctp_total_flight_decrease(stcb, tp1);
4594 tp1->whoTo->net_ack += tp1->send_size;
4596 /* CMT SFR and DAC algos */
4597 this_sack_lowest_newack = tp1->rec.data.TSN_seq;
4598 tp1->whoTo->saw_newack = 1;
4600 if (tp1->snd_count < 2) {
4602 * True non-retransmited
4605 tp1->whoTo->net_ack2 +=
4608 /* update RTO too? */
4611 sctp_calculate_rto(stcb,
4613 &tp1->sent_rcv_time,
4614 sctp_align_safe_nocopy);
4619 * CMT: CUCv2 algorithm. From the
4620 * cumack'd TSNs, for each TSN being
4621 * acked for the first time, set the
4622 * following variables for the
4623 * corresp destination.
4624 * new_pseudo_cumack will trigger a
4626 * find_(rtx_)pseudo_cumack will
4627 * trigger search for the next
4628 * expected (rtx-)pseudo-cumack.
4630 tp1->whoTo->new_pseudo_cumack = 1;
4631 tp1->whoTo->find_pseudo_cumack = 1;
4632 tp1->whoTo->find_rtx_pseudo_cumack = 1;
4635 if (sctp_logging_level & SCTP_SACK_LOGGING_ENABLE) {
4636 sctp_log_sack(asoc->last_acked_seq,
4638 tp1->rec.data.TSN_seq,
4641 SCTP_LOG_TSN_ACKED);
4643 if (sctp_logging_level & SCTP_CWND_LOGGING_ENABLE) {
4644 sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.TSN_seq, SCTP_CWND_LOG_FROM_SACK);
4647 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
4648 sctp_ucount_decr(asoc->sent_queue_retran_cnt);
4649 #ifdef SCTP_AUDITING_ENABLED
4650 sctp_audit_log(0xB3,
4651 (asoc->sent_queue_retran_cnt & 0x000000ff));
4654 if (tp1->rec.data.chunk_was_revoked) {
4655 /* deflate the cwnd */
4656 tp1->whoTo->cwnd -= tp1->book_size;
4657 tp1->rec.data.chunk_was_revoked = 0;
4659 tp1->sent = SCTP_DATAGRAM_ACKED;
4664 tp1 = TAILQ_NEXT(tp1, sctp_next);
4666 biggest_tsn_newly_acked = biggest_tsn_acked = last_tsn;
4667 /* always set this up to cum-ack */
4668 asoc->this_sack_highest_gap = last_tsn;
4670 /* Move offset up to point to gaps/dups */
4671 offset += sizeof(struct sctp_sack_chunk);
4672 if (((num_seg * (sizeof(struct sctp_gap_ack_block))) + sizeof(struct sctp_sack_chunk)) > sack_length) {
4674 /* skip corrupt segments */
4680 * CMT: SFR algo (and HTNA) - this_sack_highest_newack has
4681 * to be greater than the cumack. Also reset saw_newack to 0
4684 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4685 net->saw_newack = 0;
4686 net->this_sack_highest_newack = last_tsn;
4690 * thisSackHighestGap will increase while handling NEW
4691 * segments this_sack_highest_newack will increase while
4692 * handling NEWLY ACKED chunks. this_sack_lowest_newack is
4693 * used for CMT DAC algo. saw_newack will also change.
4695 sctp_handle_segments(m, &offset, stcb, asoc, ch, last_tsn,
4696 &biggest_tsn_acked, &biggest_tsn_newly_acked, &this_sack_lowest_newack,
4697 num_seg, &ecn_seg_sums);
4699 if (sctp_strict_sacks) {
4701 * validate the biggest_tsn_acked in the gap acks if
4702 * strict adherence is wanted.
4704 if ((biggest_tsn_acked == send_s) ||
4705 (compare_with_wrap(biggest_tsn_acked, send_s, MAX_TSN))) {
4707 * peer is either confused or we are under
4708 * attack. We must abort.
4715 /*******************************************/
4716 /* cancel ALL T3-send timer if accum moved */
4717 /*******************************************/
4718 if (sctp_cmt_on_off) {
4719 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4720 if (net->new_pseudo_cumack)
4721 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4723 SCTP_FROM_SCTP_INDATA + SCTP_LOC_27);
4728 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4729 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4730 stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_28);
4734 /********************************************/
4735 /* drop the acked chunks from the sendqueue */
4736 /********************************************/
4737 asoc->last_acked_seq = cum_ack;
4739 tp1 = TAILQ_FIRST(&asoc->sent_queue);
4743 if (compare_with_wrap(tp1->rec.data.TSN_seq, cum_ack,
4747 if (tp1->sent == SCTP_DATAGRAM_UNSENT) {
4748 /* no more sent on list */
4749 printf("Warning, tp1->sent == %d and its now acked?\n",
4752 tp2 = TAILQ_NEXT(tp1, sctp_next);
4753 TAILQ_REMOVE(&asoc->sent_queue, tp1, sctp_next);
4754 if (tp1->pr_sctp_on) {
4755 if (asoc->pr_sctp_cnt != 0)
4756 asoc->pr_sctp_cnt--;
4758 if ((TAILQ_FIRST(&asoc->sent_queue) == NULL) &&
4759 (asoc->total_flight > 0)) {
4761 panic("Warning flight size is postive and should be 0");
4763 SCTP_PRINTF("Warning flight size incorrect should be 0 is %d\n",
4764 asoc->total_flight);
4766 asoc->total_flight = 0;
4769 /* sa_ignore NO_NULL_CHK */
4770 sctp_free_bufspace(stcb, asoc, tp1, 1);
4771 sctp_m_freem(tp1->data);
4772 if (PR_SCTP_BUF_ENABLED(tp1->flags)) {
4773 asoc->sent_queue_cnt_removeable--;
4776 if (sctp_logging_level & SCTP_SACK_LOGGING_ENABLE) {
4777 sctp_log_sack(asoc->last_acked_seq,
4779 tp1->rec.data.TSN_seq,
4782 SCTP_LOG_FREE_SENT);
4785 asoc->sent_queue_cnt--;
4786 sctp_free_a_chunk(stcb, tp1);
4789 } while (tp1 != NULL);
4792 /* sa_ignore NO_NULL_CHK */
4793 if ((wake_him) && (stcb->sctp_socket)) {
4794 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4798 SOCKBUF_LOCK(&stcb->sctp_socket->so_snd);
4799 if (sctp_logging_level & SCTP_WAKE_LOGGING_ENABLE) {
4800 sctp_wakeup_log(stcb, cum_ack, wake_him, SCTP_WAKESND_FROM_SACK);
4802 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4803 so = SCTP_INP_SO(stcb->sctp_ep);
4804 atomic_add_int(&stcb->asoc.refcnt, 1);
4805 SCTP_TCB_UNLOCK(stcb);
4806 SCTP_SOCKET_LOCK(so, 1);
4807 SCTP_TCB_LOCK(stcb);
4808 atomic_subtract_int(&stcb->asoc.refcnt, 1);
4809 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
4810 /* assoc was freed while we were unlocked */
4811 SCTP_SOCKET_UNLOCK(so, 1);
4815 sctp_sowwakeup_locked(stcb->sctp_ep, stcb->sctp_socket);
4816 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4817 SCTP_SOCKET_UNLOCK(so, 1);
4820 if (sctp_logging_level & SCTP_WAKE_LOGGING_ENABLE) {
4821 sctp_wakeup_log(stcb, cum_ack, wake_him, SCTP_NOWAKE_FROM_SACK);
4825 if (asoc->fast_retran_loss_recovery && accum_moved) {
4826 if (compare_with_wrap(asoc->last_acked_seq,
4827 asoc->fast_recovery_tsn, MAX_TSN) ||
4828 asoc->last_acked_seq == asoc->fast_recovery_tsn) {
4829 /* Setup so we will exit RFC2582 fast recovery */
4830 will_exit_fast_recovery = 1;
4834 * Check for revoked fragments:
4836 * if Previous sack - Had no frags then we can't have any revoked if
4837 * Previous sack - Had frag's then - If we now have frags aka
4838 * num_seg > 0 call sctp_check_for_revoked() to tell if peer revoked
4839 * some of them. else - The peer revoked all ACKED fragments, since
4840 * we had some before and now we have NONE.
4844 sctp_check_for_revoked(stcb, asoc, cum_ack, biggest_tsn_acked);
4845 else if (asoc->saw_sack_with_frags) {
4846 int cnt_revoked = 0;
4848 tp1 = TAILQ_FIRST(&asoc->sent_queue);
4850 /* Peer revoked all dg's marked or acked */
4851 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4852 if ((tp1->sent > SCTP_DATAGRAM_RESEND) &&
4853 (tp1->sent < SCTP_FORWARD_TSN_SKIP)) {
4854 tp1->sent = SCTP_DATAGRAM_SENT;
4855 if (sctp_logging_level & SCTP_FLIGHT_LOGGING_ENABLE) {
4856 sctp_misc_ints(SCTP_FLIGHT_LOG_UP_REVOKE,
4857 tp1->whoTo->flight_size,
4859 (uintptr_t) tp1->whoTo,
4860 tp1->rec.data.TSN_seq);
4862 sctp_flight_size_increase(tp1);
4863 sctp_total_flight_increase(stcb, tp1);
4864 tp1->rec.data.chunk_was_revoked = 1;
4866 * To ensure that this increase in
4867 * flightsize, which is artificial,
4868 * does not throttle the sender, we
4869 * also increase the cwnd
4872 tp1->whoTo->cwnd += tp1->book_size;
4880 asoc->saw_sack_with_frags = 0;
4883 asoc->saw_sack_with_frags = 1;
4885 asoc->saw_sack_with_frags = 0;
4887 /* JRS - Use the congestion control given in the CC module */
4888 asoc->cc_functions.sctp_cwnd_update_after_sack(stcb, asoc, accum_moved, reneged_all, will_exit_fast_recovery);
4890 if (TAILQ_EMPTY(&asoc->sent_queue)) {
4891 /* nothing left in-flight */
4892 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4893 /* stop all timers */
4894 if (sctp_early_fr) {
4895 if (SCTP_OS_TIMER_PENDING(&net->fr_timer.timer)) {
4896 SCTP_STAT_INCR(sctps_earlyfrstpidsck4);
4897 sctp_timer_stop(SCTP_TIMER_TYPE_EARLYFR, stcb->sctp_ep, stcb, net,
4898 SCTP_FROM_SCTP_INDATA + SCTP_LOC_29);
4901 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4902 stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_30);
4903 net->flight_size = 0;
4904 net->partial_bytes_acked = 0;
4906 asoc->total_flight = 0;
4907 asoc->total_flight_count = 0;
4909 /**********************************/
4910 /* Now what about shutdown issues */
4911 /**********************************/
4912 if (TAILQ_EMPTY(&asoc->send_queue) && TAILQ_EMPTY(&asoc->sent_queue)) {
4913 /* nothing left on sendqueue.. consider done */
4914 if (sctp_logging_level & SCTP_LOG_RWND_ENABLE) {
4915 sctp_log_rwnd_set(SCTP_SET_PEER_RWND_VIA_SACK,
4916 asoc->peers_rwnd, 0, 0, a_rwnd);
4918 asoc->peers_rwnd = a_rwnd;
4919 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4920 /* SWS sender side engages */
4921 asoc->peers_rwnd = 0;
4924 if ((asoc->stream_queue_cnt == 1) &&
4925 ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) ||
4926 (asoc->state & SCTP_STATE_SHUTDOWN_RECEIVED)) &&
4927 (asoc->locked_on_sending)
4929 struct sctp_stream_queue_pending *sp;
4932 * I may be in a state where we got all across.. but
4933 * cannot write more due to a shutdown... we abort
4934 * since the user did not indicate EOR in this case.
4936 sp = TAILQ_LAST(&((asoc->locked_on_sending)->outqueue),
4938 if ((sp) && (sp->length == 0)) {
4939 asoc->locked_on_sending = NULL;
4940 if (sp->msg_is_complete) {
4941 asoc->stream_queue_cnt--;
4943 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT;
4944 asoc->stream_queue_cnt--;
4948 if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) &&
4949 (asoc->stream_queue_cnt == 0)) {
4950 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4951 /* Need to abort here */
4957 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
4958 0, M_DONTWAIT, 1, MT_DATA);
4960 struct sctp_paramhdr *ph;
4963 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
4965 ph = mtod(oper, struct sctp_paramhdr *);
4966 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
4967 ph->param_length = htons(SCTP_BUF_LEN(oper));
4968 ippp = (uint32_t *) (ph + 1);
4969 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_31);
4971 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_31;
4972 sctp_abort_an_association(stcb->sctp_ep, stcb, SCTP_RESPONSE_TO_USER_REQ, oper, SCTP_SO_NOT_LOCKED);
4975 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) ||
4976 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
4977 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4979 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
4980 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4981 sctp_stop_timers_for_shutdown(stcb);
4982 sctp_send_shutdown(stcb,
4983 stcb->asoc.primary_destination);
4984 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
4985 stcb->sctp_ep, stcb, asoc->primary_destination);
4986 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
4987 stcb->sctp_ep, stcb, asoc->primary_destination);
4990 } else if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) &&
4991 (asoc->stream_queue_cnt == 0)) {
4992 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4995 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4996 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_ACK_SENT);
4997 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4998 sctp_send_shutdown_ack(stcb,
4999 stcb->asoc.primary_destination);
5001 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK,
5002 stcb->sctp_ep, stcb, asoc->primary_destination);
5007 * Now here we are going to recycle net_ack for a different use...
5010 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5015 * CMT DAC algorithm: If SACK DAC flag was 0, then no extra marking
5016 * to be done. Setting this_sack_lowest_newack to the cum_ack will
5017 * automatically ensure that.
5019 if (sctp_cmt_on_off && sctp_cmt_use_dac && (cmt_dac_flag == 0)) {
5020 this_sack_lowest_newack = cum_ack;
5023 sctp_strike_gap_ack_chunks(stcb, asoc, biggest_tsn_acked,
5024 biggest_tsn_newly_acked, this_sack_lowest_newack, accum_moved);
5026 /*********************************************/
5027 /* Here we perform PR-SCTP procedures */
5029 /*********************************************/
5030 /* C1. update advancedPeerAckPoint */
5031 if (compare_with_wrap(cum_ack, asoc->advanced_peer_ack_point, MAX_TSN)) {
5032 asoc->advanced_peer_ack_point = cum_ack;
5034 /* C2. try to further move advancedPeerAckPoint ahead */
5035 if ((asoc->peer_supports_prsctp) && (asoc->pr_sctp_cnt > 0)) {
5036 struct sctp_tmit_chunk *lchk;
5038 lchk = sctp_try_advance_peer_ack_point(stcb, asoc);
5039 /* C3. See if we need to send a Fwd-TSN */
5040 if (compare_with_wrap(asoc->advanced_peer_ack_point, cum_ack,
5043 * ISSUE with ECN, see FWD-TSN processing for notes
5044 * on issues that will occur when the ECN NONCE
5045 * stuff is put into SCTP for cross checking.
5047 send_forward_tsn(stcb, asoc);
5050 * ECN Nonce: Disable Nonce Sum check when FWD TSN
5051 * is sent and store resync tsn
5053 asoc->nonce_sum_check = 0;
5054 asoc->nonce_resync_tsn = asoc->advanced_peer_ack_point;
5056 /* Assure a timer is up */
5057 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
5058 stcb->sctp_ep, stcb, lchk->whoTo);
5062 /* JRS - Use the congestion control given in the CC module */
5063 asoc->cc_functions.sctp_cwnd_update_after_fr(stcb, asoc);
5065 /******************************************************************
5066 * Here we do the stuff with ECN Nonce checking.
5067 * We basically check to see if the nonce sum flag was incorrect
5068 * or if resynchronization needs to be done. Also if we catch a
5069 * misbehaving receiver we give him the kick.
5070 ******************************************************************/
5072 if (asoc->ecn_nonce_allowed) {
5073 if (asoc->nonce_sum_check) {
5074 if (nonce_sum_flag != ((asoc->nonce_sum_expect_base + ecn_seg_sums) & SCTP_SACK_NONCE_SUM)) {
5075 if (asoc->nonce_wait_for_ecne == 0) {
5076 struct sctp_tmit_chunk *lchk;
5078 lchk = TAILQ_FIRST(&asoc->send_queue);
5079 asoc->nonce_wait_for_ecne = 1;
5081 asoc->nonce_wait_tsn = lchk->rec.data.TSN_seq;
5083 asoc->nonce_wait_tsn = asoc->sending_seq;
5086 if (compare_with_wrap(asoc->last_acked_seq, asoc->nonce_wait_tsn, MAX_TSN) ||
5087 (asoc->last_acked_seq == asoc->nonce_wait_tsn)) {
5089 * Misbehaving peer. We need
5090 * to react to this guy
5092 asoc->ecn_allowed = 0;
5093 asoc->ecn_nonce_allowed = 0;
5098 /* See if Resynchronization Possible */
5099 if (compare_with_wrap(asoc->last_acked_seq, asoc->nonce_resync_tsn, MAX_TSN)) {
5100 asoc->nonce_sum_check = 1;
5102 * now we must calculate what the base is.
5103 * We do this based on two things, we know
5104 * the total's for all the segments
5105 * gap-acked in the SACK, its stored in
5106 * ecn_seg_sums. We also know the SACK's
5107 * nonce sum, its in nonce_sum_flag. So we
5108 * can build a truth table to back-calculate
5110 * asoc->nonce_sum_expect_base:
5112 * SACK-flag-Value Seg-Sums Base 0 0 0
5116 asoc->nonce_sum_expect_base = (ecn_seg_sums ^ nonce_sum_flag) & SCTP_SACK_NONCE_SUM;
5120 /* Now are we exiting loss recovery ? */
5121 if (will_exit_fast_recovery) {
5122 /* Ok, we must exit fast recovery */
5123 asoc->fast_retran_loss_recovery = 0;
5125 if ((asoc->sat_t3_loss_recovery) &&
5126 ((compare_with_wrap(asoc->last_acked_seq, asoc->sat_t3_recovery_tsn,
5128 (asoc->last_acked_seq == asoc->sat_t3_recovery_tsn)))) {
5129 /* end satellite t3 loss recovery */
5130 asoc->sat_t3_loss_recovery = 0;
5135 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5136 if (net->will_exit_fast_recovery) {
5137 /* Ok, we must exit fast recovery */
5138 net->fast_retran_loss_recovery = 0;
5142 /* Adjust and set the new rwnd value */
5143 if (sctp_logging_level & SCTP_LOG_RWND_ENABLE) {
5144 sctp_log_rwnd_set(SCTP_SET_PEER_RWND_VIA_SACK,
5145 asoc->peers_rwnd, asoc->total_flight, (asoc->sent_queue_cnt * sctp_peer_chunk_oh), a_rwnd);
5147 asoc->peers_rwnd = sctp_sbspace_sub(a_rwnd,
5148 (uint32_t) (asoc->total_flight + (asoc->sent_queue_cnt * sctp_peer_chunk_oh)));
5149 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
5150 /* SWS sender side engages */
5151 asoc->peers_rwnd = 0;
5153 if (asoc->peers_rwnd > old_rwnd) {
5154 win_probe_recovery = 1;
5157 * Now we must setup so we have a timer up for anyone with
5163 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5164 if (win_probe_recovery && (net->window_probe)) {
5165 net->window_probe = 0;
5166 win_probe_recovered = 1;
5168 * Find first chunk that was used with
5169 * window probe and clear the event. Put
5170 * it back into the send queue as if has
5173 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
5174 if (tp1->window_probe) {
5175 sctp_window_probe_recovery(stcb, asoc, net, tp1);
5180 if (net->flight_size) {
5182 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
5183 stcb->sctp_ep, stcb, net);
5185 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
5186 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
5188 SCTP_FROM_SCTP_INDATA + SCTP_LOC_22);
5190 if (sctp_early_fr) {
5191 if (SCTP_OS_TIMER_PENDING(&net->fr_timer.timer)) {
5192 SCTP_STAT_INCR(sctps_earlyfrstpidsck4);
5193 sctp_timer_stop(SCTP_TIMER_TYPE_EARLYFR, stcb->sctp_ep, stcb, net,
5194 SCTP_FROM_SCTP_INDATA + SCTP_LOC_23);
5200 (!TAILQ_EMPTY(&asoc->sent_queue)) &&
5201 (asoc->sent_queue_retran_cnt == 0) &&
5202 (win_probe_recovered == 0) &&
5204 /* huh, this should not happen */
5205 sctp_fs_audit(asoc);
5206 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5207 net->flight_size = 0;
5209 asoc->total_flight = 0;
5210 asoc->total_flight_count = 0;
5211 asoc->sent_queue_retran_cnt = 0;
5212 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
5213 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
5214 sctp_flight_size_increase(tp1);
5215 sctp_total_flight_increase(stcb, tp1);
5216 } else if (tp1->sent == SCTP_DATAGRAM_RESEND) {
5217 asoc->sent_queue_retran_cnt++;
5223 if (sctp_logging_level & SCTP_SACK_RWND_LOGGING_ENABLE) {
5224 sctp_misc_ints(SCTP_SACK_RWND_UPDATE,
5226 stcb->asoc.peers_rwnd,
5227 stcb->asoc.total_flight,
5228 stcb->asoc.total_output_queue_size);
5233 sctp_update_acked(struct sctp_tcb *stcb, struct sctp_shutdown_chunk *cp,
5234 struct sctp_nets *netp, int *abort_flag)
5237 uint32_t cum_ack, a_rwnd;
5239 cum_ack = ntohl(cp->cumulative_tsn_ack);
5240 /* Arrange so a_rwnd does NOT change */
5241 a_rwnd = stcb->asoc.peers_rwnd + stcb->asoc.total_flight;
5243 /* Now call the express sack handling */
5244 sctp_express_handle_sack(stcb, cum_ack, a_rwnd, 0, abort_flag);
5248 sctp_kick_prsctp_reorder_queue(struct sctp_tcb *stcb,
5249 struct sctp_stream_in *strmin)
5251 struct sctp_queued_to_read *ctl, *nctl;
5252 struct sctp_association *asoc;
5256 tt = strmin->last_sequence_delivered;
5258 * First deliver anything prior to and including the stream no that
5261 ctl = TAILQ_FIRST(&strmin->inqueue);
5263 nctl = TAILQ_NEXT(ctl, next);
5264 if (compare_with_wrap(tt, ctl->sinfo_ssn, MAX_SEQ) ||
5265 (tt == ctl->sinfo_ssn)) {
5266 /* this is deliverable now */
5267 TAILQ_REMOVE(&strmin->inqueue, ctl, next);
5268 /* subtract pending on streams */
5269 asoc->size_on_all_streams -= ctl->length;
5270 sctp_ucount_decr(asoc->cnt_on_all_streams);
5271 /* deliver it to at least the delivery-q */
5272 if (stcb->sctp_socket) {
5273 sctp_add_to_readq(stcb->sctp_ep, stcb,
5275 &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED);
5278 /* no more delivery now. */
5284 * now we must deliver things in queue the normal way if any are
5287 tt = strmin->last_sequence_delivered + 1;
5288 ctl = TAILQ_FIRST(&strmin->inqueue);
5290 nctl = TAILQ_NEXT(ctl, next);
5291 if (tt == ctl->sinfo_ssn) {
5292 /* this is deliverable now */
5293 TAILQ_REMOVE(&strmin->inqueue, ctl, next);
5294 /* subtract pending on streams */
5295 asoc->size_on_all_streams -= ctl->length;
5296 sctp_ucount_decr(asoc->cnt_on_all_streams);
5297 /* deliver it to at least the delivery-q */
5298 strmin->last_sequence_delivered = ctl->sinfo_ssn;
5299 if (stcb->sctp_socket) {
5300 sctp_add_to_readq(stcb->sctp_ep, stcb,
5302 &stcb->sctp_socket->so_rcv, 1, SCTP_SO_NOT_LOCKED);
5304 tt = strmin->last_sequence_delivered + 1;
5313 sctp_handle_forward_tsn(struct sctp_tcb *stcb,
5314 struct sctp_forward_tsn_chunk *fwd, int *abort_flag, struct mbuf *m, int offset)
5317 * ISSUES that MUST be fixed for ECN! When we are the sender of the
5318 * forward TSN, when the SACK comes back that acknowledges the
5319 * FWD-TSN we must reset the NONCE sum to match correctly. This will
5320 * get quite tricky since we may have sent more data interveneing
5321 * and must carefully account for what the SACK says on the nonce
5322 * and any gaps that are reported. This work will NOT be done here,
5323 * but I note it here since it is really related to PR-SCTP and
5327 /* The pr-sctp fwd tsn */
5329 * here we will perform all the data receiver side steps for
5330 * processing FwdTSN, as required in by pr-sctp draft:
5332 * Assume we get FwdTSN(x):
5334 * 1) update local cumTSN to x 2) try to further advance cumTSN to x +
5335 * others we have 3) examine and update re-ordering queue on
5336 * pr-in-streams 4) clean up re-assembly queue 5) Send a sack to
5337 * report where we are.
5339 struct sctp_association *asoc;
5340 uint32_t new_cum_tsn, gap;
5341 unsigned int i, cnt_gone, fwd_sz, cumack_set_flag, m_size;
5342 struct sctp_stream_in *strm;
5343 struct sctp_tmit_chunk *chk, *at;
5345 cumack_set_flag = 0;
5348 if ((fwd_sz = ntohs(fwd->ch.chunk_length)) < sizeof(struct sctp_forward_tsn_chunk)) {
5349 SCTPDBG(SCTP_DEBUG_INDATA1,
5350 "Bad size too small/big fwd-tsn\n");
5353 m_size = (stcb->asoc.mapping_array_size << 3);
5354 /*************************************************************/
5355 /* 1. Here we update local cumTSN and shift the bitmap array */
5356 /*************************************************************/
5357 new_cum_tsn = ntohl(fwd->new_cumulative_tsn);
5359 if (compare_with_wrap(asoc->cumulative_tsn, new_cum_tsn, MAX_TSN) ||
5360 asoc->cumulative_tsn == new_cum_tsn) {
5361 /* Already got there ... */
5364 if (compare_with_wrap(new_cum_tsn, asoc->highest_tsn_inside_map,
5366 asoc->highest_tsn_inside_map = new_cum_tsn;
5367 if (sctp_logging_level & SCTP_MAP_LOGGING_ENABLE) {
5368 sctp_log_map(0, 0, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
5372 * now we know the new TSN is more advanced, let's find the actual
5375 if ((compare_with_wrap(new_cum_tsn, asoc->mapping_array_base_tsn,
5377 (new_cum_tsn == asoc->mapping_array_base_tsn)) {
5378 gap = new_cum_tsn - asoc->mapping_array_base_tsn;
5380 /* try to prevent underflow here */
5381 gap = new_cum_tsn + (MAX_TSN - asoc->mapping_array_base_tsn) + 1;
5384 if (gap >= m_size) {
5385 if (sctp_logging_level & SCTP_MAP_LOGGING_ENABLE) {
5386 sctp_log_map(0, 0, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
5388 if ((long)gap > sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv)) {
5392 * out of range (of single byte chunks in the rwnd I
5393 * give out). This must be an attacker.
5396 oper = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + 3 * sizeof(uint32_t)),
5397 0, M_DONTWAIT, 1, MT_DATA);
5399 struct sctp_paramhdr *ph;
5402 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr) +
5403 (sizeof(uint32_t) * 3);
5404 ph = mtod(oper, struct sctp_paramhdr *);
5405 ph->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
5406 ph->param_length = htons(SCTP_BUF_LEN(oper));
5407 ippp = (uint32_t *) (ph + 1);
5408 *ippp = htonl(SCTP_FROM_SCTP_INDATA + SCTP_LOC_33);
5410 *ippp = asoc->highest_tsn_inside_map;
5412 *ippp = new_cum_tsn;
5414 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_33;
5415 sctp_abort_an_association(stcb->sctp_ep, stcb,
5416 SCTP_PEER_FAULTY, oper, SCTP_SO_NOT_LOCKED);
5419 SCTP_STAT_INCR(sctps_fwdtsn_map_over);
5421 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
5422 cumack_set_flag = 1;
5423 asoc->mapping_array_base_tsn = new_cum_tsn + 1;
5424 asoc->cumulative_tsn = asoc->highest_tsn_inside_map = new_cum_tsn;
5426 if (sctp_logging_level & SCTP_MAP_LOGGING_ENABLE) {
5427 sctp_log_map(0, 3, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
5429 asoc->last_echo_tsn = asoc->highest_tsn_inside_map;
5431 SCTP_TCB_LOCK_ASSERT(stcb);
5432 if ((compare_with_wrap(((uint32_t) asoc->cumulative_tsn + gap), asoc->highest_tsn_inside_map, MAX_TSN)) ||
5433 (((uint32_t) asoc->cumulative_tsn + gap) == asoc->highest_tsn_inside_map)) {
5436 for (i = 0; i <= gap; i++) {
5437 SCTP_SET_TSN_PRESENT(asoc->mapping_array, i);
5441 * Now after marking all, slide thing forward but no sack
5444 sctp_sack_check(stcb, 0, 0, abort_flag);
5449 /*************************************************************/
5450 /* 2. Clear up re-assembly queue */
5451 /*************************************************************/
5453 * First service it if pd-api is up, just in case we can progress it
5456 if (asoc->fragmented_delivery_inprogress) {
5457 sctp_service_reassembly(stcb, asoc);
5459 if (!TAILQ_EMPTY(&asoc->reasmqueue)) {
5460 /* For each one on here see if we need to toss it */
5462 * For now large messages held on the reasmqueue that are
5463 * complete will be tossed too. We could in theory do more
5464 * work to spin through and stop after dumping one msg aka
5465 * seeing the start of a new msg at the head, and call the
5466 * delivery function... to see if it can be delivered... But
5467 * for now we just dump everything on the queue.
5469 chk = TAILQ_FIRST(&asoc->reasmqueue);
5471 at = TAILQ_NEXT(chk, sctp_next);
5472 if (compare_with_wrap(asoc->cumulative_tsn,
5473 chk->rec.data.TSN_seq, MAX_TSN) ||
5474 asoc->cumulative_tsn == chk->rec.data.TSN_seq) {
5475 /* It needs to be tossed */
5476 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
5477 if (compare_with_wrap(chk->rec.data.TSN_seq,
5478 asoc->tsn_last_delivered, MAX_TSN)) {
5479 asoc->tsn_last_delivered =
5480 chk->rec.data.TSN_seq;
5481 asoc->str_of_pdapi =
5482 chk->rec.data.stream_number;
5483 asoc->ssn_of_pdapi =
5484 chk->rec.data.stream_seq;
5485 asoc->fragment_flags =
5486 chk->rec.data.rcv_flags;
5488 asoc->size_on_reasm_queue -= chk->send_size;
5489 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
5492 /* Clear up any stream problem */
5493 if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) !=
5494 SCTP_DATA_UNORDERED &&
5495 (compare_with_wrap(chk->rec.data.stream_seq,
5496 asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered,
5499 * We must dump forward this streams
5500 * sequence number if the chunk is
5501 * not unordered that is being
5502 * skipped. There is a chance that
5503 * if the peer does not include the
5504 * last fragment in its FWD-TSN we
5505 * WILL have a problem here since
5506 * you would have a partial chunk in
5507 * queue that may not be
5508 * deliverable. Also if a Partial
5509 * delivery API as started the user
5510 * may get a partial chunk. The next
5511 * read returning a new chunk...
5512 * really ugly but I see no way
5513 * around it! Maybe a notify??
5515 asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered =
5516 chk->rec.data.stream_seq;
5519 sctp_m_freem(chk->data);
5522 sctp_free_a_chunk(stcb, chk);
5525 * Ok we have gone beyond the end of the
5526 * fwd-tsn's mark. Some checks...
5528 if ((asoc->fragmented_delivery_inprogress) &&
5529 (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG)) {
5533 * Special case PD-API is up and
5534 * what we fwd-tsn' over includes
5535 * one that had the LAST_FRAG. We no
5536 * longer need to do the PD-API.
5538 asoc->fragmented_delivery_inprogress = 0;
5540 str_seq = (asoc->str_of_pdapi << 16) | asoc->ssn_of_pdapi;
5541 sctp_ulp_notify(SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION,
5542 stcb, SCTP_PARTIAL_DELIVERY_ABORTED, (void *)&str_seq, SCTP_SO_NOT_LOCKED);
5550 if (asoc->fragmented_delivery_inprogress) {
5552 * Ok we removed cnt_gone chunks in the PD-API queue that
5553 * were being delivered. So now we must turn off the flag.
5557 str_seq = (asoc->str_of_pdapi << 16) | asoc->ssn_of_pdapi;
5558 sctp_ulp_notify(SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION,
5559 stcb, SCTP_PARTIAL_DELIVERY_ABORTED, (void *)&str_seq, SCTP_SO_NOT_LOCKED);
5560 asoc->fragmented_delivery_inprogress = 0;
5562 /*************************************************************/
5563 /* 3. Update the PR-stream re-ordering queues */
5564 /*************************************************************/
5565 fwd_sz -= sizeof(*fwd);
5568 unsigned int num_str;
5569 struct sctp_strseq *stseq, strseqbuf;
5571 offset += sizeof(*fwd);
5573 num_str = fwd_sz / sizeof(struct sctp_strseq);
5574 for (i = 0; i < num_str; i++) {
5577 stseq = (struct sctp_strseq *)sctp_m_getptr(m, offset,
5578 sizeof(struct sctp_strseq),
5579 (uint8_t *) & strseqbuf);
5580 offset += sizeof(struct sctp_strseq);
5581 if (stseq == NULL) {
5585 st = ntohs(stseq->stream);
5587 st = ntohs(stseq->sequence);
5588 stseq->sequence = st;
5590 if (stseq->stream >= asoc->streamincnt) {
5591 /* screwed up streams, stop! */
5594 strm = &asoc->strmin[stseq->stream];
5595 if (compare_with_wrap(stseq->sequence,
5596 strm->last_sequence_delivered, MAX_SEQ)) {
5597 /* Update the sequence number */
5598 strm->last_sequence_delivered =
5601 /* now kick the stream the new way */
5602 /* sa_ignore NO_NULL_CHK */
5603 sctp_kick_prsctp_reorder_queue(stcb, strm);
5606 if (TAILQ_FIRST(&asoc->reasmqueue)) {
5607 /* now lets kick out and check for more fragmented delivery */
5608 /* sa_ignore NO_NULL_CHK */
5609 sctp_deliver_reasm_check(stcb, &stcb->asoc);