2 * Copyright (c) 2001-2007, Cisco Systems, Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
7 * a) Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
10 * b) Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the distribution.
14 * c) Neither the name of Cisco Systems, Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
20 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
28 * THE POSSIBILITY OF SUCH DAMAGE.
31 /* $KAME: sctp_input.c,v 1.27 2005/03/06 16:04:17 itojun Exp $ */
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <netinet/sctp_os.h>
37 #include <netinet/sctp_var.h>
38 #include <netinet/sctp_sysctl.h>
39 #include <netinet/sctp_pcb.h>
40 #include <netinet/sctp_header.h>
41 #include <netinet/sctputil.h>
42 #include <netinet/sctp_output.h>
43 #include <netinet/sctp_input.h>
44 #include <netinet/sctp_auth.h>
45 #include <netinet/sctp_indata.h>
46 #include <netinet/sctp_asconf.h>
52 sctp_stop_all_cookie_timers(struct sctp_tcb *stcb)
54 struct sctp_nets *net;
57 * This now not only stops all cookie timers it also stops any INIT
58 * timers as well. This will make sure that the timers are stopped
59 * in all collision cases.
61 SCTP_TCB_LOCK_ASSERT(stcb);
62 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
63 if (net->rxt_timer.type == SCTP_TIMER_TYPE_COOKIE) {
64 sctp_timer_stop(SCTP_TIMER_TYPE_COOKIE,
67 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_1);
68 } else if (net->rxt_timer.type == SCTP_TIMER_TYPE_INIT) {
69 sctp_timer_stop(SCTP_TIMER_TYPE_INIT,
72 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_2);
79 sctp_handle_init(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh,
80 struct sctp_init_chunk *cp, struct sctp_inpcb *inp, struct sctp_tcb *stcb,
81 struct sctp_nets *net)
83 struct sctp_init *init;
88 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
89 printf("sctp_handle_init: handling INIT tcb:%p\n", stcb);
94 /* First are we accepting? */
95 if ((inp->sctp_socket->so_qlimit == 0) && (stcb == NULL)) {
97 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
98 printf("sctp_handle_init: Abort, so_qlimit:%d\n", inp->sctp_socket->so_qlimit);
102 * FIX ME ?? What about TCP model and we have a
103 * match/restart case?
105 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
108 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_chunk)) {
110 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
111 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
114 /* validate parameters */
115 if (init->initiate_tag == 0) {
116 /* protocol error... send abort */
117 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
118 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
121 if (ntohl(init->a_rwnd) < SCTP_MIN_RWND) {
122 /* invalid parameter... send abort */
123 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
124 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
127 if (init->num_inbound_streams == 0) {
128 /* protocol error... send abort */
129 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
130 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
133 if (init->num_outbound_streams == 0) {
134 /* protocol error... send abort */
135 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
136 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err);
139 init_limit = offset + ntohs(cp->ch.chunk_length);
140 if (sctp_validate_init_auth_params(m, offset + sizeof(*cp),
142 /* auth parameter(s) error... send abort */
143 sctp_abort_association(inp, stcb, m, iphlen, sh, NULL);
146 /* send an INIT-ACK w/cookie */
148 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
149 printf("sctp_handle_init: sending INIT-ACK\n");
152 sctp_send_initiate_ack(inp, stcb, m, iphlen, offset, sh, cp);
156 * process peer "INIT/INIT-ACK" chunk returns value < 0 on error
159 sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb,
160 struct sctp_nets *net)
162 struct sctp_init *init;
163 struct sctp_association *asoc;
164 struct sctp_nets *lnet;
169 /* save off parameters */
170 asoc->peer_vtag = ntohl(init->initiate_tag);
171 asoc->peers_rwnd = ntohl(init->a_rwnd);
172 if (TAILQ_FIRST(&asoc->nets)) {
173 /* update any ssthresh's that may have a default */
174 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) {
175 lnet->ssthresh = asoc->peers_rwnd;
177 #if defined(SCTP_CWND_MONITOR) || defined(SCTP_CWND_LOGGING)
178 sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_INITIALIZATION);
183 SCTP_TCB_SEND_LOCK(stcb);
184 if (asoc->pre_open_streams > ntohs(init->num_inbound_streams)) {
186 struct sctp_stream_out *outs;
187 struct sctp_stream_queue_pending *sp;
189 /* cut back on number of streams */
190 newcnt = ntohs(init->num_inbound_streams);
191 /* This if is probably not needed but I am cautious */
193 /* First make sure no data chunks are trapped */
194 for (i = newcnt; i < asoc->pre_open_streams; i++) {
195 outs = &asoc->strmout[i];
196 sp = TAILQ_FIRST(&outs->outqueue);
198 TAILQ_REMOVE(&outs->outqueue, sp,
200 asoc->stream_queue_cnt--;
201 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL,
202 stcb, SCTP_NOTIFY_DATAGRAM_UNSENT,
205 sctp_m_freem(sp->data);
208 sctp_free_remote_addr(sp->net);
211 printf("sp:%p tcb:%p weird free case\n",
214 sctp_free_a_strmoq(stcb, sp);
215 sp = TAILQ_FIRST(&outs->outqueue);
219 /* cut back the count and abandon the upper streams */
220 asoc->pre_open_streams = newcnt;
222 SCTP_TCB_SEND_UNLOCK(stcb);
223 asoc->streamoutcnt = asoc->pre_open_streams;
225 asoc->highest_tsn_inside_map = asoc->asconf_seq_in = ntohl(init->initial_tsn) - 1;
226 #ifdef SCTP_MAP_LOGGING
227 sctp_log_map(0, 5, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
229 /* This is the next one we expect */
230 asoc->str_reset_seq_in = asoc->asconf_seq_in + 1;
232 asoc->mapping_array_base_tsn = ntohl(init->initial_tsn);
233 asoc->cumulative_tsn = asoc->asconf_seq_in;
234 asoc->last_echo_tsn = asoc->asconf_seq_in;
235 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
236 /* open the requested streams */
237 if (asoc->strmin != NULL) {
238 /* Free the old ones */
239 struct sctp_queued_to_read *ctl;
241 for (i = 0; i < asoc->streamincnt; i++) {
242 ctl = TAILQ_FIRST(&asoc->strmin[i].inqueue);
244 TAILQ_REMOVE(&asoc->strmin[i].inqueue, ctl, next);
245 sctp_free_remote_addr(ctl->whoFrom);
246 sctp_m_freem(ctl->data);
248 sctp_free_a_readq(stcb, ctl);
249 ctl = TAILQ_FIRST(&asoc->strmin[i].inqueue);
252 SCTP_FREE(asoc->strmin);
254 asoc->streamincnt = ntohs(init->num_outbound_streams);
255 if (asoc->streamincnt > MAX_SCTP_STREAMS) {
256 asoc->streamincnt = MAX_SCTP_STREAMS;
258 SCTP_MALLOC(asoc->strmin, struct sctp_stream_in *, asoc->streamincnt *
259 sizeof(struct sctp_stream_in), "StreamsIn");
260 if (asoc->strmin == NULL) {
261 /* we didn't get memory for the streams! */
263 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
264 printf("process_init: couldn't get memory for the streams!\n");
269 for (i = 0; i < asoc->streamincnt; i++) {
270 asoc->strmin[i].stream_no = i;
271 asoc->strmin[i].last_sequence_delivered = 0xffff;
273 * U-stream ranges will be set when the cookie is unpacked.
274 * Or for the INIT sender they are un set (if pr-sctp not
275 * supported) when the INIT-ACK arrives.
277 TAILQ_INIT(&asoc->strmin[i].inqueue);
279 * we are not on any wheel, pr-sctp streams will go on the
280 * wheel when they have data waiting for reorder.
282 asoc->strmin[i].next_spoke.tqe_next = 0;
283 asoc->strmin[i].next_spoke.tqe_prev = 0;
287 * load_address_from_init will put the addresses into the
288 * association when the COOKIE is processed or the INIT-ACK is
289 * processed. Both types of COOKIE's existing and new call this
290 * routine. It will remove addresses that are no longer in the
291 * association (for the restarting case where addresses are
292 * removed). Up front when the INIT arrives we will discard it if it
293 * is a restart and new addresses have been added.
299 * INIT-ACK message processing/consumption returns value < 0 on error
302 sctp_process_init_ack(struct mbuf *m, int iphlen, int offset,
303 struct sctphdr *sh, struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb,
304 struct sctp_nets *net)
306 struct sctp_association *asoc;
308 int retval, abort_flag;
309 uint32_t initack_limit;
311 /* First verify that we have no illegal param's */
315 op_err = sctp_arethere_unrecognized_parameters(m,
316 (offset + sizeof(struct sctp_init_chunk)),
317 &abort_flag, (struct sctp_chunkhdr *)cp);
319 /* Send an abort and notify peer */
320 if (op_err != NULL) {
321 sctp_send_operr_to(m, iphlen, op_err, cp->init.initiate_tag);
324 * Just notify (abort_assoc does this if we send an
327 sctp_abort_notification(stcb, 0);
329 * No sense in further INIT's since we will get the
332 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_3);
337 /* process the peer's parameters in the INIT-ACK */
338 retval = sctp_process_init((struct sctp_init_chunk *)cp, stcb, net);
342 initack_limit = offset + ntohs(cp->ch.chunk_length);
343 /* load all addresses */
344 if ((retval = sctp_load_addresses_from_init(stcb, m, iphlen,
345 (offset + sizeof(struct sctp_init_chunk)), initack_limit, sh,
347 /* Huh, we should abort */
349 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
350 printf("Load addresses from INIT causes an abort %d\n", retval);
353 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
357 stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs,
358 stcb->asoc.local_hmacs);
360 sctp_queue_op_err(stcb, op_err);
361 /* queuing will steal away the mbuf chain to the out queue */
364 /* extract the cookie and queue it to "echo" it back... */
365 stcb->asoc.overall_error_count = 0;
366 net->error_count = 0;
369 * Cancel the INIT timer, We do this first before queueing the
370 * cookie. We always cancel at the primary to assue that we are
371 * canceling the timer started by the INIT which always goes to the
374 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, stcb->sctp_ep, stcb,
375 asoc->primary_destination, SCTP_FROM_SCTP_INPUT + SCTP_LOC_4);
377 /* calculate the RTO */
378 net->RTO = sctp_calculate_rto(stcb, asoc, net, &asoc->time_entered);
380 retval = sctp_send_cookie_echo(m, offset, stcb, net);
383 * No cookie, we probably should send a op error. But in any
384 * case if there is no cookie in the INIT-ACK, we can
385 * abandon the peer, its broke.
388 /* We abort with an error of missing mandatory param */
392 sctp_generate_invmanparam(SCTP_CAUSE_MISSING_PARAM);
395 * Expand beyond to include the mandatory
398 struct sctp_inv_mandatory_param *mp;
400 SCTP_BUF_LEN(op_err) =
401 sizeof(struct sctp_inv_mandatory_param);
403 struct sctp_inv_mandatory_param *);
404 /* Subtract the reserved param */
406 htons(sizeof(struct sctp_inv_mandatory_param) - 2);
407 mp->num_param = htonl(1);
408 mp->param = htons(SCTP_STATE_COOKIE);
411 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,
420 sctp_handle_heartbeat_ack(struct sctp_heartbeat_chunk *cp,
421 struct sctp_tcb *stcb, struct sctp_nets *net)
423 struct sockaddr_storage store;
424 struct sockaddr_in *sin;
425 struct sockaddr_in6 *sin6;
426 struct sctp_nets *r_net;
429 if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_heartbeat_chunk)) {
433 sin = (struct sockaddr_in *)&store;
434 sin6 = (struct sockaddr_in6 *)&store;
436 memset(&store, 0, sizeof(store));
437 if (cp->heartbeat.hb_info.addr_family == AF_INET &&
438 cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in)) {
439 sin->sin_family = cp->heartbeat.hb_info.addr_family;
440 sin->sin_len = cp->heartbeat.hb_info.addr_len;
441 sin->sin_port = stcb->rport;
442 memcpy(&sin->sin_addr, cp->heartbeat.hb_info.address,
443 sizeof(sin->sin_addr));
444 } else if (cp->heartbeat.hb_info.addr_family == AF_INET6 &&
445 cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in6)) {
446 sin6->sin6_family = cp->heartbeat.hb_info.addr_family;
447 sin6->sin6_len = cp->heartbeat.hb_info.addr_len;
448 sin6->sin6_port = stcb->rport;
449 memcpy(&sin6->sin6_addr, cp->heartbeat.hb_info.address,
450 sizeof(sin6->sin6_addr));
454 r_net = sctp_findnet(stcb, (struct sockaddr *)sin);
457 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
458 printf("Huh? I can't find the address I sent it to, discard\n");
463 if ((r_net && (r_net->dest_state & SCTP_ADDR_UNCONFIRMED)) &&
464 (r_net->heartbeat_random1 == cp->heartbeat.hb_info.random_value1) &&
465 (r_net->heartbeat_random2 == cp->heartbeat.hb_info.random_value2)) {
467 * If the its a HB and it's random value is correct when can
468 * confirm the destination.
470 r_net->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
471 if (r_net->dest_state & SCTP_ADDR_REQ_PRIMARY) {
472 stcb->asoc.primary_destination = r_net;
473 r_net->dest_state &= ~SCTP_ADDR_WAS_PRIMARY;
474 r_net->dest_state &= ~SCTP_ADDR_REQ_PRIMARY;
475 r_net = TAILQ_FIRST(&stcb->asoc.nets);
476 if (r_net != stcb->asoc.primary_destination) {
478 * first one on the list is NOT the primary
479 * sctp_cmpaddr() is much more efficent if
480 * the primary is the first on the list,
483 TAILQ_REMOVE(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
484 TAILQ_INSERT_HEAD(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
487 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED,
488 stcb, 0, (void *)r_net);
490 r_net->error_count = 0;
491 r_net->hb_responded = 1;
492 tv.tv_sec = cp->heartbeat.hb_info.time_value_1;
493 tv.tv_usec = cp->heartbeat.hb_info.time_value_2;
494 if (r_net->dest_state & SCTP_ADDR_NOT_REACHABLE) {
495 r_net->dest_state &= ~SCTP_ADDR_NOT_REACHABLE;
496 r_net->dest_state |= SCTP_ADDR_REACHABLE;
497 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb,
498 SCTP_HEARTBEAT_SUCCESS, (void *)r_net);
499 /* now was it the primary? if so restore */
500 if (r_net->dest_state & SCTP_ADDR_WAS_PRIMARY) {
501 sctp_set_primary_addr(stcb, (struct sockaddr *)NULL, r_net);
504 /* Now lets do a RTO with this */
505 r_net->RTO = sctp_calculate_rto(stcb, &stcb->asoc, r_net, &tv);
509 sctp_handle_abort(struct sctp_abort_chunk *cp,
510 struct sctp_tcb *stcb, struct sctp_nets *net)
514 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
515 printf("sctp_handle_abort: handling ABORT\n");
520 /* verify that the destination addr is in the association */
521 /* ignore abort for addresses being deleted */
523 /* stop any receive timers */
524 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_5);
525 /* notify user of the abort and clean up... */
526 sctp_abort_notification(stcb, 0);
528 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
529 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) ||
530 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
531 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
533 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_6);
535 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
536 printf("sctp_handle_abort: finished\n");
542 sctp_handle_shutdown(struct sctp_shutdown_chunk *cp,
543 struct sctp_tcb *stcb, struct sctp_nets *net, int *abort_flag)
545 struct sctp_association *asoc;
546 int some_on_streamwheel;
549 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
550 printf("sctp_handle_shutdown: handling SHUTDOWN\n");
556 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) ||
557 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) {
560 if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_shutdown_chunk)) {
561 /* Shutdown NOT the expected size */
564 sctp_update_acked(stcb, cp, net, abort_flag);
566 if (asoc->control_pdapi) {
568 * With a normal shutdown we assume the end of last record.
570 SCTP_INP_READ_LOCK(stcb->sctp_ep);
571 asoc->control_pdapi->end_added = 1;
572 asoc->control_pdapi->pdapi_aborted = 1;
573 asoc->control_pdapi = NULL;
574 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
575 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket);
577 /* goto SHUTDOWN_RECEIVED state to block new requests */
578 if (stcb->sctp_socket) {
579 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
580 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT)) {
581 asoc->state = SCTP_STATE_SHUTDOWN_RECEIVED;
583 * notify upper layer that peer has initiated a
586 sctp_ulp_notify(SCTP_NOTIFY_PEER_SHUTDOWN, stcb, 0, NULL);
589 SCTP_GETTIME_TIMEVAL(&asoc->time_entered);
592 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) {
594 * stop the shutdown timer, since we WILL move to
597 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_7);
599 /* Now are we there yet? */
600 some_on_streamwheel = 0;
601 if (!TAILQ_EMPTY(&asoc->out_wheel)) {
602 /* Check to see if some data queued */
603 struct sctp_stream_out *outs;
605 TAILQ_FOREACH(outs, &asoc->out_wheel, next_spoke) {
606 if (!TAILQ_EMPTY(&outs->outqueue)) {
607 some_on_streamwheel = 1;
612 if (!TAILQ_EMPTY(&asoc->send_queue) ||
613 !TAILQ_EMPTY(&asoc->sent_queue) ||
614 some_on_streamwheel) {
615 /* By returning we will push more data out */
618 /* no outstanding data to send, so move on... */
619 /* send SHUTDOWN-ACK */
620 sctp_send_shutdown_ack(stcb, stcb->asoc.primary_destination);
621 /* move to SHUTDOWN-ACK-SENT state */
622 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) ||
623 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
624 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
626 asoc->state = SCTP_STATE_SHUTDOWN_ACK_SENT;
628 /* start SHUTDOWN timer */
629 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK, stcb->sctp_ep,
635 sctp_handle_shutdown_ack(struct sctp_shutdown_ack_chunk *cp,
636 struct sctp_tcb *stcb, struct sctp_nets *net)
638 struct sctp_association *asoc;
641 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
642 printf("sctp_handle_shutdown_ack: handling SHUTDOWN ACK\n");
649 /* process according to association state */
650 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
651 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
652 /* unexpected SHUTDOWN-ACK... so ignore... */
653 SCTP_TCB_UNLOCK(stcb);
656 if (asoc->control_pdapi) {
658 * With a normal shutdown we assume the end of last record.
660 SCTP_INP_READ_LOCK(stcb->sctp_ep);
661 asoc->control_pdapi->end_added = 1;
662 asoc->control_pdapi->pdapi_aborted = 1;
663 asoc->control_pdapi = NULL;
664 SCTP_INP_READ_UNLOCK(stcb->sctp_ep);
665 sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket);
667 /* are the queues empty? */
668 if (!TAILQ_EMPTY(&asoc->send_queue) ||
669 !TAILQ_EMPTY(&asoc->sent_queue) ||
670 !TAILQ_EMPTY(&asoc->out_wheel)) {
671 sctp_report_all_outbound(stcb, 0);
674 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_8);
675 /* send SHUTDOWN-COMPLETE */
676 sctp_send_shutdown_complete(stcb, net);
677 /* notify upper layer protocol */
678 if (stcb->sctp_socket) {
679 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL);
680 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
681 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
682 /* Set the connected flag to disconnected */
683 stcb->sctp_ep->sctp_socket->so_snd.sb_cc = 0;
686 SCTP_STAT_INCR_COUNTER32(sctps_shutdown);
687 /* free the TCB but first save off the ep */
688 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC,
689 SCTP_FROM_SCTP_INPUT + SCTP_LOC_9);
693 * Skip past the param header and then we will find the chunk that caused the
694 * problem. There are two possiblities ASCONF or FWD-TSN other than that and
695 * our peer must be broken.
698 sctp_process_unrecog_chunk(struct sctp_tcb *stcb, struct sctp_paramhdr *phdr,
699 struct sctp_nets *net)
701 struct sctp_chunkhdr *chk;
703 chk = (struct sctp_chunkhdr *)((caddr_t)phdr + sizeof(*phdr));
704 switch (chk->chunk_type) {
705 case SCTP_ASCONF_ACK:
707 sctp_asconf_cleanup(stcb, net);
709 case SCTP_FORWARD_CUM_TSN:
710 stcb->asoc.peer_supports_prsctp = 0;
714 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
715 printf("Peer does not support chunk type %d(%x)??\n",
716 chk->chunk_type, (uint32_t) chk->chunk_type);
724 * Skip past the param header and then we will find the param that caused the
725 * problem. There are a number of param's in a ASCONF OR the prsctp param
726 * these will turn of specific features.
729 sctp_process_unrecog_param(struct sctp_tcb *stcb, struct sctp_paramhdr *phdr)
731 struct sctp_paramhdr *pbad;
734 switch (ntohs(pbad->param_type)) {
736 case SCTP_PRSCTP_SUPPORTED:
737 stcb->asoc.peer_supports_prsctp = 0;
739 case SCTP_SUPPORTED_CHUNK_EXT:
741 /* draft-ietf-tsvwg-addip-sctp */
742 case SCTP_ECN_NONCE_SUPPORTED:
743 stcb->asoc.peer_supports_ecn_nonce = 0;
744 stcb->asoc.ecn_nonce_allowed = 0;
745 stcb->asoc.ecn_allowed = 0;
747 case SCTP_ADD_IP_ADDRESS:
748 case SCTP_DEL_IP_ADDRESS:
749 case SCTP_SET_PRIM_ADDR:
750 stcb->asoc.peer_supports_asconf = 0;
752 case SCTP_SUCCESS_REPORT:
753 case SCTP_ERROR_CAUSE_IND:
755 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
756 printf("Huh, the peer does not support success? or error cause?\n");
757 printf("Turning off ASCONF to this strange peer\n");
760 stcb->asoc.peer_supports_asconf = 0;
764 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
765 printf("Peer does not support param type %d(%x)??\n",
766 pbad->param_type, (uint32_t) pbad->param_type);
774 sctp_handle_error(struct sctp_chunkhdr *ch,
775 struct sctp_tcb *stcb, struct sctp_nets *net)
778 struct sctp_paramhdr *phdr;
781 struct sctp_association *asoc;
785 /* parse through all of the errors and process */
787 phdr = (struct sctp_paramhdr *)((caddr_t)ch +
788 sizeof(struct sctp_chunkhdr));
789 chklen = ntohs(ch->chunk_length) - sizeof(struct sctp_chunkhdr);
790 while ((size_t)chklen >= sizeof(struct sctp_paramhdr)) {
791 /* Process an Error Cause */
792 error_type = ntohs(phdr->param_type);
793 error_len = ntohs(phdr->param_length);
794 if ((error_len > chklen) || (error_len == 0)) {
795 /* invalid param length for this param */
797 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
798 printf("Bogus length in error param- chunk left:%d errorlen:%d\n",
801 #endif /* SCTP_DEBUG */
804 switch (error_type) {
805 case SCTP_CAUSE_INVALID_STREAM:
806 case SCTP_CAUSE_MISSING_PARAM:
807 case SCTP_CAUSE_INVALID_PARAM:
808 case SCTP_CAUSE_NO_USER_DATA:
810 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
811 printf("Software error we got a %d back? We have a bug :/ (or do they?)\n",
816 case SCTP_CAUSE_STALE_COOKIE:
818 * We only act if we have echoed a cookie and are
821 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED) {
824 p = (int *)((caddr_t)phdr + sizeof(*phdr));
825 /* Save the time doubled */
826 asoc->cookie_preserve_req = ntohl(*p) << 1;
827 asoc->stale_cookie_count++;
828 if (asoc->stale_cookie_count >
829 asoc->max_init_times) {
830 sctp_abort_notification(stcb, 0);
831 /* now free the asoc */
832 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_10);
835 /* blast back to INIT state */
836 asoc->state &= ~SCTP_STATE_COOKIE_ECHOED;
837 asoc->state |= SCTP_STATE_COOKIE_WAIT;
839 sctp_stop_all_cookie_timers(stcb);
840 sctp_send_initiate(stcb->sctp_ep, stcb);
843 case SCTP_CAUSE_UNRESOLVABLE_ADDR:
845 * Nothing we can do here, we don't do hostname
846 * addresses so if the peer does not like my IPv6
847 * (or IPv4 for that matter) it does not matter. If
848 * they don't support that type of address, they can
849 * NOT possibly get that packet type... i.e. with no
850 * IPv6 you can't recieve a IPv6 packet. so we can
851 * safely ignore this one. If we ever added support
852 * for HOSTNAME Addresses, then we would need to do
856 case SCTP_CAUSE_UNRECOG_CHUNK:
857 sctp_process_unrecog_chunk(stcb, phdr, net);
859 case SCTP_CAUSE_UNRECOG_PARAM:
860 sctp_process_unrecog_param(stcb, phdr);
862 case SCTP_CAUSE_COOKIE_IN_SHUTDOWN:
864 * We ignore this since the timer will drive out a
865 * new cookie anyway and there timer will drive us
866 * to send a SHUTDOWN_COMPLETE. We can't send one
867 * here since we don't have their tag.
870 case SCTP_CAUSE_DELETING_LAST_ADDR:
871 case SCTP_CAUSE_RESOURCE_SHORTAGE:
872 case SCTP_CAUSE_DELETING_SRC_ADDR:
874 * We should NOT get these here, but in a
878 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
879 printf("Peer sends ASCONF errors in a Operational Error?<%d>?\n",
884 case SCTP_CAUSE_OUT_OF_RESC:
886 * And what, pray tell do we do with the fact that
887 * the peer is out of resources? Not really sure we
888 * could do anything but abort. I suspect this
889 * should have came WITH an abort instead of in a
895 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
896 /* don't know what this error cause is... */
897 printf("sctp_handle_error: unknown error type = 0x%xh\n",
900 #endif /* SCTP_DEBUG */
903 adjust = SCTP_SIZE32(error_len);
905 phdr = (struct sctp_paramhdr *)((caddr_t)phdr + adjust);
911 sctp_handle_init_ack(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh,
912 struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb,
913 struct sctp_nets *net)
915 struct sctp_init_ack *init_ack;
920 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
921 printf("sctp_handle_init_ack: handling INIT-ACK\n");
926 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
927 printf("sctp_handle_init_ack: TCB is null\n");
932 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_ack_chunk)) {
934 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
935 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
939 init_ack = &cp->init;
940 /* validate parameters */
941 if (init_ack->initiate_tag == 0) {
942 /* protocol error... send an abort */
943 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
944 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
948 if (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) {
949 /* protocol error... send an abort */
950 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
951 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
955 if (init_ack->num_inbound_streams == 0) {
956 /* protocol error... send an abort */
957 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
958 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
962 if (init_ack->num_outbound_streams == 0) {
963 /* protocol error... send an abort */
964 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM);
965 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
969 /* process according to association state... */
970 state = &stcb->asoc.state;
971 switch (*state & SCTP_STATE_MASK) {
972 case SCTP_STATE_COOKIE_WAIT:
973 /* this is the expected state for this chunk */
974 /* process the INIT-ACK parameters */
975 if (stcb->asoc.primary_destination->dest_state &
976 SCTP_ADDR_UNCONFIRMED) {
978 * The primary is where we sent the INIT, we can
979 * always consider it confirmed when the INIT-ACK is
980 * returned. Do this before we load addresses
983 stcb->asoc.primary_destination->dest_state &=
984 ~SCTP_ADDR_UNCONFIRMED;
985 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED,
986 stcb, 0, (void *)stcb->asoc.primary_destination);
988 if (sctp_process_init_ack(m, iphlen, offset, sh, cp, stcb, net
990 /* error in parsing parameters */
993 /* update our state */
995 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
996 printf("moving to COOKIE-ECHOED state\n");
999 if (*state & SCTP_STATE_SHUTDOWN_PENDING) {
1000 *state = SCTP_STATE_COOKIE_ECHOED |
1001 SCTP_STATE_SHUTDOWN_PENDING;
1003 *state = SCTP_STATE_COOKIE_ECHOED;
1006 /* reset the RTO calc */
1007 stcb->asoc.overall_error_count = 0;
1008 SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered);
1010 * collapse the init timer back in case of a exponential
1013 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, stcb->sctp_ep,
1016 * the send at the end of the inbound data processing will
1017 * cause the cookie to be sent
1020 case SCTP_STATE_SHUTDOWN_SENT:
1021 /* incorrect state... discard */
1023 case SCTP_STATE_COOKIE_ECHOED:
1024 /* incorrect state... discard */
1026 case SCTP_STATE_OPEN:
1027 /* incorrect state... discard */
1029 case SCTP_STATE_EMPTY:
1030 case SCTP_STATE_INUSE:
1032 /* incorrect state... discard */
1035 } /* end switch asoc state */
1037 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1038 printf("Leaving handle-init-ack end\n");
1046 * handle a state cookie for an existing association m: input packet mbuf
1047 * chain-- assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a
1048 * "split" mbuf and the cookie signature does not exist offset: offset into
1049 * mbuf to the cookie-echo chunk
1051 static struct sctp_tcb *
1052 sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset,
1053 struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len,
1054 struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets *net,
1055 struct sockaddr *init_src, int *notification, sctp_assoc_t * sac_assoc_id)
1057 struct sctp_association *asoc;
1058 struct sctp_init_chunk *init_cp, init_buf;
1059 struct sctp_init_ack_chunk *initack_cp, initack_buf;
1061 int init_offset, initack_offset, i;
1066 /* I know that the TCB is non-NULL from the caller */
1068 for (how_indx = 0; how_indx < sizeof(asoc->cookie_how); how_indx++) {
1069 if (asoc->cookie_how[how_indx] == 0)
1072 if (how_indx < sizeof(asoc->cookie_how)) {
1073 asoc->cookie_how[how_indx] = 1;
1075 if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) {
1076 /* SHUTDOWN came in after sending INIT-ACK */
1077 struct mbuf *op_err;
1078 struct sctp_paramhdr *ph;
1080 sctp_send_shutdown_ack(stcb, stcb->asoc.primary_destination);
1081 op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
1082 0, M_DONTWAIT, 1, MT_DATA);
1083 if (op_err == NULL) {
1087 /* pre-reserve some space */
1088 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
1089 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
1090 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
1092 SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr);
1093 ph = mtod(op_err, struct sctp_paramhdr *);
1094 ph->param_type = htons(SCTP_CAUSE_COOKIE_IN_SHUTDOWN);
1095 ph->param_length = htons(sizeof(struct sctp_paramhdr));
1096 sctp_send_operr_to(m, iphlen, op_err, cookie->peers_vtag);
1097 if (how_indx < sizeof(asoc->cookie_how))
1098 asoc->cookie_how[how_indx] = 2;
1102 * find and validate the INIT chunk in the cookie (peer's info) the
1103 * INIT should start after the cookie-echo header struct (chunk
1104 * header, state cookie header struct)
1106 init_offset = offset += sizeof(struct sctp_cookie_echo_chunk);
1108 init_cp = (struct sctp_init_chunk *)
1109 sctp_m_getptr(m, init_offset, sizeof(struct sctp_init_chunk),
1110 (uint8_t *) & init_buf);
1111 if (init_cp == NULL) {
1112 /* could not pull a INIT chunk in cookie */
1115 chk_length = ntohs(init_cp->ch.chunk_length);
1116 if (init_cp->ch.chunk_type != SCTP_INITIATION) {
1120 * find and validate the INIT-ACK chunk in the cookie (my info) the
1121 * INIT-ACK follows the INIT chunk
1123 initack_offset = init_offset + SCTP_SIZE32(chk_length);
1124 initack_cp = (struct sctp_init_ack_chunk *)
1125 sctp_m_getptr(m, initack_offset, sizeof(struct sctp_init_ack_chunk),
1126 (uint8_t *) & initack_buf);
1127 if (initack_cp == NULL) {
1128 /* could not pull INIT-ACK chunk in cookie */
1131 chk_length = ntohs(initack_cp->ch.chunk_length);
1132 if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) {
1135 if ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) &&
1136 (ntohl(init_cp->init.initiate_tag) == asoc->peer_vtag)) {
1138 * case D in Section 5.2.4 Table 2: MMAA process accordingly
1139 * to get into the OPEN state
1141 if (ntohl(initack_cp->init.initial_tsn) != asoc->init_seq_number) {
1143 panic("Case D and non-match seq?");
1145 printf("Case D, seq non-match %x vs %x?\n",
1146 ntohl(initack_cp->init.initial_tsn), asoc->init_seq_number);
1149 switch SCTP_GET_STATE
1151 case SCTP_STATE_COOKIE_WAIT:
1152 case SCTP_STATE_COOKIE_ECHOED:
1154 * INIT was sent, but got got a COOKIE_ECHO with the
1155 * correct tags... just accept it...but we must
1156 * process the init so that we can make sure we have
1157 * the right seq no's.
1159 /* First we must process the INIT !! */
1160 retval = sctp_process_init(init_cp, stcb, net);
1162 if (how_indx < sizeof(asoc->cookie_how))
1163 asoc->cookie_how[how_indx] = 3;
1166 /* we have already processed the INIT so no problem */
1167 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb,
1168 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_11);
1169 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_12);
1170 /* update current state */
1171 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)
1172 SCTP_STAT_INCR_COUNTER32(sctps_activeestab);
1174 SCTP_STAT_INCR_COUNTER32(sctps_collisionestab);
1175 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1176 asoc->state = SCTP_STATE_OPEN | SCTP_STATE_SHUTDOWN_PENDING;
1177 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1178 stcb->sctp_ep, stcb, asoc->primary_destination);
1181 /* if ok, move to OPEN state */
1182 asoc->state = SCTP_STATE_OPEN;
1184 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
1185 sctp_stop_all_cookie_timers(stcb);
1186 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1187 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
1188 (inp->sctp_socket->so_qlimit == 0)
1191 * Here is where collision would go if we
1192 * did a connect() and instead got a
1193 * init/init-ack/cookie done before the
1194 * init-ack came back..
1196 stcb->sctp_ep->sctp_flags |=
1197 SCTP_PCB_FLAGS_CONNECTED;
1198 soisconnected(stcb->sctp_ep->sctp_socket);
1200 /* notify upper layer */
1201 *notification = SCTP_NOTIFY_ASSOC_UP;
1203 * since we did not send a HB make sure we don't
1206 net->hb_responded = 1;
1208 if (stcb->asoc.sctp_autoclose_ticks &&
1209 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE))) {
1210 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE,
1216 * we're in the OPEN state (or beyond), so peer must
1217 * have simply lost the COOKIE-ACK
1222 sctp_stop_all_cookie_timers(stcb);
1224 * We ignore the return code here.. not sure if we should
1225 * somehow abort.. but we do have an existing asoc. This
1226 * really should not fail.
1228 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1229 init_offset + sizeof(struct sctp_init_chunk),
1230 initack_offset, sh, init_src)) {
1231 if (how_indx < sizeof(asoc->cookie_how))
1232 asoc->cookie_how[how_indx] = 4;
1235 /* respond with a COOKIE-ACK */
1236 sctp_toss_old_cookies(stcb, asoc);
1237 sctp_send_cookie_ack(stcb);
1238 if (how_indx < sizeof(asoc->cookie_how))
1239 asoc->cookie_how[how_indx] = 5;
1242 if (ntohl(initack_cp->init.initiate_tag) != asoc->my_vtag &&
1243 ntohl(init_cp->init.initiate_tag) == asoc->peer_vtag &&
1244 cookie->tie_tag_my_vtag == 0 &&
1245 cookie->tie_tag_peer_vtag == 0) {
1247 * case C in Section 5.2.4 Table 2: XMOO silently discard
1249 if (how_indx < sizeof(asoc->cookie_how))
1250 asoc->cookie_how[how_indx] = 6;
1253 if (ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag &&
1254 (ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag ||
1255 init_cp->init.initiate_tag == 0)) {
1257 * case B in Section 5.2.4 Table 2: MXAA or MOAA my info
1258 * should be ok, re-accept peer info
1260 if (ntohl(initack_cp->init.initial_tsn) != asoc->init_seq_number) {
1262 * Extension of case C. If we hit this, then the
1263 * random number generator returned the same vtag
1264 * when we first sent our INIT-ACK and when we later
1265 * sent our INIT. The side with the seq numbers that
1266 * are different will be the one that normnally
1267 * would have hit case C. This in effect "extends"
1268 * our vtags in this collision case to be 64 bits.
1269 * The same collision could occur aka you get both
1270 * vtag and seq number the same twice in a row.. but
1271 * is much less likely. If it did happen then we
1272 * would proceed through and bring up the assoc.. we
1273 * may end up with the wrong stream setup however..
1274 * which would be bad.. but there is no way to
1275 * tell.. until we send on a stream that does not
1278 if (how_indx < sizeof(asoc->cookie_how))
1279 asoc->cookie_how[how_indx] = 7;
1283 if (how_indx < sizeof(asoc->cookie_how))
1284 asoc->cookie_how[how_indx] = 8;
1285 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_13);
1286 sctp_stop_all_cookie_timers(stcb);
1288 * since we did not send a HB make sure we don't double
1291 net->hb_responded = 1;
1292 if (stcb->asoc.sctp_autoclose_ticks &&
1293 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1294 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb,
1297 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1298 asoc->pre_open_streams = ntohs(initack_cp->init.num_outbound_streams);
1300 /* Note last_cwr_tsn? where is this used? */
1301 asoc->last_cwr_tsn = asoc->init_seq_number - 1;
1302 if (ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) {
1304 * Ok the peer probably discarded our data (if we
1305 * echoed a cookie+data). So anything on the
1306 * sent_queue should be marked for retransmit, we
1307 * may not get something to kick us so it COULD
1308 * still take a timeout to move these.. but it can't
1309 * hurt to mark them.
1311 struct sctp_tmit_chunk *chk;
1313 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) {
1314 if (chk->sent < SCTP_DATAGRAM_RESEND) {
1315 chk->sent = SCTP_DATAGRAM_RESEND;
1316 stcb->asoc.sent_queue_retran_cnt++;
1322 /* process the INIT info (peer's info) */
1323 retval = sctp_process_init(init_cp, stcb, net);
1325 if (how_indx < sizeof(asoc->cookie_how))
1326 asoc->cookie_how[how_indx] = 9;
1329 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1330 init_offset + sizeof(struct sctp_init_chunk),
1331 initack_offset, sh, init_src)) {
1332 if (how_indx < sizeof(asoc->cookie_how))
1333 asoc->cookie_how[how_indx] = 10;
1336 if ((asoc->state & SCTP_STATE_COOKIE_WAIT) ||
1337 (asoc->state & SCTP_STATE_COOKIE_ECHOED)) {
1338 *notification = SCTP_NOTIFY_ASSOC_UP;
1340 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1341 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
1342 (inp->sctp_socket->so_qlimit == 0)) {
1343 stcb->sctp_ep->sctp_flags |=
1344 SCTP_PCB_FLAGS_CONNECTED;
1345 soisconnected(stcb->sctp_ep->sctp_socket);
1347 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)
1348 SCTP_STAT_INCR_COUNTER32(sctps_activeestab);
1350 SCTP_STAT_INCR_COUNTER32(sctps_collisionestab);
1351 SCTP_STAT_INCR_COUNTER32(sctps_activeestab);
1352 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
1353 } else if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) {
1354 SCTP_STAT_INCR_COUNTER32(sctps_restartestab);
1356 SCTP_STAT_INCR_COUNTER32(sctps_collisionestab);
1358 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1359 asoc->state = SCTP_STATE_OPEN | SCTP_STATE_SHUTDOWN_PENDING;
1360 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1361 stcb->sctp_ep, stcb, asoc->primary_destination);
1364 asoc->state = SCTP_STATE_OPEN;
1366 sctp_stop_all_cookie_timers(stcb);
1367 sctp_toss_old_cookies(stcb, asoc);
1368 sctp_send_cookie_ack(stcb);
1371 * only if we have retrans set do we do this. What
1372 * this call does is get only the COOKIE-ACK out and
1373 * then when we return the normal call to
1374 * sctp_chunk_output will get the retrans out behind
1377 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_COOKIE_ACK);
1379 if (how_indx < sizeof(asoc->cookie_how))
1380 asoc->cookie_how[how_indx] = 11;
1384 if ((ntohl(initack_cp->init.initiate_tag) != asoc->my_vtag &&
1385 ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) &&
1386 cookie->tie_tag_my_vtag == asoc->my_vtag_nonce &&
1387 cookie->tie_tag_peer_vtag == asoc->peer_vtag_nonce &&
1388 cookie->tie_tag_peer_vtag != 0) {
1389 struct sctpasochead *head;
1392 * case A in Section 5.2.4 Table 2: XXMM (peer restarted)
1395 if (how_indx < sizeof(asoc->cookie_how))
1396 asoc->cookie_how[how_indx] = 12;
1397 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_14);
1398 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_15);
1400 *sac_assoc_id = sctp_get_associd(stcb);
1401 /* notify upper layer */
1402 *notification = SCTP_NOTIFY_ASSOC_RESTART;
1403 atomic_add_int(&stcb->asoc.refcnt, 1);
1404 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_OPEN) &&
1405 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
1406 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT)) {
1407 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
1409 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) {
1410 SCTP_STAT_INCR_GAUGE32(sctps_restartestab);
1411 } else if (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) {
1412 SCTP_STAT_INCR_GAUGE32(sctps_collisionestab);
1414 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1415 asoc->state = SCTP_STATE_OPEN |
1416 SCTP_STATE_SHUTDOWN_PENDING;
1417 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1418 stcb->sctp_ep, stcb, asoc->primary_destination);
1420 } else if (!(asoc->state & SCTP_STATE_SHUTDOWN_SENT)) {
1421 /* move to OPEN state, if not in SHUTDOWN_SENT */
1422 asoc->state = SCTP_STATE_OPEN;
1424 asoc->pre_open_streams =
1425 ntohs(initack_cp->init.num_outbound_streams);
1426 asoc->init_seq_number = ntohl(initack_cp->init.initial_tsn);
1427 asoc->sending_seq = asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number;
1429 asoc->last_cwr_tsn = asoc->init_seq_number - 1;
1430 asoc->asconf_seq_in = asoc->last_acked_seq = asoc->init_seq_number - 1;
1432 asoc->str_reset_seq_in = asoc->init_seq_number;
1434 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
1435 if (asoc->mapping_array)
1436 memset(asoc->mapping_array, 0,
1437 asoc->mapping_array_size);
1438 SCTP_TCB_UNLOCK(stcb);
1439 SCTP_INP_INFO_WLOCK();
1440 SCTP_INP_WLOCK(stcb->sctp_ep);
1441 SCTP_TCB_LOCK(stcb);
1442 atomic_add_int(&stcb->asoc.refcnt, -1);
1443 /* send up all the data */
1444 SCTP_TCB_SEND_LOCK(stcb);
1446 sctp_report_all_outbound(stcb, 1);
1447 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
1448 stcb->asoc.strmout[i].stream_no = i;
1449 stcb->asoc.strmout[i].next_sequence_sent = 0;
1450 stcb->asoc.strmout[i].last_msg_incomplete = 0;
1452 /* process the INIT-ACK info (my info) */
1453 asoc->my_vtag = ntohl(initack_cp->init.initiate_tag);
1454 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1456 /* pull from vtag hash */
1457 LIST_REMOVE(stcb, sctp_asocs);
1458 /* re-insert to new vtag position */
1459 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag,
1460 sctppcbinfo.hashasocmark)];
1462 * put it in the bucket in the vtag hash of assoc's for the
1465 LIST_INSERT_HEAD(head, stcb, sctp_asocs);
1467 /* Is this the first restart? */
1468 if (stcb->asoc.in_restart_hash == 0) {
1469 /* Ok add it to assoc_id vtag hash */
1470 head = &sctppcbinfo.sctp_restarthash[SCTP_PCBHASH_ASOC(stcb->asoc.assoc_id,
1471 sctppcbinfo.hashrestartmark)];
1472 LIST_INSERT_HEAD(head, stcb, sctp_tcbrestarhash);
1473 stcb->asoc.in_restart_hash = 1;
1475 /* process the INIT info (peer's info) */
1476 SCTP_TCB_SEND_UNLOCK(stcb);
1477 SCTP_INP_WUNLOCK(stcb->sctp_ep);
1478 SCTP_INP_INFO_WUNLOCK();
1480 retval = sctp_process_init(init_cp, stcb, net);
1482 if (how_indx < sizeof(asoc->cookie_how))
1483 asoc->cookie_how[how_indx] = 13;
1488 * since we did not send a HB make sure we don't double
1491 net->hb_responded = 1;
1493 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1494 init_offset + sizeof(struct sctp_init_chunk),
1495 initack_offset, sh, init_src)) {
1496 if (how_indx < sizeof(asoc->cookie_how))
1497 asoc->cookie_how[how_indx] = 14;
1501 /* respond with a COOKIE-ACK */
1502 sctp_stop_all_cookie_timers(stcb);
1503 sctp_toss_old_cookies(stcb, asoc);
1504 sctp_send_cookie_ack(stcb);
1505 if (how_indx < sizeof(asoc->cookie_how))
1506 asoc->cookie_how[how_indx] = 15;
1510 if (how_indx < sizeof(asoc->cookie_how))
1511 asoc->cookie_how[how_indx] = 16;
1512 /* all other cases... */
1518 * handle a state cookie for a new association m: input packet mbuf chain--
1519 * assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a "split" mbuf
1520 * and the cookie signature does not exist offset: offset into mbuf to the
1521 * cookie-echo chunk length: length of the cookie chunk to: where the init
1522 * was from returns a new TCB
1524 static struct sctp_tcb *
1525 sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
1526 struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len,
1527 struct sctp_inpcb *inp, struct sctp_nets **netp,
1528 struct sockaddr *init_src, int *notification,
1529 int auth_skipped, uint32_t auth_offset, uint32_t auth_len)
1531 struct sctp_tcb *stcb;
1532 struct sctp_init_chunk *init_cp, init_buf;
1533 struct sctp_init_ack_chunk *initack_cp, initack_buf;
1534 struct sockaddr_storage sa_store;
1535 struct sockaddr *initack_src = (struct sockaddr *)&sa_store;
1536 struct sockaddr_in *sin;
1537 struct sockaddr_in6 *sin6;
1538 struct sctp_association *asoc;
1541 int init_offset, initack_offset, initack_limit;
1545 uint8_t auth_chunk_buf[SCTP_PARAM_BUFFER_SIZE];
1547 vrf = SCTP_DEFAULT_VRFID;
1550 * find and validate the INIT chunk in the cookie (peer's info) the
1551 * INIT should start after the cookie-echo header struct (chunk
1552 * header, state cookie header struct)
1554 init_offset = offset + sizeof(struct sctp_cookie_echo_chunk);
1555 init_cp = (struct sctp_init_chunk *)
1556 sctp_m_getptr(m, init_offset, sizeof(struct sctp_init_chunk),
1557 (uint8_t *) & init_buf);
1558 if (init_cp == NULL) {
1559 /* could not pull a INIT chunk in cookie */
1561 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1562 printf("process_cookie_new: could not pull INIT chunk hdr\n");
1564 #endif /* SCTP_DEBUG */
1567 chk_length = ntohs(init_cp->ch.chunk_length);
1568 if (init_cp->ch.chunk_type != SCTP_INITIATION) {
1570 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1571 printf("HUH? process_cookie_new: could not find INIT chunk!\n");
1573 #endif /* SCTP_DEBUG */
1576 initack_offset = init_offset + SCTP_SIZE32(chk_length);
1578 * find and validate the INIT-ACK chunk in the cookie (my info) the
1579 * INIT-ACK follows the INIT chunk
1581 initack_cp = (struct sctp_init_ack_chunk *)
1582 sctp_m_getptr(m, initack_offset, sizeof(struct sctp_init_ack_chunk),
1583 (uint8_t *) & initack_buf);
1584 if (initack_cp == NULL) {
1585 /* could not pull INIT-ACK chunk in cookie */
1587 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1588 printf("process_cookie_new: could not pull INIT-ACK chunk hdr\n");
1590 #endif /* SCTP_DEBUG */
1593 chk_length = ntohs(initack_cp->ch.chunk_length);
1594 if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) {
1598 * NOTE: We can't use the INIT_ACK's chk_length to determine the
1599 * "initack_limit" value. This is because the chk_length field
1600 * includes the length of the cookie, but the cookie is omitted when
1601 * the INIT and INIT_ACK are tacked onto the cookie...
1603 initack_limit = offset + cookie_len;
1606 * now that we know the INIT/INIT-ACK are in place, create a new TCB
1609 stcb = sctp_aloc_assoc(inp, init_src, 0, &error,
1610 ntohl(initack_cp->init.initiate_tag), vrf);
1612 struct mbuf *op_err;
1614 /* memory problem? */
1616 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1617 printf("process_cookie_new: no room for another TCB!\n");
1619 #endif /* SCTP_DEBUG */
1620 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
1621 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
1625 /* get the correct sctp_nets */
1626 *netp = sctp_findnet(stcb, init_src);
1628 /* get scope variables out of cookie */
1629 asoc->ipv4_local_scope = cookie->ipv4_scope;
1630 asoc->site_scope = cookie->site_scope;
1631 asoc->local_scope = cookie->local_scope;
1632 asoc->loopback_scope = cookie->loopback_scope;
1634 if ((asoc->ipv4_addr_legal != cookie->ipv4_addr_legal) ||
1635 (asoc->ipv6_addr_legal != cookie->ipv6_addr_legal)) {
1636 struct mbuf *op_err;
1639 * Houston we have a problem. The EP changed while the
1640 * cookie was in flight. Only recourse is to abort the
1643 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
1644 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
1648 /* process the INIT-ACK info (my info) */
1649 old_tag = asoc->my_vtag;
1650 asoc->assoc_id = asoc->my_vtag = ntohl(initack_cp->init.initiate_tag);
1651 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1652 asoc->pre_open_streams = ntohs(initack_cp->init.num_outbound_streams);
1653 asoc->init_seq_number = ntohl(initack_cp->init.initial_tsn);
1654 asoc->sending_seq = asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number;
1655 asoc->last_cwr_tsn = asoc->init_seq_number - 1;
1656 asoc->asconf_seq_in = asoc->last_acked_seq = asoc->init_seq_number - 1;
1657 asoc->str_reset_seq_in = asoc->init_seq_number;
1659 asoc->advanced_peer_ack_point = asoc->last_acked_seq;
1661 /* process the INIT info (peer's info) */
1662 retval = sctp_process_init(init_cp, stcb, *netp);
1664 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_16);
1667 /* load all addresses */
1668 if (sctp_load_addresses_from_init(stcb, m, iphlen,
1669 init_offset + sizeof(struct sctp_init_chunk), initack_offset, sh,
1671 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_17);
1675 * verify any preceding AUTH chunk that was skipped
1677 /* pull the local authentication parameters from the cookie/init-ack */
1678 sctp_auth_get_cookie_params(stcb, m,
1679 initack_offset + sizeof(struct sctp_init_ack_chunk),
1680 initack_limit - (initack_offset + sizeof(struct sctp_init_ack_chunk)));
1682 struct sctp_auth_chunk *auth;
1684 auth = (struct sctp_auth_chunk *)
1685 sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf);
1686 if (sctp_handle_auth(stcb, auth, m, auth_offset)) {
1687 /* auth HMAC failed, dump the assoc and packet */
1689 if (sctp_debug_on & SCTP_DEBUG_AUTH1)
1690 printf("COOKIE-ECHO: AUTH failed\n");
1691 #endif /* SCTP_DEBUG */
1692 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_18);
1695 /* remaining chunks checked... good to go */
1696 stcb->asoc.authenticated = 1;
1699 /* update current state */
1701 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
1702 printf("moving to OPEN state\n");
1705 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
1706 asoc->state = SCTP_STATE_OPEN | SCTP_STATE_SHUTDOWN_PENDING;
1707 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1708 stcb->sctp_ep, stcb, asoc->primary_destination);
1710 asoc->state = SCTP_STATE_OPEN;
1712 sctp_stop_all_cookie_timers(stcb);
1713 SCTP_STAT_INCR_COUNTER32(sctps_passiveestab);
1714 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
1717 * if we're doing ASCONFs, check to see if we have any new local
1718 * addresses that need to get added to the peer (eg. addresses
1719 * changed while cookie echo in flight). This needs to be done
1720 * after we go to the OPEN state to do the correct asconf
1721 * processing. else, make sure we have the correct addresses in our
1725 /* warning, we re-use sin, sin6, sa_store here! */
1726 /* pull in local_address (our "from" address) */
1727 if (cookie->laddr_type == SCTP_IPV4_ADDRESS) {
1728 /* source addr is IPv4 */
1729 sin = (struct sockaddr_in *)initack_src;
1730 memset(sin, 0, sizeof(*sin));
1731 sin->sin_family = AF_INET;
1732 sin->sin_len = sizeof(struct sockaddr_in);
1733 sin->sin_addr.s_addr = cookie->laddress[0];
1734 } else if (cookie->laddr_type == SCTP_IPV6_ADDRESS) {
1735 /* source addr is IPv6 */
1736 sin6 = (struct sockaddr_in6 *)initack_src;
1737 memset(sin6, 0, sizeof(*sin6));
1738 sin6->sin6_family = AF_INET6;
1739 sin6->sin6_len = sizeof(struct sockaddr_in6);
1740 sin6->sin6_scope_id = cookie->scope_id;
1741 memcpy(&sin6->sin6_addr, cookie->laddress,
1742 sizeof(sin6->sin6_addr));
1744 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_19);
1748 sctp_check_address_list(stcb, m,
1749 initack_offset + sizeof(struct sctp_init_ack_chunk),
1750 initack_limit - (initack_offset + sizeof(struct sctp_init_ack_chunk)),
1751 initack_src, cookie->local_scope, cookie->site_scope,
1752 cookie->ipv4_scope, cookie->loopback_scope);
1755 /* set up to notify upper layer */
1756 *notification = SCTP_NOTIFY_ASSOC_UP;
1757 if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1758 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) &&
1759 (inp->sctp_socket->so_qlimit == 0)) {
1761 * This is an endpoint that called connect() how it got a
1762 * cookie that is NEW is a bit of a mystery. It must be that
1763 * the INIT was sent, but before it got there.. a complete
1764 * INIT/INIT-ACK/COOKIE arrived. But of course then it
1765 * should have went to the other code.. not here.. oh well..
1766 * a bit of protection is worth having..
1768 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED;
1769 soisconnected(stcb->sctp_ep->sctp_socket);
1770 } else if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) &&
1771 (inp->sctp_socket->so_qlimit)) {
1773 * We don't want to do anything with this one. Since it is
1774 * the listening guy. The timer will get started for
1775 * accepted connections in the caller.
1779 /* since we did not send a HB make sure we don't double things */
1780 (*netp)->hb_responded = 1;
1782 if (stcb->asoc.sctp_autoclose_ticks &&
1783 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1784 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL);
1786 /* respond with a COOKIE-ACK */
1787 /* calculate the RTT */
1788 (*netp)->RTO = sctp_calculate_rto(stcb, asoc, *netp,
1789 &cookie->time_entered);
1790 sctp_send_cookie_ack(stcb);
1796 * handles a COOKIE-ECHO message stcb: modified to either a new or left as
1797 * existing (non-NULL) TCB
1799 static struct mbuf *
1800 sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset,
1801 struct sctphdr *sh, struct sctp_cookie_echo_chunk *cp,
1802 struct sctp_inpcb **inp_p, struct sctp_tcb **stcb, struct sctp_nets **netp,
1803 int auth_skipped, uint32_t auth_offset, uint32_t auth_len, struct sctp_tcb **locked_tcb)
1805 struct sctp_state_cookie *cookie;
1806 struct sockaddr_in6 sin6;
1807 struct sockaddr_in sin;
1808 struct sctp_tcb *l_stcb = *stcb;
1809 struct sctp_inpcb *l_inp;
1810 struct sockaddr *to;
1811 sctp_assoc_t sac_restart_id;
1812 struct sctp_pcb *ep;
1814 uint8_t calc_sig[SCTP_SIGNATURE_SIZE], tmp_sig[SCTP_SIGNATURE_SIZE];
1816 uint8_t cookie_ok = 0;
1817 unsigned int size_of_pkt, sig_offset, cookie_offset;
1818 unsigned int cookie_len;
1820 struct timeval time_expires;
1821 struct sockaddr_storage dest_store;
1822 struct sockaddr *localep_sa = (struct sockaddr *)&dest_store;
1824 int notification = 0;
1825 struct sctp_nets *netl;
1826 int had_a_existing_tcb = 0;
1829 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
1830 printf("sctp_handle_cookie: handling COOKIE-ECHO\n");
1834 if (inp_p == NULL) {
1837 /* First get the destination address setup too. */
1838 iph = mtod(m, struct ip *);
1839 if (iph->ip_v == IPVERSION) {
1841 struct sockaddr_in *sin;
1843 sin = (struct sockaddr_in *)(localep_sa);
1844 memset(sin, 0, sizeof(*sin));
1845 sin->sin_family = AF_INET;
1846 sin->sin_len = sizeof(*sin);
1847 sin->sin_port = sh->dest_port;
1848 sin->sin_addr.s_addr = iph->ip_dst.s_addr;
1849 size_of_pkt = SCTP_GET_IPV4_LENGTH(iph);
1850 } else if (iph->ip_v == (IPV6_VERSION >> 4)) {
1852 struct ip6_hdr *ip6;
1853 struct sockaddr_in6 *sin6;
1855 sin6 = (struct sockaddr_in6 *)(localep_sa);
1856 memset(sin6, 0, sizeof(*sin6));
1857 sin6->sin6_family = AF_INET6;
1858 sin6->sin6_len = sizeof(struct sockaddr_in6);
1859 ip6 = mtod(m, struct ip6_hdr *);
1860 sin6->sin6_port = sh->dest_port;
1861 sin6->sin6_addr = ip6->ip6_dst;
1862 size_of_pkt = SCTP_GET_IPV6_LENGTH(ip6) + iphlen;
1867 cookie = &cp->cookie;
1868 cookie_offset = offset + sizeof(struct sctp_chunkhdr);
1869 cookie_len = ntohs(cp->ch.chunk_length);
1871 if ((cookie->peerport != sh->src_port) &&
1872 (cookie->myport != sh->dest_port) &&
1873 (cookie->my_vtag != sh->v_tag)) {
1875 * invalid ports or bad tag. Note that we always leave the
1876 * v_tag in the header in network order and when we stored
1877 * it in the my_vtag slot we also left it in network order.
1878 * This maintians the match even though it may be in the
1879 * opposite byte order of the machine :->
1883 if (cookie_len > size_of_pkt ||
1884 cookie_len < sizeof(struct sctp_cookie_echo_chunk) +
1885 sizeof(struct sctp_init_chunk) +
1886 sizeof(struct sctp_init_ack_chunk) + SCTP_SIGNATURE_SIZE) {
1887 /* cookie too long! or too small */
1891 * split off the signature into its own mbuf (since it should not be
1892 * calculated in the sctp_hmac_m() call).
1894 sig_offset = offset + cookie_len - SCTP_SIGNATURE_SIZE;
1895 if (sig_offset > size_of_pkt) {
1896 /* packet not correct size! */
1897 /* XXX this may already be accounted for earlier... */
1900 m_sig = m_split(m, sig_offset, M_DONTWAIT);
1901 if (m_sig == NULL) {
1902 /* out of memory or ?? */
1906 * compute the signature/digest for the cookie
1908 ep = &(*inp_p)->sctp_ep;
1911 SCTP_TCB_UNLOCK(l_stcb);
1913 SCTP_INP_RLOCK(l_inp);
1915 SCTP_TCB_LOCK(l_stcb);
1917 /* which cookie is it? */
1918 if ((cookie->time_entered.tv_sec < (long)ep->time_of_secret_change) &&
1919 (ep->current_secret_number != ep->last_secret_number)) {
1920 /* it's the old cookie */
1921 sctp_hmac_m(SCTP_HMAC,
1922 (uint8_t *) ep->secret_key[(int)ep->last_secret_number],
1923 SCTP_SECRET_SIZE, m, cookie_offset, calc_sig);
1925 /* it's the current cookie */
1926 sctp_hmac_m(SCTP_HMAC,
1927 (uint8_t *) ep->secret_key[(int)ep->current_secret_number],
1928 SCTP_SECRET_SIZE, m, cookie_offset, calc_sig);
1930 /* get the signature */
1931 SCTP_INP_RUNLOCK(l_inp);
1932 sig = (uint8_t *) sctp_m_getptr(m_sig, 0, SCTP_SIGNATURE_SIZE, (uint8_t *) & tmp_sig);
1934 /* couldn't find signature */
1935 sctp_m_freem(m_sig);
1938 /* compare the received digest with the computed digest */
1939 if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) != 0) {
1940 /* try the old cookie? */
1941 if ((cookie->time_entered.tv_sec == (long)ep->time_of_secret_change) &&
1942 (ep->current_secret_number != ep->last_secret_number)) {
1943 /* compute digest with old */
1944 sctp_hmac_m(SCTP_HMAC,
1945 (uint8_t *) ep->secret_key[(int)ep->last_secret_number],
1946 SCTP_SECRET_SIZE, m, cookie_offset, calc_sig);
1948 if (memcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) == 0)
1956 * Now before we continue we must reconstruct our mbuf so that
1957 * normal processing of any other chunks will work.
1963 while (SCTP_BUF_NEXT(m_at) != NULL) {
1964 m_at = SCTP_BUF_NEXT(m_at);
1966 SCTP_BUF_NEXT(m_at) = m_sig;
1969 if (cookie_ok == 0) {
1971 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
1972 printf("handle_cookie_echo: cookie signature validation failed!\n");
1973 printf("offset = %u, cookie_offset = %u, sig_offset = %u\n",
1974 (uint32_t) offset, cookie_offset, sig_offset);
1980 * check the cookie timestamps to be sure it's not stale
1982 SCTP_GETTIME_TIMEVAL(&now);
1983 /* Expire time is in Ticks, so we convert to seconds */
1984 time_expires.tv_sec = cookie->time_entered.tv_sec + cookie->cookie_life;
1985 time_expires.tv_usec = cookie->time_entered.tv_usec;
1986 if (timevalcmp(&now, &time_expires, >)) {
1987 /* cookie is stale! */
1988 struct mbuf *op_err;
1989 struct sctp_stale_cookie_msg *scm;
1992 op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_stale_cookie_msg),
1993 0, M_DONTWAIT, 1, MT_DATA);
1994 if (op_err == NULL) {
1998 /* pre-reserve some space */
1999 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
2000 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
2001 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
2004 SCTP_BUF_LEN(op_err) = sizeof(struct sctp_stale_cookie_msg);
2005 scm = mtod(op_err, struct sctp_stale_cookie_msg *);
2006 scm->ph.param_type = htons(SCTP_CAUSE_STALE_COOKIE);
2007 scm->ph.param_length = htons((sizeof(struct sctp_paramhdr) +
2008 (sizeof(uint32_t))));
2009 /* seconds to usec */
2010 tim = (now.tv_sec - time_expires.tv_sec) * 1000000;
2013 tim = now.tv_usec - cookie->time_entered.tv_usec;
2014 scm->time_usec = htonl(tim);
2015 sctp_send_operr_to(m, iphlen, op_err, cookie->peers_vtag);
2019 * Now we must see with the lookup address if we have an existing
2020 * asoc. This will only happen if we were in the COOKIE-WAIT state
2021 * and a INIT collided with us and somewhere the peer sent the
2022 * cookie on another address besides the single address our assoc
2023 * had for him. In this case we will have one of the tie-tags set at
2024 * least AND the address field in the cookie can be used to look it
2028 if (cookie->addr_type == SCTP_IPV6_ADDRESS) {
2029 memset(&sin6, 0, sizeof(sin6));
2030 sin6.sin6_family = AF_INET6;
2031 sin6.sin6_len = sizeof(sin6);
2032 sin6.sin6_port = sh->src_port;
2033 sin6.sin6_scope_id = cookie->scope_id;
2034 memcpy(&sin6.sin6_addr.s6_addr, cookie->address,
2035 sizeof(sin6.sin6_addr.s6_addr));
2036 to = (struct sockaddr *)&sin6;
2037 } else if (cookie->addr_type == SCTP_IPV4_ADDRESS) {
2038 memset(&sin, 0, sizeof(sin));
2039 sin.sin_family = AF_INET;
2040 sin.sin_len = sizeof(sin);
2041 sin.sin_port = sh->src_port;
2042 sin.sin_addr.s_addr = cookie->address[0];
2043 to = (struct sockaddr *)&sin;
2045 if ((*stcb == NULL) && to) {
2046 /* Yep, lets check */
2047 *stcb = sctp_findassociation_ep_addr(inp_p, to, netp, localep_sa, NULL);
2048 if (*stcb == NULL) {
2050 * We should have only got back the same inp. If we
2051 * got back a different ep we have a problem. The
2052 * original findep got back l_inp and now
2054 if (l_inp != *inp_p) {
2055 printf("Bad problem find_ep got a diff inp then special_locate?\n");
2058 if (*locked_tcb == NULL) {
2060 * In this case we found the assoc only
2061 * after we locked the create lock. This
2062 * means we are in a colliding case and we
2063 * must make sure that we unlock the tcb if
2064 * its one of the cases where we throw away
2065 * the incoming packets.
2067 *locked_tcb = *stcb;
2070 * We must also increment the inp ref count
2071 * since the ref_count flags was set when we
2072 * did not find the TCB, now we found it
2073 * which reduces the refcount.. we must
2074 * raise it back out to balance it all :-)
2076 SCTP_INP_INCR_REF((*stcb)->sctp_ep);
2077 if ((*stcb)->sctp_ep != l_inp) {
2078 printf("Huh? ep:%p diff then l_inp:%p?\n",
2079 (*stcb)->sctp_ep, l_inp);
2084 cookie_len -= SCTP_SIGNATURE_SIZE;
2085 if (*stcb == NULL) {
2086 /* this is the "normal" case... get a new TCB */
2087 *stcb = sctp_process_cookie_new(m, iphlen, offset, sh, cookie,
2088 cookie_len, *inp_p, netp, to, ¬ification,
2089 auth_skipped, auth_offset, auth_len);
2091 /* this is abnormal... cookie-echo on existing TCB */
2092 had_a_existing_tcb = 1;
2093 *stcb = sctp_process_cookie_existing(m, iphlen, offset, sh,
2094 cookie, cookie_len, *inp_p, *stcb, *netp, to, ¬ification,
2098 if (*stcb == NULL) {
2099 /* still no TCB... must be bad cookie-echo */
2103 * Ok, we built an association so confirm the address we sent the
2106 netl = sctp_findnet(*stcb, to);
2108 * This code should in theory NOT run but
2111 /* TSNH! Huh, why do I need to add this address here? */
2114 ret = sctp_add_remote_addr(*stcb, to, SCTP_DONOT_SETSCOPE,
2115 SCTP_IN_COOKIE_PROC);
2116 netl = sctp_findnet(*stcb, to);
2119 if (netl->dest_state & SCTP_ADDR_UNCONFIRMED) {
2120 netl->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
2121 sctp_set_primary_addr((*stcb), (struct sockaddr *)NULL,
2123 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED,
2124 (*stcb), 0, (void *)netl);
2128 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, *inp_p,
2131 if ((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) {
2132 if (!had_a_existing_tcb ||
2133 (((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0)) {
2135 * If we have a NEW cookie or the connect never
2136 * reached the connected state during collision we
2137 * must do the TCP accept thing.
2139 struct socket *so, *oso;
2140 struct sctp_inpcb *inp;
2142 if (notification == SCTP_NOTIFY_ASSOC_RESTART) {
2144 * For a restart we will keep the same
2145 * socket, no need to do anything. I THINK!!
2147 sctp_ulp_notify(notification, *stcb, 0, (void *)&sac_restart_id);
2150 oso = (*inp_p)->sctp_socket;
2152 * We do this to keep the sockets side happy durin
2153 * the sonewcon ONLY.
2156 SCTP_TCB_UNLOCK((*stcb));
2157 so = sonewconn(oso, 0
2160 SCTP_INP_WLOCK((*stcb)->sctp_ep);
2161 SCTP_TCB_LOCK((*stcb));
2162 SCTP_INP_WUNLOCK((*stcb)->sctp_ep);
2164 struct mbuf *op_err;
2166 /* Too many sockets */
2168 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
2169 printf("process_cookie_new: no room for another socket!\n");
2171 #endif /* SCTP_DEBUG */
2172 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
2173 sctp_abort_association(*inp_p, NULL, m, iphlen,
2175 sctp_free_assoc(*inp_p, *stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_20);
2178 inp = (struct sctp_inpcb *)so->so_pcb;
2179 SCTP_INP_INCR_REF(inp);
2181 * We add the unbound flag here so that if we get an
2182 * soabort() before we get the move_pcb done, we
2183 * will properly cleanup.
2185 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE |
2186 SCTP_PCB_FLAGS_CONNECTED |
2187 SCTP_PCB_FLAGS_IN_TCPPOOL |
2188 SCTP_PCB_FLAGS_UNBOUND |
2189 (SCTP_PCB_COPY_FLAGS & (*inp_p)->sctp_flags) |
2190 SCTP_PCB_FLAGS_DONT_WAKE);
2191 inp->sctp_features = (*inp_p)->sctp_features;
2192 inp->sctp_socket = so;
2193 inp->sctp_frag_point = (*inp_p)->sctp_frag_point;
2194 inp->partial_delivery_point = (*inp_p)->partial_delivery_point;
2195 inp->sctp_context = (*inp_p)->sctp_context;
2196 inp->inp_starting_point_for_iterator = NULL;
2198 * copy in the authentication parameters from the
2201 if (inp->sctp_ep.local_hmacs)
2202 sctp_free_hmaclist(inp->sctp_ep.local_hmacs);
2203 inp->sctp_ep.local_hmacs =
2204 sctp_copy_hmaclist((*inp_p)->sctp_ep.local_hmacs);
2205 if (inp->sctp_ep.local_auth_chunks)
2206 sctp_free_chunklist(inp->sctp_ep.local_auth_chunks);
2207 inp->sctp_ep.local_auth_chunks =
2208 sctp_copy_chunklist((*inp_p)->sctp_ep.local_auth_chunks);
2209 (void)sctp_copy_skeylist(&(*inp_p)->sctp_ep.shared_keys,
2210 &inp->sctp_ep.shared_keys);
2213 * Now we must move it from one hash table to
2214 * another and get the tcb in the right place.
2216 sctp_move_pcb_and_assoc(*inp_p, inp, *stcb);
2217 sctp_pull_off_control_to_new_inp((*inp_p), inp, *stcb);
2220 * now we must check to see if we were aborted while
2221 * the move was going on and the lock/unlock
2224 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
2226 * yep it was, we leave the assoc attached
2227 * to the socket since the sctp_inpcb_free()
2228 * call will send an abort for us.
2230 SCTP_INP_DECR_REF(inp);
2233 SCTP_INP_DECR_REF(inp);
2234 /* Switch over to the new guy */
2236 sctp_ulp_notify(notification, *stcb, 0, NULL);
2239 * Pull it from the incomplete queue and wake the
2246 if ((notification) && ((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)) {
2247 sctp_ulp_notify(notification, *stcb, 0, NULL);
2253 sctp_handle_cookie_ack(struct sctp_cookie_ack_chunk *cp,
2254 struct sctp_tcb *stcb, struct sctp_nets *net)
2256 /* cp must not be used, others call this without a c-ack :-) */
2257 struct sctp_association *asoc;
2260 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
2261 printf("sctp_handle_cookie_ack: handling COOKIE-ACK\n");
2269 sctp_stop_all_cookie_timers(stcb);
2270 /* process according to association state */
2271 if (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED) {
2272 /* state change only needed when I am in right state */
2274 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
2275 printf("moving to OPEN state\n");
2278 if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) {
2279 asoc->state = SCTP_STATE_OPEN | SCTP_STATE_SHUTDOWN_PENDING;
2280 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
2281 stcb->sctp_ep, stcb, asoc->primary_destination);
2284 asoc->state = SCTP_STATE_OPEN;
2287 SCTP_STAT_INCR_COUNTER32(sctps_activeestab);
2288 SCTP_STAT_INCR_GAUGE32(sctps_currestab);
2289 if (asoc->overall_error_count == 0) {
2290 net->RTO = sctp_calculate_rto(stcb, asoc, net,
2291 &asoc->time_entered);
2293 SCTP_GETTIME_TIMEVAL(&asoc->time_entered);
2294 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_UP, stcb, 0, NULL);
2295 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
2296 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
2297 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED;
2298 soisconnected(stcb->sctp_ep->sctp_socket);
2300 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
2303 * since we did not send a HB make sure we don't double
2306 net->hb_responded = 1;
2308 if (stcb->asoc.sctp_autoclose_ticks &&
2309 sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_AUTOCLOSE)) {
2310 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE,
2311 stcb->sctp_ep, stcb, NULL);
2314 * set ASCONF timer if ASCONFs are pending and allowed (eg.
2315 * addresses changed when init/cookie echo in flight)
2317 if ((sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_DO_ASCONF)) &&
2318 (stcb->asoc.peer_supports_asconf) &&
2319 (!TAILQ_EMPTY(&stcb->asoc.asconf_queue))) {
2320 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF,
2321 stcb->sctp_ep, stcb,
2322 stcb->asoc.primary_destination);
2325 /* Toss the cookie if I can */
2326 sctp_toss_old_cookies(stcb, asoc);
2327 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
2328 /* Restart the timer if we have pending data */
2329 struct sctp_tmit_chunk *chk;
2331 chk = TAILQ_FIRST(&asoc->sent_queue);
2333 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2340 sctp_handle_ecn_echo(struct sctp_ecne_chunk *cp,
2341 struct sctp_tcb *stcb)
2343 struct sctp_nets *net;
2344 struct sctp_tmit_chunk *lchk;
2347 if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_ecne_chunk)) {
2350 SCTP_STAT_INCR(sctps_recvecne);
2351 tsn = ntohl(cp->tsn);
2352 /* ECN Nonce stuff: need a resync and disable the nonce sum check */
2353 /* Also we make sure we disable the nonce_wait */
2354 lchk = TAILQ_FIRST(&stcb->asoc.send_queue);
2356 stcb->asoc.nonce_resync_tsn = stcb->asoc.sending_seq;
2358 stcb->asoc.nonce_resync_tsn = lchk->rec.data.TSN_seq;
2360 stcb->asoc.nonce_wait_for_ecne = 0;
2361 stcb->asoc.nonce_sum_check = 0;
2363 /* Find where it was sent, if possible */
2365 lchk = TAILQ_FIRST(&stcb->asoc.sent_queue);
2367 if (lchk->rec.data.TSN_seq == tsn) {
2371 if (compare_with_wrap(lchk->rec.data.TSN_seq, tsn, MAX_SEQ))
2373 lchk = TAILQ_NEXT(lchk, sctp_next);
2376 /* default is we use the primary */
2377 net = stcb->asoc.primary_destination;
2379 if (compare_with_wrap(tsn, stcb->asoc.last_cwr_tsn, MAX_TSN)) {
2380 #ifdef SCTP_CWND_MONITOR
2383 old_cwnd = net->cwnd;
2385 SCTP_STAT_INCR(sctps_ecnereducedcwnd);
2386 net->ssthresh = net->cwnd / 2;
2387 if (net->ssthresh < net->mtu) {
2388 net->ssthresh = net->mtu;
2389 /* here back off the timer as well, to slow us down */
2392 net->cwnd = net->ssthresh;
2393 #ifdef SCTP_CWND_MONITOR
2394 sctp_log_cwnd(stcb, net, (net->cwnd - old_cwnd), SCTP_CWND_LOG_FROM_SAT);
2397 * we reduce once every RTT. So we will only lower cwnd at
2398 * the next sending seq i.e. the resync_tsn.
2400 stcb->asoc.last_cwr_tsn = stcb->asoc.nonce_resync_tsn;
2403 * We always send a CWR this way if our previous one was lost our
2404 * peer will get an update, or if it is not time again to reduce we
2405 * still get the cwr to the peer.
2407 sctp_send_cwr(stcb, net, tsn);
2411 sctp_handle_ecn_cwr(struct sctp_cwr_chunk *cp, struct sctp_tcb *stcb)
2414 * Here we get a CWR from the peer. We must look in the outqueue and
2415 * make sure that we have a covered ECNE in teh control chunk part.
2418 struct sctp_tmit_chunk *chk;
2419 struct sctp_ecne_chunk *ecne;
2421 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
2422 if (chk->rec.chunk_id.id != SCTP_ECN_ECHO) {
2426 * Look for and remove if it is the right TSN. Since there
2427 * is only ONE ECNE on the control queue at any one time we
2428 * don't need to worry about more than one!
2430 ecne = mtod(chk->data, struct sctp_ecne_chunk *);
2431 if (compare_with_wrap(ntohl(cp->tsn), ntohl(ecne->tsn),
2432 MAX_TSN) || (cp->tsn == ecne->tsn)) {
2433 /* this covers this ECNE, we can remove it */
2434 stcb->asoc.ecn_echo_cnt_onq--;
2435 TAILQ_REMOVE(&stcb->asoc.control_send_queue, chk,
2438 sctp_m_freem(chk->data);
2441 stcb->asoc.ctrl_queue_cnt--;
2442 sctp_free_remote_addr(chk->whoTo);
2443 sctp_free_a_chunk(stcb, chk);
2450 sctp_handle_shutdown_complete(struct sctp_shutdown_complete_chunk *cp,
2451 struct sctp_tcb *stcb, struct sctp_nets *net)
2453 struct sctp_association *asoc;
2456 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
2457 printf("sctp_handle_shutdown_complete: handling SHUTDOWN-COMPLETE\n");
2464 /* process according to association state */
2465 if (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT) {
2466 /* unexpected SHUTDOWN-COMPLETE... so ignore... */
2467 SCTP_TCB_UNLOCK(stcb);
2470 /* notify upper layer protocol */
2471 if (stcb->sctp_socket) {
2472 sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL);
2473 /* are the queues empty? they should be */
2474 if (!TAILQ_EMPTY(&asoc->send_queue) ||
2475 !TAILQ_EMPTY(&asoc->sent_queue) ||
2476 !TAILQ_EMPTY(&asoc->out_wheel)) {
2477 sctp_report_all_outbound(stcb, 0);
2480 /* stop the timer */
2481 sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_21);
2482 SCTP_STAT_INCR_COUNTER32(sctps_shutdown);
2484 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_22);
2489 process_chunk_drop(struct sctp_tcb *stcb, struct sctp_chunk_desc *desc,
2490 struct sctp_nets *net, uint8_t flg)
2492 switch (desc->chunk_type) {
2494 /* find the tsn to resend (possibly */
2497 struct sctp_tmit_chunk *tp1;
2499 tsn = ntohl(desc->tsn_ifany);
2500 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
2502 if (tp1->rec.data.TSN_seq == tsn) {
2506 if (compare_with_wrap(tp1->rec.data.TSN_seq, tsn,
2512 tp1 = TAILQ_NEXT(tp1, sctp_next);
2516 * Do it the other way , aka without paying
2517 * attention to queue seq order.
2519 SCTP_STAT_INCR(sctps_pdrpdnfnd);
2520 tp1 = TAILQ_FIRST(&stcb->asoc.sent_queue);
2522 if (tp1->rec.data.TSN_seq == tsn) {
2526 tp1 = TAILQ_NEXT(tp1, sctp_next);
2530 SCTP_STAT_INCR(sctps_pdrptsnnf);
2532 if ((tp1) && (tp1->sent < SCTP_DATAGRAM_ACKED)) {
2535 if ((stcb->asoc.peers_rwnd == 0) &&
2536 ((flg & SCTP_FROM_MIDDLE_BOX) == 0)) {
2537 SCTP_STAT_INCR(sctps_pdrpdiwnp);
2540 if (stcb->asoc.peers_rwnd == 0 &&
2541 (flg & SCTP_FROM_MIDDLE_BOX)) {
2542 SCTP_STAT_INCR(sctps_pdrpdizrw);
2545 ddp = (uint8_t *) (mtod(tp1->data, caddr_t)+
2546 sizeof(struct sctp_data_chunk));
2550 for (iii = 0; iii < sizeof(desc->data_bytes);
2552 if (ddp[iii] != desc->data_bytes[iii]) {
2553 SCTP_STAT_INCR(sctps_pdrpbadd);
2559 * We zero out the nonce so resync not
2562 tp1->rec.data.ect_nonce = 0;
2566 * this guy had a RTO calculation
2567 * pending on it, cancel it
2571 SCTP_STAT_INCR(sctps_pdrpmark);
2572 if (tp1->sent != SCTP_DATAGRAM_RESEND)
2573 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
2574 tp1->sent = SCTP_DATAGRAM_RESEND;
2576 * mark it as if we were doing a FR, since
2577 * we will be getting gap ack reports behind
2578 * the info from the router.
2580 tp1->rec.data.doing_fast_retransmit = 1;
2582 * mark the tsn with what sequences can
2585 if (TAILQ_EMPTY(&stcb->asoc.send_queue)) {
2586 tp1->rec.data.fast_retran_tsn = stcb->asoc.sending_seq;
2588 tp1->rec.data.fast_retran_tsn = (TAILQ_FIRST(&stcb->asoc.send_queue))->rec.data.TSN_seq;
2591 /* restart the timer */
2592 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2593 stcb, tp1->whoTo, SCTP_FROM_SCTP_INPUT + SCTP_LOC_23);
2594 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2597 /* fix counts and things */
2598 #ifdef SCTP_FLIGHT_LOGGING
2599 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN,
2600 tp1->whoTo->flight_size,
2603 tp1->rec.data.TSN_seq);
2605 if (tp1->whoTo->flight_size >= tp1->book_size)
2606 tp1->whoTo->flight_size -= tp1->book_size;
2608 tp1->whoTo->flight_size = 0;
2610 if (stcb->asoc.total_flight >= tp1->book_size) {
2611 stcb->asoc.total_flight -= tp1->book_size;
2612 if (stcb->asoc.total_flight_count > 0)
2613 stcb->asoc.total_flight_count--;
2615 stcb->asoc.total_flight = 0;
2616 stcb->asoc.total_flight_count = 0;
2624 TAILQ_FOREACH(tp1, &stcb->asoc.sent_queue, sctp_next) {
2625 if (tp1->sent == SCTP_DATAGRAM_RESEND)
2628 TAILQ_FOREACH(tp1, &stcb->asoc.control_send_queue,
2630 if (tp1->sent == SCTP_DATAGRAM_RESEND)
2633 if (audit != stcb->asoc.sent_queue_retran_cnt) {
2634 printf("**Local Audit finds cnt:%d asoc cnt:%d\n",
2635 audit, stcb->asoc.sent_queue_retran_cnt);
2636 #ifndef SCTP_AUDITING_ENABLED
2637 stcb->asoc.sent_queue_retran_cnt = audit;
2645 struct sctp_tmit_chunk *asconf;
2647 TAILQ_FOREACH(asconf, &stcb->asoc.control_send_queue,
2649 if (asconf->rec.chunk_id.id == SCTP_ASCONF) {
2654 if (asconf->sent != SCTP_DATAGRAM_RESEND)
2655 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
2656 asconf->sent = SCTP_DATAGRAM_RESEND;
2657 asconf->snd_count--;
2661 case SCTP_INITIATION:
2662 /* resend the INIT */
2663 stcb->asoc.dropped_special_cnt++;
2664 if (stcb->asoc.dropped_special_cnt < SCTP_RETRY_DROPPED_THRESH) {
2666 * If we can get it in, in a few attempts we do
2667 * this, otherwise we let the timer fire.
2669 sctp_timer_stop(SCTP_TIMER_TYPE_INIT, stcb->sctp_ep,
2670 stcb, net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_24);
2671 sctp_send_initiate(stcb->sctp_ep, stcb);
2674 case SCTP_SELECTIVE_ACK:
2675 /* resend the sack */
2676 sctp_send_sack(stcb);
2678 case SCTP_HEARTBEAT_REQUEST:
2679 /* resend a demand HB */
2680 sctp_send_hb(stcb, 1, net);
2683 sctp_send_shutdown(stcb, net);
2685 case SCTP_SHUTDOWN_ACK:
2686 sctp_send_shutdown_ack(stcb, net);
2688 case SCTP_COOKIE_ECHO:
2690 struct sctp_tmit_chunk *cookie;
2693 TAILQ_FOREACH(cookie, &stcb->asoc.control_send_queue,
2695 if (cookie->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
2700 if (cookie->sent != SCTP_DATAGRAM_RESEND)
2701 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
2702 cookie->sent = SCTP_DATAGRAM_RESEND;
2703 sctp_stop_all_cookie_timers(stcb);
2707 case SCTP_COOKIE_ACK:
2708 sctp_send_cookie_ack(stcb);
2710 case SCTP_ASCONF_ACK:
2711 /* resend last asconf ack */
2712 sctp_send_asconf_ack(stcb, 1);
2714 case SCTP_FORWARD_CUM_TSN:
2715 send_forward_tsn(stcb, &stcb->asoc);
2717 /* can't do anything with these */
2718 case SCTP_PACKET_DROPPED:
2719 case SCTP_INITIATION_ACK: /* this should not happen */
2720 case SCTP_HEARTBEAT_ACK:
2721 case SCTP_ABORT_ASSOCIATION:
2722 case SCTP_OPERATION_ERROR:
2723 case SCTP_SHUTDOWN_COMPLETE:
2733 sctp_reset_in_stream(struct sctp_tcb *stcb, int number_entries, uint16_t * list)
2739 * We set things to 0xffff since this is the last delivered sequence
2740 * and we will be sending in 0 after the reset.
2743 if (number_entries) {
2744 for (i = 0; i < number_entries; i++) {
2745 temp = ntohs(list[i]);
2746 if (temp >= stcb->asoc.streamincnt) {
2749 stcb->asoc.strmin[temp].last_sequence_delivered = 0xffff;
2753 for (i = 0; i < stcb->asoc.streamincnt; i++) {
2754 stcb->asoc.strmin[i].last_sequence_delivered = 0xffff;
2757 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_RECV, stcb, number_entries, (void *)list);
2761 sctp_reset_out_streams(struct sctp_tcb *stcb, int number_entries, uint16_t * list)
2765 if (number_entries == 0) {
2766 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
2767 stcb->asoc.strmout[i].next_sequence_sent = 0;
2769 } else if (number_entries) {
2770 for (i = 0; i < number_entries; i++) {
2773 temp = ntohs(list[i]);
2774 if (temp >= stcb->asoc.streamoutcnt) {
2775 /* no such stream */
2778 stcb->asoc.strmout[temp].next_sequence_sent = 0;
2781 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_SEND, stcb, number_entries, (void *)list);
2785 struct sctp_stream_reset_out_request *
2786 sctp_find_stream_reset(struct sctp_tcb *stcb, uint32_t seq, struct sctp_tmit_chunk **bchk)
2788 struct sctp_association *asoc;
2789 struct sctp_stream_reset_out_req *req;
2790 struct sctp_stream_reset_out_request *r;
2791 struct sctp_tmit_chunk *chk;
2795 if (TAILQ_EMPTY(&stcb->asoc.control_send_queue)) {
2798 if (stcb->asoc.str_reset == NULL) {
2801 chk = stcb->asoc.str_reset;
2802 if (chk->data == NULL) {
2806 /* he wants a copy of the chk pointer */
2809 clen = chk->send_size;
2810 req = mtod(chk->data, struct sctp_stream_reset_out_req *);
2812 if (ntohl(r->request_seq) == seq) {
2816 len = SCTP_SIZE32(ntohs(r->ph.param_length));
2817 if (clen > (len + (int)sizeof(struct sctp_chunkhdr))) {
2818 /* move to the next one, there can only be a max of two */
2819 r = (struct sctp_stream_reset_out_request *)((caddr_t)r + len);
2820 if (ntohl(r->request_seq) == seq) {
2824 /* that seq is not here */
2829 sctp_clean_up_stream_reset(struct sctp_tcb *stcb)
2831 struct sctp_association *asoc;
2832 struct sctp_tmit_chunk *chk = stcb->asoc.str_reset;
2834 if (stcb->asoc.str_reset == NULL) {
2839 sctp_timer_stop(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo, SCTP_FROM_SCTP_INPUT + SCTP_LOC_25);
2840 TAILQ_REMOVE(&asoc->control_send_queue,
2844 sctp_m_freem(chk->data);
2847 asoc->ctrl_queue_cnt--;
2848 sctp_free_remote_addr(chk->whoTo);
2850 sctp_free_a_chunk(stcb, chk);
2851 stcb->asoc.str_reset = NULL;
2856 sctp_handle_stream_reset_response(struct sctp_tcb *stcb,
2857 uint32_t seq, uint32_t action,
2858 struct sctp_stream_reset_response *respin)
2862 struct sctp_association *asoc = &stcb->asoc;
2863 struct sctp_tmit_chunk *chk;
2864 struct sctp_stream_reset_out_request *srparam;
2867 if (asoc->stream_reset_outstanding == 0) {
2871 if (seq == stcb->asoc.str_reset_seq_out) {
2872 srparam = sctp_find_stream_reset(stcb, seq, &chk);
2874 stcb->asoc.str_reset_seq_out++;
2875 type = ntohs(srparam->ph.param_type);
2876 lparm_len = ntohs(srparam->ph.param_length);
2877 if (type == SCTP_STR_RESET_OUT_REQUEST) {
2878 number_entries = (lparm_len - sizeof(struct sctp_stream_reset_out_request)) / sizeof(uint16_t);
2879 asoc->stream_reset_out_is_outstanding = 0;
2880 if (asoc->stream_reset_outstanding)
2881 asoc->stream_reset_outstanding--;
2882 if (action == SCTP_STREAM_RESET_PERFORMED) {
2884 sctp_reset_out_streams(stcb, number_entries, srparam->list_of_streams);
2886 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_OUT, stcb, number_entries, srparam->list_of_streams);
2888 } else if (type == SCTP_STR_RESET_IN_REQUEST) {
2889 /* Answered my request */
2890 number_entries = (lparm_len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t);
2891 if (asoc->stream_reset_outstanding)
2892 asoc->stream_reset_outstanding--;
2893 if (action != SCTP_STREAM_RESET_PERFORMED) {
2894 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_IN, stcb, number_entries, srparam->list_of_streams);
2896 } else if (type == SCTP_STR_RESET_TSN_REQUEST) {
2898 * a) Adopt the new in tsn.
2900 * c) Adopt the new out-tsn
2902 struct sctp_stream_reset_response_tsn *resp;
2903 struct sctp_forward_tsn_chunk fwdtsn;
2906 if (respin == NULL) {
2910 if (action == SCTP_STREAM_RESET_PERFORMED) {
2911 resp = (struct sctp_stream_reset_response_tsn *)respin;
2912 asoc->stream_reset_outstanding--;
2913 fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk));
2914 fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN;
2915 fwdtsn.new_cumulative_tsn = htonl(ntohl(resp->senders_next_tsn) - 1);
2916 sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag);
2920 stcb->asoc.highest_tsn_inside_map = (ntohl(resp->senders_next_tsn) - 1);
2921 stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map;
2922 stcb->asoc.mapping_array_base_tsn = ntohl(resp->senders_next_tsn);
2923 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
2924 stcb->asoc.sending_seq = ntohl(resp->receivers_next_tsn);
2925 stcb->asoc.last_acked_seq = stcb->asoc.cumulative_tsn;
2927 sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL);
2928 sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL);
2932 /* get rid of the request and get the request flags */
2933 if (asoc->stream_reset_outstanding == 0) {
2934 sctp_clean_up_stream_reset(stcb);
2942 sctp_handle_str_reset_request_in(struct sctp_tcb *stcb,
2943 struct sctp_tmit_chunk *chk,
2944 struct sctp_stream_reset_in_request *req)
2952 * peer wants me to send a str-reset to him for my outgoing seq's if
2955 struct sctp_association *asoc = &stcb->asoc;
2957 seq = ntohl(req->request_seq);
2958 if (asoc->str_reset_seq_in == seq) {
2959 if (stcb->asoc.stream_reset_out_is_outstanding == 0) {
2960 len = ntohs(req->ph.param_length);
2961 number_entries = ((len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t));
2962 for (i = 0; i < number_entries; i++) {
2963 temp = ntohs(req->list_of_streams[i]);
2964 req->list_of_streams[i] = temp;
2966 /* move the reset action back one */
2967 asoc->last_reset_action[1] = asoc->last_reset_action[0];
2968 asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
2969 sctp_add_stream_reset_out(chk, number_entries, req->list_of_streams,
2970 asoc->str_reset_seq_out,
2971 seq, (asoc->sending_seq - 1));
2972 asoc->stream_reset_out_is_outstanding = 1;
2973 asoc->str_reset = chk;
2974 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo);
2975 stcb->asoc.stream_reset_outstanding++;
2977 /* Can't do it, since we have sent one out */
2978 asoc->last_reset_action[1] = asoc->last_reset_action[0];
2979 asoc->last_reset_action[0] = SCTP_STREAM_RESET_TRY_LATER;
2980 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
2982 asoc->str_reset_seq_in++;
2983 } else if (asoc->str_reset_seq_in - 1 == seq) {
2984 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
2985 } else if (asoc->str_reset_seq_in - 2 == seq) {
2986 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]);
2988 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
2993 sctp_handle_str_reset_request_tsn(struct sctp_tcb *stcb,
2994 struct sctp_tmit_chunk *chk,
2995 struct sctp_stream_reset_tsn_request *req)
2997 /* reset all in and out and update the tsn */
2999 * A) reset my str-seq's on in and out. B) Select a receive next,
3000 * and set cum-ack to it. Also process this selected number as a
3001 * fwd-tsn as well. C) set in the response my next sending seq.
3003 struct sctp_forward_tsn_chunk fwdtsn;
3004 struct sctp_association *asoc = &stcb->asoc;
3008 seq = ntohl(req->request_seq);
3009 if (asoc->str_reset_seq_in == seq) {
3010 fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk));
3011 fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN;
3012 fwdtsn.ch.chunk_flags = 0;
3013 fwdtsn.new_cumulative_tsn = htonl(stcb->asoc.highest_tsn_inside_map + 1);
3014 sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag);
3018 stcb->asoc.highest_tsn_inside_map += SCTP_STREAM_RESET_TSN_DELTA;
3019 stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map;
3020 stcb->asoc.mapping_array_base_tsn = stcb->asoc.highest_tsn_inside_map + 1;
3021 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
3022 atomic_add_int(&stcb->asoc.sending_seq, 1);
3023 /* save off historical data for retrans */
3024 stcb->asoc.last_sending_seq[1] = stcb->asoc.last_sending_seq[0];
3025 stcb->asoc.last_sending_seq[0] = stcb->asoc.sending_seq;
3026 stcb->asoc.last_base_tsnsent[1] = stcb->asoc.last_base_tsnsent[0];
3027 stcb->asoc.last_base_tsnsent[0] = stcb->asoc.mapping_array_base_tsn;
3029 sctp_add_stream_reset_result_tsn(chk,
3030 ntohl(req->request_seq),
3031 SCTP_STREAM_RESET_PERFORMED,
3032 stcb->asoc.sending_seq,
3033 stcb->asoc.mapping_array_base_tsn);
3034 sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL);
3035 sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL);
3036 stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0];
3037 stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
3039 asoc->str_reset_seq_in++;
3040 } else if (asoc->str_reset_seq_in - 1 == seq) {
3041 sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[0],
3042 stcb->asoc.last_sending_seq[0],
3043 stcb->asoc.last_base_tsnsent[0]
3045 } else if (asoc->str_reset_seq_in - 2 == seq) {
3046 sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[1],
3047 stcb->asoc.last_sending_seq[1],
3048 stcb->asoc.last_base_tsnsent[1]
3051 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
3057 sctp_handle_str_reset_request_out(struct sctp_tcb *stcb,
3058 struct sctp_tmit_chunk *chk,
3059 struct sctp_stream_reset_out_request *req)
3062 int number_entries, len;
3063 struct sctp_association *asoc = &stcb->asoc;
3065 seq = ntohl(req->request_seq);
3067 /* now if its not a duplicate we process it */
3068 if (asoc->str_reset_seq_in == seq) {
3069 len = ntohs(req->ph.param_length);
3070 number_entries = ((len - sizeof(struct sctp_stream_reset_out_request)) / sizeof(uint16_t));
3072 * the sender is resetting, handle the list issue.. we must
3073 * a) verify if we can do the reset, if so no problem b) If
3074 * we can't do the reset we must copy the request. c) queue
3075 * it, and setup the data in processor to trigger it off
3076 * when needed and dequeue all the queued data.
3078 tsn = ntohl(req->send_reset_at_tsn);
3080 /* move the reset action back one */
3081 asoc->last_reset_action[1] = asoc->last_reset_action[0];
3082 if ((tsn == asoc->cumulative_tsn) ||
3083 (compare_with_wrap(asoc->cumulative_tsn, tsn, MAX_TSN))) {
3084 /* we can do it now */
3085 sctp_reset_in_stream(stcb, number_entries, req->list_of_streams);
3086 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_PERFORMED);
3087 asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
3090 * we must queue it up and thus wait for the TSN's
3091 * to arrive that are at or before tsn
3093 struct sctp_stream_reset_list *liste;
3096 siz = sizeof(struct sctp_stream_reset_list) + (number_entries * sizeof(uint16_t));
3097 SCTP_MALLOC(liste, struct sctp_stream_reset_list *,
3099 if (liste == NULL) {
3100 /* gak out of memory */
3101 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_DENIED);
3102 asoc->last_reset_action[0] = SCTP_STREAM_RESET_DENIED;
3106 liste->number_entries = number_entries;
3107 memcpy(&liste->req, req,
3108 (sizeof(struct sctp_stream_reset_out_request) + (number_entries * sizeof(uint16_t))));
3109 TAILQ_INSERT_TAIL(&asoc->resetHead, liste, next_resp);
3110 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_PERFORMED);
3111 asoc->last_reset_action[0] = SCTP_STREAM_RESET_PERFORMED;
3113 asoc->str_reset_seq_in++;
3114 } else if ((asoc->str_reset_seq_in - 1) == seq) {
3116 * one seq back, just echo back last action since my
3117 * response was lost.
3119 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]);
3120 } else if ((asoc->str_reset_seq_in - 2) == seq) {
3122 * two seq back, just echo back last action since my
3123 * response was lost.
3125 sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]);
3127 sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_BAD_SEQNO);
3132 sctp_handle_stream_reset(struct sctp_tcb *stcb, struct sctp_stream_reset_out_req *sr_req)
3134 int chk_length, param_len, ptype;
3137 struct sctp_tmit_chunk *chk;
3138 struct sctp_chunkhdr *ch;
3139 struct sctp_paramhdr *ph;
3143 /* now it may be a reset or a reset-response */
3144 chk_length = ntohs(sr_req->ch.chunk_length);
3146 /* setup for adding the response */
3147 sctp_alloc_a_chunk(stcb, chk);
3151 chk->rec.chunk_id.id = SCTP_STREAM_RESET;
3152 chk->asoc = &stcb->asoc;
3153 chk->no_fr_allowed = 0;
3154 chk->book_size = chk->send_size = sizeof(struct sctp_chunkhdr);
3155 chk->book_size_scale = 0;
3156 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA);
3157 if (chk->data == NULL) {
3160 sctp_m_freem(chk->data);
3163 sctp_free_a_chunk(stcb, chk);
3166 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
3168 /* setup chunk parameters */
3169 chk->sent = SCTP_DATAGRAM_UNSENT;
3171 chk->whoTo = stcb->asoc.primary_destination;
3172 atomic_add_int(&chk->whoTo->ref_count, 1);
3174 ch = mtod(chk->data, struct sctp_chunkhdr *);
3175 ch->chunk_type = SCTP_STREAM_RESET;
3176 ch->chunk_flags = 0;
3177 ch->chunk_length = htons(chk->send_size);
3178 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size);
3180 ph = (struct sctp_paramhdr *)&sr_req->sr_req;
3181 while ((size_t)chk_length >= sizeof(struct sctp_stream_reset_tsn_request)) {
3182 param_len = ntohs(ph->param_length);
3183 if (param_len < (int)sizeof(struct sctp_stream_reset_tsn_request)) {
3187 ptype = ntohs(ph->param_type);
3189 if (num_param > SCTP_MAX_RESET_PARAMS) {
3190 /* hit the max of parameters already sorry.. */
3193 if (ptype == SCTP_STR_RESET_OUT_REQUEST) {
3194 struct sctp_stream_reset_out_request *req_out;
3196 req_out = (struct sctp_stream_reset_out_request *)ph;
3198 if (stcb->asoc.stream_reset_outstanding) {
3199 seq = ntohl(req_out->response_seq);
3200 if (seq == stcb->asoc.str_reset_seq_out) {
3202 sctp_handle_stream_reset_response(stcb, seq, SCTP_STREAM_RESET_PERFORMED, NULL);
3205 sctp_handle_str_reset_request_out(stcb, chk, req_out);
3206 } else if (ptype == SCTP_STR_RESET_IN_REQUEST) {
3207 struct sctp_stream_reset_in_request *req_in;
3210 req_in = (struct sctp_stream_reset_in_request *)ph;
3211 sctp_handle_str_reset_request_in(stcb, chk, req_in);
3212 } else if (ptype == SCTP_STR_RESET_TSN_REQUEST) {
3213 struct sctp_stream_reset_tsn_request *req_tsn;
3216 req_tsn = (struct sctp_stream_reset_tsn_request *)ph;
3217 if (sctp_handle_str_reset_request_tsn(stcb, chk, req_tsn)) {
3219 goto strres_nochunk;
3223 } else if (ptype == SCTP_STR_RESET_RESPONSE) {
3224 struct sctp_stream_reset_response *resp;
3227 resp = (struct sctp_stream_reset_response *)ph;
3228 seq = ntohl(resp->response_seq);
3229 result = ntohl(resp->result);
3230 if (sctp_handle_stream_reset_response(stcb, seq, result, resp)) {
3232 goto strres_nochunk;
3238 ph = (struct sctp_paramhdr *)((caddr_t)ph + SCTP_SIZE32(param_len));
3239 chk_length -= SCTP_SIZE32(param_len);
3242 /* we have no response free the stuff */
3243 goto strres_nochunk;
3245 /* ok we have a chunk to link in */
3246 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue,
3249 stcb->asoc.ctrl_queue_cnt++;
3254 * Handle a router or endpoints report of a packet loss, there are two ways
3255 * to handle this, either we get the whole packet and must disect it
3256 * ourselves (possibly with truncation and or corruption) or it is a summary
3257 * from a middle box that did the disectting for us.
3260 sctp_handle_packet_dropped(struct sctp_pktdrop_chunk *cp,
3261 struct sctp_tcb *stcb, struct sctp_nets *net)
3263 uint32_t bottle_bw, on_queue;
3267 struct sctp_chunk_desc desc;
3268 struct sctp_chunkhdr *ch;
3270 chlen = ntohs(cp->ch.chunk_length);
3271 chlen -= sizeof(struct sctp_pktdrop_chunk);
3272 /* XXX possible chlen underflow */
3275 if (cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX)
3276 SCTP_STAT_INCR(sctps_pdrpbwrpt);
3278 ch = (struct sctp_chunkhdr *)(cp->data + sizeof(struct sctphdr));
3279 chlen -= sizeof(struct sctphdr);
3280 /* XXX possible chlen underflow */
3281 memset(&desc, 0, sizeof(desc));
3283 trunc_len = (uint16_t) ntohs(cp->trunc_len);
3284 /* now the chunks themselves */
3285 while ((ch != NULL) && (chlen >= sizeof(struct sctp_chunkhdr))) {
3286 desc.chunk_type = ch->chunk_type;
3287 /* get amount we need to move */
3288 at = ntohs(ch->chunk_length);
3289 if (at < sizeof(struct sctp_chunkhdr)) {
3290 /* corrupt chunk, maybe at the end? */
3291 SCTP_STAT_INCR(sctps_pdrpcrupt);
3294 if (trunc_len == 0) {
3295 /* we are supposed to have all of it */
3297 /* corrupt skip it */
3298 SCTP_STAT_INCR(sctps_pdrpcrupt);
3302 /* is there enough of it left ? */
3303 if (desc.chunk_type == SCTP_DATA) {
3304 if (chlen < (sizeof(struct sctp_data_chunk) +
3305 sizeof(desc.data_bytes))) {
3309 if (chlen < sizeof(struct sctp_chunkhdr)) {
3314 if (desc.chunk_type == SCTP_DATA) {
3315 /* can we get out the tsn? */
3316 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX))
3317 SCTP_STAT_INCR(sctps_pdrpmbda);
3319 if (chlen >= (sizeof(struct sctp_data_chunk) + sizeof(uint32_t))) {
3321 struct sctp_data_chunk *dcp;
3325 dcp = (struct sctp_data_chunk *)ch;
3326 ddp = (uint8_t *) (dcp + 1);
3327 for (iii = 0; iii < sizeof(desc.data_bytes); iii++) {
3328 desc.data_bytes[iii] = ddp[iii];
3330 desc.tsn_ifany = dcp->dp.tsn;
3332 /* nope we are done. */
3333 SCTP_STAT_INCR(sctps_pdrpnedat);
3337 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX))
3338 SCTP_STAT_INCR(sctps_pdrpmbct);
3341 if (process_chunk_drop(stcb, &desc, net, cp->ch.chunk_flags)) {
3342 SCTP_STAT_INCR(sctps_pdrppdbrk);
3345 if (SCTP_SIZE32(at) > chlen) {
3348 chlen -= SCTP_SIZE32(at);
3349 if (chlen < sizeof(struct sctp_chunkhdr)) {
3350 /* done, none left */
3353 ch = (struct sctp_chunkhdr *)((caddr_t)ch + SCTP_SIZE32(at));
3355 /* Now update any rwnd --- possibly */
3356 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX) == 0) {
3357 /* From a peer, we get a rwnd report */
3360 SCTP_STAT_INCR(sctps_pdrpfehos);
3362 bottle_bw = ntohl(cp->bottle_bw);
3363 on_queue = ntohl(cp->current_onq);
3364 if (bottle_bw && on_queue) {
3365 /* a rwnd report is in here */
3366 if (bottle_bw > on_queue)
3367 a_rwnd = bottle_bw - on_queue;
3372 stcb->asoc.peers_rwnd = 0;
3374 if (a_rwnd > stcb->asoc.total_flight) {
3375 stcb->asoc.peers_rwnd =
3376 a_rwnd - stcb->asoc.total_flight;
3378 stcb->asoc.peers_rwnd = 0;
3380 if (stcb->asoc.peers_rwnd <
3381 stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
3382 /* SWS sender side engages */
3383 stcb->asoc.peers_rwnd = 0;
3388 SCTP_STAT_INCR(sctps_pdrpfmbox);
3391 /* now middle boxes in sat networks get a cwnd bump */
3392 if ((cp->ch.chunk_flags & SCTP_FROM_MIDDLE_BOX) &&
3393 (stcb->asoc.sat_t3_loss_recovery == 0) &&
3394 (stcb->asoc.sat_network)) {
3396 * This is debateable but for sat networks it makes sense
3397 * Note if a T3 timer has went off, we will prohibit any
3398 * changes to cwnd until we exit the t3 loss recovery.
3403 #ifdef SCTP_CWND_MONITOR
3404 int old_cwnd = net->cwnd;
3407 /* need real RTT for this calc */
3408 rtt = ((net->lastsa >> 2) + net->lastsv) >> 1;
3409 /* get bottle neck bw */
3410 bottle_bw = ntohl(cp->bottle_bw);
3411 /* and whats on queue */
3412 on_queue = ntohl(cp->current_onq);
3414 * adjust the on-queue if our flight is more it could be
3415 * that the router has not yet gotten data "in-flight" to it
3417 if (on_queue < net->flight_size)
3418 on_queue = net->flight_size;
3420 /* calculate the available space */
3421 bw_avail = (bottle_bw * rtt) / 1000;
3422 if (bw_avail > bottle_bw) {
3424 * Cap the growth to no more than the bottle neck.
3425 * This can happen as RTT slides up due to queues.
3426 * It also means if you have more than a 1 second
3427 * RTT with a empty queue you will be limited to the
3428 * bottle_bw per second no matter if other points
3429 * have 1/2 the RTT and you could get more out...
3431 bw_avail = bottle_bw;
3433 if (on_queue > bw_avail) {
3435 * No room for anything else don't allow anything
3436 * else to be "added to the fire".
3438 int seg_inflight, seg_onqueue, my_portion;
3440 net->partial_bytes_acked = 0;
3442 /* how much are we over queue size? */
3443 incr = on_queue - bw_avail;
3444 if (stcb->asoc.seen_a_sack_this_pkt) {
3446 * undo any cwnd adjustment that the sack
3449 net->cwnd = net->prev_cwnd;
3451 /* Now how much of that is mine? */
3452 seg_inflight = net->flight_size / net->mtu;
3453 seg_onqueue = on_queue / net->mtu;
3454 my_portion = (incr * seg_inflight) / seg_onqueue;
3456 /* Have I made an adjustment already */
3457 if (net->cwnd > net->flight_size) {
3459 * for this flight I made an adjustment we
3460 * need to decrease the portion by a share
3461 * our previous adjustment.
3465 diff_adj = net->cwnd - net->flight_size;
3466 if (diff_adj > my_portion)
3469 my_portion -= diff_adj;
3472 * back down to the previous cwnd (assume we have
3473 * had a sack before this packet). minus what ever
3474 * portion of the overage is my fault.
3476 net->cwnd -= my_portion;
3478 /* we will NOT back down more than 1 MTU */
3479 if (net->cwnd <= net->mtu) {
3480 net->cwnd = net->mtu;
3483 net->ssthresh = net->cwnd - 1;
3486 * Take 1/4 of the space left or max burst up ..
3487 * whichever is less.
3489 incr = min((bw_avail - on_queue) >> 2,
3490 (int)stcb->asoc.max_burst * (int)net->mtu);
3493 if (net->cwnd > bw_avail) {
3494 /* We can't exceed the pipe size */
3495 net->cwnd = bw_avail;
3497 if (net->cwnd < net->mtu) {
3498 /* We always have 1 MTU */
3499 net->cwnd = net->mtu;
3501 #ifdef SCTP_CWND_MONITOR
3502 if (net->cwnd - old_cwnd != 0) {
3503 /* log only changes */
3504 sctp_log_cwnd(stcb, net, (net->cwnd - old_cwnd),
3505 SCTP_CWND_LOG_FROM_SAT);
3512 * handles all control chunks in a packet inputs: - m: mbuf chain, assumed to
3513 * still contain IP/SCTP header - stcb: is the tcb found for this packet -
3514 * offset: offset into the mbuf chain to first chunkhdr - length: is the
3515 * length of the complete packet outputs: - length: modified to remaining
3516 * length after control processing - netp: modified to new sctp_nets after
3517 * cookie-echo processing - return NULL to discard the packet (ie. no asoc,
3518 * bad packet,...) otherwise return the tcb for this packet
3520 static struct sctp_tcb *
3521 sctp_process_control(struct mbuf *m, int iphlen, int *offset, int length,
3522 struct sctphdr *sh, struct sctp_chunkhdr *ch, struct sctp_inpcb *inp,
3523 struct sctp_tcb *stcb, struct sctp_nets **netp, int *fwd_tsn_seen)
3525 struct sctp_association *asoc;
3527 int num_chunks = 0; /* number of control chunks processed */
3532 * How big should this be, and should it be alloc'd? Lets try the
3533 * d-mtu-ceiling for now (2k) and that should hopefully work ...
3534 * until we get into jumbo grams and such..
3536 uint8_t chunk_buf[SCTP_CHUNK_BUFFER_SIZE];
3537 struct sctp_tcb *locked_tcb = stcb;
3539 uint32_t auth_offset = 0, auth_len = 0;
3540 int auth_skipped = 0;
3543 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
3544 printf("sctp_process_control: iphlen=%u, offset=%u, length=%u stcb:%p\n",
3545 iphlen, *offset, length, stcb);
3547 #endif /* SCTP_DEBUG */
3549 /* validate chunk header length... */
3550 if (ntohs(ch->chunk_length) < sizeof(*ch)) {
3554 * validate the verification tag
3556 vtag_in = ntohl(sh->v_tag);
3559 SCTP_TCB_LOCK_ASSERT(locked_tcb);
3561 if (ch->chunk_type == SCTP_INITIATION) {
3563 /* protocol error- silently discard... */
3564 SCTP_STAT_INCR(sctps_badvtag);
3566 SCTP_TCB_UNLOCK(locked_tcb);
3569 } else if (ch->chunk_type != SCTP_COOKIE_ECHO) {
3571 * If there is no stcb, skip the AUTH chunk and process
3572 * later after a stcb is found (to validate the lookup was
3575 if ((ch->chunk_type == SCTP_AUTHENTICATION) &&
3576 (stcb == NULL) && !sctp_auth_disable) {
3577 /* save this chunk for later processing */
3579 auth_offset = *offset;
3580 auth_len = ntohs(ch->chunk_length);
3582 /* (temporarily) move past this chunk */
3583 *offset += SCTP_SIZE32(auth_len);
3584 if (*offset >= length) {
3585 /* no more data left in the mbuf chain */
3589 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
3590 sizeof(struct sctp_chunkhdr), chunk_buf);
3592 if (ch->chunk_type == SCTP_COOKIE_ECHO) {
3593 goto process_control_chunks;
3596 * first check if it's an ASCONF with an unknown src addr we
3597 * need to look inside to find the association
3599 if (ch->chunk_type == SCTP_ASCONF && stcb == NULL) {
3600 /* inp's refcount may be reduced */
3601 SCTP_INP_INCR_REF(inp);
3603 stcb = sctp_findassociation_ep_asconf(m, iphlen,
3604 *offset, sh, &inp, netp);
3607 * reduce inp's refcount if not reduced in
3608 * sctp_findassociation_ep_asconf().
3610 SCTP_INP_DECR_REF(inp);
3612 /* now go back and verify any auth chunk to be sure */
3613 if (auth_skipped && (stcb != NULL)) {
3614 struct sctp_auth_chunk *auth;
3616 auth = (struct sctp_auth_chunk *)
3617 sctp_m_getptr(m, auth_offset,
3618 auth_len, chunk_buf);
3621 if (sctp_handle_auth(stcb, auth, m,
3623 /* auth HMAC failed so dump it */
3627 /* remaining chunks are HMAC checked */
3628 stcb->asoc.authenticated = 1;
3633 /* no association, so it's out of the blue... */
3634 sctp_handle_ootb(m, iphlen, *offset, sh, inp, NULL);
3637 SCTP_TCB_UNLOCK(locked_tcb);
3641 /* ABORT and SHUTDOWN can use either v_tag... */
3642 if ((ch->chunk_type == SCTP_ABORT_ASSOCIATION) ||
3643 (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) ||
3644 (ch->chunk_type == SCTP_PACKET_DROPPED)) {
3645 if ((vtag_in == asoc->my_vtag) ||
3646 ((ch->chunk_flags & SCTP_HAD_NO_TCB) &&
3647 (vtag_in == asoc->peer_vtag))) {
3650 /* drop this packet... */
3651 SCTP_STAT_INCR(sctps_badvtag);
3653 SCTP_TCB_UNLOCK(locked_tcb);
3656 } else if (ch->chunk_type == SCTP_SHUTDOWN_ACK) {
3657 if (vtag_in != asoc->my_vtag) {
3659 * this could be a stale SHUTDOWN-ACK or the
3660 * peer never got the SHUTDOWN-COMPLETE and
3661 * is still hung; we have started a new asoc
3662 * but it won't complete until the shutdown
3666 SCTP_TCB_UNLOCK(locked_tcb);
3667 sctp_handle_ootb(m, iphlen, *offset, sh, inp,
3672 /* for all other chunks, vtag must match */
3673 if (vtag_in != asoc->my_vtag) {
3674 /* invalid vtag... */
3676 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3677 printf("invalid vtag: %xh, expect %xh\n", vtag_in, asoc->my_vtag);
3679 #endif /* SCTP_DEBUG */
3680 SCTP_STAT_INCR(sctps_badvtag);
3682 SCTP_TCB_UNLOCK(locked_tcb);
3687 } /* end if !SCTP_COOKIE_ECHO */
3689 * process all control chunks...
3691 if (((ch->chunk_type == SCTP_SELECTIVE_ACK) ||
3692 (ch->chunk_type == SCTP_HEARTBEAT_REQUEST)) &&
3693 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_ECHOED)) {
3694 /* implied cookie-ack.. we must have lost the ack */
3695 stcb->asoc.overall_error_count = 0;
3696 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb,
3699 process_control_chunks:
3701 while (IS_SCTP_CONTROL(ch)) {
3702 /* validate chunk length */
3703 chk_length = ntohs(ch->chunk_length);
3705 if (sctp_debug_on & SCTP_DEBUG_INPUT2) {
3706 printf("sctp_process_control: processing a chunk type=%u, len=%u\n",
3707 ch->chunk_type, chk_length);
3709 #endif /* SCTP_DEBUG */
3710 if ((size_t)chk_length < sizeof(*ch) ||
3711 (*offset + chk_length) > length) {
3714 SCTP_TCB_UNLOCK(locked_tcb);
3717 SCTP_STAT_INCR_COUNTER64(sctps_incontrolchunks);
3719 * INIT-ACK only gets the init ack "header" portion only
3720 * because we don't have to process the peer's COOKIE. All
3721 * others get a complete chunk.
3723 if (ch->chunk_type == SCTP_INITIATION_ACK) {
3724 /* get an init-ack chunk */
3725 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
3726 sizeof(struct sctp_init_ack_chunk), chunk_buf);
3730 SCTP_TCB_UNLOCK(locked_tcb);
3734 /* get a complete chunk... */
3735 if ((size_t)chk_length > sizeof(chunk_buf)) {
3737 struct sctp_paramhdr *phdr;
3740 oper = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
3741 0, M_DONTWAIT, 1, MT_DATA);
3743 /* pre-reserve some space */
3744 SCTP_BUF_RESV_UF(oper, sizeof(struct sctp_chunkhdr));
3745 SCTP_BUF_LEN(oper) = sizeof(struct sctp_paramhdr);
3746 phdr = mtod(oper, struct sctp_paramhdr *);
3747 phdr->param_type = htons(SCTP_CAUSE_OUT_OF_RESC);
3748 phdr->param_length = htons(sizeof(struct sctp_paramhdr));
3749 sctp_queue_op_err(stcb, oper);
3752 SCTP_TCB_UNLOCK(locked_tcb);
3755 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
3756 chk_length, chunk_buf);
3758 printf("sctp_process_control: Can't get the all data....\n");
3761 SCTP_TCB_UNLOCK(locked_tcb);
3766 /* Save off the last place we got a control from */
3768 if ((*netp != NULL) || (ch->chunk_type == SCTP_ASCONF)) {
3770 * allow last_control to be NULL if
3771 * ASCONF... ASCONF processing will find the
3774 stcb->asoc.last_control_chunk_from = *netp;
3777 #ifdef SCTP_AUDITING_ENABLED
3778 sctp_audit_log(0xB0, ch->chunk_type);
3781 /* check to see if this chunk required auth, but isn't */
3782 if ((stcb != NULL) && !sctp_auth_disable &&
3783 sctp_auth_is_required_chunk(ch->chunk_type,
3784 stcb->asoc.local_auth_chunks) &&
3785 !stcb->asoc.authenticated) {
3786 /* "silently" ignore */
3787 SCTP_STAT_INCR(sctps_recvauthmissing);
3790 switch (ch->chunk_type) {
3791 case SCTP_INITIATION:
3792 /* must be first and only chunk */
3794 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3795 printf("SCTP_INIT\n");
3797 #endif /* SCTP_DEBUG */
3798 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
3799 /* We are not interested anymore? */
3800 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
3802 * collision case where we are
3803 * sending to them too
3808 SCTP_TCB_UNLOCK(locked_tcb);
3813 if ((num_chunks > 1) ||
3814 (sctp_strict_init && (length - *offset > SCTP_SIZE32(chk_length)))) {
3817 SCTP_TCB_UNLOCK(locked_tcb);
3820 if ((stcb != NULL) &&
3821 (SCTP_GET_STATE(&stcb->asoc) ==
3822 SCTP_STATE_SHUTDOWN_ACK_SENT)) {
3823 sctp_send_shutdown_ack(stcb,
3824 stcb->asoc.primary_destination);
3826 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC);
3828 SCTP_TCB_UNLOCK(locked_tcb);
3831 sctp_handle_init(m, iphlen, *offset, sh,
3832 (struct sctp_init_chunk *)ch, inp, stcb, *netp);
3835 SCTP_TCB_UNLOCK(locked_tcb);
3838 case SCTP_INITIATION_ACK:
3839 /* must be first and only chunk */
3841 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3842 printf("SCTP_INIT-ACK\n");
3844 #endif /* SCTP_DEBUG */
3845 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
3846 /* We are not interested anymore */
3847 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
3851 SCTP_TCB_UNLOCK(locked_tcb);
3854 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_26);
3859 if ((num_chunks > 1) ||
3860 (sctp_strict_init && (length - *offset > SCTP_SIZE32(chk_length)))) {
3863 SCTP_TCB_UNLOCK(locked_tcb);
3866 ret = sctp_handle_init_ack(m, iphlen, *offset, sh,
3867 (struct sctp_init_ack_chunk *)ch, stcb, *netp);
3869 * Special case, I must call the output routine to
3870 * get the cookie echoed
3872 if ((stcb) && ret == 0)
3873 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC);
3876 SCTP_TCB_UNLOCK(locked_tcb);
3879 case SCTP_SELECTIVE_ACK:
3881 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3882 printf("SCTP_SACK\n");
3884 #endif /* SCTP_DEBUG */
3885 SCTP_STAT_INCR(sctps_recvsacks);
3887 struct sctp_sack_chunk *sack;
3889 uint32_t a_rwnd, cum_ack;
3893 sack = (struct sctp_sack_chunk *)ch;
3895 nonce_sum_flag = ch->chunk_flags & SCTP_SACK_NONCE_SUM;
3896 cum_ack = ntohl(sack->sack.cum_tsn_ack);
3897 num_seg = ntohs(sack->sack.num_gap_ack_blks);
3898 a_rwnd = (uint32_t) ntohl(sack->sack.a_rwnd);
3899 stcb->asoc.seen_a_sack_this_pkt = 1;
3900 if ((stcb->asoc.pr_sctp_cnt == 0) &&
3902 ((compare_with_wrap(cum_ack, stcb->asoc.last_acked_seq, MAX_TSN)) ||
3903 (cum_ack == stcb->asoc.last_acked_seq)) &&
3904 (stcb->asoc.saw_sack_with_frags == 0) &&
3905 (!TAILQ_EMPTY(&stcb->asoc.sent_queue))
3908 * We have a SIMPLE sack having no
3909 * prior segments and data on sent
3910 * queue to be acked.. Use the
3911 * faster path sack processing. We
3912 * also allow window update sacks
3913 * with no missing segments to go
3916 sctp_express_handle_sack(stcb, cum_ack, a_rwnd, nonce_sum_flag, &abort_now);
3918 sctp_handle_sack(sack, stcb, *netp, &abort_now);
3921 /* ABORT signal from sack processing */
3927 case SCTP_HEARTBEAT_REQUEST:
3929 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3930 printf("SCTP_HEARTBEAT\n");
3932 #endif /* SCTP_DEBUG */
3933 SCTP_STAT_INCR(sctps_recvheartbeat);
3934 sctp_send_heartbeat_ack(stcb, m, *offset, chk_length,
3937 /* He's alive so give him credit */
3938 stcb->asoc.overall_error_count = 0;
3940 case SCTP_HEARTBEAT_ACK:
3942 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3943 printf("SCTP_HEARTBEAT-ACK\n");
3945 #endif /* SCTP_DEBUG */
3947 /* He's alive so give him credit */
3948 stcb->asoc.overall_error_count = 0;
3949 SCTP_STAT_INCR(sctps_recvheartbeatack);
3950 sctp_handle_heartbeat_ack((struct sctp_heartbeat_chunk *)ch,
3953 case SCTP_ABORT_ASSOCIATION:
3955 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3956 printf("SCTP_ABORT\n");
3958 #endif /* SCTP_DEBUG */
3959 sctp_handle_abort((struct sctp_abort_chunk *)ch,
3966 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3967 printf("SCTP_SHUTDOWN\n");
3969 #endif /* SCTP_DEBUG */
3973 sctp_handle_shutdown((struct sctp_shutdown_chunk *)ch,
3974 stcb, *netp, &abort_flag);
3981 case SCTP_SHUTDOWN_ACK:
3983 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3984 printf("SCTP_SHUTDOWN-ACK\n");
3986 #endif /* SCTP_DEBUG */
3987 sctp_handle_shutdown_ack((struct sctp_shutdown_ack_chunk *)ch, stcb, *netp);
3991 case SCTP_OPERATION_ERROR:
3993 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
3994 printf("SCTP_OP-ERR\n");
3996 #endif /* SCTP_DEBUG */
3997 if (sctp_handle_error(ch, stcb, *netp) < 0) {
4002 case SCTP_COOKIE_ECHO:
4004 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4005 printf("SCTP_COOKIE-ECHO stcb is %p\n", stcb);
4007 #endif /* SCTP_DEBUG */
4008 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
4011 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) &&
4013 /* We are not interested anymore */
4019 * First are we accepting? We do this again here
4020 * since it is possible that a previous endpoint WAS
4021 * listening responded to a INIT-ACK and then
4022 * closed. We opened and bound.. and are now no
4025 if (inp->sctp_socket->so_qlimit == 0) {
4026 if ((stcb) && (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
4028 * special case, is this a retran'd
4029 * COOKIE-ECHO or a restarting assoc
4030 * that is a peeled off or
4031 * one-to-one style socket.
4033 goto process_cookie_anyway;
4035 sctp_abort_association(inp, stcb, m, iphlen, sh,
4039 } else if (inp->sctp_socket->so_qlimit) {
4040 /* we are accepting so check limits like TCP */
4041 if (inp->sctp_socket->so_qlen >
4042 inp->sctp_socket->so_qlimit) {
4045 struct sctp_paramhdr *phdr;
4047 if (sctp_abort_if_one_2_one_hits_limit) {
4049 oper = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
4050 0, M_DONTWAIT, 1, MT_DATA);
4052 SCTP_BUF_LEN(oper) =
4053 sizeof(struct sctp_paramhdr);
4055 struct sctp_paramhdr *);
4057 htons(SCTP_CAUSE_OUT_OF_RESC);
4058 phdr->param_length =
4059 htons(sizeof(struct sctp_paramhdr));
4061 sctp_abort_association(inp, stcb, m,
4068 process_cookie_anyway:
4070 struct mbuf *ret_buf;
4071 struct sctp_inpcb *linp;
4079 SCTP_ASOC_CREATE_LOCK(linp);
4081 sctp_handle_cookie_echo(m, iphlen,
4083 (struct sctp_cookie_echo_chunk *)ch,
4090 SCTP_ASOC_CREATE_UNLOCK(linp);
4091 if (ret_buf == NULL) {
4093 SCTP_TCB_UNLOCK(locked_tcb);
4096 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4097 printf("GAK, null buffer\n");
4099 #endif /* SCTP_DEBUG */
4104 /* if AUTH skipped, see if it verified... */
4109 if (!TAILQ_EMPTY(&stcb->asoc.sent_queue)) {
4111 * Restart the timer if we have
4114 struct sctp_tmit_chunk *chk;
4116 chk = TAILQ_FIRST(&stcb->asoc.sent_queue);
4118 sctp_timer_start(SCTP_TIMER_TYPE_SEND,
4119 stcb->sctp_ep, stcb,
4125 case SCTP_COOKIE_ACK:
4127 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4128 printf("SCTP_COOKIE-ACK\n");
4130 #endif /* SCTP_DEBUG */
4132 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4133 /* We are not interested anymore */
4134 if ((stcb) && (stcb->asoc.total_output_queue_size)) {
4137 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_27);
4142 /* He's alive so give him credit */
4143 stcb->asoc.overall_error_count = 0;
4144 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, *netp);
4148 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4149 printf("SCTP_ECN-ECHO\n");
4151 #endif /* SCTP_DEBUG */
4152 /* He's alive so give him credit */
4153 stcb->asoc.overall_error_count = 0;
4154 sctp_handle_ecn_echo((struct sctp_ecne_chunk *)ch,
4159 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4160 printf("SCTP_ECN-CWR\n");
4162 #endif /* SCTP_DEBUG */
4163 /* He's alive so give him credit */
4164 stcb->asoc.overall_error_count = 0;
4166 sctp_handle_ecn_cwr((struct sctp_cwr_chunk *)ch, stcb);
4168 case SCTP_SHUTDOWN_COMPLETE:
4170 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4171 printf("SCTP_SHUTDOWN-COMPLETE\n");
4173 #endif /* SCTP_DEBUG */
4174 /* must be first and only chunk */
4175 if ((num_chunks > 1) ||
4176 (length - *offset > SCTP_SIZE32(chk_length))) {
4179 SCTP_TCB_UNLOCK(locked_tcb);
4183 sctp_handle_shutdown_complete((struct sctp_shutdown_complete_chunk *)ch,
4190 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4191 printf("SCTP_ASCONF\n");
4193 #endif /* SCTP_DEBUG */
4194 /* He's alive so give him credit */
4195 stcb->asoc.overall_error_count = 0;
4197 sctp_handle_asconf(m, *offset,
4198 (struct sctp_asconf_chunk *)ch, stcb);
4200 case SCTP_ASCONF_ACK:
4202 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4203 printf("SCTP_ASCONF-ACK\n");
4205 #endif /* SCTP_DEBUG */
4206 /* He's alive so give him credit */
4207 stcb->asoc.overall_error_count = 0;
4209 sctp_handle_asconf_ack(m, *offset,
4210 (struct sctp_asconf_ack_chunk *)ch, stcb, *netp);
4212 case SCTP_FORWARD_CUM_TSN:
4214 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4215 printf("SCTP_FWD-TSN\n");
4217 #endif /* SCTP_DEBUG */
4218 /* He's alive so give him credit */
4222 stcb->asoc.overall_error_count = 0;
4224 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4225 /* We are not interested anymore */
4226 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_28);
4230 sctp_handle_forward_tsn(stcb,
4231 (struct sctp_forward_tsn_chunk *)ch, &abort_flag);
4236 stcb->asoc.overall_error_count = 0;
4241 case SCTP_STREAM_RESET:
4243 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4244 printf("SCTP_STREAM_RESET\n");
4246 #endif /* SCTP_DEBUG */
4247 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4248 chk_length, chunk_buf);
4249 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4250 /* We are not interested anymore */
4251 sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_29);
4255 if (stcb->asoc.peer_supports_strreset == 0) {
4257 * hmm, peer should have announced this, but
4258 * we will turn it on since he is sending us
4261 stcb->asoc.peer_supports_strreset = 1;
4263 if (sctp_handle_stream_reset(stcb, (struct sctp_stream_reset_out_req *)ch)) {
4264 /* stop processing */
4269 case SCTP_PACKET_DROPPED:
4271 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4272 printf("SCTP_PACKET_DROPPED\n");
4274 #endif /* SCTP_DEBUG */
4275 /* re-get it all please */
4276 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4277 chk_length, chunk_buf);
4279 sctp_handle_packet_dropped((struct sctp_pktdrop_chunk *)ch,
4284 case SCTP_AUTHENTICATION:
4286 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4287 printf("SCTP_AUTHENTICATION\n");
4289 #endif /* SCTP_DEBUG */
4290 if (sctp_auth_disable)
4294 /* save the first AUTH for later processing */
4295 if (auth_skipped == 0) {
4296 auth_offset = *offset;
4297 auth_len = chk_length;
4300 /* skip this chunk (temporarily) */
4303 if (got_auth == 1) {
4304 /* skip this chunk... it's already auth'd */
4307 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4308 chk_length, chunk_buf);
4310 if (sctp_handle_auth(stcb, (struct sctp_auth_chunk *)ch,
4312 /* auth HMAC failed so dump the packet */
4316 /* remaining chunks are HMAC checked */
4317 stcb->asoc.authenticated = 1;
4323 /* it's an unknown chunk! */
4324 if ((ch->chunk_type & 0x40) && (stcb != NULL)) {
4326 struct sctp_paramhdr *phd;
4328 mm = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
4329 0, M_DONTWAIT, 1, MT_DATA);
4331 phd = mtod(mm, struct sctp_paramhdr *);
4333 * We cheat and use param type since
4334 * we did not bother to define a
4335 * error cause struct. They are the
4336 * same basic format with different
4339 phd->param_type = htons(SCTP_CAUSE_UNRECOG_CHUNK);
4340 phd->param_length = htons(chk_length + sizeof(*phd));
4341 SCTP_BUF_LEN(mm) = sizeof(*phd);
4342 SCTP_BUF_NEXT(mm) = SCTP_M_COPYM(m, *offset, SCTP_SIZE32(chk_length),
4344 if (SCTP_BUF_NEXT(mm)) {
4345 sctp_queue_op_err(stcb, mm);
4351 if ((ch->chunk_type & 0x80) == 0) {
4352 /* discard this packet */
4355 } /* else skip this bad chunk and continue... */
4357 } /* switch (ch->chunk_type) */
4361 /* get the next chunk */
4362 *offset += SCTP_SIZE32(chk_length);
4363 if (*offset >= length) {
4364 /* no more data left in the mbuf chain */
4367 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset,
4368 sizeof(struct sctp_chunkhdr), chunk_buf);
4371 SCTP_TCB_UNLOCK(locked_tcb);
4381 * Process the ECN bits we have something set so we must look to see if it is
4382 * ECN(0) or ECN(1) or CE
4384 static __inline void
4385 sctp_process_ecn_marked_a(struct sctp_tcb *stcb, struct sctp_nets *net,
4388 if ((ecn_bits & SCTP_CE_BITS) == SCTP_CE_BITS) {
4390 } else if ((ecn_bits & SCTP_ECT1_BIT) == SCTP_ECT1_BIT) {
4392 * we only add to the nonce sum for ECT1, ECT0 does not
4393 * change the NS bit (that we have yet to find a way to send
4397 /* ECN Nonce stuff */
4398 stcb->asoc.receiver_nonce_sum++;
4399 stcb->asoc.receiver_nonce_sum &= SCTP_SACK_NONCE_SUM;
4402 * Drag up the last_echo point if cumack is larger since we
4403 * don't want the point falling way behind by more than
4404 * 2^^31 and then having it be incorrect.
4406 if (compare_with_wrap(stcb->asoc.cumulative_tsn,
4407 stcb->asoc.last_echo_tsn, MAX_TSN)) {
4408 stcb->asoc.last_echo_tsn = stcb->asoc.cumulative_tsn;
4410 } else if ((ecn_bits & SCTP_ECT0_BIT) == SCTP_ECT0_BIT) {
4412 * Drag up the last_echo point if cumack is larger since we
4413 * don't want the point falling way behind by more than
4414 * 2^^31 and then having it be incorrect.
4416 if (compare_with_wrap(stcb->asoc.cumulative_tsn,
4417 stcb->asoc.last_echo_tsn, MAX_TSN)) {
4418 stcb->asoc.last_echo_tsn = stcb->asoc.cumulative_tsn;
4423 static __inline void
4424 sctp_process_ecn_marked_b(struct sctp_tcb *stcb, struct sctp_nets *net,
4425 uint32_t high_tsn, uint8_t ecn_bits)
4427 if ((ecn_bits & SCTP_CE_BITS) == SCTP_CE_BITS) {
4429 * we possibly must notify the sender that a congestion
4430 * window reduction is in order. We do this by adding a ECNE
4431 * chunk to the output chunk queue. The incoming CWR will
4432 * remove this chunk.
4434 if (compare_with_wrap(high_tsn, stcb->asoc.last_echo_tsn,
4436 /* Yep, we need to add a ECNE */
4437 sctp_send_ecn_echo(stcb, net, high_tsn);
4438 stcb->asoc.last_echo_tsn = high_tsn;
4444 * common input chunk processing (v4 and v6)
4447 sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset,
4448 int length, struct sctphdr *sh, struct sctp_chunkhdr *ch,
4449 struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets *net,
4453 * Control chunk processing
4456 int fwd_tsn_seen = 0, data_processed = 0;
4457 struct mbuf *m = *mm;
4461 SCTP_STAT_INCR(sctps_recvdatagrams);
4462 #ifdef SCTP_AUDITING_ENABLED
4463 sctp_audit_log(0xE0, 1);
4464 sctp_auditing(0, inp, stcb, net);
4468 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4469 printf("Ok, Common input processing called, m:%p iphlen:%d offset:%d\n",
4472 #endif /* SCTP_DEBUG */
4475 /* always clear this before beginning a packet */
4476 stcb->asoc.authenticated = 0;
4477 stcb->asoc.seen_a_sack_this_pkt = 0;
4479 if (IS_SCTP_CONTROL(ch)) {
4480 /* process the control portion of the SCTP packet */
4481 stcb = sctp_process_control(m, iphlen, &offset, length, sh, ch,
4482 inp, stcb, &net, &fwd_tsn_seen);
4485 * This covers us if the cookie-echo was there and
4486 * it changes our INP.
4488 inp = stcb->sctp_ep;
4492 * no control chunks, so pre-process DATA chunks (these
4493 * checks are taken care of by control processing)
4497 * if DATA only packet, and auth is required, then punt...
4498 * can't have authenticated without any AUTH (control)
4501 if ((stcb != NULL) && !sctp_auth_disable &&
4502 sctp_auth_is_required_chunk(SCTP_DATA,
4503 stcb->asoc.local_auth_chunks)) {
4504 /* "silently" ignore */
4505 SCTP_STAT_INCR(sctps_recvauthmissing);
4506 SCTP_TCB_UNLOCK(stcb);
4510 /* out of the blue DATA chunk */
4511 sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL);
4514 if (stcb->asoc.my_vtag != ntohl(sh->v_tag)) {
4515 /* v_tag mismatch! */
4516 SCTP_STAT_INCR(sctps_badvtag);
4517 SCTP_TCB_UNLOCK(stcb);
4524 * no valid TCB for this packet, or we found it's a bad
4525 * packet while processing control, or we're done with this
4526 * packet (done or skip rest of data), so we drop it...
4531 * DATA chunk processing
4533 /* plow through the data chunks while length > offset */
4536 * Rest should be DATA only. Check authentication state if AUTH for
4539 if ((length > offset) && (stcb != NULL) && !sctp_auth_disable &&
4540 sctp_auth_is_required_chunk(SCTP_DATA,
4541 stcb->asoc.local_auth_chunks) &&
4542 !stcb->asoc.authenticated) {
4543 /* "silently" ignore */
4544 SCTP_STAT_INCR(sctps_recvauthmissing);
4546 if (sctp_debug_on & SCTP_DEBUG_AUTH1)
4547 printf("Data chunk requires AUTH, skipped\n");
4551 if (length > offset) {
4555 * First check to make sure our state is correct. We would
4556 * not get here unless we really did have a tag, so we don't
4557 * abort if this happens, just dump the chunk silently.
4559 switch (SCTP_GET_STATE(&stcb->asoc)) {
4560 case SCTP_STATE_COOKIE_ECHOED:
4562 * we consider data with valid tags in this state
4563 * shows us the cookie-ack was lost. Imply it was
4566 stcb->asoc.overall_error_count = 0;
4567 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, net);
4569 case SCTP_STATE_COOKIE_WAIT:
4571 * We consider OOTB any data sent during asoc setup.
4573 sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL);
4574 SCTP_TCB_UNLOCK(stcb);
4577 case SCTP_STATE_EMPTY: /* should not happen */
4578 case SCTP_STATE_INUSE: /* should not happen */
4579 case SCTP_STATE_SHUTDOWN_RECEIVED: /* This is a peer error */
4580 case SCTP_STATE_SHUTDOWN_ACK_SENT:
4582 SCTP_TCB_UNLOCK(stcb);
4585 case SCTP_STATE_OPEN:
4586 case SCTP_STATE_SHUTDOWN_SENT:
4589 /* take care of ECN, part 1. */
4590 if (stcb->asoc.ecn_allowed &&
4591 (ecn_bits & (SCTP_ECT0_BIT | SCTP_ECT1_BIT))) {
4592 sctp_process_ecn_marked_a(stcb, net, ecn_bits);
4594 /* plow through the data chunks while length > offset */
4595 retval = sctp_process_data(mm, iphlen, &offset, length, sh,
4596 inp, stcb, net, &high_tsn);
4599 * The association aborted, NO UNLOCK needed since
4600 * the association is destroyed.
4606 /* take care of ecn part 2. */
4607 if (stcb->asoc.ecn_allowed &&
4608 (ecn_bits & (SCTP_ECT0_BIT | SCTP_ECT1_BIT))) {
4609 sctp_process_ecn_marked_b(stcb, net, high_tsn,
4614 * Anything important needs to have been m_copy'ed in
4618 if ((data_processed == 0) && (fwd_tsn_seen)) {
4621 if (compare_with_wrap(stcb->asoc.highest_tsn_inside_map,
4622 stcb->asoc.cumulative_tsn, MAX_TSN)) {
4623 /* there was a gap before this data was processed */
4626 sctp_sack_check(stcb, 1, was_a_gap, &abort_flag);
4628 /* Again, we aborted so NO UNLOCK needed */
4632 /* trigger send of any chunks in queue... */
4634 #ifdef SCTP_AUDITING_ENABLED
4635 sctp_audit_log(0xE0, 2);
4636 sctp_auditing(1, inp, stcb, net);
4639 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4640 printf("Check for chunk output prw:%d tqe:%d tf=%d\n",
4641 stcb->asoc.peers_rwnd,
4642 TAILQ_EMPTY(&stcb->asoc.control_send_queue),
4643 stcb->asoc.total_flight);
4646 un_sent = (stcb->asoc.total_output_queue_size - stcb->asoc.total_flight);
4648 if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue) ||
4650 (stcb->asoc.peers_rwnd > 0 ||
4651 (stcb->asoc.peers_rwnd <= 0 && stcb->asoc.total_flight == 0)))) {
4653 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4654 printf("Calling chunk OUTPUT\n");
4657 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC);
4659 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
4660 printf("chunk OUTPUT returns\n");
4664 #ifdef SCTP_AUDITING_ENABLED
4665 sctp_audit_log(0xE0, 3);
4666 sctp_auditing(2, inp, stcb, net);
4668 SCTP_TCB_UNLOCK(stcb);
4675 sctp_input(i_pak, off)
4680 #ifdef SCTP_MBUF_LOGGING
4689 struct sctp_inpcb *inp = NULL;
4691 uint32_t check, calc_check;
4692 struct sctp_nets *net;
4693 struct sctp_tcb *stcb = NULL;
4694 struct sctp_chunkhdr *ch;
4695 int refcount_up = 0;
4696 int length, mlen, offset;
4700 m = SCTP_HEADER_TO_CHAIN(i_pak);
4702 SCTP_STAT_INCR(sctps_recvpackets);
4703 SCTP_STAT_INCR_COUNTER64(sctps_inpackets);
4706 * Strip IP options, we don't allow any in or out.
4708 #ifdef SCTP_MBUF_LOGGING
4709 /* Log in any input mbufs */
4712 if (SCTP_BUF_IS_EXTENDED(mat)) {
4713 sctp_log_mb(mat, SCTP_MBUF_INPUT);
4715 mat = SCTP_BUF_NEXT(mat);
4718 if ((size_t)iphlen > sizeof(struct ip)) {
4719 ip_stripoptions(m, (struct mbuf *)0);
4720 iphlen = sizeof(struct ip);
4723 * Get IP, SCTP, and first chunk header together in first mbuf.
4725 ip = mtod(m, struct ip *);
4726 offset = iphlen + sizeof(*sh) + sizeof(*ch);
4727 if (SCTP_BUF_LEN(m) < offset) {
4728 if ((m = m_pullup(m, offset)) == 0) {
4729 SCTP_STAT_INCR(sctps_hdrops);
4732 ip = mtod(m, struct ip *);
4734 sh = (struct sctphdr *)((caddr_t)ip + iphlen);
4735 ch = (struct sctp_chunkhdr *)((caddr_t)sh + sizeof(*sh));
4737 /* SCTP does not allow broadcasts or multicasts */
4738 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
4741 if (((ch->chunk_type == SCTP_INITIATION) ||
4742 (ch->chunk_type == SCTP_INITIATION_ACK) ||
4743 (ch->chunk_type == SCTP_COOKIE_ECHO)) &&
4744 (SCTP_IS_IT_BROADCAST(ip->ip_dst, i_pak))) {
4746 * We only look at broadcast if its a front state, All
4747 * others we will not have a tcb for anyway.
4751 /* destination port of 0 is illegal, based on RFC2960. */
4752 if (sh->dest_port == 0) {
4753 SCTP_STAT_INCR(sctps_hdrops);
4756 /* validate SCTP checksum */
4757 if ((sctp_no_csum_on_loopback == 0) || !SCTP_IS_IT_LOOPBACK(i_pak)) {
4759 * we do NOT validate things from the loopback if the sysctl
4762 check = sh->checksum; /* save incoming checksum */
4763 if ((check == 0) && (sctp_no_csum_on_loopback)) {
4765 * special hook for where we got a local address
4766 * somehow routed across a non IFT_LOOP type
4769 if (ip->ip_src.s_addr == ip->ip_dst.s_addr)
4770 goto sctp_skip_csum_4;
4772 sh->checksum = 0; /* prepare for calc */
4773 calc_check = sctp_calculate_sum(m, &mlen, iphlen);
4774 if (calc_check != check) {
4776 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4777 printf("Bad CSUM on SCTP packet calc_check:%x check:%x m:%p mlen:%d iphlen:%d\n",
4778 calc_check, check, m, mlen, iphlen);
4782 stcb = sctp_findassociation_addr(m, iphlen,
4783 offset - sizeof(*ch),
4784 sh, ch, &inp, &net);
4785 if ((inp) && (stcb)) {
4786 sctp_send_packet_dropped(stcb, net, m, iphlen, 1);
4787 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_INPUT_ERROR);
4788 } else if ((inp != NULL) && (stcb == NULL)) {
4791 SCTP_STAT_INCR(sctps_badsum);
4792 SCTP_STAT_INCR_COUNTER32(sctps_checksumerrors);
4795 sh->checksum = calc_check;
4798 mlen = SCTP_HEADER_LEN(i_pak);
4800 /* validate mbuf chain length with IP payload length */
4801 if (mlen < (ip->ip_len - iphlen)) {
4802 SCTP_STAT_INCR(sctps_hdrops);
4806 * Locate pcb and tcb for datagram sctp_findassociation_addr() wants
4807 * IP/SCTP/first chunk header...
4809 stcb = sctp_findassociation_addr(m, iphlen, offset - sizeof(*ch),
4810 sh, ch, &inp, &net);
4811 /* inp's ref-count increased && stcb locked */
4813 struct sctp_init_chunk *init_chk, chunk_buf;
4815 SCTP_STAT_INCR(sctps_noport);
4818 * we use the bandwidth limiting to protect against sending
4819 * too many ABORTS all at once. In this case these count the
4820 * same as an ICMP message.
4822 if (badport_bandlim(0) < 0)
4824 #endif /* ICMP_BANDLIM */
4826 if (sctp_debug_on & SCTP_DEBUG_INPUT1) {
4827 printf("Sending a ABORT from packet entry!\n");
4830 if (ch->chunk_type == SCTP_INITIATION) {
4832 * we do a trick here to get the INIT tag, dig in
4833 * and get the tag from the INIT and put it in the
4836 init_chk = (struct sctp_init_chunk *)sctp_m_getptr(m,
4837 iphlen + sizeof(*sh), sizeof(*init_chk),
4838 (uint8_t *) & chunk_buf);
4839 if (init_chk != NULL)
4840 sh->v_tag = init_chk->init.initiate_tag;
4842 if (ch->chunk_type == SCTP_SHUTDOWN_ACK) {
4843 sctp_send_shutdown_complete2(m, iphlen, sh);
4846 if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) {
4849 if (ch->chunk_type != SCTP_ABORT_ASSOCIATION)
4850 sctp_send_abort(m, iphlen, sh, 0, NULL);
4852 } else if (stcb == NULL) {
4857 * I very much doubt any of the IPSEC stuff will work but I have no
4858 * idea, so I will leave it in place.
4861 if (inp && ipsec4_in_reject(m, &inp->ip_inp.inp)) {
4862 ipsecstat.in_polvio++;
4863 SCTP_STAT_INCR(sctps_hdrops);
4871 * common chunk processing
4873 length = ip->ip_len + iphlen;
4874 offset -= sizeof(struct sctp_chunkhdr);
4876 ecn_bits = ip->ip_tos;
4878 sctp_common_input_processing(&m, iphlen, offset, length, sh, ch,
4879 inp, stcb, net, ecn_bits);
4880 /* inp's ref-count reduced && stcb unlocked */
4884 if ((inp) && (refcount_up)) {
4885 /* reduce ref-count */
4886 SCTP_INP_WLOCK(inp);
4887 SCTP_INP_DECR_REF(inp);
4888 SCTP_INP_WUNLOCK(inp);
4893 SCTP_TCB_UNLOCK(stcb);
4895 if ((inp) && (refcount_up)) {
4896 /* reduce ref-count */
4897 SCTP_INP_WLOCK(inp);
4898 SCTP_INP_DECR_REF(inp);
4899 SCTP_INP_WUNLOCK(inp);