2 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved.
3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * a) Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
12 * b) Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the distribution.
16 * c) Neither the name of Cisco Systems, Inc. nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
30 * THE POSSIBILITY OF SUCH DAMAGE.
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <netinet/sctp_os.h>
38 #include <netinet/sctp_var.h>
39 #include <netinet/sctp_sysctl.h>
40 #include <netinet/sctp_header.h>
41 #include <netinet/sctp_pcb.h>
42 #include <netinet/sctputil.h>
43 #include <netinet/sctp_output.h>
44 #include <netinet/sctp_uio.h>
45 #include <netinet/sctp_auth.h>
46 #include <netinet/sctp_timer.h>
47 #include <netinet/sctp_asconf.h>
48 #include <netinet/sctp_indata.h>
49 #include <netinet/sctp_bsd_addr.h>
50 #include <netinet/sctp_input.h>
51 #include <netinet/sctp_crc32.h>
52 #include <netinet/sctp_lock_bsd.h>
54 * NOTES: On the outbound side of things I need to check the sack timer to
55 * see if I should generate a sack into the chunk queue (if I have data to
56 * send that is and will be sending it .. for bundling.
58 * The callback in sctp_usrreq.c will get called when the socket is read from.
59 * This will cause sctp_service_queues() to get called on the top entry in
63 sctp_add_chk_to_control(struct sctp_queued_to_read *control,
64 struct sctp_stream_in *strm,
65 struct sctp_tcb *stcb,
66 struct sctp_association *asoc,
67 struct sctp_tmit_chunk *chk, int lock_held);
71 sctp_set_rwnd(struct sctp_tcb *stcb, struct sctp_association *asoc)
73 asoc->my_rwnd = sctp_calc_rwnd(stcb, asoc);
76 /* Calculate what the rwnd would be */
78 sctp_calc_rwnd(struct sctp_tcb *stcb, struct sctp_association *asoc)
83 * This is really set wrong with respect to a 1-2-m socket. Since
84 * the sb_cc is the count that everyone as put up. When we re-write
85 * sctp_soreceive then we will fix this so that ONLY this
86 * associations data is taken into account.
88 if (stcb->sctp_socket == NULL) {
91 if (stcb->asoc.sb_cc == 0 &&
92 asoc->size_on_reasm_queue == 0 &&
93 asoc->size_on_all_streams == 0) {
94 /* Full rwnd granted */
95 calc = max(SCTP_SB_LIMIT_RCV(stcb->sctp_socket), SCTP_MINIMAL_RWND);
98 /* get actual space */
99 calc = (uint32_t)sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv);
101 * take out what has NOT been put on socket queue and we yet hold
104 calc = sctp_sbspace_sub(calc, (uint32_t)(asoc->size_on_reasm_queue +
105 asoc->cnt_on_reasm_queue * MSIZE));
106 calc = sctp_sbspace_sub(calc, (uint32_t)(asoc->size_on_all_streams +
107 asoc->cnt_on_all_streams * MSIZE));
112 /* what is the overhead of all these rwnd's */
113 calc = sctp_sbspace_sub(calc, stcb->asoc.my_rwnd_control_len);
115 * If the window gets too small due to ctrl-stuff, reduce it to 1,
116 * even it is 0. SWS engaged
118 if (calc < stcb->asoc.my_rwnd_control_len) {
127 * Build out our readq entry based on the incoming packet.
129 struct sctp_queued_to_read *
130 sctp_build_readq_entry(struct sctp_tcb *stcb,
131 struct sctp_nets *net,
132 uint32_t tsn, uint32_t ppid,
133 uint32_t context, uint16_t sid,
134 uint32_t mid, uint8_t flags,
137 struct sctp_queued_to_read *read_queue_e = NULL;
139 sctp_alloc_a_readq(stcb, read_queue_e);
140 if (read_queue_e == NULL) {
143 memset(read_queue_e, 0, sizeof(struct sctp_queued_to_read));
144 read_queue_e->sinfo_stream = sid;
145 read_queue_e->sinfo_flags = (flags << 8);
146 read_queue_e->sinfo_ppid = ppid;
147 read_queue_e->sinfo_context = context;
148 read_queue_e->sinfo_tsn = tsn;
149 read_queue_e->sinfo_cumtsn = tsn;
150 read_queue_e->sinfo_assoc_id = sctp_get_associd(stcb);
151 read_queue_e->mid = mid;
152 read_queue_e->top_fsn = read_queue_e->fsn_included = 0xffffffff;
153 TAILQ_INIT(&read_queue_e->reasm);
154 read_queue_e->whoFrom = net;
155 atomic_add_int(&net->ref_count, 1);
156 read_queue_e->data = dm;
157 read_queue_e->stcb = stcb;
158 read_queue_e->port_from = stcb->rport;
160 return (read_queue_e);
164 sctp_build_ctl_nchunk(struct sctp_inpcb *inp, struct sctp_sndrcvinfo *sinfo)
166 struct sctp_extrcvinfo *seinfo;
167 struct sctp_sndrcvinfo *outinfo;
168 struct sctp_rcvinfo *rcvinfo;
169 struct sctp_nxtinfo *nxtinfo;
176 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT) &&
177 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVRCVINFO) &&
178 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_RECVNXTINFO)) {
179 /* user does not want any ancillary data */
183 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVRCVINFO)) {
184 len += CMSG_SPACE(sizeof(struct sctp_rcvinfo));
186 seinfo = (struct sctp_extrcvinfo *)sinfo;
187 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVNXTINFO) &&
188 (seinfo->serinfo_next_flags & SCTP_NEXT_MSG_AVAIL)) {
190 len += CMSG_SPACE(sizeof(struct sctp_nxtinfo));
194 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT)) {
195 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXT_RCVINFO)) {
197 len += CMSG_SPACE(sizeof(struct sctp_extrcvinfo));
200 len += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
206 ret = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA);
211 SCTP_BUF_LEN(ret) = 0;
213 /* We need a CMSG header followed by the struct */
214 cmh = mtod(ret, struct cmsghdr *);
216 * Make sure that there is no un-initialized padding between the
217 * cmsg header and cmsg data and after the cmsg data.
220 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVRCVINFO)) {
221 cmh->cmsg_level = IPPROTO_SCTP;
222 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_rcvinfo));
223 cmh->cmsg_type = SCTP_RCVINFO;
224 rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmh);
225 rcvinfo->rcv_sid = sinfo->sinfo_stream;
226 rcvinfo->rcv_ssn = sinfo->sinfo_ssn;
227 rcvinfo->rcv_flags = sinfo->sinfo_flags;
228 rcvinfo->rcv_ppid = sinfo->sinfo_ppid;
229 rcvinfo->rcv_tsn = sinfo->sinfo_tsn;
230 rcvinfo->rcv_cumtsn = sinfo->sinfo_cumtsn;
231 rcvinfo->rcv_context = sinfo->sinfo_context;
232 rcvinfo->rcv_assoc_id = sinfo->sinfo_assoc_id;
233 cmh = (struct cmsghdr *)((caddr_t)cmh + CMSG_SPACE(sizeof(struct sctp_rcvinfo)));
234 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_rcvinfo));
237 cmh->cmsg_level = IPPROTO_SCTP;
238 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_nxtinfo));
239 cmh->cmsg_type = SCTP_NXTINFO;
240 nxtinfo = (struct sctp_nxtinfo *)CMSG_DATA(cmh);
241 nxtinfo->nxt_sid = seinfo->serinfo_next_stream;
242 nxtinfo->nxt_flags = 0;
243 if (seinfo->serinfo_next_flags & SCTP_NEXT_MSG_IS_UNORDERED) {
244 nxtinfo->nxt_flags |= SCTP_UNORDERED;
246 if (seinfo->serinfo_next_flags & SCTP_NEXT_MSG_IS_NOTIFICATION) {
247 nxtinfo->nxt_flags |= SCTP_NOTIFICATION;
249 if (seinfo->serinfo_next_flags & SCTP_NEXT_MSG_ISCOMPLETE) {
250 nxtinfo->nxt_flags |= SCTP_COMPLETE;
252 nxtinfo->nxt_ppid = seinfo->serinfo_next_ppid;
253 nxtinfo->nxt_length = seinfo->serinfo_next_length;
254 nxtinfo->nxt_assoc_id = seinfo->serinfo_next_aid;
255 cmh = (struct cmsghdr *)((caddr_t)cmh + CMSG_SPACE(sizeof(struct sctp_nxtinfo)));
256 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_nxtinfo));
258 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVDATAIOEVNT)) {
259 cmh->cmsg_level = IPPROTO_SCTP;
260 outinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmh);
262 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_extrcvinfo));
263 cmh->cmsg_type = SCTP_EXTRCV;
264 memcpy(outinfo, sinfo, sizeof(struct sctp_extrcvinfo));
265 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_extrcvinfo));
267 cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
268 cmh->cmsg_type = SCTP_SNDRCV;
270 SCTP_BUF_LEN(ret) += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
278 sctp_mark_non_revokable(struct sctp_association *asoc, uint32_t tsn)
280 uint32_t gap, i, cumackp1;
282 int in_r = 0, in_nr = 0;
284 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) {
287 cumackp1 = asoc->cumulative_tsn + 1;
288 if (SCTP_TSN_GT(cumackp1, tsn)) {
290 * this tsn is behind the cum ack and thus we don't need to
291 * worry about it being moved from one to the other.
295 SCTP_CALC_TSN_TO_GAP(gap, tsn, asoc->mapping_array_base_tsn);
296 in_r = SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap);
297 in_nr = SCTP_IS_TSN_PRESENT(asoc->nr_mapping_array, gap);
298 if ((in_r == 0) && (in_nr == 0)) {
300 panic("Things are really messed up now");
302 SCTP_PRINTF("gap:%x tsn:%x\n", gap, tsn);
303 sctp_print_mapping_array(asoc);
307 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
309 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
310 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
311 asoc->highest_tsn_inside_nr_map = tsn;
313 if (tsn == asoc->highest_tsn_inside_map) {
314 /* We must back down to see what the new highest is */
315 for (i = tsn - 1; SCTP_TSN_GE(i, asoc->mapping_array_base_tsn); i--) {
316 SCTP_CALC_TSN_TO_GAP(gap, i, asoc->mapping_array_base_tsn);
317 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) {
318 asoc->highest_tsn_inside_map = i;
324 asoc->highest_tsn_inside_map = asoc->mapping_array_base_tsn - 1;
330 sctp_place_control_in_stream(struct sctp_stream_in *strm,
331 struct sctp_association *asoc,
332 struct sctp_queued_to_read *control)
334 struct sctp_queued_to_read *at;
335 struct sctp_readhead *q;
336 uint8_t flags, unordered;
338 flags = (control->sinfo_flags >> 8);
339 unordered = flags & SCTP_DATA_UNORDERED;
341 q = &strm->uno_inqueue;
342 if (asoc->idata_supported == 0) {
343 if (!TAILQ_EMPTY(q)) {
345 * Only one stream can be here in old style
350 TAILQ_INSERT_TAIL(q, control, next_instrm);
351 control->on_strm_q = SCTP_ON_UNORDERED;
357 if ((flags & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG) {
358 control->end_added = 1;
359 control->first_frag_seen = 1;
360 control->last_frag_seen = 1;
362 if (TAILQ_EMPTY(q)) {
364 TAILQ_INSERT_HEAD(q, control, next_instrm);
366 control->on_strm_q = SCTP_ON_UNORDERED;
368 control->on_strm_q = SCTP_ON_ORDERED;
372 TAILQ_FOREACH(at, q, next_instrm) {
373 if (SCTP_MID_GT(asoc->idata_supported, at->mid, control->mid)) {
375 * one in queue is bigger than the new one,
376 * insert before this one
378 TAILQ_INSERT_BEFORE(at, control, next_instrm);
380 control->on_strm_q = SCTP_ON_UNORDERED;
382 control->on_strm_q = SCTP_ON_ORDERED;
385 } else if (SCTP_MID_EQ(asoc->idata_supported, at->mid, control->mid)) {
387 * Gak, He sent me a duplicate msg id
388 * number?? return -1 to abort.
392 if (TAILQ_NEXT(at, next_instrm) == NULL) {
394 * We are at the end, insert it
397 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
398 sctp_log_strm_del(control, at,
399 SCTP_STR_LOG_FROM_INSERT_TL);
401 TAILQ_INSERT_AFTER(q, at, control, next_instrm);
403 control->on_strm_q = SCTP_ON_UNORDERED;
405 control->on_strm_q = SCTP_ON_ORDERED;
416 sctp_abort_in_reasm(struct sctp_tcb *stcb,
417 struct sctp_queued_to_read *control,
418 struct sctp_tmit_chunk *chk,
419 int *abort_flag, int opspot)
421 char msg[SCTP_DIAG_INFO_LEN];
424 if (stcb->asoc.idata_supported) {
425 snprintf(msg, sizeof(msg),
426 "Reass %x,CF:%x,TSN=%8.8x,SID=%4.4x,FSN=%8.8x,MID:%8.8x",
428 control->fsn_included,
431 chk->rec.data.fsn, chk->rec.data.mid);
433 snprintf(msg, sizeof(msg),
434 "Reass %x,CI:%x,TSN=%8.8x,SID=%4.4x,FSN=%4.4x,SSN:%4.4x",
436 control->fsn_included,
440 (uint16_t)chk->rec.data.mid);
442 oper = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
443 sctp_m_freem(chk->data);
445 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
446 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_1;
447 sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED);
452 sctp_clean_up_control(struct sctp_tcb *stcb, struct sctp_queued_to_read *control)
455 * The control could not be placed and must be cleaned.
457 struct sctp_tmit_chunk *chk, *nchk;
459 TAILQ_FOREACH_SAFE(chk, &control->reasm, sctp_next, nchk) {
460 TAILQ_REMOVE(&control->reasm, chk, sctp_next);
462 sctp_m_freem(chk->data);
464 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
466 sctp_free_a_readq(stcb, control);
470 * Queue the chunk either right into the socket buffer if it is the next one
471 * to go OR put it in the correct place in the delivery queue. If we do
472 * append to the so_buf, keep doing so until we are out of order as
473 * long as the control's entered are non-fragmented.
476 sctp_queue_data_to_stream(struct sctp_tcb *stcb,
477 struct sctp_association *asoc,
478 struct sctp_queued_to_read *control, int *abort_flag, int *need_reasm)
481 * FIX-ME maybe? What happens when the ssn wraps? If we are getting
482 * all the data in one stream this could happen quite rapidly. One
483 * could use the TSN to keep track of things, but this scheme breaks
484 * down in the other type of stream usage that could occur. Send a
485 * single msg to stream 0, send 4Billion messages to stream 1, now
486 * send a message to stream 0. You have a situation where the TSN
487 * has wrapped but not in the stream. Is this worth worrying about
488 * or should we just change our queue sort at the bottom to be by
491 * Could it also be legal for a peer to send ssn 1 with TSN 2 and
492 * ssn 2 with TSN 1? If the peer is doing some sort of funky TSN/SSN
493 * assignment this could happen... and I don't see how this would be
494 * a violation. So for now I am undecided an will leave the sort by
495 * SSN alone. Maybe a hybred approach is the answer
498 struct sctp_queued_to_read *at;
502 struct sctp_stream_in *strm;
503 char msg[SCTP_DIAG_INFO_LEN];
505 strm = &asoc->strmin[control->sinfo_stream];
506 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
507 sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_INTO_STRD);
509 if (SCTP_MID_GT((asoc->idata_supported), strm->last_mid_delivered, control->mid)) {
510 /* The incoming sseq is behind where we last delivered? */
511 SCTPDBG(SCTP_DEBUG_INDATA1, "Duplicate S-SEQ: %u delivered: %u from peer, Abort association\n",
512 strm->last_mid_delivered, control->mid);
514 * throw it in the stream so it gets cleaned up in
515 * association destruction
517 TAILQ_INSERT_HEAD(&strm->inqueue, control, next_instrm);
518 if (asoc->idata_supported) {
519 snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x",
520 strm->last_mid_delivered, control->sinfo_tsn,
521 control->sinfo_stream, control->mid);
523 snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x",
524 (uint16_t)strm->last_mid_delivered,
526 control->sinfo_stream,
527 (uint16_t)control->mid);
529 op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
530 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_2;
531 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
537 asoc->size_on_all_streams += control->length;
538 sctp_ucount_incr(asoc->cnt_on_all_streams);
539 nxt_todel = strm->last_mid_delivered + 1;
540 if (SCTP_MID_EQ(asoc->idata_supported, nxt_todel, control->mid)) {
541 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
544 so = SCTP_INP_SO(stcb->sctp_ep);
545 atomic_add_int(&stcb->asoc.refcnt, 1);
546 SCTP_TCB_UNLOCK(stcb);
547 SCTP_SOCKET_LOCK(so, 1);
549 atomic_subtract_int(&stcb->asoc.refcnt, 1);
550 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
551 SCTP_SOCKET_UNLOCK(so, 1);
555 /* can be delivered right away? */
556 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
557 sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_IMMED_DEL);
559 /* EY it wont be queued if it could be delivered directly */
561 asoc->size_on_all_streams -= control->length;
562 sctp_ucount_decr(asoc->cnt_on_all_streams);
563 strm->last_mid_delivered++;
564 sctp_mark_non_revokable(asoc, control->sinfo_tsn);
565 sctp_add_to_readq(stcb->sctp_ep, stcb,
567 &stcb->sctp_socket->so_rcv, 1,
568 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_LOCKED);
569 TAILQ_FOREACH_SAFE(control, &strm->inqueue, next_instrm, at) {
571 nxt_todel = strm->last_mid_delivered + 1;
572 if (SCTP_MID_EQ(asoc->idata_supported, nxt_todel, control->mid) &&
573 (((control->sinfo_flags >> 8) & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG)) {
574 asoc->size_on_all_streams -= control->length;
575 sctp_ucount_decr(asoc->cnt_on_all_streams);
576 if (control->on_strm_q == SCTP_ON_ORDERED) {
577 TAILQ_REMOVE(&strm->inqueue, control, next_instrm);
580 panic("Huh control: %p is on_strm_q: %d",
581 control, control->on_strm_q);
584 control->on_strm_q = 0;
585 strm->last_mid_delivered++;
587 * We ignore the return of deliver_data here
588 * since we always can hold the chunk on the
589 * d-queue. And we have a finite number that
590 * can be delivered from the strq.
592 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
593 sctp_log_strm_del(control, NULL,
594 SCTP_STR_LOG_FROM_IMMED_DEL);
596 sctp_mark_non_revokable(asoc, control->sinfo_tsn);
597 sctp_add_to_readq(stcb->sctp_ep, stcb,
599 &stcb->sctp_socket->so_rcv, 1,
600 SCTP_READ_LOCK_NOT_HELD,
603 } else if (SCTP_MID_EQ(asoc->idata_supported, nxt_todel, control->mid)) {
608 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
609 SCTP_SOCKET_UNLOCK(so, 1);
614 * Ok, we did not deliver this guy, find the correct place
615 * to put it on the queue.
617 if (sctp_place_control_in_stream(strm, asoc, control)) {
618 snprintf(msg, sizeof(msg),
619 "Queue to str MID: %u duplicate",
621 sctp_clean_up_control(stcb, control);
622 op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
623 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_3;
624 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
632 sctp_setup_tail_pointer(struct sctp_queued_to_read *control)
634 struct mbuf *m, *prev = NULL;
635 struct sctp_tcb *stcb;
637 stcb = control->stcb;
638 control->held_length = 0;
642 if (SCTP_BUF_LEN(m) == 0) {
643 /* Skip mbufs with NO length */
646 control->data = sctp_m_free(m);
649 SCTP_BUF_NEXT(prev) = sctp_m_free(m);
650 m = SCTP_BUF_NEXT(prev);
653 control->tail_mbuf = prev;
658 atomic_add_int(&control->length, SCTP_BUF_LEN(m));
659 if (control->on_read_q) {
661 * On read queue so we must increment the SB stuff,
662 * we assume caller has done any locks of SB.
664 sctp_sballoc(stcb, &stcb->sctp_socket->so_rcv, m);
666 m = SCTP_BUF_NEXT(m);
669 control->tail_mbuf = prev;
674 sctp_add_to_tail_pointer(struct sctp_queued_to_read *control, struct mbuf *m)
676 struct mbuf *prev = NULL;
677 struct sctp_tcb *stcb;
679 stcb = control->stcb;
682 panic("Control broken");
687 if (control->tail_mbuf == NULL) {
690 sctp_setup_tail_pointer(control);
693 control->tail_mbuf->m_next = m;
695 if (SCTP_BUF_LEN(m) == 0) {
696 /* Skip mbufs with NO length */
699 control->tail_mbuf->m_next = sctp_m_free(m);
700 m = control->tail_mbuf->m_next;
702 SCTP_BUF_NEXT(prev) = sctp_m_free(m);
703 m = SCTP_BUF_NEXT(prev);
706 control->tail_mbuf = prev;
711 if (control->on_read_q) {
713 * On read queue so we must increment the SB stuff,
714 * we assume caller has done any locks of SB.
716 sctp_sballoc(stcb, &stcb->sctp_socket->so_rcv, m);
718 atomic_add_int(&control->length, SCTP_BUF_LEN(m));
719 m = SCTP_BUF_NEXT(m);
722 control->tail_mbuf = prev;
727 sctp_build_readq_entry_from_ctl(struct sctp_queued_to_read *nc, struct sctp_queued_to_read *control)
729 memset(nc, 0, sizeof(struct sctp_queued_to_read));
730 nc->sinfo_stream = control->sinfo_stream;
731 nc->mid = control->mid;
732 TAILQ_INIT(&nc->reasm);
733 nc->top_fsn = control->top_fsn;
734 nc->mid = control->mid;
735 nc->sinfo_flags = control->sinfo_flags;
736 nc->sinfo_ppid = control->sinfo_ppid;
737 nc->sinfo_context = control->sinfo_context;
738 nc->fsn_included = 0xffffffff;
739 nc->sinfo_tsn = control->sinfo_tsn;
740 nc->sinfo_cumtsn = control->sinfo_cumtsn;
741 nc->sinfo_assoc_id = control->sinfo_assoc_id;
742 nc->whoFrom = control->whoFrom;
743 atomic_add_int(&nc->whoFrom->ref_count, 1);
744 nc->stcb = control->stcb;
745 nc->port_from = control->port_from;
749 sctp_reset_a_control(struct sctp_queued_to_read *control,
750 struct sctp_inpcb *inp, uint32_t tsn)
752 control->fsn_included = tsn;
753 if (control->on_read_q) {
755 * We have to purge it from there, hopefully this will work
758 TAILQ_REMOVE(&inp->read_queue, control, next);
759 control->on_read_q = 0;
764 sctp_handle_old_unordered_data(struct sctp_tcb *stcb,
765 struct sctp_association *asoc,
766 struct sctp_stream_in *strm,
767 struct sctp_queued_to_read *control,
769 int inp_read_lock_held)
772 * Special handling for the old un-ordered data chunk. All the
773 * chunks/TSN's go to mid 0. So we have to do the old style watching
774 * to see if we have it all. If you return one, no other control
775 * entries on the un-ordered queue will be looked at. In theory
776 * there should be no others entries in reality, unless the guy is
777 * sending both unordered NDATA and unordered DATA...
779 struct sctp_tmit_chunk *chk, *lchk, *tchk;
781 struct sctp_queued_to_read *nc;
784 if (control->first_frag_seen == 0) {
785 /* Nothing we can do, we have not seen the first piece yet */
788 /* Collapse any we can */
791 fsn = control->fsn_included + 1;
792 /* Now what can we add? */
793 TAILQ_FOREACH_SAFE(chk, &control->reasm, sctp_next, lchk) {
794 if (chk->rec.data.fsn == fsn) {
796 sctp_alloc_a_readq(stcb, nc);
800 memset(nc, 0, sizeof(struct sctp_queued_to_read));
801 TAILQ_REMOVE(&control->reasm, chk, sctp_next);
802 sctp_add_chk_to_control(control, strm, stcb, asoc, chk, SCTP_READ_LOCK_NOT_HELD);
806 if (control->end_added) {
808 if (!TAILQ_EMPTY(&control->reasm)) {
810 * Ok we have to move anything left
811 * on the control queue to a new
814 sctp_build_readq_entry_from_ctl(nc, control);
815 tchk = TAILQ_FIRST(&control->reasm);
816 if (tchk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
817 TAILQ_REMOVE(&control->reasm, tchk, sctp_next);
818 asoc->size_on_reasm_queue -= tchk->send_size;
819 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
820 nc->first_frag_seen = 1;
821 nc->fsn_included = tchk->rec.data.fsn;
822 nc->data = tchk->data;
823 nc->sinfo_ppid = tchk->rec.data.ppid;
824 nc->sinfo_tsn = tchk->rec.data.tsn;
825 sctp_mark_non_revokable(asoc, tchk->rec.data.tsn);
827 sctp_free_a_chunk(stcb, tchk, SCTP_SO_NOT_LOCKED);
828 sctp_setup_tail_pointer(nc);
829 tchk = TAILQ_FIRST(&control->reasm);
831 /* Spin the rest onto the queue */
833 TAILQ_REMOVE(&control->reasm, tchk, sctp_next);
834 TAILQ_INSERT_TAIL(&nc->reasm, tchk, sctp_next);
835 tchk = TAILQ_FIRST(&control->reasm);
838 * Now lets add it to the queue
839 * after removing control
841 TAILQ_INSERT_TAIL(&strm->uno_inqueue, nc, next_instrm);
842 nc->on_strm_q = SCTP_ON_UNORDERED;
843 if (control->on_strm_q) {
844 TAILQ_REMOVE(&strm->uno_inqueue, control, next_instrm);
845 control->on_strm_q = 0;
848 if (control->pdapi_started) {
849 strm->pd_api_started = 0;
850 control->pdapi_started = 0;
852 if (control->on_strm_q) {
853 TAILQ_REMOVE(&strm->uno_inqueue, control, next_instrm);
854 control->on_strm_q = 0;
855 SCTP_STAT_INCR_COUNTER64(sctps_reasmusrmsgs);
857 if (control->on_read_q == 0) {
858 sctp_add_to_readq(stcb->sctp_ep, stcb, control,
859 &stcb->sctp_socket->so_rcv, control->end_added,
860 inp_read_lock_held, SCTP_SO_NOT_LOCKED);
862 sctp_wakeup_the_read_socket(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED);
863 if ((nc->first_frag_seen) && !TAILQ_EMPTY(&nc->reasm)) {
865 * Switch to the new guy and
871 if (nc->on_strm_q == 0) {
872 sctp_free_a_readq(stcb, nc);
877 sctp_free_a_readq(stcb, nc);
884 if ((control->length > pd_point) && (strm->pd_api_started == 0)) {
885 strm->pd_api_started = 1;
886 control->pdapi_started = 1;
887 sctp_add_to_readq(stcb->sctp_ep, stcb, control,
888 &stcb->sctp_socket->so_rcv, control->end_added,
889 inp_read_lock_held, SCTP_SO_NOT_LOCKED);
890 sctp_wakeup_the_read_socket(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED);
898 sctp_inject_old_unordered_data(struct sctp_tcb *stcb,
899 struct sctp_association *asoc,
900 struct sctp_queued_to_read *control,
901 struct sctp_tmit_chunk *chk,
904 struct sctp_tmit_chunk *at;
908 * Here we need to place the chunk into the control structure sorted
909 * in the correct order.
911 if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
912 /* Its the very first one. */
913 SCTPDBG(SCTP_DEBUG_XXX,
914 "chunk is a first fsn: %u becomes fsn_included\n",
916 if (control->first_frag_seen) {
918 * In old un-ordered we can reassembly on one
919 * control multiple messages. As long as the next
920 * FIRST is greater then the old first (TSN i.e. FSN
926 if (SCTP_TSN_GT(chk->rec.data.fsn, control->fsn_included)) {
928 * Easy way the start of a new guy beyond
933 if ((chk->rec.data.fsn == control->fsn_included) ||
934 (control->pdapi_started)) {
936 * Ok this should not happen, if it does we
937 * started the pd-api on the higher TSN
938 * (since the equals part is a TSN failure
941 * We are completly hosed in that case since
942 * I have no way to recover. This really
943 * will only happen if we can get more TSN's
944 * higher before the pd-api-point.
946 sctp_abort_in_reasm(stcb, control, chk,
948 SCTP_FROM_SCTP_INDATA + SCTP_LOC_4);
953 * Ok we have two firsts and the one we just got is
954 * smaller than the one we previously placed.. yuck!
955 * We must swap them out.
958 tdata = control->data;
959 control->data = chk->data;
961 /* Save the lengths */
962 chk->send_size = control->length;
963 /* Recompute length of control and tail pointer */
964 sctp_setup_tail_pointer(control);
965 /* Fix the FSN included */
966 tmp = control->fsn_included;
967 control->fsn_included = chk->rec.data.fsn;
968 chk->rec.data.fsn = tmp;
969 /* Fix the TSN included */
970 tmp = control->sinfo_tsn;
971 control->sinfo_tsn = chk->rec.data.tsn;
972 chk->rec.data.tsn = tmp;
973 /* Fix the PPID included */
974 tmp = control->sinfo_ppid;
975 control->sinfo_ppid = chk->rec.data.ppid;
976 chk->rec.data.ppid = tmp;
977 /* Fix tail pointer */
980 control->first_frag_seen = 1;
981 control->fsn_included = chk->rec.data.fsn;
982 control->top_fsn = chk->rec.data.fsn;
983 control->sinfo_tsn = chk->rec.data.tsn;
984 control->sinfo_ppid = chk->rec.data.ppid;
985 control->data = chk->data;
986 sctp_mark_non_revokable(asoc, chk->rec.data.tsn);
988 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
989 sctp_setup_tail_pointer(control);
994 TAILQ_FOREACH(at, &control->reasm, sctp_next) {
995 if (SCTP_TSN_GT(at->rec.data.fsn, chk->rec.data.fsn)) {
997 * This one in queue is bigger than the new one,
998 * insert the new one before at.
1000 asoc->size_on_reasm_queue += chk->send_size;
1001 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
1003 TAILQ_INSERT_BEFORE(at, chk, sctp_next);
1005 } else if (at->rec.data.fsn == chk->rec.data.fsn) {
1007 * They sent a duplicate fsn number. This really
1008 * should not happen since the FSN is a TSN and it
1009 * should have been dropped earlier.
1011 sctp_abort_in_reasm(stcb, control, chk,
1013 SCTP_FROM_SCTP_INDATA + SCTP_LOC_5);
1017 if (inserted == 0) {
1018 /* Its at the end */
1019 asoc->size_on_reasm_queue += chk->send_size;
1020 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
1021 control->top_fsn = chk->rec.data.fsn;
1022 TAILQ_INSERT_TAIL(&control->reasm, chk, sctp_next);
1027 sctp_deliver_reasm_check(struct sctp_tcb *stcb, struct sctp_association *asoc,
1028 struct sctp_stream_in *strm, int inp_read_lock_held)
1031 * Given a stream, strm, see if any of the SSN's on it that are
1032 * fragmented are ready to deliver. If so go ahead and place them on
1033 * the read queue. In so placing if we have hit the end, then we
1034 * need to remove them from the stream's queue.
1036 struct sctp_queued_to_read *control, *nctl = NULL;
1037 uint32_t next_to_del;
1041 if (stcb->sctp_socket) {
1042 pd_point = min(SCTP_SB_LIMIT_RCV(stcb->sctp_socket) >> SCTP_PARTIAL_DELIVERY_SHIFT,
1043 stcb->sctp_ep->partial_delivery_point);
1045 pd_point = stcb->sctp_ep->partial_delivery_point;
1047 control = TAILQ_FIRST(&strm->uno_inqueue);
1049 if ((control != NULL) &&
1050 (asoc->idata_supported == 0)) {
1051 /* Special handling needed for "old" data format */
1052 if (sctp_handle_old_unordered_data(stcb, asoc, strm, control, pd_point, inp_read_lock_held)) {
1056 if (strm->pd_api_started) {
1057 /* Can't add more */
1061 SCTPDBG(SCTP_DEBUG_XXX, "Looking at control: %p e(%d) ssn: %u top_fsn: %u inc_fsn: %u -uo\n",
1062 control, control->end_added, control->mid, control->top_fsn, control->fsn_included);
1063 nctl = TAILQ_NEXT(control, next_instrm);
1064 if (control->end_added) {
1065 /* We just put the last bit on */
1066 if (control->on_strm_q) {
1068 if (control->on_strm_q != SCTP_ON_UNORDERED) {
1069 panic("Huh control: %p on_q: %d -- not unordered?",
1070 control, control->on_strm_q);
1073 SCTP_STAT_INCR_COUNTER64(sctps_reasmusrmsgs);
1074 TAILQ_REMOVE(&strm->uno_inqueue, control, next_instrm);
1075 control->on_strm_q = 0;
1077 if (control->on_read_q == 0) {
1078 sctp_add_to_readq(stcb->sctp_ep, stcb,
1080 &stcb->sctp_socket->so_rcv, control->end_added,
1081 inp_read_lock_held, SCTP_SO_NOT_LOCKED);
1084 /* Can we do a PD-API for this un-ordered guy? */
1085 if ((control->length >= pd_point) && (strm->pd_api_started == 0)) {
1086 strm->pd_api_started = 1;
1087 control->pdapi_started = 1;
1088 sctp_add_to_readq(stcb->sctp_ep, stcb,
1090 &stcb->sctp_socket->so_rcv, control->end_added,
1091 inp_read_lock_held, SCTP_SO_NOT_LOCKED);
1099 control = TAILQ_FIRST(&strm->inqueue);
1100 if (strm->pd_api_started) {
1101 /* Can't add more */
1104 if (control == NULL) {
1107 if (SCTP_MID_EQ(asoc->idata_supported, strm->last_mid_delivered, control->mid)) {
1109 * Ok the guy at the top was being partially delivered
1110 * completed, so we remove it. Note the pd_api flag was
1111 * taken off when the chunk was merged on in
1112 * sctp_queue_data_for_reasm below.
1114 nctl = TAILQ_NEXT(control, next_instrm);
1115 SCTPDBG(SCTP_DEBUG_XXX,
1116 "Looking at control: %p e(%d) ssn: %u top_fsn: %u inc_fsn: %u (lastdel: %u)- o\n",
1117 control, control->end_added, control->mid,
1118 control->top_fsn, control->fsn_included,
1119 strm->last_mid_delivered);
1120 if (control->end_added) {
1121 if (control->on_strm_q) {
1123 if (control->on_strm_q != SCTP_ON_ORDERED) {
1124 panic("Huh control: %p on_q: %d -- not ordered?",
1125 control, control->on_strm_q);
1128 SCTP_STAT_INCR_COUNTER64(sctps_reasmusrmsgs);
1129 TAILQ_REMOVE(&strm->inqueue, control, next_instrm);
1130 control->on_strm_q = 0;
1132 if (strm->pd_api_started && control->pdapi_started) {
1133 control->pdapi_started = 0;
1134 strm->pd_api_started = 0;
1136 if (control->on_read_q == 0) {
1137 sctp_add_to_readq(stcb->sctp_ep, stcb,
1139 &stcb->sctp_socket->so_rcv, control->end_added,
1140 inp_read_lock_held, SCTP_SO_NOT_LOCKED);
1145 if (strm->pd_api_started) {
1147 * Can't add more must have gotten an un-ordered above being
1148 * partially delivered.
1153 next_to_del = strm->last_mid_delivered + 1;
1155 SCTPDBG(SCTP_DEBUG_XXX,
1156 "Looking at control: %p e(%d) ssn: %u top_fsn: %u inc_fsn: %u (nxtdel: %u)- o\n",
1157 control, control->end_added, control->mid, control->top_fsn, control->fsn_included,
1159 nctl = TAILQ_NEXT(control, next_instrm);
1160 if (SCTP_MID_EQ(asoc->idata_supported, control->mid, next_to_del) &&
1161 (control->first_frag_seen)) {
1164 /* Ok we can deliver it onto the stream. */
1165 if (control->end_added) {
1166 /* We are done with it afterwards */
1167 if (control->on_strm_q) {
1169 if (control->on_strm_q != SCTP_ON_ORDERED) {
1170 panic("Huh control: %p on_q: %d -- not ordered?",
1171 control, control->on_strm_q);
1174 SCTP_STAT_INCR_COUNTER64(sctps_reasmusrmsgs);
1175 TAILQ_REMOVE(&strm->inqueue, control, next_instrm);
1176 control->on_strm_q = 0;
1180 if (((control->sinfo_flags >> 8) & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG) {
1182 * A singleton now slipping through - mark
1183 * it non-revokable too
1185 sctp_mark_non_revokable(asoc, control->sinfo_tsn);
1186 } else if (control->end_added == 0) {
1188 * Check if we can defer adding until its
1191 if ((control->length < pd_point) || (strm->pd_api_started)) {
1193 * Don't need it or cannot add more
1194 * (one being delivered that way)
1199 done = (control->end_added) && (control->last_frag_seen);
1200 if (control->on_read_q == 0) {
1201 sctp_add_to_readq(stcb->sctp_ep, stcb,
1203 &stcb->sctp_socket->so_rcv, control->end_added,
1204 inp_read_lock_held, SCTP_SO_NOT_LOCKED);
1206 strm->last_mid_delivered = next_to_del;
1211 /* We are now doing PD API */
1212 strm->pd_api_started = 1;
1213 control->pdapi_started = 1;
1223 sctp_add_chk_to_control(struct sctp_queued_to_read *control,
1224 struct sctp_stream_in *strm,
1225 struct sctp_tcb *stcb, struct sctp_association *asoc,
1226 struct sctp_tmit_chunk *chk, int hold_rlock)
1229 * Given a control and a chunk, merge the data from the chk onto the
1230 * control and free up the chunk resources.
1234 if (control->on_read_q && (hold_rlock == 0)) {
1236 * Its being pd-api'd so we must do some locks.
1238 SCTP_INP_READ_LOCK(stcb->sctp_ep);
1241 if (control->data == NULL) {
1242 control->data = chk->data;
1243 sctp_setup_tail_pointer(control);
1245 sctp_add_to_tail_pointer(control, chk->data);
1247 control->fsn_included = chk->rec.data.fsn;
1248 asoc->size_on_reasm_queue -= chk->send_size;
1249 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
1250 sctp_mark_non_revokable(asoc, chk->rec.data.tsn);
1252 if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
1253 control->first_frag_seen = 1;
1254 control->sinfo_tsn = chk->rec.data.tsn;
1255 control->sinfo_ppid = chk->rec.data.ppid;
1257 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) {
1259 if ((control->on_strm_q) && (control->on_read_q)) {
1260 if (control->pdapi_started) {
1261 control->pdapi_started = 0;
1262 strm->pd_api_started = 0;
1264 if (control->on_strm_q == SCTP_ON_UNORDERED) {
1266 TAILQ_REMOVE(&strm->uno_inqueue, control, next_instrm);
1267 control->on_strm_q = 0;
1268 } else if (control->on_strm_q == SCTP_ON_ORDERED) {
1270 TAILQ_REMOVE(&strm->inqueue, control, next_instrm);
1271 control->on_strm_q = 0;
1273 } else if (control->on_strm_q) {
1274 panic("Unknown state on ctrl: %p on_strm_q: %d", control,
1275 control->on_strm_q);
1279 control->end_added = 1;
1280 control->last_frag_seen = 1;
1283 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
1285 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
1289 * Dump onto the re-assembly queue, in its proper place. After dumping on the
1290 * queue, see if anthing can be delivered. If so pull it off (or as much as
1291 * we can. If we run out of space then we must dump what we can and set the
1292 * appropriate flag to say we queued what we could.
1295 sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struct sctp_association *asoc,
1296 struct sctp_queued_to_read *control,
1297 struct sctp_tmit_chunk *chk,
1298 int created_control,
1299 int *abort_flag, uint32_t tsn)
1302 struct sctp_tmit_chunk *at, *nat;
1303 struct sctp_stream_in *strm;
1304 int do_wakeup, unordered;
1306 strm = &asoc->strmin[control->sinfo_stream];
1308 * For old un-ordered data chunks.
1310 if ((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED) {
1315 /* Must be added to the stream-in queue */
1316 if (created_control) {
1317 if (sctp_place_control_in_stream(strm, asoc, control)) {
1318 /* Duplicate SSN? */
1319 sctp_clean_up_control(stcb, control);
1320 sctp_abort_in_reasm(stcb, control, chk,
1322 SCTP_FROM_SCTP_INDATA + SCTP_LOC_6);
1325 if ((tsn == (asoc->cumulative_tsn + 1) && (asoc->idata_supported == 0))) {
1327 * Ok we created this control and now lets validate
1328 * that its legal i.e. there is a B bit set, if not
1329 * and we have up to the cum-ack then its invalid.
1331 if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0) {
1332 sctp_abort_in_reasm(stcb, control, chk,
1334 SCTP_FROM_SCTP_INDATA + SCTP_LOC_7);
1339 if ((asoc->idata_supported == 0) && (unordered == 1)) {
1340 sctp_inject_old_unordered_data(stcb, asoc, control, chk, abort_flag);
1344 * Ok we must queue the chunk into the reasembly portion: o if its
1345 * the first it goes to the control mbuf. o if its not first but the
1346 * next in sequence it goes to the control, and each succeeding one
1347 * in order also goes. o if its not in order we place it on the list
1350 if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
1351 /* Its the very first one. */
1352 SCTPDBG(SCTP_DEBUG_XXX,
1353 "chunk is a first fsn: %u becomes fsn_included\n",
1355 if (control->first_frag_seen) {
1357 * Error on senders part, they either sent us two
1358 * data chunks with FIRST, or they sent two
1359 * un-ordered chunks that were fragmented at the
1360 * same time in the same stream.
1362 sctp_abort_in_reasm(stcb, control, chk,
1364 SCTP_FROM_SCTP_INDATA + SCTP_LOC_8);
1367 control->first_frag_seen = 1;
1368 control->sinfo_ppid = chk->rec.data.ppid;
1369 control->sinfo_tsn = chk->rec.data.tsn;
1370 control->fsn_included = chk->rec.data.fsn;
1371 control->data = chk->data;
1372 sctp_mark_non_revokable(asoc, chk->rec.data.tsn);
1374 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
1375 sctp_setup_tail_pointer(control);
1377 /* Place the chunk in our list */
1380 if (control->last_frag_seen == 0) {
1381 /* Still willing to raise highest FSN seen */
1382 if (SCTP_TSN_GT(chk->rec.data.fsn, control->top_fsn)) {
1383 SCTPDBG(SCTP_DEBUG_XXX,
1384 "We have a new top_fsn: %u\n",
1386 control->top_fsn = chk->rec.data.fsn;
1388 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) {
1389 SCTPDBG(SCTP_DEBUG_XXX,
1390 "The last fsn is now in place fsn: %u\n",
1392 control->last_frag_seen = 1;
1394 if (asoc->idata_supported || control->first_frag_seen) {
1396 * For IDATA we always check since we know
1397 * that the first fragment is 0. For old
1398 * DATA we have to receive the first before
1399 * we know the first FSN (which is the TSN).
1401 if (SCTP_TSN_GE(control->fsn_included, chk->rec.data.fsn)) {
1403 * We have already delivered up to
1406 sctp_abort_in_reasm(stcb, control, chk,
1408 SCTP_FROM_SCTP_INDATA + SCTP_LOC_9);
1413 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) {
1414 /* Second last? huh? */
1415 SCTPDBG(SCTP_DEBUG_XXX,
1416 "Duplicate last fsn: %u (top: %u) -- abort\n",
1417 chk->rec.data.fsn, control->top_fsn);
1418 sctp_abort_in_reasm(stcb, control,
1420 SCTP_FROM_SCTP_INDATA + SCTP_LOC_10);
1423 if (asoc->idata_supported || control->first_frag_seen) {
1425 * For IDATA we always check since we know
1426 * that the first fragment is 0. For old
1427 * DATA we have to receive the first before
1428 * we know the first FSN (which is the TSN).
1431 if (SCTP_TSN_GE(control->fsn_included, chk->rec.data.fsn)) {
1433 * We have already delivered up to
1436 SCTPDBG(SCTP_DEBUG_XXX,
1437 "New fsn: %u is already seen in included_fsn: %u -- abort\n",
1438 chk->rec.data.fsn, control->fsn_included);
1439 sctp_abort_in_reasm(stcb, control, chk,
1441 SCTP_FROM_SCTP_INDATA + SCTP_LOC_11);
1446 * validate not beyond top FSN if we have seen last
1449 if (SCTP_TSN_GT(chk->rec.data.fsn, control->top_fsn)) {
1450 SCTPDBG(SCTP_DEBUG_XXX,
1451 "New fsn: %u is beyond or at top_fsn: %u -- abort\n",
1454 sctp_abort_in_reasm(stcb, control, chk,
1456 SCTP_FROM_SCTP_INDATA + SCTP_LOC_12);
1461 * If we reach here, we need to place the new chunk in the
1462 * reassembly for this control.
1464 SCTPDBG(SCTP_DEBUG_XXX,
1465 "chunk is a not first fsn: %u needs to be inserted\n",
1467 TAILQ_FOREACH(at, &control->reasm, sctp_next) {
1468 if (SCTP_TSN_GT(at->rec.data.fsn, chk->rec.data.fsn)) {
1470 * This one in queue is bigger than the new
1471 * one, insert the new one before at.
1473 SCTPDBG(SCTP_DEBUG_XXX,
1474 "Insert it before fsn: %u\n",
1476 asoc->size_on_reasm_queue += chk->send_size;
1477 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
1478 TAILQ_INSERT_BEFORE(at, chk, sctp_next);
1481 } else if (at->rec.data.fsn == chk->rec.data.fsn) {
1483 * Gak, He sent me a duplicate str seq
1487 * foo bar, I guess I will just free this
1488 * new guy, should we abort too? FIX ME
1489 * MAYBE? Or it COULD be that the SSN's have
1490 * wrapped. Maybe I should compare to TSN
1491 * somehow... sigh for now just blow away
1494 SCTPDBG(SCTP_DEBUG_XXX,
1495 "Duplicate to fsn: %u -- abort\n",
1497 sctp_abort_in_reasm(stcb, control,
1499 SCTP_FROM_SCTP_INDATA + SCTP_LOC_13);
1503 if (inserted == 0) {
1504 /* Goes on the end */
1505 SCTPDBG(SCTP_DEBUG_XXX, "Inserting at tail of list fsn: %u\n",
1507 asoc->size_on_reasm_queue += chk->send_size;
1508 sctp_ucount_incr(asoc->cnt_on_reasm_queue);
1509 TAILQ_INSERT_TAIL(&control->reasm, chk, sctp_next);
1513 * Ok lets see if we can suck any up into the control structure that
1514 * are in seq if it makes sense.
1518 * If the first fragment has not been seen there is no sense in
1521 if (control->first_frag_seen) {
1522 next_fsn = control->fsn_included + 1;
1523 TAILQ_FOREACH_SAFE(at, &control->reasm, sctp_next, nat) {
1524 if (at->rec.data.fsn == next_fsn) {
1525 /* We can add this one now to the control */
1526 SCTPDBG(SCTP_DEBUG_XXX,
1527 "Adding more to control: %p at: %p fsn: %u next_fsn: %u included: %u\n",
1530 next_fsn, control->fsn_included);
1531 TAILQ_REMOVE(&control->reasm, at, sctp_next);
1532 sctp_add_chk_to_control(control, strm, stcb, asoc, at, SCTP_READ_LOCK_NOT_HELD);
1533 if (control->on_read_q) {
1537 if (control->end_added && control->pdapi_started) {
1538 if (strm->pd_api_started) {
1539 strm->pd_api_started = 0;
1540 control->pdapi_started = 0;
1542 if (control->on_read_q == 0) {
1543 sctp_add_to_readq(stcb->sctp_ep, stcb,
1545 &stcb->sctp_socket->so_rcv, control->end_added,
1546 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
1557 /* Need to wakeup the reader */
1558 sctp_wakeup_the_read_socket(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED);
1562 static struct sctp_queued_to_read *
1563 sctp_find_reasm_entry(struct sctp_stream_in *strm, uint32_t mid, int ordered, int idata_supported)
1565 struct sctp_queued_to_read *control;
1568 TAILQ_FOREACH(control, &strm->inqueue, next_instrm) {
1569 if (SCTP_MID_EQ(idata_supported, control->mid, mid)) {
1574 if (idata_supported) {
1575 TAILQ_FOREACH(control, &strm->uno_inqueue, next_instrm) {
1576 if (SCTP_MID_EQ(idata_supported, control->mid, mid)) {
1581 control = TAILQ_FIRST(&strm->uno_inqueue);
1588 sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc,
1589 struct mbuf **m, int offset, int chk_length,
1590 struct sctp_nets *net, uint32_t *high_tsn, int *abort_flag,
1591 int *break_flag, int last_chunk, uint8_t chk_type)
1593 /* Process a data chunk */
1594 /* struct sctp_tmit_chunk *chk; */
1595 struct sctp_tmit_chunk *chk;
1596 uint32_t tsn, fsn, gap, mid;
1599 int need_reasm_check = 0;
1601 struct mbuf *op_err;
1602 char msg[SCTP_DIAG_INFO_LEN];
1603 struct sctp_queued_to_read *control = NULL;
1606 struct sctp_stream_reset_list *liste;
1609 int created_control = 0;
1611 if (chk_type == SCTP_IDATA) {
1612 struct sctp_idata_chunk *chunk, chunk_buf;
1614 chunk = (struct sctp_idata_chunk *)sctp_m_getptr(*m, offset,
1615 sizeof(struct sctp_idata_chunk), (uint8_t *)&chunk_buf);
1616 chk_flags = chunk->ch.chunk_flags;
1617 clen = sizeof(struct sctp_idata_chunk);
1618 tsn = ntohl(chunk->dp.tsn);
1619 sid = ntohs(chunk->dp.sid);
1620 mid = ntohl(chunk->dp.mid);
1621 if (chk_flags & SCTP_DATA_FIRST_FRAG) {
1623 ppid = chunk->dp.ppid_fsn.ppid;
1625 fsn = ntohl(chunk->dp.ppid_fsn.fsn);
1626 ppid = 0xffffffff; /* Use as an invalid value. */
1629 struct sctp_data_chunk *chunk, chunk_buf;
1631 chunk = (struct sctp_data_chunk *)sctp_m_getptr(*m, offset,
1632 sizeof(struct sctp_data_chunk), (uint8_t *)&chunk_buf);
1633 chk_flags = chunk->ch.chunk_flags;
1634 clen = sizeof(struct sctp_data_chunk);
1635 tsn = ntohl(chunk->dp.tsn);
1636 sid = ntohs(chunk->dp.sid);
1637 mid = (uint32_t)(ntohs(chunk->dp.ssn));
1639 ppid = chunk->dp.ppid;
1641 if ((size_t)chk_length == clen) {
1643 * Need to send an abort since we had a empty data chunk.
1645 op_err = sctp_generate_no_user_data_cause(tsn);
1646 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_14;
1647 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
1651 if ((chk_flags & SCTP_DATA_SACK_IMMEDIATELY) == SCTP_DATA_SACK_IMMEDIATELY) {
1652 asoc->send_sack = 1;
1654 ordered = ((chk_flags & SCTP_DATA_UNORDERED) == 0);
1655 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
1656 sctp_log_map(tsn, asoc->cumulative_tsn, asoc->highest_tsn_inside_map, SCTP_MAP_TSN_ENTERS);
1661 SCTP_LTRACE_CHK(stcb->sctp_ep, stcb, chk_type, tsn);
1662 if (SCTP_TSN_GE(asoc->cumulative_tsn, tsn)) {
1663 /* It is a duplicate */
1664 SCTP_STAT_INCR(sctps_recvdupdata);
1665 if (asoc->numduptsns < SCTP_MAX_DUP_TSNS) {
1666 /* Record a dup for the next outbound sack */
1667 asoc->dup_tsns[asoc->numduptsns] = tsn;
1670 asoc->send_sack = 1;
1673 /* Calculate the number of TSN's between the base and this TSN */
1674 SCTP_CALC_TSN_TO_GAP(gap, tsn, asoc->mapping_array_base_tsn);
1675 if (gap >= (SCTP_MAPPING_ARRAY << 3)) {
1676 /* Can't hold the bit in the mapping at max array, toss it */
1679 if (gap >= (uint32_t)(asoc->mapping_array_size << 3)) {
1680 SCTP_TCB_LOCK_ASSERT(stcb);
1681 if (sctp_expand_mapping_array(asoc, gap)) {
1682 /* Can't expand, drop it */
1686 if (SCTP_TSN_GT(tsn, *high_tsn)) {
1689 /* See if we have received this one already */
1690 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap) ||
1691 SCTP_IS_TSN_PRESENT(asoc->nr_mapping_array, gap)) {
1692 SCTP_STAT_INCR(sctps_recvdupdata);
1693 if (asoc->numduptsns < SCTP_MAX_DUP_TSNS) {
1694 /* Record a dup for the next outbound sack */
1695 asoc->dup_tsns[asoc->numduptsns] = tsn;
1698 asoc->send_sack = 1;
1702 * Check to see about the GONE flag, duplicates would cause a sack
1703 * to be sent up above
1705 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
1706 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
1707 (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET))) {
1709 * wait a minute, this guy is gone, there is no longer a
1710 * receiver. Send peer an ABORT!
1712 op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, "");
1713 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
1718 * Now before going further we see if there is room. If NOT then we
1719 * MAY let one through only IF this TSN is the one we are waiting
1720 * for on a partial delivery API.
1723 /* Is the stream valid? */
1724 if (sid >= asoc->streamincnt) {
1725 struct sctp_error_invalid_stream *cause;
1727 op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_error_invalid_stream),
1728 0, M_NOWAIT, 1, MT_DATA);
1729 if (op_err != NULL) {
1730 /* add some space up front so prepend will work well */
1731 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
1732 cause = mtod(op_err, struct sctp_error_invalid_stream *);
1734 * Error causes are just param's and this one has
1735 * two back to back phdr, one with the error type
1736 * and size, the other with the streamid and a rsvd
1738 SCTP_BUF_LEN(op_err) = sizeof(struct sctp_error_invalid_stream);
1739 cause->cause.code = htons(SCTP_CAUSE_INVALID_STREAM);
1740 cause->cause.length = htons(sizeof(struct sctp_error_invalid_stream));
1741 cause->stream_id = htons(sid);
1742 cause->reserved = htons(0);
1743 sctp_queue_op_err(stcb, op_err);
1745 SCTP_STAT_INCR(sctps_badsid);
1746 SCTP_TCB_LOCK_ASSERT(stcb);
1747 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
1748 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1749 asoc->highest_tsn_inside_nr_map = tsn;
1751 if (tsn == (asoc->cumulative_tsn + 1)) {
1752 /* Update cum-ack */
1753 asoc->cumulative_tsn = tsn;
1758 * If its a fragmented message, lets see if we can find the control
1759 * on the reassembly queues.
1761 if ((chk_type == SCTP_IDATA) &&
1762 ((chk_flags & SCTP_DATA_FIRST_FRAG) == 0) &&
1765 * The first *must* be fsn 0, and other (middle/end) pieces
1766 * can *not* be fsn 0. XXX: This can happen in case of a
1767 * wrap around. Ignore is for now.
1769 snprintf(msg, sizeof(msg), "FSN zero for MID=%8.8x, but flags=%2.2x",
1773 control = sctp_find_reasm_entry(&asoc->strmin[sid], mid, ordered, asoc->idata_supported);
1774 SCTPDBG(SCTP_DEBUG_XXX, "chunk_flags:0x%x look for control on queues %p\n",
1775 chk_flags, control);
1776 if ((chk_flags & SCTP_DATA_NOT_FRAG) != SCTP_DATA_NOT_FRAG) {
1777 /* See if we can find the re-assembly entity */
1778 if (control != NULL) {
1779 /* We found something, does it belong? */
1780 if (ordered && (mid != control->mid)) {
1781 snprintf(msg, sizeof(msg), "Reassembly problem (MID=%8.8x)", mid);
1783 op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
1784 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_15;
1785 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
1789 if (ordered && ((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED)) {
1791 * We can't have a switched order with an
1794 snprintf(msg, sizeof(msg), "All fragments of a user message must be ordered or unordered (TSN=%8.8x)",
1798 if (!ordered && (((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED) == 0)) {
1800 * We can't have a switched unordered with a
1803 snprintf(msg, sizeof(msg), "All fragments of a user message must be ordered or unordered (TSN=%8.8x)",
1810 * Its a complete segment. Lets validate we don't have a
1811 * re-assembly going on with the same Stream/Seq (for
1812 * ordered) or in the same Stream for unordered.
1814 if (control != NULL) {
1815 if (ordered || asoc->idata_supported) {
1816 SCTPDBG(SCTP_DEBUG_XXX, "chunk_flags: 0x%x dup detected on MID: %u\n",
1818 snprintf(msg, sizeof(msg), "Duplicate MID=%8.8x detected.", mid);
1821 if ((tsn == control->fsn_included + 1) &&
1822 (control->end_added == 0)) {
1823 snprintf(msg, sizeof(msg), "Illegal message sequence, missing end for MID: %8.8x", control->fsn_included);
1831 /* now do the tests */
1832 if (((asoc->cnt_on_all_streams +
1833 asoc->cnt_on_reasm_queue +
1834 asoc->cnt_msg_on_sb) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)) ||
1835 (((int)asoc->my_rwnd) <= 0)) {
1837 * When we have NO room in the rwnd we check to make sure
1838 * the reader is doing its job...
1840 if (stcb->sctp_socket->so_rcv.sb_cc) {
1841 /* some to read, wake-up */
1842 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1845 so = SCTP_INP_SO(stcb->sctp_ep);
1846 atomic_add_int(&stcb->asoc.refcnt, 1);
1847 SCTP_TCB_UNLOCK(stcb);
1848 SCTP_SOCKET_LOCK(so, 1);
1849 SCTP_TCB_LOCK(stcb);
1850 atomic_subtract_int(&stcb->asoc.refcnt, 1);
1851 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
1852 /* assoc was freed while we were unlocked */
1853 SCTP_SOCKET_UNLOCK(so, 1);
1857 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket);
1858 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
1859 SCTP_SOCKET_UNLOCK(so, 1);
1862 /* now is it in the mapping array of what we have accepted? */
1863 if (chk_type == SCTP_DATA) {
1864 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_map) &&
1865 SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
1866 /* Nope not in the valid range dump it */
1868 sctp_set_rwnd(stcb, asoc);
1869 if ((asoc->cnt_on_all_streams +
1870 asoc->cnt_on_reasm_queue +
1871 asoc->cnt_msg_on_sb) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)) {
1872 SCTP_STAT_INCR(sctps_datadropchklmt);
1874 SCTP_STAT_INCR(sctps_datadroprwnd);
1880 if (control == NULL) {
1883 if (SCTP_TSN_GT(fsn, control->top_fsn)) {
1888 #ifdef SCTP_ASOCLOG_OF_TSNS
1889 SCTP_TCB_LOCK_ASSERT(stcb);
1890 if (asoc->tsn_in_at >= SCTP_TSN_LOG_SIZE) {
1891 asoc->tsn_in_at = 0;
1892 asoc->tsn_in_wrapped = 1;
1894 asoc->in_tsnlog[asoc->tsn_in_at].tsn = tsn;
1895 asoc->in_tsnlog[asoc->tsn_in_at].strm = sid;
1896 asoc->in_tsnlog[asoc->tsn_in_at].seq = mid;
1897 asoc->in_tsnlog[asoc->tsn_in_at].sz = chk_length;
1898 asoc->in_tsnlog[asoc->tsn_in_at].flgs = chunk_flags;
1899 asoc->in_tsnlog[asoc->tsn_in_at].stcb = (void *)stcb;
1900 asoc->in_tsnlog[asoc->tsn_in_at].in_pos = asoc->tsn_in_at;
1901 asoc->in_tsnlog[asoc->tsn_in_at].in_out = 1;
1905 * Before we continue lets validate that we are not being fooled by
1906 * an evil attacker. We can only have Nk chunks based on our TSN
1907 * spread allowed by the mapping array N * 8 bits, so there is no
1908 * way our stream sequence numbers could have wrapped. We of course
1909 * only validate the FIRST fragment so the bit must be set.
1911 if ((chk_flags & SCTP_DATA_FIRST_FRAG) &&
1912 (TAILQ_EMPTY(&asoc->resetHead)) &&
1913 (chk_flags & SCTP_DATA_UNORDERED) == 0 &&
1914 SCTP_MID_GE(asoc->idata_supported, asoc->strmin[sid].last_mid_delivered, mid)) {
1915 /* The incoming sseq is behind where we last delivered? */
1916 SCTPDBG(SCTP_DEBUG_INDATA1, "EVIL/Broken-Dup S-SEQ: %u delivered: %u from peer, Abort!\n",
1917 mid, asoc->strmin[sid].last_mid_delivered);
1919 if (asoc->idata_supported) {
1920 snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x",
1921 asoc->strmin[sid].last_mid_delivered,
1926 snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x",
1927 (uint16_t)asoc->strmin[sid].last_mid_delivered,
1932 op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
1933 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_16;
1934 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
1938 if (chk_type == SCTP_IDATA) {
1939 the_len = (chk_length - sizeof(struct sctp_idata_chunk));
1941 the_len = (chk_length - sizeof(struct sctp_data_chunk));
1943 if (last_chunk == 0) {
1944 if (chk_type == SCTP_IDATA) {
1945 dmbuf = SCTP_M_COPYM(*m,
1946 (offset + sizeof(struct sctp_idata_chunk)),
1949 dmbuf = SCTP_M_COPYM(*m,
1950 (offset + sizeof(struct sctp_data_chunk)),
1953 #ifdef SCTP_MBUF_LOGGING
1954 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
1955 sctp_log_mbc(dmbuf, SCTP_MBUF_ICOPY);
1959 /* We can steal the last chunk */
1963 /* lop off the top part */
1964 if (chk_type == SCTP_IDATA) {
1965 m_adj(dmbuf, (offset + sizeof(struct sctp_idata_chunk)));
1967 m_adj(dmbuf, (offset + sizeof(struct sctp_data_chunk)));
1969 if (SCTP_BUF_NEXT(dmbuf) == NULL) {
1970 l_len = SCTP_BUF_LEN(dmbuf);
1973 * need to count up the size hopefully does not hit
1979 for (lat = dmbuf; lat; lat = SCTP_BUF_NEXT(lat)) {
1980 l_len += SCTP_BUF_LEN(lat);
1983 if (l_len > the_len) {
1984 /* Trim the end round bytes off too */
1985 m_adj(dmbuf, -(l_len - the_len));
1988 if (dmbuf == NULL) {
1989 SCTP_STAT_INCR(sctps_nomem);
1993 * Now no matter what, we need a control, get one if we don't have
1994 * one (we may have gotten it above when we found the message was
1997 if (control == NULL) {
1998 sctp_alloc_a_readq(stcb, control);
1999 sctp_build_readq_entry_mac(control, stcb, asoc->context, net, tsn,
2004 if (control == NULL) {
2005 SCTP_STAT_INCR(sctps_nomem);
2008 if ((chk_flags & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG) {
2009 control->data = dmbuf;
2010 control->tail_mbuf = NULL;
2011 control->end_added = 1;
2012 control->last_frag_seen = 1;
2013 control->first_frag_seen = 1;
2014 control->fsn_included = fsn;
2015 control->top_fsn = fsn;
2017 created_control = 1;
2019 SCTPDBG(SCTP_DEBUG_XXX, "chunk_flags: 0x%x ordered: %d MID: %u control: %p\n",
2020 chk_flags, ordered, mid, control);
2021 if ((chk_flags & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG &&
2022 TAILQ_EMPTY(&asoc->resetHead) &&
2024 (SCTP_MID_EQ(asoc->idata_supported, asoc->strmin[sid].last_mid_delivered + 1, mid) &&
2025 TAILQ_EMPTY(&asoc->strmin[sid].inqueue)))) {
2026 /* Candidate for express delivery */
2028 * Its not fragmented, No PD-API is up, Nothing in the
2029 * delivery queue, Its un-ordered OR ordered and the next to
2030 * deliver AND nothing else is stuck on the stream queue,
2031 * And there is room for it in the socket buffer. Lets just
2032 * stuff it up the buffer....
2034 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
2035 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
2036 asoc->highest_tsn_inside_nr_map = tsn;
2038 SCTPDBG(SCTP_DEBUG_XXX, "Injecting control: %p to be read (MID: %u)\n",
2041 sctp_add_to_readq(stcb->sctp_ep, stcb,
2042 control, &stcb->sctp_socket->so_rcv,
2043 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
2045 if ((chk_flags & SCTP_DATA_UNORDERED) == 0) {
2046 /* for ordered, bump what we delivered */
2047 asoc->strmin[sid].last_mid_delivered++;
2049 SCTP_STAT_INCR(sctps_recvexpress);
2050 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
2051 sctp_log_strm_del_alt(stcb, tsn, mid, sid,
2052 SCTP_STR_LOG_FROM_EXPRS_DEL);
2055 goto finish_express_del;
2057 /* Now will we need a chunk too? */
2058 if ((chk_flags & SCTP_DATA_NOT_FRAG) != SCTP_DATA_NOT_FRAG) {
2059 sctp_alloc_a_chunk(stcb, chk);
2061 /* No memory so we drop the chunk */
2062 SCTP_STAT_INCR(sctps_nomem);
2063 if (last_chunk == 0) {
2064 /* we copied it, free the copy */
2065 sctp_m_freem(dmbuf);
2069 chk->rec.data.tsn = tsn;
2070 chk->no_fr_allowed = 0;
2071 chk->rec.data.fsn = fsn;
2072 chk->rec.data.mid = mid;
2073 chk->rec.data.sid = sid;
2074 chk->rec.data.ppid = ppid;
2075 chk->rec.data.context = stcb->asoc.context;
2076 chk->rec.data.doing_fast_retransmit = 0;
2077 chk->rec.data.rcv_flags = chk_flags;
2079 chk->send_size = the_len;
2081 SCTPDBG(SCTP_DEBUG_XXX, "Building ck: %p for control: %p to be read (MID: %u)\n",
2084 atomic_add_int(&net->ref_count, 1);
2087 /* Set the appropriate TSN mark */
2088 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) {
2089 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap);
2090 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) {
2091 asoc->highest_tsn_inside_nr_map = tsn;
2094 SCTP_SET_TSN_PRESENT(asoc->mapping_array, gap);
2095 if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_map)) {
2096 asoc->highest_tsn_inside_map = tsn;
2099 /* Now is it complete (i.e. not fragmented)? */
2100 if ((chk_flags & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG) {
2102 * Special check for when streams are resetting. We could be
2103 * more smart about this and check the actual stream to see
2104 * if it is not being reset.. that way we would not create a
2105 * HOLB when amongst streams being reset and those not being
2109 if (((liste = TAILQ_FIRST(&asoc->resetHead)) != NULL) &&
2110 SCTP_TSN_GT(tsn, liste->tsn)) {
2112 * yep its past where we need to reset... go ahead
2115 if (TAILQ_EMPTY(&asoc->pending_reply_queue)) {
2117 TAILQ_INSERT_TAIL(&asoc->pending_reply_queue, control, next);
2119 struct sctp_queued_to_read *ctlOn, *nctlOn;
2120 unsigned char inserted = 0;
2122 TAILQ_FOREACH_SAFE(ctlOn, &asoc->pending_reply_queue, next, nctlOn) {
2123 if (SCTP_TSN_GT(control->sinfo_tsn, ctlOn->sinfo_tsn)) {
2128 TAILQ_INSERT_BEFORE(ctlOn, control, next);
2133 if (inserted == 0) {
2135 * must be put at end, use prevP
2136 * (all setup from loop) to setup
2139 TAILQ_INSERT_TAIL(&asoc->pending_reply_queue, control, next);
2142 goto finish_express_del;
2144 if (chk_flags & SCTP_DATA_UNORDERED) {
2145 /* queue directly into socket buffer */
2146 SCTPDBG(SCTP_DEBUG_XXX, "Unordered data to be read control: %p MID: %u\n",
2148 sctp_mark_non_revokable(asoc, control->sinfo_tsn);
2149 sctp_add_to_readq(stcb->sctp_ep, stcb,
2151 &stcb->sctp_socket->so_rcv, 1,
2152 SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
2155 SCTPDBG(SCTP_DEBUG_XXX, "Queue control: %p for reordering MID: %u\n", control,
2157 sctp_queue_data_to_stream(stcb, asoc, control, abort_flag, &need_reasm_check);
2165 goto finish_express_del;
2167 /* If we reach here its a reassembly */
2168 need_reasm_check = 1;
2169 SCTPDBG(SCTP_DEBUG_XXX,
2170 "Queue data to stream for reasm control: %p MID: %u\n",
2172 sctp_queue_data_for_reasm(stcb, asoc, control, chk, created_control, abort_flag, tsn);
2175 * the assoc is now gone and chk was put onto the reasm
2176 * queue, which has all been freed.
2184 /* Here we tidy up things */
2185 if (tsn == (asoc->cumulative_tsn + 1)) {
2186 /* Update cum-ack */
2187 asoc->cumulative_tsn = tsn;
2193 SCTP_STAT_INCR_COUNTER64(sctps_inorderchunks);
2195 SCTP_STAT_INCR_COUNTER64(sctps_inunorderchunks);
2197 SCTP_STAT_INCR(sctps_recvdata);
2198 /* Set it present please */
2199 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) {
2200 sctp_log_strm_del_alt(stcb, tsn, mid, sid, SCTP_STR_LOG_FROM_MARK_TSN);
2202 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2203 sctp_log_map(asoc->mapping_array_base_tsn, asoc->cumulative_tsn,
2204 asoc->highest_tsn_inside_map, SCTP_MAP_PREPARE_SLIDE);
2206 if (need_reasm_check) {
2207 (void)sctp_deliver_reasm_check(stcb, asoc, &asoc->strmin[sid], SCTP_READ_LOCK_NOT_HELD);
2208 need_reasm_check = 0;
2210 /* check the special flag for stream resets */
2211 if (((liste = TAILQ_FIRST(&asoc->resetHead)) != NULL) &&
2212 SCTP_TSN_GE(asoc->cumulative_tsn, liste->tsn)) {
2214 * we have finished working through the backlogged TSN's now
2215 * time to reset streams. 1: call reset function. 2: free
2216 * pending_reply space 3: distribute any chunks in
2217 * pending_reply_queue.
2219 struct sctp_queued_to_read *ctl, *nctl;
2221 sctp_reset_in_stream(stcb, liste->number_entries, liste->list_of_streams);
2222 TAILQ_REMOVE(&asoc->resetHead, liste, next_resp);
2223 sctp_send_deferred_reset_response(stcb, liste, SCTP_STREAM_RESET_RESULT_PERFORMED);
2224 SCTP_FREE(liste, SCTP_M_STRESET);
2225 /* sa_ignore FREED_MEMORY */
2226 liste = TAILQ_FIRST(&asoc->resetHead);
2227 if (TAILQ_EMPTY(&asoc->resetHead)) {
2228 /* All can be removed */
2229 TAILQ_FOREACH_SAFE(ctl, &asoc->pending_reply_queue, next, nctl) {
2230 TAILQ_REMOVE(&asoc->pending_reply_queue, ctl, next);
2231 sctp_queue_data_to_stream(stcb, asoc, ctl, abort_flag, &need_reasm_check);
2235 if (need_reasm_check) {
2236 (void)sctp_deliver_reasm_check(stcb, asoc, &asoc->strmin[ctl->sinfo_stream], SCTP_READ_LOCK_NOT_HELD);
2237 need_reasm_check = 0;
2241 TAILQ_FOREACH_SAFE(ctl, &asoc->pending_reply_queue, next, nctl) {
2242 if (SCTP_TSN_GT(ctl->sinfo_tsn, liste->tsn)) {
2246 * if ctl->sinfo_tsn is <= liste->tsn we can
2247 * process it which is the NOT of
2248 * ctl->sinfo_tsn > liste->tsn
2250 TAILQ_REMOVE(&asoc->pending_reply_queue, ctl, next);
2251 sctp_queue_data_to_stream(stcb, asoc, ctl, abort_flag, &need_reasm_check);
2255 if (need_reasm_check) {
2256 (void)sctp_deliver_reasm_check(stcb, asoc, &asoc->strmin[ctl->sinfo_stream], SCTP_READ_LOCK_NOT_HELD);
2257 need_reasm_check = 0;
2265 static const int8_t sctp_map_lookup_tab[256] = {
2266 0, 1, 0, 2, 0, 1, 0, 3,
2267 0, 1, 0, 2, 0, 1, 0, 4,
2268 0, 1, 0, 2, 0, 1, 0, 3,
2269 0, 1, 0, 2, 0, 1, 0, 5,
2270 0, 1, 0, 2, 0, 1, 0, 3,
2271 0, 1, 0, 2, 0, 1, 0, 4,
2272 0, 1, 0, 2, 0, 1, 0, 3,
2273 0, 1, 0, 2, 0, 1, 0, 6,
2274 0, 1, 0, 2, 0, 1, 0, 3,
2275 0, 1, 0, 2, 0, 1, 0, 4,
2276 0, 1, 0, 2, 0, 1, 0, 3,
2277 0, 1, 0, 2, 0, 1, 0, 5,
2278 0, 1, 0, 2, 0, 1, 0, 3,
2279 0, 1, 0, 2, 0, 1, 0, 4,
2280 0, 1, 0, 2, 0, 1, 0, 3,
2281 0, 1, 0, 2, 0, 1, 0, 7,
2282 0, 1, 0, 2, 0, 1, 0, 3,
2283 0, 1, 0, 2, 0, 1, 0, 4,
2284 0, 1, 0, 2, 0, 1, 0, 3,
2285 0, 1, 0, 2, 0, 1, 0, 5,
2286 0, 1, 0, 2, 0, 1, 0, 3,
2287 0, 1, 0, 2, 0, 1, 0, 4,
2288 0, 1, 0, 2, 0, 1, 0, 3,
2289 0, 1, 0, 2, 0, 1, 0, 6,
2290 0, 1, 0, 2, 0, 1, 0, 3,
2291 0, 1, 0, 2, 0, 1, 0, 4,
2292 0, 1, 0, 2, 0, 1, 0, 3,
2293 0, 1, 0, 2, 0, 1, 0, 5,
2294 0, 1, 0, 2, 0, 1, 0, 3,
2295 0, 1, 0, 2, 0, 1, 0, 4,
2296 0, 1, 0, 2, 0, 1, 0, 3,
2297 0, 1, 0, 2, 0, 1, 0, 8
2302 sctp_slide_mapping_arrays(struct sctp_tcb *stcb)
2305 * Now we also need to check the mapping array in a couple of ways.
2306 * 1) Did we move the cum-ack point?
2308 * When you first glance at this you might think that all entries
2309 * that make up the position of the cum-ack would be in the
2310 * nr-mapping array only.. i.e. things up to the cum-ack are always
2311 * deliverable. Thats true with one exception, when its a fragmented
2312 * message we may not deliver the data until some threshold (or all
2313 * of it) is in place. So we must OR the nr_mapping_array and
2314 * mapping_array to get a true picture of the cum-ack.
2316 struct sctp_association *asoc;
2319 int slide_from, slide_end, lgap, distance;
2320 uint32_t old_cumack, old_base, old_highest, highest_tsn;
2324 old_cumack = asoc->cumulative_tsn;
2325 old_base = asoc->mapping_array_base_tsn;
2326 old_highest = asoc->highest_tsn_inside_map;
2328 * We could probably improve this a small bit by calculating the
2329 * offset of the current cum-ack as the starting point.
2332 for (slide_from = 0; slide_from < stcb->asoc.mapping_array_size; slide_from++) {
2333 val = asoc->nr_mapping_array[slide_from] | asoc->mapping_array[slide_from];
2337 /* there is a 0 bit */
2338 at += sctp_map_lookup_tab[val];
2342 asoc->cumulative_tsn = asoc->mapping_array_base_tsn + (at - 1);
2344 if (SCTP_TSN_GT(asoc->cumulative_tsn, asoc->highest_tsn_inside_map) &&
2345 SCTP_TSN_GT(asoc->cumulative_tsn, asoc->highest_tsn_inside_nr_map)) {
2347 panic("huh, cumack 0x%x greater than high-tsn 0x%x in map",
2348 asoc->cumulative_tsn, asoc->highest_tsn_inside_map);
2350 SCTP_PRINTF("huh, cumack 0x%x greater than high-tsn 0x%x in map - should panic?\n",
2351 asoc->cumulative_tsn, asoc->highest_tsn_inside_map);
2352 sctp_print_mapping_array(asoc);
2353 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2354 sctp_log_map(0, 6, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
2356 asoc->highest_tsn_inside_map = asoc->cumulative_tsn;
2357 asoc->highest_tsn_inside_nr_map = asoc->cumulative_tsn;
2360 if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->highest_tsn_inside_map)) {
2361 highest_tsn = asoc->highest_tsn_inside_nr_map;
2363 highest_tsn = asoc->highest_tsn_inside_map;
2365 if ((asoc->cumulative_tsn == highest_tsn) && (at >= 8)) {
2366 /* The complete array was completed by a single FR */
2367 /* highest becomes the cum-ack */
2373 /* clear the array */
2374 clr = ((at + 7) >> 3);
2375 if (clr > asoc->mapping_array_size) {
2376 clr = asoc->mapping_array_size;
2378 memset(asoc->mapping_array, 0, clr);
2379 memset(asoc->nr_mapping_array, 0, clr);
2381 for (i = 0; i < asoc->mapping_array_size; i++) {
2382 if ((asoc->mapping_array[i]) || (asoc->nr_mapping_array[i])) {
2383 SCTP_PRINTF("Error Mapping array's not clean at clear\n");
2384 sctp_print_mapping_array(asoc);
2388 asoc->mapping_array_base_tsn = asoc->cumulative_tsn + 1;
2389 asoc->highest_tsn_inside_nr_map = asoc->highest_tsn_inside_map = asoc->cumulative_tsn;
2390 } else if (at >= 8) {
2391 /* we can slide the mapping array down */
2392 /* slide_from holds where we hit the first NON 0xff byte */
2395 * now calculate the ceiling of the move using our highest
2398 SCTP_CALC_TSN_TO_GAP(lgap, highest_tsn, asoc->mapping_array_base_tsn);
2399 slide_end = (lgap >> 3);
2400 if (slide_end < slide_from) {
2401 sctp_print_mapping_array(asoc);
2403 panic("impossible slide");
2405 SCTP_PRINTF("impossible slide lgap: %x slide_end: %x slide_from: %x? at: %d\n",
2406 lgap, slide_end, slide_from, at);
2410 if (slide_end > asoc->mapping_array_size) {
2412 panic("would overrun buffer");
2414 SCTP_PRINTF("Gak, would have overrun map end: %d slide_end: %d\n",
2415 asoc->mapping_array_size, slide_end);
2416 slide_end = asoc->mapping_array_size;
2419 distance = (slide_end - slide_from) + 1;
2420 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2421 sctp_log_map(old_base, old_cumack, old_highest,
2422 SCTP_MAP_PREPARE_SLIDE);
2423 sctp_log_map((uint32_t)slide_from, (uint32_t)slide_end,
2424 (uint32_t)lgap, SCTP_MAP_SLIDE_FROM);
2426 if (distance + slide_from > asoc->mapping_array_size ||
2429 * Here we do NOT slide forward the array so that
2430 * hopefully when more data comes in to fill it up
2431 * we will be able to slide it forward. Really I
2432 * don't think this should happen :-0
2435 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2436 sctp_log_map((uint32_t)distance, (uint32_t)slide_from,
2437 (uint32_t)asoc->mapping_array_size,
2438 SCTP_MAP_SLIDE_NONE);
2443 for (ii = 0; ii < distance; ii++) {
2444 asoc->mapping_array[ii] = asoc->mapping_array[slide_from + ii];
2445 asoc->nr_mapping_array[ii] = asoc->nr_mapping_array[slide_from + ii];
2448 for (ii = distance; ii < asoc->mapping_array_size; ii++) {
2449 asoc->mapping_array[ii] = 0;
2450 asoc->nr_mapping_array[ii] = 0;
2452 if (asoc->highest_tsn_inside_map + 1 == asoc->mapping_array_base_tsn) {
2453 asoc->highest_tsn_inside_map += (slide_from << 3);
2455 if (asoc->highest_tsn_inside_nr_map + 1 == asoc->mapping_array_base_tsn) {
2456 asoc->highest_tsn_inside_nr_map += (slide_from << 3);
2458 asoc->mapping_array_base_tsn += (slide_from << 3);
2459 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
2460 sctp_log_map(asoc->mapping_array_base_tsn,
2461 asoc->cumulative_tsn, asoc->highest_tsn_inside_map,
2462 SCTP_MAP_SLIDE_RESULT);
2469 sctp_sack_check(struct sctp_tcb *stcb, int was_a_gap)
2471 struct sctp_association *asoc;
2472 uint32_t highest_tsn;
2475 sctp_slide_mapping_arrays(stcb);
2477 if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->highest_tsn_inside_map)) {
2478 highest_tsn = asoc->highest_tsn_inside_nr_map;
2480 highest_tsn = asoc->highest_tsn_inside_map;
2482 /* Is there a gap now? */
2483 is_a_gap = SCTP_TSN_GT(highest_tsn, stcb->asoc.cumulative_tsn);
2486 * Now we need to see if we need to queue a sack or just start the
2487 * timer (if allowed).
2489 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) {
2491 * Ok special case, in SHUTDOWN-SENT case. here we maker
2492 * sure SACK timer is off and instead send a SHUTDOWN and a
2495 if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) {
2496 sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
2497 stcb->sctp_ep, stcb, NULL,
2498 SCTP_FROM_SCTP_INDATA + SCTP_LOC_17);
2500 sctp_send_shutdown(stcb,
2501 ((stcb->asoc.alternate) ? stcb->asoc.alternate : stcb->asoc.primary_destination));
2503 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED);
2507 * CMT DAC algorithm: increase number of packets received
2510 stcb->asoc.cmt_dac_pkts_rcvd++;
2512 if ((stcb->asoc.send_sack == 1) || /* We need to send a
2514 ((was_a_gap) && (is_a_gap == 0)) || /* was a gap, but no
2516 (stcb->asoc.numduptsns) || /* we have dup's */
2517 (is_a_gap) || /* is still a gap */
2518 (stcb->asoc.delayed_ack == 0) || /* Delayed sack disabled */
2519 (stcb->asoc.data_pkts_seen >= stcb->asoc.sack_freq) /* hit limit of pkts */
2522 if ((stcb->asoc.sctp_cmt_on_off > 0) &&
2523 (SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) &&
2524 (stcb->asoc.send_sack == 0) &&
2525 (stcb->asoc.numduptsns == 0) &&
2526 (stcb->asoc.delayed_ack) &&
2527 (!SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer))) {
2530 * CMT DAC algorithm: With CMT, delay acks
2531 * even in the face of
2533 * reordering. Therefore, if acks that do
2534 * not have to be sent because of the above
2535 * reasons, will be delayed. That is, acks
2536 * that would have been sent due to gap
2537 * reports will be delayed with DAC. Start
2538 * the delayed ack timer.
2540 sctp_timer_start(SCTP_TIMER_TYPE_RECV,
2541 stcb->sctp_ep, stcb, NULL);
2544 * Ok we must build a SACK since the timer
2545 * is pending, we got our first packet OR
2546 * there are gaps or duplicates.
2548 (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer);
2549 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED);
2552 if (!SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) {
2553 sctp_timer_start(SCTP_TIMER_TYPE_RECV,
2554 stcb->sctp_ep, stcb, NULL);
2561 sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length,
2562 struct sctp_inpcb *inp, struct sctp_tcb *stcb,
2563 struct sctp_nets *net, uint32_t *high_tsn)
2565 struct sctp_chunkhdr *ch, chunk_buf;
2566 struct sctp_association *asoc;
2567 int num_chunks = 0; /* number of control chunks processed */
2569 int chk_length, break_flag, last_chunk;
2570 int abort_flag = 0, was_a_gap;
2572 uint32_t highest_tsn;
2575 sctp_set_rwnd(stcb, &stcb->asoc);
2578 SCTP_TCB_LOCK_ASSERT(stcb);
2580 if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->highest_tsn_inside_map)) {
2581 highest_tsn = asoc->highest_tsn_inside_nr_map;
2583 highest_tsn = asoc->highest_tsn_inside_map;
2585 was_a_gap = SCTP_TSN_GT(highest_tsn, stcb->asoc.cumulative_tsn);
2587 * setup where we got the last DATA packet from for any SACK that
2588 * may need to go out. Don't bump the net. This is done ONLY when a
2589 * chunk is assigned.
2591 asoc->last_data_chunk_from = net;
2594 * Now before we proceed we must figure out if this is a wasted
2595 * cluster... i.e. it is a small packet sent in and yet the driver
2596 * underneath allocated a full cluster for it. If so we must copy it
2597 * to a smaller mbuf and free up the cluster mbuf. This will help
2598 * with cluster starvation. Note for __Panda__ we don't do this
2599 * since it has clusters all the way down to 64 bytes.
2601 if (SCTP_BUF_LEN(m) < (long)MLEN && SCTP_BUF_NEXT(m) == NULL) {
2602 /* we only handle mbufs that are singletons.. not chains */
2603 m = sctp_get_mbuf_for_msg(SCTP_BUF_LEN(m), 0, M_NOWAIT, 1, MT_DATA);
2605 /* ok lets see if we can copy the data up */
2608 /* get the pointers and copy */
2609 to = mtod(m, caddr_t *);
2610 from = mtod((*mm), caddr_t *);
2611 memcpy(to, from, SCTP_BUF_LEN((*mm)));
2612 /* copy the length and free up the old */
2613 SCTP_BUF_LEN(m) = SCTP_BUF_LEN((*mm));
2615 /* success, back copy */
2618 /* We are in trouble in the mbuf world .. yikes */
2622 /* get pointer to the first chunk header */
2623 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
2624 sizeof(struct sctp_chunkhdr), (uint8_t *)&chunk_buf);
2629 * process all DATA chunks...
2631 *high_tsn = asoc->cumulative_tsn;
2633 asoc->data_pkts_seen++;
2634 while (stop_proc == 0) {
2635 /* validate chunk length */
2636 chk_length = ntohs(ch->chunk_length);
2637 if (length - *offset < chk_length) {
2638 /* all done, mutulated chunk */
2642 if ((asoc->idata_supported == 1) &&
2643 (ch->chunk_type == SCTP_DATA)) {
2644 struct mbuf *op_err;
2645 char msg[SCTP_DIAG_INFO_LEN];
2647 snprintf(msg, sizeof(msg), "%s", "I-DATA chunk received when DATA was negotiated");
2648 op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
2649 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_18;
2650 sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
2653 if ((asoc->idata_supported == 0) &&
2654 (ch->chunk_type == SCTP_IDATA)) {
2655 struct mbuf *op_err;
2656 char msg[SCTP_DIAG_INFO_LEN];
2658 snprintf(msg, sizeof(msg), "%s", "DATA chunk received when I-DATA was negotiated");
2659 op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
2660 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_19;
2661 sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
2664 if ((ch->chunk_type == SCTP_DATA) ||
2665 (ch->chunk_type == SCTP_IDATA)) {
2668 if (ch->chunk_type == SCTP_DATA) {
2669 clen = sizeof(struct sctp_data_chunk);
2671 clen = sizeof(struct sctp_idata_chunk);
2673 if (chk_length < clen) {
2675 * Need to send an abort since we had a
2676 * invalid data chunk.
2678 struct mbuf *op_err;
2679 char msg[SCTP_DIAG_INFO_LEN];
2681 snprintf(msg, sizeof(msg), "DATA chunk of length %d",
2683 op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
2684 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_20;
2685 sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
2688 #ifdef SCTP_AUDITING_ENABLED
2689 sctp_audit_log(0xB1, 0);
2691 if (SCTP_SIZE32(chk_length) == (length - *offset)) {
2696 if (sctp_process_a_data_chunk(stcb, asoc, mm, *offset,
2697 chk_length, net, high_tsn, &abort_flag, &break_flag,
2698 last_chunk, ch->chunk_type)) {
2706 * Set because of out of rwnd space and no
2707 * drop rep space left.
2713 /* not a data chunk in the data region */
2714 switch (ch->chunk_type) {
2715 case SCTP_INITIATION:
2716 case SCTP_INITIATION_ACK:
2717 case SCTP_SELECTIVE_ACK:
2718 case SCTP_NR_SELECTIVE_ACK:
2719 case SCTP_HEARTBEAT_REQUEST:
2720 case SCTP_HEARTBEAT_ACK:
2721 case SCTP_ABORT_ASSOCIATION:
2723 case SCTP_SHUTDOWN_ACK:
2724 case SCTP_OPERATION_ERROR:
2725 case SCTP_COOKIE_ECHO:
2726 case SCTP_COOKIE_ACK:
2729 case SCTP_SHUTDOWN_COMPLETE:
2730 case SCTP_AUTHENTICATION:
2731 case SCTP_ASCONF_ACK:
2732 case SCTP_PACKET_DROPPED:
2733 case SCTP_STREAM_RESET:
2734 case SCTP_FORWARD_CUM_TSN:
2738 * Now, what do we do with KNOWN
2739 * chunks that are NOT in the right
2742 * For now, I do nothing but ignore
2743 * them. We may later want to add
2744 * sysctl stuff to switch out and do
2745 * either an ABORT() or possibly
2748 struct mbuf *op_err;
2749 char msg[SCTP_DIAG_INFO_LEN];
2751 snprintf(msg, sizeof(msg), "DATA chunk followed by chunk of type %2.2x",
2753 op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
2754 sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
2758 /* unknown chunk type, use bit rules */
2759 if (ch->chunk_type & 0x40) {
2760 /* Add a error report to the queue */
2761 struct mbuf *op_err;
2762 struct sctp_gen_error_cause *cause;
2764 op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_gen_error_cause),
2765 0, M_NOWAIT, 1, MT_DATA);
2766 if (op_err != NULL) {
2767 cause = mtod(op_err, struct sctp_gen_error_cause *);
2768 cause->code = htons(SCTP_CAUSE_UNRECOG_CHUNK);
2769 cause->length = htons((uint16_t)(chk_length + sizeof(struct sctp_gen_error_cause)));
2770 SCTP_BUF_LEN(op_err) = sizeof(struct sctp_gen_error_cause);
2771 SCTP_BUF_NEXT(op_err) = SCTP_M_COPYM(m, *offset, chk_length, M_NOWAIT);
2772 if (SCTP_BUF_NEXT(op_err) != NULL) {
2773 sctp_queue_op_err(stcb, op_err);
2775 sctp_m_freem(op_err);
2779 if ((ch->chunk_type & 0x80) == 0) {
2780 /* discard the rest of this packet */
2782 } /* else skip this bad chunk and
2785 } /* switch of chunk type */
2787 *offset += SCTP_SIZE32(chk_length);
2788 if ((*offset >= length) || stop_proc) {
2789 /* no more data left in the mbuf chain */
2793 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
2794 sizeof(struct sctp_chunkhdr), (uint8_t *)&chunk_buf);
2803 * we need to report rwnd overrun drops.
2805 sctp_send_packet_dropped(stcb, net, *mm, length, iphlen, 0);
2809 * Did we get data, if so update the time for auto-close and
2810 * give peer credit for being alive.
2812 SCTP_STAT_INCR(sctps_recvpktwithdata);
2813 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
2814 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
2815 stcb->asoc.overall_error_count,
2817 SCTP_FROM_SCTP_INDATA,
2820 stcb->asoc.overall_error_count = 0;
2821 (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_last_rcvd);
2823 /* now service all of the reassm queue if needed */
2824 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) {
2825 /* Assure that we ack right away */
2826 stcb->asoc.send_sack = 1;
2828 /* Start a sack timer or QUEUE a SACK for sending */
2829 sctp_sack_check(stcb, was_a_gap);
2834 sctp_process_segment_range(struct sctp_tcb *stcb, struct sctp_tmit_chunk **p_tp1, uint32_t last_tsn,
2835 uint16_t frag_strt, uint16_t frag_end, int nr_sacking,
2837 uint32_t *biggest_newly_acked_tsn,
2838 uint32_t *this_sack_lowest_newack,
2841 struct sctp_tmit_chunk *tp1;
2842 unsigned int theTSN;
2843 int j, wake_him = 0, circled = 0;
2845 /* Recover the tp1 we last saw */
2848 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
2850 for (j = frag_strt; j <= frag_end; j++) {
2851 theTSN = j + last_tsn;
2853 if (tp1->rec.data.doing_fast_retransmit)
2857 * CMT: CUCv2 algorithm. For each TSN being
2858 * processed from the sent queue, track the
2859 * next expected pseudo-cumack, or
2860 * rtx_pseudo_cumack, if required. Separate
2861 * cumack trackers for first transmissions,
2862 * and retransmissions.
2864 if ((tp1->sent < SCTP_DATAGRAM_RESEND) &&
2865 (tp1->whoTo->find_pseudo_cumack == 1) &&
2866 (tp1->snd_count == 1)) {
2867 tp1->whoTo->pseudo_cumack = tp1->rec.data.tsn;
2868 tp1->whoTo->find_pseudo_cumack = 0;
2870 if ((tp1->sent < SCTP_DATAGRAM_RESEND) &&
2871 (tp1->whoTo->find_rtx_pseudo_cumack == 1) &&
2872 (tp1->snd_count > 1)) {
2873 tp1->whoTo->rtx_pseudo_cumack = tp1->rec.data.tsn;
2874 tp1->whoTo->find_rtx_pseudo_cumack = 0;
2876 if (tp1->rec.data.tsn == theTSN) {
2877 if (tp1->sent != SCTP_DATAGRAM_UNSENT) {
2879 * must be held until
2882 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
2884 * If it is less than RESEND, it is
2885 * now no-longer in flight.
2886 * Higher values may already be set
2887 * via previous Gap Ack Blocks...
2888 * i.e. ACKED or RESEND.
2890 if (SCTP_TSN_GT(tp1->rec.data.tsn,
2891 *biggest_newly_acked_tsn)) {
2892 *biggest_newly_acked_tsn = tp1->rec.data.tsn;
2895 * CMT: SFR algo (and HTNA) - set
2896 * saw_newack to 1 for dest being
2897 * newly acked. update
2898 * this_sack_highest_newack if
2901 if (tp1->rec.data.chunk_was_revoked == 0)
2902 tp1->whoTo->saw_newack = 1;
2904 if (SCTP_TSN_GT(tp1->rec.data.tsn,
2905 tp1->whoTo->this_sack_highest_newack)) {
2906 tp1->whoTo->this_sack_highest_newack =
2910 * CMT DAC algo: also update
2911 * this_sack_lowest_newack
2913 if (*this_sack_lowest_newack == 0) {
2914 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
2915 sctp_log_sack(*this_sack_lowest_newack,
2920 SCTP_LOG_TSN_ACKED);
2922 *this_sack_lowest_newack = tp1->rec.data.tsn;
2925 * CMT: CUCv2 algorithm. If (rtx-)pseudo-cumack for corresp
2926 * dest is being acked, then we have a new (rtx-)pseudo-cumack. Set
2927 * new_(rtx_)pseudo_cumack to TRUE so that the cwnd for this dest can be
2928 * updated. Also trigger search for the next expected (rtx-)pseudo-cumack.
2929 * Separate pseudo_cumack trackers for first transmissions and
2932 if (tp1->rec.data.tsn == tp1->whoTo->pseudo_cumack) {
2933 if (tp1->rec.data.chunk_was_revoked == 0) {
2934 tp1->whoTo->new_pseudo_cumack = 1;
2936 tp1->whoTo->find_pseudo_cumack = 1;
2938 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
2939 sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.tsn, SCTP_CWND_LOG_FROM_SACK);
2941 if (tp1->rec.data.tsn == tp1->whoTo->rtx_pseudo_cumack) {
2942 if (tp1->rec.data.chunk_was_revoked == 0) {
2943 tp1->whoTo->new_pseudo_cumack = 1;
2945 tp1->whoTo->find_rtx_pseudo_cumack = 1;
2947 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
2948 sctp_log_sack(*biggest_newly_acked_tsn,
2953 SCTP_LOG_TSN_ACKED);
2955 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
2956 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_GAP,
2957 tp1->whoTo->flight_size,
2959 (uint32_t)(uintptr_t)tp1->whoTo,
2962 sctp_flight_size_decrease(tp1);
2963 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
2964 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
2967 sctp_total_flight_decrease(stcb, tp1);
2969 tp1->whoTo->net_ack += tp1->send_size;
2970 if (tp1->snd_count < 2) {
2972 * True non-retransmited chunk
2974 tp1->whoTo->net_ack2 += tp1->send_size;
2982 sctp_calculate_rto(stcb,
2985 &tp1->sent_rcv_time,
2986 sctp_align_safe_nocopy,
2987 SCTP_RTT_FROM_DATA);
2990 if (tp1->whoTo->rto_needed == 0) {
2991 tp1->whoTo->rto_needed = 1;
2997 if (tp1->sent <= SCTP_DATAGRAM_RESEND) {
2998 if (SCTP_TSN_GT(tp1->rec.data.tsn,
2999 stcb->asoc.this_sack_highest_gap)) {
3000 stcb->asoc.this_sack_highest_gap =
3003 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
3004 sctp_ucount_decr(stcb->asoc.sent_queue_retran_cnt);
3005 #ifdef SCTP_AUDITING_ENABLED
3006 sctp_audit_log(0xB2,
3007 (stcb->asoc.sent_queue_retran_cnt & 0x000000ff));
3012 * All chunks NOT UNSENT fall through here and are marked
3013 * (leave PR-SCTP ones that are to skip alone though)
3015 if ((tp1->sent != SCTP_FORWARD_TSN_SKIP) &&
3016 (tp1->sent != SCTP_DATAGRAM_NR_ACKED)) {
3017 tp1->sent = SCTP_DATAGRAM_MARKED;
3019 if (tp1->rec.data.chunk_was_revoked) {
3020 /* deflate the cwnd */
3021 tp1->whoTo->cwnd -= tp1->book_size;
3022 tp1->rec.data.chunk_was_revoked = 0;
3024 /* NR Sack code here */
3026 (tp1->sent != SCTP_DATAGRAM_NR_ACKED)) {
3027 if (stcb->asoc.strmout[tp1->rec.data.sid].chunks_on_queues > 0) {
3028 stcb->asoc.strmout[tp1->rec.data.sid].chunks_on_queues--;
3031 panic("No chunks on the queues for sid %u.", tp1->rec.data.sid);
3034 if ((stcb->asoc.strmout[tp1->rec.data.sid].chunks_on_queues == 0) &&
3035 (stcb->asoc.strmout[tp1->rec.data.sid].state == SCTP_STREAM_RESET_PENDING) &&
3036 TAILQ_EMPTY(&stcb->asoc.strmout[tp1->rec.data.sid].outqueue)) {
3037 stcb->asoc.trigger_reset = 1;
3039 tp1->sent = SCTP_DATAGRAM_NR_ACKED;
3045 sctp_free_bufspace(stcb, &stcb->asoc, tp1, 1);
3046 sctp_m_freem(tp1->data);
3053 } /* if (tp1->tsn == theTSN) */
3054 if (SCTP_TSN_GT(tp1->rec.data.tsn, theTSN)) {
3057 tp1 = TAILQ_NEXT(tp1, sctp_next);
3058 if ((tp1 == NULL) && (circled == 0)) {
3060 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
3062 } /* end while (tp1) */
3065 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
3067 /* In case the fragments were not in order we must reset */
3068 } /* end for (j = fragStart */
3070 return (wake_him); /* Return value only used for nr-sack */
3075 sctp_handle_segments(struct mbuf *m, int *offset, struct sctp_tcb *stcb, struct sctp_association *asoc,
3076 uint32_t last_tsn, uint32_t *biggest_tsn_acked,
3077 uint32_t *biggest_newly_acked_tsn, uint32_t *this_sack_lowest_newack,
3078 int num_seg, int num_nr_seg, int *rto_ok)
3080 struct sctp_gap_ack_block *frag, block;
3081 struct sctp_tmit_chunk *tp1;
3086 uint16_t frag_strt, frag_end, prev_frag_end;
3088 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3092 for (i = 0; i < (num_seg + num_nr_seg); i++) {
3095 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3097 frag = (struct sctp_gap_ack_block *)sctp_m_getptr(m, *offset,
3098 sizeof(struct sctp_gap_ack_block), (uint8_t *)&block);
3099 *offset += sizeof(block);
3101 return (chunk_freed);
3103 frag_strt = ntohs(frag->start);
3104 frag_end = ntohs(frag->end);
3106 if (frag_strt > frag_end) {
3107 /* This gap report is malformed, skip it. */
3110 if (frag_strt <= prev_frag_end) {
3111 /* This gap report is not in order, so restart. */
3112 tp1 = TAILQ_FIRST(&asoc->sent_queue);
3114 if (SCTP_TSN_GT((last_tsn + frag_end), *biggest_tsn_acked)) {
3115 *biggest_tsn_acked = last_tsn + frag_end;
3122 if (sctp_process_segment_range(stcb, &tp1, last_tsn, frag_strt, frag_end,
3123 non_revocable, &num_frs, biggest_newly_acked_tsn,
3124 this_sack_lowest_newack, rto_ok)) {
3127 prev_frag_end = frag_end;
3129 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3131 sctp_log_fr(*biggest_tsn_acked,
3132 *biggest_newly_acked_tsn,
3133 last_tsn, SCTP_FR_LOG_BIGGEST_TSNS);
3135 return (chunk_freed);
3139 sctp_check_for_revoked(struct sctp_tcb *stcb,
3140 struct sctp_association *asoc, uint32_t cumack,
3141 uint32_t biggest_tsn_acked)
3143 struct sctp_tmit_chunk *tp1;
3145 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
3146 if (SCTP_TSN_GT(tp1->rec.data.tsn, cumack)) {
3148 * ok this guy is either ACK or MARKED. If it is
3149 * ACKED it has been previously acked but not this
3150 * time i.e. revoked. If it is MARKED it was ACK'ed
3153 if (SCTP_TSN_GT(tp1->rec.data.tsn, biggest_tsn_acked)) {
3156 if (tp1->sent == SCTP_DATAGRAM_ACKED) {
3157 /* it has been revoked */
3158 tp1->sent = SCTP_DATAGRAM_SENT;
3159 tp1->rec.data.chunk_was_revoked = 1;
3161 * We must add this stuff back in to assure
3162 * timers and such get started.
3164 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3165 sctp_misc_ints(SCTP_FLIGHT_LOG_UP_REVOKE,
3166 tp1->whoTo->flight_size,
3168 (uint32_t)(uintptr_t)tp1->whoTo,
3171 sctp_flight_size_increase(tp1);
3172 sctp_total_flight_increase(stcb, tp1);
3174 * We inflate the cwnd to compensate for our
3175 * artificial inflation of the flight_size.
3177 tp1->whoTo->cwnd += tp1->book_size;
3178 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
3179 sctp_log_sack(asoc->last_acked_seq,
3184 SCTP_LOG_TSN_REVOKED);
3186 } else if (tp1->sent == SCTP_DATAGRAM_MARKED) {
3187 /* it has been re-acked in this SACK */
3188 tp1->sent = SCTP_DATAGRAM_ACKED;
3191 if (tp1->sent == SCTP_DATAGRAM_UNSENT)
3198 sctp_strike_gap_ack_chunks(struct sctp_tcb *stcb, struct sctp_association *asoc,
3199 uint32_t biggest_tsn_acked, uint32_t biggest_tsn_newly_acked, uint32_t this_sack_lowest_newack, int accum_moved)
3201 struct sctp_tmit_chunk *tp1;
3202 int strike_flag = 0;
3204 int tot_retrans = 0;
3205 uint32_t sending_seq;
3206 struct sctp_nets *net;
3207 int num_dests_sacked = 0;
3210 * select the sending_seq, this is either the next thing ready to be
3211 * sent but not transmitted, OR, the next seq we assign.
3213 tp1 = TAILQ_FIRST(&stcb->asoc.send_queue);
3215 sending_seq = asoc->sending_seq;
3217 sending_seq = tp1->rec.data.tsn;
3220 /* CMT DAC algo: finding out if SACK is a mixed SACK */
3221 if ((asoc->sctp_cmt_on_off > 0) &&
3222 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3223 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
3224 if (net->saw_newack)
3228 if (stcb->asoc.prsctp_supported) {
3229 (void)SCTP_GETTIME_TIMEVAL(&now);
3231 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
3233 if (tp1->no_fr_allowed) {
3234 /* this one had a timeout or something */
3237 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3238 if (tp1->sent < SCTP_DATAGRAM_RESEND)
3239 sctp_log_fr(biggest_tsn_newly_acked,
3242 SCTP_FR_LOG_CHECK_STRIKE);
3244 if (SCTP_TSN_GT(tp1->rec.data.tsn, biggest_tsn_acked) ||
3245 tp1->sent == SCTP_DATAGRAM_UNSENT) {
3249 if (stcb->asoc.prsctp_supported) {
3250 if ((PR_SCTP_TTL_ENABLED(tp1->flags)) && tp1->sent < SCTP_DATAGRAM_ACKED) {
3251 /* Is it expired? */
3252 if (timevalcmp(&now, &tp1->rec.data.timetodrop, >)) {
3253 /* Yes so drop it */
3254 if (tp1->data != NULL) {
3255 (void)sctp_release_pr_sctp_chunk(stcb, tp1, 1,
3256 SCTP_SO_NOT_LOCKED);
3262 if (SCTP_TSN_GT(tp1->rec.data.tsn, asoc->this_sack_highest_gap)) {
3263 /* we are beyond the tsn in the sack */
3266 if (tp1->sent >= SCTP_DATAGRAM_RESEND) {
3267 /* either a RESEND, ACKED, or MARKED */
3269 if (tp1->sent == SCTP_FORWARD_TSN_SKIP) {
3270 /* Continue strikin FWD-TSN chunks */
3271 tp1->rec.data.fwd_tsn_cnt++;
3276 * CMT : SFR algo (covers part of DAC and HTNA as well)
3278 if (tp1->whoTo && tp1->whoTo->saw_newack == 0) {
3280 * No new acks were receieved for data sent to this
3281 * dest. Therefore, according to the SFR algo for
3282 * CMT, no data sent to this dest can be marked for
3283 * FR using this SACK.
3286 } else if (tp1->whoTo && SCTP_TSN_GT(tp1->rec.data.tsn,
3287 tp1->whoTo->this_sack_highest_newack)) {
3289 * CMT: New acks were receieved for data sent to
3290 * this dest. But no new acks were seen for data
3291 * sent after tp1. Therefore, according to the SFR
3292 * algo for CMT, tp1 cannot be marked for FR using
3293 * this SACK. This step covers part of the DAC algo
3294 * and the HTNA algo as well.
3299 * Here we check to see if we were have already done a FR
3300 * and if so we see if the biggest TSN we saw in the sack is
3301 * smaller than the recovery point. If so we don't strike
3302 * the tsn... otherwise we CAN strike the TSN.
3305 * @@@ JRI: Check for CMT if (accum_moved &&
3306 * asoc->fast_retran_loss_recovery && (sctp_cmt_on_off ==
3309 if (accum_moved && asoc->fast_retran_loss_recovery) {
3311 * Strike the TSN if in fast-recovery and cum-ack
3314 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3315 sctp_log_fr(biggest_tsn_newly_acked,
3318 SCTP_FR_LOG_STRIKE_CHUNK);
3320 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3323 if ((asoc->sctp_cmt_on_off > 0) &&
3324 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3326 * CMT DAC algorithm: If SACK flag is set to
3327 * 0, then lowest_newack test will not pass
3328 * because it would have been set to the
3329 * cumack earlier. If not already to be
3330 * rtx'd, If not a mixed sack and if tp1 is
3331 * not between two sacked TSNs, then mark by
3332 * one more. NOTE that we are marking by one
3333 * additional time since the SACK DAC flag
3334 * indicates that two packets have been
3335 * received after this missing TSN.
3337 if ((tp1->sent < SCTP_DATAGRAM_RESEND) && (num_dests_sacked == 1) &&
3338 SCTP_TSN_GT(this_sack_lowest_newack, tp1->rec.data.tsn)) {
3339 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3340 sctp_log_fr(16 + num_dests_sacked,
3343 SCTP_FR_LOG_STRIKE_CHUNK);
3348 } else if ((tp1->rec.data.doing_fast_retransmit) &&
3349 (asoc->sctp_cmt_on_off == 0)) {
3351 * For those that have done a FR we must take
3352 * special consideration if we strike. I.e the
3353 * biggest_newly_acked must be higher than the
3354 * sending_seq at the time we did the FR.
3357 #ifdef SCTP_FR_TO_ALTERNATE
3359 * If FR's go to new networks, then we must only do
3360 * this for singly homed asoc's. However if the FR's
3361 * go to the same network (Armando's work) then its
3362 * ok to FR multiple times.
3370 if (SCTP_TSN_GE(biggest_tsn_newly_acked,
3371 tp1->rec.data.fast_retran_tsn)) {
3373 * Strike the TSN, since this ack is
3374 * beyond where things were when we
3377 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3378 sctp_log_fr(biggest_tsn_newly_acked,
3381 SCTP_FR_LOG_STRIKE_CHUNK);
3383 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3387 if ((asoc->sctp_cmt_on_off > 0) &&
3388 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3390 * CMT DAC algorithm: If
3391 * SACK flag is set to 0,
3392 * then lowest_newack test
3393 * will not pass because it
3394 * would have been set to
3395 * the cumack earlier. If
3396 * not already to be rtx'd,
3397 * If not a mixed sack and
3398 * if tp1 is not between two
3399 * sacked TSNs, then mark by
3400 * one more. NOTE that we
3401 * are marking by one
3402 * additional time since the
3403 * SACK DAC flag indicates
3404 * that two packets have
3405 * been received after this
3408 if ((tp1->sent < SCTP_DATAGRAM_RESEND) &&
3409 (num_dests_sacked == 1) &&
3410 SCTP_TSN_GT(this_sack_lowest_newack,
3411 tp1->rec.data.tsn)) {
3412 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3413 sctp_log_fr(32 + num_dests_sacked,
3416 SCTP_FR_LOG_STRIKE_CHUNK);
3418 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3426 * JRI: TODO: remove code for HTNA algo. CMT's SFR
3429 } else if (SCTP_TSN_GT(tp1->rec.data.tsn,
3430 biggest_tsn_newly_acked)) {
3432 * We don't strike these: This is the HTNA
3433 * algorithm i.e. we don't strike If our TSN is
3434 * larger than the Highest TSN Newly Acked.
3438 /* Strike the TSN */
3439 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3440 sctp_log_fr(biggest_tsn_newly_acked,
3443 SCTP_FR_LOG_STRIKE_CHUNK);
3445 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3448 if ((asoc->sctp_cmt_on_off > 0) &&
3449 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
3451 * CMT DAC algorithm: If SACK flag is set to
3452 * 0, then lowest_newack test will not pass
3453 * because it would have been set to the
3454 * cumack earlier. If not already to be
3455 * rtx'd, If not a mixed sack and if tp1 is
3456 * not between two sacked TSNs, then mark by
3457 * one more. NOTE that we are marking by one
3458 * additional time since the SACK DAC flag
3459 * indicates that two packets have been
3460 * received after this missing TSN.
3462 if ((tp1->sent < SCTP_DATAGRAM_RESEND) && (num_dests_sacked == 1) &&
3463 SCTP_TSN_GT(this_sack_lowest_newack, tp1->rec.data.tsn)) {
3464 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3465 sctp_log_fr(48 + num_dests_sacked,
3468 SCTP_FR_LOG_STRIKE_CHUNK);
3474 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
3475 struct sctp_nets *alt;
3477 /* fix counts and things */
3478 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3479 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_RSND,
3480 (tp1->whoTo ? (tp1->whoTo->flight_size) : 0),
3482 (uint32_t)(uintptr_t)tp1->whoTo,
3486 tp1->whoTo->net_ack++;
3487 sctp_flight_size_decrease(tp1);
3488 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
3489 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
3493 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
3494 sctp_log_rwnd(SCTP_INCREASE_PEER_RWND,
3495 asoc->peers_rwnd, tp1->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh));
3497 /* add back to the rwnd */
3498 asoc->peers_rwnd += (tp1->send_size + SCTP_BASE_SYSCTL(sctp_peer_chunk_oh));
3500 /* remove from the total flight */
3501 sctp_total_flight_decrease(stcb, tp1);
3503 if ((stcb->asoc.prsctp_supported) &&
3504 (PR_SCTP_RTX_ENABLED(tp1->flags))) {
3506 * Has it been retransmitted tv_sec times? -
3507 * we store the retran count there.
3509 if (tp1->snd_count > tp1->rec.data.timetodrop.tv_sec) {
3510 /* Yes, so drop it */
3511 if (tp1->data != NULL) {
3512 (void)sctp_release_pr_sctp_chunk(stcb, tp1, 1,
3513 SCTP_SO_NOT_LOCKED);
3515 /* Make sure to flag we had a FR */
3516 tp1->whoTo->net_ack++;
3521 * SCTP_PRINTF("OK, we are now ready to FR this
3524 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
3525 sctp_log_fr(tp1->rec.data.tsn, tp1->snd_count,
3529 /* This is a subsequent FR */
3530 SCTP_STAT_INCR(sctps_sendmultfastretrans);
3532 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
3533 if (asoc->sctp_cmt_on_off > 0) {
3535 * CMT: Using RTX_SSTHRESH policy for CMT.
3536 * If CMT is being used, then pick dest with
3537 * largest ssthresh for any retransmission.
3539 tp1->no_fr_allowed = 1;
3541 /* sa_ignore NO_NULL_CHK */
3542 if (asoc->sctp_cmt_pf > 0) {
3544 * JRS 5/18/07 - If CMT PF is on,
3545 * use the PF version of
3548 alt = sctp_find_alternate_net(stcb, alt, 2);
3551 * JRS 5/18/07 - If only CMT is on,
3552 * use the CMT version of
3555 /* sa_ignore NO_NULL_CHK */
3556 alt = sctp_find_alternate_net(stcb, alt, 1);
3562 * CUCv2: If a different dest is picked for
3563 * the retransmission, then new
3564 * (rtx-)pseudo_cumack needs to be tracked
3565 * for orig dest. Let CUCv2 track new (rtx-)
3566 * pseudo-cumack always.
3569 tp1->whoTo->find_pseudo_cumack = 1;
3570 tp1->whoTo->find_rtx_pseudo_cumack = 1;
3572 } else {/* CMT is OFF */
3574 #ifdef SCTP_FR_TO_ALTERNATE
3575 /* Can we find an alternate? */
3576 alt = sctp_find_alternate_net(stcb, tp1->whoTo, 0);
3579 * default behavior is to NOT retransmit
3580 * FR's to an alternate. Armando Caro's
3581 * paper details why.
3587 tp1->rec.data.doing_fast_retransmit = 1;
3589 /* mark the sending seq for possible subsequent FR's */
3591 * SCTP_PRINTF("Marking TSN for FR new value %x\n",
3592 * (uint32_t)tpi->rec.data.tsn);
3594 if (TAILQ_EMPTY(&asoc->send_queue)) {
3596 * If the queue of send is empty then its
3597 * the next sequence number that will be
3598 * assigned so we subtract one from this to
3599 * get the one we last sent.
3601 tp1->rec.data.fast_retran_tsn = sending_seq;
3604 * If there are chunks on the send queue
3605 * (unsent data that has made it from the
3606 * stream queues but not out the door, we
3607 * take the first one (which will have the
3608 * lowest TSN) and subtract one to get the
3611 struct sctp_tmit_chunk *ttt;
3613 ttt = TAILQ_FIRST(&asoc->send_queue);
3614 tp1->rec.data.fast_retran_tsn =
3620 * this guy had a RTO calculation pending on
3623 if ((tp1->whoTo != NULL) &&
3624 (tp1->whoTo->rto_needed == 0)) {
3625 tp1->whoTo->rto_needed = 1;
3629 if (alt != tp1->whoTo) {
3630 /* yes, there is an alternate. */
3631 sctp_free_remote_addr(tp1->whoTo);
3632 /* sa_ignore FREED_MEMORY */
3634 atomic_add_int(&alt->ref_count, 1);
3640 struct sctp_tmit_chunk *
3641 sctp_try_advance_peer_ack_point(struct sctp_tcb *stcb,
3642 struct sctp_association *asoc)
3644 struct sctp_tmit_chunk *tp1, *tp2, *a_adv = NULL;
3648 if (asoc->prsctp_supported == 0) {
3651 TAILQ_FOREACH_SAFE(tp1, &asoc->sent_queue, sctp_next, tp2) {
3652 if (tp1->sent != SCTP_FORWARD_TSN_SKIP &&
3653 tp1->sent != SCTP_DATAGRAM_RESEND &&
3654 tp1->sent != SCTP_DATAGRAM_NR_ACKED) {
3655 /* no chance to advance, out of here */
3658 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
3659 if ((tp1->sent == SCTP_FORWARD_TSN_SKIP) ||
3660 (tp1->sent == SCTP_DATAGRAM_NR_ACKED)) {
3661 sctp_misc_ints(SCTP_FWD_TSN_CHECK,
3662 asoc->advanced_peer_ack_point,
3663 tp1->rec.data.tsn, 0, 0);
3666 if (!PR_SCTP_ENABLED(tp1->flags)) {
3668 * We can't fwd-tsn past any that are reliable aka
3669 * retransmitted until the asoc fails.
3674 (void)SCTP_GETTIME_TIMEVAL(&now);
3678 * now we got a chunk which is marked for another
3679 * retransmission to a PR-stream but has run out its chances
3680 * already maybe OR has been marked to skip now. Can we skip
3681 * it if its a resend?
3683 if (tp1->sent == SCTP_DATAGRAM_RESEND &&
3684 (PR_SCTP_TTL_ENABLED(tp1->flags))) {
3686 * Now is this one marked for resend and its time is
3689 if (timevalcmp(&now, &tp1->rec.data.timetodrop, >)) {
3690 /* Yes so drop it */
3692 (void)sctp_release_pr_sctp_chunk(stcb, tp1,
3693 1, SCTP_SO_NOT_LOCKED);
3697 * No, we are done when hit one for resend
3698 * whos time as not expired.
3704 * Ok now if this chunk is marked to drop it we can clean up
3705 * the chunk, advance our peer ack point and we can check
3708 if ((tp1->sent == SCTP_FORWARD_TSN_SKIP) ||
3709 (tp1->sent == SCTP_DATAGRAM_NR_ACKED)) {
3710 /* advance PeerAckPoint goes forward */
3711 if (SCTP_TSN_GT(tp1->rec.data.tsn, asoc->advanced_peer_ack_point)) {
3712 asoc->advanced_peer_ack_point = tp1->rec.data.tsn;
3714 } else if (tp1->rec.data.tsn == asoc->advanced_peer_ack_point) {
3715 /* No update but we do save the chk */
3720 * If it is still in RESEND we can advance no
3730 sctp_fs_audit(struct sctp_association *asoc)
3732 struct sctp_tmit_chunk *chk;
3733 int inflight = 0, resend = 0, inbetween = 0, acked = 0, above = 0;
3736 int entry_flight, entry_cnt;
3741 entry_flight = asoc->total_flight;
3742 entry_cnt = asoc->total_flight_count;
3744 if (asoc->pr_sctp_cnt >= asoc->sent_queue_cnt)
3747 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
3748 if (chk->sent < SCTP_DATAGRAM_RESEND) {
3749 SCTP_PRINTF("Chk TSN: %u size: %d inflight cnt: %d\n",
3754 } else if (chk->sent == SCTP_DATAGRAM_RESEND) {
3756 } else if (chk->sent < SCTP_DATAGRAM_ACKED) {
3758 } else if (chk->sent > SCTP_DATAGRAM_ACKED) {
3765 if ((inflight > 0) || (inbetween > 0)) {
3767 panic("Flight size-express incorrect? \n");
3769 SCTP_PRINTF("asoc->total_flight: %d cnt: %d\n",
3770 entry_flight, entry_cnt);
3772 SCTP_PRINTF("Flight size-express incorrect F: %d I: %d R: %d Ab: %d ACK: %d\n",
3773 inflight, inbetween, resend, above, acked);
3782 sctp_window_probe_recovery(struct sctp_tcb *stcb,
3783 struct sctp_association *asoc,
3784 struct sctp_tmit_chunk *tp1)
3786 tp1->window_probe = 0;
3787 if ((tp1->sent >= SCTP_DATAGRAM_ACKED) || (tp1->data == NULL)) {
3788 /* TSN's skipped we do NOT move back. */
3789 sctp_misc_ints(SCTP_FLIGHT_LOG_DWN_WP_FWD,
3790 tp1->whoTo ? tp1->whoTo->flight_size : 0,
3792 (uint32_t)(uintptr_t)tp1->whoTo,
3796 /* First setup this by shrinking flight */
3797 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
3798 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
3801 sctp_flight_size_decrease(tp1);
3802 sctp_total_flight_decrease(stcb, tp1);
3803 /* Now mark for resend */
3804 tp1->sent = SCTP_DATAGRAM_RESEND;
3805 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
3807 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3808 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_WP,
3809 tp1->whoTo->flight_size,
3811 (uint32_t)(uintptr_t)tp1->whoTo,
3817 sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack,
3818 uint32_t rwnd, int *abort_now, int ecne_seen)
3820 struct sctp_nets *net;
3821 struct sctp_association *asoc;
3822 struct sctp_tmit_chunk *tp1, *tp2;
3824 int win_probe_recovery = 0;
3825 int win_probe_recovered = 0;
3826 int j, done_once = 0;
3830 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_SACK_ARRIVALS_ENABLE) {
3831 sctp_misc_ints(SCTP_SACK_LOG_EXPRESS, cumack,
3832 rwnd, stcb->asoc.last_acked_seq, stcb->asoc.peers_rwnd);
3834 SCTP_TCB_LOCK_ASSERT(stcb);
3835 #ifdef SCTP_ASOCLOG_OF_TSNS
3836 stcb->asoc.cumack_log[stcb->asoc.cumack_log_at] = cumack;
3837 stcb->asoc.cumack_log_at++;
3838 if (stcb->asoc.cumack_log_at > SCTP_TSN_LOG_SIZE) {
3839 stcb->asoc.cumack_log_at = 0;
3843 old_rwnd = asoc->peers_rwnd;
3844 if (SCTP_TSN_GT(asoc->last_acked_seq, cumack)) {
3847 } else if (asoc->last_acked_seq == cumack) {
3848 /* Window update sack */
3849 asoc->peers_rwnd = sctp_sbspace_sub(rwnd,
3850 (uint32_t)(asoc->total_flight + (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))));
3851 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
3852 /* SWS sender side engages */
3853 asoc->peers_rwnd = 0;
3855 if (asoc->peers_rwnd > old_rwnd) {
3860 /* First setup for CC stuff */
3861 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
3862 if (SCTP_TSN_GT(cumack, net->cwr_window_tsn)) {
3863 /* Drag along the window_tsn for cwr's */
3864 net->cwr_window_tsn = cumack;
3866 net->prev_cwnd = net->cwnd;
3871 * CMT: Reset CUC and Fast recovery algo variables before
3874 net->new_pseudo_cumack = 0;
3875 net->will_exit_fast_recovery = 0;
3876 if (stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) {
3877 (*stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) (stcb, net);
3880 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
3881 tp1 = TAILQ_LAST(&asoc->sent_queue,
3882 sctpchunk_listhead);
3883 send_s = tp1->rec.data.tsn + 1;
3885 send_s = asoc->sending_seq;
3887 if (SCTP_TSN_GE(cumack, send_s)) {
3888 struct mbuf *op_err;
3889 char msg[SCTP_DIAG_INFO_LEN];
3893 snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x",
3895 op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
3896 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_21;
3897 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
3900 asoc->this_sack_highest_gap = cumack;
3901 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
3902 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
3903 stcb->asoc.overall_error_count,
3905 SCTP_FROM_SCTP_INDATA,
3908 stcb->asoc.overall_error_count = 0;
3909 if (SCTP_TSN_GT(cumack, asoc->last_acked_seq)) {
3910 /* process the new consecutive TSN first */
3911 TAILQ_FOREACH_SAFE(tp1, &asoc->sent_queue, sctp_next, tp2) {
3912 if (SCTP_TSN_GE(cumack, tp1->rec.data.tsn)) {
3913 if (tp1->sent == SCTP_DATAGRAM_UNSENT) {
3914 SCTP_PRINTF("Warning, an unsent is now acked?\n");
3916 if (tp1->sent < SCTP_DATAGRAM_ACKED) {
3918 * If it is less than ACKED, it is
3919 * now no-longer in flight. Higher
3920 * values may occur during marking
3922 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
3923 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
3924 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_CA,
3925 tp1->whoTo->flight_size,
3927 (uint32_t)(uintptr_t)tp1->whoTo,
3930 sctp_flight_size_decrease(tp1);
3931 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
3932 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
3935 /* sa_ignore NO_NULL_CHK */
3936 sctp_total_flight_decrease(stcb, tp1);
3938 tp1->whoTo->net_ack += tp1->send_size;
3939 if (tp1->snd_count < 2) {
3941 * True non-retransmited
3944 tp1->whoTo->net_ack2 +=
3947 /* update RTO too? */
3955 sctp_calculate_rto(stcb,
3957 &tp1->sent_rcv_time,
3958 sctp_align_safe_nocopy,
3959 SCTP_RTT_FROM_DATA);
3962 if (tp1->whoTo->rto_needed == 0) {
3963 tp1->whoTo->rto_needed = 1;
3969 * CMT: CUCv2 algorithm. From the
3970 * cumack'd TSNs, for each TSN being
3971 * acked for the first time, set the
3972 * following variables for the
3973 * corresp destination.
3974 * new_pseudo_cumack will trigger a
3976 * find_(rtx_)pseudo_cumack will
3977 * trigger search for the next
3978 * expected (rtx-)pseudo-cumack.
3980 tp1->whoTo->new_pseudo_cumack = 1;
3981 tp1->whoTo->find_pseudo_cumack = 1;
3982 tp1->whoTo->find_rtx_pseudo_cumack = 1;
3984 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
3985 /* sa_ignore NO_NULL_CHK */
3986 sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.tsn, SCTP_CWND_LOG_FROM_SACK);
3989 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
3990 sctp_ucount_decr(asoc->sent_queue_retran_cnt);
3992 if (tp1->rec.data.chunk_was_revoked) {
3993 /* deflate the cwnd */
3994 tp1->whoTo->cwnd -= tp1->book_size;
3995 tp1->rec.data.chunk_was_revoked = 0;
3997 if (tp1->sent != SCTP_DATAGRAM_NR_ACKED) {
3998 if (asoc->strmout[tp1->rec.data.sid].chunks_on_queues > 0) {
3999 asoc->strmout[tp1->rec.data.sid].chunks_on_queues--;
4002 panic("No chunks on the queues for sid %u.", tp1->rec.data.sid);
4006 if ((asoc->strmout[tp1->rec.data.sid].chunks_on_queues == 0) &&
4007 (asoc->strmout[tp1->rec.data.sid].state == SCTP_STREAM_RESET_PENDING) &&
4008 TAILQ_EMPTY(&asoc->strmout[tp1->rec.data.sid].outqueue)) {
4009 asoc->trigger_reset = 1;
4011 TAILQ_REMOVE(&asoc->sent_queue, tp1, sctp_next);
4013 /* sa_ignore NO_NULL_CHK */
4014 sctp_free_bufspace(stcb, asoc, tp1, 1);
4015 sctp_m_freem(tp1->data);
4018 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
4019 sctp_log_sack(asoc->last_acked_seq,
4024 SCTP_LOG_FREE_SENT);
4026 asoc->sent_queue_cnt--;
4027 sctp_free_a_chunk(stcb, tp1, SCTP_SO_NOT_LOCKED);
4034 /* sa_ignore NO_NULL_CHK */
4035 if (stcb->sctp_socket) {
4036 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4040 SOCKBUF_LOCK(&stcb->sctp_socket->so_snd);
4041 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
4042 /* sa_ignore NO_NULL_CHK */
4043 sctp_wakeup_log(stcb, 1, SCTP_WAKESND_FROM_SACK);
4045 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4046 so = SCTP_INP_SO(stcb->sctp_ep);
4047 atomic_add_int(&stcb->asoc.refcnt, 1);
4048 SCTP_TCB_UNLOCK(stcb);
4049 SCTP_SOCKET_LOCK(so, 1);
4050 SCTP_TCB_LOCK(stcb);
4051 atomic_subtract_int(&stcb->asoc.refcnt, 1);
4052 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
4053 /* assoc was freed while we were unlocked */
4054 SCTP_SOCKET_UNLOCK(so, 1);
4058 sctp_sowwakeup_locked(stcb->sctp_ep, stcb->sctp_socket);
4059 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4060 SCTP_SOCKET_UNLOCK(so, 1);
4063 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
4064 sctp_wakeup_log(stcb, 1, SCTP_NOWAKE_FROM_SACK);
4068 /* JRS - Use the congestion control given in the CC module */
4069 if ((asoc->last_acked_seq != cumack) && (ecne_seen == 0)) {
4070 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4071 if (net->net_ack2 > 0) {
4073 * Karn's rule applies to clearing error
4074 * count, this is optional.
4076 net->error_count = 0;
4077 if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
4078 /* addr came good */
4079 net->dest_state |= SCTP_ADDR_REACHABLE;
4080 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb,
4081 0, (void *)net, SCTP_SO_NOT_LOCKED);
4083 if (net == stcb->asoc.primary_destination) {
4084 if (stcb->asoc.alternate) {
4086 * release the alternate,
4089 sctp_free_remote_addr(stcb->asoc.alternate);
4090 stcb->asoc.alternate = NULL;
4093 if (net->dest_state & SCTP_ADDR_PF) {
4094 net->dest_state &= ~SCTP_ADDR_PF;
4095 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT,
4096 stcb->sctp_ep, stcb, net,
4097 SCTP_FROM_SCTP_INDATA + SCTP_LOC_22);
4098 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net);
4099 asoc->cc_functions.sctp_cwnd_update_exit_pf(stcb, net);
4100 /* Done with this net */
4103 /* restore any doubled timers */
4104 net->RTO = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
4105 if (net->RTO < stcb->asoc.minrto) {
4106 net->RTO = stcb->asoc.minrto;
4108 if (net->RTO > stcb->asoc.maxrto) {
4109 net->RTO = stcb->asoc.maxrto;
4113 asoc->cc_functions.sctp_cwnd_update_after_sack(stcb, asoc, 1, 0, 0);
4115 asoc->last_acked_seq = cumack;
4117 if (TAILQ_EMPTY(&asoc->sent_queue)) {
4118 /* nothing left in-flight */
4119 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4120 net->flight_size = 0;
4121 net->partial_bytes_acked = 0;
4123 asoc->total_flight = 0;
4124 asoc->total_flight_count = 0;
4127 asoc->peers_rwnd = sctp_sbspace_sub(rwnd,
4128 (uint32_t)(asoc->total_flight + (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))));
4129 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4130 /* SWS sender side engages */
4131 asoc->peers_rwnd = 0;
4133 if (asoc->peers_rwnd > old_rwnd) {
4134 win_probe_recovery = 1;
4136 /* Now assure a timer where data is queued at */
4139 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4142 if (win_probe_recovery && (net->window_probe)) {
4143 win_probe_recovered = 1;
4145 * Find first chunk that was used with window probe
4146 * and clear the sent
4148 /* sa_ignore FREED_MEMORY */
4149 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4150 if (tp1->window_probe) {
4151 /* move back to data send queue */
4152 sctp_window_probe_recovery(stcb, asoc, tp1);
4157 if (net->RTO == 0) {
4158 to_ticks = MSEC_TO_TICKS(stcb->asoc.initial_rto);
4160 to_ticks = MSEC_TO_TICKS(net->RTO);
4162 if (net->flight_size) {
4164 (void)SCTP_OS_TIMER_START(&net->rxt_timer.timer, to_ticks,
4165 sctp_timeout_handler, &net->rxt_timer);
4166 if (net->window_probe) {
4167 net->window_probe = 0;
4170 if (net->window_probe) {
4172 * In window probes we must assure a timer
4173 * is still running there
4175 net->window_probe = 0;
4176 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
4177 SCTP_OS_TIMER_START(&net->rxt_timer.timer, to_ticks,
4178 sctp_timeout_handler, &net->rxt_timer);
4180 } else if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
4181 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4183 SCTP_FROM_SCTP_INDATA + SCTP_LOC_23);
4188 (!TAILQ_EMPTY(&asoc->sent_queue)) &&
4189 (asoc->sent_queue_retran_cnt == 0) &&
4190 (win_probe_recovered == 0) &&
4193 * huh, this should not happen unless all packets are
4194 * PR-SCTP and marked to skip of course.
4196 if (sctp_fs_audit(asoc)) {
4197 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4198 net->flight_size = 0;
4200 asoc->total_flight = 0;
4201 asoc->total_flight_count = 0;
4202 asoc->sent_queue_retran_cnt = 0;
4203 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4204 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
4205 sctp_flight_size_increase(tp1);
4206 sctp_total_flight_increase(stcb, tp1);
4207 } else if (tp1->sent == SCTP_DATAGRAM_RESEND) {
4208 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
4215 /**********************************/
4216 /* Now what about shutdown issues */
4217 /**********************************/
4218 if (TAILQ_EMPTY(&asoc->send_queue) && TAILQ_EMPTY(&asoc->sent_queue)) {
4219 /* nothing left on sendqueue.. consider done */
4221 if ((asoc->stream_queue_cnt == 1) &&
4222 ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) ||
4223 (asoc->state & SCTP_STATE_SHUTDOWN_RECEIVED)) &&
4224 ((*asoc->ss_functions.sctp_ss_is_user_msgs_incomplete) (stcb, asoc))) {
4225 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT;
4227 if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) &&
4228 (asoc->stream_queue_cnt == 0)) {
4229 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4230 /* Need to abort here */
4231 struct mbuf *op_err;
4236 op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, "");
4237 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_24;
4238 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
4241 struct sctp_nets *netp;
4243 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) ||
4244 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
4245 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4247 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
4248 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4249 sctp_stop_timers_for_shutdown(stcb);
4250 if (asoc->alternate) {
4251 netp = asoc->alternate;
4253 netp = asoc->primary_destination;
4255 sctp_send_shutdown(stcb, netp);
4256 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
4257 stcb->sctp_ep, stcb, netp);
4258 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
4259 stcb->sctp_ep, stcb, netp);
4261 } else if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) &&
4262 (asoc->stream_queue_cnt == 0)) {
4263 struct sctp_nets *netp;
4265 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4268 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4269 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_ACK_SENT);
4270 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4271 sctp_stop_timers_for_shutdown(stcb);
4272 if (asoc->alternate) {
4273 netp = asoc->alternate;
4275 netp = asoc->primary_destination;
4277 sctp_send_shutdown_ack(stcb, netp);
4278 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK,
4279 stcb->sctp_ep, stcb, netp);
4282 /*********************************************/
4283 /* Here we perform PR-SCTP procedures */
4285 /*********************************************/
4286 /* C1. update advancedPeerAckPoint */
4287 if (SCTP_TSN_GT(cumack, asoc->advanced_peer_ack_point)) {
4288 asoc->advanced_peer_ack_point = cumack;
4290 /* PR-Sctp issues need to be addressed too */
4291 if ((asoc->prsctp_supported) && (asoc->pr_sctp_cnt > 0)) {
4292 struct sctp_tmit_chunk *lchk;
4293 uint32_t old_adv_peer_ack_point;
4295 old_adv_peer_ack_point = asoc->advanced_peer_ack_point;
4296 lchk = sctp_try_advance_peer_ack_point(stcb, asoc);
4297 /* C3. See if we need to send a Fwd-TSN */
4298 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, cumack)) {
4300 * ISSUE with ECN, see FWD-TSN processing.
4302 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, old_adv_peer_ack_point)) {
4303 send_forward_tsn(stcb, asoc);
4305 /* try to FR fwd-tsn's that get lost too */
4306 if (lchk->rec.data.fwd_tsn_cnt >= 3) {
4307 send_forward_tsn(stcb, asoc);
4312 /* Assure a timer is up */
4313 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
4314 stcb->sctp_ep, stcb, lchk->whoTo);
4317 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_RWND_LOGGING_ENABLE) {
4318 sctp_misc_ints(SCTP_SACK_RWND_UPDATE,
4320 stcb->asoc.peers_rwnd,
4321 stcb->asoc.total_flight,
4322 stcb->asoc.total_output_queue_size);
4327 sctp_handle_sack(struct mbuf *m, int offset_seg, int offset_dup,
4328 struct sctp_tcb *stcb,
4329 uint16_t num_seg, uint16_t num_nr_seg, uint16_t num_dup,
4330 int *abort_now, uint8_t flags,
4331 uint32_t cum_ack, uint32_t rwnd, int ecne_seen)
4333 struct sctp_association *asoc;
4334 struct sctp_tmit_chunk *tp1, *tp2;
4335 uint32_t last_tsn, biggest_tsn_acked, biggest_tsn_newly_acked, this_sack_lowest_newack;
4336 uint16_t wake_him = 0;
4337 uint32_t send_s = 0;
4339 int accum_moved = 0;
4340 int will_exit_fast_recovery = 0;
4341 uint32_t a_rwnd, old_rwnd;
4342 int win_probe_recovery = 0;
4343 int win_probe_recovered = 0;
4344 struct sctp_nets *net = NULL;
4347 uint8_t reneged_all = 0;
4348 uint8_t cmt_dac_flag;
4351 * we take any chance we can to service our queues since we cannot
4352 * get awoken when the socket is read from :<
4355 * Now perform the actual SACK handling: 1) Verify that it is not an
4356 * old sack, if so discard. 2) If there is nothing left in the send
4357 * queue (cum-ack is equal to last acked) then you have a duplicate
4358 * too, update any rwnd change and verify no timers are running.
4359 * then return. 3) Process any new consequtive data i.e. cum-ack
4360 * moved process these first and note that it moved. 4) Process any
4361 * sack blocks. 5) Drop any acked from the queue. 6) Check for any
4362 * revoked blocks and mark. 7) Update the cwnd. 8) Nothing left,
4363 * sync up flightsizes and things, stop all timers and also check
4364 * for shutdown_pending state. If so then go ahead and send off the
4365 * shutdown. If in shutdown recv, send off the shutdown-ack and
4366 * start that timer, Ret. 9) Strike any non-acked things and do FR
4367 * procedure if needed being sure to set the FR flag. 10) Do pr-sctp
4368 * procedures. 11) Apply any FR penalties. 12) Assure we will SACK
4369 * if in shutdown_recv state.
4371 SCTP_TCB_LOCK_ASSERT(stcb);
4373 this_sack_lowest_newack = 0;
4374 SCTP_STAT_INCR(sctps_slowpath_sack);
4376 cmt_dac_flag = flags & SCTP_SACK_CMT_DAC;
4377 #ifdef SCTP_ASOCLOG_OF_TSNS
4378 stcb->asoc.cumack_log[stcb->asoc.cumack_log_at] = cum_ack;
4379 stcb->asoc.cumack_log_at++;
4380 if (stcb->asoc.cumack_log_at > SCTP_TSN_LOG_SIZE) {
4381 stcb->asoc.cumack_log_at = 0;
4386 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_SACK_ARRIVALS_ENABLE) {
4387 sctp_misc_ints(SCTP_SACK_LOG_NORMAL, cum_ack,
4388 rwnd, stcb->asoc.last_acked_seq, stcb->asoc.peers_rwnd);
4390 old_rwnd = stcb->asoc.peers_rwnd;
4391 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4392 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4393 stcb->asoc.overall_error_count,
4395 SCTP_FROM_SCTP_INDATA,
4398 stcb->asoc.overall_error_count = 0;
4400 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
4401 sctp_log_sack(asoc->last_acked_seq,
4408 if ((num_dup) && (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE)) {
4410 uint32_t *dupdata, dblock;
4412 for (i = 0; i < num_dup; i++) {
4413 dupdata = (uint32_t *)sctp_m_getptr(m, offset_dup + i * sizeof(uint32_t),
4414 sizeof(uint32_t), (uint8_t *)&dblock);
4415 if (dupdata == NULL) {
4418 sctp_log_fr(*dupdata, 0, 0, SCTP_FR_DUPED);
4422 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
4423 tp1 = TAILQ_LAST(&asoc->sent_queue,
4424 sctpchunk_listhead);
4425 send_s = tp1->rec.data.tsn + 1;
4428 send_s = asoc->sending_seq;
4430 if (SCTP_TSN_GE(cum_ack, send_s)) {
4431 struct mbuf *op_err;
4432 char msg[SCTP_DIAG_INFO_LEN];
4435 * no way, we have not even sent this TSN out yet. Peer is
4436 * hopelessly messed up with us.
4438 SCTP_PRINTF("NEW cum_ack:%x send_s:%x is smaller or equal\n",
4441 SCTP_PRINTF("Got send_s from tsn:%x + 1 of tp1: %p\n",
4442 tp1->rec.data.tsn, (void *)tp1);
4447 snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x",
4449 op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
4450 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_25;
4451 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
4454 /**********************/
4455 /* 1) check the range */
4456 /**********************/
4457 if (SCTP_TSN_GT(asoc->last_acked_seq, last_tsn)) {
4458 /* acking something behind */
4461 /* update the Rwnd of the peer */
4462 if (TAILQ_EMPTY(&asoc->sent_queue) &&
4463 TAILQ_EMPTY(&asoc->send_queue) &&
4464 (asoc->stream_queue_cnt == 0)) {
4465 /* nothing left on send/sent and strmq */
4466 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
4467 sctp_log_rwnd_set(SCTP_SET_PEER_RWND_VIA_SACK,
4468 asoc->peers_rwnd, 0, 0, a_rwnd);
4470 asoc->peers_rwnd = a_rwnd;
4471 if (asoc->sent_queue_retran_cnt) {
4472 asoc->sent_queue_retran_cnt = 0;
4474 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4475 /* SWS sender side engages */
4476 asoc->peers_rwnd = 0;
4478 /* stop any timers */
4479 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4480 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4481 stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_26);
4482 net->partial_bytes_acked = 0;
4483 net->flight_size = 0;
4485 asoc->total_flight = 0;
4486 asoc->total_flight_count = 0;
4490 * We init netAckSz and netAckSz2 to 0. These are used to track 2
4491 * things. The total byte count acked is tracked in netAckSz AND
4492 * netAck2 is used to track the total bytes acked that are un-
4493 * amibguious and were never retransmitted. We track these on a per
4494 * destination address basis.
4496 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4497 if (SCTP_TSN_GT(cum_ack, net->cwr_window_tsn)) {
4498 /* Drag along the window_tsn for cwr's */
4499 net->cwr_window_tsn = cum_ack;
4501 net->prev_cwnd = net->cwnd;
4506 * CMT: Reset CUC and Fast recovery algo variables before
4509 net->new_pseudo_cumack = 0;
4510 net->will_exit_fast_recovery = 0;
4511 if (stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) {
4512 (*stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) (stcb, net);
4515 /* process the new consecutive TSN first */
4516 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4517 if (SCTP_TSN_GE(last_tsn, tp1->rec.data.tsn)) {
4518 if (tp1->sent != SCTP_DATAGRAM_UNSENT) {
4520 if (tp1->sent < SCTP_DATAGRAM_ACKED) {
4522 * If it is less than ACKED, it is
4523 * now no-longer in flight. Higher
4524 * values may occur during marking
4526 if ((tp1->whoTo->dest_state &
4527 SCTP_ADDR_UNCONFIRMED) &&
4528 (tp1->snd_count < 2)) {
4530 * If there was no retran
4531 * and the address is
4532 * un-confirmed and we sent
4534 * sacked.. its confirmed,
4537 tp1->whoTo->dest_state &=
4538 ~SCTP_ADDR_UNCONFIRMED;
4540 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
4541 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
4542 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_CA,
4543 tp1->whoTo->flight_size,
4545 (uint32_t)(uintptr_t)tp1->whoTo,
4548 sctp_flight_size_decrease(tp1);
4549 sctp_total_flight_decrease(stcb, tp1);
4550 if (stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) {
4551 (*stcb->asoc.cc_functions.sctp_cwnd_update_tsn_acknowledged) (tp1->whoTo,
4555 tp1->whoTo->net_ack += tp1->send_size;
4557 /* CMT SFR and DAC algos */
4558 this_sack_lowest_newack = tp1->rec.data.tsn;
4559 tp1->whoTo->saw_newack = 1;
4561 if (tp1->snd_count < 2) {
4563 * True non-retransmited
4566 tp1->whoTo->net_ack2 +=
4569 /* update RTO too? */
4573 sctp_calculate_rto(stcb,
4575 &tp1->sent_rcv_time,
4576 sctp_align_safe_nocopy,
4577 SCTP_RTT_FROM_DATA);
4580 if (tp1->whoTo->rto_needed == 0) {
4581 tp1->whoTo->rto_needed = 1;
4587 * CMT: CUCv2 algorithm. From the
4588 * cumack'd TSNs, for each TSN being
4589 * acked for the first time, set the
4590 * following variables for the
4591 * corresp destination.
4592 * new_pseudo_cumack will trigger a
4594 * find_(rtx_)pseudo_cumack will
4595 * trigger search for the next
4596 * expected (rtx-)pseudo-cumack.
4598 tp1->whoTo->new_pseudo_cumack = 1;
4599 tp1->whoTo->find_pseudo_cumack = 1;
4600 tp1->whoTo->find_rtx_pseudo_cumack = 1;
4603 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
4604 sctp_log_sack(asoc->last_acked_seq,
4609 SCTP_LOG_TSN_ACKED);
4611 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
4612 sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.tsn, SCTP_CWND_LOG_FROM_SACK);
4615 if (tp1->sent == SCTP_DATAGRAM_RESEND) {
4616 sctp_ucount_decr(asoc->sent_queue_retran_cnt);
4617 #ifdef SCTP_AUDITING_ENABLED
4618 sctp_audit_log(0xB3,
4619 (asoc->sent_queue_retran_cnt & 0x000000ff));
4622 if (tp1->rec.data.chunk_was_revoked) {
4623 /* deflate the cwnd */
4624 tp1->whoTo->cwnd -= tp1->book_size;
4625 tp1->rec.data.chunk_was_revoked = 0;
4627 if (tp1->sent != SCTP_DATAGRAM_NR_ACKED) {
4628 tp1->sent = SCTP_DATAGRAM_ACKED;
4635 biggest_tsn_newly_acked = biggest_tsn_acked = last_tsn;
4636 /* always set this up to cum-ack */
4637 asoc->this_sack_highest_gap = last_tsn;
4639 if ((num_seg > 0) || (num_nr_seg > 0)) {
4642 * CMT: SFR algo (and HTNA) - this_sack_highest_newack has
4643 * to be greater than the cumack. Also reset saw_newack to 0
4646 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4647 net->saw_newack = 0;
4648 net->this_sack_highest_newack = last_tsn;
4652 * thisSackHighestGap will increase while handling NEW
4653 * segments this_sack_highest_newack will increase while
4654 * handling NEWLY ACKED chunks. this_sack_lowest_newack is
4655 * used for CMT DAC algo. saw_newack will also change.
4657 if (sctp_handle_segments(m, &offset_seg, stcb, asoc, last_tsn, &biggest_tsn_acked,
4658 &biggest_tsn_newly_acked, &this_sack_lowest_newack,
4659 num_seg, num_nr_seg, &rto_ok)) {
4663 * validate the biggest_tsn_acked in the gap acks if strict
4664 * adherence is wanted.
4666 if (SCTP_TSN_GE(biggest_tsn_acked, send_s)) {
4668 * peer is either confused or we are under attack.
4671 SCTP_PRINTF("Hopeless peer! biggest_tsn_acked:%x largest seq:%x\n",
4672 biggest_tsn_acked, send_s);
4676 /*******************************************/
4677 /* cancel ALL T3-send timer if accum moved */
4678 /*******************************************/
4679 if (asoc->sctp_cmt_on_off > 0) {
4680 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4681 if (net->new_pseudo_cumack)
4682 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4684 SCTP_FROM_SCTP_INDATA + SCTP_LOC_27);
4689 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4690 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4691 stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_28);
4695 /********************************************/
4696 /* drop the acked chunks from the sentqueue */
4697 /********************************************/
4698 asoc->last_acked_seq = cum_ack;
4700 TAILQ_FOREACH_SAFE(tp1, &asoc->sent_queue, sctp_next, tp2) {
4701 if (SCTP_TSN_GT(tp1->rec.data.tsn, cum_ack)) {
4704 if (tp1->sent != SCTP_DATAGRAM_NR_ACKED) {
4705 if (asoc->strmout[tp1->rec.data.sid].chunks_on_queues > 0) {
4706 asoc->strmout[tp1->rec.data.sid].chunks_on_queues--;
4709 panic("No chunks on the queues for sid %u.", tp1->rec.data.sid);
4713 if ((asoc->strmout[tp1->rec.data.sid].chunks_on_queues == 0) &&
4714 (asoc->strmout[tp1->rec.data.sid].state == SCTP_STREAM_RESET_PENDING) &&
4715 TAILQ_EMPTY(&asoc->strmout[tp1->rec.data.sid].outqueue)) {
4716 asoc->trigger_reset = 1;
4718 TAILQ_REMOVE(&asoc->sent_queue, tp1, sctp_next);
4719 if (PR_SCTP_ENABLED(tp1->flags)) {
4720 if (asoc->pr_sctp_cnt != 0)
4721 asoc->pr_sctp_cnt--;
4723 asoc->sent_queue_cnt--;
4725 /* sa_ignore NO_NULL_CHK */
4726 sctp_free_bufspace(stcb, asoc, tp1, 1);
4727 sctp_m_freem(tp1->data);
4729 if (asoc->prsctp_supported && PR_SCTP_BUF_ENABLED(tp1->flags)) {
4730 asoc->sent_queue_cnt_removeable--;
4733 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_LOGGING_ENABLE) {
4734 sctp_log_sack(asoc->last_acked_seq,
4739 SCTP_LOG_FREE_SENT);
4741 sctp_free_a_chunk(stcb, tp1, SCTP_SO_NOT_LOCKED);
4744 if (TAILQ_EMPTY(&asoc->sent_queue) && (asoc->total_flight > 0)) {
4746 panic("Warning flight size is positive and should be 0");
4748 SCTP_PRINTF("Warning flight size incorrect should be 0 is %d\n",
4749 asoc->total_flight);
4751 asoc->total_flight = 0;
4753 /* sa_ignore NO_NULL_CHK */
4754 if ((wake_him) && (stcb->sctp_socket)) {
4755 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4759 SOCKBUF_LOCK(&stcb->sctp_socket->so_snd);
4760 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
4761 sctp_wakeup_log(stcb, wake_him, SCTP_WAKESND_FROM_SACK);
4763 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4764 so = SCTP_INP_SO(stcb->sctp_ep);
4765 atomic_add_int(&stcb->asoc.refcnt, 1);
4766 SCTP_TCB_UNLOCK(stcb);
4767 SCTP_SOCKET_LOCK(so, 1);
4768 SCTP_TCB_LOCK(stcb);
4769 atomic_subtract_int(&stcb->asoc.refcnt, 1);
4770 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
4771 /* assoc was freed while we were unlocked */
4772 SCTP_SOCKET_UNLOCK(so, 1);
4776 sctp_sowwakeup_locked(stcb->sctp_ep, stcb->sctp_socket);
4777 #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4778 SCTP_SOCKET_UNLOCK(so, 1);
4781 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_WAKE_LOGGING_ENABLE) {
4782 sctp_wakeup_log(stcb, wake_him, SCTP_NOWAKE_FROM_SACK);
4786 if (asoc->fast_retran_loss_recovery && accum_moved) {
4787 if (SCTP_TSN_GE(asoc->last_acked_seq, asoc->fast_recovery_tsn)) {
4788 /* Setup so we will exit RFC2582 fast recovery */
4789 will_exit_fast_recovery = 1;
4793 * Check for revoked fragments:
4795 * if Previous sack - Had no frags then we can't have any revoked if
4796 * Previous sack - Had frag's then - If we now have frags aka
4797 * num_seg > 0 call sctp_check_for_revoked() to tell if peer revoked
4798 * some of them. else - The peer revoked all ACKED fragments, since
4799 * we had some before and now we have NONE.
4803 sctp_check_for_revoked(stcb, asoc, cum_ack, biggest_tsn_acked);
4804 asoc->saw_sack_with_frags = 1;
4805 } else if (asoc->saw_sack_with_frags) {
4806 int cnt_revoked = 0;
4808 /* Peer revoked all dg's marked or acked */
4809 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
4810 if (tp1->sent == SCTP_DATAGRAM_ACKED) {
4811 tp1->sent = SCTP_DATAGRAM_SENT;
4812 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
4813 sctp_misc_ints(SCTP_FLIGHT_LOG_UP_REVOKE,
4814 tp1->whoTo->flight_size,
4816 (uint32_t)(uintptr_t)tp1->whoTo,
4819 sctp_flight_size_increase(tp1);
4820 sctp_total_flight_increase(stcb, tp1);
4821 tp1->rec.data.chunk_was_revoked = 1;
4823 * To ensure that this increase in
4824 * flightsize, which is artificial, does not
4825 * throttle the sender, we also increase the
4826 * cwnd artificially.
4828 tp1->whoTo->cwnd += tp1->book_size;
4835 asoc->saw_sack_with_frags = 0;
4838 asoc->saw_sack_with_nr_frags = 1;
4840 asoc->saw_sack_with_nr_frags = 0;
4842 /* JRS - Use the congestion control given in the CC module */
4843 if (ecne_seen == 0) {
4844 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4845 if (net->net_ack2 > 0) {
4847 * Karn's rule applies to clearing error
4848 * count, this is optional.
4850 net->error_count = 0;
4851 if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
4852 /* addr came good */
4853 net->dest_state |= SCTP_ADDR_REACHABLE;
4854 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb,
4855 0, (void *)net, SCTP_SO_NOT_LOCKED);
4857 if (net == stcb->asoc.primary_destination) {
4858 if (stcb->asoc.alternate) {
4860 * release the alternate,
4863 sctp_free_remote_addr(stcb->asoc.alternate);
4864 stcb->asoc.alternate = NULL;
4867 if (net->dest_state & SCTP_ADDR_PF) {
4868 net->dest_state &= ~SCTP_ADDR_PF;
4869 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT,
4870 stcb->sctp_ep, stcb, net,
4871 SCTP_FROM_SCTP_INDATA + SCTP_LOC_29);
4872 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net);
4873 asoc->cc_functions.sctp_cwnd_update_exit_pf(stcb, net);
4874 /* Done with this net */
4877 /* restore any doubled timers */
4878 net->RTO = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
4879 if (net->RTO < stcb->asoc.minrto) {
4880 net->RTO = stcb->asoc.minrto;
4882 if (net->RTO > stcb->asoc.maxrto) {
4883 net->RTO = stcb->asoc.maxrto;
4887 asoc->cc_functions.sctp_cwnd_update_after_sack(stcb, asoc, accum_moved, reneged_all, will_exit_fast_recovery);
4889 if (TAILQ_EMPTY(&asoc->sent_queue)) {
4890 /* nothing left in-flight */
4891 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4892 /* stop all timers */
4893 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
4895 SCTP_FROM_SCTP_INDATA + SCTP_LOC_30);
4896 net->flight_size = 0;
4897 net->partial_bytes_acked = 0;
4899 asoc->total_flight = 0;
4900 asoc->total_flight_count = 0;
4902 /**********************************/
4903 /* Now what about shutdown issues */
4904 /**********************************/
4905 if (TAILQ_EMPTY(&asoc->send_queue) && TAILQ_EMPTY(&asoc->sent_queue)) {
4906 /* nothing left on sendqueue.. consider done */
4907 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
4908 sctp_log_rwnd_set(SCTP_SET_PEER_RWND_VIA_SACK,
4909 asoc->peers_rwnd, 0, 0, a_rwnd);
4911 asoc->peers_rwnd = a_rwnd;
4912 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
4913 /* SWS sender side engages */
4914 asoc->peers_rwnd = 0;
4917 if ((asoc->stream_queue_cnt == 1) &&
4918 ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) ||
4919 (asoc->state & SCTP_STATE_SHUTDOWN_RECEIVED)) &&
4920 ((*asoc->ss_functions.sctp_ss_is_user_msgs_incomplete) (stcb, asoc))) {
4921 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT;
4923 if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) &&
4924 (asoc->stream_queue_cnt == 0)) {
4925 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4926 /* Need to abort here */
4927 struct mbuf *op_err;
4932 op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, "");
4933 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_31;
4934 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
4937 struct sctp_nets *netp;
4939 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) ||
4940 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
4941 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4943 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT);
4944 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4945 sctp_stop_timers_for_shutdown(stcb);
4946 if (asoc->alternate) {
4947 netp = asoc->alternate;
4949 netp = asoc->primary_destination;
4951 sctp_send_shutdown(stcb, netp);
4952 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
4953 stcb->sctp_ep, stcb, netp);
4954 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
4955 stcb->sctp_ep, stcb, netp);
4958 } else if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) &&
4959 (asoc->stream_queue_cnt == 0)) {
4960 struct sctp_nets *netp;
4962 if (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT) {
4965 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4966 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_ACK_SENT);
4967 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING);
4968 sctp_stop_timers_for_shutdown(stcb);
4969 if (asoc->alternate) {
4970 netp = asoc->alternate;
4972 netp = asoc->primary_destination;
4974 sctp_send_shutdown_ack(stcb, netp);
4975 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK,
4976 stcb->sctp_ep, stcb, netp);
4981 * Now here we are going to recycle net_ack for a different use...
4984 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4989 * CMT DAC algorithm: If SACK DAC flag was 0, then no extra marking
4990 * to be done. Setting this_sack_lowest_newack to the cum_ack will
4991 * automatically ensure that.
4993 if ((asoc->sctp_cmt_on_off > 0) &&
4994 SCTP_BASE_SYSCTL(sctp_cmt_use_dac) &&
4995 (cmt_dac_flag == 0)) {
4996 this_sack_lowest_newack = cum_ack;
4998 if ((num_seg > 0) || (num_nr_seg > 0)) {
4999 sctp_strike_gap_ack_chunks(stcb, asoc, biggest_tsn_acked,
5000 biggest_tsn_newly_acked, this_sack_lowest_newack, accum_moved);
5002 /* JRS - Use the congestion control given in the CC module */
5003 asoc->cc_functions.sctp_cwnd_update_after_fr(stcb, asoc);
5005 /* Now are we exiting loss recovery ? */
5006 if (will_exit_fast_recovery) {
5007 /* Ok, we must exit fast recovery */
5008 asoc->fast_retran_loss_recovery = 0;
5010 if ((asoc->sat_t3_loss_recovery) &&
5011 SCTP_TSN_GE(asoc->last_acked_seq, asoc->sat_t3_recovery_tsn)) {
5012 /* end satellite t3 loss recovery */
5013 asoc->sat_t3_loss_recovery = 0;
5018 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5019 if (net->will_exit_fast_recovery) {
5020 /* Ok, we must exit fast recovery */
5021 net->fast_retran_loss_recovery = 0;
5025 /* Adjust and set the new rwnd value */
5026 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
5027 sctp_log_rwnd_set(SCTP_SET_PEER_RWND_VIA_SACK,
5028 asoc->peers_rwnd, asoc->total_flight, (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)), a_rwnd);
5030 asoc->peers_rwnd = sctp_sbspace_sub(a_rwnd,
5031 (uint32_t)(asoc->total_flight + (asoc->total_flight_count * SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))));
5032 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
5033 /* SWS sender side engages */
5034 asoc->peers_rwnd = 0;
5036 if (asoc->peers_rwnd > old_rwnd) {
5037 win_probe_recovery = 1;
5040 * Now we must setup so we have a timer up for anyone with
5046 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5047 if (win_probe_recovery && (net->window_probe)) {
5048 win_probe_recovered = 1;
5050 * Find first chunk that was used with
5051 * window probe and clear the event. Put
5052 * it back into the send queue as if has
5055 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
5056 if (tp1->window_probe) {
5057 sctp_window_probe_recovery(stcb, asoc, tp1);
5062 if (net->flight_size) {
5064 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
5065 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
5066 stcb->sctp_ep, stcb, net);
5068 if (net->window_probe) {
5069 net->window_probe = 0;
5072 if (net->window_probe) {
5074 * In window probes we must assure a timer
5075 * is still running there
5077 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
5078 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
5079 stcb->sctp_ep, stcb, net);
5082 } else if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
5083 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
5085 SCTP_FROM_SCTP_INDATA + SCTP_LOC_32);
5090 (!TAILQ_EMPTY(&asoc->sent_queue)) &&
5091 (asoc->sent_queue_retran_cnt == 0) &&
5092 (win_probe_recovered == 0) &&
5095 * huh, this should not happen unless all packets are
5096 * PR-SCTP and marked to skip of course.
5098 if (sctp_fs_audit(asoc)) {
5099 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5100 net->flight_size = 0;
5102 asoc->total_flight = 0;
5103 asoc->total_flight_count = 0;
5104 asoc->sent_queue_retran_cnt = 0;
5105 TAILQ_FOREACH(tp1, &asoc->sent_queue, sctp_next) {
5106 if (tp1->sent < SCTP_DATAGRAM_RESEND) {
5107 sctp_flight_size_increase(tp1);
5108 sctp_total_flight_increase(stcb, tp1);
5109 } else if (tp1->sent == SCTP_DATAGRAM_RESEND) {
5110 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
5117 /*********************************************/
5118 /* Here we perform PR-SCTP procedures */
5120 /*********************************************/
5121 /* C1. update advancedPeerAckPoint */
5122 if (SCTP_TSN_GT(cum_ack, asoc->advanced_peer_ack_point)) {
5123 asoc->advanced_peer_ack_point = cum_ack;
5125 /* C2. try to further move advancedPeerAckPoint ahead */
5126 if ((asoc->prsctp_supported) && (asoc->pr_sctp_cnt > 0)) {
5127 struct sctp_tmit_chunk *lchk;
5128 uint32_t old_adv_peer_ack_point;
5130 old_adv_peer_ack_point = asoc->advanced_peer_ack_point;
5131 lchk = sctp_try_advance_peer_ack_point(stcb, asoc);
5132 /* C3. See if we need to send a Fwd-TSN */
5133 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, cum_ack)) {
5135 * ISSUE with ECN, see FWD-TSN processing.
5137 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
5138 sctp_misc_ints(SCTP_FWD_TSN_CHECK,
5139 0xee, cum_ack, asoc->advanced_peer_ack_point,
5140 old_adv_peer_ack_point);
5142 if (SCTP_TSN_GT(asoc->advanced_peer_ack_point, old_adv_peer_ack_point)) {
5143 send_forward_tsn(stcb, asoc);
5145 /* try to FR fwd-tsn's that get lost too */
5146 if (lchk->rec.data.fwd_tsn_cnt >= 3) {
5147 send_forward_tsn(stcb, asoc);
5152 /* Assure a timer is up */
5153 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
5154 stcb->sctp_ep, stcb, lchk->whoTo);
5157 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_SACK_RWND_LOGGING_ENABLE) {
5158 sctp_misc_ints(SCTP_SACK_RWND_UPDATE,
5160 stcb->asoc.peers_rwnd,
5161 stcb->asoc.total_flight,
5162 stcb->asoc.total_output_queue_size);
5167 sctp_update_acked(struct sctp_tcb *stcb, struct sctp_shutdown_chunk *cp, int *abort_flag)
5170 uint32_t cum_ack, a_rwnd;
5172 cum_ack = ntohl(cp->cumulative_tsn_ack);
5173 /* Arrange so a_rwnd does NOT change */
5174 a_rwnd = stcb->asoc.peers_rwnd + stcb->asoc.total_flight;
5176 /* Now call the express sack handling */
5177 sctp_express_handle_sack(stcb, cum_ack, a_rwnd, abort_flag, 0);
5181 sctp_kick_prsctp_reorder_queue(struct sctp_tcb *stcb,
5182 struct sctp_stream_in *strmin)
5184 struct sctp_queued_to_read *ctl, *nctl;
5185 struct sctp_association *asoc;
5187 int need_reasm_check = 0;
5190 mid = strmin->last_mid_delivered;
5192 * First deliver anything prior to and including the stream no that
5195 TAILQ_FOREACH_SAFE(ctl, &strmin->inqueue, next_instrm, nctl) {
5196 if (SCTP_MID_GE(asoc->idata_supported, mid, ctl->mid)) {
5197 /* this is deliverable now */
5198 if (((ctl->sinfo_flags >> 8) & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG) {
5199 if (ctl->on_strm_q) {
5200 if (ctl->on_strm_q == SCTP_ON_ORDERED) {
5201 TAILQ_REMOVE(&strmin->inqueue, ctl, next_instrm);
5202 } else if (ctl->on_strm_q == SCTP_ON_UNORDERED) {
5203 TAILQ_REMOVE(&strmin->uno_inqueue, ctl, next_instrm);
5206 panic("strmin: %p ctl: %p unknown %d",
5207 strmin, ctl, ctl->on_strm_q);
5212 /* subtract pending on streams */
5213 asoc->size_on_all_streams -= ctl->length;
5214 sctp_ucount_decr(asoc->cnt_on_all_streams);
5215 /* deliver it to at least the delivery-q */
5216 if (stcb->sctp_socket) {
5217 sctp_mark_non_revokable(asoc, ctl->sinfo_tsn);
5218 sctp_add_to_readq(stcb->sctp_ep, stcb,
5220 &stcb->sctp_socket->so_rcv,
5221 1, SCTP_READ_LOCK_HELD,
5222 SCTP_SO_NOT_LOCKED);
5225 /* Its a fragmented message */
5226 if (ctl->first_frag_seen) {
5228 * Make it so this is next to
5229 * deliver, we restore later
5231 strmin->last_mid_delivered = ctl->mid - 1;
5232 need_reasm_check = 1;
5237 /* no more delivery now. */
5241 if (need_reasm_check) {
5244 ret = sctp_deliver_reasm_check(stcb, &stcb->asoc, strmin, SCTP_READ_LOCK_HELD);
5245 if (SCTP_MID_GT(asoc->idata_supported, mid, strmin->last_mid_delivered)) {
5246 /* Restore the next to deliver unless we are ahead */
5247 strmin->last_mid_delivered = mid;
5250 /* Left the front Partial one on */
5253 need_reasm_check = 0;
5256 * now we must deliver things in queue the normal way if any are
5259 mid = strmin->last_mid_delivered + 1;
5260 TAILQ_FOREACH_SAFE(ctl, &strmin->inqueue, next_instrm, nctl) {
5261 if (SCTP_MID_EQ(asoc->idata_supported, mid, ctl->mid)) {
5262 if (((ctl->sinfo_flags >> 8) & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG) {
5263 /* this is deliverable now */
5264 if (ctl->on_strm_q) {
5265 if (ctl->on_strm_q == SCTP_ON_ORDERED) {
5266 TAILQ_REMOVE(&strmin->inqueue, ctl, next_instrm);
5267 } else if (ctl->on_strm_q == SCTP_ON_UNORDERED) {
5268 TAILQ_REMOVE(&strmin->uno_inqueue, ctl, next_instrm);
5271 panic("strmin: %p ctl: %p unknown %d",
5272 strmin, ctl, ctl->on_strm_q);
5277 /* subtract pending on streams */
5278 asoc->size_on_all_streams -= ctl->length;
5279 sctp_ucount_decr(asoc->cnt_on_all_streams);
5280 /* deliver it to at least the delivery-q */
5281 strmin->last_mid_delivered = ctl->mid;
5282 if (stcb->sctp_socket) {
5283 sctp_mark_non_revokable(asoc, ctl->sinfo_tsn);
5284 sctp_add_to_readq(stcb->sctp_ep, stcb,
5286 &stcb->sctp_socket->so_rcv, 1,
5287 SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED);
5290 mid = strmin->last_mid_delivered + 1;
5292 /* Its a fragmented message */
5293 if (ctl->first_frag_seen) {
5295 * Make it so this is next to
5298 strmin->last_mid_delivered = ctl->mid - 1;
5299 need_reasm_check = 1;
5307 if (need_reasm_check) {
5308 (void)sctp_deliver_reasm_check(stcb, &stcb->asoc, strmin, SCTP_READ_LOCK_HELD);
5315 sctp_flush_reassm_for_str_seq(struct sctp_tcb *stcb,
5316 struct sctp_association *asoc,
5317 uint16_t stream, uint32_t mid, int ordered, uint32_t cumtsn)
5319 struct sctp_queued_to_read *control;
5320 struct sctp_stream_in *strm;
5321 struct sctp_tmit_chunk *chk, *nchk;
5322 int cnt_removed = 0;
5325 * For now large messages held on the stream reasm that are complete
5326 * will be tossed too. We could in theory do more work to spin
5327 * through and stop after dumping one msg aka seeing the start of a
5328 * new msg at the head, and call the delivery function... to see if
5329 * it can be delivered... But for now we just dump everything on the
5332 strm = &asoc->strmin[stream];
5333 control = sctp_find_reasm_entry(strm, mid, ordered, asoc->idata_supported);
5334 if (control == NULL) {
5338 if (!asoc->idata_supported && !ordered && SCTP_TSN_GT(control->fsn_included, cumtsn)) {
5341 TAILQ_FOREACH_SAFE(chk, &control->reasm, sctp_next, nchk) {
5342 /* Purge hanging chunks */
5343 if (!asoc->idata_supported && (ordered == 0)) {
5344 if (SCTP_TSN_GT(chk->rec.data.tsn, cumtsn)) {
5349 TAILQ_REMOVE(&control->reasm, chk, sctp_next);
5350 asoc->size_on_reasm_queue -= chk->send_size;
5351 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
5353 sctp_m_freem(chk->data);
5356 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
5358 if (!TAILQ_EMPTY(&control->reasm)) {
5359 /* This has to be old data, unordered */
5360 if (control->data) {
5361 sctp_m_freem(control->data);
5362 control->data = NULL;
5364 sctp_reset_a_control(control, stcb->sctp_ep, cumtsn);
5365 chk = TAILQ_FIRST(&control->reasm);
5366 if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
5367 TAILQ_REMOVE(&control->reasm, chk, sctp_next);
5368 sctp_add_chk_to_control(control, strm, stcb, asoc,
5369 chk, SCTP_READ_LOCK_HELD);
5371 sctp_deliver_reasm_check(stcb, asoc, strm, SCTP_READ_LOCK_HELD);
5374 if (control->on_strm_q == SCTP_ON_ORDERED) {
5375 TAILQ_REMOVE(&strm->inqueue, control, next_instrm);
5376 control->on_strm_q = 0;
5377 } else if (control->on_strm_q == SCTP_ON_UNORDERED) {
5378 TAILQ_REMOVE(&strm->uno_inqueue, control, next_instrm);
5379 control->on_strm_q = 0;
5381 } else if (control->on_strm_q) {
5382 panic("strm: %p ctl: %p unknown %d",
5383 strm, control, control->on_strm_q);
5386 control->on_strm_q = 0;
5387 if (control->on_read_q == 0) {
5388 sctp_free_remote_addr(control->whoFrom);
5389 if (control->data) {
5390 sctp_m_freem(control->data);
5391 control->data = NULL;
5393 sctp_free_a_readq(stcb, control);
5398 sctp_handle_forward_tsn(struct sctp_tcb *stcb,
5399 struct sctp_forward_tsn_chunk *fwd,
5400 int *abort_flag, struct mbuf *m, int offset)
5402 /* The pr-sctp fwd tsn */
5404 * here we will perform all the data receiver side steps for
5405 * processing FwdTSN, as required in by pr-sctp draft:
5407 * Assume we get FwdTSN(x):
5409 * 1) update local cumTSN to x 2) try to further advance cumTSN to x
5410 * + others we have 3) examine and update re-ordering queue on
5411 * pr-in-streams 4) clean up re-assembly queue 5) Send a sack to
5412 * report where we are.
5414 struct sctp_association *asoc;
5415 uint32_t new_cum_tsn, gap;
5416 unsigned int i, fwd_sz, m_size;
5418 struct sctp_stream_in *strm;
5419 struct sctp_queued_to_read *ctl, *sv;
5422 if ((fwd_sz = ntohs(fwd->ch.chunk_length)) < sizeof(struct sctp_forward_tsn_chunk)) {
5423 SCTPDBG(SCTP_DEBUG_INDATA1,
5424 "Bad size too small/big fwd-tsn\n");
5427 m_size = (stcb->asoc.mapping_array_size << 3);
5428 /*************************************************************/
5429 /* 1. Here we update local cumTSN and shift the bitmap array */
5430 /*************************************************************/
5431 new_cum_tsn = ntohl(fwd->new_cumulative_tsn);
5433 if (SCTP_TSN_GE(asoc->cumulative_tsn, new_cum_tsn)) {
5434 /* Already got there ... */
5438 * now we know the new TSN is more advanced, let's find the actual
5441 SCTP_CALC_TSN_TO_GAP(gap, new_cum_tsn, asoc->mapping_array_base_tsn);
5442 asoc->cumulative_tsn = new_cum_tsn;
5443 if (gap >= m_size) {
5444 if ((long)gap > sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv)) {
5445 struct mbuf *op_err;
5446 char msg[SCTP_DIAG_INFO_LEN];
5449 * out of range (of single byte chunks in the rwnd I
5450 * give out). This must be an attacker.
5453 snprintf(msg, sizeof(msg),
5454 "New cum ack %8.8x too high, highest TSN %8.8x",
5455 new_cum_tsn, asoc->highest_tsn_inside_map);
5456 op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
5457 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_33;
5458 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
5461 SCTP_STAT_INCR(sctps_fwdtsn_map_over);
5463 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
5464 asoc->mapping_array_base_tsn = new_cum_tsn + 1;
5465 asoc->highest_tsn_inside_map = new_cum_tsn;
5467 memset(stcb->asoc.nr_mapping_array, 0, stcb->asoc.mapping_array_size);
5468 asoc->highest_tsn_inside_nr_map = new_cum_tsn;
5470 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
5471 sctp_log_map(0, 3, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
5474 SCTP_TCB_LOCK_ASSERT(stcb);
5475 for (i = 0; i <= gap; i++) {
5476 if (!SCTP_IS_TSN_PRESENT(asoc->mapping_array, i) &&
5477 !SCTP_IS_TSN_PRESENT(asoc->nr_mapping_array, i)) {
5478 SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, i);
5479 if (SCTP_TSN_GT(asoc->mapping_array_base_tsn + i, asoc->highest_tsn_inside_nr_map)) {
5480 asoc->highest_tsn_inside_nr_map = asoc->mapping_array_base_tsn + i;
5485 /*************************************************************/
5486 /* 2. Clear up re-assembly queue */
5487 /*************************************************************/
5489 /* This is now done as part of clearing up the stream/seq */
5490 if (asoc->idata_supported == 0) {
5493 /* Flush all the un-ordered data based on cum-tsn */
5494 SCTP_INP_READ_LOCK(stcb->sctp_ep);
5495 for (sid = 0; sid < asoc->streamincnt; sid++) {
5496 sctp_flush_reassm_for_str_seq(stcb, asoc, sid, 0, 0, new_cum_tsn);
5498 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
5500 /*******************************************************/
5501 /* 3. Update the PR-stream re-ordering queues and fix */
5502 /* delivery issues as needed. */
5503 /*******************************************************/
5504 fwd_sz -= sizeof(*fwd);
5507 unsigned int num_str;
5508 uint32_t mid, cur_mid;
5510 uint16_t ordered, flags;
5511 struct sctp_strseq *stseq, strseqbuf;
5512 struct sctp_strseq_mid *stseq_m, strseqbuf_m;
5514 offset += sizeof(*fwd);
5516 SCTP_INP_READ_LOCK(stcb->sctp_ep);
5517 if (asoc->idata_supported) {
5518 num_str = fwd_sz / sizeof(struct sctp_strseq_mid);
5520 num_str = fwd_sz / sizeof(struct sctp_strseq);
5522 for (i = 0; i < num_str; i++) {
5523 if (asoc->idata_supported) {
5524 stseq_m = (struct sctp_strseq_mid *)sctp_m_getptr(m, offset,
5525 sizeof(struct sctp_strseq_mid),
5526 (uint8_t *)&strseqbuf_m);
5527 offset += sizeof(struct sctp_strseq_mid);
5528 if (stseq_m == NULL) {
5531 sid = ntohs(stseq_m->sid);
5532 mid = ntohl(stseq_m->mid);
5533 flags = ntohs(stseq_m->flags);
5534 if (flags & PR_SCTP_UNORDERED_FLAG) {
5540 stseq = (struct sctp_strseq *)sctp_m_getptr(m, offset,
5541 sizeof(struct sctp_strseq),
5542 (uint8_t *)&strseqbuf);
5543 offset += sizeof(struct sctp_strseq);
5544 if (stseq == NULL) {
5547 sid = ntohs(stseq->sid);
5548 mid = (uint32_t)ntohs(stseq->ssn);
5556 * Ok we now look for the stream/seq on the read
5557 * queue where its not all delivered. If we find it
5558 * we transmute the read entry into a PDI_ABORTED.
5560 if (sid >= asoc->streamincnt) {
5561 /* screwed up streams, stop! */
5564 if ((asoc->str_of_pdapi == sid) &&
5565 (asoc->ssn_of_pdapi == mid)) {
5567 * If this is the one we were partially
5568 * delivering now then we no longer are.
5569 * Note this will change with the reassembly
5572 asoc->fragmented_delivery_inprogress = 0;
5574 strm = &asoc->strmin[sid];
5575 for (cur_mid = strm->last_mid_delivered; SCTP_MID_GE(asoc->idata_supported, mid, cur_mid); cur_mid++) {
5576 sctp_flush_reassm_for_str_seq(stcb, asoc, sid, cur_mid, ordered, new_cum_tsn);
5578 TAILQ_FOREACH(ctl, &stcb->sctp_ep->read_queue, next) {
5579 if ((ctl->sinfo_stream == sid) &&
5580 (SCTP_MID_EQ(asoc->idata_supported, ctl->mid, mid))) {
5581 str_seq = (sid << 16) | (0x0000ffff & mid);
5582 ctl->pdapi_aborted = 1;
5583 sv = stcb->asoc.control_pdapi;
5585 if (ctl->on_strm_q == SCTP_ON_ORDERED) {
5586 TAILQ_REMOVE(&strm->inqueue, ctl, next_instrm);
5587 } else if (ctl->on_strm_q == SCTP_ON_UNORDERED) {
5588 TAILQ_REMOVE(&strm->uno_inqueue, ctl, next_instrm);
5590 } else if (ctl->on_strm_q) {
5591 panic("strm: %p ctl: %p unknown %d",
5592 strm, ctl, ctl->on_strm_q);
5596 stcb->asoc.control_pdapi = ctl;
5597 sctp_ulp_notify(SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION,
5599 SCTP_PARTIAL_DELIVERY_ABORTED,
5601 SCTP_SO_NOT_LOCKED);
5602 stcb->asoc.control_pdapi = sv;
5604 } else if ((ctl->sinfo_stream == sid) &&
5605 SCTP_MID_GT(asoc->idata_supported, ctl->mid, mid)) {
5606 /* We are past our victim SSN */
5610 if (SCTP_MID_GT(asoc->idata_supported, mid, strm->last_mid_delivered)) {
5611 /* Update the sequence number */
5612 strm->last_mid_delivered = mid;
5614 /* now kick the stream the new way */
5615 /* sa_ignore NO_NULL_CHK */
5616 sctp_kick_prsctp_reorder_queue(stcb, strm);
5618 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
5621 * Now slide thing forward.
5623 sctp_slide_mapping_arrays(stcb);