2 * Copyright (c) 2001-2006, Cisco Systems, Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
7 * a) Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
10 * b) Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the distribution.
14 * c) Neither the name of Cisco Systems, Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
20 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
28 * THE POSSIBILITY OF SUCH DAMAGE.
31 /* $KAME: sctp_input.c,v 1.27 2005/03/06 16:04:17 itojun Exp $ */
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include "opt_ipsec.h"
37 #include "opt_compat.h"
38 #include "opt_inet6.h"
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/malloc.h>
46 #include <sys/socket.h>
47 #include <sys/socketvar.h>
48 #include <sys/sysctl.h>
49 #include <sys/domain.h>
50 #include <sys/protosw.h>
51 #include <sys/kernel.h>
52 #include <sys/errno.h>
53 #include <sys/syslog.h>
55 #include <sys/limits.h>
56 #include <machine/cpu.h>
59 #include <net/route.h>
60 #include <net/if_types.h>
62 #include <netinet/in.h>
63 #include <netinet/in_systm.h>
64 #include <netinet/ip.h>
65 #include <netinet/in_pcb.h>
66 #include <netinet/in_var.h>
67 #include <netinet/ip_var.h>
70 #include <netinet/ip6.h>
71 #include <netinet6/ip6_var.h>
74 #include <netinet/ip_icmp.h>
75 #include <netinet/icmp_var.h>
77 #include <netinet/sctp_os.h>
78 #include <netinet/sctp_var.h>
79 #include <netinet/sctp_pcb.h>
80 #include <netinet/sctp_header.h>
81 #include <netinet/sctputil.h>
82 #include <netinet/sctp_output.h>
83 #include <netinet/sctp_input.h>
84 #include <netinet/sctp_auth.h>
85 #include <netinet/sctp_indata.h>
86 #include <netinet/sctp_asconf.h>
88 #include <netinet/ip_options.h>
92 #include <netinet6/ipsec.h>
93 #include <netkey/key.h>
98 extern uint32_t sctp_debug_on;
105 struct sctp_foo_stuff sctp_logoff[30000];
106 int sctp_logoff_stuff = 0;
110 sctp_stop_all_cookie_timers(struct sctp_tcb *stcb)
112 struct sctp_nets *net;
115 * This now not only stops all cookie timers it also stops any INIT
116 * timers as well. This will make sure that the timers are stopped
117 * in all collision cases.
119 SCTP_TCB_LOCK_ASSERT(stcb);
120 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
121 if (net->rxt_timer.type == SCTP_TIMER_TYPE_COOKIE) {
122 sctp_timer_stop(SCTP_TIMER_TYPE_COOKIE,
125 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_1);
126 } else if (net->rxt_timer.type == SCTP_TIMER_TYPE_INIT) {
127 sctp_timer_stop(SCTP_TIMER_TYPE_INIT,
130 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_2);
137 sctp_handle_init(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh,
138 struct sctp_init_chunk *cp, struct sctp_inpcb *inp, struct sctp_tcb *stcb,
139 struct sctp_nets *net)
141 struct sctp_init *init;
146 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
147 printf("sctp_handle_init: handling INIT tcb:%p\n", stcb);
152 /* First are we accepting? */
153 if ((inp->sctp_socket->so_qlimit == 0) && (stcb == NULL)) {
155 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
156 printf("sctp_handle_init: Abort, so_qlimit:%d\n", inp->sctp_socket->so_qlimit);
160 * FIX ME ?? What about TCP model and we have a
161 * match/restart case?
163 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
166 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_chunk)) {
168 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
169 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
172 /* validate parameters */
173 if (init->initiate_tag == 0) {
174 /* protocol error... send abort */
175 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
176 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
179 if (ntohl(init->a_rwnd) < SCTP_MIN_RWND) {
180 /* invalid parameter... send abort */
181 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
182 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
185 if (init->num_inbound_streams == 0) {
186 /* protocol error... send abort */
187 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
188 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
191 if (init->num_outbound_streams == 0) {
192 /* protocol error... send abort */
193 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
194 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
197 init_limit = offset + ntohs(cp->ch.chunk_length);
198 if (sctp_validate_init_auth_params(m, offset + sizeof(*cp),
200 /* auth parameter(s) error... send abort */
201 sctp_abort_association(inp, stcb, m, iphlen, sh, NULL);
204 /* send an INIT-ACK w/cookie */
206 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
207 printf("sctp_handle_init: sending INIT-ACK\n");
210 sctp_send_initiate_ack(inp, stcb, m, iphlen, offset, sh, cp);
214 * process peer "INIT/INIT-ACK" chunk returns value < 0 on error
217 sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb,
218 struct sctp_nets *net)
220 struct sctp_init *init;
221 struct sctp_association *asoc;
222 struct sctp_nets *lnet;
227 /* save off parameters */
228 asoc->peer_vtag = ntohl(init->initiate_tag);
229 asoc->peers_rwnd = ntohl(init->a_rwnd);
230 if (TAILQ_FIRST(&asoc->nets)) {
231 /* update any ssthresh's that may have a default */
232 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) {
233 lnet->ssthresh = asoc->peers_rwnd;
235 #if defined(SCTP_CWND_MONITOR) || defined(SCTP_CWND_LOGGING)
236 sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_INITIALIZATION);
241 SCTP_TCB_SEND_LOCK(stcb);
242 if (asoc->pre_open_streams > ntohs(init->num_inbound_streams)) {
244 struct sctp_stream_out *outs;
245 struct sctp_stream_queue_pending *sp;
247 /* cut back on number of streams */
248 newcnt = ntohs(init->num_inbound_streams);
249 /* This if is probably not needed but I am cautious */
251 /* First make sure no data chunks are trapped */
252 for (i = newcnt; i < asoc->pre_open_streams; i++) {
253 outs = &asoc->strmout[i];
254 sp = TAILQ_FIRST(&outs->outqueue);
256 TAILQ_REMOVE(&outs->outqueue, sp,
258 asoc->stream_queue_cnt--;
259 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL,
260 stcb, SCTP_NOTIFY_DATAGRAM_UNSENT,
263 sctp_m_freem(sp->data);
266 sctp_free_remote_addr(sp->net);
269 printf("sp:%p tcb:%p weird free case\n",
272 sctp_free_a_strmoq(stcb, sp);
273 sp = TAILQ_FIRST(&outs->outqueue);
277 /* cut back the count and abandon the upper streams */
278 asoc->pre_open_streams = newcnt;
280 SCTP_TCB_SEND_UNLOCK(stcb);
281 asoc->streamoutcnt = asoc->pre_open_streams;
283 asoc->highest_tsn_inside_map = asoc->asconf_seq_in = ntohl(init->initial_tsn) - 1;
284 #ifdef SCTP_MAP_LOGGING
285 sctp_log_map(0, 5, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
287 /* This is the next one we expect */
288 asoc->str_reset_seq_in = asoc->asconf_seq_in + 1;
290 asoc->mapping_array_base_tsn = ntohl(init->initial_tsn);
291 asoc->cumulative_tsn = asoc->asconf_seq_in;
292 asoc->last_echo_tsn = asoc->asconf_seq_in;
293 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
294 /* open the requested streams */
295 if (asoc->strmin != NULL) {
296 /* Free the old ones */
297 struct sctp_queued_to_read *ctl;
299 for (i = 0; i < asoc->streamincnt; i++) {
300 ctl = TAILQ_FIRST(&asoc->strmin[i].inqueue);
302 TAILQ_REMOVE(&asoc->strmin[i].inqueue, ctl, next);
303 sctp_free_remote_addr(ctl->whoFrom);
304 sctp_m_freem(ctl->data);
306 sctp_free_a_readq(stcb, ctl);
307 ctl = TAILQ_FIRST(&asoc->strmin[i].inqueue);
310 SCTP_FREE(asoc->strmin);
312 asoc->streamincnt = ntohs(init->num_outbound_streams);
313 if (asoc->streamincnt > MAX_SCTP_STREAMS) {
314 asoc->streamincnt = MAX_SCTP_STREAMS;
316 SCTP_MALLOC(asoc->strmin, struct sctp_stream_in *, asoc->streamincnt *
317 sizeof(struct sctp_stream_in), "StreamsIn");
318 if (asoc->strmin == NULL) {
319 /* we didn't get memory for the streams! */
321 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
322 printf("process_init: couldn't get memory for the streams!\n");
327 for (i = 0; i < asoc->streamincnt; i++) {
328 asoc->strmin[i].stream_no = i;
329 asoc->strmin[i].last_sequence_delivered = 0xffff;
331 * U-stream ranges will be set when the cookie is unpacked.
332 * Or for the INIT sender they are un set (if pr-sctp not
333 * supported) when the INIT-ACK arrives.
335 TAILQ_INIT(&asoc->strmin[i].inqueue);
337 * we are not on any wheel, pr-sctp streams will go on the
338 * wheel when they have data waiting for reorder.
340 asoc->strmin[i].next_spoke.tqe_next = 0;
341 asoc->strmin[i].next_spoke.tqe_prev = 0;
345 * load_address_from_init will put the addresses into the
346 * association when the COOKIE is processed or the INIT-ACK is
347 * processed. Both types of COOKIE's existing and new call this
348 * routine. It will remove addresses that are no longer in the
349 * association (for the restarting case where addresses are
350 * removed). Up front when the INIT arrives we will discard it if it
351 * is a restart and new addresses have been added.
357 * INIT-ACK message processing/consumption returns value < 0 on error
360 sctp_process_init_ack(struct mbuf *m, int iphlen, int offset,
361 struct sctphdr *sh, struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb,
362 struct sctp_nets *net)
364 struct sctp_association *asoc;
366 int retval, abort_flag;
367 uint32_t initack_limit;
369 /* First verify that we have no illegal param's */
373 op_err = sctp_arethere_unrecognized_parameters(m,
374 (offset + sizeof(struct sctp_init_chunk)),
375 &abort_flag, (struct sctp_chunkhdr *)cp);
377 /* Send an abort and notify peer */
378 if (op_err != NULL) {
379 sctp_send_operr_to(m, iphlen, op_err, cp->init.initiate_tag);
382 * Just notify (abort_assoc does this if we send an
385 sctp_abort_notification(stcb, 0);
387 * No sense in further INIT's since we will get the
390 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_3);
395 /* process the peer's parameters in the INIT-ACK */
396 retval = sctp_process_init((struct sctp_init_chunk *)cp, stcb, net);
400 initack_limit = offset + ntohs(cp->ch.chunk_length);
401 /* load all addresses */
402 if ((retval = sctp_load_addresses_from_init(stcb, m, iphlen,
403 (offset + sizeof(struct sctp_init_chunk)), initack_limit, sh,
405 /* Huh, we should abort */
407 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
408 printf("Load addresses from INIT causes an abort %d\n", retval);
411 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
415 stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs,
416 stcb->asoc.local_hmacs);
418 sctp_queue_op_err(stcb, op_err);
419 /* queuing will steal away the mbuf chain to the out queue */
422 /* extract the cookie and queue it to "echo" it back... */
423 stcb->asoc.overall_error_count = 0;
424 net->error_count = 0;
427 * Cancel the INIT timer, We do this first before queueing the
428 * cookie. We always cancel at the primary to assue that we are
429 * canceling the timer started by the INIT which always goes to the
432 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, stcb->sctp_ep, stcb,
433 asoc->primary_destination, SCTP_FROM_SCTP_INPUT + SCTP_LOC_4);
435 /* calculate the RTO */
436 net->RTO = sctp_calculate_rto(stcb, asoc, net, &asoc->time_entered);
438 retval = sctp_send_cookie_echo(m, offset, stcb, net);
441 * No cookie, we probably should send a op error. But in any
442 * case if there is no cookie in the INIT-ACK, we can
443 * abandon the peer, its broke.
446 /* We abort with an error of missing mandatory param */
450 sctp_generate_invmanparam(SCTP_CAUSE_MISSING_PARAM);
453 * Expand beyond to include the mandatory
456 struct sctp_inv_mandatory_param *mp;
459 sizeof(struct sctp_inv_mandatory_param);
461 struct sctp_inv_mandatory_param *);
462 /* Subtract the reserved param */
464 htons(sizeof(struct sctp_inv_mandatory_param) - 2);
465 mp->num_param = htonl(1);
466 mp->param = htons(SCTP_STATE_COOKIE);
469 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,
478 sctp_handle_heartbeat_ack(struct sctp_heartbeat_chunk *cp,
479 struct sctp_tcb *stcb, struct sctp_nets *net)
481 struct sockaddr_storage store;
482 struct sockaddr_in *sin;
483 struct sockaddr_in6 *sin6;
484 struct sctp_nets *r_net;
487 if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_heartbeat_chunk)) {
491 sin = (struct sockaddr_in *)&store;
492 sin6 = (struct sockaddr_in6 *)&store;
494 memset(&store, 0, sizeof(store));
495 if (cp->heartbeat.hb_info.addr_family == AF_INET &&
496 cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in)) {
497 sin->sin_family = cp->heartbeat.hb_info.addr_family;
498 sin->sin_len = cp->heartbeat.hb_info.addr_len;
499 sin->sin_port = stcb->rport;
500 memcpy(&sin->sin_addr, cp->heartbeat.hb_info.address,
501 sizeof(sin->sin_addr));
502 } else if (cp->heartbeat.hb_info.addr_family == AF_INET6 &&
503 cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in6)) {
504 sin6->sin6_family = cp->heartbeat.hb_info.addr_family;
505 sin6->sin6_len = cp->heartbeat.hb_info.addr_len;
506 sin6->sin6_port = stcb->rport;
507 memcpy(&sin6->sin6_addr, cp->heartbeat.hb_info.address,
508 sizeof(sin6->sin6_addr));
512 r_net = sctp_findnet(stcb, (struct sockaddr *)sin);
515 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
516 printf("Huh? I can't find the address I sent it to, discard\n");
521 if ((r_net && (r_net->dest_state & SCTP_ADDR_UNCONFIRMED)) &&
522 (r_net->heartbeat_random1 == cp->heartbeat.hb_info.random_value1) &&
523 (r_net->heartbeat_random2 == cp->heartbeat.hb_info.random_value2)) {
525 * If the its a HB and it's random value is correct when can
526 * confirm the destination.
528 r_net->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
529 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED,
530 stcb, 0, (void *)r_net);
532 r_net->error_count = 0;
533 r_net->hb_responded = 1;
534 tv.tv_sec = cp->heartbeat.hb_info.time_value_1;
535 tv.tv_usec = cp->heartbeat.hb_info.time_value_2;
536 if (r_net->dest_state & SCTP_ADDR_NOT_REACHABLE) {
537 r_net->dest_state &= ~SCTP_ADDR_NOT_REACHABLE;
538 r_net->dest_state |= SCTP_ADDR_REACHABLE;
539 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb,
540 SCTP_HEARTBEAT_SUCCESS, (void *)r_net);
541 /* now was it the primary? if so restore */
542 if (r_net->dest_state & SCTP_ADDR_WAS_PRIMARY) {
543 sctp_set_primary_addr(stcb, (struct sockaddr *)NULL, r_net);
546 /* Now lets do a RTO with this */
547 r_net->RTO = sctp_calculate_rto(stcb, &stcb->asoc, r_net, &tv);
551 sctp_handle_abort(struct sctp_abort_chunk *cp,
552 struct sctp_tcb *stcb, struct sctp_nets *net)
556 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
557 printf("sctp_handle_abort: handling ABORT\n");
562 /* verify that the destination addr is in the association */
563 /* ignore abort for addresses being deleted */
565 /* stop any receive timers */
566 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_5);
567 /* notify user of the abort and clean up... */
568 sctp_abort_notification(stcb, 0);
570 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
571 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) ||
572 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
573 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
575 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_6);
577 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
578 printf("sctp_handle_abort: finished\n");
584 sctp_handle_shutdown(struct sctp_shutdown_chunk *cp,
585 struct sctp_tcb *stcb, struct sctp_nets *net, int *abort_flag)
587 struct sctp_association *asoc;
588 int some_on_streamwheel;
591 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
592 printf("sctp_handle_shutdown: handling SHUTDOWN\n");
598 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) ||
599 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) {
602 if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_shutdown_chunk)) {
603 /* Shutdown NOT the expected size */
606 sctp_update_acked(stcb, cp, net, abort_flag);
608 if (asoc->control_pdapi) {
610 * With a normal shutdown we assume the end of last record.
612 SCTP_INP_READ_LOCK(stcb->sctp_ep);
613 asoc->control_pdapi->end_added = 1;
614 asoc->control_pdapi->pdapi_aborted = 1;
615 if (asoc->control_pdapi->tail_mbuf) {
616 asoc->control_pdapi->tail_mbuf->m_flags |= M_EOR;
618 asoc->control_pdapi = NULL;
619 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
620 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket);
622 /* goto SHUTDOWN_RECEIVED state to block new requests */
623 if (stcb->sctp_socket) {
624 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
625 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT)) {
626 asoc->state = SCTP_STATE_SHUTDOWN_RECEIVED;
628 * notify upper layer that peer has initiated a
631 sctp_ulp_notify(SCTP_NOTIFY_PEER_SHUTDOWN, stcb, 0, NULL);
634 SCTP_GETTIME_TIMEVAL(&asoc->time_entered);
637 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) {
639 * stop the shutdown timer, since we WILL move to
642 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_7);
644 /* Now are we there yet? */
645 some_on_streamwheel = 0;
646 if (!TAILQ_EMPTY(&asoc->out_wheel)) {
647 /* Check to see if some data queued */
648 struct sctp_stream_out *outs;
650 TAILQ_FOREACH(outs, &asoc->out_wheel, next_spoke) {
651 if (!TAILQ_EMPTY(&outs->outqueue)) {
652 some_on_streamwheel = 1;
657 if (!TAILQ_EMPTY(&asoc->send_queue) ||
658 !TAILQ_EMPTY(&asoc->sent_queue) ||
659 some_on_streamwheel) {
660 /* By returning we will push more data out */
663 /* no outstanding data to send, so move on... */
664 /* send SHUTDOWN-ACK */
665 sctp_send_shutdown_ack(stcb, stcb->asoc.primary_destination);
666 /* move to SHUTDOWN-ACK-SENT state */
667 if (asoc->state == SCTP_STATE_SHUTDOWN_RECEIVED) {
668 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
670 asoc->state = SCTP_STATE_SHUTDOWN_ACK_SENT;
672 /* start SHUTDOWN timer */
673 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK, stcb->sctp_ep,
679 sctp_handle_shutdown_ack(struct sctp_shutdown_ack_chunk *cp,
680 struct sctp_tcb *stcb, struct sctp_nets *net)
682 struct sctp_association *asoc;
685 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
686 printf("sctp_handle_shutdown_ack: handling SHUTDOWN ACK\n");
693 /* process according to association state */
694 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
695 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
696 /* unexpected SHUTDOWN-ACK... so ignore... */
697 SCTP_TCB_UNLOCK(stcb);
700 if (asoc->control_pdapi) {
702 * With a normal shutdown we assume the end of last record.
704 SCTP_INP_READ_LOCK(stcb->sctp_ep);
705 asoc->control_pdapi->end_added = 1;
706 asoc->control_pdapi->pdapi_aborted = 1;
707 if (asoc->control_pdapi->tail_mbuf) {
708 asoc->control_pdapi->tail_mbuf->m_flags |= M_EOR;
710 asoc->control_pdapi = NULL;
711 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
712 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket);
714 /* are the queues empty? */
715 if (!TAILQ_EMPTY(&asoc->send_queue) ||
716 !TAILQ_EMPTY(&asoc->sent_queue) ||
717 !TAILQ_EMPTY(&asoc->out_wheel)) {
718 sctp_report_all_outbound(stcb, 0);
721 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_8);
722 /* send SHUTDOWN-COMPLETE */
723 sctp_send_shutdown_complete(stcb, net);
724 /* notify upper layer protocol */
725 if (stcb->sctp_socket) {
726 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL);
727 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
728 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
729 /* Set the connected flag to disconnected */
730 stcb->sctp_ep->sctp_socket->so_snd.sb_cc = 0;
733 SCTP_STAT_INCR_COUNTER32(sctps_shutdown);
734 /* free the TCB but first save off the ep */
735 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC,
736 SCTP_FROM_SCTP_INPUT + SCTP_LOC_9);
740 * Skip past the param header and then we will find the chunk that caused the
741 * problem. There are two possiblities ASCONF or FWD-TSN other than that and
742 * our peer must be broken.
745 sctp_process_unrecog_chunk(struct sctp_tcb *stcb, struct sctp_paramhdr *phdr,
746 struct sctp_nets *net)
748 struct sctp_chunkhdr *chk;
750 chk = (struct sctp_chunkhdr *)((caddr_t)phdr + sizeof(*phdr));
751 switch (chk->chunk_type) {
752 case SCTP_ASCONF_ACK:
754 sctp_asconf_cleanup(stcb, net);
756 case SCTP_FORWARD_CUM_TSN:
757 stcb->asoc.peer_supports_prsctp = 0;
761 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
762 printf("Peer does not support chunk type %d(%x)??\n",
763 chk->chunk_type, (uint32_t) chk->chunk_type);
771 * Skip past the param header and then we will find the param that caused the
772 * problem. There are a number of param's in a ASCONF OR the prsctp param
773 * these will turn of specific features.
776 sctp_process_unrecog_param(struct sctp_tcb *stcb, struct sctp_paramhdr *phdr)
778 struct sctp_paramhdr *pbad;
781 switch (ntohs(pbad->param_type)) {
783 case SCTP_PRSCTP_SUPPORTED:
784 stcb->asoc.peer_supports_prsctp = 0;
786 case SCTP_SUPPORTED_CHUNK_EXT:
788 /* draft-ietf-tsvwg-addip-sctp */
789 case SCTP_ECN_NONCE_SUPPORTED:
790 stcb->asoc.peer_supports_ecn_nonce = 0;
791 stcb->asoc.ecn_nonce_allowed = 0;
792 stcb->asoc.ecn_allowed = 0;
794 case SCTP_ADD_IP_ADDRESS:
795 case SCTP_DEL_IP_ADDRESS:
796 case SCTP_SET_PRIM_ADDR:
797 stcb->asoc.peer_supports_asconf = 0;
799 case SCTP_SUCCESS_REPORT:
800 case SCTP_ERROR_CAUSE_IND:
802 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
803 printf("Huh, the peer does not support success? or error cause?\n");
804 printf("Turning off ASCONF to this strange peer\n");
807 stcb->asoc.peer_supports_asconf = 0;
811 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
812 printf("Peer does not support param type %d(%x)??\n",
813 pbad->param_type, (uint32_t) pbad->param_type);
821 sctp_handle_error(struct sctp_chunkhdr *ch,
822 struct sctp_tcb *stcb, struct sctp_nets *net)
825 struct sctp_paramhdr *phdr;
828 struct sctp_association *asoc;
832 /* parse through all of the errors and process */
834 phdr = (struct sctp_paramhdr *)((caddr_t)ch +
835 sizeof(struct sctp_chunkhdr));
836 chklen = ntohs(ch->chunk_length) - sizeof(struct sctp_chunkhdr);
837 while ((size_t)chklen >= sizeof(struct sctp_paramhdr)) {
838 /* Process an Error Cause */
839 error_type = ntohs(phdr->param_type);
840 error_len = ntohs(phdr->param_length);
841 if ((error_len > chklen) || (error_len == 0)) {
842 /* invalid param length for this param */
844 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
845 printf("Bogus length in error param- chunk left:%d errorlen:%d\n",
848 #endif /* SCTP_DEBUG */
851 switch (error_type) {
852 case SCTP_CAUSE_INVALID_STREAM:
853 case SCTP_CAUSE_MISSING_PARAM:
854 case SCTP_CAUSE_INVALID_PARAM:
855 case SCTP_CAUSE_NO_USER_DATA:
857 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
858 printf("Software error we got a %d back? We have a bug :/ (or do they?)\n",
863 case SCTP_CAUSE_STALE_COOKIE:
865 * We only act if we have echoed a cookie and are
868 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED) {
871 p = (int *)((caddr_t)phdr + sizeof(*phdr));
872 /* Save the time doubled */
873 asoc->cookie_preserve_req = ntohl(*p) << 1;
874 asoc->stale_cookie_count++;
875 if (asoc->stale_cookie_count >
876 asoc->max_init_times) {
877 sctp_abort_notification(stcb, 0);
878 /* now free the asoc */
879 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_10);
882 /* blast back to INIT state */
883 asoc->state &= ~SCTP_STATE_COOKIE_ECHOED;
884 asoc->state |= SCTP_STATE_COOKIE_WAIT;
886 sctp_stop_all_cookie_timers(stcb);
887 sctp_send_initiate(stcb->sctp_ep, stcb);
890 case SCTP_CAUSE_UNRESOLVABLE_ADDR:
892 * Nothing we can do here, we don't do hostname
893 * addresses so if the peer does not like my IPv6
894 * (or IPv4 for that matter) it does not matter. If
895 * they don't support that type of address, they can
896 * NOT possibly get that packet type... i.e. with no
897 * IPv6 you can't recieve a IPv6 packet. so we can
898 * safely ignore this one. If we ever added support
899 * for HOSTNAME Addresses, then we would need to do
903 case SCTP_CAUSE_UNRECOG_CHUNK:
904 sctp_process_unrecog_chunk(stcb, phdr, net);
906 case SCTP_CAUSE_UNRECOG_PARAM:
907 sctp_process_unrecog_param(stcb, phdr);
909 case SCTP_CAUSE_COOKIE_IN_SHUTDOWN:
911 * We ignore this since the timer will drive out a
912 * new cookie anyway and there timer will drive us
913 * to send a SHUTDOWN_COMPLETE. We can't send one
914 * here since we don't have their tag.
917 case SCTP_CAUSE_DELETING_LAST_ADDR:
918 case SCTP_CAUSE_RESOURCE_SHORTAGE:
919 case SCTP_CAUSE_DELETING_SRC_ADDR:
921 * We should NOT get these here, but in a
925 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
926 printf("Peer sends ASCONF errors in a Operational Error?<%d>?\n",
931 case SCTP_CAUSE_OUT_OF_RESC:
933 * And what, pray tell do we do with the fact that
934 * the peer is out of resources? Not really sure we
935 * could do anything but abort. I suspect this n *
936 * should have came WITH an abort instead of in a
942 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
943 /* don't know what this error cause is... */
944 printf("sctp_handle_error: unknown error type = 0x%xh\n",
947 #endif /* SCTP_DEBUG */
950 adjust = SCTP_SIZE32(error_len);
952 phdr = (struct sctp_paramhdr *)((caddr_t)phdr + adjust);
958 sctp_handle_init_ack(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh,
959 struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb,
960 struct sctp_nets *net)
962 struct sctp_init_ack *init_ack;
967 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
968 printf("sctp_handle_init_ack: handling INIT-ACK\n");
973 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
974 printf("sctp_handle_init_ack: TCB is null\n");
979 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_ack_chunk)) {
981 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
982 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
986 init_ack = &cp->init;
987 /* validate parameters */
988 if (init_ack->initiate_tag == 0) {
989 /* protocol error... send an abort */
990 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
991 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
995 if (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) {
996 /* protocol error... send an abort */
997 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
998 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1002 if (init_ack->num_inbound_streams == 0) {
1003 /* protocol error... send an abort */
1004 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
1005 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1009 if (init_ack->num_outbound_streams == 0) {
1010 /* protocol error... send an abort */
1011 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
1012 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1016 /* process according to association state... */
1017 state = &stcb->asoc.state;
1018 switch (*state & SCTP_STATE_MASK) {
1019 case SCTP_STATE_COOKIE_WAIT:
1020 /* this is the expected state for this chunk */
1021 /* process the INIT-ACK parameters */
1022 if (stcb->asoc.primary_destination->dest_state &
1023 SCTP_ADDR_UNCONFIRMED) {
1025 * The primary is where we sent the INIT, we can
1026 * always consider it confirmed when the INIT-ACK is
1027 * returned. Do this before we load addresses
1030 stcb->asoc.primary_destination->dest_state &=
1031 ~SCTP_ADDR_UNCONFIRMED;
1032 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED,
1033 stcb, 0, (void *)stcb->asoc.primary_destination);
1035 if (sctp_process_init_ack(m, iphlen, offset, sh, cp, stcb, net
1037 /* error in parsing parameters */
1040 /* update our state */
1042 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
1043 printf("moving to COOKIE-ECHOED state\n");
1046 if (*state & SCTP_STATE_SHUTDOWN_PENDING) {
1047 *state = SCTP_STATE_COOKIE_ECHOED |
1048 SCTP_STATE_SHUTDOWN_PENDING;
1050 *state = SCTP_STATE_COOKIE_ECHOED;
1053 /* reset the RTO calc */
1054 stcb->asoc.overall_error_count = 0;
1055 SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered);
1057 * collapse the init timer back in case of a exponential
1060 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, stcb->sctp_ep,
1063 * the send at the end of the inbound data processing will
1064 * cause the cookie to be sent
1067 case SCTP_STATE_SHUTDOWN_SENT:
1068 /* incorrect state... discard */
1070 case SCTP_STATE_COOKIE_ECHOED:
1071 /* incorrect state... discard */
1073 case SCTP_STATE_OPEN:
1074 /* incorrect state... discard */
1076 case SCTP_STATE_EMPTY:
1077 case SCTP_STATE_INUSE:
1079 /* incorrect state... discard */
1082 } /* end switch asoc state */
1084 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1085 printf("Leaving handle-init-ack end\n");
1093 * handle a state cookie for an existing association m: input packet mbuf
1094 * chain-- assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a
1095 * "split" mbuf and the cookie signature does not exist offset: offset into
1096 * mbuf to the cookie-echo chunk
1098 static struct sctp_tcb *
1099 sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset,
1100 struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len,
1101 struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets *net,
1102 struct sockaddr *init_src, int *notification, sctp_assoc_t * sac_assoc_id)
1104 struct sctp_association *asoc;
1105 struct sctp_init_chunk *init_cp, init_buf;
1106 struct sctp_init_ack_chunk *initack_cp, initack_buf;
1108 int init_offset, initack_offset, i;
1112 /* I know that the TCB is non-NULL from the caller */
1115 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) {
1116 /* SHUTDOWN came in after sending INIT-ACK */
1117 struct mbuf *op_err;
1118 struct sctp_paramhdr *ph;
1120 sctp_send_shutdown_ack(stcb, stcb->asoc.primary_destination);
1121 op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
1122 1, M_DONTWAIT, 1, MT_DATA);
1123 if (op_err == NULL) {
1127 /* pre-reserve some space */
1128 op_err->m_data += sizeof(struct ip6_hdr);
1129 op_err->m_data += sizeof(struct sctphdr);
1130 op_err->m_data += sizeof(struct sctp_chunkhdr);
1132 op_err->m_len = op_err->m_pkthdr.len = sizeof(struct sctp_paramhdr);
1133 ph = mtod(op_err, struct sctp_paramhdr *);
1134 ph->param_type = htons(SCTP_CAUSE_COOKIE_IN_SHUTDOWN);
1135 ph->param_length = htons(sizeof(struct sctp_paramhdr));
1136 sctp_send_operr_to(m, iphlen, op_err, cookie->peers_vtag);
1140 * find and validate the INIT chunk in the cookie (peer's info) the
1141 * INIT should start after the cookie-echo header struct (chunk
1142 * header, state cookie header struct)
1144 init_offset = offset += sizeof(struct sctp_cookie_echo_chunk);
1146 init_cp = (struct sctp_init_chunk *)
1147 sctp_m_getptr(m, init_offset, sizeof(struct sctp_init_chunk),
1148 (uint8_t *) & init_buf);
1149 if (init_cp == NULL) {
1150 /* could not pull a INIT chunk in cookie */
1153 chk_length = ntohs(init_cp->ch.chunk_length);
1154 if (init_cp->ch.chunk_type != SCTP_INITIATION) {
1158 * find and validate the INIT-ACK chunk in the cookie (my info) the
1159 * INIT-ACK follows the INIT chunk
1161 initack_offset = init_offset + SCTP_SIZE32(chk_length);
1162 initack_cp = (struct sctp_init_ack_chunk *)
1163 sctp_m_getptr(m, initack_offset, sizeof(struct sctp_init_ack_chunk),
1164 (uint8_t *) & initack_buf);
1165 if (initack_cp == NULL) {
1166 /* could not pull INIT-ACK chunk in cookie */
1169 chk_length = ntohs(initack_cp->ch.chunk_length);
1170 if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) {
1173 if ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) &&
1174 (ntohl(init_cp->init.initiate_tag) == asoc->peer_vtag)) {
1176 * case D in Section 5.2.4 Table 2: MMAA process accordingly
1177 * to get into the OPEN state
1179 switch SCTP_GET_STATE
1181 case SCTP_STATE_COOKIE_WAIT:
1183 * INIT was sent, but got got a COOKIE_ECHO with the
1184 * correct tags... just accept it...
1186 /* First we must process the INIT !! */
1187 retval = sctp_process_init(init_cp, stcb, net);
1191 /* intentional fall through to below... */
1193 case SCTP_STATE_COOKIE_ECHOED:
1194 /* Duplicate INIT case */
1195 /* we have already processed the INIT so no problem */
1196 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb,
1197 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_11);
1198 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_12);
1199 /* update current state */
1200 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1201 asoc->state = SCTP_STATE_OPEN |
1202 SCTP_STATE_SHUTDOWN_PENDING;
1203 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1204 stcb->sctp_ep, stcb, asoc->primary_destination);
1206 } else if ((asoc->state & SCTP_STATE_SHUTDOWN_SENT) == 0) {
1207 /* if ok, move to OPEN state */
1208 asoc->state = SCTP_STATE_OPEN;
1210 sctp_stop_all_cookie_timers(stcb);
1211 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1212 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
1213 (inp->sctp_socket->so_qlimit == 0)
1216 * Here is where collision would go if we
1217 * did a connect() and instead got a
1218 * init/init-ack/cookie done before the
1219 * init-ack came back..
1221 stcb->sctp_ep->sctp_flags |=
1222 SCTP_PCB_FLAGS_CONNECTED;
1223 soisconnected(stcb->sctp_ep->sctp_socket);
1225 /* notify upper layer */
1226 *notification = SCTP_NOTIFY_ASSOC_UP;
1228 * since we did not send a HB make sure we don't
1231 net->hb_responded = 1;
1233 if (stcb->asoc.sctp_autoclose_ticks &&
1234 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE))) {
1235 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE,
1241 * we're in the OPEN state (or beyond), so peer must
1242 * have simply lost the COOKIE-ACK
1246 sctp_stop_all_cookie_timers(stcb);
1248 * We ignore the return code here.. not sure if we should
1249 * somehow abort.. but we do have an existing asoc. This
1250 * really should not fail.
1252 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1253 init_offset + sizeof(struct sctp_init_chunk),
1254 initack_offset, sh, init_src)) {
1257 /* respond with a COOKIE-ACK */
1258 sctp_toss_old_cookies(stcb, asoc);
1259 sctp_send_cookie_ack(stcb);
1262 if (ntohl(initack_cp->init.initiate_tag) != asoc->my_vtag &&
1263 ntohl(init_cp->init.initiate_tag) == asoc->peer_vtag &&
1264 cookie->tie_tag_my_vtag == 0 &&
1265 cookie->tie_tag_peer_vtag == 0) {
1267 * case C in Section 5.2.4 Table 2: XMOO silently discard
1271 if (ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag &&
1272 (ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag ||
1273 init_cp->init.initiate_tag == 0)) {
1275 * case B in Section 5.2.4 Table 2: MXAA or MOAA my info
1276 * should be ok, re-accept peer info
1278 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_13);
1279 sctp_stop_all_cookie_timers(stcb);
1281 * since we did not send a HB make sure we don't double
1284 net->hb_responded = 1;
1285 if (stcb->asoc.sctp_autoclose_ticks &&
1286 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1287 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb,
1290 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1291 asoc->pre_open_streams = ntohs(initack_cp->init.num_outbound_streams);
1293 /* Note last_cwr_tsn? where is this used? */
1294 asoc->last_cwr_tsn = asoc->init_seq_number - 1;
1295 if (ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) {
1297 * Ok the peer probably discarded our data (if we
1298 * echoed a cookie+data). So anything on the
1299 * sent_queue should be marked for retransmit, we
1300 * may not get something to kick us so it COULD
1301 * still take a timeout to move these.. but it can't
1302 * hurt to mark them.
1304 struct sctp_tmit_chunk *chk;
1306 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) {
1307 if (chk->sent < SCTP_DATAGRAM_RESEND) {
1308 chk->sent = SCTP_DATAGRAM_RESEND;
1309 stcb->asoc.sent_queue_retran_cnt++;
1315 /* process the INIT info (peer's info) */
1316 retval = sctp_process_init(init_cp, stcb, net);
1320 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1321 init_offset + sizeof(struct sctp_init_chunk),
1322 initack_offset, sh, init_src)) {
1325 if ((asoc->state & SCTP_STATE_COOKIE_WAIT) ||
1326 (asoc->state & SCTP_STATE_COOKIE_ECHOED)) {
1327 *notification = SCTP_NOTIFY_ASSOC_UP;
1329 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1330 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
1331 (inp->sctp_socket->so_qlimit == 0)) {
1332 stcb->sctp_ep->sctp_flags |=
1333 SCTP_PCB_FLAGS_CONNECTED;
1334 soisconnected(stcb->sctp_ep->sctp_socket);
1337 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1338 asoc->state = SCTP_STATE_OPEN |
1339 SCTP_STATE_SHUTDOWN_PENDING;
1340 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1341 stcb->sctp_ep, stcb, asoc->primary_destination);
1344 asoc->state = SCTP_STATE_OPEN;
1346 sctp_stop_all_cookie_timers(stcb);
1347 sctp_toss_old_cookies(stcb, asoc);
1348 sctp_send_cookie_ack(stcb);
1351 * only if we have retrans set do we do this. What
1352 * this call does is get only the COOKIE-ACK out and
1353 * then when we return the normal call to
1354 * sctp_chunk_output will get the retrans out behind
1357 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_COOKIE_ACK);
1361 if ((ntohl(initack_cp->init.initiate_tag) != asoc->my_vtag &&
1362 ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) &&
1363 cookie->tie_tag_my_vtag == asoc->my_vtag_nonce &&
1364 cookie->tie_tag_peer_vtag == asoc->peer_vtag_nonce &&
1365 cookie->tie_tag_peer_vtag != 0) {
1366 struct sctpasochead *head;
1369 * case A in Section 5.2.4 Table 2: XXMM (peer restarted)
1372 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_14);
1373 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_15);
1374 *sac_assoc_id = sctp_get_associd(stcb);
1375 /* notify upper layer */
1376 *notification = SCTP_NOTIFY_ASSOC_RESTART;
1377 atomic_add_int(&stcb->asoc.refcnt, 1);
1378 SCTP_TCB_UNLOCK(stcb);
1379 SCTP_INP_INFO_WLOCK();
1380 SCTP_INP_WLOCK(stcb->sctp_ep);
1381 SCTP_TCB_LOCK(stcb);
1382 atomic_add_int(&stcb->asoc.refcnt, -1);
1383 /* send up all the data */
1384 SCTP_TCB_SEND_LOCK(stcb);
1386 sctp_report_all_outbound(stcb, 1);
1387 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
1388 stcb->asoc.strmout[i].stream_no = i;
1389 stcb->asoc.strmout[i].next_sequence_sent = 0;
1390 stcb->asoc.strmout[i].last_msg_incomplete = 0;
1392 /* process the INIT-ACK info (my info) */
1393 asoc->my_vtag = ntohl(initack_cp->init.initiate_tag);
1394 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1396 /* pull from vtag hash */
1397 LIST_REMOVE(stcb, sctp_asocs);
1398 /* re-insert to new vtag position */
1399 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag,
1400 sctppcbinfo.hashasocmark)];
1402 * put it in the bucket in the vtag hash of assoc's for the
1405 LIST_INSERT_HEAD(head, stcb, sctp_asocs);
1407 /* Is this the first restart? */
1408 if (stcb->asoc.in_restart_hash == 0) {
1409 /* Ok add it to assoc_id vtag hash */
1410 head = &sctppcbinfo.sctp_restarthash[SCTP_PCBHASH_ASOC(stcb->asoc.assoc_id,
1411 sctppcbinfo.hashrestartmark)];
1412 LIST_INSERT_HEAD(head, stcb, sctp_tcbrestarhash);
1413 stcb->asoc.in_restart_hash = 1;
1415 asoc->pre_open_streams =
1416 ntohs(initack_cp->init.num_outbound_streams);
1417 asoc->init_seq_number = ntohl(initack_cp->init.initial_tsn);
1418 asoc->sending_seq = asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number;
1420 asoc->last_cwr_tsn = asoc->init_seq_number - 1;
1421 asoc->asconf_seq_in = asoc->last_acked_seq = asoc->init_seq_number - 1;
1423 asoc->str_reset_seq_in = asoc->init_seq_number;
1425 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
1426 if (asoc->mapping_array)
1427 memset(asoc->mapping_array, 0,
1428 asoc->mapping_array_size);
1429 /* process the INIT info (peer's info) */
1430 SCTP_TCB_SEND_UNLOCK(stcb);
1431 SCTP_INP_WUNLOCK(stcb->sctp_ep);
1432 SCTP_INP_INFO_WUNLOCK();
1434 retval = sctp_process_init(init_cp, stcb, net);
1439 * since we did not send a HB make sure we don't double
1442 net->hb_responded = 1;
1444 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1445 init_offset + sizeof(struct sctp_init_chunk),
1446 initack_offset, sh, init_src)) {
1449 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1450 asoc->state = SCTP_STATE_OPEN |
1451 SCTP_STATE_SHUTDOWN_PENDING;
1452 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1453 stcb->sctp_ep, stcb, asoc->primary_destination);
1455 } else if (!(asoc->state & SCTP_STATE_SHUTDOWN_SENT)) {
1456 /* move to OPEN state, if not in SHUTDOWN_SENT */
1457 asoc->state = SCTP_STATE_OPEN;
1459 /* respond with a COOKIE-ACK */
1460 sctp_stop_all_cookie_timers(stcb);
1461 sctp_toss_old_cookies(stcb, asoc);
1462 sctp_send_cookie_ack(stcb);
1466 /* if we are not a restart we need the assoc_id field pop'd */
1467 asoc->assoc_id = ntohl(initack_cp->init.initiate_tag);
1469 /* all other cases... */
1474 * handle a state cookie for a new association m: input packet mbuf chain--
1475 * assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a "split" mbuf
1476 * and the cookie signature does not exist offset: offset into mbuf to the
1477 * cookie-echo chunk length: length of the cookie chunk to: where the init
1478 * was from returns a new TCB
1480 static struct sctp_tcb *
1481 sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
1482 struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len,
1483 struct sctp_inpcb *inp, struct sctp_nets **netp,
1484 struct sockaddr *init_src, int *notification,
1485 int auth_skipped, uint32_t auth_offset, uint32_t auth_len)
1487 struct sctp_tcb *stcb;
1488 struct sctp_init_chunk *init_cp, init_buf;
1489 struct sctp_init_ack_chunk *initack_cp, initack_buf;
1490 struct sockaddr_storage sa_store;
1491 struct sockaddr *initack_src = (struct sockaddr *)&sa_store;
1492 struct sockaddr_in *sin;
1493 struct sockaddr_in6 *sin6;
1494 struct sctp_association *asoc;
1496 int init_offset, initack_offset, initack_limit;
1500 uint8_t chunk_buf[DEFAULT_CHUNK_BUFFER];
1503 * find and validate the INIT chunk in the cookie (peer's info) the
1504 * INIT should start after the cookie-echo header struct (chunk
1505 * header, state cookie header struct)
1507 init_offset = offset + sizeof(struct sctp_cookie_echo_chunk);
1508 init_cp = (struct sctp_init_chunk *)
1509 sctp_m_getptr(m, init_offset, sizeof(struct sctp_init_chunk),
1510 (uint8_t *) & init_buf);
1511 if (init_cp == NULL) {
1512 /* could not pull a INIT chunk in cookie */
1514 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1515 printf("process_cookie_new: could not pull INIT chunk hdr\n");
1517 #endif /* SCTP_DEBUG */
1520 chk_length = ntohs(init_cp->ch.chunk_length);
1521 if (init_cp->ch.chunk_type != SCTP_INITIATION) {
1523 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1524 printf("HUH? process_cookie_new: could not find INIT chunk!\n");
1526 #endif /* SCTP_DEBUG */
1529 initack_offset = init_offset + SCTP_SIZE32(chk_length);
1531 * find and validate the INIT-ACK chunk in the cookie (my info) the
1532 * INIT-ACK follows the INIT chunk
1534 initack_cp = (struct sctp_init_ack_chunk *)
1535 sctp_m_getptr(m, initack_offset, sizeof(struct sctp_init_ack_chunk),
1536 (uint8_t *) & initack_buf);
1537 if (initack_cp == NULL) {
1538 /* could not pull INIT-ACK chunk in cookie */
1540 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1541 printf("process_cookie_new: could not pull INIT-ACK chunk hdr\n");
1543 #endif /* SCTP_DEBUG */
1546 chk_length = ntohs(initack_cp->ch.chunk_length);
1547 if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) {
1551 * NOTE: We can't use the INIT_ACK's chk_length to determine the
1552 * "initack_limit" value. This is because the chk_length field
1553 * includes the length of the cookie, but the cookie is omitted when
1554 * the INIT and INIT_ACK are tacked onto the cookie...
1556 initack_limit = offset + cookie_len;
1559 * now that we know the INIT/INIT-ACK are in place, create a new TCB
1562 stcb = sctp_aloc_assoc(inp, init_src, 0, &error,
1563 ntohl(initack_cp->init.initiate_tag));
1565 struct mbuf *op_err;
1567 /* memory problem? */
1569 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1570 printf("process_cookie_new: no room for another TCB!\n");
1572 #endif /* SCTP_DEBUG */
1573 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
1574 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
1578 /* get the correct sctp_nets */
1579 *netp = sctp_findnet(stcb, init_src);
1581 /* get scope variables out of cookie */
1582 asoc->ipv4_local_scope = cookie->ipv4_scope;
1583 asoc->site_scope = cookie->site_scope;
1584 asoc->local_scope = cookie->local_scope;
1585 asoc->loopback_scope = cookie->loopback_scope;
1587 if ((asoc->ipv4_addr_legal != cookie->ipv4_addr_legal) ||
1588 (asoc->ipv6_addr_legal != cookie->ipv6_addr_legal)) {
1589 struct mbuf *op_err;
1592 * Houston we have a problem. The EP changed while the
1593 * cookie was in flight. Only recourse is to abort the
1596 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
1597 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
1601 /* process the INIT-ACK info (my info) */
1602 old_tag = asoc->my_vtag;
1603 asoc->assoc_id = asoc->my_vtag = ntohl(initack_cp->init.initiate_tag);
1604 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1605 asoc->pre_open_streams = ntohs(initack_cp->init.num_outbound_streams);
1606 asoc->init_seq_number = ntohl(initack_cp->init.initial_tsn);
1607 asoc->sending_seq = asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number;
1608 asoc->last_cwr_tsn = asoc->init_seq_number - 1;
1609 asoc->asconf_seq_in = asoc->last_acked_seq = asoc->init_seq_number - 1;
1610 asoc->str_reset_seq_in = asoc->init_seq_number;
1612 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
1614 /* process the INIT info (peer's info) */
1615 retval = sctp_process_init(init_cp, stcb, *netp);
1617 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_16);
1620 /* load all addresses */
1621 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1622 init_offset + sizeof(struct sctp_init_chunk), initack_offset, sh,
1624 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_17);
1628 * verify any preceding AUTH chunk that was skipped
1630 /* pull the local authentication parameters from the cookie/init-ack */
1631 sctp_auth_get_cookie_params(stcb, m,
1632 initack_offset + sizeof(struct sctp_init_ack_chunk),
1633 initack_limit - (initack_offset + sizeof(struct sctp_init_ack_chunk)));
1635 struct sctp_auth_chunk *auth;
1637 auth = (struct sctp_auth_chunk *)
1638 sctp_m_getptr(m, auth_offset, auth_len, chunk_buf);
1639 if (sctp_handle_auth(stcb, auth, m, auth_offset)) {
1640 /* auth HMAC failed, dump the assoc and packet */
1642 if (sctp_debug_on & SCTP_DEBUG_AUTH1)
1643 printf("COOKIE-ECHO: AUTH failed\n");
1644 #endif /* SCTP_DEBUG */
1645 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_18);
1648 /* remaining chunks checked... good to go */
1649 stcb->asoc.authenticated = 1;
1652 /* update current state */
1654 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1655 printf("moving to OPEN state\n");
1658 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1659 asoc->state = SCTP_STATE_OPEN | SCTP_STATE_SHUTDOWN_PENDING;
1660 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1661 stcb->sctp_ep, stcb, asoc->primary_destination);
1663 asoc->state = SCTP_STATE_OPEN;
1665 sctp_stop_all_cookie_timers(stcb);
1666 SCTP_STAT_INCR_COUNTER32(sctps_passiveestab);
1667 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
1670 * if we're doing ASCONFs, check to see if we have any new local
1671 * addresses that need to get added to the peer (eg. addresses
1672 * changed while cookie echo in flight). This needs to be done
1673 * after we go to the OPEN state to do the correct asconf
1674 * processing. else, make sure we have the correct addresses in our
1678 /* warning, we re-use sin, sin6, sa_store here! */
1679 /* pull in local_address (our "from" address) */
1680 if (cookie->laddr_type == SCTP_IPV4_ADDRESS) {
1681 /* source addr is IPv4 */
1682 sin = (struct sockaddr_in *)initack_src;
1683 memset(sin, 0, sizeof(*sin));
1684 sin->sin_family = AF_INET;
1685 sin->sin_len = sizeof(struct sockaddr_in);
1686 sin->sin_addr.s_addr = cookie->laddress[0];
1687 } else if (cookie->laddr_type == SCTP_IPV6_ADDRESS) {
1688 /* source addr is IPv6 */
1689 sin6 = (struct sockaddr_in6 *)initack_src;
1690 memset(sin6, 0, sizeof(*sin6));
1691 sin6->sin6_family = AF_INET6;
1692 sin6->sin6_len = sizeof(struct sockaddr_in6);
1693 sin6->sin6_scope_id = cookie->scope_id;
1694 memcpy(&sin6->sin6_addr, cookie->laddress,
1695 sizeof(sin6->sin6_addr));
1697 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_19);
1701 sctp_check_address_list(stcb, m,
1702 initack_offset + sizeof(struct sctp_init_ack_chunk),
1703 initack_limit - (initack_offset + sizeof(struct sctp_init_ack_chunk)),
1704 initack_src, cookie->local_scope, cookie->site_scope,
1705 cookie->ipv4_scope, cookie->loopback_scope);
1708 /* set up to notify upper layer */
1709 *notification = SCTP_NOTIFY_ASSOC_UP;
1710 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1711 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
1712 (inp->sctp_socket->so_qlimit == 0)) {
1714 * This is an endpoint that called connect() how it got a
1715 * cookie that is NEW is a bit of a mystery. It must be that
1716 * the INIT was sent, but before it got there.. a complete
1717 * INIT/INIT-ACK/COOKIE arrived. But of course then it
1718 * should have went to the other code.. not here.. oh well..
1719 * a bit of protection is worth having..
1721 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED;
1722 soisconnected(stcb->sctp_ep->sctp_socket);
1723 } else if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) &&
1724 (inp->sctp_socket->so_qlimit)) {
1726 * We don't want to do anything with this one. Since it is
1727 * the listening guy. The timer will get started for
1728 * accepted connections in the caller.
1732 /* since we did not send a HB make sure we don't double things */
1733 (*netp)->hb_responded = 1;
1735 if (stcb->asoc.sctp_autoclose_ticks &&
1736 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1737 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL);
1739 /* respond with a COOKIE-ACK */
1740 /* calculate the RTT */
1741 (*netp)->RTO = sctp_calculate_rto(stcb, asoc, *netp,
1742 &cookie->time_entered);
1743 sctp_send_cookie_ack(stcb);
1749 * handles a COOKIE-ECHO message stcb: modified to either a new or left as
1750 * existing (non-NULL) TCB
1752 static struct mbuf *
1753 sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset,
1754 struct sctphdr *sh, struct sctp_cookie_echo_chunk *cp,
1755 struct sctp_inpcb **inp_p, struct sctp_tcb **stcb, struct sctp_nets **netp,
1756 int auth_skipped, uint32_t auth_offset, uint32_t auth_len, struct sctp_tcb **locked_tcb)
1758 struct sctp_state_cookie *cookie;
1759 struct sockaddr_in6 sin6;
1760 struct sockaddr_in sin;
1761 struct sctp_tcb *l_stcb = *stcb;
1762 struct sctp_inpcb *l_inp;
1763 struct sockaddr *to;
1764 sctp_assoc_t sac_restart_id;
1765 struct sctp_pcb *ep;
1767 uint8_t calc_sig[SCTP_SIGNATURE_SIZE], tmp_sig[SCTP_SIGNATURE_SIZE];
1769 uint8_t cookie_ok = 0;
1770 unsigned int size_of_pkt, sig_offset, cookie_offset;
1771 unsigned int cookie_len;
1773 struct timeval time_expires;
1774 struct sockaddr_storage dest_store;
1775 struct sockaddr *localep_sa = (struct sockaddr *)&dest_store;
1777 int notification = 0;
1778 struct sctp_nets *netl;
1779 int had_a_existing_tcb = 0;
1782 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
1783 printf("sctp_handle_cookie: handling COOKIE-ECHO\n");
1787 if (inp_p == NULL) {
1790 /* First get the destination address setup too. */
1791 iph = mtod(m, struct ip *);
1792 if (iph->ip_v == IPVERSION) {
1794 struct sockaddr_in *sin;
1796 sin = (struct sockaddr_in *)(localep_sa);
1797 memset(sin, 0, sizeof(*sin));
1798 sin->sin_family = AF_INET;
1799 sin->sin_len = sizeof(*sin);
1800 sin->sin_port = sh->dest_port;
1801 sin->sin_addr.s_addr = iph->ip_dst.s_addr;
1802 } else if (iph->ip_v == (IPV6_VERSION >> 4)) {
1804 struct ip6_hdr *ip6;
1805 struct sockaddr_in6 *sin6;
1807 sin6 = (struct sockaddr_in6 *)(localep_sa);
1808 memset(sin6, 0, sizeof(*sin6));
1809 sin6->sin6_family = AF_INET6;
1810 sin6->sin6_len = sizeof(struct sockaddr_in6);
1811 ip6 = mtod(m, struct ip6_hdr *);
1812 sin6->sin6_port = sh->dest_port;
1813 sin6->sin6_addr = ip6->ip6_dst;
1818 cookie = &cp->cookie;
1819 cookie_offset = offset + sizeof(struct sctp_chunkhdr);
1820 cookie_len = ntohs(cp->ch.chunk_length);
1822 if ((cookie->peerport != sh->src_port) &&
1823 (cookie->myport != sh->dest_port) &&
1824 (cookie->my_vtag != sh->v_tag)) {
1826 * invalid ports or bad tag. Note that we always leave the
1827 * v_tag in the header in network order and when we stored
1828 * it in the my_vtag slot we also left it in network order.
1829 * This maintians the match even though it may be in the
1830 * opposite byte order of the machine :->
1834 /* compute size of packet */
1835 if (m->m_flags & M_PKTHDR) {
1836 size_of_pkt = m->m_pkthdr.len;
1838 /* Should have a pkt hdr really */
1843 while (mat != NULL) {
1844 size_of_pkt += mat->m_len;
1848 if (cookie_len > size_of_pkt ||
1849 cookie_len < sizeof(struct sctp_cookie_echo_chunk) +
1850 sizeof(struct sctp_init_chunk) +
1851 sizeof(struct sctp_init_ack_chunk) + SCTP_SIGNATURE_SIZE) {
1852 /* cookie too long! or too small */
1856 * split off the signature into its own mbuf (since it should not be
1857 * calculated in the sctp_hmac_m() call).
1859 sig_offset = offset + cookie_len - SCTP_SIGNATURE_SIZE;
1860 if (sig_offset > size_of_pkt) {
1861 /* packet not correct size! */
1862 /* XXX this may already be accounted for earlier... */
1865 m_sig = m_split(m, sig_offset, M_DONTWAIT);
1866 if (m_sig == NULL) {
1867 /* out of memory or ?? */
1871 * compute the signature/digest for the cookie
1873 ep = &(*inp_p)->sctp_ep;
1876 SCTP_TCB_UNLOCK(l_stcb);
1878 SCTP_INP_RLOCK(l_inp);
1880 SCTP_TCB_LOCK(l_stcb);
1882 /* which cookie is it? */
1883 if ((cookie->time_entered.tv_sec < (long)ep->time_of_secret_change) &&
1884 (ep->current_secret_number != ep->last_secret_number)) {
1885 /* it's the old cookie */
1886 sctp_hmac_m(SCTP_HMAC,
1887 (uint8_t *) ep->secret_key[(int)ep->last_secret_number],
1888 SCTP_SECRET_SIZE, m, cookie_offset, calc_sig);
1890 /* it's the current cookie */
1891 sctp_hmac_m(SCTP_HMAC,
1892 (uint8_t *) ep->secret_key[(int)ep->current_secret_number],
1893 SCTP_SECRET_SIZE, m, cookie_offset, calc_sig);
1895 /* get the signature */
1896 SCTP_INP_RUNLOCK(l_inp);
1897 sig = (uint8_t *) sctp_m_getptr(m_sig, 0, SCTP_SIGNATURE_SIZE, (uint8_t *) & tmp_sig);
1899 /* couldn't find signature */
1900 sctp_m_freem(m_sig);
1903 /* compare the received digest with the computed digest */
1904 if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) != 0) {
1905 /* try the old cookie? */
1906 if ((cookie->time_entered.tv_sec == (long)ep->time_of_secret_change) &&
1907 (ep->current_secret_number != ep->last_secret_number)) {
1908 /* compute digest with old */
1909 sctp_hmac_m(SCTP_HMAC,
1910 (uint8_t *) ep->secret_key[(int)ep->last_secret_number],
1911 SCTP_SECRET_SIZE, m, cookie_offset, calc_sig);
1913 if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) == 0)
1921 * Now before we continue we must reconstruct our mbuf so that
1922 * normal processing of any other chunks will work.
1928 while (m_at->m_next != NULL) {
1929 m_at = m_at->m_next;
1931 m_at->m_next = m_sig;
1932 if (m->m_flags & M_PKTHDR) {
1934 * We should only do this if and only if the front
1935 * mbuf has a m_pkthdr... it should in theory.
1937 if (m_sig->m_flags & M_PKTHDR) {
1938 /* Add back to the pkt hdr of main m chain */
1939 m->m_pkthdr.len += m_sig->m_pkthdr.len;
1942 * Got a problem, no pkthdr in split chain.
1943 * TSNH but we will handle it just in case
1948 printf("Warning: Hitting m_split join TSNH code - fixed\n");
1951 mmlen += lat->m_len;
1954 m->m_pkthdr.len += mmlen;
1959 if (cookie_ok == 0) {
1961 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
1962 printf("handle_cookie_echo: cookie signature validation failed!\n");
1963 printf("offset = %u, cookie_offset = %u, sig_offset = %u\n",
1964 (uint32_t) offset, cookie_offset, sig_offset);
1970 * check the cookie timestamps to be sure it's not stale
1972 SCTP_GETTIME_TIMEVAL(&now);
1973 /* Expire time is in Ticks, so we convert to seconds */
1974 time_expires.tv_sec = cookie->time_entered.tv_sec + cookie->cookie_life;
1975 time_expires.tv_usec = cookie->time_entered.tv_usec;
1976 if (timevalcmp(&now, &time_expires, >)) {
1977 /* cookie is stale! */
1978 struct mbuf *op_err;
1979 struct sctp_stale_cookie_msg *scm;
1982 op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_stale_cookie_msg),
1983 1, M_DONTWAIT, 1, MT_DATA);
1984 if (op_err == NULL) {
1988 /* pre-reserve some space */
1989 op_err->m_data += sizeof(struct ip6_hdr);
1990 op_err->m_data += sizeof(struct sctphdr);
1991 op_err->m_data += sizeof(struct sctp_chunkhdr);
1994 op_err->m_len = op_err->m_pkthdr.len = sizeof(struct sctp_stale_cookie_msg);
1995 scm = mtod(op_err, struct sctp_stale_cookie_msg *);
1996 scm->ph.param_type = htons(SCTP_CAUSE_STALE_COOKIE);
1997 scm->ph.param_length = htons((sizeof(struct sctp_paramhdr) +
1998 (sizeof(uint32_t))));
1999 /* seconds to usec */
2000 tim = (now.tv_sec - time_expires.tv_sec) * 1000000;
2003 tim = now.tv_usec - cookie->time_entered.tv_usec;
2004 scm->time_usec = htonl(tim);
2005 sctp_send_operr_to(m, iphlen, op_err, cookie->peers_vtag);
2009 * Now we must see with the lookup address if we have an existing
2010 * asoc. This will only happen if we were in the COOKIE-WAIT state
2011 * and a INIT collided with us and somewhere the peer sent the
2012 * cookie on another address besides the single address our assoc
2013 * had for him. In this case we will have one of the tie-tags set at
2014 * least AND the address field in the cookie can be used to look it
2018 if (cookie->addr_type == SCTP_IPV6_ADDRESS) {
2019 memset(&sin6, 0, sizeof(sin6));
2020 sin6.sin6_family = AF_INET6;
2021 sin6.sin6_len = sizeof(sin6);
2022 sin6.sin6_port = sh->src_port;
2023 sin6.sin6_scope_id = cookie->scope_id;
2024 memcpy(&sin6.sin6_addr.s6_addr, cookie->address,
2025 sizeof(sin6.sin6_addr.s6_addr));
2026 to = (struct sockaddr *)&sin6;
2027 } else if (cookie->addr_type == SCTP_IPV4_ADDRESS) {
2028 memset(&sin, 0, sizeof(sin));
2029 sin.sin_family = AF_INET;
2030 sin.sin_len = sizeof(sin);
2031 sin.sin_port = sh->src_port;
2032 sin.sin_addr.s_addr = cookie->address[0];
2033 to = (struct sockaddr *)&sin;
2035 if ((*stcb == NULL) && to) {
2036 /* Yep, lets check */
2037 *stcb = sctp_findassociation_ep_addr(inp_p, to, netp, localep_sa, NULL);
2038 if (*stcb == NULL) {
2040 * We should have only got back the same inp. If we
2041 * got back a different ep we have a problem. The
2042 * original findep got back l_inp and now
2044 if (l_inp != *inp_p) {
2045 printf("Bad problem find_ep got a diff inp then special_locate?\n");
2048 if (*locked_tcb == NULL) {
2050 * In this case we found the assoc only
2051 * after we locked the create lock. This
2052 * means we are in a colliding case and we
2053 * must make sure that we unlock the tcb if
2054 * its one of the cases where we throw away
2055 * the incoming packets.
2057 *locked_tcb = *stcb;
2060 * We must also increment the inp ref count
2061 * since the ref_count flags was set when we
2062 * did not find the TCB, now we found it
2063 * which reduces the refcount.. we must
2064 * raise it back out to balance it all :-)
2066 SCTP_INP_INCR_REF((*stcb)->sctp_ep);
2067 if ((*stcb)->sctp_ep != l_inp) {
2068 printf("Huh? ep:%p diff then l_inp:%p?\n",
2069 (*stcb)->sctp_ep, l_inp);
2074 cookie_len -= SCTP_SIGNATURE_SIZE;
2075 if (*stcb == NULL) {
2076 /* this is the "normal" case... get a new TCB */
2077 *stcb = sctp_process_cookie_new(m, iphlen, offset, sh, cookie,
2078 cookie_len, *inp_p, netp, to, ¬ification,
2079 auth_skipped, auth_offset, auth_len);
2081 /* this is abnormal... cookie-echo on existing TCB */
2082 had_a_existing_tcb = 1;
2083 *stcb = sctp_process_cookie_existing(m, iphlen, offset, sh,
2084 cookie, cookie_len, *inp_p, *stcb, *netp, to, ¬ification,
2088 if (*stcb == NULL) {
2089 /* still no TCB... must be bad cookie-echo */
2093 * Ok, we built an association so confirm the address we sent the
2096 netl = sctp_findnet(*stcb, to);
2098 * This code should in theory NOT run but
2101 /* TSNH! Huh, why do I need to add this address here? */
2104 ret = sctp_add_remote_addr(*stcb, to, SCTP_DONOT_SETSCOPE,
2105 SCTP_IN_COOKIE_PROC);
2106 netl = sctp_findnet(*stcb, to);
2109 if (netl->dest_state & SCTP_ADDR_UNCONFIRMED) {
2110 netl->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
2111 sctp_set_primary_addr((*stcb), (struct sockaddr *)NULL,
2113 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED,
2114 (*stcb), 0, (void *)netl);
2118 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, *inp_p,
2121 if ((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) {
2122 if (!had_a_existing_tcb ||
2123 (((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0)) {
2125 * If we have a NEW cookie or the connect never
2126 * reached the connected state during collision we
2127 * must do the TCP accept thing.
2129 struct socket *so, *oso;
2130 struct sctp_inpcb *inp;
2132 if (notification == SCTP_NOTIFY_ASSOC_RESTART) {
2134 * For a restart we will keep the same
2135 * socket, no need to do anything. I THINK!!
2137 sctp_ulp_notify(notification, *stcb, 0, (void *)&sac_restart_id);
2140 oso = (*inp_p)->sctp_socket;
2142 * We do this to keep the sockets side happy durin
2143 * the sonewcon ONLY.
2146 SCTP_TCB_UNLOCK((*stcb));
2147 so = sonewconn(oso, SS_ISCONNECTED
2150 SCTP_INP_WLOCK((*stcb)->sctp_ep);
2151 SCTP_TCB_LOCK((*stcb));
2152 SCTP_INP_WUNLOCK((*stcb)->sctp_ep);
2154 struct mbuf *op_err;
2156 /* Too many sockets */
2158 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
2159 printf("process_cookie_new: no room for another socket!\n");
2161 #endif /* SCTP_DEBUG */
2162 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
2163 sctp_abort_association(*inp_p, NULL, m, iphlen,
2165 sctp_free_assoc(*inp_p, *stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_20);
2168 inp = (struct sctp_inpcb *)so->so_pcb;
2169 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE |
2170 SCTP_PCB_FLAGS_CONNECTED |
2171 SCTP_PCB_FLAGS_IN_TCPPOOL |
2172 (SCTP_PCB_COPY_FLAGS & (*inp_p)->sctp_flags) |
2173 SCTP_PCB_FLAGS_DONT_WAKE);
2174 inp->sctp_features = (*inp_p)->sctp_features;
2175 inp->sctp_socket = so;
2176 inp->sctp_frag_point = (*inp_p)->sctp_frag_point;
2177 inp->partial_delivery_point = (*inp_p)->partial_delivery_point;
2178 inp->sctp_context = (*inp_p)->sctp_context;
2179 inp->inp_starting_point_for_iterator = NULL;
2181 * copy in the authentication parameters from the
2184 if (inp->sctp_ep.local_hmacs)
2185 sctp_free_hmaclist(inp->sctp_ep.local_hmacs);
2186 inp->sctp_ep.local_hmacs =
2187 sctp_copy_hmaclist((*inp_p)->sctp_ep.local_hmacs);
2188 if (inp->sctp_ep.local_auth_chunks)
2189 sctp_free_chunklist(inp->sctp_ep.local_auth_chunks);
2190 inp->sctp_ep.local_auth_chunks =
2191 sctp_copy_chunklist((*inp_p)->sctp_ep.local_auth_chunks);
2192 (void)sctp_copy_skeylist(&(*inp_p)->sctp_ep.shared_keys,
2193 &inp->sctp_ep.shared_keys);
2196 * Now we must move it from one hash table to
2197 * another and get the tcb in the right place.
2199 sctp_move_pcb_and_assoc(*inp_p, inp, *stcb);
2201 sctp_pull_off_control_to_new_inp((*inp_p), inp, *stcb);
2203 /* Switch over to the new guy */
2206 sctp_ulp_notify(notification, *stcb, 0, NULL);
2210 if ((notification) && ((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)) {
2211 sctp_ulp_notify(notification, *stcb, 0, NULL);
2217 sctp_handle_cookie_ack(struct sctp_cookie_ack_chunk *cp,
2218 struct sctp_tcb *stcb, struct sctp_nets *net)
2220 /* cp must not be used, others call this without a c-ack :-) */
2221 struct sctp_association *asoc;
2224 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
2225 printf("sctp_handle_cookie_ack: handling COOKIE-ACK\n");
2233 sctp_stop_all_cookie_timers(stcb);
2234 /* process according to association state */
2235 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED) {
2236 /* state change only needed when I am in right state */
2238 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
2239 printf("moving to OPEN state\n");
2242 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
2243 asoc->state = SCTP_STATE_OPEN | SCTP_STATE_SHUTDOWN_PENDING;
2244 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
2245 stcb->sctp_ep, stcb, asoc->primary_destination);
2248 asoc->state = SCTP_STATE_OPEN;
2251 SCTP_STAT_INCR_COUNTER32(sctps_activeestab);
2252 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
2253 if (asoc->overall_error_count == 0) {
2254 net->RTO = sctp_calculate_rto(stcb, asoc, net,
2255 &asoc->time_entered);
2257 SCTP_GETTIME_TIMEVAL(&asoc->time_entered);
2258 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_UP, stcb, 0, NULL);
2259 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
2260 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
2261 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED;
2262 soisconnected(stcb->sctp_ep->sctp_socket);
2264 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
2267 * since we did not send a HB make sure we don't double
2270 net->hb_responded = 1;
2272 if (stcb->asoc.sctp_autoclose_ticks &&
2273 sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_AUTOCLOSE)) {
2274 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE,
2275 stcb->sctp_ep, stcb, NULL);
2278 * set ASCONF timer if ASCONFs are pending and allowed (eg.
2279 * addresses changed when init/cookie echo in flight)
2281 if ((sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_DO_ASCONF)) &&
2282 (stcb->asoc.peer_supports_asconf) &&
2283 (!TAILQ_EMPTY(&stcb->asoc.asconf_queue))) {
2284 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF,
2285 stcb->sctp_ep, stcb,
2286 stcb->asoc.primary_destination);
2289 /* Toss the cookie if I can */
2290 sctp_toss_old_cookies(stcb, asoc);
2291 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
2292 /* Restart the timer if we have pending data */
2293 struct sctp_tmit_chunk *chk;
2295 chk = TAILQ_FIRST(&asoc->sent_queue);
2297 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2304 sctp_handle_ecn_echo(struct sctp_ecne_chunk *cp,
2305 struct sctp_tcb *stcb)
2307 struct sctp_nets *net;
2308 struct sctp_tmit_chunk *lchk;
2311 if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_ecne_chunk)) {
2314 SCTP_STAT_INCR(sctps_recvecne);
2315 tsn = ntohl(cp->tsn);
2316 /* ECN Nonce stuff: need a resync and disable the nonce sum check */
2317 /* Also we make sure we disable the nonce_wait */
2318 lchk = TAILQ_FIRST(&stcb->asoc.send_queue);
2320 stcb->asoc.nonce_resync_tsn = stcb->asoc.sending_seq;
2322 stcb->asoc.nonce_resync_tsn = lchk->rec.data.TSN_seq;
2324 stcb->asoc.nonce_wait_for_ecne = 0;
2325 stcb->asoc.nonce_sum_check = 0;
2327 /* Find where it was sent, if possible */
2329 lchk = TAILQ_FIRST(&stcb->asoc.sent_queue);
2331 if (lchk->rec.data.TSN_seq == tsn) {
2335 if (compare_with_wrap(lchk->rec.data.TSN_seq, tsn, MAX_SEQ))
2337 lchk = TAILQ_NEXT(lchk, sctp_next);
2340 /* default is we use the primary */
2341 net = stcb->asoc.primary_destination;
2343 if (compare_with_wrap(tsn, stcb->asoc.last_cwr_tsn, MAX_TSN)) {
2344 #ifdef SCTP_CWND_MONITOR
2347 old_cwnd = net->cwnd;
2349 SCTP_STAT_INCR(sctps_ecnereducedcwnd);
2350 net->ssthresh = net->cwnd / 2;
2351 if (net->ssthresh < net->mtu) {
2352 net->ssthresh = net->mtu;
2353 /* here back off the timer as well, to slow us down */
2356 net->cwnd = net->ssthresh;
2357 #ifdef SCTP_CWND_MONITOR
2358 sctp_log_cwnd(stcb, net, (net->cwnd - old_cwnd), SCTP_CWND_LOG_FROM_SAT);
2361 * we reduce once every RTT. So we will only lower cwnd at
2362 * the next sending seq i.e. the resync_tsn.
2364 stcb->asoc.last_cwr_tsn = stcb->asoc.nonce_resync_tsn;
2367 * We always send a CWR this way if our previous one was lost our
2368 * peer will get an update, or if it is not time again to reduce we
2369 * still get the cwr to the peer.
2371 sctp_send_cwr(stcb, net, tsn);
2375 sctp_handle_ecn_cwr(struct sctp_cwr_chunk *cp, struct sctp_tcb *stcb)
2378 * Here we get a CWR from the peer. We must look in the outqueue and
2379 * make sure that we have a covered ECNE in teh control chunk part.
2382 struct sctp_tmit_chunk *chk;
2383 struct sctp_ecne_chunk *ecne;
2385 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
2386 if (chk->rec.chunk_id.id != SCTP_ECN_ECHO) {
2390 * Look for and remove if it is the right TSN. Since there
2391 * is only ONE ECNE on the control queue at any one time we
2392 * don't need to worry about more than one!
2394 ecne = mtod(chk->data, struct sctp_ecne_chunk *);
2395 if (compare_with_wrap(ntohl(cp->tsn), ntohl(ecne->tsn),
2396 MAX_TSN) || (cp->tsn == ecne->tsn)) {
2397 /* this covers this ECNE, we can remove it */
2398 stcb->asoc.ecn_echo_cnt_onq--;
2399 TAILQ_REMOVE(&stcb->asoc.control_send_queue, chk,
2402 sctp_m_freem(chk->data);
2405 stcb->asoc.ctrl_queue_cnt--;
2406 sctp_free_remote_addr(chk->whoTo);
2407 sctp_free_a_chunk(stcb, chk);
2414 sctp_handle_shutdown_complete(struct sctp_shutdown_complete_chunk *cp,
2415 struct sctp_tcb *stcb, struct sctp_nets *net)
2417 struct sctp_association *asoc;
2420 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
2421 printf("sctp_handle_shutdown_complete: handling SHUTDOWN-COMPLETE\n");
2428 /* process according to association state */
2429 if (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT) {
2430 /* unexpected SHUTDOWN-COMPLETE... so ignore... */
2431 SCTP_TCB_UNLOCK(stcb);
2434 /* notify upper layer protocol */
2435 if (stcb->sctp_socket) {
2436 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL);
2437 /* are the queues empty? they should be */
2438 if (!TAILQ_EMPTY(&asoc->send_queue) ||
2439 !TAILQ_EMPTY(&asoc->sent_queue) ||
2440 !TAILQ_EMPTY(&asoc->out_wheel)) {
2441 sctp_report_all_outbound(stcb, 0);
2444 /* stop the timer */
2445 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_21);
2446 SCTP_STAT_INCR_COUNTER32(sctps_shutdown);
2448 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_22);
2453 process_chunk_drop(struct sctp_tcb *stcb, struct sctp_chunk_desc *desc,
2454 struct sctp_nets *net, uint8_t flg)
2456 switch (desc->chunk_type) {
2458 /* find the tsn to resend (possibly */
2461 struct sctp_tmit_chunk *tp1;
2463 tsn = ntohl(desc->tsn_ifany);
2464 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
2466 if (tp1->rec.data.TSN_seq == tsn) {
2470 if (compare_with_wrap(tp1->rec.data.TSN_seq, tsn,
2476 tp1 = TAILQ_NEXT(tp1, sctp_next);
2480 * Do it the other way , aka without paying
2481 * attention to queue seq order.
2483 SCTP_STAT_INCR(sctps_pdrpdnfnd);
2484 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
2486 if (tp1->rec.data.TSN_seq == tsn) {
2490 tp1 = TAILQ_NEXT(tp1, sctp_next);
2494 SCTP_STAT_INCR(sctps_pdrptsnnf);
2496 if ((tp1) && (tp1->sent < SCTP_DATAGRAM_ACKED)) {
2499 if ((stcb->asoc.peers_rwnd == 0) &&
2500 ((flg & SCTP_FROM_MIDDLE_BOX) == 0)) {
2501 SCTP_STAT_INCR(sctps_pdrpdiwnp);
2504 if (stcb->asoc.peers_rwnd == 0 &&
2505 (flg & SCTP_FROM_MIDDLE_BOX)) {
2506 SCTP_STAT_INCR(sctps_pdrpdizrw);
2509 ddp = (uint8_t *) (mtod(tp1->data, caddr_t)+
2510 sizeof(struct sctp_data_chunk));
2514 for (iii = 0; iii < sizeof(desc->data_bytes);
2516 if (ddp[iii] != desc->data_bytes[iii]) {
2517 SCTP_STAT_INCR(sctps_pdrpbadd);
2523 * We zero out the nonce so resync not
2526 tp1->rec.data.ect_nonce = 0;
2530 * this guy had a RTO calculation
2531 * pending on it, cancel it
2533 tp1->whoTo->rto_pending = 0;
2536 SCTP_STAT_INCR(sctps_pdrpmark);
2537 if (tp1->sent != SCTP_DATAGRAM_RESEND)
2538 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
2539 tp1->sent = SCTP_DATAGRAM_RESEND;
2541 * mark it as if we were doing a FR, since
2542 * we will be getting gap ack reports behind
2543 * the info from the router.
2545 tp1->rec.data.doing_fast_retransmit = 1;
2547 * mark the tsn with what sequences can
2550 if (TAILQ_EMPTY(&stcb->asoc.send_queue)) {
2551 tp1->rec.data.fast_retran_tsn = stcb->asoc.sending_seq;
2553 tp1->rec.data.fast_retran_tsn = (TAILQ_FIRST(&stcb->asoc.send_queue))->rec.data.TSN_seq;
2556 /* restart the timer */
2557 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2558 stcb, tp1->whoTo, SCTP_FROM_SCTP_INPUT + SCTP_LOC_23);
2559 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2562 /* fix counts and things */
2563 #ifdef SCTP_FLIGHT_LOGGING
2564 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN,
2565 tp1->whoTo->flight_size,
2568 tp1->rec.data.TSN_seq);
2570 if (tp1->whoTo->flight_size >= tp1->book_size)
2571 tp1->whoTo->flight_size -= tp1->book_size;
2573 tp1->whoTo->flight_size = 0;
2575 if (stcb->asoc.total_flight >= tp1->book_size) {
2576 stcb->asoc.total_flight -= tp1->book_size;
2577 if (stcb->asoc.total_flight_count > 0)
2578 stcb->asoc.total_flight_count--;
2580 stcb->asoc.total_flight = 0;
2581 stcb->asoc.total_flight_count = 0;
2589 TAILQ_FOREACH(tp1, &stcb->asoc.sent_queue, sctp_next) {
2590 if (tp1->sent == SCTP_DATAGRAM_RESEND)
2593 TAILQ_FOREACH(tp1, &stcb->asoc.control_send_queue,
2595 if (tp1->sent == SCTP_DATAGRAM_RESEND)
2598 if (audit != stcb->asoc.sent_queue_retran_cnt) {
2599 printf("**Local Audit finds cnt:%d asoc cnt:%d\n",
2600 audit, stcb->asoc.sent_queue_retran_cnt);
2601 #ifndef SCTP_AUDITING_ENABLED
2602 stcb->asoc.sent_queue_retran_cnt = audit;
2610 struct sctp_tmit_chunk *asconf;
2612 TAILQ_FOREACH(asconf, &stcb->asoc.control_send_queue,
2614 if (asconf->rec.chunk_id.id == SCTP_ASCONF) {
2619 if (asconf->sent != SCTP_DATAGRAM_RESEND)
2620 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
2621 asconf->sent = SCTP_DATAGRAM_RESEND;
2622 asconf->snd_count--;
2626 case SCTP_INITIATION:
2627 /* resend the INIT */
2628 stcb->asoc.dropped_special_cnt++;
2629 if (stcb->asoc.dropped_special_cnt < SCTP_RETRY_DROPPED_THRESH) {
2631 * If we can get it in, in a few attempts we do
2632 * this, otherwise we let the timer fire.
2634 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, stcb->sctp_ep,
2635 stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_24);
2636 sctp_send_initiate(stcb->sctp_ep, stcb);
2639 case SCTP_SELECTIVE_ACK:
2640 /* resend the sack */
2641 sctp_send_sack(stcb);
2643 case SCTP_HEARTBEAT_REQUEST:
2644 /* resend a demand HB */
2645 sctp_send_hb(stcb, 1, net);
2648 sctp_send_shutdown(stcb, net);
2650 case SCTP_SHUTDOWN_ACK:
2651 sctp_send_shutdown_ack(stcb, net);
2653 case SCTP_COOKIE_ECHO:
2655 struct sctp_tmit_chunk *cookie;
2658 TAILQ_FOREACH(cookie, &stcb->asoc.control_send_queue,
2660 if (cookie->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
2665 if (cookie->sent != SCTP_DATAGRAM_RESEND)
2666 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
2667 cookie->sent = SCTP_DATAGRAM_RESEND;
2668 sctp_stop_all_cookie_timers(stcb);
2672 case SCTP_COOKIE_ACK:
2673 sctp_send_cookie_ack(stcb);
2675 case SCTP_ASCONF_ACK:
2676 /* resend last asconf ack */
2677 sctp_send_asconf_ack(stcb, 1);
2679 case SCTP_FORWARD_CUM_TSN:
2680 send_forward_tsn(stcb, &stcb->asoc);
2682 /* can't do anything with these */
2683 case SCTP_PACKET_DROPPED:
2684 case SCTP_INITIATION_ACK: /* this should not happen */
2685 case SCTP_HEARTBEAT_ACK:
2686 case SCTP_ABORT_ASSOCIATION:
2687 case SCTP_OPERATION_ERROR:
2688 case SCTP_SHUTDOWN_COMPLETE:
2698 sctp_reset_in_stream(struct sctp_tcb *stcb, int number_entries, uint16_t * list)
2704 * We set things to 0xffff since this is the last delivered sequence
2705 * and we will be sending in 0 after the reset.
2708 if (number_entries) {
2709 for (i = 0; i < number_entries; i++) {
2710 temp = ntohs(list[i]);
2711 if (temp >= stcb->asoc.streamincnt) {
2714 stcb->asoc.strmin[temp].last_sequence_delivered = 0xffff;
2718 for (i = 0; i < stcb->asoc.streamincnt; i++) {
2719 stcb->asoc.strmin[i].last_sequence_delivered = 0xffff;
2722 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_RECV, stcb, number_entries, (void *)list);
2726 sctp_reset_out_streams(struct sctp_tcb *stcb, int number_entries, uint16_t * list)
2730 if (number_entries == 0) {
2731 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
2732 stcb->asoc.strmout[i].next_sequence_sent = 0;
2734 } else if (number_entries) {
2735 for (i = 0; i < number_entries; i++) {
2738 temp = ntohs(list[i]);
2739 if (temp >= stcb->asoc.streamoutcnt) {
2740 /* no such stream */
2743 stcb->asoc.strmout[temp].next_sequence_sent = 0;
2746 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_SEND, stcb, number_entries, (void *)list);
2750 struct sctp_stream_reset_out_request *
2751 sctp_find_stream_reset(struct sctp_tcb *stcb, uint32_t seq, struct sctp_tmit_chunk **bchk)
2753 struct sctp_association *asoc;
2754 struct sctp_stream_reset_out_req *req;
2755 struct sctp_stream_reset_out_request *r;
2756 struct sctp_tmit_chunk *chk;
2760 if (TAILQ_EMPTY(&stcb->asoc.control_send_queue)) {
2763 if (stcb->asoc.str_reset == NULL) {
2766 chk = stcb->asoc.str_reset;
2767 if (chk->data == NULL) {
2771 /* he wants a copy of the chk pointer */
2774 clen = chk->send_size;
2775 req = mtod(chk->data, struct sctp_stream_reset_out_req *);
2777 if (ntohl(r->request_seq) == seq) {
2781 len = SCTP_SIZE32(ntohs(r->ph.param_length));
2782 if (clen > (len + (int)sizeof(struct sctp_chunkhdr))) {
2783 /* move to the next one, there can only be a max of two */
2784 r = (struct sctp_stream_reset_out_request *)((caddr_t)r + len);
2785 if (ntohl(r->request_seq) == seq) {
2789 /* that seq is not here */
2794 sctp_clean_up_stream_reset(struct sctp_tcb *stcb)
2796 struct sctp_association *asoc;
2799 struct sctp_tmit_chunk *chk = stcb->asoc.str_reset;
2801 if (stcb->asoc.str_reset == NULL) {
2804 sctp_timer_stop(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo, SCTP_FROM_SCTP_INPUT + SCTP_LOC_25);
2805 TAILQ_REMOVE(&asoc->control_send_queue,
2809 sctp_m_freem(chk->data);
2812 asoc->ctrl_queue_cnt--;
2813 sctp_free_remote_addr(chk->whoTo);
2815 sctp_free_a_chunk(stcb, chk);
2816 stcb->asoc.str_reset = NULL;
2821 sctp_handle_stream_reset_response(struct sctp_tcb *stcb,
2822 uint32_t seq, uint32_t action,
2823 struct sctp_stream_reset_response *respin)
2827 struct sctp_association *asoc = &stcb->asoc;
2828 struct sctp_tmit_chunk *chk;
2829 struct sctp_stream_reset_out_request *srparam;
2832 if (asoc->stream_reset_outstanding == 0) {
2836 if (seq == stcb->asoc.str_reset_seq_out) {
2837 srparam = sctp_find_stream_reset(stcb, seq, &chk);
2839 stcb->asoc.str_reset_seq_out++;
2840 type = ntohs(srparam->ph.param_type);
2841 lparm_len = ntohs(srparam->ph.param_length);
2842 if (type == SCTP_STR_RESET_OUT_REQUEST) {
2843 number_entries = (lparm_len - sizeof(struct sctp_stream_reset_out_request)) / sizeof(uint16_t);
2844 asoc->stream_reset_out_is_outstanding = 0;
2845 if (asoc->stream_reset_outstanding)
2846 asoc->stream_reset_outstanding--;
2847 if (action == SCTP_STREAM_RESET_PERFORMED) {
2849 sctp_reset_out_streams(stcb, number_entries, srparam->list_of_streams);
2851 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_OUT, stcb, number_entries, srparam->list_of_streams);
2853 } else if (type == SCTP_STR_RESET_IN_REQUEST) {
2854 /* Answered my request */
2855 number_entries = (lparm_len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t);
2856 if (asoc->stream_reset_outstanding)
2857 asoc->stream_reset_outstanding--;
2858 if (action != SCTP_STREAM_RESET_PERFORMED) {
2859 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_IN, stcb, number_entries, srparam->list_of_streams);
2861 } else if (type == SCTP_STR_RESET_TSN_REQUEST) {
2863 * a) Adopt the new in tsn.
2865 * c) Adopt the new out-tsn
2867 struct sctp_stream_reset_response_tsn *resp;
2868 struct sctp_forward_tsn_chunk fwdtsn;
2871 if (respin == NULL) {
2875 if (action == SCTP_STREAM_RESET_PERFORMED) {
2876 resp = (struct sctp_stream_reset_response_tsn *)respin;
2877 asoc->stream_reset_outstanding--;
2878 fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk));
2879 fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN;
2880 fwdtsn.new_cumulative_tsn = htonl(ntohl(resp->senders_next_tsn) - 1);
2881 sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag);
2885 stcb->asoc.highest_tsn_inside_map = (ntohl(resp->senders_next_tsn) - 1);
2886 stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map;
2887 stcb->asoc.mapping_array_base_tsn = ntohl(resp->senders_next_tsn);
2888 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
2889 stcb->asoc.sending_seq = ntohl(resp->receivers_next_tsn);
2890 stcb->asoc.last_acked_seq = stcb->asoc.cumulative_tsn;
2892 sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL);
2893 sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL);
2897 /* get rid of the request and get the request flags */
2898 if (asoc->stream_reset_outstanding == 0) {
2899 sctp_clean_up_stream_reset(stcb);
2907 sctp_handle_str_reset_request_in(struct sctp_tcb *stcb,
2908 struct sctp_tmit_chunk *chk,
2909 struct sctp_stream_reset_in_request *req)
2917 * peer wants me to send a str-reset to him for my outgoing seq's if
2920 struct sctp_association *asoc = &stcb->asoc;
2922 seq = ntohl(req->request_seq);
2923 if (asoc->str_reset_seq_in == seq) {
2924 if (stcb->asoc.stream_reset_out_is_outstanding == 0) {
2925 len = ntohs(req->ph.param_length);
2926 number_entries = ((len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t));
2927 for (i = 0; i < number_entries; i++) {
2928 temp = ntohs(req->list_of_streams[i]);
2929 req->list_of_streams[i] = temp;
2931 /* move the reset action back one */
2932 asoc->last_reset_action[1] = asoc->last_reset_action[0];
2933 asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
2934 sctp_add_stream_reset_out(chk, number_entries, req->list_of_streams,
2935 asoc->str_reset_seq_out,
2936 seq, (asoc->sending_seq - 1));
2937 asoc->stream_reset_out_is_outstanding = 1;
2938 asoc->str_reset = chk;
2939 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo);
2940 stcb->asoc.stream_reset_outstanding++;
2942 /* Can't do it, since we have sent one out */
2943 asoc->last_reset_action[1] = asoc->last_reset_action[0];
2944 asoc->last_reset_action[0] = SCTP_STREAM_RESET_TRY_LATER;
2945 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
2947 asoc->str_reset_seq_in++;
2948 } else if (asoc->str_reset_seq_in - 1 == seq) {
2949 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
2950 } else if (asoc->str_reset_seq_in - 2 == seq) {
2951 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]);
2953 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
2958 sctp_handle_str_reset_request_tsn(struct sctp_tcb *stcb,
2959 struct sctp_tmit_chunk *chk,
2960 struct sctp_stream_reset_tsn_request *req)
2962 /* reset all in and out and update the tsn */
2964 * A) reset my str-seq's on in and out. B) Select a receive next,
2965 * and set cum-ack to it. Also process this selected number as a
2966 * fwd-tsn as well. C) set in the response my next sending seq.
2968 struct sctp_forward_tsn_chunk fwdtsn;
2969 struct sctp_association *asoc = &stcb->asoc;
2973 seq = ntohl(req->request_seq);
2974 if (asoc->str_reset_seq_in == seq) {
2975 fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk));
2976 fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN;
2977 fwdtsn.ch.chunk_flags = 0;
2978 fwdtsn.new_cumulative_tsn = htonl(stcb->asoc.highest_tsn_inside_map + 1);
2979 sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag);
2983 stcb->asoc.highest_tsn_inside_map += SCTP_STREAM_RESET_TSN_DELTA;
2984 stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map;
2985 stcb->asoc.mapping_array_base_tsn = stcb->asoc.highest_tsn_inside_map + 1;
2986 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
2987 atomic_add_int(&stcb->asoc.sending_seq, 1);
2988 /* save off historical data for retrans */
2989 stcb->asoc.last_sending_seq[1] = stcb->asoc.last_sending_seq[0];
2990 stcb->asoc.last_sending_seq[0] = stcb->asoc.sending_seq;
2991 stcb->asoc.last_base_tsnsent[1] = stcb->asoc.last_base_tsnsent[0];
2992 stcb->asoc.last_base_tsnsent[0] = stcb->asoc.mapping_array_base_tsn;
2994 sctp_add_stream_reset_result_tsn(chk,
2995 ntohl(req->request_seq),
2996 SCTP_STREAM_RESET_PERFORMED,
2997 stcb->asoc.sending_seq,
2998 stcb->asoc.mapping_array_base_tsn);
2999 sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL);
3000 sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL);
3001 stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0];
3002 stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
3004 asoc->str_reset_seq_in++;
3005 } else if (asoc->str_reset_seq_in - 1 == seq) {
3006 sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[0],
3007 stcb->asoc.last_sending_seq[0],
3008 stcb->asoc.last_base_tsnsent[0]
3010 } else if (asoc->str_reset_seq_in - 2 == seq) {
3011 sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[1],
3012 stcb->asoc.last_sending_seq[1],
3013 stcb->asoc.last_base_tsnsent[1]
3016 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
3022 sctp_handle_str_reset_request_out(struct sctp_tcb *stcb,
3023 struct sctp_tmit_chunk *chk,
3024 struct sctp_stream_reset_out_request *req)
3027 int number_entries, len;
3028 struct sctp_association *asoc = &stcb->asoc;
3030 seq = ntohl(req->request_seq);
3032 /* now if its not a duplicate we process it */
3033 if (asoc->str_reset_seq_in == seq) {
3034 len = ntohs(req->ph.param_length);
3035 number_entries = ((len - sizeof(struct sctp_stream_reset_out_request)) / sizeof(uint16_t));
3037 * the sender is resetting, handle the list issue.. we must
3038 * a) verify if we can do the reset, if so no problem b) If
3039 * we can't do the reset we must copy the request. c) queue
3040 * it, and setup the data in processor to trigger it off
3041 * when needed and dequeue all the queued data.
3043 tsn = ntohl(req->send_reset_at_tsn);
3045 /* move the reset action back one */
3046 asoc->last_reset_action[1] = asoc->last_reset_action[0];
3047 if ((tsn == asoc->cumulative_tsn) ||
3048 (compare_with_wrap(asoc->cumulative_tsn, tsn, MAX_TSN))) {
3049 /* we can do it now */
3050 sctp_reset_in_stream(stcb, number_entries, req->list_of_streams);
3051 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_PERFORMED);
3052 asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
3055 * we must queue it up and thus wait for the TSN's
3056 * to arrive that are at or before tsn
3058 struct sctp_stream_reset_list *liste;
3061 siz = sizeof(struct sctp_stream_reset_list) + (number_entries * sizeof(uint16_t));
3062 SCTP_MALLOC(liste, struct sctp_stream_reset_list *,
3064 if (liste == NULL) {
3065 /* gak out of memory */
3066 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_DENIED);
3067 asoc->last_reset_action[0] = SCTP_STREAM_RESET_DENIED;
3071 liste->number_entries = number_entries;
3072 memcpy(&liste->req, req,
3073 (sizeof(struct sctp_stream_reset_out_request) + (number_entries * sizeof(uint16_t))));
3074 TAILQ_INSERT_TAIL(&asoc->resetHead, liste, next_resp);
3075 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_PERFORMED);
3076 asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
3078 asoc->str_reset_seq_in++;
3079 } else if ((asoc->str_reset_seq_in - 1) == seq) {
3081 * one seq back, just echo back last action since my
3082 * response was lost.
3084 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
3085 } else if ((asoc->str_reset_seq_in - 2) == seq) {
3087 * two seq back, just echo back last action since my
3088 * response was lost.
3090 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]);
3092 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
3097 sctp_handle_stream_reset(struct sctp_tcb *stcb, struct sctp_stream_reset_out_req *sr_req)
3099 int chk_length, param_len, ptype;
3102 struct sctp_tmit_chunk *chk;
3103 struct sctp_chunkhdr *ch;
3104 struct sctp_paramhdr *ph;
3106 /* now it may be a reset or a reset-response */
3107 chk_length = ntohs(sr_req->ch.chunk_length);
3111 /* setup for adding the response */
3112 sctp_alloc_a_chunk(stcb, chk);
3116 chk->rec.chunk_id.id = SCTP_STREAM_RESET;
3117 chk->asoc = &stcb->asoc;
3118 chk->no_fr_allowed = 0;
3119 chk->book_size = chk->send_size = sizeof(struct sctp_chunkhdr);
3120 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 1, M_DONTWAIT, 1, MT_DATA);
3121 if (chk->data == NULL) {
3124 sctp_m_freem(chk->data);
3127 sctp_free_a_chunk(stcb, chk);
3130 chk->data->m_data += SCTP_MIN_OVERHEAD;
3132 /* setup chunk parameters */
3133 chk->sent = SCTP_DATAGRAM_UNSENT;
3135 chk->whoTo = stcb->asoc.primary_destination;
3136 atomic_add_int(&chk->whoTo->ref_count, 1);
3138 ch = mtod(chk->data, struct sctp_chunkhdr *);
3139 ch->chunk_type = SCTP_STREAM_RESET;
3140 ch->chunk_flags = 0;
3141 ch->chunk_length = htons(chk->send_size);
3142 chk->data->m_pkthdr.len = chk->data->m_len = SCTP_SIZE32(chk->send_size);
3145 ph = (struct sctp_paramhdr *)&sr_req->sr_req;
3146 while ((size_t)chk_length >= sizeof(struct sctp_stream_reset_tsn_request)) {
3147 param_len = ntohs(ph->param_length);
3148 if (param_len < (int)sizeof(struct sctp_stream_reset_tsn_request)) {
3152 ptype = ntohs(ph->param_type);
3154 if (num_param > SCTP_MAX_RESET_PARAMS) {
3155 /* hit the max of parameters already sorry.. */
3158 if (ptype == SCTP_STR_RESET_OUT_REQUEST) {
3159 struct sctp_stream_reset_out_request *req_out;
3161 req_out = (struct sctp_stream_reset_out_request *)ph;
3163 if (stcb->asoc.stream_reset_outstanding) {
3164 seq = ntohl(req_out->response_seq);
3165 if (seq == stcb->asoc.str_reset_seq_out) {
3167 sctp_handle_stream_reset_response(stcb, seq, SCTP_STREAM_RESET_PERFORMED, NULL);
3170 sctp_handle_str_reset_request_out(stcb, chk, req_out);
3171 } else if (ptype == SCTP_STR_RESET_IN_REQUEST) {
3172 struct sctp_stream_reset_in_request *req_in;
3175 req_in = (struct sctp_stream_reset_in_request *)ph;
3176 sctp_handle_str_reset_request_in(stcb, chk, req_in);
3177 } else if (ptype == SCTP_STR_RESET_TSN_REQUEST) {
3178 struct sctp_stream_reset_tsn_request *req_tsn;
3181 req_tsn = (struct sctp_stream_reset_tsn_request *)ph;
3182 if (sctp_handle_str_reset_request_tsn(stcb, chk, req_tsn)) {
3184 goto strres_nochunk;
3188 } else if (ptype == SCTP_STR_RESET_RESPONSE) {
3189 struct sctp_stream_reset_response *resp;
3192 resp = (struct sctp_stream_reset_response *)ph;
3193 seq = ntohl(resp->response_seq);
3194 result = ntohl(resp->result);
3195 if (sctp_handle_stream_reset_response(stcb, seq, result, resp)) {
3197 goto strres_nochunk;
3203 ph = (struct sctp_paramhdr *)((caddr_t)ph + SCTP_SIZE32(param_len));
3204 chk_length -= SCTP_SIZE32(param_len);
3207 /* we have no response free the stuff */
3208 goto strres_nochunk;
3210 /* ok we have a chunk to link in */
3211 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue,
3214 stcb->asoc.ctrl_queue_cnt++;
3219 * Handle a router or endpoints report of a packet loss, there are two ways
3220 * to handle this, either we get the whole packet and must disect it
3221 * ourselves (possibly with truncation and or corruption) or it is a summary
3222 * from a middle box that did the disectting for us.
3225 sctp_handle_packet_dropped(struct sctp_pktdrop_chunk *cp,
3226 struct sctp_tcb *stcb, struct sctp_nets *net)
3228 uint32_t bottle_bw, on_queue;
3232 struct sctp_chunk_desc desc;
3233 struct sctp_chunkhdr *ch;
3235 chlen = ntohs(cp->ch.chunk_length);
3236 chlen -= sizeof(struct sctp_pktdrop_chunk);
3237 /* XXX possible chlen underflow */
3240 if (cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX)
3241 SCTP_STAT_INCR(sctps_pdrpbwrpt);
3243 ch = (struct sctp_chunkhdr *)(cp->data + sizeof(struct sctphdr));
3244 chlen -= sizeof(struct sctphdr);
3245 /* XXX possible chlen underflow */
3246 memset(&desc, 0, sizeof(desc));
3248 trunc_len = (uint16_t) ntohs(cp->trunc_len);
3249 /* now the chunks themselves */
3250 while ((ch != NULL) && (chlen >= sizeof(struct sctp_chunkhdr))) {
3251 desc.chunk_type = ch->chunk_type;
3252 /* get amount we need to move */
3253 at = ntohs(ch->chunk_length);
3254 if (at < sizeof(struct sctp_chunkhdr)) {
3255 /* corrupt chunk, maybe at the end? */
3256 SCTP_STAT_INCR(sctps_pdrpcrupt);
3259 if (trunc_len == 0) {
3260 /* we are supposed to have all of it */
3262 /* corrupt skip it */
3263 SCTP_STAT_INCR(sctps_pdrpcrupt);
3267 /* is there enough of it left ? */
3268 if (desc.chunk_type == SCTP_DATA) {
3269 if (chlen < (sizeof(struct sctp_data_chunk) +
3270 sizeof(desc.data_bytes))) {
3274 if (chlen < sizeof(struct sctp_chunkhdr)) {
3279 if (desc.chunk_type == SCTP_DATA) {
3280 /* can we get out the tsn? */
3281 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX))
3282 SCTP_STAT_INCR(sctps_pdrpmbda);
3284 if (chlen >= (sizeof(struct sctp_data_chunk) + sizeof(uint32_t))) {
3286 struct sctp_data_chunk *dcp;
3290 dcp = (struct sctp_data_chunk *)ch;
3291 ddp = (uint8_t *) (dcp + 1);
3292 for (iii = 0; iii < sizeof(desc.data_bytes); iii++) {
3293 desc.data_bytes[iii] = ddp[iii];
3295 desc.tsn_ifany = dcp->dp.tsn;
3297 /* nope we are done. */
3298 SCTP_STAT_INCR(sctps_pdrpnedat);
3302 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX))
3303 SCTP_STAT_INCR(sctps_pdrpmbct);
3306 if (process_chunk_drop(stcb, &desc, net, cp->ch.chunk_flags)) {
3307 SCTP_STAT_INCR(sctps_pdrppdbrk);
3310 if (SCTP_SIZE32(at) > chlen) {
3313 chlen -= SCTP_SIZE32(at);
3314 if (chlen < sizeof(struct sctp_chunkhdr)) {
3315 /* done, none left */
3318 ch = (struct sctp_chunkhdr *)((caddr_t)ch + SCTP_SIZE32(at));
3320 /* Now update any rwnd --- possibly */
3321 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX) == 0) {
3322 /* From a peer, we get a rwnd report */
3325 SCTP_STAT_INCR(sctps_pdrpfehos);
3327 bottle_bw = ntohl(cp->bottle_bw);
3328 on_queue = ntohl(cp->current_onq);
3329 if (bottle_bw && on_queue) {
3330 /* a rwnd report is in here */
3331 if (bottle_bw > on_queue)
3332 a_rwnd = bottle_bw - on_queue;
3337 stcb->asoc.peers_rwnd = 0;
3339 if (a_rwnd > stcb->asoc.total_flight) {
3340 stcb->asoc.peers_rwnd =
3341 a_rwnd - stcb->asoc.total_flight;
3343 stcb->asoc.peers_rwnd = 0;
3345 if (stcb->asoc.peers_rwnd <
3346 stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
3347 /* SWS sender side engages */
3348 stcb->asoc.peers_rwnd = 0;
3353 SCTP_STAT_INCR(sctps_pdrpfmbox);
3356 /* now middle boxes in sat networks get a cwnd bump */
3357 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX) &&
3358 (stcb->asoc.sat_t3_loss_recovery == 0) &&
3359 (stcb->asoc.sat_network)) {
3361 * This is debateable but for sat networks it makes sense
3362 * Note if a T3 timer has went off, we will prohibit any
3363 * changes to cwnd until we exit the t3 loss recovery.
3368 #ifdef SCTP_CWND_MONITOR
3369 int old_cwnd = net->cwnd;
3372 /* need real RTT for this calc */
3373 rtt = ((net->lastsa >> 2) + net->lastsv) >> 1;
3374 /* get bottle neck bw */
3375 bottle_bw = ntohl(cp->bottle_bw);
3376 /* and whats on queue */
3377 on_queue = ntohl(cp->current_onq);
3379 * adjust the on-queue if our flight is more it could be
3380 * that the router has not yet gotten data "in-flight" to it
3382 if (on_queue < net->flight_size)
3383 on_queue = net->flight_size;
3385 /* calculate the available space */
3386 bw_avail = (bottle_bw * rtt) / 1000;
3387 if (bw_avail > bottle_bw) {
3389 * Cap the growth to no more than the bottle neck.
3390 * This can happen as RTT slides up due to queues.
3391 * It also means if you have more than a 1 second
3392 * RTT with a empty queue you will be limited to the
3393 * bottle_bw per second no matter if other points
3394 * have 1/2 the RTT and you could get more out...
3396 bw_avail = bottle_bw;
3398 if (on_queue > bw_avail) {
3400 * No room for anything else don't allow anything
3401 * else to be "added to the fire".
3403 int seg_inflight, seg_onqueue, my_portion;
3405 net->partial_bytes_acked = 0;
3407 /* how much are we over queue size? */
3408 incr = on_queue - bw_avail;
3409 if (stcb->asoc.seen_a_sack_this_pkt) {
3411 * undo any cwnd adjustment that the sack
3414 net->cwnd = net->prev_cwnd;
3416 /* Now how much of that is mine? */
3417 seg_inflight = net->flight_size / net->mtu;
3418 seg_onqueue = on_queue / net->mtu;
3419 my_portion = (incr * seg_inflight) / seg_onqueue;
3421 /* Have I made an adjustment already */
3422 if (net->cwnd > net->flight_size) {
3424 * for this flight I made an adjustment we
3425 * need to decrease the portion by a share
3426 * our previous adjustment.
3430 diff_adj = net->cwnd - net->flight_size;
3431 if (diff_adj > my_portion)
3434 my_portion -= diff_adj;
3437 * back down to the previous cwnd (assume we have
3438 * had a sack before this packet). minus what ever
3439 * portion of the overage is my fault.
3441 net->cwnd -= my_portion;
3443 /* we will NOT back down more than 1 MTU */
3444 if (net->cwnd <= net->mtu) {
3445 net->cwnd = net->mtu;
3448 net->ssthresh = net->cwnd - 1;
3451 * Take 1/4 of the space left or max burst up ..
3452 * whichever is less.
3454 incr = min((bw_avail - on_queue) >> 2,
3455 (int)stcb->asoc.max_burst * (int)net->mtu);
3458 if (net->cwnd > bw_avail) {
3459 /* We can't exceed the pipe size */
3460 net->cwnd = bw_avail;
3462 if (net->cwnd < net->mtu) {
3463 /* We always have 1 MTU */
3464 net->cwnd = net->mtu;
3466 #ifdef SCTP_CWND_MONITOR
3467 if (net->cwnd - old_cwnd != 0) {
3468 /* log only changes */
3469 sctp_log_cwnd(stcb, net, (net->cwnd - old_cwnd),
3470 SCTP_CWND_LOG_FROM_SAT);
3476 extern int sctp_strict_init;
3477 extern int sctp_abort_if_one_2_one_hits_limit;
3480 * handles all control chunks in a packet inputs: - m: mbuf chain, assumed to
3481 * still contain IP/SCTP header - stcb: is the tcb found for this packet -
3482 * offset: offset into the mbuf chain to first chunkhdr - length: is the
3483 * length of the complete packet outputs: - length: modified to remaining
3484 * length after control processing - netp: modified to new sctp_nets after
3485 * cookie-echo processing - return NULL to discard the packet (ie. no asoc,
3486 * bad packet,...) otherwise return the tcb for this packet
3488 static struct sctp_tcb *
3489 sctp_process_control(struct mbuf *m, int iphlen, int *offset, int length,
3490 struct sctphdr *sh, struct sctp_chunkhdr *ch, struct sctp_inpcb *inp,
3491 struct sctp_tcb *stcb, struct sctp_nets **netp, int *fwd_tsn_seen)
3493 struct sctp_association *asoc;
3495 int num_chunks = 0; /* number of control chunks processed */
3500 * How big should this be, and should it be alloc'd? Lets try the
3501 * d-mtu-ceiling for now (2k) and that should hopefully work ...
3502 * until we get into jumbo grams and such..
3504 uint8_t chunk_buf[DEFAULT_CHUNK_BUFFER];
3505 struct sctp_tcb *locked_tcb = stcb;
3507 uint32_t auth_offset = 0, auth_len = 0;
3508 int auth_skipped = 0;
3511 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
3512 printf("sctp_process_control: iphlen=%u, offset=%u, length=%u stcb:%p\n",
3513 iphlen, *offset, length, stcb);
3515 #endif /* SCTP_DEBUG */
3517 /* validate chunk header length... */
3518 if (ntohs(ch->chunk_length) < sizeof(*ch)) {
3522 * validate the verification tag
3524 vtag_in = ntohl(sh->v_tag);
3527 SCTP_TCB_LOCK_ASSERT(locked_tcb);
3529 if (ch->chunk_type == SCTP_INITIATION) {
3531 /* protocol error- silently discard... */
3532 SCTP_STAT_INCR(sctps_badvtag);
3534 SCTP_TCB_UNLOCK(locked_tcb);
3537 } else if (ch->chunk_type != SCTP_COOKIE_ECHO) {
3539 * If there is no stcb, skip the AUTH chunk and process
3540 * later after a stcb is found (to validate the lookup was
3543 if ((ch->chunk_type == SCTP_AUTHENTICATION) &&
3544 (stcb == NULL) && !sctp_auth_disable) {
3545 /* save this chunk for later processing */
3547 auth_offset = *offset;
3548 auth_len = ntohs(ch->chunk_length);
3550 /* (temporarily) move past this chunk */
3551 *offset += SCTP_SIZE32(auth_len);
3552 if (*offset >= length) {
3553 /* no more data left in the mbuf chain */
3557 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
3558 sizeof(struct sctp_chunkhdr), chunk_buf);
3560 if (ch->chunk_type == SCTP_COOKIE_ECHO) {
3561 goto process_control_chunks;
3564 * first check if it's an ASCONF with an unknown src addr we
3565 * need to look inside to find the association
3567 if (ch->chunk_type == SCTP_ASCONF && stcb == NULL) {
3568 /* inp's refcount may be reduced */
3569 SCTP_INP_INCR_REF(inp);
3571 stcb = sctp_findassociation_ep_asconf(m, iphlen,
3572 *offset, sh, &inp, netp);
3575 * reduce inp's refcount if not reduced in
3576 * sctp_findassociation_ep_asconf().
3578 SCTP_INP_DECR_REF(inp);
3580 /* now go back and verify any auth chunk to be sure */
3581 if (auth_skipped && (stcb != NULL)) {
3582 struct sctp_auth_chunk *auth;
3584 auth = (struct sctp_auth_chunk *)
3585 sctp_m_getptr(m, auth_offset,
3586 auth_len, chunk_buf);
3589 if (sctp_handle_auth(stcb, auth, m,
3591 /* auth HMAC failed so dump it */
3595 /* remaining chunks are HMAC checked */
3596 stcb->asoc.authenticated = 1;
3601 /* no association, so it's out of the blue... */
3602 sctp_handle_ootb(m, iphlen, *offset, sh, inp, NULL);
3605 SCTP_TCB_UNLOCK(locked_tcb);
3609 /* ABORT and SHUTDOWN can use either v_tag... */
3610 if ((ch->chunk_type == SCTP_ABORT_ASSOCIATION) ||
3611 (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) ||
3612 (ch->chunk_type == SCTP_PACKET_DROPPED)) {
3613 if ((vtag_in == asoc->my_vtag) ||
3614 ((ch->chunk_flags & SCTP_HAD_NO_TCB) &&
3615 (vtag_in == asoc->peer_vtag))) {
3618 /* drop this packet... */
3619 SCTP_STAT_INCR(sctps_badvtag);
3621 SCTP_TCB_UNLOCK(locked_tcb);
3624 } else if (ch->chunk_type == SCTP_SHUTDOWN_ACK) {
3625 if (vtag_in != asoc->my_vtag) {
3627 * this could be a stale SHUTDOWN-ACK or the
3628 * peer never got the SHUTDOWN-COMPLETE and
3629 * is still hung; we have started a new asoc
3630 * but it won't complete until the shutdown
3634 SCTP_TCB_UNLOCK(locked_tcb);
3635 sctp_handle_ootb(m, iphlen, *offset, sh, inp,
3640 /* for all other chunks, vtag must match */
3641 if (vtag_in != asoc->my_vtag) {
3642 /* invalid vtag... */
3644 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3645 printf("invalid vtag: %xh, expect %xh\n", vtag_in, asoc->my_vtag);
3647 #endif /* SCTP_DEBUG */
3648 SCTP_STAT_INCR(sctps_badvtag);
3650 SCTP_TCB_UNLOCK(locked_tcb);
3655 } /* end if !SCTP_COOKIE_ECHO */
3657 * process all control chunks...
3659 if (((ch->chunk_type == SCTP_SELECTIVE_ACK) ||
3660 (ch->chunk_type == SCTP_HEARTBEAT_REQUEST)) &&
3661 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_ECHOED)) {
3662 /* implied cookie-ack.. we must have lost the ack */
3663 stcb->asoc.overall_error_count = 0;
3664 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb,
3667 process_control_chunks:
3669 while (IS_SCTP_CONTROL(ch)) {
3670 /* validate chunk length */
3671 chk_length = ntohs(ch->chunk_length);
3673 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
3674 printf("sctp_process_control: processing a chunk type=%u, len=%u\n",
3675 ch->chunk_type, chk_length);
3677 #endif /* SCTP_DEBUG */
3678 if ((size_t)chk_length < sizeof(*ch) ||
3679 (*offset + chk_length) > length) {
3682 SCTP_TCB_UNLOCK(locked_tcb);
3685 SCTP_STAT_INCR_COUNTER64(sctps_incontrolchunks);
3687 * INIT-ACK only gets the init ack "header" portion only
3688 * because we don't have to process the peer's COOKIE. All
3689 * others get a complete chunk.
3691 if (ch->chunk_type == SCTP_INITIATION_ACK) {
3692 /* get an init-ack chunk */
3693 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
3694 sizeof(struct sctp_init_ack_chunk), chunk_buf);
3698 SCTP_TCB_UNLOCK(locked_tcb);
3702 /* get a complete chunk... */
3703 if ((size_t)chk_length > sizeof(chunk_buf)) {
3705 struct sctp_paramhdr *phdr;
3708 oper = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
3709 1, M_DONTWAIT, 1, MT_DATA);
3711 /* pre-reserve some space */
3712 oper->m_data += sizeof(struct sctp_chunkhdr);
3713 oper->m_len = sizeof(struct sctp_paramhdr);
3714 oper->m_pkthdr.len = oper->m_len;
3715 phdr = mtod(oper, struct sctp_paramhdr *);
3716 phdr->param_type = htons(SCTP_CAUSE_OUT_OF_RESC);
3717 phdr->param_length = htons(sizeof(struct sctp_paramhdr));
3718 sctp_queue_op_err(stcb, oper);
3721 SCTP_TCB_UNLOCK(locked_tcb);
3724 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
3725 chk_length, chunk_buf);
3727 printf("sctp_process_control: Can't get the all data....\n");
3730 SCTP_TCB_UNLOCK(locked_tcb);
3735 /* Save off the last place we got a control from */
3737 if ((*netp != NULL) || (ch->chunk_type == SCTP_ASCONF)) {
3739 * allow last_control to be NULL if
3740 * ASCONF... ASCONF processing will find the
3743 stcb->asoc.last_control_chunk_from = *netp;
3746 #ifdef SCTP_AUDITING_ENABLED
3747 sctp_audit_log(0xB0, ch->chunk_type);
3750 /* check to see if this chunk required auth, but isn't */
3751 if ((stcb != NULL) && !sctp_auth_disable &&
3752 sctp_auth_is_required_chunk(ch->chunk_type,
3753 stcb->asoc.local_auth_chunks) &&
3754 !stcb->asoc.authenticated) {
3755 /* "silently" ignore */
3756 SCTP_STAT_INCR(sctps_recvauthmissing);
3759 switch (ch->chunk_type) {
3760 case SCTP_INITIATION:
3761 /* must be first and only chunk */
3763 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3764 printf("SCTP_INIT\n");
3766 #endif /* SCTP_DEBUG */
3767 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
3768 /* We are not interested anymore? */
3769 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
3771 * collision case where we are
3772 * sending to them too
3777 SCTP_TCB_UNLOCK(locked_tcb);
3782 if ((num_chunks > 1) ||
3783 (sctp_strict_init && (length - *offset > SCTP_SIZE32(chk_length)))) {
3786 SCTP_TCB_UNLOCK(locked_tcb);
3789 if ((stcb != NULL) &&
3790 (SCTP_GET_STATE(&stcb->asoc) ==
3791 SCTP_STATE_SHUTDOWN_ACK_SENT)) {
3792 sctp_send_shutdown_ack(stcb,
3793 stcb->asoc.primary_destination);
3795 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC);
3797 SCTP_TCB_UNLOCK(locked_tcb);
3800 sctp_handle_init(m, iphlen, *offset, sh,
3801 (struct sctp_init_chunk *)ch, inp, stcb, *netp);
3804 SCTP_TCB_UNLOCK(locked_tcb);
3807 case SCTP_INITIATION_ACK:
3808 /* must be first and only chunk */
3810 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3811 printf("SCTP_INIT-ACK\n");
3813 #endif /* SCTP_DEBUG */
3814 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
3815 /* We are not interested anymore */
3816 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
3820 SCTP_TCB_UNLOCK(locked_tcb);
3823 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_26);
3828 if ((num_chunks > 1) ||
3829 (sctp_strict_init && (length - *offset > SCTP_SIZE32(chk_length)))) {
3832 SCTP_TCB_UNLOCK(locked_tcb);
3835 ret = sctp_handle_init_ack(m, iphlen, *offset, sh,
3836 (struct sctp_init_ack_chunk *)ch, stcb, *netp);
3838 * Special case, I must call the output routine to
3839 * get the cookie echoed
3841 if ((stcb) && ret == 0)
3842 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC);
3845 SCTP_TCB_UNLOCK(locked_tcb);
3848 case SCTP_SELECTIVE_ACK:
3850 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3851 printf("SCTP_SACK\n");
3853 #endif /* SCTP_DEBUG */
3854 SCTP_STAT_INCR(sctps_recvsacks);
3856 struct sctp_sack_chunk *sack;
3858 uint32_t a_rwnd, cum_ack;
3862 sack = (struct sctp_sack_chunk *)ch;
3864 nonce_sum_flag = ch->chunk_flags & SCTP_SACK_NONCE_SUM;
3865 cum_ack = ntohl(sack->sack.cum_tsn_ack);
3866 num_seg = ntohs(sack->sack.num_gap_ack_blks);
3867 a_rwnd = (uint32_t) ntohl(sack->sack.a_rwnd);
3868 stcb->asoc.seen_a_sack_this_pkt = 1;
3869 if ((stcb->asoc.pr_sctp_cnt == 0) &&
3871 ((compare_with_wrap(cum_ack, stcb->asoc.last_acked_seq, MAX_TSN)) ||
3872 (cum_ack == stcb->asoc.last_acked_seq)) &&
3873 (stcb->asoc.saw_sack_with_frags == 0) &&
3874 (!TAILQ_EMPTY(&stcb->asoc.sent_queue))
3877 * We have a SIMPLE sack having no
3878 * prior segments and data on sent
3879 * queue to be acked.. Use the
3880 * faster path sack processing. We
3881 * also allow window update sacks
3882 * with no missing segments to go
3885 sctp_express_handle_sack(stcb, cum_ack, a_rwnd, nonce_sum_flag, &abort_now);
3887 sctp_handle_sack(sack, stcb, *netp, &abort_now);
3890 /* ABORT signal from sack processing */
3896 case SCTP_HEARTBEAT_REQUEST:
3898 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3899 printf("SCTP_HEARTBEAT\n");
3901 #endif /* SCTP_DEBUG */
3902 SCTP_STAT_INCR(sctps_recvheartbeat);
3903 sctp_send_heartbeat_ack(stcb, m, *offset, chk_length,
3906 /* He's alive so give him credit */
3907 stcb->asoc.overall_error_count = 0;
3909 case SCTP_HEARTBEAT_ACK:
3911 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3912 printf("SCTP_HEARTBEAT-ACK\n");
3914 #endif /* SCTP_DEBUG */
3916 /* He's alive so give him credit */
3917 stcb->asoc.overall_error_count = 0;
3918 SCTP_STAT_INCR(sctps_recvheartbeatack);
3919 sctp_handle_heartbeat_ack((struct sctp_heartbeat_chunk *)ch,
3922 case SCTP_ABORT_ASSOCIATION:
3924 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3925 printf("SCTP_ABORT\n");
3927 #endif /* SCTP_DEBUG */
3928 sctp_handle_abort((struct sctp_abort_chunk *)ch,
3935 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3936 printf("SCTP_SHUTDOWN\n");
3938 #endif /* SCTP_DEBUG */
3942 sctp_handle_shutdown((struct sctp_shutdown_chunk *)ch,
3943 stcb, *netp, &abort_flag);
3950 case SCTP_SHUTDOWN_ACK:
3952 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3953 printf("SCTP_SHUTDOWN-ACK\n");
3955 #endif /* SCTP_DEBUG */
3956 sctp_handle_shutdown_ack((struct sctp_shutdown_ack_chunk *)ch, stcb, *netp);
3960 case SCTP_OPERATION_ERROR:
3962 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3963 printf("SCTP_OP-ERR\n");
3965 #endif /* SCTP_DEBUG */
3966 if (sctp_handle_error(ch, stcb, *netp) < 0) {
3971 case SCTP_COOKIE_ECHO:
3973 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3974 printf("SCTP_COOKIE-ECHO stcb is %p\n", stcb);
3976 #endif /* SCTP_DEBUG */
3977 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
3980 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) &&
3982 /* We are not interested anymore */
3988 * First are we accepting? We do this again here
3989 * since it is possible that a previous endpoint WAS
3990 * listening responded to a INIT-ACK and then
3991 * closed. We opened and bound.. and are now no
3994 if (inp->sctp_socket->so_qlimit == 0) {
3995 if ((stcb) && (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
3997 * special case, is this a retran'd
3998 * COOKIE-ECHO or a restarting assoc
3999 * that is a peeled off or
4000 * one-to-one style socket.
4002 goto process_cookie_anyway;
4004 sctp_abort_association(inp, stcb, m, iphlen, sh,
4008 } else if (inp->sctp_socket->so_qlimit) {
4009 /* we are accepting so check limits like TCP */
4010 if (inp->sctp_socket->so_qlen >
4011 inp->sctp_socket->so_qlimit) {
4014 struct sctp_paramhdr *phdr;
4016 if (sctp_abort_if_one_2_one_hits_limit) {
4018 oper = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
4019 1, M_DONTWAIT, 1, MT_DATA);
4022 oper->m_pkthdr.len =
4023 sizeof(struct sctp_paramhdr);
4025 struct sctp_paramhdr *);
4027 htons(SCTP_CAUSE_OUT_OF_RESC);
4028 phdr->param_length =
4029 htons(sizeof(struct sctp_paramhdr));
4031 sctp_abort_association(inp, stcb, m,
4038 process_cookie_anyway:
4040 struct mbuf *ret_buf;
4041 struct sctp_inpcb *linp;
4049 SCTP_ASOC_CREATE_LOCK(linp);
4051 sctp_handle_cookie_echo(m, iphlen,
4053 (struct sctp_cookie_echo_chunk *)ch,
4060 SCTP_ASOC_CREATE_UNLOCK(linp);
4061 if (ret_buf == NULL) {
4063 SCTP_TCB_UNLOCK(locked_tcb);
4066 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4067 printf("GAK, null buffer\n");
4069 #endif /* SCTP_DEBUG */
4074 /* if AUTH skipped, see if it verified... */
4079 if (!TAILQ_EMPTY(&stcb->asoc.sent_queue)) {
4081 * Restart the timer if we have
4084 struct sctp_tmit_chunk *chk;
4086 chk = TAILQ_FIRST(&stcb->asoc.sent_queue);
4088 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
4089 stcb->sctp_ep, stcb,
4095 case SCTP_COOKIE_ACK:
4097 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4098 printf("SCTP_COOKIE-ACK\n");
4100 #endif /* SCTP_DEBUG */
4102 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4103 /* We are not interested anymore */
4104 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
4107 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_27);
4112 /* He's alive so give him credit */
4113 stcb->asoc.overall_error_count = 0;
4114 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, *netp);
4118 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4119 printf("SCTP_ECN-ECHO\n");
4121 #endif /* SCTP_DEBUG */
4122 /* He's alive so give him credit */
4123 stcb->asoc.overall_error_count = 0;
4124 sctp_handle_ecn_echo((struct sctp_ecne_chunk *)ch,
4129 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4130 printf("SCTP_ECN-CWR\n");
4132 #endif /* SCTP_DEBUG */
4133 /* He's alive so give him credit */
4134 stcb->asoc.overall_error_count = 0;
4136 sctp_handle_ecn_cwr((struct sctp_cwr_chunk *)ch, stcb);
4138 case SCTP_SHUTDOWN_COMPLETE:
4140 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4141 printf("SCTP_SHUTDOWN-COMPLETE\n");
4143 #endif /* SCTP_DEBUG */
4144 /* must be first and only chunk */
4145 if ((num_chunks > 1) ||
4146 (length - *offset > SCTP_SIZE32(chk_length))) {
4149 SCTP_TCB_UNLOCK(locked_tcb);
4153 sctp_handle_shutdown_complete((struct sctp_shutdown_complete_chunk *)ch,
4160 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4161 printf("SCTP_ASCONF\n");
4163 #endif /* SCTP_DEBUG */
4164 /* He's alive so give him credit */
4165 stcb->asoc.overall_error_count = 0;
4167 sctp_handle_asconf(m, *offset,
4168 (struct sctp_asconf_chunk *)ch, stcb);
4170 case SCTP_ASCONF_ACK:
4172 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4173 printf("SCTP_ASCONF-ACK\n");
4175 #endif /* SCTP_DEBUG */
4176 /* He's alive so give him credit */
4177 stcb->asoc.overall_error_count = 0;
4179 sctp_handle_asconf_ack(m, *offset,
4180 (struct sctp_asconf_ack_chunk *)ch, stcb, *netp);
4182 case SCTP_FORWARD_CUM_TSN:
4184 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4185 printf("SCTP_FWD-TSN\n");
4187 #endif /* SCTP_DEBUG */
4188 /* He's alive so give him credit */
4192 stcb->asoc.overall_error_count = 0;
4194 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4195 /* We are not interested anymore */
4196 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_28);
4200 sctp_handle_forward_tsn(stcb,
4201 (struct sctp_forward_tsn_chunk *)ch, &abort_flag);
4206 stcb->asoc.overall_error_count = 0;
4211 case SCTP_STREAM_RESET:
4213 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4214 printf("SCTP_STREAM_RESET\n");
4216 #endif /* SCTP_DEBUG */
4217 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4218 chk_length, chunk_buf);
4219 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4220 /* We are not interested anymore */
4221 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_29);
4225 if (stcb->asoc.peer_supports_strreset == 0) {
4227 * hmm, peer should have announced this, but
4228 * we will turn it on since he is sending us
4231 stcb->asoc.peer_supports_strreset = 1;
4233 if (sctp_handle_stream_reset(stcb, (struct sctp_stream_reset_out_req *)ch)) {
4234 /* stop processing */
4239 case SCTP_PACKET_DROPPED:
4241 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4242 printf("SCTP_PACKET_DROPPED\n");
4244 #endif /* SCTP_DEBUG */
4245 /* re-get it all please */
4246 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4247 chk_length, chunk_buf);
4249 sctp_handle_packet_dropped((struct sctp_pktdrop_chunk *)ch,
4254 case SCTP_AUTHENTICATION:
4256 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4257 printf("SCTP_AUTHENTICATION\n");
4259 #endif /* SCTP_DEBUG */
4260 if (sctp_auth_disable)
4264 /* save the first AUTH for later processing */
4265 if (auth_skipped == 0) {
4266 auth_offset = *offset;
4267 auth_len = chk_length;
4270 /* skip this chunk (temporarily) */
4273 if (got_auth == 1) {
4274 /* skip this chunk... it's already auth'd */
4277 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4278 chk_length, chunk_buf);
4280 if (sctp_handle_auth(stcb, (struct sctp_auth_chunk *)ch,
4282 /* auth HMAC failed so dump the packet */
4286 /* remaining chunks are HMAC checked */
4287 stcb->asoc.authenticated = 1;
4293 /* it's an unknown chunk! */
4294 if ((ch->chunk_type & 0x40) && (stcb != NULL)) {
4296 struct sctp_paramhdr *phd;
4298 mm = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
4299 1, M_DONTWAIT, 1, MT_DATA);
4301 phd = mtod(mm, struct sctp_paramhdr *);
4303 * We cheat and use param type since
4304 * we did not bother to define a
4305 * error cause struct. They are the
4306 * same basic format with different
4309 phd->param_type = htons(SCTP_CAUSE_UNRECOG_CHUNK);
4310 phd->param_length = htons(chk_length + sizeof(*phd));
4311 mm->m_len = sizeof(*phd);
4312 mm->m_next = sctp_m_copym(m, *offset, SCTP_SIZE32(chk_length),
4315 mm->m_pkthdr.len = SCTP_SIZE32(chk_length) + sizeof(*phd);
4316 sctp_queue_op_err(stcb, mm);
4322 if ((ch->chunk_type & 0x80) == 0) {
4323 /* discard this packet */
4326 } /* else skip this bad chunk and continue... */
4328 } /* switch (ch->chunk_type) */
4332 /* get the next chunk */
4333 *offset += SCTP_SIZE32(chk_length);
4334 if (*offset >= length) {
4335 /* no more data left in the mbuf chain */
4338 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4339 sizeof(struct sctp_chunkhdr), chunk_buf);
4342 SCTP_TCB_UNLOCK(locked_tcb);
4352 * Process the ECN bits we have something set so we must look to see if it is
4353 * ECN(0) or ECN(1) or CE
4355 static __inline void
4356 sctp_process_ecn_marked_a(struct sctp_tcb *stcb, struct sctp_nets *net,
4359 if ((ecn_bits & SCTP_CE_BITS) == SCTP_CE_BITS) {
4361 } else if ((ecn_bits & SCTP_ECT1_BIT) == SCTP_ECT1_BIT) {
4363 * we only add to the nonce sum for ECT1, ECT0 does not
4364 * change the NS bit (that we have yet to find a way to send
4368 /* ECN Nonce stuff */
4369 stcb->asoc.receiver_nonce_sum++;
4370 stcb->asoc.receiver_nonce_sum &= SCTP_SACK_NONCE_SUM;
4373 * Drag up the last_echo point if cumack is larger since we
4374 * don't want the point falling way behind by more than
4375 * 2^^31 and then having it be incorrect.
4377 if (compare_with_wrap(stcb->asoc.cumulative_tsn,
4378 stcb->asoc.last_echo_tsn, MAX_TSN)) {
4379 stcb->asoc.last_echo_tsn = stcb->asoc.cumulative_tsn;
4381 } else if ((ecn_bits & SCTP_ECT0_BIT) == SCTP_ECT0_BIT) {
4383 * Drag up the last_echo point if cumack is larger since we
4384 * don't want the point falling way behind by more than
4385 * 2^^31 and then having it be incorrect.
4387 if (compare_with_wrap(stcb->asoc.cumulative_tsn,
4388 stcb->asoc.last_echo_tsn, MAX_TSN)) {
4389 stcb->asoc.last_echo_tsn = stcb->asoc.cumulative_tsn;
4394 static __inline void
4395 sctp_process_ecn_marked_b(struct sctp_tcb *stcb, struct sctp_nets *net,
4396 uint32_t high_tsn, uint8_t ecn_bits)
4398 if ((ecn_bits & SCTP_CE_BITS) == SCTP_CE_BITS) {
4400 * we possibly must notify the sender that a congestion
4401 * window reduction is in order. We do this by adding a ECNE
4402 * chunk to the output chunk queue. The incoming CWR will
4403 * remove this chunk.
4405 if (compare_with_wrap(high_tsn, stcb->asoc.last_echo_tsn,
4407 /* Yep, we need to add a ECNE */
4408 sctp_send_ecn_echo(stcb, net, high_tsn);
4409 stcb->asoc.last_echo_tsn = high_tsn;
4415 * common input chunk processing (v4 and v6)
4418 sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset,
4419 int length, struct sctphdr *sh, struct sctp_chunkhdr *ch,
4420 struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets *net,
4424 * Control chunk processing
4427 int fwd_tsn_seen = 0, data_processed = 0;
4428 struct mbuf *m = *mm;
4432 SCTP_STAT_INCR(sctps_recvdatagrams);
4433 #ifdef SCTP_AUDITING_ENABLED
4434 sctp_audit_log(0xE0, 1);
4435 sctp_auditing(0, inp, stcb, net);
4439 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4440 printf("Ok, Common input processing called, m:%p iphlen:%d offset:%d\n",
4443 #endif /* SCTP_DEBUG */
4446 /* always clear this before beginning a packet */
4447 stcb->asoc.authenticated = 0;
4448 stcb->asoc.seen_a_sack_this_pkt = 0;
4450 if (IS_SCTP_CONTROL(ch)) {
4451 /* process the control portion of the SCTP packet */
4452 stcb = sctp_process_control(m, iphlen, &offset, length, sh, ch,
4453 inp, stcb, &net, &fwd_tsn_seen);
4456 * This covers us if the cookie-echo was there and
4457 * it changes our INP.
4459 inp = stcb->sctp_ep;
4463 * no control chunks, so pre-process DATA chunks (these
4464 * checks are taken care of by control processing)
4468 * if DATA only packet, and auth is required, then punt...
4469 * can't have authenticated without any AUTH (control)
4472 if ((stcb != NULL) && !sctp_auth_disable &&
4473 sctp_auth_is_required_chunk(SCTP_DATA,
4474 stcb->asoc.local_auth_chunks)) {
4475 /* "silently" ignore */
4476 SCTP_STAT_INCR(sctps_recvauthmissing);
4477 SCTP_TCB_UNLOCK(stcb);
4481 /* out of the blue DATA chunk */
4482 sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL);
4485 if (stcb->asoc.my_vtag != ntohl(sh->v_tag)) {
4486 /* v_tag mismatch! */
4487 SCTP_STAT_INCR(sctps_badvtag);
4488 SCTP_TCB_UNLOCK(stcb);
4495 * no valid TCB for this packet, or we found it's a bad
4496 * packet while processing control, or we're done with this
4497 * packet (done or skip rest of data), so we drop it...
4502 * DATA chunk processing
4504 /* plow through the data chunks while length > offset */
4507 * Rest should be DATA only. Check authentication state if AUTH for
4510 if ((length > offset) && (stcb != NULL) && !sctp_auth_disable &&
4511 sctp_auth_is_required_chunk(SCTP_DATA,
4512 stcb->asoc.local_auth_chunks) &&
4513 !stcb->asoc.authenticated) {
4514 /* "silently" ignore */
4515 SCTP_STAT_INCR(sctps_recvauthmissing);
4517 if (sctp_debug_on & SCTP_DEBUG_AUTH1)
4518 printf("Data chunk requires AUTH, skipped\n");
4522 if (length > offset) {
4526 * First check to make sure our state is correct. We would
4527 * not get here unless we really did have a tag, so we don't
4528 * abort if this happens, just dump the chunk silently.
4530 switch (SCTP_GET_STATE(&stcb->asoc)) {
4531 case SCTP_STATE_COOKIE_ECHOED:
4533 * we consider data with valid tags in this state
4534 * shows us the cookie-ack was lost. Imply it was
4537 stcb->asoc.overall_error_count = 0;
4538 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, net);
4540 case SCTP_STATE_COOKIE_WAIT:
4542 * We consider OOTB any data sent during asoc setup.
4544 sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL);
4545 SCTP_TCB_UNLOCK(stcb);
4548 case SCTP_STATE_EMPTY: /* should not happen */
4549 case SCTP_STATE_INUSE: /* should not happen */
4550 case SCTP_STATE_SHUTDOWN_RECEIVED: /* This is a peer error */
4551 case SCTP_STATE_SHUTDOWN_ACK_SENT:
4553 SCTP_TCB_UNLOCK(stcb);
4556 case SCTP_STATE_OPEN:
4557 case SCTP_STATE_SHUTDOWN_SENT:
4560 /* take care of ECN, part 1. */
4561 if (stcb->asoc.ecn_allowed &&
4562 (ecn_bits & (SCTP_ECT0_BIT | SCTP_ECT1_BIT))) {
4563 sctp_process_ecn_marked_a(stcb, net, ecn_bits);
4565 /* plow through the data chunks while length > offset */
4566 retval = sctp_process_data(mm, iphlen, &offset, length, sh,
4567 inp, stcb, net, &high_tsn);
4570 * The association aborted, NO UNLOCK needed since
4571 * the association is destroyed.
4577 /* take care of ecn part 2. */
4578 if (stcb->asoc.ecn_allowed &&
4579 (ecn_bits & (SCTP_ECT0_BIT | SCTP_ECT1_BIT))) {
4580 sctp_process_ecn_marked_b(stcb, net, high_tsn,
4585 * Anything important needs to have been m_copy'ed in
4589 if ((data_processed == 0) && (fwd_tsn_seen)) {
4592 if (compare_with_wrap(stcb->asoc.highest_tsn_inside_map,
4593 stcb->asoc.cumulative_tsn, MAX_TSN)) {
4594 /* there was a gap before this data was processed */
4597 sctp_sack_check(stcb, 1, was_a_gap, &abort_flag);
4599 /* Again, we aborted so NO UNLOCK needed */
4603 /* trigger send of any chunks in queue... */
4605 #ifdef SCTP_AUDITING_ENABLED
4606 sctp_audit_log(0xE0, 2);
4607 sctp_auditing(1, inp, stcb, net);
4610 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4611 printf("Check for chunk output prw:%d tqe:%d tf=%d\n",
4612 stcb->asoc.peers_rwnd,
4613 TAILQ_EMPTY(&stcb->asoc.control_send_queue),
4614 stcb->asoc.total_flight);
4617 un_sent = (stcb->asoc.total_output_queue_size - stcb->asoc.total_flight);
4619 if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue) ||
4621 (stcb->asoc.peers_rwnd > 0 ||
4622 (stcb->asoc.peers_rwnd <= 0 && stcb->asoc.total_flight == 0)))) {
4624 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4625 printf("Calling chunk OUTPUT\n");
4628 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC);
4630 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4631 printf("chunk OUTPUT returns\n");
4635 #ifdef SCTP_AUDITING_ENABLED
4636 sctp_audit_log(0xE0, 3);
4637 sctp_auditing(2, inp, stcb, net);
4639 SCTP_TCB_UNLOCK(stcb);
4643 extern int sctp_no_csum_on_loopback;
4646 int sctp_buf_index = 0;
4647 uint8_t sctp_list_of_chunks[30000];
4656 #ifdef SCTP_MBUF_LOGGING
4665 struct sctp_inpcb *inp = NULL;
4667 uint32_t check, calc_check;
4668 struct sctp_nets *net;
4669 struct sctp_tcb *stcb = NULL;
4670 struct sctp_chunkhdr *ch;
4671 int refcount_up = 0;
4672 int length, mlen, offset;
4677 SCTP_STAT_INCR(sctps_recvpackets);
4678 SCTP_STAT_INCR_COUNTER64(sctps_inpackets);
4681 * Strip IP options, we don't allow any in or out.
4683 #ifdef SCTP_MBUF_LOGGING
4684 /* Log in any input mbufs */
4687 if (mat->m_flags & M_EXT) {
4688 sctp_log_mb(mat, SCTP_MBUF_INPUT);
4693 if ((size_t)iphlen > sizeof(struct ip)) {
4694 ip_stripoptions(m, (struct mbuf *)0);
4695 iphlen = sizeof(struct ip);
4698 * Get IP, SCTP, and first chunk header together in first mbuf.
4700 ip = mtod(m, struct ip *);
4701 offset = iphlen + sizeof(*sh) + sizeof(*ch);
4702 if (m->m_len < offset) {
4703 if ((m = m_pullup(m, offset)) == 0) {
4704 SCTP_STAT_INCR(sctps_hdrops);
4707 ip = mtod(m, struct ip *);
4709 sh = (struct sctphdr *)((caddr_t)ip + iphlen);
4710 ch = (struct sctp_chunkhdr *)((caddr_t)sh + sizeof(*sh));
4712 /* SCTP does not allow broadcasts or multicasts */
4713 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
4716 if (((ch->chunk_type == SCTP_INITIATION) ||
4717 (ch->chunk_type == SCTP_INITIATION_ACK) ||
4718 (ch->chunk_type == SCTP_COOKIE_ECHO)) &&
4719 (in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))) {
4721 * We only look at broadcast if its a front state, All
4722 * others we will not have a tcb for anyway.
4726 /* destination port of 0 is illegal, based on RFC2960. */
4727 if (sh->dest_port == 0) {
4728 SCTP_STAT_INCR(sctps_hdrops);
4731 /* validate SCTP checksum */
4732 if ((sctp_no_csum_on_loopback == 0) ||
4733 (m->m_pkthdr.rcvif == NULL) ||
4734 (m->m_pkthdr.rcvif->if_type != IFT_LOOP)) {
4736 * we do NOT validate things from the loopback if the sysctl
4739 check = sh->checksum; /* save incoming checksum */
4740 if ((check == 0) && (sctp_no_csum_on_loopback)) {
4742 * special hook for where we got a local address
4743 * somehow routed across a non IFT_LOOP type
4746 if (ip->ip_src.s_addr == ip->ip_dst.s_addr)
4747 goto sctp_skip_csum_4;
4749 sh->checksum = 0; /* prepare for calc */
4750 calc_check = sctp_calculate_sum(m, &mlen, iphlen);
4751 if (calc_check != check) {
4753 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4754 printf("Bad CSUM on SCTP packet calc_check:%x check:%x m:%p mlen:%d iphlen:%d\n",
4755 calc_check, check, m, mlen, iphlen);
4759 stcb = sctp_findassociation_addr(m, iphlen,
4760 offset - sizeof(*ch),
4761 sh, ch, &inp, &net);
4762 if ((inp) && (stcb)) {
4763 sctp_send_packet_dropped(stcb, net, m, iphlen, 1);
4764 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_INPUT_ERROR);
4765 } else if ((inp != NULL) && (stcb == NULL)) {
4768 SCTP_STAT_INCR(sctps_badsum);
4769 SCTP_STAT_INCR_COUNTER32(sctps_checksumerrors);
4772 sh->checksum = calc_check;
4775 mlen = m->m_pkthdr.len;
4777 /* validate mbuf chain length with IP payload length */
4778 if (mlen < (ip->ip_len - iphlen)) {
4779 SCTP_STAT_INCR(sctps_hdrops);
4782 /* TEMP log the first chunk */
4785 x = atomic_fetchadd_int(&sctp_buf_index, 1);
4790 sctp_list_of_chunks[x] = ch->chunk_type;
4793 * Locate pcb and tcb for datagram sctp_findassociation_addr() wants
4794 * IP/SCTP/first chunk header...
4796 stcb = sctp_findassociation_addr(m, iphlen, offset - sizeof(*ch),
4797 sh, ch, &inp, &net);
4798 /* inp's ref-count increased && stcb locked */
4800 struct sctp_init_chunk *init_chk, chunk_buf;
4802 SCTP_STAT_INCR(sctps_noport);
4805 * we use the bandwidth limiting to protect against sending
4806 * too many ABORTS all at once. In this case these count the
4807 * same as an ICMP message.
4809 if (badport_bandlim(0) < 0)
4811 #endif /* ICMP_BANDLIM */
4813 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4814 printf("Sending a ABORT from packet entry!\n");
4817 if (ch->chunk_type == SCTP_INITIATION) {
4819 * we do a trick here to get the INIT tag, dig in
4820 * and get the tag from the INIT and put it in the
4823 init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m,
4824 iphlen + sizeof(*sh), sizeof(*init_chk),
4825 (uint8_t *) & chunk_buf);
4826 if (init_chk != NULL)
4827 sh->v_tag = init_chk->init.initiate_tag;
4829 if (ch->chunk_type == SCTP_SHUTDOWN_ACK) {
4830 sctp_send_shutdown_complete2(m, iphlen, sh);
4833 if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) {
4836 if (ch->chunk_type != SCTP_ABORT_ASSOCIATION)
4837 sctp_send_abort(m, iphlen, sh, 0, NULL);
4839 } else if (stcb == NULL) {
4844 * I very much doubt any of the IPSEC stuff will work but I have no
4845 * idea, so I will leave it in place.
4848 if (inp && ipsec4_in_reject(m, &inp->ip_inp.inp)) {
4849 ipsecstat.in_polvio++;
4850 SCTP_STAT_INCR(sctps_hdrops);
4858 * common chunk processing
4860 length = ip->ip_len + iphlen;
4861 offset -= sizeof(struct sctp_chunkhdr);
4863 ecn_bits = ip->ip_tos;
4866 sctp_common_input_processing(&m, iphlen, offset, length, sh, ch,
4867 inp, stcb, net, ecn_bits);
4868 /* inp's ref-count reduced && stcb unlocked */
4873 if ((inp) && (refcount_up)) {
4874 /* reduce ref-count */
4875 SCTP_INP_WLOCK(inp);
4876 SCTP_INP_DECR_REF(inp);
4877 SCTP_INP_WUNLOCK(inp);
4882 SCTP_TCB_UNLOCK(stcb);
4884 if ((inp) && (refcount_up)) {
4885 /* reduce ref-count */
4886 SCTP_INP_WLOCK(inp);
4887 SCTP_INP_DECR_REF(inp);
4888 SCTP_INP_WUNLOCK(inp);
projects / FreeBSD / FreeBSD.git / blob